Spaces:

Naveedtechlab
/

ai-textbook-backend

Sleeping

AI Development Team Claude Opus 4.5 commited on Jan 31

Commit

4004da2

1 Parent(s): adf2769

feat: Add Google/Facebook OAuth, profile page, and responsive UI

- Add OAuth authentication (Google & Facebook) to login/signup
- Add profile page for users to view/edit their information
- Update User model with OAuth fields (oauth_provider, oauth_id, profile_picture)
- Add profile endpoints (GET/PUT /auth/profile)
- Update AuthNavbarItem to show profile pictures from OAuth
- Add comprehensive responsive design for mobile/tablet/desktop
- Update CORS to include production URLs
- Add touch-friendly UI elements and safe area support

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Files changed (8) hide show

api/auth.py +299 -7
database/models.py +13 -1
main.py +6 -0
src/auth/schemas.py +67 -4
src/config/settings.py +6 -0
src/db/crud.py +37 -4
src/db/models/user.py +21 -4
src/routes/auth.py +276 -17

api/auth.py CHANGED Viewed

@@ -1,8 +1,9 @@
 from fastapi import APIRouter, HTTPException, Depends, Header
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
 from pydantic import BaseModel, EmailStr
-from typing import Optional
 import logging
 logger = logging.getLogger(__name__)
 router = APIRouter()
@@ -21,6 +22,8 @@ except ImportError:
     get_db = None
     logging.warning("Database modules not available. Auth will use mock mode.")
 class SignupRequest(BaseModel):
     email: EmailStr
     password: str
@@ -28,22 +31,41 @@ class SignupRequest(BaseModel):
     hardware_background: Optional[str] = None
     experience_level: Optional[str] = "Intermediate"
 class LoginRequest(BaseModel):
     email: EmailStr
     password: str
 class AuthResponse(BaseModel):
     user_id: str
     email: str
     access_token: str
     token_type: str = "bearer"
 class UserProfileResponse(BaseModel):
     user_id: str
     email: str
-    software_background: Optional[str]
-    hardware_background: Optional[str]
-    experience_level: Optional[str]
 def get_db_session():
@@ -53,6 +75,66 @@ def get_db_session():
     return None
 @router.post("/auth/signup", response_model=AuthResponse)
 async def signup(request: SignupRequest):
     """Handle user registration with background information"""
@@ -146,6 +228,13 @@ async def login(request: LoginRequest):
             if not user:
                 raise HTTPException(status_code=401, detail="Invalid credentials")
             # Verify password
             if not verify_password(request.password, user.password_hash):
                 raise HTTPException(status_code=401, detail="Invalid credentials")
@@ -173,6 +262,121 @@ async def login(request: LoginRequest):
         raise HTTPException(status_code=500, detail="Error during login")
 @router.get("/auth/profile", response_model=UserProfileResponse)
 async def get_profile(
     authorization: Optional[str] = Header(None),
@@ -185,9 +389,12 @@ async def get_profile(
             return UserProfileResponse(
                 user_id="mock_user_id",
                 email="mock@example.com",
                 software_background="Python, JavaScript",
                 hardware_background="Arduino, Raspberry Pi",
-                experience_level="Intermediate"
             )
         # Get token from Authorization header or credentials
@@ -218,9 +425,12 @@ async def get_profile(
             return UserProfileResponse(
                 user_id=str(user.id),
                 email=user.email,
                 software_background=user.software_background,
                 hardware_background=user.hardware_background,
-                experience_level=user.experience_level
             )
         finally:
             db.close()
@@ -232,10 +442,92 @@ async def get_profile(
         raise HTTPException(status_code=500, detail="Error retrieving profile")
 @router.get("/auth/health")
 async def auth_health():
     """Health check for auth service"""
     return {
         "status": "auth service is running",
-        "database_enabled": DB_ENABLED
     }

