Update backend and server frontend for OAuth JSON response, client-side navigation, and add .gitignore

api/auth.py

@@ -16,6 +16,8 @@ import os
 import logging
 import secrets
 import httpx
+from datetime import datetime
+import jwt  # إضافة مكتبة pyjwt لتوليد الـ token يدويًا
 
 from api.database import User, OAuthAccount, CustomSQLAlchemyUserDatabase, get_user_db
 from api.models import UserRead, UserCreate, UserUpdate
@@ -58,7 +60,7 @@ github_oauth_client = GitHubOAuth2(GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET)
 github_oauth_client._access_token_url = "https://github.com/login/oauth/access_token"
 github_oauth_client._access_token_params = {"headers": {"Accept": "application/json"}}
 
-# مدير المستخدمين (بدون تغيير)
+# مدير المستخدمين
 class UserManager(IntegerIDMixin, BaseUserManager[User, int]):
     reset_password_token_secret = SECRET
     verification_token_secret = SECRET
@@ -153,6 +155,15 @@ fastapi_users = FastAPIUsers[User, int](
 
 current_active_user = fastapi_users.current_user(active=True, optional=True)
 
+# دالة مساعدة لتوليد JWT token يدويًا
+async def generate_jwt_token(user: User, secret: str, lifetime_seconds: int) -> str:
+    payload = {
+        "sub": str(user.id),
+        "aud": "fastapi-users:auth",
+        "exp": int(datetime.utcnow().timestamp()) + lifetime_seconds,
+    }
+    return jwt.encode(payload, secret, algorithm="HS256")
+
 # --- إضافة custom authorize endpoints (يرجع JSON مع authorization_url) ---
 
 async def custom_google_authorize(
@@ -187,13 +198,20 @@ async def custom_github_authorize(
 
 async def custom_oauth_callback(
     code: str,
+    state: Optional[str] = None,
     user_manager: UserManager = Depends(get_user_manager),
     oauth_client=Depends(lambda: google_oauth_client),
     redirect_url: str = GOOGLE_REDIRECT_URL,
     response: Response = None,
 ):
-    logger.debug(f"Processing Google callback with code: {code}")
+    logger.debug(f"Processing Google callback with code: {code}, state: {state}")
     try:
+        # تحقق من الـ state لو موجود (اختياري لـ CSRF protection)
+        if state:
+            logger.debug(f"Received state: {state}")
+            # إضافة تحقق من الـ state لو بتستخدمه لمنع CSRF
+            # مثال: if state != stored_state: raise ValueError("Invalid state parameter")
+
         # Get access token
         token_data = await oauth_client.get_access_token(code, redirect_url)
         access_token = token_data["access_token"]
@@ -219,9 +237,10 @@ async def custom_oauth_callback(
             is_verified_by_default=True,
         )
 
-        jwt_strategy = get_jwt_strategy()
-        token = await jwt_strategy.write(user)
+        # توليد الـ JWT token يدويًا
+        token = await generate_jwt_token(user, SECRET, 3600)
 
+        # ضبط الـ cookie
         cookie_transport.set_cookie(response, token)
 
         return JSONResponse(content={
@@ -230,17 +249,29 @@ async def custom_oauth_callback(
         }, status_code=200)
     except Exception as e:
         logger.error(f"Error in Google OAuth callback: {str(e)}")
+        if "400" in str(e):
+            return JSONResponse(
+                content={"detail": "Invalid authorization code. Please try logging in again."},
+                status_code=400
+            )
         return JSONResponse(content={"detail": str(e)}, status_code=400)
 
 async def custom_github_oauth_callback(
     code: str,
+    state: Optional[str] = None,
     user_manager: UserManager = Depends(get_user_manager),
     oauth_client=Depends(lambda: github_oauth_client),
     redirect_url: str = GITHUB_REDIRECT_URL,
     response: Response = None,
 ):
-    logger.debug(f"Processing GitHub callback with code: {code}")
+    logger.debug(f"Processing GitHub callback with code: {code}, state: {state}")
     try:
+        # تحقق من الـ state لو موجود (اختياري لـ CSRF protection)
+        if state:
+            logger.debug(f"Received state: {state}")
+            # إضافة تحقق من الـ state لو بتستخدمه لمنع CSRF
+            # مثال: if state != stored_state: raise ValueError("Invalid state parameter")
+
         # Get access token
         token_data = await oauth_client.get_access_token(code, redirect_url)
         access_token = token_data["access_token"]
@@ -284,9 +315,10 @@ async def custom_github_oauth_callback(
             is_verified_by_default=True,
         )
 
-        jwt_strategy = get_jwt_strategy()
-        token = await jwt_strategy.write(user)
+        # توليد الـ JWT token يدويًا
+        token = await generate_jwt_token(user, SECRET, 3600)
 
+        # ضبط الـ cookie
         cookie_transport.set_cookie(response, token)
 
         return JSONResponse(content={
@@ -295,6 +327,11 @@ async def custom_github_oauth_callback(
         }, status_code=200)
     except Exception as e:
         logger.error(f"Error in GitHub OAuth callback: {str(e)}")
+        if "400" in str(e):
+            return JSONResponse(
+                content={"detail": "Invalid authorization code. Please try logging in again."},
+                status_code=400
+            )
         return JSONResponse(content={"detail": str(e)}, status_code=400)
 
 # تضمين الراوترات داخل التطبيق

api/endpoints.py

@@ -4,7 +4,7 @@
 
 import os
 import uuid
-from fastapi import APIRouter, Depends, HTTPException, Request, status, UploadFile, File
+from fastapi import APIRouter, Depends, HTTPException, Request, status, UploadFile, File , Body
 from fastapi.responses import StreamingResponse
 from api.database import User, Conversation, Message
 from api.models import QueryRequest, ConversationOut, ConversationCreate, UserUpdate
@@ -24,7 +24,6 @@ import logging
 from typing import List, Optional
 # from utils.constants import MODEL_ALIASES, MODEL_NAME, SECONDARY_MODEL_NAME, TERTIARY_MODEL_NAME, CLIP_BASE_MODEL, CLIP_LARGE_MODEL, ASR_MODEL, TTS_MODEL, IMAGE_GEN_MODEL, SECONDARY_IMAGE_GEN_MODEL
 from utils.constants import MODEL_ALIASES, MODEL_NAME, SECONDARY_MODEL_NAME, TERTIARY_MODEL_NAME, CLIP_BASE_MODEL, CLIP_LARGE_MODEL, ASR_MODEL, TTS_MODEL, IMAGE_GEN_MODEL, SECONDARY_IMAGE_GEN_MODEL, IMAGE_INFERENCE_API
-from fastapi import Body
 import psutil
 import time
 router = APIRouter()
@@ -899,12 +898,19 @@ async def get_user_settings(user: User = Depends(current_active_user)):
     }
 
 
+
 @router.get("/api/verify-token")
 async def verify_token(user: User = Depends(current_active_user)):
     if not user:
         raise HTTPException(status_code=401, detail="Invalid or expired token")
-    return {"status": "valid"}
-
+    return {
+        "status": "valid",
+        "user": {
+            "id": user.id,
+            "email": user.email,
+            "is_active": user.is_active
+        }
+    }
 
 @router.put("/users/me")
 async def update_user_settings(

requirements.txt

@@ -51,4 +51,5 @@ diffusers>=0.30.0
 psutil>=5.9.0
 xformers>=0.0.27
 anyio==4.6.0
-duckduckgo-search
+pyjwt>=2.4.0
+duckduckgo-search

static/js/chat.js

@@ -61,17 +61,32 @@ document.addEventListener('DOMContentLoaded', async () => {
   // Force chat view to be visible immediately
   enterChatView(true);
 
-  if (await checkAuth() && currentConversationId) {
-    console.log('Loading conversation with ID:', currentConversationId);
+  const authResult = await checkAuth();
+  if (authResult.authenticated && currentConversationId) {
+    console.log('Authenticated user, loading conversation with ID:', currentConversationId);
     await loadConversation(currentConversationId);
-  } else if (!(await checkAuth()) && conversationHistory.length > 0) {
-    console.log('Restoring conversation history from sessionStorage:', conversationHistory);
+    // عرض بيانات المستخدم في الواجهة
+    const userInfoElement = document.getElementById('user-info');
+    if (userInfoElement && authResult.user) {
+      userInfoElement.textContent = `Welcome, ${authResult.user.email}`;
+    }
+  } else if (!authResult.authenticated && conversationHistory.length > 0) {
+    console.log('Unauthenticated user, restoring conversation history from sessionStorage:', conversationHistory);
     conversationHistory.forEach(msg => {
       console.log('Adding message from history:', msg);
       addMsg(msg.role, msg.content);
     });
+    // عرض Anonymous لو مفيش مستخدم موثّق
+    const userInfoElement = document.getElementById('user-info');
+    if (userInfoElement) {
+      userInfoElement.textContent = 'Anonymous';
+    }
   } else {
     console.log('No conversation history or ID, starting fresh');
+    const userInfoElement = document.getElementById('user-info');
+    if (userInfoElement) {
+      userInfoElement.textContent = 'Anonymous';
+    }
   }
 
   autoResizeTextarea();
@@ -88,28 +103,32 @@ document.addEventListener('DOMContentLoaded', async () => {
 async function checkAuth() {
   const token = localStorage.getItem('token');
   if (!token) {
-    console.log('No auth token found');
-    return false;
+    console.log('No auth token found in localStorage');
+    return { authenticated: false, user: null };
   }
   try {
     const response = await fetch('/api/verify-token', {
-      headers: { 'Authorization': `Bearer ${token}` }
+      method: 'GET',
+      headers: { 
+        'Authorization': `Bearer ${token}`,
+        'Accept': 'application/json'
+      }
     });
-    if (response.ok) {
-      console.log('Auth token verified');
-      return true;
+    const data = await response.json();
+    if (response.ok && data.status === 'valid') {
+      console.log('Auth token verified, user:', data.user);
+      return { authenticated: true, user: data.user };
     } else {
-      console.log('Token verification failed:', response.status);
+      console.log('Token verification failed:', data.detail || response.status);
       localStorage.removeItem('token');
-      return false;
+      return { authenticated: false, user: null };
     }
   } catch (error) {
     console.error('Error verifying token:', error);
     localStorage.removeItem('token');
-    return false;
+    return { authenticated: false, user: null };
   }
 }
-
 // Handle session for non-logged-in users
 async function handleSession() {
   const sessionId = sessionStorage.getItem('session_id');
@@ -1260,4 +1279,4 @@ function autoResizeTextarea() {
 // Function to check if text contains Arabic characters
 function isArabicText(text) {
   return /[\u0600-\u06FF\u0750-\u077F\u08A0-\u08FF\uFB50-\uFDFF\uFE70-\uFEFF]/.test(text);
-}
+}

templates/login.html

@@ -427,14 +427,14 @@
         localStorage.setItem('theme', 'light');
     }
 
-    // Check authentication status on page load
+    // Check authentication status
     async function checkAuthStatus() {
+        const token = localStorage.getItem('token');
+        if (!token) {
+            console.log('No token found in localStorage');
+            return false;
+        }
         try {
-            const token = localStorage.getItem('token');
-            if (!token) {
-                console.log('No token found in localStorage');
-                return false;
-            }
             const response = await fetch('/api/verify-token', {
                 method: 'GET',
                 headers: {
@@ -442,17 +442,17 @@
                     'Accept': 'application/json'
                 }
             });
-            if (response.ok) {
-                console.log('User is authenticated, redirecting to /chat');
-                window.location.href = '/chat';
+            const data = await response.json();
+            if (response.ok && data.status === 'valid') {
+                console.log('Token is valid, user:', data.user);
                 return true;
             } else {
-                console.log('Token verification failed, clearing token');
+                console.log('Token verification failed:', data.detail || 'Invalid token');
                 localStorage.removeItem('token');
                 return false;
             }
         } catch (error) {
-            console.error('Error checking auth status:', error);
+            console.error('Error verifying token:', error);
             localStorage.removeItem('token');
             return false;
         }
@@ -566,7 +566,7 @@
         });
     }
 
-    // Check for OAuth callback on load (for web)
+    // Check for OAuth callback on load
     window.addEventListener('load', async () => {
         console.log('Page loaded, checking for auth status and OAuth callback');
         if (!navigator.onLine) {
@@ -582,38 +582,38 @@
             errorMsg.classList.remove('hidden');
             console.error('OAuth error from URL:', error);
         } else if (code) {
-            console.log('OAuth code detected in URL, letting server handle callback');
-            // The server handles /auth/google/callback or /auth/github/callback
-            // Check auth status to detect the set cookie
-            const isAuthenticated = await checkAuthStatus();
-            if (!isAuthenticated) {
-                // Fetch the callback response to get the access_token
-                const provider = window.location.pathname.includes('google') ? 'google' : 'github';
-                try {
-                    const response = await fetch(window.location.href, {
-                        method: 'GET',
-                        headers: { 'Accept': 'application/json' }
-                    });
-                    if (response.ok) {
-                        const data = await response.json();
-                        if (data.access_token) {
-                            localStorage.setItem('token', data.access_token);
-                            console.log(`${provider} login successful, token saved`);
+            console.log('OAuth code detected in URL, processing callback');
+            const provider = window.location.pathname.includes('google') ? 'google' : 'github';
+            try {
+                const response = await fetch(window.location.href, {
+                    method: 'GET',
+                    headers: { 'Accept': 'application/json' }
+                });
+                if (response.ok) {
+                    const data = await response.json();
+                    if (data.access_token) {
+                        localStorage.setItem('token', data.access_token);
+                        console.log(`${provider} login successful, token saved`);
+                        const isAuthenticated = await checkAuthStatus();
+                        if (isAuthenticated) {
+                            console.log('Redirecting to /chat');
                             window.location.href = '/chat';
                         } else {
-                            throw new Error('No access token received');
+                            throw new Error('Authentication failed after receiving token');
                         }
                     } else {
-                        const errorData = await response.json();
-                        errorMsg.textContent = errorData.detail || `Failed to complete ${provider} login`;
-                        errorMsg.classList.remove('hidden');
-                        console.error(`Failed to complete ${provider} login:`, errorData);
+                        throw new Error('No access token received');
                     }
-                } catch (error) {
-                    errorMsg.textContent = `Failed to process ${provider} login. Please try again.`;
+                } else {
+                    const errorData = await response.json();
+                    errorMsg.textContent = errorData.detail || `Failed to complete ${provider} login`;
                     errorMsg.classList.remove('hidden');
-                    console.error(`Error processing ${provider} callback:`, error);
+                    console.error(`Failed to complete ${provider} login:`, errorData);
                 }
+            } catch (error) {
+                errorMsg.textContent = `Failed to process ${provider} login. Please try again.`;
+                errorMsg.classList.remove('hidden');
+                console.error(`Error processing ${provider} callback:`, error);
             }
         } else {
             await checkAuthStatus();