Implement authentication module with JWT and Firebase integration

.dockerignore

@@ -0,0 +1,47 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Git
+.git
+.gitignore
+
+# Documentation
+*.md
+docs/
+
+# Config files that shouldn't be in image
+.env
+.env.local
+.env.example
+
+# Build files
+dist/
+build/
+
+# Node modules (if any)
+node_modules/
+
+# Logs
+*.log
+
+# Firebase
+firebase-service-account.json

.github/workflows/run-tests.yml

@@ -0,0 +1,38 @@
+name: Run Tests
+
+on:
+  pull_request:
+    branches: [ main, master, feature/*]
+  push:
+    branches: [ main, master ]
+
+jobs:
+  test-backend:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.12'
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        cd backend
+        pip install -r requirements.txt
+
+    - name: Run tests
+      run: |
+        cd $GITHUB_WORKSPACE
+        export PYTHONPATH=$GITHUB_WORKSPACE:$GITHUB_WORKSPACE/backend
+        pytest --cov=./backend --cov-report=xml:coverage.xml backend/tests/
+
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@v4
+      with:
+        token: ${{ secrets.CODECOV_TOKEN }}
+        files: ./coverage.xml
+        fail_ci_if_error: true

.gitignore

@@ -1,5 +1,21 @@
 # Learn more https://docs.github.com/en/get-started/getting-started-with-git/ignoring-files
 
+# Python
+*.pyc
+__pycache__/
+venv/
+.venv/
+.vscode/
+.env
+.env.local
+.env.development
+.env.test
+.env.production
+
+# Firebase
+firebase-service-account.json
+google-services.json
+
 # dependencies
 node_modules/
 
@@ -37,3 +53,27 @@ yarn-error.*
 *.tsbuildinfo
 
 app-example
+
+# Additional Security
+*.pem
+*.key
+*.crt
+*.p12
+*.pfx
+secrets/
+private/
+config/production.json
+
+# Firebase Admin SDK (Backend)
+firebase-service-account*.json
+firebase-adminsdk*.json
+service-account*.json
+
+# IDE
+.vscode/settings.json
+.idea/
+.vscode/
+
+# Logs
+*.log
+logs/

DEPLOYMENT.md

@@ -0,0 +1,156 @@
+# Railway Deployment Guide
+
+This project is configured for deployment on Railway using multiple approaches:
+
+## Deployment Options
+
+### Option 1: Nixpacks (Recommended)
+Railway will automatically detect the `nixpacks.toml` file and use Nixpacks for building.
+
+### Option 2: Dockerfile
+Railway will use the Dockerfile if Nixpacks is not preferred.
+
+### Option 3: Procfile
+Fallback option using the Procfile.
+
+## Configuration Files
+
+- `railway.toml` - Railway-specific configuration
+- `nixpacks.toml` - Nixpacks build configuration  
+- `Dockerfile` - Docker build configuration
+- `Procfile` - Process configuration
+- `.dockerignore` - Files to exclude from Docker build
+
+## Environment Variables to Set in Railway
+
+**Important**: Do NOT upload your `.env` file to GitHub or Railway. Instead, set environment variables through Railway's dashboard.
+
+### How to Set Environment Variables in Railway:
+1. Go to your Railway project dashboard
+2. Click on the "Variables" tab
+3. Add each variable individually using the format: `VARIABLE_NAME=value`
+
+### Required Variables
+```
+MONGODB_URL=mongodb+srv://username:password@cluster.mongodb.net/database
+SECRET_KEY=your-super-secure-jwt-secret-key-generate-a-new-one
+ALLOWED_ORIGINS=https://your-frontend-domain.com,https://your-app.vercel.app,http://localhost:3000
+```
+
+### Optional Variables (with defaults)
+```
+DATABASE_NAME=splitwiser
+DEBUG=false
+ACCESS_TOKEN_EXPIRE_MINUTES=15
+REFRESH_TOKEN_EXPIRE_DAYS=30
+ALGORITHM=HS256
+```
+
+### Firebase Service Account Credentials
+Instead of uploading the Firebase service account JSON file, you need to set the following environment variables from your service account JSON:
+
+```
+FIREBASE_TYPE=service_account
+FIREBASE_PROJECT_ID=your-project-id
+FIREBASE_PRIVATE_KEY_ID=your-private-key-id
+FIREBASE_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n"
+FIREBASE_CLIENT_EMAIL=your-service-account-email@project.iam.gserviceaccount.com
+FIREBASE_CLIENT_ID=your-client-id
+FIREBASE_AUTH_URI=https://accounts.google.com/o/oauth2/auth
+FIREBASE_TOKEN_URI=https://oauth2.googleapis.com/token
+FIREBASE_AUTH_PROVIDER_X509_CERT_URL=https://www.googleapis.com/oauth2/v1/certs
+FIREBASE_CLIENT_X509_CERT_URL=https://www.googleapis.com/robot/v1/metadata/x509/your-service-account
+```
+
+To easily convert your Firebase service account JSON to environment variables, run:
+```
+python backend/convert_service_account_to_env.py backend/firebase-service-account.json
+```
+
+**Important Note:** The `FIREBASE_PRIVATE_KEY` must include all newlines. Railway's environment variables support multiline values, but be careful with the formatting.
+
+## Debugging CORS Issues
+
+If you're experiencing CORS issues (OPTIONS requests failing with 400 errors), follow these steps:
+
+1. **Verify ALLOWED_ORIGINS Environment Variable**:
+   Make sure your Railway deployment has the correct `ALLOWED_ORIGINS` set with your frontend domain:
+   ```
+   ALLOWED_ORIGINS=https://your-frontend-domain.vercel.app,http://localhost:3000
+   ```
+
+2. **Test CORS Configuration**:
+   Use the provided test script:
+   ```bash
+   cd backend
+   pip install requests
+   # Edit test_cors.py to use your backend and frontend URLs
+   python test_cors.py
+   ```
+
+3. **Check Railway Logs**:
+   Look for CORS-related messages in your Railway deployment logs. The enhanced logging will show:
+   - Allowed CORS origins on startup
+   - OPTIONS request details
+   - Origin headers from requests
+
+4. **Common CORS Issues**:
+   - Frontend domain not included in ALLOWED_ORIGINS
+   - Trailing slashes in URLs (e.g., `https://domain.com/` vs `https://domain.com`)
+   - HTTP vs HTTPS mismatch
+   - Wrong port numbers in localhost URLs
+
+### Example of Setting Variables in Railway:
+- Variable: `MONGODB_URL`
+- Value: `mongodb+srv://myuser:mypassword@cluster0.abc123.mongodb.net/splitwiser`
+
+The app will automatically use these environment variables instead of the `.env` file.
+
+## Deployment Steps
+
+1. **Push to GitHub**
+   ```bash
+   git add .
+   git commit -m "Add Railway deployment configuration"
+   git push origin main
+   ```
+
+2. **Connect to Railway**
+   - Go to [railway.app](https://railway.app)
+   - Sign in with GitHub
+   - Click "New Project"
+   - Select "Deploy from GitHub repo"
+   - Choose your repository
+
+3. **Configure Environment Variables**
+   - In Railway dashboard, go to Variables tab
+   - Add all required environment variables listed above
+
+4. **Deploy**
+   - Railway will automatically build and deploy
+   - Monitor the build logs for any issues
+
+## Build Process
+
+The build process will:
+1. Install Python 3.12
+2. Install dependencies from `requirements.txt`
+3. Start the FastAPI server with uvicorn
+
+## Health Check
+
+Your deployed API will be available at:
+- Main API: `https://your-app.railway.app/`
+- Health check: `https://your-app.railway.app/health`
+- API docs: `https://your-app.railway.app/docs`
+
+## Troubleshooting
+
+### Common Issues:
+1. **Build fails**: Check that all dependencies in `requirements.txt` are valid
+2. **App won't start**: Verify environment variables are set correctly
+3. **CORS errors**: Make sure `ALLOWED_ORIGINS` includes your frontend domain
+4. **Database connection**: Verify `MONGODB_URL` is correct and accessible
+
+### Logs:
+Check Railway deployment logs in the dashboard for detailed error messages.