 from fastapi import APIRouter, HTTPException, Depends, Header
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
 from pydantic import BaseModel, EmailStr
+from typing import Optional, Literal
 import logging
+import httpx
 logger = logging.getLogger(__name__)
 router = APIRouter()
     get_db = None
     logging.warning("Database modules not available. Auth will use mock mode.")
+# Request/Response Models
 class SignupRequest(BaseModel):
     email: EmailStr
     password: str
     hardware_background: Optional[str] = None
     experience_level: Optional[str] = "Intermediate"
 class LoginRequest(BaseModel):
     email: EmailStr
     password: str
+class OAuthRequest(BaseModel):
+    """OAuth login/signup request"""
+    provider: Literal["google", "facebook"]
+    access_token: str
 class AuthResponse(BaseModel):
     user_id: str
     email: str
     access_token: str
     token_type: str = "bearer"
 class UserProfileResponse(BaseModel):
     user_id: str
     email: str
+    full_name: Optional[str] = None
+    software_background: Optional[str] = None
+    hardware_background: Optional[str] = None
+    experience_level: Optional[str] = None
+    oauth_provider: Optional[str] = None
+    profile_picture: Optional[str] = None
+class ProfileUpdateRequest(BaseModel):
+    full_name: Optional[str] = None
+    software_background: Optional[str] = None
+    hardware_background: Optional[str] = None
+    experience_level: Optional[str] = None
 def get_db_session():
     return None
+# OAuth Helper Functions
+async def verify_google_token(access_token: str) -> dict:
+    """Verify Google OAuth token and get user info"""
+    try:
+        async with httpx.AsyncClient() as client:
+            response = await client.get(
+                "https://www.googleapis.com/oauth2/v3/userinfo",
+                headers={"Authorization": f"Bearer {access_token}"}
+            )
+            if response.status_code != 200:
+                logger.error(f"Google token verification failed: {response.text}")
+                return None
+            data = response.json()
+            return {
+                "email": data.get("email"),
+                "name": data.get("name"),
+                "picture": data.get("picture"),
+                "provider_id": data.get("sub"),
+                "provider": "google"
+            }
+    except Exception as e:
+        logger.error(f"Error verifying Google token: {e}")
+        return None
+async def verify_facebook_token(access_token: str) -> dict:
+    """Verify Facebook OAuth token and get user info"""
+    try:
+        async with httpx.AsyncClient() as client:
+            response = await client.get(
+                "https://graph.facebook.com/me",
+                params={
+                    "fields": "id,name,email,picture.type(large)",
+                    "access_token": access_token
+                }
+            )
+            if response.status_code != 200:
+                logger.error(f"Facebook token verification failed: {response.text}")
+                return None
+            data = response.json()
+            picture_url = None
+            if data.get("picture") and data["picture"].get("data"):
+                picture_url = data["picture"]["data"].get("url")
+            return {
+                "email": data.get("email"),
+                "name": data.get("name"),
+                "picture": picture_url,
+                "provider_id": data.get("id"),
+                "provider": "facebook"
+            }
+    except Exception as e:
+        logger.error(f"Error verifying Facebook token: {e}")
+        return None
 @router.post("/auth/signup", response_model=AuthResponse)
 async def signup(request: SignupRequest):
     """Handle user registration with background information"""
             if not user:
                 raise HTTPException(status_code=401, detail="Invalid credentials")
+            # Check if user is OAuth-only
+            if user.oauth_provider and not user.password_hash:
+                raise HTTPException(
+                    status_code=401,
+                    detail=f"This account uses {user.oauth_provider} login. Please use the {user.oauth_provider} button to sign in."
+                )
             # Verify password
             if not verify_password(request.password, user.password_hash):
                 raise HTTPException(status_code=401, detail="Invalid credentials")
         raise HTTPException(status_code=500, detail="Error during login")
+@router.post("/auth/oauth", response_model=AuthResponse)
+async def oauth_login(request: OAuthRequest):
+    """Handle OAuth login/signup (Google or Facebook)"""
+    try:
+        if not DB_ENABLED:
+            # Mock mode for testing
+            return AuthResponse(
+                user_id="mock_oauth_user_id",
+                email="oauth@example.com",
+                access_token="mock_oauth_access_token",
+                token_type="bearer"
+            )
+        # Verify OAuth token
+        user_info = None
+        if request.provider == "google":
+            user_info = await verify_google_token(request.access_token)
+        elif request.provider == "facebook":
+            user_info = await verify_facebook_token(request.access_token)
+        else:
+            raise HTTPException(status_code=400, detail="Unsupported OAuth provider")
+        if not user_info or not user_info.get("email"):
+            raise HTTPException(status_code=401, detail="Could not verify OAuth token or get user email")
+        # Get database session
+        from database.db import SessionLocal
+        db = SessionLocal()
+        try:
+            # Check if user exists by OAuth ID
+            existing_user = db.query(DBUser).filter(
+                DBUser.oauth_provider == request.provider,
+                DBUser.oauth_id == user_info["provider_id"]
+            ).first()
+            if existing_user:
+                # User exists, log them in
+                access_token = create_access_token(data={
+                    "sub": str(existing_user.id),
+                    "email": existing_user.email
+                })
+                logger.info(f"OAuth user logged in: {existing_user.email}")
+                return AuthResponse(
+                    user_id=str(existing_user.id),
+                    email=existing_user.email,
+                    access_token=access_token,
+                    token_type="bearer"
+                )
+            # Check if user exists by email
+            existing_email_user = db.query(DBUser).filter(DBUser.email == user_info["email"]).first()
+            if existing_email_user:
+                # Link OAuth to existing account
+                existing_email_user.oauth_provider = request.provider
