from fastapi import APIRouter, Depends, HTTPException from google.oauth2 import id_token as google_id_token from google.auth.transport import requests as google_requests from loguru import logger from sqlmodel import Session from app.auth import create_jwt from app.database import get_session from app.repositories.subscription import SubscriptionRepository from app.repositories.user import UserRepository from app.schemas.auth import GoogleAuthRequest, GoogleAuthResponse from app.services.subscription import is_premium router = APIRouter() @router.post("/auth/google", response_model=GoogleAuthResponse) async def google_auth(body: GoogleAuthRequest, session: Session = Depends(get_session)): """Verify Google ID token server-side, create/update user, return JWT.""" try: idinfo = google_id_token.verify_oauth2_token( body.idToken, google_requests.Request() ) user_id = idinfo["sub"] email = idinfo.get("email", "") name = idinfo.get("name", "") photo_url = idinfo.get("picture", "") user_repo = UserRepository(session) sub_repo = SubscriptionRepository(session) user = user_repo.upsert(user_id, email, name, photo_url) sub = sub_repo.get_latest(user_id) plan = sub.product_id if sub else "" expiry_date = sub.expiry_date or "" if sub else "" premium = is_premium(sub.status, expiry_date) if sub else False token = create_jwt(user_id, email, premium, plan, expiry_date) logger.info(f"AUTH_GOOGLE: user={user_id} email={email} onboarded={bool(user.onboarded)} premium={premium}") return GoogleAuthResponse( token=token, userId=user_id, email=email, name=name, photoUrl=photo_url, onboarded=bool(user.onboarded), language=user.language, isPremium=premium, plan=plan, expiryDate=expiry_date, ) except Exception as e: logger.warning(f"Google auth failed: {type(e).__name__}: {e}") raise HTTPException(status_code=401, detail=f"Authentication failed: {str(e)}")