Files
paul 934848b7f5 Add password reset flow, attendee profile enhancements, and spec
- Add forgot_password and reset_password templates and routes
- Enhance profile.html with photo crop/zoom functionality
- Add attendee type management to edit_attendee.html
- Update templates styling and layout consistency
- Document database schema in SPEC.md
- Add CLAUDE.md project guidance

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-19 19:52:42 +00:00

72 lines
3.2 KiB
Markdown

# CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
## Project Overview
NetEvent is a Flask-based networking event platform with MySQL backend. It supports organizers, attendees, and staff with features including event management, QR-based check-in, breakout sessions, connection requests, appointments, and multi-language support.
## Running the Application
```bash
python app.py
```
The server runs on the port configured in the memory system (auto-restarts on same port after edits).
## Database Setup
```bash
python init_db.py
```
- Creates `netevent` database and `netevent_app` user
- Creates all tables including breakout_sessions, staff, languages, attendee_types
- Seeds languages table with 7 EU languages
- Uses ALTER statements to add columns to existing tables (safe to re-run)
## Key Architecture Patterns
### Database Connections
- `get_db_connection()` at line 557 - creates connections using `Config.DB_APP_USER` credentials
- All database queries use parameterized queries to prevent SQL injection
### Authentication
- `login_required` decorator (line 648) - protects routes requiring login
- Session stores `user_id` and `user_type` ('organizer', 'attendee', or 'staff')
- `get_current_user()` returns (user_id, user_type) from session
- Passwords hashed with bcrypt via `hash_password()` / `verify_password()`
### Internationalization
- Flask-Babel with 7 locales: en, nl, de, fr, es, it, pl
- Locale detection order: URL `?lang=` param → session → cookie → user preference → default
- Translation function `_()` aliased as `t()` for use in templates
- In templates: `{{ 'key'|t }}` for translations
### User Types
- **Organizer**: Creates events, manages attendees, prints badges, scans QR codes
- **Attendee**: Registers for events, manages profile, connects with others, books appointments
- **Staff**: Assigned to events via invite codes, can scan attendee QR codes for check-in
### Key Templates
- `templates/base.html` - base template with navigation and translation support
- `templates/attendee/profile.html` - profile with photo crop/zoom (client-side)
- `templates/organizer/badges.html` - printable badge layout (PDF-ready via reportlab)
- `templates/organizer/scan.html` - QR scanner for check-in (camera-based)
### QR Code System
- Attendees have unique `attendee_code` (10 chars) stored in `attendees` table
- QR codes encode the attendee code for scanning
- Organizer/staff scan to check in attendees via `/organizer/event/<id>/scan`
### Email
- Uses Brevo SMTP (smtp-relay.brevo.com) configured in config.py
- Used for password reset tokens and event communications
### Password Reset Flow
1. User submits email to `/forgot-password`
2. Backend creates `reset_token` and `reset_token_expiry` on organizer record
3. Email sent with link to `/reset-password/<token>`
4. Token validated at `reset-password` route, password updated
## Security Notes
- Passwords hashed with bcrypt (never stored in plaintext)
- Session-based auth with SECRET_KEY in config.py
- reCAPTCHA validation available for forms (configured via env vars)
- Rate limiting on login attempts (in-memory `failed_login_attempts` dict)
- File uploads restricted to images (png, jpg, jpeg, gif) with 16MB limit