From 0582b26be72884998862992359ef9c9d3d886092 Mon Sep 17 00:00:00 2001 From: Yves Gugger Date: Tue, 9 Dec 2025 21:45:40 +0100 Subject: [PATCH] feat: Add user deletion in admin panel and fix OAuth authentication - Add delete user functionality with cascade deletion of all user data - Fix OAuth URLs to include /api/v1 path - Fix token storage key consistency in OAuth callback - Update user model to cascade delete price alerts - Improve email templates with minimalist design - Add confirmation dialog for user deletion - Prevent deletion of admin users --- backend/app/api/admin.py | 24 +- backend/app/models/price_alert.py | 2 +- backend/app/models/user.py | 3 + backend/app/services/email_service.py | 309 ++++++++++------------- frontend/src/app/admin/page.tsx | 59 ++++- frontend/src/app/oauth/callback/page.tsx | 4 +- frontend/src/lib/api.ts | 4 +- 7 files changed, 209 insertions(+), 196 deletions(-) diff --git a/backend/app/api/admin.py b/backend/app/api/admin.py index caadfa3..1cb1c93 100644 --- a/backend/app/api/admin.py +++ b/backend/app/api/admin.py @@ -390,6 +390,9 @@ async def delete_user( admin: User = Depends(require_admin), ): """Delete a user and all their data.""" + from app.models.blog import BlogPost + from app.models.admin_log import AdminActivityLog + result = await db.execute(select(User).where(User.id == user_id)) user = result.scalar_one_or_none() @@ -399,10 +402,29 @@ async def delete_user( if user.is_admin: raise HTTPException(status_code=400, detail="Cannot delete admin user") + user_email = user.email + + # Delete user's blog posts (or set author_id to NULL if you want to keep them) + await db.execute( + BlogPost.__table__.delete().where(BlogPost.author_id == user_id) + ) + + # Delete user's admin activity logs (if any) + await db.execute( + AdminActivityLog.__table__.delete().where(AdminActivityLog.admin_id == user_id) + ) + + # Now delete the user (cascades to domains, subscriptions, portfolio, price_alerts) await db.delete(user) await db.commit() - return {"message": f"User {user.email} deleted"} + # Log this action + await log_admin_activity( + db, admin.id, "user_delete", + f"Deleted user {user_email} and all their data" + ) + + return {"message": f"User {user_email} and all their data have been deleted"} @router.post("/users/{user_id}/upgrade") diff --git a/backend/app/models/price_alert.py b/backend/app/models/price_alert.py index 56f4c49..a93f2d5 100644 --- a/backend/app/models/price_alert.py +++ b/backend/app/models/price_alert.py @@ -48,7 +48,7 @@ class PriceAlert(Base): ) # Relationship to user - user: Mapped["User"] = relationship("User", backref="price_alerts") + user: Mapped["User"] = relationship("User", back_populates="price_alerts") def __repr__(self) -> str: status = "active" if self.is_active else "paused" diff --git a/backend/app/models/user.py b/backend/app/models/user.py index 1e2f67f..20931d8 100644 --- a/backend/app/models/user.py +++ b/backend/app/models/user.py @@ -57,6 +57,9 @@ class User(Base): portfolio_domains: Mapped[List["PortfolioDomain"]] = relationship( "PortfolioDomain", back_populates="user", cascade="all, delete-orphan" ) + price_alerts: Mapped[List["PriceAlert"]] = relationship( + "PriceAlert", cascade="all, delete-orphan", passive_deletes=True + ) def __repr__(self) -> str: return f"" diff --git a/backend/app/services/email_service.py b/backend/app/services/email_service.py index 0f3b58e..0f5b460 100644 --- a/backend/app/services/email_service.py +++ b/backend/app/services/email_service.py @@ -48,114 +48,33 @@ SMTP_CONFIG = { CONTACT_EMAIL = os.getenv("CONTACT_EMAIL", "hello@pounce.ch") -# Base email wrapper template +# Minimalistic Professional Email Template BASE_TEMPLATE = """ - - -
- - {{ content }} -
-

Β© {{ year }} pounce. All rights reserved.

-

- pounce.ch Β· - Privacy Β· - Terms + +

+ +
+

+ pounce +

+
+ + +
+ {{ content }} +
+ + +
+

+ pounce — Domain Intelligence Platform
+ pounce.ch

@@ -167,34 +86,52 @@ BASE_TEMPLATE = """ # Email Templates (content only, wrapped in BASE_TEMPLATE) TEMPLATES = { "domain_available": """ -

Time to pounce.

-

A domain you're tracking just dropped:

-
{{ domain }}
-

It's available right now. Move fastβ€”others are watching too.

-Grab It Now β†’ -

- You're tracking this domain on POUNCE. +

+ Domain available +

+

+ A domain you're monitoring is now available:

+
+

+ {{ domain }} +

+
+
+ + Register Domain + +
""", "price_alert": """ -

.{{ tld }} just moved.

-

- {% if change_percent < 0 %} - ↓ Down {{ change_percent|abs }}% - {% else %} - ↑ Up {{ change_percent }}% - {% endif %} +

+ Price alert: .{{ tld }} +

+

+ The price for .{{ tld }} has changed:

-
-

Was: ${{ old_price }}

-

Now: ${{ new_price }}

-

Cheapest at: {{ registrar }}

+
+
+

Previous Price

+

\${{ old_price }}

+
+
+

New Price

+

\${{ new_price }}

+
+

+ {% if change_percent < 0 %}↓{% else %}↑{% endif %} {{ change_percent|abs }}% +

-See Details β†’ -

- You set an alert for .{{ tld }} on POUNCE. +

+ Cheapest at: {{ registrar }}

+ """, "subscription_confirmed": """ @@ -243,81 +180,99 @@ TEMPLATES = { """, "password_reset": """ -

Reset your password.

