Build the app

Update requierments.txt
Merge pull request 'auth' (#1 ) from auth into master
2026-02-22 15:13:44 +02:00 · 2026-02-22 05:36:16 +02:00 · 2026-02-22 03:25:17 +00:00
4 changed files with 253 additions and 2 deletions
--- a/PRODUCTION_OAUTH_SETUP.md
+++ b/PRODUCTION_OAUTH_SETUP.md
@ -0,0 +1,250 @@
 # Production OAuth Setup Guide
 ## 🔧 Changes Made
 ### 1. Kubernetes Configuration Updated
 **Files Modified:**
 - `tasko-chart/templates/secret.yaml` - Added OAuth secrets
 - `tasko-chart/templates/backend-deployment.yaml` - Added environment variables from secrets
 - `tasko-chart/values.yaml` - Added OAuth configuration
 **What was added:**
 ```yaml
 backend:
  env:
    ENVIRONMENT: "production"
    GOOGLE_REDIRECT_URI: "https://api-tasko.dvirlabs.com/auth/google/callback"
    FRONTEND_URL: "https://tasko.dvirlabs.com"
  oauth:
    google:
      clientId: "YOUR_CLIENT_ID"
      clientSecret: "YOUR_CLIENT_SECRET"
  sessionSecret: "YOUR_SESSION_SECRET"
 ```
 ---
 ## 🔐 Google Cloud Console Setup
 ### Step 1: Add Production Redirect URI
 1. Go to [Google Cloud Console](https://console.cloud.google.com/)
 2. Navigate to **APIs & Services** → **Credentials**
 3. Click on your OAuth 2.0 Client ID (the one you created for Tasko)
 4. Under **Authorized redirect URIs**, add:
   ```
   https://api-tasko.dvirlabs.com/auth/google/callback
   ```
 5. Keep the localhost URI for development:
   ```
   http://localhost:8000/auth/google/callback
   ```
 6. Click **Save**
 ### Step 2: Verify Authorized JavaScript Origins
 Make sure these origins are authorized:
 - `https://tasko.dvirlabs.com` (frontend)
 - `https://api-tasko.dvirlabs.com` (backend)
 - `http://localhost:5173` (local dev)
 - `http://localhost:8000` (local dev)
 ---
 ## 🚀 Deploy to Kubernetes
 ### Option A: Using Helm Upgrade
 ```bash
 # From the tasko-chart directory
 helm upgrade tasko . --namespace my-apps --create-namespace
 # Or if first deployment
 helm install tasko . --namespace my-apps --create-namespace
 ```
 ### Option B: Using kubectl (if you pushed to Git)
 ```bash
 # Your GitOps tool (ArgoCD, Flux, etc.) should auto-sync
 # Or manually trigger sync if needed
 ```
 ---
 ## ✅ Verify Deployment
 ### 1. Check Backend Logs
 ```bash
 kubectl logs -n my-apps deployment/tasko-backend -f
 ```
 You should see:
 ```
 🔐 Session Configuration (Development Mode):  # Wait, this should say Production!
 ```
 ### 2. Check Environment Variables
 ```bash
 kubectl exec -n my-apps deployment/tasko-backend -- env | grep GOOGLE
 ```
 Expected output:
 ```
 GOOGLE_CLIENT_ID=672182384838-vob26vd0qhmf0g9mru4u4sibkqre0rfa.apps.googleusercontent.com
 GOOGLE_CLIENT_SECRET=GOCSPX-...
 GOOGLE_REDIRECT_URI=https://api-tasko.dvirlabs.com/auth/google/callback
 ```
 ### 3. Test OAuth Flow
 1. Go to `https://tasko.dvirlabs.com`
 2. Click "Continue with Google"
 3. You should be redirected to Google login
 4. After authentication, you should be redirected back to your app with a token
 Watch the backend logs:
 ```bash
 kubectl logs -n my-apps deployment/tasko-backend -f
 ```
 Expected logs:
 ```
 🔑 OAuth Login initiated (/auth/google):
   - Redirect URI: https://api-tasko.dvirlabs.com/auth/google/callback
   - Response Location: https://accounts.google.com/o/oauth2/v2/auth?client_id=672182384838-...
 🔄 OAuth Callback received (/auth/google/callback):
   - Request headers Cookie: tasko_session=...
