Deploy backend from GitHub Actions

🚀 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

.env.example

@@ -1,6 +1,9 @@
 # Google OAuth Configuration
 GOOGLE_CLIENT_ID=your-google-client-id
 GOOGLE_CLIENT_SECRET=your-google-client-secret
+# For production:
+# AUTH_REDIRECT_URI=https://your-hf-space.hf.space/backend/auth/google/callback
+# FRONTEND_URL=https://your-username.github.io/your-repo
 AUTH_REDIRECT_URI=http://localhost:3000/auth/google/callback
 FRONTEND_URL=http://localhost:3000
 

DATABASE_DEPLOYMENT_FIX.md

@@ -0,0 +1,97 @@
+# Hugging Face Spaces Database Deployment Fix
+
+## Problem
+The Hugging Face deployment was failing due to a binary database file (`database/auth.db`) being present in the repository. Hugging Face Spaces doesn't allow binary files in the repository without using xet storage.
+
+## Solution Implemented
+
+### 1. Removed Database File from Git Tracking
+- Executed: `git rm --cached backend/database/auth.db`
+- This removes the file from git tracking while keeping it locally
+
+### 2. Updated .gitignore
+Added the following patterns to exclude database files:
+```
+# Database files
+*.db
+*.sqlite
+*.sqlite3
+backend/database/*.db
+backend/database/*.sqlite
+backend/database/*.sqlite3
+```
+
+### 3. Created Database Initialization Script
+- File: `backend/init_database.py`
+- Automatically creates the database directory and tables on startup
+- Safe to run multiple times (uses SQLAlchemy's `create_all`)
+
+### 4. Created Server Startup Script
+- File: `backend/start_server.py`
+- Initializes the database before starting the FastAPI server
+- Provides clear logging of the initialization process
+
+### 5. Updated Dockerfile
+- Changed CMD to use `start_server.py` instead of direct uvicorn
+- Ensures database is ready before the server starts
+
+### 6. Enhanced FastAPI Main Application
+- Updated `main.py` to ensure database directory exists
+- Added database directory creation in the lifespan function
+
+## How It Works
+
+1. **On Deployment Start**:
+   - The container starts and runs `start_server.py`
+   - This script first runs `init_database.py`
+   - The database directory and tables are created if they don't exist
+   - Then the FastAPI server starts normally
+
+2. **Database Location**:
+   - SQLite database: `database/auth.db`
+   - Automatically created on first run
+   - Stored in the container's filesystem (persistent for the container's lifetime)
+
+3. **Safety Features**:
+   - Database initialization is idempotent (safe to run multiple times)
+   - Uses SQLAlchemy's `create_all()` which only creates missing tables
+   - The FastAPI app also ensures the database directory exists on startup
+
+## Verification Steps
+
+1. Check that `database/auth.db` is not tracked by git:
+   ```bash
+   git status  # Should not show database/auth.db
+   ```
+
+2. Verify .gitignore includes database patterns
+
+3. Test locally:
+   ```bash
+   cd backend
+   rm -f database/auth.db  # Remove existing database
+   python start_server.py  # Should create database and start server
+   ```
+
+## Deployment Notes
+
+- The database will be created automatically when the Space starts
+- The database persists as long as the Space container is not restarted
+- For production use, consider migrating to a persistent database solution
+- The SQLite file is stored in the container's filesystem at `/app/database/auth.db`
+
+## Future Improvements
+
+1. **Persistent Storage**: Consider using Hugging Face Spaces persistent storage if available
+2. **Database Migration**: Add Alembic migrations for schema changes
+3. **Backup Strategy**: Implement regular database backups
+4. **Cloud Database**: Migrate to PostgreSQL or MySQL for better scalability
+
+## Files Modified
+
+- `.gitignore` - Added database file patterns
+- `backend/database/config.py` - Fixed import path for models
+- `backend/main.py` - Added database directory creation
+- `backend/Dockerfile` - Updated startup command
+- `backend/init_database.py` - New file (database initialization)
+- `backend/start_server.py` - New file (server startup script)

Dockerfile

@@ -35,5 +35,5 @@ EXPOSE 7860
 HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \
     CMD curl -f http://localhost:7860/health || exit 1
 
-# Run the application
-CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "7860", "--workers", "1"]
+# Run the application with database initialization
+CMD ["python", "start_server.py"]

alembic.ini

@@ -0,0 +1,112 @@
+# A generic, single database configuration.
+
+[alembic]
+# path to migration scripts
+script_location = alembic
+
+# template used to generate migration file names; The default value is %%(rev)s_%%(slug)s
+# Uncomment the line below if you want the files to be prepended with date and time
+# file_template = %%(year)d%%(month).2d%%(day).2d_%%(hour).2d%%(minute).2d-%%(rev)s_%%(slug)s
+
+# sys.path path, will be prepended to sys.path if present.
+# defaults to the current working directory.
+prepend_sys_path = .
+
+# timezone to use when rendering the date within the migration file
+# as well as the filename.
+# If specified, requires the python-dateutil library that can be
+# installed by adding `alembic[tz]` to the pip requirements
+# string value is passed to dateutil.tz.gettz()
+# leave blank for localtime
+# timezone =
+
+# max length of characters to apply to the
+# "slug" field
+# truncate_slug_length = 40
+
+# set to 'true' to run the environment during
+# the 'revision' command, regardless of autogenerate
+# revision_environment = false
+
+# set to 'true' to allow .pyc and .pyo files without
+# a source .py file to be detected as revisions in the
+# versions/ directory
+# sourceless = false
+
+# version number format
+version_num_format = %04d
+
+# version path separator; As mentioned above, this is the character used to split
+# version_locations. The default within new alembic.ini files is "os", which uses
+# os.pathsep. If this key is omitted entirely, it falls back to the legacy
+# behavior of splitting on spaces and/or commas.
+# Valid values for version_path_separator are:
+#
+# version_path_separator = :
+# version_path_separator = ;
+# version_path_separator = space
+version_path_separator = os
+
+# set to 'true' to search source files recursively
+# in each "version_locations" directory
+# new in Alembic version 1.10
+# recursive_version_locations = false
+
+# the output encoding used when revision files
+# are written from script.py.mako
+# output_encoding = utf-8
+
+sqlalchemy.url = sqlite:///./app.db
+
+
+[post_write_hooks]
+# post_write_hooks defines scripts or Python functions that are run
+# on newly generated revision scripts.  See the documentation for further
+# detail and examples
+
+# format using "black" - use the console_scripts runner, against the "black" entrypoint
+# hooks = black
+# black.type = console_scripts
+# black.entrypoint = black
+# black.options = -l 79 REVISION_SCRIPT_FILENAME
+
+# lint with attempts to fix using "ruff" - use the exec runner, execute a binary
+# hooks = ruff
+# ruff.type = exec
+# ruff.executable = %(here)s/.venv/bin/ruff
+# ruff.options = --fix REVISION_SCRIPT_FILENAME
+
+# Logging configuration
+[loggers]
+keys = root,sqlalchemy,alembic
+
+[handlers]
+keys = console
+
+[formatters]
+keys = generic
+
+[logger_root]
+level = WARN
+handlers = console
+qualname =
+
+[logger_sqlalchemy]
+level = WARN
+handlers =
+qualname = sqlalchemy.engine
+
+[logger_alembic]
+level = INFO
+handlers =
+qualname = alembic
+
+[handler_console]
+class = StreamHandler
+args = (sys.stderr,)
+level = NOTSET
+formatter = generic
+
+[formatter_generic]
+format = %(levelname)-5.5s [%(name)s] %(message)s
+datefmt = %H:%M:%S

alembic/env.py

@@ -0,0 +1,95 @@
+from logging.config import fileConfig
+from sqlalchemy import engine_from_config
+from sqlalchemy import pool
+from alembic import context
+import os
+import sys
+
+# Add the backend directory to Python path
+sys.path.append(os.path.dirname(os.path.dirname(__file__)))
+
+# Import models
+from src.models.auth import Base
+from src.models.chat import Base
+
+# this is the Alembic Config object, which provides
+# access to the values within the .ini file in use.
+config = context.config
+
+# Interpret the config file for Python logging.
+# This line sets up loggers basically.
+if config.config_file_name is not None:
+    fileConfig(config.config_file_name)
+
+# add your model's MetaData object here
+# for 'autogenerate' support
+target_metadata = Base.metadata
+
+# other values from the config, defined by the needs of env.py,
+# can be acquired:
+# my_important_option = config.get_main_option("my_important_option")
+# ... etc.
+
+
+def get_url():
+    """Get database URL from environment or config."""
+    url = os.getenv("DATABASE_URL")
+    if url:
+        return url
+    return config.get_main_option("sqlalchemy.url")
+
+
+def run_migrations_offline() -> None:
+    """Run migrations in 'offline' mode.
+
+    This configures the context with just a URL
+    and not an Engine, though an Engine is acceptable
+    here as well.  By skipping the Engine creation
+    we don't even need a DBAPI to be available.
+
+    Calls to context.execute() here emit the given string to the
+    script output.
+
+    """
+    url = get_url()
+    context.configure(
+        url=url,
+        target_metadata=target_metadata,
+        literal_binds=True,
+        dialect_opts={"paramstyle": "named"},
+    )
+
+    with context.begin_transaction():
+        context.run_migrations()
+
+
+def run_migrations_online() -> None:
+    """Run migrations in 'online' mode.
+
+    In this scenario we need to create an Engine
+    and associate a connection with the context.
+
+    """
+    configuration = config.get_section(config.config_ini_section)
+    configuration["sqlalchemy.url"] = get_url()
+
+    connectable = engine_from_config(
+        configuration,
+        prefix="sqlalchemy.",
+        poolclass=pool.NullPool,
+    )
+
+    with connectable.connect() as connection:
+        context.configure(
+            connection=connection,
+            target_metadata=target_metadata
+        )
+
+        with context.begin_transaction():
+            context.run_migrations()
+
+
+if context.is_offline_mode():
+    run_migrations_offline()
+else:
+    run_migrations_online()

alembic/script.py.mako

@@ -0,0 +1,24 @@
+"""${message}
+
+Revision ID: ${up_revision}
+Revises: ${down_revision | comma,n}
+Create Date: ${create_date}
+
+"""
+from alembic import op
+import sqlalchemy as sa
+${imports if imports else ""}
+
+# revision identifiers, used by Alembic.
+revision = ${repr(up_revision)}
+down_revision = ${repr(down_revision)}
+branch_labels = ${repr(branch_labels)}
+depends_on = ${repr(depends_on)}
+
+
+def upgrade() -> None:
+    ${upgrades if upgrades else "pass"}
+
+
+def downgrade() -> None:
+    ${downgrades if downgrades else "pass"}

alembic/versions/001_initial_authentication_tables.py

@@ -0,0 +1,175 @@
+"""Initial authentication tables
+
+Revision ID: 0001
+Revises:
+Create Date: 2025-01-08 14:30:00.000000
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision: str = '0001'
+down_revision: Union[str, None] = None
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+
+    # Create users table
+    op.create_table('users',
+        sa.Column('id', sa.String(length=36), nullable=False),
+        sa.Column('email', sa.String(length=255), nullable=False),
+        sa.Column('password_hash', sa.String(length=255), nullable=False),
+        sa.Column('name', sa.String(length=100), nullable=True),
+        sa.Column('email_verified', sa.Boolean(), nullable=False),
+        sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('now()'), nullable=False),
+        sa.Column('updated_at', sa.DateTime(timezone=True), server_default=sa.text('now()'), nullable=False),
+        sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_users_email'), 'users', ['email'], unique=True)
+    op.create_index(op.f('ix_users_created_at'), 'users', ['created_at'], unique=False)
+
+    # Create user_backgrounds table
+    op.create_table('user_backgrounds',
+        sa.Column('id', sa.String(length=36), nullable=False),
+        sa.Column('user_id', sa.String(length=36), nullable=False),
+        sa.Column('experience_level', sa.Enum('beginner', 'intermediate', 'advanced', name='experiencelevel'), nullable=False),
+        sa.Column('years_experience', sa.Integer(), nullable=False),
+        sa.Column('preferred_languages', sa.JSON(), nullable=False),
+        sa.Column('hardware_expertise', sa.JSON(), nullable=False),
+        sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('now()'), nullable=False),
+        sa.Column('updated_at', sa.DateTime(timezone=True), server_default=sa.text('now()'), nullable=False),
+        sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
+        sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_user_background_user_id'), 'user_backgrounds', ['user_id'], unique=True)
+
+    # Create onboarding_responses table
+    op.create_table('onboarding_responses',
+        sa.Column('id', sa.String(length=36), nullable=False),
+        sa.Column('user_id', sa.String(length=36), nullable=False),
+        sa.Column('question_key', sa.String(length=100), nullable=False),
+        sa.Column('response_value', sa.JSON(), nullable=False),
+        sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('now()'), nullable=False),
+        sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
+        sa.PrimaryKeyConstraint('id')
+    )
+
+    # Create sessions table
+    op.create_table('sessions',
+        sa.Column('id', sa.String(length=36), nullable=False),
+        sa.Column('user_id', sa.String(length=36), nullable=False),
+        sa.Column('token_hash', sa.String(length=255), nullable=False),
+        sa.Column('expires_at', sa.DateTime(timezone=True), nullable=False),
+        sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('now()'), nullable=False),
+        sa.Column('ip_address', sa.String(length=45), nullable=True),
+        sa.Column('user_agent', sa.Text(), nullable=True),
+        sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
+        sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_sessions_token_hash'), 'sessions', ['token_hash'], unique=True)
+    op.create_index(op.f('ix_sessions_user_id'), 'sessions', ['user_id'], unique=False)
+    op.create_index(op.f('ix_sessions_expires_at'), 'sessions', ['expires_at'], unique=False)
+
+    # Create password_reset_tokens table
+    op.create_table('password_reset_tokens',
+        sa.Column('id', sa.String(length=36), nullable=False),
+        sa.Column('user_id', sa.String(length=36), nullable=False),
+        sa.Column('token', sa.String(length=255), nullable=False),
+        sa.Column('expires_at', sa.DateTime(timezone=True), nullable=False),
+        sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('now()'), nullable=False),
+        sa.Column('used', sa.Boolean(), nullable=False),
+        sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
+        sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_password_reset_expires'), 'password_reset_tokens', ['expires_at'], unique=False)
+
+    # Create anonymous_sessions table
+    op.create_table('anonymous_sessions',
+        sa.Column('id', sa.String(length=36), nullable=False),
+        sa.Column('message_count', sa.Integer(), nullable=False),
+        sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('now()'), nullable=False),
+        sa.Column('last_activity', sa.DateTime(timezone=True), server_default=sa.text('now()'), nullable=False),
+        sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_anonymous_sessions_activity'), 'anonymous_sessions', ['last_activity'], unique=False)
+
+    # Create chat_sessions table
+    op.create_table('chat_sessions',
+        sa.Column('id', sa.String(length=36), nullable=False),
+        sa.Column('user_id', sa.String(length=36), nullable=True),
+        sa.Column('anonymous_session_id', sa.String(length=36), nullable=True),
+        sa.Column('title', sa.String(length=255), nullable=False),
+        sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('now()'), nullable=False),
+        sa.Column('updated_at', sa.DateTime(timezone=True), server_default=sa.text('now()'), nullable=False),
+        sa.ForeignKeyConstraint(['anonymous_session_id'], ['anonymous_sessions.id'], ),
+        sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
+        sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_chat_sessions_anonymous_id'), 'chat_sessions', ['anonymous_session_id'], unique=False)
+    op.create_index(op.f('ix_chat_sessions_updated_at'), 'chat_sessions', ['updated_at'], unique=False)
+    op.create_index(op.f('ix_chat_sessions_user_id'), 'chat_sessions', ['user_id'], unique=False)
+
+    # Create chat_messages table
+    op.create_table('chat_messages',
+        sa.Column('id', sa.String(length=36), nullable=False),
+        sa.Column('chat_session_id', sa.String(length=36), nullable=False),
+        sa.Column('role', sa.Enum('user', 'assistant', 'system', name='chatmessage_role'), nullable=False),
+        sa.Column('content', sa.Text(), nullable=False),
+        sa.Column('metadata', sa.JSON(), nullable=True),
+        sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('now()'), nullable=False),
+        sa.ForeignKeyConstraint(['chat_session_id'], ['chat_sessions.id'], ),
+        sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_chat_messages_created_at'), 'chat_messages', ['created_at'], unique=False)
+    op.create_index(op.f('ix_chat_messages_session_id'), 'chat_messages', ['chat_session_id'], unique=False)
+
+    # Create user_preferences table
+    op.create_table('user_preferences',
+        sa.Column('id', sa.String(length=36), nullable=False),
+        sa.Column('user_id', sa.String(length=36), nullable=False),
+        sa.Column('theme', sa.Enum('light', 'dark', 'auto', name='theme'), nullable=False),
+        sa.Column('language', sa.String(length=10), nullable=False),
+        sa.Column('notification_settings', sa.JSON(), nullable=False),
+        sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('now()'), nullable=False),
+        sa.Column('updated_at', sa.DateTime(timezone=True), server_default=sa.text('now()'), nullable=False),
+        sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
+        sa.PrimaryKeyConstraint('id')
+    )
+    op.create_constraint('uk_user_background_user_id', 'user_backgrounds', sa.UniqueConstraint('user_id'))
+
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_constraint('uk_user_background_user_id', 'user_backgrounds', type_='unique')
+    op.drop_table('user_preferences')
+    op.drop_index(op.f('ix_chat_messages_session_id'), table_name='chat_messages')
+    op.drop_index(op.f('ix_chat_messages_created_at'), table_name='chat_messages')
+    op.drop_table('chat_messages')
+    op.drop_index(op.f('ix_chat_sessions_user_id'), table_name='chat_sessions')
+    op.drop_index(op.f('ix_chat_sessions_updated_at'), table_name='chat_sessions')
+    op.drop_index(op.f('ix_chat_sessions_anonymous_id'), table_name='chat_sessions')
+    op.drop_table('chat_sessions')
+    op.drop_index(op.f('ix_anonymous_sessions_activity'), table_name='anonymous_sessions')
+    op.drop_table('anonymous_sessions')
+    op.drop_index(op.f('ix_password_reset_expires'), table_name='password_reset_tokens')
+    op.drop_table('password_reset_tokens')
+    op.drop_index(op.f('ix_sessions_expires_at'), table_name='sessions')
+    op.drop_index(op.f('ix_sessions_user_id'), table_name='sessions')
+    op.drop_index(op.f('ix_sessions_token_hash'), table_name='sessions')
+    op.drop_table('sessions')
+    op.drop_table('onboarding_responses')
+    op.drop_index(op.f('ix_user_background_user_id'), table_name='user_backgrounds')
+    op.drop_table('user_backgrounds')
+    op.drop_index(op.f('ix_users_created_at'), table_name='users')
+    op.drop_index(op.f('ix_users_email'), table_name='users')
+    op.drop_table('users')
+    # ### end Alembic commands ###

alembic/versions/002_add_onboarding_tables.py

@@ -0,0 +1,52 @@
+"""Add onboarding response and background tables
+
+Revision ID: 002
+Revises: 001_initial_authentication_tables
+Create Date: 2025-01-08 10:30:00.000000
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import sqlite
+
+# revision identifiers, used by Alembic.
+revision: str = '002'
+down_revision: Union[str, None] = '001_initial_authentication_tables'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+
+    # Create onboarding_responses table
+    op.create_table('onboarding_responses',
+        sa.Column('id', sa.String(length=36), nullable=False),
+        sa.Column('user_id', sa.String(length=36), nullable=False),
+        sa.Column('question_key', sa.String(length=100), nullable=False),
+        sa.Column('response_value', sa.JSON(), nullable=False),
+        sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('(CURRENT_TIMESTAMP)'), nullable=False),
+        sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
+        sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_onboarding_responses_user_id'), 'onboarding_responses', ['user_id'], unique=False)
+
+    # Update user_backgrounds table if it doesn't have all required fields
+    # Check if hardware_expertise column exists
+    conn = op.get_bind()
+    inspector = sa.inspect(conn)
+    columns = [col['name'] for col in inspector.get_columns('user_backgrounds')]
+
+    if 'hardware_expertise' not in columns:
+        op.add_column('user_backgrounds', sa.Column('hardware_expertise', sa.JSON(), nullable=False, server_default='{}'))
+
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_index(op.f('ix_onboarding_responses_user_id'), table_name='onboarding_responses')
+    op.drop_table('onboarding_responses')
+    # ### end Alembic commands ###

auth/auth.py

@@ -13,7 +13,7 @@ from authlib.integrations.starlette_client import OAuth
 from starlette.config import Config
 
 from database.config import get_db
-from models.auth import User, Session, Account, UserPreferences
+from src.models.auth import User, Session, Account, UserPreferences
 
 # JWT Settings
 SECRET_KEY = os.getenv("JWT_SECRET_KEY", secrets.token_urlsafe(32))
@@ -44,11 +44,17 @@ oauth.register(
 
 def verify_password(plain_password: str, hashed_password: str) -> bool:
     """Verify a password against its hash"""
+    # Truncate password to 72 bytes maximum for bcrypt
+    if len(plain_password.encode('utf-8')) > 72:
+        plain_password = plain_password.encode('utf-8')[:72].decode('utf-8', errors='ignore')
     return pwd_context.verify(plain_password, hashed_password)
 
 
 def get_password_hash(password: str) -> str:
     """Generate password hash"""
+    # Truncate password to 72 bytes maximum for bcrypt
+    if len(password.encode('utf-8')) > 72:
+        password = password.encode('utf-8')[:72].decode('utf-8', errors='ignore')
     return pwd_context.hash(password)
 
 
@@ -89,7 +95,7 @@ async def get_current_user(
             headers={"WWW-Authenticate": "Bearer"},
         )
 
-    user_id: int = payload.get("sub")
+    user_id: str = payload.get("sub")
     if user_id is None:
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
@@ -124,7 +130,7 @@ def create_user_session(db: Session, user: User) -> str:
 
     db_session = Session(
         user_id=user.id,
-        token=session_token,
+        token_hash=get_password_hash(session_token),
         expires_at=expires_at
     )
     db.add(db_session)

init_database.py

@@ -0,0 +1,58 @@
+"""
+Database initialization script for Hugging Face Spaces deployment.
+This script ensures the database directory exists and creates necessary tables.
+"""
+import os
+import sys
+from pathlib import Path
+
+# Add backend to Python path
+backend_path = Path(__file__).parent
+sys.path.insert(0, str(backend_path))
+
+from database.config import create_tables, engine, DATABASE_URL
+
+
+def ensure_database_directory():
+    """Ensure the database directory exists."""
+    db_path = Path(DATABASE_URL.replace("sqlite:///", ""))
+
+    if not db_path.exists():
+        db_dir = db_path.parent
+        db_dir.mkdir(parents=True, exist_ok=True)
+        print(f"Created database directory: {db_dir}")
+
+    return db_path
+
+
+def initialize_database():
+    """Initialize the database with all required tables."""
+    print(f"Initializing database at: {DATABASE_URL}")
+
+    # Ensure database directory exists
+    db_path = ensure_database_directory()
+    print(f"Database path: {db_path}")
+
+    # Create tables
+    try:
+        create_tables()
+        print("✅ Database initialized successfully!")
+        return True
+    except Exception as e:
+        print(f"❌ Failed to initialize database: {e}")
+        return False
+
+
+if __name__ == "__main__":
+    print("🔧 Database initialization script running...")
+
+    # Set environment variables for Hugging Face Spaces
+    os.environ.setdefault("DATABASE_URL", "sqlite:///./database/auth.db")
+
+    success = initialize_database()
+
+    if success:
+        print("✅ Database is ready for use!")
+    else:
+        print("❌ Database initialization failed!")
+        sys.exit(1)

main.py

@@ -32,6 +32,7 @@ from middleware.auth import AuthMiddleware
 
 # Import auth routes
 from routes import auth
+from src.api.routes import chat
 
 # Import ChatKit server
 # from chatkit_server import get_chatkit_server
@@ -131,7 +132,18 @@ async def lifespan(app: FastAPI):
     global chat_handler, qdrant_manager, document_ingestor, task_manager
 
     # Create database tables on startup
-    from database.config import create_tables
+    from database.config import create_tables, engine, DATABASE_URL
+    import os
+    from pathlib import Path
+
+    # Ensure database directory exists
+    if "sqlite" in DATABASE_URL:
+        db_path = Path(DATABASE_URL.replace("sqlite:///", ""))
+        db_dir = db_path.parent
+        db_dir.mkdir(parents=True, exist_ok=True)
+        print(f"Database directory ensured: {db_dir}")
+
+    # Create tables
     create_tables()
 
     logger.info("Starting up RAG backend...",
@@ -225,7 +237,7 @@ app.add_middleware(
     httponly=False,
     samesite="lax",
     max_age=3600,
-    exempt_paths=["/health", "/docs", "/openapi.json", "/ingest/status", "/collections"],
+    exempt_paths=["/health", "/docs", "/openapi.json", "/ingest/status", "/collections", "/auth/login", "/auth/register", "/api/chat", "/auth/logout", "/auth/me", "/auth/preferences", "/auth/refresh"],
 )
 
 app.add_middleware(
@@ -238,6 +250,9 @@ app.add_middleware(
 # Include auth routes
 app.include_router(auth.router)
 
+# Include new chat routes
+app.include_router(chat.router)
+
 
 # Optional API key security for higher rate limits
 security = HTTPBearer(auto_error=False)
@@ -424,13 +439,83 @@ async def chat_endpoint(
             )
         else:
             # Return complete response (non-streaming)
-            response = await chat_handler.chat(
-                query=query,
-                session_id=session_id,
-                k=k,
-                context_window=context_window
-            )
-            return response
+            # Create a helper to collect streaming response
+            async def collect_streaming_response():
+                collected_response = {
+                    "answer": "",
+                    "sources": [],
+                    "session_id": session_id,
+                    "query": query,
+                    "response_time": 0,
+                    "tokens_used": 0,
+                    "context_used": False
+                }
+
+                response_chunks = []
+                try:
+                    async for chunk in chat_handler.chat(
+                        query=query,
+                        session_id=session_id,
+                        k=k,
+                        context_window=context_window
+                    ):
+                        response_chunks.append(chunk)
+
+                        # Parse SSE chunk
+                        if chunk.startswith("data: "):
+                            try:
+                                import json
+                                chunk_data = json.loads(chunk[6:])  # Remove "data: " prefix
+
+                                # Handle different chunk types
+                                if chunk_data.get("type") == "final":
+                                    # Handle sources serialization issue
+                                    if "sources" in chunk_data:
+                                        try:
+                                            # Convert Citation objects to serializable format
+                                            sources = []
+                                            for source in chunk_data["sources"]:
+                                                if hasattr(source, '__dict__'):
+                                                    # Convert object to dict
+                                                    source_dict = {
+                                                        "id": getattr(source, 'id', ''),
+                                                        "chunk_id": getattr(source, 'chunk_id', ''),
+                                                        "document_id": getattr(source, 'document_id', ''),
+                                                        "text_snippet": getattr(source, 'text_snippet', ''),
+                                                        "relevance_score": getattr(source, 'relevance_score', 0),
+                                                        "chapter": getattr(source, 'chapter', ''),
+                                                        "section": getattr(source, 'section', ''),
+                                                        "confidence": getattr(source, 'confidence', 0)
+                                                    }
+                                                    sources.append(source_dict)
+                                                else:
+                                                    sources.append(source)
+                                            chunk_data["sources"] = sources
+                                        except Exception as serialize_error:
+                                            logger.warning(f"Failed to serialize sources: {serialize_error}")
+                                            chunk_data["sources"] = []
+
+                                    collected_response.update(chunk_data)
+                                    break
+                                elif chunk_data.get("type") == "chunk":
+                                    collected_response["answer"] += chunk_data.get("content", "")
+                                elif chunk_data.get("type") == "error":
+                                    collected_response["answer"] = chunk_data.get("message", "Error occurred")
+                                    break
+                            except json.JSONDecodeError:
+                                # If not JSON, treat as plain text
+                                if chunk.startswith("data: "):
+                                    text_part = chunk[6:].strip()
+                                    collected_response["answer"] += text_part
+
+                except Exception as e:
+                    logger.error(f"Error collecting streaming response: {e}")
+                    collected_response["answer"] = "I encountered an error while processing your request."
+                    collected_response["error"] = str(e)
+
+                return collected_response
+
+            return await collect_streaming_response()
     except ContentNotFoundError as e:
         # Specific error for when no relevant content is found
         logger.warning(f"No content found for query: {query[:100]}...")

middleware/auth.py

@@ -13,7 +13,7 @@ from starlette.middleware.base import BaseHTTPMiddleware
 from sqlalchemy.orm import Session
 
 from database.config import get_db
-from models.auth import Session as AuthSession
+from src.models.auth import Session as AuthSession
 from auth.auth import verify_token
 
 

models/auth.py

@@ -1,3 +1,4 @@
+
 from datetime import datetime
 from typing import Optional, Dict, Any
 from sqlalchemy import Column, Integer, String, DateTime, Boolean, Text, ForeignKey, JSON
@@ -13,6 +14,7 @@ class User(Base):
 
     id = Column(Integer, primary_key=True, index=True)
     email = Column(String, unique=True, index=True, nullable=False)
+    hashed_password = Column(String, nullable=False)
     name = Column(String, nullable=False)
     image_url = Column(String, nullable=True)
     email_verified = Column(Boolean, default=False, nullable=False)
@@ -100,4 +102,4 @@ class UserPreferences(Base):
     updated_at = Column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now(), nullable=False)
 
     # Relationships
-    user = relationship("User", back_populates="preferences")
+    user = relationship("User", back_populates="preferences")

pyproject.toml

@@ -10,7 +10,7 @@ readme = "README.md"
 requires-python = ">=3.11"
 license = {text = "MIT"}
 authors = [
-    {name = "M. Owais Abdullah", email = "mrowaisabdullah@example.com"},
+    {name = "M. Owais Abdullah", email = "mrowaisabdullah@gmail.com"},
 ]
 keywords = ["rag", "retrieval", "openai", "qdrant", "fastapi", "robotics"]
 classifiers = [
@@ -62,6 +62,8 @@ dependencies = [
     # Monitoring and Performance
     "psutil>=5.9.6",
     "openai-chatkit>=1.4.0",
+    "email-validator>=2.3.0",
+    "bcrypt==4.2.0",
 ]
 
 [project.optional-dependencies]

rag/chat.py

@@ -540,11 +540,25 @@ class ChatHandler:
             # Calculate response time
             response_time = (datetime.utcnow() - start_time).total_seconds()
 
+            # Helper function to serialize citations
+            def serialize_citation(citation):
+                """Convert Citation object to JSON-serializable dict."""
+                return {
+                    "id": getattr(citation, 'id', ''),
+                    "chunk_id": getattr(citation, 'chunk_id', ''),
+                    "document_id": getattr(citation, 'document_id', ''),
+                    "text_snippet": getattr(citation, 'text_snippet', ''),
+                    "relevance_score": getattr(citation, 'relevance_score', 0),
+                    "chapter": getattr(citation, 'chapter', ''),
+                    "section": getattr(citation, 'section', ''),
+                    "confidence": getattr(citation, 'confidence', 0)
+                }
+
             # Final response
             final_response = {
                 "type": "final",
                 "answer": answer,
-                "sources": [citation.to_dict() if hasattr(citation, 'to_dict') else citation for citation in citations],
+                "sources": [serialize_citation(citation) for citation in citations],
                 "session_id": session_id,
                 "query": query,
                 "response_time": response_time,

requirements.txt

@@ -12,6 +12,8 @@ aiofiles>=23.2.1
 slowapi>=0.1.9
 limits>=3.13.1
 python-multipart>=0.0.6
+aiosmtplib>=3.0.0
+jinja2>=3.1.0
 python-dotenv>=1.0.0
 structlog>=23.2.0
 backoff>=2.2.1

routes/auth.py

@@ -1,4 +1,5 @@
-from typing import Optional
+
+from typing import Optional, Dict, Any
 from fastapi import APIRouter, Depends, HTTPException, status, Request, Response
 from fastapi.responses import RedirectResponse
 from sqlalchemy.orm import Session
@@ -9,9 +10,11 @@ from database.config import get_db
 from auth.auth import (
     oauth, create_access_token, get_or_create_user,
     create_or_update_account, create_user_session,
-    invalidate_user_sessions, get_current_active_user
+    invalidate_user_sessions, get_current_active_user,
+    verify_password, get_password_hash
 )
-from models.auth import User, UserPreferences
+from src.models.auth import User, UserPreferences
+from src.services.session_migration import SessionMigrationService, migrate_anonymous_session_on_auth
 from slowapi import Limiter
 from slowapi.util import get_remote_address
 
@@ -23,7 +26,7 @@ router = APIRouter(prefix="/auth", tags=["authentication"])
 
 # Pydantic models
 class UserResponse(BaseModel):
-    id: int
+    id: str
     email: str
     name: str
     image_url: Optional[str] = None
@@ -37,6 +40,8 @@ class LoginResponse(BaseModel):
     user: UserResponse
     access_token: str
     token_type: str = "bearer"
+    migrated_sessions: Optional[int] = 0
+    migrated_messages: Optional[int] = 0
 
 
 class PreferencesResponse(BaseModel):
@@ -48,6 +53,129 @@ class PreferencesResponse(BaseModel):
     class Config:
         from_attributes = True
 
+class RegisterRequest(BaseModel):
+    email: str
+    password: str
+    name: str
+
+class LoginRequest(BaseModel):
+    email: str
+    password: str
+
+@router.post("/register")
+@limiter.limit("5/minute")
+async def register(request: Request, register_data: RegisterRequest, db: Session = Depends(get_db)):
+    """Register a new user"""
+    # Check if user already exists
+    existing_user = db.query(User).filter(User.email == register_data.email).first()
+    if existing_user:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Email already registered"
+        )
+
+    # Hash password
+    hashed_password = get_password_hash(register_data.password)
+
+    # Create user
+    new_user = User(
+        email=register_data.email,
+        password_hash=hashed_password,
+        name=register_data.name,
+        email_verified=False
+    )
+    db.add(new_user)
+    db.commit()
+    db.refresh(new_user)
+
+    # Create default preferences
+    preferences = UserPreferences(user_id=new_user.id)
+    db.add(preferences)
+    db.commit()
+
+    # Check for anonymous session to migrate
+    anonymous_session_id = request.headers.get("X-Anonymous-Session-ID")
+    migrated_sessions = 0
+    migrated_messages = 0
+
+    if anonymous_session_id:
+        try:
+            migration_service = SessionMigrationService(db)
+            migration_result = migration_service.migrate_anonymous_session(
+                anonymous_session_id=anonymous_session_id,
+                authenticated_user_id=str(new_user.id)
+            )
+            if migration_result["success"]:
+                migrated_sessions = migration_result["migrated_sessions_count"]
+                migrated_messages = migration_result["migrated_messages_count"]
+        except Exception as e:
+            # Log error but don't fail registration
+            print(f"Session migration failed during registration: {e}")
+
+    # Create session
+    session_token = create_user_session(db, new_user)
+    access_token = create_access_token(data={"sub": str(new_user.id), "email": new_user.email})
+
+    return LoginResponse(
+        user=UserResponse(
+            id=new_user.id,
+            email=new_user.email,
+            name=new_user.name,
+            image_url=new_user.image_url,
+            email_verified=new_user.email_verified
+        ),
+        access_token=access_token,
+        migrated_sessions=migrated_sessions,
+        migrated_messages=migrated_messages
+    )
+
+@router.post("/login")
+@limiter.limit("10/minute")
+async def login(request: Request, login_data: LoginRequest, db: Session = Depends(get_db)):
+    """Login with email and password"""
+    user = db.query(User).filter(User.email == login_data.email).first()
+    if not user or not verify_password(login_data.password, user.password_hash):
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Incorrect email or password",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+    # Check for anonymous session to migrate
+    anonymous_session_id = request.headers.get("X-Anonymous-Session-ID")
+    migrated_sessions = 0
+    migrated_messages = 0
+
+    if anonymous_session_id:
+        try:
+            migration_service = SessionMigrationService(db)
+            migration_result = migration_service.migrate_anonymous_session(
+                anonymous_session_id=anonymous_session_id,
+                authenticated_user_id=str(user.id)
+            )
+            if migration_result["success"]:
+                migrated_sessions = migration_result["migrated_sessions_count"]
+                migrated_messages = migration_result["migrated_messages_count"]
+        except Exception as e:
+            # Log error but don't fail login
+            print(f"Session migration failed during login: {e}")
+
+    # Create session
+    session_token = create_user_session(db, user)
+    access_token = create_access_token(data={"sub": str(user.id), "email": user.email})
+
+    return LoginResponse(
+        user=UserResponse(
+            id=user.id,
+            email=user.email,
+            name=user.name,
+            image_url=user.image_url,
+            email_verified=user.email_verified
+        ),
+        access_token=access_token,
+        migrated_sessions=migrated_sessions,
+        migrated_messages=migrated_messages
+    )
 
 @router.get("/login/google")
 @limiter.limit("10/minute")  # Limit OAuth initiation attempts
@@ -231,4 +359,4 @@ async def refresh_token(
     return {
         "access_token": access_token,
         "token_type": "bearer"
-    }
+    }

src/api/routes/auth.py

@@ -0,0 +1,451 @@
+"""
+Authentication API routes.
+
+This module provides endpoints for user registration, login, logout,
+and password management.
+"""
+
+from datetime import datetime, timedelta
+from typing import Any
+from fastapi import APIRouter, Depends, HTTPException, status, Request, Response
+from fastapi.security import OAuth2PasswordRequestForm
+from sqlalchemy.orm import Session
+
+from src.database.config import get_db
+from src.models.auth import User, Session as UserSession, AnonymousSession
+from src.schemas.auth import (
+    User as UserSchema,
+    UserCreate,
+    UserResponse,
+    Token,
+    LoginRequest,
+    LoginResponse,
+    PasswordResetRequest,
+    PasswordResetConfirm,
+    SuccessResponse,
+    ErrorResponse
+)
+from src.services.auth import (
+    verify_password,
+    get_password_hash,
+    create_access_token,
+    create_token_hash,
+    generate_password_reset_token,
+    verify_password_reset_token,
+    validate_password_strength
+)
+from src.services.email import email_service
+from src.security.dependencies import get_current_user, get_current_active_user, require_auth
+
+router = APIRouter(prefix="/auth", tags=["authentication"])
+
+
+@router.post("/register", response_model=UserResponse, status_code=status.HTTP_201_CREATED)
+async def register(
+    user_data: UserCreate,
+    response: Response,
+    db: Session = Depends(get_db)
+) -> Any:
+    """
+    Register a new user with email and password.
+
+    Args:
+        user_data: User registration data
+        response: FastAPI response object for setting cookies
+        db: Database session
+
+    Returns:
+        Created user data
+
+    Raises:
+        HTTPException: If user already exists or validation fails
+    """
+    # Check if user already exists
+    existing_user = db.query(User).filter(User.email == user_data.email).first()
+    if existing_user:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Email already registered"
+        )
+
+    # Validate password strength
+    if not validate_password_strength(user_data.password):
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Password must be at least 8 characters long and contain letters and numbers"
+        )
+
+    # Create new user
+    hashed_password = get_password_hash(user_data.password)
+    db_user = User(
+        email=user_data.email,
+        password_hash=hashed_password,
+        name=user_data.name,
+        email_verified=False  # Will be verified via email
+    )
+    db.add(db_user)
+    db.commit()
+    db.refresh(db_user)
+
+    # Create user background if provided
+    if user_data.software_experience or user_data.hardware_expertise or user_data.years_of_experience is not None:
+        from src.models.auth import UserBackground
+        background = UserBackground(
+            user_id=db_user.id,
+            experience_level=user_data.software_experience or "Beginner",
+            hardware_expertise=user_data.hardware_expertise or "None",
+            years_of_experience=user_data.years_of_experience or 0
+        )
+        db.add(background)
+        db.commit()
+
+    # Create access token
+    access_token_expires = timedelta(minutes=10080)  # 7 days
+    access_token = create_access_token(
+        data={"sub": str(db_user.id)},
+        expires_delta=access_token_expires
+    )
+
+    # Create session record
+    user_session = UserSession(
+        user_id=db_user.id,
+        token_hash=create_token_hash(access_token),
+        expires_at=datetime.utcnow() + access_token_expires
+    )
+    db.add(user_session)
+    db.commit()
+
+    # Set HTTP-only cookie
+    response.set_cookie(
+        key="access_token",
+        value=access_token,
+        max_age=access_token_expires.total_seconds(),
+        httponly=True,
+        samesite="lax",
+        secure=False  # Set to True in production with HTTPS
+    )
+
+    # TODO: Send email verification
+    # if email_service.is_configured():
+    #     verification_token = generate_password_reset_token(db_user.email)
+    #     await email_service.send_verification_email(
+    #         db_user.email,
+    #         verification_token,
+    #         os.getenv("FRONTEND_URL", "http://localhost:3000")
+    #     )
+
+    return db_user
+
+
+@router.post("/login", response_model=LoginResponse)
+async def login(
+    response: Response,
+    db: Session = Depends(get_db),
+    form_data: OAuth2PasswordRequestForm = Depends()
+) -> Any:
+    """
+    Authenticate user with email and password.
+
+    Args:
+        response: FastAPI response object for setting cookies
+        db: Database session
+        form_data: OAuth2PasswordRequestForm with username (email) and password
+
+    Returns:
+        Login response with token and user data
+
+    Raises:
+        HTTPException: If authentication fails
+    """
+    # Find user by email
+    user = db.query(User).filter(User.email == form_data.username).first()
+    if not user or not verify_password(form_data.password, user.password_hash):
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Incorrect email or password",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+    # Create access token
+    access_token_expires = timedelta(minutes=10080)  # 7 days
+    access_token = create_access_token(
+        data={"sub": str(user.id)},
+        expires_delta=access_token_expires
+    )
+
+    # Invalidate previous sessions (single session enforcement)
+    db.query(UserSession).filter(
+        UserSession.user_id == user.id,
+        UserSession.expires_at > datetime.utcnow()
+    ).update({"expires_at": datetime.utcnow()})
+    db.commit()
+
+    # Create new session
+    user_session = UserSession(
+        user_id=user.id,
+        token_hash=create_token_hash(access_token),
+        expires_at=datetime.utcnow() + access_token_expires
+    )
+    db.add(user_session)
+    db.commit()
+
+    # Set HTTP-only cookie
+    response.set_cookie(
+        key="access_token",
+        value=access_token,
+        max_age=access_token_expires.total_seconds(),
+        httponly=True,
+        samesite="lax",
+        secure=False  # Set to True in production with HTTPS
+    )
+
+    return {
+        "access_token": access_token,
+        "token_type": "bearer",
+        "expires_in": int(access_token_expires.total_seconds()),
+        "user": user
+    }
+
+
+@router.post("/logout", response_model=SuccessResponse)
+async def logout(
+    response: Response,
+    current_user: UserSchema = Depends(get_current_active_user),
+    db: Session = Depends(get_db)
+) -> Any:
+    """
+    Logout user and invalidate session.
+
+    Args:
+        response: FastAPI response object for clearing cookies
+        current_user: Currently authenticated user
+        db: Database session
+
+    Returns:
+        Success response
+    """
+    # Invalidate all user sessions
+    db.query(UserSession).filter(
+        UserSession.user_id == current_user.id
+    ).update({"expires_at": datetime.utcnow()})
+    db.commit()
+
+    # Clear cookie
+    response.delete_cookie(key="access_token")
+
+    return {"success": True, "message": "Successfully logged out"}
+
+
+@router.get("/me", response_model=UserResponse)
+async def get_current_user_info(
+    current_user: UserSchema = Depends(get_current_active_user)
+) -> Any:
+    """
+    Get current user information.
+
+    Args:
+        current_user: Currently authenticated user
+
+    Returns:
+        Current user data
+    """
+    return current_user
+
+
+@router.post("/refresh")
+async def refresh_token(
+    current_user: UserSchema = Depends(get_current_active_user),
+    response: Response = None
+) -> Any:
+    """
+    Refresh authentication token.
+
+    Args:
+        current_user: Currently authenticated user
+        response: FastAPI response object for setting cookies
+
+    Returns:
+        New access token
+
+    Raises:
+        HTTPException: If refresh fails
+    """
+    # Create new access token
+    access_token_expires = timedelta(minutes=10080)  # 7 days
+    access_token = create_access_token(
+        data={"sub": str(current_user.id)},
+        expires_delta=access_token_expires
+    )
+
+    # Set HTTP-only cookie if response is provided
+    if response:
+        response.set_cookie(
+            key="access_token",
+            value=access_token,
+            max_age=access_token_expires.total_seconds(),
+            httponly=True,
+            samesite="lax",
+            secure=False  # Set to True in production with HTTPS
+        )
+
+    return {"token": access_token}
+
+
+@router.get("/anonymous-session/{session_id}")
+async def get_anonymous_session(
+    session_id: str,
+    db: Session = Depends(get_db)
+) -> Any:
+    """
+    Get anonymous session data including message count.
+
+    Args:
+        session_id: Anonymous session ID from localStorage
+        db: Database session
+
+    Returns:
+        Anonymous session data with message count and existence flag
+    """
+    # Query for existing session
+    session = db.query(AnonymousSession).filter(
+        AnonymousSession.id == session_id
+    ).first()
+
+    if not session:
+        # Return new session data if not found
+        return {
+            "id": session_id,
+            "message_count": 0,
+            "exists": False
+        }
+
+    # Return existing session data
+    return {
+        "id": session.id,
+        "message_count": session.message_count,
+        "exists": True
+    }
+
+
+@router.post("/password-reset/request", response_model=SuccessResponse)
+async def request_password_reset(
+    request_data: PasswordResetRequest,
+    db: Session = Depends(get_db)
+) -> Any:
+    """
+    Request password reset email.
+
+    Args:
+        request_data: Email for password reset
+        db: Database session
+
+    Returns:
+        Success response
+    """
+    user = db.query(User).filter(User.email == request_data.email).first()
+    if not user:
+        # Don't reveal if user exists
+        return {"success": True, "message": "If the email exists, a reset link has been sent"}
+
+    # Generate reset token
+    reset_token = generate_password_reset_token(user.email)
+
+    # Save reset token
+    from src.models.auth import PasswordResetToken
+    password_reset_token = PasswordResetToken(
+        user_id=user.id,
+        token=reset_token,
+        expires_at=datetime.utcnow() + timedelta(hours=24)
+    )
+    db.add(password_reset_token)
+
+    # Invalidate previous tokens
+    db.query(PasswordResetToken).filter(
+        PasswordResetToken.user_id == user.id,
+        PasswordResetToken.used == False,
+        PasswordResetToken.expires_at > datetime.utcnow()
+    ).update({"used": True})
+    db.commit()
+
+    # Send email
+    if email_service.is_configured():
+        frontend_url = "http://localhost:3000"  # TODO: Get from environment
+        await email_service.send_password_reset_email_async(
+            user.email,
+            reset_token,
+            frontend_url
+        )
+
+    return {"success": True, "message": "If the email exists, a reset link has been sent"}
+
+
+@router.post("/password-reset/confirm", response_model=SuccessResponse)
+async def confirm_password_reset(
+    request_data: PasswordResetConfirm,
+    db: Session = Depends(get_db)
+) -> Any:
+    """
+    Confirm password reset with token.
+
+    Args:
+        request_data: Token and new password
+        db: Database session
+
+    Returns:
+        Success response
+
+    Raises:
+        HTTPException: If token is invalid or expired
+    """
+    # Verify token
+    email = verify_password_reset_token(request_data.token)
+    if not email:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Invalid or expired reset token"
+        )
+
+    # Get user
+    user = db.query(User).filter(User.email == email).first()
+    if not user:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Invalid or expired reset token"
+        )
+
+    # Get and validate token record
+    from src.models.auth import PasswordResetToken
+    token_record = db.query(PasswordResetToken).filter(
+        PasswordResetToken.token == request_data.token,
+        PasswordResetToken.user_id == user.id,
+        PasswordResetToken.used == False
+    ).first()
+
+    if not token_record or token_record.expires_at < datetime.utcnow():
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Invalid or expired reset token"
+        )
+
+    # Validate new password
+    if not validate_password_strength(request_data.new_password):
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Password must be at least 8 characters long and contain letters and numbers"
+        )
+
+    # Update password
+    user.password_hash = get_password_hash(request_data.new_password)
+    user.updated_at = datetime.utcnow()
+
+    # Mark token as used
+    token_record.used = True
+
+    # Invalidate all user sessions (force re-login)
+    db.query(UserSession).filter(UserSession.user_id == user.id).update(
+        {"expires_at": datetime.utcnow()}
+    )
+
+    db.commit()
+
+    return {"success": True, "message": "Password has been reset successfully"}

src/api/routes/chat.py

@@ -0,0 +1,549 @@
+"""
+Chat API routes with authentication support.
+"""
+
+from datetime import datetime
+from typing import Any, Dict, Optional
+from fastapi import APIRouter, Depends, HTTPException, status, Request
+from sqlalchemy.orm import Session
+from pydantic import BaseModel
+import json
+import uuid
+import logging
+from slowapi import Limiter
+from slowapi.util import get_remote_address
+
+from src.database.config import get_db
+from src.models.auth import User, ChatSession, ChatMessage, AnonymousSession
+from src.security.dependencies import get_current_user, get_current_user_or_anonymous
+from src.services.message_editor import MessageEditorService
+from rag.chat import ChatHandler
+
+router = APIRouter(prefix="/api/chat", tags=["chat"])
+
+# Rate limiter
+limiter = Limiter(key_func=get_remote_address)
+
+# Logger
+logger = logging.getLogger(__name__)
+
+
+class ChatRequest(BaseModel):
+    """Chat request model."""
+    message: str
+    session_id: Optional[str] = None
+    context_window: Optional[int] = None
+    k: Optional[int] = 5
+    stream: bool = True
+
+
+class ChatSessionResponse(BaseModel):
+    """Chat session response model."""
+    id: str
+    title: str
+    created_at: datetime
+    updated_at: datetime
+    messages: list = []
+
+
+@router.post("/send")
+@limiter.limit("20/minute")
+async def send_message(
+    request: Request,
+    chat_request: ChatRequest,
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user_or_anonymous)
+):
+    """Send a chat message with authentication support."""
+
+    # Get the global chat_handler from main module
+    import sys
+    import os
+    sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(__file__)))))
+    from main import chat_handler
+
+    if not chat_handler:
+        raise HTTPException(
+            status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
+            detail="Chat service not initialized"
+        )
+
+    # Check if user is anonymous and has exceeded limit
+    if not current_user.is_authenticated:
+        # Get or create anonymous session
+        anon_session_id = request.headers.get("X-Anonymous-Session-ID")
+        if anon_session_id:
+            anon_session = db.query(AnonymousSession).filter(
+                AnonymousSession.id == anon_session_id
+            ).first()
+        else:
+            anon_session = None
+
+        if not anon_session:
+            # Create new anonymous session
+            anon_session = AnonymousSession(
+                id=str(uuid.uuid4()),
+                message_count=0
+            )
+            db.add(anon_session)
+            db.commit()
+
+        # Check message limit
+        if anon_session.message_count >= 3:
+            raise HTTPException(
+                status_code=status.HTTP_429_TOO_MANY_REQUESTS,
+                detail="Anonymous users are limited to 3 messages. Please sign in to continue."
+            )
+
+        # Increment message count
+        anon_session.message_count += 1
+        anon_session.last_activity = datetime.utcnow()
+        db.commit()
+
+    # Get or create chat session
+    session_id = chat_request.session_id
+    chat_session = None
+
+    if session_id:
+        # Try to find existing session
+        chat_session = db.query(ChatSession).filter(
+            ChatSession.id == session_id
+        ).first()
+
+    if not chat_session:
+        # Create new chat session
+        chat_session = ChatSession(
+            id=str(uuid.uuid4()),
+            user_id=current_user.id if current_user.is_authenticated else None,
+            anonymous_session_id=anon_session.id if not current_user.is_authenticated and anon_session else None,
+            title="New Chat"
+        )
+        db.add(chat_session)
+        db.commit()
+        db.refresh(chat_session)
+
+    # Save user message
+    user_message = ChatMessage(
+        chat_session_id=chat_session.id,
+        role="user",
+        content=chat_request.message,
+        created_at=datetime.utcnow()
+    )
+    db.add(user_message)
+    db.commit()
+
+    # Process the message through RAG system
+    try:
+        # Get session ID for context
+        session_id_for_context = chat_request.session_id if chat_request.session_id else str(chat_session.id)
+
+        # Get response from chat handler
+        response = await chat_handler.chat(
+            query=chat_request.message,
+            session_id=session_id_for_context,
+            k=chat_request.k,
+            context_window=chat_request.context_window
+        )
+
+        # Extract the response content
+        ai_content = response.get("answer", "I'm sorry, I couldn't process your request.")
+
+        # Create AI response
+        ai_response = ChatMessage(
+            chat_session_id=chat_session.id,
+            role="assistant",
+            content=ai_content,
+            created_at=datetime.utcnow()
+        )
+        db.add(ai_response)
+        db.commit()
+
+    except Exception as e:
+        # If RAG fails, provide a fallback response
+        logger.error(f"RAG processing failed: {str(e)}")
+        ai_response = ChatMessage(
+            chat_session_id=chat_session.id,
+            role="assistant",
+            content="I'm having trouble accessing the book content right now. Please try again later.",
+            created_at=datetime.utcnow()
+        )
+        db.add(ai_response)
+        db.commit()
+
+    # Update session timestamp
+    chat_session.updated_at = datetime.utcnow()
+    db.commit()
+
+    # Get session messages
+    messages = db.query(ChatMessage).filter(
+        ChatMessage.chat_session_id == chat_session.id
+    ).order_by(ChatMessage.created_at).all()
+
+    return {
+        "session_id": chat_session.id,
+        "messages": [
+            {
+                "id": msg.id,
+                "role": msg.role,
+                "content": msg.content,
+                "created_at": msg.created_at.isoformat()
+            }
+            for msg in messages
+        ],
+        "title": chat_session.title
+    }
+
+
+@router.get("/sessions", response_model=list[ChatSessionResponse])
+async def get_chat_sessions(
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user)
+):
+    """Get user's chat sessions."""
+    if not current_user.is_authenticated:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Authentication required"
+        )
+
+    sessions = db.query(ChatSession).filter(
+        ChatSession.user_id == current_user.id
+    ).order_by(ChatSession.updated_at.desc()).all()
+
+    return [
+        {
+            "id": session.id,
+            "title": session.title,
+            "created_at": session.created_at,
+            "updated_at": session.updated_at,
+            "messages": []  # Messages loaded separately
+        }
+        for session in sessions
+    ]
+
+
+@router.get("/sessions/{session_id}", response_model=ChatSessionResponse)
+async def get_chat_session(
+    session_id: str,
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user)
+):
+    """Get a specific chat session with messages."""
+    if not current_user.is_authenticated:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Authentication required"
+        )
+
+    # Check session ownership
+    session = db.query(ChatSession).filter(
+        ChatSession.id == session_id,
+        ChatSession.user_id == current_user.id
+    ).first()
+
+    if not session:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Chat session not found"
+        )
+
+    # Get messages
+    messages = db.query(ChatMessage).filter(
+        ChatMessage.chat_session_id == session_id
+    ).order_by(ChatMessage.created_at).all()
+
+    return {
+        "id": session.id,
+        "title": session.title,
+        "created_at": session.created_at,
+        "updated_at": session.updated_at,
+        "messages": [
+            {
+                "id": msg.id,
+                "role": msg.role,
+                "content": msg.content,
+                "created_at": msg.created_at.isoformat()
+            }
+            for msg in messages
+        ]
+    }
+
+
+@router.put("/sessions/{session_id}")
+async def update_chat_session(
+    session_id: str,
+    session_data: Dict[str, Any],
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user)
+):
+    """Update a chat session (e.g., title)."""
+    if not current_user.is_authenticated:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Authentication required"
+        )
+
+    # Check session ownership
+    session = db.query(ChatSession).filter(
+        ChatSession.id == session_id,
+        ChatSession.user_id == current_user.id
+    ).first()
+
+    if not session:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Chat session not found"
+        )
+
+    # Update allowed fields
+    if "title" in session_data:
+        session.title = session_data["title"]
+
+    session.updated_at = datetime.utcnow()
+    db.commit()
+    db.refresh(session)
+
+    return {
+        "id": session.id,
+        "title": session.title,
+        "created_at": session.created_at,
+        "updated_at": session.updated_at,
+        "messages": []
+    }
+
+
+@router.delete("/sessions/{session_id}")
+async def delete_chat_session(
+    session_id: str,
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user)
+):
+    """Delete a chat session."""
+    if not current_user.is_authenticated:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Authentication required"
+        )
+
+    # Check session ownership
+    session = db.query(ChatSession).filter(
+        ChatSession.id == session_id,
+        ChatSession.user_id == current_user.id
+    ).first()
+
+    if not session:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Chat session not found"
+        )
+
+    # Delete session (messages will be deleted via cascade)
+    db.delete(session)
+    db.commit()
+
+    return {"message": "Chat session deleted successfully"}
+
+
+@router.get("/anonymous/session-info")
+async def get_anonymous_session_info(
+    request: Request,
+    db: Session = Depends(get_db)
+):
+    """Get information about an anonymous session for migration preview."""
+    anonymous_session_id = request.headers.get("X-Anonymous-Session-ID")
+
+    if not anonymous_session_id:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Anonymous session ID required"
+        )
+
+    from src.services.session_migration import SessionMigrationService
+    migration_service = SessionMigrationService(db)
+
+    session_info = migration_service.get_anonymous_session_info(anonymous_session_id)
+
+    if not session_info:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Anonymous session not found"
+        )
+
+    return session_info
+
+
+@router.put("/messages/{message_id}/edit")
+@limiter.limit("30/minute")
+async def edit_message(
+    request: Request,
+    message_id: str,
+    edit_data: Dict[str, Any],
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user)
+):
+    """Edit a chat message (only user messages within 15 minutes)."""
+
+    # Validate edit data
+    new_content = edit_data.get("content")
+    if not new_content or not new_content.strip():
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Content is required and cannot be empty"
+        )
+
+    # Initialize the message editor service
+    editor_service = MessageEditorService(db)
+
+    # Check if message can be edited
+    can_edit = editor_service.can_edit_message(message_id, str(current_user.id))
+    if not can_edit["can_edit"]:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail=can_edit["reason"]
+        )
+
+    # Edit the message
+    result = editor_service.edit_message(
+        message_id=message_id,
+        new_content=new_content.strip(),
+        user_id=str(current_user.id),
+        edit_reason=edit_data.get("reason")
+    )
+
+    if not result["success"]:
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=result.get("error", "Failed to edit message")
+        )
+
+    return result
+
+
+@router.get("/messages/{message_id}/versions")
+@limiter.limit("60/minute")
+async def get_message_versions(
+    request: Request,
+    message_id: str,
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user)
+):
+    """Get version history of a message."""
+
+    editor_service = MessageEditorService(db)
+    result = editor_service.get_message_versions(message_id, str(current_user.id))
+
+    if not result["success"]:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=result.get("error", "Message not found")
+        )
+
+    return result
+
+
+class ChatSearchRequest(BaseModel):
+    """Chat search request model."""
+    query: str
+    session_id: Optional[str] = None
+    limit: Optional[int] = 50
+    offset: Optional[int] = 0
+    date_from: Optional[str] = None
+    date_to: Optional[str] = None
+    message_type: Optional[str] = None  # "user", "assistant", or None for all
+
+
+@router.post("/search")
+@limiter.limit("100/minute")
+async def search_chat_messages(
+    request: Request,
+    search_request: ChatSearchRequest,
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user)
+):
+    """Search chat messages for authenticated users."""
+
+    if not current_user.is_authenticated:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Authentication required for searching messages"
+        )
+
+    try:
+        # Build base query
+        query = db.query(ChatMessage).join(ChatSession).filter(
+            ChatSession.user_id == str(current_user.id)
+        )
+
+        # Filter by session if specified
+        if search_request.session_id:
+            query = query.filter(ChatMessage.chat_session_id == search_request.session_id)
+
+        # Filter by message type if specified
+        if search_request.message_type:
+            query = query.filter(ChatMessage.role == search_request.message_type)
+
+        # Filter by date range if provided
+        if search_request.date_from:
+            try:
+                date_from = datetime.fromisoformat(search_request.date_from.replace('Z', '+00:00'))
+                query = query.filter(ChatMessage.created_at >= date_from)
+            except ValueError:
+                pass  # Invalid date format, ignore filter
+
+        if search_request.date_to:
+            try:
+                date_to = datetime.fromisoformat(search_request.date_to.replace('Z', '+00:00'))
+                query = query.filter(ChatMessage.created_at <= date_to)
+            except ValueError:
+                pass  # Invalid date format, ignore filter
+
+        # Search in message content (case-insensitive)
+        if search_request.query:
+            search_term = f"%{search_request.query}%"
+            query = query.filter(ChatMessage.content.ilike(search_term))
+
+        # Get total count
+        total_count = query.count()
+
+        # Apply pagination and ordering
+        messages = query.order_by(ChatMessage.created_at.desc()).offset(
+            search_request.offset or 0
+        ).limit(search_request.limit or 50).all()
+
+        # Format results
+        results = []
+        for message in messages:
+            # Highlight matching text
+            content = message.content
+            if search_request.query:
+                # Simple highlighting (in production, you might want more sophisticated highlighting)
+                content = content.replace(
+                    search_request.query,
+                    f"**{search_request.query}**"
+                )
+
+            results.append({
+                "id": message.id,
+                "session_id": message.chat_session_id,
+                "role": message.role,
+                "content": content[:500] + ("..." if len(content) > 500 else ""),  # Preview
+                "full_content": content,
+                "created_at": message.created_at.isoformat(),
+                "edited_at": message.edited_at.isoformat() if message.edited_at else None,
+                "edit_count": message.edit_count or 0
+            })
+
+        return {
+            "results": results,
+            "total_count": total_count,
+            "query": search_request.query,
+            "limit": search_request.limit or 50,
+            "offset": search_request.offset or 0
+        }
+
+    except Exception as e:
+        logger.error(f"Search failed: {str(e)}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Search failed. Please try again."
+        )

src/api/routes/users.py

@@ -0,0 +1,381 @@
+"""
+User management API routes.
+
+This module provides endpoints for user profile management,
+onboarding, and preferences.
+"""
+
+from datetime import datetime
+from typing import Any, List
+from fastapi import APIRouter, Depends, HTTPException, status
+from sqlalchemy.orm import Session
+from pydantic import BaseModel
+
+from src.database.config import get_db
+from src.models.auth import User, UserBackground, OnboardingResponse, UserPreferences
+from src.schemas.auth import (
+    User as UserSchema,
+    UserBackground as UserBackgroundSchema,
+    UserBackgroundCreate,
+    UserBackgroundUpdate,
+    UserBackgroundResponse,
+    OnboardingResponse as OnboardingResponseSchema,
+    OnboardingResponseCreate,
+    OnboardingBatch,
+    UserPreferences as UserPreferencesSchema,
+    UserPreferencesUpdate,
+    UserPreferencesResponse,
+    SuccessResponse
+)
+from src.security.dependencies import get_current_active_user
+
+router = APIRouter(prefix="/users", tags=["users"])
+
+
+@router.get("/me", response_model=UserSchema)
+async def get_user_profile(
+    current_user: UserSchema = Depends(get_current_active_user)
+) -> Any:
+    """
+    Get current user's profile information.
+
+    Args:
+        current_user: Currently authenticated user
+
+    Returns:
+        User profile data
+    """
+    return current_user
+
+
+@router.put("/me", response_model=UserSchema)
+async def update_user_profile(
+    user_update: dict,
+    current_user: UserSchema = Depends(get_current_active_user),
+    db: Session = Depends(get_db)
+) -> Any:
+    """
+    Update current user's profile information.
+
+    Args:
+        user_update: User data to update
+        current_user: Currently authenticated user
+        db: Database session
+
+    Returns:
+        Updated user data
+    """
+    # Get user from database
+    db_user = db.query(User).filter(User.id == current_user.id).first()
+    if not db_user:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="User not found"
+        )
+
+    # Update allowed fields
+    if "name" in user_update and user_update["name"] is not None:
+        db_user.name = user_update["name"]
+
+    if "email" in user_update and user_update["email"] is not None:
+        # Check if email is already taken by another user
+        existing_user = db.query(User).filter(
+            User.email == user_update["email"],
+            User.id != current_user.id
+        ).first()
+        if existing_user:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Email already taken by another user"
+            )
+        db_user.email = user_update["email"]
+        db_user.email_verified = False  # Require re-verification
+
+    db_user.updated_at = datetime.utcnow()
+    db.commit()
+    db.refresh(db_user)
+
+    return db_user
+
+
+@router.get("/background", response_model=UserBackgroundResponse)
+async def get_user_background(
+    current_user: UserSchema = Depends(get_current_active_user),
+    db: Session = Depends(get_db)
+) -> Any:
+    """
+    Get user's background information.
+
+    Args:
+        current_user: Currently authenticated user
+        db: Database session
+
+    Returns:
+        User background data
+    """
+    background = db.query(UserBackground).filter(
+        UserBackground.user_id == current_user.id
+    ).first()
+
+    if not background:
+        # Return default background
+        return UserBackgroundResponse(
+            id="",
+            user_id=current_user.id,
+            experience_level="beginner",
+            years_experience=0,
+            preferred_languages=[],
+            hardware_expertise={"cpu": "none", "gpu": "none", "networking": "none"},
+            created_at=datetime.utcnow(),
+            updated_at=datetime.utcnow()
+        )
+
+    return background
+
+
+@router.post("/background", response_model=UserBackgroundResponse)
+async def create_or_update_user_background(
+    background_data: UserBackgroundCreate,
+    current_user: UserSchema = Depends(get_current_active_user),
+    db: Session = Depends(get_db)
+) -> Any:
+    """
+    Create or update user's background information.
+
+    Args:
+        background_data: User background data
+        current_user: Currently authenticated user
+        db: Database session
+
+    Returns:
+        Created/updated user background data
+    """
+    # Check if background exists
+    background = db.query(UserBackground).filter(
+        UserBackground.user_id == current_user.id
+    ).first()
+
+    if background:
+        # Update existing background
+        background.experience_level = background_data.experience_level
+        background.years_experience = background_data.years_experience
+        background.preferred_languages = background_data.preferred_languages
+        background.hardware_expertise = background_data.hardware_expertise
+        background.updated_at = datetime.utcnow()
+    else:
+        # Create new background
+        background = UserBackground(
+            user_id=current_user.id,
+            experience_level=background_data.experience_level,
+            years_experience=background_data.years_experience,
+            preferred_languages=background_data.preferred_languages,
+            hardware_expertise=background_data.hardware_expertise
+        )
+        db.add(background)
+
+    db.commit()
+    db.refresh(background)
+
+    return background
+
+
+@router.post("/onboarding", response_model=SuccessResponse)
+async def submit_onboarding(
+    onboarding_data: OnboardingBatch,
+    current_user: UserSchema = Depends(get_current_active_user),
+    db: Session = Depends(get_db)
+) -> Any:
+    """
+    Submit onboarding responses.
+
+    Args:
+        onboarding_data: Batch of onboarding responses
+        current_user: Currently authenticated user
+        db: Database session
+
+    Returns:
+        Success response
+    """
+    # Clear existing onboarding responses for this user
+    db.query(OnboardingResponse).filter(
+        OnboardingResponse.user_id == current_user.id
+    ).delete()
+
+    # Add new responses
+    for response_data in onboarding_data.responses:
+        response = OnboardingResponse(
+            user_id=current_user.id,
+            question_key=response_data.question_key,
+            response_value=response_data.response_value
+        )
+        db.add(response)
+
+    db.commit()
+
+    # Optionally update user background based on responses
+    background_responses = {
+        resp.question_key: resp.response_value
+        for resp in onboarding_data.responses
+    }
+
+    # Map onboarding responses to background fields
+    background_update = {}
+    if "experience_level_selection" in background_responses:
+        background_update["experience_level"] = background_responses["experience_level_selection"]
+    if "years_of_experience" in background_responses:
+        background_update["years_experience"] = int(background_responses["years_of_experience"])
+    if "preferred_languages" in background_responses:
+        background_update["preferred_languages"] = background_responses["preferred_languages"]
+    if "cpu_expertise" in background_responses:
+        if "hardware_expertise" not in background_update:
+            background_update["hardware_expertise"] = {}
+        background_update["hardware_expertise"]["cpu"] = background_responses["cpu_expertise"]
+    if "gpu_expertise" in background_responses:
+        if "hardware_expertise" not in background_update:
+            background_update["hardware_expertise"] = {}
+        background_update["hardware_expertise"]["gpu"] = background_responses["gpu_expertise"]
+    if "networking_expertise" in background_responses:
+        if "hardware_expertise" not in background_update:
+            background_update["hardware_expertise"] = {}
+        background_update["hardware_expertise"]["networking"] = background_responses["networking_expertise"]
+
+    # Create or update user background
+    if background_update:
+        background = db.query(UserBackground).filter(
+            UserBackground.user_id == current_user.id
+        ).first()
+
+        if background:
+            # Update existing background
+            for key, value in background_update.items():
+                if hasattr(background, key):
+                    setattr(background, key, value)
+            background.updated_at = datetime.utcnow()
+        else:
+            # Create new background
+            # Set default values for missing fields
+            full_background = {
+                "user_id": current_user.id,
+                "experience_level": "beginner",
+                "years_experience": 0,
+                "preferred_languages": [],
+                "hardware_expertise": {"cpu": "none", "gpu": "none", "networking": "none"},
+                **background_update
+            }
+            background = UserBackground(**full_background)
+            db.add(background)
+
+        db.commit()
+
+    return {"success": True, "message": "Onboarding responses saved successfully"}
+
+
+@router.get("/onboarding", response_model=List[OnboardingResponseSchema])
+async def get_onboarding_responses(
+    current_user: UserSchema = Depends(get_current_active_user),
+    db: Session = Depends(get_db)
+) -> Any:
+    """
+    Get user's onboarding responses.
+
+    Args:
+        current_user: Currently authenticated user
+        db: Database session
+
+    Returns:
+        List of onboarding responses
+    """
+    responses = db.query(OnboardingResponse).filter(
+        OnboardingResponse.user_id == current_user.id
+    ).all()
+
+    return responses
+
+
+@router.get("/preferences", response_model=UserPreferencesResponse)
+async def get_user_preferences(
+    current_user: UserSchema = Depends(get_current_active_user),
+    db: Session = Depends(get_db)
+) -> Any:
+    """
+    Get user's preferences.
+
+    Args:
+        current_user: Currently authenticated user
+        db: Database session
+
+    Returns:
+        User preferences data
+    """
+    preferences = db.query(UserPreferences).filter(
+        UserPreferences.user_id == current_user.id
+    ).first()
+
+    if not preferences:
+        # Return default preferences
+        return UserPreferencesResponse(
+            id="",
+            user_id=current_user.id,
+            theme="auto",
+            language="en",
+            notification_settings={
+                "email_responses": False,
+                "browser_notifications": True,
+                "marketing_emails": False
+            },
+            created_at=datetime.utcnow(),
+            updated_at=datetime.utcnow()
+        )
+
+    return preferences
+
+
+@router.put("/preferences", response_model=UserPreferencesResponse)
+async def update_user_preferences(
+    preferences_data: UserPreferencesUpdate,
+    current_user: UserSchema = Depends(get_current_active_user),
+    db: Session = Depends(get_db)
+) -> Any:
+    """
+    Update user's preferences.
+
+    Args:
+        preferences_data: Preferences data to update
+        current_user: Currently authenticated user
+        db: Database session
+
+    Returns:
+        Updated preferences data
+    """
+    # Get or create preferences
+    preferences = db.query(UserPreferences).filter(
+        UserPreferences.user_id == current_user.id
+    ).first()
+
+    if preferences:
+        # Update existing preferences
+        if preferences_data.theme is not None:
+            preferences.theme = preferences_data.theme
+        if preferences_data.language is not None:
+            preferences.language = preferences_data.language
+        if preferences_data.notification_settings is not None:
+            preferences.notification_settings.update(preferences_data.notification_settings)
+        preferences.updated_at = datetime.utcnow()
+    else:
+        # Create new preferences with defaults
+        preferences = UserPreferences(
+            user_id=current_user.id,
+            theme=preferences_data.theme or "auto",
+            language=preferences_data.language or "en",
+            notification_settings=preferences_data.notification_settings or {
+                "email_responses": False,
+                "browser_notifications": True,
+                "marketing_emails": False
+            }
+        )
+        db.add(preferences)
+
+    db.commit()
+    db.refresh(preferences)
+
+    return preferences

src/database/base.py

@@ -0,0 +1,31 @@
+"""
+Base model and database configuration.
+"""
+
+from sqlalchemy import create_engine
+from sqlalchemy.ext.declarative import declarative_base
+from sqlalchemy.orm import sessionmaker
+import os
+
+# Create the declarative base
+Base = declarative_base()
+
+# Database URL from environment
+DATABASE_URL = os.getenv("DATABASE_URL", "sqlite:///./app.db")
+
+# Create engine
+engine = create_engine(
+    DATABASE_URL,
+    connect_args={"check_same_thread": False} if "sqlite" in DATABASE_URL else {}
+)
+
+# Create session factory
+SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
+
+# Dependency to get DB session
+def get_db():
+    db = SessionLocal()
+    try:
+        yield db
+    finally:
+        db.close()

src/database/config.py

@@ -0,0 +1,77 @@
+"""
+Database configuration for the AI Book application.
+"""
+
+import os
+from sqlalchemy import create_engine, MetaData
+from sqlalchemy.orm import sessionmaker
+from sqlalchemy.pool import StaticPool
+
+# Database URL from environment
+DATABASE_URL = os.getenv(
+    "DATABASE_URL",
+    "sqlite:///./app.db"
+)
+
+# Create engine
+if "sqlite" in DATABASE_URL:
+    engine = create_engine(
+        DATABASE_URL,
+        connect_args={
+            "check_same_thread": False,
+            "timeout": 30
+        },
+        poolclass=StaticPool,
+        echo=os.getenv("DEBUG", "false").lower() == "true"
+    )
+else:
+    engine = create_engine(
+        DATABASE_URL,
+        pool_pre_ping=True,
+        echo=os.getenv("DEBUG", "false").lower() == "true"
+    )
+
+# Create session factory
+SessionLocal = sessionmaker(
+    autocommit=False,
+    autoflush=False,
+    bind=engine
+)
+
+# Metadata for migrations
+metadata = MetaData()
+
+# Dependency to get DB session
+def get_db():
+    """
+    Dependency to get database session.
+    """
+    db = SessionLocal()
+    try:
+        yield db
+    finally:
+        db.close()
+
+# Initialize database
+def init_db():
+    """
+    Initialize database with all tables.
+    """
+    from src.models.auth import Base
+    from src.models.chat import Base
+
+    # Import all models to ensure they are registered
+    Base.metadata.create_all(bind=engine)
+
+# Test database connection
+def test_connection():
+    """
+    Test database connection.
+    """
+    try:
+        with engine.connect() as connection:
+            connection.execute("SELECT 1")
+        return True
+    except Exception as e:
+        print(f"Database connection failed: {e}")
+        return False

src/models/auth.py

@@ -0,0 +1,286 @@
+"""
+Authentication models for the AI Book application.
+
+This module contains SQLAlchemy models for user authentication,
+sessions, and related entities.
+"""
+
+from typing import Optional
+from enum import Enum
+
+from sqlalchemy import (
+    Column, String, Boolean, Integer, DateTime,
+    Text, JSON, ForeignKey, Enum as SQLEnum, func
+)
+from sqlalchemy.orm import relationship
+import uuid
+
+from src.database.base import Base
+
+
+class User(Base):
+    """Represents a registered user with email/password authentication."""
+
+    __tablename__ = "users"
+
+    id = Column(String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
+    email = Column(String(255), unique=True, nullable=False, index=True)
+    password_hash = Column(String(255), nullable=False)
+    name = Column(String(100), nullable=True)
+    image_url = Column(String(500), nullable=True)
+    email_verified = Column(Boolean, default=False, nullable=False)
+    created_at = Column(DateTime(timezone=True), server_default=func.now(), nullable=False)
+    updated_at = Column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now(), nullable=False)
+
+    # Relationships
+    accounts = relationship("Account", back_populates="user", cascade="all, delete-orphan")
+    sessions = relationship("Session", back_populates="user", cascade="all, delete-orphan")
+    background = relationship("UserBackground", back_populates="user", uselist=False, cascade="all, delete-orphan")
+    preferences = relationship("UserPreferences", back_populates="user", uselist=False, cascade="all, delete-orphan")
+    password_reset_tokens = relationship("PasswordResetToken", back_populates="user", cascade="all, delete-orphan")
+    onboarding_responses = relationship("OnboardingResponse", back_populates="user", cascade="all, delete-orphan")
+    chat_sessions = relationship("ChatSession", back_populates="user", cascade="all, delete-orphan")
+    folders = relationship("ChatFolder", back_populates="user", cascade="all, delete-orphan")
+    tags = relationship("ChatTag", back_populates="user", cascade="all, delete-orphan")
+
+
+class Account(Base):
+    """OAuth provider accounts (Google, etc.) linked to users."""
+
+    __tablename__ = "accounts"
+
+    id = Column(Integer, primary_key=True, index=True)
+    user_id = Column(String(36), ForeignKey("users.id"), nullable=False)
+    provider = Column(String, nullable=False)  # 'google', 'github', etc.
+    provider_account_id = Column(String, nullable=False)
+    access_token = Column(Text, nullable=True)
+    refresh_token = Column(Text, nullable=True)
+    expires_at = Column(DateTime(timezone=True), nullable=True)
+    token_type = Column(String, nullable=True)
+    scope = Column(String, nullable=True)
+    created_at = Column(DateTime(timezone=True), server_default=func.now(), nullable=False)
+    updated_at = Column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now(), nullable=False)
+
+    # Relationships
+    user = relationship("User", back_populates="accounts")
+
+
+class UserBackground(Base):
+    """Stores user's technical background for personalization."""
+
+    __tablename__ = "user_backgrounds"
+
+    class ExperienceLevel(str, Enum):
+        BEGINNER = "Beginner"
+        INTERMEDIATE = "Intermediate"
+        ADVANCED = "Advanced"
+
+    class HardwareExpertise(str, Enum):
+        NONE = "None"
+        ARDUINO = "Arduino"
+        ROS_PRO = "ROS-Pro"
+
+    id = Column(String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
+    user_id = Column(String(36), ForeignKey("users.id"), nullable=False, unique=True)
+    experience_level = Column(SQLEnum(ExperienceLevel), nullable=False)
+    years_of_experience = Column(Integer, nullable=False, default=0)
+    preferred_languages = Column(JSON, nullable=False, default=list)
+    hardware_expertise = Column(SQLEnum(HardwareExpertise), nullable=False, default=HardwareExpertise.NONE)
+    created_at = Column(DateTime(timezone=True), server_default=func.now(), nullable=False)
+    updated_at = Column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now(), nullable=False)
+
+    # Relationships
+    user = relationship("User", back_populates="background")
+
+
+class OnboardingResponse(Base):
+    """Captures individual onboarding question responses."""
+
+    __tablename__ = "onboarding_responses"
+
+    id = Column(String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
+    user_id = Column(String(36), ForeignKey("users.id"), nullable=False)
+    question_key = Column(String(100), nullable=False)
+    response_value = Column(JSON, nullable=False)
+    created_at = Column(DateTime(timezone=True), server_default=func.now(), nullable=False)
+
+    # Relationships
+    user = relationship("User", back_populates="onboarding_responses")
+
+
+class Session(Base):
+    """Active user authentication sessions with sliding expiration."""
+
+    __tablename__ = "sessions"
+
+    id = Column(String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
+    user_id = Column(String(36), ForeignKey("users.id"), nullable=False)
+    token_hash = Column(String(255), nullable=False, unique=True)
+    expires_at = Column(DateTime(timezone=True), nullable=False)
+    created_at = Column(DateTime(timezone=True), server_default=func.now(), nullable=False)
+    ip_address = Column(String(45), nullable=True)  # IPv6 compatible
+    user_agent = Column(Text, nullable=True)
+
+    # Relationships
+    user = relationship("User", back_populates="sessions")
+
+
+class PasswordResetToken(Base):
+    """Temporary tokens for secure password reset."""
+
+    __tablename__ = "password_reset_tokens"
+
+    id = Column(String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
+    user_id = Column(String(36), ForeignKey("users.id"), nullable=False)
+    token = Column(String(255), nullable=False, unique=True)
+    expires_at = Column(DateTime(timezone=True), nullable=False)
+    created_at = Column(DateTime(timezone=True), server_default=func.now(), nullable=False)
+    used = Column(Boolean, default=False, nullable=False)
+
+    # Relationships
+    user = relationship("User", back_populates="password_reset_tokens")
+
+
+class AnonymousSession(Base):
+    """Temporary session for anonymous chat users."""
+
+    __tablename__ = "anonymous_sessions"
+
+    id = Column(String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
+    message_count = Column(Integer, default=0, nullable=False)
+    created_at = Column(DateTime(timezone=True), server_default=func.now(), nullable=False)
+    last_activity = Column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now(), nullable=False)
+
+    # Relationships - ChatSession links to AnonymousSession, not ChatMessage directly
+    chat_sessions = relationship("ChatSession", back_populates="anonymous_session")
+
+
+class ChatSession(Base):
+    """Conversation threads associated with users or anonymous sessions."""
+
+    __tablename__ = "chat_sessions"
+
+    id = Column(String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
+    user_id = Column(String(36), ForeignKey("users.id"), nullable=True)
+    anonymous_session_id = Column(String(36), ForeignKey("anonymous_sessions.id"), nullable=True)
+    folder_id = Column(String(36), ForeignKey("chat_folders.id"), nullable=True)
+    title = Column(String(255), nullable=False, default="New Chat")
+    created_at = Column(DateTime(timezone=True), server_default=func.now(), nullable=False)
+    updated_at = Column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now(), nullable=False)
+
+    # Relationships
+    user = relationship("User", back_populates="chat_sessions")
+    anonymous_session = relationship("AnonymousSession")
+    folder = relationship("ChatFolder", back_populates="chat_sessions")
+    chat_messages = relationship("ChatMessage", back_populates="chat_session", cascade="all, delete-orphan")
+
+
+class ChatMessage(Base):
+    """Individual messages within chat sessions."""
+
+    __tablename__ = "chat_messages"
+
+    class Role(str, Enum):
+        USER = "user"
+        ASSISTANT = "assistant"
+        SYSTEM = "system"
+
+    id = Column(String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
+    chat_session_id = Column(String(36), ForeignKey("chat_sessions.id"), nullable=False)
+    role = Column(SQLEnum(Role), nullable=False)
+    content = Column(Text, nullable=False)
+    message_metadata = Column(JSON, nullable=True)
+    created_at = Column(DateTime(timezone=True), server_default=func.now(), nullable=False)
+    updated_at = Column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now(), nullable=False)
+    edited_at = Column(DateTime(timezone=True), nullable=True)
+    edit_count = Column(Integer, default=0, nullable=False)
+
+    # Relationships
+    chat_session = relationship("ChatSession", back_populates="chat_messages")
+    versions = relationship("MessageVersion", back_populates="message", cascade="all, delete-orphan")
+
+
+class UserPreferences(Base):
+    """User-specific settings and preferences."""
+    __tablename__ = "user_preferences"
+
+    class Theme(str, Enum):
+        LIGHT = "light"
+        DARK = "dark"
+        AUTO = "auto"
+
+    id = Column(String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
+    user_id = Column(String(36), ForeignKey("users.id"), nullable=False, unique=True)
+    theme = Column(SQLEnum(Theme), default=Theme.AUTO, nullable=False)
+    language = Column(String(10), default="en", nullable=False)
+    notification_settings = Column(JSON, nullable=False, default=dict)
+    created_at = Column(DateTime(timezone=True), server_default=func.now(), nullable=False)
+    updated_at = Column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now(), nullable=False)
+
+    # Relationships
+    user = relationship("User", back_populates="preferences")
+
+
+class MessageVersion(Base):
+    """Track version history of edited messages."""
+
+    __tablename__ = "message_versions"
+
+    id = Column(String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
+    message_id = Column(String(36), ForeignKey("chat_messages.id"), nullable=False)
+    version_number = Column(Integer, nullable=False)
+    content = Column(Text, nullable=False)
+    created_at = Column(DateTime(timezone=True), server_default=func.now(), nullable=False)
+    edit_reason = Column(String(500), nullable=True)  # Optional reason for editing
+
+    # Relationships
+    message = relationship("ChatMessage", back_populates="versions")
+
+
+class ChatFolder(Base):
+    """User-defined folders for organizing chat sessions."""
+
+    __tablename__ = "chat_folders"
+
+    id = Column(String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
+    user_id = Column(String(36), ForeignKey("users.id"), nullable=False)
+    name = Column(String(100), nullable=False)
+    description = Column(Text, nullable=True)
+    color = Column(String(7), nullable=True)  # Hex color code
+    created_at = Column(DateTime(timezone=True), server_default=func.now(), nullable=False)
+    updated_at = Column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now(), nullable=False)
+
+    # Relationships
+    user = relationship("User", back_populates="folders")
+    chat_sessions = relationship("ChatSession", back_populates="folder")
+
+
+class ChatTag(Base):
+    """Tags for categorizing chat sessions."""
+
+    __tablename__ = "chat_tags"
+
+    id = Column(String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
+    user_id = Column(String(36), ForeignKey("users.id"), nullable=False)
+    name = Column(String(50), nullable=False)
+    color = Column(String(7), nullable=True)  # Hex color code
+    created_at = Column(DateTime(timezone=True), server_default=func.now(), nullable=False)
+
+    # Relationships
+    user = relationship("User", back_populates="tags")
+
+
+class MessageReaction(Base):
+    """Reactions/em responses to chat messages."""
+
+    __tablename__ = "message_reactions"
+
+    id = Column(String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
+    message_id = Column(String(36), ForeignKey("chat_messages.id"), nullable=False)
+    user_id = Column(String(36), ForeignKey("users.id"), nullable=False)
+    emoji = Column(String(50), nullable=False)  # Emoji or reaction name
+    created_at = Column(DateTime(timezone=True), server_default=func.now(), nullable=False)
+
+    # Relationships
+    message = relationship("ChatMessage")
+    user = relationship("User")

src/models/chat.py

@@ -0,0 +1,38 @@
+"""
+Chat models for the AI Book application.
+
+This module contains SQLAlchemy models for chat functionality.
+"""
+
+from datetime import datetime
+from enum import Enum
+import uuid
+
+from sqlalchemy import (
+    Column, String, DateTime, Text, JSON, ForeignKey, Enum as SQLEnum, func
+)
+from sqlalchemy.orm import relationship
+
+from src.database.base import Base
+
+
+class ChatMessage(Base):
+    """Individual messages within chat sessions."""
+
+    class Role(str, Enum):
+        USER = "user"
+        ASSISTANT = "assistant"
+        SYSTEM = "system"
+
+    __tablename__ = "chat_messages"
+
+    id = Column(String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
+    chat_session_id = Column(String(36), ForeignKey("chat_sessions.id"), nullable=False)
+    role = Column(SQLEnum(Role), nullable=False)
+    content = Column(Text, nullable=False)
+    metadata = Column(JSON, nullable=True)
+    created_at = Column(DateTime(timezone=True), server_default=func.now(), nullable=False)
+
+    # Relationships
+    chat_session = relationship("ChatSession", back_populates="chat_messages")
+    anonymous_session = relationship("AnonymousSession", back_populates="chat_messages")

src/schemas/auth.py

@@ -0,0 +1,344 @@
+"""
+Pydantic schemas for authentication-related data structures.
+"""
+
+from datetime import datetime
+from typing import Optional, List, Dict, Any
+from enum import Enum
+from pydantic import BaseModel, EmailStr, Field, validator
+
+
+# Base schemas
+class BaseSchema(BaseModel):
+    """Base schema with common configuration."""
+    class Config:
+        from_attributes = True
+        json_encoders = {
+            datetime: lambda v: v.isoformat()
+        }
+
+
+# User schemas
+class UserBase(BaseSchema):
+    """Base user schema."""
+    email: EmailStr
+    name: Optional[str] = None
+    email_verified: bool = False
+
+
+class UserCreate(BaseSchema):
+    """Schema for creating a user."""
+    email: EmailStr
+    password: str
+    name: Optional[str] = None
+
+    # Optional background fields for knowledge collection
+    software_experience: Optional[str] = None
+    hardware_expertise: Optional[str] = None
+    years_of_experience: Optional[int] = None
+    primary_interest: Optional[str] = None
+
+    @validator('password')
+    def validate_password(cls, v):
+        if len(v) < 8:
+            raise ValueError('Password must be at least 8 characters long')
+        if not any(c.isalpha() for c in v):
+            raise ValueError('Password must contain at least one letter')
+        if not any(c.isdigit() for c in v):
+            raise ValueError('Password must contain at least one number')
+        return v
+
+    @validator('software_experience')
+    def validate_software_experience(cls, v):
+        if v is not None and v not in ['Beginner', 'Intermediate', 'Advanced']:
+            raise ValueError('Software experience must be one of: Beginner, Intermediate, Advanced')
+        return v
+
+    @validator('hardware_expertise')
+    def validate_hardware_expertise(cls, v):
+        if v is not None and v not in ['None', 'Arduino', 'ROS-Pro']:
+            raise ValueError('Hardware expertise must be one of: None, Arduino, ROS-Pro')
+        return v
+
+    @validator('years_of_experience')
+    def validate_years_of_experience(cls, v):
+        if v is not None and (v < 0 or v > 50):
+            raise ValueError('Years of experience must be between 0 and 50')
+        return v
+
+    @validator('primary_interest')
+    def validate_primary_interest(cls, v):
+        if v is not None and v not in [
+            'Computer Vision', 'Machine Learning', 'Control Systems',
+            'Path Planning', 'State Estimation', 'Sensors & Perception',
+            'Hardware Integration', 'Human-Robot Interaction', 'All of the Above'
+        ]:
+            raise ValueError('Primary interest must be one of: Computer Vision, Machine Learning, Control Systems, Path Planning, State Estimation, Sensors & Perception, Hardware Integration, Human-Robot Interaction, or All of the Above')
+        return v
+
+
+class UserUpdate(BaseSchema):
+    """Schema for updating a user."""
+    name: Optional[str] = None
+    email: Optional[EmailStr] = None
+
+
+class UserResponse(BaseSchema):
+    """Schema for user response."""
+    id: str
+    email: str
+    name: Optional[str]
+    email_verified: bool
+    created_at: datetime
+    updated_at: datetime
+
+
+# Authentication schemas
+class Token(BaseSchema):
+    """Token schema."""
+    access_token: str
+    token_type: str = "bearer"
+    expires_in: int
+
+
+class TokenData(BaseSchema):
+    """Token data schema."""
+    user_id: Optional[str] = None
+
+
+class LoginRequest(BaseSchema):
+    """Schema for login request."""
+    username: str = Field(..., description="Email address (OAuth2PasswordRequestForm uses 'username' field)")
+    password: str
+
+
+class LoginResponse(BaseSchema):
+    """Schema for login response."""
+    access_token: str
+    token_type: str
+    expires_in: int
+    user: UserResponse
+
+
+# User background schemas
+class ExperienceLevel(str, Enum):
+    """Experience level enum."""
+    BEGINNER = "beginner"
+    INTERMEDIATE = "intermediate"
+    ADVANCED = "advanced"
+
+
+class HardwareExpertise(BaseSchema):
+    """Hardware expertise schema."""
+    cpu: str
+    gpu: str
+    networking: str
+
+
+class UserBackgroundBase(BaseSchema):
+    """Base user background schema."""
+    experience_level: ExperienceLevel
+    years_experience: int = Field(..., ge=0, le=50)
+    preferred_languages: List[str] = Field(default_factory=list)
+    hardware_expertise: HardwareExpertise
+
+
+class UserBackgroundCreate(UserBackgroundBase):
+    """Schema for creating user background."""
+    pass
+
+
+class UserBackgroundUpdate(BaseSchema):
+    """Schema for updating user background."""
+    experience_level: Optional[ExperienceLevel] = None
+    years_experience: Optional[int] = Field(None, ge=0, le=50)
+    preferred_languages: Optional[List[str]] = None
+    hardware_expertise: Optional[HardwareExpertise] = None
+
+
+class UserBackgroundResponse(UserBackgroundBase):
+    """Schema for user background response."""
+    id: str
+    user_id: str
+    created_at: datetime
+    updated_at: datetime
+
+
+# Onboarding schemas
+class OnboardingQuestion(str, Enum):
+    """Onboarding question keys."""
+    EXPERIENCE_LEVEL = "experience_level_selection"
+    YEARS_OF_EXPERIENCE = "years_of_experience"
+    PREFERRED_LANGUAGES = "preferred_languages"
+    CPU_EXPERTISE = "cpu_expertise"
+    GPU_EXPERTISE = "gpu_expertise"
+    NETWORKING_EXPERTISE = "networking_expertise"
+
+
+class OnboardingResponseBase(BaseSchema):
+    """Base onboarding response schema."""
+    question_key: OnboardingQuestion
+    response_value: Any
+
+
+class OnboardingResponseCreate(OnboardingResponseBase):
+    """Schema for creating onboarding response."""
+    pass
+
+
+class OnboardingResponseResponse(OnboardingResponseBase):
+    """Schema for onboarding response."""
+    id: str
+    user_id: str
+    created_at: datetime
+
+
+class OnboardingBatch(BaseSchema):
+    """Schema for batch onboarding submission."""
+    responses: List[OnboardingResponseCreate]
+
+
+# Password reset schemas
+class PasswordResetRequest(BaseSchema):
+    """Schema for password reset request."""
+    email: EmailStr
+
+
+class PasswordResetConfirm(BaseSchema):
+    """Schema for password reset confirmation."""
+    token: str
+    new_password: str
+
+    @validator('new_password')
+    def validate_new_password(cls, v):
+        if len(v) < 8:
+            raise ValueError('Password must be at least 8 characters long')
+        if not any(c.isalpha() for c in v):
+            raise ValueError('Password must contain at least one letter')
+        if not any(c.isdigit() for c in v):
+            raise ValueError('Password must contain at least one number')
+        return v
+
+
+# User preferences schemas
+class Theme(str, Enum):
+    """Theme options."""
+    LIGHT = "light"
+    DARK = "dark"
+    AUTO = "auto"
+
+
+class NotificationSettings(BaseSchema):
+    """Notification settings schema."""
+    email_responses: bool = False
+    browser_notifications: bool = True
+    marketing_emails: bool = False
+
+
+class UserPreferencesBase(BaseSchema):
+    """Base user preferences schema."""
+    theme: Theme = Theme.AUTO
+    language: str = "en"
+    notification_settings: NotificationSettings
+
+
+class UserPreferencesUpdate(BaseSchema):
+    """Schema for updating user preferences."""
+    theme: Optional[Theme] = None
+    language: Optional[str] = None
+    notification_settings: Optional[NotificationSettings] = None
+
+
+class UserPreferencesResponse(UserPreferencesBase):
+    """Schema for user preferences response."""
+    id: str
+    user_id: str
+    created_at: datetime
+    updated_at: datetime
+
+
+# Chat schemas
+class ChatMessageRole(str, Enum):
+    """Chat message role enum."""
+    USER = "user"
+    ASSISTANT = "assistant"
+    SYSTEM = "system"
+
+
+class ChatMessageBase(BaseSchema):
+    """Base chat message schema."""
+    role: ChatMessageRole
+    content: str
+    metadata: Optional[Dict[str, Any]] = None
+
+
+class ChatMessageCreate(ChatMessageBase):
+    """Schema for creating chat message."""
+    chat_session_id: str
+
+
+class ChatMessageResponse(ChatMessageBase):
+    """Schema for chat message response."""
+    id: str
+    chat_session_id: str
+    created_at: datetime
+
+
+class ChatSessionBase(BaseSchema):
+    """Base chat session schema."""
+    title: str = "New Chat"
+
+
+class ChatSessionCreate(ChatSessionBase):
+    """Schema for creating chat session."""
+    user_id: Optional[str] = None
+    anonymous_session_id: Optional[str] = None
+
+
+class ChatSessionResponse(ChatSessionBase):
+    """Schema for chat session response."""
+    id: str
+    user_id: Optional[str]
+    anonymous_session_id: Optional[str]
+    created_at: datetime
+    updated_at: datetime
+    messages: List[ChatMessageResponse] = []
+
+
+# Anonymous session schemas
+class AnonymousSessionResponse(BaseSchema):
+    """Schema for anonymous session response."""
+    id: str
+    message_count: int
+    remaining_messages: int
+    created_at: datetime
+    last_activity: datetime
+    is_expired: bool
+    can_send_message: bool
+
+
+# API response schemas
+class SuccessResponse(BaseSchema):
+    """Success response schema."""
+    success: bool = True
+    message: str
+    data: Optional[Any] = None
+
+
+class ErrorResponse(BaseSchema):
+    """Error response schema."""
+    success: bool = False
+    error: str
+    detail: Optional[str] = None
+
+
+# Health check schemas
+class HealthResponse(BaseSchema):
+    """Health check response schema."""
+    status: str
+    timestamp: datetime
+    version: Optional[str] = None
+
+
+# Alias for backward compatibility
+User = UserResponse

src/security/dependencies.py

@@ -0,0 +1,289 @@
+"""
+FastAPI security dependencies for authentication.
+
+This module provides dependency functions for protecting routes
+with JWT authentication and authorization.
+"""
+
+from typing import Optional
+from fastapi import Depends, HTTPException, status, Request
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials, OAuth2PasswordRequestForm
+from sqlalchemy.orm import Session
+from datetime import datetime, timedelta
+
+from src.database.config import get_db
+from src.models.auth import User, Session, AnonymousSession
+from src.services.auth import verify_token, SECRET_KEY, ALGORITHM
+from src.services.auth import verify_password, get_password_hash
+from src.schemas.auth import TokenData
+
+# HTTP Bearer scheme for token authentication
+bearer_scheme = HTTPBearer(auto_error=False)
+
+# OAuth2PasswordRequestForm for login
+oauth2_scheme = OAuth2PasswordRequestForm
+
+
+def get_current_user_token(
+    credentials: Optional[HTTPAuthorizationCredentials] = Depends(bearer_scheme)
+) -> str:
+    """
+    Extract and verify JWT token from Authorization header.
+
+    Returns:
+        The token string if valid
+    """
+    if credentials is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Not authenticated",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+    token = credentials.credentials
+    payload = verify_token(token)
+
+    if payload is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid authentication credentials",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+    # Check token expiration
+    exp = payload.get("exp")
+    if exp is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Token missing expiration",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+    if datetime.utcnow().timestamp() > exp:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Token has expired",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+    return token
+
+
+def get_current_user(
+    token: str = Depends(get_current_user_token),
+    db: Session = Depends(get_db)
+) -> User:
+    """
+    Get the current authenticated user from JWT token.
+
+    Returns:
+        The authenticated user object
+    """
+    # Verify token and get user_id
+    payload = verify_token(token)
+    if payload is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid authentication credentials"
+        )
+
+    user_id = payload.get("sub")
+    if user_id is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid authentication credentials"
+        )
+
+    # Get user from database
+    user = db.query(User).filter(User.id == user_id).first()
+    if user is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="User not found"
+        )
+
+    # Check if user is verified (optional)
+    if not user.email_verified:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Email not verified. Please verify your email first."
+        )
+
+    return user
+
+
+def get_current_active_user(
+    current_user: User = Depends(get_current_user)
+) -> User:
+    """
+    Get the current active user.
+
+    This is a placeholder for future user status checks.
+    """
+    # In the future, you might check if user is active, suspended, etc.
+    return current_user
+
+
+def get_optional_current_user(
+    credentials: Optional[HTTPAuthorizationCredentials] = Depends(bearer_scheme),
+    db: Session = Depends(get_db)
+) -> Optional[User]:
+    """
+    Get the current user if authenticated, but don't raise an error if not.
+
+    Returns:
+        The authenticated user object or None
+    """
+    if credentials is None:
+        return None
+
+    try:
+        token = credentials.credentials
+        payload = verify_token(token)
+
+        if payload is None:
+            return None
+
+        user_id = payload.get("sub")
+        if user_id is None:
+            return None
+
+        user = db.query(User).filter(User.id == user_id).first()
+        return user if user and user.email_verified else None
+
+    except Exception:
+        return None
+
+
+def get_current_user_with_session(
+    token: str = Depends(get_current_user_token),
+    db: Session = Depends(get_db)
+) -> tuple[User, Session]:
+    """
+    Get the current user and their active session.
+
+    Returns:
+        Tuple of (user, session) objects
+    """
+    # Get user
+    payload = verify_token(token)
+    if payload is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid authentication credentials"
+        )
+
+    user_id = payload.get("sub")
+    if user_id is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid authentication credentials"
+        )
+
+    # Get user and session from database
+    user = db.query(User).filter(User.id == user_id).first()
+    if user is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="User not found"
+        )
+
+    # Get active session
+    session = db.query(Session).filter(
+        Session.user_id == user_id,
+        Session.expires_at > datetime.utcnow()
+    ).first()
+
+    if session is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="No active session found. Please login again."
+        )
+
+    return user, session
+
+
+def validate_anonymous_session(
+    request: Request,
+    db: Session = Depends(get_db)
+) -> Optional[str]:
+    """
+    Validate and extract anonymous session from request headers.
+
+    Returns:
+        Anonymous session ID if valid, None otherwise
+    """
+    # Get session ID from header or cookie
+    session_id = request.headers.get("X-Anonymous-Session-ID")
+
+    if not session_id:
+        # Check for session cookie
+        session_id = request.cookies.get("anonymous_session_id")
+
+    if not session_id:
+        return None
+
+    # Verify session exists and is not expired
+    from src.services.anonymous import AnonymousSessionService
+    anon_service = AnonymousSessionService(db)
+
+    session = anon_service.get_session(session_id)
+    if not session or anon_service.is_session_expired(session_id):
+        return None
+
+    return session_id
+
+
+def require_auth(user: Optional[User] = Depends(get_optional_current_user)):
+    """
+    Dependency that requires authentication but provides a user object.
+    """
+    if user is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Authentication required"
+        )
+    return user
+
+
+def get_current_user_or_anonymous(
+    request: Request,
+    credentials: Optional[HTTPAuthorizationCredentials] = Depends(bearer_scheme),
+    db: Session = Depends(get_db)
+) -> User:
+    """
+    Get the current authenticated user or create an anonymous user.
+
+    Returns:
+        User object (authenticated or anonymous)
+    """
+    # Try to get authenticated user
+    if credentials:
+        try:
+            token = credentials.credentials
+            payload = verify_token(token)
+
+            if payload:
+                user_id = payload.get("sub")
+                if user_id:
+                    user = db.query(User).filter(User.id == user_id).first()
+                    if user and user.email_verified:
+                        user.is_authenticated = True
+                        return user
+        except Exception:
+            pass
+
+    # Create anonymous user object
+    anon_user = User(
+        id="anonymous",
+        email="[email protected]",
+        email_verified=False
+    )
+    anon_user.is_authenticated = False
+    return anon_user
+
+
+# Common dependency for protecting routes
+CurrentUser = Depends(get_current_active_user)
+OptionalCurrentUser = Depends(get_optional_current_user)
+RequireAuth = Depends(require_auth)

src/services/anonymous.py

@@ -0,0 +1,183 @@
+"""
+Anonymous session tracking service.
+
+This module provides utilities for managing anonymous user sessions
+with message limits and migration to authenticated accounts.
+"""
+
+import uuid
+from datetime import datetime, timedelta
+from typing import Optional, Dict, List, Any
+from sqlalchemy.orm import Session
+from fastapi import HTTPException, status
+
+from src.models.auth import AnonymousSession, ChatSession, ChatMessage, User
+
+
+class AnonymousSessionService:
+    """Service for managing anonymous user sessions."""
+
+    MAX_MESSAGES = 3  # Maximum messages per anonymous session
+    SESSION_DURATION_HOURS = 24  # Session duration in hours
+
+    def __init__(self, db: Session):
+        self.db = db
+
+    def create_session(self) -> AnonymousSession:
+        """Create a new anonymous session."""
+        session = AnonymousSession(
+            id=str(uuid.uuid4()),
+            message_count=0,
+            created_at=datetime.utcnow(),
+            last_activity=datetime.utcnow()
+        )
+        self.db.add(session)
+        self.db.commit()
+        self.db.refresh(session)
+        return session
+
+    def get_session(self, session_id: str) -> Optional[AnonymousSession]:
+        """Get an anonymous session by ID."""
+        return self.db.query(AnonymousSession).filter(
+            AnonymousSession.id == session_id
+        ).first()
+
+    def update_activity(self, session_id: str) -> Optional[AnonymousSession]:
+        """Update the last activity timestamp for a session."""
+        session = self.get_session(session_id)
+        if session:
+            session.last_activity = datetime.utcnow()
+            self.db.commit()
+            self.db.refresh(session)
+        return session
+
+    def increment_message_count(self, session_id: str) -> Optional[AnonymousSession]:
+        """Increment message count for a session."""
+        session = self.get_session(session_id)
+        if session:
+            session.message_count += 1
+            session.last_activity = datetime.utcnow()
+            self.db.commit()
+            self.db.refresh(session)
+        return session
+
+    def can_send_message(self, session_id: str) -> bool:
+        """Check if a session can send more messages."""
+        session = self.get_session(session_id)
+        if not session:
+            return False
+        return session.message_count < self.MAX_MESSAGES
+
+    def get_remaining_messages(self, session_id: str) -> int:
+        """Get remaining messages for a session."""
+        session = self.get_session(session_id)
+        if not session:
+            return self.MAX_MESSAGES
+        remaining = self.MAX_MESSAGES - session.message_count
+        return max(0, remaining)
+
+    def is_session_expired(self, session_id: str) -> bool:
+        """Check if a session is expired."""
+        session = self.get_session(session_id)
+        if not session:
+            return True
+
+        expiry_time = session.last_activity + timedelta(hours=self.SESSION_DURATION_HOURS)
+        return datetime.utcnow() > expiry_time
+
+    def cleanup_expired_sessions(self) -> int:
+        """Clean up expired sessions and return count of deleted sessions."""
+        expiry_threshold = datetime.utcnow() - timedelta(hours=self.SESSION_DURATION_HOURS)
+
+        expired_sessions = self.db.query(AnonymousSession).filter(
+            AnonymousSession.last_activity < expiry_threshold
+        ).all()
+
+        count = len(expired_sessions)
+
+        for session in expired_sessions:
+            self.db.delete(session)
+
+        self.db.commit()
+        return count
+
+    def migrate_to_user(
+        self,
+        session_id: str,
+        user: User,
+        max_messages: int = 10
+    ) -> Optional[ChatSession]:
+        """
+        Migrate anonymous session to authenticated user.
+
+        Args:
+            session_id: The anonymous session ID
+            user: The user to migrate to
+            max_messages: Maximum number of messages to migrate
+
+        Returns:
+            The new ChatSession for the user, or None if migration fails
+        """
+        # Get anonymous session
+        anon_session = self.get_session(session_id)
+        if not anon_session:
+            return None
+
+        # Get recent chat messages from anonymous session
+        messages = self.db.query(ChatMessage).filter(
+            ChatMessage.anonymous_session_id == session_id
+        ).order_by(ChatMessage.created_at.desc()).limit(max_messages).all()
+
+        if not messages:
+            return None
+
+        # Create new chat session for user
+        user_chat_session = ChatSession(
+            user_id=user.id,
+            title="New Chat",
+            created_at=datetime.utcnow(),
+            updated_at=datetime.utcnow()
+        )
+        self.db.add(user_chat_session)
+        self.db.flush()  # Get the ID without committing
+
+        # Migrate messages in chronological order
+        for message in reversed(messages):
+            user_message = ChatMessage(
+                chat_session_id=user_chat_session.id,
+                role=message.role,
+                content=message.content,
+                metadata=message.metadata,
+                created_at=message.created_at
+            )
+            self.db.add(user_message)
+
+        # Delete anonymous session and messages
+        self.db.delete(anon_session)
+        for message in messages:
+            self.db.delete(message)
+
+        self.db.commit()
+        self.db.refresh(user_chat_session)
+        return user_chat_session
+
+    def get_session_stats(self, session_id: str) -> Dict[str, Any]:
+        """Get statistics for an anonymous session."""
+        session = self.get_session(session_id)
+        if not session:
+            return {}
+
+        return {
+            "session_id": session.id,
+            "message_count": session.message_count,
+            "remaining_messages": self.get_remaining_messages(session_id),
+            "created_at": session.created_at.isoformat(),
+            "last_activity": session.last_activity.isoformat(),
+            "is_expired": self.is_session_expired(session_id),
+            "can_send_message": self.can_send_message(session_id)
+        }
+
+    @staticmethod
+    def generate_session_id() -> str:
+        """Generate a new session ID."""
+        return str(uuid.uuid4())

src/services/auth.py

@@ -0,0 +1,126 @@
+"""
+Authentication service utilities.
+
+This module contains JWT token utilities, password hashing,
+and other authentication-related helper functions.
+"""
+
+from datetime import datetime, timedelta
+from typing import Optional, Dict, Any
+import os
+import bcrypt
+import jwt
+from passlib.context import CryptContext
+
+# Password hashing context
+pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+
+# JWT settings
+SECRET_KEY = os.getenv("SECRET_KEY", "your-secret-key-change-in-production")
+ALGORITHM = os.getenv("ALGORITHM", "HS256")
+ACCESS_TOKEN_EXPIRE_MINUTES = int(os.getenv("ACCESS_TOKEN_EXPIRE_MINUTES", "10080"))  # 7 days
+
+
+def verify_password(plain_password: str, hashed_password: str) -> bool:
+    """Verify a password against its hash."""
+    return pwd_context.verify(plain_password, hashed_password)
+
+
+def get_password_hash(password: str) -> str:
+    """Generate a password hash."""
+    return pwd_context.hash(password)
+
+
+def create_access_token(data: Dict[str, Any], expires_delta: Optional[timedelta] = None) -> str:
+    """Create a JWT access token."""
+    to_encode = data.copy()
+
+    if expires_delta:
+        expire = datetime.utcnow() + expires_delta
+    else:
+        expire = datetime.utcnow() + timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
+
+    to_encode.update({"exp": expire})
+    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
+    return encoded_jwt
+
+
+def verify_token(token: str) -> Optional[Dict[str, Any]]:
+    """Verify and decode a JWT token."""
+    try:
+        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
+        return payload
+    except jwt.PyJWTError:
+        return None
+
+
+def create_token_hash(token: str) -> str:
+    """Create a hash of the token for database storage."""
+    return get_password_hash(token)
+
+
+def generate_password_reset_token(email: str) -> str:
+    """Generate a password reset token."""
+    delta = timedelta(hours=24)  # Token expires in 24 hours
+    now = datetime.utcnow()
+    expires = now + delta
+    exp = expires.timestamp()
+    encoded_jwt = jwt.encode(
+        {"exp": exp, "nbf": now, "sub": email},
+        SECRET_KEY,
+        algorithm=ALGORITHM,
+    )
+    return encoded_jwt
+
+
+def verify_password_reset_token(token: str) -> Optional[str]:
+    """Verify a password reset token and return the email."""
+    try:
+        decoded_token = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
+        return decoded_token["sub"]
+    except jwt.PyJWTError:
+        return None
+
+
+def hash_token_for_storage(token: str) -> str:
+    """Hash a token for secure storage in database."""
+    return get_password_hash(token)
+
+
+def validate_password_strength(password: str) -> bool:
+    """
+    Validate password strength.
+
+    Requirements:
+    - At least 8 characters
+    - Contains at least one letter
+    - Contains at least one number
+    """
+    if len(password) < 8:
+        return False
+
+    has_letter = any(c.isalpha() for c in password)
+    has_number = any(c.isdigit() for c in password)
+
+    return has_letter and has_number
+
+
+def get_user_id_from_token(token: str) -> Optional[str]:
+    """Extract user ID from JWT token."""
+    payload = verify_token(token)
+    if payload:
+        return payload.get("sub")
+    return None
+
+
+def is_token_expired(token: str) -> bool:
+    """Check if a token is expired."""
+    payload = verify_token(token)
+    if not payload:
+        return True
+
+    exp = payload.get("exp")
+    if not exp:
+        return True
+
+    return datetime.utcnow().timestamp() > exp

src/services/email.py

@@ -0,0 +1,301 @@
+"""
+Email service for sending password reset emails and other notifications.
+
+This module handles email configuration and sending using SMTP.
+"""
+
+import os
+import smtplib
+from email.mime.text import MIMEText
+from email.mime.multipart import MIMEMultipart
+from typing import Optional
+import logging
+from jinja2 import Template
+import aiosmtplib
+from email.utils import formataddr
+
+logger = logging.getLogger(__name__)
+
+
+class EmailService:
+    """Service for sending emails."""
+
+    def __init__(self):
+        self.smtp_host = os.getenv("SMTP_HOST", "smtp.gmail.com")
+        self.smtp_port = int(os.getenv("SMTP_PORT", "587"))
+        self.smtp_user = os.getenv("SMTP_USER")
+        self.smtp_password = os.getenv("SMTP_PASSWORD")
+        self.email_from = os.getenv("EMAIL_FROM", self.smtp_user)
+        self.email_from_name = os.getenv("EMAIL_FROM_NAME", "AI Book App")
+        self.use_tls = os.getenv("SMTP_USE_TLS", "true").lower() == "true"
+
+    def _get_smtp_connection(self):
+        """Create SMTP connection."""
+        if self.use_tls:
+            return smtplib.SMTP(self.smtp_host, self.smtp_port)
+        else:
+            return smtplib.SMTP_SSL(self.smtp_host, self.smtp_port)
+
+    def send_password_reset_email(self, to_email: str, reset_token: str, frontend_url: str) -> bool:
+        """
+        Send password reset email.
+
+        Args:
+            to_email: Recipient email address
+            reset_token: Password reset token
+            frontend_url: Frontend URL for reset link
+
+        Returns:
+            True if email was sent successfully, False otherwise
+        """
+        try:
+            # Create reset link
+            reset_link = f"{frontend_url}/reset-password?token={reset_token}"
+
+            # Render email template
+            subject = "Reset your AI Book password"
+
+            html_template = """
+            <!DOCTYPE html>
+            <html>
+            <head>
+                <meta charset="utf-8">
+                <title>Reset your password</title>
+                <style>
+                    body {
+                        font-family: Arial, sans-serif;
+                        line-height: 1.6;
+                        color: #333;
+                        max-width: 600px;
+                        margin: 0 auto;
+                        padding: 20px;
+                    }
+                    .container {
+                        background-color: #f9f9f9;
+                        padding: 30px;
+                        border-radius: 5px;
+                        border: 1px solid #ddd;
+                    }
+                    .header {
+                        text-align: center;
+                        margin-bottom: 30px;
+                    }
+                    .button {
+                        display: inline-block;
+                        background-color: #007bff;
+                        color: white;
+                        padding: 12px 30px;
+                        text-decoration: none;
+                        border-radius: 5px;
+                        margin: 20px 0;
+                    }
+                    .footer {
+                        margin-top: 30px;
+                        text-align: center;
+                        font-size: 12px;
+                        color: #666;
+                    }
+                </style>
+            </head>
+            <body>
+                <div class="container">
+                    <div class="header">
+                        <h1>AI Book</h1>
+                        <h2>Password Reset Request</h2>
+                    </div>
+
+                    <p>Hello,</p>
+
+                    <p>We received a request to reset the password for your AI Book account.
+                    Click the button below to reset your password:</p>
+
+                    <p style="text-align: center;">
+                        <a href="{{ reset_link }}" class="button">Reset Password</a>
+                    </p>
+
+                    <p>If the button doesn't work, you can copy and paste this link into your browser:</p>
+                    <p>{{ reset_link }}</p>
+
+                    <p>This link will expire in 24 hours for security reasons.</p>
+
+                    <p>If you didn't request this password reset, you can safely ignore this email.</p>
+
+                    <div class="footer">
+                        <p>Best regards,<br>The AI Book Team</p>
+                        <p>This is an automated message. Please do not reply to this email.</p>
+                    </div>
+                </div>
+            </body>
+            </html>
+            """
+
+            text_template = """
+            AI Book - Password Reset Request
+
+            Hello,
+
+            We received a request to reset the password for your AI Book account.
+            Please visit this link to reset your password:
+
+            {reset_link}
+
+            This link will expire in 24 hours for security reasons.
+
+            If you didn't request this password reset, you can safely ignore this email.
+
+            Best regards,
+            The AI Book Team
+            """
+
+            # Render templates
+            html_content = Template(html_template).render(reset_link=reset_link)
+            text_content = text_template.format(reset_link=reset_link)
+
+            # Create message
+            msg = MIMEMultipart("alternative")
+            msg["Subject"] = subject
+            msg["From"] = formataddr((self.email_from_name, self.email_from))
+            msg["To"] = to_email
+
+            # Attach HTML and text parts
+            msg.attach(MIMEText(text_content, "plain"))
+            msg.attach(MIMEText(html_content, "html"))
+
+            # Send email
+            with self._get_smtp_connection() as server:
+                if self.use_tls:
+                    server.starttls()
+                if self.smtp_user and self.smtp_password:
+                    server.login(self.smtp_user, self.smtp_password)
+                server.send_message(msg)
+
+            logger.info(f"Password reset email sent to {to_email}")
+            return True
+
+        except Exception as e:
+            logger.error(f"Failed to send password reset email to {to_email}: {e}")
+            return False
+
+    async def send_password_reset_email_async(self, to_email: str, reset_token: str, frontend_url: str) -> bool:
+        """
+        Send password reset email asynchronously.
+
+        Args:
+            to_email: Recipient email address
+            reset_token: Password reset token
+            frontend_url: Frontend URL for reset link
+
+        Returns:
+            True if email was sent successfully, False otherwise
+        """
+        try:
+            # Create reset link
+            reset_link = f"{frontend_url}/reset-password?token={reset_token}"
+
+            # Create message
+            message = MIMEMultipart("alternative")
+            message["From"] = formataddr((self.email_from_name, self.email_from))
+            message["To"] = to_email
+            message["Subject"] = "Reset your AI Book password"
+
+            # HTML content
+            html = f"""
+            <html>
+                <body>
+                    <h2>Reset your AI Book password</h2>
+                    <p>Hello,</p>
+                    <p>We received a request to reset the password for your AI Book account.</p>
+                    <p>Click <a href="{reset_link}">here</a> to reset your password.</p>
+                    <p>This link will expire in 24 hours.</p>
+                    <p>If you didn't request this reset, you can safely ignore this email.</p>
+                </body>
+            </html>
+            """
+
+            # Attach parts
+            message.attach(MIMEText("Hello,\n\nWe received a request to reset your password. Visit: " + reset_link, "plain"))
+            message.attach(MIMEText(html, "html"))
+
+            # Send email using aiosmtplib
+            await aiosmtplib.send_message(
+                message,
+                hostname=self.smtp_host,
+                port=self.smtp_port,
+                start_tls=self.use_tls,
+                username=self.smtp_user,
+                password=self.smtp_password,
+            )
+
+            logger.info(f"Password reset email sent asynchronously to {to_email}")
+            return True
+
+        except Exception as e:
+            logger.error(f"Failed to send password reset email to {to_email}: {e}")
+            return False
+
+    def send_verification_email(self, to_email: str, verification_token: str, frontend_url: str) -> bool:
+        """
+        Send email verification email.
+
+        Args:
+            to_email: Recipient email address
+            verification_token: Email verification token
+            frontend_url: Frontend URL for verification link
+
+        Returns:
+            True if email was sent successfully, False otherwise
+        """
+        try:
+            # Create verification link
+            verification_link = f"{frontend_url}/verify-email?token={verification_token}"
+
+            # Create message
+            msg = MIMEMultipart()
+            msg["Subject"] = "Verify your AI Book email address"
+            msg["From"] = formataddr((self.email_from_name, self.email_from))
+            msg["To"] = to_email
+
+            # HTML content
+            html = f"""
+            <html>
+                <body>
+                    <h2>Welcome to AI Book!</h2>
+                    <p>Thank you for signing up. Please click the link below to verify your email address:</p>
+                    <p><a href="{verification_link}">Verify Email</a></p>
+                    <p>This link will expire in 24 hours.</p>
+                    <p>If you didn't create an account, you can safely ignore this email.</p>
+                </body>
+            </html>
+            """
+
+            # Attach parts
+            msg.attach(MIMEText(f"Welcome to AI Book! Please verify your email: {verification_link}", "plain"))
+            msg.attach(MIMEText(html, "html"))
+
+            # Send email
+            with self._get_smtp_connection() as server:
+                if self.use_tls:
+                    server.starttls()
+                if self.smtp_user and self.smtp_password:
+                    server.login(self.smtp_user, self.smtp_password)
+                server.send_message(msg)
+
+            logger.info(f"Verification email sent to {to_email}")
+            return True
+
+        except Exception as e:
+            logger.error(f"Failed to send verification email to {to_email}: {e}")
+            return False
+
+    def is_configured(self) -> bool:
+        """Check if email service is properly configured."""
+        return all([
+            self.smtp_host,
+            self.smtp_user,
+            self.smtp_password,
+            self.email_from
+        ])
+
+
+# Singleton instance
+email_service = EmailService()

src/services/message_editor.py

@@ -0,0 +1,261 @@
+"""
+Service for editing chat messages with version tracking.
+
+This module provides functionality to edit messages while maintaining
+a complete version history for audit and rollback purposes.
+"""
+
+import logging
+from typing import Optional, Dict, Any
+from sqlalchemy.orm import Session
+from datetime import datetime, timedelta
+
+from src.models.auth import ChatMessage, MessageVersion
+from src.database.config import get_db
+
+logger = logging.getLogger(__name__)
+
+
+class MessageEditorService:
+    """Service for editing messages with version tracking."""
+
+    def __init__(self, db: Session):
+        self.db = db
+
+    def can_edit_message(
+        self,
+        message_id: str,
+        user_id: str
+    ) -> Dict[str, Any]:
+        """
+        Check if a message can be edited by the user.
+
+        Args:
+            message_id: ID of the message to check
+            user_id: ID of the user attempting to edit
+
+        Returns:
+            Dictionary with can_edit status and reason if not editable
+        """
+        message = self.db.query(ChatMessage).filter(
+            ChatMessage.id == message_id
+        ).first()
+
+        if not message:
+            return {
+                "can_edit": False,
+                "reason": "Message not found"
+            }
+
+        # Check if message belongs to the user
+        if message.chat_session.user_id != user_id:
+            return {
+                "can_edit": False,
+                "reason": "You can only edit your own messages"
+            }
+
+        # Only user messages can be edited
+        if message.role != "user":
+            return {
+                "can_edit": False,
+                "reason": "Only user messages can be edited"
+            }
+
+        # Check if message is within the editable time window (15 minutes)
+        edit_window = timedelta(minutes=15)
+        if datetime.utcnow() - message.created_at > edit_window:
+            return {
+                "can_edit": False,
+                "reason": "Messages can only be edited within 15 minutes of sending"
+            }
+
+        return {
+            "can_edit": True,
+            "reason": None
+        }
+
+    def edit_message(
+        self,
+        message_id: str,
+        new_content: str,
+        user_id: str,
+        edit_reason: Optional[str] = None
+    ) -> Dict[str, Any]:
+        """
+        Edit a message and create a version record.
+
+        Args:
+            message_id: ID of the message to edit
+            new_content: New content for the message
+            user_id: ID of the user editing the message
+            edit_reason: Optional reason for the edit
+
+        Returns:
+            Dictionary with edit result and updated message
+        """
+        # Check if message can be edited
+        can_edit_result = self.can_edit_message(message_id, user_id)
+        if not can_edit_result["can_edit"]:
+            return {
+                "success": False,
+                "error": can_edit_result["reason"]
+            }
+
+        try:
+            # Get the message
+            message = self.db.query(ChatMessage).filter(
+                ChatMessage.id == message_id
+            ).first()
+
+            # No changes needed
+            if message.content == new_content:
+                return {
+                    "success": True,
+                    "message": "No changes made",
+                    "edited_message": self._message_to_dict(message)
+                }
+
+            # Create version record before editing
+            version = MessageVersion(
+                message_id=message.id,
+                version_number=message.edit_count + 1,
+                content=message.content,
+                edit_reason=edit_reason
+            )
+            self.db.add(version)
+
+            # Update the message
+            message.content = new_content
+            message.edited_at = datetime.utcnow()
+            message.edit_count += 1
+            message.updated_at = datetime.utcnow()
+
+            self.db.commit()
+
+            logger.info(f"Message {message_id} edited by user {user_id}")
+
+            return {
+                "success": True,
+                "message": "Message edited successfully",
+                "edited_message": self._message_to_dict(message)
+            }
+
+        except Exception as e:
+            logger.error(f"Failed to edit message {message_id}: {str(e)}")
+            self.db.rollback()
+            return {
+                "success": False,
+                "error": "Failed to edit message"
+            }
+
+    def get_message_versions(
+        self,
+        message_id: str,
+        user_id: str
+    ) -> