feat: integrate backend

Author: VictoriaTskhondia

backend/pyproject.toml

@@ -17,6 +17,7 @@ dependencies = [
     "fastapi-pagination>=0.12.34",
     "bcrypt==4.0.1",
     "google-genai>=1.5.0",
+    "starlette (>=0.46.2,<0.47.0)",
 ]
 
 [tool.uv]

backend/src/alembic/versions/1425c896d3ef_add_auth0_id_field_to_users_table.py

@@ -0,0 +1,37 @@
+"""Add auth0_id field to Users table
+
+Revision ID: 1425c896d3ef
+Revises: cb16ae472c1e
+Create Date: 2025-05-10 00:12:00.358973
+
+"""
+from alembic import op
+import sqlalchemy as sa
+import sqlmodel.sql.sqltypes
+
+
+# revision identifiers, used by Alembic.
+revision = '1425c896d3ef'
+down_revision = 'cb16ae472c1e'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.alter_column('user', 'hashed_password',
+               existing_type=sa.VARCHAR(),
+               nullable=True)
+    op.drop_index('ix_user_auth0_id', table_name='user')
+    op.create_index(op.f('ix_user_auth0_id'), 'user', ['auth0_id'], unique=False)
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_index(op.f('ix_user_auth0_id'), table_name='user')
+    op.create_index('ix_user_auth0_id', 'user', ['auth0_id'], unique=True)
+    op.alter_column('user', 'hashed_password',
+               existing_type=sa.VARCHAR(),
+               nullable=False)
+    # ### end Alembic commands ###

backend/src/auth/auth0_api.py

@@ -0,0 +1,58 @@
+from fastapi import APIRouter, Request
+from fastapi.responses import RedirectResponse
+from authlib.integrations.starlette_client import OAuth
+from src.core.config import settings
+
+router = APIRouter(tags=["auth"])
+
+oauth = OAuth()
+oauth.register(
+    name="auth0",
+    client_id=settings.AUTH0_CLIENT_ID,
+    client_secret=settings.AUTH0_CLIENT_SECRET,
+    server_metadata_url=f"https://{settings.AUTH0_DOMAIN}/.well-known/openid-configuration",
+    client_kwargs={"scope": "openid profile email"},
+)
+
+
+@router.get("/login")
+async def login(request: Request):
+    redirect_uri = request.url_for("auth0_callback")
+    return await oauth.auth0.authorize_redirect(
+        request,
+        redirect_uri,
+        prompt="select_account",
+        connection="google-oauth2"
+    )
+
+
+@router.get("/callback", name="auth0_callback")
+async def auth0_callback(request: Request):
+    token = await oauth.auth0.authorize_access_token(request)
+
+    user = token.get("userinfo") or await oauth.auth0.userinfo(token=token)
+
+    request.session["user"] = {
+        "email": user["email"],
+        "name": user.get("name"),
+        "picture": user.get("picture"),
+        "sub": user.get("sub"),
+    }
+
+    return RedirectResponse(url="http://localhost:5173/collections")
+
+
+@router.get("/logout")
+async def logout(request: Request):
+    request.session.clear()
+    return RedirectResponse(
+        url=f"https://{settings.AUTH0_DOMAIN}/v2/logout"
+            f"?client_id={settings.AUTH0_CLIENT_ID}"
+            f"&returnTo=http://localhost:5173"
+    )
+
+
+@router.get("/me")
+async def me(request: Request):
+    user = request.session.get("user")
+    return {"authenticated": bool(user), "user": user}

backend/src/auth/services.py

@@ -2,17 +2,18 @@
 from typing import Annotated, Any
 
 import jwt
-from fastapi import Depends, HTTPException, status
+from fastapi import Depends, HTTPException, status, Request
 from fastapi.security import OAuth2PasswordBearer
 from jwt.exceptions import InvalidTokenError
 from passlib.context import CryptContext
 from pydantic import ValidationError
-from sqlmodel import Session
+from sqlmodel import Session, select
 
 from src.auth.schemas import TokenPayload
 from src.core.config import settings
 from src.core.db import get_db
 from src.users.models import User
+from src.users.schemas import UserPublic
 
 ALGORITHM = "HS256"
 
@@ -23,21 +24,50 @@
 TokenDep = Annotated[str, Depends(reusable_oauth2)]
 
 
-def get_current_user(session: SessionDep, token: TokenDep) -> User:
+def get_user_from_session(request: Request, session: SessionDep) -> User:
+    session_user = request.session.get("user")
+    if not session_user:
+        raise HTTPException(status_code=401, detail="Not authenticated (no session)")
+
+    user = session.exec(select(User).where(User.email == session_user["email"])).first()
+    if not user or not user.is_active:
+        raise HTTPException(status_code=401, detail="Invalid session user")
+    return UserPublic.model_validate(user)
+
+
+def get_user_from_token(
+    session: SessionDep,
+    token: Annotated[str, Depends(reusable_oauth2)],
+) -> User:
     try:
         payload = jwt.decode(token, settings.SECRET_KEY, algorithms=[ALGORITHM])
         token_data = TokenPayload(**payload)
+        user = session.get(User, token_data.sub)
+        if not user or not user.is_active:
+            raise HTTPException(status_code=401, detail="Invalid user")
+        return user
     except (InvalidTokenError, ValidationError):
-        raise HTTPException(
-            status_code=status.HTTP_403_FORBIDDEN,
-            detail="Could not validate credentials",
-        )
-    user = session.get(User, token_data.sub)
-    if not user:
-        raise HTTPException(status_code=404, detail="User not found")
-    if not user.is_active:
-        raise HTTPException(status_code=400, detail="Inactive user")
-    return user
+        raise HTTPException(status_code=403, detail="Invalid token")
+
+
+def get_current_user(
+    request: Request,
+    session: SessionDep,
+    token: Annotated[str | None, Depends(OAuth2PasswordBearer(tokenUrl=f"{settings.API_V1_STR}/tokens", auto_error=False))] = None,
+) -> User:
+    print("in get current user")
+    # Prefer session (Auth0 flow)
+    session_user = request.session.get("user")
+    if session_user:
+        print("Session user found:", session_user["email"])
+        res = get_user_from_session(request, session)
+        print("User from session:", res)
+        return res
+    # Fallback to token (JWT flow)
+    if token:
+        return get_user_from_token(session, token)
+    
+    raise HTTPException(status_code=401, detail="Not authenticated")
 
 
 CurrentUser = Annotated[User, Depends(get_current_user)]
@@ -53,8 +83,15 @@ def authenticate(*, session: Session, email: str, password: str) -> User | None:
     db_user = get_user_by_email(session=session, email=email)
     if not db_user:
         return None
+        
+    # Auth0 users may not have a password
+    if not db_user.hashed_password:
+        # Return None for users without a password when using password authentication
+        return None
+        
     if not verify_password(password, db_user.hashed_password):
         return None
+        
     return db_user
 
 
@@ -67,3 +104,15 @@ def create_access_token(subject: str | Any, expires_delta: timedelta) -> str:
 
 def get_password_hash(password: str) -> str:
     return pwd_context.hash(password)
+
+
+def get_or_create_user_by_email(session: Session, email: str, defaults: dict = {}) -> User:
+    user = session.exec(select(User).where(User.email == email)).first()
+    if user:
+        return user
+    user = User(email=email, **defaults)
+    session.add(user)
+    session.commit()
+    session.refresh(user)
+    return user
+

backend/src/core/config.py

@@ -46,6 +46,10 @@ class Settings(BaseSettings):
     POSTGRES_PASSWORD: str
     POSTGRES_DB: str = ""
 
+    AUTH0_CLIENT_ID: str
+    AUTH0_CLIENT_SECRET: str
+    AUTH0_DOMAIN: str
+
     @computed_field  # type: ignore[misc]
     @property
     def SQLALCHEMY_DATABASE_URI(self) -> PostgresDsn:

backend/src/main.py

@@ -2,6 +2,7 @@
 from fastapi.routing import APIRoute
 from fastapi_pagination import add_pagination
 from starlette.middleware.cors import CORSMiddleware
+from starlette.middleware.sessions import SessionMiddleware
 
 from src.core.config import settings
 from src.routers import api_router
@@ -29,5 +30,15 @@ def custom_generate_unique_id(route: APIRoute) -> str:
         allow_headers=["*"],
     )
 
+for origin in settings.BACKEND_CORS_ORIGINS:
+    print(f"Allowed CORS origin: {origin}")
+
+app.add_middleware(
+    SessionMiddleware,
+    secret_key=settings.SECRET_KEY,
+    same_site="lax",  # adjust for production
+    https_only=False
+)
+
 app.include_router(api_router, prefix=settings.API_V1_STR)
 add_pagination(app)

backend/src/routers.py

@@ -1,6 +1,7 @@
 from fastapi import APIRouter
 
 from src.auth.api import router as auth_router
+from src.auth.auth0_api import router as auth0_router
 from src.flashcards.api import router as flashcards_router
 from src.stats.api import router as stats_router
 from src.users.api import router as user_router
@@ -11,3 +12,4 @@
 api_router.include_router(user_router, prefix="/users", tags=["users"])
 api_router.include_router(flashcards_router, tags=["flashcards"])
 api_router.include_router(stats_router, tags=["stats"])
+api_router.include_router(auth0_router, prefix="/auth0", tags=["auth0"])

backend/src/users/api.py

@@ -1,6 +1,6 @@
 from typing import Any
 
-from fastapi import APIRouter, HTTPException
+from fastapi import APIRouter, HTTPException, Request
 
 from src.auth.services import CurrentUser, SessionDep
 from src.core.config import settings
@@ -12,10 +12,11 @@
 
 
 @router.get("/me", response_model=UserPublic)
-def read_user_me(current_user: CurrentUser) -> Any:
+def read_user_me(request: Request, current_user: CurrentUser) -> Any:
     """
     Get current user.
     """
+    print("session content:", request.session)
     return current_user
 
 

backend/src/users/models.py

@@ -1,5 +1,5 @@
 import uuid
-from typing import TYPE_CHECKING
+from typing import TYPE_CHECKING, Optional
 
 from sqlmodel import Field, Relationship
 
@@ -11,7 +11,8 @@
 
 class User(UserBase, table=True):
     id: uuid.UUID = Field(default_factory=uuid.uuid4, primary_key=True)
-    hashed_password: str
+    auth0_id: Optional[str] = Field(default=None, index=True)
+    hashed_password: Optional[str] = Field(default=None)
     collections: list["Collection"] = Relationship(
         back_populates="user",
         cascade_delete=True,

backend/src/users/schemas.py

@@ -1,4 +1,5 @@
 import uuid
+from typing import Optional
 
 from pydantic import EmailStr
 from sqlmodel import Field, SQLModel
@@ -16,7 +17,8 @@ class UserUpdate(UserBase):
 
 
 class UserCreate(UserBase):
-    password: str = Field(min_length=8, max_length=40)
+    password: Optional[str] = Field(default=None, min_length=8, max_length=40)
+    auth0_id: Optional[str] = None
 
 
 class UserRegister(SQLModel):
@@ -26,3 +28,4 @@ class UserRegister(SQLModel):
 
 class UserPublic(UserBase):
     id: uuid.UUID
+    auth0_id: Optional[str] = None