Kyle Pope
fbc452a004
- New User model (username, argon2id password_hash, totp fields, lockout) - New UserSession model (DB-backed revocation, replaces in-memory set) - New services/auth.py: Argon2id hashing, bcrypt→Argon2id upgrade path, URLSafeTimedSerializer session/MFA tokens - New schemas/auth.py: SetupRequest, LoginRequest, ChangePasswordRequest with OWASP password strength validation - Full rewrite of routers/auth.py: setup/login/logout/status/change-password with account lockout (10 failures → 30-min, HTTP 423), IP rate limiting retained as outer layer, get_current_user + get_current_settings dependencies replacing get_current_session - Settings model: drop pin_hash, add user_id FK (nullable for migration) - Schemas/settings.py: remove SettingsCreate, ChangePinRequest, _validate_pin_length - Settings router: rewrite to use get_current_user + get_current_settings, preserve ntfy test endpoint - All 11 consumer routers updated: auth-gate-only routers use get_current_user, routers reading Settings fields use get_current_settings - config.py: add SESSION_MAX_AGE_DAYS, MFA_TOKEN_MAX_AGE_SECONDS, TOTP_ISSUER - main.py: import User and UserSession models for Alembic discovery - requirements.txt: add argon2-cffi>=23.1.0 - Migration 023: create users + user_sessions tables, migrate pin_hash → User row (admin), backfill settings.user_id, drop pin_hash Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
47 lines
2.5 KiB
Python
47 lines
2.5 KiB
Python
from sqlalchemy import String, Integer, Float, Boolean, ForeignKey, func
|
|
from sqlalchemy.orm import Mapped, mapped_column
|
|
from datetime import datetime
|
|
from typing import Optional
|
|
from app.database import Base
|
|
|
|
|
|
class Settings(Base):
|
|
__tablename__ = "settings"
|
|
|
|
id: Mapped[int] = mapped_column(primary_key=True, index=True)
|
|
|
|
# FK to users table — nullable during migration, will be NOT NULL after data migration
|
|
user_id: Mapped[Optional[int]] = mapped_column(
|
|
ForeignKey("users.id", ondelete="CASCADE"),
|
|
nullable=True,
|
|
index=True,
|
|
)
|
|
|
|
accent_color: Mapped[str] = mapped_column(String(20), default="cyan")
|
|
upcoming_days: Mapped[int] = mapped_column(Integer, default=7)
|
|
preferred_name: Mapped[str | None] = mapped_column(String(100), nullable=True, default=None)
|
|
weather_city: Mapped[str | None] = mapped_column(String(100), nullable=True, default=None)
|
|
weather_lat: Mapped[float | None] = mapped_column(Float, nullable=True, default=None)
|
|
weather_lon: Mapped[float | None] = mapped_column(Float, nullable=True, default=None)
|
|
first_day_of_week: Mapped[int] = mapped_column(Integer, default=0) # 0=Sunday, 1=Monday
|
|
|
|
# ntfy push notification configuration
|
|
ntfy_server_url: Mapped[Optional[str]] = mapped_column(String(500), nullable=True, default=None)
|
|
ntfy_topic: Mapped[Optional[str]] = mapped_column(String(255), nullable=True, default=None)
|
|
ntfy_auth_token: Mapped[Optional[str]] = mapped_column(String(500), nullable=True, default=None)
|
|
ntfy_enabled: Mapped[bool] = mapped_column(Boolean, default=False, server_default="false")
|
|
|
|
# Per-type notification toggles (default on so they work immediately once master is enabled)
|
|
ntfy_events_enabled: Mapped[bool] = mapped_column(Boolean, default=True, server_default="true")
|
|
ntfy_reminders_enabled: Mapped[bool] = mapped_column(Boolean, default=True, server_default="true")
|
|
ntfy_todos_enabled: Mapped[bool] = mapped_column(Boolean, default=True, server_default="true")
|
|
ntfy_projects_enabled: Mapped[bool] = mapped_column(Boolean, default=True, server_default="true")
|
|
|
|
# Lead time controls
|
|
ntfy_event_lead_minutes: Mapped[int] = mapped_column(Integer, default=15, server_default="15")
|
|
ntfy_todo_lead_days: Mapped[int] = mapped_column(Integer, default=1, server_default="1")
|
|
ntfy_project_lead_days: Mapped[int] = mapped_column(Integer, default=2, server_default="2")
|
|
|
|
created_at: Mapped[datetime] = mapped_column(default=func.now())
|
|
updated_at: Mapped[datetime] = mapped_column(default=func.now(), onupdate=func.now())
|