RainerWieland/spawner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
20a0f3d6af
spawner/frontend
History
XPS\Micro 20a0f3d6af feat: Implement passwordless authentication with Magic Links 
Major changes:
- Remove username and password_hash from User model
- Add MagicLinkToken table for one-time-use email authentication
- Implement Magic Link email sending with 15-minute expiration
- Update all auth endpoints (/login, /signup) to use email only
- Create verify-signup and verify-login pages for token verification
- Container URLs now use slug instead of username (e.g., /u-a3f9c2d1)
- Add rate limiting: max 3 Magic Links per email per hour
- Remove password reset functionality (no passwords to reset)

Backend changes:
- api.py: Complete rewrite of auth routes (magic link based)
- models.py: Remove username/password, add slug and MagicLinkToken
- email_service.py: Add Magic Link generation and email sending
- admin_api.py: Remove password reset, update to use email identifiers
- container_manager.py: Use slug instead of username for routing
- config.py: Add MAGIC_LINK_TOKEN_EXPIRY and MAGIC_LINK_RATE_LIMIT

Frontend changes:
- src/lib/api.ts: Update auth functions and User interface
- src/hooks/use-auth.tsx: Implement verifySignup/verifyLogin
- src/app/login/page.tsx: Email-only login form
- src/app/signup/page.tsx: Email-only signup form
- src/app/verify-signup/page.tsx: NEW - Signup token verification
- src/app/verify-login/page.tsx: NEW - Login token verification
- src/app/dashboard/page.tsx: Display slug instead of username

Infrastructure:
- install.sh: Simplified, no migration needed (db.create_all handles it)
- .env.example: Add MAGIC_LINK_TOKEN_EXPIRY and MAGIC_LINK_RATE_LIMIT
- Add IMPLEMENTATION-GUIDE.md with detailed setup instructions

Security improvements:
- No password storage = no password breaches
- One-time-use tokens prevent replay attacks
- 15-minute token expiration limits attack window
- Rate limiting prevents email flooding

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-01-31 16:19:22 +01:00
..
public Initial project structure with documentation 2026-01-30 18:00:41 +01:00
src feat: Implement passwordless authentication with Magic Links 2026-01-31 16:19:22 +01:00
.env.example Initial project structure with documentation 2026-01-30 18:00:41 +01:00
.gitignore Initial project structure with documentation 2026-01-30 18:00:41 +01:00
Dockerfile fix: install curl in frontend Dockerfile for healthcheck compatibility 2026-01-31 13:34:51 +01:00
next.config.mjs Initial project structure with documentation 2026-01-30 18:00:41 +01:00
package-lock.json Initial project structure with documentation 2026-01-30 18:00:41 +01:00
package.json Initial project structure with documentation 2026-01-30 18:00:41 +01:00
postcss.config.mjs Initial project structure with documentation 2026-01-30 18:00:41 +01:00
tailwind.config.ts Initial project structure with documentation 2026-01-30 18:00:41 +01:00
tsconfig.json Script modified 2026-01-30 21:45:27 +01:00