Add IP, user-agent, and full titles to all auth ntfy notifications

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/app/routers/auth.py

@@ -31,7 +31,7 @@ COOKIE_OPTS = {
 
 
 @router.post("/register", response_model=TokenResponse, status_code=status.HTTP_201_CREATED)
-async def register(body: RegisterRequest, response: Response, db: AsyncSession = Depends(get_db)):
+async def register(body: RegisterRequest, response: Response, request: Request, db: AsyncSession = Depends(get_db)):
     existing = await db.execute(select(User).where(User.email == body.email))
     if existing.scalar_one_or_none():
         raise HTTPException(status_code=400, detail="Email already registered")
@@ -59,9 +59,11 @@ async def register(body: RegisterRequest, response: Response, db: AsyncSession =
     refresh = create_refresh_token({"sub": str(user.id)})
     response.set_cookie(REFRESH_COOKIE, refresh, **COOKIE_OPTS)
 
+    ip = request.headers.get("X-Forwarded-For", request.client.host if request.client else "unknown").split(",")[0].strip()
+    ua = request.headers.get("User-Agent", "unknown")
     await notify(
-        title="New User Registered",
+        title="Homeschool Dashboard New User Registered",
-        message=f"{body.full_name} ({body.email})",
+        message=f"Name: {body.full_name}\nEmail: {body.email}\nIP: {ip}\nUA: {ua}",
         priority="default",
         tags=["bust_in_silhouette"],
     )
@@ -74,20 +76,22 @@ _LOGIN_LOCKOUT_MINUTES = 15
 
 
 @router.post("/login", response_model=TokenResponse)
-async def login(body: LoginRequest, response: Response, db: AsyncSession = Depends(get_db)):
+async def login(body: LoginRequest, response: Response, request: Request, db: AsyncSession = Depends(get_db)):
     result = await db.execute(select(User).where(User.email == body.email))
     user = result.scalar_one_or_none()
     if not user:
         raise HTTPException(status_code=401, detail="Invalid credentials")
 
     now = datetime.now(timezone.utc).replace(tzinfo=None)
+    ip = request.headers.get("X-Forwarded-For", request.client.host if request.client else "unknown").split(",")[0].strip()
+    ua = request.headers.get("User-Agent", "unknown")
 
     if user.locked_until and user.locked_until > now:
         remaining = int((user.locked_until - now).total_seconds() / 60) + 1
         logger.warning("Locked account login attempt for email=%s", body.email)
         await notify(
-            title="Login Attempt on Locked Account",
+            title="Homeschool Dashboard Login Attempt on Locked Account",
-            message=f"{body.email} — locked for {remaining} more minute(s)",
+            message=f"Email: {body.email}\nLocked for {remaining} more minute(s)\nIP: {ip}\nUA: {ua}",
             priority="high",
             tags=["lock"],
         )
@@ -103,8 +107,8 @@ async def login(body: LoginRequest, response: Response, db: AsyncSession = Depen
             user.locked_until = now + timedelta(minutes=_LOGIN_LOCKOUT_MINUTES)
             logger.warning("Account locked for email=%s after %d failed attempts", body.email, user.failed_login_attempts)
             await notify(
-                title="Account Locked",
+                title="Homeschool Dashboard Account Locked",
-                message=f"{body.email} locked after {user.failed_login_attempts} failed attempts",
+                message=f"Email: {body.email}\nLocked after {user.failed_login_attempts} failed attempts\nIP: {ip}\nUA: {ua}",
                 priority="urgent",
                 tags=["warning"],
             )