feat: add /reset-password page

app.py

@@ -22,7 +22,7 @@ from supabase import create_client, Client
 # Import bootstrap to download private app
 from bootstrap import download_private_app
 from login import create_login_ui
-from supabase_logger import init_logger, log_event, set_user_context, get_user_context
+from supabase_logger import init_logger, log_event, set_user_context, get_user_context, set_request_source
 
 # --- Startup Meta Info ---
 print("=" * 80)
@@ -94,6 +94,23 @@ print("[PHASE] fastapi_init_end")
 _user_profile_cache: dict = {}
 
 # --- Request Logging Middleware ---
+def _resolve_source(request: Request) -> dict:
+    """リクエストヘッダから流入元を判定して source_channel / source_domain を返す。
+    判定優先順:
+      1. Referer に huggingface.co/spaces/ を含む → hf_embed（HF UI 経由の埋め込み表示）
+      2. ホストが *.hf.space → hf_space（Space への直接アクセス）
+      3. それ以外 → unknown
+    """
+    headers = request.headers
+    referer = (headers.get("referer") or "").lower()
+    host = (headers.get("x-forwarded-host") or headers.get("host") or "").lower()
+    if "huggingface.co/spaces/" in referer:
+        return {"source_channel": "hf_embed", "source_domain": "huggingface.co"}
+    if host.endswith(".hf.space"):
+        return {"source_channel": "hf_space", "source_domain": host}
+    return {"source_channel": "unknown", "source_domain": host or None}
+
+
 class RequestLoggingMiddleware(BaseHTTPMiddleware):
     async def dispatch(self, request: Request, call_next):
         start_time = time.time()
@@ -105,6 +122,10 @@ class RequestLoggingMiddleware(BaseHTTPMiddleware):
         set_user_context(user_info)
         user_tag = f" user={user_info['email']}" if user_info else ""
 
+        # Resolve source (flow-in channel) and store in contextvars
+        source_info = _resolve_source(request)
+        set_request_source(source_info)
+
         # print(f"[REQUEST] method={method} path={path}{user_tag}")
         # log_event("request", f"{method} {path}", metadata={"method": method, "path": path})
 
@@ -132,6 +153,7 @@ class RequestLoggingMiddleware(BaseHTTPMiddleware):
             raise
         finally:
             set_user_context(None)
+            set_request_source(None)
 
     @staticmethod
     def _resolve_user(request: Request):
@@ -183,10 +205,13 @@ app.add_middleware(RequestLoggingMiddleware)
 print("[MIDDLEWARE] RequestLoggingMiddleware added")
 
 # --- Authentication Handler (for login UI) ---
-def handle_login(email, password):
+def handle_login(request: gr.Request, email, password):
     """Handle login attempt via Supabase"""
     print(f"[AUTH] Login attempt for: {email}")
-    log_event("auth", "login_attempt", metadata={"email": email})
+    source = _resolve_source(request)
+    log_event("auth", "login_attempt",
+              user_override={"email": email},
+              metadata=source)
     try:
         res = supabase.auth.sign_in_with_password({"email": email, "password": password})
         if res.session:
@@ -194,7 +219,8 @@ def handle_login(email, password):
             user_ctx = {"user_id": str(res.user.id), "email": email}
             log_event(
                 "auth", "login_success",
-                user_override=user_ctx, metadata={"email": email},
+                user_override=user_ctx,
+                metadata=source,
             )
             return (
                 gr.update(visible=False), 
@@ -205,7 +231,9 @@ def handle_login(email, password):
         print(f"[AUTH] Login failed for {email}: {e}")
         log_event(
             "auth", "login_failure",
-            level="WARNING", metadata={"email": email, "error": str(e)},
+            level="WARNING",
+            user_override={"email": email},
+            metadata={"error": str(e), **source},
         )
         return gr.update(), gr.update(value=f"❌ エラー: {str(e)}"), None
 
