51 Commits

Author SHA1 Message Date
0606b71890 feat: add workflow for promoting master to production with testing and deployment steps
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m18s
2026-04-26 22:43:29 -04:00
b4fc4fc955 feat: add workflow for promoting master to production with testing and deployment steps
Some checks failed
Chore App Build, Test, and Push Docker Images / build-and-push (push) Has been cancelled
2026-04-26 22:41:14 -04:00
8774e85529 feat: add workflow for promoting master to production with testing and deployment steps
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m19s
2026-04-26 19:08:08 -04:00
2b2f4f46c0 feat: add workflow for promoting master to production with testing and deployment steps
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m23s
2026-04-26 14:33:51 -04:00
c5306a15d1 feat: add workflow for promoting master to production with testing and deployment steps
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m21s
2026-04-26 00:02:25 -04:00
fa1a422747 feat: add workflow for promoting master to production with testing and deployment steps
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m21s
2026-04-25 21:42:47 -04:00
4093e79e50 Refactor code structure for improved readability and maintainability
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m42s
2026-04-25 19:02:20 -04:00
39a547ca9c Refactor code structure for improved readability and maintainability
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m49s
2026-04-25 11:26:29 -04:00
127378797c Refactored frontend directory
Some checks failed
Chore App Build, Test, and Push Docker Images / build-and-push (push) Failing after 2m46s
2026-04-25 00:40:15 -04:00
db846f4e31 Refactor code structure and remove redundant code blocks for improved readability and maintainability
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 3m12s
2026-04-24 15:59:39 -04:00
6d43fb23ad feat: enhance email templates for verification, password reset, and PIN setup
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m44s
2026-04-24 10:24:32 -04:00
6a29e263aa feat: enhance email templates for verification, password reset, and PIN setup
Some checks failed
Chore App Build, Test, and Push Docker Images / build-and-push (push) Failing after 1m43s
2026-04-24 00:32:44 -04:00
89de4fd869 fix: update date comparison logic in isChoreCompletedToday function
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 3m9s
2026-04-24 00:12:20 -04:00
d34910faa7 chore: update favicon.ico for improved branding
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m52s
2026-04-23 23:38:22 -04:00
1a8181b8e5 chore: update favicon.ico for improved branding
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 3m7s
2026-04-23 16:56:09 -04:00
902e6cadc9 chore: update favicon.ico for improved branding
Some checks failed
Chore App Build, Test, and Push Docker Images / build-and-push (push) Has been cancelled
2026-04-23 16:54:19 -04:00
c9a4f92337 Refactor code structure for improved readability and maintainability
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m45s
2026-04-23 14:31:02 -04:00
ea308b28a9 feat: refactor notification click handling to improve navigation and action execution
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 3m10s
2026-04-22 22:01:31 -04:00
8907184fde Add chore expiry notification system with scheduling and tests
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 3m59s
- Implemented `trigger_chore_expiry.py` script to manually trigger chore expiry notifications for users via the admin API.
- Developed `chore_expiry_notification_scheduler.py` to handle the logic for sending notifications for chores expiring within the next 75 minutes.
- Created utility functions in `schedule_utils.py` to determine scheduling and deadlines for chores.
- Added comprehensive tests for the chore expiry notification system in `test_chore_expiry_notification_scheduler.py`, covering various scenarios including scheduled chores, confirmations, and user settings.
2026-04-22 15:37:40 -04:00
6982fa561f feat: implement state expiry for chores and rewards, adding scheduler and event handling
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m40s
2026-04-21 23:21:53 -04:00
bc481527c8 feat: enhance task and reward management by clearing pending confirmations on unassignment
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m29s
2026-04-21 16:52:06 -04:00
60dbb8a129 feat: add environment variable support for admin user creation in backend
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m38s
2026-04-21 16:07:07 -04:00
6b3e2cd9ba feat: add environment variable support for admin user creation in backend
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m28s
2026-04-21 15:26:48 -04:00
3d599243c7 feat: add environment variable support for admin user creation in backend
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m31s
2026-04-21 14:34:58 -04:00
cdfaf7ead1 refactor: simplify HTTPS configuration in Vite setup
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m41s
2026-04-21 13:42:42 -04:00
8da61ce335 feat: add admin endpoint to send digest emails for users
Some checks failed
Chore App Build, Test, and Push Docker Images / build-and-push (push) Failing after 2m12s
- Implemented a new endpoint `/admin/test/send-digest` in `admin_api.py` to trigger digest emails for specific users.
- Added a script `send_digest.py` to facilitate sending digest emails via the admin API.
- Enhanced the digest action handling in `digest_action_api.py` to support token peeking without consuming it.
- Updated the `send_digests` function in `digest_scheduler.py` to utilize the new `send_digest_for_user` function for sending emails.
- Introduced a new utility function `peek_token` in `digest_token.py` to validate tokens without consuming them.
- Modified the `ParentView.vue` component to handle digest actions upon receiving a digest token in the URL.
- Updated `.gitignore` to exclude sensitive certificate files.
2026-04-21 13:28:34 -04:00
3d2577e4ec Apply .gitignore and stop tracking ignored files
Some checks failed
Chore App Build, Test, and Push Docker Images / build-and-push (push) Failing after 1m31s
2026-04-21 13:11:05 -04:00
2c7e9b8b5e feat: add admin endpoint to send digest emails for users
Some checks failed
Chore App Build, Test, and Push Docker Images / build-and-push (push) Failing after 1m37s
- Implemented a new endpoint `/admin/test/send-digest` in `admin_api.py` to trigger digest emails for specific users.
- Added a script `send_digest.py` to facilitate sending digest emails via the admin API.
- Enhanced the digest action handling in `digest_action_api.py` to support token peeking without consuming it.
- Updated the `send_digests` function in `digest_scheduler.py` to utilize the new `send_digest_for_user` function for sending emails.
- Introduced a new utility function `peek_token` in `digest_token.py` to validate tokens without consuming them.
- Modified the `ParentView.vue` component to handle digest actions upon receiving a digest token in the URL.
- Updated `.gitignore` to exclude sensitive certificate files.
2026-04-21 13:08:03 -04:00
f48845c1d0 feat: update user authentication cookies and implement service worker timeout for push subscription checks
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m34s
2026-04-20 21:05:12 -04:00
4ee5367742 Add end-to-end tests for parent notifications and actions
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m35s
- Implement tests for approving and denying rewards and chores, including token generation and validation.
- Create tests for error handling scenarios with expired, tampered, and fake tokens.
- Add tests for push subscription registration and user profile notification settings.
- Ensure that notifications reflect the correct state of rewards and chores in the UI.
- Validate that toggles for email digest and push notifications function correctly based on user permissions and server state.
2026-04-20 20:32:19 -04:00
ee16b49020 feat: add unsubscribe functionality for push notifications and update key/cert file paths
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m39s
2026-04-20 15:41:28 -04:00
b529ddaa02 feat: add push notification settings to user profile and update related functionality
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m50s
2026-04-20 10:43:09 -04:00
fd28c89cbf feat: update push notification subscription flow and remove deprecated opt-in component
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m43s
2026-04-19 22:16:38 -04:00
d7b1962903 feat: add Daily Digest and Push Notifications toggles to User Profile with corresponding functionality
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m37s
2026-04-18 23:37:19 -04:00
9efbb455d7 feat: add Daily Digest and Push Notifications toggles to User Profile with corresponding functionality
Some checks failed
Chore App Build, Test, and Push Docker Images / build-and-push (push) Failing after 2m4s
2026-04-18 23:03:23 -04:00
d3ce54a1ff debugging
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m30s
2026-04-18 11:52:25 -04:00
3d5f84579b debugging
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m41s
2026-04-17 18:09:47 -04:00
5e4f7b030e debugging
Some checks failed
Chore App Build, Test, and Push Docker Images / build-and-push (push) Failing after 1m57s
2026-04-17 18:01:53 -04:00
91e3c45b5a feat: update docker-compose for backend data volume and enhance ParentLayout with push subscription handling
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m39s
2026-04-17 17:18:13 -04:00
0a6551368b feat: add user seeding script and update environment variables for testing
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m26s
2026-04-17 14:07:17 -04:00
cf2ac4b5e8 feat: add user seeding script and update environment variables for testing
Some checks failed
Chore App Build, Test, and Push Docker Images / build-and-push (push) Failing after 2m57s
2026-04-17 13:58:58 -04:00
f5dfdfbb42 fix: update private key and certificate files for improved security
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m39s
2026-04-16 18:10:41 -04:00
43d647a712 Refactor code structure for improved readability and maintainability
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m31s
2026-04-16 16:49:54 -04:00
308bf0cc72 feat: add environment variables for digest and VAPID keys in build workflow
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m15s
2026-04-15 22:15:32 -04:00
ad2bdf4c4f Add push notification functionality with tests and digest scheduler
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m14s
- Implemented push subscription API with tests for subscribing and unsubscribing users.
- Created web push notification tests triggered by child actions.
- Added digest scheduler to send email digests to users at 9 PM local time.
- Developed utility functions for creating and validating digest action tokens.
- Integrated web push sender to handle sending notifications to users.
- Added service worker for handling push notifications in the frontend.
- Created a push opt-in component for user notification preferences.
- Implemented tests for the push opt-in component to ensure correct behavior.
- Updated frontend services to manage push subscriptions and permissions.
2026-04-15 21:56:10 -04:00
0d50a324a3 feat: add end-to-end tests for parent notifications feature
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m19s
- Implement tests for push subscription registration, chore and reward notifications, and deep-link navigation.
- Cover scenarios for approving and denying chores and rewards, including token validation for digest actions.
- Introduce a mock strategy for service worker push delivery to facilitate manual testing.
- Ensure isolated test setups with appropriate cleanup after tests.
2026-04-13 21:12:22 -04:00
ea0166d198 feat: archive old navigation selector icons specification and add new implementation details
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 1m53s
2026-04-13 16:49:36 -04:00
3116295980 style: update button styles and add bevel-box class for improved UI
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m8s
2026-04-13 16:37:43 -04:00
876d3c5531 Refactor code structure for improved readability and maintainability
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 3m27s
2026-04-13 10:27:30 -04:00
759a1c745e Add initial test results file with failed status
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 2m56s
2026-04-12 12:32:16 -04:00
bb7c4c469c fix: return extension_date regardless of server UTC date
All checks were successful
Chore App Build, Test, and Push Docker Images / build-and-push (push) Successful in 4m14s
list_child_tasks used date_type.today() (server UTC) to look up the
TaskExtension record. When the client's local date differed from the
server's UTC date (e.g. user is UTC-5 and it's past midnight UTC),
the lookup returned None and extension_date was incorrectly null.

Fix:
- Add get_extension_for_child_task() to db/task_extensions.py that
  queries by child_id + task_id only, without a date filter, and
  returns the entry with the latest date when multiple exist.
- Update list_child_tasks to use the new function. The comment already
  states 'client does all time math', so returning the stored
  extension_date is correct — the frontend compares it to local date.
- In extend_chore_time, delete any existing extension for the
  child+task before inserting the new one to prevent stale records
  from accumulating across days.
- Add regression test that inserts an extension for yesterday's date
  and asserts extension_date is non-null in the list-tasks response.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-12 01:59:51 +00:00
335 changed files with 10458 additions and 412 deletions

BIN
.DS_Store vendored

Binary file not shown.

View File

@@ -44,15 +44,15 @@ jobs:
with:
node-version: "20.19.0"
cache: "npm"
cache-dependency-path: frontend/vue-app/package-lock.json
cache-dependency-path: frontend/package-lock.json
- name: Install frontend dependencies
run: npm ci
working-directory: frontend/vue-app
working-directory: frontend
- name: Run frontend unit tests
run: npm run test:unit --if-present
working-directory: frontend/vue-app
working-directory: frontend
- name: Build Backend Docker Image
run: |
@@ -60,7 +60,7 @@ jobs:
- name: Build Frontend Docker Image
run: |
docker build -t git.ryankegel.com:3000/kegel/chores/frontend:${{ steps.vars.outputs.tag }} ./frontend/vue-app
docker build -t git.ryankegel.com:3000/kegel/chores/frontend:${{ steps.vars.outputs.tag }} ./frontend
- name: Log in to Registry
uses: docker/login-action@v2
@@ -139,6 +139,18 @@ jobs:
cat > .env << EOF
SECRET_KEY=${{ secrets.SECRET_KEY }}
REFRESH_TOKEN_EXPIRY_DAYS=1
DIGEST_TOKEN_SECRET=${{ secrets.DIGEST_TOKEN_SECRET }}
VAPID_PUBLIC_KEY=${{ secrets.VAPID_PUBLIC_KEY }}
VAPID_PRIVATE_KEY=${{ secrets.VAPID_PRIVATE_KEY }}
SEED_EMAIL=${{ secrets.SEED_EMAIL }}
SEED_PASSWORD=${{ secrets.SEED_PASSWORD }}
SEED_PIN=${{ secrets.SEED_PIN }}
SEED_FIRST_NAME=${{ secrets.SEED_FIRST_NAME }}
SEED_LAST_NAME=${{ secrets.SEED_LAST_NAME }}
ADMIN_EMAIL=${{ secrets.ADMIN_EMAIL }}
ADMIN_PASSWORD=${{ secrets.ADMIN_PASSWORD }}
ADMIN_FIRST_NAME=${{ secrets.ADMIN_FIRST_NAME }}
ADMIN_LAST_NAME=${{ secrets.ADMIN_LAST_NAME }}
EOF
echo "SECRET_KEY is set: $(grep -q 'SECRET_KEY=' .env && echo YES || echo NO)"
@@ -149,6 +161,13 @@ jobs:
docker-compose -f docker-compose.test.yml pull
docker-compose -f docker-compose.test.yml up -d
echo "Waiting for backend to be ready..."
sleep 10
echo "Seeding test user..."
docker-compose -f docker-compose.test.yml exec -T chores-test-app-backend python scripts/seed_test_user.py
echo "Creating admin user..."
docker-compose -f docker-compose.test.yml exec -T chores-test-app-backend python scripts/create_admin.py
- name: Send mail
if: always() # Runs on success or failure
uses: dawidd6/action-send-mail@v3

View File

@@ -0,0 +1,411 @@
name: Promote Master to Production
run-name: ${{ gitea.actor }} promoting ${{ github.event.inputs.target_ref || 'master' }} [${{ gitea.sha }}]
on:
workflow_dispatch:
inputs:
target_ref:
description: "Git ref/branch to promote"
required: true
default: "master"
run_backend_tests:
description: "Run backend pytest gate"
required: true
default: "true"
run_frontend_tests:
description: "Run frontend unit test gate"
required: true
default: "true"
run_playwright_tests:
description: "Run Playwright E2E gate"
required: true
default: "true"
skip_tests:
description: "Skip the entire tests stage"
required: true
default: "false"
deploy:
description: "Run production deploy over SSH"
required: true
default: "true"
create_tag:
description: "Create and push git release tag after successful deploy"
required: true
default: "true"
require_manual_approval:
description: "Require approval token for deploy job"
required: true
default: "false"
approval_token:
description: "Approval token value when manual approval is required"
required: false
default: ""
rollback_on_failed_healthcheck:
description: "Auto-rollback if post-deploy health checks fail"
required: true
default: "false"
concurrency:
group: promotion-production
cancel-in-progress: false
jobs:
prepare:
runs-on: ubuntu-latest
timeout-minutes: 10
outputs:
target_ref: ${{ steps.resolve.outputs.target_ref }}
version: ${{ steps.version.outputs.version }}
release_tag: ${{ steps.version.outputs.release_tag }}
commit_sha: ${{ steps.commit.outputs.commit_sha }}
steps:
- name: Resolve target ref
id: resolve
run: |
target_ref="${{ github.event.inputs.target_ref }}"
if [ -z "$target_ref" ]; then
target_ref="master"
fi
echo "target_ref=$target_ref" >> "$GITHUB_OUTPUT"
- name: Check out repository code
uses: actions/checkout@v3
with:
ref: ${{ steps.resolve.outputs.target_ref }}
fetch-depth: 0
- name: Resolve version and release tag
id: version
run: |
version=$(python -c "import sys; sys.path.append('./backend'); from config.version import BASE_VERSION; print(BASE_VERSION)")
echo "version=$version" >> "$GITHUB_OUTPUT"
echo "release_tag=v$version" >> "$GITHUB_OUTPUT"
- name: Resolve promoted commit SHA
id: commit
run: |
echo "commit_sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
- name: Guard against duplicate release tags
if: ${{ github.event.inputs.create_tag != 'false' }}
run: |
release_tag="${{ steps.version.outputs.release_tag }}"
if git ls-remote --exit-code --tags origin "refs/tags/${release_tag}" >/dev/null 2>&1; then
echo "Release tag ${release_tag} already exists on origin; aborting promotion."
exit 1
fi
tests:
runs-on: ubuntu-latest
timeout-minutes: 120
needs: prepare
steps:
- name: Skip tests stage
if: ${{ github.event.inputs.skip_tests == 'true' }}
run: echo "Skipping tests stage because skip_tests=true"
- name: Check out promoted ref
if: ${{ github.event.inputs.skip_tests != 'true' }}
uses: actions/checkout@v3
with:
ref: ${{ needs.prepare.outputs.target_ref }}
- name: Set up Python for backend tests
if: ${{ github.event.inputs.skip_tests != 'true' && (github.event.inputs.run_backend_tests != 'false' || github.event.inputs.run_playwright_tests != 'false') }}
uses: actions/setup-python@v4
with:
python-version: "3.11"
- name: Install backend dependencies (runner python)
if: ${{ github.event.inputs.skip_tests != 'true' && github.event.inputs.run_backend_tests != 'false' }}
run: |
python -m pip install --upgrade pip
pip install -r backend/requirements.txt
- name: Run backend unit tests
if: ${{ github.event.inputs.skip_tests != 'true' && github.event.inputs.run_backend_tests != 'false' }}
run: |
cd backend
pytest -q
- name: Set up Node.js
if: ${{ github.event.inputs.skip_tests != 'true' && (github.event.inputs.run_frontend_tests != 'false' || github.event.inputs.run_playwright_tests != 'false') }}
uses: actions/setup-node@v4
with:
node-version: "20.19.0"
cache: "npm"
cache-dependency-path: frontend/package-lock.json
- name: Install frontend dependencies
if: ${{ github.event.inputs.skip_tests != 'true' && (github.event.inputs.run_frontend_tests != 'false' || github.event.inputs.run_playwright_tests != 'false') }}
run: npm ci
working-directory: frontend
- name: Run frontend unit tests
if: ${{ github.event.inputs.skip_tests != 'true' && github.event.inputs.run_frontend_tests != 'false' }}
run: npm run test:unit --if-present
working-directory: frontend
- name: Create backend venv for Playwright webServer
if: ${{ github.event.inputs.skip_tests != 'true' && github.event.inputs.run_playwright_tests != 'false' }}
run: |
python -m venv backend/.venv
backend/.venv/bin/python -m pip install --upgrade pip
backend/.venv/bin/python -m pip install -r backend/requirements.txt
- name: Install Playwright browsers
if: ${{ github.event.inputs.skip_tests != 'true' && github.event.inputs.run_playwright_tests != 'false' }}
run: npx playwright install --with-deps
working-directory: frontend
- name: Run Playwright tests
if: ${{ github.event.inputs.skip_tests != 'true' && github.event.inputs.run_playwright_tests != 'false' }}
run: npx playwright test --reporter=line
working-directory: frontend
env:
CI: "true"
PLAYWRIGHT_BASE_URL: "https://localhost:5173"
E2E_ACCESS_TOKEN_EXPIRY_MINUTES: "180"
deploy:
runs-on: ubuntu-latest
timeout-minutes: 45
needs:
- prepare
- tests
if: ${{ github.event.inputs.deploy != 'false' }}
steps:
- name: Validate manual approval token
if: ${{ github.event.inputs.require_manual_approval != 'false' }}
run: |
if [ -z "${{ secrets.PROD_APPROVAL_TOKEN }}" ]; then
echo "PROD_APPROVAL_TOKEN secret is required when manual approval is enabled."
exit 1
fi
if [ -z "${{ github.event.inputs.approval_token }}" ]; then
echo "approval_token input is required when manual approval is enabled."
exit 1
fi
if [ "${{ github.event.inputs.approval_token }}" != "${{ secrets.PROD_APPROVAL_TOKEN }}" ]; then
echo "Approval token does not match PROD_APPROVAL_TOKEN."
exit 1
fi
- name: Deploy to production homeserver
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.DEPLOY_PROD_HOST }}
username: ${{ secrets.DEPLOY_PROD_USER }}
key: ${{ secrets.PROD_SSH_PRIVATE_KEY }}
port: 22
script: |
set -euo pipefail
repo_dir="${{ secrets.DEPLOY_PROD_PATH }}"
if [ -z "$repo_dir" ]; then
repo_dir="$HOME/chore"
fi
repo_parent=$(dirname "$repo_dir")
if [ ! -d "$repo_parent" ]; then
mkdir -p "$repo_parent"
fi
if [ ! -w "$repo_parent" ]; then
echo "Deploy user $(whoami) cannot write to ${repo_parent}."
echo "Set DEPLOY_PROD_PATH to a writable location or grant write access before rerunning promotion."
exit 1
fi
if [ -d "$repo_dir/.git" ]; then
cd "$repo_dir"
git fetch --all --tags
else
git clone --branch "${{ needs.prepare.outputs.target_ref }}" https://git.ryankegel.com/ryan/chore.git "$repo_dir"
cd "$repo_dir"
fi
git checkout "${{ needs.prepare.outputs.target_ref }}"
git reset --hard "origin/${{ needs.prepare.outputs.target_ref }}"
timestamp=$(date +%Y%m%d-%H%M%S)
mkdir -p backups
# Capture currently running images for rollback.
backend_prev_id=""
frontend_prev_id=""
if docker ps --format '{{.Names}}' | grep -q '^chores-app-backend-prod$'; then
backend_prev_id=$(docker inspect -f '{{.Image}}' chores-app-backend-prod)
docker tag "$backend_prev_id" git.ryankegel.com:3000/kegel/chores/backend:predeploy-backup || true
fi
if docker ps --format '{{.Names}}' | grep -q '^chores-app-frontend-prod$'; then
frontend_prev_id=$(docker inspect -f '{{.Image}}' chores-app-frontend-prod)
docker tag "$frontend_prev_id" git.ryankegel.com:3000/kegel/chores/frontend:predeploy-backup || true
fi
cat > .rollback-meta << EOF
BACKEND_PREV_ID=${backend_prev_id}
FRONTEND_PREV_ID=${frontend_prev_id}
CREATED_AT=${timestamp}
PROMOTED_SHA=${{ needs.prepare.outputs.commit_sha }}
RELEASE_TAG=${{ needs.prepare.outputs.release_tag }}
EOF
# Backup TinyDB volume before replacement.
docker run --rm \
-v chores-app-backend-data:/data \
-v "$PWD/backups:/backup" \
alpine sh -c "tar czf /backup/chores-backend-data-${timestamp}.tar.gz -C /data ." || true
# Keep long-lived cryptographic values stable; fall back to previous .env if secrets are absent.
PREV_SECRET_KEY=""
PREV_DIGEST_TOKEN_SECRET=""
PREV_VAPID_PUBLIC_KEY=""
PREV_VAPID_PRIVATE_KEY=""
if [ -f .env ]; then
PREV_SECRET_KEY=$(grep '^SECRET_KEY=' .env | head -n1 | cut -d '=' -f2- || true)
PREV_DIGEST_TOKEN_SECRET=$(grep '^DIGEST_TOKEN_SECRET=' .env | head -n1 | cut -d '=' -f2- || true)
PREV_VAPID_PUBLIC_KEY=$(grep '^VAPID_PUBLIC_KEY=' .env | head -n1 | cut -d '=' -f2- || true)
PREV_VAPID_PRIVATE_KEY=$(grep '^VAPID_PRIVATE_KEY=' .env | head -n1 | cut -d '=' -f2- || true)
fi
SECRET_KEY_VALUE="${{ secrets.PROD_SECRET_KEY }}"
DIGEST_TOKEN_SECRET_VALUE="${{ secrets.PROD_DIGEST_TOKEN_SECRET }}"
VAPID_PUBLIC_KEY_VALUE="${{ secrets.PROD_VAPID_PUBLIC_KEY }}"
VAPID_PRIVATE_KEY_VALUE="${{ secrets.PROD_VAPID_PRIVATE_KEY }}"
if [ -z "$SECRET_KEY_VALUE" ]; then
if [ -n "$PREV_SECRET_KEY" ]; then
SECRET_KEY_VALUE="$PREV_SECRET_KEY"
else
SECRET_KEY_VALUE=$(openssl rand -hex 32)
fi
fi
if [ -z "$DIGEST_TOKEN_SECRET_VALUE" ]; then
if [ -n "$PREV_DIGEST_TOKEN_SECRET" ]; then
DIGEST_TOKEN_SECRET_VALUE="$PREV_DIGEST_TOKEN_SECRET"
else
DIGEST_TOKEN_SECRET_VALUE=$(openssl rand -hex 32)
fi
fi
if [ -z "$VAPID_PUBLIC_KEY_VALUE" ] && [ -n "$PREV_VAPID_PUBLIC_KEY" ]; then
VAPID_PUBLIC_KEY_VALUE="$PREV_VAPID_PUBLIC_KEY"
fi
if [ -z "$VAPID_PRIVATE_KEY_VALUE" ] && [ -n "$PREV_VAPID_PRIVATE_KEY" ]; then
VAPID_PRIVATE_KEY_VALUE="$PREV_VAPID_PRIVATE_KEY"
fi
if [ -z "$VAPID_PUBLIC_KEY_VALUE" ] || [ -z "$VAPID_PRIVATE_KEY_VALUE" ]; then
echo "VAPID keys are required (set PROD_VAPID_PUBLIC_KEY/PROD_VAPID_PRIVATE_KEY or keep previous .env values)."
exit 1
fi
cat > .env << EOF
FRONTEND_URL=${{ secrets.PROD_FRONTEND_URL }}
SECRET_KEY=${SECRET_KEY_VALUE}
REFRESH_TOKEN_EXPIRY_DAYS=${{ secrets.PROD_REFRESH_TOKEN_EXPIRY_DAYS }}
DIGEST_TOKEN_SECRET=${DIGEST_TOKEN_SECRET_VALUE}
VAPID_PUBLIC_KEY=${VAPID_PUBLIC_KEY_VALUE}
VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY_VALUE}
ADMIN_EMAIL=${{ secrets.PROD_ADMIN_EMAIL }}
ADMIN_PASSWORD=${{ secrets.PROD_ADMIN_PASSWORD }}
ADMIN_FIRST_NAME=${{ secrets.PROD_ADMIN_FIRST_NAME }}
ADMIN_LAST_NAME=${{ secrets.PROD_ADMIN_LAST_NAME }}
EOF
chmod 600 .env .rollback-meta
docker-compose down
docker-compose pull
docker-compose up -d
sleep 20
backend_running=$(docker inspect -f '{{.State.Running}}' chores-app-backend-prod 2>/dev/null || echo false)
frontend_running=$(docker inspect -f '{{.State.Running}}' chores-app-frontend-prod 2>/dev/null || echo false)
backend_ok=false
if curl -fsS http://localhost:5001/version >/dev/null 2>&1; then
backend_ok=true
fi
frontend_ok=false
if curl -kfsS https://localhost/ >/dev/null 2>&1; then
frontend_ok=true
fi
if [ "$backend_running" != "true" ] || [ "$frontend_running" != "true" ] || [ "$backend_ok" != "true" ] || [ "$frontend_ok" != "true" ]; then
echo "Post-deploy health check failed."
docker-compose ps
if [ "${{ github.event.inputs.rollback_on_failed_healthcheck }}" = "true" ]; then
echo "Attempting rollback using predeploy-backup image tags..."
docker tag git.ryankegel.com:3000/kegel/chores/backend:predeploy-backup git.ryankegel.com:3000/kegel/chores/backend:latest || true
docker tag git.ryankegel.com:3000/kegel/chores/frontend:predeploy-backup git.ryankegel.com:3000/kegel/chores/frontend:latest || true
docker-compose up -d
sleep 20
curl -fsS http://localhost:5001/version >/dev/null
fi
exit 1
fi
docker-compose ps
create-release-tag:
runs-on: ubuntu-latest
timeout-minutes: 10
needs:
- prepare
- tests
- deploy
if: ${{ github.event.inputs.create_tag != 'false' && github.event.inputs.deploy != 'false' }}
steps:
- name: Check out promoted ref
uses: actions/checkout@v3
with:
ref: ${{ needs.prepare.outputs.target_ref }}
fetch-depth: 0
- name: Create and push annotated release tag
run: |
tag_name="${{ needs.prepare.outputs.release_tag }}"
git config user.name "gitea-actions"
git config user.email "gitea-actions@local"
git tag -a "$tag_name" -m "Release $tag_name"
git push origin "$tag_name"
notify-on-failure:
runs-on: ubuntu-latest
needs:
- prepare
- tests
- deploy
- create-release-tag
if: ${{ always() }}
steps:
- name: Send email when promotion fails
if: ${{ needs.prepare.result == 'failure' || needs.tests.result == 'failure' || needs.deploy.result == 'failure' || needs.create-release-tag.result == 'failure' }}
uses: dawidd6/action-send-mail@v3
with:
server_address: smtp.gmail.com
server_port: 465
username: ${{ secrets.MAIL_USER }}
password: ${{ secrets.MAIL_PASSWORD }}
secure: true
to: ${{ secrets.MAIL_TO }}
from: Gitea <git@git.ryankegel.com>
subject: Promotion failed - ${{ gitea.repository }} [${{ needs.prepare.outputs.target_ref }}@${{ needs.prepare.outputs.commit_sha }}]
convert_markdown: true
html_body: |
### Production promotion failed
- Repository: ${{ gitea.repository }}
- Ref: ${{ needs.prepare.outputs.target_ref }}
- Commit: ${{ needs.prepare.outputs.commit_sha }}
- Intended tag: ${{ needs.prepare.outputs.release_tag }}
- prepare: ${{ needs.prepare.result }}
- tests: ${{ needs.tests.result }}
- deploy: ${{ needs.deploy.result }}
- tag: ${{ needs.create-release-tag.result }}

View File

@@ -17,7 +17,7 @@ You are a Senior UI/UX Architect specializing in clean, highly reactive web appl
This is the **Reward** app — a family chore/reward tracker. Vue 3 (Composition API / `<script setup lang="ts">`) frontend. Key files:
- Theme tokens: `frontend/vue-app/src/assets/colors.css`**always read this first** when reviewing a component.
- Theme tokens: `frontend/src/assets/colors.css`**always read this first** when reviewing a component.
- Layout wrappers: `ParentLayout` (admin views) and `ChildLayout` (child dashboard views).
- All `.vue` files use `<style scoped>`. Child component styling uses `:deep()` selectors.
- File order within `.vue` files: `<template>`, then `<script>`, then `<style>`.

View File

@@ -5,7 +5,7 @@
- **Stack**: Flask (Python, backend) + Vue 3 (TypeScript, frontend) + TinyDB (JSON, thread-safe, see `db/`).
- **API**: RESTful endpoints in `api/`, grouped by entity (child, reward, task, user, image, etc). Each API file maps to a business domain.
- **Nginx Proxy**: Frontend nginx proxies `/api/*` to backend, stripping the `/api` prefix. Backend endpoints should NOT include `/api` in their route definitions. Example: Backend defines `@app.route('/user')`, frontend calls `/api/user`.
- **Models**: Maintain strict 1:1 mapping between Python `@dataclass`es (`backend/models/`) and TypeScript interfaces (`frontend/vue-app/src/common/models.ts`).
- **Models**: Maintain strict 1:1 mapping between Python `@dataclass`es (`backend/models/`) and TypeScript interfaces (`frontend/src/common/models.ts`).
- **Database**: Use TinyDB with `from_dict()`/`to_dict()` for serialization. All logic should operate on model instances, not raw dicts.
- **Events**: Real-time updates via Server-Sent Events (SSE). Every mutation (add/edit/delete/trigger) must call `send_event_for_current_user` (see `backend/events/`).
- **Changes**: Do not use comments to replace code. All changes must be reflected in both backend and frontend files as needed.
@@ -25,7 +25,7 @@
## 🚦 Frontend Logic & Event Bus
- **SSE Event Management**: Register listeners in `onMounted`, clean up in `onUnmounted`. Listen for events like `child_task_triggered`, `child_reward_request`, `task_modified`, etc. See `frontend/vue-app/src/common/backendEvents.ts` and `components/BackendEventsListener.vue`.
- **SSE Event Management**: Register listeners in `onMounted`, clean up in `onUnmounted`. Listen for events like `child_task_triggered`, `child_reward_request`, `task_modified`, etc. See `frontend/src/common/backendEvents.ts` and `components/BackendEventsListener.vue`.
- **Layout Hierarchy**: Use `ParentLayout` for admin/management, `ChildLayout` for dashboard/focus views.
## ⚖️ Business Logic & Safeguards
@@ -37,9 +37,9 @@
- **Backend**: Run Flask with `python -m flask run --host=0.0.0.0 --port=5000` from the `backend/` directory. Main entry: `backend/main.py`.
- **Virtual Env**: Python is running from a virtual environment located at `backend/.venv/`.
- **Frontend**: From `frontend/vue-app/`, run `npm install` then `npm run dev`.
- **Tests**: Run backend tests with `pytest` in `backend/tests/`. Frontend component tests: `npm run test` in `frontend/vue-app/components/__tests__/`. E2E tests: `npx playwright test` from `frontend/vue-app/` — requires both servers running (use the `flask-backend` and `vue-frontend` skills).
- **E2E Setup**: Playwright config is at `frontend/vue-app/playwright.config.ts`. Tests live in `frontend/vue-app/tests/`. The `globalSetup` in `playwright.config.ts` seeds the database and logs in once; all tests receive a pre-authenticated session via `storageState` — do NOT navigate to `/auth/login` in tests. Import `E2E_EMAIL` and `E2E_PASSWORD` from `tests/global-setup.ts` rather than hardcoding credentials. The backend must be started with `DB_ENV=e2e DATA_ENV=e2e` (the `flask-backend` skill does this) so test data goes to `backend/test_data/` and never touches production data.
- **Frontend**: From `frontend/`, run `npm install` then `npm run dev`.
- **Tests**: Run backend tests with `pytest` in `backend/tests/`. Frontend component tests: `npm run test` in `frontend/components/__tests__/`. E2E tests: `npx playwright test` from `frontend/` — requires both servers running (use the `flask-backend` and `vue-frontend` skills).
- **E2E Setup**: Playwright config is at `frontend/playwright.config.ts`. Tests live in `frontend/tests/`. The `globalSetup` in `playwright.config.ts` seeds the database and logs in once; all tests receive a pre-authenticated session via `storageState` — do NOT navigate to `/auth/login` in tests. Import `E2E_EMAIL` and `E2E_PASSWORD` from `tests/global-setup.ts` rather than hardcoding credentials. The backend must be started with `DB_ENV=e2e DATA_ENV=e2e` (the `flask-backend` skill does this) so test data goes to `backend/test_data/` and never touches production data.
- **Debugging**: Use VS Code launch configs or run Flask/Vue dev servers directly. For SSE, use browser dev tools to inspect event streams.
## 📁 Key Files & Directories
@@ -48,10 +48,10 @@
- `backend/models/` — Python dataclasses (business logic, serialization)
- `backend/db/` — TinyDB setup and helpers
- `backend/events/` — SSE event types, broadcaster, payloads
- `frontend/vue-app/` — Vue 3 frontend (see `src/common/`, `src/components/`, `src/layout/`) - Where tests are run from
- `frontend/vue-app/src/common/models.ts` — TypeScript interfaces (mirror Python models)
- `frontend/vue-app/src/common/api.ts` — API helpers, error parsing, validation
- `frontend/vue-app/src/common/backendEvents.ts` — SSE event types and handlers
- `frontend/` — Vue 3 frontend (see `src/common/`, `src/components/`, `src/layout/`) - Where tests are run from
- `frontend/src/common/models.ts` — TypeScript interfaces (mirror Python models)
- `frontend/src/common/api.ts` — API helpers, error parsing, validation
- `frontend/src/common/backendEvents.ts` — SSE event types and handlers
## 🧠 Integration & Cross-Component Patterns

View File

@@ -0,0 +1,27 @@
---
name: playwright-default
description: Provides Playwright test generation and analysis for E2E testing.
---
# Role: Senior QA Automation Engineer
You are a Playwright expert. Your goal is to create robust, flake-free E2E tests.
# Test Implementation & Healing Workflow
When you receive a test plan:
1. **Implement**: Generate the `.spec.ts` files in `/tests` using standard Playwright patterns.
2. **Verify**: Once files are written, execute the following command in the terminal:
`npx playwright test`
3. **Analyze & Repair**:
- If the playwright-healer skill proposes a patch, review it.
- If the test still fails after healing, check the **Flask backend logs** to see if it's an API error rather than a UI error.
4. **Final Check**: Only mark the task as "Complete" once `npx playwright test` returns a clean pass.
## Rules of Engagement
1. **Locators:** Prioritize `getByRole`, `getByLabel`, and `getByText`. Avoid CSS selectors unless necessary.
2. **Page Objects:** Always use the Page Object Model (POM). Check `tests/pages/` for existing objects before creating new ones.
3. **Environment:** The app runs at `https://localhost:5173` (HTTPS — self-signed cert). The backend runs at `http://localhost:5000`.
4. **Authentication:** Auth is handled globally via `storageState`. Do NOT navigate to `/auth/login` in any test — you are already logged in. Never hardcode credentials; import `E2E_EMAIL` and `E2E_PASSWORD` from `tests/global-setup.ts` if needed.

