From 1d33e52100405c88f2022af063c86662cdf38fae Mon Sep 17 00:00:00 2001
From: dvirlabs <dvirlabs@gmail.com>
Date: Mon, 8 Dec 2025 07:04:50 +0200
Subject: [PATCH] Manage users

---
 .../__pycache__/auth_utils.cpython-313.pyc    | Bin 0 -> 3971 bytes
 backend/__pycache__/db_utils.cpython-313.pyc  | Bin 8219 -> 8321 bytes
 backend/__pycache__/main.cpython-313.pyc      | Bin 6868 -> 12929 bytes
 .../__pycache__/user_db_utils.cpython-313.pyc | Bin 0 -> 3938 bytes
 backend/auth_utils.py                         |  80 +++++++++
 backend/db_utils.py                           |  13 +-
 backend/main.py                               | 166 +++++++++++++++++-
 backend/requirements.txt                      |   5 +
 backend/schema.sql                            |  16 +-
 backend/user_db_utils.py                      |  83 +++++++++
 frontend/src/App.css                          |  88 +++++++++-
 frontend/src/App.jsx                          | 142 +++++++++++++--
 frontend/src/api.js                           |  23 ++-
 frontend/src/authApi.js                       |  60 +++++++
 frontend/src/components/Login.jsx             |  77 ++++++++
 frontend/src/components/RecipeDetails.jsx     |  29 ++-
 frontend/src/components/RecipeFormDrawer.jsx  |  34 ++--
 frontend/src/components/Register.jsx          | 118 +++++++++++++
 frontend/src/components/TopBar.jsx            |  15 +-
 19 files changed, 890 insertions(+), 59 deletions(-)
 create mode 100644 backend/__pycache__/auth_utils.cpython-313.pyc
 create mode 100644 backend/__pycache__/user_db_utils.cpython-313.pyc
 create mode 100644 backend/auth_utils.py
 create mode 100644 backend/user_db_utils.py
 create mode 100644 frontend/src/authApi.js
 create mode 100644 frontend/src/components/Login.jsx
 create mode 100644 frontend/src/components/Register.jsx

diff --git a/backend/__pycache__/auth_utils.cpython-313.pyc b/backend/__pycache__/auth_utils.cpython-313.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..0e56bedd0d16f573ce500d3589a65b1817c13631
GIT binary patch
literal 3971
zcma)9T}&I<6~5yc|6?1l&2JVahHT<AunB>X>?TwMoPf!a)Pt8~apVs600U;mx-*6t
ztyH&9+4LdVT}AODZTEpneMq00hm~6OsgJh2Qs^vgTD7XQ>I;Z$RpqJYUV99o>2|L)
z_wSs0ukShEJ>T)Z$Kyg!etYAB{KSpW-^jo$wpwRD${_R@2}oe3P!wSlWiZ2&v1Q5<
zWid<p>=YNZVr$ffZFI~{*|8mTtW%Dt6FZ|W?25Xvo62lc4N(vFM7`Ks)AeCr!WZMs
zqYv5;66}Iw$WoobO@b3Q3oh(WctU8XriKH8I}sEb62U=E@N}SM4z~zinDNos)<K)l
zNN3xGcA+WJE;J|D1Y?EOpzkM=Wd?T$0jk{&b3v-znQ(?sA}|EECuNWkS`uD3g=n<a
zRvmkT4x8|jy+M;rwAW5)tLeYB$b~z;CfkKAh9fQNk}j`GhLhB3DWi*F#&F!s>awbc
z8KM%Morz$qVuM{?*Qdj*VIP;Wl9JX8&&15kt;oHUM70f@ri*$`gEcN9xGITQ!p1Su
zAI<4YDwa1yvh5g#gA`pBGn(NNB4e@0OmZr6XQMZ-=5U`TrLd&;tw{O4)RL$yN`11@
zm&Iy2mm-S|>x3{cbV2^%NrVhXR@Ah06{igwtjS>|RkIYi9^&9*;oJW?RF6>{#STkh
zjue40tt(grmO~0NSMxMNF|xyva^Q2ta!Aue>LKkAy4`G|Mq%S@%y~#y>mHomi^AN-
zu?bOI;zi!P7QdikUem#H%3}X3YffM2yEy&z1S}3)4V$E-)U;&S=2JMI)eZZiq-bJB
zH*8C=OLpC`r6r;e=CBV|7+!PN<a}P2G=n=(meLxzDi6iDmU=f4*CebZ(rYr#ByK9w
zIF{F>#JHrb=xR2xDC?4#Sk3ogDJ5qmEio^qRsatP5uBXN>2gNv&*lve`4vg?O#Bw?
z-vpm_6{-T-wV{@-C&^Eeo3oW*-&Sf1mx2R@=^b~|!;uFg6?bQ0e8=N|c=y5G;z-4F
zws375Bv(GZQf#fbkC(XP`>+eSQbv@O`XPpooGGR26REl@LAwrzdocLUaInOgZ-<S-
z9)iIe0du>@gaLK(&<7Hh7xLg{;#nzu;B9dcZlmeEsz^K_eoan;bUx4Lz#X_5e)Tl=
zLmg&u02&;G%CM)Fq|{1w9lYF4CV5h|6G=nO7}VQ!|Kejr=3Aq`p>8PL3$q>YY41W+
zbx-f};OTPk^ww}Cc>d|w(^x5Zu`s>u4?XvX%l`1z$%=oVaHHn1Vt>UwT;hgt7ulVI
zs3IC3>0VaGl9r@V<uzB3*Fs;Wm&Wxszf3c>D&T@suz(a1ZubAoZLW(meXv4dZ}xoG
z6?1la2vl<pvnMc@YWu`3G2o}8MX<!#v-KFlqqzoCBjz=G2W<$&Epv_Lc#im#7J<FQ
zDqNhS0BMB)31OLsz{`uNl%#3AuEGn0z-(WYl^l7zEEpHYPBF6x(LrBY4Z933rDpS(
z*wwJ*^pv8mV}eJcb98JhA_&Qun^TeLWaRd($yg-${^WFgCL(}lmT&+jSFgg#L)JJ)
zZ(P3_o1B?=KWxP(i0o}Tt*c2h>{Q)rxU1uI64*f_TtlJ=Uxk?;LOE=ntllC?Z-LK)
zP6$429;yQROJm@P^AqQ1?!x4s?SY-9_9xw+c2}B0n|I4i10UP|UZ42<&X>cn@(H2b
zB;2=cbDrm1pv(mxNyQHyCBNiO>@)|Toc{E5@y@SYU&!U=iNe&jyQRdnR3T}lXTL@d
z<i-?)Md&<6U1$#4YKa|=8?`xb9hxKdq-Cxi@ZVtoBCNv1nO=1K5OC~Bgr^38sDtL)
zp+V?J;Lb9F^%5&F3+M{ljTV@&ZKHFXhH+k0(tP#VQe>EraMdB8y$Ve#Yhp%D^CT1#
zicL|%<-rXm<8Cz0&d&A`KCa1uK&ng)%<ir-c(TeXX-OC5jA37r#5C|h*ii*Z8yEl+
zkl=SnMGS!nwPBLS89_q#$-%SdlJV)$_{;===)=f(*n$U%)Sead8C6Vc#K0y>8mc^1
zgU1L+`r*@VK?RYBb68!bZ{wdwznFaXUb*@Defzer<-YgdJ8u6zvVw-UbEmEAdD~#Q
zZE)K^yd6Bb)m91&?AbY=YZq}&*DecMuQc*Qf5P{mU%Wl)g!>*c%xl;nIHuV6J#;8n
zKzp=6sz7vTiPu8_geyyotUpo?sGcMPDX`+3!cB}O!>=zT$hc&Ym^or}TH>skwET~=
zI8!cI`z;VuY#SG@OFEy*VGM4kgu*Xib@c#A{3()a0PE;dN(b7(Dv2{;gVl2Lco<Fv
z7hZw}6M`@tgpw3-Rf1&CPWnkXjjs|dJN`b=B3?AuMM*z^2EI(^WJL$AqDll3_zJ1U
zpgKZPjj%Xb`@u=dfY(6jJ)(FQDhM16t<M{J$_+h*$d0$8I8^Z-FI?aD1|P0`yiz<-
z@$xXTdw=|+Bhc8hvIG*W)AiDU+B%EFpMCVS^*5cr?tJ!P<=jNsJz3%=Y0P*H5ai)g
zKt!QK0AVsx8W?Pmf#6ZkE#t^EJ`D)<Pyzt~cHmJr=+~dOW#im`IYwSM{C=hM8D53g
ziq~aL;-?`um<Cr6TTs)68EQ+79AAsN?ME$_RBP!xCaL2jeA;QK3g{p1mTjMZ*TPx@
zJHGBscg1(6<TwM5s%;-J*1#V@#zOl_Bc%4g6-19+A@*lXhz&E-;Vw!wRf@6c`7Gq9
znBd;vmQ_FmjSG}js(H$S2*Cvs0>Z2ZpfDP1^Zk(b=YYxbn8Zs=4m2#PX4v2|lCpLv
z;1E_f9Hu$|RL3;CG`M+H&CpB+G7veXQ>LLvteT5l{+EdQwn|Tq%d7CWA|s9984wW*
zYX5`^?#wVR(5XM6&KIcbE97~B2FhsQ1&VxyoRGMB8z0_zaOcrSr4v&X&y9j>yTM;@
zZg+)CsPnJx;7>0X9J@9f6Dp4FB4{?pUXo_F*~(npgehpA_0Z;by)VgVuhGf07Sp>3
znx_|^O_tAJ`-b#)+gyyR$nGL&Ho2Fi+3P@8nMvjkZI#j39!x};QfP!IKxcOD8`{}B
rhT=?uDJ9aC8EFsMnZVY?(%`M~_kOTT2Bl?O($>q%_x?pj)ENH(0FZfT

literal 0
HcmV?d00001

diff --git a/backend/__pycache__/db_utils.cpython-313.pyc b/backend/__pycache__/db_utils.cpython-313.pyc
index dfc8c39f38d5a9184e11d6a89b8f12899571ae05..752c85150931c83187075d20915e310712df9e32 100644
GIT binary patch
delta 446
zcmbR3(CEnfnU|M~0SIJc%rfgY@;Y!bo}FySCp@`d+In&VAIszgoEn@u3Z=!VMe&&_
zn@@1Mu`r(9%+I%t5h1$xC_gJ>$z)w_iOu&!iWw&hiivY`nKFV*WneJjoE$86nuXgh
z(Ri|wcmYD!<VoTdlaGmKBZ(MFSaRNChuSqcOTtFd8E8Ti5Es7(5)BM@xP`l|8eBdw
zNle}^F`@p3i2QW_iT(>bFN^4X5atpT`ob&7%lAQrL0D|M&P1KbdL7Q+)fxDtKWH#;
z^7eCga`*7w;1_zp!PC#x$<@pAT^}gd8~gi%9!MH2^s87IXi<-Viz>q$XFeAZ=EGW&
zK=u(4E*B;CBXaB@wyKbeIdhR71H<M+l6x5$H&1SmF5-d*5!d9ioT`&0WQrJFCU?vD
zv3dc`o4@&<%u+^0kY|cO{FMwv(jc}ZkhsNRlbfGXnv-f*6uEhcoGhcV6r<<@l?BBs
hoEKCq)ce2y<ZcMrp}eDbhsMUZFCgv*tI1E~%>l~_gh&7Y

