Update user_id for bigint and update secure

alembic/versions/44f93e0fb396_change_user_id_to_bigint.py

@@ -0,0 +1,66 @@
+"""change_user_id_to_bigint
+
+Revision ID: 44f93e0fb396
+Revises: 7ac28bbbc5ee
+Create Date: 2025-12-04 01:38:07.580350
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision: str = '44f93e0fb396'
+down_revision: Union[str, Sequence[str], None] = '7ac28bbbc5ee'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Upgrade schema."""
+    # Change user_id from Integer to BigInteger in all tables
+    # PostgreSQL allows direct type change from INTEGER to BIGINT
+    
+    # First, change foreign keys in tasks table
+    op.alter_column('tasks', 'user_id',
+                    existing_type=sa.Integer(),
+                    type_=sa.BigInteger(),
+                    existing_nullable=False)
+    
+    # Change foreign key in otp_codes table
+    op.alter_column('otp_codes', 'user_id',
+                    existing_type=sa.Integer(),
+                    type_=sa.BigInteger(),
+                    existing_nullable=False)
+    
+    # Finally, change primary key in users table
+    op.alter_column('users', 'user_id',
+                    existing_type=sa.Integer(),
+                    type_=sa.BigInteger(),
+                    existing_nullable=False)
+
+
+def downgrade() -> None:
+    """Downgrade schema."""
+    # Change user_id back from BigInteger to Integer
+    # Note: This may fail if there are values larger than INTEGER max value
+    
+    # Change primary key in users table first
+    op.alter_column('users', 'user_id',
+                    existing_type=sa.BigInteger(),
+                    type_=sa.Integer(),
+                    existing_nullable=False)
+    
+    # Change foreign key in otp_codes table
+    op.alter_column('otp_codes', 'user_id',
+                    existing_type=sa.BigInteger(),
+                    type_=sa.Integer(),
+                    existing_nullable=False)
+    
+    # Change foreign key in tasks table
+    op.alter_column('tasks', 'user_id',
+                    existing_type=sa.BigInteger(),
+                    type_=sa.Integer(),
+                    existing_nullable=False)

bot/modules/access_control/auth.py

@@ -48,9 +48,10 @@ async def is_authorized(user_id: int) -> bool:
     # If private mode is disabled
     # Check whitelist (if configured)
     if settings.authorized_users_list:
-        return user_id in settings.authorized_users_list
+        if user_id in settings.authorized_users_list:
+            return True
     
-    # If whitelist is not configured, check in database
+    # Check in database (users added via /adduser should have access)
     async with AsyncSessionLocal() as session:
         user = await session.get(User, user_id)
         # If user exists in database and is not blocked - allow access

shared/database/models.py

@@ -13,7 +13,7 @@ class User(Base):
     """User model"""
     __tablename__ = "users"
     
-    user_id = Column(Integer, primary_key=True, unique=True, index=True)
+    user_id = Column(BigInteger, primary_key=True, unique=True, index=True)
     username = Column(String(255), nullable=True)
     first_name = Column(String(255), nullable=True)
     last_name = Column(String(255), nullable=True)
@@ -34,7 +34,7 @@ class Task(Base):
     __tablename__ = "tasks"
     
     id = Column(BigInteger, primary_key=True, index=True)
-    user_id = Column(Integer, ForeignKey("users.user_id"), nullable=False, index=True)  # Index for frequent queries
+    user_id = Column(BigInteger, ForeignKey("users.user_id"), nullable=False, index=True)  # Index for frequent queries
     task_type = Column(String(50), nullable=False)  # download, process, etc.
     status = Column(String(50), default="pending", index=True)  # Index for status filtering
     url = Column(Text, nullable=True)
@@ -77,7 +77,7 @@ class OTPCode(Base):
     __tablename__ = "otp_codes"
     
     id = Column(Integer, primary_key=True, index=True)
-    user_id = Column(Integer, ForeignKey("users.user_id"), nullable=False, index=True)
+    user_id = Column(BigInteger, ForeignKey("users.user_id"), nullable=False, index=True)
     code = Column(String(6), nullable=False, index=True)  # 6-digit code
     expires_at = Column(DateTime, nullable=False, index=True)
     used = Column(Boolean, default=False, index=True)