Merge pull request 'Merge from dev' (#15 ) from dev into loaf-prod

Reviewed-on: #15
Merge pull request 'Add comprehensive column check and migration 009' (#14 ) from dev into loaf-prod
2026-01-05 08:49:16 +00:00 · 2026-01-04 16:19:51 +00:00 · 2026-01-04 16:10:27 +00:00 · 2026-01-04 16:06:27 +00:00 · 2026-01-04 16:03:43 +00:00 · 2026-01-04 15:58:05 +00:00
32 changed files with 297 additions and 6017 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,83 +0,0 @@
 # Git
 .git
 .gitignore
 # Python
 __pycache__
 *.py[cod]
 *$py.class
 *.so
 .Python
 build/
 develop-eggs/
 dist/
 downloads/
 eggs/
 .eggs/
 lib/
 lib64/
 parts/
 sdist/
 var/
 wheels/
 *.egg-info/
 .installed.cfg
 *.egg
 # Virtual environments
 venv/
 ENV/
 env/
 .venv/
 # IDE
 .idea/
 .vscode/
 *.swp
 *.swo
 *~
 # Testing
 .pytest_cache/
 .coverage
 htmlcov/
 .tox/
 .nox/
 # Environment files (will be mounted or passed via env vars)
 .env
 .env.local
 .env.*.local
 *.env
 # Logs
 *.log
 logs/
 # Database
 *.db
 *.sqlite3
 # Alembic
 alembic/versions/__pycache__/
 # Docker
 Dockerfile
 docker-compose*.yml
 .docker/
 # Documentation
 *.md
 docs/
 # Temporary files
 tmp/
 temp/
 *.tmp
 # OS files
 .DS_Store
 Thumbs.db
 # Uploads (will be mounted as volume)
 uploads/
--- a/.env.example
+++ b/.env.example
@@ -6,10 +6,6 @@ JWT_SECRET=your-secret-key-change-this-in-production
 JWT_ALGORITHM=HS256
 ACCESS_TOKEN_EXPIRE_MINUTES=30
 # Settings Encryption (for database-stored sensitive settings)
 # Generate with: python -c "import secrets; print(secrets.token_urlsafe(64))"
 SETTINGS_ENCRYPTION_KEY=your-encryption-key-generate-with-command-above
 # SMTP Email Configuration (Port 465 - SSL/TLS)
 SMTP_HOST=p.konceptkit.com
 SMTP_PORT=465
@@ -32,14 +28,7 @@ SMTP_FROM_NAME=LOAF Membership
 # Frontend URL
 FRONTEND_URL=http://localhost:3000
-# Backend URL (for webhook URLs and API references)
+# Stripe Configuration (for future payment integration)
 # Used to construct Stripe webhook URL shown in Admin Settings
 BACKEND_URL=http://localhost:8000
 # Stripe Configuration (NOW DATABASE-DRIVEN via Admin Settings page)
 # Configure Stripe credentials through the Admin Settings UI (requires SETTINGS_ENCRYPTION_KEY)
 # No longer requires .env variables - managed through database for dynamic updates
 # Legacy .env variables below are deprecated:
 # STRIPE_SECRET_KEY=sk_test_...
 # STRIPE_WEBHOOK_SECRET=whsec_...
--- a/.gitignore
+++ b/.gitignore
@@ -245,9 +245,6 @@ temp_uploads/
 tmp/
 temporary/
 # Generated SQL files (from scripts)
 create_superadmin.sql
 # CSV imports
 imports/*.csv
 !imports/.gitkeep
--- a/40
+++ b/40
@@ -1,40 +0,0 @@
 # Backend Dockerfile - FastAPI with Python
 FROM python:3.11-slim
 # Set environment variables
 ENV PYTHONDONTWRITEBYTECODE=1
 ENV PYTHONUNBUFFERED=1
 ENV PYTHONPATH=/app
 # Set work directory
 WORKDIR /app
 # Install system dependencies
 RUN apt-get update && apt-get install -y \
    gcc \
    libpq-dev \
    curl \
    && rm -rf /var/lib/apt/lists/*
 # Install Python dependencies
 COPY requirements.txt .
 RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir -r requirements.txt
 # Copy application code
 COPY . .
 # Create non-root user for security
 RUN adduser --disabled-password --gecos '' appuser && \
    chown -R appuser:appuser /app
 USER appuser
 # Expose port
 EXPOSE 8000
 # Health check
 HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD curl -f http://localhost:8000/health || exit 1
 # Run the application
 CMD ["uvicorn", "server:app", "--host", "0.0.0.0", "--port", "8000"]
--- a/pycache/auth.cpython-312.pyc
+++ b/pycache/auth.cpython-312.pyc
--- a/pycache/database.cpython-312.pyc
+++ b/pycache/database.cpython-312.pyc
--- a/pycache/models.cpython-312.pyc
+++ b/pycache/models.cpython-312.pyc
--- a/pycache/payment_service.cpython-312.pyc
+++ b/pycache/payment_service.cpython-312.pyc
--- a/pycache/r2_storage.cpython-312.pyc
+++ b/pycache/r2_storage.cpython-312.pyc
--- a/pycache/server.cpython-312.pyc
+++ b/pycache/server.cpython-312.pyc
--- a/add_directory_permissions.py
+++ b/add_directory_permissions.py
@@ -1,141 +0,0 @@
 #!/usr/bin/env python3
 """
 Add Directory Permissions Script
 This script adds the new directory.view and directory.manage permissions
 without clearing existing permissions.
 Usage:
    python add_directory_permissions.py
 """
 import os
 import sys
 from sqlalchemy import create_engine, text
 from sqlalchemy.orm import sessionmaker
 from database import Base
 from models import Permission, RolePermission, Role, UserRole
 from dotenv import load_dotenv
 # Load environment variables
 load_dotenv()
 # Database connection
 DATABASE_URL = os.getenv("DATABASE_URL")
 if not DATABASE_URL:
    print("Error: DATABASE_URL environment variable not set")
    sys.exit(1)
 engine = create_engine(DATABASE_URL)
 SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
 # New directory permissions
 NEW_PERMISSIONS = [
    {"code": "directory.view", "name": "View Directory Settings", "description": "View member directory field configuration", "module": "directory"},
    {"code": "directory.manage", "name": "Manage Directory Fields", "description": "Enable/disable directory fields shown in Profile and Directory pages", "module": "directory"},
 ]
 # Roles that should have these permissions
 ROLE_PERMISSION_MAP = {
    "directory.view": ["admin", "superadmin"],
    "directory.manage": ["admin", "superadmin"],
 }
 def add_directory_permissions():
    """Add directory permissions and assign to appropriate roles"""
    db = SessionLocal()
    try:
        print("=" * 60)
        print("Adding Directory Permissions")
        print("=" * 60)
        # Step 1: Add permissions if they don't exist
        print("\n1. Adding permissions...")
        permission_map = {}
        for perm_data in NEW_PERMISSIONS:
            existing = db.query(Permission).filter(Permission.code == perm_data["code"]).first()
            if existing:
                print(f"   - {perm_data['code']}: Already exists")
                permission_map[perm_data["code"]] = existing
            else:
                permission = Permission(
                    code=perm_data["code"],
                    name=perm_data["name"],
                    description=perm_data["description"],
                    module=perm_data["module"]
                )
                db.add(permission)
                db.flush()  # Get the ID
                permission_map[perm_data["code"]] = permission
                print(f"   - {perm_data['code']}: Created")
        db.commit()
        # Step 2: Get roles
        print("\n2. Fetching roles...")
        roles = db.query(Role).all()
        role_map = {role.code: role for role in roles}
        print(f"   Found {len(roles)} roles: {', '.join(role_map.keys())}")
        # Enum mapping for backward compatibility
        role_enum_map = {
            'guest': UserRole.guest,
            'member': UserRole.member,
            'admin': UserRole.admin,
            'superadmin': UserRole.superadmin,
            'finance': UserRole.finance
        }
        # Step 3: Assign permissions to roles
        print("\n3. Assigning permissions to roles...")
        for perm_code, role_codes in ROLE_PERMISSION_MAP.items():
            permission = permission_map.get(perm_code)
            if not permission:
                print(f"   Warning: Permission {perm_code} not found")
                continue
            for role_code in role_codes:
                role = role_map.get(role_code)
                if not role:
                    print(f"   Warning: Role {role_code} not found")
                    continue
                # Check if mapping already exists
                existing_mapping = db.query(RolePermission).filter(
                    RolePermission.role_id == role.id,
                    RolePermission.permission_id == permission.id
                ).first()
                if existing_mapping:
                    print(f"   - {role_code} -> {perm_code}: Already assigned")
                else:
                    role_enum = role_enum_map.get(role_code, UserRole.guest)
                    mapping = RolePermission(
                        role=role_enum,
                        role_id=role.id,
                        permission_id=permission.id
                    )
                    db.add(mapping)
                    print(f"   - {role_code} -> {perm_code}: Assigned")
        db.commit()
        print("\n" + "=" * 60)
        print("Directory permissions added successfully!")
        print("=" * 60)
    except Exception as e:
        db.rollback()
        print(f"\nError: {str(e)}")
        import traceback
        traceback.print_exc()
        raise
    finally:
        db.close()
 if __name__ == "__main__":
    add_directory_permissions()
--- a/add_registration_permissions.py
+++ b/add_registration_permissions.py
@@ -1,141 +0,0 @@
 #!/usr/bin/env python3
 """
 Add Registration Permissions Script
 This script adds the new registration.view and registration.manage permissions
 without clearing existing permissions.
 Usage:
    python add_registration_permissions.py
 """
 import os
 import sys
 from sqlalchemy import create_engine, text
 from sqlalchemy.orm import sessionmaker
 from database import Base
 from models import Permission, RolePermission, Role, UserRole
 from dotenv import load_dotenv
 # Load environment variables
 load_dotenv()
 # Database connection
 DATABASE_URL = os.getenv("DATABASE_URL")
 if not DATABASE_URL:
    print("Error: DATABASE_URL environment variable not set")
    sys.exit(1)
 engine = create_engine(DATABASE_URL)
 SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
 # New registration permissions
 NEW_PERMISSIONS = [
    {"code": "registration.view", "name": "View Registration Settings", "description": "View registration form schema and settings", "module": "registration"},
    {"code": "registration.manage", "name": "Manage Registration Form", "description": "Edit registration form schema, steps, and fields", "module": "registration"},
 ]
 # Roles that should have these permissions
 ROLE_PERMISSION_MAP = {
    "registration.view": ["admin", "superadmin"],
    "registration.manage": ["admin", "superadmin"],
 }
 def add_registration_permissions():
    """Add registration permissions and assign to appropriate roles"""
    db = SessionLocal()
    try:
        print("=" * 60)
        print("Adding Registration Permissions")
        print("=" * 60)
        # Step 1: Add permissions if they don't exist
        print("\n1. Adding permissions...")
        permission_map = {}
        for perm_data in NEW_PERMISSIONS:
            existing = db.query(Permission).filter(Permission.code == perm_data["code"]).first()
            if existing:
                print(f"   - {perm_data['code']}: Already exists")
                permission_map[perm_data["code"]] = existing
            else:
                permission = Permission(
                    code=perm_data["code"],
                    name=perm_data["name"],
                    description=perm_data["description"],
                    module=perm_data["module"]
                )
                db.add(permission)
                db.flush()  # Get the ID
                permission_map[perm_data["code"]] = permission
                print(f"   - {perm_data['code']}: Created")
        db.commit()
        # Step 2: Get roles
        print("\n2. Fetching roles...")
        roles = db.query(Role).all()
        role_map = {role.code: role for role in roles}
        print(f"   Found {len(roles)} roles: {', '.join(role_map.keys())}")
        # Enum mapping for backward compatibility
        role_enum_map = {
            'guest': UserRole.guest,
            'member': UserRole.member,
            'admin': UserRole.admin,
            'superadmin': UserRole.superadmin,
            'finance': UserRole.finance
        }
        # Step 3: Assign permissions to roles
        print("\n3. Assigning permissions to roles...")
        for perm_code, role_codes in ROLE_PERMISSION_MAP.items():
            permission = permission_map.get(perm_code)
            if not permission:
                print(f"   Warning: Permission {perm_code} not found")
                continue
            for role_code in role_codes:
                role = role_map.get(role_code)
                if not role:
                    print(f"   Warning: Role {role_code} not found")
                    continue
                # Check if mapping already exists
                existing_mapping = db.query(RolePermission).filter(
                    RolePermission.role_id == role.id,
                    RolePermission.permission_id == permission.id
                ).first()
                if existing_mapping:
                    print(f"   - {role_code} -> {perm_code}: Already assigned")
                else:
                    role_enum = role_enum_map.get(role_code, UserRole.guest)
                    mapping = RolePermission(
                        role=role_enum,
                        role_id=role.id,
                        permission_id=permission.id
                    )
                    db.add(mapping)
                    print(f"   - {role_code} -> {perm_code}: Assigned")
        db.commit()
        print("\n" + "=" * 60)
        print("Registration permissions added successfully!")
        print("=" * 60)
    except Exception as e:
        db.rollback()
        print(f"\nError: {str(e)}")
        import traceback
        traceback.print_exc()
        raise
    finally:
        db.close()
 if __name__ == "__main__":
    add_registration_permissions()
--- a/alembic/versions/011_align_prod_with_dev.py
+++ b/alembic/versions/011_align_prod_with_dev.py
@@ -1,410 +0,0 @@
 """align_prod_with_dev
 Revision ID: 011_align_prod_dev
 Revises: 010_add_email_exp
 Create Date: 2026-01-05
 Aligns PROD database schema with DEV database schema (source of truth).
 Fixes type mismatches, removes PROD-only columns, adds DEV-only columns, updates nullable constraints.
 """
 from typing import Sequence, Union
 from alembic import op
 import sqlalchemy as sa
 from sqlalchemy.dialects.postgresql import JSONB, JSON
 # revision identifiers, used by Alembic.
 revision: str = '011_align_prod_dev'
 down_revision: Union[str, None] = '010_add_email_exp'
 branch_labels: Union[str, Sequence[str], None] = None
 depends_on: Union[str, Sequence[str], None] = None
 def upgrade() -> None:
    """Align PROD schema with DEV schema (source of truth)"""
    from sqlalchemy import inspect
    conn = op.get_bind()
    inspector = inspect(conn)
    print("Starting schema alignment: PROD → DEV (source of truth)...")
    # ============================================================
    # 1. FIX USERS TABLE
    # ============================================================
    print("\n[1/14] Fixing users table...")
    users_columns = {col['name'] for col in inspector.get_columns('users')}
    # Remove PROD-only columns (not in models.py or DEV)
    if 'bio' in users_columns:
        op.drop_column('users', 'bio')
        print("  ✓ Removed users.bio (PROD-only)")
    if 'interests' in users_columns:
        op.drop_column('users', 'interests')
        print("  ✓ Removed users.interests (PROD-only)")
    try:
        # Change constrained VARCHAR(n) to unconstrained VARCHAR
        op.alter_column('users', 'first_name', type_=sa.String(), postgresql_using='first_name::varchar')
        op.alter_column('users', 'last_name', type_=sa.String(), postgresql_using='last_name::varchar')
        op.alter_column('users', 'email', type_=sa.String(), postgresql_using='email::varchar')
        op.alter_column('users', 'phone', type_=sa.String(), postgresql_using='phone::varchar')
        op.alter_column('users', 'city', type_=sa.String(), postgresql_using='city::varchar')
        op.alter_column('users', 'state', type_=sa.String(), postgresql_using='state::varchar')
        op.alter_column('users', 'zipcode', type_=sa.String(), postgresql_using='zipcode::varchar')
        op.alter_column('users', 'partner_first_name', type_=sa.String(), postgresql_using='partner_first_name::varchar')
        op.alter_column('users', 'partner_last_name', type_=sa.String(), postgresql_using='partner_last_name::varchar')
        op.alter_column('users', 'referred_by_member_name', type_=sa.String(), postgresql_using='referred_by_member_name::varchar')
        op.alter_column('users', 'password_hash', type_=sa.String(), postgresql_using='password_hash::varchar')
        op.alter_column('users', 'email_verification_token', type_=sa.String(), postgresql_using='email_verification_token::varchar')
        op.alter_column('users', 'password_reset_token', type_=sa.String(), postgresql_using='password_reset_token::varchar')
        print("  ✓ Changed VARCHAR(n) to VARCHAR")
        # Change TEXT to VARCHAR
        op.alter_column('users', 'address', type_=sa.String(), postgresql_using='address::varchar')
        op.alter_column('users', 'profile_photo_url', type_=sa.String(), postgresql_using='profile_photo_url::varchar')
        print("  ✓ Changed TEXT to VARCHAR")
        # Change DATE to TIMESTAMP
        op.alter_column('users', 'date_of_birth', type_=sa.DateTime(), postgresql_using='date_of_birth::timestamp')
        op.alter_column('users', 'member_since', type_=sa.DateTime(), postgresql_using='member_since::timestamp')
        print("  ✓ Changed DATE to TIMESTAMP")
        # Change JSONB to JSON
        op.alter_column('users', 'lead_sources', type_=JSON(), postgresql_using='lead_sources::json')
        print("  ✓ Changed lead_sources JSONB to JSON")
        # Change TEXT to JSON for volunteer_interests
        op.alter_column('users', 'volunteer_interests', type_=JSON(), postgresql_using='volunteer_interests::json')
        print("  ✓ Changed volunteer_interests TEXT to JSON")
    except Exception as e:
        print(f"  ⚠️  Warning: Some type conversions failed: {e}")
    # Fill NULL values with defaults BEFORE setting NOT NULL constraints
    print("  ⏳ Filling NULL values with defaults...")
    # Update string fields
    conn.execute(sa.text("UPDATE users SET address = '' WHERE address IS NULL"))
    conn.execute(sa.text("UPDATE users SET city = '' WHERE city IS NULL"))
    conn.execute(sa.text("UPDATE users SET state = '' WHERE state IS NULL"))
    conn.execute(sa.text("UPDATE users SET zipcode = '' WHERE zipcode IS NULL"))
    conn.execute(sa.text("UPDATE users SET phone = '' WHERE phone IS NULL"))
    # Update date_of_birth with sentinel date
    conn.execute(sa.text("UPDATE users SET date_of_birth = '1900-01-01'::timestamp WHERE date_of_birth IS NULL"))
    # Update boolean fields
    conn.execute(sa.text("UPDATE users SET show_in_directory = false WHERE show_in_directory IS NULL"))
    conn.execute(sa.text("UPDATE users SET newsletter_publish_name = false WHERE newsletter_publish_name IS NULL"))
    conn.execute(sa.text("UPDATE users SET newsletter_publish_birthday = false WHERE newsletter_publish_birthday IS NULL"))
    conn.execute(sa.text("UPDATE users SET newsletter_publish_photo = false WHERE newsletter_publish_photo IS NULL"))
    conn.execute(sa.text("UPDATE users SET newsletter_publish_none = false WHERE newsletter_publish_none IS NULL"))
    conn.execute(sa.text("UPDATE users SET force_password_change = false WHERE force_password_change IS NULL"))
    conn.execute(sa.text("UPDATE users SET scholarship_requested = false WHERE scholarship_requested IS NULL"))
    conn.execute(sa.text("UPDATE users SET accepts_tos = false WHERE accepts_tos IS NULL"))
    # Check how many rows were updated
    null_check = conn.execute(sa.text("""
        SELECT
            COUNT(*) FILTER (WHERE address = '') as address_filled,
            COUNT(*) FILTER (WHERE date_of_birth = '1900-01-01'::timestamp) as dob_filled
        FROM users
    """)).fetchone()
    print(f"  ✓ Filled NULLs: {null_check[0]} addresses, {null_check[1]} dates of birth")
    # Now safe to set NOT NULL constraints
    op.alter_column('users', 'address', nullable=False)
    op.alter_column('users', 'city', nullable=False)
    op.alter_column('users', 'state', nullable=False)
    op.alter_column('users', 'zipcode', nullable=False)
    op.alter_column('users', 'phone', nullable=False)
    op.alter_column('users', 'date_of_birth', nullable=False)
    op.alter_column('users', 'show_in_directory', nullable=False)
    op.alter_column('users', 'newsletter_publish_name', nullable=False)
    op.alter_column('users', 'newsletter_publish_birthday', nullable=False)
    op.alter_column('users', 'newsletter_publish_photo', nullable=False)
    op.alter_column('users', 'newsletter_publish_none', nullable=False)
    op.alter_column('users', 'force_password_change', nullable=False)
    op.alter_column('users', 'scholarship_requested', nullable=False)
    op.alter_column('users', 'accepts_tos', nullable=False)
    print("  ✓ Set NOT NULL constraints")
    # ============================================================
    # 2. FIX DONATIONS TABLE
    # ============================================================
    print("\n[2/14] Fixing donations table...")
    donations_columns = {col['name'] for col in inspector.get_columns('donations')}
    # Remove PROD-only columns
    if 'is_anonymous' in donations_columns:
        op.drop_column('donations', 'is_anonymous')
        print("  ✓ Removed donations.is_anonymous (PROD-only)")
    if 'completed_at' in donations_columns:
        op.drop_column('donations', 'completed_at')
        print("  ✓ Removed donations.completed_at (PROD-only)")
    if 'message' in donations_columns:
        op.drop_column('donations', 'message')
        print("  ✓ Removed donations.message (PROD-only)")
    try:
        op.alter_column('donations', 'donor_email', type_=sa.String(), postgresql_using='donor_email::varchar')
        op.alter_column('donations', 'donor_name', type_=sa.String(), postgresql_using='donor_name::varchar')
        op.alter_column('donations', 'stripe_payment_intent_id', type_=sa.String(), postgresql_using='stripe_payment_intent_id::varchar')
        print("  ✓ Changed VARCHAR(n) to VARCHAR")
    except Exception as e:
        print(f"  ⚠️  Warning: Type conversion failed: {e}")
    # ============================================================
    # 3. FIX SUBSCRIPTIONS TABLE
    # ============================================================
    print("\n[3/14] Fixing subscriptions table...")
    subscriptions_columns = {col['name'] for col in inspector.get_columns('subscriptions')}
    # Remove PROD-only columns
    if 'cancel_at_period_end' in subscriptions_columns:
        op.drop_column('subscriptions', 'cancel_at_period_end')
        print("  ✓ Removed subscriptions.cancel_at_period_end (PROD-only)")
    if 'canceled_at' in subscriptions_columns:
        op.drop_column('subscriptions', 'canceled_at')
        print("  ✓ Removed subscriptions.canceled_at (PROD-only)")
    if 'current_period_start' in subscriptions_columns:
        op.drop_column('subscriptions', 'current_period_start')
        print("  ✓ Removed subscriptions.current_period_start (PROD-only)")
    if 'current_period_end' in subscriptions_columns:
        op.drop_column('subscriptions', 'current_period_end')
        print("  ✓ Removed subscriptions.current_period_end (PROD-only)")
    try:
        op.alter_column('subscriptions', 'stripe_subscription_id', type_=sa.String(), postgresql_using='stripe_subscription_id::varchar')
        op.alter_column('subscriptions', 'stripe_customer_id', type_=sa.String(), postgresql_using='stripe_customer_id::varchar')
        op.alter_column('subscriptions', 'payment_method', type_=sa.String(), postgresql_using='payment_method::varchar')
        print("  ✓ Changed VARCHAR(n) to VARCHAR")
    except Exception as e:
        print(f"  ⚠️  Warning: Type conversion failed: {e}")
    # Fix nullable constraints
    op.alter_column('subscriptions', 'start_date', nullable=False)
    op.alter_column('subscriptions', 'manual_payment', nullable=False)
    op.alter_column('subscriptions', 'donation_cents', nullable=False)
    op.alter_column('subscriptions', 'base_subscription_cents', nullable=False)
    print("  ✓ Fixed nullable constraints")
    # ============================================================
    # 4. FIX STORAGE_USAGE TABLE
    # ============================================================
    print("\n[4/14] Fixing storage_usage table...")
    storage_columns = {col['name'] for col in inspector.get_columns('storage_usage')}
    # Remove PROD-only columns
    if 'created_at' in storage_columns:
        op.drop_column('storage_usage', 'created_at')
        print("  ✓ Removed storage_usage.created_at (PROD-only)")
    if 'updated_at' in storage_columns:
        op.drop_column('storage_usage', 'updated_at')
        print("  ✓ Removed storage_usage.updated_at (PROD-only)")
    op.alter_column('storage_usage', 'max_bytes_allowed', nullable=False)
    print("  ✓ Fixed nullable constraint")
    # ============================================================
    # 5. FIX EVENT_GALLERIES TABLE (Add missing DEV columns)
    # ============================================================
    print("\n[5/14] Fixing event_galleries table...")
    event_galleries_columns = {col['name'] for col in inspector.get_columns('event_galleries')}
    # Add DEV-only columns (exist in models.py but not in PROD)
    if 'image_key' not in event_galleries_columns:
        op.add_column('event_galleries', sa.Column('image_key', sa.String(), nullable=False, server_default=''))
        print("  ✓ Added event_galleries.image_key")
    if 'file_size_bytes' not in event_galleries_columns:
        op.add_column('event_galleries', sa.Column('file_size_bytes', sa.Integer(), nullable=False, server_default='0'))
        print("  ✓ Added event_galleries.file_size_bytes")
    try:
        op.alter_column('event_galleries', 'image_url', type_=sa.String(), postgresql_using='image_url::varchar')
        print("  ✓ Changed TEXT to VARCHAR")
    except Exception as e:
        print(f"  ⚠️  Warning: Type conversion failed: {e}")
    # Note: uploaded_by column already has correct nullable=False in both DEV and PROD
    # ============================================================
    # 6. FIX BYLAWS_DOCUMENTS TABLE
    # ============================================================
    print("\n[6/14] Fixing bylaws_documents table...")
    bylaws_columns = {col['name'] for col in inspector.get_columns('bylaws_documents')}
    # Remove PROD-only column
    if 'updated_at' in bylaws_columns:
        op.drop_column('bylaws_documents', 'updated_at')
        print("  ✓ Removed bylaws_documents.updated_at (PROD-only)")
    try:
        op.alter_column('bylaws_documents', 'title', type_=sa.String(), postgresql_using='title::varchar')
        op.alter_column('bylaws_documents', 'version', type_=sa.String(), postgresql_using='version::varchar')
        op.alter_column('bylaws_documents', 'document_url', type_=sa.String(), postgresql_using='document_url::varchar')
        op.alter_column('bylaws_documents', 'document_type', type_=sa.String(), postgresql_using='document_type::varchar')
        print("  ✓ Changed column types")
    except Exception as e:
        print(f"  ⚠️  Warning: Type conversion failed: {e}")
    op.alter_column('bylaws_documents', 'document_type', nullable=True)
    print("  ✓ Fixed nullable constraint")
    # ============================================================
    # 7. FIX EVENTS TABLE
    # ============================================================
    print("\n[7/14] Fixing events table...")
    try:
        op.alter_column('events', 'title', type_=sa.String(), postgresql_using='title::varchar')
        op.alter_column('events', 'location', type_=sa.String(), postgresql_using='location::varchar')
        op.alter_column('events', 'calendar_uid', type_=sa.String(), postgresql_using='calendar_uid::varchar')
        print("  ✓ Changed VARCHAR(n) to VARCHAR")
    except Exception as e:
        print(f"  ⚠️  Warning: {e}")
    op.alter_column('events', 'location', nullable=False)
    op.alter_column('events', 'created_by', nullable=False)
    print("  ✓ Fixed nullable constraints")
    # ============================================================
    # 8. FIX PERMISSIONS TABLE
    # ============================================================
    print("\n[8/14] Fixing permissions table...")
    try:
        op.alter_column('permissions', 'code', type_=sa.String(), postgresql_using='code::varchar')
        op.alter_column('permissions', 'name', type_=sa.String(), postgresql_using='name::varchar')
        op.alter_column('permissions', 'module', type_=sa.String(), postgresql_using='module::varchar')
        print("  ✓ Changed VARCHAR(n) to VARCHAR")
    except Exception as e:
        print(f"  ⚠️  Warning: {e}")
    op.alter_column('permissions', 'module', nullable=False)
    print("  ✓ Fixed nullable constraint")
    # ============================================================
    # 9. FIX ROLES TABLE
    # ============================================================
    print("\n[9/14] Fixing roles table...")
    try:
        op.alter_column('roles', 'code', type_=sa.String(), postgresql_using='code::varchar')
        op.alter_column('roles', 'name', type_=sa.String(), postgresql_using='name::varchar')
        print("  ✓ Changed VARCHAR(n) to VARCHAR")
    except Exception as e:
        print(f"  ⚠️  Warning: {e}")
    op.alter_column('roles', 'is_system_role', nullable=False)
    print("  ✓ Fixed nullable constraint")
    # ============================================================
    # 10. FIX USER_INVITATIONS TABLE
    # ============================================================
    print("\n[10/14] Fixing user_invitations table...")
