Add admin invites and user workspace management tools.

Implement invite-token registration with optional email delivery, add admin UI actions for creating invites and opening user workspaces, and support superuser workspace override while preserving per-user code isolation with shared read-only lib. Made-with: Cursor
2026-05-01 21:13:13 +12:00
parent e4c811f51d
commit 7d682cce8d
15 changed files with 683 additions and 71 deletions
--- a/.env.example
+++ b/.env.example
@@ -9,10 +9,20 @@
 # --- User accounts (SQLite) ---
 # AUTH_ENABLED=true          # require sign-in for /api/* (except /api/auth/*)
 # AUTH_REGISTER_OPEN=true    # allow POST /api/auth/register
+# AUTH_INVITE_ONLY=false     # require invite token for registration
 # AUTH_DATABASE_PATH=./data/editor.db
 # AUTH_SESSION_DAYS=14
 # BOOTSTRAP_ADMIN_USERNAME=admin   # first-run only: create superuser if DB has zero users
 # BOOTSTRAP_ADMIN_PASSWORD=change-me-in-production

+# Optional invite email (used by POST /api/users/invites)
+# PUBLIC_BASE_URL=http://127.0.0.1:8080
+# SMTP_HOST=smtp.example.com
+# SMTP_PORT=587
+# SMTP_USER=mailer@example.com
+# SMTP_PASSWORD=app-password
+# SMTP_FROM=Python Editor <mailer@example.com>
+# SMTP_TLS=true
+
 # Base URL for `pipenv run test-selenium` (app must be running separately)
 # SELENIUM_BASE_URL=http://127.0.0.1:8080