Skip to content

User Management

User profiles, account settings, and administration.

User Model

Python
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
# app/models.py
class User(UUIDModelBase, table=True):
    id: uuid.UUID              # Primary key
    email: str                 # Unique, indexed
    password_hash: Optional[str] # Bcrypt hashed
    full_name: str
    created_at: datetime.datetime
    last_login: datetime.datetime
    verified: bool = False
    is_superuser: bool = False

    # Relationships
    articles: List[Article]    # User's articles

    # Top G+ only:
    purchases: List[Purchase]       # Payment history
    subscription: Optional[Subscription] # Active subscription

Features

User Profiles

  • View profile information
  • Update name and email
  • Change password
  • Profile picture (extend as needed)

Account Settings

  • Email preferences
  • Password management
  • Account deletion (extend as needed)

Admin Management (Top G+)

  • View all users via Admin Panel
  • Search and filter users
  • Monitor user activity
  • Track payment status

Quick Tasks

Update Profile

TypeScript
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
// Frontend
import { useUpdateProfile } from '@/hooks/api/useUpdateProfile';

const EditProfile = () => {
  const updateProfile = useUpdateProfile();

  const handleSubmit = (data: UserUpdate) => {
    updateProfile.mutate(data);
  };

  return <ProfileForm onSubmit={handleSubmit} />;
};

Get Current User

TypeScript
1
2
3
4
5
6
7
import { useCurrentUser } from '@/hooks/api/useCurrentUser';

const Component = () => {
  const { data: user } = useCurrentUser();

  return <div>Hello, {user?.full_name}</div>;
};

API Endpoints

  • GET /api/auth/current - Get current user
  • PUT /api/auth/profile - Update profile
  • POST /api/auth/forgot-password - Request password reset
  • POST /api/auth/reset-password - Reset password

Full API reference

User Creation

Via Signup

Users self-register at /signup page.

Via Admin (Top G+)

Bash
1
2
3
4
5
# Create superuser
task db:user-create -- \
  --email [email protected] \
  --password secure123 \
  --full_name "Admin User"

Via API

Bash
1
2
3
4
5
6
7
curl -X POST http://localhost:8020/api/auth/signup \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "secure123",
    "full_name": "John Doe"
  }'

Extending User Model

Add Fields

  1. Update model in app/models.py:

    Python
    1
2
3
4
    class User(UUIDModelBase, table=True):
    # ... existing fields
    phone: Optional[str] = None
    avatar_url: Optional[str] = None

  2. Create migration:

    Bash
    1
2
    task db:migrate-create -- "add phone and avatar to user"
task db:migrate-up

  3. Update schemas in app/schemas/user.py

  4. Regenerate API client:

    Bash
    1
    task frontend:generate-client

Security

Password Hashing

  • Bcrypt algorithm
  • Automatic salting
  • Never store plain text

Email Verification

Field exists (verified: bool) but flow not implemented.
Extend as needed for email verification.

Superuser Protection

  • Admin panel requires is_superuser=True
  • Regular users cannot elevate privileges
  • Separate authentication from main app

Files Reference

  • app/models.py - User model
  • app/services/users_service.py - User logic
  • app/schemas/user.py - User schemas
  • app/commands/create_superuser.py - Superuser creation
  • frontend/src/pages/Profile/EditProfile.tsx - Profile page
  • frontend/src/hooks/api/useCurrentUser.ts - Current user hook