+                existing_email_user.oauth_id = user_info["provider_id"]
+                if user_info.get("picture"):
+                    existing_email_user.profile_picture = user_info["picture"]
+                if user_info.get("name") and not existing_email_user.full_name:
+                    existing_email_user.full_name = user_info["name"]
+                db.commit()
+                access_token = create_access_token(data={
+                    "sub": str(existing_email_user.id),
+                    "email": existing_email_user.email
+                })
+                logger.info(f"Linked OAuth to existing user: {existing_email_user.email}")
+                return AuthResponse(
+                    user_id=str(existing_email_user.id),
+                    email=existing_email_user.email,
+                    access_token=access_token,
+                    token_type="bearer"
+                )
+            # Create new OAuth user
+            new_user = DBUser(
+                email=user_info["email"],
+                password_hash=None,  # OAuth users don't have passwords
+                full_name=user_info.get("name"),
+                oauth_provider=request.provider,
+                oauth_id=user_info["provider_id"],
+                profile_picture=user_info.get("picture")
+            )
+            db.add(new_user)
+            db.commit()
+            db.refresh(new_user)
+            access_token = create_access_token(data={
+                "sub": str(new_user.id),
+                "email": new_user.email
+            })
+            logger.info(f"New OAuth user registered: {new_user.email}")
+            return AuthResponse(
+                user_id=str(new_user.id),
+                email=new_user.email,
+                access_token=access_token,
+                token_type="bearer"
+            )
+        except IntegrityError:
+            db.rollback()
+            raise HTTPException(status_code=400, detail="Error creating user account")
+        finally:
+            db.close()
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Error during OAuth login: {str(e)}")
+        raise HTTPException(status_code=500, detail="Error during OAuth authentication")
 @router.get("/auth/profile", response_model=UserProfileResponse)
 async def get_profile(
     authorization: Optional[str] = Header(None),
             return UserProfileResponse(
                 user_id="mock_user_id",
                 email="mock@example.com",
+                full_name="Mock User",
                 software_background="Python, JavaScript",
                 hardware_background="Arduino, Raspberry Pi",
+                experience_level="Intermediate",
+                oauth_provider=None,
+                profile_picture=None
             )
         # Get token from Authorization header or credentials
             return UserProfileResponse(
                 user_id=str(user.id),
                 email=user.email,
+                full_name=getattr(user, 'full_name', None),
                 software_background=user.software_background,
                 hardware_background=user.hardware_background,
+                experience_level=user.experience_level,
+                oauth_provider=getattr(user, 'oauth_provider', None),
+                profile_picture=getattr(user, 'profile_picture', None)
             )
         finally:
             db.close()
         raise HTTPException(status_code=500, detail="Error retrieving profile")
+@router.put("/auth/profile", response_model=UserProfileResponse)
+async def update_profile(
+    request: ProfileUpdateRequest,
+    authorization: Optional[str] = Header(None),
+    credentials: Optional[HTTPAuthorizationCredentials] = Depends(security)
+):
+    """Update user profile information"""
+    try:
+        if not DB_ENABLED:
+            # Mock mode
+            return UserProfileResponse(
+                user_id="mock_user_id",
+                email="mock@example.com",
+                full_name=request.full_name,
+                software_background=request.software_background,
+                hardware_background=request.hardware_background,
+                experience_level=request.experience_level,
+                oauth_provider=None,
+                profile_picture=None
+            )
+        # Get token
+        token = None
+        if credentials:
+            token = credentials.credentials
+        elif authorization and authorization.startswith("Bearer "):
+            token = authorization.replace("Bearer ", "")
+        if not token:
+            raise HTTPException(status_code=401, detail="Authorization token required")
+        # Decode token and get user ID
+        user_id = get_current_user_id_from_token(token)
+        if not user_id:
+            raise HTTPException(status_code=401, detail="Invalid or expired token")
+        # Get database session
+        from database.db import SessionLocal
+        db = SessionLocal()
+        try:
+            # Get user from database
+            user = db.query(DBUser).filter(DBUser.id == user_id).first()
+            if not user:
+                raise HTTPException(status_code=404, detail="User not found")
+            # Update fields if provided
+            if request.full_name is not None:
+                user.full_name = request.full_name
+            if request.software_background is not None:
+                user.software_background = request.software_background
+            if request.hardware_background is not None:
+                user.hardware_background = request.hardware_background
+            if request.experience_level is not None:
+                user.experience_level = request.experience_level
+            db.commit()
+            db.refresh(user)
+            logger.info(f"User profile updated: {user.email}")
+            return UserProfileResponse(
+                user_id=str(user.id),
+                email=user.email,
+                full_name=getattr(user, 'full_name', None),
+                software_background=user.software_background,
+                hardware_background=user.hardware_background,
+                experience_level=user.experience_level,
+                oauth_provider=getattr(user, 'oauth_provider', None),
+                profile_picture=getattr(user, 'profile_picture', None)
+            )
+        finally:
+            db.close()
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Error updating profile: {str(e)}")
+        raise HTTPException(status_code=500, detail="Error updating profile")
 @router.get("/auth/health")
 async def auth_health():
     """Health check for auth service"""
     return {
         "status": "auth service is running",
+        "database_enabled": DB_ENABLED,
+        "oauth_providers": ["google", "facebook"]
     }