    try:
        op.alter_column('user_invitations', 'email', type_=sa.String(), postgresql_using='email::varchar')
        op.alter_column('user_invitations', 'token', type_=sa.String(), postgresql_using='token::varchar')
        print("  ✓ Changed VARCHAR(n) to VARCHAR")
    except Exception as e:
        print(f"  ⚠️  Warning: {e}")
    op.alter_column('user_invitations', 'invited_at', nullable=False)
    print("  ✓ Fixed nullable constraint")
    # ============================================================
    # 11. FIX NEWSLETTER_ARCHIVES TABLE
    # ============================================================
    print("\n[11/14] Fixing newsletter_archives table...")
    try:
        op.alter_column('newsletter_archives', 'title', type_=sa.String(), postgresql_using='title::varchar')
        op.alter_column('newsletter_archives', 'document_url', type_=sa.String(), postgresql_using='document_url::varchar')
        op.alter_column('newsletter_archives', 'document_type', type_=sa.String(), postgresql_using='document_type::varchar')
        print("  ✓ Changed column types")
    except Exception as e:
        print(f"  ⚠️  Warning: {e}")
    op.alter_column('newsletter_archives', 'document_type', nullable=True)
    print("  ✓ Fixed nullable constraint")
    # ============================================================
    # 12. FIX FINANCIAL_REPORTS TABLE
    # ============================================================
    print("\n[12/14] Fixing financial_reports table...")
    try:
        op.alter_column('financial_reports', 'title', type_=sa.String(), postgresql_using='title::varchar')
        op.alter_column('financial_reports', 'document_url', type_=sa.String(), postgresql_using='document_url::varchar')
        op.alter_column('financial_reports', 'document_type', type_=sa.String(), postgresql_using='document_type::varchar')
        print("  ✓ Changed column types")
    except Exception as e:
        print(f"  ⚠️  Warning: {e}")
    op.alter_column('financial_reports', 'document_type', nullable=True)
    print("  ✓ Fixed nullable constraint")
    # ============================================================
    # 13. FIX IMPORT_JOBS TABLE
    # ============================================================
    print("\n[13/14] Fixing import_jobs table...")
    try:
        op.alter_column('import_jobs', 'filename', type_=sa.String(), postgresql_using='filename::varchar')
        op.alter_column('import_jobs', 'file_key', type_=sa.String(), postgresql_using='file_key::varchar')
        print("  ✓ Changed VARCHAR(n) to VARCHAR")
        # Change JSONB to JSON
        op.alter_column('import_jobs', 'errors', type_=JSON(), postgresql_using='errors::json')
        print("  ✓ Changed errors JSONB to JSON")
    except Exception as e:
        print(f"  ⚠️  Warning: {e}")
    # Fix nullable constraints
    op.alter_column('import_jobs', 'processed_rows', nullable=False)
    op.alter_column('import_jobs', 'successful_rows', nullable=False)
    op.alter_column('import_jobs', 'failed_rows', nullable=False)
    op.alter_column('import_jobs', 'errors', nullable=False)
    op.alter_column('import_jobs', 'started_at', nullable=False)
    print("  ✓ Fixed nullable constraints")
    # ============================================================
    # 14. FIX SUBSCRIPTION_PLANS TABLE
    # ============================================================
    print("\n[14/14] Fixing subscription_plans table...")
    try:
        op.alter_column('subscription_plans', 'name', type_=sa.String(), postgresql_using='name::varchar')
        op.alter_column('subscription_plans', 'billing_cycle', type_=sa.String(), postgresql_using='billing_cycle::varchar')
        op.alter_column('subscription_plans', 'stripe_price_id', type_=sa.String(), postgresql_using='stripe_price_id::varchar')
        print("  ✓ Changed VARCHAR(n) to VARCHAR")
    except Exception as e:
        print(f"  ⚠️  Warning: {e}")
    op.alter_column('subscription_plans', 'minimum_price_cents', nullable=False)
    print("  ✓ Fixed nullable constraint")
    print("\n✅ Schema alignment complete! PROD now matches DEV (source of truth)")
 def downgrade() -> None:
    """Revert alignment changes (not recommended)"""
    print("⚠️  Downgrade not supported for alignment migration")
    print("   To revert, restore from backup")
    pass
--- a/alembic/versions/012_fix_remaining_differences.py
+++ b/alembic/versions/012_fix_remaining_differences.py
@@ -1,170 +0,0 @@
 """fix_remaining_differences
 Revision ID: 012_fix_remaining
 Revises: 011_align_prod_dev
 Create Date: 2026-01-05
 Fixes the last 5 schema differences found after migration 011:
 1-2. import_rollback_audit nullable constraints (PROD)
 3-4. role_permissions type and nullable (PROD)
 5. UserStatus enum values (DEV - remove deprecated values)
 """
 from typing import Sequence, Union
 from alembic import op
 import sqlalchemy as sa
 from sqlalchemy.dialects.postgresql import ENUM
 # revision identifiers, used by Alembic.
 revision: str = '012_fix_remaining'
 down_revision: Union[str, None] = '011_align_prod_dev'
 branch_labels: Union[str, Sequence[str], None] = None
 depends_on: Union[str, Sequence[str], None] = None
 def upgrade() -> None:
    """Fix remaining schema differences"""
    from sqlalchemy import inspect
    conn = op.get_bind()
    inspector = inspect(conn)
    print("Fixing remaining schema differences...")
    # ============================================================
    # 1. FIX IMPORT_ROLLBACK_AUDIT TABLE (PROD only)
    # ============================================================
    print("\n[1/3] Fixing import_rollback_audit nullable constraints...")
    # Check if there are any NULL values first
    try:
        null_count = conn.execute(sa.text("""
            SELECT COUNT(*) FROM import_rollback_audit
            WHERE created_at IS NULL OR rolled_back_at IS NULL
        """)).scalar()
        if null_count > 0:
            # Fill NULLs with current timestamp
            conn.execute(sa.text("""
                UPDATE import_rollback_audit
                SET created_at = NOW() WHERE created_at IS NULL
            """))
            conn.execute(sa.text("""
                UPDATE import_rollback_audit
                SET rolled_back_at = NOW() WHERE rolled_back_at IS NULL
            """))
            print(f"  ✓ Filled {null_count} NULL timestamps")
        # Now set NOT NULL
        op.alter_column('import_rollback_audit', 'created_at', nullable=False)
        op.alter_column('import_rollback_audit', 'rolled_back_at', nullable=False)
        print("  ✓ Set NOT NULL constraints")
    except Exception as e:
        print(f"  ⚠️  Warning: {e}")
    # ============================================================
    # 2. FIX ROLE_PERMISSIONS TABLE (PROD only)
    # ============================================================
    print("\n[2/3] Fixing role_permissions.role type and nullable...")
    try:
        # Change VARCHAR(50) to VARCHAR(10) to match UserRole enum
        op.alter_column('role_permissions', 'role',
                       type_=sa.String(10),
                       postgresql_using='role::varchar(10)')
        print("  ✓ Changed VARCHAR(50) to VARCHAR(10)")
        # Set NOT NULL
        op.alter_column('role_permissions', 'role', nullable=False)
        print("  ✓ Set NOT NULL constraint")
    except Exception as e:
        print(f"  ⚠️  Warning: {e}")
    # ============================================================
    # 3. FIX USERSTATUS ENUM (DEV only - remove deprecated values)
    # ============================================================
    print("\n[3/3] Fixing UserStatus enum values...")
    try:
        # First, check if the enum has deprecated values
        enum_values = conn.execute(sa.text("""
            SELECT enumlabel
            FROM pg_enum
            WHERE enumtypid = (
                SELECT oid FROM pg_type WHERE typname = 'userstatus'
            )
        """)).fetchall()
        enum_values_list = [row[0] for row in enum_values]
        has_deprecated = 'pending_approval' in enum_values_list or 'pre_approved' in enum_values_list
        if not has_deprecated:
            print("  ✓ UserStatus enum already correct (no deprecated values)")
        else:
            print("  ⏳ Found deprecated enum values, migrating...")
            # Check if any users have deprecated status values
            deprecated_count = conn.execute(sa.text("""
                SELECT COUNT(*) FROM users
                WHERE status IN ('pending_approval', 'pre_approved')
            """)).scalar()
            if deprecated_count > 0:
                print(f"  ⏳ Migrating {deprecated_count} users with deprecated status values...")
                # Migrate deprecated values to new equivalents
                conn.execute(sa.text("""
                    UPDATE users
                    SET status = 'pre_validated'
                    WHERE status = 'pre_approved'
                """))
                conn.execute(sa.text("""
                    UPDATE users
                    SET status = 'payment_pending'
                    WHERE status = 'pending_approval'
                """))
                print("  ✓ Migrated deprecated status values")
            else:
                print("  ✓ No users with deprecated status values")
            # Now remove deprecated enum values
            # PostgreSQL doesn't support removing enum values directly,
            # so we need to recreate the enum
            conn.execute(sa.text("""
                -- Create new enum with correct values (matches models.py)
                CREATE TYPE userstatus_new AS ENUM (
                    'pending_email',
                    'pending_validation',
                    'pre_validated',
                    'payment_pending',
                    'active',
                    'inactive',
                    'canceled',
                    'expired',
                    'rejected',
                    'abandoned'
                );
                -- Update column to use new enum
                ALTER TABLE users
                ALTER COLUMN status TYPE userstatus_new
                USING status::text::userstatus_new;
                -- Drop old enum and rename new one
                DROP TYPE userstatus;
                ALTER TYPE userstatus_new RENAME TO userstatus;
            """))
            print("  ✓ Updated UserStatus enum (removed deprecated values)")
    except Exception as e:
        print(f"  ⚠️  Warning: Enum update failed (may already be correct): {e}")
    print("\n✅ All remaining differences fixed!")
 def downgrade() -> None:
    """Revert fixes (not recommended)"""
    print("⚠️  Downgrade not supported")
    pass
--- a/alembic/versions/013_sync_role_permissions.py
+++ b/alembic/versions/013_sync_role_permissions.py
@@ -1,147 +0,0 @@
 """sync_role_permissions
 Revision ID: 013_sync_permissions
 Revises: 012_fix_remaining
 Create Date: 2026-01-05
 Syncs role_permissions between DEV and PROD bidirectionally.
 - Adds 18 DEV-only permissions to PROD (new features)
 - Adds 6 PROD-only permissions to DEV (operational/security)
 Result: Both environments have identical 142 permission mappings
 """
 from typing import Sequence, Union
 from alembic import op
 import sqlalchemy as sa
 # revision identifiers, used by Alembic.
 revision: str = '013_sync_permissions'
 down_revision: Union[str, None] = '012_fix_remaining'
 branch_labels: Union[str, Sequence[str], None] = None
 depends_on: Union[str, Sequence[str], None] = None
 def upgrade() -> None:
    """Sync role_permissions bidirectionally"""
    from sqlalchemy import text
    conn = op.get_bind()
    print("Syncing role_permissions between environments...")
    # ============================================================
    # STEP 1: Add missing permissions to ensure all exist
    # ============================================================
    print("\n[1/2] Ensuring all permissions exist...")
    # Permissions that should exist (union of both environments)
    all_permissions = [
        # From DEV-only list
        ('donations.export', 'Export Donations', 'donations'),
        ('donations.view', 'View Donations', 'donations'),
        ('financials.create', 'Create Financial Reports', 'financials'),
        ('financials.delete', 'Delete Financial Reports', 'financials'),
        ('financials.edit', 'Edit Financial Reports', 'financials'),
        ('financials.export', 'Export Financial Reports', 'financials'),
        ('financials.payments', 'Manage Financial Payments', 'financials'),
        ('settings.edit', 'Edit Settings', 'settings'),
        ('settings.email_templates', 'Manage Email Templates', 'settings'),
        ('subscriptions.activate', 'Activate Subscriptions', 'subscriptions'),
        ('subscriptions.cancel', 'Cancel Subscriptions', 'subscriptions'),
        ('subscriptions.create', 'Create Subscriptions', 'subscriptions'),
        ('subscriptions.edit', 'Edit Subscriptions', 'subscriptions'),
        ('subscriptions.export', 'Export Subscriptions', 'subscriptions'),
        ('subscriptions.plans', 'Manage Subscription Plans', 'subscriptions'),
        ('subscriptions.view', 'View Subscriptions', 'subscriptions'),
        ('events.calendar_export', 'Export Event Calendar', 'events'),
        ('events.rsvps', 'View Event RSVPs', 'events'),
        # From PROD-only list
        ('permissions.audit', 'Audit Permissions', 'permissions'),
        ('permissions.view', 'View Permissions', 'permissions'),
        ('settings.backup', 'Manage Backups', 'settings'),
    ]
    for code, name, module in all_permissions:
        # Insert if not exists
        conn.execute(text(f"""
            INSERT INTO permissions (id, code, name, description, module, created_at)
            SELECT
                gen_random_uuid(),
                '{code}',
                '{name}',
                '{name}',
                '{module}',
                NOW()
            WHERE NOT EXISTS (
                SELECT 1 FROM permissions WHERE code = '{code}'
            )
        """))
    print("  ✓ Ensured all permissions exist")
    # ============================================================
    # STEP 2: Add missing role-permission mappings
    # ============================================================
    print("\n[2/2] Adding missing role-permission mappings...")
