Phillip Tarrant
59dea99079
End-to-end passwordless admin auth. /admin/login accepts an email, POSTs
mint a 256-bit magic-link token stored only as SHA-256 in
magic_link_tokens (15-min TTL, single-use via atomic rowcount UPDATE).
Resend delivers the link; in dev with no API key, EmailService logs a
structured magic_link_dev_fallback event with the URL so the flow works
offline. /admin/auth/consume/{token} verifies, upserts a users row
(display_name from email local-part), creates a sessions row, and drops
an itsdangerous-signed cb_session cookie (HttpOnly, SameSite=Lax, Secure
in prod). /admin renders a placeholder "Welcome, <name>" page pending
Phase 4 CMS. /admin/logout flips revoked_at rather than deleting the row
to preserve the audit trail.
Rate limits use SlowAPI's in-memory limiter (5/15min/IP on login,
20/15min/IP on consume) plus a DB per-email count to catch
IP-rotating abuse. ADMIN_EMAILS enforces allowlist; non-allowlisted
submissions return the same "check your inbox" page with no token
inserted and no email sent (anti-enumeration). Every event lands in
auth_events via AuditService: link_requested, link_consumed,
consume_failed, session_created, session_revoked, rate_limited.
Add a production config validator refusing empty RESEND_API_KEY,
RESEND_FROM, or ADMIN_EMAILS; add PUBLIC_BASE_URL for email link
construction. CSRF deferred to Phase 6 per roadmap scoping; logout
handler marked # TODO(phase-6-csrf).
Mark Phase 3 complete in docs/ROADMAP.md.
37 lines
1.2 KiB
HTML
37 lines
1.2 KiB
HTML
{#
|
|
HTML body for the magic-link email.
|
|
|
|
Plain, minimal inline-styled markup — no external CSS because email
|
|
clients are hostile to it. The link text IS the URL so users can
|
|
verify the destination before clicking.
|
|
|
|
Context:
|
|
- display_name : str
|
|
- magic_link_url : str
|
|
- expires_at : ISO-8601 str
|
|
- ttl_min : int
|
|
#}<!doctype html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<title>Admin login link — Chicken Babies R Us</title>
|
|
</head>
|
|
<body style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; color: #2B3A42; max-width: 560px; margin: 0 auto; padding: 24px;">
|
|
<h1 style="font-size: 20px; margin: 0 0 16px;">Admin login link</h1>
|
|
<p>Hi {{ display_name }},</p>
|
|
<p>
|
|
Use the link below to log in to the Chicken Babies R Us admin.
|
|
The link works for {{ ttl_min }} minutes and can only be used once.
|
|
</p>
|
|
<p>
|
|
<a href="{{ magic_link_url }}" style="color: #5D8AA8; word-break: break-all;">
|
|
{{ magic_link_url }}
|
|
</a>
|
|
</p>
|
|
<p style="color: #6b7a80; font-size: 13px;">
|
|
Expires at {{ expires_at }}. If you didn't request this, you can
|
|
safely ignore the email — no action will be taken.
|
|
</p>
|
|
</body>
|
|
</html>
|