database/models.py CHANGED Viewed

@@ -12,13 +12,25 @@ class User(Base):
     id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
     email = Column(String(255), unique=True, nullable=False, index=True)
-    password_hash = Column(String(255), nullable=False)
     software_background = Column(Text, nullable=True)
     hardware_background = Column(Text, nullable=True)
     experience_level = Column(String(50), nullable=True, default="Intermediate")
     created_at = Column(DateTime(timezone=True), server_default=func.now())
     updated_at = Column(DateTime(timezone=True), onupdate=func.now())
 class Personalization(Base):
     __tablename__ = "personalizations"

     id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
     email = Column(String(255), unique=True, nullable=False, index=True)
+    password_hash = Column(String(255), nullable=True)  # Nullable for OAuth users
+    full_name = Column(String(255), nullable=True)
     software_background = Column(Text, nullable=True)
     hardware_background = Column(Text, nullable=True)
     experience_level = Column(String(50), nullable=True, default="Intermediate")
+    # OAuth fields
+    oauth_provider = Column(String(50), nullable=True)  # 'google', 'facebook', or None
+    oauth_id = Column(String(255), nullable=True)  # Provider's user ID
+    profile_picture = Column(String(500), nullable=True)  # Profile picture URL from OAuth
     created_at = Column(DateTime(timezone=True), server_default=func.now())
     updated_at = Column(DateTime(timezone=True), onupdate=func.now())
+    # Index for OAuth lookup
+    __table_args__ = (
+        Index('idx_user_oauth', 'oauth_provider', 'oauth_id'),
+    )
 class Personalization(Base):
     __tablename__ = "personalizations"

main.py CHANGED Viewed

@@ -108,6 +108,12 @@ app.add_middleware(
         "http://localhost:8000",
         "http://127.0.0.1:3000",
         "http://127.0.0.1:3001",
     ],
     allow_credentials=True,
     allow_methods=["GET", "POST", "PUT", "DELETE", "OPTIONS"],

         "http://localhost:8000",
         "http://127.0.0.1:3000",
         "http://127.0.0.1:3001",
+        # Production URLs
+        "https://naveed247365-ai-textbook-frontend.hf.space",
+        "https://ai-native-textbook.vercel.app",
+        # OAuth providers
+        "https://accounts.google.com",
+        "https://www.facebook.com",
     ],
     allow_credentials=True,
     allow_methods=["GET", "POST", "PUT", "DELETE", "OPTIONS"],

src/auth/schemas.py CHANGED Viewed

@@ -1,8 +1,9 @@
 """
 Authentication schemas for request/response validation
 """
-from pydantic import BaseModel, EmailStr
-from typing import Optional
 from datetime import datetime
 import uuid
@@ -14,6 +15,9 @@ class UserBase(BaseModel):
 class UserCreate(UserBase):
     password: str
     class Config:
         from_attributes = True
@@ -22,6 +26,27 @@ class UserCreate(UserBase):
 class UserUpdate(BaseModel):
     full_name: Optional[str] = None
     email: Optional[EmailStr] = None
     class Config:
         from_attributes = True
@@ -30,6 +55,10 @@ class UserUpdate(BaseModel):
 class UserInDB(UserBase):
     id: uuid.UUID
     is_active: bool
     created_at: datetime
     updated_at: Optional[datetime] = None
@@ -45,9 +74,43 @@ class UserLogin(BaseModel):
 class Token(BaseModel):
     access_token: str
     token_type: str = "bearer"
-    expires_in: int
 class TokenData(BaseModel):
     user_id: Optional[str] = None
-    username: Optional[str] = None

