o ⾗h@sdZddlZddlZddlZddlmZmZmZddlm Z ddl mZ ddl m Z ddlmZddlmZeeZGd d d eZd ed eeeeffd dZded eeeeffddZd efddZded eeeeffddZdS)z^ Google OAuth utilities for authentication. Handles Google OAuth flow and token verification. N)OptionalDictAny) urlencode)requests)id_token)GoogleAuthError)settingsc@seZdZdZdS)GoogleOAuthErrorz)Custom exception for Google OAuth errors.N)__name__ __module__ __qualname____doc__rr-/var/www/html/aiguide_backend/google_oauth.pyr sr tokenreturnc CszLt|ttj}|dtjkrtdWdS|dtkr*tdWdS|d|d| dd | d d | d d | d d | d ddWSt yg}zt d|WYd}~dSd}~wt y}zt d|WYd}~dSd}~ww)z Verify Google ID token and return user information. Args: token: Google ID token Returns: User information from Google or None if verification fails audzToken audience mismatchNexpzToken has expiredsubemailname given_name family_namepictureemail_verifiedF)rrrrrrrz!Google token verification error: z3Unexpected error during Google token verification: ) rverify_oauth2_tokengoogle_requestsRequestr GOOGLE_CLIENT_IDloggerwarningtimegetrerror Exception)ridinfoerrrverify_google_tokens:         r) access_tokenc Csz$dd|i}tjd|d}|jdkr|WStd|jWdSty?}ztd|WYd}~dSd}~ww) z Get user information from Google using access token. Args: access_token: Google access token Returns: User information from Google or None if request fails AuthorizationzBearer z-https://www.googleapis.com/oauth2/v2/userinfo)headersz Failed to get Google user info: Nz Error getting Google user info: )rr$ status_codejsonr!r%r&)r*r,responser(rrrget_google_user_infoIs   r1cCs0d}tjtjddddd}t|}|d|S)zm Create Google OAuth URL for authorization. Returns: Google OAuth authorization URL z,https://accounts.google.com/o/oauth2/v2/authcodezopenid email profileofflineconsent) client_id redirect_uri response_typescope access_typeprompt?)r r GOOGLE_REDIRECT_URIr)base_urlparams query_stringrrrcreate_google_oauth_urles r@r2c s~z#ddtdttttfffdd }|tj}|r|WS|dWSty>}ztd|WYd}~dSd}~ww) z Exchange authorization code for access and refresh tokens. Args: code: Authorization code from Google Returns: Token response from Google or None if exchange fails z#https://oauth2.googleapis.com/tokenr6rcsTtjtjd|d}tj|d}|jdkr|Std|j||j dddS)Nauthorization_code)r5 client_secretr2 grant_typer6)datar-z>Google code exchange failed: status=%s redirect_uri=%s body=%si) r r GOOGLE_CLIENT_SECRETrpostr.r/r!r"text)r6payloadrespr2 token_urlrr _try_exchanges   z/exchange_code_for_tokens.._try_exchange postmessagez"Error exchanging code for tokens: N) strrrrr r<r&r!r%)r2rLresultr(rrJrexchange_code_for_tokens{s $  rP)rloggingr#rtypingrrr urllib.parsergoogle.auth.transportr google.oauth2rgoogle.auth.exceptionsrconfigr getLoggerr r!r&r rNr)r1r@rPrrrrs       0"