@@ -270,13 +298,18 @@ if private_app_dir:
             def bridge_logger(event_type: str, message: str, metadata=None):
                 """Ver20からのログイベントをSupabaseに転送"""
                 user_override = None
+                session_id = None
                 clean_metadata = None
                 if metadata:
                     clean_metadata = dict(metadata)
                     user_ctx = clean_metadata.pop("_user_context", None)
                     if user_ctx and isinstance(user_ctx, dict):
                         user_override = user_ctx
-                log_event(event_type, message, metadata=clean_metadata, user_override=user_override)
+                    session_id = clean_metadata.pop("session_id", None)
+                log_event(event_type, message,
+                          metadata=clean_metadata,
+                          user_override=user_override,
+                          session_id=session_id)
                 
             set_logger_callback(bridge_logger)
             print("[LOGGING] Connected ver20 logging to Supabase")
@@ -491,10 +524,17 @@ async def reset_password_submit(
         html = _RESET_PASSWORD_HTML.format(message="❌ パスワードは8文字以上で設定してください。")
         return HTMLResponse(html, status_code=400)
 
+    reset_user_ctx = None
+    try:
+        _res = supabase.auth.get_user(access_token)
+        reset_user_ctx = {"user_id": str(_res.user.id), "email": _res.user.email}
+    except Exception:
+        pass
+
     try:
         supabase.auth.set_session(access_token, refresh_token)
         supabase.auth.update_user({"password": new_password})
-        log_event("auth", "password_reset_success")
+        log_event("auth", "password_reset_success", user_override=reset_user_ctx)
         success_html = """<!DOCTYPE html>
 <html lang="ja">
 <head>
@@ -521,7 +561,9 @@ async def reset_password_submit(
         return HTMLResponse(success_html)
     except Exception as e:
         print(f"[AUTH] Password reset failed: {e}")
-        log_event("auth", "password_reset_failure", level="WARNING", metadata={"error": str(e)})
+        log_event("auth", "password_reset_failure",
+                  level="WARNING", user_override=reset_user_ctx,
+                  metadata={"error": str(e)})
         html = _RESET_PASSWORD_HTML.format(message=f"❌ エラーが発生しました: {str(e)}")
         return HTMLResponse(html, status_code=400)
 

login.py

@@ -56,7 +56,8 @@ def create_login_ui(handle_login_fn):
     Create Gradio login UI (チャットはコメントアウト済み).
 
     Args:
-        handle_login_fn: Function to handle login (email, password) -> (form_update, status_update, token)
+        handle_login_fn: Function to handle login (request, email, password) -> (form_update, status_update, token)
+                         First argument must be gr.Request for source detection.
 
     Returns:
         Gradio Blocks UI for login
@@ -76,34 +77,8 @@ def create_login_ui(handle_login_fn):
         # Hidden textbox to store token and trigger cookie setting via JS
         token_storage = gr.Textbox(visible=False, elem_id="token_storage")
 
-        # --- チャット（コメントアウト） ---
-        # gr.Markdown("### 🔧 チャット初期化パラメータ（任意）")
-        # with gr.Row():
-        #     input_url = gr.Textbox(label="URL", placeholder="https://example.com", scale=3)
-        #     input_industry = gr.Textbox(label="業界 / カテゴリ", placeholder="EC、人材、金融など", scale=2)
-        #     input_cvr = gr.Number(label="CVR (%)", value=None, minimum=0, maximum=100, scale=1)
-        # apply_btn = gr.Button("チャットに反映", variant="secondary")
-        # gr.Markdown("### 💬 広告改善提案チャット")
-        # chat_frame = gr.HTML(build_chat_html({}))
-        # def on_load(request: gr.Request):
-        #     params = dict(request.query_params)
-        #     url_val = params.get("url", "")
-        #     industry_val = params.get("industry", "")
-        #     cvr_val = float(params["cvr"]) if params.get("cvr") else None
-        #     return url_val, industry_val, cvr_val, build_chat_html(params)
-        # ui.load(on_load, inputs=None, outputs=[input_url, input_industry, input_cvr, chat_frame])
-        # def update_chat(url, industry, cvr):
-        #     params = {}
-        #     if url:
-        #         params["url"] = url
-        #     if industry:
-        #         params["industry"] = industry
-        #     if cvr is not None:
-        #         params["cvr"] = cvr
-        #     return build_chat_html(params)
-        # apply_btn.click(update_chat, inputs=[input_url, input_industry, input_cvr], outputs=chat_frame)
-
-        # External login handler (from app.py) is bound here
+        # External login handler (from app.py) is bound here.
+        # gr.Request は Gradio が第1引数に自動注入するため inputs に含めない。
         login_btn.click(
             handle_login_fn,
             inputs=[email_input, pass_input],