delta 349
zcmZp4obAB-nU|M~0SIg#7-h<C<aOX=JTlpjvug82PB#|DBbz1owlOZg&d<se!Zi7w
zVAy7TQ4>aP6An`*kRApGg~{us<tMKdTg<}cmnb_qM7&_~S#gWWoD%7iD<v!^@0PHU
zbOI`C0^;JwK%#-+4!3Z(RfEe1Ch^Gvk`wAb2yzMvec=`0<@=z-AS^arXQIwzy$<K^
zstkP6AJiB)dHcCLxqEnT@C!ZQ;OXb;<m%=5t_zgwjs5*W2P6#^`c<q9G`vT^MU-KV
zlbs6-^I<7TAo~almx~bl5k7VhTU5wJow-O4sO}a=Zem4zNoH<p@@8$Rjf{+|Cf}7V
znj9fBgVA~NM;Sj>PoScCn_Xm=GO~eOU*tLYy_^(d#AYseSw>|^M$rW-3yN1bFQ{0k
c_kjV(-4L=vc}MXMjg4_%K->=&lf4wo0b2lNR{#J2

diff --git a/backend/__pycache__/main.cpython-313.pyc b/backend/__pycache__/main.cpython-313.pyc
index 225a93004bbcb3523e956e01bd25ad37944d410c..735674ec1e70e51309235287e0a3e0cb34bc4970 100644
GIT binary patch
literal 12929
zcmd5iTX0*)b$cIpg8&JDZ;8C5s0V0?lw`^hDN!$ymIR8F%qv<_2nU6TD+&<_GJ8SG
zVv`PC&)8&>jKJEe=-9R8Od3o1Xw?2x$&XXlnQ3P_Q(~YApc}=>G@j|`4>Xy0oc#2h
zy|^HVfO3-QOnN!oU7S68_I1wLbI$HcS(%-{cjV$T(U$Fm{0e^<AFF{MD=v|cn?xou
z*H0+sd_Nc9DIXB1AmMMJUksS2iIv5EbHG9^0V}lzY}6L8Q#*s3`W*o$b+WR#zbxRQ
zu7I1m*>A4DoR%~C6|@3!OTQ=JrQU##`T~`-GEhaU0@buSP(y1NzO}zLP)F+m^|U^)
ziEavPrkeu|w1L&x`Wpihl>$w)DbP%tB~nA0iEOVUvLoo)C+L%-TNu;{(6Zo`JhX*D
zT>y0#K({hzIY284pxYSK15j@P-R%tO188LdbO(c00kpaR>SxdzfYug3TZ0xDZ=GB(
zZ|dafQ|(0F{2WJj2A>)lF*ar`4?2T8<p#O2on!w}C+q=WzOaU2l;ox$AKYq!pK^02
zFK?+M`*KyZ9a@A9ytN!!Y?WK&t(`*9-b{j<_i=h%2Pba}w#eIqdpbmUM;-Z!_!TZs
zYcJ3mTccr=WIxb?et(ZrYp?^TZDZ8T@>50B_5rmCgT`7e`{kYTt_`T^<7z9Sw10zD
zY1hXkb21mS!MbzuZh229-yz6*gF^5CTd${~)WJ#}P~vqc{_Zf#`-=MM++Z!A3AXBM
zDen(%@8IPF*e<_nT^qFO4Eot_?GNsNHeKu59Nb_=2cf4@D~;>I%ZG}_dnni~cXwSN
zB<v$3STXdqwN*Asuqub;Bl1z;vtym2M8>!=&VT$dRuB4lO*|b{<C^u%R6IHv3y=Fb
z%@&VNC=q2m9`=ix<=L<rKX&$%R(A5-xwCyQjVcULGd(x0(CeC|SD8{`5fz%bdd>{V
z1JOuiT)7se3XrxP539<+B#_dqeG}p6xE!Z`v*sR$9z#?ajZP_QC~`?FAEin-uH--n
zsU1_+FfLsWU5<{&6{;goPes-vmqQ22y5?4FJ~|nT`Au5cm9TmxG!<6WYm+phxnERh
z^z!vJfH&89cyv@z)lhu$suI)68G&g^l~_D9ttwQjKi1RJC(EI8XZrgFLwy&{o*L>4
z4V)SrKG!Gv1<jG8!f<`q8cQJ<I_9zPgrZdxLKR$&QDciR&uKQYvIswJk|3d+OeimN
zRM<*_V$dY>py2hAz)EI-iCB_N)DpA?MdWFKnGx1bs4ZyE!z?+NqX1^j!JGv!TaI2?
z0X;i|IjC#Q<acWJA+~Y2wU1k%BTZzpvrQ=B@lgEwl%hG2e?k+{*mPV`2Q|w?IHJHx
zXkt7(rfQC8Y>X<AD6Fiinbf#41zB_=Jf_?wez#@~g^*q-q}fBEiOI<HIF_BE&{wC!
z<GC7l2pEE@@$qO(iA_SapvI{N&~Pj^84n{Ps|bz8;<O2dNa6e=v>6jzWx53u96Q|#
ziB=g3sn}{X6pqJf^b!s`6r$UpZUz2{c678WI1JmU1|u&<>3Hx=OzEZ37nNYIqF#+p
zP6fxJaU~p_xV|gL)WJ*PQDCD;5Oz7%Hg%nD0x~SYUR4lR@*2t5%U(H^aeH1F%y=qO
zVr6D?)9i`43yIPB7gAzVrmAMPcdlhlo%g52n#|_L+5UttF}hHj5*stswX=P59SLE+
zGbPq$>KozLfke-I_fN$}+HQ2Uj=OTYpR9nIDB>=er{b6ZqVCjpwucGhV@3zpVDPSq
zA_veNnD{Yi#iR`rM9{n3jitRtf~{AOA72FqvFaFDxo%Ln8ThSqK(aB*%K|kAEqPWp
zSl$YQHfv^m(2t)65*i<k0KYNGi$>Vk{I-%~-v!uoCnjB(F#aetpZ!>i36fVUA%T6f
zI$k+ZuvtG9oAmi1-n#ky5sN;|l-lD1K!S~Xkm8yYFYh6QVZ!k6_|bbt(7K-gz?BW6
z3elAbDi~vBEn{ZCMROv{4=H1ytQGpW8@kY}d1Yo|3QV&adQ~5^-&%6DpTdE%)pla3
z)IuM@3QVvcwE_}YXjjE60~v?+l`~L!bwHmg;*_2$GUdih#55?Isw`47Xfm^A!wH_A
z9E-*t_dr{E3=>w;+1~O6lPNWiKBR#O(ou1`#yr-hfYtv;Q!t&w<LdEApr|?5onUr$
zkTHdvW2h5=RLoGP5QYg-P|F~J;p*C`-23VoeaW%D^mv~vw*}m_?x-r{E_DiYweolX
zx}cqyuuV9QCAJA0aMYUoGTth+6N5+t6Qpf$6cb&Ytz54L^ywkajAtkui%d>Px;9ZI
zuz04=Lj~kg`n&17>6__ADgAbOA$=?TX8KP0`%?Oy^!L+m0sJ-q{vPYTmwp3k-ef=9
zrSx~;$AScfx6*G*=>+_`360;7vhOZ_1B@e6JQ^QYG)F{HM`@H9Reo`%@=82D)z#iU
zJ~<j5zcQ)DyY}tb|8xoP)4O-?o@qpE70}m?o;G$wg)gaXqmvUe4LNcf)SuJ1R#5z9
z;qmdwYoSRR1zAwF3jHToG!ZzYqv3JYz?e|tS0*F*pH~z(*{M2XZO@&1Xa!P5-%~ui
zmGveLinRd$E6t!8Z;}y1KjvMT7#SvB@;s;V?L_6h<Rm2|#*JVb_6>uXkB186d@dJq
zIWvBSxgq>n^vNc}^?`O~MCj)5EW<Ct6C#1J1T~foYpfg9l<dv6)?3MXyHPJYI_+oq
zfjA)!7(<MYal?EI%v*y07<ZZYorAheG{8V<BPJ3iO_(riW($_`h73E)?%MzOHhzJk
z=(B@P6TnObgI1)I*Hn$8nkBclD(-?LNfZxy%~@!}(=P)k3jgXqKr%}{anz+8n`V2L
zHxW<OO1;Z%{<IECbH`R|iOrpHmnVGl*D@8J#4`)EnX2kV$3iSqTeo;PS=*ZNRo?1b
z=v(xsd@VVQTaAmCGBve}yOK3K(lu>&j%PgH#EFI0w5Rzt59M217q%{1UT-UGx?1V5
z*_Uge(`-F4IkN=DkZmAN@9f~`pEkk|)eIxOajf&WQ+)g%Q1tT@#a(ltB{;2u^AJ%q
zn?ChWG^RO63!H&bV4D2rf)Xyx$`G*gO<-Wmi$B9tjPb)@(IYzzVVk1Qz(O3fxbkey
z>$d+0He}y0Z!l3z7_sD`f~<>!AnW2F<itggP1tl;7_u3-Yq@MTXblS+3V|SRBm{zN
zL)s-os&sF8_TOMM`I(`3v@juHtj`QJc0@37kf6_vCE+5}g6}6rqN8!m1j<dJ6gP^o
zIQ<gViZqOXOOOCwI3CsnWO+0Nfy;AjUY2v~bVi_8pz^QaU;SrDX2~xdz8i<<52qaU
zv%Q&`O^YMR8h^T`Jz3M9s@Vh9dwmkD`l{yJoyn?Q@U!;iGoRS&7CTaQX}0GRM@7cr
znv2hOX3EMFRr4co>?W=zJ<XZQn#G1><&I3b_m*YBvS>?{H|J2&WetnRGrsD@vZQZY
z+PCvgGZ;pR?epVlmjp86s<<&WKb9Cvxf%)^FIPI8<}7iT%<R0I@fq5>{Vxsvj(mNM
z*CV5aoSEnDe*~T{sj`Iz<g3Cqur~M^+{}}hI4qV_h1@Xd;P&ODNg{xi=VhHnA)T0M
z*pye>5ZfHd^Rmp#!10~D!VQ~poX+cc*ENWYtj9IW79F<%BcJeB(7!O`SnJm)8S{Yg
zaYLvli$0@1W*#={QZnQ&LV=$K7UH06kKkd*z6)k!1To97<%?!G;x*b0TXe~T+|H!i
zqW2EJ9s2K~N&|N-mz{ZOx5#B1NUlY8ZCK;psHS9Z<!il_tj{0Kas^6z6WK}fD*$@*
zGB1%vBEjF_e{~Cu<TBTU-1fv>x=eITzi05be!1^-U(Y!y=MqZK4xJg0atE4p{$$@!
zpA?Nq-O^U|@f*<Huj^o;z=|_WyLZv7OGseiy#v-=;x14B0uVHFM2SQAhMl*MUx#+n
zd$3&sEI-!b+Y++`?*ilvq=1&-%``v@=>A>$4gE;}qg0xMde{KqG*TzwY*t=UMj>3G
zSuZQ`(JPZNg`xmyrqS_9@NFVcrV1wIn4o{E>pm;R)4EUrVz5jTfUIWD>AK5^F$Rfh
zg#=Y1e){QOwk`%oUjl^J5wjQ8VwS9$iPQIuuG!u!Z!=Y9$|`P*%#VEYg~ic~(|x0V
zzJIBv=f}|>2Ol_xK-b+0E(Bly^4zl@dutz6ZMi2b9lDULy0}z+G2^aGM3Zjm_UU`I
z$(DmD_rYBKWU^{%seCFckn%&HIf$!1TTX0cH|+EFZ#w@Fjf^_DGi85jw&!Dq>yfMe
zj<D2mHtBk9$@<)%Ln(i@1*Y(=7k-zY#kZWlRky%uezUxfCvP8f^zIS<b%zzoAMLUC
z9<h9M&;sS3@SZ-O@c2Ig&(ATgTxXP^b%QE-<yF{`l4_d=watHl+7>|6P}++=xmaxr
zPgL8W{PQBcUKOvYZ84{|xj#v5^G{X?BYCAgObm7Oha4tj<O%BNU|t=4LGO8WWF4ee
zVI}D}CKH&%FkyDh6qLR|iM#{O<IVK@#Y)6)VJd-s6={LHM5u}hssRd~1)&v?_|3Y&
zqp?G$F?kUaI2?&)(WB=PW)U+PH-vm$Se<?ikpBh#)gM6eXBF~KTn&rYQ!fAPiH{wg
z^#Ys`?Vr_eC{M@RP@ax&MtOqrhnwxkpR#<o-Gb#dPY)4h+<DuGvUtGsX_zc%@4KMd
zL3!ii-vNLAO^5@a)4!u2mfg)@5Chn@4)~q)-$Dh(2;OLGYx9G!J_jV3>es9j;g>=f
zEN2nvb#@o-8WUix$nLt3x0hldp5QEt>zrk=z*!b^*1wo@mc^WRAm+S-(l%NCL>?A5
zbe6>p{RDACKcRGQYtC}%`n<PL<Sd)OrsNH^5`Gta8weLXZ&vv|;5<X%0M5F}%TH2E
zMq3O34Aeq<^OLYk`AvpJ7v%@w3}-I91#G~)1s6UCR86=;&s$X?7trW~fQC41DW$N$
z`o(x*(Fg6V`B}l?KRNdWWAW)@fe?b#P<HF)+5@8!A?$D>H)dGLn6=2V&fBlDQ!bNT
zXjzY-3BkT0G(n2KW|*nbTRwy#UN(Xm=6uPTD+w`c4C?*vKOw|H(Ys@6bovyO)|qJO
zn`;U(7nnn%3r(|kn8*V5ccJihdJ!a<1@7*$pdN(um_GK~Db9Y)Si(Chh|e)QO0z~)
zb^4O3#PvHQW^9>tRiT-|0E><)aO1%I)vqHJJjW^C`_mvMc(1Q<QPjC=6vAtGMKz|P
zAEPT?NOK03PBV8SN?!#GJnGfwbpy*ooLg^SOgTCs#?tWrDaP`fW@7a|Z0k&UPJI9B
zor(|6|M2_=7gOGr#GYIG7xus2dF#l+k)L{7?p~d<EO}6UFPlkS)2d0VcKvs)lsK00
z)}_5$lHM)%k9{!kqk&XQ;70@Z<o7SWckz28KO9K51k&FA&rGDk^RQORnn;;%nLyLu
zI3cnF2SKK$KI8rJvPp2;vqZ4jSM9{<xzYVM-HX*JN7Itn^!ca9I0*iH{%H&Gp5#9N
z)K0ecbDytRfQE`;t;Dg;z8dkvs+zvd;)i>iA^o@J#=h<5kGR^t=JJo~>{#AmhV&=R
zCP-&o?cwS86*x5XTM|t~M`IK=DgWgyF|kOIqZKs-u;R}}p3a9rq=Fc!TnNouWu<8t
zq6iVie55lB&fr?aRTc~!=mXi9eKOc#vYCl{eh#vw05k7$L%(3l6@LaMhPe!-Q`B!>
zDHZi=`@Meisvj^5EVv;INfdqgeuaV=It(bZ$K#ZJrPr(UY=#BnVNpyhpzDN#kvYyq
zJGJJR=js8ExzUg_r&%uV6d<5gG2=CE)ugZ#Q?4=Zbf$e|sPDun`CQ-73z8fU(>SOG
za8;49D7(^@E>BX1inrih(u}{LLC+Os^eQ%pUe2RP%1h8z1*>DGxd0U}y^w+w9*2wG
z$n_jrGyyw4-3E&U#tvL(pc8x-G$*8ZgRzjlBc<O5g~?Rr0)Ww}eJiIlXSNk|P&gKL
zOIR?F#sWO{BBW>((|DZ&eH;236m`CLw8C!U&<c8=X(%9g5*~Ws8cgNhdf?2r7u2(h
zZA3sJm7*~Tqkfm*9Rng3&H$H4(j$KnNu6d7LoQE`k6-VSiY}?{3Pk|FT{BHle0XpS
zW<tTR$l2l;S)j);K|ay18EddK2#McBUxQ35V_OD8)Zd)A@;~+4)-q#eA$-%KS%G&L
zqKfK(ogn(@VKwv-y#W=!gMamNNSM)XvM)Ig-tYZj;D-bEk1W~yABd;HUq|S^2jc!m
zz8!abKiGVCbIP}WcHm=+?~%1^seJDPYlop;dkWO6leOFXK<s!_x$SoR{h9Y>Qk8pW
z2S2t{vUcqctb2@hM}Mzf>jQD;BVW_)miKqPw=3n_Jv;D7v@JQGejx69<c2WmyWMYg
z-)Z?l>)qCS6DfD^>`7L=_uhf~z5jH0Y47nRd(Q*0_Y+4oToEUF=MQHpY8P9R6<af|
zs>HRVt8v*PV%$?S;+_s&SC8X`?*=LwM4-@FF0CvKwNj{DBk0)Xl`_0S1J{<R(Y$H}
zT2|PDq7NecEK+Yo01c(NA-#O$Yb0+g%BD^(#*gG}wgP3ByY4bZY+Q25);7F{uyyiq
zd$6Xq1lbN&He5mZoimN>UR;+H@Pt4S#iwaZ3Y<SDv5V#C0;-FhFdbc86ex=X+F<X2
zqIeIq1jN7Yf(LX{*BrXX`z>e%H-(nm3!ya$f?H7m%qu23a3O;cC=`h)FqPox7d}YS
z%$F2+TSlR_A8P4oBxTpdj0qgBHw6<oCt<iHv>Fo(g;LZm?7ADG|4iU4kxRO$`3f)3
zL%BX#A4N9;aG3!7LvH~kyv0;shXM$emAJRu?s&iZz3!B2kKvdyd*s+U#&_1|7<>D@
z_GIhvw4*2K=rLquJ?f^d4|bhQ)}LAuYaV&GJ%Ve2>f63IH>WDM-#dT*OUZpFlVzte
zRjokYXP!Ncwob+3_`R2sj-yNBQ9aae)meT*Db4Q~e}H$vz^(lxz{NNTBHUof!+T&{
zH-l>m5A!0vTr(He_?*{$L*OrVV}yK$)MPt5{2VilCzQC9yG@f|F~^k1F3`m}oeXCj
z+C+GfT=-lLUh}Xx$vD(aquMMyoeD#=I){NjR``-&9x1{#H}(Oq3q#ZK=(tMXL?p&9
zOa%+<DoBSSZ>+!XG~;N%QGW|+4&%NDpfF2*4XSh3Lr3l6&fC|Mb$e2dy|cX^JKV6L
z7*!lhy3Q<F&oC9`PKfhenTpE9SCSP?8J8!qe}1A!L*d&ud@vRY%|K)z8tV#AP0d(#
zx3RzIQSd78UKSq(XyVi)jbo^Gd@>yIAE7V9Xf!jtzJs%aV%&f|Y0|9tQj!H2a0@ic
zWq8XO25~~8RG&KPB#Ks@R-LPCo5(-mgeL@4rD*5DL!axBFgykrrKo`@Dj$uXRN=AJ
zi&4OeL087QqOGQ1wlPPFg`Uy=(nHsFG?;Tcz)nIYtV}wq5Qz!vx3R=dM|Oa+vvU)|
z_F@9Qz5WV{Js4uIZJ1EAqf`@M)igJI!k|R*ZyH?TNCciF8jn+17@S>O<5Gf!6+xO;
zAkl=W={VhmKQXM0v3`79%EDi|{y=Ap9jr_VFpgjkh2Z{hI#%?+MzbE$-!LAg_n;Xt
z4pBb>2G0r{$Nh|y{em?8oHYCo=}M8VpOd}6AUl3WY`-F|&qNEye?~Czm^uE}1d`9n
zMUDr5hvQdWR!&OPt`f*rt2oY<=vpO^ty+1mdG1TA1hQ3o0o*Qdo<!#=fo#>uL)nHn
zo>e=~`Q}bx*|!QfZXL(H>?9Uf#tyfLQP3_HepdL@Y4Y;3?yQS&Vw!l8#FG&{84tWt
ztjl<-5?fi4br8<Gj6=<O2yc3=`sM1my4$^Xs@^+2TfM~XS>`J^?}|Y9y;&?}cOX*D
z%QbVYx1Yc7ovm5ox*r}rv2^l6>gdH~;^EAT!7OI?eXE#Z%fne7N_tBmzhrB?XGYrl
zAD%tGbm2<sY;>7O&`{1|b_d!+_V3UhGHib!%R?#qEQej!y<E5CY`!PV)-7=z5BDEl
zI&vnp|LiiU;2cN*vU}nxX4rBcj@ePrbKRY1u;;zMY}}G*XnweTXU6Kx_%6YM?JzG}
zTDj(oyLwTW|9Vz{@-M+AQRgSJCMajk#8bD}vZ%i4Pgb<7A}V(9be6};AR8L2%96eA
z&Y>U6xGbl#{1(ofIJ80_L)-wzAlcIf^4zXFCd6#Z@-^HsE@4|Cm?Lhx4$3~Wwk7&@
zJe0OC?KqH<I+uw9mJAjNGHe0c1EuUHB0A@0QbKJ;biCI8*Zm3m?b>_3`;nB`19vZC
I9Xn$F7mbT4kN^Mx

