Email SMTP Fix

2025-12-07 16:59:04 +07:00
parent 79b617904b
commit 005c56b43d
11 changed files with 526 additions and 28 deletions
--- a/auth.py
+++ b/auth.py
@@ -6,6 +6,7 @@ from fastapi import Depends, HTTPException, status
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
 from sqlalchemy.orm import Session
 import os
+import secrets
 from database import get_db
 from models import User, UserRole

@@ -22,6 +23,33 @@ def verify_password(plain_password, hashed_password):
 def get_password_hash(password):
    return pwd_context.hash(password)

+def generate_reset_token():
+    """Generate secure random token for password reset"""
+    return secrets.token_urlsafe(32)
+
+def create_password_reset_token(user, db):
+    """Create reset token with 1-hour expiration"""
+    token = generate_reset_token()
+    expires = datetime.now(timezone.utc) + timedelta(hours=1)
+
+    user.password_reset_token = token
+    user.password_reset_expires = expires
+    db.commit()
+
+    return token
+
+def verify_reset_token(token, db):
+    """Verify token is valid and not expired"""
+    user = db.query(User).filter(User.password_reset_token == token).first()
+
+    if not user:
+        return None
+
+    if user.password_reset_expires < datetime.now(timezone.utc):
+        return None  # Token expired
+
+    return user
+
 def create_access_token(data: dict, expires_delta: Optional[timedelta] = None):
    to_encode = data.copy()
    if expires_delta:
@@ -78,3 +106,21 @@ async def get_current_admin_user(current_user: User = Depends(get_current_user))
            detail="Not enough permissions"
        )
    return current_user
+
+async def get_active_member(current_user: User = Depends(get_current_user)) -> User:
+    """Require user to be active member with valid payment"""
+    from models import UserStatus
+
+    if current_user.status != UserStatus.active:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Active membership required. Please complete payment."
+        )
+
+    if current_user.role not in [UserRole.member, UserRole.admin]:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Member access only"
+        )
+
+    return current_user