From 85f420d2f795a2bf26c72a55bdacc01b9779fc40 Mon Sep 17 00:00:00 2001
From: JSC <jschoisy@carea5.com>
Date: Sat, 28 Jun 2025 19:19:54 +0200
Subject: [PATCH] fix auth

---
 app/__init__.py               |  8 ++++++++
 app/routes/auth.py            | 21 +++++++++++++++++++--
 app/services/token_service.py |  6 +++++-
 pyproject.toml                |  1 +
 uv.lock                       | 15 +++++++++++++++
 5 files changed, 48 insertions(+), 3 deletions(-)

diff --git a/app/__init__.py b/app/__init__.py
index 1886db4..877e31f 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -3,6 +3,7 @@ from datetime import timedelta
 
 from flask import Flask
 from flask_jwt_extended import JWTManager
+from flask_cors import CORS
 
 from app.services.auth_service import AuthService
 from app.database import init_db
@@ -33,6 +34,13 @@ def create_app():
     app.config["JWT_ACCESS_COOKIE_PATH"] = "/api/"
     app.config["JWT_REFRESH_COOKIE_PATH"] = "/api/auth/refresh"
     
+    # Initialize CORS
+    CORS(app, 
+         origins=["http://localhost:3000"],  # Frontend URL
+         supports_credentials=True,  # Allow cookies
+         allow_headers=["Content-Type", "Authorization"],
+         methods=["GET", "POST", "PUT", "DELETE", "OPTIONS"])
+    
     # Initialize JWT manager
     jwt = JWTManager(app)
     
diff --git a/app/routes/auth.py b/app/routes/auth.py
index 550667e..fedaedd 100644
--- a/app/routes/auth.py
+++ b/app/routes/auth.py
@@ -19,10 +19,27 @@ def login_oauth(provider):
 @bp.route("/callback/<provider>")
 def callback(provider):
     """Handle OAuth callback from specified provider."""
+    from flask import redirect, make_response
+    
     try:
-        return auth_service.handle_callback(provider)
+        auth_response = auth_service.handle_callback(provider)
+        
+        # If successful, redirect to frontend dashboard with cookies
+        if auth_response.status_code == 200:
+            redirect_response = make_response(redirect("http://localhost:3000/dashboard"))
+            
+            # Copy all cookies from the auth response
+            for cookie in auth_response.headers.getlist('Set-Cookie'):
+                redirect_response.headers.add('Set-Cookie', cookie)
+            
+            return redirect_response
+        else:
+            # If there was an error, redirect to login with error
+            return redirect("http://localhost:3000/login?error=oauth_failed")
+            
     except Exception as e:
-        return {"error": str(e)}, 400
+        error_msg = str(e).replace(' ', '_').replace('"', '')
+        return redirect(f"http://localhost:3000/login?error={error_msg}")
 
 
 @bp.route("/providers")
diff --git a/app/services/token_service.py b/app/services/token_service.py
index e3f5595..25aa859 100644
--- a/app/services/token_service.py
+++ b/app/services/token_service.py
@@ -16,9 +16,13 @@ class TokenService:
                 "email": user_data["email"],
                 "name": user_data["name"],
                 "picture": user_data.get("picture"),
+                "role": user_data.get("role"),
+                "is_active": user_data.get("is_active"),
+                "provider": user_data.get("provider"),
+                "providers": user_data.get("providers", []),
             },
         )
 
     def generate_refresh_token(self, user_data: dict[str, Any]) -> str:
         """Generate a refresh token for the user."""
-        return create_refresh_token(identity=user_data["id"])
\ No newline at end of file
+        return create_refresh_token(identity=user_data["id"])
diff --git a/pyproject.toml b/pyproject.toml
index b605851..d044ec7 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -8,6 +8,7 @@ requires-python = ">=3.12"
 dependencies = [
     "authlib==1.6.0",
     "flask==3.1.1",
+    "flask-cors==6.0.1",
     "flask-jwt-extended==4.7.1",
     "flask-migrate==4.1.0",
     "flask-sqlalchemy==3.1.1",
diff --git a/uv.lock b/uv.lock
index f262436..5711550 100644
--- a/uv.lock
+++ b/uv.lock
@@ -211,6 +211,19 @@ wheels = [
     { url = "https://files.pythonhosted.org/packages/3d/68/9d4508e893976286d2ead7f8f571314af6c2037af34853a30fd769c02e9d/flask-3.1.1-py3-none-any.whl", hash = "sha256:07aae2bb5eaf77993ef57e357491839f5fd9f4dc281593a81a9e4d79a24f295c", size = 103305 },
 ]
 
+[[package]]
+name = "flask-cors"
+version = "6.0.1"
+source = { registry = "https://pypi.org/simple" }
+dependencies = [
+    { name = "flask" },
+    { name = "werkzeug" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/76/37/bcfa6c7d5eec777c4c7cf45ce6b27631cebe5230caf88d85eadd63edd37a/flask_cors-6.0.1.tar.gz", hash = "sha256:d81bcb31f07b0985be7f48406247e9243aced229b7747219160a0559edd678db", size = 13463 }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/17/f8/01bf35a3afd734345528f98d0353f2a978a476528ad4d7e78b70c4d149dd/flask_cors-6.0.1-py3-none-any.whl", hash = "sha256:c7b2cbfb1a31aa0d2e5341eea03a6805349f7a61647daee1a15c46bbe981494c", size = 13244 },
+]
+
 [[package]]
 name = "flask-jwt-extended"
 version = "4.7.1"
@@ -518,6 +531,7 @@ source = { virtual = "." }
 dependencies = [
     { name = "authlib" },
     { name = "flask" },
+    { name = "flask-cors" },
     { name = "flask-jwt-extended" },
     { name = "flask-migrate" },
     { name = "flask-sqlalchemy" },
@@ -537,6 +551,7 @@ dev = [
 requires-dist = [
     { name = "authlib", specifier = "==1.6.0" },
     { name = "flask", specifier = "==3.1.1" },
+    { name = "flask-cors", specifier = "==6.0.1" },
     { name = "flask-jwt-extended", specifier = "==4.7.1" },
     { name = "flask-migrate", specifier = "==4.1.0" },
     { name = "flask-sqlalchemy", specifier = "==3.1.1" },