View File

@@ -8,10 +8,10 @@ disable-model-invocation: true
Use this skill when the user wants to "start the frontend," "run vue," or "launch the dev server."
1. **Verify Directory:** Navigate to `./frontend/vue-app`.
1. **Verify Directory:** Navigate to `./frontend`.
- _Self-Correction:_ If the directory doesn't exist, search the workspace for `package.json` files and ask for clarification.
2. **Check Dependencies:** - Before running, check if `node_modules` exists in `./frontend/vue-app`.
2. **Check Dependencies:** - Before running, check if `node_modules` exists in `./frontend`.
- If missing, ask the user: "Should I run `npm install` first?"
3. **Execution:** - Run the command: `npm run dev`

View File

@@ -0,0 +1,36 @@
# Feature: Change navigation selector icons
## Overview
**Goal:** The current view navigation that is displayed in parent mode currently displays custom svg drawing for Children, Tasks, Rewards, and Notifications. I have new png image files that I'd like to replace them with.
**User Story:**
As a user, when I am in parent mode, I should be able to use the navigation selector as usual but see the updated images in the buttons.
**Rules:**
The size of the navigation view-selector should still remain the same for both desktop and mobile. The images should replace the svg drawings.
This will most likely only affect ParentView.vue / ParentLayout.vue
**Drawing to image replacements:**
aria-label: "Children" -> frontend/vue-app/public/nav/children.png
aria-label: "Tasks" -> frontend/vue-app/public/nav/chores.png
aria-label: "Rewards" -> frontend/vue-app/public/nav/rewards.png
aria-label: "Notifications" -> frontend/vue-app/public/nav/notifications.png
---
## Frontend Implementation
- Replaced all four SVG drawings in the view-selector nav in `ParentLayout.vue` with `<img>` tags pointing to the corresponding PNG files under `/nav/`.
- The Notifications button wraps its image in a positioned container so the existing unread badge dot continues to render correctly over the icon.
- Added `.nav-icon` scoped styles: fixed 40×40px, `object-fit: contain`, and a reduced opacity (0.55) at rest that transitions to full opacity on active/hover.
- Added `.nav-icon-wrap` scoped styles for the Notifications icon wrapper to keep the badge positioned correctly.
- No changes to button sizing, layout, or responsive breakpoints — the selector dimensions are unchanged on both desktop and mobile.
### Frontend
- [x] Children, Tasks, Rewards, and Notifications nav buttons display PNG images instead of SVG drawings
- [x] Images sourced from `frontend/vue-app/public/nav/` as specified
- [x] Button and selector dimensions unchanged on desktop and mobile
- [x] Notifications unread badge dot continues to render correctly over the icon
- [x] Active and hover states visually reflected via opacity transition

View File

@@ -0,0 +1,347 @@
# Feature: Notify parents of child activity requiring attention
## Overview
**Goal:** Alert parents in real-time when a child performs an action that requires their attention (completing a chore, or requesting an affordable reward), even when the parent does not have the app open in an active browser tab. Additionally, send a nightly email digest at 9 pm in the parent's local timezone summarising all still-unacknowledged items.
**User Story:**
As a parent, I want to receive a notification when:
- My child completes a chore so I can review and approve or reject it promptly.
- My child requests a reward they can afford so I can review and grant or deny it promptly.
I should receive these notifications without needing to have the app open.
Additionally, if any items are still unacknowledged at the end of the day, I want to receive a nightly summary email at 9 pm (my local time) that lists each pending chore and reward request with action links so I can approve or deny each item directly from the email without opening the app.
**Rules:**
- Follow `.github/copilot-instructions.md`
- Notifications must be user-opt-in (browser permission request)
- Every backend mutation must fire an SSE event (existing requirement)
- Web Push is the primary notification channel; in-app SSE toast remains the secondary channel
- Do not send email per event — email is reserved for account-level actions
- A reward request notification is only sent when the child has enough points to afford the reward; do not notify for requests the child cannot afford
- Tapping a notification must open (or focus) the app and navigate directly to the relevant child's `ParentView`, scrolling the pending item card into view within the corresponding section
- Each notification must include an **Approve** and **Deny** action button so the parent can act directly from the OS notification tray without opening the app
- Action button API calls from the Service Worker use short-lived signed action tokens (same `DigestActionToken` mechanism used for email digest links); tokens are generated server-side when the push payload is built and embedded in the push `data` — the SW never needs cookie access
- Browsers that do not support notification `actions` (e.g. iOS Safari) fall back gracefully: tapping the notification body still opens the app as normal
- The nightly digest email is sent at 9 pm in the parent's local timezone regardless of whether they have push notifications enabled
- The digest is only sent if there is at least one unacknowledged pending item at send time
- Approve/deny links in the email are protected by short-lived signed action tokens (valid for 24 hours); they do not rely on browser cookies
- Action tokens must encode the `user_id`, `child_id`, `entity_id`, `entity_type`, and `action` and be signed with a server secret using HMAC-SHA256
- Action tokens are single-use: once redeemed the backend marks them consumed so they cannot be replayed
---
## Data Model Changes
### Backend Model
New model: `PushSubscription`
- `id: str` — unique ID
- `user_id: str` — the parent user this subscription belongs to
- `endpoint: str` — browser-provided push endpoint URL
- `keys: dict``{ p256dh: str, auth: str }` from the browser `PushSubscription`
- `created_at: str` — ISO timestamp
A user may have **multiple** `PushSubscription` records (one per device/browser). The `user_id` + `endpoint` pair is the unique key; re-posting the same endpoint updates the existing record rather than creating a duplicate.
Existing model change: `User` — add two fields:
- `timezone: str | None` — IANA timezone string (e.g. `"America/New_York"`), updated whenever the frontend posts a push subscription. Used by the digest scheduler to determine the parent's local 9 pm. Defaults to `None` (falls back to UTC).
- `email_digest_enabled: bool` — whether the user receives the nightly digest email. Defaults to `True`. Toggled via the User Profile page or via the digest email unsubscribe link.
New model: `DigestActionToken`
- `id: str` — unique token ID (also used as the URL token)
- `user_id: str`
- `child_id: str`
- `entity_id: str`
- `entity_type: str``"chore"` or `"reward"`
- `action: str``"approve"` or `"deny"`
- `expires_at: str` — ISO timestamp (24 hours from creation)
- `used: bool` — set to `True` once redeemed
- `signature: str` — HMAC-SHA256 of the above fields, keyed by `DIGEST_TOKEN_SECRET` env var
### Frontend Model
```ts
interface PushSubscription {
id: string;
user_id: string;
endpoint: string;
keys: {
p256dh: string;
auth: string;
};
created_at: string;
}
```
Existing interface change: `User` — add:
```ts
timezone: string | null;
email_digest_enabled: boolean;
```
---
## Backend Implementation
1. Add `pywebpush` and `py-vapid` to `requirements.txt`.
2. Generate a VAPID key pair and store the public/private keys in environment config.
3. New API file: `api/push_subscription_api.py`
- `POST /push-subscription`**upsert**: if a record with matching `user_id` + `endpoint` already exists, update its `keys`; otherwise insert a new `PushSubscription`. Also update `User.timezone` with the submitted IANA timezone string.
- `DELETE /push-subscription` — accepts `{ endpoint }` in the request body and removes only that specific subscription for the authenticated user (not all subscriptions).
4. New DB helper: `db/push_subscriptions.py` — CRUD for `PushSubscription` records. Must support multiple records per user. Key methods: `get_subscriptions_by_user(user_id)` (returns a list), `upsert_subscription(user_id, endpoint, keys)`, `delete_by_endpoint(user_id, endpoint)`.
5. **Prerequisite — duplicate reward request guard:** In `request_reward()` in `child_api.py`, before creating a new `PendingConfirmation`, check whether one already exists for the same `child_id`, `entity_id` (`reward_id`), and `entity_type='reward'` with `status='pending'`. If so, return a `409 Conflict` with error code `DUPLICATE_REWARD_REQUEST`. This prevents the same reward from being requested twice.
6. In the chore confirmation flow (where `send_event_for_current_user` is called for a completed/pending chore), also look up **all** of the parent's stored `PushSubscription` records and fire a web push to each. The push payload must contain: `user_id`, child name, chore name, `child_id`, `entity_id` (task ID), `entity_type: "chore"`, plus `approve_token` and `deny_token` (two freshly generated `DigestActionToken` IDs for the approve and deny actions). The frontend/SW will use these to construct the deep link `/parent/<child_id>?scrollTo=<entity_id>&entityType=chore`.
7. In the reward request flow (`child_reward_request` with operation `REQUEST_CREATED`), check whether the child's current point balance is >= the reward's cost. If so, look up **all** of the parent's stored `PushSubscription` records and fire a web push to each. The push payload must contain: `user_id`, child name, reward name, reward cost, `child_id`, `entity_id` (reward ID), `entity_type: "reward"`, plus `approve_token` and `deny_token`. The frontend/SW constructs the deep link `/parent/<child_id>?scrollTo=<entity_id>&entityType=reward`. If the child cannot afford the reward, skip the push notification.
8. Add a new endpoint `POST /child/<id>/deny-reward-request` (with body `{ reward_id }`) that a parent can call to reject a child's pending reward request. It should remove the `PendingConfirmation` record, fire a `CHILD_REWARD_REQUEST` SSE event with operation `REQUEST_CANCELLED`, and create a tracking event with action `denied`. This is the parent-facing counterpart to the child's `cancel-request-reward`. **Graceful handling:** If no pending request exists (e.g. the reward was already granted or cancelled), return `200` with `{ "message": "This reward request has already been resolved." }` instead of a 404.
9. New utility: `utils/email_digest_scheduler.py`
- Uses `APScheduler` (already in use for the account deletion scheduler — follow the same pattern) with a `BackgroundScheduler`.
- **Important:** The scheduler job function must run inside `with app.app_context():` to access Flask extensions (Flask-Mail, config, TinyDB). Pass the Flask `app` instance to the scheduler setup function, and use `app.app_context()` as a context manager wrapping the job body.
- Runs a job **every hour** on the server. Each run inspects all users where `user.verified == True` and `user.email_digest_enabled == True`. For each matching user, derive their current local hour from `User.timezone` (falling back to UTC if `timezone` is `None`), and send the digest to any user whose local hour is `21` (9 pm) and who has at least one pending `PendingConfirmation`.
- For each pending item, generate a `DigestActionToken` for both `approve` and `deny` actions and persist them in TinyDB.
- Call `send_digest_email()` (see step 10) with the assembled item list.
- Skip sending if `DB_ENV == 'e2e'`.
10. New function `send_digest_email(to_email, items)` in `utils/email_sender.py`. Each item in `items` is a dict with keys: `child_name`, `entity_name`, `entity_type`, `view_url`, `approve_token`, `deny_token`. The HTML email body must:
- Open with a branded header ("Reward App — Daily Summary").
- Contain one section per child, listing that child's pending items.
- For each item show the item name and three links side by side:
- **View** — deep link to `<FRONTEND_URL>/parent/<child_id>?scrollTo=<entity_id>&entityType=<entity_type>`
- **Approve** — `<FRONTEND_URL>/api/digest-action/<approve_token>`
- **Deny** — `<FRONTEND_URL>/api/digest-action/<deny_token>`
- Use inline CSS styles consistent with the existing `send_pin_setup_email` format (no external stylesheets). Approve link styled green, Deny link styled red.
- Close with a footer containing an unsubscribe link: "You are receiving this because you have the Reward App. [Unsubscribe from daily digest](<FRONTEND_URL>/api/digest-unsubscribe/<unsubscribe_token>)." The `unsubscribe_token` is a signed HMAC token encoding the `user_id` with a 30-day expiry.
11. New API endpoint `GET /digest-action/<token>` in `api/digest_action_api.py`:
- Validates the token exists in TinyDB, has not expired, has not been used, and the HMAC signature is valid.
- If invalid/expired: return a plain 400 HTML error page (no redirect).
- If valid: mark the token `used = True`, then:
- `approve` + `chore` → call the same logic as `approve-chore`
- `deny` + `chore` → call the same logic as `reject-chore`
- `approve` + `reward` → call the same logic as `trigger-reward`
- `deny` + `reward` → call the same logic as `deny-reward-request`
- On success: **302 redirect** to `<FRONTEND_URL>/parent/<child_id>?scrollTo=<entity_id>&entityType=<entity_type>` so the parent lands on the correct view.
- This endpoint is **unauthenticated** — the signed token is the credential.
12. New API endpoint `GET /digest-unsubscribe/<token>` in `api/digest_action_api.py`:
- Validates the unsubscribe token signature and 30-day expiry.
- If valid: sets `User.email_digest_enabled = False` and returns a simple HTML confirmation page: "You have been unsubscribed from daily digest emails. To re-enable, visit your profile in the app."
- If invalid/expired: returns a plain 400 HTML error page.
13. Add `DIGEST_TOKEN_SECRET` to environment config. Document it in the README.
14. Extend `PUT /user/profile` in `api/user_api.py` to also accept an optional `email_digest_enabled: bool` field in the request body. When present, update `User.email_digest_enabled`. Include `email_digest_enabled` in the `GET /user/profile` response.
15. Register the new blueprints and start the digest scheduler in `main.py`.
## Backend Tests
- [x] `POST /push-subscription` saves a subscription for the current user
- [x] `POST /push-subscription` upserts when the same endpoint is posted again (updates keys, no duplicate)
- [x] `POST /push-subscription` supports multiple endpoints per user (one per device)
- [x] `POST /push-subscription` updates `User.timezone` with the submitted IANA timezone string
- [x] `POST /push-subscription` rejects unauthenticated requests
- [x] `DELETE /push-subscription` removes only the specified endpoint for the current user
- [x] Web push is fired to all stored subscriptions when a chore is marked complete
- [x] Web push payload includes `user_id`, `approve_token`, and `deny_token`
- [x] Web push is not fired when the parent has no stored subscription (no error raised)
- [x] Web push is fired when a child requests a reward they can afford and the parent has a stored subscription
- [x] Web push is NOT fired when a child requests a reward they cannot afford
- [x] Web push is not fired for reward requests when the parent has no stored subscription (no error raised)
- [x] `request_reward()` returns 409 Conflict for duplicate pending reward requests
- [x] `POST /child/<id>/deny-reward-request` removes the pending confirmation and fires the `REQUEST_CANCELLED` SSE event
- [x] `POST /child/<id>/deny-reward-request` returns 200 with message when reward already resolved (no pending request)
- [x] `POST /child/<id>/deny-reward-request` rejects unauthenticated requests
- [x] Digest scheduler identifies verified, digest-enabled users whose local time is 9 pm and who have pending items
- [x] Digest scheduler skips users with no pending items
- [x] Digest scheduler skips unverified users
- [x] Digest scheduler skips users with `email_digest_enabled == False`
- [x] Digest scheduler reads timezone from `User.timezone`, falling back to UTC
- [x] Digest scheduler skips sending when `DB_ENV == 'e2e'`
- [x] `DigestActionToken` is created with correct fields, expiry, and valid HMAC signature
- [x] `GET /digest-action/<token>` executes the correct backend action for each combination of `entity_type` × `action`
- [x] `GET /digest-action/<token>` redirects to the correct deep-link URL on success
- [x] `GET /digest-action/<token>` returns 400 for expired tokens
- [x] `GET /digest-action/<token>` returns 400 for already-used tokens
- [x] `GET /digest-action/<token>` returns 400 for tampered/invalid signatures
- [x] Digest email HTML contains per-child sections, item names, View / Approve / Deny links, and unsubscribe link
- [x] `GET /digest-unsubscribe/<token>` sets `email_digest_enabled = False` and returns confirmation HTML
- [x] `GET /digest-unsubscribe/<token>` returns 400 for expired or invalid tokens
- [x] `GET /user/profile` response includes `email_digest_enabled`
- [x] `PUT /user/profile` with `email_digest_enabled: false` updates the user and disables digest
- [x] `PUT /user/profile` with `email_digest_enabled: true` re-enables digest
---
## Frontend Implementation
1. **PWA manifest:** Create `public/manifest.json` with `name`, `short_name`, `start_url: "/"`, `display: "standalone"`, `theme_color`, `background_color`, and an `icons` array. Add `<link rel="manifest" href="/manifest.json">` to `index.html`. This is required for iOS "Add to Home Screen" and for push notifications on iOS Safari.
2. Register a Service Worker (`public/sw.js`) that listens for the `push` event and calls `self.registration.showNotification(...)` with:
- `title`, `body`, and a `data` object containing `child_id`, `entity_id`, `entity_type`, `approve_token`, and `deny_token`
- An `actions` array: `[{ action: 'approve', title: 'Approve' }, { action: 'deny', title: 'Deny' }]`
- Note: the `actions` field is silently ignored by browsers that do not support it (e.g. iOS Safari); the notification body tap still works normally.
3. In `LoginButton.vue` (`submit()`), after a successful PIN authentication, call `subscribeToPushWithResult()` (fire-and-forget, not awaited) — the PIN submit button click satisfies the browser's user-gesture requirement. If the parent has already granted permission, the browser returns the existing subscription silently and the call is idempotent. No floating opt-in banner is displayed anywhere in the app.
4. Clean up: The **Push Notifications** toggle in `UserProfile.vue` handles explicit unsubscription — toggling off calls `unsubscribeFromPush()` which sends `DELETE /api/push-subscription` with `{ endpoint }` in the body, removing that specific subscription for the current user.
5. The Service Worker's `notificationclick` handler must:
- Close the notification with `event.notification.close()`
- If `event.action === 'approve'`: `fetch('/api/digest-action/<approve_token>')` (GET, no credentials needed — the signed token IS the credential).
- If `event.action === 'deny'`: `fetch('/api/digest-action/<deny_token>')` (GET, no credentials needed).
- If no action (body tap): construct the deep-link URL `/parent/<child_id>?scrollTo=<entity_id>&entityType=<entity_type>`, check `clients.matchAll({ type: 'window' })` for an existing open window on the same origin — if found, call `client.focus()` and `client.navigate(url)`; otherwise call `clients.openWindow(url)`.
6. `ParentView` uses vertically stacked `ScrollingList` sections (not tabs). The existing `scrollTo` + `entityType` query params call `scrollToItem()` on the correct list ref, which scrolls the card into view and centers it. After scrolling, apply a temporary pulse/highlight CSS animation (e.g. a 2-second `@keyframes highlight-pulse` using `--item-card-ready-shadow` or `--accent`) to draw the parent's eye to the target card. The animation class should be removed after it completes.
7. **Parent mode timeout — return URL:** When the router guard redirects a non-parent-authenticated user away from a `/parent/...` deep link (e.g. from a notification body tap or email digest redirect), it saves the intended URL to `localStorage['parentReturnUrl']`. `LoginButton` checks for a pending return URL on mount and auto-opens the PIN modal. On successful PIN entry, `consumePendingReturnUrl()` is called and the user is redirected to the saved deep link instead of the default `/parent`. If the parent cancels the PIN modal, `clearPendingReturnUrl()` removes the saved URL so the prompt does not re-appear. The URL is validated to start with `/parent` before saving to prevent open redirect.
8. Existing SSE in-app toast/badge behavior is unchanged — it remains the secondary channel when the tab is active.
9. On `UserProfile.vue`, add a **Daily Digest** `ToggleField` and a **Push Notifications** `ToggleField` below the email field.
- **Daily Digest**: When toggled, call `PUT /api/user/profile` with `{ email_digest_enabled: <value> }`. Initialize from `GET /api/user/profile` (`email_digest_enabled` field).
- **Push Notifications**: When toggled on, call `subscribeToPushWithResult()` from `pushSubscription.ts`; on `permission_denied` show an inline error message. When toggled off, call `unsubscribeFromPush()`. Initialize by calling `isSubscribedToPush()` in `onMounted`. Disable the toggle (but keep it visible) when `getPushPermissionState() === 'denied'`.
## Frontend Tests
- [ ] Parent sees a browser notification when a chore is completed and the tab is backgrounded
- [ ] Chore notification includes "Approve" and "Deny" action buttons (on supporting browsers)
- [ ] Clicking "Approve" on a chore notification uses the signed action token URL (not cookie-authenticated fetch)
- [ ] Clicking "Deny" on a chore notification uses the signed action token URL and dismisses the notification without opening the app
- [ ] Tapping the chore notification body opens the app, scrolls to the pending chore within the tasks section of `ParentView`
- [x] Scrolled-to card receives a temporary highlight/pulse animation
- [ ] Parent sees a browser notification when a child requests an affordable reward and the tab is backgrounded
- [ ] Reward notification includes "Approve" and "Deny" action buttons (on supporting browsers)
- [ ] Clicking "Approve" on a reward notification uses the signed action token URL and dismisses the notification without opening the app
- [ ] Clicking "Deny" on a reward notification uses the signed action token URL and dismisses the notification without opening the app
- [ ] Tapping the reward notification body opens the app, scrolls to the pending reward within the rewards section of `ParentView`
- [ ] If the app is already open in another tab, tapping the notification body focuses that tab and navigates it (no duplicate window opened)
- [ ] No browser notification is shown for a reward request the child cannot afford
- [x] Notification permission is requested on parent PIN entry (LoginButton.vue submit)
- [x] If permission is denied, no subscription is posted to the backend
- [x] Push subscription `POST` body includes the browser's IANA timezone string
- [x] User Profile page shows an "Email Digest" toggle
- [x] Toggling Email Digest off calls `PUT /api/user/profile` with `email_digest_enabled: false`
- [x] Toggling Email Digest on calls `PUT /api/user/profile` with `email_digest_enabled: true`
- [x] User Profile page shows a "Push Notifications" toggle
- [x] Push Notifications toggle initialises to `true` when the browser already has an active push subscription
- [x] Push Notifications toggle initialises to `false` when no subscription exists
- [x] Toggling Push Notifications on triggers `subscribeToPushWithResult()` and posts subscription to the backend
- [x] Toggling Push Notifications off calls `unsubscribeFromPush()` and removes the subscription from the backend
- [x] Push Notifications toggle is disabled (not hidden) when browser notification permission is `"denied"`
- [x] An inline error message is shown when enabling push notifications is blocked by the browser
---
## Future Considerations
- **iOS PWA caveat**: Web Push on iOS Safari requires the user to have added the app to their Home Screen (PWA mode). Until then, the in-app SSE toast is the only delivery mechanism for iOS Safari users in a regular browser tab. Consider prompting parents to install the PWA. Note that notification `actions` buttons are also not supported on iOS Safari — the body-tap deep-link is the only interaction available on that platform.
- **Notification preferences**: Allow parents to toggle specific notification types (chore complete, reward request, etc.) per child.
- **Configurable digest time**: Allow the parent to choose what time the daily digest is sent (default 9 pm).
---
## E2E Test Plan
A full Playwright E2E test plan has been produced and saved to:
`frontend/vue-app/e2e/plans/parent-notifications.plan.md`
The plan covers 10 scenario groups (56 automated test cases + 1 manual QA checklist):
| # | Group | Cases |
| --- | ----------------------------------------- | ----- |
| 1 | Push subscription registration | 3 |
| 2 | Chore notification — approve flow | 8 |
| 3 | Chore notification — reject flow | 5 |
| 4 | Reward notification — grant flow | 7 |
| 5 | Reward notification — deny flow | 6 |
| 6 | ParentView deep-link navigation | 7 |
| 7 | Digest action token — happy paths | 8 |
| 8 | Digest action token — error paths | 5 |
| 9 | Service Worker push — manual QA checklist | — |
| 10 | User Profile notification toggles | 7 |
**Prerequisite noted in plan:** A backend test-only endpoint `POST /api/admin/test/digest-token` (active only when `DB_ENV=e2e`) is required before scenario groups 7 and 8 can run.
---
## Acceptance Criteria (Definition of Done)
### Backend
- [x] `PushSubscription` model and DB helper exist and follow existing patterns; supports multiple subscriptions per user (one per device)
- [x] `POST /push-subscription` upserts by `user_id` + `endpoint` and also updates `User.timezone`
- [x] `DELETE /push-subscription` removes only the specified endpoint for the authenticated user
- [x] Web push is sent to **all** stored subscriptions when a child completes a chore
- [x] Web push is sent to **all** stored subscriptions when a child requests an affordable reward
- [x] Web push payload includes `user_id`, `approve_token`, and `deny_token`
- [x] Web push is NOT sent when the child cannot afford the requested reward
- [x] `request_reward()` rejects duplicate pending reward requests with 409 Conflict
- [x] `POST /child/<id>/deny-reward-request` endpoint is implemented, authenticated, fires the correct SSE event, and creates a tracking event
- [x] `POST /child/<id>/deny-reward-request` returns 200 with message when reward already resolved
- [x] `utils/email_digest_scheduler.py` is implemented using APScheduler, runs hourly, uses `with app.app_context():`, and sends digests at 9 pm local time
- [x] Digest scheduler reads timezone from `User.timezone` (falling back to UTC) and only processes verified users with `email_digest_enabled == True`
- [x] `send_digest_email()` produces a well-formatted HTML email with per-child sections, View / Approve / Deny links, and an unsubscribe link
- [x] `GET /digest-action/<token>` validates the token and performs the correct action
- [x] `DigestActionToken` is single-use: redeeming it marks it consumed and subsequent requests with the same token return 400
- [x] `GET /digest-unsubscribe/<token>` sets `email_digest_enabled = False` and returns confirmation HTML
- [x] `GET /user/profile` includes `email_digest_enabled`; `PUT /user/profile` accepts `email_digest_enabled` toggle
- [x] `DIGEST_TOKEN_SECRET` and VAPID keys are configurable via environment variables (not hardcoded)
- [x] All backend tests pass
### Frontend
- [x] PWA manifest (`public/manifest.json`) is present and linked in `index.html`
- [x] Service Worker is registered and handles `push` and `notificationclick` events
- [x] Parent is prompted for notification permission on PIN entry (LoginButton.vue)
- [x] Subscription is posted to the backend on PIN entry when permission is granted; removed on explicit toggle-off in UserProfile
- [ ] Native notification appears when a chore is completed with the tab backgrounded, with "Approve" and "Deny" action buttons
- [ ] Native notification appears when a child requests an affordable reward with the tab backgrounded, with "Approve" and "Deny" action buttons
- [ ] No native notification appears for a reward request the child cannot afford
- [ ] Clicking "Approve" on a chore notification uses the signed action token (no cookie auth) without opening the app
- [ ] Clicking "Deny" on a chore notification uses the signed action token without opening the app
- [ ] Clicking "Approve" on a reward notification uses the signed action token without opening the app
- [ ] Clicking "Deny" on a reward notification uses the signed action token without opening the app
- [ ] Tapping a chore notification body opens (or focuses) the app and scrolls to the pending chore within the tasks section
- [ ] Tapping a reward notification body opens (or focuses) the app and scrolls to the pending reward within the rewards section
- [x] Scrolled-to card receives a temporary highlight/pulse animation
- [ ] If the app is already open, the existing tab is focused and navigated rather than opening a new window
- [ ] In-app SSE toast behavior is unchanged
- [x] Push subscription registration includes the browser's IANA timezone
- [x] User Profile page includes an "Email Digest" toggle that calls `PUT /api/user/profile` with `email_digest_enabled`
- [x] When a deep-link `/parent/...` is blocked by an expired parent session, the intended URL is saved to `localStorage` and the PIN modal is auto-opened; on successful PIN entry the parent is redirected to the saved URL
- [x] Cancelling the PIN modal clears the saved return URL (no repeat prompt)
- [ ] All frontend tests pass
### Email Digest
- [x] Digest email is sent at 9 pm in the parent's local timezone when pending items exist
- [x] Digest is not sent if there are no pending items
- [x] Email contains one section per child with pending items
- [x] Each item row shows the item name and three links: View, Approve, Deny
- [x] Approve link is visually styled green; Deny link is styled red
- [ ] Clicking Approve in the email performs the approve action and redirects to the correct `ParentView` deep link
- [ ] Clicking Deny in the email performs the deny action and redirects to the correct `ParentView` deep link
- [ ] Clicking View in the email opens the app to the correct `ParentView` deep link
- [x] Action tokens expire after 24 hours and return a 400 error page when used after expiry
- [x] Action tokens are single-use: a second click on the same link returns a 400 error page
- [x] Digest email includes an unsubscribe link in the footer
- [x] Unsubscribe link sets `email_digest_enabled = False` and shows a confirmation page
- [x] Digest is not sent to unverified users
- [x] Digest is not sent to users who have unsubscribed (`email_digest_enabled == False`)
- [x] Digest is not sent in `e2e` test environment
---
## Test Run Results
**Date:** Implementation complete
**Backend tests run:** `pytest tests/test_push_subscription_api.py tests/test_digest_token.py tests/test_digest_action_api.py -v`
**Results:** 36 passed, 0 failed
**Full suite:** `pytest tests/ -v` → 340 passed, 0 failed (no regressions)
**New test files:**
- `backend/tests/test_push_subscription_api.py` — 13 tests covering VAPID key endpoint, subscribe, upsert, timezone update, auth guard, unsubscribe
- `backend/tests/test_digest_token.py` — 12 tests covering token creation, validate/consume, expiry, tampered signature, unsubscribe token lifecycle
- `backend/tests/test_digest_action_api.py` — 11 tests covering approve/deny chore/reward, 302 redirect, invalid/used token 400, unsubscribe endpoint
- `backend/tests/test_web_push.py` — 6 tests covering push firing on chore confirm and reward request, payload fields, no-subscription no-error
- `backend/tests/test_digest_scheduler.py` — 15 tests covering scheduler eligibility logic, e2e skip, timezone fallback, email HTML content (child sections, item names, View/Approve/Deny, unsubscribe, color styling)

View File

@@ -0,0 +1,103 @@
# Feature: Chore and Reward states expire at the end of the day.
## Overview
Chores and rewards can be pending, too late, etc. At the start of a new day, the state of chores and rewards should be reset. Notifications in the notification nav selector should be cleared out as well.
**Goal:** Chores and reward states get reset at the start of a new day.
**User Story:** As a parent, if I forget to approve/reject a pending chore or reward by the next day, then those items will have to be selected again by the child to go back to pending.
As a parent, if a scheduled chore is too late, the next day that chore will reset, but still follow it's schedule.
**Rules:**
Create frontend and backend unit tests
---
## Data Model Changes
### Backend Model
No model changes were required. `PendingConfirmation` already inherits `created_at: float` (Unix timestamp) from `BaseModel`, which is sufficient to determine whether a record is from a prior calendar day.
### Frontend Model
No model changes required. The `ChildChoreConfirmationPayload` and `ChildRewardRequestEventPayload` types are unchanged; the existing `RESET` and `CANCELLED` operations are reused.
---
## Backend Implementation
A new hourly scheduler (`backend/utils/state_expiry_scheduler.py`) runs idempotently to expire stale pending records:
- `_get_today_start_timestamp(tz_str)` computes the Unix timestamp for midnight today in the user's IANA timezone, falling back to UTC.
- `expire_stale_pending_for_user(user_id, tz_str)` queries `pending_confirmations_db` for records where `status='pending'` and `created_at < today_start` for that user. Each matching record is deleted from the database, then an SSE event is fired: `CHILD_CHORE_CONFIRMATION(RESET)` for chores, `CHILD_REWARD_REQUEST(CANCELLED)` for rewards. Uses `send_event_to_user` directly since there is no HTTP request context.
- `run_state_expiry_check(app)` iterates all verified users and calls `expire_stale_pending_for_user` for each. Skips entirely when `DB_ENV=e2e`.
- `start_state_expiry_scheduler(app)` registers the hourly cron job via APScheduler and also runs an immediate check on startup so any records that expired while the server was down are cleared promptly.
The scheduler is registered in `backend/main.py` alongside the existing digest and deletion schedulers.
## Backend Tests
Tests live in `backend/tests/test_state_expiry_scheduler.py`. Coverage:
- `_get_today_start_timestamp` returns a float before now, falls back to UTC on `None` or invalid timezone, and shifts midnight correctly across timezones.
- Pending chore from yesterday is deleted and fires a `CHILD_CHORE_CONFIRMATION(RESET)` SSE event with the correct `task_id`.
- Pending reward from yesterday is deleted and fires a `CHILD_REWARD_REQUEST(CANCELLED)` SSE event with the correct `reward_id`.
- Pending record created today is not deleted.
- Record with `status='approved'` from yesterday is not deleted.
- User with no pending records produces no errors and fires no SSE events.
- Multiple stale records for one user are all expired in a single call.
- `run_state_expiry_check` expires records for all verified users across multiple users.
- Only stale records are expired; fresh records from today are preserved.
- `DB_ENV=e2e` causes the scheduler to skip all processing.
---
## Frontend Implementation
Two files were updated to handle the `RESET` operation fired when chore pending states expire:
- `NotificationView.vue`: Added `'RESET'` to the `child_chore_confirmation` operation allow-list so the notification list refreshes when a pending chore confirmation is expired by the scheduler.
- `ParentLayout.vue`: Added `'RESET'` to the `child_chore_confirmation` handler allow-list so the notification badge count is re-fetched when a pending chore confirmation is expired.
The child view (`ChildView.vue`) required no changes — it already refreshes on any `child_chore_confirmation` operation regardless of the operation value.
## Frontend Tests
Tests live in `src/components/__tests__/NotificationView.spec.ts` and `src/components/__tests__/ParentLayout.spec.ts`.
- `NotificationView.vue` increments `refreshKey` on each of `CONFIRMED`, `APPROVED`, `REJECTED`, `CANCELLED`, and `RESET` operations for `child_chore_confirmation`.
- `NotificationView.vue` does not increment `refreshKey` on unknown operations.
- `NotificationView.vue` increments `refreshKey` on `CREATED`, `CANCELLED`, and `GRANTED` operations for `child_reward_request`.
- `ParentLayout.vue` re-fetches the notification count on each of `CONFIRMED`, `APPROVED`, `REJECTED`, `CANCELLED`, and `RESET` operations for `child_chore_confirmation`.
- `ParentLayout.vue` does not re-fetch on unknown operations.
- `ParentLayout.vue` re-fetches the notification count on `CREATED`, `CANCELLED`, and `GRANTED` operations for `child_reward_request`.
---
## Future Considerations
- Push notifications (Web Push) currently reference pending items; expired records will not trigger a push notification removal. A future improvement could send a silent push to dismiss stale items from the notification tray.
- If digest emails are scheduled near midnight, the expiry scheduler may clear items before the digest runs. The digest scheduler already skips empty pending lists gracefully, so no action is needed, but the ordering could be made explicit.
---
## Acceptance Criteria (Definition of Done)
### Backend
- [x] Hourly scheduler deletes `PendingConfirmation` records with `status='pending'` created on a prior calendar day (per user timezone)
- [x] `CHILD_CHORE_CONFIRMATION(RESET)` SSE event is fired for each expired chore record
- [x] `CHILD_REWARD_REQUEST(CANCELLED)` SSE event is fired for each expired reward record
- [x] Scheduler skips processing when `DB_ENV=e2e`
- [x] Scheduler runs on startup to handle records that expired during downtime
- [x] `status='approved'` records are not deleted
- [x] Records created today are not deleted
- [x] Backend unit tests pass (17 tests)
### Frontend
- [x] Notification badge in `ParentLayout.vue` re-fetches count on `RESET` operation
- [x] Notification list in `NotificationView.vue` refreshes on `RESET` operation
- [x] Frontend unit tests pass (18 tests)

