CHANGELOG.md

# Changelog

All notable changes to the Eventify Backend are documented here.
Format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), versioning follows [Semantic Versioning](https://semver.org/).

---

## [1.6.2] — 2026-04-03

### Security
- **Internal exceptions no longer exposed to API callers** — all 15 `except Exception as e` blocks across `mobile_api/views/user.py` and `mobile_api/views/events.py` now log the real error via `eventify_logger` and return a generic `"An unexpected server error occurred."` to the caller
  - Affected views: `RegisterView`, `WebRegisterView`, `LoginView`, `StatusView`, `LogoutView`, `UpdateProfileView`, `EventTypeAPI`, `EventListAPI`, `EventDetailAPI`, `EventImagesListAPI`, `EventsByDateAPI`, `DateSheetAPI`, `PincodeEventsAPI`, `FeaturedEventsAPI`, `TopEventsAPI`
  - `StatusView` and `UpdateProfileView` were also missing `log(...)` calls entirely — added
  - `from eventify_logger.services import log` import added to `events.py` (was absent)

---

## [1.6.1] — 2026-04-03

### Added
- **`eventify_id` in `StatusView` response** (`/api/user/status/`) — consumer app uses this to refresh the Eventify ID badge (`EVT-XXXXXXXX`) for sessions that pre-date the `eventify_id` login field
- **`accounts` migration `0012_user_eventify_id` deployed to production containers** — backfilled all existing users with unique Eventify IDs; previously the migration existed locally but had not been applied in production

---

## [1.6.0] — 2026-04-02

### Added
- **Unique Eventify ID system** (`EVT-XXXXXXXX` format)
  - New `eventify_id` field on `User` model — `CharField(max_length=12, unique=True, editable=False, db_index=True)`
  - Charset `ABCDEFGHJKLMNPQRSTUVWXYZ23456789` (no ambiguous characters I/O/0/1) giving ~1.78T combinations
  - Auto-generated on first `save()` via a 10-attempt retry loop using `secrets.choice()`
  - Migration `0012_user_eventify_id`: add nullable → backfill all existing users → make non-null
- `eventify_id` exposed in `accounts/api.py` → `_partner_user_to_dict()` fields list
- `eventify_id` exposed in `partner/api.py` → `_user_to_dict()` fields list
- `eventify_id` exposed in `mobile_api/views/user.py` → `LoginView` response (populates `localStorage.event_user.eventify_id`)
- `eventifyId` exposed in `admin_api/views.py` → `_serialize_user()` (camelCase for direct TypeScript compatibility)
- Server-side search in `UserListView` now also filters on `eventify_id__icontains`
- Synced migration `0011_user_allowed_modules_alter_user_id` (pulled from server, was missing from local repo)

### Changed
- `accounts/models.py`: merged `allowed_modules` field + `get_allowed_modules()` + `ALL_MODULES` constant from server (previously only existed on server)

---

## [1.5.0] — 2026-03-31

### Added
- `allowed_modules` TextField on `User` model — comma-separated module slug access control
- `get_allowed_modules()` method on `User` — returns list of accessible modules based on role or explicit list
- `ALL_MODULES` class constant listing all platform module slugs
- Migration `0011_user_allowed_modules_alter_user_id`

---

## [1.4.0] — 2026-03-24

### Added
- Partner portal login/logout APIs (`accounts/api.py`) — `PartnerLoginAPI`, `PartnerLogoutAPI`, `PartnerMeAPI`
- `_partner_user_to_dict()` serializer for partner-scoped user data
- Partner CRUD, KYC review, and user management endpoints in `partner/api.py`

---

## [1.3.0] — 2026-03-14

### Changed
- User `id` field changed from `AutoField` to `BigAutoField` (migration `0010_alter_user_id`)

---

## [1.2.0] — 2026-03-10

### Added
- `partner` ForeignKey on `User` model linking users to partners (migration `0009_user_partner`)
- Profile picture upload support (`ImageField`) with `default.png` fallback (migration `0006–0007`)

---

## [1.1.0] — 2026-02-28

### Added
- Location fields on `User`: `pincode`, `district`, `state`, `country`, `place`, `latitude`, `longitude`
- Custom `UserManager` for programmatic user creation

---

## [1.0.0] — 2026-03-01

### Added
- Initial Django project with custom `User` model extending `AbstractUser`
- Role choices: `admin`, `manager`, `staff`, `customer`, `partner`, `partner_manager`, `partner_staff`, `partner_customer`
- JWT authentication via `djangorestframework-simplejwt`
- Admin API foundation: auth, dashboard metrics, partners, users, events
- Docker + Gunicorn + PostgreSQL 16 production setup
-												docs: add CHANGELOG.md and update README version to 1.6.0

- CHANGELOG.md: full history from 1.0.0 → 1.6.0 (Keep a Changelog format)
- README.md: bump version badge 1.5.0 → 1.6.0, add changelog summary table

											
										
										
											2026-04-02 11:03:18 +05:30
+								# Changelog
 								All notable changes to the Eventify Backend are documented here.
 								Format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), versioning follows [Semantic Versioning](https://semver.org/).
 								---
-												docs: add v1.6.1 and v1.6.2 CHANGELOG entries

Documents StatusView eventify_id addition and the security fix
that stops internal Python exceptions from reaching API callers.

