Fix session persistence and add detailed debugging

- Enhance session save/verification in OAuth callback
- Add comprehensive session debugging in auth middleware
- Create debug endpoint to inspect session state
- Improve error handling for session access failures
- Add auth_method field to user data for better tracking

backend/middleware/auth.py

@@ -125,9 +125,13 @@ class ConditionalAuthMiddleware(BaseHTTPMiddleware):
         user = None
         try:
             user = request.session.get("user")
-        except (AttributeError, AssertionError):
+            if user:
+                logger.info(f"🔓 Found authenticated user in session: {user.get('username', 'unknown')}")
+            else:
+                logger.debug(f"🔍 No user found in session for {request.url.path}")
+        except (AttributeError, AssertionError) as e:
             # Session middleware not available or not configured
-            logger.debug("Session not available for authentication check")
+            logger.error(f"Session access failed: {e}")
             user = None
         
         # In HF Spaces, check for __sign parameter which indicates HF has pre-authenticated the user

backend/routers/auth.py

@@ -179,15 +179,31 @@ async def oauth_callback(request: Request, code: str, state: str):
         raise HTTPException(status_code=400, detail="Failed to fetch user information")
     
     # Store user in session
-    request.session["user"] = {
+    user_data = {
         "id": user_info.get("id"),
         "name": user_info.get("name"),
         "username": user_info.get("login"),  # HF username
         "email": user_info.get("email"),
         "avatar_url": user_info.get("avatarUrl"),
         "access_token": access_token,  # Store for future API calls if needed
+        "auth_method": "oauth"
     }
     
+    try:
+        request.session["user"] = user_data
+        logger.info(f"💾 User data saved to session: {user_data['username']}")
+        
+        # Verify session was saved
+        stored_user = request.session.get("user")
+        if stored_user:
+            logger.info(f"✅ Session verification successful: {stored_user['username']}")
+        else:
+            logger.error("❌ Session verification failed - user not found after saving")
+            
+    except Exception as e:
+        logger.error(f"❌ Failed to save user to session: {e}")
+        raise HTTPException(status_code=500, detail="Session save failed")
+    
     # Clean up state
     request.session.pop("oauth_state", None)
     
@@ -303,3 +319,24 @@ async def login_page(request: Request):
     """
     
     return HTMLResponse(content=html_content)
+
+
+@router.get("/debug")
+async def debug_session(request: Request):
+    """Debug endpoint to check session state."""
+    try:
+        session_data = dict(request.session) if hasattr(request, 'session') else {}
+        user = request.session.get("user") if hasattr(request, 'session') else None
+        
+        return {
+            "session_available": hasattr(request, 'session'),
+            "session_data_keys": list(session_data.keys()),
+            "user_in_session": bool(user),
+            "user_info": {
+                "username": user.get("username") if user else None,
+                "auth_method": user.get("auth_method") if user else None
+            } if user else None,
+            "request_state_user": bool(getattr(request.state, "user", None)),
+        }
+    except Exception as e:
+        return {"error": str(e), "session_available": False}