View File

@@ -0,0 +1,148 @@
# Feature: Push notification for chores that are going to expire in the next hour.
## Overview
When a scheduled chore is going to expire within the next hour and it has not be marked completed or pending, a push notification should go out to tell the user that the scheduled chore needs to be finished soon.
**Goal:** When a chore is about to expire (within the hour) send a push notification to the user and allow the user to acknowlege it.
**User Story:**
As a parent, I should receive a notification when a scheduled chore is going to expire soon. When I click on the notification, I should be brought to the page with the chore.
**Rules:**
1. If there are multiple chores that are going to expire, present them in the push notification as well.
2. The notification should show which child the chore belongs to.
3. If a chore is scheduled to expire between 9:00pm to 9:15pm, the notification for it should go out at 8:00pm. That should give the earlier hour expiration plenty of notice.
**Questions:**
1. If there are multiple chores in the push, should we say there are multiple chores ending next hour or should we list each by name?
2. Should we section the notification if there are multiple children? [ex. Child1 chores: ... Child2 chores: ...]
3. Should we reuse one of the other hourly schedulers or create a new one? should we refactor and have one hourly scheduler that does multiple operations?
---
## Data Model Changes
### Backend Model
No new models required. The feature reuses existing models:
- `ChoreSchedule` — provides schedule mode, day configs, deadline times, and enabled state
- `PendingConfirmation` — queried to determine if a chore is already pending or approved (either status means the child has acted on it; no notification is needed)
### Frontend Model
No changes to TypeScript interfaces.
---
## Backend Implementation
**`backend/utils/schedule_utils.py`** (new)
A Python port of the three core functions from `frontend/vue-app/src/common/scheduleUtils.ts`. The frontend is the authoritative source for schedule math; this file mirrors that logic server-side so the scheduler can determine which chores are active and when they expire without making HTTP calls or duplicating logic ad-hoc.
- `interval_hits_today(anchor_date, interval_days, local_date)` — returns True if an interval-mode schedule fires on the given local date
- `is_scheduled_today(schedule_dict, local_date)` — returns True for days-mode (weekday match) or interval-mode (anchor + interval math); paused schedules always return True
- `get_due_time_today(schedule_dict, local_date)` — returns `(hour, minute)` or `None` (None means Anytime or paused — no expiry)
Note on weekday convention: the app uses JS/Python convention where Sunday = 0 and Saturday = 6 (same as `DayConfig.day`). Python's `date.weekday()` returns Monday = 0, so a conversion of `(weekday + 1) % 7` is applied when comparing.
**`backend/utils/chore_expiry_notification_scheduler.py`** (new)
- `get_expiring_chores_for_user(user_id, tz_str, now_dt)` — loads all children for the user, iterates their chore tasks, checks for an active schedule with a deadline falling in `(now, now + 75 min]`, and excludes any chore that already has a `PendingConfirmation` record (any status). Returns a list of dicts with child and task metadata.
- `_build_push_payload(expiring)` — constructs the push payload. Single chore: title names the chore and deep-link fields are set for direct navigation. Multiple chores: generic title, `child_id` and `entity_id` are null, and the body lists chores grouped by child name (e.g. `Alex: Clean Room, Make Bed\nSam: Trash`).
- `send_chore_expiry_notifications_for_user(user_id, tz_str)` — calls `get_expiring_chores_for_user`, builds the payload, and calls `send_push_to_user`.
- `run_chore_expiry_check(app)` — skips the e2e environment, loops all verified users, skips users with `push_notifications_enabled=False`, and calls `send_chore_expiry_notifications_for_user` for each eligible user.
- `start_chore_expiry_notification_scheduler(app)` — registers an APScheduler `cron` job at `minute=0` (top of every hour), consistent with the existing schedulers.
**Push payload type:** `chore_expiring_soon`. The absence of `approve_token` and `deny_token` fields is intentional and is what triggers the service worker to suppress action buttons.
**`backend/main.py`** (modified)
Import added and `start_chore_expiry_notification_scheduler(app)` called after the existing schedulers.
## Backend Tests
- [x] `get_expiring_chores_for_user`: chore in 75-min window → included
- [x] `get_expiring_chores_for_user`: deadline in the past → excluded
- [x] `get_expiring_chores_for_user`: deadline beyond 75-min window → excluded
- [x] `get_expiring_chores_for_user`: Anytime schedule (no deadline) → excluded
- [x] `get_expiring_chores_for_user`: chore not scheduled today (wrong weekday) → excluded
- [x] `get_expiring_chores_for_user`: status=pending confirmation exists → excluded
- [x] `get_expiring_chores_for_user`: status=approved confirmation exists → excluded
- [x] `get_expiring_chores_for_user`: no schedule → excluded
- [x] `get_expiring_chores_for_user`: paused schedule (enabled=False) → excluded
- [x] `get_expiring_chores_for_user`: interval mode hits today → included
- [x] `get_expiring_chores_for_user`: interval mode misses today → excluded
- [x] `get_expiring_chores_for_user`: multiple children returns entries for both
- [x] `_build_push_payload`: single chore → named title, deep-link fields set
- [x] `_build_push_payload`: multiple chores → generic title, child_id/entity_id null
- [x] `_build_push_payload`: body groups chore names by child
- [x] `_build_push_payload`: no approve_token or deny_token in payload
- [x] `send_chore_expiry_notifications_for_user`: calls send_push_to_user with correct payload
- [x] `send_chore_expiry_notifications_for_user`: no push when no chores expiring
- [x] `run_chore_expiry_check`: skips when DB_ENV=e2e
- [x] `run_chore_expiry_check`: skips user with push_notifications_enabled=False
- [x] `run_chore_expiry_check`: skips unverified user
- [x] `run_chore_expiry_check`: sends push for eligible verified user with push enabled
- [x] `schedule_utils`: interval_hits_today — same day as anchor hits
- [x] `schedule_utils`: interval_hits_today — correct interval day hits
- [x] `schedule_utils`: interval_hits_today — non-interval day misses
- [x] `schedule_utils`: interval_hits_today — date before anchor misses
- [x] `schedule_utils`: interval_hits_today — empty anchor hits today
- [x] `schedule_utils`: is_scheduled_today — days mode matching weekday
- [x] `schedule_utils`: is_scheduled_today — days mode non-matching weekday
- [x] `schedule_utils`: is_scheduled_today — paused always true
- [x] `schedule_utils`: is_scheduled_today — interval mode hit
- [x] `schedule_utils`: is_scheduled_today — interval mode miss
- [x] `schedule_utils`: get_due_time_today — days mode returns (hour, minute)
- [x] `schedule_utils`: get_due_time_today — Anytime returns None
- [x] `schedule_utils`: get_due_time_today — wrong day returns None
- [x] `schedule_utils`: get_due_time_today — paused returns None
- [x] `schedule_utils`: get_due_time_today — interval mode returns (hour, minute)
- [x] `schedule_utils`: get_due_time_today — interval Anytime returns None
---
## Frontend Implementation
**`frontend/vue-app/public/sw.js`** (modified)
In the `push` event handler, the `actions` array passed to `showNotification` is now conditionally set: when `payload.type === 'chore_expiring_soon'` the array is empty (no buttons); otherwise Approve and Deny buttons are shown as before. The `notificationclick` handler requires no changes — tapping the notification body already navigates to `/parent/{child_id}?scrollTo={entity_id}` when those fields are present, and falls back to `/parent` when they are null (multi-chore case).
## Frontend Tests
No automated tests added. The `sw.js` change is a simple conditional and is covered by manual verification: triggering a `chore_expiring_soon` push and confirming no action buttons appear in the browser notification, and that tapping opens the correct URL.
---
## Future Considerations
- **75-minute window double-notification**: A chore deadline that falls in the overlap of two consecutive 75-minute windows (e.g. 9:10 pm appears in both the 8:00 pm run's window and the 9:00 pm run's window) will produce two notifications. This is a known and accepted trade-off; no deduplication is applied. A future improvement could track notified chores per day in a lightweight DB table to prevent repeats.
- **Task extensions**: `TaskExtension` sets an `extension_date` that allows a chore to carry over to another day. Extended chores are treated identically to regular scheduled chores — the schedule deadline time is used as-is. A future enhancement could optionally adjust the deadline time for extended chores.
---
## Acceptance Criteria (Definition of Done)
### Backend
- [x] `backend/utils/schedule_utils.py` created — Python port of schedule math from `scheduleUtils.ts`
- [x] `backend/utils/chore_expiry_notification_scheduler.py` created — hourly scheduler with 75-min look-ahead window
- [x] Chores with `Anytime` schedule (no deadline) are not notified
- [x] Chores with a `pending` or `approved` confirmation are not notified
- [x] Chores on paused schedules are not notified
- [x] Users with `push_notifications_enabled=False` are skipped
- [x] Unverified users are skipped
- [x] e2e environment is skipped
- [x] Scheduler registered in `backend/main.py`
- [x] All backend tests pass
### Frontend
- [x] `sw.js` updated — `chore_expiring_soon` notifications show no Approve/Deny action buttons
- [x] Tapping a single-chore notification navigates to the child's chore page
- [x] Tapping a multi-chore notification navigates to `/parent`

70
.github/specs/plan-achievements.md vendored Normal file
View File

@@ -0,0 +1,70 @@
## Plan: Achievements Feature Design
Published to Gitea wiki page: Achievements
Design an achievements system that starts with low-risk, high-fun rules using existing tracking data, then expands to streak and behavior achievements. This approach gives fast player-visible value without major schema risk, while leaving room for deeper gamification.
Status: Approved by user for implementation kickoff.
**Steps**
1. Phase 1: Define achievement taxonomy and product goals
2. Define families: points progression, consistency/streaks, reward habits, task diversity, check-in/engagement, social/funny outcomes.
3. Define unlock semantics: one-time unlocks vs repeatable milestones, per-child scope, optional parent aggregate view. Depends on step 2.
4. Define badge rarity tiers (common, rare, epic, legendary) and naming/tone guide so achievements feel playful, not punitive.
5. Phase 2: MVP achievement set (no new raw telemetry)
6. Use existing TrackingEvent and PendingConfirmation signals to launch 20-30 achievements immediately. Depends on phase 1.
7. Include serious progression set: first points earned, 100/500/1000 lifetime points, best day records, no-miss week, kindness count milestones.
8. Include funny set: zero points 7 days, last-minute legend (frequent late confirmations), window shopper (many reward requests without redemption), tiny spender (chooses low-cost rewards repeatedly).
9. Include non-point set: reward loyalty (same reward redeemed N times), variety collector (N distinct chores completed), daily checker (opened/triggered chores on N consecutive days), comeback kid (returns after inactivity).
10. Phase 3: Data model and evaluation architecture
11. Add achievement definition catalog (static or DB-backed) and child achievement progress/unlock records. Depends on phase 2.
12. Evaluate on mutation events (tracking event creation, chore confirmation, reward request/redeem), with idempotent unlock logic and timezone-aware daily boundaries.
13. Emit achievement unlocked SSE events for real-time UI celebration and maintain API for achievement list/progress.
14. Phase 4: UX and rollout
15. Parent view: child achievement timeline, rarity filters, and progress-to-next badge.
16. Child view: badge cabinet, streak flame, and lightweight celebration effects.
17. Roll out behind feature flag, start with read-only earned badges, then add near-miss/progress indicators. Depends on phase 3.
18. Phase 5: Validation and balancing
19. Add unit tests for each rule family and timezone edge cases.
20. Add end-to-end tests for unlock notifications and badge rendering.
21. Run a balancing pass using anonymized historical events to ensure unlock pacing feels rewarding (not too sparse, not too noisy).
22. Documentation deliverable: publish the final approved achievements plan to a new Gitea wiki page for the chore project as part of implementation handoff.
**Relevant files**
- /Users/ryan/Projects/chore/backend/models/tracking_event.py - existing event ledger for points/actions and occurred_at timestamps.
- /Users/ryan/Projects/chore/backend/models/pending_confirmation.py - reward/chore confirmation states useful for request/approval achievements.
- /Users/ryan/Projects/chore/backend/db/tracking.py - insertion/query leverage point for achievement evaluation trigger.
- /Users/ryan/Projects/chore/backend/events/types/event_types.py - event taxonomy to extend with achievement unlock notifications.
- /Users/ryan/Projects/chore/backend/api/child_api.py - existing child-facing data APIs to mirror for achievement endpoints.
- /Users/ryan/Projects/chore/frontend/vue-app/src/common/models.ts - add Achievement interfaces (backend parity).
- /Users/ryan/Projects/chore/frontend/vue-app/src/common/backendEvents.ts - frontend SSE subscriptions for unlock celebrations.
- /Users/ryan/Projects/chore/frontend/vue-app/src/common/api.ts - API helpers for listing achievements and progress.
**Verification**
1. Rule correctness: seed deterministic tracking histories and verify each achievement unlock threshold exactly once.
2. Timezone correctness: validate day/week achievements for users in at least three timezones and around midnight boundaries.
3. Idempotency: replay the same event stream and verify no duplicate unlocks.
4. UX behavior: confirm unlocked badges appear in parent and child views without manual refresh via SSE.
5. Regression safety: run backend pytest suite and focused Playwright specs for parent/child dashboards.
**Decisions**
- Included in MVP: achievements derivable from existing signals (tracking events, pending confirmations, child points, reward history).
- Data schema decision for wave 1: no new fields required on task/chore/reward models (no complexity/category requirement for initial launch).
- Deliberately excluded from MVP: complex streak rules requiring schedule reinterpretation across every task mode; these are phase 2+ enhancements.
- Scope model: per-child achievements first, optional parent-level achievements later.
- Tone model: include playful/funny achievements but avoid shaming language; treat low-performance badges as light easter eggs.
**Further Considerations**
1. Modularity architecture recommendation: isolate all achievement logic into an Achievement Engine module with a rule interface (evaluate(event, context) -> unlocks) and a central registry so no existing chore/reward/business logic needs branching changes.
2. Toggle recommendation: add a global feature flag plus optional per-user flag; when disabled, route through a no-op evaluator and suppress achievement APIs/SSE/UI sections without impacting core chore/reward flows.
3. Editability recommendation: store initial achievement definitions in a versioned JSON or YAML catalog with schema validation at startup, stable ids, enabled flag, and threshold params so add/remove/edit is config-only for most rules.
4. Progress UX recommendation: show top 3 near-unlock achievements to increase motivation without overwhelming the child dashboard.
5. Seasonal/event achievements recommendation: add limited-time badges after baseline system proves stable.
6. UI isolation recommendation: keep achievement state in a dedicated frontend store/module and render via isolated components; chore/reward screens should only publish domain events and never compute achievement rules directly.
7. UI kill-switch behavior: when feature flag is off, hide achievement routes/cards/listeners behind one composition helper so no scattered conditional logic across pages.
8. Backfill and migration recommendation: run one-time historical recompute job to award existing users fairly; mark job version so reruns are idempotent.
9. Observability recommendation: emit achievement engine metrics (rules evaluated, unlock count, rule errors, evaluation latency) and add dead-letter logging for malformed catalog entries.

10
.gitignore vendored
View File

@@ -1,8 +1,12 @@
.env
backend/test_data/
logs/
resources/
frontend/vue-app/playwright-report/
frontend/vue-app/test-results/
frontend/resources/
frontend/playwright-report/
frontend/test-results/
backend/test-results/
.vscode/keybindings.json
.DS_Store
**/.DS_Store
frontend/cert.pem
frontend/key.pem

11
.vscode/launch.json vendored
View File

@@ -11,7 +11,10 @@
"FLASK_APP": "backend/main.py",
"FLASK_DEBUG": "1",
"SECRET_KEY": "dev-secret-key-change-in-production",
"REFRESH_TOKEN_EXPIRY_DAYS": "90"
"REFRESH_TOKEN_EXPIRY_DAYS": "90",
"DIGEST_TOKEN_SECRET": "dev-digest-token",
"VAPID_PUBLIC_KEY": "BNKkHdq45uLigohSG7c1TwlAo7ETncoRVLQK02LxHgu2P1DgSJD9njRMfbbzUsaTQGllvLBz7An1WiWsNYQhvKE",
"VAPID_PRIVATE_KEY": "jNiZJT0UO4H861KmnCt874Fg6p5jDAyYKS4V2MZf8bQ"
},
"args": [
"run",
@@ -32,7 +35,7 @@
"run",
"dev"
],
"cwd": "${workspaceFolder}/frontend/vue-app",
"cwd": "${workspaceFolder}/frontend",
"console": "integratedTerminal",
"serverReadyAction": {
"pattern": "Local:.*https://localhost:([0-9]+)",
@@ -45,7 +48,7 @@
"type": "pwa-chrome",
"request": "launch",
"url": "http://localhost:5173",
"webRoot": "${workspaceFolder}/frontend/vue-app"
"webRoot": "${workspaceFolder}/frontend"
},
{
"name": "Python: Backend Tests",
@@ -73,7 +76,7 @@
"run",
"test:unit"
],
"cwd": "${workspaceFolder}/frontend/vue-app",
"cwd": "${workspaceFolder}/frontend",
"console": "integratedTerminal",
"osx": {
"env": {

View File

@@ -28,7 +28,7 @@
"run",
"dev"
],
"cwd": "${workspaceFolder}/frontend/vue-app",
"cwd": "${workspaceFolder}/frontend",
"console": "integratedTerminal"
},
{
@@ -36,7 +36,7 @@
"type": "chrome",
"request": "launch",
"url": "https://localhost:5173", // or your Vite dev server port
"webRoot": "${workspaceFolder}/frontend/vue-app"
"webRoot": "${workspaceFolder}/frontend"
},
{
"name": "Python: Backend Tests",
@@ -60,7 +60,7 @@
"runtimeArgs": [
"vitest"
],
"cwd": "${workspaceFolder}/frontend/vue-app",
"cwd": "${workspaceFolder}/frontend",
"console": "integratedTerminal"
}
],

19
.vscode/mcp.json vendored
View File

@@ -8,8 +8,21 @@
"run-test-mcp-server",
"--config=playwright.config.ts"
],
"cwd": "frontend/vue-app"
}
"cwd": "frontend"
},
"inputs": []
"gitea": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e",
"GITEA_ACCESS_TOKEN=${env:GITEA_ACCESS_TOKEN}",
"-e",
"GITEA_HOST=https://git.ryankegel.com",
"docker.gitea.com/gitea-mcp-server"
],
"type": "stdio"
}
}
}

View File

@@ -38,4 +38,9 @@
"editor.fontFamily": "JetBrains Mono",
"editor.fontSize": 13,
"editor.fontLigatures": true,
"python.testing.pytestArgs": [
"backend"
],
"python.testing.unittestEnabled": false,
"python.testing.pytestEnabled": true,
}

22
.vscode/tasks.json vendored
View File

@@ -44,56 +44,56 @@
{
"label": "PW: Task Modification Tests",
"type": "shell",
"command": "cd \"${workspaceFolder}/frontend/vue-app\" && npx playwright test e2e/mode_parent/task-modification --project=chromium-task-modification",
"command": "cd \"${workspaceFolder}/frontend\" && npx playwright test e2e/mode_parent/task-modification --project=chromium-task-modification",
"isBackground": false,
"group": "test"
},
{
"label": "PW: Task Modification Tests (PS)",
"type": "shell",
"command": "powershell -Command \"cd '$env:APPDATA/../../../d/Python Utilities/Reward/frontend/vue-app'; npx playwright test e2e/mode_parent/task-modification --project=chromium-task-modification\"",
"command": "powershell -Command \"cd '$env:APPDATA/../../../d/Python Utilities/Reward/frontend'; npx playwright test e2e/mode_parent/task-modification --project=chromium-task-modification\"",
"isBackground": false,
"group": "test"
},
{
"label": "PW: Task Modification Tests (cmd)",
"type": "shell",
"command": "cmd /c \"cd /d \\\"D:\\Python Utilities\\Reward\\frontend\\vue-app\\\" && npx playwright test e2e/mode_parent/task-modification --project=chromium-task-modification 2>&1\"",
"command": "cmd /c \"cd /d \\\"D:\\Python Utilities\\Reward\\frontend\\\" && npx playwright test e2e/mode_parent/task-modification --project=chromium-task-modification 2>&1\"",
"isBackground": false,
"group": "test"
},
{
"label": "PW: User Profile Tests",
"type": "shell",
"command": "cd \"${workspaceFolder}/frontend/vue-app\" && npx playwright test e2e/mode_parent/user-profile --project=chromium-user-profile --project=chromium-user-profile-pin --project=chromium-user-profile-delete",
"command": "cd \"${workspaceFolder}/frontend\" && npx playwright test e2e/mode_parent/user-profile --project=chromium-user-profile --project=chromium-user-profile-pin --project=chromium-user-profile-delete",
"isBackground": false,
"group": "test"
},
{
"label": "PW: User Profile Tests 2",
"type": "shell",
"command": "cd \"${workspaceFolder}/frontend/vue-app\" && npx playwright test e2e/mode_parent/user-profile --project=chromium-user-profile --project=chromium-user-profile-pin --project=chromium-user-profile-delete",
"command": "cd \"${workspaceFolder}/frontend\" && npx playwright test e2e/mode_parent/user-profile --project=chromium-user-profile --project=chromium-user-profile-pin --project=chromium-user-profile-delete",
"isBackground": false,
"group": "test"
},
{
"label": "PW: User Profile Tests Final",
"type": "shell",
"command": "cd \"${workspaceFolder}/frontend/vue-app\" && npx playwright test e2e/mode_parent/user-profile --project=chromium-user-profile --project=chromium-user-profile-pin --project=chromium-user-profile-delete",
"command": "cd \"${workspaceFolder}/frontend\" && npx playwright test e2e/mode_parent/user-profile --project=chromium-user-profile --project=chromium-user-profile-pin --project=chromium-user-profile-delete",
"isBackground": false,
"group": "test"
},
{
"label": "PW: Full Test Suite",
"type": "shell",
"command": "cd \"${workspaceFolder}/frontend/vue-app\" && npx playwright test --reporter=line",
"command": "cd \"${workspaceFolder}/frontend\" && npx playwright test --reporter=line",
"isBackground": false,
"group": "test"
},
{
"label": "PW: Full Suite",
"type": "shell",
"command": "cd \"${workspaceFolder}/frontend/vue-app\" && npx playwright test --reporter=line",
"command": "cd \"${workspaceFolder}/frontend\" && npx playwright test --reporter=line",
"isBackground": false,
"group": "test"
},
@@ -104,7 +104,7 @@
"args": [
"-NoProfile",
"-Command",
"cd 'D:\\Python Utilities\\Reward\\frontend\\vue-app'; npx playwright test --reporter=line 2>&1"
"cd 'D:\\Python Utilities\\Reward\\frontend'; npx playwright test --reporter=line 2>&1"
],
"group": "test",
"presentation": {
@@ -119,7 +119,7 @@
"args": [
"-NoProfile",
"-Command",
"cd 'D:\\Python Utilities\\Reward\\frontend\\vue-app'; npx playwright test e2e/mode_parent/tasks/penalty-default.spec.ts --project=chromium-default-tasks --reporter=line 2>&1"
"cd 'D:\\Python Utilities\\Reward\\frontend'; npx playwright test e2e/mode_parent/tasks/penalty-default.spec.ts --project=chromium-default-tasks --reporter=line 2>&1"
],
"group": "test",
"presentation": {
@@ -134,7 +134,7 @@
"args": [
"-NoProfile",
"-Command",
"cd 'D:\\Python Utilities\\Reward\\frontend\\vue-app'; npx playwright test e2e/mode_parent/user-profile/profile-editing.spec.ts --project=chromium-user-profile --reporter=line 2>&1"
"cd 'D:\\Python Utilities\\Reward\\frontend'; npx playwright test e2e/mode_parent/user-profile/profile-editing.spec.ts --project=chromium-user-profile --reporter=line 2>&1"
],
"group": "test",
"presentation": {

View File

@@ -24,7 +24,7 @@ python -m flask run --host=0.0.0.0 --port=5000
### Frontend
```bash
cd frontend/vue-app
cd frontend
npm install
npm run dev
```
@@ -114,7 +114,7 @@ pytest tests/
### Frontend Tests
```bash
cd frontend/vue-app
cd frontend
npm run test
```
@@ -151,7 +151,6 @@ npm run test
│ ├── tests/ # Backend tests
│ └── utils/ # Utilities (scheduler, etc)
├── frontend/
│ └── vue-app/
│ └── src/
│ ├── common/ # Shared utilities
│ ├── components/ # Vue components

View File

@@ -1,10 +1,12 @@
import os
from flask import Blueprint, request, jsonify
from datetime import datetime, timedelta
from tinydb import Query
from db.db import users_db
from models.user import User
from api.utils import admin_required
from api.utils import admin_required, get_validated_user_id
from config.deletion_config import (
ACCOUNT_DELETION_THRESHOLD_HOURS,
MIN_THRESHOLD_HOURS,
@@ -153,3 +155,133 @@ def trigger_deletion_queue():
except Exception as e:
return jsonify({'error': str(e), 'code': 'SERVER_ERROR'}), 500
# ---------------------------------------------------------------------------
# Test-only endpoint — active ONLY when DB_ENV=e2e
# ---------------------------------------------------------------------------
@admin_api.route('/admin/test/digest-token', methods=['POST'])
def create_test_digest_token():
"""Create a valid DigestActionToken for E2E tests.
Only active when DB_ENV=e2e. Requires authentication.
"""
if os.environ.get('DB_ENV') != 'e2e':
return jsonify({'error': 'Not found', 'code': 'NOT_FOUND'}), 404
user_id = get_validated_user_id()
if not user_id:
return jsonify({'error': 'Unauthorized', 'code': 'UNAUTHORIZED'}), 401
data = request.get_json() or {}
child_id = data.get('child_id')
entity_id = data.get('entity_id')
entity_type = data.get('entity_type')
action = data.get('action')
expires_in_hours = data.get('expires_in_hours', 24)
if not all([child_id, entity_id, entity_type, action]):
return jsonify({'error': 'child_id, entity_id, entity_type, and action are required',
'code': 'MISSING_FIELDS'}), 400
if entity_type not in ('chore', 'reward'):
return jsonify({'error': 'entity_type must be "chore" or "reward"',
'code': 'INVALID_ENTITY_TYPE'}), 400
if action not in ('approve', 'deny'):
return jsonify({'error': 'action must be "approve" or "deny"',
'code': 'INVALID_ACTION'}), 400
try:
from utils.digest_token import create_action_token
token = create_action_token(
user_id=user_id,
child_id=child_id,
entity_id=entity_id,
entity_type=entity_type,
action=action,
expiry_hours=int(expires_in_hours),
)
return jsonify({'token': token.id}), 200
except Exception as e:
return jsonify({'error': str(e), 'code': 'SERVER_ERROR'}), 500
@admin_api.route('/admin/test/send-digest', methods=['POST'])
def send_test_digest():
"""Trigger a digest email for a specific user by email address.
Only active when DB_ENV is not 'production'. Requires admin authentication.
Note: actual email delivery is skipped in e2e mode by email_sender.
"""
if os.environ.get('DB_ENV') == 'production':
return jsonify({'error': 'Not found', 'code': 'NOT_FOUND'}), 404
user_id = get_validated_user_id()
if not user_id:
return jsonify({'error': 'Unauthorized', 'code': 'UNAUTHORIZED'}), 401
# Verify caller is admin
caller_dict = users_db.get(Query().id == user_id)
if not caller_dict or caller_dict.get('role') != 'admin':
return jsonify({'error': 'Admin access required', 'code': 'ADMIN_REQUIRED'}), 403
data = request.get_json() or {}
email = data.get('email', '').strip().lower()
if not email:
return jsonify({'error': 'email is required', 'code': 'MISSING_FIELDS'}), 400
target = users_db.get(Query().email == email)
if not target:
return jsonify({'error': 'User not found', 'code': 'USER_NOT_FOUND'}), 404
target_id = target.get('id')
target_email = target.get('email')
try:
from flask import current_app
from utils.digest_scheduler import send_digest_for_user
frontend_url = current_app.config.get('FRONTEND_URL', 'https://localhost:5173')
items_sent = send_digest_for_user(target_id, target_email, frontend_url)
return jsonify({'items_sent': items_sent}), 200
except Exception as e:
return jsonify({'error': str(e), 'code': 'SERVER_ERROR'}), 500
@admin_api.route('/admin/test/trigger-chore-expiry', methods=['POST'])
def trigger_test_chore_expiry():
"""Trigger the chore expiry notification check for a specific user by email address.
Only active when DB_ENV is not 'production'. Requires admin authentication.
Note: actual push delivery requires VAPID keys to be configured.
"""
if os.environ.get('DB_ENV') == 'production':
return jsonify({'error': 'Not found', 'code': 'NOT_FOUND'}), 404
user_id = get_validated_user_id()
if not user_id:
return jsonify({'error': 'Unauthorized', 'code': 'UNAUTHORIZED'}), 401
caller_dict = users_db.get(Query().id == user_id)
if not caller_dict or caller_dict.get('role') != 'admin':
return jsonify({'error': 'Admin access required', 'code': 'ADMIN_REQUIRED'}), 403
data = request.get_json() or {}
email = data.get('email', '').strip().lower()
if not email:
return jsonify({'error': 'email is required', 'code': 'MISSING_FIELDS'}), 400
target = users_db.get(Query().email == email)
if not target:
return jsonify({'error': 'User not found', 'code': 'USER_NOT_FOUND'}), 404
target_id = target.get('id')
tz_str = target.get('timezone')
try:
from utils.chore_expiry_notification_scheduler import send_chore_expiry_notifications_for_user
chores_notified = send_chore_expiry_notifications_for_user(target_id, tz_str)
return jsonify({'chores_notified': chores_notified}), 200
except Exception as e:
return jsonify({'error': str(e), 'code': 'SERVER_ERROR'}), 500

View File

@@ -39,7 +39,10 @@ UserQuery = Query()
TokenQuery = Query()
TOKEN_EXPIRY_MINUTES = 60 * 4
RESET_PASSWORD_TOKEN_EXPIRY_MINUTES = 10
ACCESS_TOKEN_EXPIRY_MINUTES = 15
try:
ACCESS_TOKEN_EXPIRY_MINUTES = int(os.environ.get('ACCESS_TOKEN_EXPIRY_MINUTES', '15'))
except ValueError:
ACCESS_TOKEN_EXPIRY_MINUTES = 15
E2E_TEST_EMAIL = 'e2e@test.com'
E2E_TEST_PASSWORD = 'E2eTestPass1!'
E2E_TEST_PIN = '1234'

