Kayos
213801ca70
Adds the multi-user plumbing layer underneath v0.1's batch-only API: - DB module (db.py) — PyMySQL against sulkta-mariadb, in-process migrations. Tables: cauldron_users, cauldron_user_mealie_tokens, cauldron_chat_log, schema_migrations. - Crypto module (crypto.py) — thin Fernet wrapper. Master key in env, per-row encryption of stored Mealie tokens, decrypt only in-process. - OIDC module (oidc.py) — Authlib-based Authentik integration. Issuer https://auth.sulkta.com/application/o/cauldron/, sub_mode=user_email, scopes openid+email+profile. App gated to 'Sulkta Family' group. - Two-tier Mealie shape — system_mealie (env token, admin batch) + current_user_mealie() helper that loads + decrypts the calling user's token from DB. Per the v0.2 design (memory/spec-cauldron-v0.2.md). - Connect flow — /connect-mealie pages walk users through minting their own Mealie API token and pasting it back. Validated against /api/users/self before encryption + storage. - Routes — /, /login, /auth/callback, /logout, /me, /connect-mealie, /disconnect-mealie. v0.1 admin endpoints kept under bearer auth. - Mealie.who_am_i() helper added. - Auth flow uses Authentik subject (sub) as the canonical user key. UI is minimal — connect-mealie page uses the locked palette (forest #1f2d1f, panels #2d3a2a, meadow #6b8e5a/#88a87a, parchment text #f0e6cc/#ddd4ba) and Cormorant Garamond serif headers. Strict palette. The fuller dashboard / plan / list / recipes views land in subsequent commits. Authentik provider PK 24, client_id ZIwEugWWWZinR1KcVC9IT9hpGoTds9ps8XDDHPPN. Group 'Sulkta Family' (pk 6d0c75e9-...) created with cobb member. Foundation only — Abby's branded UI and the meal-plan / shopping-list features land in subsequent v0.2 commits.
6 lines
98 B
Text
6 lines
98 B
Text
Flask==3.0.3
|
|
requests==2.32.3
|
|
gunicorn==23.0.0
|
|
Authlib==1.3.2
|
|
PyMySQL==1.1.1
|
|
cryptography==43.0.3
|