delta 3122
zcmZuyT})iZ6`r~G?%n@o*@gY%Z&?=1;=&pVve!SjIHq=%05%g+8rDkJ>>8~L%WCc-
z*HtT)m)L$t?Q|3gKQ-!8tV)&B<RPk3Rf^MxR;`5PJXo8iO_fR&Z)>2fEcK!1%>D!-
zUunKMbIvz2cfOf9vzh&D%(drq+6a7wKaJ%sdf#>hl%FVX_xEiib*?AP+#Dv1Fm1|`
zv~sJoO;fg{o!g~NrySe?aXRJXPN?-MSF(vWCEeVeZ05~L5BDU!+#4nV5+TeSBFvJq
zkEu8xA-qL;t>Cq#S{mL~>HVP{+>QfopL9FH>pI}|r%W(#6LYiXgu(-H!aSEL52gZh
zW7SCxV#=BdGB0b1Q(0OQrZ55Kak1It?ee9Rl+Ofo=1(Xr5F+&fcsp=TA*aWe^06Qb
zB~;dyY8_Qrdx%`u8oW;6okd=62k>x|&Qutf{!xu}9b$F^a}t@|9W2bct4tU#a){Ma
z|F?~v+IW=Flo{4bS(NoAlu?!SrPNeZ{`C>C!qVyoOR0LXJ*u-9j(eRp{<JsM#|BO=
z5Rz^oB;}l&IjB<AhFOlXZ?QqpYbct~!ep5)(^z~5qcbt3ti6&mie<}ep_p6Cr&nUC
zNNZi)F<N%LG&{$pbD7La_C}g#!DBs_HnP)ene0l;BtF!xiuWx(@tNsYv_+KkUv{;^
zh+ISPA>iTQeuMx*P)wNHXh>W!Pubk)Kxh%aF{kw&*%Uvso_hTyo=q3CJ6-4r0n9uw
z@iuI<BXl5iB1907z-8wsT77lE-g~Ino20B+s*FDIYfF%Z#kRd;gQ;9!)?%izK9^m}
z6|y@xMp?;as#C_yFPyR)hYusXX!4^NK)|sKGr%qK)M9`0LUnqKEJ49f+_xS-aRiL&
zbiBWA9#~5peF%~l!<JlV{DVnnj!FSlaPBGMBUeAYD*oa6c#zo=)=SECh7damlf06r
z^GcK$N*GF>UL!I43?IaiJOJW%Lm{}J&<X-PupW+h8j+aFF{|*SV%FVz26ZkwR^Y_E
z!KHKtKMSsNP>lNkCGt;u=!w0(bpBb0czk<7XOq4g0PFU|zF)lWUL4!^+N`!`K5$in
z#N?<DU{u<P!&{npzS{u}Lx*whPQ)foYde1gGp6tpV!FA_zeJ%`|D0e*0V3k9=BSm<
z!;Qin7iUB5No=5Qi|CQxJRPg`&MS+!IaRO16r{{6Os&;&5NK=Fwm9Z#wVUdF=M^#B
z6r_r{<O!+@vxx8b{LlhUr?t+(O^8aVy)bf3Rq^|w!1act{3Jx+^l6#gQn74WS-X+t
z+>UH{h)!Wt<)|r8(#3RH<!d(#Tx~cU=5h<1OY)x7Hi2J+*lSRXEr1dc?qI+8(3^2Q
z^V%GGh1g6w?-9pZdb<>e*T05@=Rulx$UL2+Vj>h051WV5Un{qujMX~j)p-?<Dt;L_
z6JP7dKtHA>lq_AeR^y<l%1ly2mFcy*s;$b*&=%9Jek-%oR1=$?4u#oJPgP}hti^0=
zYk)Z#vO1-#t{IN9ilqODcLI#Ep2-%|xs?MtZ+t^%ou3CHpG3eVb39)Ml-Bsm=s>yo
zcM&cC7#aYmU6*^k02`65%RLLh9I_q&l*pI%mb>G3#-G^RO6Q*jL}&2s#zEnMv-4+w
z80GlOhmJ8SBaiWEFy0}HwL=Q>k^0Kv7SltrBVT^-dVugK`!b1XGkglX{1t?aX+XF*
zE^Od>!NygV&5*mZ#camFJ#DP6>a4GhL1+Vt5e9$@?dsgR`NS0~UHF^b^H*2fd+PS+
zrN^$z+m_2uHJi*zKW>WGvO%1u^O?0(@q><6<0H^r?pE2dn*Pxn#oTIEJ_k#U1pomb
z0V%+5#aA5zkjPw}A6x2)?1SCTHEOam2Xl&R;YA1R{vZxo&tLAtTg|7$|H5-4a_u(m
zKxX4Yl}$#G=L+%|lr1^KSifpyi`C~z7o~1rNM6@hv6FnWa6|YRgmLk(yXRaK%(An(
zyt-0Xz;_FZ@iOdNiR^obqxaqKKd~nu{k6X^{rO&${{9mdKac!k`Ya^B=erT&y-1($
z+DPvdeZFVb{4V1dOmS}_Hfhm5(F2oC?UP6Z@R6r$(yu=n4o-U9pW19-e;UvM|KKqJ
zioXmd2K)H}{<U7bS;*y=s}Hh<9`m)dQA`(d9M50%LYT#cp$@kNqn5(WOgdl8Epe;3
zIn)-D`CsNIsi_nD$de_X@jh%yo#Ub@KCpr5OFjx^t*{27V{R&|h4muu#t7aWytQ}?
zIUY4G-+Gi%zPga?*7M(Z*~^yGt81C{mFze#01q#T@d&V@Qc6E3&cBoHf05zGWcUj*
zGWiAR{G3?7BCh{xI#vEn0QNl=8on3YCs6JCD7D@@xlf?lw@~W1{W{tXwCnz7HnDK*
zdmC=*-BXD&Qc=LF^by5$E3g^3J@D>pA9+iGZF&X+`c`U>K!wb4>8M1J>EHBkTe}|W
zCI2=(UQs+iWEBF{d%%YZ`6r~mGJyQhW@y_Hd8n2`+jO*|Xw>fAVtWK?WR6Ks#U=Rg
zky9}mdD`UPQt$k<qJsUU%XiPXvsy8MUD1grv=!Yl?#CWCNB7O(!tUR$C>UIz;>t)^
I>jC}#53hk>p8x;=

diff --git a/backend/__pycache__/user_db_utils.cpython-313.pyc b/backend/__pycache__/user_db_utils.cpython-313.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..e6126eeeca5d51376a447906e9cbc616a9c115e6
GIT binary patch
literal 3938
zcmeHK%}*Og6rc63?e)h320}|dHza9eAXG^pX{ta)u#=DvlX&f>5mv2by}&lcMzaeE
zC~9+rgo>zYRc=L9FZmC8&3}N(p=gs<mD)>hZlO}uQ{S8Q+NMfPBGFq$+BY+A-kbMk
z=Jy+qHzg@ZpgfG9F;W3Se!-4geC5XGI5fT_3Q@SLggP}xIp}+?dam%4mx;pfB~(y^
zj92l(=gW9|eTsiC`B<Pn)b@H5k@fsI4!r>DiApdNfL@68f)iXc{2K;ML^-=5sjK;z
zp;<#S)GSi1oD8clXCA)IHV!izt&Al-m1d>UK}H3)lXTbQDxmIwbt#^{vgau5f>U<%
z;uXR5>VrJ6?C1k~<NEAq>sQ2=whbsj*H#Ig^ByJ9@cbK>bW6^umO7@Ix~vro1zod@
zV!`&uE@Ur{C@DLTFKTLjvS?aNcVi@(vW33h)2CQBF?c<02dS<Z)4G|>jWK0fi6`x_
ztDG@)YKLID8-t2+Ya|)7o7|yk)im!GX)fxu1r|Y=E>g=D-Gpp`Ig2%R;<P!Z6{ja4
zd^ua&Q#5Vggl_4DS(`Ts))TUc`)m(u?`6^u+|1-=4Vur46!aK1X7x-=H}6=*>CA*-
z>1t+b?nF7C%$Ta((F?f@Muo*>XDlOc_Ds*&5ttqo)eWNiAp|1DR6#r-zlK_V2<`hm
zwC}mpxP1HJ?Z<PgUF%ZMbE)Zz=C9g6Z(ljLI=&t`fvQMLS&?6loUWSptV<`|vHrEr
z^XrlR-$TBzuS9%aAKi;95;3uYI;GoQeM&X*w&d<ic2YGbHN?AHFgJ$(iw^$F=p&@B
zY*FCTe6rS~tgm8D;m&ad;UGy1NxwU7wN^YIa%oR5?_x?uy9zU^c9nQuh!?8r-IhBp
zlTpdlrM)g&V9rKYTdk`;FlXKIqvSB=Ro7;xImSspe~658QGPx$M0M5DWmPWdcV#?|
zCvXjE?E1-$tD04$bMxN><(e{_06L`P;Y4bLIhgWs_ZYinc8uNfwquNLbN^uQS~{-C
z$B&uavh!^pPsUT}WMVjRNj7rbEC2$eGPB0=&1F?<+pJNM0oe9AsZ+#(?bq+=+Ki>!
z;<#>Ulf{A#<He~d!?J}O+_JV;%NI>O>Z1q1oE}7R2pt9Fh0ViUv>Ey)V$azDx(~-g
zP8L~QH|+vV1g$;=fyCLr9y<6Swh?St?po~n_M?TawP5dqp^~S;yJtfTEr%9EC66FA
zm4c+9ZDndL+`T3F1Hn=gX=+)%zj*)ACkw)c7)HA#>3L(z<JhD5pTRG%7+4D7KyWem
zS@^FKPXgh8DgQPRk6#ZA4v?n<9T#L?tFQ$0_=~_8^zMH#h)Z)X!5|MX$n#<brAaSW
z!yivw{s3Q(LrPdw$a}QHr8MudWrS0B7Olc0#~x)3XSihDamE=>eH&PL-8m|p5$0R*
zHwKSh9-FHGlpcnZ=2J@iT6`$=V(4xoMYmi<vV1W)a=px@TbJX>cx6_(A2^bD;%DHd
zM<4`4Ha&{1V<_H6f!i1r927@U(TRdV7Y`kw>j1YE?|n=?J2uB^<QDA#o44RIXF=3M
zaG-+Vjquopv}fV!mX`<UiZ#&v>A>M7>v3#pe$`qNyIvN!n+&*T2G5eGXFD#mzXmQI
z8`)*xMrwh}ZfXa$H+KoOY)S{R^aLybAj$63x{zc~5f_q9QYXRp41BMI$LxmGyl{E9
z@JQc*__m+rW#nF8qyGaM8*0%w9CM)femyAGyD^R2cHo_Y^P_cv*HC*G8adhv9v5E~
zb=Nnf)`cs(in?fswqf$EAnZo>??I1#&!Vd7T>to1w|UcY9v|%frbrt4CJI~#ZAXER
zZ0F(^&rcO|GkJZ0o&_Dg3e1}zN<7DL&q&}IY5b9N{^1ijU#YE`+p}_{M4(#LSoPhJ
bE$o##B~YE-B2blN5GzVed+1NpvylG)B0J|k

