Security hardening: env-based config, CSRF protection, secure code generation, plus presenter management and email communications system

- Move all credentials from hardcoded to .env with python-dotenv (add .env.example template and .gitignore)
- Add CSRF token generation and validation on all state-changing requests
- Replace random.choices with secrets.choice for all secure code generation
- Add session cookie security headers (HttpOnly, Secure, SameSite)
- Add presenter management: assign/remove presenters to breakout sessions, presenter QR scanning
- Add email communications system: templates per event, custom email sending, sent email tracking
- Add staff/organizer profile pages with staff code display
- New DB tables: event_email_templates, sent_emails, user_communications
- New DB columns: staff.reminder_count/reminder_dates, breakout_session_organizers.presenter_code
- Expand English translation strings across all new features

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-05-26 20:34:48 +00:00
parent 934848b7f5
commit a3546b4c01
45 changed files with 8296 additions and 3207 deletions
@@ -0,0 +1,38 @@
{% extends "base.html" %}
{% block title %}{{ 'edit_template'|t }} - {{ event.name }}{% endblock %}
{% block content %}
<div class="communications-edit-page">
<div class="page-header">
<h1>{{ 'edit'|t }}: {{ template_type_name }}</h1>
<a href="{{ url_for('event_communications', event_id=event.id) }}" class="btn btn-outline"><i data-lucide="arrow-left"></i> {{ 'back'|t }}</a>
</div>
<div class="section-box">
<form method="POST" class="template-edit-form">
<div class="form-group">
<label for="subject">{{ 'subject'|t }}</label>
<input type="text" id="subject" name="subject" value="{{ template.subject }}" required>
</div>
<div class="form-group">
<label for="body">{{ 'body'|t }}</label>
<textarea id="body" name="body" rows="15" required>{{ template.body }}</textarea>
<small class="text-muted">{{ 'available_placeholders'|t }}: {staff_name}, {attendee_name}, {event_name}, {invite_url}, {reminder_count}, {event_date}, {event_location}, {changes_text}, {session_name}</small>
</div>
<div class="form-actions">
<button type="submit" class="btn btn-primary"><i data-lucide="save"></i> {{ 'save_changes'|t }}</button>
<a href="{{ url_for('event_communications', event_id=event.id) }}" class="btn btn-secondary">{{ 'cancel'|t }}</a>
</div>
</form>
</div>
</div>
<script>
document.addEventListener('DOMContentLoaded', function() {
lucide.createIcons();
});
</script>
{% endblock %}