Added the otp sending and verification logic

Author: ganidande905

app/db/crud.py

@@ -57,4 +57,16 @@ def get_leaderboard_data(db: Session, track_id: int):
         .group_by(models.User.id)
         .order_by(func.sum(models.Task.points).desc())
         .all()
-    )
+    )
+def get_otp_by_email(db, email):
+    return db.query(models.OTP).filter(models.OTP.email == email).first()
+
+def create_or_update_otp(db, email, otp, expires_at):
+    entry = get_otp_by_email(db, email)
+    if entry:
+        entry.otp = otp
+        entry.expires_at = expires_at
+    else:
+        entry = models.OTP(email=email, otp=otp, expires_at=expires_at)
+        db.add(entry)
+    db.commit()

app/routes/auth.py

@@ -1,8 +1,13 @@
-from fastapi import APIRouter, Depends, HTTPException
+from fastapi import APIRouter, Depends, HTTPException, Query
 from sqlalchemy.orm import Session
+from datetime import datetime, timedelta
+import random, string
+from app.schemas.user import UserCreate, UserOut
+
 from app.db import models, crud
 from app.db.db import get_db
-from app.schemas.user import UserCreate, UserOut
+from app.schemas.user import UserOut
+from app.utils.mail import send_email
 
 router = APIRouter()
 
@@ -23,8 +28,32 @@ def register_user(user: UserCreate, db: Session = Depends(get_db)):
     return new_user
 
 @router.get("/user/{email}", response_model=UserOut)
-def get_user(email: str, db: Session = Depends(get_db)):
+def get_user(email: str, otp: str = Query(None), db: Session = Depends(get_db)):
     user = crud.get_user_by_email(db, email)
     if not user:
         raise HTTPException(status_code=404, detail="User not found")
+
+    # OTP phase 1: if not submitted, generate and send
+    if otp is None:
+        otp_code = ''.join(random.choices(string.digits, k=6))
+        expiry = datetime.utcnow() + timedelta(minutes=5)
+
+        crud.create_or_update_otp(db, email, otp_code, expiry)
+        send_email(email, otp_code)
+
+        raise HTTPException(
+            status_code=202,
+            detail="OTP sent to email. Re-call with ?otp=XXXX"
+        )
+
+    # OTP phase 2: validate
+    otp_entry = crud.get_otp_by_email(db, email)
+    if not otp_entry or otp_entry.otp != otp:
+        raise HTTPException(status_code=400, detail="Invalid OTP")
+    if otp_entry.expires_at < datetime.utcnow():
+        raise HTTPException(status_code=400, detail="OTP expired")
+
+    db.delete(otp_entry)
+    db.commit()
+
     return user

app/utils/mail.py

@@ -0,0 +1,26 @@
+import smtplib
+from email.message import EmailMessage
+import os
+
+
+from dotenv import load_dotenv
+load_dotenv()
+
+EMAIL_ADDRESS = os.getenv("SMTP_EMAIL")
+EMAIL_PASSWORD = os.getenv("SMTP_PASSWORD")
+
+def send_email(to_email: str, otp: str):
+    msg = EmailMessage()
+    msg["Subject"] = "Your OTP Verification Code"
+    msg["From"] = EMAIL_ADDRESS
+    msg["To"] = to_email
+    msg.set_content(f"Your OTP is: {otp}\n\nThis OTP is valid for 5 minutes.")
+
+    try:
+        with smtplib.SMTP("smtp.gmail.com", 587) as smtp:
+            smtp.starttls()
+            smtp.login(EMAIL_ADDRESS, EMAIL_PASSWORD)
+            smtp.send_message(msg)
+        print(f"OTP sent to {to_email}")
+    except Exception as e:
+        print(f"Failed to send email to {to_email}: {e}")

docker-compose.yml

@@ -20,6 +20,7 @@ services:
       POSTGRES_DB: ammentor
       POSTGRES_USER: ammentor_user
       POSTGRES_PASSWORD: strongpassword123
+      
     volumes:
       - postgres_data:/var/lib/postgresql/data
     ports: