Merge branch 'feature/phase-0-credit-system'

backend/igny8_core/auth/admin.py

@@ -19,21 +19,9 @@ class PlanAdmin(admin.ModelAdmin):
         ('Plan Info', {
             'fields': ('name', 'slug', 'price', 'billing_cycle', 'features', 'is_active')
         }),
-        ('User / Site Limits', {
+        ('Account Management Limits', {
             'fields': ('max_users', 'max_sites', 'max_industries', 'max_author_profiles')
         }),
-        ('Planner Limits', {
-            'fields': ('max_keywords', 'max_clusters', 'daily_cluster_limit', 'daily_keyword_import_limit', 'monthly_cluster_ai_credits')
-        }),
-        ('Writer Limits', {
-            'fields': ('daily_content_tasks', 'daily_ai_requests', 'monthly_word_count_limit', 'monthly_content_ai_credits')
-        }),
-        ('Image Limits', {
-            'fields': ('monthly_image_count', 'monthly_image_ai_credits', 'max_images_per_task', 'image_model_choices')
-        }),
-        ('AI Controls', {
-            'fields': ('daily_ai_request_limit', 'monthly_ai_credit_limit')
-        }),
         ('Billing & Credits', {
             'fields': ('included_credits', 'extra_credit_price', 'allow_credit_topup', 'auto_credit_topup_threshold', 'auto_credit_topup_amount', 'credits_per_month')
         }),

backend/igny8_core/auth/migrations/0014_remove_plan_operation_limits_phase0.py

@@ -0,0 +1,86 @@
+# Generated manually for Phase 0: Remove plan operation limit fields (credit-only system)
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('igny8_core_auth', '0013_remove_ai_cost_per_request'),
+    ]
+
+    operations = [
+        # Remove Planner Limits
+        migrations.RemoveField(
+            model_name='plan',
+            name='max_keywords',
+        ),
+        migrations.RemoveField(
+            model_name='plan',
+            name='max_clusters',
+        ),
+        migrations.RemoveField(
+            model_name='plan',
+            name='max_content_ideas',
+        ),
+        migrations.RemoveField(
+            model_name='plan',
+            name='daily_cluster_limit',
+        ),
+        migrations.RemoveField(
+            model_name='plan',
+            name='daily_keyword_import_limit',
+        ),
+        migrations.RemoveField(
+            model_name='plan',
+            name='monthly_cluster_ai_credits',
+        ),
+        # Remove Writer Limits
+        migrations.RemoveField(
+            model_name='plan',
+            name='daily_content_tasks',
+        ),
+        migrations.RemoveField(
+            model_name='plan',
+            name='daily_ai_requests',
+        ),
+        migrations.RemoveField(
+            model_name='plan',
+            name='monthly_word_count_limit',
+        ),
+        migrations.RemoveField(
+            model_name='plan',
+            name='monthly_content_ai_credits',
+        ),
+        # Remove Image Generation Limits
+        migrations.RemoveField(
+            model_name='plan',
+            name='monthly_image_count',
+        ),
+        migrations.RemoveField(
+            model_name='plan',
+            name='daily_image_generation_limit',
+        ),
+        migrations.RemoveField(
+            model_name='plan',
+            name='monthly_image_ai_credits',
+        ),
+        migrations.RemoveField(
+            model_name='plan',
+            name='max_images_per_task',
+        ),
+        migrations.RemoveField(
+            model_name='plan',
+            name='image_model_choices',
+        ),
+        # Remove AI Request Controls
+        migrations.RemoveField(
+            model_name='plan',
+            name='daily_ai_request_limit',
+        ),
+        migrations.RemoveField(
+            model_name='plan',
+            name='monthly_ai_credit_limit',
+        ),
+    ]
+

backend/igny8_core/auth/models.py

@@ -93,8 +93,8 @@ class Account(models.Model):
 
 class Plan(models.Model):
     """
-    Subscription plan model with comprehensive limits and features.
-    Plans define limits for users, sites, content generation, AI usage, and billing.
+    Subscription plan model - Phase 0: Credit-only system.
+    Plans define credits, billing, and account management limits only.
     """
     BILLING_CYCLE_CHOICES = [
         ('monthly', 'Monthly'),
@@ -110,7 +110,7 @@ class Plan(models.Model):
     is_active = models.BooleanField(default=True)
     created_at = models.DateTimeField(auto_now_add=True)
     
-    # User / Site / Scope Limits
+    # Account Management Limits (kept - not operation limits)
     max_users = models.IntegerField(default=1, validators=[MinValueValidator(1)], help_text="Total users allowed per account")
     max_sites = models.IntegerField(
         default=1,
@@ -120,32 +120,7 @@ class Plan(models.Model):
     max_industries = models.IntegerField(default=None, null=True, blank=True, validators=[MinValueValidator(1)], help_text="Optional limit for industries/sectors")
     max_author_profiles = models.IntegerField(default=5, validators=[MinValueValidator(0)], help_text="Limit for saved writing styles")
     
