gh#dZddlZddlmZmZmZmZmZmZddl m Z ddl Z ddl Z ddl Z ddlmZmZddlmZddlmZmZddlmZiZd Zd Zd Zd Zd ZdZdZy)z* Google OAuth authentication for SQLGenAI N)requestredirecturl_for current_appsessionjsonify) login_userdatetime timedelta)db)User Subscription)SUBSCRIPTION_PLANSctjtdz}|t|<tj Dcgc]\}}|tjks|!}}}|D]}tj |d|Scc}}w)z+Store OAuth state with 10-minute expiration )minutesN)r utcnowr _oauth_statesitemspop)state expirationsexpexpired_statess %/var/www/html/app/auth/google_auth.pystore_oauth_statersz"Yr%::J%M%&3&9&9&;WFAssX__EV?VaWNW #!T"# LXs B"Bc|sytj|}|r|tjkrytj |dy)z)Verify OAuth state and remove it if validFNT)rgetr rr)rrs rverify_oauth_stater!s? ""5)J hoo&77eT" cjtjtjdj S)z-Get Google's OAuth 2.0 provider configurationGOOGLE_DISCOVERY_URL)requestsr rconfigjsonr"rget_google_provider_cfgr)'s& << **+AB C H H JJr"clt}|d}tjd}t||td<dt_t jjd|t jjdxs tdd}|d t jd d |d |d |dS)z%Generate the Google authorization URLauthorization_endpointgoogle_oauth_stateTzGenerated OAuth state: GOOGLE_REDIRECT_URIgoogle_auth.google_callback _externalz?response_type=code&client_id=GOOGLE_CLIENT_IDz&redirect_uri=z&scope=email%20profile&state=z&prompt=consent)urlr) r)secrets token_hexrrmodifiedrloggerinfor&r r)google_provider_cfgr+r redirect_uris rget_google_auth_urlr;+s2301IJ   b !Ee%*G !G5eW=>%%))*?@zGLiuyDzL)))G HZHZ[mHnGoo}K~LLijoipp@ r"c tjjd|t|}|sat j d}tjjd||r(||k(r#d}t j dddt_|sdddd fSt}|d }tjj d xs td d }t|tj||\}}} tj||| tjdtjdf} | j!} d| vr dd| ddd fS|d} tj | dd| di} | j!}|j dsdddd fS|d}|j ddj#dd}t%|d kDr|d nd}t%|dkDr|dnd}|j d!d}t&j(j+|"j-}|s|j#d#d }|}d}t&j(j+|$j-r:||}|dz }t&j(j+|$j-r:t'||||d%}|j/t1j2d&t1j2d'|_t6jj9|t6jj;t=|nQt1j2d'|_t?j@|_!t6jj;tE|tFj(j+|jH(j-}dd)|j4|jH|jJ|jL|jNxsd|jPxsd|jRxsd|jTxsd|jV|r |jXnd|r |jZnd|r |j\ndd*d+ d,S)-z Handle the Google OAuth callbackzReceived state: r-zStored session state: TNFzInvalid state parameter)successmessageitoken_endpointr.r/r0)authorization_response redirect_urlcoder2GOOGLE_CLIENT_SECRET)headersdataautherrorz Token error: userinfo_endpoint AuthorizationzBearer access_token)rDemail_verifiedz#User email not verified with Googleemailname rpicture)rL@)username)rLrS first_name last_name is_activer, )user_idzLogin successful)plan_idstatus is_annual) idrLrSrTrUcompany job_titleis_admin subscription)r=r>tokenuser)/rr7r8r!rr rr6r)r&rprepare_token_requestrr3r%postr'splitlenrquery filter_byfirst set_passwordr4r5 auth_tokenr addcommitcreate_free_subscriptionr r last_loginr rr\rLrSrTrUr]r^r_rYrZr[)rBris_valid_state stored_stater9r?rA token_urlrDbodytoken_response token_datarHuserinfo_responseuserinforL name_partsrTrUrQrbrS base_usernamecounterr`s rhandle_google_callbackr{Gs7.ug67(.N {{#78 "8 GH E\1!N KK,d 3#G   -FGLL23()9:N%%))*?@zGLiuyDzL4&{{!   Iw]]   !34k6H6HI_6` a N $$&J* }Z=P?(//0FG   r"c ddlm}m}ddlm}t j di}|j di}|j dd}|j jdj}|jrd|jvr3||_ tjjtd |t|jdd |j |j |d zd dt#j$d}tjj'|tjj|S)z)Create a free subscription for a new userrr )SubscriptionPlanfreefeatures query_limitr)rYz-Updated free plan features with query_limit: activeim)daysFfree_)rXrYrZ start_dateend_dater[subscription_id)r r app.auth.modelsrrr rgrhrirr rrmprintrr\rr4r5rl) rbr r rfree_plan_configfree_plan_featuresr free_planr`s rrnrns$,0*--fb9)--j"=%((;K!&&000@FFHI   i6H6H!H/   =k]KL "8??$ "YC%88 1 1! 456LJJNN< JJ r")__doc__osflaskrrrrrr flask_loginr r%r'r4r r app.extensionsr rrrapp.subscription_configrrrr!r)r;r{rcrnr(r"rrsZ KK" (.6  K8JX #r"