 """
 Authentication schemas for request/response validation
+Supports email/password and OAuth (Google/Facebook) authentication
 """
+from pydantic import BaseModel, EmailStr, Field
+from typing import Optional, Literal
 from datetime import datetime
 import uuid
 class UserCreate(UserBase):
     password: str
+    software_background: Optional[str] = None
+    hardware_background: Optional[str] = None
+    experience_level: Optional[str] = "Intermediate"
     class Config:
         from_attributes = True
 class UserUpdate(BaseModel):
     full_name: Optional[str] = None
     email: Optional[EmailStr] = None
+    software_background: Optional[str] = None
+    hardware_background: Optional[str] = None
+    experience_level: Optional[str] = None
+    class Config:
+        from_attributes = True
+class UserProfile(BaseModel):
+    """User profile response"""
+    id: uuid.UUID
+    email: EmailStr
+    full_name: Optional[str] = None
+    software_background: Optional[str] = None
+    hardware_background: Optional[str] = None
+    experience_level: Optional[str] = None
+    oauth_provider: Optional[str] = None
+    profile_picture: Optional[str] = None
+    is_active: bool
+    created_at: datetime
+    updated_at: Optional[datetime] = None
     class Config:
         from_attributes = True
 class UserInDB(UserBase):
     id: uuid.UUID
     is_active: bool
+    software_background: Optional[str] = None
+    hardware_background: Optional[str] = None
+    experience_level: Optional[str] = None
+    oauth_provider: Optional[str] = None
     created_at: datetime
     updated_at: Optional[datetime] = None
 class Token(BaseModel):
     access_token: str
     token_type: str = "bearer"
+    expires_in: Optional[int] = 3600
+    email: Optional[str] = None  # Include email in response
 class TokenData(BaseModel):
     user_id: Optional[str] = None
+    username: Optional[str] = None
+# OAuth Schemas
+class OAuthRequest(BaseModel):
+    """OAuth login/signup request"""
+    provider: Literal["google", "facebook"]
+    access_token: str  # Token from OAuth provider
+class OAuthUserInfo(BaseModel):
+    """User info from OAuth provider"""
+    email: EmailStr
+    name: Optional[str] = None
+    picture: Optional[str] = None
+    provider_id: str
+    provider: str
+class GoogleTokenInfo(BaseModel):
+    """Google token info response"""
+    email: EmailStr
+    email_verified: Optional[bool] = None
+    name: Optional[str] = None
+    picture: Optional[str] = None
+    sub: str  # Google user ID
+class FacebookUserInfo(BaseModel):
+    """Facebook user info response"""
+    id: str
+    email: Optional[EmailStr] = None
+    name: Optional[str] = None
+    picture: Optional[dict] = None

src/config/settings.py CHANGED Viewed

@@ -22,6 +22,12 @@ class Settings(BaseSettings):
     jwt_algorithm: str = "HS256"
     jwt_expires_in: int = 3600  # 1 hour default
     # Application settings
     debug: bool = False
     log_level: str = "info"

     jwt_algorithm: str = "HS256"
     jwt_expires_in: int = 3600  # 1 hour default
+    # OAuth settings (optional - for Google/Facebook login)
+    google_client_id: Optional[str] = None
+    google_client_secret: Optional[str] = None
+    facebook_app_id: Optional[str] = None
+    facebook_app_secret: Optional[str] = None
     # Application settings
     debug: bool = False
     log_level: str = "info"

src/db/crud.py CHANGED Viewed

@@ -18,18 +18,35 @@ logger = logging.getLogger(__name__)
 # User CRUD Operations
-async def create_user(db: AsyncSession, email: str, hashed_password: str, full_name: Optional[str] = None) -> User:
-    """Create a new user"""
     try:
         db_user = User(
             email=email,
             hashed_password=hashed_password,
-            full_name=full_name
         )
         db.add(db_user)
         await db.commit()
         await db.refresh(db_user)
-        logger.info(f"User created with email: {email}")
         return db_user
     except IntegrityError:
         await db.rollback()
@@ -44,6 +61,22 @@ async def create_user(db: AsyncSession, email: str, hashed_password: str, full_n
         raise
 async def get_user_by_id(db: AsyncSession, user_id: UUID) -> Optional[User]:
     """Get a user by ID"""
     try:

 # User CRUD Operations
+async def create_user(
+    db: AsyncSession,
+    email: str,
+    hashed_password: Optional[str] = None,
+    full_name: Optional[str] = None,
+    software_background: Optional[str] = None,
+    hardware_background: Optional[str] = None,
+    experience_level: Optional[str] = "Intermediate",
+    oauth_provider: Optional[str] = None,
+    oauth_id: Optional[str] = None,
+    profile_picture: Optional[str] = None
+) -> User:
+    """Create a new user (supports both email/password and OAuth)"""
     try:
         db_user = User(
             email=email,
             hashed_password=hashed_password,
+            full_name=full_name,
+            software_background=software_background,
+            hardware_background=hardware_background,
+            experience_level=experience_level,
+            oauth_provider=oauth_provider,
+            oauth_id=oauth_id,
+            profile_picture=profile_picture
         )
         db.add(db_user)
         await db.commit()
         await db.refresh(db_user)
+        logger.info(f"User created with email: {email}, oauth_provider: {oauth_provider}")
         return db_user
     except IntegrityError:
         await db.rollback()
         raise
+async def get_user_by_oauth(db: AsyncSession, oauth_provider: str, oauth_id: str) -> Optional[User]:
+    """Get a user by OAuth provider and ID"""
+    try:
+        result = await db.execute(
+            select(User).filter(
+                User.oauth_provider == oauth_provider,
+                User.oauth_id == oauth_id
+            )
+        )
+        user = result.scalar_one_or_none()
+        return user
+    except Exception as e:
+        logger.error(f"Error getting user by OAuth: {e}")
+        raise
 async def get_user_by_id(db: AsyncSession, user_id: UUID) -> Optional[User]:
     """Get a user by ID"""
     try:

