feat: replace admin auth with cookie-based profile picker

Remove all authentication (login, sessions, bcrypt, itsdangerous) since the app runs on a private homelab LAN. Replace with a profile picker landing page and cookie-based profile selection (1-year expiry). - Add Alembic migration to drop password_hash/is_admin columns - Delete auth service, auth routes, login template, and auth tests - Rewrite app/utils/auth.py with NoProfileSelectedError and require_active_profile dependency - Add profile creation flow (GET/POST /profiles/create) - Rewrite home page as profile picker with card layout - Update all route files to use profile dependency instead of admin auth - Remove bcrypt and itsdangerous from requirements - Remove admin_username/admin_password from config - Update all tests for new profile-based access model Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-13 12:40:54 -05:00
parent 3dc0171639
commit 576d3bbb68
44 changed files with 523 additions and 1024 deletions
--- a/app/routes/schedule.py
+++ b/app/routes/schedule.py
@@ -14,7 +14,7 @@ from app.database import get_db_session
 from app.models.user import User
 from app.services.exercise_service import ExerciseService
 from app.services.workout_session_service import WorkoutSessionService
-from app.utils.auth import get_current_admin_user, get_active_profile_id
+from app.utils.auth import require_active_profile

 logger = structlog.get_logger(__name__)

@@ -25,20 +25,13 @@ router = APIRouter(prefix="/schedule", tags=["schedule"])
 async def schedule_view(
    request: Request,
    session: Session = Depends(get_db_session),
-    admin: User = Depends(get_current_admin_user),
+    profile: User = Depends(require_active_profile),
 ):
    """Render the 4-week schedule calendar.

    Shows a 4-week grid where each training day is mapped to a
    calendar date. Days with completed sessions are highlighted.
    """
-    active_profile_id = get_active_profile_id(request)
-    active_profile = (
-        session.get(User, active_profile_id)
-        if active_profile_id
-        else None
-    )
-
    exercise_service = ExerciseService(session)
    workout_days = exercise_service.list_workout_days()

@@ -50,12 +43,11 @@ async def schedule_view(
    completed_dates = set()

    # Get completed sessions for highlighting
-    if active_profile_id:
-        ws_service = WorkoutSessionService(session)
-        sessions_list = ws_service.list_sessions(
-            user_id=active_profile_id, limit=100,
-        )
-        completed_dates = {ws.date for ws in sessions_list}
+    ws_service = WorkoutSessionService(session)
+    sessions_list = ws_service.list_sessions(
+        user_id=profile.id, limit=100,
+    )
+    completed_dates = {ws.date for ws in sessions_list}

    # 4 workout days per week, 4 weeks
    for week_num in range(4):
@@ -81,6 +73,5 @@ async def schedule_view(
    return templates.TemplateResponse("pages/schedule.html", {
        "request": request,
        "weeks": weeks,
-        "active_profile": active_profile,
-        "admin": admin,
+        "active_profile": profile,
    })