literal 0
HcmV?d00001

diff --git a/backend/auth_utils.py b/backend/auth_utils.py
new file mode 100644
index 0000000..0168ac9
--- /dev/null
+++ b/backend/auth_utils.py
@@ -0,0 +1,80 @@
+from datetime import datetime, timedelta
+from typing import Optional
+from jose import JWTError, jwt
+import bcrypt
+from fastapi import Depends, HTTPException, status
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+import os
+
+# Secret key for JWT (use environment variable in production)
+SECRET_KEY = os.getenv("SECRET_KEY", "your-secret-key-change-in-production")
+ALGORITHM = "HS256"
+ACCESS_TOKEN_EXPIRE_MINUTES = 60 * 24 * 7  # 7 days
+
+security = HTTPBearer()
+
+
+def hash_password(password: str) -> str:
+    """Hash a password for storing."""
+    # Bcrypt has a 72 byte limit, truncate if necessary
+    password_bytes = password.encode('utf-8')[:72]
+    salt = bcrypt.gensalt()
+    hashed = bcrypt.hashpw(password_bytes, salt)
+    return hashed.decode('utf-8')
+
+
+def verify_password(plain_password: str, hashed_password: str) -> bool:
+    """Verify a stored password against one provided by user"""
+    # Bcrypt has a 72 byte limit, truncate if necessary
+    password_bytes = plain_password.encode('utf-8')[:72]
+    hashed_bytes = hashed_password.encode('utf-8')
+    return bcrypt.checkpw(password_bytes, hashed_bytes)
+
+
+def create_access_token(data: dict, expires_delta: Optional[timedelta] = None):
+    """Create JWT access token"""
+    to_encode = data.copy()
+    if expires_delta:
+        expire = datetime.utcnow() + expires_delta
+    else:
+        expire = datetime.utcnow() + timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
+    to_encode.update({"exp": expire})
+    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
+    return encoded_jwt
+
+
+def decode_token(token: str) -> dict:
+    """Decode and verify JWT token"""
+    try:
+        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
+        return payload
+    except JWTError:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid authentication credentials",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+
+def get_current_user(credentials: HTTPAuthorizationCredentials = Depends(security)) -> dict:
+    """Get current user from JWT token (for protected routes)"""
+    token = credentials.credentials
+    payload = decode_token(token)
+    user_id = payload.get("sub")
+    if user_id is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid authentication credentials",
+        )
+    return {"user_id": int(user_id), "username": payload.get("username")}
+
+
+# Optional dependency - returns None if no token provided
+def get_current_user_optional(credentials: Optional[HTTPAuthorizationCredentials] = Depends(security)) -> Optional[dict]:
+    """Get current user if authenticated, otherwise None"""
+    if not credentials:
+        return None
+    try:
+        return get_current_user(credentials)
+    except HTTPException:
+        return None
diff --git a/backend/db_utils.py b/backend/db_utils.py
index c5ba8ba..a8f6141 100644
--- a/backend/db_utils.py
+++ b/backend/db_utils.py
@@ -55,7 +55,7 @@ def list_recipes_db() -> List[Dict[str, Any]]:
             cur.execute(
                 """
                 SELECT id, name, meal_type, time_minutes,
-                       tags, ingredients, steps, image, made_by
+                       tags, ingredients, steps, image, made_by, user_id
                 FROM recipes
                 ORDER BY id
                 """
@@ -85,7 +85,7 @@ def update_recipe_db(recipe_id: int, recipe_data: Dict[str, Any]) -> Optional[Di
                     image = %s,
                     made_by = %s
                 WHERE id = %s
-                RETURNING id, name, meal_type, time_minutes, tags, ingredients, steps, image, made_by
+                RETURNING id, name, meal_type, time_minutes, tags, ingredients, steps, image, made_by, user_id
                 """,
                 (
                     recipe_data["name"],
@@ -133,9 +133,9 @@ def create_recipe_db(recipe_data: Dict[str, Any]) -> Dict[str, Any]:
         with conn.cursor() as cur:
             cur.execute(
                 """
-                INSERT INTO recipes (name, meal_type, time_minutes, tags, ingredients, steps, image, made_by)
-                VALUES (%s, %s, %s, %s, %s, %s, %s, %s)
-                RETURNING id, name, meal_type, time_minutes, tags, ingredients, steps, image, made_by
+                INSERT INTO recipes (name, meal_type, time_minutes, tags, ingredients, steps, image, made_by, user_id)
+                VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s)
+                RETURNING id, name, meal_type, time_minutes, tags, ingredients, steps, image, made_by, user_id
                 """,
                 (
                     recipe_data["name"],
@@ -146,6 +146,7 @@ def create_recipe_db(recipe_data: Dict[str, Any]) -> Dict[str, Any]:
                     json.dumps(recipe_data.get("steps", [])),
                     recipe_data.get("image"),
                     recipe_data.get("made_by"),
+                    recipe_data.get("user_id"),
                 ),
             )
             row = cur.fetchone()
@@ -163,7 +164,7 @@ def get_recipes_by_filters_db(
     try:
         query = """
             SELECT id, name, meal_type, time_minutes,
-                   tags, ingredients, steps, image, made_by
+                   tags, ingredients, steps, image, made_by, user_id
             FROM recipes
             WHERE 1=1
         """
diff --git a/backend/main.py b/backend/main.py
index 14e3183..e6a755e 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -1,9 +1,10 @@
 import random
 from typing import List, Optional
+from datetime import timedelta
 
-from fastapi import FastAPI, HTTPException, Query
+from fastapi import FastAPI, HTTPException, Query, Depends
 from fastapi.middleware.cors import CORSMiddleware
-from pydantic import BaseModel
+from pydantic import BaseModel, EmailStr
 import os
 
 import uvicorn
@@ -14,6 +15,21 @@ from db_utils import (
     get_recipes_by_filters_db,
     update_recipe_db,
     delete_recipe_db,
+    get_conn,
+)
+
+from auth_utils import (
+    hash_password,
+    verify_password,
+    create_access_token,
+    get_current_user,
+    ACCESS_TOKEN_EXPIRE_MINUTES,
+)
+
+from user_db_utils import (
+    create_user,
+    get_user_by_username,
+    get_user_by_email,
 )
 
 
@@ -34,12 +50,35 @@ class RecipeCreate(RecipeBase):
 
 class Recipe(RecipeBase):
     id: int
+    user_id: Optional[int] = None  # Recipe owner ID
 
     
 class RecipeUpdate(RecipeBase):
     pass
 
 
+# User models
+class UserRegister(BaseModel):
+    username: str
+    email: EmailStr
+    password: str
+
+
+class UserLogin(BaseModel):
+    username: str
+    password: str
+
+
+class Token(BaseModel):
+    access_token: str
+    token_type: str
+
+
+class UserResponse(BaseModel):
+    id: int
+    username: str
+    email: str
+
 
 app = FastAPI(
     title="Random Recipes API",
@@ -77,6 +116,7 @@ def list_recipes():
             ingredients=r["ingredients"] or [],
             steps=r["steps"] or [],
             image=r.get("image"),
+            user_id=r.get("user_id"),
         )
         for r in rows
     ]
@@ -84,9 +124,10 @@ def list_recipes():
 
 
 @app.post("/recipes", response_model=Recipe, status_code=201)
-def create_recipe(recipe_in: RecipeCreate):
+def create_recipe(recipe_in: RecipeCreate, current_user: dict = Depends(get_current_user)):
     data = recipe_in.dict()
     data["meal_type"] = data["meal_type"].lower()
+    data["user_id"] = current_user["user_id"]
 
     row = create_recipe_db(data)
 
@@ -100,10 +141,24 @@ def create_recipe(recipe_in: RecipeCreate):
         ingredients=row["ingredients"] or [],
         steps=row["steps"] or [],
         image=row.get("image"),
+        user_id=row.get("user_id"),
     )
 
 @app.put("/recipes/{recipe_id}", response_model=Recipe)
-def update_recipe(recipe_id: int, recipe_in: RecipeUpdate):
+def update_recipe(recipe_id: int, recipe_in: RecipeUpdate, current_user: dict = Depends(get_current_user)):
+    # Check ownership BEFORE updating
+    conn = get_conn()
+    try:
+        with conn.cursor() as cur:
+            cur.execute("SELECT user_id FROM recipes WHERE id = %s", (recipe_id,))
+            recipe = cur.fetchone()
+            if not recipe:
+                raise HTTPException(status_code=404, detail="המתכון לא נמצא")
+            if recipe["user_id"] != current_user["user_id"]:
+                raise HTTPException(status_code=403, detail="אין לך הרשאה לערוך מתכון זה")
+    finally:
+        conn.close()
+    
     data = recipe_in.dict()
     data["meal_type"] = data["meal_type"].lower()
 
@@ -121,11 +176,25 @@ def update_recipe(recipe_id: int, recipe_in: RecipeUpdate):
         ingredients=row["ingredients"] or [],
         steps=row["steps"] or [],
         image=row.get("image"),
+        user_id=row.get("user_id"),
     )
 
 
 @app.delete("/recipes/{recipe_id}", status_code=204)
-def delete_recipe(recipe_id: int):
+def delete_recipe(recipe_id: int, current_user: dict = Depends(get_current_user)):
+    # Get recipe first to check ownership
+    conn = get_conn()
+    try:
+        with conn.cursor() as cur:
+            cur.execute("SELECT user_id FROM recipes WHERE id = %s", (recipe_id,))
+            recipe = cur.fetchone()
+            if not recipe:
+                raise HTTPException(status_code=404, detail="המתכון לא נמצא")
+            if recipe["user_id"] != current_user["user_id"]:
+                raise HTTPException(status_code=403, detail="אין לך הרשאה למחוק מתכון זה")
+    finally:
+        conn.close()
+    
     deleted = delete_recipe_db(recipe_id)
     if not deleted:
         raise HTTPException(status_code=404, detail="המתכון לא נמצא")
@@ -154,6 +223,7 @@ def random_recipe(
             ingredients=r["ingredients"] or [],
             steps=r["steps"] or [],
             image=r.get("image"),
+            user_id=r.get("user_id"),
         )
         for r in rows
     ]
@@ -177,6 +247,88 @@ def random_recipe(
     return random.choice(recipes)
 
