End-to-end passwordless admin auth. /admin/login accepts an email, POSTs
mint a 256-bit magic-link token stored only as SHA-256 in
magic_link_tokens (15-min TTL, single-use via atomic rowcount UPDATE).
Resend delivers the link; in dev with no API key, EmailService logs a
structured magic_link_dev_fallback event with the URL so the flow works
offline. /admin/auth/consume/{token} verifies, upserts a users row
(display_name from email local-part), creates a sessions row, and drops
an itsdangerous-signed cb_session cookie (HttpOnly, SameSite=Lax, Secure
in prod). /admin renders a placeholder "Welcome, <name>" page pending
Phase 4 CMS. /admin/logout flips revoked_at rather than deleting the row
to preserve the audit trail.
Rate limits use SlowAPI's in-memory limiter (5/15min/IP on login,
20/15min/IP on consume) plus a DB per-email count to catch
IP-rotating abuse. ADMIN_EMAILS enforces allowlist; non-allowlisted
submissions return the same "check your inbox" page with no token
inserted and no email sent (anti-enumeration). Every event lands in
auth_events via AuditService: link_requested, link_consumed,
consume_failed, session_created, session_revoked, rate_limited.
Add a production config validator refusing empty RESEND_API_KEY,
RESEND_FROM, or ADMIN_EMAILS; add PUBLIC_BASE_URL for email link
construction. CSRF deferred to Phase 6 per roadmap scoping; logout
handler marked # TODO(phase-6-csrf).
Mark Phase 3 complete in docs/ROADMAP.md.
30 lines
853 B
HTML
30 lines
853 B
HTML
{#
|
|
Admin landing page (post-login).
|
|
|
|
Phase 3 keeps this minimal — Phase 4 turns it into the CMS
|
|
dashboard (pages + posts + media). For now it's a welcome screen +
|
|
logout control (rendered in admin/base.html's nav since ``user`` is
|
|
present in context).
|
|
|
|
Context:
|
|
- user : app.models.entities.User (guaranteed by require_admin)
|
|
#}
|
|
{% extends "admin/base.html" %}
|
|
|
|
{% block title %}Welcome — Admin{% endblock %}
|
|
|
|
{% block content %}
|
|
<article class="page-article">
|
|
<header class="page-article__header">
|
|
<h1 class="page-article__title">Welcome, {{ user.display_name }}</h1>
|
|
</header>
|
|
<p>
|
|
You're logged in as <code>{{ user.email }}</code>. The dashboard
|
|
(pages, posts, media) lands in Phase 4.
|
|
</p>
|
|
<p>
|
|
<a href="/">« Back to the public site</a>
|
|
</p>
|
|
</article>
|
|
{% endblock %}
|