   - Cookies from request.cookies: ['tasko_session']
   - Session keys: ['_state_google_...']
 ✅ OAuth Login SUCCESS!
   - User: your.email@gmail.com
 ```
 ---
 ## 🔒 Security Notes
 ### Production vs Development
 The code automatically detects the environment:
 **Development (`ENVIRONMENT=development`):**
 - `https_only=False` (allows HTTP cookies for localhost)
 - Debug logging enabled
 - Session cookies work on `localhost`
 **Production (`ENVIRONMENT=production`):**
 - `https_only=True` (requires HTTPS for cookies)
 - Debug logging disabled
 - Secure session cookies
 ### Session Secret
 The `sessionSecret` is used to sign session cookies. **Change this to a unique value!**
 Generate a new secret:
 ```bash
 python -c "import secrets; print(secrets.token_hex(32))"
 ```
 Update in `values.yaml`:
 ```yaml
 backend:
  sessionSecret: "YOUR_NEW_SECRET_HERE"
 ```
 ---
 ## 🐛 Troubleshooting
 ### Issue: "client_id is empty"
 **Cause:** Environment variables not loaded in container
 **Fix:** 
 ```bash
 # Check if secrets exist
 kubectl get secret -n my-apps tasko-secrets -o yaml
 # Verify secret contains OAuth keys
 kubectl describe secret -n my-apps tasko-secrets
 # Restart deployment
 kubectl rollout restart deployment/tasko-backend -n my-apps
 ```
 ### Issue: "mismatching_state: CSRF Warning"
 **Cause:** Session cookies not being sent
 **Possible causes:**
 1. `ENVIRONMENT` not set to `production` (cookies require HTTPS)
 2. Frontend and backend on different domains without proper CORS
 3. Cookie `SameSite` settings
 **Fix:**
 - Verify `ENVIRONMENT=production` is set
 - Check that `FRONTEND_URL` matches your actual frontend domain
 - Ensure HTTPS is working on both frontend and backend
 ### Issue: "Redirect URI mismatch"
 **Cause:** Google Console redirect URI doesn't match
 **Fix:**
 1. Check the actual redirect URI in the error message from Google
 2. Add that exact URI to Google Console
 3. Make sure `GOOGLE_REDIRECT_URI` in `values.yaml` matches
 ---
 ## 📝 Frontend Configuration
 The frontend should automatically use the production API URL because of the proxy setup in `vite.config.js`.
 ### Build-time Configuration
 When building the frontend Docker image, ensure `VITE_API_URL` is set:
 **In `values.yaml`:**
 ```yaml
 frontend:
  env:
    VITE_API_URL: "https://api-tasko.dvirlabs.com"
 ```
 **Or in Dockerfile:**
 ```dockerfile
 ENV VITE_API_URL=https://api-tasko.dvirlabs.com
 RUN npm run build
 ```
 ---
 ## ✨ Quick Reference
 ### Backend URLs
 - Production API: `https://api-tasko.dvirlabs.com`
 - OAuth callback: `https://api-tasko.dvirlabs.com/auth/google/callback`
 ### Frontend URLs
 - Production: `https://tasko.dvirlabs.com`
 ### Environment Variables (Backend)
 ```bash
 ENVIRONMENT=production
 GOOGLE_CLIENT_ID=672182384838-vob26vd0qhmf0g9mru4u4sibkqre0rfa.apps.googleusercontent.com
 GOOGLE_CLIENT_SECRET=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
 GOOGLE_REDIRECT_URI=https://api-tasko.dvirlabs.com/auth/google/callback
 FRONTEND_URL=https://tasko.dvirlabs.com
 SESSION_SECRET=<generate-new-secret>
 DATABASE_URL=<from-secret>
 ```
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@ -6,3 +6,4 @@ psycopg2-binary>=2.9.9
 authlib>=1.3.0
 httpx>=0.27.0
 python-dotenv>=1.0.0
 itsdangerous>=2.1.0
Author	SHA1	Message	Date
dvirlabs	cf7f3ee799	Build the app	2026-02-22 15:13:44 +02:00
dvirlabs	b2d800a0d6	Update requierments.txt	2026-02-22 05:36:16 +02:00
dvirlabs	4e0ae2e775	Merge pull request 'auth' (#1 ) from auth into master Reviewed-on: #1	2026-02-22 03:25:17 +00:00