 
+# Authentication endpoints
+@app.post("/auth/register", response_model=UserResponse, status_code=201)
+def register(user: UserRegister):
+    """Register a new user"""
+    print(f"[REGISTER] Starting registration for username: {user.username}")
+    
+    # Check if username already exists
+    print(f"[REGISTER] Checking if username exists...")
+    existing_user = get_user_by_username(user.username)
+    if existing_user:
+        print(f"[REGISTER] Username already exists")
+        raise HTTPException(
+            status_code=400,
+            detail="שם המשתמש כבר קיים במערכת"
+        )
+    
+    # Check if email already exists
+    print(f"[REGISTER] Checking if email exists...")
+    existing_email = get_user_by_email(user.email)
+    if existing_email:
+        print(f"[REGISTER] Email already exists")
+        raise HTTPException(
+            status_code=400,
+            detail="האימייל כבר רשום במערכת"
+        )
+    
+    # Hash password and create user
+    print(f"[REGISTER] Hashing password...")
+    password_hash = hash_password(user.password)
+    print(f"[REGISTER] Creating user in database...")
+    new_user = create_user(user.username, user.email, password_hash)
+    print(f"[REGISTER] User created successfully: {new_user['id']}")
+    
+    return UserResponse(
+        id=new_user["id"],
+        username=new_user["username"],
+        email=new_user["email"]
+    )
+
+
+@app.post("/auth/login", response_model=Token)
+def login(user: UserLogin):
+    """Login user and return JWT token"""
+    # Get user from database
+    db_user = get_user_by_username(user.username)
+    if not db_user:
+        raise HTTPException(
+            status_code=401,
+            detail="שם משתמש או סיסמה שגויים"
+        )
+    
+    # Verify password
+    if not verify_password(user.password, db_user["password_hash"]):
+        raise HTTPException(
+            status_code=401,
+            detail="שם משתמש או סיסמה שגויים"
+        )
+    
+    # Create access token
+    access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
+    access_token = create_access_token(
+        data={"sub": str(db_user["id"]), "username": db_user["username"]},
+        expires_delta=access_token_expires
+    )
+    
+    return Token(access_token=access_token, token_type="bearer")
+
+
+@app.get("/auth/me", response_model=UserResponse)
+def get_me(current_user: dict = Depends(get_current_user)):
+    """Get current logged-in user info"""
+    from user_db_utils import get_user_by_id
+    user = get_user_by_id(current_user["user_id"])
+    if not user:
+        raise HTTPException(status_code=404, detail="משתמש לא נמצא")
+    
+    return UserResponse(
+        id=user["id"],
+        username=user["username"],
+        email=user["email"]
+    )
+
+
 if __name__ == "__main__":
-    uvicorn.run("main:app", host="0.0.0.0", port=8000, reload=True)
-    
\ No newline at end of file
+    uvicorn.run("main:app", host="0.0.0.0", port=8000, reload=True)
\ No newline at end of file
diff --git a/backend/requirements.txt b/backend/requirements.txt
index 8933c6e..6d77712 100644
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@@ -5,3 +5,8 @@ pydantic==2.7.4
 python-dotenv==1.0.1
 
 psycopg2-binary==2.9.9
+
+# Authentication
+python-jose[cryptography]==3.3.0
+passlib[bcrypt]==1.7.4
+python-multipart==0.0.9
diff --git a/backend/schema.sql b/backend/schema.sql
index aa7547c..e644fd6 100644
--- a/backend/schema.sql
+++ b/backend/schema.sql
@@ -1,3 +1,15 @@
+-- Create users table
+CREATE TABLE IF NOT EXISTS users (
+    id SERIAL PRIMARY KEY,
+    username TEXT UNIQUE NOT NULL,
+    email TEXT UNIQUE NOT NULL,
+    password_hash TEXT NOT NULL,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE INDEX IF NOT EXISTS idx_users_username ON users (username);
+CREATE INDEX IF NOT EXISTS idx_users_email ON users (email);
+
 -- Create recipes table
 CREATE TABLE IF NOT EXISTS recipes (
     id SERIAL PRIMARY KEY,
@@ -8,7 +20,9 @@ CREATE TABLE IF NOT EXISTS recipes (
     tags JSONB NOT NULL DEFAULT '[]',      -- ["מהיר", "בריא"]
     ingredients JSONB NOT NULL DEFAULT '[]', -- ["ביצה", "עגבניה", "מלח"]
     steps JSONB NOT NULL DEFAULT '[]',     -- ["לחתוך", "לבשל", ...]
-    image TEXT                             -- Base64-encoded image or image URL
+    image TEXT,                            -- Base64-encoded image or image URL
+    user_id INTEGER REFERENCES users(id) ON DELETE SET NULL,  -- Recipe owner
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
 );
 
 -- Optional: index for filters
diff --git a/backend/user_db_utils.py b/backend/user_db_utils.py
new file mode 100644
index 0000000..fd37d36
--- /dev/null
+++ b/backend/user_db_utils.py
@@ -0,0 +1,83 @@
+import os
+import psycopg2
+from psycopg2.extras import RealDictCursor
+
+
+def get_db_connection():
+    """Get database connection"""
+    return psycopg2.connect(
+        host=os.getenv("DB_HOST", "localhost"),
+        port=int(os.getenv("DB_PORT", "5432")),
+        database=os.getenv("DB_NAME", "recipes_db"),
+        user=os.getenv("DB_USER", "recipes_user"),
+        password=os.getenv("DB_PASSWORD", "recipes_password"),
+    )
+
+
+def create_user(username: str, email: str, password_hash: str):
+    """Create a new user"""
+    conn = get_db_connection()
+    cur = conn.cursor(cursor_factory=RealDictCursor)
+    try:
+        cur.execute(
+            """
+            INSERT INTO users (username, email, password_hash)
+            VALUES (%s, %s, %s)
+            RETURNING id, username, email, created_at
+            """,
+            (username, email, password_hash)
+        )
+        user = cur.fetchone()
+        conn.commit()
+        return dict(user)
+    finally:
+        cur.close()
+        conn.close()
+
+
+def get_user_by_username(username: str):
+    """Get user by username"""
+    conn = get_db_connection()
+    cur = conn.cursor(cursor_factory=RealDictCursor)
+    try:
+        cur.execute(
+            "SELECT id, username, email, password_hash, created_at FROM users WHERE username = %s",
+            (username,)
+        )
+        user = cur.fetchone()
+        return dict(user) if user else None
+    finally:
+        cur.close()
+        conn.close()
+
+
+def get_user_by_email(email: str):
+    """Get user by email"""
+    conn = get_db_connection()
+    cur = conn.cursor(cursor_factory=RealDictCursor)
+    try:
+        cur.execute(
+            "SELECT id, username, email, password_hash, created_at FROM users WHERE email = %s",
+            (email,)
+        )
+        user = cur.fetchone()
+        return dict(user) if user else None
+    finally:
+        cur.close()
+        conn.close()
+
+
+def get_user_by_id(user_id: int):
+    """Get user by ID"""
+    conn = get_db_connection()
+    cur = conn.cursor(cursor_factory=RealDictCursor)
+    try:
+        cur.execute(
+            "SELECT id, username, email, created_at FROM users WHERE id = %s",
+            (user_id,)
+        )
+        user = cur.fetchone()
+        return dict(user) if user else None
+    finally:
+        cur.close()
+        conn.close()
diff --git a/frontend/src/App.css b/frontend/src/App.css
index 9776687..4780b9d 100644
--- a/frontend/src/App.css
+++ b/frontend/src/App.css
@@ -32,11 +32,21 @@ body {
   justify-content: center;
   align-items: flex-start;
 }
+
+.user-greeting-header {
+  text-align: center;
+  padding: 0.5rem 1rem;
+  font-size: 1.3rem;
+  font-weight: 600;
+  color: var(--text-main);
+}
+
 .app-root {
   min-height: 100vh;
   max-width: 1200px;
   margin: 0 auto;
   padding: 1.5rem;
+  padding-top: 4.5rem; /* Add space for fixed theme toggle */
   direction: rtl;
 }
 
@@ -74,6 +84,15 @@ body {
   color: var(--text-muted);
 }
 
+.user-greeting {
+  font-size: 1.1rem;
+  font-weight: 600;
+  color: var(--accent);
+  padding: 0.5rem 1rem;
+  background: rgba(79, 70, 229, 0.1);
+  border-radius: 8px;
+}
+
 /* Layout */
 
 .layout {
@@ -640,7 +659,7 @@ select {
 
 .toast-container {
   position: fixed;
-  bottom: 1.5rem;
+  bottom: 5rem;
   right: 1.5rem;
   z-index: 60;
   display: flex;
@@ -1264,4 +1283,69 @@ html {
 
 [data-theme="light"] .recipe-list-image {
   background: rgba(229, 231, 235, 0.5);
-}
\ No newline at end of file
+}
+
+/* Auth Pages */
+.auth-container {
+  min-height: 100vh;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  padding: 2rem;
+  background: var(--bg);
+}
+
+.auth-card {
+  width: 100%;
+  max-width: 420px;
+  background: var(--card);
+  border: 1px solid var(--border);
+  border-radius: 16px;
+  padding: 2rem;
+  box-shadow: 0 20px 50px rgba(0, 0, 0, 0.3);
+}
+
+.auth-title {
+  font-size: 2rem;
+  font-weight: 800;
+  margin-bottom: 0.5rem;
+  text-align: center;
+  color: var(--text-main);
+}
+
+.auth-subtitle {
+  text-align: center;
+  color: var(--text-muted);
+  margin-bottom: 2rem;
+  font-size: 0.95rem;
+}
+
+.auth-form {
+  display: flex;
+  flex-direction: column;
+  gap: 1rem;
+}
+
+.auth-footer {
+  margin-top: 1.5rem;
+  text-align: center;
+  color: var(--text-muted);
+  font-size: 0.9rem;
+}
+
+.link-btn {
+  background: none;
+  border: none;
+  color: var(--accent);
+  cursor: pointer;
+  text-decoration: underline;
+  font-weight: 600;
+}
+
+.link-btn:hover {
+  color: var(--accent-hover);
+}
+
+.full-width {
+  width: 100%;
+}
diff --git a/frontend/src/App.jsx b/frontend/src/App.jsx
index b1c403c..5948a98 100644
--- a/frontend/src/App.jsx
+++ b/frontend/src/App.jsx
@@ -8,9 +8,17 @@ import RecipeFormDrawer from "./components/RecipeFormDrawer";
 import Modal from "./components/Modal";
 import ToastContainer from "./components/ToastContainer";
 import ThemeToggle from "./components/ThemeToggle";
+import Login from "./components/Login";
+import Register from "./components/Register";
 import { getRecipes, getRandomRecipe, createRecipe, updateRecipe, deleteRecipe } from "./api";
+import { getToken, removeToken, getMe } from "./authApi";
 
 function App() {
+  const [isAuthenticated, setIsAuthenticated] = useState(false);
+  const [user, setUser] = useState(null);
+  const [authView, setAuthView] = useState("login"); // "login" or "register"
+  const [loadingAuth, setLoadingAuth] = useState(true);
+
   const [recipes, setRecipes] = useState([]);
   const [selectedRecipe, setSelectedRecipe] = useState(null);
 
@@ -42,6 +50,27 @@ function App() {
     }
   });
 
