alexei.dolgolyov/personal-ai-assistant
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d86d53f473b7ce43ea4d2df2834adf18637f0e14
personal-ai-assistant/plans/phase-9-oauth.md
dolgolyov.alexei d86d53f473 Phase 10: Per-User Rate Limits — messages + tokens, quota UI, admin usage 
Backend:
- max_ai_messages_per_day + max_ai_tokens_per_day on User model (nullable, override)
- Migration 008: add columns + seed default settings (100 msgs, 500K tokens)
- usage_service: count today's messages + tokens, check quota, get limits
- GET /chats/quota returns usage vs limits + reset time
- POST /chats/{id}/messages checks quota before streaming (429 if exceeded)
- Admin user schemas expose both limit fields
- GET /admin/usage returns per-user daily message + token counts
- admin_user_service allows updating both limit fields

Frontend:
- Chat header shows "X/Y messages · XK/YK tokens" with red highlight at limit
- Quota refreshes every 30s via TanStack Query
- Admin usage page with table: user, messages today, tokens today
- Route + sidebar entry for admin usage
- English + Russian translations

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 15:44:51 +03:00

1.7 KiB
Raw Blame History

Phase 9: OAuth & Account Switching — Subplan

Goal

Allow users to authenticate via Google OAuth, and switch between multiple logged-in accounts without re-entering credentials.

Prerequisites

  • Auth system with JWT tokens, User model with oauth_provider/oauth_provider_id columns
  • Google Cloud OAuth 2.0 credentials

Tasks

  • 9.1 Add GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, GOOGLE_REDIRECT_URI to config.py + .env.example. Add authlib to pyproject.toml.
  • 9.2 Create backend/app/services/oauth_service.py: register Google provider, get_authorization_url, handle_callback (fetch user info, create/link user, issue tokens).
  • 9.3 Make User.hashed_password nullable (OAuth users have no password). Migration 008.
  • 9.4 Add OAuth endpoints to auth.py: GET /auth/oauth/{provider}/authorize, GET /auth/oauth/{provider}/callback.
  • 9.5 Add POST /auth/switch endpoint (accepts refresh token, returns full AuthResponse).
  • 9.6 Update schemas: add oauth_provider to UserResponse.
  • 9.7 Frontend: OAuth API functions, callback route component.
  • 9.8 Frontend: OAuth buttons on login form ("Sign in with Google").
  • 9.9 Frontend: extend auth-store with accounts array, switchAccount, addAccount.
  • 9.10 Frontend: account switcher dropdown in header.
  • 9.11 Update routes, i18n (en/ru).
  • 9.12 Tests + verification.

Acceptance Criteria

  1. Google OAuth login works end-to-end
  2. OAuth user created with oauth_provider="google"
  3. Existing email users can link to Google
  4. Multiple accounts stored; switching is instant
  5. OAuth-only users cannot use password login
  6. All UI text in en/ru

Status

NOT STARTED

Reference in New Issue View Git Blame Copy Permalink