replace fastapi name, create google auth, create llm feature

Author: martialziye

.env

@@ -13,7 +13,7 @@ FRONTEND_HOST=http://localhost:5173
 # Environment: local, staging, production
 ENVIRONMENT=local
 
-PROJECT_NAME="Full Stack FastAPI Project"
+PROJECT_NAME="TemplateForge AI"
 STACK_NAME=full-stack-fastapi-project
 
 # Backend
@@ -40,6 +40,14 @@ POSTGRES_PASSWORD=changethis
 
 SENTRY_DSN=
 
+# Google OAuth (Web client ID)
+GOOGLE_OAUTH_CLIENT_ID=179636508862-0kvpljg5vpt61ahm8l0jhl3td619nlhs.apps.googleusercontent.com
+
+# LLM (Gemini)
+# Do not commit real keys. Set locally or via CI/CD secret manager.
+GEMINI_API_KEY=AIzaSyBQ82eHzeywwTB3OTn7moG4kDrkev8YcAI
+GEMINI_MODEL=gemini-2.5-flash-lite
+
 # Configure these with your own Docker registry images
 DOCKER_IMAGE_BACKEND=backend
 DOCKER_IMAGE_FRONTEND=frontend

backend/app/api/routes/generate.py

@@ -1,3 +1,4 @@
+import logging
 from typing import Any, NoReturn
 
 from fastapi import APIRouter, HTTPException
@@ -13,6 +14,7 @@
 from app.services.exceptions import ServiceError
 
 router = APIRouter(prefix="/generate", tags=["generate"])
+logger = logging.getLogger(__name__)
 
 
 def _raise_http_from_service_error(exc: ServiceError) -> NoReturn:
@@ -33,6 +35,11 @@ def extract_variables(
             extract_in=extract_in,
         )
     except ServiceError as exc:
+        logger.warning(
+            "Generate extract failed (status=%s): %s",
+            exc.status_code,
+            exc.detail,
+        )
         _raise_http_from_service_error(exc)
 
 
@@ -50,4 +57,9 @@ def render_template(
             render_in=render_in,
         )
     except ServiceError as exc:
+        logger.warning(
+            "Generate render failed (status=%s): %s",
+            exc.status_code,
+            exc.detail,
+        )
         _raise_http_from_service_error(exc)

backend/app/api/routes/login.py

@@ -8,7 +8,14 @@
 from app.api.deps import CurrentUser, SessionDep, get_current_active_superuser
 from app.core import security
 from app.core.config import settings
-from app.models import Message, NewPassword, Token, UserPublic, UserUpdate
+from app.models import (
+    GoogleLoginRequest,
+    Message,
+    NewPassword,
+    Token,
+    UserPublic,
+    UserUpdate,
+)
 from app.services import auth_service, user_service
 from app.utils import (
     generate_password_reset_token,
@@ -42,6 +49,26 @@ def login_access_token(
     )
 
 
+@router.post("/login/google")
+def login_google(session: SessionDep, body: GoogleLoginRequest) -> Token:
+    """
+    Google ID token login. Validates token with Google and returns local JWT.
+    """
+    try:
+        user = auth_service.authenticate_google_id_token(
+            session=session, id_token=body.id_token
+        )
+    except auth_service.GoogleAuthError as exc:
+        raise HTTPException(status_code=exc.status_code, detail=exc.detail)
+
+    access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
+    return Token(
+        access_token=security.create_access_token(
+            user.id, expires_delta=access_token_expires
+        )
+    )
+
+
 @router.post("/login/test-token", response_model=UserPublic)
 def test_token(current_user: CurrentUser) -> Any:
     """

backend/app/core/config.py

@@ -50,6 +50,13 @@ def all_cors_origins(self) -> list[str]:
 