View File

@@ -0,0 +1,273 @@
"""Shared business logic for chore confirmation and reward actions.
Called from both child_api.py (JWT-authenticated endpoints) and
digest_action_api.py (token-authenticated endpoints). All functions take
user_id explicitly rather than reading it from the Flask request context.
"""
import logging
from datetime import datetime, timezone
from tinydb import Query
from db.db import child_db, task_db, reward_db, pending_confirmations_db
from db.child_overrides import get_override
from db.chore_schedules import get_schedule
from db.tracking import insert_tracking_event
from events.sse import send_event_to_user
from events.types.child_chore_confirmation import ChildChoreConfirmation
from events.types.child_reward_request import ChildRewardRequest
from events.types.child_reward_triggered import ChildRewardTriggered
from events.types.child_task_triggered import ChildTaskTriggered
from events.types.tracking_event_created import TrackingEventCreated
from events.types.event import Event
from events.types.event_types import EventType
from models.child import Child
from models.reward import Reward
from models.task import Task
from models.tracking_event import TrackingEvent
from utils.tracking_logger import log_tracking_event
logger = logging.getLogger(__name__)
def approve_chore(user_id: str, child_id: str, task_id: str) -> dict | None:
"""Award points for a completed chore and mark the pending confirmation approved.
Returns a result dict on success, or None if the confirmation was already resolved.
Raises ValueError if the child or task cannot be found.
"""
ChildQ = Query()
child_result = child_db.get((ChildQ.id == child_id) & (ChildQ.user_id == user_id))
if not child_result:
raise ValueError(f'Child {child_id} not found for user {user_id}')
child = Child.from_dict(child_result)
if task_id not in child.tasks:
logger.info(f'Task {task_id} no longer assigned to child {child_id}; skipping approve')
return None
PendingQ = Query()
existing = pending_confirmations_db.get(
(PendingQ.child_id == child_id) & (PendingQ.entity_id == task_id) &
(PendingQ.entity_type == 'chore') & (PendingQ.status == 'pending') &
(PendingQ.user_id == user_id)
)
if not existing:
logger.info(f'No pending chore for child {child_id}, task {task_id} — already resolved')
return None
TaskQ = Query()
task_result = task_db.get(
(TaskQ.id == task_id) & ((TaskQ.user_id == user_id) | (TaskQ.user_id == None))
)
if not task_result:
raise ValueError(f'Task {task_id} not found')
task = Task.from_dict(task_result)
override = get_override(child_id, task_id)
points_value = override.custom_value if override else task.points
points_before = child.points
child.points += points_value
child_db.update({'points': child.points}, ChildQ.id == child_id)
schedule = get_schedule(child_id, task_id)
if schedule:
now_str = datetime.now(timezone.utc).isoformat()
pending_confirmations_db.update(
{'status': 'approved', 'approved_at': now_str},
(PendingQ.child_id == child_id) & (PendingQ.entity_id == task_id) &
(PendingQ.entity_type == 'chore') & (PendingQ.user_id == user_id)
)
else:
pending_confirmations_db.remove(
(PendingQ.child_id == child_id) & (PendingQ.entity_id == task_id) &
(PendingQ.entity_type == 'chore') & (PendingQ.user_id == user_id)
)
tracking_metadata = {
'task_name': task.name,
'task_type': task.type,
'default_points': task.points,
}
if override:
tracking_metadata['custom_points'] = override.custom_value
tracking_metadata['has_override'] = True
tracking_event = TrackingEvent.create_event(
user_id=user_id, child_id=child_id, entity_type='chore', entity_id=task_id,
action='approved', points_before=points_before, points_after=child.points,
metadata=tracking_metadata,
)
insert_tracking_event(tracking_event)
log_tracking_event(tracking_event)
send_event_to_user(user_id, Event(EventType.TRACKING_EVENT_CREATED.value,
TrackingEventCreated(tracking_event.id, child_id, 'chore', 'approved')))
send_event_to_user(user_id, Event(EventType.CHILD_CHORE_CONFIRMATION.value,
ChildChoreConfirmation(child_id, task_id, ChildChoreConfirmation.OPERATION_APPROVED)))
send_event_to_user(user_id, Event(EventType.CHILD_TASK_TRIGGERED.value,
ChildTaskTriggered(task_id, child_id, child.points)))
return {'task_name': task.name, 'child_name': child.name, 'child_id': child_id, 'points': child.points}
def reject_chore(user_id: str, child_id: str, task_id: str) -> None:
"""Reject a pending chore confirmation. No-op if already resolved."""
PendingQ = Query()
existing = pending_confirmations_db.get(
(PendingQ.child_id == child_id) & (PendingQ.entity_id == task_id) &
(PendingQ.entity_type == 'chore') & (PendingQ.status == 'pending') &
(PendingQ.user_id == user_id)
)
if not existing:
logger.info(f'No pending chore for child {child_id}, task {task_id} — already resolved')
return
pending_confirmations_db.remove(
(PendingQ.child_id == child_id) & (PendingQ.entity_id == task_id) &
(PendingQ.entity_type == 'chore') & (PendingQ.user_id == user_id)
)
ChildQ = Query()
child_result = child_db.get((ChildQ.id == child_id) & (ChildQ.user_id == user_id))
if child_result:
child = Child.from_dict(child_result)
TaskQ = Query()
task_result = task_db.get(
(TaskQ.id == task_id) & ((TaskQ.user_id == user_id) | (TaskQ.user_id == None))
)
task_name = task_result.get('name') if task_result else 'Unknown'
tracking_event = TrackingEvent.create_event(
user_id=user_id, child_id=child_id, entity_type='chore', entity_id=task_id,
action='rejected', points_before=child.points, points_after=child.points,
metadata={'task_name': task_name},
)
insert_tracking_event(tracking_event)
log_tracking_event(tracking_event)
send_event_to_user(user_id, Event(EventType.TRACKING_EVENT_CREATED.value,
TrackingEventCreated(tracking_event.id, child_id, 'chore', 'rejected')))
send_event_to_user(user_id, Event(EventType.CHILD_CHORE_CONFIRMATION.value,
ChildChoreConfirmation(child_id, task_id, ChildChoreConfirmation.OPERATION_REJECTED)))
def approve_reward_request(user_id: str, child_id: str, reward_id: str) -> dict:
"""Approve a child's pending reward request: deduct points and fire SSE events.
Returns a result dict on success.
Raises ValueError if child/reward not found or the child has insufficient points.
"""
ChildQ = Query()
child_result = child_db.get((ChildQ.id == child_id) & (ChildQ.user_id == user_id))
if not child_result:
raise ValueError(f'Child {child_id} not found for user {user_id}')
child = Child.from_dict(child_result)
if reward_id not in child.rewards:
logger.info(f'Reward {reward_id} no longer assigned to child {child_id}; skipping approve')
return None
RewardQ = Query()
reward_result = reward_db.get(
(RewardQ.id == reward_id) & ((RewardQ.user_id == user_id) | (RewardQ.user_id == None))
)
if not reward_result:
raise ValueError(f'Reward {reward_id} not found')
reward = Reward.from_dict(reward_result)
override = get_override(child_id, reward_id)
cost_value = override.custom_value if override else reward.cost
if child.points < cost_value:
raise ValueError(f'Child {child_id} has insufficient points for reward {reward_id}')
PendingQ = Query()
existing = pending_confirmations_db.get(
(PendingQ.child_id == child_id) & (PendingQ.entity_id == reward_id) &
(PendingQ.entity_type == 'reward') & (PendingQ.status == 'pending') &
(PendingQ.user_id == user_id)
)
if not existing:
logger.info(f'No pending reward for child {child_id}, reward {reward_id} — already resolved')
return None
pending_confirmations_db.remove(
(PendingQ.child_id == child_id) & (PendingQ.entity_id == reward_id) &
(PendingQ.entity_type == 'reward') & (PendingQ.user_id == user_id)
)
send_event_to_user(user_id, Event(EventType.CHILD_REWARD_REQUEST.value,
ChildRewardRequest(child_id, reward_id, ChildRewardRequest.REQUEST_GRANTED)))
points_before = child.points
child.points -= cost_value
child_db.update({'points': child.points}, ChildQ.id == child_id)
tracking_metadata = {
'reward_name': reward.name,
'reward_cost': reward.cost,
'default_cost': reward.cost,
}
if override:
tracking_metadata['custom_cost'] = override.custom_value
tracking_metadata['has_override'] = True
tracking_event = TrackingEvent.create_event(
user_id=user_id, child_id=child_id, entity_type='reward', entity_id=reward_id,
action='redeemed', points_before=points_before, points_after=child.points,
metadata=tracking_metadata,
)
insert_tracking_event(tracking_event)
log_tracking_event(tracking_event)
send_event_to_user(user_id, Event(EventType.TRACKING_EVENT_CREATED.value,
TrackingEventCreated(tracking_event.id, child_id, 'reward', 'redeemed')))
send_event_to_user(user_id, Event(EventType.CHILD_REWARD_TRIGGERED.value,
ChildRewardTriggered(reward_id, child_id, child.points)))
return {'reward_name': reward.name, 'child_name': child.name, 'child_id': child_id, 'points': child.points}
def deny_reward(user_id: str, child_id: str, reward_id: str) -> dict | None:
"""Deny a child's pending reward request. No-op if already resolved.
Returns a result dict on success, or None if already resolved.
"""
PendingQ = Query()
existing = pending_confirmations_db.get(
(PendingQ.child_id == child_id) & (PendingQ.entity_id == reward_id) &
(PendingQ.entity_type == 'reward') & (PendingQ.status == 'pending') &
(PendingQ.user_id == user_id)
)
if not existing:
logger.info(f'Reward request for child {child_id}, reward {reward_id} already resolved')
return None
pending_confirmations_db.remove(
(PendingQ.child_id == child_id) & (PendingQ.entity_id == reward_id) &
(PendingQ.entity_type == 'reward') & (PendingQ.user_id == user_id)
)
ChildQ = Query()
child_result = child_db.get((ChildQ.id == child_id) & (ChildQ.user_id == user_id))
child_name = 'Unknown'
if child_result:
child = Child.from_dict(child_result)
child_name = child.name
tracking_event = TrackingEvent.create_event(
user_id=user_id, child_id=child_id, entity_type='reward', entity_id=reward_id,
action='denied', points_before=child.points, points_after=child.points,
metadata={},
)
insert_tracking_event(tracking_event)
log_tracking_event(tracking_event)
send_event_to_user(user_id, Event(EventType.TRACKING_EVENT_CREATED.value,
TrackingEventCreated(tracking_event.id, child_id, 'reward', 'denied')))
send_event_to_user(user_id, Event(EventType.CHILD_REWARD_REQUEST.value,
ChildRewardRequest(child_id, reward_id, ChildRewardRequest.REQUEST_CANCELLED)))
return {'child_name': child_name}

View File

@@ -1,5 +1,5 @@
from time import sleep
from datetime import date as date_type, datetime, timezone
from datetime import datetime, timezone
from flask import Blueprint, request, jsonify
from tinydb import Query
@@ -9,7 +9,8 @@ from api.child_tasks import ChildTask
from api.pending_confirmation import PendingConfirmationResponse
from api.reward_status import RewardStatus
from api.utils import send_event_for_current_user, get_validated_user_id
from db.db import child_db, task_db, reward_db, pending_reward_db, pending_confirmations_db
import api.child_action_helpers as chore_actions
from db.db import child_db, task_db, reward_db, pending_reward_db, pending_confirmations_db, users_db
from db.tracking import insert_tracking_event
from db.child_overrides import get_override, delete_override, delete_overrides_for_child
from events.types.child_chore_confirmation import ChildChoreConfirmation
@@ -29,9 +30,11 @@ from models.reward import Reward
from models.task import Task
from models.tracking_event import TrackingEvent
from utils.tracking_logger import log_tracking_event
from utils.push_sender import send_push_to_user
from utils.digest_token import create_action_token
from collections import defaultdict
from db.chore_schedules import get_schedule
from db.task_extensions import get_extension
from db.task_extensions import get_extension_for_child_task
import logging
child_api = Blueprint('child_api', __name__)
@@ -208,7 +211,7 @@ def set_child_tasks(id):
# Convert back to list if needed
new_tasks = list(new_task_ids)
# Identify unassigned tasks and delete their overrides
# Identify unassigned tasks and delete their overrides and pending confirmations
old_task_ids = set(child.tasks)
unassigned_task_ids = old_task_ids - new_task_ids
for task_id in unassigned_task_ids:
@@ -217,6 +220,12 @@ def set_child_tasks(id):
if override and override.entity_type == 'task':
delete_override(id, task_id)
logger.info(f"Deleted override for unassigned task: child={id}, task={task_id}")
# Clear any pending chore confirmation
PendingQ = Query()
pending_confirmations_db.remove(
(PendingQ.child_id == id) & (PendingQ.entity_id == task_id) &
(PendingQ.entity_type == 'chore') & (PendingQ.user_id == user_id)
)
# Replace tasks with validated IDs
child_db.update({'tasks': new_tasks}, ChildQuery.id == id)
@@ -250,6 +259,12 @@ def remove_task_from_child(id):
if task_id in child.get('tasks', []):
child['tasks'].remove(task_id)
child_db.update({'tasks': child['tasks']}, ChildQuery.id == id)
# Clear any pending chore confirmation for this task
PendingQ = Query()
pending_confirmations_db.remove(
(PendingQ.child_id == id) & (PendingQ.entity_id == task_id) &
(PendingQ.entity_type == 'chore') & (PendingQ.user_id == user_id)
)
return jsonify({'message': f'Task {task_id} removed from {child["name"]}.'}), 200
return jsonify({'error': 'Task not assigned to child'}), 400
@@ -288,8 +303,7 @@ def list_child_tasks(id):
if task_obj.type == 'chore':
schedule = get_schedule(id, tid)
ct_dict['schedule'] = schedule.to_dict() if schedule else None
today_str = date_type.today().isoformat()
ext = get_extension(id, tid, today_str)
ext = get_extension_for_child_task(id, tid)
ct_dict['extension_date'] = ext.date if ext else None
# Attach pending confirmation status for chores
@@ -331,7 +345,6 @@ def list_assignable_tasks(id):
all_tasks = [t for t in task_db.all() if t and t.get('id') and t.get('id') not in assigned_ids]
# Group by name
from collections import defaultdict
name_to_tasks = defaultdict(list)
for t in all_tasks:
name_to_tasks[t.get('name')].append(t)
@@ -540,7 +553,6 @@ def list_all_rewards(id):
ChildRewardQuery = Query()
all_rewards = reward_db.search((ChildRewardQuery.user_id == user_id) | (ChildRewardQuery.user_id == None))
from collections import defaultdict
name_to_rewards = defaultdict(list)
for r in all_rewards:
name_to_rewards[r.get('name')].append(r)
@@ -602,7 +614,7 @@ def set_child_rewards(id):
if reward_db.get((RewardQuery.id == rid) & ((RewardQuery.user_id == user_id) | (RewardQuery.user_id == None))):
valid_reward_ids.append(rid)
# Identify unassigned rewards and delete their overrides
# Identify unassigned rewards and delete their overrides and pending confirmations
new_reward_ids_set = set(valid_reward_ids)
unassigned_reward_ids = old_reward_ids - new_reward_ids_set
for reward_id in unassigned_reward_ids:
@@ -610,6 +622,12 @@ def set_child_rewards(id):
if override and override.entity_type == 'reward':
delete_override(id, reward_id)
logger.info(f"Deleted override for unassigned reward: child={id}, reward={reward_id}")
# Clear any pending reward confirmation
PendingQ = Query()
pending_confirmations_db.remove(
(PendingQ.child_id == id) & (PendingQ.entity_id == reward_id) &
(PendingQ.entity_type == 'reward') & (PendingQ.user_id == user_id)
)
# Replace rewards with validated IDs
child_db.update({'rewards': valid_reward_ids}, ChildQuery.id == id)
@@ -640,6 +658,12 @@ def remove_reward_from_child(id):
if reward_id in child.get('rewards', []):
child['rewards'].remove(reward_id)
child_db.update({'rewards': child['rewards']}, ChildQuery.id == id)
# Clear any pending reward confirmation for this reward
PendingQ = Query()
pending_confirmations_db.remove(
(PendingQ.child_id == id) & (PendingQ.entity_id == reward_id) &
(PendingQ.entity_type == 'reward') & (PendingQ.user_id == user_id)
)
return jsonify({'message': f'Reward {reward_id} removed from {child["name"]}.'}), 200
return jsonify({'error': 'Reward not assigned to child'}), 400
@@ -692,7 +716,6 @@ def list_assignable_rewards(id):
all_rewards = [r for r in reward_db.all() if r and r.get('id') and r.get('id') not in assigned_ids]
# Group by name
from collections import defaultdict
name_to_rewards = defaultdict(list)
for r in all_rewards:
name_to_rewards[r.get('name')].append(r)
@@ -896,6 +919,16 @@ def request_reward(id):
'reward_cost': reward.cost
}), 400
# Check for duplicate pending request
DupQuery = Query()
duplicate = pending_confirmations_db.get(
(DupQuery.child_id == child.id) & (DupQuery.entity_id == reward.id) &
(DupQuery.entity_type == 'reward') & (DupQuery.status == 'pending') &
(DupQuery.user_id == user_id)
)
if duplicate:
return jsonify({'error': 'Reward request already pending', 'code': 'DUPLICATE_REWARD_REQUEST'}), 409
pending = PendingConfirmation(child_id=child.id, entity_id=reward.id, entity_type='reward', user_id=user_id)
pending_confirmations_db.insert(pending.to_dict())
logger.info(f'Pending reward request created for child {child.name} for reward {reward.name}')
@@ -918,6 +951,30 @@ def request_reward(id):
send_event_for_current_user(Event(EventType.TRACKING_EVENT_CREATED.value, TrackingEventCreated(tracking_event.id, child.id, 'reward', 'requested')))
send_event_for_current_user(Event(EventType.CHILD_REWARD_REQUEST.value, ChildRewardRequest(child.id, reward.id, ChildRewardRequest.REQUEST_CREATED)))
# Fire web push notification to all parent subscriptions
_push_user = users_db.get(Query().id == user_id)
if _push_user and _push_user.get('push_notifications_enabled', True):
try:
approve_token = create_action_token(user_id, child.id, reward.id, 'reward', 'approve')
deny_token = create_action_token(user_id, child.id, reward.id, 'reward', 'deny')
push_payload = {
'type': 'reward_requested',
'title': f'{child.name} wants a reward',
'body': f'{reward.name} costs {reward.cost} points.',
'user_id': user_id,
'child_id': child.id,
'child_name': child.name,
'entity_id': reward.id,
'entity_type': 'reward',
'entity_name': reward.name,
'approve_token': approve_token.id,
'deny_token': deny_token.id,
}
send_push_to_user(user_id, push_payload)
except Exception as _push_err:
logger.warning(f'Push notification failed for reward request: {_push_err}')
return jsonify({
'message': f'Reward request for {reward.name} submitted for {child.name}.',
'reward_id': reward.id,
@@ -1106,6 +1163,30 @@ def confirm_chore(id):
TrackingEventCreated(tracking_event.id, id, 'chore', 'confirmed')))
send_event_for_current_user(Event(EventType.CHILD_CHORE_CONFIRMATION.value,
ChildChoreConfirmation(id, task_id, ChildChoreConfirmation.OPERATION_CONFIRMED)))
# Fire web push notification to all parent subscriptions
_push_user = users_db.get(Query().id == user_id)
if _push_user and _push_user.get('push_notifications_enabled', True):
try:
approve_token = create_action_token(user_id, id, task_id, 'chore', 'approve')
deny_token = create_action_token(user_id, id, task_id, 'chore', 'deny')
push_payload = {
'type': 'chore_confirmed',
'title': f'{child.name} completed a chore',
'body': f'{task.name} is waiting for your approval.',
'user_id': user_id,
'child_id': id,
'child_name': child.name,
'entity_id': task_id,
'entity_type': 'chore',
'entity_name': task.name,
'approve_token': approve_token.id,
'deny_token': deny_token.id,
}
send_push_to_user(user_id, push_payload)
except Exception as _push_err:
logger.warning(f'Push notification failed for chore confirmation: {_push_err}')
return jsonify({'message': f'Chore {task.name} confirmed by {child.name}.', 'confirmation_id': confirmation.id}), 200
@@ -1172,77 +1253,18 @@ def approve_chore(id):
if not task_id:
return jsonify({'error': 'task_id is required'}), 400
ChildQuery = Query()
result = child_db.search((ChildQuery.id == id) & (ChildQuery.user_id == user_id))
if not result:
return jsonify({'error': 'Child not found'}), 404
child = Child.from_dict(result[0])
try:
result = chore_actions.approve_chore(user_id, id, task_id)
except ValueError:
return jsonify({'error': 'Child or task not found'}), 404
PendingQuery = Query()
existing = pending_confirmations_db.get(
(PendingQuery.child_id == id) & (PendingQuery.entity_id == task_id) &
(PendingQuery.entity_type == 'chore') & (PendingQuery.status == 'pending') &
(PendingQuery.user_id == user_id)
)
if not existing:
if result is None:
return jsonify({'error': 'No pending confirmation found', 'code': 'PENDING_NOT_FOUND'}), 400
TaskQuery = Query()
task_result = task_db.get((TaskQuery.id == task_id) & ((TaskQuery.user_id == user_id) | (TaskQuery.user_id == None)))
if not task_result:
return jsonify({'error': 'Task not found'}), 404
task = Task.from_dict(task_result)
# Award points
override = get_override(id, task_id)
points_value = override.custom_value if override else task.points
points_before = child.points
child.points += points_value
child_db.update({'points': child.points}, ChildQuery.id == id)
# Update confirmation to approved
# For general (non-scheduled) chores, remove the confirmation so chore resets to normal
schedule = get_schedule(id, task_id)
if schedule:
now_str = datetime.now(timezone.utc).isoformat()
pending_confirmations_db.update(
{'status': 'approved', 'approved_at': now_str},
(PendingQuery.child_id == id) & (PendingQuery.entity_id == task_id) &
(PendingQuery.entity_type == 'chore') & (PendingQuery.user_id == user_id)
)
else:
pending_confirmations_db.remove(
(PendingQuery.child_id == id) & (PendingQuery.entity_id == task_id) &
(PendingQuery.entity_type == 'chore') & (PendingQuery.user_id == user_id)
)
tracking_metadata = {
'task_name': task.name,
'task_type': task.type,
'default_points': task.points
}
if override:
tracking_metadata['custom_points'] = override.custom_value
tracking_metadata['has_override'] = True
tracking_event = TrackingEvent.create_event(
user_id=user_id, child_id=id, entity_type='chore', entity_id=task_id,
action='approved', points_before=points_before, points_after=child.points,
metadata=tracking_metadata
)
insert_tracking_event(tracking_event)
log_tracking_event(tracking_event)
send_event_for_current_user(Event(EventType.TRACKING_EVENT_CREATED.value,
TrackingEventCreated(tracking_event.id, id, 'chore', 'approved')))
send_event_for_current_user(Event(EventType.CHILD_CHORE_CONFIRMATION.value,
ChildChoreConfirmation(id, task_id, ChildChoreConfirmation.OPERATION_APPROVED)))
send_event_for_current_user(Event(EventType.CHILD_TASK_TRIGGERED.value,
ChildTaskTriggered(task_id, id, child.points)))
return jsonify({
'message': f'Chore {task.name} approved for {child.name}.',
'points': child.points,
'id': child.id
'message': f'Chore {result["task_name"]} approved for {result["child_name"]}.',
'points': result['points'],
'id': result['child_id']
}), 200
@@ -1261,7 +1283,6 @@ def reject_chore(id):
result = child_db.search((ChildQuery.id == id) & (ChildQuery.user_id == user_id))
if not result:
return jsonify({'error': 'Child not found'}), 404
child = Child.from_dict(result[0])
PendingQuery = Query()
existing = pending_confirmations_db.get(
@@ -1272,27 +1293,7 @@ def reject_chore(id):
if not existing:
return jsonify({'error': 'No pending confirmation found', 'code': 'PENDING_NOT_FOUND'}), 400
pending_confirmations_db.remove(
(PendingQuery.child_id == id) & (PendingQuery.entity_id == task_id) &
(PendingQuery.entity_type == 'chore') & (PendingQuery.user_id == user_id)
)
TaskQuery = Query()
task_result = task_db.get((TaskQuery.id == task_id) & ((TaskQuery.user_id == user_id) | (TaskQuery.user_id == None)))
task_name = task_result.get('name') if task_result else 'Unknown'
tracking_event = TrackingEvent.create_event(
user_id=user_id, child_id=id, entity_type='chore', entity_id=task_id,
action='rejected', points_before=child.points, points_after=child.points,
metadata={'task_name': task_name}
)
insert_tracking_event(tracking_event)
log_tracking_event(tracking_event)
send_event_for_current_user(Event(EventType.TRACKING_EVENT_CREATED.value,
TrackingEventCreated(tracking_event.id, id, 'chore', 'rejected')))
send_event_for_current_user(Event(EventType.CHILD_CHORE_CONFIRMATION.value,
ChildChoreConfirmation(id, task_id, ChildChoreConfirmation.OPERATION_REJECTED)))
chore_actions.reject_chore(user_id, id, task_id)
return jsonify({'message': 'Chore confirmation rejected.'}), 200
@@ -1345,3 +1346,22 @@ def reset_chore(id):
ChildChoreConfirmation(id, task_id, ChildChoreConfirmation.OPERATION_RESET)))
return jsonify({'message': 'Chore reset to available.'}), 200
@child_api.route('/child/<id>/deny-reward-request', methods=['POST'])
def deny_reward_request(id):
"""Parent denies a child's pending reward request."""
user_id = get_validated_user_id()
if not user_id:
return jsonify({'error': 'Unauthorized', 'code': 'UNAUTHORIZED'}), 401
data = request.get_json()
reward_id = data.get('reward_id')
if not reward_id:
return jsonify({'error': 'reward_id is required'}), 400
result = chore_actions.deny_reward(user_id, id, reward_id)
if result is None:
return jsonify({'message': 'This reward request has already been resolved.'}), 200
return jsonify({'message': f'Reward request denied for {result["child_name"]}.'}), 200

View File

@@ -160,11 +160,14 @@ def extend_chore_time(child_id, task_id):
if not date or not isinstance(date, str):
return jsonify({'error': 'date is required (ISO date string)', 'code': ErrorCodes.MISSING_FIELD}), 400
# 409 if already extended for this date
# 409 if already extended for this exact date
existing = get_extension(child_id, task_id, date)
if existing:
return jsonify({'error': 'Chore already extended for this date', 'code': 'ALREADY_EXTENDED'}), 409
# Clear any prior extension for this child+task before inserting the new one
# so stale records from previous dates do not accumulate.
delete_extension_for_child_task(child_id, task_id)
extension = TaskExtension(child_id=child_id, task_id=task_id, date=date)
add_extension(extension)

View File

@@ -0,0 +1,109 @@
import logging
from flask import Blueprint, redirect, make_response, jsonify, request
from tinydb import Query
from utils.digest_token import validate_and_consume_token, validate_unsubscribe_token, peek_token
from db.db import users_db
from api.child_action_helpers import approve_chore, reject_chore, approve_reward_request, deny_reward
from api.utils import get_validated_user_id
digest_action_api = Blueprint('digest_action_api', __name__)
logger = logging.getLogger(__name__)
_ERROR_HTML = """<!DOCTYPE html>
<html><head><title>Link Error</title></head>
<body style="font-family:sans-serif;text-align:center;margin-top:60px;">
<h2>This link is invalid or has expired.</h2>
<p>Action links expire after 24 hours and can only be used once.</p>
</body></html>"""
_UNSUB_HTML = """<!DOCTYPE html>
<html><head><title>Unsubscribed</title></head>
<body style="font-family:sans-serif;text-align:center;margin-top:60px;">
<h2>You have been unsubscribed from daily digest emails.</h2>
<p>To re-enable, visit your profile in the app.</p>
</body></html>"""
_UNSUB_ERROR_HTML = """<!DOCTYPE html>
<html><head><title>Link Error</title></head>
<body style="font-family:sans-serif;text-align:center;margin-top:60px;">
<h2>This unsubscribe link is invalid or has expired.</h2>
</body></html>"""
@digest_action_api.route('/digest-action/<token_id>', methods=['GET'])
def handle_digest_action(token_id: str):
"""
Validate a digest action token (without consuming it) and redirect to the
frontend ParentView with the token embedded so the action executes only
after the user authenticates as a parent.
"""
from flask import current_app
frontend_url = current_app.config.get('FRONTEND_URL', 'https://localhost:5173')
token = peek_token(token_id)
if not token:
return make_response(_ERROR_HTML, 400)
deep_link = (
f"{frontend_url}/parent/{token.child_id}"
f"?digestToken={token_id}&scrollTo={token.entity_id}&entityType={token.entity_type}"
)
return redirect(deep_link, 302)
@digest_action_api.route('/digest-action/<token_id>', methods=['POST'])
def execute_digest_action(token_id: str):
"""
Execute a digest action. Requires the user to be authenticated (JWT cookie).
Validates and consumes the token, then performs the approve/deny action.
"""
user_id = get_validated_user_id()
if not user_id:
return jsonify({'error': 'Unauthorized', 'code': 'UNAUTHORIZED'}), 401
token = validate_and_consume_token(token_id)
if not token:
return jsonify({'error': 'This link is invalid or has expired.', 'code': 'INVALID_TOKEN'}), 400
if token.user_id != user_id:
return jsonify({'error': 'Unauthorized', 'code': 'UNAUTHORIZED'}), 403
try:
if token.entity_type == 'chore' and token.action == 'approve':
approve_chore(user_id, token.child_id, token.entity_id)
elif token.entity_type == 'chore' and token.action == 'deny':
reject_chore(user_id, token.child_id, token.entity_id)
elif token.entity_type == 'reward' and token.action == 'approve':
approve_reward_request(user_id, token.child_id, token.entity_id)
elif token.entity_type == 'reward' and token.action == 'deny':
deny_reward(user_id, token.child_id, token.entity_id)
else:
return jsonify({'error': 'Unknown action', 'code': 'INVALID_ACTION'}), 400
except Exception as e:
logger.error(f'Error executing digest action {token.action}/{token.entity_type}: {e}')
return jsonify({'error': 'Failed to execute action', 'code': 'ACTION_FAILED'}), 400
return jsonify({
'success': True,
'child_id': token.child_id,
'entity_id': token.entity_id,
'entity_type': token.entity_type,
'action': token.action,
}), 200
@digest_action_api.route('/digest-unsubscribe/<token>', methods=['GET'])
def handle_digest_unsubscribe(token: str):
user_id = validate_unsubscribe_token(token)
if not user_id:
return make_response(_UNSUB_ERROR_HTML, 400)
UserQ = Query()
users_db.update({'email_digest_enabled': False}, UserQ.id == user_id)
logger.info(f'User {user_id} unsubscribed from digest via email link')
return make_response(_UNSUB_HTML, 200)

View File

@@ -35,3 +35,4 @@ class ErrorCodes:
PENDING_NOT_FOUND = "PENDING_NOT_FOUND"
INSUFFICIENT_POINTS = "INSUFFICIENT_POINTS"
INVALID_TASK_TYPE = "INVALID_TASK_TYPE"
DUPLICATE_REWARD_REQUEST = "DUPLICATE_REWARD_REQUEST"

View File

@@ -0,0 +1,59 @@
from flask import Blueprint, request, jsonify, current_app
from tinydb import Query
from api.utils import get_validated_user_id
from db.push_subscriptions import upsert_subscription, delete_by_endpoint
from db.db import users_db
push_subscription_api = Blueprint('push_subscription_api', __name__)
@push_subscription_api.route('/push-vapid-key', methods=['GET'])
def get_vapid_public_key():
"""Return the VAPID public key for the frontend to use when subscribing."""
public_key = current_app.config.get('VAPID_PUBLIC_KEY', '')
return jsonify({'public_key': public_key}), 200
@push_subscription_api.route('/push-subscription', methods=['POST'])
def subscribe():
"""Upsert a push subscription for the current user."""
user_id = get_validated_user_id()
if not user_id:
return jsonify({'error': 'Unauthorized', 'code': 'UNAUTHORIZED'}), 401
data = request.get_json() or {}
endpoint = data.get('endpoint')
keys = data.get('keys')
timezone_str = data.get('timezone')
if not endpoint or not isinstance(keys, dict):
return jsonify({'error': 'endpoint and keys are required', 'code': 'MISSING_FIELDS'}), 400
if 'p256dh' not in keys or 'auth' not in keys:
return jsonify({'error': 'keys must contain p256dh and auth', 'code': 'MISSING_FIELDS'}), 400
sub = upsert_subscription(user_id=user_id, endpoint=endpoint, keys=keys)
# Update user timezone if provided
if timezone_str:
UserQ = Query()
users_db.update({'timezone': timezone_str}, UserQ.id == user_id)
return jsonify({'message': 'Subscription saved', 'id': sub.id}), 200
@push_subscription_api.route('/push-subscription', methods=['DELETE'])
def unsubscribe():
"""Remove a push subscription for the current user by endpoint."""
user_id = get_validated_user_id()
if not user_id:
return jsonify({'error': 'Unauthorized', 'code': 'UNAUTHORIZED'}), 401
data = request.get_json() or {}
endpoint = data.get('endpoint')
if not endpoint:
return jsonify({'error': 'endpoint is required', 'code': 'MISSING_FIELDS'}), 400
removed = delete_by_endpoint(user_id=user_id, endpoint=endpoint)
return jsonify({'message': 'Subscription removed', 'removed': removed}), 200

View File

@@ -46,7 +46,9 @@ def get_profile():
'first_name': user.first_name,
'last_name': user.last_name,
'email': user.email,
'image_id': user.image_id
'image_id': user.image_id,
'email_digest_enabled': user.email_digest_enabled,
'push_notifications_enabled': user.push_notifications_enabled,
}), 200
@user_api.route('/user/profile', methods=['PUT'])
@@ -58,16 +60,22 @@ def update_profile():
if not user:
return jsonify({'error': 'Unauthorized'}), 401
data = request.get_json()
# Only allow first_name, last_name, image_id to be updated
# Only allow first_name, last_name, image_id, email_digest_enabled, push_notifications_enabled to be updated
first_name = data.get('first_name')
last_name = data.get('last_name')
image_id = data.get('image_id')
email_digest_enabled = data.get('email_digest_enabled')
push_notifications_enabled = data.get('push_notifications_enabled')
if first_name is not None:
user.first_name = first_name
if last_name is not None:
user.last_name = last_name
if image_id is not None:
user.image_id = image_id
if email_digest_enabled is not None:
user.email_digest_enabled = bool(email_digest_enabled)
if push_notifications_enabled is not None:
user.push_notifications_enabled = bool(push_notifications_enabled)
users_db.update(user.to_dict(), UserQuery.email == user.email)
# Create tracking event
@@ -78,6 +86,10 @@ def update_profile():
metadata['last_name_updated'] = True
if image_id is not None:
metadata['image_updated'] = True
if email_digest_enabled is not None:
metadata['email_digest_enabled_updated'] = True
if push_notifications_enabled is not None:
metadata['push_notifications_enabled_updated'] = True
tracking_event = TrackingEvent.create_event(
user_id=user_id,

View File

@@ -2,7 +2,7 @@
# file: config/version.py
import os
BASE_VERSION = "1.0.8" # update manually when releasing features
BASE_VERSION = "1.0.10" # update manually when releasing features
def get_full_version() -> str:
"""

View File

@@ -79,6 +79,8 @@ child_overrides_path = os.path.join(base_dir, 'child_overrides.json')
chore_schedules_path = os.path.join(base_dir, 'chore_schedules.json')
task_extensions_path = os.path.join(base_dir, 'task_extensions.json')
refresh_tokens_path = os.path.join(base_dir, 'refresh_tokens.json')
push_subscriptions_path = os.path.join(base_dir, 'push_subscriptions.json')
digest_action_tokens_path = os.path.join(base_dir, 'digest_action_tokens.json')
# Use separate TinyDB instances/files for each collection
_child_db = TinyDB(child_path, indent=2)
@@ -93,6 +95,8 @@ _child_overrides_db = TinyDB(child_overrides_path, indent=2)
_chore_schedules_db = TinyDB(chore_schedules_path, indent=2)
_task_extensions_db = TinyDB(task_extensions_path, indent=2)
_refresh_tokens_db = TinyDB(refresh_tokens_path, indent=2)
_push_subscriptions_db = TinyDB(push_subscriptions_path, indent=2)
_digest_action_tokens_db = TinyDB(digest_action_tokens_path, indent=2)
# Expose table objects wrapped with locking
child_db = LockedTable(_child_db)
@@ -107,6 +111,8 @@ child_overrides_db = LockedTable(_child_overrides_db)
chore_schedules_db = LockedTable(_chore_schedules_db)
task_extensions_db = LockedTable(_task_extensions_db)
refresh_tokens_db = LockedTable(_refresh_tokens_db)
push_subscriptions_db = LockedTable(_push_subscriptions_db)
digest_action_tokens_db = LockedTable(_digest_action_tokens_db)
if os.environ.get('DB_ENV', 'prod') == 'test':
child_db.truncate()
@@ -121,4 +127,6 @@ if os.environ.get('DB_ENV', 'prod') == 'test':
chore_schedules_db.truncate()
task_extensions_db.truncate()
refresh_tokens_db.truncate()
push_subscriptions_db.truncate()
digest_action_tokens_db.truncate()

View File

@@ -0,0 +1,18 @@
from tinydb import Query
from db.db import digest_action_tokens_db
from models.digest_action_token import DigestActionToken
def insert_token(token: DigestActionToken) -> None:
digest_action_tokens_db.insert(token.to_dict())
def get_token_by_id(token_id: str) -> DigestActionToken | None:
Q = Query()
result = digest_action_tokens_db.get(Q.id == token_id)
return DigestActionToken.from_dict(result) if result else None
def mark_token_used(token_id: str) -> None:
Q = Query()
digest_action_tokens_db.update({'used': True}, Q.id == token_id)

View File

@@ -0,0 +1,38 @@
from tinydb import Query
from db.db import push_subscriptions_db
from models.push_subscription import PushSubscription
def get_subscriptions_by_user(user_id: str) -> list[PushSubscription]:
"""Return all push subscriptions for a user."""
Q = Query()
results = push_subscriptions_db.search(Q.user_id == user_id)
return [PushSubscription.from_dict(r) for r in results]
def upsert_subscription(user_id: str, endpoint: str, keys: dict) -> PushSubscription:
"""Insert or update a subscription for the given user+endpoint pair."""
Q = Query()
existing = push_subscriptions_db.get((Q.user_id == user_id) & (Q.endpoint == endpoint))
if existing:
sub = PushSubscription.from_dict(existing)
sub.keys = keys
sub.touch()
push_subscriptions_db.update(sub.to_dict(), (Q.user_id == user_id) & (Q.endpoint == endpoint))
return sub
sub = PushSubscription(user_id=user_id, endpoint=endpoint, keys=keys)
push_subscriptions_db.insert(sub.to_dict())
return sub
def delete_by_endpoint(user_id: str, endpoint: str) -> int:
"""Remove the subscription with the given endpoint for this user. Returns count removed."""
Q = Query()
removed = push_subscriptions_db.remove((Q.user_id == user_id) & (Q.endpoint == endpoint))
return len(removed)
def delete_subscription_by_id(subscription_id: str) -> None:
"""Remove a subscription by its ID (used when push delivery fails)."""
Q = Query()
push_subscriptions_db.remove(Q.id == subscription_id)

