Initial account microservice

Account dashboard, newsletters, widget pages (tickets, bookings).
OAuth SSO client via shared blueprint — per-app first-party cookies.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

bp/__init__.py

@@ -0,0 +1 @@
+from .account.routes import register as register_account_bp

bp/account/routes.py

@@ -0,0 +1,162 @@
+"""Account pages blueprint.
+
+Moved from federation/bp/auth — newsletters, widget pages (tickets, bookings).
+Mounted at root /.
+"""
+from __future__ import annotations
+
+from quart import (
+    Blueprint,
+    request,
+    render_template,
+    make_response,
+    redirect,
+    g,
+)
+from sqlalchemy import select
+
+from shared.models import UserNewsletter
+from shared.models.ghost_membership_entities import GhostNewsletter
+from shared.services.widget_registry import widgets
+from shared.infrastructure.urls import login_url
+
+oob = {
+    "oob_extends": "oob_elements.html",
+    "extends": "_types/root/_index.html",
+    "parent_id": "root-header-child",
+    "child_id": "auth-header-child",
+    "header": "_types/auth/header/_header.html",
+    "parent_header": "_types/root/header/_header.html",
+    "nav": "_types/auth/_nav.html",
+    "main": "_types/auth/_main_panel.html",
+}
+
+
+def register(url_prefix="/"):
+    account_bp = Blueprint("account", __name__, url_prefix=url_prefix)
+
+    @account_bp.context_processor
+    def context():
+        return {"oob": oob, "account_nav_links": widgets.account_nav}
+
+    @account_bp.get("/")
+    async def account():
+        from shared.browser.app.utils.htmx import is_htmx_request
+
+        if not g.get("user"):
+            return redirect(login_url("/"))
+
+        if not is_htmx_request():
+            html = await render_template("_types/auth/index.html")
+        else:
+            html = await render_template("_types/auth/_oob_elements.html")
+
+        return await make_response(html)
+
+    @account_bp.get("/newsletters/")
+    async def newsletters():
+        from shared.browser.app.utils.htmx import is_htmx_request
+
+        if not g.get("user"):
+            return redirect(login_url("/newsletters/"))
+
+        result = await g.s.execute(
+            select(GhostNewsletter).order_by(GhostNewsletter.name)
+        )
+        all_newsletters = result.scalars().all()
+
+        sub_result = await g.s.execute(
+            select(UserNewsletter).where(
+                UserNewsletter.user_id == g.user.id,
+            )
+        )
+        user_subs = {un.newsletter_id: un for un in sub_result.scalars().all()}
+
+        newsletter_list = []
+        for nl in all_newsletters:
+            un = user_subs.get(nl.id)
+            newsletter_list.append({
+                "newsletter": nl,
+                "un": un,
+                "subscribed": un.subscribed if un else False,
+            })
+
+        nl_oob = {**oob, "main": "_types/auth/_newsletters_panel.html"}
+
+        if not is_htmx_request():
+            html = await render_template(
+                "_types/auth/index.html",
+                oob=nl_oob,
+                newsletter_list=newsletter_list,
+            )
+        else:
+            html = await render_template(
+                "_types/auth/_oob_elements.html",
+                oob=nl_oob,
+                newsletter_list=newsletter_list,
+            )
+
+        return await make_response(html)
+
+    @account_bp.post("/newsletter/<int:newsletter_id>/toggle/")
+    async def toggle_newsletter(newsletter_id: int):
+        if not g.get("user"):
+            return "", 401
+
+        result = await g.s.execute(
+            select(UserNewsletter).where(
+                UserNewsletter.user_id == g.user.id,
+                UserNewsletter.newsletter_id == newsletter_id,
+            )
+        )
+        un = result.scalar_one_or_none()
+
+        if un:
+            un.subscribed = not un.subscribed
+        else:
+            un = UserNewsletter(
+                user_id=g.user.id,
+                newsletter_id=newsletter_id,
+                subscribed=True,
+            )
+            g.s.add(un)
+
+        await g.s.flush()
+
+        return await render_template(
+            "_types/auth/_newsletter_toggle.html",
+            un=un,
+        )
+
+    # Catch-all for widget pages — must be last
+    @account_bp.get("/<slug>/")
+    async def widget_page(slug):
+        from shared.browser.app.utils.htmx import is_htmx_request
+        from quart import abort
+
+        widget = widgets.account_page_by_slug(slug)
+        if not widget:
+            abort(404)
+
+        if not g.get("user"):
+            return redirect(login_url(f"/{slug}/"))
+
+        ctx = await widget.context_fn(g.s, user_id=g.user.id)
+        w_oob = {**oob, "main": widget.template}
+
+        if not is_htmx_request():
+            html = await render_template(
+                "_types/auth/index.html",
+                oob=w_oob,
+                **ctx,
+            )
+        else:
+            html = await render_template(
+                "_types/auth/_oob_elements.html",
+                oob=w_oob,
+                **ctx,
+            )
+
+        return await make_response(html)
+
+    return account_bp