+  // Check authentication on mount
+  useEffect(() => {
+    const checkAuth = async () => {
+      const token = getToken();
+      if (token) {
+        try {
+          const userData = await getMe(token);
+          setUser(userData);
+          setIsAuthenticated(true);
+        } catch (err) {
+          // Token invalid or expired
+          removeToken();
+          setIsAuthenticated(false);
+        }
+      }
+      setLoadingAuth(false);
+    };
+    checkAuth();
+  }, []);
+
+  // Load recipes for everyone (readonly for non-authenticated)
   useEffect(() => {
     loadRecipes();
   }, []);
@@ -134,7 +163,8 @@ function App() {
 
   const handleCreateRecipe = async (payload) => {
     try {
-      const created = await createRecipe(payload);
+      const token = getToken();
+      const created = await createRecipe(payload, token);
       setDrawerOpen(false);
       setEditingRecipe(null);
       await loadRecipes();
@@ -153,7 +183,8 @@ function App() {
 
   const handleUpdateRecipe = async (payload) => {
     try {
-      await updateRecipe(editingRecipe.id, payload);
+      const token = getToken();
+      await updateRecipe(editingRecipe.id, payload, token);
       setDrawerOpen(false);
       setEditingRecipe(null);
       await loadRecipes();
@@ -177,7 +208,8 @@ function App() {
     setDeleteModal({ isOpen: false, recipeId: null, recipeName: "" });
 
     try {
-      await deleteRecipe(recipeId);
+      const token = getToken();
+      await deleteRecipe(recipeId, token);
       await loadRecipes();
       setSelectedRecipe(null);
       addToast("המתכון נמחק בהצלחה!", "success");
@@ -208,10 +240,89 @@ function App() {
     }
   };
 
+  const handleLoginSuccess = async () => {
+    const token = getToken();
+    const userData = await getMe(token);
+    setUser(userData);
+    setIsAuthenticated(true);
+    await loadRecipes();
+  };
+
+  const handleLogout = () => {
+    removeToken();
+    setUser(null);
+    setIsAuthenticated(false);
+    setRecipes([]);
+    setSelectedRecipe(null);
+  };
+
+  // Show loading state while checking auth
+  if (loadingAuth) {
+    return (
+      <div className="app-root">
+        <div style={{ textAlign: "center", padding: "3rem", color: "var(--text-muted)" }}>
+          טוען...
+        </div>
+      </div>
+    );
+  }
+
+  // Show main app (readonly if not authenticated)
   return (
     <div className="app-root">
       <ThemeToggle theme={theme} onToggleTheme={() => setTheme((t) => (t === "dark" ? "light" : "dark"))} hidden={drawerOpen} />
-      <TopBar onAddClick={() => setDrawerOpen(true)} />
+      
+      {/* User greeting above TopBar */}
+      {isAuthenticated && user && (
+        <div className="user-greeting-header">
+          שלום, {user.username} 👋
+        </div>
+      )}
+      
+      {/* Show login/register option in TopBar if not authenticated */}
+      {!isAuthenticated ? (
+        <header className="topbar">
+          <div className="topbar-left">
+            <span className="logo-emoji" role="img" aria-label="plate">🍽</span>
+            <div className="brand">
+              <div className="brand-title">מה לבשל היום?</div>
+              <div className="brand-subtitle">מנהל המתכונים האישי שלך</div>
+            </div>
+          </div>
+          <div style={{ display: "flex", gap: "0.6rem", alignItems: "center" }}>
+            <button className="btn ghost" onClick={() => setAuthView("login")}>
+              התחבר
+            </button>
+            <button className="btn primary" onClick={() => setAuthView("register")}>
+              הירשם
+            </button>
+          </div>
+        </header>
+      ) : (
+        <TopBar onAddClick={() => setDrawerOpen(true)} user={user} onLogout={handleLogout} />
+      )}
+
+      {/* Show auth modal if needed */}
+      {!isAuthenticated && authView !== null && (
+        <div className="drawer-backdrop" onClick={() => setAuthView(null)}>
+          <div className="auth-modal" onClick={(e) => e.stopPropagation()}>
+            {authView === "login" ? (
+              <Login
+                onSuccess={handleLoginSuccess}
+                onSwitchToRegister={() => setAuthView("register")}
+              />
+            ) : (
+              <Register
+                onSuccess={() => {
+                  addToast("נרשמת בהצלחה! כעת התחבר", "success");
+                  setAuthView("login");
+                }}
+                onSwitchToLogin={() => setAuthView("login")}
+              />
+            )}
+          </div>
+        </div>
+      )}
 
       <main className="layout">
         <section className="sidebar">
@@ -289,19 +400,24 @@ function App() {
             recipe={selectedRecipe}
             onEditClick={handleEditRecipe}
             onShowDeleteModal={handleShowDeleteModal}
+            isAuthenticated={isAuthenticated}
+            currentUser={user}
           />
         </section>
       </main>
 
-      <RecipeFormDrawer
-        open={drawerOpen}
-        onClose={() => {
-          setDrawerOpen(false);
-          setEditingRecipe(null);
-        }}
-        onSubmit={handleFormSubmit}
-        editingRecipe={editingRecipe}
-      />
+      {isAuthenticated && (
+        <RecipeFormDrawer
+          open={drawerOpen}
+          onClose={() => {
+            setDrawerOpen(false);
+            setEditingRecipe(null);
+          }}
+          onSubmit={handleFormSubmit}
+          editingRecipe={editingRecipe}
+          currentUser={user}
+        />
+      )}
 
       <Modal
         isOpen={deleteModal.isOpen}
diff --git a/frontend/src/api.js b/frontend/src/api.js
index fb8914c..7a42a60 100644
--- a/frontend/src/api.js
+++ b/frontend/src/api.js
@@ -37,10 +37,14 @@ export async function getRandomRecipe(filters) {
   return res.json();
 }
 
-export async function createRecipe(recipe) {
+export async function createRecipe(recipe, token) {
+  const headers = { "Content-Type": "application/json" };
+  if (token) {
+    headers["Authorization"] = `Bearer ${token}`;
+  }
   const res = await fetch(`${API_BASE}/recipes`, {
     method: "POST",
-    headers: { "Content-Type": "application/json" },
+    headers,
     body: JSON.stringify(recipe),
   });
   if (!res.ok) {
@@ -49,10 +53,14 @@ export async function createRecipe(recipe) {
   return res.json();
 }
 
-export async function updateRecipe(id, payload) {
+export async function updateRecipe(id, payload, token) {
+  const headers = { "Content-Type": "application/json" };
+  if (token) {
+    headers["Authorization"] = `Bearer ${token}`;
+  }
   const res = await fetch(`${API_BASE}/recipes/${id}`, {
     method: "PUT",
-    headers: { "Content-Type": "application/json" },
+    headers,
     body: JSON.stringify(payload),
   });
   if (!res.ok) {
@@ -61,9 +69,14 @@ export async function updateRecipe(id, payload) {
   return res.json();
 }
 
-export async function deleteRecipe(id) {
+export async function deleteRecipe(id, token) {
+  const headers = {};
+  if (token) {
+    headers["Authorization"] = `Bearer ${token}`;
+  }
   const res = await fetch(`${API_BASE}/recipes/${id}`, {
     method: "DELETE",
+    headers,
   });
   if (!res.ok && res.status !== 204) {
     throw new Error("Failed to delete recipe");
diff --git a/frontend/src/authApi.js b/frontend/src/authApi.js
new file mode 100644
index 0000000..626dd1d
--- /dev/null
+++ b/frontend/src/authApi.js
@@ -0,0 +1,60 @@
+// Get API base from injected env.js or fallback to /api relative path
+const getApiBase = () => {
+  if (typeof window !== "undefined" && window.__ENV__ && window.__ENV__.API_BASE) {
+    return window.__ENV__.API_BASE;
+  }
+  return "/api";
+};
+
+const API_BASE = getApiBase();
+
+export async function register(username, email, password) {
+  const res = await fetch(`${API_BASE}/auth/register`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ username, email, password }),
+  });
+  if (!res.ok) {
+    const error = await res.json();
+    throw new Error(error.detail || "Failed to register");
+  }
+  return res.json();
+}
+
+export async function login(username, password) {
+  const res = await fetch(`${API_BASE}/auth/login`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ username, password }),
+  });
+  if (!res.ok) {
+    const error = await res.json();
+    throw new Error(error.detail || "Failed to login");
+  }
+  return res.json();
+}
+
+export async function getMe(token) {
+  const res = await fetch(`${API_BASE}/auth/me`, {
+    headers: {
+      Authorization: `Bearer ${token}`,
+    },
+  });
+  if (!res.ok) {
+    throw new Error("Failed to get user info");
+  }
+  return res.json();
+}
+
+// Auth helpers
+export function saveToken(token) {
+  localStorage.setItem("auth_token", token);
+}
+
+export function getToken() {
+  return localStorage.getItem("auth_token");
+}
+
+export function removeToken() {
+  localStorage.removeItem("auth_token");
+}
diff --git a/frontend/src/components/Login.jsx b/frontend/src/components/Login.jsx
new file mode 100644
index 0000000..ec3618b
--- /dev/null
+++ b/frontend/src/components/Login.jsx
@@ -0,0 +1,77 @@
+import { useState } from "react";
+import { login, saveToken } from "../authApi";
+
+function Login({ onSuccess, onSwitchToRegister }) {
+  const [username, setUsername] = useState("");
+  const [password, setPassword] = useState("");
+  const [error, setError] = useState("");
+  const [loading, setLoading] = useState(false);
+
+  const handleSubmit = async (e) => {
+    e.preventDefault();
+    setError("");
+    setLoading(true);
+
+    try {
+      const data = await login(username, password);
+      saveToken(data.access_token);
+      onSuccess();
+    } catch (err) {
+      setError(err.message);
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  return (
+    <div className="auth-container">
+      <div className="auth-card">
+        <h1 className="auth-title">התחברות</h1>
+        <p className="auth-subtitle">ברוכים השבים למתכונים שלכם</p>
+
+        <form onSubmit={handleSubmit} className="auth-form">
+          {error && <div className="error-banner">{error}</div>}
+
+          <div className="field">
+            <label>שם משתמש</label>
+            <input
+              type="text"
+              value={username}
+              onChange={(e) => setUsername(e.target.value)}
+              required
+              placeholder="הזן שם משתמש"
+              autoComplete="username"
+            />
+          </div>
+
+          <div className="field">
+            <label>סיסמה</label>
+            <input
+              type="password"
+              value={password}
+              onChange={(e) => setPassword(e.target.value)}
+              required
+              placeholder="הזן סיסמה"
+              autoComplete="current-password"
+            />
+          </div>
+
+          <button type="submit" className="btn primary full-width" disabled={loading}>
+            {loading ? "מתחבר..." : "התחבר"}
+          </button>
+        </form>
+
+        <div className="auth-footer">
+          <p>
+            עדיין אין לך חשבון?{" "}
+            <button className="link-btn" onClick={onSwitchToRegister}>
+              הירשם עכשיו
+            </button>
+          </p>
+        </div>
+      </div>
+    </div>
+  );
+}
+
+export default Login;
diff --git a/frontend/src/components/RecipeDetails.jsx b/frontend/src/components/RecipeDetails.jsx
index 5b1c987..4df5323 100644
--- a/frontend/src/components/RecipeDetails.jsx
+++ b/frontend/src/components/RecipeDetails.jsx
@@ -1,6 +1,6 @@
 import placeholderImage from "../assets/placeholder.svg";
 
-function RecipeDetails({ recipe, onEditClick, onDeleteClick, onShowDeleteModal }) {
+function RecipeDetails({ recipe, onEditClick, onDeleteClick, onShowDeleteModal, isAuthenticated, currentUser }) {
   if (!recipe) {
     return (
       <section className="panel placeholder">
@@ -13,6 +13,15 @@ function RecipeDetails({ recipe, onEditClick, onDeleteClick, onShowDeleteModal }
     onShowDeleteModal(recipe.id, recipe.name);
   };
 
+  // Debug ownership check
+  console.log('Recipe ownership check:', {
+    recipeUserId: recipe.user_id,
+    recipeUserIdType: typeof recipe.user_id,
+    currentUserId: currentUser?.id,
+    currentUserIdType: typeof currentUser?.id,
+    isEqual: recipe.user_id === currentUser?.id
+  });
+
   return (
     <section className="panel recipe-card">
       {/* Recipe Image */}
@@ -66,14 +75,16 @@ function RecipeDetails({ recipe, onEditClick, onDeleteClick, onShowDeleteModal }
         </footer>
       )}
 
-      <div className="recipe-actions">
-        <button className="btn ghost small" onClick={() => onEditClick(recipe)}>
-          ✏️ ערוך
-        </button>
-        <button className="btn ghost small" onClick={handleDelete}>
-          🗑 מחק
-        </button>
-      </div>
+      {isAuthenticated && currentUser && Number(recipe.user_id) === Number(currentUser.id) && (
+        <div className="recipe-actions">
+          <button className="btn ghost small" onClick={() => onEditClick(recipe)}>
+            ✏️ ערוך
+          </button>
+          <button className="btn ghost small" onClick={handleDelete}>
+            🗑 מחק
+          </button>
+        </div>
+      )}
     </section>
   );
 }
diff --git a/frontend/src/components/RecipeFormDrawer.jsx b/frontend/src/components/RecipeFormDrawer.jsx
index 341fa49..860a5d7 100644
--- a/frontend/src/components/RecipeFormDrawer.jsx
+++ b/frontend/src/components/RecipeFormDrawer.jsx
@@ -1,6 +1,6 @@
-import { useEffect, useState } from "react";
+import { useEffect, useState, useRef } from "react";
 
-function RecipeFormDrawer({ open, onClose, onSubmit, editingRecipe = null }) {
+function RecipeFormDrawer({ open, onClose, onSubmit, editingRecipe = null, currentUser = null }) {
   const [name, setName] = useState("");
   const [mealType, setMealType] = useState("lunch");
   const [timeMinutes, setTimeMinutes] = useState(15);
@@ -10,6 +10,9 @@ function RecipeFormDrawer({ open, onClose, onSubmit, editingRecipe = null }) {
 
   const [ingredients, setIngredients] = useState([""]);
   const [steps, setSteps] = useState([""]);
+  
+  const lastIngredientRef = useRef(null);
+  const lastStepRef = useRef(null);
 
   const isEditMode = !!editingRecipe;
 
@@ -20,7 +23,7 @@ function RecipeFormDrawer({ open, onClose, onSubmit, editingRecipe = null }) {
         setMealType(editingRecipe.meal_type || "lunch");
         setTimeMinutes(editingRecipe.time_minutes || 15);
         setMadeBy(editingRecipe.made_by || "");
-        setTags((editingRecipe.tags || []).join(", "));
+        setTags((editingRecipe.tags || []).join(" "));
         setImage(editingRecipe.image || "");
         setIngredients(editingRecipe.ingredients || [""]);
         setSteps(editingRecipe.steps || [""]);
@@ -28,19 +31,23 @@ function RecipeFormDrawer({ open, onClose, onSubmit, editingRecipe = null }) {
         setName("");
         setMealType("lunch");
         setTimeMinutes(15);
-        setMadeBy("");
+        setMadeBy(currentUser?.username || "");
         setTags("");
         setImage("");
         setIngredients([""]);
         setSteps([""]);
       }
     }
-  }, [open, editingRecipe, isEditMode]);
+  }, [open, editingRecipe, isEditMode, currentUser]);
 
   if (!open) return null;
 
   const handleAddIngredient = () => {
     setIngredients((prev) => [...prev, ""]);
+    setTimeout(() => {
+      lastIngredientRef.current?.focus();
+      lastIngredientRef.current?.scrollIntoView({ behavior: 'smooth', block: 'center' });
+    }, 0);
   };
 
   const handleChangeIngredient = (idx, value) => {
@@ -53,6 +60,10 @@ function RecipeFormDrawer({ open, onClose, onSubmit, editingRecipe = null }) {
 
   const handleAddStep = () => {
     setSteps((prev) => [...prev, ""]);
+    setTimeout(() => {
+      lastStepRef.current?.focus();
+      lastStepRef.current?.scrollIntoView({ behavior: 'smooth', block: 'center' });
+    }, 0);
   };
 
   const handleChangeStep = (idx, value) => {
@@ -84,7 +95,7 @@ function RecipeFormDrawer({ open, onClose, onSubmit, editingRecipe = null }) {
     const cleanIngredients = ingredients.map((s) => s.trim()).filter(Boolean);
     const cleanSteps = steps.map((s) => s.trim()).filter(Boolean);
     const tagsArr = tags
-      .split(",")
+      .split(" ")
       .map((t) => t.trim())
       .filter(Boolean);
 
@@ -95,12 +106,9 @@ function RecipeFormDrawer({ open, onClose, onSubmit, editingRecipe = null }) {
       tags: tagsArr,
       ingredients: cleanIngredients,
       steps: cleanSteps,
+      made_by: madeBy.trim() || currentUser?.username || "",
     };
 
-    if (madeBy.trim()) {
-      payload.made_by = madeBy.trim();
-    }
-
     if (image) {
       payload.image = image;
     }
@@ -191,11 +199,11 @@ function RecipeFormDrawer({ open, onClose, onSubmit, editingRecipe = null }) {
           </div>
 
           <div className="field">
-            <label>תגיות (מופרד בפסיקים)</label>
+            <label>תגיות (מופרד ברווחים)</label>
             <input
               value={tags}
               onChange={(e) => setTags(e.target.value)}
-              placeholder="מהיר, טבעוני, משפחתי..."
+              placeholder="מהיר טבעוני משפחתי..."
             />
           </div>
 
@@ -205,6 +213,7 @@ function RecipeFormDrawer({ open, onClose, onSubmit, editingRecipe = null }) {
               {ingredients.map((val, idx) => (
                 <div key={idx} className="dynamic-row">
                   <input
+                    ref={idx === ingredients.length - 1 ? lastIngredientRef : null}
                     value={val}
                     onChange={(e) => handleChangeIngredient(idx, e.target.value)}
                     placeholder="למשל: 2 ביצים"
@@ -234,6 +243,7 @@ function RecipeFormDrawer({ open, onClose, onSubmit, editingRecipe = null }) {
               {steps.map((val, idx) => (
                 <div key={idx} className="dynamic-row">
                   <input
+                    ref={idx === steps.length - 1 ? lastStepRef : null}
                     value={val}
                     onChange={(e) => handleChangeStep(idx, e.target.value)}
                     placeholder="למשל: לחמם את התנור ל־180 מעלות"
diff --git a/frontend/src/components/Register.jsx b/frontend/src/components/Register.jsx
new file mode 100644
index 0000000..01d197f
--- /dev/null
+++ b/frontend/src/components/Register.jsx
@@ -0,0 +1,118 @@
+import { useState } from "react";
+import { register } from "../authApi";
+
+function Register({ onSuccess, onSwitchToLogin }) {
+  const [username, setUsername] = useState("");
+  const [email, setEmail] = useState("");
+  const [password, setPassword] = useState("");
+  const [confirmPassword, setConfirmPassword] = useState("");
+  const [error, setError] = useState("");
+  const [loading, setLoading] = useState(false);
+
+  const handleSubmit = async (e) => {
+    e.preventDefault();
+    setError("");
+
+    // Validation
+    if (password !== confirmPassword) {
+      setError("הסיסמאות אינן תואמות");
+      return;
+    }
+
+    if (password.length < 6) {
+      setError("הסיסמה חייבת להכיל לפחות 6 תווים");
+      return;
+    }
+
+    setLoading(true);
+
+    try {
+      await register(username, email, password);
+      // After successful registration, switch to login
+      onSwitchToLogin();
+    } catch (err) {
+      setError(err.message);
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  return (
+    <div className="auth-container">
+      <div className="auth-card">
+        <h1 className="auth-title">הרשמה</h1>
+        <p className="auth-subtitle">צור חשבון חדש והתחל לנהל את המתכונים שלך</p>
+
+        <form onSubmit={handleSubmit} className="auth-form">
+          {error && <div className="error-banner">{error}</div>}
+
+          <div className="field">
+            <label>שם משתמש</label>
+            <input
+              type="text"
+              value={username}
+              onChange={(e) => setUsername(e.target.value)}
+              required
+              placeholder="בחר שם משתמש"
+              autoComplete="username"
+              minLength={3}
+            />
+          </div>
+
+          <div className="field">
+            <label>אימייל</label>
+            <input
+              type="email"
+              value={email}
+              onChange={(e) => setEmail(e.target.value)}
+              required
+              placeholder="your@email.com"
+              autoComplete="email"
+            />
+          </div>
+
+          <div className="field">
+            <label>סיסמה</label>
+            <input
+              type="password"
+              value={password}
+              onChange={(e) => setPassword(e.target.value)}
+              required
+              placeholder="בחר סיסמה חזקה"
+              autoComplete="new-password"
+              minLength={6}
+            />
+          </div>
+
+          <div className="field">
+            <label>אימות סיסמה</label>
+            <input
+              type="password"
+              value={confirmPassword}
+              onChange={(e) => setConfirmPassword(e.target.value)}
+              required
+              placeholder="הזן סיסמה שוב"
+              autoComplete="new-password"
+              minLength={6}
+            />
+          </div>
+
+          <button type="submit" className="btn primary full-width" disabled={loading}>
+            {loading ? "נרשם..." : "הירשם"}
+          </button>
+        </form>
+
+        <div className="auth-footer">
+          <p>
+            כבר יש לך חשבון?{" "}
+            <button className="link-btn" onClick={onSwitchToLogin}>
+              התחבר
+            </button>
+          </p>
+        </div>
+      </div>
+    </div>
+  );
+}
+
+export default Register;
diff --git a/frontend/src/components/TopBar.jsx b/frontend/src/components/TopBar.jsx
index a9ac13e..37f1d06 100644
--- a/frontend/src/components/TopBar.jsx
+++ b/frontend/src/components/TopBar.jsx
@@ -1,4 +1,4 @@
-function TopBar({ onAddClick }) {
+function TopBar({ onAddClick, user, onLogout }) {
   return (
     <header className="topbar">
       <div className="topbar-left">
@@ -12,9 +12,16 @@ function TopBar({ onAddClick }) {
       </div>
 
       <div style={{ display: "flex", gap: "0.6rem", alignItems: "center" }}>
-        <button className="btn primary" onClick={onAddClick}>
-          + מתכון חדש
-        </button>
+        {user && (
+          <button className="btn primary" onClick={onAddClick}>
+            + מתכון חדש
+          </button>
+        )}
+        {onLogout && (
+          <button className="btn ghost" onClick={onLogout}>
+            יציאה
+          </button>
+        )}
       </div>
     </header>
   );