backend/.env.example

@@ -0,0 +1,16 @@
+# Environment Variables
+DEBUG=True
+MONGODB_URL=mongodb://localhost:27017
+DATABASE_NAME=splitwiser
+SECRET_KEY=your-super-secret-jwt-key-change-this-in-production
+ALGORITHM=HS256
+ACCESS_TOKEN_EXPIRE_MINUTES=15
+REFRESH_TOKEN_EXPIRE_DAYS=30
+
+# Firebase Config
+FIREBASE_PROJECT_ID=your-firebase-project-id
+FIREBASE_SERVICE_ACCOUNT_PATH=./firebase-service-account.json
+
+# CORS Configuration
+ALLOWED_ORIGINS=http://localhost:3000,http://localhost:5173,http://127.0.0.1:3000,http://127.0.0.1:5173
+ALLOW_ALL_ORIGINS=False

backend/README.md

@@ -0,0 +1,72 @@
+# Splitwiser Backend
+
+This is the FastAPI backend for the Splitwiser expense tracking application.
+
+## Setup
+
+1. **Install dependencies:**
+   ```bash
+   pip install -r requirements.txt
+   ```
+
+2. **Environment Configuration:**
+   - Copy `.env.example` to `.env`
+   - Update the environment variables:
+     - `MONGODB_URL`: Your MongoDB connection string
+     - `SECRET_KEY`: A secure secret key for JWT tokens
+     - `FIREBASE_PROJECT_ID`: Your Firebase project ID
+     - `FIREBASE_SERVICE_ACCOUNT_PATH`: Path to your Firebase service account JSON file
+
+3. **Firebase Setup:**
+   - Place your `firebase-service-account.json` file in the backend directory
+   - This file is required for Google authentication to work
+
+4. **Run the server:**
+   ```bash
+   # Development
+   uvicorn main:app --reload --host 0.0.0.0 --port 8000
+
+   # Or using Python
+   python main.py
+   ```
+
+5. **Access the API:**
+   - API: http://localhost:8000
+   - Interactive docs: http://localhost:8000/docs
+   - ReDoc: http://localhost:8000/redoc
+
+## Authentication Endpoints
+
+The following authentication endpoints are available:
+
+- `POST /auth/signup/email` - Register with email/password
+- `POST /auth/login/email` - Login with email/password  
+- `POST /auth/login/google` - Login/signup with Google OAuth
+- `POST /auth/refresh` - Refresh access token
+- `POST /auth/token/verify` - Verify access token
+- `POST /auth/password/reset/request` - Request password reset
+- `POST /auth/password/reset/confirm` - Confirm password reset
+
+## Database
+
+The application uses MongoDB for data storage. Make sure MongoDB is running and accessible via the connection string in your `.env` file.
+
+## Project Structure
+
+```
+backend/
+├── app/
+│   ├── auth/
+│   │   ├── __init__.py
+│   │   ├── routes.py      # Auth API endpoints
+│   │   ├── schemas.py     # Pydantic models
+│   │   ├── security.py    # JWT and password utilities
+│   │   └── service.py     # Auth business logic
+│   ├── __init__.py
+│   ├── config.py          # Configuration settings
+│   ├── database.py        # MongoDB connection
+│   └── dependencies.py    # FastAPI dependencies
+├── main.py                # FastAPI application
+├── requirements.txt       # Python dependencies
+└── .env.example          # Environment variables template
+```

backend/app/__init__.py

@@ -0,0 +1 @@
+# Empty file to make app a package

backend/app/auth/__init__.py

@@ -0,0 +1,7 @@
+# Auth module
+from .routes import router
+from .service import auth_service
+from .security import verify_token, create_access_token
+from .schemas import UserResponse
+
+__all__ = ["router", "auth_service", "verify_token", "create_access_token", "UserResponse"]