Initial skills documentation — 25 categories, all SKILL.md + references + scripts

This commit is contained in:
root
2026-07-15 17:42:20 -04:00
commit 1b4fcd4427
976 changed files with 188344 additions and 0 deletions
@@ -0,0 +1,66 @@
# Password Reset, Logout, & Email Invite — Jul 2026
Features built Jul 9, 2026 for Shark Attack Fantasy League.
## Password Reset
### Backend endpoints
- `POST /api/auth/forgot-password` — accepts `{email}`, generates UUID token with 1-hour expiry, stores in `users.reset_token` / `users.reset_token_expires`, sends email via SMTP (Sho'Nuff account)
- `POST /api/auth/reset-password` — accepts `{token, new_password}`, validates token/expiry against DB, hashes new password, clears token
### DB migration
```sql
ALTER TABLE users ADD COLUMN reset_token TEXT;
ALTER TABLE users ADD COLUMN reset_token_expires TEXT;
```
### Frontend
- Landing page (index.html): "Forgot password?" link below login form
- Clicking switches to a email-only form
- Submit shows "Check your email for reset instructions"
- New page at `/reset-password.html` reads token from URL params, lets user set new password
### Email
- Subject: "🦈 Shark Attack Fantasy League — Password Reset"
- FROM: shonuff@germainebrown.com, BCC: g@germainebrown.com
- SMTP: mail.germainebrown.com:2525 with STARTTLS
- Reuses the same SMTP pattern as draft reminders
## Logout Fix
The logout function was calling an API endpoint without properly clearing localStorage. Fixed:
```js
function logout() {
localStorage.removeItem('shark_token');
localStorage.removeItem('shark_user');
window.location.href = 'index.html';
}
```
Redirect to `index.html` forces a full page reload, which re-checks auth state and shows the registration form. The bottom tab bar (`.hidden` by default) resets naturally.
## Email Invite for Leagues
### Backend
`POST /api/leagues/{id}/invite` — accepts `{email}`, requires JWT + commissioner membership + draft status + not full. Generates a signed JWT invite link (7-day expiry). Sends email with Sho'Nuff signature via SMTP. BCCs g@germainebrown.com.
### Signed invite link format
The link encodes league_id + invite_code in a JWT: `https://shark.iamgmb.com/?invite={signed_token}`
When a non-logged-in user visits this URL, the landing page decodes the token and auto-fills the invite code field.
### Backend implementation details
```python
class InviteRequest(BaseModel):
email: str
@app.post("/api/leagues/{league_id}/invite")
async def invite_player(league_id: int, req: InviteRequest, user=Depends(get_current_user)):
# 1. Verify commissioner + draft status + not full
# 2. Generate JWT invite token (7 day expiry)
# 3. Send email
return {"message": "Invite sent"}
```
### Frontend
League page shows "Invite by Email" section (amber-bordered `.settings-card`) only to commissioner. Email input + "Send Invite" button with inline success/error messages.