feat(auth): require email confirmation for new accounts

Updates the user registration and new account creation endpoints to require email confirmation.

- Sets the 'confirmed' flag to 'false' by default for all new user accounts.
- Generates a unique confirmation token for each new user.
- Logs the confirmation link to the console for development purposes.

This change ensures that users cannot log in without first verifying their email address, enhancing account security.

routes/auth/confirm.py

@@ -0,0 +1,25 @@
+from fastapi import APIRouter, Depends, HTTPException
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy import select
+from database import get_db
+from models import Account_User
+from datetime import datetime, timezone
+
+router = APIRouter()
+
+@router.get("/confirm-email")
+async def confirm_email(token: str, db: AsyncSession = Depends(get_db)):
+    result = await db.execute(select(Account_User).where(Account_User.confirmation_token == token))
+    user = result.scalar_one_or_none()
+
+    if not user:
+        raise HTTPException(status_code=400, detail="Invalid token")
+
+    if user.confirmed:
+        return {"message": "Account already confirmed"}
+
+    user.confirmed = 1
+    user.confirmed_at = datetime.now(timezone.utc)
+    await db.commit()
+
+    return {"message": "Email confirmed successfully"}