View File

@@ -30,3 +30,20 @@ def delete_extensions_for_task(task_id: str) -> None:
def delete_extension_for_child_task(child_id: str, task_id: str) -> None:
q = Query()
task_extensions_db.remove((q.child_id == child_id) & (q.task_id == task_id))
def get_extension_for_child_task(child_id: str, task_id: str) -> TaskExtension | None:
"""Return the extension for a child+task without filtering by date.
Avoids timezone mismatches between the server (UTC) and the client's local
date. The caller (or the frontend) is responsible for deciding whether the
returned extension_date is still applicable.
"""
q = Query()
results = task_extensions_db.search(
(q.child_id == child_id) & (q.task_id == task_id)
)
if not results:
return None
latest = max(results, key=lambda r: r.get('date', ''))
return TaskExtension.from_dict(latest)

View File

@@ -17,6 +17,8 @@ from api.reward_api import reward_api
from api.task_api import task_api
from api.tracking_api import tracking_api
from api.user_api import user_api
from api.push_subscription_api import push_subscription_api
from api.digest_action_api import digest_action_api
from config.version import get_full_version
from db.default import initializeImages, createDefaultTasks, createDefaultRewards
@@ -24,6 +26,9 @@ from events.broadcaster import Broadcaster
from events.sse import sse_response_for_user, send_to_user
from api.utils import get_current_user_id
from utils.account_deletion_scheduler import start_deletion_scheduler
from utils.chore_expiry_notification_scheduler import start_chore_expiry_notification_scheduler
from utils.digest_scheduler import start_digest_scheduler
from utils.state_expiry_scheduler import start_state_expiry_scheduler
# Configure logging once at application startup
logging.basicConfig(
@@ -54,6 +59,8 @@ app.register_blueprint(image_api)
app.register_blueprint(auth_api, url_prefix='/auth')
app.register_blueprint(user_api)
app.register_blueprint(tracking_api)
app.register_blueprint(push_subscription_api)
app.register_blueprint(digest_action_api)
app.config.update(
MAIL_SERVER='smtp.gmail.com',
@@ -63,6 +70,7 @@ app.config.update(
MAIL_PASSWORD='ruyj hxjf nmrz buar',
MAIL_DEFAULT_SENDER='ryan.kegel@gmail.com',
FRONTEND_URL=os.environ.get('FRONTEND_URL', 'https://localhost:5173'), # Dynamic via env var, defaults to localhost
VAPID_CLAIMS_EMAIL=os.environ.get('VAPID_CLAIMS_EMAIL', 'admin@reward-app.local'),
)
# Security: require SECRET_KEY and REFRESH_TOKEN_EXPIRY_DAYS from environment
@@ -81,6 +89,24 @@ try:
except ValueError:
raise RuntimeError('REFRESH_TOKEN_EXPIRY_DAYS must be an integer.')
_digest_token_secret = os.environ.get('DIGEST_TOKEN_SECRET')
if not _digest_token_secret:
raise RuntimeError(
'DIGEST_TOKEN_SECRET environment variable is required. '
'Set it to a random string (e.g. python -c "import secrets; print(secrets.token_urlsafe(64))")')
app.config['DIGEST_TOKEN_SECRET'] = _digest_token_secret
_vapid_public_key = os.environ.get('VAPID_PUBLIC_KEY')
_vapid_private_key = os.environ.get('VAPID_PRIVATE_KEY')
if not _vapid_public_key or not _vapid_private_key:
raise RuntimeError(
'VAPID_PUBLIC_KEY and VAPID_PRIVATE_KEY environment variables are required. '
'Generate a key pair with: python -c "from py_vapid import Vapid; v=Vapid(); '
'v.generate_keys(); print(v.public_key.public_bytes_raw().hex(), v.private_key.private_bytes_raw().hex())"'
)
app.config['VAPID_PUBLIC_KEY'] = _vapid_public_key
app.config['VAPID_PRIVATE_KEY'] = _vapid_private_key
@app.route("/version")
def api_version():
return jsonify({"version": get_full_version()})
@@ -115,6 +141,9 @@ createDefaultTasks()
createDefaultRewards()
start_background_threads()
start_deletion_scheduler()
start_digest_scheduler(app)
start_state_expiry_scheduler(app)
start_chore_expiry_notification_scheduler(app)
if __name__ == '__main__':
app.run(debug=False, host='0.0.0.0', port=5000, threaded=True)

View File

@@ -0,0 +1,44 @@
from dataclasses import dataclass
from models.base import BaseModel
@dataclass
class DigestActionToken(BaseModel):
user_id: str
child_id: str
entity_id: str
entity_type: str # 'chore' or 'reward'
action: str # 'approve' or 'deny'
expires_at: str # ISO timestamp
used: bool = False
signature: str = ''
@classmethod
def from_dict(cls, d: dict) -> 'DigestActionToken':
return cls(
user_id=d.get('user_id'),
child_id=d.get('child_id'),
entity_id=d.get('entity_id'),
entity_type=d.get('entity_type'),
action=d.get('action'),
expires_at=d.get('expires_at'),
used=d.get('used', False),
signature=d.get('signature', ''),
id=d.get('id'),
created_at=d.get('created_at'),
updated_at=d.get('updated_at'),
)
def to_dict(self) -> dict:
base = super().to_dict()
base.update({
'user_id': self.user_id,
'child_id': self.child_id,
'entity_id': self.entity_id,
'entity_type': self.entity_type,
'action': self.action,
'expires_at': self.expires_at,
'used': self.used,
'signature': self.signature,
})
return base

View File

@@ -0,0 +1,29 @@
from dataclasses import dataclass
from models.base import BaseModel
@dataclass
class PushSubscription(BaseModel):
user_id: str
endpoint: str
keys: dict # {'p256dh': str, 'auth': str}
@classmethod
def from_dict(cls, d: dict) -> 'PushSubscription':
return cls(
user_id=d.get('user_id'),
endpoint=d.get('endpoint'),
keys=d.get('keys', {}),
id=d.get('id'),
created_at=d.get('created_at'),
updated_at=d.get('updated_at'),
)
def to_dict(self) -> dict:
base = super().to_dict()
base.update({
'user_id': self.user_id,
'endpoint': self.endpoint,
'keys': self.keys,
})
return base

View File

@@ -22,6 +22,9 @@ class User(BaseModel):
deletion_attempted_at: str | None = None
role: str = 'user'
token_version: int = 0
timezone: str | None = None
email_digest_enabled: bool = True
push_notifications_enabled: bool = True
@classmethod
def from_dict(cls, d: dict):
@@ -45,6 +48,9 @@ class User(BaseModel):
deletion_attempted_at=d.get('deletion_attempted_at'),
role=d.get('role', 'user'),
token_version=d.get('token_version', 0),
timezone=d.get('timezone'),
email_digest_enabled=d.get('email_digest_enabled', True),
push_notifications_enabled=d.get('push_notifications_enabled', True),
id=d.get('id'),
created_at=d.get('created_at'),
updated_at=d.get('updated_at')
@@ -73,5 +79,8 @@ class User(BaseModel):
'deletion_attempted_at': self.deletion_attempted_at,
'role': self.role,
'token_version': self.token_version,
'timezone': self.timezone,
'email_digest_enabled': self.email_digest_enabled,
'push_notifications_enabled': self.push_notifications_enabled,
})
return base

Binary file not shown.

View File

@@ -43,6 +43,18 @@ def create_admin_user(email: str, password: str, first_name: str, last_name: str
if __name__ == '__main__':
print("=== Create Admin User ===\n")
env_email = os.environ.get('ADMIN_EMAIL')
env_password = os.environ.get('ADMIN_PASSWORD')
env_first_name = os.environ.get('ADMIN_FIRST_NAME')
env_last_name = os.environ.get('ADMIN_LAST_NAME')
if env_email and env_password:
email = env_email
password = env_password
first_name = env_first_name or 'First Name'
last_name = env_last_name or 'Last Name'
print(f"Using environment variables for admin user '{email}'")
else:
email = input("Email: ").strip()
password = input("Password: ").strip()
first_name = input("First name: ").strip()
@@ -52,13 +64,13 @@ if __name__ == '__main__':
print("Error: All fields are required")
sys.exit(1)
confirm = input(f"\nCreate admin user '{email}'? (yes/no): ").strip().lower()
if confirm != 'yes':
print("Cancelled")
sys.exit(0)
if len(password) < 8:
print("Error: Password must be at least 8 characters")
sys.exit(1)
confirm = input(f"\nCreate admin user '{email}'? (yes/no): ").strip().lower()
if confirm == 'yes':
create_admin_user(email, password, first_name, last_name)
else:
print("Cancelled")

View File

@@ -0,0 +1,85 @@
"""
Script to seed a test user account from environment variables.
Intended for use in the test/staging deployment pipeline.
Required environment variables:
SEED_EMAIL - User email address
SEED_PASSWORD - Plain-text password (will be hashed)
SEED_PIN - 4-6 digit parent PIN (stored as plain text)
SEED_FIRST_NAME - User first name
SEED_LAST_NAME - User last name
Usage:
python scripts/seed_test_user.py
"""
import sys
import os
sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
from db.db import users_db
from models.user import User
from werkzeug.security import generate_password_hash
from tinydb import Query
import uuid
def seed_test_user() -> bool:
email = os.environ.get('SEED_EMAIL', '').strip().lower()
password = os.environ.get('SEED_PASSWORD', '').strip()
pin = os.environ.get('SEED_PIN', '').strip()
first_name = os.environ.get('SEED_FIRST_NAME', '').strip()
last_name = os.environ.get('SEED_LAST_NAME', '').strip()
missing = [name for name, val in [
('SEED_EMAIL', email),
('SEED_PASSWORD', password),
('SEED_PIN', pin),
('SEED_FIRST_NAME', first_name),
('SEED_LAST_NAME', last_name),
] if not val]
if missing:
print(f"Error: Missing required environment variables: {', '.join(missing)}")
return False
if not (4 <= len(pin) <= 6 and pin.isdigit()):
print("Error: SEED_PIN must be 4-6 digits")
return False
hashed_password = generate_password_hash(password)
Query_ = Query()
existing = users_db.get(Query_.email == email)
if existing:
users_db.update(
{'password': hashed_password, 'pin': pin},
Query_.email == email
)
print(f"✓ Test user updated successfully")
print(f" Email: {email}")
print(f" Name: {first_name} {last_name}")
print(f" PIN: {'*' * len(pin)}")
else:
user = User(
id=str(uuid.uuid4()),
email=email,
first_name=first_name,
last_name=last_name,
password=hashed_password,
pin=pin,
verified=True,
role='user',
)
users_db.insert(user.to_dict())
print(f"✓ Test user created successfully")
print(f" Email: {email}")
print(f" Name: {first_name} {last_name}")
print(f" PIN: {'*' * len(pin)}")
return True
if __name__ == '__main__':
print("=== Seed Test User ===\n")
success = seed_test_user()
sys.exit(0 if success else 1)

View File

@@ -0,0 +1,117 @@
"""
Script to trigger a digest email for a specific user via the admin API.
Usage:
python scripts/send_digest.py <email>
The script logs in as an admin using the ADMIN_EMAIL and ADMIN_PASSWORD
environment variables (defaults to localhost:5000).
Environment variables:
ADMIN_EMAIL - Admin account email (required)
ADMIN_PASSWORD - Admin account password (required)
API_BASE_URL - Base URL of the backend API (default: http://localhost:5000)
"""
import sys
import os
import json
import urllib.request
import urllib.error
# NOTE: When targeting a proxied frontend URL (e.g. nginx), append /api to the URL.
# e.g. API_BASE_URL=https://dev.chores.ryankegel.com/api
# Without /api, nginx will not forward requests to the backend and will return 405.
API_BASE_URL = os.environ.get('API_BASE_URL', 'http://localhost:5000').rstrip('/')
def _post(path: str, body: dict, cookie: str | None = None) -> tuple[int, dict]:
url = f"{API_BASE_URL}{path}"
data = json.dumps(body).encode()
headers = {'Content-Type': 'application/json'}
if cookie:
headers['Cookie'] = cookie
req = urllib.request.Request(url, data=data, headers=headers, method='POST')
try:
with urllib.request.urlopen(req) as resp:
return resp.status, json.loads(resp.read())
except urllib.error.HTTPError as e:
try:
return e.code, json.loads(e.read())
except Exception:
return e.code, {}
def main() -> None:
if len(sys.argv) != 2:
print('Usage: python scripts/send_digest.py <email>')
sys.exit(1)
target_email = sys.argv[1].strip()
admin_email = os.environ.get('ADMIN_EMAIL', '').strip()
admin_password = os.environ.get('ADMIN_PASSWORD', '').strip()
if not admin_email or not admin_password:
print('Error: ADMIN_EMAIL and ADMIN_PASSWORD environment variables are required')
sys.exit(1)
# Log in to get a session cookie
status, body = _post('/auth/login', {'email': admin_email, 'password': admin_password})
if status != 200:
print(f'Login failed ({status}): {body.get("error", body)}')
sys.exit(1)
# urllib doesn't automatically store cookies; we need to capture Set-Cookie manually.
# Re-do the login request to grab the cookie header.
login_url = f"{API_BASE_URL}/auth/login"
login_data = json.dumps({'email': admin_email, 'password': admin_password}).encode()
login_req = urllib.request.Request(
login_url,
data=login_data,
headers={'Content-Type': 'application/json'},
method='POST',
)
try:
with urllib.request.urlopen(login_req) as resp:
raw_cookies = resp.headers.get_all('Set-Cookie') or []
except urllib.error.HTTPError:
print('Login failed (could not retrieve cookie)')
sys.exit(1)
# Extract access_token cookie value
cookie_header = '; '.join(
part.split(';')[0] for part in raw_cookies
)
if not cookie_header:
print('Login succeeded but no cookies were returned')
sys.exit(1)
# Call the send-digest endpoint
status, body = _post(
'/admin/test/send-digest',
{'email': target_email},
cookie=cookie_header,
)
if status == 200:
items_sent = body.get('items_sent', 0)
if items_sent == 0:
print(f'No pending items found for {target_email} — no email sent.')
else:
print(f'Digest sent to {target_email} with {items_sent} item(s).')
elif status == 404 and body.get('code') == 'NOT_FOUND':
print('Error: This endpoint is disabled in the current environment (DB_ENV=production).')
sys.exit(1)
elif status == 404 and body.get('code') == 'USER_NOT_FOUND':
print(f'Error: No user found with email {target_email}')
sys.exit(1)
elif status == 403:
print(f'Error: {admin_email} is not an admin account.')
sys.exit(1)
else:
print(f'Error ({status}): {body.get("error", body)}')
sys.exit(1)
if __name__ == '__main__':
main()

View File

@@ -0,0 +1,112 @@
"""
Script to trigger the chore expiry notification check for a specific user via the admin API.
Usage:
python scripts/trigger_chore_expiry.py <email>
The script logs in as an admin using the ADMIN_EMAIL and ADMIN_PASSWORD
environment variables (defaults to localhost:5000).
Environment variables:
ADMIN_EMAIL - Admin account email (required)
ADMIN_PASSWORD - Admin account password (required)
API_BASE_URL - Base URL of the backend API (default: http://localhost:5000)
NOTE: When targeting a proxied frontend URL (e.g. nginx), append /api to the URL.
e.g. API_BASE_URL=https://dev.chores.ryankegel.com/api
"""
import sys
import os
import json
import urllib.request
import urllib.error
API_BASE_URL = os.environ.get('API_BASE_URL', 'http://localhost:5000').rstrip('/')
def _post(path: str, body: dict, cookie: str | None = None) -> tuple[int, dict]:
url = f"{API_BASE_URL}{path}"
data = json.dumps(body).encode()
headers = {'Content-Type': 'application/json'}
if cookie:
headers['Cookie'] = cookie
req = urllib.request.Request(url, data=data, headers=headers, method='POST')
try:
with urllib.request.urlopen(req) as resp:
return resp.status, json.loads(resp.read())
except urllib.error.HTTPError as e:
try:
return e.code, json.loads(e.read())
except Exception:
return e.code, {}
def _login() -> str:
"""Log in as admin and return the cookie header string."""
admin_email = os.environ.get('ADMIN_EMAIL', '').strip()
admin_password = os.environ.get('ADMIN_PASSWORD', '').strip()
if not admin_email or not admin_password:
print('Error: ADMIN_EMAIL and ADMIN_PASSWORD environment variables are required')
sys.exit(1)
login_url = f"{API_BASE_URL}/auth/login"
login_data = json.dumps({'email': admin_email, 'password': admin_password}).encode()
login_req = urllib.request.Request(
login_url,
data=login_data,
headers={'Content-Type': 'application/json'},
method='POST',
)
try:
with urllib.request.urlopen(login_req) as resp:
raw_cookies = resp.headers.get_all('Set-Cookie') or []
except urllib.error.HTTPError as e:
print(f'Login failed ({e.code})')
sys.exit(1)
cookie_header = '; '.join(part.split(';')[0] for part in raw_cookies)
if not cookie_header:
print('Login succeeded but no cookies were returned')
sys.exit(1)
return cookie_header
def main() -> None:
if len(sys.argv) != 2:
print('Usage: python scripts/trigger_chore_expiry.py <email>')
sys.exit(1)
target_email = sys.argv[1].strip()
cookie = _login()
status, body = _post(
'/admin/test/trigger-chore-expiry',
{'email': target_email},
cookie=cookie,
)
if status == 200:
count = body.get('chores_notified', 0)
if count == 0:
print(f'No expiring chores found for {target_email} in the next 75 minutes — no push sent.')
else:
print(f'Push notification sent for {count} expiring chore(s) for {target_email}.')
elif status == 404 and body.get('code') == 'NOT_FOUND':
print('Error: This endpoint is disabled in the current environment (DB_ENV=production).')
sys.exit(1)
elif status == 404 and body.get('code') == 'USER_NOT_FOUND':
print(f'Error: No user found with email {target_email}')
sys.exit(1)
elif status == 403:
admin_email = os.environ.get('ADMIN_EMAIL', '')
print(f'Error: {admin_email} is not an admin account.')
sys.exit(1)
else:
print(f'Error ({status}): {body.get("error", body)}')
sys.exit(1)
if __name__ == '__main__':
main()

View File

@@ -2,6 +2,9 @@ import os
os.environ['DB_ENV'] = 'test'
os.environ.setdefault('SECRET_KEY', 'test-secret-key')
os.environ.setdefault('REFRESH_TOKEN_EXPIRY_DAYS', '90')
os.environ.setdefault('DIGEST_TOKEN_SECRET', 'test-digest-secret')
os.environ.setdefault('VAPID_PUBLIC_KEY', 'test-vapid-public-key')
os.environ.setdefault('VAPID_PRIVATE_KEY', 'test-vapid-private-key')
import sys
import pytest

View File

@@ -5,7 +5,7 @@ import os
from flask import Flask
from api.child_api import child_api
from api.auth_api import auth_api
from db.db import child_db, reward_db, task_db, users_db, chore_schedules_db, task_extensions_db
from db.db import child_db, reward_db, task_db, users_db, chore_schedules_db, task_extensions_db, pending_confirmations_db
from tinydb import Query
from models.child import Child
import jwt
@@ -439,6 +439,29 @@ def test_list_child_tasks_returns_extension_date_when_set(client):
assert tasks[TASK_GOOD_ID]['extension_date'] == today
def test_list_child_tasks_returns_extension_date_for_yesterday(client):
"""Regression: extension inserted for yesterday's date must still be returned.
Previously, list-tasks used date_type.today() on the server to look up
extensions, causing a timezone mismatch when the client's local date
differed from the server's UTC date. The fix removes the date filter so
any stored extension is returned regardless of which date it was created
for.
"""
_setup_sched_child_and_tasks(task_db, child_db)
from datetime import date as date_type_local, timedelta
yesterday = (date_type_local.today() - timedelta(days=1)).isoformat()
task_extensions_db.insert({
'id': 'ext-yesterday',
'child_id': CHILD_SCHED_ID,
'task_id': TASK_GOOD_ID,
'date': yesterday,
})
resp = client.get(f'/child/{CHILD_SCHED_ID}/list-tasks')
tasks = {t['id']: t for t in resp.get_json()['tasks']}
assert tasks[TASK_GOOD_ID]['extension_date'] == yesterday
def test_list_child_tasks_extension_date_null_when_not_set(client):
"""Good chore with no extension returns extension_date=null."""
_setup_sched_child_and_tasks(task_db, child_db)
@@ -492,3 +515,99 @@ def test_list_child_tasks_no_server_side_filtering(client):
# Both good tasks must be present; server never filters based on schedule/time
assert TASK_GOOD_ID in returned_ids
assert extra_id in returned_ids
# ---------------------------------------------------------------------------
# request-reward: duplicate guard
# ---------------------------------------------------------------------------
def test_request_reward_duplicate_returns_409(client):
"""Requesting the same reward twice without resolution returns 409 Conflict."""
reward_db.insert({'id': 'r_dup', 'name': 'Duplicate Reward', 'cost': 5, 'user_id': 'testuserid'})
child_db.insert({
'id': 'child_dup',
'name': 'Dupe Kid',
'age': 8,
'points': 20,
'tasks': [],
'rewards': ['r_dup'],
'user_id': 'testuserid',
})
first = client.post('/child/child_dup/request-reward', json={'reward_id': 'r_dup'})
assert first.status_code == 200
second = client.post('/child/child_dup/request-reward', json={'reward_id': 'r_dup'})
assert second.status_code == 409
assert second.get_json()['code'] == 'DUPLICATE_REWARD_REQUEST'
# Cleanup
pending_confirmations_db.remove(Query().child_id == 'child_dup')
child_db.remove(Query().id == 'child_dup')
reward_db.remove(Query().id == 'r_dup')
# ---------------------------------------------------------------------------
# deny-reward-request endpoint
# ---------------------------------------------------------------------------
def test_deny_reward_request_removes_pending(client):
"""Denying a reward request removes the pending confirmation and fires REQUEST_CANCELLED."""
reward_db.insert({'id': 'r_deny1', 'name': 'Deny Reward', 'cost': 5, 'user_id': 'testuserid'})
child_db.insert({
'id': 'child_deny1',
'name': 'Deny Kid',
'age': 9,
'points': 10,
'tasks': [],
'rewards': ['r_deny1'],
'user_id': 'testuserid',
})
pending_confirmations_db.insert({
'id': 'pend_deny1',
'child_id': 'child_deny1',
'entity_id': 'r_deny1',
'entity_type': 'reward',
'user_id': 'testuserid',
'status': 'pending',
'approved_at': None,
})
resp = client.post('/child/child_deny1/deny-reward-request', json={'reward_id': 'r_deny1'})
assert resp.status_code == 200
remaining = pending_confirmations_db.get(
(Query().child_id == 'child_deny1') & (Query().entity_id == 'r_deny1')
)
assert remaining is None
# Cleanup
child_db.remove(Query().id == 'child_deny1')
reward_db.remove(Query().id == 'r_deny1')
def test_deny_reward_request_already_resolved_returns_200(client):
"""If no pending request exists, denying returns 200 with an informational message."""
resp = client.post('/child/child_gone/deny-reward-request', json={'reward_id': 'r_gone'})
assert resp.status_code == 200
data = resp.get_json()
assert 'already been resolved' in data['message']
def test_deny_reward_request_requires_auth(client):
"""Deny-reward-request endpoint rejects unauthenticated requests."""
# Create a fresh unauthenticated client
from flask import Flask
from api.child_api import child_api as child_api_bp
from api.auth_api import auth_api as auth_api_bp
from tests.conftest import TEST_SECRET_KEY, TEST_REFRESH_TOKEN_EXPIRY_DAYS
app2 = Flask(__name__)
app2.register_blueprint(child_api_bp)
app2.register_blueprint(auth_api_bp, url_prefix='/auth')
app2.config['TESTING'] = True
app2.config['SECRET_KEY'] = TEST_SECRET_KEY
app2.config['REFRESH_TOKEN_EXPIRY_DAYS'] = TEST_REFRESH_TOKEN_EXPIRY_DAYS
with app2.test_client() as anon:
resp = anon.post('/child/someid/deny-reward-request', json={'reward_id': 'r1'})
assert resp.status_code == 401

View File

@@ -0,0 +1,544 @@
"""Tests for the chore expiry notification scheduler."""
import os
import pytest
from datetime import datetime, timedelta, timezone
from unittest.mock import patch, MagicMock
from flask import Flask
from tinydb import Query
from utils.chore_expiry_notification_scheduler import (
get_expiring_chores_for_user,
_build_push_payload,
send_chore_expiry_notifications_for_user,
run_chore_expiry_check,
)
from utils.schedule_utils import interval_hits_today, is_scheduled_today, get_due_time_today
from db.db import users_db, child_db, task_db, chore_schedules_db, pending_confirmations_db
from tests.conftest import TEST_SECRET_KEY
USER_ID = "expiry_notif_user"
CHILD_ID = "expiry_notif_child"
CHILD_ID_2 = "expiry_notif_child_2"
TASK_ID = "expiry_notif_task"
TASK_ID_2 = "expiry_notif_task_2"
# ---------------------------------------------------------------------------
# Helpers
# ---------------------------------------------------------------------------
def _seed_user(push_enabled: bool = True, verified: bool = True):
users_db.remove(Query().id == USER_ID)
users_db.insert({
"id": USER_ID,
"first_name": "Notify",
"last_name": "Tester",
"email": f"{USER_ID}@example.com",
"password": "hashed",
"verified": verified,
"role": "user",
"image_id": None,
"marked_for_deletion": False,
"timezone": "UTC",
"email_digest_enabled": False,
"push_notifications_enabled": push_enabled,
})
def _seed_child(child_id: str = CHILD_ID, task_ids: list = None):
if task_ids is None:
task_ids = [TASK_ID]
child_db.remove(Query().id == child_id)
child_db.insert({
"id": child_id,
"user_id": USER_ID,
"name": "Alex" if child_id == CHILD_ID else "Sam",
"age": 8,
"points": 0,
"tasks": task_ids,
"rewards": [],
"image_id": None,
})
def _seed_task(task_id: str = TASK_ID, name: str = "Clean Room"):
task_db.remove(Query().id == task_id)
task_db.insert({
"id": task_id,
"user_id": USER_ID,
"name": name,
"points": 10,
"type": "chore",
"image_id": None,
})
def _seed_schedule(
child_id: str = CHILD_ID,
task_id: str = TASK_ID,
mode: str = "days",
day_configs: list = None,
default_has_deadline: bool = True,
default_hour: int = 21,
default_minute: int = 0,
enabled: bool = True,
interval_days: int = 1,
anchor_date: str = "",
interval_has_deadline: bool = True,
interval_hour: int = 21,
interval_minute: int = 0,
):
"""Seed a chore schedule. For 'days' mode, day_configs defaults to all 7 days."""
if day_configs is None:
day_configs = [
{"day": d, "hour": default_hour, "minute": default_minute}
for d in range(7)
]
chore_schedules_db.remove(
(Query().child_id == child_id) & (Query().task_id == task_id)
)
chore_schedules_db.insert({
"id": f"sched_{child_id}_{task_id}",
"child_id": child_id,
"task_id": task_id,
"mode": mode,
"day_configs": day_configs,
"default_hour": default_hour,
"default_minute": default_minute,
"default_has_deadline": default_has_deadline,
"interval_days": interval_days,
"anchor_date": anchor_date,
"interval_has_deadline": interval_has_deadline,
"interval_hour": interval_hour,
"interval_minute": interval_minute,
"enabled": enabled,
})
def _seed_confirmation(child_id: str = CHILD_ID, task_id: str = TASK_ID, status: str = "pending"):
pending_confirmations_db.remove(
(Query().child_id == child_id) & (Query().entity_id == task_id)
)
pending_confirmations_db.insert({
"id": f"conf_{child_id}_{task_id}",
"user_id": USER_ID,
"child_id": child_id,
"entity_id": task_id,
"entity_type": "chore",
"status": status,
"approved_at": None,
"created_at": 0,
"updated_at": 0,
})
def _cleanup():
for cid in (CHILD_ID, CHILD_ID_2):
child_db.remove(Query().id == cid)
chore_schedules_db.remove(Query().child_id == cid)
pending_confirmations_db.remove(Query().child_id == cid)
for tid in (TASK_ID, TASK_ID_2):
task_db.remove(Query().id == tid)
users_db.remove(Query().id == USER_ID)
def _now_with_deadline_in_window(minutes_ahead: int = 30) -> tuple[datetime, int, int]:
"""Return (now_dt, hour, minute) so that deadline = now + minutes_ahead."""
now = datetime.now(timezone.utc)
deadline = now + timedelta(minutes=minutes_ahead)
return now, deadline.hour, deadline.minute
@pytest.fixture
def app():
flask_app = Flask(__name__)
flask_app.config['TESTING'] = True
flask_app.config['SECRET_KEY'] = TEST_SECRET_KEY
return flask_app
# ---------------------------------------------------------------------------
# schedule_utils unit tests
# ---------------------------------------------------------------------------
class TestIntervalHitsToday:
def test_same_day_as_anchor_hits(self):
from datetime import date
d = date(2026, 4, 22)
assert interval_hits_today("2026-04-22", 3, d) is True
def test_interval_day_hits(self):
from datetime import date
assert interval_hits_today("2026-04-22", 3, date(2026, 4, 25)) is True
def test_non_interval_day_misses(self):
from datetime import date
assert interval_hits_today("2026-04-22", 3, date(2026, 4, 24)) is False
def test_before_anchor_misses(self):
from datetime import date
assert interval_hits_today("2026-04-22", 1, date(2026, 4, 21)) is False
def test_empty_anchor_hits_today(self):
from datetime import date
d = date(2026, 4, 22)
assert interval_hits_today("", 1, d) is True
class TestIsScheduledToday:
def test_days_mode_matching_weekday(self):
from datetime import date
# 2026-04-22 is Wednesday → JS weekday 3 (Sun=0..Sat=6)
schedule = {"mode": "days", "enabled": True, "day_configs": [{"day": 3}]}
assert is_scheduled_today(schedule, date(2026, 4, 22)) is True
def test_days_mode_non_matching_weekday(self):
from datetime import date
schedule = {"mode": "days", "enabled": True, "day_configs": [{"day": 1}]}
assert is_scheduled_today(schedule, date(2026, 4, 22)) is False
def test_paused_schedule_always_true(self):
from datetime import date
schedule = {"mode": "days", "enabled": False, "day_configs": []}
assert is_scheduled_today(schedule, date(2026, 4, 22)) is True
def test_interval_mode_hit(self):
from datetime import date
schedule = {
"mode": "interval", "enabled": True,
"interval_days": 1, "anchor_date": "2026-04-22",
}
assert is_scheduled_today(schedule, date(2026, 4, 22)) is True
def test_interval_mode_miss(self):
from datetime import date
schedule = {
"mode": "interval", "enabled": True,
"interval_days": 3, "anchor_date": "2026-04-22",
}
assert is_scheduled_today(schedule, date(2026, 4, 23)) is False
class TestGetDueTimeToday:
def test_days_mode_returns_due_time(self):
from datetime import date
# Wednesday → JS 3 (Sun=0..Sat=6)
schedule = {
"mode": "days", "enabled": True,
"default_has_deadline": True,
"day_configs": [{"day": 3, "hour": 21, "minute": 0}],
}
assert get_due_time_today(schedule, date(2026, 4, 22)) == (21, 0)
def test_days_mode_anytime_returns_none(self):
from datetime import date
schedule = {
"mode": "days", "enabled": True,
"default_has_deadline": False,
"day_configs": [{"day": 4, "hour": 21, "minute": 0}],
}
assert get_due_time_today(schedule, date(2026, 4, 22)) is None
def test_days_mode_wrong_day_returns_none(self):
from datetime import date
schedule = {
"mode": "days", "enabled": True,
"default_has_deadline": True,
"day_configs": [{"day": 1, "hour": 21, "minute": 0}],
}
assert get_due_time_today(schedule, date(2026, 4, 22)) is None
def test_paused_returns_none(self):
from datetime import date
schedule = {
"mode": "days", "enabled": False,
"default_has_deadline": True,
"day_configs": [{"day": 4, "hour": 21, "minute": 0}],
}
assert get_due_time_today(schedule, date(2026, 4, 22)) is None
def test_interval_mode_returns_due_time(self):
from datetime import date
schedule = {
"mode": "interval", "enabled": True,
"interval_days": 1, "anchor_date": "2026-04-22",
"interval_has_deadline": True,
"interval_hour": 20, "interval_minute": 30,
}
assert get_due_time_today(schedule, date(2026, 4, 22)) == (20, 30)
def test_interval_mode_anytime_returns_none(self):
from datetime import date
schedule = {
"mode": "interval", "enabled": True,
"interval_days": 1, "anchor_date": "2026-04-22",
"interval_has_deadline": False,
"interval_hour": 20, "interval_minute": 30,
}
assert get_due_time_today(schedule, date(2026, 4, 22)) is None
# ---------------------------------------------------------------------------
# get_expiring_chores_for_user tests
# ---------------------------------------------------------------------------
class TestGetExpiringChoresForUser:
def setup_method(self):
_cleanup()
_seed_user()
_seed_child()
_seed_task()
def teardown_method(self):
_cleanup()
def test_chore_in_window_included(self, app):
now, h, m = _now_with_deadline_in_window(minutes_ahead=30)
_seed_schedule(default_hour=h, default_minute=m)
with app.app_context():
result = get_expiring_chores_for_user(USER_ID, "UTC", now)
assert len(result) == 1
assert result[0]['task_id'] == TASK_ID
assert result[0]['child_id'] == CHILD_ID
def test_chore_deadline_past_excluded(self, app):
# Deadline 10 minutes in the past
now = datetime.now(timezone.utc)
past = now - timedelta(minutes=10)
_seed_schedule(default_hour=past.hour, default_minute=past.minute)
with app.app_context():
result = get_expiring_chores_for_user(USER_ID, "UTC", now)
assert result == []
def test_chore_deadline_beyond_window_excluded(self, app):
# Deadline 80 minutes ahead (beyond 75-min window)
now, h, m = _now_with_deadline_in_window(minutes_ahead=80)
_seed_schedule(default_hour=h, default_minute=m)
with app.app_context():
result = get_expiring_chores_for_user(USER_ID, "UTC", now)
assert result == []
def test_anytime_chore_excluded(self, app):
now, h, m = _now_with_deadline_in_window(minutes_ahead=30)
_seed_schedule(default_has_deadline=False, default_hour=h, default_minute=m)
with app.app_context():
result = get_expiring_chores_for_user(USER_ID, "UTC", now)
assert result == []
def test_wrong_day_excluded(self, app):
from datetime import date
now = datetime.now(timezone.utc)
# Schedule only on a day that is NOT today
today_js = (now.weekday() + 1) % 7
wrong_day = (today_js + 1) % 7
h = (now + timedelta(minutes=30)).hour
m = (now + timedelta(minutes=30)).minute
_seed_schedule(
day_configs=[{"day": wrong_day, "hour": h, "minute": m}],
default_hour=h,
default_minute=m,
)
with app.app_context():
result = get_expiring_chores_for_user(USER_ID, "UTC", now)
assert result == []
def test_pending_confirmation_excludes_chore(self, app):
now, h, m = _now_with_deadline_in_window(minutes_ahead=30)
_seed_schedule(default_hour=h, default_minute=m)
_seed_confirmation(status="pending")
with app.app_context():
result = get_expiring_chores_for_user(USER_ID, "UTC", now)
assert result == []
def test_approved_confirmation_excludes_chore(self, app):
now, h, m = _now_with_deadline_in_window(minutes_ahead=30)
_seed_schedule(default_hour=h, default_minute=m)
_seed_confirmation(status="approved")
with app.app_context():
result = get_expiring_chores_for_user(USER_ID, "UTC", now)
assert result == []
def test_no_schedule_excluded(self, app):
now = datetime.now(timezone.utc)
# No schedule seeded
with app.app_context():
result = get_expiring_chores_for_user(USER_ID, "UTC", now)
assert result == []
def test_paused_schedule_excluded(self, app):
now, h, m = _now_with_deadline_in_window(minutes_ahead=30)
_seed_schedule(enabled=False, default_hour=h, default_minute=m)
with app.app_context():
result = get_expiring_chores_for_user(USER_ID, "UTC", now)
assert result == []
def test_interval_mode_hit_included(self, app):
now, h, m = _now_with_deadline_in_window(minutes_ahead=30)
today_iso = now.strftime("%Y-%m-%d")
_seed_schedule(
mode="interval",
interval_days=1,
anchor_date=today_iso,
interval_has_deadline=True,
interval_hour=h,
interval_minute=m,
)
with app.app_context():
result = get_expiring_chores_for_user(USER_ID, "UTC", now)
assert len(result) == 1
def test_interval_mode_miss_excluded(self, app):
now = datetime.now(timezone.utc)
h = (now + timedelta(minutes=30)).hour
m = (now + timedelta(minutes=30)).minute
# Anchor yesterday with interval_days=2 → not today
yesterday = (now - timedelta(days=1)).strftime("%Y-%m-%d")
_seed_schedule(
mode="interval",
interval_days=2,
anchor_date=yesterday,
interval_has_deadline=True,
interval_hour=h,
interval_minute=m,
)
with app.app_context():
result = get_expiring_chores_for_user(USER_ID, "UTC", now)
assert result == []
def test_multiple_children_grouped(self, app):
_seed_child(CHILD_ID_2, task_ids=[TASK_ID_2])
_seed_task(TASK_ID_2, name="Take Out Trash")
now, h, m = _now_with_deadline_in_window(minutes_ahead=30)
_seed_schedule(child_id=CHILD_ID, task_id=TASK_ID, default_hour=h, default_minute=m)
_seed_schedule(child_id=CHILD_ID_2, task_id=TASK_ID_2, default_hour=h, default_minute=m)
with app.app_context():
result = get_expiring_chores_for_user(USER_ID, "UTC", now)
assert len(result) == 2
child_ids = {r['child_id'] for r in result}
assert CHILD_ID in child_ids
assert CHILD_ID_2 in child_ids
# ---------------------------------------------------------------------------
# _build_push_payload tests
# ---------------------------------------------------------------------------
class TestBuildPushPayload:
def test_single_chore_sets_title_and_deep_link(self):
expiring = [{"child_id": "c1", "child_name": "Alex", "task_id": "t1", "task_name": "Clean Room"}]
payload = _build_push_payload(expiring)
assert payload['title'] == "Chore ending soon: Clean Room"
assert payload['child_id'] == "c1"
assert payload['entity_id'] == "t1"
assert payload['type'] == 'chore_expiring_soon'
def test_multiple_chores_uses_generic_title(self):
expiring = [
{"child_id": "c1", "child_name": "Alex", "task_id": "t1", "task_name": "Clean Room"},
{"child_id": "c1", "child_name": "Alex", "task_id": "t2", "task_name": "Make Bed"},
]
payload = _build_push_payload(expiring)
assert payload['title'] == "Chores ending soon"
assert payload['child_id'] is None
assert payload['entity_id'] is None
def test_body_groups_by_child(self):
expiring = [
{"child_id": "c1", "child_name": "Alex", "task_id": "t1", "task_name": "Clean Room"},
{"child_id": "c1", "child_name": "Alex", "task_id": "t2", "task_name": "Make Bed"},
{"child_id": "c2", "child_name": "Sam", "task_id": "t3", "task_name": "Trash"},
]
payload = _build_push_payload(expiring)
assert "Alex: Clean Room, Make Bed" in payload['body']
assert "Sam: Trash" in payload['body']
def test_no_approve_deny_tokens(self):
expiring = [{"child_id": "c1", "child_name": "Alex", "task_id": "t1", "task_name": "Clean Room"}]
payload = _build_push_payload(expiring)
assert 'approve_token' not in payload
assert 'deny_token' not in payload
# ---------------------------------------------------------------------------
# send_chore_expiry_notifications_for_user tests
# ---------------------------------------------------------------------------
class TestSendChoreExpiryNotificationsForUser:
def setup_method(self):
_cleanup()
_seed_user()
_seed_child()
_seed_task()
def teardown_method(self):
_cleanup()
def test_sends_push_when_chore_expiring(self, app):
now, h, m = _now_with_deadline_in_window(minutes_ahead=30)
_seed_schedule(default_hour=h, default_minute=m)
with app.app_context():
with patch('utils.chore_expiry_notification_scheduler.send_push_to_user') as mock_push:
count = send_chore_expiry_notifications_for_user(USER_ID, "UTC")
assert count == 1
mock_push.assert_called_once()
payload = mock_push.call_args[0][1]
assert payload['type'] == 'chore_expiring_soon'
def test_no_push_when_no_expiring_chores(self, app):
# No schedule seeded → nothing expiring
with app.app_context():
with patch('utils.chore_expiry_notification_scheduler.send_push_to_user') as mock_push:
count = send_chore_expiry_notifications_for_user(USER_ID, "UTC")
assert count == 0
mock_push.assert_not_called()
# ---------------------------------------------------------------------------
# run_chore_expiry_check tests
# ---------------------------------------------------------------------------
class TestRunChoreExpiryCheck:
def setup_method(self):
_cleanup()
def teardown_method(self):
_cleanup()
def test_skips_when_db_env_is_e2e(self, app):
with patch.dict(os.environ, {'DB_ENV': 'e2e'}):
with patch('utils.chore_expiry_notification_scheduler.send_push_to_user') as mock_push:
run_chore_expiry_check(app)
mock_push.assert_not_called()
def test_skips_user_with_push_disabled(self, app):
_seed_user(push_enabled=False)
_seed_child()
_seed_task()
now, h, m = _now_with_deadline_in_window(minutes_ahead=30)
_seed_schedule(default_hour=h, default_minute=m)
with app.app_context():
with patch('utils.chore_expiry_notification_scheduler.send_push_to_user') as mock_push:
run_chore_expiry_check(app)
mock_push.assert_not_called()
def test_skips_unverified_user(self, app):
_seed_user(verified=False)
_seed_child()
_seed_task()
now, h, m = _now_with_deadline_in_window(minutes_ahead=30)
_seed_schedule(default_hour=h, default_minute=m)
with app.app_context():
with patch('utils.chore_expiry_notification_scheduler.send_push_to_user') as mock_push:
run_chore_expiry_check(app)
mock_push.assert_not_called()
def test_sends_push_for_eligible_user(self, app):
_seed_user(push_enabled=True, verified=True)
_seed_child()
_seed_task()
now, h, m = _now_with_deadline_in_window(minutes_ahead=30)
_seed_schedule(default_hour=h, default_minute=m)
with app.app_context():
with patch('utils.chore_expiry_notification_scheduler.send_push_to_user') as mock_push:
run_chore_expiry_check(app)
mock_push.assert_called_once()

