5123c85397
Two tables (sessions, user_tokens) + migration; only token *hashes* are stored, so a DB leak yields no usable credential. Argon2id password hashing and token primitives in app/core/security. Config and .env.example gain session/cookie/token TTLs, app base URL, and SMTP settings (twelve-factor). Migration verified reversible (drops the token_purpose enum) and matches the models. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: Justin Paul <justin@jpaul.me>
63 lines
1.4 KiB
Python
63 lines
1.4 KiB
Python
"""Closed-set enumerations that drive logic (authorization, privacy, traversal).
|
|
|
|
Open-ended, GEDCOM-extensible vocabularies (event type, name type, source type)
|
|
are stored as strings instead, so importing real-world files never fails on an
|
|
unknown tag.
|
|
"""
|
|
|
|
import enum
|
|
|
|
|
|
class TreeVisibility(enum.StrEnum):
|
|
public = "public"
|
|
unlisted = "unlisted"
|
|
private = "private"
|
|
|
|
|
|
class MembershipRole(enum.StrEnum):
|
|
owner = "owner"
|
|
editor = "editor"
|
|
viewer = "viewer"
|
|
|
|
|
|
class PersonPrivacy(enum.StrEnum):
|
|
"""Per-person override of the tree's visibility (PRD US-041)."""
|
|
|
|
inherit = "inherit"
|
|
private = "private"
|
|
public = "public"
|
|
|
|
|
|
class RelationshipType(enum.StrEnum):
|
|
parent_child = "parent_child"
|
|
partnership = "partnership"
|
|
sibling = "sibling"
|
|
|
|
|
|
class ParentChildQualifier(enum.StrEnum):
|
|
"""Qualifies a parent_child edge so adoption/donor/blended families are
|
|
first-class rather than edge cases (ARCHITECTURE §5)."""
|
|
|
|
biological = "biological"
|
|
adoptive = "adoptive"
|
|
step = "step"
|
|
foster = "foster"
|
|
donor = "donor"
|
|
guardian = "guardian"
|
|
|
|
|
|
class CitationConfidence(enum.StrEnum):
|
|
high = "high"
|
|
medium = "medium"
|
|
low = "low"
|
|
|
|
|
|
class AuditActorType(enum.StrEnum):
|
|
user = "user"
|
|
assistant = "assistant"
|
|
|
|
|
|
class TokenPurpose(enum.StrEnum):
|
|
email_verify = "email_verify"
|
|
password_reset = "password_reset"
|