    # Mappings that should exist (union of both environments)
    role_permission_mappings = [
        # DEV-only (add to PROD)
        ('admin', 'donations.export'),
        ('admin', 'donations.view'),
        ('admin', 'financials.create'),
        ('admin', 'financials.delete'),
        ('admin', 'financials.edit'),
        ('admin', 'financials.export'),
        ('admin', 'financials.payments'),
        ('admin', 'settings.edit'),
        ('admin', 'settings.email_templates'),
        ('admin', 'subscriptions.activate'),
        ('admin', 'subscriptions.cancel'),
        ('admin', 'subscriptions.create'),
        ('admin', 'subscriptions.edit'),
        ('admin', 'subscriptions.export'),
        ('admin', 'subscriptions.plans'),
        ('admin', 'subscriptions.view'),
        ('member', 'events.calendar_export'),
        ('member', 'events.rsvps'),
        # PROD-only (add to DEV)
        ('admin', 'permissions.audit'),
        ('admin', 'permissions.view'),
        ('admin', 'settings.backup'),
        ('finance', 'bylaws.view'),
        ('finance', 'events.view'),
        ('finance', 'newsletters.view'),
    ]
    added_count = 0
    for role, perm_code in role_permission_mappings:
        result = conn.execute(text(f"""
            INSERT INTO role_permissions (id, role, permission_id, created_at)
            SELECT
                gen_random_uuid(),
                '{role}',
                p.id,
                NOW()
            FROM permissions p
            WHERE p.code = '{perm_code}'
            AND NOT EXISTS (
                SELECT 1 FROM role_permissions rp
                WHERE rp.role = '{role}'
                AND rp.permission_id = p.id
            )
            RETURNING id
        """))
        if result.rowcount > 0:
            added_count += 1
    print(f"  ✓ Added {added_count} missing role-permission mappings")
    # Verify final count
    final_count = conn.execute(text("SELECT COUNT(*) FROM role_permissions")).scalar()
    print(f"\n✅ Role-permission mappings synchronized: {final_count} total")
 def downgrade() -> None:
    """Revert sync (not recommended)"""
    print("⚠️  Downgrade not supported - permissions are additive")
    pass
--- a/alembic/versions/014_add_custom_registration_data.py
+++ b/alembic/versions/014_add_custom_registration_data.py
@@ -1,39 +0,0 @@
 """add_custom_registration_data
 Revision ID: 014_custom_registration
 Revises: a1b2c3d4e5f6
 Create Date: 2026-02-01 10:00:00.000000
 """
 from typing import Sequence, Union
 from alembic import op
 import sqlalchemy as sa
 # revision identifiers, used by Alembic.
 revision: str = '014_custom_registration'
 down_revision: Union[str, None] = 'a1b2c3d4e5f6'
 branch_labels: Union[str, Sequence[str], None] = None
 depends_on: Union[str, Sequence[str], None] = None
 def upgrade() -> None:
    # Add custom_registration_data column to users table
    # This stores dynamic registration field responses as JSON
    op.add_column('users', sa.Column(
        'custom_registration_data',
        sa.JSON,
        nullable=False,
        server_default='{}'
    ))
    # Add comment for documentation
    op.execute("""
        COMMENT ON COLUMN users.custom_registration_data IS
        'Dynamic registration field responses stored as JSON for custom form fields';
    """)
 def downgrade() -> None:
    op.drop_column('users', 'custom_registration_data')
--- a/alembic/versions/4fa11836f7fd_add_role_audit_fields.py
+++ b/alembic/versions/4fa11836f7fd_add_role_audit_fields.py
@@ -1,48 +0,0 @@
 """add_role_audit_fields
 Revision ID: 4fa11836f7fd
 Revises: 013_sync_permissions
 Create Date: 2026-01-16 17:21:40.514605
 """
 from typing import Sequence, Union
 from alembic import op
 import sqlalchemy as sa
 from sqlalchemy.dialects.postgresql import UUID
 # revision identifiers, used by Alembic.
 revision: str = '4fa11836f7fd'
 down_revision: Union[str, None] = '013_sync_permissions'
 branch_labels: Union[str, Sequence[str], None] = None
 depends_on: Union[str, Sequence[str], None] = None
 def upgrade() -> None:
    # Add role audit trail columns
    op.add_column('users', sa.Column('role_changed_at', sa.DateTime(timezone=True), nullable=True))
    op.add_column('users', sa.Column('role_changed_by', UUID(as_uuid=True), nullable=True))
    # Create foreign key constraint to track who changed the role
    op.create_foreign_key(
        'fk_users_role_changed_by',
        'users', 'users',
        ['role_changed_by'], ['id'],
        ondelete='SET NULL'
    )
    # Create index for efficient querying by role change date
    op.create_index('idx_users_role_changed_at', 'users', ['role_changed_at'])
 def downgrade() -> None:
    # Drop index first
    op.drop_index('idx_users_role_changed_at')
    # Drop foreign key constraint
    op.drop_constraint('fk_users_role_changed_by', 'users', type_='foreignkey')
    # Drop columns
    op.drop_column('users', 'role_changed_by')
    op.drop_column('users', 'role_changed_at')
--- a/alembic/versions/956ea1628264_add_stripe_transaction_metadata.py
+++ b/alembic/versions/956ea1628264_add_stripe_transaction_metadata.py
@@ -1,76 +0,0 @@
 """add_stripe_transaction_metadata
 Revision ID: 956ea1628264
 Revises: ec4cb4a49cde
 Create Date: 2026-01-20 22:00:01.806931
 """
 from typing import Sequence, Union
 from alembic import op
 import sqlalchemy as sa
 # revision identifiers, used by Alembic.
 revision: str = '956ea1628264'
 down_revision: Union[str, None] = 'ec4cb4a49cde'
 branch_labels: Union[str, Sequence[str], None] = None
 depends_on: Union[str, Sequence[str], None] = None
 def upgrade() -> None:
    # Add Stripe transaction metadata to subscriptions table
    op.add_column('subscriptions', sa.Column('stripe_payment_intent_id', sa.String(), nullable=True))
    op.add_column('subscriptions', sa.Column('stripe_charge_id', sa.String(), nullable=True))
    op.add_column('subscriptions', sa.Column('stripe_invoice_id', sa.String(), nullable=True))
    op.add_column('subscriptions', sa.Column('payment_completed_at', sa.DateTime(timezone=True), nullable=True))
    op.add_column('subscriptions', sa.Column('card_last4', sa.String(4), nullable=True))
    op.add_column('subscriptions', sa.Column('card_brand', sa.String(20), nullable=True))
    op.add_column('subscriptions', sa.Column('stripe_receipt_url', sa.String(), nullable=True))
    # Add indexes for Stripe transaction IDs in subscriptions
    op.create_index('idx_subscriptions_payment_intent', 'subscriptions', ['stripe_payment_intent_id'])
    op.create_index('idx_subscriptions_charge_id', 'subscriptions', ['stripe_charge_id'])
    op.create_index('idx_subscriptions_invoice_id', 'subscriptions', ['stripe_invoice_id'])
    # Add Stripe transaction metadata to donations table
    op.add_column('donations', sa.Column('stripe_charge_id', sa.String(), nullable=True))
    op.add_column('donations', sa.Column('stripe_customer_id', sa.String(), nullable=True))
    op.add_column('donations', sa.Column('payment_completed_at', sa.DateTime(timezone=True), nullable=True))
    op.add_column('donations', sa.Column('card_last4', sa.String(4), nullable=True))
    op.add_column('donations', sa.Column('card_brand', sa.String(20), nullable=True))
    op.add_column('donations', sa.Column('stripe_receipt_url', sa.String(), nullable=True))
    # Add indexes for Stripe transaction IDs in donations
    op.create_index('idx_donations_payment_intent', 'donations', ['stripe_payment_intent_id'])
    op.create_index('idx_donations_charge_id', 'donations', ['stripe_charge_id'])
    op.create_index('idx_donations_customer_id', 'donations', ['stripe_customer_id'])
 def downgrade() -> None:
    # Remove indexes from donations
    op.drop_index('idx_donations_customer_id', table_name='donations')
    op.drop_index('idx_donations_charge_id', table_name='donations')
    op.drop_index('idx_donations_payment_intent', table_name='donations')
    # Remove columns from donations
    op.drop_column('donations', 'stripe_receipt_url')
    op.drop_column('donations', 'card_brand')
    op.drop_column('donations', 'card_last4')
    op.drop_column('donations', 'payment_completed_at')
    op.drop_column('donations', 'stripe_customer_id')
    op.drop_column('donations', 'stripe_charge_id')
    # Remove indexes from subscriptions
    op.drop_index('idx_subscriptions_invoice_id', table_name='subscriptions')
    op.drop_index('idx_subscriptions_charge_id', table_name='subscriptions')
    op.drop_index('idx_subscriptions_payment_intent', table_name='subscriptions')
    # Remove columns from subscriptions
    op.drop_column('subscriptions', 'stripe_receipt_url')
    op.drop_column('subscriptions', 'card_brand')
    op.drop_column('subscriptions', 'card_last4')
    op.drop_column('subscriptions', 'payment_completed_at')
    op.drop_column('subscriptions', 'stripe_invoice_id')
    op.drop_column('subscriptions', 'stripe_charge_id')
    op.drop_column('subscriptions', 'stripe_payment_intent_id')
--- a/alembic/versions/add_payment_methods.py
+++ b/alembic/versions/add_payment_methods.py
@@ -1,100 +0,0 @@
 """add_payment_methods
 Revision ID: a1b2c3d4e5f6
 Revises: 956ea1628264
 Create Date: 2026-01-30 10:00:00.000000
 """
 from typing import Sequence, Union
 from alembic import op
 import sqlalchemy as sa
 from sqlalchemy.dialects import postgresql
 # revision identifiers, used by Alembic.
 revision: str = 'a1b2c3d4e5f6'
 down_revision: Union[str, None] = '956ea1628264'
 branch_labels: Union[str, Sequence[str], None] = None
 depends_on: Union[str, Sequence[str], None] = None
 def upgrade() -> None:
    conn = op.get_bind()
    # Create PaymentMethodType enum
    paymentmethodtype = postgresql.ENUM(
        'card', 'cash', 'bank_transfer', 'check',
        name='paymentmethodtype',
        create_type=False
    )
    paymentmethodtype.create(conn, checkfirst=True)
    # Check if stripe_customer_id column exists on users table
    result = conn.execute(sa.text("""
        SELECT column_name FROM information_schema.columns
        WHERE table_name = 'users' AND column_name = 'stripe_customer_id'
    """))
    if result.fetchone() is None:
        # Add stripe_customer_id to users table
        op.add_column('users', sa.Column(
            'stripe_customer_id',
            sa.String(),
            nullable=True,
            comment='Stripe Customer ID for payment method management'
        ))
        op.create_index('ix_users_stripe_customer_id', 'users', ['stripe_customer_id'])
    # Check if payment_methods table exists
    result = conn.execute(sa.text("""
        SELECT table_name FROM information_schema.tables
        WHERE table_name = 'payment_methods'
    """))
    if result.fetchone() is None:
        # Create payment_methods table
        op.create_table(
            'payment_methods',
            sa.Column('id', postgresql.UUID(as_uuid=True), primary_key=True),
            sa.Column('user_id', postgresql.UUID(as_uuid=True), sa.ForeignKey('users.id', ondelete='CASCADE'), nullable=False),
            sa.Column('stripe_payment_method_id', sa.String(), nullable=True, unique=True, comment='Stripe pm_xxx reference'),
            sa.Column('card_brand', sa.String(20), nullable=True, comment='Card brand: visa, mastercard, amex, etc.'),
            sa.Column('card_last4', sa.String(4), nullable=True, comment='Last 4 digits of card'),
            sa.Column('card_exp_month', sa.Integer(), nullable=True, comment='Card expiration month'),
            sa.Column('card_exp_year', sa.Integer(), nullable=True, comment='Card expiration year'),
            sa.Column('card_funding', sa.String(20), nullable=True, comment='Card funding type: credit, debit, prepaid'),
            sa.Column('payment_type', paymentmethodtype, nullable=False, server_default='card'),
            sa.Column('is_default', sa.Boolean(), nullable=False, server_default='false', comment='Whether this is the default payment method for auto-renewals'),
            sa.Column('is_active', sa.Boolean(), nullable=False, server_default='true', comment='Soft delete flag - False means removed'),
            sa.Column('is_manual', sa.Boolean(), nullable=False, server_default='false', comment='True for manually recorded methods (cash/check)'),
            sa.Column('manual_notes', sa.Text(), nullable=True, comment='Admin notes for manual payment methods'),
            sa.Column('created_by', postgresql.UUID(as_uuid=True), sa.ForeignKey('users.id', ondelete='SET NULL'), nullable=True, comment='Admin who added this on behalf of user'),
            sa.Column('created_at', sa.DateTime(timezone=True), nullable=False, server_default=sa.func.now()),
            sa.Column('updated_at', sa.DateTime(timezone=True), nullable=False, server_default=sa.func.now(), onupdate=sa.func.now()),
        )
        # Create indexes
        op.create_index('ix_payment_methods_user_id', 'payment_methods', ['user_id'])
        op.create_index('ix_payment_methods_stripe_pm_id', 'payment_methods', ['stripe_payment_method_id'])
        op.create_index('idx_payment_method_user_default', 'payment_methods', ['user_id', 'is_default'])
        op.create_index('idx_payment_method_active', 'payment_methods', ['user_id', 'is_active'])
 def downgrade() -> None:
    # Drop indexes
    op.drop_index('idx_payment_method_active', table_name='payment_methods')
    op.drop_index('idx_payment_method_user_default', table_name='payment_methods')
    op.drop_index('ix_payment_methods_stripe_pm_id', table_name='payment_methods')
    op.drop_index('ix_payment_methods_user_id', table_name='payment_methods')
    # Drop payment_methods table
    op.drop_table('payment_methods')
    # Drop stripe_customer_id from users
    op.drop_index('ix_users_stripe_customer_id', table_name='users')
    op.drop_column('users', 'stripe_customer_id')
    # Drop PaymentMethodType enum
    paymentmethodtype = postgresql.ENUM(
        'card', 'cash', 'bank_transfer', 'check',
        name='paymentmethodtype'
    )
    paymentmethodtype.drop(op.get_bind(), checkfirst=True)
--- a/alembic/versions/ec4cb4a49cde_add_system_settings_table.py
+++ b/alembic/versions/ec4cb4a49cde_add_system_settings_table.py
@@ -1,68 +0,0 @@
 """add_system_settings_table
 Revision ID: ec4cb4a49cde
 Revises: 4fa11836f7fd
 Create Date: 2026-01-16 18:16:00.283455
 """
