vivekpprakash/eventify_backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
105 Commits 9 Branches 0 Tags
main
Commit Graph

24 Commits

Author SHA1 Message Date
Sicherhaven
46b391bd51 fix: allow partner portal SSR to reach admin_api (/me/) for impersonation 
ALLOWED_HOSTS was missing partner.eventifyplus.com + docker internal
hostnames (eventify-backend, eventify-django). Partner Next.js
server-side authorize() fetch to /api/v1/auth/me/ was rejected with
HTTP 400 DisallowedHost, so admin "Login as Partner" redirected to
/login?error=ImpersonationFailed instead of /dashboard.

Also added `partner` FK to UserSerializer so the /me/ response exposes
the partner id the portal needs to set session.user.partnerId.

Deployed to both eventify-backend and eventify-django containers via
docker cp + HUP.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-04-22 10:30:58 +05:30
Sicherhaven
e0a491e8cb security: fix GoogleLoginView audience check + replace Clerk with direct GIS flow 
- verify_oauth2_token now passes GOOGLE_CLIENT_ID as third arg (audience check)
- fail-closed: returns 503 if GOOGLE_CLIENT_ID env var is not set
- add GOOGLE_CLIENT_ID = os.environ.get('GOOGLE_CLIENT_ID', '') to settings
- replace ClerkLoginViewTests with GoogleLoginViewTests (4 cases)
- update requirements-docker.txt

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-10 01:31:18 +05:30
Sicherhaven
b2a2cbad5f feat(ad_control): new AdSurface + AdPlacement module for placement-based featured/top events 
- New ad_control Django app: AdSurface + AdPlacement models with GLOBAL/LOCAL scope
- Admin CRUD API at /api/v1/ad-control/ (JWT-protected): surfaces, placements, picker events
- Placement lifecycle: DRAFT → ACTIVE|SCHEDULED → EXPIRED|DISABLED
- LOCAL scope: Haversine ≤ 50km from event lat/lng (fixed radius, no config needed)
- Consumer APIs: /api/events/featured-events/ and /api/events/top-events/ rewritten
  to use placement-based queries (same URL paths + response shape — no breaking changes)
- Seed command: seed_surfaces --migrate converts existing is_featured/is_top_event booleans
- mount: admin_api/urls.py → ad-control/, mobile_api/urls.py → replaced consumer views
- settings.py: added ad_control to INSTALLED_APPS
 2026-04-06 12:10:06 +05:30
Sicherhaven
635a1224cd fix: add localhost:8080 to CORS_ALLOWED_ORIGINS for Flutter web preview 2026-04-04 18:56:47 +05:30
Eventify Deploy
1b6185c758 security: fix SMTP credential exposure and auth bypass 
- C-1: Move EMAIL_HOST_PASSWORD to os.environ (was hardcoded plaintext)
- C-2: Enable token-user cross-validation in validate_token_and_get_user()
  (compares token.user_id with user.id to prevent impersonation)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-30 19:29:42 +00:00
Eventify Deploy
5a2752a2de fix: security audit remediation — Django settings + payment gateway API 
- ALLOWED_HOSTS: wildcard replaced with explicit domain list (#15)
- CORS_ALLOWED_ORIGINS: added app.eventifyplus.com (#16)
- CSRF_TRUSTED_ORIGINS: added app.eventifyplus.com (#18)
- JWT ACCESS_TOKEN_LIFETIME: 1 day reduced to 30 minutes (#19)
- ROTATE_REFRESH_TOKENS enabled
- SECRET_KEY: removed unsafe fallback, crash on missing env var
- Added ActivePaymentGatewayView for dynamic gateway config (#1, #5, #20)
- Added PaymentGatewaySettingsView CRUD for admin panel

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-25 12:25:11 +00:00
Sicherhaven
ea378f19b1 refactor: migrate users to PostgreSQL, remove SQLite secondary DB 
Users have been migrated from eventify-django SQLite to eventify-backend
PostgreSQL. The temporary users_db workaround is no longer needed:

- settings.py: removed users_db SQLite secondary database config
- views.py: removed _user_db()/_user_qs() helpers; user views now query
  the default PostgreSQL directly with plain User.objects.filter()
- docker-compose.yml: SQLite read-only volume mount removed

