added seperate users for backend events

api/auth_api.py

@@ -1,22 +1,26 @@
+import logging
 import secrets, jwt
 from datetime import datetime, timedelta, timezone
 
 from flask import Blueprint, request, jsonify, current_app
 from flask_mail import Mail, Message
 from tinydb import Query
+import os
+
+from api.utils import sanitize_email
+from config.paths import get_user_image_dir
 
 from api.error_codes import MISSING_FIELDS, EMAIL_EXISTS, MISSING_TOKEN, INVALID_TOKEN, TOKEN_TIMESTAMP_MISSING, \
     TOKEN_EXPIRED, ALREADY_VERIFIED, MISSING_EMAIL, USER_NOT_FOUND, MISSING_EMAIL_OR_PASSWORD, INVALID_CREDENTIALS, \
     NOT_VERIFIED
 from db.db import users_db
 
+logger = logging.getLogger(__name__)
 auth_api = Blueprint('auth_api', __name__)
 UserQuery = Query()
 mail = Mail()
 TOKEN_EXPIRY_MINUTES = 60*4
 
-SECRET_KEY = "your-secret-key"  # Use a secure key in production
-#SECRET_KEY = os.environ.get('SECRET_KEY')
 
 def send_verification_email(to_email, token):
     verify_url = f"{current_app.config['FRONTEND_URL']}/auth/verify?token={token}"
@@ -58,6 +62,7 @@ def verify():
     status = 'success'
     reason = ''
     code = ''
+    user = None
 
     if not token:
         status = 'error'
@@ -85,6 +90,13 @@ def verify():
                     users_db.update({'verified': True, 'verify_token': None, 'verify_token_created': None}, Query().verify_token == token)
 
     http_status = 200 if status == 'success' else 400
+    if http_status == 200 and user is not None: ##user is verified, create the user's image directory
+        if 'email' not in user:
+            logger.error("Verified user has no email field.")
+        else:
+            user_image_dir = get_user_image_dir(sanitize_email(user['email']))
+            os.makedirs(user_image_dir, exist_ok=True)
+
     return jsonify({'status': status, 'reason': reason, 'code': code}), http_status
 
 @auth_api.route('/resend-verify', methods=['POST'])
@@ -130,7 +142,7 @@ def login():
         'email': email,
         'exp': datetime.utcnow() + timedelta(hours=24*7)
     }
-    token = jwt.encode(payload, SECRET_KEY, algorithm='HS256')
+    token = jwt.encode(payload, current_app.config['SECRET_KEY'], algorithm='HS256')
 
     resp = jsonify({'message': 'Login successful'})
     resp.set_cookie('token', token, httponly=True, secure=True, samesite='Strict')
@@ -143,13 +155,14 @@ def me():
         return jsonify({'error': 'Missing token', 'code': MISSING_TOKEN}), 401
 
     try:
-        payload = jwt.decode(token, SECRET_KEY, algorithms=['HS256'])
+        payload = jwt.decode(token, current_app.config['SECRET_KEY'], algorithms=['HS256'])
         email = payload.get('email')
         user = users_db.get(UserQuery.email == email)
         if not user:
             return jsonify({'error': 'User not found', 'code': USER_NOT_FOUND}), 404
         return jsonify({
             'email': user['email'],
+            'id': sanitize_email(user['email']),
             'first_name': user['first_name'],
             'last_name': user['last_name'],
             'verified': user['verified']