supabase_logger.py

@@ -2,16 +2,17 @@
 Supabase structured logger with per-request user context.
 
 Usage:
-    from supabase_logger import init_logger, log_event, set_user_context, get_user_context
+    from supabase_logger import init_logger, log_event, set_user_context, get_user_context, set_request_source
 
     # At startup
     init_logger(supabase_client)
 
     # In middleware / auth
-    set_user_context({"user_id": "...", "email": "...", "role": "..."})
+    set_user_context({"user_id": "...", "email": "..."})
+    set_request_source({"source_channel": "hf_space", "source_domain": "dlpo-mbok-dev.hf.space"})
 
     # Anywhere
-    log_event("step_executed", "Step01 completed", metadata={"session_id": "abc"})
+    log_event("user", "click_step01", session_id="abc123", metadata={"force": False})
 """
 
 from __future__ import annotations
@@ -25,9 +26,13 @@ from typing import Any, Dict, Optional
 from supabase import Client
 
 _supabase: Optional[Client] = None
+
 _current_user: ContextVar[Optional[Dict[str, Any]]] = ContextVar(
     "current_user", default=None
 )
+_request_source: ContextVar[Optional[Dict[str, str]]] = ContextVar(
+    "request_source", default=None
+)
 
 
 def init_logger(client: Client) -> None:
@@ -43,6 +48,11 @@ def get_user_context() -> Optional[Dict[str, Any]]:
     return _current_user.get()
 
 
+def set_request_source(source: Optional[Dict[str, str]]) -> None:
+    """リクエストの流入元情報をセット（FastAPI middleware から呼ぶ）"""
+    _request_source.set(source)
+
+
 def log_event(
     event_type: str,
     message: str,
@@ -50,14 +60,16 @@ def log_event(
     level: str = "INFO",
     metadata: Optional[Dict[str, Any]] = None,
     user_override: Optional[Dict[str, Any]] = None,
+    session_id: Optional[str] = None,
 ) -> None:
     """
-    Insert a structured log row into Supabase ``app_logs``.
+    Insert a structured log row into Supabase ``activity_logs``.
 
     Falls back to stdout if the insert fails so the main request is
     never blocked by a logging error.
     """
     user = user_override or _current_user.get()
+    source = _request_source.get()
 
     row = {
         "event_type": event_type,
@@ -65,7 +77,9 @@ def log_event(
         "message": message,
         "user_id": user.get("user_id") if user else None,
         "user_email": user.get("email") if user else None,
-        "user_role": user.get("role") if user else None,
+        "session_id": session_id,
+        "source_channel": source.get("source_channel") if source else None,
+        "source_domain": source.get("source_domain") if source else None,
         "metadata": metadata or {},
         "created_at": datetime.now(timezone.utc).isoformat(),
     }
@@ -73,7 +87,7 @@ def log_event(
     def _insert():
         try:
             if _supabase is not None:
-                _supabase.table("app_logs").insert(row).execute()
+                _supabase.table("activity_logs").insert(row).execute()
         except Exception:
             print(f"[SUPABASE_LOG_ERROR] insert failed: {traceback.format_exc()}")
             print(f"[SUPABASE_LOG_ERROR] row: {row}")