 from typing import Sequence, Union
 from alembic import op
 import sqlalchemy as sa
 from sqlalchemy.dialects.postgresql import UUID
 # revision identifiers, used by Alembic.
 revision: str = 'ec4cb4a49cde'
 down_revision: Union[str, None] = '4fa11836f7fd'
 branch_labels: Union[str, Sequence[str], None] = None
 depends_on: Union[str, Sequence[str], None] = None
 def upgrade() -> None:
    # Create enum for setting types (only if not exists)
    op.execute("""
        DO $$ BEGIN
            CREATE TYPE settingtype AS ENUM ('plaintext', 'encrypted', 'json');
        EXCEPTION
            WHEN duplicate_object THEN null;
        END $$;
    """)
    # Create system_settings table
    op.execute("""
        CREATE TABLE system_settings (
            id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
            setting_key VARCHAR(100) UNIQUE NOT NULL,
            setting_value TEXT,
            setting_type settingtype NOT NULL DEFAULT 'plaintext'::settingtype,
            description TEXT,
            updated_by UUID REFERENCES users(id) ON DELETE SET NULL,
            created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP,
            updated_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP,
            is_sensitive BOOLEAN NOT NULL DEFAULT FALSE
        );
        COMMENT ON COLUMN system_settings.setting_key IS 'Unique setting identifier (e.g., stripe_secret_key)';
        COMMENT ON COLUMN system_settings.setting_value IS 'Setting value (encrypted if setting_type is encrypted)';
        COMMENT ON COLUMN system_settings.setting_type IS 'Type of setting: plaintext, encrypted, or json';
        COMMENT ON COLUMN system_settings.description IS 'Human-readable description of the setting';
        COMMENT ON COLUMN system_settings.updated_by IS 'User who last updated this setting';
        COMMENT ON COLUMN system_settings.is_sensitive IS 'Whether this setting contains sensitive data';
    """)
    # Create indexes
    op.create_index('idx_system_settings_key', 'system_settings', ['setting_key'])
    op.create_index('idx_system_settings_updated_at', 'system_settings', ['updated_at'])
 def downgrade() -> None:
    # Drop indexes
    op.drop_index('idx_system_settings_updated_at')
    op.drop_index('idx_system_settings_key')
    # Drop table
    op.drop_table('system_settings')
    # Drop enum
    op.execute('DROP TYPE IF EXISTS settingtype')
--- a/auth.py
+++ b/auth.py
@@ -128,7 +128,7 @@ async def get_current_admin_user(current_user: User = Depends(get_current_user))
    return current_user
 async def get_active_member(current_user: User = Depends(get_current_user)) -> User:
-    """Require user to be active member or staff with valid status"""
+    """Require user to be active member with valid payment"""
    from models import UserStatus
    if current_user.status != UserStatus.active:
@@ -138,7 +138,7 @@ async def get_active_member(current_user: User = Depends(get_current_user)) -> U
        )
    role_code = get_user_role_code(current_user)
-    if role_code not in ["member", "admin", "superadmin", "finance"]:
+    if role_code not in ["member", "admin", "superadmin"]:
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail="Member access only"
--- a/check_db_integrity.py
+++ b/check_db_integrity.py
@@ -1,345 +0,0 @@
 #!/usr/bin/env python3
 """
 Database Integrity Checker
 Compares schema and data integrity between development and production databases
 """
 import sys
 from sqlalchemy import create_engine, inspect, text
 from sqlalchemy.engine import reflection
 import json
 from collections import defaultdict
 # Database URLs
 DEV_DB = "postgresql://postgres:RchhcpaUKZuZuMOvB5kwCP1weLBnAG6tNMXE5FHdk8AwCvolBMALYFVYRM7WCl9x@10.9.23.11:5001/membership_demo"
 PROD_DB = "postgresql://postgres:fDv3fRvMgfPueDWDUxj27NJVaynsewIdh6b2Hb28tcvG3Ew6mhscASg2kulx4tr7@10.9.23.11:54321/loaf_new"
 def get_db_info(engine, label):
    """Get comprehensive database information"""
    inspector = inspect(engine)
    info = {
        'label': label,
        'tables': {},
        'indexes': {},
        'foreign_keys': {},
        'sequences': [],
        'enums': []
    }
    # Get all table names
    table_names = inspector.get_table_names()
    for table_name in table_names:
        # Get columns
        columns = inspector.get_columns(table_name)
        info['tables'][table_name] = {
            'columns': {
                col['name']: {
                    'type': str(col['type']),
                    'nullable': col['nullable'],
                    'default': str(col.get('default', None)),
                    'autoincrement': col.get('autoincrement', False)
                }
                for col in columns
            },
            'column_count': len(columns)
        }
        # Get primary keys
        pk = inspector.get_pk_constraint(table_name)
        info['tables'][table_name]['primary_key'] = pk.get('constrained_columns', [])
        # Get indexes
        indexes = inspector.get_indexes(table_name)
        info['indexes'][table_name] = [
            {
                'name': idx['name'],
                'columns': idx['column_names'],
                'unique': idx['unique']
            }
            for idx in indexes
        ]
        # Get foreign keys
        fks = inspector.get_foreign_keys(table_name)
        info['foreign_keys'][table_name] = [
            {
                'name': fk.get('name'),
                'columns': fk['constrained_columns'],
                'referred_table': fk['referred_table'],
                'referred_columns': fk['referred_columns']
            }
            for fk in fks
        ]
    # Get sequences
    with engine.connect() as conn:
        result = conn.execute(text("""
            SELECT sequence_name
            FROM information_schema.sequences
            WHERE sequence_schema = 'public'
        """))
        info['sequences'] = [row[0] for row in result]
        # Get enum types
        result = conn.execute(text("""
            SELECT t.typname as enum_name,
                   array_agg(e.enumlabel ORDER BY e.enumsortorder) as enum_values
            FROM pg_type t
            JOIN pg_enum e ON t.oid = e.enumtypid
            WHERE t.typnamespace = (SELECT oid FROM pg_namespace WHERE nspname = 'public')
            GROUP BY t.typname
        """))
        info['enums'] = {row[0]: row[1] for row in result}
    return info
 def compare_tables(dev_info, prod_info):
    """Compare tables between databases"""
    dev_tables = set(dev_info['tables'].keys())
    prod_tables = set(prod_info['tables'].keys())
    print("\n" + "="*80)
    print("TABLE COMPARISON")
    print("="*80)
    # Tables only in dev
    dev_only = dev_tables - prod_tables
    if dev_only:
        print(f"\n❌ Tables only in DEV ({len(dev_only)}):")
        for table in sorted(dev_only):
            print(f"   - {table}")
    # Tables only in prod
    prod_only = prod_tables - dev_tables
    if prod_only:
        print(f"\n❌ Tables only in PROD ({len(prod_only)}):")
        for table in sorted(prod_only):
            print(f"   - {table}")
    # Common tables
    common = dev_tables & prod_tables
    print(f"\n✅ Common tables: {len(common)}")
    return common
 def compare_columns(dev_info, prod_info, common_tables):
    """Compare columns for common tables"""
    print("\n" + "="*80)
    print("COLUMN COMPARISON")
    print("="*80)
    issues = []
    for table in sorted(common_tables):
        dev_cols = set(dev_info['tables'][table]['columns'].keys())
        prod_cols = set(prod_info['tables'][table]['columns'].keys())
        dev_only = dev_cols - prod_cols
        prod_only = prod_cols - dev_cols
        if dev_only or prod_only:
            print(f"\n⚠️  Table '{table}' has column differences:")
            if dev_only:
                print(f"   Columns only in DEV: {', '.join(sorted(dev_only))}")
                issues.append(f"{table}: DEV-only columns: {', '.join(dev_only)}")
            if prod_only:
                print(f"   Columns only in PROD: {', '.join(sorted(prod_only))}")
                issues.append(f"{table}: PROD-only columns: {', '.join(prod_only)}")
        # Compare column types for common columns
        common_cols = dev_cols & prod_cols
        for col in common_cols:
            dev_col = dev_info['tables'][table]['columns'][col]
            prod_col = prod_info['tables'][table]['columns'][col]
            if dev_col['type'] != prod_col['type']:
                print(f"   ⚠️  Column '{col}' type mismatch:")
                print(f"      DEV:  {dev_col['type']}")
                print(f"      PROD: {prod_col['type']}")
                issues.append(f"{table}.{col}: Type mismatch")
            if dev_col['nullable'] != prod_col['nullable']:
                print(f"   ⚠️  Column '{col}' nullable mismatch:")
                print(f"      DEV:  {dev_col['nullable']}")
                print(f"      PROD: {prod_col['nullable']}")
                issues.append(f"{table}.{col}: Nullable mismatch")
    if not issues:
        print("\n✅ All columns match between DEV and PROD")
    return issues
 def compare_enums(dev_info, prod_info):
    """Compare enum types"""
    print("\n" + "="*80)
    print("ENUM TYPE COMPARISON")
    print("="*80)
    dev_enums = set(dev_info['enums'].keys())
    prod_enums = set(prod_info['enums'].keys())
    dev_only = dev_enums - prod_enums
    prod_only = prod_enums - dev_enums
    issues = []
    if dev_only:
        print(f"\n❌ Enums only in DEV: {', '.join(sorted(dev_only))}")
        issues.extend([f"Enum '{e}' only in DEV" for e in dev_only])
    if prod_only:
        print(f"\n❌ Enums only in PROD: {', '.join(sorted(prod_only))}")
        issues.extend([f"Enum '{e}' only in PROD" for e in prod_only])
    # Compare enum values for common enums
    common = dev_enums & prod_enums
    for enum_name in sorted(common):
        dev_values = set(dev_info['enums'][enum_name])
        prod_values = set(prod_info['enums'][enum_name])
        if dev_values != prod_values:
            print(f"\n⚠️  Enum '{enum_name}' values differ:")
            print(f"   DEV:  {', '.join(sorted(dev_values))}")
            print(f"   PROD: {', '.join(sorted(prod_values))}")
            issues.append(f"Enum '{enum_name}' values differ")
    if not issues:
        print("\n✅ All enum types match")
    return issues
 def check_migration_history(dev_engine, prod_engine):
    """Check Alembic migration history"""
    print("\n" + "="*80)
    print("MIGRATION HISTORY")
    print("="*80)
    try:
        with dev_engine.connect() as dev_conn:
            dev_result = dev_conn.execute(text("SELECT version_num FROM alembic_version"))
            dev_version = dev_result.fetchone()
            dev_version = dev_version[0] if dev_version else None
        with prod_engine.connect() as prod_conn:
            prod_result = prod_conn.execute(text("SELECT version_num FROM alembic_version"))
            prod_version = prod_result.fetchone()
            prod_version = prod_version[0] if prod_version else None
        print(f"\nDEV migration version:  {dev_version}")
        print(f"PROD migration version: {prod_version}")
        if dev_version == prod_version:
            print("✅ Migration versions match")
            return []
        else:
            print("❌ Migration versions DO NOT match")
            return ["Migration versions differ"]
    except Exception as e:
        print(f"⚠️  Could not check migration history: {str(e)}")
        return [f"Migration check failed: {str(e)}"]
 def get_row_counts(engine, tables):
    """Get row counts for all tables"""
    counts = {}
    with engine.connect() as conn:
        for table in tables:
            result = conn.execute(text(f"SELECT COUNT(*) FROM {table}"))
            counts[table] = result.fetchone()[0]
    return counts
 def compare_data_counts(dev_engine, prod_engine, common_tables):
    """Compare row counts between databases"""
    print("\n" + "="*80)
    print("DATA ROW COUNTS")
    print("="*80)
    print("\nGetting DEV row counts...")
    dev_counts = get_row_counts(dev_engine, common_tables)
    print("Getting PROD row counts...")
    prod_counts = get_row_counts(prod_engine, common_tables)
    print(f"\n{'Table':<30} {'DEV':<15} {'PROD':<15} {'Diff':<15}")
    print("-" * 75)
    for table in sorted(common_tables):
        dev_count = dev_counts[table]
        prod_count = prod_counts[table]
        diff = dev_count - prod_count
        diff_str = f"+{diff}" if diff > 0 else str(diff)
        status = "⚠️ " if abs(diff) > 0 else "✅"
        print(f"{status} {table:<28} {dev_count:<15} {prod_count:<15} {diff_str:<15}")
 def main():
    print("\n" + "="*80)
    print("DATABASE INTEGRITY CHECKER")
    print("="*80)
    print(f"\nDEV:  {DEV_DB.split('@')[1]}")  # Hide password
    print(f"PROD: {PROD_DB.split('@')[1]}")
    try:
        # Connect to databases
        print("\n🔌 Connecting to databases...")
        dev_engine = create_engine(DEV_DB)
        prod_engine = create_engine(PROD_DB)
        # Test connections
        with dev_engine.connect() as conn:
            conn.execute(text("SELECT 1"))
        print("✅ Connected to DEV database")
        with prod_engine.connect() as conn:
            conn.execute(text("SELECT 1"))
        print("✅ Connected to PROD database")
        # Get database info
        print("\n📊 Gathering database information...")
        dev_info = get_db_info(dev_engine, "DEV")
        prod_info = get_db_info(prod_engine, "PROD")
        # Run comparisons
        all_issues = []
        common_tables = compare_tables(dev_info, prod_info)
        column_issues = compare_columns(dev_info, prod_info, common_tables)
        all_issues.extend(column_issues)
        enum_issues = compare_enums(dev_info, prod_info)
        all_issues.extend(enum_issues)
        migration_issues = check_migration_history(dev_engine, prod_engine)
        all_issues.extend(migration_issues)
        compare_data_counts(dev_engine, prod_engine, common_tables)
        # Summary
        print("\n" + "="*80)
        print("SUMMARY")
        print("="*80)
        if all_issues:
            print(f"\n❌ Found {len(all_issues)} integrity issues:")
            for i, issue in enumerate(all_issues, 1):
                print(f"   {i}. {issue}")
            print("\n⚠️  Databases are NOT in sync!")
            sys.exit(1)
        else:
            print("\n✅ Databases are in sync!")
            print("✅ No integrity issues found")
            sys.exit(0)
    except Exception as e:
        print(f"\n❌ Error: {str(e)}")
        import traceback
        traceback.print_exc()
        sys.exit(1)
 if __name__ == "__main__":
    main()
--- a/create_superadmin.py
+++ b/create_superadmin.py
@@ -1,15 +1,38 @@
 #!/usr/bin/env python3
 """
 Create Superadmin User Script
-Directly creates a superadmin user in the database for LOAF membership platform
+Generates a superadmin user with hashed password for LOAF membership platform
 """
 import bcrypt
 import sys
 import os
 from getpass import getpass
-# Add the backend directory to path for imports
+def generate_password_hash(password: str) -> str:
-sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
+    """Generate bcrypt hash for password"""
    return bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()
 def generate_sql(email: str, password_hash: str, first_name: str, last_name: str) -> str:
    """Generate SQL INSERT statement"""
    return f"""
 -- Create Superadmin User
 INSERT INTO users (
    id, email, password_hash, first_name, last_name,
    status, role, email_verified, created_at, updated_at
 ) VALUES (
    gen_random_uuid(),
    '{email}',
    '{password_hash}',
    '{first_name}',
    '{last_name}',
    'active',
    'superadmin',
    true,
    NOW(),
    NOW()
 );
 """
 def main():
    print("=" * 70)
@@ -17,15 +40,6 @@ def main():
    print("=" * 70)
    print()
    # Check for DATABASE_URL
    from dotenv import load_dotenv
    load_dotenv()
    database_url = os.getenv("DATABASE_URL")
    if not database_url:
        print("❌ DATABASE_URL not found in environment or .env file")
        sys.exit(1)
    # Get user input
    email = input("Email address: ").strip()
    if not email or '@' not in email:
@@ -54,89 +68,31 @@ def main():
        sys.exit(1)
    print()
-    print("Creating superadmin user...")