											
										
										
											2026-04-03 09:27:15 +05:30
+								## [1.6.2] — 2026-04-03
 								### Security
 								- **Internal exceptions no longer exposed to API callers** — all 15 `except Exception as e` blocks across `mobile_api/views/user.py` and `mobile_api/views/events.py` now log the real error via `eventify_logger` and return a generic `"An unexpected server error occurred."` to the caller
 								  - Affected views: `RegisterView`, `WebRegisterView`, `LoginView`, `StatusView`, `LogoutView`, `UpdateProfileView`, `EventTypeAPI`, `EventListAPI`, `EventDetailAPI`, `EventImagesListAPI`, `EventsByDateAPI`, `DateSheetAPI`, `PincodeEventsAPI`, `FeaturedEventsAPI`, `TopEventsAPI`
 								  - `StatusView` and `UpdateProfileView` were also missing `log(...)` calls entirely — added
 								  - `from eventify_logger.services import log` import added to `events.py` (was absent)
 								---
 								## [1.6.1] — 2026-04-03
 								### Added
 								- **`eventify_id` in `StatusView` response** (`/api/user/status/`) — consumer app uses this to refresh the Eventify ID badge (`EVT-XXXXXXXX`) for sessions that pre-date the `eventify_id` login field
 								- **`accounts` migration `0012_user_eventify_id` deployed to production containers** — backfilled all existing users with unique Eventify IDs; previously the migration existed locally but had not been applied in production
 								---
-												docs: add CHANGELOG.md and update README version to 1.6.0

- CHANGELOG.md: full history from 1.0.0 → 1.6.0 (Keep a Changelog format)
- README.md: bump version badge 1.5.0 → 1.6.0, add changelog summary table

											
										
										
											2026-04-02 11:03:18 +05:30
+								## [1.6.0] — 2026-04-02
 								### Added
 								- **Unique Eventify ID system** (`EVT-XXXXXXXX` format)
 								  - New `eventify_id` field on `User` model — `CharField(max_length=12, unique=True, editable=False, db_index=True)`
 								  - Charset `ABCDEFGHJKLMNPQRSTUVWXYZ23456789` (no ambiguous characters I/O/0/1) giving ~1.78T combinations
 								  - Auto-generated on first `save()` via a 10-attempt retry loop using `secrets.choice()`
 								  - Migration `0012_user_eventify_id`: add nullable → backfill all existing users → make non-null
 								- `eventify_id` exposed in `accounts/api.py` → `_partner_user_to_dict()` fields list
 								- `eventify_id` exposed in `partner/api.py` → `_user_to_dict()` fields list
 								- `eventify_id` exposed in `mobile_api/views/user.py` → `LoginView` response (populates `localStorage.event_user.eventify_id`)
 								- `eventifyId` exposed in `admin_api/views.py` → `_serialize_user()` (camelCase for direct TypeScript compatibility)
 								- Server-side search in `UserListView` now also filters on `eventify_id__icontains`
 								- Synced migration `0011_user_allowed_modules_alter_user_id` (pulled from server, was missing from local repo)
 								### Changed
 								- `accounts/models.py`: merged `allowed_modules` field + `get_allowed_modules()` + `ALL_MODULES` constant from server (previously only existed on server)
 								---
 								## [1.5.0] — 2026-03-31
 								### Added
 								- `allowed_modules` TextField on `User` model — comma-separated module slug access control
 								- `get_allowed_modules()` method on `User` — returns list of accessible modules based on role or explicit list
 								- `ALL_MODULES` class constant listing all platform module slugs
 								- Migration `0011_user_allowed_modules_alter_user_id`
 								---
 								## [1.4.0] — 2026-03-24
 								### Added
 								- Partner portal login/logout APIs (`accounts/api.py`) — `PartnerLoginAPI`, `PartnerLogoutAPI`, `PartnerMeAPI`
 								- `_partner_user_to_dict()` serializer for partner-scoped user data
 								- Partner CRUD, KYC review, and user management endpoints in `partner/api.py`
 								---
 								## [1.3.0] — 2026-03-14
 								### Changed
 								- User `id` field changed from `AutoField` to `BigAutoField` (migration `0010_alter_user_id`)
 								---
 								## [1.2.0] — 2026-03-10
 								### Added
 								- `partner` ForeignKey on `User` model linking users to partners (migration `0009_user_partner`)
 								- Profile picture upload support (`ImageField`) with `default.png` fallback (migration `0006–0007`)
 								---
 								## [1.1.0] — 2026-02-28
 								### Added
 								- Location fields on `User`: `pincode`, `district`, `state`, `country`, `place`, `latitude`, `longitude`
 								- Custom `UserManager` for programmatic user creation
 								---
 								## [1.0.0] — 2026-03-01
 								### Added
 								- Initial Django project with custom `User` model extending `AbstractUser`
 								- Role choices: `admin`, `manager`, `staff`, `customer`, `partner`, `partner_manager`, `partner_staff`, `partner_customer`
 								- JWT authentication via `djangorestframework-simplejwt`
 								- Admin API foundation: auth, dashboard metrics, partners, users, events
 								- Docker + Gunicorn + PostgreSQL 16 production setup