View File

@@ -0,0 +1,292 @@
import os
import jwt
import pytest
from datetime import datetime, timedelta, timezone
from flask import Flask
from werkzeug.security import generate_password_hash
from tinydb import Query
from api.digest_action_api import digest_action_api
from db.db import (
users_db, child_db, task_db, reward_db,
pending_confirmations_db, digest_action_tokens_db,
tracking_events_db,
)
from utils.digest_token import (
create_action_token, create_unsubscribe_token, validate_unsubscribe_token
)
from tests.conftest import TEST_SECRET_KEY
TEST_USER_ID = "daa_user_id"
OTHER_USER_ID = "daa_other_user_id"
TEST_CHILD_ID = "daa_child_id"
TEST_TASK_ID = "daa_task_id"
TEST_REWARD_ID = "daa_reward_id"
FRONTEND_URL = "http://localhost:5173"
def make_auth_token(user_id: str) -> str:
"""Create a JWT access token for the given user_id, for use in tests."""
payload = {
'user_id': user_id,
'token_version': 0,
'exp': datetime.now(timezone.utc) + timedelta(minutes=15),
}
return jwt.encode(payload, TEST_SECRET_KEY, algorithm='HS256')
def seed_data():
users_db.remove(Query().id == TEST_USER_ID)
users_db.remove(Query().id == OTHER_USER_ID)
child_db.remove(Query().id == TEST_CHILD_ID)
task_db.remove(Query().id == TEST_TASK_ID)
reward_db.remove(Query().id == TEST_REWARD_ID)
pending_confirmations_db.remove(Query().user_id == TEST_USER_ID)
digest_action_tokens_db.truncate()
tracking_events_db.remove(Query().user_id == TEST_USER_ID)
users_db.insert({
"id": TEST_USER_ID,
"first_name": "Digest",
"last_name": "Tester",
"email": "digest@example.com",
"password": generate_password_hash("password"),
"verified": True,
"role": "user",
"image_id": None,
"marked_for_deletion": False,
"marked_for_deletion_at": None,
"email_digest_enabled": True,
"timezone": "America/New_York",
"token_version": 0,
})
users_db.insert({
"id": OTHER_USER_ID,
"first_name": "Other",
"last_name": "User",
"email": "other@example.com",
"password": generate_password_hash("password"),
"verified": True,
"role": "user",
"image_id": None,
"marked_for_deletion": False,
"marked_for_deletion_at": None,
"email_digest_enabled": True,
"timezone": "America/New_York",
"token_version": 0,
})
child_db.insert({
"id": TEST_CHILD_ID,
"user_id": TEST_USER_ID,
"name": "Test Child",
"age": 8,
"tasks": [TEST_TASK_ID],
"rewards": [TEST_REWARD_ID],
"points": 100,
"image_id": None,
})
task_db.insert({
"id": TEST_TASK_ID,
"user_id": TEST_USER_ID,
"name": "Clean Room",
"points": 10,
"type": "chore",
"description": "",
"image_id": None,
})
reward_db.insert({
"id": TEST_REWARD_ID,
"user_id": TEST_USER_ID,
"name": "Extra Screen Time",
"cost": 20,
"description": "",
"image_id": None,
})
def add_pending_chore():
pending_confirmations_db.insert({
"id": "pending_chore_id",
"user_id": TEST_USER_ID,
"child_id": TEST_CHILD_ID,
"entity_id": TEST_TASK_ID,
"entity_type": "chore",
"status": "pending",
"created_at": "2024-01-01T10:00:00+00:00",
})
def add_pending_reward():
pending_confirmations_db.insert({
"id": "pending_reward_id",
"user_id": TEST_USER_ID,
"child_id": TEST_CHILD_ID,
"entity_id": TEST_REWARD_ID,
"entity_type": "reward",
"status": "pending",
"created_at": "2024-01-01T10:00:00+00:00",
})
@pytest.fixture
def client():
app = Flask(__name__)
app.register_blueprint(digest_action_api)
app.config['TESTING'] = True
app.config['SECRET_KEY'] = TEST_SECRET_KEY
app.config['FRONTEND_URL'] = FRONTEND_URL
seed_data()
with app.test_client() as c:
yield c
seed_data()
@pytest.fixture
def auth_client(client):
"""Client pre-authenticated as TEST_USER_ID via JWT cookie."""
client.set_cookie('access_token', make_auth_token(TEST_USER_ID))
return client
class TestHandleDigestActionGet:
"""GET /digest-action/<token_id>: validates token, redirects with digestToken param, executes nothing."""
def test_redirects_to_parent_view_with_digest_token(self, client):
add_pending_chore()
token = create_action_token(TEST_USER_ID, TEST_CHILD_ID, TEST_TASK_ID, 'chore', 'approve')
res = client.get(f'/digest-action/{token.id}')
assert res.status_code == 302
location = res.headers['Location']
assert f'/parent/{TEST_CHILD_ID}' in location
assert f'digestToken={token.id}' in location
assert 'scrollTo=' in location
def test_does_not_execute_action(self, client):
"""GET must not change any data; action is deferred to the authenticated POST."""
add_pending_chore()
token = create_action_token(TEST_USER_ID, TEST_CHILD_ID, TEST_TASK_ID, 'chore', 'approve')
client.get(f'/digest-action/{token.id}')
child = child_db.get(Query().id == TEST_CHILD_ID)
assert child['points'] == 100 # unchanged
def test_does_not_consume_token(self, client):
"""GET can be called multiple times without consuming the token."""
add_pending_chore()
token = create_action_token(TEST_USER_ID, TEST_CHILD_ID, TEST_TASK_ID, 'chore', 'approve')
res1 = client.get(f'/digest-action/{token.id}')
res2 = client.get(f'/digest-action/{token.id}')
assert res1.status_code == 302
assert res2.status_code == 302
def test_invalid_token_returns_400(self, client):
res = client.get('/digest-action/nonexistent-token-id')
assert res.status_code == 400
def test_already_resolved_chore_still_redirects(self, client):
"""GET still redirects even if the pending chore no longer exists; token is valid."""
token = create_action_token(TEST_USER_ID, TEST_CHILD_ID, TEST_TASK_ID, 'chore', 'approve')
# No pending chore added — already resolved
res = client.get(f'/digest-action/{token.id}')
assert res.status_code == 302
class TestExecuteDigestActionPost:
"""POST /digest-action/<token_id>: requires auth, consumes token, executes action."""
def test_approve_chore_awards_points(self, auth_client):
add_pending_chore()
token = create_action_token(TEST_USER_ID, TEST_CHILD_ID, TEST_TASK_ID, 'chore', 'approve')
res = auth_client.post(f'/digest-action/{token.id}')
assert res.status_code == 200
child = child_db.get(Query().id == TEST_CHILD_ID)
assert child['points'] == 110 # 100 + 10
def test_deny_chore_removes_pending(self, auth_client):
add_pending_chore()
token = create_action_token(TEST_USER_ID, TEST_CHILD_ID, TEST_TASK_ID, 'chore', 'deny')
res = auth_client.post(f'/digest-action/{token.id}')
assert res.status_code == 200
pending = pending_confirmations_db.get(
(Query().child_id == TEST_CHILD_ID) & (Query().entity_id == TEST_TASK_ID)
)
assert pending is None
def test_approve_reward_deducts_points(self, auth_client):
add_pending_reward()
token = create_action_token(TEST_USER_ID, TEST_CHILD_ID, TEST_REWARD_ID, 'reward', 'approve')
res = auth_client.post(f'/digest-action/{token.id}')
assert res.status_code == 200
child = child_db.get(Query().id == TEST_CHILD_ID)
assert child['points'] == 80 # 100 - 20
def test_deny_reward_removes_pending(self, auth_client):
add_pending_reward()
token = create_action_token(TEST_USER_ID, TEST_CHILD_ID, TEST_REWARD_ID, 'reward', 'deny')
res = auth_client.post(f'/digest-action/{token.id}')
assert res.status_code == 200
pending = pending_confirmations_db.get(
(Query().child_id == TEST_CHILD_ID) & (Query().entity_id == TEST_REWARD_ID)
)
assert pending is None
def test_response_contains_success_payload(self, auth_client):
add_pending_chore()
token = create_action_token(TEST_USER_ID, TEST_CHILD_ID, TEST_TASK_ID, 'chore', 'approve')
res = auth_client.post(f'/digest-action/{token.id}')
assert res.status_code == 200
data = res.get_json()
assert data['success'] is True
assert data['child_id'] == TEST_CHILD_ID
assert data['entity_id'] == TEST_TASK_ID
assert data['action'] == 'approve'
def test_unauthenticated_returns_401(self, client):
add_pending_chore()
token = create_action_token(TEST_USER_ID, TEST_CHILD_ID, TEST_TASK_ID, 'chore', 'approve')
res = client.post(f'/digest-action/{token.id}')
assert res.status_code == 401
def test_wrong_user_returns_403(self, client):
"""A token created for TEST_USER_ID cannot be used by OTHER_USER_ID."""
add_pending_chore()
token = create_action_token(TEST_USER_ID, TEST_CHILD_ID, TEST_TASK_ID, 'chore', 'approve')
client.set_cookie('access_token', make_auth_token(OTHER_USER_ID))
res = client.post(f'/digest-action/{token.id}')
assert res.status_code == 403
def test_invalid_token_returns_400(self, auth_client):
res = auth_client.post('/digest-action/nonexistent-token-id')
assert res.status_code == 400
def test_used_token_returns_400(self, auth_client):
add_pending_chore()
token = create_action_token(TEST_USER_ID, TEST_CHILD_ID, TEST_TASK_ID, 'chore', 'approve')
auth_client.post(f'/digest-action/{token.id}') # first use — consumes token
res = auth_client.post(f'/digest-action/{token.id}') # second use
assert res.status_code == 400
def test_get_after_post_returns_400(self, auth_client):
"""Once the token is consumed via POST, the GET redirect should also fail."""
add_pending_chore()
token = create_action_token(TEST_USER_ID, TEST_CHILD_ID, TEST_TASK_ID, 'chore', 'approve')
auth_client.post(f'/digest-action/{token.id}') # consumes token
res = auth_client.get(f'/digest-action/{token.id}')
assert res.status_code == 400
class TestHandleDigestUnsubscribe:
def test_valid_token_unsubscribes_user(self, client):
token = create_unsubscribe_token(TEST_USER_ID)
res = client.get(f'/digest-unsubscribe/{token}')
assert res.status_code == 200
user = users_db.get(Query().id == TEST_USER_ID)
assert user['email_digest_enabled'] is False
def test_invalid_token_returns_400(self, client):
res = client.get('/digest-unsubscribe/garbage-token')
assert res.status_code == 400
def test_response_contains_unsubscribed_message(self, client):
token = create_unsubscribe_token(TEST_USER_ID)
res = client.get(f'/digest-unsubscribe/{token}')
assert b'unsubscribed' in res.data.lower()

View File

@@ -0,0 +1,262 @@
"""Tests for the digest scheduler and email HTML generation."""
import os
import pytest
from unittest.mock import patch, MagicMock
from flask import Flask
from werkzeug.security import generate_password_hash
from tinydb import Query
from utils.digest_scheduler import send_digests
from utils.email_sender import send_digest_email
from db.db import users_db, pending_confirmations_db, child_db, task_db, reward_db
from tests.conftest import TEST_SECRET_KEY
SCHED_USER_ID = "sched_test_user"
SCHED_EMAIL = "schedtest@example.com"
SCHED_CHILD_ID = "sched_child_id"
SCHED_TASK_ID = "sched_task_id"
SCHED_REWARD_ID = "sched_reward_id"
def seed_scheduler_data(
verified=True,
email_digest_enabled=True,
timezone="UTC",
has_pending=True,
):
users_db.remove(Query().id == SCHED_USER_ID)
child_db.remove(Query().id == SCHED_CHILD_ID)
task_db.remove(Query().id == SCHED_TASK_ID)
reward_db.remove(Query().id == SCHED_REWARD_ID)
pending_confirmations_db.remove(Query().user_id == SCHED_USER_ID)
users_db.insert({
"id": SCHED_USER_ID,
"first_name": "Sched",
"last_name": "Tester",
"email": SCHED_EMAIL,
"password": generate_password_hash("schedpass"),
"verified": verified,
"role": "user",
"image_id": None,
"marked_for_deletion": False,
"marked_for_deletion_at": None,
"timezone": timezone,
"email_digest_enabled": email_digest_enabled,
})
child_db.insert({
"id": SCHED_CHILD_ID,
"user_id": SCHED_USER_ID,
"name": "Sched Child",
"age": 8,
"points": 50,
"tasks": [SCHED_TASK_ID],
"rewards": [SCHED_REWARD_ID],
"image_id": None,
})
task_db.insert({
"id": SCHED_TASK_ID,
"user_id": SCHED_USER_ID,
"name": "Clean Room",
"points": 10,
"type": "chore",
"image_id": None,
})
reward_db.insert({
"id": SCHED_REWARD_ID,
"user_id": SCHED_USER_ID,
"name": "Movie Night",
"cost": 20,
"image_id": None,
})
if has_pending:
pending_confirmations_db.insert({
"id": "sched_pending_id",
"user_id": SCHED_USER_ID,
"child_id": SCHED_CHILD_ID,
"entity_id": SCHED_TASK_ID,
"entity_type": "chore",
"status": "pending",
"approved_at": None,
})
def cleanup_scheduler_data():
users_db.remove(Query().id == SCHED_USER_ID)
child_db.remove(Query().id == SCHED_CHILD_ID)
task_db.remove(Query().id == SCHED_TASK_ID)
reward_db.remove(Query().id == SCHED_REWARD_ID)
pending_confirmations_db.remove(Query().user_id == SCHED_USER_ID)
@pytest.fixture
def app():
flask_app = Flask(__name__)
flask_app.config['TESTING'] = True
flask_app.config['SECRET_KEY'] = TEST_SECRET_KEY
flask_app.config['FRONTEND_URL'] = 'http://localhost:5173'
flask_app.config['MAIL_DEFAULT_SENDER'] = 'no-reply@reward-app.local'
return flask_app
class TestSendDigests:
def setup_method(self):
cleanup_scheduler_data()
def teardown_method(self):
cleanup_scheduler_data()
def test_sends_digest_to_eligible_user_at_9pm(self, app):
"""Identifies verified, digest-enabled users whose local time is 9 pm and sends digest."""
seed_scheduler_data()
with patch('utils.digest_scheduler._get_local_hour', return_value=21), \
patch('utils.email_sender.Mail') as mock_mail:
send_digests(app)
assert mock_mail.return_value.send.called
def test_skips_user_with_no_pending_items(self, app):
"""Digest is not sent if there are no pending items."""
seed_scheduler_data(has_pending=False)
with patch('utils.digest_scheduler._get_local_hour', return_value=21), \
patch('utils.email_sender.Mail') as mock_mail:
send_digests(app)
assert not mock_mail.return_value.send.called
def test_skips_unverified_user(self, app):
"""Digest is not sent to unverified users."""
seed_scheduler_data(verified=False)
with patch('utils.digest_scheduler._get_local_hour', return_value=21), \
patch('utils.email_sender.Mail') as mock_mail:
send_digests(app)
assert not mock_mail.return_value.send.called
def test_skips_user_with_digest_disabled(self, app):
"""Digest is not sent to users who have email_digest_enabled == False."""
seed_scheduler_data(email_digest_enabled=False)
with patch('utils.digest_scheduler._get_local_hour', return_value=21), \
patch('utils.email_sender.Mail') as mock_mail:
send_digests(app)
assert not mock_mail.return_value.send.called
def test_skips_user_not_at_9pm(self, app):
"""Digest is not sent when the user's local time is not 21."""
seed_scheduler_data()
with patch('utils.digest_scheduler._get_local_hour', return_value=10), \
patch('utils.email_sender.Mail') as mock_mail:
send_digests(app)
assert not mock_mail.return_value.send.called
def test_reads_timezone_and_falls_back_to_utc(self, app):
"""_get_local_hour uses User.timezone; None falls back to UTC."""
from utils.digest_scheduler import _get_local_hour
from datetime import datetime, timezone as tz
utc_hour = datetime.now(tz.utc).hour
assert _get_local_hour(None) == utc_hour
# A real timezone that differs from UTC (New York is UTC-4 or UTC-5)
result = _get_local_hour("America/New_York")
assert 0 <= result <= 23
def test_skips_when_db_env_is_e2e(self, app):
"""Digest scheduler does nothing in the e2e test environment."""
seed_scheduler_data()
original = os.environ.get('DB_ENV')
try:
os.environ['DB_ENV'] = 'e2e'
with patch('utils.email_sender.Mail') as mock_mail:
send_digests(app)
assert not mock_mail.return_value.send.called
finally:
if original is not None:
os.environ['DB_ENV'] = original
else:
os.environ.pop('DB_ENV', None)
class TestDigestEmailHtml:
"""Tests for the HTML content of send_digest_email."""
@pytest.fixture
def app_ctx(self, app):
with app.app_context():
yield
def _build_items(self):
return [
{
'child_name': 'Alice',
'entity_name': 'Clean Room',
'entity_type': 'chore',
'view_url': 'http://localhost:5173/parent/child1?scrollTo=task1&entityType=chore',
'approve_url': 'http://localhost:5173/api/digest-action/approve_tok',
'deny_url': 'http://localhost:5173/api/digest-action/deny_tok',
'child_id': 'child1',
'entity_id': 'task1',
},
{
'child_name': 'Alice',
'entity_name': 'Movie Night',
'entity_type': 'reward',
'view_url': 'http://localhost:5173/parent/child1?scrollTo=reward1&entityType=reward',
'approve_url': 'http://localhost:5173/api/digest-action/approve_tok2',
'deny_url': 'http://localhost:5173/api/digest-action/deny_tok2',
'child_id': 'child1',
'entity_id': 'reward1',
},
]
def test_email_contains_child_section(self, app_ctx):
"""Email HTML contains a section for each child."""
with patch('utils.email_sender.Mail') as mock_mail:
send_digest_email(SCHED_EMAIL, self._build_items(), 'unsub_tok')
msg = mock_mail.return_value.send.call_args[0][0]
assert 'Alice' in msg.html
def test_email_contains_item_names(self, app_ctx):
"""Email HTML lists each pending item's name."""
with patch('utils.email_sender.Mail') as mock_mail:
send_digest_email(SCHED_EMAIL, self._build_items(), 'unsub_tok')
msg = mock_mail.return_value.send.call_args[0][0]
assert 'Clean Room' in msg.html
assert 'Movie Night' in msg.html
def test_email_contains_approve_and_deny_links(self, app_ctx):
"""Email HTML contains Approve and Deny links for each item."""
with patch('utils.email_sender.Mail') as mock_mail:
send_digest_email(SCHED_EMAIL, self._build_items(), 'unsub_tok')
msg = mock_mail.return_value.send.call_args[0][0]
assert 'approve_tok' in msg.html
assert 'deny_tok' in msg.html
assert 'Approve' in msg.html
assert 'Deny' in msg.html
def test_email_contains_view_links(self, app_ctx):
"""Email HTML contains a View link for each item."""
with patch('utils.email_sender.Mail') as mock_mail:
send_digest_email(SCHED_EMAIL, self._build_items(), 'unsub_tok')
msg = mock_mail.return_value.send.call_args[0][0]
assert 'View' in msg.html
assert 'scrollTo=task1' in msg.html
def test_email_contains_unsubscribe_link(self, app_ctx):
"""Email HTML footer contains the unsubscribe link."""
with patch('utils.email_sender.Mail') as mock_mail:
send_digest_email(SCHED_EMAIL, self._build_items(), 'unsub_tok')
msg = mock_mail.return_value.send.call_args[0][0]
assert 'unsub_tok' in msg.html
assert 'Unsubscribe' in msg.html
def test_approve_link_styled_green(self, app_ctx):
"""Approve links use green color styling."""
with patch('utils.email_sender.Mail') as mock_mail:
send_digest_email(SCHED_EMAIL, self._build_items(), 'unsub_tok')
msg = mock_mail.return_value.send.call_args[0][0]
# Find the Approve link and verify green color is adjacent
assert '#22c55e' in msg.html # green used for Approve
def test_deny_link_styled_red(self, app_ctx):
"""Deny links use red color styling."""
with patch('utils.email_sender.Mail') as mock_mail:
send_digest_email(SCHED_EMAIL, self._build_items(), 'unsub_tok')
msg = mock_mail.return_value.send.call_args[0][0]
assert '#ef4444' in msg.html # red used for Deny

View File

@@ -0,0 +1,133 @@
import os
import time
import pytest
from tinydb import Query
from db.db import digest_action_tokens_db
from utils.digest_token import (
create_action_token,
validate_and_consume_token,
create_unsubscribe_token,
validate_unsubscribe_token,
)
def cleanup():
digest_action_tokens_db.truncate()
@pytest.fixture(autouse=True)
def clear_tokens():
cleanup()
yield
cleanup()
class TestCreateActionToken:
def test_returns_token_with_correct_fields(self):
token = create_action_token('u1', 'c1', 'e1', 'chore', 'approve')
assert token.user_id == 'u1'
assert token.child_id == 'c1'
assert token.entity_id == 'e1'
assert token.entity_type == 'chore'
assert token.action == 'approve'
assert token.used is False
assert token.signature
def test_persists_to_db(self):
token = create_action_token('u1', 'c1', 'e1', 'chore', 'approve')
stored = digest_action_tokens_db.get(Query().id == token.id)
assert stored is not None
assert stored['entity_type'] == 'chore'
def test_different_tokens_have_unique_ids(self):
t1 = create_action_token('u1', 'c1', 'e1', 'chore', 'approve')
t2 = create_action_token('u1', 'c1', 'e1', 'reward', 'deny')
assert t1.id != t2.id
class TestValidateAndConsumeToken:
def test_valid_token_is_returned_and_marked_used(self):
token = create_action_token('u1', 'c1', 'e1', 'chore', 'approve')
result = validate_and_consume_token(token.id)
assert result is not None
assert result.id == token.id
stored = digest_action_tokens_db.get(Query().id == token.id)
assert stored['used'] is True
def test_nonexistent_token_returns_none(self):
assert validate_and_consume_token('nonexistent-id') is None
def test_already_used_token_returns_none(self):
token = create_action_token('u1', 'c1', 'e1', 'chore', 'approve')
validate_and_consume_token(token.id) # first use
result = validate_and_consume_token(token.id) # second use
assert result is None
def test_expired_token_returns_none(self):
# Create a token that is already expired
from datetime import datetime, timedelta, timezone
from db.digest_action_tokens import insert_token
from models.digest_action_token import DigestActionToken
import uuid, json, hmac, hashlib
token_id = str(uuid.uuid4())
expires_at = (datetime.now(timezone.utc) - timedelta(hours=1)).isoformat()
payload = {
'id': token_id,
'user_id': 'u1',
'child_id': 'c1',
'entity_id': 'e1',
'entity_type': 'chore',
'action': 'approve',
'expires_at': expires_at,
}
secret = os.environ.get('DIGEST_TOKEN_SECRET')
canonical = json.dumps(payload, sort_keys=True, separators=(',', ':'))
sig = hmac.new(secret.encode(), canonical.encode(), hashlib.sha256).hexdigest()
token = DigestActionToken(
id=token_id, user_id='u1', child_id='c1', entity_id='e1',
entity_type='chore', action='approve', expires_at=expires_at,
used=False, signature=sig,
)
insert_token(token)
assert validate_and_consume_token(token_id) is None
def test_tampered_signature_returns_none(self):
token = create_action_token('u1', 'c1', 'e1', 'chore', 'approve')
# Tamper the signature in DB
digest_action_tokens_db.update(
{'signature': 'deadbeef' * 8},
Query().id == token.id
)
assert validate_and_consume_token(token.id) is None
class TestUnsubscribeToken:
def test_create_and_validate(self):
token = create_unsubscribe_token('user123')
assert token
result = validate_unsubscribe_token(token)
assert result == 'user123'
def test_invalid_token_returns_none(self):
assert validate_unsubscribe_token('garbage-token') is None
def test_tampered_token_returns_none(self):
token = create_unsubscribe_token('user123')
# Change one character
tampered = token[:-1] + ('A' if token[-1] != 'A' else 'B')
assert validate_unsubscribe_token(tampered) is None
def test_expired_token_returns_none(self):
"""Build a token with a past expiry timestamp by mocking time."""
import base64, hmac, hashlib
user_id = 'user_expired'
expiry_ts = int(time.time()) - 1 # already expired
payload_str = f"{user_id}:{expiry_ts}"
secret = os.environ.get('DIGEST_TOKEN_SECRET')
sig = hmac.new(secret.encode(), payload_str.encode(), hashlib.sha256).hexdigest()
raw = f"{payload_str}:{sig}"
token = base64.urlsafe_b64encode(raw.encode()).decode()
assert validate_unsubscribe_token(token) is None

View File

@@ -0,0 +1,170 @@
import os
import pytest
from flask import Flask
from werkzeug.security import generate_password_hash
from tinydb import Query
from api.push_subscription_api import push_subscription_api
from api.auth_api import auth_api
from db.db import users_db, push_subscriptions_db
from tests.conftest import TEST_SECRET_KEY, TEST_REFRESH_TOKEN_EXPIRY_DAYS
TEST_EMAIL = "pushtest@example.com"
TEST_PASSWORD = "pushpassword123"
TEST_USER_ID = "push_test_user_id"
TEST_ENDPOINT = "https://fcm.googleapis.com/fcm/send/test-endpoint-abc"
TEST_KEYS = {"p256dh": "BNgz3XcMv1", "auth": "abc123"}
def seed_user():
users_db.remove(Query().email == TEST_EMAIL)
users_db.insert({
"id": TEST_USER_ID,
"first_name": "Push",
"last_name": "Tester",
"email": TEST_EMAIL,
"password": generate_password_hash(TEST_PASSWORD),
"verified": True,
"image_id": None,
"marked_for_deletion": False,
"marked_for_deletion_at": None,
"role": "user",
"timezone": None,
"email_digest_enabled": True,
})
def cleanup():
users_db.remove(Query().email == TEST_EMAIL)
push_subscriptions_db.remove(Query().user_id == TEST_USER_ID)
@pytest.fixture
def client():
app = Flask(__name__)
app.register_blueprint(push_subscription_api)
app.register_blueprint(auth_api, url_prefix='/auth')
app.config['TESTING'] = True
app.config['SECRET_KEY'] = TEST_SECRET_KEY
app.config['REFRESH_TOKEN_EXPIRY_DAYS'] = TEST_REFRESH_TOKEN_EXPIRY_DAYS
app.config['VAPID_PUBLIC_KEY'] = 'test-vapid-public-key'
app.config['FRONTEND_URL'] = 'http://localhost:5173'
cleanup()
seed_user()
with app.test_client() as c:
yield c
cleanup()
@pytest.fixture
def auth_client(client):
client.post('/auth/login', json={"email": TEST_EMAIL, "password": TEST_PASSWORD})
return client
class TestVapidKey:
def test_returns_public_key(self, client):
res = client.get('/push-vapid-key')
assert res.status_code == 200
assert res.get_json()['public_key'] == 'test-vapid-public-key'
def test_unauthenticated_ok(self, client):
# VAPID key endpoint is public
res = client.get('/push-vapid-key')
assert res.status_code == 200
class TestSubscribe:
def test_subscribe_stores_subscription(self, auth_client):
res = auth_client.post('/push-subscription', json={
"endpoint": TEST_ENDPOINT,
"keys": TEST_KEYS,
})
assert res.status_code == 200
data = res.get_json()
assert 'id' in data
saved = push_subscriptions_db.get(
(Query().user_id == TEST_USER_ID) & (Query().endpoint == TEST_ENDPOINT)
)
assert saved is not None
def test_subscribe_updates_timezone(self, auth_client):
auth_client.post('/push-subscription', json={
"endpoint": TEST_ENDPOINT,
"keys": TEST_KEYS,
"timezone": "America/New_York",
})
user = users_db.get(Query().id == TEST_USER_ID)
assert user['timezone'] == 'America/New_York'
def test_subscribe_upserts_same_endpoint(self, auth_client):
auth_client.post('/push-subscription', json={"endpoint": TEST_ENDPOINT, "keys": TEST_KEYS})
auth_client.post('/push-subscription', json={"endpoint": TEST_ENDPOINT, "keys": TEST_KEYS})
count = len(push_subscriptions_db.search(
(Query().user_id == TEST_USER_ID) & (Query().endpoint == TEST_ENDPOINT)
))
assert count == 1
def test_subscribe_requires_endpoint(self, auth_client):
res = auth_client.post('/push-subscription', json={"keys": TEST_KEYS})
assert res.status_code == 400
def test_subscribe_requires_keys(self, auth_client):
res = auth_client.post('/push-subscription', json={"endpoint": TEST_ENDPOINT})
assert res.status_code == 400
def test_subscribe_requires_p256dh_and_auth(self, auth_client):
res = auth_client.post('/push-subscription', json={
"endpoint": TEST_ENDPOINT,
"keys": {"p256dh": "only-one-key"},
})
assert res.status_code == 400
def test_subscribe_requires_auth(self, client):
res = client.post('/push-subscription', json={
"endpoint": TEST_ENDPOINT,
"keys": TEST_KEYS,
})
assert res.status_code == 401
def test_subscribe_multiple_endpoints_per_user(self, auth_client):
"""Multiple subscriptions can coexist for the same user (one per device)."""
endpoint2 = "https://fcm.googleapis.com/fcm/send/second-device-endpoint"
keys2 = {"p256dh": "BNgz3XcMv2", "auth": "def456"}
auth_client.post('/push-subscription', json={"endpoint": TEST_ENDPOINT, "keys": TEST_KEYS})
auth_client.post('/push-subscription', json={"endpoint": endpoint2, "keys": keys2})
subs = push_subscriptions_db.search(Query().user_id == TEST_USER_ID)
assert len(subs) == 2
endpoints = {s['endpoint'] for s in subs}
assert TEST_ENDPOINT in endpoints
assert endpoint2 in endpoints
class TestUnsubscribe:
def test_unsubscribe_removes_subscription(self, auth_client):
auth_client.post('/push-subscription', json={"endpoint": TEST_ENDPOINT, "keys": TEST_KEYS})
res = auth_client.delete('/push-subscription', json={"endpoint": TEST_ENDPOINT})
assert res.status_code == 200
data = res.get_json()
assert data['removed'] >= 1
saved = push_subscriptions_db.get(
(Query().user_id == TEST_USER_ID) & (Query().endpoint == TEST_ENDPOINT)
)
assert saved is None
def test_unsubscribe_nonexistent_endpoint_ok(self, auth_client):
res = auth_client.delete('/push-subscription', json={"endpoint": "https://nonexistent"})
assert res.status_code == 200
assert res.get_json()['removed'] == 0
def test_unsubscribe_requires_endpoint(self, auth_client):
res = auth_client.delete('/push-subscription', json={})
assert res.status_code == 400
def test_unsubscribe_requires_auth(self, client):
res = client.delete('/push-subscription', json={"endpoint": TEST_ENDPOINT})
assert res.status_code == 401

