Fix production auth failures by applying email verification migration

[ghanshyam2005singh]

This fixes production authentication failures caused by the email verification schema not being present in the remote D1 database.

Changes

• Added D1 migration configuration for email verification schema.

Result

• Registration works correctly.
• Login works correctly.
• Existing users remain able to log in.
• New users must verify their email before accessing the platform.

Summary

This PR fixes production authentication failures caused by a missing email verification schema in the remote Cloudflare D1 database. The fix involves two key changes:

Changes Made

1. Updated Database Schema (src/worker.py):

   • Modified the init_db() function to rely on the predefined _DDL schema statements for all database setup
   • Removed 11 lines of special-case fallback/backfill migration logic that previously attempted to ALTER TABLE users to add the email_verified column for existing tables
   • The _DDL now comprehensively defines the complete schema, including the email_verified column (with DEFAULT 0) in the users table and the email verification token tables

2. D1 Migration Configuration:

   • Added migrations/0003_add_email_verification.sql which includes:
     • ALTER TABLE users ADD COLUMN email_verified
     • Email verification tokens table with indexes
     • Password reset tokens table with indexes

Impact

• Registration: New users register with email_verified = 0 and receive a verification email with a single-use token valid for 24 hours
• Login: Users must verify their email before signing in; unverified accounts receive a 403 error with instructions to check their inbox
• Existing Users: Existing users in production are automatically marked as verified via the migration's UPDATE users SET email_verified = 1 statement, preserving access
• Schema Initialization: Database setup is now cleaner and more straightforward—it no longer requires idempotent fallback logic and instead relies on proper migration sequencing

The approach simplifies the codebase by delegating schema migration to D1's migration system in production while ensuring development environments have the complete schema definition through _DDL.

[coderabbitai]

Walkthrough

This change removes a fallback migration block from database initialization. The init_db function previously included try/except logic to add an email_verified column to existing users tables and mark pre-existing accounts as verified. Database setup now relies solely on predefined DDL schema execution.

Changes

Database Initialization Cleanup

Layer / File(s)	Summary
Remove fallback email_verified migration src/worker.py	The special-case idempotent migration block that handled ALTER TABLE for email_verified is removed; schema initialization now depends entirely on executing the predefined _DDL statements.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly addresses the main objective of the PR—fixing production auth failures through email verification migration—which aligns with the primary change described in the PR objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}