src/db/models/user.py CHANGED Viewed

@@ -1,10 +1,12 @@
 """
 User model for the AI Backend with RAG + Authentication
 """
-from sqlalchemy import Column, String, Boolean, Text, Index
 from sqlalchemy.dialects.postgresql import UUID
 from sqlalchemy.orm import relationship
 from uuid import uuid4
 from ...db.base import Base
@@ -13,16 +15,31 @@ class User(Base):
     id = Column(UUID(as_uuid=True), primary_key=True, default=uuid4, unique=True, nullable=False)
     email = Column(String(255), unique=True, nullable=False, index=True)
-    hashed_password = Column(Text, nullable=False)
     full_name = Column(String(255), nullable=True)
     is_active = Column(Boolean, default=True, nullable=False)
     # Relationships
     chat_histories = relationship("ChatHistory", back_populates="user", cascade="all, delete-orphan")
     documents = relationship("Document", back_populates="user", cascade="all, delete-orphan")
     def __repr__(self):
-        return f"<User(id={self.id}, email='{self.email}', full_name='{self.full_name}')>"
 # Create indexes
-Index('idx_user_email', User.email)

 """
 User model for the AI Backend with RAG + Authentication
+Supports email/password and OAuth (Google/Facebook) authentication
 """
+from sqlalchemy import Column, String, Boolean, Text, Index, DateTime
 from sqlalchemy.dialects.postgresql import UUID
 from sqlalchemy.orm import relationship
 from uuid import uuid4
+from datetime import datetime
 from ...db.base import Base
     id = Column(UUID(as_uuid=True), primary_key=True, default=uuid4, unique=True, nullable=False)
     email = Column(String(255), unique=True, nullable=False, index=True)
+    hashed_password = Column(Text, nullable=True)  # Nullable for OAuth users
     full_name = Column(String(255), nullable=True)
     is_active = Column(Boolean, default=True, nullable=False)
+    # Profile fields for personalization
+    software_background = Column(Text, nullable=True)
+    hardware_background = Column(Text, nullable=True)
+    experience_level = Column(String(50), nullable=True, default="Intermediate")
+    # OAuth fields
+    oauth_provider = Column(String(50), nullable=True)  # 'google', 'facebook', or None
+    oauth_id = Column(String(255), nullable=True)  # Provider's user ID
+    profile_picture = Column(String(500), nullable=True)  # Profile picture URL from OAuth
+    # Timestamps
+    created_at = Column(DateTime, default=datetime.utcnow, nullable=False)
+    updated_at = Column(DateTime, default=datetime.utcnow, onupdate=datetime.utcnow, nullable=False)
     # Relationships
     chat_histories = relationship("ChatHistory", back_populates="user", cascade="all, delete-orphan")
     documents = relationship("Document", back_populates="user", cascade="all, delete-orphan")
     def __repr__(self):
+        return f"<User(id={self.id}, email='{self.email}', full_name='{self.full_name}', oauth_provider='{self.oauth_provider}')>"
 # Create indexes
+Index('idx_user_email', User.email)
+Index('idx_user_oauth', User.oauth_provider, User.oauth_id)

src/routes/auth.py CHANGED Viewed

@@ -1,6 +1,6 @@
 """
 Authentication API routes for the AI Backend with RAG + Authentication
-Implements signup, login, and user profile endpoints
 """
 from fastapi import APIRouter, HTTPException, status, Depends
 from fastapi.security import HTTPBearer
@@ -8,9 +8,13 @@ import logging
 from typing import Optional
 from uuid import UUID
 import re
 from ..auth.auth import AuthHandler
-from ..models.auth import UserCreate, UserLogin, Token
 from ..config.settings import settings
 from ..config.database import get_db_session
 from ..db import crud
@@ -30,7 +34,7 @@ async def signup(
     db: AsyncSession = Depends(get_db_session)
 ):
     """
-    Register a new user
     """
     try:
         # Validate email format
@@ -49,13 +53,16 @@ async def signup(
                 detail="User with this email already exists"
             )
-        # Create new user with hashed password
         hashed_password = auth_handler.get_password_hash(user_data.password)
         db_user = await crud.create_user(
             db,
             email=user_data.email,
             hashed_password=hashed_password,
-            full_name=user_data.full_name
         )
         # Create access token
@@ -65,7 +72,9 @@ async def signup(
         return {
             "access_token": access_token,
-            "token_type": "bearer"
         }
     except HTTPException:
         raise
@@ -89,7 +98,22 @@ async def login(
         # Find user by email
         user = await crud.get_user_by_email(db, user_credentials.email)
-        if not user or not auth_handler.verify_password(user_credentials.password, user.hashed_password):
             raise HTTPException(
                 status_code=status.HTTP_401_UNAUTHORIZED,
                 detail="Incorrect email or password",
@@ -110,7 +134,9 @@ async def login(
         return {
             "access_token": access_token,
-            "token_type": "bearer"
         }
     except HTTPException:
         raise
@@ -122,7 +148,163 @@ async def login(
         )
-@router.get("/me")
 async def get_current_user(
     current_user_id: str = Depends(auth_handler.get_current_user),
     db: AsyncSession = Depends(get_db_session)
@@ -139,13 +321,19 @@ async def get_current_user(
                 detail="User not found"
             )
-        return {
-            "id": str(user.id),
-            "email": user.email,
-            "full_name": user.full_name,
-            "is_active": user.is_active,
-            "created_at": user.created_at
-        }
     except HTTPException:
         raise
     except Exception as e:
@@ -153,4 +341,75 @@ async def get_current_user(
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
             detail="An error occurred while retrieving user profile"
-        )