     PROJECT_NAME: str
     SENTRY_DSN: HttpUrl | None = None
+    LOG_LEVEL: str = "INFO"
+    LOG_REQUESTS: bool = True
+    GOOGLE_OAUTH_CLIENT_ID: str | None = None
+    GOOGLE_AUTH_TIMEOUT_SECONDS: float = 10.0
+    GEMINI_API_KEY: str | None = None
+    GEMINI_MODEL: str = "gemini-2.5-flash-lite"
+    GEMINI_TIMEOUT_SECONDS: float = 30.0
     POSTGRES_SERVER: str
     POSTGRES_PORT: int = 5432
     POSTGRES_USER: str

backend/app/core/logging.py

@@ -0,0 +1,36 @@
+import logging
+import logging.config
+
+from app.core.config import settings
+
+
+def setup_logging() -> None:
+    level = settings.LOG_LEVEL.upper()
+
+    logging.config.dictConfig(
+        {
+            "version": 1,
+            "disable_existing_loggers": False,
+            "formatters": {
+                "standard": {
+                    "format": (
+                        "%(asctime)s | %(levelname)s | %(name)s | %(message)s"
+                    )
+                }
+            },
+            "handlers": {
+                "default": {
+                    "class": "logging.StreamHandler",
+                    "formatter": "standard",
+                    "level": level,
+                }
+            },
+            "root": {"handlers": ["default"], "level": level},
+            "loggers": {
+                "uvicorn.error": {"level": level},
+                "uvicorn.access": {"level": "INFO"},
+                "httpx": {"level": "WARNING"},
+            },
+        }
+    )
+

backend/app/main.py

@@ -1,10 +1,17 @@
+import logging
+import time
+
 import sentry_sdk
-from fastapi import FastAPI
+from fastapi import FastAPI, Request
 from fastapi.routing import APIRoute
 from starlette.middleware.cors import CORSMiddleware
 
 from app.api.main import api_router
 from app.core.config import settings
+from app.core.logging import setup_logging
+
+setup_logging()
+logger = logging.getLogger(__name__)
 
 
 def custom_generate_unique_id(route: APIRoute) -> str:
@@ -31,3 +38,44 @@ def custom_generate_unique_id(route: APIRoute) -> str:
     )
 
 app.include_router(api_router, prefix=settings.API_V1_STR)
+
+
+@app.middleware("http")
+async def request_logging_middleware(request: Request, call_next):  # type: ignore[no-untyped-def]
+    if not settings.LOG_REQUESTS:
+        return await call_next(request)
+
+    start = time.perf_counter()
+    try:
+        response = await call_next(request)
+    except Exception:
+        duration_ms = (time.perf_counter() - start) * 1000
+        logger.exception(
+            "HTTP %s %s failed after %.1fms",
+            request.method,
+            request.url.path,
+            duration_ms,
+        )
+        raise
+
+    duration_ms = (time.perf_counter() - start) * 1000
+    logger.info(
+        "HTTP %s %s -> %s (%.1fms)",
+        request.method,
+        request.url.path,
+        response.status_code,
+        duration_ms,
+    )
+    return response
+
+
+@app.on_event("startup")
+def log_startup() -> None:
+    logger.info(
+        "App startup: project=%s env=%s api_prefix=%s gemini_enabled=%s model=%s",
+        settings.PROJECT_NAME,
+        settings.ENVIRONMENT,
+        settings.API_V1_STR,
+        bool(settings.GEMINI_API_KEY and settings.GEMINI_API_KEY.strip()),
+        settings.GEMINI_MODEL,
+    )

backend/app/models.py

@@ -358,6 +358,10 @@ class Message(SQLModel):
     message: str
 
 
+class GoogleLoginRequest(SQLModel):
+    id_token: str = Field(min_length=1)
+
+
 # JSON payload containing access token
 class Token(SQLModel):
     access_token: str

backend/app/services/auth_service.py

@@ -1,13 +1,68 @@
+import logging
+import secrets
+
+import httpx
 from sqlmodel import Session
 