-    # Planner Limits
-    max_keywords = models.IntegerField(default=1000, validators=[MinValueValidator(0)], help_text="Total keywords allowed (global limit)")
-    max_clusters = models.IntegerField(default=100, validators=[MinValueValidator(0)], help_text="Total clusters allowed (global)")
-    max_content_ideas = models.IntegerField(default=300, validators=[MinValueValidator(0)], help_text="Total content ideas allowed (global limit)")
-    daily_cluster_limit = models.IntegerField(default=10, validators=[MinValueValidator(0)], help_text="Max clusters that can be created per day")
-    daily_keyword_import_limit = models.IntegerField(default=100, validators=[MinValueValidator(0)], help_text="SeedKeywords import limit per day")
-    monthly_cluster_ai_credits = models.IntegerField(default=50, validators=[MinValueValidator(0)], help_text="AI credits allocated for clustering")
-    
-    # Writer Limits
-    daily_content_tasks = models.IntegerField(default=10, validators=[MinValueValidator(0)], help_text="Max number of content tasks (blogs) per day")
-    daily_ai_requests = models.IntegerField(default=50, validators=[MinValueValidator(0)], help_text="Total AI executions (content + idea + image) allowed per day")
-    monthly_word_count_limit = models.IntegerField(default=50000, validators=[MinValueValidator(0)], help_text="Monthly word limit (for generated content)")
-    monthly_content_ai_credits = models.IntegerField(default=200, validators=[MinValueValidator(0)], help_text="AI credit pool for content generation")
-    
-    # Image Generation Limits
-    monthly_image_count = models.IntegerField(default=100, validators=[MinValueValidator(0)], help_text="Max images per month")
-    daily_image_generation_limit = models.IntegerField(default=25, validators=[MinValueValidator(0)], help_text="Max images that can be generated per day")
-    monthly_image_ai_credits = models.IntegerField(default=100, validators=[MinValueValidator(0)], help_text="AI credit pool for image generation")
-    max_images_per_task = models.IntegerField(default=4, validators=[MinValueValidator(1)], help_text="Max images per content task")
-    image_model_choices = models.JSONField(default=list, blank=True, help_text="Allowed image models (e.g., ['dalle3', 'hidream'])")
-    
-    # AI Request Controls
-    daily_ai_request_limit = models.IntegerField(default=100, validators=[MinValueValidator(0)], help_text="Global daily AI request cap")
-    monthly_ai_credit_limit = models.IntegerField(default=500, validators=[MinValueValidator(0)], help_text="Unified credit ceiling per month (all AI functions)")
-    
-    # Billing & Add-ons
+    # Billing & Credits (Phase 0: Credit-only system)
     included_credits = models.IntegerField(default=0, validators=[MinValueValidator(0)], help_text="Monthly credits included")
     extra_credit_price = models.DecimalField(max_digits=10, decimal_places=2, default=0.01, help_text="Price per additional credit")
     allow_credit_topup = models.BooleanField(default=True, help_text="Can user purchase more credits?")

backend/igny8_core/auth/serializers.py

@@ -11,10 +11,10 @@ class PlanSerializer(serializers.ModelSerializer):
         model = Plan
         fields = [
             'id', 'name', 'slug', 'price', 'billing_cycle', 'features', 'is_active',
-            'max_users', 'max_sites', 'max_keywords', 'max_clusters', 'max_content_ideas',
-            'monthly_word_count_limit', 'monthly_ai_credit_limit', 'monthly_image_count',
-            'daily_content_tasks', 'daily_ai_request_limit', 'daily_image_generation_limit',
-            'included_credits', 'image_model_choices', 'credits_per_month'
+            'max_users', 'max_sites', 'max_industries', 'max_author_profiles',
+            'included_credits', 'extra_credit_price', 'allow_credit_topup',
+            'auto_credit_topup_threshold', 'auto_credit_topup_amount',
+            'stripe_product_id', 'stripe_price_id', 'credits_per_month'
         ]
 
 

backend/igny8_core/auth/urls.py

@@ -14,8 +14,10 @@ from .views import (
     SiteUserAccessViewSet, PlanViewSet, SiteViewSet, SectorViewSet,
     IndustryViewSet, SeedKeywordViewSet
 )
-from .serializers import RegisterSerializer, LoginSerializer, ChangePasswordSerializer, UserSerializer
+from .serializers import RegisterSerializer, LoginSerializer, ChangePasswordSerializer, UserSerializer, RefreshTokenSerializer
 from .models import User
+from .utils import generate_access_token, get_token_expiry, decode_token
+import jwt
 
 router = DefaultRouter()
 # Main structure: Groups, Users, Accounts, Subscriptions, Site User Access
@@ -78,7 +80,7 @@ class LoginView(APIView):
             password = serializer.validated_data['password']
             