+    print("Generating password hash...")
    password_hash = generate_password_hash(password)
-    try:
+    print("✅ Password hash generated")
-        # Import database dependencies
+    print()
-        from sqlalchemy import create_engine, text
+    print("=" * 70)
-        from passlib.context import CryptContext
+    print("SQL STATEMENT")
    print("=" * 70)
-        # Create password hash
+    sql = generate_sql(email, password_hash, first_name, last_name)
-        pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+    print(sql)
        password_hash = pwd_context.hash(password)
-        # Connect to database
+    # Save to file
-        engine = create_engine(database_url)
+    output_file = "create_superadmin.sql"
    with open(output_file, 'w') as f:
        f.write(sql)
-        with engine.connect() as conn:
+    print("=" * 70)
-            # Check if user already exists
+    print(f"✅ SQL saved to: {output_file}")
-            result = conn.execute(
+    print()
-                text("SELECT id FROM users WHERE email = :email"),
+    print("Run this command to create the user:")
-                {"email": email}
+    print(f"  psql -U postgres -d loaf_new -f {output_file}")
-            )
+    print()
-            if result.fetchone():
+    print("Or copy the SQL above and run it directly in psql")
-                print(f"❌ User with email '{email}' already exists")
+    print("=" * 70)
                sys.exit(1)
            # Insert superadmin user
            conn.execute(
                text("""
                    INSERT INTO users (
                        id, email, password_hash, first_name, last_name,
                        phone, address, city, state, zipcode, date_of_birth,
                        status, role, email_verified,
                        newsletter_subscribed, accepts_tos,
                        created_at, updated_at
                    ) VALUES (
                        gen_random_uuid(),
                        :email,
                        :password_hash,
                        :first_name,
                        :last_name,
                        '',
                        '',
                        '',
                        '',
                        '',
                        '1990-01-01',
                        'active',
                        'superadmin',
                        true,
                        false,
                        true,
                        NOW(),
                        NOW()
                    )
                """),
                {
                    "email": email,
                    "password_hash": password_hash,
                    "first_name": first_name,
                    "last_name": last_name
                }
            )
            conn.commit()
        print()
        print("=" * 70)
        print("✅ Superadmin user created successfully!")
        print("=" * 70)
        print()
        print(f"  Email:      {email}")
        print(f"  Name:       {first_name} {last_name}")
        print(f"  Role:       superadmin")
        print(f"  Status:     active")
        print()
        print("You can now log in with these credentials.")
        print("=" * 70)
    except ImportError as e:
        print(f"❌ Missing dependency: {e}")
        print("   Run: pip install sqlalchemy psycopg2-binary passlib python-dotenv")
        sys.exit(1)
    except Exception as e:
        print(f"❌ Database error: {e}")
        sys.exit(1)
 if __name__ == "__main__":
    try:
@@ -144,3 +100,6 @@ if __name__ == "__main__":
    except KeyboardInterrupt:
        print("\n\n❌ Cancelled by user")
        sys.exit(1)
    except Exception as e:
        print(f"\n❌ Error: {e}")
        sys.exit(1)
--- a/database.py
+++ b/database.py
@@ -1,7 +1,6 @@
 from sqlalchemy import create_engine
 from sqlalchemy.ext.declarative import declarative_base
 from sqlalchemy.orm import sessionmaker
 from sqlalchemy.pool import QueuePool
 import os
 from dotenv import load_dotenv
 from pathlib import Path
@@ -11,21 +10,7 @@ load_dotenv(ROOT_DIR / '.env')
 DATABASE_URL = os.environ.get('DATABASE_URL', 'postgresql://user:password@localhost:5432/membership_db')
-# Configure engine with connection pooling and connection health checks
+engine = create_engine(DATABASE_URL)
 engine = create_engine(
    DATABASE_URL,
    poolclass=QueuePool,
    pool_size=5,              # Keep 5 connections open
    max_overflow=10,          # Allow up to 10 extra connections during peak
    pool_pre_ping=True,       # CRITICAL: Test connections before using them
    pool_recycle=3600,        # Recycle connections every hour (prevents stale connections)
    echo=False,               # Set to True for SQL debugging
    connect_args={
        'connect_timeout': 10,  # Timeout connection attempts after 10 seconds
        'options': '-c statement_timeout=30000'  # 30 second query timeout
    }
 )
 SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
 Base = declarative_base()
--- a/encryption_service.py
+++ b/encryption_service.py
@@ -1,122 +0,0 @@
 """
 Encryption service for sensitive settings stored in database.
 Uses Fernet symmetric encryption (AES-128 in CBC mode with HMAC authentication).
 The encryption key is derived from a master secret stored in .env.
 """
 import os
 import base64
 from cryptography.fernet import Fernet
 from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
 from cryptography.hazmat.backends import default_backend
 class EncryptionService:
    """Service for encrypting and decrypting sensitive configuration values"""
    def __init__(self):
        # Get master encryption key from environment
        # This should be a long, random string (e.g., 64 characters)
        # Generate one with: python -c "import secrets; print(secrets.token_urlsafe(64))"
        self.master_secret = os.environ.get('SETTINGS_ENCRYPTION_KEY')
        if not self.master_secret:
            raise ValueError(
                "SETTINGS_ENCRYPTION_KEY environment variable not set. "
                "Generate one with: python -c \"import secrets; print(secrets.token_urlsafe(64))\""
            )
        # Derive encryption key from master secret using PBKDF2HMAC
        # This adds an extra layer of security
        kdf = PBKDF2HMAC(
            algorithm=hashes.SHA256(),
            length=32,
            salt=b'systemsettings',  # Fixed salt (OK for key derivation from strong secret)
            iterations=100000,
            backend=default_backend()
        )
        key = base64.urlsafe_b64encode(kdf.derive(self.master_secret.encode()))
        self.cipher = Fernet(key)
    def encrypt(self, plaintext: str) -> str:
        """
        Encrypt a plaintext string.
        Args:
            plaintext: The string to encrypt
        Returns:
            Base64-encoded encrypted string
        """
        if not plaintext:
            return ""
        encrypted_bytes = self.cipher.encrypt(plaintext.encode())
        return encrypted_bytes.decode('utf-8')
    def decrypt(self, encrypted: str) -> str:
        """
        Decrypt an encrypted string.
        Args:
            encrypted: The base64-encoded encrypted string
        Returns:
            Decrypted plaintext string
        Raises:
            cryptography.fernet.InvalidToken: If decryption fails (wrong key or corrupted data)
        """
        if not encrypted:
            return ""
        decrypted_bytes = self.cipher.decrypt(encrypted.encode())
        return decrypted_bytes.decode('utf-8')
    def is_encrypted(self, value: str) -> bool:
        """
        Check if a value appears to be encrypted (starts with Fernet token format).
        This is a heuristic check - not 100% reliable but useful for validation.
        Args:
            value: String to check
        Returns:
            True if value looks like a Fernet token
        """
        if not value:
            return False
        # Fernet tokens are base64-encoded and start with version byte (gAAAAA...)
        # They're always > 60 characters
        try:
            return len(value) > 60 and value.startswith('gAAAAA')
        except:
            return False
 # Global encryption service instance
 # Initialize on module import so it fails fast if encryption key is missing
 try:
    encryption_service = EncryptionService()
 except ValueError as e:
    print(f"WARNING: {e}")
    print("Encryption service will not be available.")
    encryption_service = None
 def get_encryption_service() -> EncryptionService:
    """
    Get the global encryption service instance.
    Raises:
        ValueError: If encryption service is not initialized (missing SETTINGS_ENCRYPTION_KEY)
    """
    if encryption_service is None:
        raise ValueError(
            "Encryption service not initialized. Set SETTINGS_ENCRYPTION_KEY environment variable."
        )
    return encryption_service
--- a/migrations/000_initial_schema.sql
+++ b/migrations/000_initial_schema.sql
@@ -94,30 +94,6 @@ BEGIN;
 -- SECTION 2: Create Core Tables
 -- ============================================================================
 -- Import Jobs table (must be created before users due to FK reference)
 CREATE TABLE IF NOT EXISTS import_jobs (
    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
    filename VARCHAR NOT NULL,
    status importjobstatus NOT NULL DEFAULT 'processing',
    total_rows INTEGER DEFAULT 0,
    processed_rows INTEGER DEFAULT 0,
    success_count INTEGER DEFAULT 0,
    error_count INTEGER DEFAULT 0,
    error_log JSONB DEFAULT '[]'::jsonb,
    -- WordPress import enhancements
    field_mapping JSONB DEFAULT '{}'::jsonb,
    wordpress_metadata JSONB DEFAULT '{}'::jsonb,
    imported_user_ids JSONB DEFAULT '[]'::jsonb,
    rollback_at TIMESTAMP WITH TIME ZONE,
    rollback_by UUID,  -- Will be updated with FK after users table exists
    started_by UUID,  -- Will be updated with FK after users table exists
    started_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
    completed_at TIMESTAMP WITH TIME ZONE
 );
 -- Users table
 CREATE TABLE IF NOT EXISTS users (
    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
@@ -127,7 +103,6 @@ CREATE TABLE IF NOT EXISTS users (
    password_hash VARCHAR NOT NULL,
    email_verified BOOLEAN NOT NULL DEFAULT FALSE,
    email_verification_token VARCHAR UNIQUE,
    email_verification_expires TIMESTAMP WITH TIME ZONE,
    -- Personal Information
    first_name VARCHAR NOT NULL,
@@ -138,6 +113,7 @@ CREATE TABLE IF NOT EXISTS users (
    state VARCHAR(2),
    zipcode VARCHAR(10),
    date_of_birth DATE,
    bio TEXT,
    -- Profile
    profile_photo_url VARCHAR,
@@ -161,44 +137,20 @@ CREATE TABLE IF NOT EXISTS users (
    -- Status & Role
    status userstatus NOT NULL DEFAULT 'pending_email',
    role userrole NOT NULL DEFAULT 'guest',
-    role_id UUID,  -- For dynamic RBAC
+    role_id UUID,  -- For dynamic RBAC (added in later migration)
-    -- Newsletter Preferences
+    -- Rejection Tracking
-    newsletter_subscribed BOOLEAN DEFAULT TRUE,
+    rejection_reason TEXT,
-    newsletter_publish_name BOOLEAN DEFAULT FALSE NOT NULL,
+    rejected_at TIMESTAMP WITH TIME ZONE,
-    newsletter_publish_photo BOOLEAN DEFAULT FALSE NOT NULL,
+    rejected_by UUID REFERENCES users(id),
    newsletter_publish_birthday BOOLEAN DEFAULT FALSE NOT NULL,
    newsletter_publish_none BOOLEAN DEFAULT FALSE NOT NULL,
    -- Volunteer Interests
    volunteer_interests JSONB DEFAULT '[]'::jsonb,
    -- Scholarship Request
    scholarship_requested BOOLEAN DEFAULT FALSE NOT NULL,
    scholarship_reason TEXT,
    -- Directory Settings
    show_in_directory BOOLEAN DEFAULT FALSE NOT NULL,
    directory_email VARCHAR,
    directory_bio TEXT,
    directory_address VARCHAR,
    directory_phone VARCHAR,
    directory_dob DATE,
    directory_partner_name VARCHAR,
    -- Password Reset
    password_reset_token VARCHAR,
    password_reset_expires TIMESTAMP WITH TIME ZONE,
    force_password_change BOOLEAN DEFAULT FALSE NOT NULL,
    -- Terms of Service
    accepts_tos BOOLEAN DEFAULT FALSE NOT NULL,
    tos_accepted_at TIMESTAMP WITH TIME ZONE,
    -- Membership
    member_since DATE,
    accepts_tos BOOLEAN DEFAULT FALSE,
    tos_accepted_at TIMESTAMP WITH TIME ZONE,
    newsletter_subscribed BOOLEAN DEFAULT TRUE,
-    -- Reminder Tracking
+    -- Reminder Tracking (from migration 004)
    email_verification_reminders_sent INTEGER DEFAULT 0 NOT NULL,
    last_email_verification_reminder_at TIMESTAMP WITH TIME ZONE,
    event_attendance_reminders_sent INTEGER DEFAULT 0 NOT NULL,
@@ -208,21 +160,12 @@ CREATE TABLE IF NOT EXISTS users (
    renewal_reminders_sent INTEGER DEFAULT 0 NOT NULL,
    last_renewal_reminder_at TIMESTAMP WITH TIME ZONE,
    -- Rejection Tracking
    rejection_reason TEXT,
    rejected_at TIMESTAMP WITH TIME ZONE,
    rejected_by UUID REFERENCES users(id),
    -- WordPress Import Tracking
    import_source VARCHAR(50),
    import_job_id UUID REFERENCES import_jobs(id),
    wordpress_user_id BIGINT,
    wordpress_registered_date TIMESTAMP WITH TIME ZONE,
    -- Role Change Audit Trail
    role_changed_at TIMESTAMP WITH TIME ZONE,
    role_changed_by UUID REFERENCES users(id) ON DELETE SET NULL,
    -- Timestamps
    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
    updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP
@@ -312,23 +255,11 @@ CREATE TABLE IF NOT EXISTS subscription_plans (
    name VARCHAR NOT NULL,
    description TEXT,
    price_cents INTEGER NOT NULL,
-    billing_cycle VARCHAR NOT NULL DEFAULT 'yearly',
+    billing_cycle VARCHAR NOT NULL DEFAULT 'annual',
    stripe_price_id VARCHAR,  -- Legacy, deprecated
    -- Configuration
    active BOOLEAN NOT NULL DEFAULT TRUE,
-
+    features JSONB DEFAULT '[]'::jsonb,
    -- Custom billing cycle fields (for recurring date ranges like Jan 1 - Dec 31)
    custom_cycle_enabled BOOLEAN DEFAULT FALSE NOT NULL,
    custom_cycle_start_month INTEGER,
    custom_cycle_start_day INTEGER,
    custom_cycle_end_month INTEGER,
    custom_cycle_end_day INTEGER,
    -- Dynamic pricing fields
    minimum_price_cents INTEGER DEFAULT 3000 NOT NULL,
    suggested_price_cents INTEGER,
    allow_donation BOOLEAN DEFAULT TRUE NOT NULL,
    -- Timestamps
    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
@@ -350,21 +281,13 @@ CREATE TABLE IF NOT EXISTS subscriptions (
    status subscriptionstatus DEFAULT 'active',
    start_date TIMESTAMP WITH TIME ZONE NOT NULL,
    end_date TIMESTAMP WITH TIME ZONE,
    next_billing_date TIMESTAMP WITH TIME ZONE,
    -- Payment Details
    amount_paid_cents INTEGER,
    base_subscription_cents INTEGER NOT NULL,
    donation_cents INTEGER DEFAULT 0 NOT NULL,
    -- Stripe transaction metadata (for validation and audit)
    stripe_payment_intent_id VARCHAR,
    stripe_charge_id VARCHAR,
    stripe_invoice_id VARCHAR,
    payment_completed_at TIMESTAMP WITH TIME ZONE,
    card_last4 VARCHAR(4),
    card_brand VARCHAR(20),
    stripe_receipt_url VARCHAR,
    -- Manual Payment Support
    manual_payment BOOLEAN DEFAULT FALSE NOT NULL,
    manual_payment_notes TEXT,
@@ -396,14 +319,6 @@ CREATE TABLE IF NOT EXISTS donations (
    stripe_payment_intent_id VARCHAR,
    payment_method VARCHAR,
    -- Stripe transaction metadata (for validation and audit)
    stripe_charge_id VARCHAR,
    stripe_customer_id VARCHAR,
    payment_completed_at TIMESTAMP WITH TIME ZONE,
    card_last4 VARCHAR(4),
    card_brand VARCHAR(20),
    stripe_receipt_url VARCHAR,
    -- Metadata
    notes TEXT,
    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
@@ -530,7 +445,7 @@ CREATE TABLE IF NOT EXISTS storage_usage (
    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
    total_bytes_used BIGINT NOT NULL DEFAULT 0,
-    max_bytes_allowed BIGINT NOT NULL DEFAULT 1073741824,  -- 1GB
+    max_bytes_allowed BIGINT NOT NULL DEFAULT 10737418240,  -- 10GB
    last_updated TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP
 );
@@ -551,10 +466,29 @@ CREATE TABLE IF NOT EXISTS user_invitations (
    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP
 );
-- Add FK constraints to import_jobs (now that users table exists)
+-- Import Jobs table
-ALTER TABLE import_jobs
+CREATE TABLE IF NOT EXISTS import_jobs (
-    ADD CONSTRAINT fk_import_jobs_rollback_by FOREIGN KEY (rollback_by) REFERENCES users(id),
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
-    ADD CONSTRAINT fk_import_jobs_started_by FOREIGN KEY (started_by) REFERENCES users(id);
+
    filename VARCHAR NOT NULL,
    status importjobstatus NOT NULL DEFAULT 'processing',
    total_rows INTEGER DEFAULT 0,
    processed_rows INTEGER DEFAULT 0,
    success_count INTEGER DEFAULT 0,
    error_count INTEGER DEFAULT 0,
    error_log JSONB DEFAULT '[]'::jsonb,
    -- WordPress import enhancements
    field_mapping JSONB DEFAULT '{}'::jsonb,
    wordpress_metadata JSONB DEFAULT '{}'::jsonb,
    imported_user_ids JSONB DEFAULT '[]'::jsonb,
    rollback_at TIMESTAMP WITH TIME ZONE,
    rollback_by UUID REFERENCES users(id),
    started_by UUID REFERENCES users(id),
    started_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
    completed_at TIMESTAMP WITH TIME ZONE
 );
 -- Import Rollback Audit table (for tracking rollback operations)
 CREATE TABLE IF NOT EXISTS import_rollback_audit (
@@ -608,18 +542,12 @@ CREATE INDEX IF NOT EXISTS idx_subscriptions_user_id ON subscriptions(user_id);
 CREATE INDEX IF NOT EXISTS idx_subscriptions_plan_id ON subscriptions(plan_id);
 CREATE INDEX IF NOT EXISTS idx_subscriptions_status ON subscriptions(status);
 CREATE INDEX IF NOT EXISTS idx_subscriptions_stripe_subscription_id ON subscriptions(stripe_subscription_id);
 CREATE INDEX IF NOT EXISTS idx_subscriptions_payment_intent ON subscriptions(stripe_payment_intent_id);
 CREATE INDEX IF NOT EXISTS idx_subscriptions_charge_id ON subscriptions(stripe_charge_id);
 CREATE INDEX IF NOT EXISTS idx_subscriptions_invoice_id ON subscriptions(stripe_invoice_id);
 -- Donations indexes
 CREATE INDEX IF NOT EXISTS idx_donation_user ON donations(user_id);
 CREATE INDEX IF NOT EXISTS idx_donation_type ON donations(donation_type);
 CREATE INDEX IF NOT EXISTS idx_donation_status ON donations(status);
 CREATE INDEX IF NOT EXISTS idx_donation_created ON donations(created_at);
 CREATE INDEX IF NOT EXISTS idx_donation_payment_intent ON donations(stripe_payment_intent_id);
 CREATE INDEX IF NOT EXISTS idx_donation_charge_id ON donations(stripe_charge_id);
 CREATE INDEX IF NOT EXISTS idx_donation_customer_id ON donations(stripe_customer_id);
 -- Import Jobs indexes
 CREATE INDEX IF NOT EXISTS idx_import_jobs_status ON import_jobs(status);
@@ -659,7 +587,7 @@ INSERT INTO storage_usage (id, total_bytes_used, max_bytes_allowed, last_updated
 SELECT
    gen_random_uuid(),
    0,
-    1073741824,  -- 1GB
+    10737418240,  -- 10GB
    CURRENT_TIMESTAMP
 WHERE NOT EXISTS (SELECT 1 FROM storage_usage);
--- a/models.py
+++ b/models.py
@@ -44,13 +44,6 @@ class DonationStatus(enum.Enum):
    completed = "completed"
    failed = "failed"
 class PaymentMethodType(enum.Enum):
    card = "card"
    cash = "cash"
    bank_transfer = "bank_transfer"
    check = "check"
 class User(Base):
    __tablename__ = "users"
@@ -144,17 +137,6 @@ class User(Base):
    wordpress_user_id = Column(BigInteger, nullable=True, comment="Original WordPress user ID")
    wordpress_registered_date = Column(DateTime(timezone=True), nullable=True, comment="Original WordPress registration date")
    # Role Change Audit Trail
    role_changed_at = Column(DateTime(timezone=True), nullable=True, comment="Timestamp when role was last changed")
    role_changed_by = Column(UUID(as_uuid=True), ForeignKey('users.id', ondelete='SET NULL'), nullable=True, comment="Admin who changed the role")
    # Stripe Customer ID - Centralized for payment method management
    stripe_customer_id = Column(String, nullable=True, index=True, comment="Stripe Customer ID for payment method management")
    # Dynamic Registration Form - Custom field responses
    custom_registration_data = Column(JSON, default=dict, nullable=False,
        comment="Dynamic registration field responses stored as JSON for custom form fields")
    created_at = Column(DateTime, default=lambda: datetime.now(timezone.utc))
    updated_at = Column(DateTime, default=lambda: datetime.now(timezone.utc), onupdate=lambda: datetime.now(timezone.utc))
@@ -163,53 +145,6 @@ class User(Base):
    events_created = relationship("Event", back_populates="creator")
    rsvps = relationship("EventRSVP", back_populates="user")
    subscriptions = relationship("Subscription", back_populates="user", foreign_keys="Subscription.user_id")
    role_changer = relationship("User", foreign_keys=[role_changed_by], remote_side="User.id", post_update=True)
    payment_methods = relationship("PaymentMethod", back_populates="user", foreign_keys="PaymentMethod.user_id")
 class PaymentMethod(Base):
    """Stored payment methods for users (Stripe or manual records)"""
    __tablename__ = "payment_methods"
    id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
    user_id = Column(UUID(as_uuid=True), ForeignKey("users.id", ondelete="CASCADE"), nullable=False, index=True)
    # Stripe payment method reference
    stripe_payment_method_id = Column(String, nullable=True, unique=True, index=True, comment="Stripe pm_xxx reference")
    # Card details (stored for display purposes - PCI compliant)
    card_brand = Column(String(20), nullable=True, comment="Card brand: visa, mastercard, amex, etc.")
    card_last4 = Column(String(4), nullable=True, comment="Last 4 digits of card")
    card_exp_month = Column(Integer, nullable=True, comment="Card expiration month")
    card_exp_year = Column(Integer, nullable=True, comment="Card expiration year")
    card_funding = Column(String(20), nullable=True, comment="Card funding type: credit, debit, prepaid")
    # Payment type classification
    payment_type = Column(SQLEnum(PaymentMethodType), default=PaymentMethodType.card, nullable=False)
    # Status flags
    is_default = Column(Boolean, default=False, nullable=False, comment="Whether this is the default payment method for auto-renewals")
    is_active = Column(Boolean, default=True, nullable=False, comment="Soft delete flag - False means removed")
    is_manual = Column(Boolean, default=False, nullable=False, comment="True for manually recorded methods (cash/check)")
    # Manual payment notes (for cash/check records)
    manual_notes = Column(Text, nullable=True, comment="Admin notes for manual payment methods")
    # Audit trail
    created_by = Column(UUID(as_uuid=True), ForeignKey("users.id", ondelete="SET NULL"), nullable=True, comment="Admin who added this on behalf of user")
    created_at = Column(DateTime(timezone=True), default=lambda: datetime.now(timezone.utc), nullable=False)
    updated_at = Column(DateTime(timezone=True), default=lambda: datetime.now(timezone.utc), onupdate=lambda: datetime.now(timezone.utc), nullable=False)
    # Relationships
    user = relationship("User", back_populates="payment_methods", foreign_keys=[user_id])
    creator = relationship("User", foreign_keys=[created_by])
    # Composite index for efficient queries
    __table_args__ = (
        Index('idx_payment_method_user_default', 'user_id', 'is_default'),
        Index('idx_payment_method_active', 'user_id', 'is_active'),
    )
 class Event(Base):
    __tablename__ = "events"
@@ -298,15 +233,6 @@ class Subscription(Base):
    donation_cents = Column(Integer, default=0, nullable=False)  # Additional donation amount
    # Note: amount_paid_cents = base_subscription_cents + donation_cents
    # Stripe transaction metadata (for validation and audit)
    stripe_payment_intent_id = Column(String, nullable=True, index=True)  # Initial payment transaction ID
    stripe_charge_id = Column(String, nullable=True, index=True)  # Actual charge reference
    stripe_invoice_id = Column(String, nullable=True, index=True)  # Invoice reference
    payment_completed_at = Column(DateTime(timezone=True), nullable=True)  # Exact payment timestamp from Stripe
    card_last4 = Column(String(4), nullable=True)  # Last 4 digits of card
    card_brand = Column(String(20), nullable=True)  # Visa, Mastercard, etc.
    stripe_receipt_url = Column(String, nullable=True)  # Link to Stripe receipt
    # Manual payment fields
    manual_payment = Column(Boolean, default=False, nullable=False)  # Whether this was a manual offline payment
    manual_payment_notes = Column(Text, nullable=True)  # Admin notes about the payment
@@ -338,17 +264,9 @@ class Donation(Base):
    # Payment details
    stripe_checkout_session_id = Column(String, nullable=True)
-    stripe_payment_intent_id = Column(String, nullable=True, index=True)
+    stripe_payment_intent_id = Column(String, nullable=True)
    payment_method = Column(String, nullable=True)  # card, bank_transfer, etc.
    # Stripe transaction metadata (for validation and audit)
    stripe_charge_id = Column(String, nullable=True, index=True)  # Actual charge reference
    stripe_customer_id = Column(String, nullable=True, index=True)  # Customer ID if created
    payment_completed_at = Column(DateTime(timezone=True), nullable=True)  # Exact payment timestamp from Stripe
    card_last4 = Column(String(4), nullable=True)  # Last 4 digits of card
    card_brand = Column(String(20), nullable=True)  # Visa, Mastercard, etc.
    stripe_receipt_url = Column(String, nullable=True)  # Link to Stripe receipt
    # Metadata
    notes = Column(Text, nullable=True)
    created_at = Column(DateTime(timezone=True), default=lambda: datetime.now(timezone.utc))
@@ -591,36 +509,3 @@ class ImportRollbackAudit(Base):
    # Relationships
    import_job = relationship("ImportJob")
    admin_user = relationship("User", foreign_keys=[rolled_back_by])
 # ============================================================
 # System Settings Models
 # ============================================================
 class SettingType(enum.Enum):
    plaintext = "plaintext"
    encrypted = "encrypted"
    json = "json"
 class SystemSettings(Base):
    """System-wide configuration settings stored in database"""
    __tablename__ = "system_settings"
    id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
    setting_key = Column(String(100), unique=True, nullable=False, index=True)
    setting_value = Column(Text, nullable=True)
    setting_type = Column(SQLEnum(SettingType), default=SettingType.plaintext, nullable=False)
    description = Column(Text, nullable=True)
    updated_by = Column(UUID(as_uuid=True), ForeignKey("users.id", ondelete="SET NULL"), nullable=True)
    created_at = Column(DateTime, default=lambda: datetime.now(timezone.utc), nullable=False)
    updated_at = Column(DateTime, default=lambda: datetime.now(timezone.utc), onupdate=lambda: datetime.now(timezone.utc), nullable=False)
    is_sensitive = Column(Boolean, default=False, nullable=False)
    # Relationships
    updater = relationship("User", foreign_keys=[updated_by])
    # Index on updated_at for audit queries
    __table_args__ = (
        Index('idx_system_settings_updated_at', 'updated_at'),
    )
--- a/payment_service.py
+++ b/payment_service.py
@@ -11,9 +11,11 @@ from datetime import datetime, timezone, timedelta
 # Load environment variables
 load_dotenv()
-# NOTE: Stripe credentials are now database-driven
+# Initialize Stripe with secret key
-# These .env fallbacks are kept for backward compatibility only
+stripe.api_key = os.getenv("STRIPE_SECRET_KEY")
-# The actual credentials are loaded dynamically from system_settings table
+
 # Stripe webhook secret for signature verification
 STRIPE_WEBHOOK_SECRET = os.getenv("STRIPE_WEBHOOK_SECRET")
 def create_checkout_session(
    user_id: str,
@@ -21,15 +23,11 @@ def create_checkout_session(
    plan_id: str,
    stripe_price_id: str,
    success_url: str,
-    cancel_url: str,
+    cancel_url: str
    db = None
 ):
    """
    Create a Stripe Checkout session for subscription payment.
    Args:
        db: Database session (optional, for reading Stripe credentials from database)
    Args:
        user_id: User's UUID
        user_email: User's email address
@@ -41,28 +39,6 @@ def create_checkout_session(
    Returns:
        dict: Checkout session object with session ID and URL
    """
    # Load Stripe API key from database if available
    if db:
        try:
            # Import here to avoid circular dependency
            from models import SystemSettings, SettingType
            from encryption_service import get_encryption_service
            setting = db.query(SystemSettings).filter(
                SystemSettings.setting_key == 'stripe_secret_key'
            ).first()
            if setting and setting.setting_value:
                encryption_service = get_encryption_service()
                stripe.api_key = encryption_service.decrypt(setting.setting_value)
        except Exception as e:
            # Fallback to .env if database read fails
            print(f"Failed to read Stripe key from database: {e}")
            stripe.api_key = os.getenv("STRIPE_SECRET_KEY")
    else:
        # Fallback to .env if no db session
        stripe.api_key = os.getenv("STRIPE_SECRET_KEY")
    try:
        # Create Checkout Session
        checkout_session = stripe.checkout.Session.create(
@@ -98,14 +74,13 @@ def create_checkout_session(
        raise Exception(f"Stripe error: {str(e)}")
-def verify_webhook_signature(payload: bytes, sig_header: str, db=None) -> dict:
+def verify_webhook_signature(payload: bytes, sig_header: str) -> dict:
    """
    Verify Stripe webhook signature and construct event.
