Update app.py

app.py

@@ -1,15 +1,234 @@
-# app.py
+# app.py - COMPLETE Google OAuth Version
 import streamlit as st
-import os
+import requests
+import json
+import hashlib
+import hmac
+import secrets
+from datetime import datetime, timedelta
+import urllib.parse
 
-def main():
+# ============================================
+# SECURITY MODULES
+# ============================================
+
+class GoogleAuth:
+    def __init__(self):
+        # Load from secrets
+        self.client_id = st.secrets["google"]["client_id"]
+        self.client_secret = st.secrets["google"]["client_secret"]
+        self.redirect_uri = "https://refat81-social-media-data-extractor-chatbot.hf.space/oauth_callback"
+        
+        # Google OAuth endpoints
+        self.auth_url = "https://accounts.google.com/o/oauth2/v2/auth"
+        self.token_url = "https://oauth2.googleapis.com/token"
+        self.userinfo_url = "https://www.googleapis.com/oauth2/v3/userinfo"
+    
+    def get_login_url(self):
+        """Generate Google login URL"""
+        params = {
+            "client_id": self.client_id,
+            "redirect_uri": self.redirect_uri,
+            "response_type": "code",
+            "scope": "openid email profile",
+            "access_type": "offline",
+            "prompt": "consent",
+            "state": secrets.token_urlsafe(16)
+        }
+        
+        url = f"{self.auth_url}?{urllib.parse.urlencode(params)}"
+        return url
+
+class SessionManager:
+    def __init__(self):
+        self.secret_key = st.secrets["session"]["secret_key"]
+    
+    def create_session(self, user_info):
+        """Create secure session"""
+        session_data = {
+            "session_id": secrets.token_urlsafe(32),
+            "user_id": user_info.get("sub"),
+            "email": user_info.get("email"),
+            "name": user_info.get("name", "User"),
+            "picture": user_info.get("picture", ""),
+            "created_at": datetime.now().isoformat(),
+            "expires_at": (datetime.now() + timedelta(hours=2)).isoformat(),
+            "last_activity": datetime.now().isoformat()
+        }
+        
+        # Add role (admin if email in admin list)
+        admin_emails = st.secrets.get("admin_users", {}).get("users", [])
+        session_data["role"] = "admin" if session_data["email"] in admin_emails else "user"
+        
+        # Sign the session
+        session_data["signature"] = self._sign_session(session_data)
+        return session_data
+    
+    def _sign_session(self, session_data):
+        """Create HMAC signature"""
+        data_str = json.dumps(session_data, sort_keys=True)
+        return hmac.new(
+            self.secret_key.encode(),
+            data_str.encode(),
+            hashlib.sha256
+        ).hexdigest()
+    
+    def verify_session(self, session_data):
+        """Verify session is valid"""
+        if not session_data:
+            return False
+        
+        # Check expiration
+        expires_at = datetime.fromisoformat(session_data.get("expires_at", "2000-01-01"))
+        if datetime.now() > expires_at:
+            return False
+        
+        # Verify signature
+        signature = session_data.pop("signature", None)
+        expected_signature = self._sign_session(session_data)
+        session_data["signature"] = signature
+        
+        return hmac.compare_digest(signature, expected_signature)
+    
+    def update_activity(self, session_data):
+        """Update last activity time"""
+        session_data["last_activity"] = datetime.now().isoformat()
+        session_data["signature"] = self._sign_session(session_data)
+
+# ============================================
+# PAGE FUNCTIONS
+# ============================================
+
+def handle_oauth_callback():
+    """Handle OAuth callback"""
+    query_params = st.query_params
+    
+    if "code" in query_params:
+        code = query_params["code"]
+        
+        with st.spinner("🔐 Authenticating..."):
+            # Exchange code for tokens
+            auth = GoogleAuth()
+            token_url = "https://oauth2.googleapis.com/token"
+            data = {
+                "client_id": auth.client_id,
+                "client_secret": auth.client_secret,
+                "code": code,
+                "redirect_uri": auth.redirect_uri,
+                "grant_type": "authorization_code"
+            }
+            
+            response = requests.post(token_url, data=data)
+            tokens = response.json()
+            
+            if "access_token" in tokens:
+                # Get user info
+                headers = {"Authorization": f"Bearer {tokens['access_token']}"}
+                user_response = requests.get(auth.userinfo_url, headers=headers)
+                user_info = user_response.json()
+                
+                # Create session
+                session_mgr = SessionManager()
+                session_data = session_mgr.create_session(user_info)
+                st.session_state.session = session_data
+                st.session_state.authenticated = True
+                
+                # Clear URL parameters
+                st.query_params.clear()
+                st.rerun()
+            else:
+                st.error("❌ Authentication failed")
+
+def is_authenticated():
+    """Check if user is authenticated"""
+    if "session" not in st.session_state:
+        return False
+    
+    session_mgr = SessionManager()
+    return session_mgr.verify_session(st.session_state.session)
+
+def login_page():
+    """Display login page"""
+    st.set_page_config(page_title="Login", page_icon="🔒", layout="centered")
+    
+    # Center content
+    col1, col2, col3 = st.columns([1, 2, 1])
+    
+    with col2:
+        st.image("https://cdn-icons-png.flaticon.com/512/2991/2991148.png", width=100)
+        st.title("🔐 Social Media Data Extractor")
+        st.markdown("---")
+        st.markdown("### Welcome! Please login to continue")
+        
+        # Google Login Button
+        auth = GoogleAuth()
+        login_url = auth.get_login_url()
+        
+        st.markdown(f"""
+        <a href="{login_url}" style="text-decoration: none;">
+            <div style="
+                background-color: #4285F4;
+                color: white;
+                padding: 12px 24px;
+                border-radius: 4px;
+                border: none;
+                cursor: pointer;
+                font-size: 16px;
+                font-weight: 500;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+                gap: 10px;
+                margin: 20px 0;
+            ">
+                <img src="https://cdn-icons-png.flaticon.com/512/2991/2991148.png" width="20" height="20">
+                Sign in with Google
+            </div>
+        </a>
+        """, unsafe_allow_html=True)
+        
+        st.markdown("---")
+        st.info("""
+        **Why login is required:**
+        - Securely store your extracted data
+        - Prevent unauthorized access  
+        - Track your usage history
+        - Personalized experience
+        """)
+
+def main_app():
+    """Main app after authentication"""
     st.set_page_config(
         page_title="Social Media Data Extractor",
         page_icon="🔍",
-        layout="wide",
-        initial_sidebar_state="expanded"
+        layout="wide"
     )
     
