1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
|
import os
import random
import string
from pathlib import Path
from typing import Any
from authlib.integrations.starlette_client import OAuth
from dotenv import load_dotenv
from fastapi import APIRouter, Depends, HTTPException, Request
from fastapi.responses import RedirectResponse
from sqlalchemy import insert, select
from sqlalchemy.ext.asyncio import AsyncSession
from app.auth.jwt import create_access_token, create_refresh_token
from app.models.integrations import UserIntegration
from app.models.profile import Profile
from app.models.user import User
from app.utils.db import get_async_session
from app.utils.logger_cfg import logger
env_path = Path(__file__).resolve().parents[3] / ".env"
load_dotenv(env_path)
GOOGLE_CLIENT_ID = os.getenv("GOOGLE_CLIENT_ID")
GOOGLE_CLIENT_SECRET = os.getenv("GOOGLE_CLIENT_SECRET")
FRONTEND_URL = os.getenv("FRONTEND_URL", "http://localhost:3000")
if not GOOGLE_CLIENT_ID or not GOOGLE_CLIENT_SECRET:
raise RuntimeError("Google OAuth env not configured")
router = APIRouter(prefix="/auth/google", tags=["auth"])
oauth = OAuth()
oauth.register(
name="google",
client_id=GOOGLE_CLIENT_ID,
client_secret=GOOGLE_CLIENT_SECRET,
server_metadata_url="https://accounts.google.com/.well-known/openid-configuration",
client_kwargs={"scope": "openid email profile"},
)
@router.get("/login")
async def google_login(request: Request):
redirect_uri = request.url_for("google_callback")
logger.debug("Google redirect_uri: {}", redirect_uri)
return await oauth.google.authorize_redirect(request, redirect_uri)
def generate_username(length: int = 8) -> str:
chars = string.ascii_letters + string.digits
return "".join(random.choices(chars, k=length))
async def is_username_taken(session: AsyncSession, username: str) -> bool:
result = await session.execute(
select(User.id).where(User.username == username)
)
return result.scalar_one_or_none() is not None
async def generate_unique_username(
session: AsyncSession,
max_attempts: int = 10,
) -> str:
for _ in range(max_attempts):
username = generate_username()
if not await is_username_taken(session, username):
return username
raise RuntimeError("Failed to generate unique username")
async def ensure_user_state(session: AsyncSession, user_id: int):
profile = await session.execute(
select(Profile).where(Profile.user_id == user_id)
)
profile = profile.scalar_one_or_none()
if not profile:
session.add(Profile(user_id=user_id))
logger.debug("Created missing Profile for user={}", user_id)
integrations = await session.execute(
select(UserIntegration).where(UserIntegration.user_id == user_id)
)
integrations = integrations.scalar_one_or_none()
if not integrations:
session.add(UserIntegration(user_id=user_id))
logger.debug("Created missing Integrations for user={}", user_id)
await session.commit()
async def create_user_with_relations(
session: AsyncSession,
*,
email: str,
username: str,
google_id: str,
) -> User:
result = await session.execute(
insert(User)
.values(
email=email,
username=username,
google_id=google_id,
password=None,
)
.returning(User.id)
)
user_id = result.scalar_one()
session.add(Profile(user_id=user_id))
session.add(UserIntegration(user_id=user_id))
await session.commit()
result = await session.execute(select(User).where(User.id == user_id))
return result.scalar_one()
@router.get("/callback", name="google_callback")
async def google_callback(
request: Request,
session: AsyncSession = Depends(get_async_session),
):
try:
token: dict[str, Any] = await oauth.google.authorize_access_token(
request
)
logger.debug("OAuth token received: {}", token.keys())
except Exception as e:
logger.exception("Google OAuth failed: {}", str(e))
raise HTTPException(status_code=400, detail="OAuth failed")
try:
user_info = token.get("userinfo") or await oauth.google.parse_id_token(
request, token
)
except Exception as e:
logger.exception("Failed to parse user info: {}", str(e))
raise HTTPException(status_code=400, detail="Invalid token")
email: str | None = user_info.get("email")
google_id: str | None = user_info.get("sub")
if not email or not google_id:
raise HTTPException(status_code=400, detail="Invalid Google response")
result = await session.execute(
select(User).where(User.google_id == google_id)
)
user = result.scalar_one_or_none()
if not user:
logger.info("Creating new Google user: {}", email)
username = await generate_unique_username(session)
user = await create_user_with_relations(
session,
email=email,
username=username,
google_id=google_id,
)
else:
logger.debug("User exists: {}", user.id)
await ensure_user_state(session, user.id)
access_token = create_access_token(
{"sub": str(user.id), "token_version": user.token_version}
)
refresh_token = create_refresh_token(
{"sub": str(user.id), "token_version": user.token_version}
)
response = RedirectResponse(url=f"{FRONTEND_URL}/oauth-success")
response.set_cookie(
key="access_token",
value=access_token,
httponly=True,
secure=False,
samesite="lax",
max_age=60 * 15,
)
response.set_cookie(
key="refresh_token",
value=refresh_token,
httponly=True,
secure=False,
samesite="lax",
max_age=60 * 60 * 24 * 7,
)
return response
|
