brut/bincio-auth
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13 Commits 1 Branch 0 Tags
main
Commit Graph

2 Commits

Author SHA1 Message Date
Davide Scaini 1b4f0318e7 feat: self-service password reset via email (Phase 4) 
- email column on users (migration-safe ALTER TABLE)
- email_reset_tokens table (1h TTL, single-use)
- smtp.py: send via STARTTLS, config from CLI/env vars
- POST /api/auth/request-reset — sends reset link, always 200 (no email leak)
- POST /api/auth/reset-password-token — consumes email token
- GET/POST /api/me/email — users can register/update their email
- reset-password page: email form primary, admin code form as toggle,
  token form shown automatically when ?token= is in URL
- CLI: --smtp-host/port/user/password/from (BINCIO_SMTP_* env vars)
 2026-06-03 16:03:08 +02:00
Davide Scaini 0e0e5d5622 site: add Astro frontend — login, register, reset-password, invites, home 
Step 8 of the migration plan. Minimal Astro + Tailwind site (no Svelte).
Pages:
- / (home): post-login card grid, shows Activity/Wiki/Planner cards based
  on wiki_access / activity_access from /api/me; URLs via PUBLIC_* env vars
- /login/: JWT cookie issued on success; ?next= redirect supported
- /register/: invite-code flow, auto-fills code from ?code= param
- /reset-password/: admin-issued code flow; disables form on success
- /invites/: list + generate invites; activity-access toggle for eligible users

Base layout: minimal nav with handle + sign-out, auth wall (/api/me check),
race-calendar accent palette, dark/light theme tokens.
 2026-06-02 14:45:32 +02:00