-from app.core.security import verify_password
+from app.core.config import settings
+from app.core.security import get_password_hash, verify_password
 from app.models import User
 from app.repositories import user_repository
 
 # Dummy hash to use for timing attack prevention when user is not found.
 # This is an Argon2 hash of a random password.
 DUMMY_HASH = "$argon2id$v=19$m=65536,t=3,p=4$MjQyZWE1MzBjYjJlZTI0Yw$YTU4NGM5ZTZmYjE2NzZlZjY0ZWY3ZGRkY2U2OWFjNjk"
 
+logger = logging.getLogger(__name__)
+
+
+class GoogleAuthError(RuntimeError):
+    def __init__(self, detail: str, status_code: int = 400) -> None:
+        super().__init__(detail)
+        self.detail = detail
+        self.status_code = status_code
+
+
+def _verify_google_id_token(*, id_token: str) -> dict[str, str]:
+    client_id = settings.GOOGLE_OAUTH_CLIENT_ID
+    if not client_id or not client_id.strip():
+        raise GoogleAuthError("Google login is not configured", status_code=503)
+
+    try:
+        response = httpx.get(
+            "https://oauth2.googleapis.com/tokeninfo",
+            params={"id_token": id_token},
+            timeout=settings.GOOGLE_AUTH_TIMEOUT_SECONDS,
+        )
+    except httpx.HTTPError as exc:
+        logger.warning("Google token verification HTTP error: %s", exc)
+        raise GoogleAuthError(
+            "Google token verification failed", status_code=502
+        ) from exc
+
+    if response.status_code >= 400:
+        logger.warning(
+            "Google token verification rejected (status=%s): %s",
+            response.status_code,
+            response.text[:500],
+        )
+        raise GoogleAuthError("Invalid Google login token", status_code=401)
+
+    payload = response.json()
+    if not isinstance(payload, dict):
+        raise GoogleAuthError("Invalid Google token response", status_code=502)
+
+    audience = str(payload.get("aud", "")).strip()
+    if audience != client_id:
+        logger.warning(
+            "Google token audience mismatch (expected=%s got=%s)",
+            client_id,
+            audience,
+        )
+        raise GoogleAuthError("Invalid Google token audience", status_code=401)
+
+    return {str(k): str(v) for k, v in payload.items()}
+
 
 def authenticate(*, session: Session, email: str, password: str) -> User | None:
     user = user_repository.get_by_email(session=session, email=email)
@@ -23,3 +78,37 @@ def authenticate(*, session: Session, email: str, password: str) -> User | None:
         user.hashed_password = updated_password_hash
         user_repository.save(session=session, user=user)
     return user
+
+
+def authenticate_google_id_token(*, session: Session, id_token: str) -> User:
+    payload = _verify_google_id_token(id_token=id_token)
+
+    email = payload.get("email", "").strip().lower()
+    email_verified = payload.get("email_verified", "").strip().lower() == "true"
+    full_name = payload.get("name", "").strip() or None
+
+    if not email:
+        raise GoogleAuthError("Google account email is missing", status_code=401)
+    if not email_verified:
+        raise GoogleAuthError("Google account email is not verified", status_code=401)
+
+    user = user_repository.get_by_email(session=session, email=email)
+    if user is None:
+        random_password = secrets.token_urlsafe(24)
+        logger.info("Creating local user from Google login (email=%s)", email)
+        user = user_repository.create(
+            session=session,
+            user=User(
+                email=email,
+                full_name=full_name,
+                hashed_password=get_password_hash(random_password),
+            ),
+        )
+    elif not user.is_active:
+        raise GoogleAuthError("Inactive user", status_code=400)
+    elif not user.full_name and full_name:
+        user.full_name = full_name
+        user = user_repository.save(session=session, user=user)
+
+    logger.info("Google login successful (email=%s user_id=%s)", user.email, user.id)
+    return user