feat: Permanent API key auth for n8n — wos- prefix keys never expire

Author: adarshkumar23

backend/app/core/email.py

@@ -72,3 +72,53 @@ async def send_morning_briefing_email(to: str, name: str, briefing_text: str) ->
     </div>
     """
     return await send_email(to, subject, body_html, briefing_text)
+
+
+async def send_medicine_reminder(to: str, name: str, medicine_name: str, dose: str, time: str) -> bool:
+    subject = f"💊 Medicine Reminder — {medicine_name}"
+    body_html = f"""
+    <div style="font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto; background: #0f172a; color: #e2e8f0; padding: 40px; border-radius: 12px;">
+        <h1 style="color: #3b82f6;">WILLIAM OS</h1>
+        <h2>💊 Medicine Reminder</h2>
+        <p>Hey {name}, time to take your medicine.</p>
+        <div style="background: #1e293b; padding: 20px; border-radius: 8px; margin: 20px 0;">
+            <p><strong>Medicine:</strong> {medicine_name}</p>
+            <p><strong>Dose:</strong> {dose}</p>
+            <p><strong>Time:</strong> {time}</p>
+        </div>
+        <a href="https://williamos.duckdns.org/medicine" style="display: inline-block; background: #3b82f6; color: white; padding: 12px 24px; border-radius: 8px; text-decoration: none;">
+            Log Dose ✅
+        </a>
+    </div>
+    """
+    return await send_email(to, subject, body_html)
+
+
+async def send_daily_calendar(to: str, name: str, events: list, habits: list) -> bool:
+    subject = f"📅 Today's Schedule — William OS"
+    
+    events_html = "".join([
+        f'<li style="padding: 8px 0; border-bottom: 1px solid #334155;">'
+        f'<strong>{e.get("title","")}</strong> at {e.get("start","")}</li>'
+        for e in events
+    ]) or "<li>No events today</li>"
+    
+    habits_html = "".join([
+        f'<li style="padding: 8px 0; border-bottom: 1px solid #334155;">☐ {h}</li>'
+        for h in habits
+    ]) or "<li>No habits due</li>"
+
+    body_html = f"""
+    <div style="font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto; background: #0f172a; color: #e2e8f0; padding: 40px; border-radius: 12px;">
+        <h1 style="color: #3b82f6;">WILLIAM OS</h1>
+        <h2>📅 Good morning {name}</h2>
+        <h3>Today's Calendar</h3>
+        <ul style="list-style: none; padding: 0;">{events_html}</ul>
+        <h3>Habits Due Today</h3>
+        <ul style="list-style: none; padding: 0;">{habits_html}</ul>
+        <a href="https://williamos.duckdns.org/dashboard" style="display: inline-block; background: #3b82f6; color: white; padding: 12px 24px; border-radius: 8px; text-decoration: none; margin-top: 20px;">
+            Open Dashboard
+        </a>
+    </div>
+    """
+    return await send_email(to, subject, body_html)

backend/app/modules/auth/models.py

@@ -63,6 +63,7 @@ class User(Base):
     permission_scopes: Mapped[list[str]] = mapped_column(JSONB, default=list)
 
     # Journal vault passphrase hash (separate from login password)
+    notification_email: Mapped[str | None] = mapped_column(String(255), nullable=True)
     journal_passphrase_hash: Mapped[str | None] = mapped_column(String(255), nullable=True)
 
     # Relationships

backend/app/modules/auth/routes.py

@@ -57,17 +57,32 @@ def _clear_refresh_cookie(response: Response) -> None:
 
 async def get_current_user_id(
     authorization: str = Header(..., description="Bearer <token>"),
+    db: AsyncSession = Depends(get_db),
 ) -> uuid.UUID:
-    """Extract and validate user ID from JWT."""
+    """Extract and validate user ID from JWT or permanent API key."""
     if not authorization.startswith("Bearer "):
         from app.shared.types import AuthenticationError
-
         raise AuthenticationError("Invalid authorization header")
-    token = authorization[7:]
+    token = authorization[7:].strip()
+    if token.startswith("wos-"):
+        from sqlalchemy import text
+        result = await db.execute(
+            text("SELECT user_id FROM auth.api_keys WHERE key_hash=:key AND is_active=true"),
+            {"key": token}
+        )
+        row = result.fetchone()
+        if not row:
+            from app.shared.types import AuthenticationError
+            raise AuthenticationError("Invalid API key")
+        await db.execute(
+            text("UPDATE auth.api_keys SET last_used=NOW() WHERE key_hash=:key"),
+            {"key": token}
+        )
+        await db.commit()
+        return uuid.UUID(str(row[0]))
     payload = decode_token(token)
     if payload.get("type") != "access":
         from app.shared.types import AuthenticationError
-
         raise AuthenticationError("Invalid token type")
     return uuid.UUID(payload["sub"])
 
@@ -270,3 +285,35 @@ async def login_history(
     rows = await service.list_login_history(user_id=user_id, limit=limit)
     payload = [LoginHistoryResponse.model_validate(row).model_dump(mode="json") for row in rows]
     return success(payload)
+
+
+@router.post("/api-keys")
+async def create_api_key(
+    payload: dict,
+    user_id: uuid.UUID = Depends(get_current_user_id),
+    db: AsyncSession = Depends(get_db),
+) -> dict:
+    import secrets
+    from sqlalchemy import text
+    key = f"wos-{secrets.token_hex(24)}"
+    name = payload.get("name", "API Key")
+    await db.execute(
+        text("INSERT INTO auth.api_keys (user_id, key_hash, name) VALUES (:uid, :key, :name)"),
+        {"uid": str(user_id), "key": key, "name": name}
+    )
+    await db.commit()
+    return success({"key": key, "name": name, "note": "Save this key — it won't be shown again"})
+
+
+@router.get("/api-keys")
+async def list_api_keys(
+    user_id: uuid.UUID = Depends(get_current_user_id),
+    db: AsyncSession = Depends(get_db),
+) -> dict:
+    from sqlalchemy import text
+    result = await db.execute(
+        text("SELECT id, name, LEFT(key_hash,12) || '...' as key_hint, created_at FROM auth.api_keys WHERE user_id=:uid"),
+        {"uid": str(user_id)}
+    )
+    keys = [dict(r._mapping) for r in result.fetchall()]
+    return success(keys)