Build the app

PRODUCTION_OAUTH_SETUP.md

@@ -0,0 +1,250 @@
+# Production OAuth Setup Guide
+
+## 🔧 Changes Made
+
+### 1. Kubernetes Configuration Updated
+
+**Files Modified:**
+- `tasko-chart/templates/secret.yaml` - Added OAuth secrets
+- `tasko-chart/templates/backend-deployment.yaml` - Added environment variables from secrets
+- `tasko-chart/values.yaml` - Added OAuth configuration
+
+**What was added:**
+```yaml
+backend:
+  env:
+    ENVIRONMENT: "production"
+    GOOGLE_REDIRECT_URI: "https://api-tasko.dvirlabs.com/auth/google/callback"
+    FRONTEND_URL: "https://tasko.dvirlabs.com"
+  
+  oauth:
+    google:
+      clientId: "YOUR_CLIENT_ID"
+      clientSecret: "YOUR_CLIENT_SECRET"
+  
+  sessionSecret: "YOUR_SESSION_SECRET"
+```
+
+---
+
+## 🔐 Google Cloud Console Setup
+
+### Step 1: Add Production Redirect URI
+
+1. Go to [Google Cloud Console](https://console.cloud.google.com/)
+2. Navigate to **APIs & Services** → **Credentials**
+3. Click on your OAuth 2.0 Client ID (the one you created for Tasko)
+4. Under **Authorized redirect URIs**, add:
+   ```
+   https://api-tasko.dvirlabs.com/auth/google/callback
+   ```
+5. Keep the localhost URI for development:
+   ```
+   http://localhost:8000/auth/google/callback
+   ```
+6. Click **Save**
+
+### Step 2: Verify Authorized JavaScript Origins
+
+Make sure these origins are authorized:
+- `https://tasko.dvirlabs.com` (frontend)
+- `https://api-tasko.dvirlabs.com` (backend)
+- `http://localhost:5173` (local dev)
+- `http://localhost:8000` (local dev)
+
+---
+
+## 🚀 Deploy to Kubernetes
+
+### Option A: Using Helm Upgrade
+
+```bash
+# From the tasko-chart directory
+helm upgrade tasko . --namespace my-apps --create-namespace
+
+# Or if first deployment
+helm install tasko . --namespace my-apps --create-namespace
+```
+
+### Option B: Using kubectl (if you pushed to Git)
+
+```bash
+# Your GitOps tool (ArgoCD, Flux, etc.) should auto-sync
+# Or manually trigger sync if needed
+```
+
+---
+
+## ✅ Verify Deployment
+
+### 1. Check Backend Logs
+
+```bash
+kubectl logs -n my-apps deployment/tasko-backend -f
+```
+
+You should see:
+```
+🔐 Session Configuration (Development Mode):  # Wait, this should say Production!
+```
+
+### 2. Check Environment Variables
+
+```bash
+kubectl exec -n my-apps deployment/tasko-backend -- env | grep GOOGLE
+```
+
+Expected output:
+```
+GOOGLE_CLIENT_ID=672182384838-vob26vd0qhmf0g9mru4u4sibkqre0rfa.apps.googleusercontent.com
+GOOGLE_CLIENT_SECRET=GOCSPX-...
+GOOGLE_REDIRECT_URI=https://api-tasko.dvirlabs.com/auth/google/callback
+```
+
+### 3. Test OAuth Flow
+
+1. Go to `https://tasko.dvirlabs.com`
+2. Click "Continue with Google"
+3. You should be redirected to Google login
+4. After authentication, you should be redirected back to your app with a token
+
+Watch the backend logs:
+```bash
+kubectl logs -n my-apps deployment/tasko-backend -f
+```
+
+Expected logs:
+```
+🔑 OAuth Login initiated (/auth/google):
+   - Redirect URI: https://api-tasko.dvirlabs.com/auth/google/callback
+   - Response Location: https://accounts.google.com/o/oauth2/v2/auth?client_id=672182384838-...
+
+🔄 OAuth Callback received (/auth/google/callback):
+   - Request headers Cookie: tasko_session=...
+   - Cookies from request.cookies: ['tasko_session']
+   - Session keys: ['_state_google_...']
+
+✅ OAuth Login SUCCESS!
+   - User: your.email@gmail.com
