Add password reset flow, attendee profile enhancements, and spec
- Add forgot_password and reset_password templates and routes - Enhance profile.html with photo crop/zoom functionality - Add attendee type management to edit_attendee.html - Update templates styling and layout consistency - Document database schema in SPEC.md - Add CLAUDE.md project guidance Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,72 @@
|
||||
# CLAUDE.md
|
||||
|
||||
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
|
||||
|
||||
## Project Overview
|
||||
NetEvent is a Flask-based networking event platform with MySQL backend. It supports organizers, attendees, and staff with features including event management, QR-based check-in, breakout sessions, connection requests, appointments, and multi-language support.
|
||||
|
||||
## Running the Application
|
||||
```bash
|
||||
python app.py
|
||||
```
|
||||
The server runs on the port configured in the memory system (auto-restarts on same port after edits).
|
||||
|
||||
## Database Setup
|
||||
```bash
|
||||
python init_db.py
|
||||
```
|
||||
- Creates `netevent` database and `netevent_app` user
|
||||
- Creates all tables including breakout_sessions, staff, languages, attendee_types
|
||||
- Seeds languages table with 7 EU languages
|
||||
- Uses ALTER statements to add columns to existing tables (safe to re-run)
|
||||
|
||||
## Key Architecture Patterns
|
||||
|
||||
### Database Connections
|
||||
- `get_db_connection()` at line 557 - creates connections using `Config.DB_APP_USER` credentials
|
||||
- All database queries use parameterized queries to prevent SQL injection
|
||||
|
||||
### Authentication
|
||||
- `login_required` decorator (line 648) - protects routes requiring login
|
||||
- Session stores `user_id` and `user_type` ('organizer', 'attendee', or 'staff')
|
||||
- `get_current_user()` returns (user_id, user_type) from session
|
||||
- Passwords hashed with bcrypt via `hash_password()` / `verify_password()`
|
||||
|
||||
### Internationalization
|
||||
- Flask-Babel with 7 locales: en, nl, de, fr, es, it, pl
|
||||
- Locale detection order: URL `?lang=` param → session → cookie → user preference → default
|
||||
- Translation function `_()` aliased as `t()` for use in templates
|
||||
- In templates: `{{ 'key'|t }}` for translations
|
||||
|
||||
### User Types
|
||||
- **Organizer**: Creates events, manages attendees, prints badges, scans QR codes
|
||||
- **Attendee**: Registers for events, manages profile, connects with others, books appointments
|
||||
- **Staff**: Assigned to events via invite codes, can scan attendee QR codes for check-in
|
||||
|
||||
### Key Templates
|
||||
- `templates/base.html` - base template with navigation and translation support
|
||||
- `templates/attendee/profile.html` - profile with photo crop/zoom (client-side)
|
||||
- `templates/organizer/badges.html` - printable badge layout (PDF-ready via reportlab)
|
||||
- `templates/organizer/scan.html` - QR scanner for check-in (camera-based)
|
||||
|
||||
### QR Code System
|
||||
- Attendees have unique `attendee_code` (10 chars) stored in `attendees` table
|
||||
- QR codes encode the attendee code for scanning
|
||||
- Organizer/staff scan to check in attendees via `/organizer/event/<id>/scan`
|
||||
|
||||
### Email
|
||||
- Uses Brevo SMTP (smtp-relay.brevo.com) configured in config.py
|
||||
- Used for password reset tokens and event communications
|
||||
|
||||
### Password Reset Flow
|
||||
1. User submits email to `/forgot-password`
|
||||
2. Backend creates `reset_token` and `reset_token_expiry` on organizer record
|
||||
3. Email sent with link to `/reset-password/<token>`
|
||||
4. Token validated at `reset-password` route, password updated
|
||||
|
||||
## Security Notes
|
||||
- Passwords hashed with bcrypt (never stored in plaintext)
|
||||
- Session-based auth with SECRET_KEY in config.py
|
||||
- reCAPTCHA validation available for forms (configured via env vars)
|
||||
- Rate limiting on login attempts (in-memory `failed_login_attempts` dict)
|
||||
- File uploads restricted to images (png, jpg, jpeg, gif) with 16MB limit
|
||||
Reference in New Issue
Block a user