+    # Update session activity
+    session_mgr = SessionManager()
+    session_mgr.update_activity(st.session_state.session)
+    
+    user = st.session_state.session
+    
+    # Sidebar with user info
+    with st.sidebar:
+        if user.get("picture"):
+            st.image(user["picture"], width=80)
+        else:
+            st.image("https://cdn-icons-png.flaticon.com/512/149/149071.png", width=80)
+        
+        st.write(f"**👤 {user['name']}**")
+        st.write(f"📧 {user['email']}")
+        st.write(f"🎭 Role: {user['role']}")
+        
+        st.markdown("---")
+        
+        if st.button("🚪 Logout", use_container_width=True):
+            for key in list(st.session_state.keys()):
+                del st.session_state[key]
+            st.rerun()
+    
+    # Main content - YOUR ORIGINAL DASHBOARD
     st.markdown("""
     <style>
         .stApp { background-color: #0e1117; color: white; }
@@ -24,10 +243,10 @@ def main():
     """, unsafe_allow_html=True)
     
     # Header
-    st.markdown("""
+    st.markdown(f"""
     <div class="main-header">
         <h1 style="margin:0;">🔍 Social Media Data Extractor</h1>
-        <p style="margin:0; opacity: 0.9;">100% Free - No Local Setup Required</p>
+        <p style="margin:0; opacity: 0.9;">Welcome back, {user['name']}! 👋</p>
     </div>
     """, unsafe_allow_html=True)
 
@@ -89,14 +308,32 @@ def main():
 
     # Instructions
     with st.expander("📋 How to Use", expanded=True):
-        st.markdown("""
+        st.markdown(f"""
         1. **Click any extractor to launch**
         2. **For LinkedIn:** Enter any LinkedIn URL
         3. **For Facebook:** Public data extraction available
         4. **AI Analysis:** Chat with extracted data
         
         **Note:** All extractors are 100% free and require no local setup.
+        
+        **Logged in as:** {user['email']}
+        **Session expires:** {datetime.fromisoformat(user['expires_at']).strftime('%I:%M %p')}
         """)
 
+# ============================================
+# MAIN APP ROUTING
+# ============================================
+
+def main():
+    """Main routing function"""
+    # Handle OAuth callback if coming from Google
+    handle_oauth_callback()
+    
+    # Check authentication
+    if not is_authenticated():
+        login_page()
+    else:
+        main_app()
+
 if __name__ == "__main__":
     main()