All 27 users (25 non-superuser customers) now live in PostgreSQL.
 2026-03-25 11:43:12 +05:30
Sicherhaven
54aa7ce06e fix: read real users from eventify-django SQLite via secondary database 
The admin_api was querying eventify-backend's empty PostgreSQL. Real users
live in eventify-django's SQLite (db.sqlite3 on host). Fix:

- settings.py: auto-adds 'users_db' database config when users_db.sqlite3
  is mounted into the container (read-only volume in docker-compose)
- views.py: _user_db() helper selects the correct database alias;
  _user_qs() defers 'partner' field (absent from older SQLite schema)
- UserMetricsView, UserListView, UserDetailView, UserStatusView all use
  _user_qs() so they query the 25 real registered customers
 2026-03-25 11:38:03 +05:30
Ubuntu
b60d03142c feat: Phase 1+2 - JWT auth, dashboard metrics API, DB indexes 
Phase 1 - JWT Auth Foundation:
- Replace token auth with djangorestframework-simplejwt
- POST /api/v1/admin/auth/login/ - returns access + refresh JWT
- POST /api/v1/auth/refresh/ - JWT refresh
- GET /api/v1/auth/me/ - current admin profile
- GET /api/v1/health/ - DB health check
- Add ledger app to INSTALLED_APPS

Phase 2 - Dashboard Metrics API:
- GET /api/v1/dashboard/metrics/ - revenue, partners, events, tickets
- GET /api/v1/dashboard/revenue/ - 7-day revenue vs payouts chart data
- GET /api/v1/dashboard/activity/ - last 10 platform events feed
- GET /api/v1/dashboard/actions/ - KYC queue, flagged events, pending payouts

DB Indexes (dashboard query optimisation):
- RazorpayTransaction: status, captured_at
- Partner: status, kyc_compliance_status
- Event: event_status, start_date, created_date
- Booking: created_date
- PaymentTransaction: payment_type, payment_transaction_status, payment_transaction_date

Infra:
- Add Dockerfile for eventify-backend container
- Add simplejwt to requirements.txt
- All 4 dashboard views use IsAuthenticated permission class
 2026-03-24 17:46:41 +00:00
Ubuntu
37001f8e70 feat: add JWT auth foundation - /api/v1/ with admin login, refresh, me, health endpoints 
- Add djangorestframework-simplejwt==5.3.1 to requirements-docker.txt
- Configure REST_FRAMEWORK with JWTAuthentication and SIMPLE_JWT settings
- Create admin_api Django app with AdminLoginView, MeView, HealthView
- Wire /api/v1/ routes without touching existing /api/ mobile endpoints
- Resolve pre-existing events migration conflict (0010_merge)
- Superuser admin created for initial authentication
 2026-03-24 14:46:03 +00:00
Vivek P Prakash
c04395afc9 The new updates of partners and user 
Made-with: Cursor
 2026-03-15 00:29:17 +05:30
Vivek
c43ea6b0c7 Update in the cor headers 2025-12-25 02:42:10 +05:30
Vivek
d1e618e06b Fixes for the icon in the eventtypes 2025-12-20 02:28:15 +05:30
Vivek
5e4a1765de Update in the cors allowed origins 2025-12-20 01:37:36 +05:30
Vivek
689cedb3ff Update in the settings for the cors allowed origins 2025-12-19 21:48:51 +05:30
Vivek
d109df3973 Updates for the api and bug fixes 2025-12-19 19:35:38 +05:30
Vivek
105da4a876 Reverting back to admin pages as login and updates in the mobile api 2025-12-17 22:05:13 +05:30
Vivek
24355ecdf5 The updates for the customer dashboard cum accounts 2025-12-09 03:59:57 +05:30
Vivek P Prakash
08a89a1212 Test for the uat db 2025-12-02 13:40:59 +05:30
Vivek P Prakash
d96ba46506 Updates for the event images 2025-12-01 04:52:49 +05:30
Vivek P Prakash
c4d7d4f6bf Solving the issues in the login and others 2025-11-28 16:03:23 +05:30
Vivek P Prakash
fabd36cf3f Changes in the settings for the deployment 2025-11-28 03:30:38 +05:30
Vivek P Prakash
d3cc7eb47e Second updates 2025-11-28 03:11:38 +05:30
Vivek P Prakash
aa40080012 Initials 2025-11-27 11:53:46 +05:30