 """
 Authentication API routes for the AI Backend with RAG + Authentication
+Implements signup, login, OAuth (Google/Facebook), and user profile endpoints
 """
 from fastapi import APIRouter, HTTPException, status, Depends
 from fastapi.security import HTTPBearer
 from typing import Optional
 from uuid import UUID
 import re
+import httpx
 from ..auth.auth import AuthHandler
+from ..auth.schemas import (
+    UserCreate, UserLogin, Token, UserProfile, UserUpdate,
+    OAuthRequest, GoogleTokenInfo, FacebookUserInfo
+)
 from ..config.settings import settings
 from ..config.database import get_db_session
 from ..db import crud
     db: AsyncSession = Depends(get_db_session)
 ):
     """
+    Register a new user with email and password
     """
     try:
         # Validate email format
                 detail="User with this email already exists"
             )
+        # Create new user with hashed password and profile data
         hashed_password = auth_handler.get_password_hash(user_data.password)
         db_user = await crud.create_user(
             db,
             email=user_data.email,
             hashed_password=hashed_password,
+            full_name=user_data.full_name,
+            software_background=user_data.software_background,
+            hardware_background=user_data.hardware_background,
+            experience_level=user_data.experience_level or "Intermediate"
         )
         # Create access token
         return {
             "access_token": access_token,
+            "token_type": "bearer",
+            "expires_in": settings.jwt_expires_in,
+            "email": db_user.email
         }
     except HTTPException:
         raise
         # Find user by email
         user = await crud.get_user_by_email(db, user_credentials.email)
+        if not user:
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Incorrect email or password",
+                headers={"WWW-Authenticate": "Bearer"},
+            )
+        # Check if user is OAuth-only (no password)
+        if user.oauth_provider and not user.hashed_password:
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail=f"This account uses {user.oauth_provider} login. Please use the {user.oauth_provider} button to sign in.",
+                headers={"WWW-Authenticate": "Bearer"},
+            )
+        if not auth_handler.verify_password(user_credentials.password, user.hashed_password):
             raise HTTPException(
                 status_code=status.HTTP_401_UNAUTHORIZED,
                 detail="Incorrect email or password",
         return {
             "access_token": access_token,
+            "token_type": "bearer",
+            "expires_in": settings.jwt_expires_in,
+            "email": user.email
         }
     except HTTPException:
         raise
         )
+@router.post("/oauth", response_model=Token)
+async def oauth_login(
+    oauth_data: OAuthRequest,
+    db: AsyncSession = Depends(get_db_session)
+):
+    """
+    Authenticate or register user via OAuth (Google or Facebook)
+    """
+    try:
+        user_info = None
+        if oauth_data.provider == "google":
+            user_info = await verify_google_token(oauth_data.access_token)
+        elif oauth_data.provider == "facebook":
+            user_info = await verify_facebook_token(oauth_data.access_token)
+        else:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Unsupported OAuth provider"
+            )
+        if not user_info or not user_info.get("email"):
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Could not verify OAuth token or get user email"
+            )
+        # Check if user exists by OAuth ID
+        existing_user = await crud.get_user_by_oauth(
+            db, oauth_data.provider, user_info["provider_id"]
+        )
+        if existing_user:
+            # User exists, log them in
+            access_token = auth_handler.create_access_token(str(existing_user.id))
+            logger.info(f"OAuth user logged in: {existing_user.email}")
+            return {
+                "access_token": access_token,
+                "token_type": "bearer",
+                "expires_in": settings.jwt_expires_in,
+                "email": existing_user.email
+            }
+        # Check if user exists by email (might have signed up with password)
+        existing_email_user = await crud.get_user_by_email(db, user_info["email"])
+        if existing_email_user:
+            # Link OAuth to existing account
+            await crud.update_user(
+                db,
+                existing_email_user.id,
+                oauth_provider=oauth_data.provider,
+                oauth_id=user_info["provider_id"],
+                profile_picture=user_info.get("picture")
+            )
+            access_token = auth_handler.create_access_token(str(existing_email_user.id))
+            logger.info(f"Linked OAuth to existing user: {existing_email_user.email}")
+            return {
+                "access_token": access_token,
+                "token_type": "bearer",
+                "expires_in": settings.jwt_expires_in,
+                "email": existing_email_user.email
+            }
+        # Create new OAuth user
+        new_user = await crud.create_user(
+            db,
+            email=user_info["email"],
+            hashed_password=None,  # OAuth users don't have passwords
+            full_name=user_info.get("name"),
+            oauth_provider=oauth_data.provider,
+            oauth_id=user_info["provider_id"],
+            profile_picture=user_info.get("picture")
+        )
+        access_token = auth_handler.create_access_token(str(new_user.id))
+        logger.info(f"New OAuth user registered: {new_user.email}")
+        return {
+            "access_token": access_token,
+            "token_type": "bearer",
+            "expires_in": settings.jwt_expires_in,
+            "email": new_user.email
+        }
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Error during OAuth login: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="An error occurred during OAuth authentication"
+        )
+async def verify_google_token(access_token: str) -> dict:
+    """Verify Google OAuth token and get user info"""
+    try:
+        async with httpx.AsyncClient() as client:
+            # Get user info from Google
+            response = await client.get(
+                "https://www.googleapis.com/oauth2/v3/userinfo",
+                headers={"Authorization": f"Bearer {access_token}"}
+            )
+            if response.status_code != 200:
+                logger.error(f"Google token verification failed: {response.text}")
+                return None
+            data = response.json()
+            return {
+                "email": data.get("email"),
+                "name": data.get("name"),
+                "picture": data.get("picture"),
+                "provider_id": data.get("sub"),
+                "provider": "google"
+            }
+    except Exception as e:
+        logger.error(f"Error verifying Google token: {e}")
+        return None
+async def verify_facebook_token(access_token: str) -> dict:
+    """Verify Facebook OAuth token and get user info"""
+    try:
+        async with httpx.AsyncClient() as client:
+            # Get user info from Facebook
+            response = await client.get(
+                "https://graph.facebook.com/me",
+                params={
+                    "fields": "id,name,email,picture.type(large)",
+                    "access_token": access_token
+                }
+            )
+            if response.status_code != 200:
+                logger.error(f"Facebook token verification failed: {response.text}")
+                return None
+            data = response.json()
+            picture_url = None
+            if data.get("picture") and data["picture"].get("data"):
+                picture_url = data["picture"]["data"].get("url")
+            return {
+                "email": data.get("email"),
+                "name": data.get("name"),
+                "picture": picture_url,
+                "provider_id": data.get("id"),
+                "provider": "facebook"
+            }
+    except Exception as e:
+        logger.error(f"Error verifying Facebook token: {e}")
+        return None
+@router.get("/me", response_model=UserProfile)
 async def get_current_user(
     current_user_id: str = Depends(auth_handler.get_current_user),
     db: AsyncSession = Depends(get_db_session)
                 detail="User not found"
             )
+        return UserProfile(
+            id=user.id,
+            email=user.email,
+            full_name=user.full_name,
+            software_background=user.software_background,
+            hardware_background=user.hardware_background,
+            experience_level=user.experience_level,
+            oauth_provider=user.oauth_provider,
+            profile_picture=user.profile_picture,
+            is_active=user.is_active,
+            created_at=user.created_at,
+            updated_at=user.updated_at
+        )
     except HTTPException:
         raise
     except Exception as e:
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
             detail="An error occurred while retrieving user profile"
+        )
+@router.get("/profile", response_model=UserProfile)
+async def get_profile(
+    current_user_id: str = Depends(auth_handler.get_current_user),
+    db: AsyncSession = Depends(get_db_session)
+):
+    """
+    Get current user profile (alias for /me)
+    """
+    return await get_current_user(current_user_id, db)
+@router.put("/profile", response_model=UserProfile)
+async def update_profile(
+    profile_data: UserUpdate,
+    current_user_id: str = Depends(auth_handler.get_current_user),
+    db: AsyncSession = Depends(get_db_session)
+):
+    """
+    Update current user profile
+    """
+    try:
+        # Build update dict with only provided fields
+        update_data = {}
+        if profile_data.full_name is not None:
+            update_data["full_name"] = profile_data.full_name
+        if profile_data.software_background is not None:
+            update_data["software_background"] = profile_data.software_background
+        if profile_data.hardware_background is not None:
+            update_data["hardware_background"] = profile_data.hardware_background
+        if profile_data.experience_level is not None:
+            update_data["experience_level"] = profile_data.experience_level
+        if not update_data:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="No fields to update"
+            )
+        updated_user = await crud.update_user(db, UUID(current_user_id), **update_data)
+        if not updated_user:
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail="User not found"
+            )
+        logger.info(f"User profile updated: {updated_user.email}")
+        return UserProfile(
+            id=updated_user.id,
+            email=updated_user.email,
+            full_name=updated_user.full_name,
+            software_background=updated_user.software_background,
+            hardware_background=updated_user.hardware_background,
+            experience_level=updated_user.experience_level,
+            oauth_provider=updated_user.oauth_provider,
+            profile_picture=updated_user.profile_picture,
+            is_active=updated_user.is_active,
+            created_at=updated_user.created_at,
+            updated_at=updated_user.updated_at
+        )
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Error updating user profile: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="An error occurred while updating user profile"
+        )