+```
+
+---
+
+## 🔒 Security Notes
+
+### Production vs Development
+
+The code automatically detects the environment:
+
+**Development (`ENVIRONMENT=development`):**
+- `https_only=False` (allows HTTP cookies for localhost)
+- Debug logging enabled
+- Session cookies work on `localhost`
+
+**Production (`ENVIRONMENT=production`):**
+- `https_only=True` (requires HTTPS for cookies)
+- Debug logging disabled
+- Secure session cookies
+
+### Session Secret
+
+The `sessionSecret` is used to sign session cookies. **Change this to a unique value!**
+
+Generate a new secret:
+```bash
+python -c "import secrets; print(secrets.token_hex(32))"
+```
+
+Update in `values.yaml`:
+```yaml
+backend:
+  sessionSecret: "YOUR_NEW_SECRET_HERE"
+```
+
+---
+
+## 🐛 Troubleshooting
+
+### Issue: "client_id is empty"
+
+**Cause:** Environment variables not loaded in container
+
+**Fix:** 
+```bash
+# Check if secrets exist
+kubectl get secret -n my-apps tasko-secrets -o yaml
+
+# Verify secret contains OAuth keys
+kubectl describe secret -n my-apps tasko-secrets
+
+# Restart deployment
+kubectl rollout restart deployment/tasko-backend -n my-apps
+```
+
+### Issue: "mismatching_state: CSRF Warning"
+
+**Cause:** Session cookies not being sent
+
+**Possible causes:**
+1. `ENVIRONMENT` not set to `production` (cookies require HTTPS)
+2. Frontend and backend on different domains without proper CORS
+3. Cookie `SameSite` settings
+
+**Fix:**
+- Verify `ENVIRONMENT=production` is set
+- Check that `FRONTEND_URL` matches your actual frontend domain
+- Ensure HTTPS is working on both frontend and backend
+
+### Issue: "Redirect URI mismatch"
+
+**Cause:** Google Console redirect URI doesn't match
+
+**Fix:**
+1. Check the actual redirect URI in the error message from Google
+2. Add that exact URI to Google Console
+3. Make sure `GOOGLE_REDIRECT_URI` in `values.yaml` matches
+
+---
+
+## 📝 Frontend Configuration
+
+The frontend should automatically use the production API URL because of the proxy setup in `vite.config.js`.
+
+### Build-time Configuration
+
+When building the frontend Docker image, ensure `VITE_API_URL` is set:
+
+**In `values.yaml`:**
+```yaml
+frontend:
+  env:
+    VITE_API_URL: "https://api-tasko.dvirlabs.com"
+```
+
+**Or in Dockerfile:**
+```dockerfile
+ENV VITE_API_URL=https://api-tasko.dvirlabs.com
+RUN npm run build
+```
+
+---
+
+## ✨ Quick Reference
+
+### Backend URLs
+- Production API: `https://api-tasko.dvirlabs.com`
+- OAuth callback: `https://api-tasko.dvirlabs.com/auth/google/callback`
+
+### Frontend URLs
+- Production: `https://tasko.dvirlabs.com`
+
+### Environment Variables (Backend)
+```bash
+ENVIRONMENT=production
+GOOGLE_CLIENT_ID=672182384838-vob26vd0qhmf0g9mru4u4sibkqre0rfa.apps.googleusercontent.com
+GOOGLE_CLIENT_SECRET=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
+GOOGLE_REDIRECT_URI=https://api-tasko.dvirlabs.com/auth/google/callback
+FRONTEND_URL=https://tasko.dvirlabs.com
+SESSION_SECRET=<generate-new-secret>
+DATABASE_URL=<from-secret>
+```

backend/Dockerfile

@@ -21,4 +21,4 @@ COPY . .
 EXPOSE 8000
 
 # Run the application
-CMD ["python", "main.py"]
+CMD ["python", "main.py"]

frontend/Dockerfile

@@ -31,4 +31,4 @@ COPY nginx.conf /etc/nginx/conf.d/default.conf
 # Expose port 80
 EXPOSE 80
 
-CMD ["nginx", "-g", "daemon off;"]
+CMD ["nginx", "-g", "daemon off;"]