✅ 3. Run Index Creation (One Time)
Option A: Django Shell (Recommended)
python manage.py shell

from core.db.indexes import create_indexes
create_indexes()
 
 

You’ll see no output — that’s normal.

Option B: Auto-run on Startup (Optional)

Add to apps.py (advanced setups only):

from django.apps import AppConfig

class AuthConfig(AppConfig):
    name = "apps.auth"

    def ready(self):
        from core.db.indexes import create_indexes
        create_indexes()


⚠️ Use this only once in production, not on every restart.

✅ 4. Verify in MongoDB Compass

You should see:

📂 Collections
otp_requests
otp_ip_blocks




Option A: Django shell (recommended)
python manage.py shell

from core.db.mongo import otp_ip_block_collection

otp_ip_block_collection.create_index(
    "blocked_until",
    expireAfterSeconds=0
)


You should see something like:

'blocked_until_1'



import { v4 as uuidv4 } from "uuid";

let deviceId = localStorage.getItem("device_id");
if (!deviceId) {
  deviceId = uuidv4();
  localStorage.setItem("device_id", deviceId);
}


X-Device-Id: <uuid>





from pymongo import ASCENDING
from core.db.mongo import user_sessions_collection

# Fast lookup by user
user_sessions_collection.create_index(
    [("user_id", ASCENDING)]
)

# One session per device per user
user_sessions_collection.create_index(
    [("user_id", ASCENDING), ("device_id", ASCENDING)],
    unique=True
)

# Fast refresh token lookup
user_sessions_collection.create_index(
    [("refresh_token_hash", ASCENDING)],
    unique=True
)

# Auto-delete inactive sessions (TTL)
user_sessions_collection.create_index(
    [("last_active", ASCENDING)],
    expireAfterSeconds=60 * 60 * 24 * 30  # 30 days
)



5️⃣ OPTIONAL: LIMIT MAX DEVICES (RECOMMENDED)

Example: Max 5 devices per user

MAX_DEVICES = 5

active_sessions = user_sessions_collection.count_documents({
    "user_id": ObjectId(user_id),
    "is_active": True
})


 
if active_sessions >= MAX_DEVICES:
    return Response(
        {"error": "Maximum device limit reached"},
        status=403
    )


if payload.get("type") != "access":
    return Response({"error": "Invalid token type"}, status=401)



geo location db
https://github.com/P3TERX/GeoLite.mmdb?tab=readme-ov-file