5c9c2f69fd
* feat(auth): add email verification login flow with 401 auto-redirect Replace the old OAuth-based login with email verification codes: - Backend: send-code / verify-code endpoints, verification_codes table (migration 009), rate limiting, Resend email service - Frontend: two-step login UI (email → 6-digit OTP), auth store with sendCode/verifyCode - SDK: ApiClient gains onUnauthorized callback; 401 responses auto-clear token and redirect to /login - Fix login button staying disabled due to global isLoading state Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(auth): add brute-force protection, redirect loop guard, and expired code cleanup - VerifyCode: increment attempts on wrong code, reject after 5 failed tries (migration 010) - onUnauthorized: skip redirect if already on /login to prevent infinite loops - SendCode: best-effort cleanup of expired verification codes older than 1 hour Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat(auth): add master verification code for non-production environments Allow code "888888" to bypass email verification in non-production environments to simplify development and testing workflows. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat(auth): add personal access tokens for CLI and API authentication Add full-stack PAT support: users create tokens in Settings, CLI authenticates via `multica auth login`. Server stores SHA-256 hashes only. Auth middleware extended to accept both JWTs and PATs (distinguished by `mul_` prefix). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
33 lines
770 B
SQL
33 lines
770 B
SQL
-- name: CreateVerificationCode :one
|
|
INSERT INTO verification_code (email, code, expires_at)
|
|
VALUES ($1, $2, $3)
|
|
RETURNING *;
|
|
|
|
-- name: GetLatestVerificationCode :one
|
|
SELECT * FROM verification_code
|
|
WHERE email = $1
|
|
AND used = FALSE
|
|
AND expires_at > now()
|
|
AND attempts < 5
|
|
ORDER BY created_at DESC
|
|
LIMIT 1;
|
|
|
|
-- name: MarkVerificationCodeUsed :exec
|
|
UPDATE verification_code
|
|
SET used = TRUE
|
|
WHERE id = $1;
|
|
|
|
-- name: IncrementVerificationCodeAttempts :exec
|
|
UPDATE verification_code
|
|
SET attempts = attempts + 1
|
|
WHERE id = $1;
|
|
|
|
-- name: GetLatestCodeByEmail :one
|
|
SELECT * FROM verification_code
|
|
WHERE email = $1
|
|
ORDER BY created_at DESC
|
|
LIMIT 1;
|
|
|
|
-- name: DeleteExpiredVerificationCodes :exec
|
|
DELETE FROM verification_code
|
|
WHERE expires_at < now() - interval '1 hour';
|