Update server.py

server.py

@@ -8,6 +8,7 @@ from auth_handler import AuthManager
 
 app = FastAPI()
 auth = AuthManager()
+otp_storage = {}
 auth._init_db()
 
 app.add_middleware(
@@ -78,3 +79,39 @@ async def get_history(username: str):
         "labels": [r[1] for r in rows]  # Extract just the timestamps
     }
     return formatted_data
+
+@app.post("/request-reset")
+async def request_reset(data: EmailData):
+    email = data.email
+    # Check if the pilot actually exists in Supabase
+    if not auth.email_exists(email):
+        return {"success": False, "message": "Callsign not found in deep space logs."}
+
+    # Generate a code and store it in memory
+    otp = str(random.randint(100000, 999999))
+    otp_storage[email] = otp
+
+    # Dispatch via Brevo
+    success = auth.send_otp_via_brevo(email, otp)
+    
+    if success:
+        return {"success": True, "message": "Verification code dispatched to your hangar!"}
+    else:
+        return {"success": False, "message": "Comms failure: Brevo link interrupted."}
+
+@app.post("/confirm-reset")
+async def confirm_reset(data: AuthData):
+    email = data.email
+    otp = data.otp
+    
+    # 1. Verify the code matches what we stored
+    if otp_storage.get(email) != otp:
+        return {"success": False, "message": "Invalid code. Authorization denied."}
+
+    # 2. Update the password in Supabase
+    success, msg = auth.reset_password(email, data.username, data.password)
+
+    if success:
+        del otp_storage[email] # Clear code from memory
+    
+    return {"success": success, "message": msg}