-

Hey {{ user_name }},

-

Someone requested a password reset. If that was you, click below:

-Reset Password β†’ -

Or copy this link:

-{{ reset_url }} -
-

Link expires in 1 hour.

+

+ Reset your password +

+

+ Hi {{ user_name }}, +

+

+ We received a request to reset your password. Click the button below to create a new password. +

+ -

- Didn't request this? Ignore it. Nothing changes. +

+ This link expires in 1 hour. +

+

+ If you didn't request this, you can safely ignore this email.

""", "email_verification": """ -

One click to start hunting.

-

Hey {{ user_name }},

-

Welcome to POUNCE. Verify your email to activate your account:

-Verify & Start β†’ -

Or copy this link:

-{{ verification_url }} -
-

Link expires in 24 hours.

+

+ Verify your email +

+

+ Hi {{ user_name }}, +

+

+ Thanks for signing up. Click the button below to verify your email and activate your account. +

+ -

- Didn't sign up? Just ignore this. +

+ This link expires in 24 hours. +

+

+ If you didn't sign up, you can safely ignore this email.

""", "contact_form": """ -

New message from the wild.

-
-

From: {{ name }} <{{ email }}>

-

Subject: {{ subject }}

-

Date: {{ timestamp }}

+

+ New Contact Form Submission +

+
+

From

+

{{ name }} <{{ email }}>

+

Subject

+

{{ subject }}

-

Message

-
-

{{ message }}

+

Message

+

{{ message }}

+ -

- Reply β†’ -

+

Sent: {{ timestamp }}

""", "contact_confirmation": """ -

Got it.

-

Hey {{ name }},

-

Your message landed. We'll get back to you soon.

-
-

Subject: {{ subject }}

-

Your message:

-

{{ message }}

+

+ Message received +

+

+ Hi {{ name }}, +

+

+ Thanks for reaching out. We've received your message and will get back to you within 24–48 hours. +

+
+

Your message

+

{{ message }}

-

Expect a reply within 24-48 hours.

-Back to POUNCE β†’ """, "newsletter_welcome": """ -

You're on the list.

-

Welcome to POUNCE Insights.

-

Here's what you'll get:

-
-
    -
  • TLD market moves & analysis
    • -
  • Domain investing strategies
    • -
  • New feature drops
    • -
  • Exclusive deals
    • -
-
-

1-2 emails per month. No spam. Ever.

-Start Exploring β†’ -

- Unsubscribe anytime with one click. +

+ Welcome to pounce insights +

+

+ You'll receive updates about TLD market trends, domain investment strategies, and new features. 1–2 emails per month. No spam.

+ """, } diff --git a/frontend/src/app/admin/page.tsx b/frontend/src/app/admin/page.tsx index ae5a984..8db239d 100644 --- a/frontend/src/app/admin/page.tsx +++ b/frontend/src/app/admin/page.tsx @@ -333,6 +333,20 @@ export default function AdminPage() { } } + const handleDeleteUser = async (userId: number, userEmail: string) => { + if (!confirm(`Are you sure you want to delete user "${userEmail}" and ALL their data?\n\nThis action cannot be undone.`)) { + return + } + try { + await api.deleteAdminUser(userId) + setSuccess(`User ${userEmail} and all their data have been deleted`) + setSelectedUser(null) + loadAdminData() + } catch (err) { + setError(err instanceof Error ? err.message : 'Delete failed') + } + } + const handleBulkUpgrade = async () => { if (selectedUsers.length === 0) { setError('Please select users to upgrade') @@ -678,6 +692,14 @@ export default function AdminPage() { > +
@@ -1284,22 +1306,33 @@ export default function AdminPage() {
)}
-
+
- +
+ + +
diff --git a/frontend/src/app/oauth/callback/page.tsx b/frontend/src/app/oauth/callback/page.tsx index 0c6945d..0125153 100644 --- a/frontend/src/app/oauth/callback/page.tsx +++ b/frontend/src/app/oauth/callback/page.tsx @@ -22,8 +22,8 @@ function OAuthCallbackContent() { } if (token) { - // Store the token - localStorage.setItem('auth_token', token) + // Store the token (using 'token' key to match api.ts) + localStorage.setItem('token', token) // Update auth state checkAuth().then(() => { diff --git a/frontend/src/lib/api.ts b/frontend/src/lib/api.ts index a915cee..eb85b94 100644 --- a/frontend/src/lib/api.ts +++ b/frontend/src/lib/api.ts @@ -189,12 +189,12 @@ class ApiClient { getGoogleLoginUrl(redirect?: string) { const params = redirect ? `?redirect=${encodeURIComponent(redirect)}` : '' - return `${this.baseUrl}/oauth/google/login${params}` + return `${getApiBaseUrl()}/oauth/google/login${params}` } getGitHubLoginUrl(redirect?: string) { const params = redirect ? `?redirect=${encodeURIComponent(redirect)}` : '' - return `${this.baseUrl}/oauth/github/login${params}` + return `${getApiBaseUrl()}/oauth/github/login${params}` } // Contact Form