934848b7f5
- Add forgot_password and reset_password templates and routes - Enhance profile.html with photo crop/zoom functionality - Add attendee type management to edit_attendee.html - Update templates styling and layout consistency - Document database schema in SPEC.md - Add CLAUDE.md project guidance Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
72 lines
3.2 KiB
Markdown
72 lines
3.2 KiB
Markdown
# CLAUDE.md
|
|
|
|
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
|
|
|
|
## Project Overview
|
|
NetEvent is a Flask-based networking event platform with MySQL backend. It supports organizers, attendees, and staff with features including event management, QR-based check-in, breakout sessions, connection requests, appointments, and multi-language support.
|
|
|
|
## Running the Application
|
|
```bash
|
|
python app.py
|
|
```
|
|
The server runs on the port configured in the memory system (auto-restarts on same port after edits).
|
|
|
|
## Database Setup
|
|
```bash
|
|
python init_db.py
|
|
```
|
|
- Creates `netevent` database and `netevent_app` user
|
|
- Creates all tables including breakout_sessions, staff, languages, attendee_types
|
|
- Seeds languages table with 7 EU languages
|
|
- Uses ALTER statements to add columns to existing tables (safe to re-run)
|
|
|
|
## Key Architecture Patterns
|
|
|
|
### Database Connections
|
|
- `get_db_connection()` at line 557 - creates connections using `Config.DB_APP_USER` credentials
|
|
- All database queries use parameterized queries to prevent SQL injection
|
|
|
|
### Authentication
|
|
- `login_required` decorator (line 648) - protects routes requiring login
|
|
- Session stores `user_id` and `user_type` ('organizer', 'attendee', or 'staff')
|
|
- `get_current_user()` returns (user_id, user_type) from session
|
|
- Passwords hashed with bcrypt via `hash_password()` / `verify_password()`
|
|
|
|
### Internationalization
|
|
- Flask-Babel with 7 locales: en, nl, de, fr, es, it, pl
|
|
- Locale detection order: URL `?lang=` param → session → cookie → user preference → default
|
|
- Translation function `_()` aliased as `t()` for use in templates
|
|
- In templates: `{{ 'key'|t }}` for translations
|
|
|
|
### User Types
|
|
- **Organizer**: Creates events, manages attendees, prints badges, scans QR codes
|
|
- **Attendee**: Registers for events, manages profile, connects with others, books appointments
|
|
- **Staff**: Assigned to events via invite codes, can scan attendee QR codes for check-in
|
|
|
|
### Key Templates
|
|
- `templates/base.html` - base template with navigation and translation support
|
|
- `templates/attendee/profile.html` - profile with photo crop/zoom (client-side)
|
|
- `templates/organizer/badges.html` - printable badge layout (PDF-ready via reportlab)
|
|
- `templates/organizer/scan.html` - QR scanner for check-in (camera-based)
|
|
|
|
### QR Code System
|
|
- Attendees have unique `attendee_code` (10 chars) stored in `attendees` table
|
|
- QR codes encode the attendee code for scanning
|
|
- Organizer/staff scan to check in attendees via `/organizer/event/<id>/scan`
|
|
|
|
### Email
|
|
- Uses Brevo SMTP (smtp-relay.brevo.com) configured in config.py
|
|
- Used for password reset tokens and event communications
|
|
|
|
### Password Reset Flow
|
|
1. User submits email to `/forgot-password`
|
|
2. Backend creates `reset_token` and `reset_token_expiry` on organizer record
|
|
3. Email sent with link to `/reset-password/<token>`
|
|
4. Token validated at `reset-password` route, password updated
|
|
|
|
## Security Notes
|
|
- Passwords hashed with bcrypt (never stored in plaintext)
|
|
- Session-based auth with SECRET_KEY in config.py
|
|
- reCAPTCHA validation available for forms (configured via env vars)
|
|
- Rate limiting on login attempts (in-memory `failed_login_attempts` dict)
|
|
- File uploads restricted to images (png, jpg, jpeg, gif) with 16MB limit |