Add public demo mode with auto-seeding, hourly reset, and Portainer deploy guide

- DEMO_MODE=true env flag: disables password changes and backup endpoints (403), exposes GET /demo/status for frontend detection - Auto-seed on first startup: creates demo user (demo@mymidas.app / demo123) with 6 months of transactions, investments, budgets, subscriptions, and tax payslips; takes a pg_dump snapshot immediately after for hourly restore - Hourly reset: resetter Alpine container with cron restores DB from snapshot and purges uploaded attachments every hour on the hour - Frontend: amber demo banner on all pages, login page shows credentials, password change disabled with notice, backups section replaced with notice - demo/ directory: self-contained docker-compose.yml (ports 4001/8091), .env.example, reset.sh, and step-by-step Portainer DEPLOY.md Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-23 22:08:24 +00:00 · 2026-04-23 22:08:24 +00:00 · 9897d03d91
commit 9897d03d91
parent afb5e99bb2
17 changed files with 975 additions and 2 deletions
--- a/backend/app/api/v1/users.py
+++ b/backend/app/api/v1/users.py
@ -8,6 +8,7 @@ from pydantic import BaseModel, Field
 from sqlalchemy import select
 from sqlalchemy.ext.asyncio import AsyncSession

+from app.config import get_settings
 from app.core.audit import write_audit
 from app.core.security import hash_password, verify_password
 from app.dependencies import get_current_user, get_db
@ -41,6 +42,8 @@ async def change_password(
    db: AsyncSession = Depends(get_db),
    user=Depends(get_current_user),
 ):
+    if get_settings().is_demo:
+        raise HTTPException(status_code=403, detail="Password changes are disabled in demo mode")
    if not verify_password(body.current_password, user.password_hash):
        raise HTTPException(status_code=400, detail="Current password is incorrect")
    user.password_hash = hash_password(body.new_password)