    Args:
        payload: Raw webhook payload bytes
        sig_header: Stripe signature header
        db: Database session (optional, for reading webhook secret from database)
    Returns:
        dict: Verified webhook event
@@ -113,32 +88,9 @@ def verify_webhook_signature(payload: bytes, sig_header: str, db=None) -> dict:
    Raises:
        ValueError: If signature verification fails
    """
    # Load webhook secret from database if available
    webhook_secret = None
    if db:
        try:
            from models import SystemSettings
            from encryption_service import get_encryption_service
            setting = db.query(SystemSettings).filter(
                SystemSettings.setting_key == 'stripe_webhook_secret'
            ).first()
            if setting and setting.setting_value:
                encryption_service = get_encryption_service()
                webhook_secret = encryption_service.decrypt(setting.setting_value)
        except Exception as e:
            print(f"Failed to read webhook secret from database: {e}")
            webhook_secret = os.getenv("STRIPE_WEBHOOK_SECRET")
    else:
        webhook_secret = os.getenv("STRIPE_WEBHOOK_SECRET")
    if not webhook_secret:
        raise ValueError("STRIPE_WEBHOOK_SECRET not configured")
    try:
        event = stripe.Webhook.construct_event(
-            payload, sig_header, webhook_secret
+            payload, sig_header, STRIPE_WEBHOOK_SECRET
        )
        return event
    except ValueError as e:
--- a/permissions_seed.py
+++ b/permissions_seed.py
@@ -327,38 +327,6 @@ PERMISSIONS = [
        "module": "gallery"
    },
    # ========== PAYMENT METHODS MODULE ==========
    {
        "code": "payment_methods.view",
        "name": "View Payment Methods",
        "description": "View user payment methods (masked)",
        "module": "payment_methods"
    },
    {
        "code": "payment_methods.view_sensitive",
        "name": "View Sensitive Payment Details",
        "description": "View full payment method details including Stripe IDs (requires password)",
        "module": "payment_methods"
    },
    {
        "code": "payment_methods.create",
        "name": "Create Payment Methods",
        "description": "Add payment methods on behalf of users",
        "module": "payment_methods"
    },
    {
        "code": "payment_methods.delete",
        "name": "Delete Payment Methods",
        "description": "Delete user payment methods",
        "module": "payment_methods"
    },
    {
        "code": "payment_methods.set_default",
        "name": "Set Default Payment Method",
        "description": "Set a user's default payment method",
        "module": "payment_methods"
    },
    # ========== SETTINGS MODULE ==========
    {
        "code": "settings.view",
@@ -485,10 +453,6 @@ DEFAULT_ROLE_PERMISSIONS = {
        "gallery.edit",
        "gallery.delete",
        "gallery.moderate",
        "payment_methods.view",
        "payment_methods.create",
        "payment_methods.delete",
        "payment_methods.set_default",
        "settings.view",
        "settings.edit",
        "settings.email_templates",
@@ -496,36 +460,6 @@ DEFAULT_ROLE_PERMISSIONS = {
        "settings.logs",
    ],
    UserRole.finance: [
        # Finance role has all admin permissions plus sensitive payment access
        "users.view",
        "users.export",
        "events.view",
        "events.rsvps",
        "events.calendar_export",
        "subscriptions.view",
        "subscriptions.create",
        "subscriptions.edit",
        "subscriptions.cancel",
        "subscriptions.activate",
        "subscriptions.plans",
        "financials.view",
        "financials.create",
        "financials.edit",
        "financials.delete",
        "financials.export",
        "financials.payments",
        "newsletters.view",
        "bylaws.view",
        "gallery.view",
        "payment_methods.view",
        "payment_methods.view_sensitive",  # Finance can view sensitive payment details
        "payment_methods.create",
        "payment_methods.delete",
        "payment_methods.set_default",
        "settings.view",
    ],
    # Superadmin gets all permissions automatically in code,
    # so we don't need to explicitly assign them
    UserRole.superadmin: []
--- a/r2_storage.py
+++ b/r2_storage.py
@@ -35,21 +35,6 @@ class R2Storage:
        'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet': ['.xlsx']
    }
    # Branding assets (logo and favicon)
    ALLOWED_BRANDING_TYPES = {
        'image/jpeg': ['.jpg', '.jpeg'],
        'image/png': ['.png'],
        'image/webp': ['.webp'],
        'image/svg+xml': ['.svg']
    }
    ALLOWED_FAVICON_TYPES = {
        'image/x-icon': ['.ico'],
        'image/vnd.microsoft.icon': ['.ico'],
        'image/png': ['.png'],
        'image/svg+xml': ['.svg']
    }
    def __init__(self):
        """Initialize R2 client with credentials from environment"""
        self.account_id = os.getenv('R2_ACCOUNT_ID')
--- a/seed_permissions_rbac.py
+++ b/seed_permissions_rbac.py
@@ -2,7 +2,7 @@
 """
 Permission Seeding Script for Dynamic RBAC System
-This script populates the database with 65 granular permissions and assigns them
+This script populates the database with 59 granular permissions and assigns them
 to the appropriate dynamic roles (not the old enum roles).
 Usage:
@@ -33,7 +33,7 @@ engine = create_engine(DATABASE_URL)
 SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
 # ============================================================
-# Permission Definitions (65 permissions across 11 modules)
+# Permission Definitions (59 permissions across 10 modules)
 # ============================================================
 PERMISSIONS = [
@@ -116,55 +116,6 @@ PERMISSIONS = [
    {"code": "permissions.assign", "name": "Assign Permissions", "description": "Assign permissions to roles", "module": "permissions"},
    {"code": "permissions.manage_roles", "name": "Manage Roles", "description": "Create and manage user roles", "module": "permissions"},
    {"code": "permissions.audit", "name": "View Permission Audit Log", "description": "View permission change audit logs", "module": "permissions"},
    # ========== PAYMENT METHODS MODULE (5) ==========
    {"code": "payment_methods.view", "name": "View Payment Methods", "description": "View user payment methods (masked)", "module": "payment_methods"},
    {"code": "payment_methods.view_sensitive", "name": "View Sensitive Payment Details", "description": "View full Stripe payment method IDs (requires password)", "module": "payment_methods"},
    {"code": "payment_methods.create", "name": "Create Payment Methods", "description": "Add payment methods on behalf of users", "module": "payment_methods"},
    {"code": "payment_methods.delete", "name": "Delete Payment Methods", "description": "Remove user payment methods", "module": "payment_methods"},
    {"code": "payment_methods.set_default", "name": "Set Default Payment Method", "description": "Set default payment method for users", "module": "payment_methods"},
    # ========== REGISTRATION MODULE (2) ==========
    {"code": "registration.view", "name": "View Registration Settings", "description": "View registration form schema and settings", "module": "registration"},
    {"code": "registration.manage", "name": "Manage Registration Form", "description": "Edit registration form schema, steps, and fields", "module": "registration"},
    # ========== DIRECTORY MODULE (2) ==========
    {"code": "directory.view", "name": "View Directory Settings", "description": "View member directory field configuration", "module": "directory"},
    {"code": "directory.manage", "name": "Manage Directory Fields", "description": "Enable/disable directory fields shown in Profile and Directory pages", "module": "directory"},
 ]
 # Default system roles that must exist
 DEFAULT_ROLES = [
    {
        "code": "guest",
        "name": "Guest",
        "description": "Default role for new registrations with no special permissions",
        "is_system_role": True
    },
    {
        "code": "member",
        "name": "Member",
        "description": "Active paying members with access to member-only content",
        "is_system_role": True
    },
    {
        "code": "finance",
        "name": "Finance",
        "description": "Financial management role with access to payments, subscriptions, and reports",
        "is_system_role": True
    },
    {
        "code": "admin",
        "name": "Admin",
        "description": "Board members with full management access except RBAC",
        "is_system_role": True
    },
    {
        "code": "superadmin",
        "name": "Superadmin",
        "description": "Full system access including RBAC management",
        "is_system_role": True
    },
 ]
 # Default permission assignments for dynamic roles
@@ -185,9 +136,6 @@ DEFAULT_ROLE_PERMISSIONS = {
        "subscriptions.cancel", "subscriptions.activate", "subscriptions.plans",
        "subscriptions.export",
        "donations.view", "donations.export",
        # Payment methods - finance can view sensitive details
        "payment_methods.view", "payment_methods.view_sensitive",
        "payment_methods.create", "payment_methods.delete", "payment_methods.set_default",
    ],
    "admin": [
@@ -209,13 +157,6 @@ DEFAULT_ROLE_PERMISSIONS = {
        "gallery.view", "gallery.upload", "gallery.edit", "gallery.delete", "gallery.moderate",
        "settings.view", "settings.edit", "settings.email_templates", "settings.storage",
        "settings.logs",
        # Payment methods - admin can manage but not view sensitive details
        "payment_methods.view", "payment_methods.create",
        "payment_methods.delete", "payment_methods.set_default",
        # Registration form management
        "registration.view", "registration.manage",
        # Directory configuration
        "directory.view", "directory.manage",
    ],
    "superadmin": [
@@ -255,34 +196,7 @@ def seed_permissions():
            print(f"\n⚠️  WARNING: Tables not fully cleared! Stopping.")
            return
-        # Step 2: Create default system roles
+        # Step 2: Create permissions
        print(f"\n👤 Creating {len(DEFAULT_ROLES)} system roles...")
        role_map = {}
        for role_data in DEFAULT_ROLES:
            # Check if role already exists
            existing_role = db.query(Role).filter(Role.code == role_data["code"]).first()
            if existing_role:
                print(f"  • {role_data['name']}: Already exists, updating...")
                existing_role.name = role_data["name"]
                existing_role.description = role_data["description"]
                existing_role.is_system_role = role_data["is_system_role"]
                role_map[role_data["code"]] = existing_role
            else:
                print(f"  • {role_data['name']}: Creating...")
                role = Role(
                    code=role_data["code"],
                    name=role_data["name"],
                    description=role_data["description"],
                    is_system_role=role_data["is_system_role"]
                )
                db.add(role)
                role_map[role_data["code"]] = role
        db.commit()
        print(f"✓ Created/updated {len(DEFAULT_ROLES)} system roles")
        # Step 3: Create permissions
        print(f"\n📝 Creating {len(PERMISSIONS)} permissions...")
        permission_map = {}  # Map code to permission object
@@ -299,13 +213,13 @@ def seed_permissions():
        db.commit()
        print(f"✓ Created {len(PERMISSIONS)} permissions")
-        # Step 4: Verify roles exist
+        # Step 3: Get all roles from database
-        print("\n🔍 Verifying dynamic roles...")
+        print("\n🔍 Fetching dynamic roles...")
        roles = db.query(Role).all()
        role_map = {role.code: role for role in roles}
        print(f"✓ Found {len(roles)} roles: {', '.join(role_map.keys())}")
-        # Step 5: Assign permissions to roles
+        # Step 4: Assign permissions to roles
        print("\n🔐 Assigning permissions to roles...")
        from models import UserRole  # Import for enum mapping
@@ -344,7 +258,7 @@ def seed_permissions():
            db.commit()
            print(f"  ✓ {role.name}: Assigned {len(permission_codes)} permissions")
-        # Step 6: Summary
+        # Step 5: Summary
        print("\n" + "=" * 80)
        print("📊 SEEDING SUMMARY")
        print("=" * 80)
@@ -359,8 +273,7 @@ def seed_permissions():
        for module, count in sorted(modules.items()):
            print(f"  • {module.capitalize()}: {count} permissions")
-        print(f"\nTotal system roles created: {len(DEFAULT_ROLES)}")
+        print(f"\nTotal permissions created: {len(PERMISSIONS)}")
        print(f"Total permissions created: {len(PERMISSIONS)}")
        print(f"Total role-permission mappings: {total_assigned}")
        print("\n✅ Permission seeding completed successfully!")
        print("\nNext step: Restart backend server")
--- a/server.py
+++ b/server.py
Author	SHA1	Message	Date
andika	727cbf4b5c	Merge pull request 'Merge from dev' (#15 ) from dev into loaf-prod Reviewed-on: #15	2026-01-05 08:49:16 +00:00
andika	9c3f3c88b8	Merge pull request 'Add comprehensive column check and migration 009' (#14 ) from dev into loaf-prod Reviewed-on: #14	2026-01-04 16:19:51 +00:00
andika	849a6a32af	Merge pull request 'Add missing donations table columns' (#13 ) from dev into loaf-prod Reviewed-on: #13	2026-01-04 16:10:27 +00:00
andika	69b8185414	Merge pull request 'Fix migration 007 - skip existing columns' (#12 ) from dev into loaf-prod Reviewed-on: #12	2026-01-04 16:06:27 +00:00
andika	f5f8ca8dc6	Merge pull request 'Add missing subscription_plans columns' (#11 ) from dev into loaf-prod Reviewed-on: #11	2026-01-04 16:03:43 +00:00
andika	661a4cbb7c	Merge pull request 'Fix subscription_plans.is_active column name' (#10 ) from dev into loaf-prod Reviewed-on: #10	2026-01-04 15:58:05 +00:00
andika	a01a8b9915	Merge pull request 'Superadmin nullable fix' (#9 ) from dev into loaf-prod Reviewed-on: #9	2026-01-04 15:35:59 +00:00
andika	e126cb988c	Merge pull request 'Subscription and Storage data mismatch' (#8 ) from dev into loaf-prod Reviewed-on: #8	2026-01-04 15:28:46 +00:00
andika	fd988241a1	Merge pull request 'Subscription and Storage data mismatch' (#7 ) from dev into loaf-prod Reviewed-on: #7	2026-01-04 15:24:11 +00:00
andika	c28eddca67	Merge pull request 'Fix database mismatches' (#6 ) from dev into loaf-prod Reviewed-on: #6	2026-01-04 15:17:18 +00:00
andika	e20542ccdc	Merge pull request 'Fix database mismatches' (#5 ) from dev into loaf-prod Reviewed-on: #5	2026-01-04 15:02:09 +00:00
andika	b3f1f5f789	Merge pull request 'Prod Deployment Preparation' (#4 ) from dev into loaf-prod Reviewed-on: #4	2026-01-04 12:10:12 +00:00
andika	1da045f73f	Merge pull request 'Update Gitignore' (#3 ) from dev into loaf-prod Reviewed-on: #3	2026-01-02 08:45:29 +00:00