View File

@@ -0,0 +1,250 @@
"""Tests for the state expiry scheduler."""
import os
import time
import pytest
from unittest.mock import patch, MagicMock
from flask import Flask
from tinydb import Query
from utils.state_expiry_scheduler import (
_get_today_start_timestamp,
expire_stale_pending_for_user,
run_state_expiry_check,
)
from db.db import users_db, pending_confirmations_db
from tests.conftest import TEST_SECRET_KEY
EXPIRY_USER_ID = "expiry_test_user"
EXPIRY_USER_ID_2 = "expiry_test_user_2"
EXPIRY_CHILD_ID = "expiry_child_id"
EXPIRY_CHILD_ID_2 = "expiry_child_id_2"
EXPIRY_TASK_ID = "expiry_task_id"
EXPIRY_REWARD_ID = "expiry_reward_id"
def _yesterday_timestamp() -> float:
"""Return a Unix timestamp from 25 hours ago (safely before today's midnight)."""
return time.time() - (25 * 3600)
def _seed_user(user_id: str = EXPIRY_USER_ID, timezone: str = "UTC", verified: bool = True):
users_db.remove(Query().id == user_id)
users_db.insert({
"id": user_id,
"first_name": "Expiry",
"last_name": "Tester",
"email": f"{user_id}@example.com",
"password": "hashed",
"verified": verified,
"role": "user",
"image_id": None,
"marked_for_deletion": False,
"timezone": timezone,
"email_digest_enabled": False,
})
def _seed_pending(
pending_id: str,
user_id: str = EXPIRY_USER_ID,
child_id: str = EXPIRY_CHILD_ID,
entity_id: str = EXPIRY_TASK_ID,
entity_type: str = "chore",
status: str = "pending",
created_at: float = None,
):
pending_confirmations_db.remove(Query().id == pending_id)
pending_confirmations_db.insert({
"id": pending_id,
"user_id": user_id,
"child_id": child_id,
"entity_id": entity_id,
"entity_type": entity_type,
"status": status,
"approved_at": None,
"created_at": created_at if created_at is not None else _yesterday_timestamp(),
"updated_at": time.time(),
})
def _cleanup():
for uid in (EXPIRY_USER_ID, EXPIRY_USER_ID_2):
users_db.remove(Query().id == uid)
pending_confirmations_db.remove(Query().user_id == uid)
@pytest.fixture
def app():
flask_app = Flask(__name__)
flask_app.config['TESTING'] = True
flask_app.config['SECRET_KEY'] = TEST_SECRET_KEY
return flask_app
class TestGetTodayStartTimestamp:
def test_returns_float(self):
ts = _get_today_start_timestamp("UTC")
assert isinstance(ts, float)
def test_today_start_is_before_now(self):
ts = _get_today_start_timestamp("UTC")
assert ts <= time.time()
def test_falls_back_to_utc_on_none(self):
ts_utc = _get_today_start_timestamp("UTC")
ts_none = _get_today_start_timestamp(None)
assert abs(ts_utc - ts_none) < 1 # within 1 second
def test_falls_back_to_utc_on_invalid_timezone(self):
ts_utc = _get_today_start_timestamp("UTC")
ts_bad = _get_today_start_timestamp("Invalid/Timezone")
assert abs(ts_utc - ts_bad) < 1
def test_timezone_shifts_midnight(self):
"""UTC-12 midnight is 12 hours later than UTC midnight in absolute terms."""
ts_utc = _get_today_start_timestamp("UTC")
ts_west = _get_today_start_timestamp("Etc/GMT+12")
# The western timezone's "today start" is at most 12 hours away from UTC's
assert abs(ts_utc - ts_west) <= 12 * 3600 + 1
class TestExpireStaleForUser:
def setup_method(self):
_cleanup()
def teardown_method(self):
_cleanup()
def test_pending_chore_from_yesterday_is_deleted(self, app):
_seed_pending("exp_chore_1", entity_type="chore", created_at=_yesterday_timestamp())
with app.app_context():
with patch('events.sse.send_event_to_user') as mock_send:
count = expire_stale_pending_for_user(EXPIRY_USER_ID, "UTC")
assert count == 1
assert pending_confirmations_db.get(Query().id == "exp_chore_1") is None
def test_pending_chore_fires_reset_sse(self, app):
_seed_pending("exp_chore_2", entity_type="chore", created_at=_yesterday_timestamp())
with app.app_context():
with patch('utils.state_expiry_scheduler.send_event_to_user') as mock_send:
expire_stale_pending_for_user(EXPIRY_USER_ID, "UTC")
mock_send.assert_called_once()
event = mock_send.call_args[0][1]
assert event.type == "child_chore_confirmation"
assert event.payload.data['operation'] == "RESET"
assert event.payload.data['task_id'] == EXPIRY_TASK_ID
def test_pending_reward_from_yesterday_is_deleted(self, app):
_seed_pending(
"exp_reward_1",
entity_id=EXPIRY_REWARD_ID,
entity_type="reward",
created_at=_yesterday_timestamp(),
)
with app.app_context():
with patch('utils.state_expiry_scheduler.send_event_to_user'):
count = expire_stale_pending_for_user(EXPIRY_USER_ID, "UTC")
assert count == 1
assert pending_confirmations_db.get(Query().id == "exp_reward_1") is None
def test_pending_reward_fires_cancelled_sse(self, app):
_seed_pending(
"exp_reward_2",
entity_id=EXPIRY_REWARD_ID,
entity_type="reward",
created_at=_yesterday_timestamp(),
)
with app.app_context():
with patch('utils.state_expiry_scheduler.send_event_to_user') as mock_send:
expire_stale_pending_for_user(EXPIRY_USER_ID, "UTC")
mock_send.assert_called_once()
event = mock_send.call_args[0][1]
assert event.type == "child_reward_request"
assert event.payload.data['operation'] == "CANCELLED"
assert event.payload.data['reward_id'] == EXPIRY_REWARD_ID
def test_pending_record_from_today_is_not_deleted(self, app):
_seed_pending("exp_today_1", created_at=time.time())
with app.app_context():
with patch('utils.state_expiry_scheduler.send_event_to_user') as mock_send:
count = expire_stale_pending_for_user(EXPIRY_USER_ID, "UTC")
assert count == 0
assert pending_confirmations_db.get(Query().id == "exp_today_1") is not None
mock_send.assert_not_called()
def test_approved_record_from_yesterday_is_not_deleted(self, app):
_seed_pending("exp_approved_1", status="approved", created_at=_yesterday_timestamp())
with app.app_context():
with patch('utils.state_expiry_scheduler.send_event_to_user') as mock_send:
count = expire_stale_pending_for_user(EXPIRY_USER_ID, "UTC")
assert count == 0
assert pending_confirmations_db.get(Query().id == "exp_approved_1") is not None
mock_send.assert_not_called()
def test_no_pending_records_returns_zero(self, app):
with app.app_context():
with patch('utils.state_expiry_scheduler.send_event_to_user') as mock_send:
count = expire_stale_pending_for_user(EXPIRY_USER_ID, "UTC")
assert count == 0
mock_send.assert_not_called()
def test_multiple_stale_records_all_expired(self, app):
_seed_pending("exp_multi_1", entity_id=EXPIRY_TASK_ID, entity_type="chore",
created_at=_yesterday_timestamp())
_seed_pending("exp_multi_2", entity_id=EXPIRY_REWARD_ID, entity_type="reward",
created_at=_yesterday_timestamp())
with app.app_context():
with patch('utils.state_expiry_scheduler.send_event_to_user') as mock_send:
count = expire_stale_pending_for_user(EXPIRY_USER_ID, "UTC")
assert count == 2
assert mock_send.call_count == 2
class TestRunStateExpiryCheck:
def setup_method(self):
_cleanup()
def teardown_method(self):
_cleanup()
def test_expires_stale_records_for_all_verified_users(self, app):
_seed_user(EXPIRY_USER_ID)
_seed_user(EXPIRY_USER_ID_2)
_seed_pending("exp_u1", user_id=EXPIRY_USER_ID, created_at=_yesterday_timestamp())
_seed_pending("exp_u2", user_id=EXPIRY_USER_ID_2, child_id=EXPIRY_CHILD_ID_2,
created_at=_yesterday_timestamp())
with patch('utils.state_expiry_scheduler.send_event_to_user'):
run_state_expiry_check(app)
assert pending_confirmations_db.get(Query().id == "exp_u1") is None
assert pending_confirmations_db.get(Query().id == "exp_u2") is None
def test_only_expires_stale_records_not_todays(self, app):
_seed_user(EXPIRY_USER_ID)
_seed_pending("exp_stale", created_at=_yesterday_timestamp())
_seed_pending("exp_fresh", created_at=time.time())
with patch('utils.state_expiry_scheduler.send_event_to_user'):
run_state_expiry_check(app)
assert pending_confirmations_db.get(Query().id == "exp_stale") is None
assert pending_confirmations_db.get(Query().id == "exp_fresh") is not None
def test_skips_when_db_env_is_e2e(self, app):
_seed_user(EXPIRY_USER_ID)
_seed_pending("exp_e2e", created_at=_yesterday_timestamp())
original = os.environ.get('DB_ENV')
try:
os.environ['DB_ENV'] = 'e2e'
with patch('utils.state_expiry_scheduler.send_event_to_user') as mock_send:
run_state_expiry_check(app)
mock_send.assert_not_called()
assert pending_confirmations_db.get(Query().id == "exp_e2e") is not None
finally:
if original is not None:
os.environ['DB_ENV'] = original
else:
os.environ.pop('DB_ENV', None)
def test_no_error_when_user_has_no_pending_records(self, app):
_seed_user(EXPIRY_USER_ID)
with patch('utils.state_expiry_scheduler.send_event_to_user') as mock_send:
run_state_expiry_check(app)
mock_send.assert_not_called()

View File

@@ -227,3 +227,36 @@ def test_update_profile_success(authenticated_client):
assert user['first_name'] == 'Updated'
assert user['last_name'] == 'Name'
assert user['image_id'] == 'new_image'
def test_get_profile_includes_email_digest_enabled(authenticated_client):
"""GET /user/profile response includes email_digest_enabled field."""
response = authenticated_client.get('/user/profile')
assert response.status_code == 200
data = response.get_json()
assert 'email_digest_enabled' in data
assert isinstance(data['email_digest_enabled'], bool)
def test_update_profile_disables_digest(authenticated_client):
"""PUT /user/profile with email_digest_enabled: false disables the digest."""
# Ensure it starts enabled
users_db.update({'email_digest_enabled': True}, Query().email == TEST_EMAIL)
response = authenticated_client.put('/user/profile', json={'email_digest_enabled': False})
assert response.status_code == 200
user = users_db.search(Query().email == TEST_EMAIL)[0]
assert user['email_digest_enabled'] is False
def test_update_profile_enables_digest(authenticated_client):
"""PUT /user/profile with email_digest_enabled: true re-enables the digest."""
# Start disabled
users_db.update({'email_digest_enabled': False}, Query().email == TEST_EMAIL)
response = authenticated_client.put('/user/profile', json={'email_digest_enabled': True})
assert response.status_code == 200
user = users_db.search(Query().email == TEST_EMAIL)[0]
assert user['email_digest_enabled'] is True

View File

@@ -0,0 +1,201 @@
"""Tests for web push notifications triggered by child actions.
Patches `utils.push_sender.webpush` so no real HTTP requests are made.
A push subscription is seeded in push_subscriptions_db so send_push_to_user
actually calls webpush (rather than short-circuiting at "no subscriptions").
"""
import json
import pytest
from unittest.mock import patch, MagicMock
from flask import Flask
from werkzeug.security import generate_password_hash
from tinydb import Query
from api.child_api import child_api
from api.auth_api import auth_api
from db.db import (
child_db, task_db, reward_db, users_db,
pending_confirmations_db, push_subscriptions_db,
)
from tests.conftest import TEST_SECRET_KEY, TEST_REFRESH_TOKEN_EXPIRY_DAYS
TEST_USER_ID = "wp_test_user_id"
TEST_EMAIL = "wptest@example.com"
TEST_PASSWORD = "wptestpass"
TEST_CHILD_ID = "wp_child_id"
TEST_TASK_ID = "wp_task_id"
TEST_REWARD_ID_AFFORD = "wp_reward_afford"
TEST_REWARD_ID_CANT = "wp_reward_cant"
TEST_ENDPOINT = "https://push.example.com/wp_endpoint"
def seed_data():
users_db.remove(Query().id == TEST_USER_ID)
child_db.remove(Query().id == TEST_CHILD_ID)
task_db.remove(Query().id == TEST_TASK_ID)
reward_db.remove((Query().id == TEST_REWARD_ID_AFFORD) | (Query().id == TEST_REWARD_ID_CANT))
pending_confirmations_db.remove(Query().user_id == TEST_USER_ID)
push_subscriptions_db.remove(Query().user_id == TEST_USER_ID)
users_db.insert({
"id": TEST_USER_ID,
"first_name": "Push",
"last_name": "Tester",
"email": TEST_EMAIL,
"password": generate_password_hash(TEST_PASSWORD),
"verified": True,
"role": "user",
"image_id": None,
"marked_for_deletion": False,
"marked_for_deletion_at": None,
"timezone": "America/New_York",
"email_digest_enabled": True,
})
child_db.insert({
"id": TEST_CHILD_ID,
"user_id": TEST_USER_ID,
"name": "Push Child",
"age": 8,
"points": 50,
"tasks": [TEST_TASK_ID],
"rewards": [TEST_REWARD_ID_AFFORD, TEST_REWARD_ID_CANT],
"image_id": None,
})
task_db.insert({
"id": TEST_TASK_ID,
"user_id": TEST_USER_ID,
"name": "Clean Room",
"points": 10,
"type": "chore",
"image_id": None,
})
# Affordable reward (cost <= child.points = 50)
reward_db.insert({
"id": TEST_REWARD_ID_AFFORD,
"user_id": TEST_USER_ID,
"name": "Movie Night",
"cost": 20,
"image_id": None,
})
# Unaffordable reward (cost > child.points = 50)
reward_db.insert({
"id": TEST_REWARD_ID_CANT,
"user_id": TEST_USER_ID,
"name": "New Bike",
"cost": 200,
"image_id": None,
})
def seed_subscription():
push_subscriptions_db.insert({
"id": "wp_sub_id",
"user_id": TEST_USER_ID,
"endpoint": TEST_ENDPOINT,
"keys": {"p256dh": "BNgz3test", "auth": "authtest"},
"created_at": "2024-01-01T00:00:00+00:00",
})
def cleanup():
users_db.remove(Query().id == TEST_USER_ID)
child_db.remove(Query().id == TEST_CHILD_ID)
task_db.remove(Query().id == TEST_TASK_ID)
reward_db.remove((Query().id == TEST_REWARD_ID_AFFORD) | (Query().id == TEST_REWARD_ID_CANT))
pending_confirmations_db.remove(Query().user_id == TEST_USER_ID)
push_subscriptions_db.remove(Query().user_id == TEST_USER_ID)
@pytest.fixture
def client():
app = Flask(__name__)
app.register_blueprint(child_api)
app.register_blueprint(auth_api, url_prefix='/auth')
app.config['TESTING'] = True
app.config['SECRET_KEY'] = TEST_SECRET_KEY
app.config['REFRESH_TOKEN_EXPIRY_DAYS'] = TEST_REFRESH_TOKEN_EXPIRY_DAYS
app.config['FRONTEND_URL'] = 'http://localhost:5173'
cleanup()
seed_data()
with app.test_client() as c:
c.post('/auth/login', json={"email": TEST_EMAIL, "password": TEST_PASSWORD})
yield c
cleanup()
class TestWebPushOnChoreConfirm:
def test_push_fired_to_all_subscriptions_on_chore_confirm(self, client):
"""Web push is sent to all stored subscriptions when a chore is confirmed."""
seed_subscription()
with patch('utils.push_sender.webpush') as mock_webpush:
resp = client.post(
f'/child/{TEST_CHILD_ID}/confirm-chore',
json={'task_id': TEST_TASK_ID},
)
assert resp.status_code == 200
assert mock_webpush.called
def test_push_payload_includes_required_fields(self, client):
"""Push payload includes user_id, approve_token, and deny_token."""
seed_subscription()
with patch('utils.push_sender.webpush') as mock_webpush:
client.post(
f'/child/{TEST_CHILD_ID}/confirm-chore',
json={'task_id': TEST_TASK_ID},
)
call_kwargs = mock_webpush.call_args[1]
payload = json.loads(call_kwargs['data'])
assert payload['user_id'] == TEST_USER_ID
assert 'approve_token' in payload
assert 'deny_token' in payload
def test_push_not_fired_when_no_subscriptions(self, client):
"""No error is raised when the parent has no push subscriptions."""
push_subscriptions_db.remove(Query().user_id == TEST_USER_ID)
with patch('utils.push_sender.webpush') as mock_webpush:
resp = client.post(
f'/child/{TEST_CHILD_ID}/confirm-chore',
json={'task_id': TEST_TASK_ID},
)
assert resp.status_code == 200
assert not mock_webpush.called
class TestWebPushOnRewardRequest:
def test_push_fired_for_affordable_reward_request(self, client):
"""Web push is fired when a child requests a reward they can afford."""
seed_subscription()
with patch('utils.push_sender.webpush') as mock_webpush:
resp = client.post(
f'/child/{TEST_CHILD_ID}/request-reward',
json={'reward_id': TEST_REWARD_ID_AFFORD},
)
assert resp.status_code == 200
assert mock_webpush.called
# Cleanup pending
pending_confirmations_db.remove(Query().child_id == TEST_CHILD_ID)
def test_push_not_fired_for_unaffordable_reward(self, client):
"""Web push is NOT fired when a child requests a reward they cannot afford."""
seed_subscription()
with patch('utils.push_sender.webpush') as mock_webpush:
resp = client.post(
f'/child/{TEST_CHILD_ID}/request-reward',
json={'reward_id': TEST_REWARD_ID_CANT},
)
# request-reward rejects unaffordable requests with 400
assert resp.status_code == 400
assert not mock_webpush.called
def test_push_not_fired_for_reward_when_no_subscriptions(self, client):
"""No error is raised for reward requests when the parent has no subscriptions."""
push_subscriptions_db.remove(Query().user_id == TEST_USER_ID)
with patch('utils.push_sender.webpush') as mock_webpush:
resp = client.post(
f'/child/{TEST_CHILD_ID}/request-reward',
json={'reward_id': TEST_REWARD_ID_AFFORD},
)
assert resp.status_code == 200
assert not mock_webpush.called
# Cleanup pending
pending_confirmations_db.remove(Query().child_id == TEST_CHILD_ID)

View File

@@ -0,0 +1,237 @@
"""
Hourly scheduler that sends push notifications to parents when their children's
scheduled chores are going to expire within the next 75 minutes and haven't been
marked completed or submitted for confirmation yet.
Window rationale (75 min):
The spec requires that chores expiring between 9:00 pm and 9:15 pm both
generate a notification at 8:00 pm. A 75-minute look-ahead window
(now < deadline <= now + 75 min) satisfies this for the hourly cron run at
the top of each hour.
Double-notification note:
A chore deadline that falls within the overlap of two consecutive 75-minute
windows (e.g. 9:10 pm appears in both the 8:00 pm and 9:00 pm windows) may
produce two push notifications. No deduplication is applied; this is
intentional per the product decision made during spec review.
"""
import logging
import os
from datetime import datetime, timedelta, timezone
from apscheduler.schedulers.background import BackgroundScheduler
from tinydb import Query
from utils.schedule_utils import get_due_time_today, is_scheduled_today
from utils.push_sender import send_push_to_user
logger = logging.getLogger(__name__)
_WINDOW_MINUTES = 75
def get_expiring_chores_for_user(
user_id: str,
tz_str: str | None,
now_dt: datetime,
) -> list[dict]:
"""Return chores that will expire within the next _WINDOW_MINUTES minutes.
Each entry is::
{
'child_id': str,
'child_name': str,
'task_id': str,
'task_name': str,
}
A chore is included only when ALL of the following are true:
- It has a ChoreSchedule with enabled=True
- It is scheduled today (days or interval mode)
- It has a deadline (not Anytime)
- The deadline falls in (now_dt, now_dt + _WINDOW_MINUTES]
- There is no existing pending_confirmation record for this child + task
(status='pending' means awaiting approval; status='approved' means done)
Must be called within a Flask app context.
"""
from db.db import child_db, task_db, pending_confirmations_db
from db.chore_schedules import get_schedule
try:
from zoneinfo import ZoneInfo
local_now = datetime.now(ZoneInfo(tz_str)) if tz_str else now_dt
except Exception:
local_now = now_dt
local_date = local_now.date()
window_end = local_now + timedelta(minutes=_WINDOW_MINUTES)
ChildQ = Query()
children = child_db.search(ChildQ.user_id == user_id)
expiring: list[dict] = []
for child_dict in children:
child_id = child_dict.get('id')
child_name = child_dict.get('name', 'Unknown')
task_ids = child_dict.get('tasks', [])
TaskQ = Query()
for task_id in task_ids:
task = task_db.get(
(TaskQ.id == task_id) &
(TaskQ.type == 'chore') &
((TaskQ.user_id == user_id) | (TaskQ.user_id == None))
)
if not task:
continue
schedule = get_schedule(child_id, task_id)
if schedule is None:
continue
schedule_dict = schedule.to_dict()
if not schedule_dict.get('enabled', True):
continue # paused schedules have no deadline
if not is_scheduled_today(schedule_dict, local_date):
continue
due = get_due_time_today(schedule_dict, local_date)
if due is None:
continue # Anytime — no expiry
due_hour, due_minute = due
# Build a timezone-aware deadline datetime for today
deadline_dt = local_now.replace(
hour=due_hour, minute=due_minute, second=0, microsecond=0
)
# Include only when deadline is strictly after now and within window
if not (local_now < deadline_dt <= window_end):
continue
# Skip if any confirmation record exists (pending OR approved = done today)
PendingQ = Query()
has_confirmation = pending_confirmations_db.get(
(PendingQ.child_id == child_id) &
(PendingQ.entity_id == task_id) &
(PendingQ.entity_type == 'chore') &
(PendingQ.user_id == user_id)
)
if has_confirmation:
continue
expiring.append({
'child_id': child_id,
'child_name': child_name,
'task_id': task_id,
'task_name': task.get('name', 'Unknown'),
})
return expiring
def _build_push_payload(expiring: list[dict]) -> dict:
"""Build the push notification payload from a list of expiring chore entries."""
if len(expiring) == 1:
entry = expiring[0]
title = f"Chore ending soon: {entry['task_name']}"
child_id = entry['child_id']
entity_id = entry['task_id']
else:
title = 'Chores ending soon'
child_id = None
entity_id = None
# Group by child and format body text
by_child: dict[str, list[str]] = {}
for entry in expiring:
by_child.setdefault(entry['child_name'], []).append(entry['task_name'])
body_lines = [
f"{name}: {', '.join(tasks)}" for name, tasks in by_child.items()
]
body = '\n'.join(body_lines)
return {
'type': 'chore_expiring_soon',
'title': title,
'body': body,
'child_id': child_id,
'entity_id': entity_id,
'entity_type': 'chore',
}
def send_chore_expiry_notifications_for_user(user_id: str, tz_str: str | None) -> int:
"""Check for expiring chores and send a push notification if any are found.
Returns the number of chores included in the notification (0 = nothing sent).
Must be called within a Flask app context.
"""
now_dt = datetime.now(timezone.utc)
expiring = get_expiring_chores_for_user(user_id, tz_str, now_dt)
if not expiring:
return 0
payload = _build_push_payload(expiring)
send_push_to_user(user_id, payload)
logger.info(
f'Chore expiry: sent notification for {len(expiring)} chore(s) to user {user_id}'
)
return len(expiring)
def run_chore_expiry_check(app) -> None:
"""Check all verified, push-enabled users for soon-to-expire chores."""
if os.environ.get('DB_ENV') == 'e2e':
return
with app.app_context():
try:
from db.db import users_db
UserQ = Query()
users = users_db.search(UserQ.verified == True)
for user_dict in users:
user_id = user_dict.get('id')
tz_str = user_dict.get('timezone')
if not user_dict.get('push_notifications_enabled', True):
continue
try:
count = send_chore_expiry_notifications_for_user(user_id, tz_str)
if count:
logger.info(
f'Chore expiry: notified {count} expiring chore(s) for user {user_id}'
)
except Exception as e:
logger.error(f'Chore expiry: failed for user {user_id}: {e}')
except Exception as e:
logger.error(f'Error in run_chore_expiry_check: {e}')
def start_chore_expiry_notification_scheduler(app) -> BackgroundScheduler:
"""Start the hourly chore-expiry notification scheduler.
Runs at the top of every hour (minute=0), matching the existing schedulers.
Returns the scheduler instance.
"""
scheduler = BackgroundScheduler()
scheduler.add_job(
run_chore_expiry_check,
'cron',
minute=0,
args=[app],
)
scheduler.start()
logger.info('Chore expiry notification scheduler started (runs every hour at :00)')
return scheduler

View File

@@ -0,0 +1,162 @@
import logging
import os
from datetime import datetime, timezone
from apscheduler.schedulers.background import BackgroundScheduler
from tinydb import Query
logger = logging.getLogger(__name__)
def _get_local_hour(tz_str: str | None) -> int:
"""Return the current hour (0-23) in the given IANA timezone, falling back to UTC."""
try:
if tz_str:
from zoneinfo import ZoneInfo # Python 3.9+
local_now = datetime.now(ZoneInfo(tz_str))
return local_now.hour
except Exception:
pass
return datetime.now(timezone.utc).hour
def send_digest_for_user(user_id: str, user_email: str, frontend_url: str) -> int:
"""Gather pending items for a user and send them a digest email.
Returns the number of items included in the digest (0 if nothing was sent).
Must be called within a Flask app context with all DB imports already available.
"""
from db.db import pending_confirmations_db, child_db, task_db, reward_db
from utils.email_sender import send_digest_email
from utils.digest_token import create_action_token, create_unsubscribe_token
PendingQ = Query()
pending_items = pending_confirmations_db.search(
(PendingQ.user_id == user_id) & (PendingQ.status == 'pending')
)
if not pending_items:
return 0
ChildQ = Query()
TaskQ = Query()
RewardQ = Query()
items = []
for p in pending_items:
child_id = p.get('child_id')
entity_id = p.get('entity_id')
entity_type = p.get('entity_type')
child_result = child_db.get(ChildQ.id == child_id)
if not child_result:
logger.warning(f'Digest: child {child_id} not found for pending item {p.get("id")} (user {user_id})')
continue
child_name = child_result.get('name') or 'Unknown'
if entity_type == 'chore':
entity_result = task_db.get(
(TaskQ.id == entity_id) &
((TaskQ.user_id == user_id) | (TaskQ.user_id == None))
)
else:
entity_result = reward_db.get(
(RewardQ.id == entity_id) &
((RewardQ.user_id == user_id) | (RewardQ.user_id == None))
)
if not entity_result:
logger.warning(f'Digest: {entity_type} {entity_id} not found for pending item {p.get("id")} (user {user_id})')
continue
entity_name = entity_result.get('name') or 'Unknown'
approve_token = create_action_token(
user_id=user_id,
child_id=child_id,
entity_id=entity_id,
entity_type=entity_type,
action='approve',
)
deny_token = create_action_token(
user_id=user_id,
child_id=child_id,
entity_id=entity_id,
entity_type=entity_type,
action='deny',
)
view_url = (
f"{frontend_url}/parent/{child_id}"
f"?scrollTo={entity_id}&entityType={entity_type}"
)
approve_url = f"{frontend_url}/api/digest-action/{approve_token.id}"
deny_url = f"{frontend_url}/api/digest-action/{deny_token.id}"
items.append({
'child_name': child_name,
'entity_name': entity_name,
'entity_type': entity_type,
'view_url': view_url,
'approve_url': approve_url,
'deny_url': deny_url,
'child_id': child_id,
'entity_id': entity_id,
})
if not items:
return 0
unsubscribe_token = create_unsubscribe_token(user_id)
send_digest_email(user_email, items, unsubscribe_token)
return len(items)
def send_digests(app) -> None:
"""Hourly job: send the 9pm digest to every eligible user whose local time is 21."""
if os.environ.get('DB_ENV') == 'e2e':
return
with app.app_context():
try:
from db.db import users_db
from flask import current_app
frontend_url = current_app.config.get('FRONTEND_URL', 'https://localhost:5173')
UserQ = Query()
users = users_db.search(
(UserQ.verified == True) & (UserQ.email_digest_enabled == True)
)
for user_dict in users:
user_id = user_dict.get('id')
user_email = user_dict.get('email')
user_tz = user_dict.get('timezone')
local_hour = _get_local_hour(user_tz)
if local_hour != 21:
continue
try:
send_digest_for_user(user_id, user_email, frontend_url)
except Exception as e:
logger.error(f'Failed to send digest to {user_email}: {e}')
except Exception as e:
logger.error(f'Error in send_digests job: {e}')
def start_digest_scheduler(app) -> BackgroundScheduler:
"""Start the hourly digest scheduler. Returns the scheduler instance."""
scheduler = BackgroundScheduler()
scheduler.add_job(
send_digests,
'cron',
minute=0,
args=[app],
id='digest_scheduler',
replace_existing=True,
)
scheduler.start()
logger.info('Digest scheduler started (hourly)')
return scheduler

View File

@@ -0,0 +1,175 @@
import hashlib
import hmac
import json
import os
import time
import uuid
from datetime import datetime, timedelta, timezone
from db.digest_action_tokens import insert_token, get_token_by_id, mark_token_used
from models.digest_action_token import DigestActionToken
def _get_secret() -> bytes:
secret = os.environ.get('DIGEST_TOKEN_SECRET')
if not secret:
raise RuntimeError('DIGEST_TOKEN_SECRET environment variable is not set.')
return secret.encode('utf-8')
def _sign(payload: dict) -> str:
"""Return HMAC-SHA256 hex digest of the canonical JSON payload."""
canonical = json.dumps(payload, sort_keys=True, separators=(',', ':'))
return hmac.new(_get_secret(), canonical.encode('utf-8'), hashlib.sha256).hexdigest()
def create_action_token(
user_id: str,
child_id: str,
entity_id: str,
entity_type: str,
action: str,
expiry_hours: int = 24,
) -> DigestActionToken:
"""Create and persist a signed action token. Returns the saved token."""
token_id = str(uuid.uuid4())
expires_at = (datetime.now(timezone.utc) + timedelta(hours=expiry_hours)).isoformat()
payload = {
'id': token_id,
'user_id': user_id,
'child_id': child_id,
'entity_id': entity_id,
'entity_type': entity_type,
'action': action,
'expires_at': expires_at,
}
signature = _sign(payload)
token = DigestActionToken(
id=token_id,
user_id=user_id,
child_id=child_id,
entity_id=entity_id,
entity_type=entity_type,
action=action,
expires_at=expires_at,
used=False,
signature=signature,
)
insert_token(token)
return token
def validate_and_consume_token(token_id: str) -> DigestActionToken | None:
"""
Validate a token. Returns the token if valid and marks it as used.
Returns None if token is missing, expired, used, or has an invalid signature.
"""
token = get_token_by_id(token_id)
if not token:
return None
if token.used:
return None
# Check expiry
try:
expires_at = datetime.fromisoformat(token.expires_at)
if expires_at.tzinfo is None:
expires_at = expires_at.replace(tzinfo=timezone.utc)
if datetime.now(timezone.utc) > expires_at:
return None
except (ValueError, TypeError):
return None
# Verify HMAC signature
payload = {
'id': token.id,
'user_id': token.user_id,
'child_id': token.child_id,
'entity_id': token.entity_id,
'entity_type': token.entity_type,
'action': token.action,
'expires_at': token.expires_at,
}
expected_sig = _sign(payload)
if not hmac.compare_digest(token.signature, expected_sig):
return None
mark_token_used(token_id)
return token
def peek_token(token_id: str) -> DigestActionToken | None:
"""
Validate a token (signature, expiry, not-used) WITHOUT consuming it.
Returns the token if valid, None otherwise.
"""
token = get_token_by_id(token_id)
if not token or token.used:
return None
try:
expires_at = datetime.fromisoformat(token.expires_at)
if expires_at.tzinfo is None:
expires_at = expires_at.replace(tzinfo=timezone.utc)
if datetime.now(timezone.utc) > expires_at:
return None
except (ValueError, TypeError):
return None
payload = {
'id': token.id,
'user_id': token.user_id,
'child_id': token.child_id,
'entity_id': token.entity_id,
'entity_type': token.entity_type,
'action': token.action,
'expires_at': token.expires_at,
}
expected_sig = _sign(payload)
if not hmac.compare_digest(token.signature, expected_sig):
return None
return token
def create_unsubscribe_token(user_id: str) -> str:
"""
Create a simple signed unsubscribe token string (not persisted in DB).
Format: '<user_id>.<expiry_ts>.<signature>'
"""
expiry_ts = int(time.time()) + 30 * 24 * 3600 # 30 days
payload_str = f"{user_id}:{expiry_ts}"
sig = hmac.new(_get_secret(), payload_str.encode('utf-8'), hashlib.sha256).hexdigest()
import base64
token = base64.urlsafe_b64encode(f"{payload_str}:{sig}".encode()).decode()
return token
def validate_unsubscribe_token(token: str) -> str | None:
"""
Validate an unsubscribe token.
Returns user_id if valid, None otherwise.
"""
import base64
try:
decoded = base64.urlsafe_b64decode(token.encode()).decode()
parts = decoded.rsplit(':', 1)
if len(parts) != 2:
return None
payload_str, sig = parts
expected_sig = hmac.new(_get_secret(), payload_str.encode('utf-8'), hashlib.sha256).hexdigest()
if not hmac.compare_digest(sig, expected_sig):
return None
sub_parts = payload_str.split(':', 1)
if len(sub_parts) != 2:
return None
user_id, expiry_str = sub_parts
expiry_ts = int(expiry_str)
if time.time() > expiry_ts:
return None
return user_id
except Exception:
return None

View File

@@ -1,63 +1,262 @@
from collections import defaultdict
from flask import current_app
from flask_mail import Mail, Message
import os
# ---------------------------------------------------------------------------
# Shared email template
# ---------------------------------------------------------------------------
def _build_email_html(content_html: str, frontend_url: str) -> str:
"""Wrap content in the standard Chorly branded email shell."""
logo_url = f"{frontend_url}/images/full_logo.png"
return f"""
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body style="margin:0;padding:0;background-color:#f0f2ff;font-family:'Segoe UI',Arial,sans-serif;">
<table width="100%" cellpadding="0" cellspacing="0" style="background-color:#f0f2ff;padding:32px 16px;">
<tr>
<td align="center">
<table width="100%" style="max-width:580px;">
<!-- Logo header -->
<tr>
<td align="center" style="background-color:#ffffff;border-radius:12px 12px 0 0;padding:28px 32px 20px;">
<img src="{logo_url}" alt="Chorly" width="260" style="display:block;max-width:100%;height:auto;">
</td>
</tr>
<!-- Accent bar -->
<tr>
<td style="background:linear-gradient(90deg,#667eea 0%,#764ba2 100%);height:4px;font-size:0;line-height:0;">&nbsp;</td>
</tr>
<!-- Body content -->
<tr>
<td style="background-color:#ffffff;padding:32px;border-radius:0 0 12px 12px;">
{content_html}
</td>
</tr>
<!-- Footer -->
<tr>
<td align="center" style="padding:20px 0 8px;color:#9eaac4;font-size:0.78rem;line-height:1.6;">
Chorly &mdash; Making Chores Fun
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
"""
def _primary_button(label: str, url: str) -> str:
return (
f'<a href="{url}" style="display:inline-block;padding:12px 28px;'
f'background-color:#667eea;color:#ffffff;font-weight:600;font-size:0.95rem;'
f'text-decoration:none;border-radius:8px;letter-spacing:0.02em;">'
f'{label}</a>'
)
def _action_button(label: str, url: str, bg: str, fg: str = '#ffffff') -> str:
return (
f'<a href="{url}" style="display:inline-block;padding:9px 20px;'
f'background-color:{bg};color:{fg};font-weight:600;font-size:0.85rem;'
f'text-decoration:none;border-radius:6px;margin:2px 4px;">'
f'{label}</a>'
)
# ---------------------------------------------------------------------------
# Email senders
# ---------------------------------------------------------------------------
def send_verification_email(to_email: str, token: str) -> None:
verify_url = f"{current_app.config['FRONTEND_URL']}/auth/verify?token={token}"
html_body = f'Click <a href="{verify_url}">here</a> to verify your account.'
frontend_url = current_app.config['FRONTEND_URL']
verify_url = f"{frontend_url}/auth/verify?token={token}"
content = f"""
<h2 style="margin:0 0 12px;color:#667eea;font-size:1.3rem;">Verify your account</h2>
<p style="color:#444;margin:0 0 28px;line-height:1.6;">
Welcome to Chorly! Click the button below to confirm your email address
and activate your account.
</p>
<p style="margin:0 0 28px;text-align:center;">
{_primary_button('Verify My Account', verify_url)}
</p>
<p style="color:#888;font-size:0.82rem;margin:0;line-height:1.6;">
If you didn't create a Chorly account, you can safely ignore this email.<br>
Or copy this link into your browser: <a href="{verify_url}" style="color:#667eea;">{verify_url}</a>
</p>
"""
html_body = _build_email_html(content, frontend_url)
msg = Message(
subject="Verify your account",
subject="Verify your Chorly account",
recipients=[to_email],
html=html_body,
sender=current_app.config.get('MAIL_DEFAULT_SENDER', 'no-reply@reward-app.local')
)
try:
if os.environ.get('DB_ENV') =='e2e':
return # Skip sending emails during e2e tests to avoid cluttering inboxes and logs
if os.environ.get('DB_ENV') == 'e2e':
return
Mail(current_app).send(msg)
print(f"[EMAIL to {to_email}] Verification: {verify_url}")
except Exception:
print(f"Failed to send email to {to_email}. Verification link: {verify_url}")
def send_reset_password_email(to_email: str, token: str) -> None:
reset_url = f"{current_app.config['FRONTEND_URL']}/auth/reset-password?token={token}"
html_body = f'Click <a href="{reset_url}">here</a> to reset your password.'
frontend_url = current_app.config['FRONTEND_URL']
reset_url = f"{frontend_url}/auth/reset-password?token={token}"
content = f"""
<h2 style="margin:0 0 12px;color:#667eea;font-size:1.3rem;">Reset your password</h2>
<p style="color:#444;margin:0 0 28px;line-height:1.6;">
We received a request to reset your Chorly password. Click the button below
to choose a new one. This link expires in&nbsp;<strong>10&nbsp;minutes</strong>.
</p>
<p style="margin:0 0 28px;text-align:center;">
{_primary_button('Reset My Password', reset_url)}
</p>
<p style="color:#888;font-size:0.82rem;margin:0;line-height:1.6;">
If you didn't request a password reset, you can safely ignore this email &mdash;
your password will not change.<br>
Or copy this link into your browser: <a href="{reset_url}" style="color:#667eea;">{reset_url}</a>
</p>
"""
html_body = _build_email_html(content, frontend_url)
msg = Message(
subject="Reset your password",
subject="Reset your Chorly password",
recipients=[to_email],
html=html_body,
sender=current_app.config.get('MAIL_DEFAULT_SENDER', 'no-reply@reward-app.local')
)
try:
if os.environ.get('DB_ENV') =='e2e':
return # Skip sending emails during e2e tests to avoid cluttering inboxes and logs
if os.environ.get('DB_ENV') == 'e2e':
return
Mail(current_app).send(msg)
print(f"[EMAIL to {to_email}] Reset password: {reset_url}")
except Exception:
print(f"Failed to send email to {to_email}. Reset link: {reset_url}")
def send_pin_setup_email(to_email: str, code: str) -> None:
html_body = f"""
<div style='font-family:sans-serif;'>
<h2>Set up your Parent PIN</h2>
<p>To set your Parent PIN, enter the following code in the app:</p>
<div style='font-size:2rem; font-weight:bold; letter-spacing:0.2em; margin:1.5rem 0;'>{code}</div>
<p>This code is valid for 10 minutes.</p>
<p>If you did not request this, you can ignore this email.</p>
<hr>
<div style='color:#888;font-size:0.95rem;'>Reward App</div>
frontend_url = current_app.config.get('FRONTEND_URL', 'https://localhost:5173')
content = f"""
<h2 style="margin:0 0 12px;color:#667eea;font-size:1.3rem;">Set up your Parent PIN</h2>
<p style="color:#444;margin:0 0 20px;line-height:1.6;">
To set your Parent PIN, enter the following code in the app.
It is valid for&nbsp;<strong>10&nbsp;minutes</strong>.
</p>
<div style="background:#f0f2ff;border:2px solid #667eea;border-radius:10px;
text-align:center;padding:22px 16px;margin:0 0 24px;">
<span style="font-size:2.4rem;font-weight:700;letter-spacing:0.35em;
color:#667eea;font-family:'Courier New',monospace;">{code}</span>
</div>
<p style="color:#888;font-size:0.82rem;margin:0;line-height:1.6;">
If you did not request this, you can safely ignore this email.
</p>
"""
html_body = _build_email_html(content, frontend_url)
msg = Message(
subject="Set up your Parent PIN",
subject="Set up your Chorly Parent PIN",
recipients=[to_email],
html=html_body,
sender=current_app.config.get('MAIL_DEFAULT_SENDER', 'no-reply@reward-app.local')
)
try:
if os.environ.get('DB_ENV') =='e2e':
return # Skip sending emails during e2e tests to avoid cluttering inboxes and logs
if os.environ.get('DB_ENV') == 'e2e':
return
Mail(current_app).send(msg)
print(f"[EMAIL to {to_email}] Parent PIN setup code: {code}")
except Exception:
print(f"Failed to send email to {to_email}. Parent PIN setup code: {code}")
def send_digest_email(to_email: str, items: list, unsubscribe_token: str) -> None:
"""
Send the nightly digest email listing pending chore/reward items.
Each item in `items` is a dict with keys:
child_name, entity_name, entity_type, view_url, approve_url, deny_url
Items are grouped by child_name in the email.
"""
frontend_url = current_app.config.get('FRONTEND_URL', 'https://localhost:5173')
unsubscribe_url = f"{frontend_url}/api/digest-unsubscribe/{unsubscribe_token}"
by_child: dict = defaultdict(list)
for item in items:
by_child[item['child_name']].append(item)
child_sections = ''
for child_name, child_items in by_child.items():
rows = ''
for item in child_items:
entity_label = 'Chore' if item['entity_type'] == 'chore' else 'Reward'
rows += f"""
<tr>
<td style="padding:10px 8px;border-bottom:1px solid #eef0fb;vertical-align:middle;">
<span style="font-weight:600;color:#333;">{item['entity_name']}</span>
<span style="display:inline-block;margin-left:8px;padding:2px 8px;
background:#f0f2ff;color:#667eea;border-radius:20px;
font-size:0.75rem;font-weight:600;">{entity_label}</span>
</td>
<td style="padding:10px 8px;border-bottom:1px solid #eef0fb;text-align:right;white-space:nowrap;">
{_action_button('View', item['view_url'], '#667eea')}
{_action_button('Approve', item['approve_url'], '#22c55e')}
{_action_button('Deny', item['deny_url'], '#ef4444')}
</td>
</tr>"""
child_sections += f"""
<div style="margin-bottom:28px;">
<div style="font-size:0.7rem;font-weight:700;letter-spacing:0.08em;
text-transform:uppercase;color:#9eaac4;margin-bottom:6px;">{child_name}</div>
<table width="100%" cellpadding="0" cellspacing="0"
style="border-collapse:collapse;font-size:0.9rem;
border:1px solid #eef0fb;border-radius:8px;overflow:hidden;">
<tbody>{rows}</tbody>
</table>
</div>"""
content = f"""
<h2 style="margin:0 0 6px;color:#667eea;font-size:1.3rem;">Daily Summary</h2>
<p style="color:#444;margin:0 0 24px;line-height:1.6;">
You have pending items that need your attention:
</p>
{child_sections}
<p style="margin:24px 0 0;text-align:center;font-size:0.78rem;color:#b0b8cc;">
<a href="{unsubscribe_url}" style="color:#b0b8cc;text-decoration:underline;">
Unsubscribe from daily digest
</a>
</p>
"""
html_body = _build_email_html(content, frontend_url)
msg = Message(
subject='Chorly \u2014 Daily Summary',
recipients=[to_email],
html=html_body,
sender=current_app.config.get('MAIL_DEFAULT_SENDER', 'no-reply@reward-app.local'),
)
try:
if os.environ.get('DB_ENV') == 'e2e':
return
Mail(current_app).send(msg)
print(f"[EMAIL to {to_email}] Daily digest sent ({len(items)} items)")
except Exception:
print(f"Failed to send digest email to {to_email}")

View File

@@ -0,0 +1,68 @@
import json
import logging
import os
from pywebpush import webpush, WebPushException
from db.push_subscriptions import get_subscriptions_by_user, delete_subscription_by_id
logger = logging.getLogger(__name__)
def _get_vapid_private_key() -> str | None:
return os.environ.get('VAPID_PRIVATE_KEY')
def _get_vapid_claims_email() -> str:
return os.environ.get('VAPID_CLAIMS_EMAIL', 'admin@reward-app.local')
def send_push_to_user(user_id: str, payload: dict) -> int:
"""
Send a web push notification to all stored subscriptions for the user.
Returns the number of subscriptions successfully notified.
Stale/expired subscriptions (HTTP 404/410) are removed automatically.
"""
private_key = _get_vapid_private_key()
if not private_key:
logger.warning('VAPID_PRIVATE_KEY not configured; skipping push notification')
return 0
subscriptions = get_subscriptions_by_user(user_id)
if not subscriptions:
return 0
claims_email = _get_vapid_claims_email()
sent = 0
for sub in subscriptions:
try:
subscription_info = {
'endpoint': sub.endpoint,
'keys': sub.keys,
}
webpush(
subscription_info=subscription_info,
data=json.dumps(payload),
vapid_private_key=private_key,
vapid_claims={'sub': f'mailto:{claims_email}'},
ttl=86400,
)
sent += 1
except WebPushException as e:
status_code = e.response.status_code if e.response is not None else None
if status_code in (404, 410):
# Subscription is gone — clean it up
logger.info(
f'Removing stale push subscription {sub.id} for user {user_id} (HTTP {status_code})'
)
delete_subscription_by_id(sub.id)
else:
logger.error(
f'WebPushException for subscription {sub.id} (user {user_id}): {e}'
)
except Exception as e:
logger.error(f'Unexpected error sending push to subscription {sub.id}: {e}')
return sent

View File

@@ -0,0 +1,91 @@
"""
Python port of the frontend schedule logic in scheduleUtils.ts.
These utilities determine whether a chore is scheduled on a given day and what
its deadline time is. The frontend is the source of truth for schedule math;
keep this file in sync with any changes to scheduleUtils.ts.
"""
from datetime import date
def interval_hits_today(anchor_date: str, interval_days: int, local_date: date) -> bool:
"""Return True if an interval-mode schedule fires on local_date.
anchor_date: ISO date string e.g. "2026-02-25", or "" (backward compat →
treats local_date itself as anchor, so it always hits today and
every interval_days days after).
Dates before the anchor always return False (scheduling hasn't started yet).
"""
if anchor_date:
parts = anchor_date.split('-')
anchor = date(int(parts[0]), int(parts[1]), int(parts[2]))
else:
# Empty anchor = start from today (backward compat)
anchor = local_date
diff_days = (local_date - anchor).days
if diff_days < 0:
return False
return diff_days % interval_days == 0
def is_scheduled_today(schedule: dict, local_date: date) -> bool:
"""Return True if the schedule applies on local_date.
- days mode: today's weekday (0=Sun … 6=Sat) is in day_configs
- interval mode: interval_hits_today
- paused (enabled=False): always True (chore shows every day, like no schedule)
"""
if not schedule.get('enabled', True):
return True # paused = show always, like an unscheduled chore
mode = schedule.get('mode', 'days')
if mode == 'days':
# Python's weekday(): Mon=0..Sun=6. Our convention: Sun=0..Sat=6 (JS/TS).
# Convert: js_day = (python_weekday + 1) % 7
js_weekday = (local_date.weekday() + 1) % 7
day_configs = schedule.get('day_configs', [])
return any(dc.get('day') == js_weekday for dc in day_configs)
else:
return interval_hits_today(
schedule.get('anchor_date', ''),
schedule.get('interval_days', 2),
local_date,
)
def get_due_time_today(schedule: dict, local_date: date) -> tuple[int, int] | None:
"""Return (hour, minute) for the deadline today, or None if no deadline applies.
Returns None when:
- The schedule is paused (enabled=False) — no deadline, acts like Anytime
- The day is not scheduled
- The schedule has no deadline (default_has_deadline=False or
interval_has_deadline=False → 'Anytime')
Callers treat None as 'active all day with no expiry'.
"""
if not schedule.get('enabled', True):
return None # paused = no deadline, no expiry
mode = schedule.get('mode', 'days')
if mode == 'days':
if not schedule.get('default_has_deadline', True):
return None # Anytime
js_weekday = (local_date.weekday() + 1) % 7
day_configs = schedule.get('day_configs', [])
dc = next((d for d in day_configs if d.get('day') == js_weekday), None)
if dc is None:
return None
return (dc.get('hour', 0), dc.get('minute', 0))
else:
if not interval_hits_today(
schedule.get('anchor_date', ''),
schedule.get('interval_days', 2),
local_date,
):
return None
if not schedule.get('interval_has_deadline', True):
return None # Anytime
return (schedule.get('interval_hour', 0), schedule.get('interval_minute', 0))

View File

@@ -0,0 +1,131 @@
import logging
import os
from datetime import datetime, timezone
from apscheduler.schedulers.background import BackgroundScheduler
from tinydb import Query
from events.types.child_chore_confirmation import ChildChoreConfirmation
from events.types.child_reward_request import ChildRewardRequest
from events.types.event import Event
from events.types.event_types import EventType
from events.sse import send_event_to_user
logger = logging.getLogger(__name__)
def _get_today_start_timestamp(tz_str: str | None) -> float:
"""Return a Unix timestamp for the start of today (midnight) in the user's timezone."""
try:
if tz_str:
from zoneinfo import ZoneInfo
now_local = datetime.now(ZoneInfo(tz_str))
today_local = now_local.replace(hour=0, minute=0, second=0, microsecond=0)
return today_local.timestamp()
except Exception:
pass
now_utc = datetime.now(timezone.utc)
today_utc = now_utc.replace(hour=0, minute=0, second=0, microsecond=0)
return today_utc.timestamp()
def expire_stale_pending_for_user(user_id: str, tz_str: str | None) -> int:
"""Delete stale pending confirmations for a user and fire SSE events.
A record is stale if status='pending' and created_at is before the start of
today in the user's timezone. Returns the number of records expired.
Must be called within a Flask app context.
"""
from db.db import pending_confirmations_db
today_start = _get_today_start_timestamp(tz_str)
PendingQ = Query()
stale_items = pending_confirmations_db.search(
(PendingQ.user_id == user_id) &
(PendingQ.status == 'pending') &
(PendingQ.created_at < today_start)
)
if not stale_items:
return 0
for item in stale_items:
item_id = item.get('id')
child_id = item.get('child_id')
entity_id = item.get('entity_id')
entity_type = item.get('entity_type')
pending_confirmations_db.remove(PendingQ.id == item_id)
if entity_type == 'chore':
event = Event(
EventType.CHILD_CHORE_CONFIRMATION.value,
ChildChoreConfirmation(
child_id=child_id,
task_id=entity_id,
operation=ChildChoreConfirmation.OPERATION_RESET,
)
)
else:
event = Event(
EventType.CHILD_REWARD_REQUEST.value,
ChildRewardRequest(
child_id=child_id,
reward_id=entity_id,
operation=ChildRewardRequest.REQUEST_CANCELLED,
)
)
send_event_to_user(user_id, event)
logger.info(
f'State expiry: expired {entity_type} {entity_id} for child {child_id} (user {user_id})'
)
return len(stale_items)
def run_state_expiry_check(app) -> None:
"""Check all verified users and expire stale pending records."""
if os.environ.get('DB_ENV') == 'e2e':
return
with app.app_context():
try:
from db.db import users_db
UserQ = Query()
users = users_db.search(UserQ.verified == True)
for user_dict in users:
user_id = user_dict.get('id')
tz_str = user_dict.get('timezone')
try:
expired = expire_stale_pending_for_user(user_id, tz_str)
if expired:
logger.info(f'State expiry: expired {expired} record(s) for user {user_id}')
except Exception as e:
logger.error(f'State expiry: failed for user {user_id}: {e}')
except Exception as e:
logger.error(f'Error in run_state_expiry_check: {e}')
def start_state_expiry_scheduler(app) -> BackgroundScheduler:
"""Start the hourly state expiry scheduler. Returns the scheduler instance."""
scheduler = BackgroundScheduler()
scheduler.add_job(
run_state_expiry_check,
'cron',
minute=0,
args=[app],
id='state_expiry_scheduler',
replace_existing=True,
)
scheduler.start()
logger.info('State expiry scheduler started (hourly)')
# Run immediately on startup to handle any records that expired while server was down
run_state_expiry_check(app)
return scheduler

View File

@@ -8,10 +8,23 @@ services:
- "5004:5000" # Host 5004 -> Container 5000
environment:
- FLASK_ENV=development
- FRONTEND_URL=https://devserver.lan:446 # Add this for test env
- FRONTEND_URL=https://dev.chores.ryankegel.com # Add this for test env
- SECRET_KEY=${SECRET_KEY}
- REFRESH_TOKEN_EXPIRY_DAYS=${REFRESH_TOKEN_EXPIRY_DAYS}
# Add volumes, networks, etc., as needed
- DIGEST_TOKEN_SECRET=${DIGEST_TOKEN_SECRET}
- VAPID_PUBLIC_KEY=${VAPID_PUBLIC_KEY}
- VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY}
- SEED_EMAIL=${SEED_EMAIL}
- SEED_PASSWORD=${SEED_PASSWORD}
- SEED_PIN=${SEED_PIN}
- SEED_FIRST_NAME=${SEED_FIRST_NAME}
- SEED_LAST_NAME=${SEED_LAST_NAME}
- ADMIN_EMAIL=${ADMIN_EMAIL}
- ADMIN_PASSWORD=${ADMIN_PASSWORD}
- ADMIN_FIRST_NAME=${ADMIN_FIRST_NAME}
- ADMIN_LAST_NAME=${ADMIN_LAST_NAME}
volumes:
- chores-test-app-backend-data:/app/data
chores-test-app-frontend: # Test frontend service name
image: git.ryankegel.com:3000/kegel/chores/frontend:next # Use latest next tag

BIN
frontend/.DS_Store vendored

Binary file not shown.

View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCh96Qoz16kpDde
puFkARSFp9PDFs8kUBGCJ0DcBDqJIUuLJj7RT5vxfUj3O7uUUjTtVAVCMJ84/eq/
IQnyhch1B2Fe5bas51kEgwybzxxEN1bcj3yokbd4aOCpxkpM382TKMPuGH1BXUO8
ZqqikbvKySJ9glboPImLRA4UvH1cx9Db0kQE9scBl98qqE28exlBqMBsIOjh+mJ0
rWt3JO+A50OjOSuxO7hdjINlJg5X+jmI1wF3GWE2i9GrCJXh9JVYixnjvsFMIKJo
Zu9wAZCmtqHvicvwdzDxdDAU8GfACOg4w4hlMOSfIU4pAONxW479Gf5pSFVTw7Zu
RNrTDsd9AgMBAAECggEAGICASL0wLdt61dqMg8anDl4Yaq2nafCj6WrbRL1uBoMv
LK59N8hhiKuBj4cthg9WmuWIQx5cY/CDo+TRXqsu60dRy1uYYjlATe6uSF7RQZ+W
iBi7zLt4hCJnhD9vS4hazs2OsFTrk+kSP2zPmPbPcCqzyUVftNO9ogAKWkg2dcO1
9KjDnR0pSn17rwj064mfVNoLYiN11nwQ21zyJFLYGM5mXYYW9b+EI9ZnWWyz6Lvo
+qrYhZh2hR8ul8rpURc0flqFvORaO4FhaQeX5+r5FZFQkRWQYbRfBbAJnIrFVa+N
8O002E0FLHWI0S7YPsbnBqE+eHRM9fzz1q0p4YrjEQKBgQDDz9n2BLwwQCreXglG
V2T1SBdi1+MDTMUCHEcak3Gk4ZRIU4r2ofoTdYagEaYCMBGL7/noYECpEfkzF4B5
u1nXUTtFODq0m1Uc18iL8WMJy8AkoT+LZEmF0y5WDI/fLzzxuQKXpTDyeUwTYf/W
9xHHi4gckc3wcf1tKtNSswCcMQKBgQDTwJxki8/2OEtIRcPlhhXNQRpSnp6cjgoB
xQ4J83idR3/HBLWMI9snx47SE1AxGFY4UHIQNvMN3icKt5C7QyfrMfZCpUcRryv6
1dBFVbvxm0Hvqj/pWsgtjbq+dbiOLtH52zc9nsPAF++FhlYtZz9fJmwsgxsnab1O
B9dUyXMpDQKBgDj3LRfPhNgcstwCS3x1TF+3W2ZcHCUHnoDgrSbkIjmvjq4D7/eU
Y+ZpWIMU31Dfnxsw82lRJz6IhhEBE1VW1eo4LaATnbCRSA+eDy/3R7K/3eRKLOxm
fqU6LM7H1Ms/OOGxyzlGy5ifBSzWY9GsCzYcN7roCBudbfbmcJgsj07hAoGAd2p1
CCLsub9PfUeSzTrLyr//Nz6q1kEoFY1qeGQszg3HWpYmSAzkh897lK89lyJRZVrA
qLJEabqxq9KPtXuO5I19gmIw7SErnT69QIyz+/IBwkXx2wjOQRpfiQ9ccBqpYc2l
noONgyQ8eMGkkeBbFa7WbFfXlWeFUZ8MaY1d+3UCgYBguVXJ9JTvMxeXx5cjnfMI
eVRhr2BbARTdCJXKUpo4rUUqLrCCSB6BrT4H+DYtRVKO/ZIaXARQIN1ACo03C78o
U+Rg+mGTyvGh8pVH63zZE9tsohtT+/bSraYm/dLKUmaK3Z9wG75wmOpNLlAEiUqW
mzkW/UN0WWzg5gyODVbQKQ==
-----END PRIVATE KEY-----

View File

@@ -0,0 +1,26 @@
-----BEGIN CERTIFICATE-----
MIIEZDCCAsygAwIBAgIQIM51sKaVetu2bhpqghM+2TANBgkqhkiG9w0BAQsFADCB
kzEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMTQwMgYDVQQLDCtyeWFu
QG1hY2Jvb2sudGFpbGExNDZiMy50cy5uZXQgKFJ5YW4gS2VnZWwpMTswOQYDVQQD
DDJta2NlcnQgcnlhbkBtYWNib29rLnRhaWxhMTQ2YjMudHMubmV0IChSeWFuIEtl
Z2VsKTAeFw0yNjA0MTYyMjEwMTNaFw0yODA3MTYyMjEwMTNaMFMxJzAlBgNVBAoT
Hm1rY2VydCBkZXZlbG9wbWVudCBjZXJ0aWZpY2F0ZTEoMCYGA1UECwwfcnlhbkBy
eWFucy1haXIubGFuIChSeWFuIEtlZ2VsKTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKH3pCjPXqSkN16m4WQBFIWn08MWzyRQEYInQNwEOokhS4smPtFP
m/F9SPc7u5RSNO1UBUIwnzj96r8hCfKFyHUHYV7ltqznWQSDDJvPHEQ3VtyPfKiR
t3ho4KnGSkzfzZMow+4YfUFdQ7xmqqKRu8rJIn2CVug8iYtEDhS8fVzH0NvSRAT2
xwGX3yqoTbx7GUGowGwg6OH6YnSta3ck74DnQ6M5K7E7uF2Mg2UmDlf6OYjXAXcZ
YTaL0asIleH0lViLGeO+wUwgomhm73ABkKa2oe+Jy/B3MPF0MBTwZ8AI6DjDiGUw
5J8hTikA43Fbjv0Z/mlIVVPDtm5E2tMOx30CAwEAAaNzMHEwDgYDVR0PAQH/BAQD
AgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB8GA1UdIwQYMBaAFLM+akEIDt75nyHZ
rbkUs/4IQWesMCkGA1UdEQQiMCCCCWxvY2FsaG9zdIINZGV2c2VydmVyLmxhbocE
wKgBZjANBgkqhkiG9w0BAQsFAAOCAYEAi4pT3LNzoM5mmD3ujX+G+cXx8MOAljvR
XGrzorysNOujR79+zR5tPPyiLwFfEYASJhWlHarM8n6DG+IgARNt9PuDq0x8+oDp
V/t9grCS6eV/SQf6y7JBQrywdIBgfYGJbbx6xzVlj187M+7yNV73f3ldS3wPFKlS
Gp6p50Vt9gmfsiqzW4NDr0FIvdbcBesNfr2DwRccZNgNAcLsr9ys2yVUcUtMnqPF
IPyarDbREuBLLLpnsYZhY3BJQgI3gDS9QRoviFCMjcbWKNnv0D2W0rVdZkJf9WOj
ro9X1K2f2C/t61EnFsM6ncqAgMksbBmlORiVi4thAgB44FDydyHX6anf7Hbzfn1t
sjsiZ03rO9xvFzUb2T9guFMBkU6pBDEhCdN3twYPY3uKPXByHnSmj3q38NJVbULu
szC1q91VF+2U2UoeoXaNxrXVleKpLiWEUJ/u/iGrbApeuov5ZTktA/y/d/+TDB+h
Jlo+Ofg3zgZBHpN+fsGTxhRLlJyXSynI
-----END CERTIFICATE-----

View File

@@ -1,4 +1,4 @@
# vue-app
# frontend
This template should help get you started developing with Vue 3 in Vite.

View File

Before

Width:  |  Height:  |  Size: 156 KiB

After

Width:  |  Height:  |  Size: 156 KiB

View File

Before

Width:  |  Height:  |  Size: 156 KiB

After

Width:  |  Height:  |  Size: 156 KiB

View File

@@ -2,20 +2,20 @@
"cookies": [
{
"name": "refresh_token",
"value": "pjakYk7dm_bGf-VXaBpRXFNNq08FH0csnh3nBhCqWGw",
"value": "v-K0IrmQf50MVvYCdmQfnUor8Q8e9KURnPnyVPYRN8Q",
"domain": "localhost",
"path": "/api/auth",
"expires": 1783633314.818346,
"expires": 1785003958.597918,
"httpOnly": true,
"secure": true,
"sameSite": "Strict"
},
{
"name": "access_token",
"value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImUyZS1jY0B0ZXN0LmNvbSIsInVzZXJfaWQiOiI3NWQ3NGU4OC1jMjY0LTQ3MGMtOThiNC02ZTQ0YTBkYzkyOTMiLCJ0b2tlbl92ZXJzaW9uIjowLCJleHAiOjE3NzU4NTgyMTR9.lXWnj-O3MszrJ_GIwp6ViN0W5-5XEpSDVlAQIQSll-Q",
"value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImUyZS1jY0B0ZXN0LmNvbSIsInVzZXJfaWQiOiI0NDg5ZjZhNS1mZWEyLTQ0ZGEtYTczNy00MDQwNTQyMmU0YTEiLCJ0b2tlbl92ZXJzaW9uIjowLCJleHAiOjE3NzcyMjg4NTh9.V7gsUwZ-mjcRqCIwI2ppFVrGD16R18JJDQ5wsv_ul1k",
"domain": "localhost",
"path": "/",
"expires": 1775858214.818293,
"expires": 1777228858.597862,
"httpOnly": true,
"secure": true,
"sameSite": "Lax"
@@ -27,11 +27,11 @@
"localStorage": [
{
"name": "authSyncEvent",
"value": "{\"type\":\"logout\",\"at\":1775857314645}"
"value": "{\"type\":\"logout\",\"at\":1777227958453}"
},
{
"name": "parentAuth",
"value": "{\"expiresAt\":1776030114975}"
"value": "{\"expiresAt\":1777400758775}"
}
]
}

View File

@@ -2,20 +2,20 @@
"cookies": [
{
"name": "refresh_token",
"value": "sTFHvjZ5hJxJrlNHoxdWkNJ6vxdDzrZwTRFz55JxWKs",
"value": "s8cSiajWyuCcjv9zXjqsKrmEK8cRPp-VOWV74Cz_ueQ",
"domain": "localhost",
"path": "/api/auth",
"expires": 1783633314.820088,
"expires": 1785003958.599099,
"httpOnly": true,
"secure": true,
"sameSite": "Strict"
},
{
"name": "access_token",
"value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImUyZS1kZWxldGVAdGVzdC5jb20iLCJ1c2VyX2lkIjoiY2U4MmI2MzMtMDUwMy00MmMxLWFlNjMtZmEzNzcxMmMxODZiIiwidG9rZW5fdmVyc2lvbiI6MCwiZXhwIjoxNzc1ODU4MjE0fQ.meuVUYIk9NFuo66KDhLPZHoXgHRLWmRDGyR23doTLIw",
"value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImUyZS1kZWxldGVAdGVzdC5jb20iLCJ1c2VyX2lkIjoiYmE3MDNmMWItMzg0Zi00MzBjLWJiNjYtN2Q0YWRhMWIwYjRiIiwidG9rZW5fdmVyc2lvbiI6MCwiZXhwIjoxNzc3MjI4ODU4fQ.FnEEIVv2wchkrJhDiRuNiDBF-lIPkyZUU2UwLmLZVHM",
"domain": "localhost",
"path": "/",
"expires": 1775858214.820046,
"expires": 1777228858.599061,
"httpOnly": true,
"secure": true,
"sameSite": "Lax"
@@ -27,11 +27,11 @@
"localStorage": [
{
"name": "authSyncEvent",
"value": "{\"type\":\"logout\",\"at\":1775857314657}"
"value": "{\"type\":\"logout\",\"at\":1777227958453}"
},
{
"name": "parentAuth",
"value": "{\"expiresAt\":1776030114992}"
"value": "{\"expiresAt\":1777400758775}"
}
]
}

View File

@@ -2,20 +2,20 @@
"cookies": [
{
"name": "refresh_token",
"value": "nbOCYWuMXIGNyjN2uc6uohUFqkl-Bv1d01YjAOirGi8",
"value": "mqtPPFKJGGfFly1i0VW1MtJUvgIpb7LlWUEpFLn1hGc",
"domain": "localhost",
"path": "/api/auth",
"expires": 1783633312.982067,
"expires": 1785022348.96348,
"httpOnly": true,
"secure": true,
"sameSite": "Strict"
},
{
"name": "access_token",
"value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImUyZUB0ZXN0LmNvbSIsInVzZXJfaWQiOiJlNjM1MjRiOS03NmIzLTRiMmQtODc1Ni05ZmNkNTk0MDRhYTkiLCJ0b2tlbl92ZXJzaW9uIjowLCJleHAiOjE3NzU4NTgyMTJ9.ztnqGJFbFDSze0GvK-2G37v5HaDdWRK392T7vsUpnhw",
"value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImUyZUB0ZXN0LmNvbSIsInVzZXJfaWQiOiIzZDJmZmY0OS03MjNhLTRhMmUtYWRhOS1iMTE5N2VhYTI2MDkiLCJ0b2tlbl92ZXJzaW9uIjowLCJleHAiOjE3NzcyNTcxNDh9.g69Lwtay2i0jwEzAbYcRWM2oGoOm-4qpV8YC04X0v-0",
"domain": "localhost",
"path": "/",
"expires": 1775858212.982022,
"expires": 1777257148.963437,
"httpOnly": true,
"secure": true,
"sameSite": "Lax"
@@ -27,11 +27,11 @@
"localStorage": [
{
"name": "authSyncEvent",
"value": "{\"type\":\"logout\",\"at\":1775857312837}"
"value": "{\"type\":\"logout\",\"at\":1777246348801}"
},
{
"name": "parentAuth",
"value": "{\"expiresAt\":1776030113109}"
"value": "{\"expiresAt\":1777419149107}"
}
]
}

View File

Before

Width:  |  Height:  |  Size: 409 KiB

After

Width:  |  Height:  |  Size: 409 KiB

Some files were not shown because too many files have changed in this diff Show More