commit 9f1b2c3d4e5f67890123456789abcdef01234567

Author: atonixdev

Dockerfile

@@ -1,15 +1,14 @@
-### Multi-stage Dockerfile for Flask app (production)
+
 FROM python:3.11-slim as builder
 
 ENV PYTHONDONTWRITEBYTECODE=1
 ENV PYTHONUNBUFFERED=1
 
 WORKDIR /app
 
-# Install build deps
 RUN apt-get update && apt-get install -y --no-install-recommends build-essential gcc curl && rm -rf /var/lib/apt/lists/*
 
-# Copy only requirements first for better caching
+
 COPY requirements.txt /app/requirements.txt
 RUN python -m pip install --upgrade pip
 RUN pip install --no-cache-dir -r requirements.txt
@@ -20,13 +19,12 @@ WORKDIR /app
 ENV PYTHONDONTWRITEBYTECODE=1
 ENV PYTHONUNBUFFERED=1
 
-# Copy installed packages from builder
+
 COPY --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
 
-# Copy app sources
 COPY . /app
 
 EXPOSE 5000
 
-# Use gunicorn in production
+
 CMD ["gunicorn", "run:app", "-w", "4", "-b", "0.0.0.0:5000", "--chdir", "/app"]

app.py

@@ -1,12 +1,25 @@
 from flask import Flask
-from routes import main  
+from authlib.integrations.flask_client import OAuth
+from routes import main
+
 
 def create_app():
     app = Flask(__name__)
-    
+
     # Load configuration from config.py
     app.config.from_pyfile('config.py')
 
+    # Initialize OAuth
+    oauth = OAuth(app)
+    # Register common providers (config values must be provided in config.py or env)
+    oauth.register('github', client_id=app.config.get('GITHUB_CLIENT_ID'), client_secret=app.config.get('GITHUB_CLIENT_SECRET'), access_token_url='https://github.com/login/oauth/access_token', authorize_url='https://github.com/login/oauth/authorize', api_base_url='https://api.github.com/', client_kwargs={'scope':'user:email'})
+    oauth.register('gitlab', client_id=app.config.get('GITLAB_CLIENT_ID'), client_secret=app.config.get('GITLAB_CLIENT_SECRET'), access_token_url='https://gitlab.com/oauth/token', authorize_url='https://gitlab.com/oauth/authorize', api_base_url='https://gitlab.com/api/v4')
+    oauth.register('linkedin', client_id=app.config.get('LINKEDIN_CLIENT_ID'), client_secret=app.config.get('LINKEDIN_CLIENT_SECRET'), access_token_url='https://www.linkedin.com/oauth/v2/accessToken', authorize_url='https://www.linkedin.com/oauth/v2/authorization', api_base_url='https://api.linkedin.com/v2', client_kwargs={'scope':'r_liteprofile r_emailaddress'})
+    oauth.register('facebook', client_id=app.config.get('FACEBOOK_CLIENT_ID'), client_secret=app.config.get('FACEBOOK_CLIENT_SECRET'), access_token_url='https://graph.facebook.com/v10.0/oauth/access_token', authorize_url='https://www.facebook.com/v10.0/dialog/oauth', api_base_url='https://graph.facebook.com/')
+
+    # Attach oauth instance to app for routes to use
+    app.oauth = oauth
+
     # Register your blueprint
     app.register_blueprint(main)
 

config.py

@@ -1,2 +1,12 @@
 SECRET_KEY = 'your-secure-key'
-UPLOAD_FOLDER = '/path/to/uploads'
+UPLOAD_FOLDER = '/path/to/uploads'
+# OAuth client credentials (set these via environment variables or directly for local testing)
+# Example: GITHUB_CLIENT_ID = 'xxx'
+GITHUB_CLIENT_ID = None
+GITHUB_CLIENT_SECRET = None
+GITLAB_CLIENT_ID = None
+GITLAB_CLIENT_SECRET = None
+LINKEDIN_CLIENT_ID = None
+LINKEDIN_CLIENT_SECRET = None
+FACEBOOK_CLIENT_ID = None
+FACEBOOK_CLIENT_SECRET = None

requirements.txt

@@ -19,6 +19,7 @@ Flask-Babel
 Flask-Cors
 python-dotenv
 openai
+authlib
 alembic
 marshmallow
 python-magic

routes.py

@@ -20,6 +20,11 @@ def inject_globals():
 
 @main.route('/')
 def dashboard():
+    # require login to view dashboard
+    user_id = session.get('user_id')
+    if not user_id:
+        flash('Please log in to access the dashboard.', 'error')
+        return redirect(url_for('main.login', next=url_for('main.dashboard')))
     return render_template('dashboard.html')
 
 @main.route('/upload', methods=['POST'])
@@ -74,13 +79,101 @@ def login():
             # If profile incomplete, redirect to complete profile
             if not user.get('full_name') or not user.get('company'):
                 return redirect(url_for('main.complete_profile'))
+            # Respect optional `next` param so we can redirect to dashboard or original page
+            next_url = request.args.get('next') or request.form.get('next')
+            if next_url:
+                return redirect(next_url)
             return redirect(url_for('main.dashboard'))
         else:
             flash('Invalid credentials.', 'error')
             return render_template('login.html')
     return render_template('login.html')
 
 
+@main.route('/login/<provider>')
+def oauth_login(provider):
+    # start oauth login flow
+    oauth = current_app.oauth
+    if provider not in oauth._registry:
+        flash('Unknown OAuth provider.', 'error')
+        return redirect(url_for('main.login'))
+    redirect_uri = url_for('main.oauth_callback', provider=provider, _external=True)
+    return oauth.create_client(provider).authorize_redirect(redirect_uri)
+
+
+@main.route('/auth/<provider>/callback')
+def oauth_callback(provider):
+    oauth = current_app.oauth
+    client = oauth.create_client(provider)
+    if not client:
+        flash('OAuth client not configured.', 'error')
+        return redirect(url_for('main.login'))
+    token = client.authorize_access_token()
+    if not token:
+        flash('Authentication failed.', 'error')
+        return redirect(url_for('main.login'))
+    # fetch basic profile information depending on provider
+    profile = {}
+    if provider == 'github':
+        profile = client.get('user').json()
+        email = profile.get('email') or (client.get('user/emails').json()[0].get('email') if client.get('user/emails') else None)
+    elif provider == 'gitlab':
+        profile = client.get('user').json()
+        email = profile.get('email')
+    elif provider == 'linkedin':
+        # LinkedIn requires separate endpoints for email and profile
+        profile = client.get('me').json()
+        email_resp = client.get('emailAddress?q=members&projection=(elements*(handle~))')
+        email = None
+        try:
+            email = email_resp.json().get('elements', [])[0].get('handle~', {}).get('emailAddress')
+        except Exception:
+            email = None
+    elif provider == 'facebook':
+        profile = client.get('me?fields=id,name,email').json()
+        email = profile.get('email')
+    else:
+        email = None
+
+    if not email:
+        flash('Could not retrieve email from provider. Please sign up with email/password.', 'error')
+        return redirect(url_for('main.signup'))
+
+    # If user exists, log them in; otherwise create an account (random password)
+    user = authenticate_user(email, '')
+    # authenticate_user expects a password; instead we'll check existence directly
+    from dbkamp.db import get_connection
+    conn = get_connection()
+    cur = conn.cursor()
+    cur.execute('SELECT * FROM users WHERE email = ?', (email,))
+    row = cur.fetchone()
+    conn.close()
+    if row:
+        session['user_id'] = row['id']
+        session['user_email'] = row['email']
+        flash('Logged in with ' + provider.capitalize(), 'success')
+        return redirect(url_for('main.dashboard'))
+    else:
+        # create user with a random password placeholder
+        import secrets
+        pw = secrets.token_urlsafe(16)
+        created = create_user(email, pw)
+        if created:
+            # fetch new user id
+            conn = get_connection()
+            cur = conn.cursor()
+            cur.execute('SELECT * FROM users WHERE email = ?', (email,))
+            new = cur.fetchone()
+            conn.close()
+            session['user_id'] = new['id']
+            session['user_email'] = new['email']
+            flash('Account created via ' + provider.capitalize(), 'success')
+            return redirect(url_for('main.complete_profile'))
+        else:
+            flash('Unable to create account.', 'error')
+            return redirect(url_for('main.signup'))
+
+
 @main.route('/resources')
 def resources():
     return render_template('resources.html')

templates/login.html

@@ -14,6 +14,15 @@ <h1>Welcome back</h1>
           <button class="btn-signup" type="submit">Log in</button>
         </div>
       </form>
+      <div style="margin-top:1rem">
+        <p class="muted">Or continue with</p>
+        <div style="display:flex;gap:0.5rem;margin-top:0.5rem">
+          <a class="btn" href="/login/github">GitHub</a>
+          <a class="btn" href="/login/gitlab">GitLab</a>
+          <a class="btn" href="/login/linkedin">LinkedIn</a>
+          <a class="btn" href="/login/facebook">Facebook</a>
+        </div>
+      </div>
     </div>
   </div>
 {% endblock %}

templates/signup.html

@@ -14,6 +14,15 @@ <h1>Create your account</h1>
           <button class="btn-signup" type="submit">Create Account</button>
         </div>
       </form>
+      <div style="margin-top:1rem">
+        <p class="muted">Or sign up with</p>
+        <div style="display:flex;gap:0.5rem;margin-top:0.5rem">
+          <a class="btn" href="/login/github">GitHub</a>
+          <a class="btn" href="/login/gitlab">GitLab</a>
+          <a class="btn" href="/login/linkedin">LinkedIn</a>
+          <a class="btn" href="/login/facebook">Facebook</a>
+        </div>
+      </div>
     </div>
   </div>
 {% endblock %}

venv/lib/python3.11/site-packages/_cffi_backend.cpython-311-x86_64-linux-gnu.so

@@ -0,0 +1 @@
+pip

venv/lib/python3.11/site-packages/authlib-1.6.3.dist-info/INSTALLER

@@ -0,0 +1,36 @@
+Metadata-Version: 2.4
+Name: Authlib
+Version: 1.6.3
+Summary: The ultimate Python library in building OAuth and OpenID Connect servers and clients.
+Author-email: Hsiaoming Yang <me@lepture.com>
+License: BSD-3-Clause
+Project-URL: Documentation, https://docs.authlib.org/
+Project-URL: Purchase, https://authlib.org/plans
+Project-URL: Issues, https://github.com/authlib/authlib/issues
+Project-URL: Source, https://github.com/authlib/authlib
+Project-URL: Donate, https://github.com/sponsors/lepture
+Project-URL: Blog, https://blog.authlib.org/
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Console
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Programming Language :: Python :: Implementation :: PyPy
+Classifier: Topic :: Security
+Classifier: Topic :: Security :: Cryptography
+Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
+Classifier: Topic :: Internet :: WWW/HTTP :: WSGI :: Application
+Requires-Python: >=3.9
+Description-Content-Type: text/x-rst
+License-File: LICENSE
+Requires-Dist: cryptography
+Dynamic: license-file