- Auto-verifies emails for accounts ending with @demo.com
- Auto-approves COMPANY role for demo accounts
- Skips email verification and OTP for demo accounts
- Auto-approves profile verification for demo accounts
- Allows login without email verification for demo accounts
This enables payment gateway companies to login directly and view packages.
- Generate 6-digit code instead of UUID token for password reset
- Store in Redis with 15 min TTL (was 1 hour)
- Update email template to show code instead of reset link
- Update ResetPasswordPayload to accept code instead of token
- Update send_password_reset_email to accept code parameter
- models/user.rs: ORDER BY ur.created_at DESC so most recently assigned role is returned first
- handlers/auth.rs: resolve_signup_role_candidates returns empty vec instead of JOB_SEEKER when no valid intent
- Add /api/v1/users path routing to users service in gateway
- Add v1_router() in auth.rs with resend-otp endpoint
- Nest /api/v1/users route in main.rs
- Support legacy /api/v1/users/resend-otp endpoint
- Remove phone from INSERT INTO users (users table has no phone column)
- Remove phone from User struct and CreateUserPayload
- Return null for phone in API responses
- Keep phone field in RegisterPayload for backward compat (just not persisted)
Frontend sends 'name' field directly. RegisterPayload now accepts:
- name (direct, used by frontend)
- full_name (legacy)
- first_name + last_name (new format)
RegisterPayload now accepts:
- full_name (single field, for old frontend clients)
- first_name + last_name (new format)
Error returned only if none of these are provided.
- Replace full_name with name in User struct and all queries
- RegisterPayload now takes first_name + last_name instead of full_name
- Combine first_name and last_name into name before saving to DB
- Update all response structs to use 'name' field instead of 'full_name'
- Fix support and dashboard queries to use u.name instead of u.full_name
Root cause: DB has 'name' column, code was using 'full_name' which doesn't exist.
- Add 35 branded HTML email templates with Nxtgauge styling
- Create email template engine with base template system
- Add email management API for admin panel
- Wire email triggers from all services
- All services compile successfully
- Add crates/cache with client, otp, rate_limit, token, lead, jobs modules
- OTP tokens stored in Redis (15-min TTL, single-use GETDEL on verify)
- Refresh tokens stored in Redis (30-day TTL) — removed DB storage
- Password reset tokens stored in Redis (1-hour TTL, single-use)
- Rate limiting: register (10/hr), login (10/15min), OTP resend (3/hr), lead (5/hr), job post (20/hr)
- Lead request deduplication: 24-hour Redis lock per professional+requirement pair
- Marketplace listings cached in Redis (5-min TTL per profession+page+limit)
- Add ProfessionState{pool, redis} to contracts crate, replacing bare PgPool in all 9 profession apps
- All profession handlers and main.rs updated to use ProfessionState
- REDIS_URL env var (default: redis://127.0.0.1:6379) used across all services
- Fix profession model struct name mangling in 6 handlers (MakeupArtistRepository etc.)
- Add custom_data JSONB migration for all 9 profession profile tables
- Add onboarding_state model and repository (save_progress, complete, is_complete)
- Add onboarding handler accepting roleKey:String (not role_id:UUID) for frontend compat
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