             try:
-                user = User.objects.get(email=email)
+                user = User.objects.select_related('account', 'account__plan').get(email=email)
             except User.DoesNotExist:
                 return error_response(
                     error='Invalid credentials',
@@ -107,9 +109,17 @@ class LoginView(APIView):
                     user_data = user_serializer.data
                 except Exception as e:
                     # Fallback if serializer fails (e.g., missing account_id column)
+                    # Log the error for debugging but don't fail the login
+                    import logging
+                    logger = logging.getLogger(__name__)
+                    logger.warning(f"UserSerializer failed for user {user.id}: {e}", exc_info=True)
+                    
+                    # Ensure username is properly set (use email prefix if username is empty/default)
+                    username = user.username if user.username and user.username != 'user' else user.email.split('@')[0]
+                    
                     user_data = {
                         'id': user.id,
-                        'username': user.username,
+                        'username': username,
                         'email': user.email,
                         'role': user.role,
                         'account': None,
@@ -119,12 +129,10 @@ class LoginView(APIView):
                 return success_response(
                     data={
                         'user': user_data,
-                        'tokens': {
-                            'access': access_token,
-                            'refresh': refresh_token,
-                            'access_expires_at': access_expires_at.isoformat(),
-                            'refresh_expires_at': refresh_expires_at.isoformat(),
-                        }
+                        'access': access_token,
+                        'refresh': refresh_token,
+                        'access_expires_at': access_expires_at.isoformat(),
+                        'refresh_expires_at': refresh_expires_at.isoformat(),
                     },
                     message='Login successful',
                     request=request
@@ -180,6 +188,84 @@ class ChangePasswordView(APIView):
         )
 
 
+@extend_schema(
+    tags=['Authentication'],
+    summary='Refresh Token',
+    description='Refresh access token using refresh token'
+)
+class RefreshTokenView(APIView):
+    """Refresh access token endpoint."""
+    permission_classes = [permissions.AllowAny]
+    
+    def post(self, request):
+        serializer = RefreshTokenSerializer(data=request.data)
+        if not serializer.is_valid():
+            return error_response(
+                error='Validation failed',
+                errors=serializer.errors,
+                status_code=status.HTTP_400_BAD_REQUEST,
+                request=request
+            )
+        
+        refresh_token = serializer.validated_data['refresh']
+        
+        try:
+            # Decode and validate refresh token
+            payload = decode_token(refresh_token)
+            
+            # Verify it's a refresh token
+            if payload.get('type') != 'refresh':
+                return error_response(
+                    error='Invalid token type',
+                    status_code=status.HTTP_400_BAD_REQUEST,
+                    request=request
+                )
+            
+            # Get user
+            user_id = payload.get('user_id')
+            account_id = payload.get('account_id')
+            
+            try:
+                user = User.objects.select_related('account', 'account__plan').get(id=user_id)
+            except User.DoesNotExist:
+                return error_response(
+                    error='User not found',
+                    status_code=status.HTTP_404_NOT_FOUND,
+                    request=request
+                )
+            
+            # Get account
+            account = None
+            if account_id:
+                try:
+                    from .models import Account
+                    account = Account.objects.get(id=account_id)
+                except Exception:
+                    pass
+            
+            if not account:
+                account = getattr(user, 'account', None)
+            
+            # Generate new access token
+            access_token = generate_access_token(user, account)
+            access_expires_at = get_token_expiry('access')
+            
+            return success_response(
+                data={
+                    'access': access_token,
+                    'access_expires_at': access_expires_at.isoformat()
+                },
+                request=request
+            )
+            
+        except jwt.InvalidTokenError:
+            return error_response(
+                error='Invalid or expired refresh token',
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                request=request
+            )
+
+
 @extend_schema(exclude=True)  # Exclude from public API documentation - internal authenticated endpoint
 class MeView(APIView):
     """Get current user information."""
@@ -201,6 +287,7 @@ urlpatterns = [
     path('', include(router.urls)),
     path('register/', csrf_exempt(RegisterView.as_view()), name='auth-register'),
     path('login/', csrf_exempt(LoginView.as_view()), name='auth-login'),
+    path('refresh/', csrf_exempt(RefreshTokenView.as_view()), name='auth-refresh'),
     path('change-password/', ChangePasswordView.as_view(), name='auth-change-password'),
     path('me/', MeView.as_view(), name='auth-me'),
 ]

backend/igny8_core/auth/views.py

@@ -933,12 +933,10 @@ class AuthViewSet(viewsets.GenericViewSet):
                 return success_response(
                     data={
                         'user': user_serializer.data,
-                        'tokens': {
-                            'access': access_token,
-                            'refresh': refresh_token,
-                            'access_expires_at': access_expires_at.isoformat(),
-                            'refresh_expires_at': refresh_expires_at.isoformat(),
-                        }
+                        'access': access_token,
+                        'refresh': refresh_token,
+                        'access_expires_at': access_expires_at.isoformat(),
+                        'refresh_expires_at': refresh_expires_at.isoformat(),
                     },
                     message='Login successful',
                     request=request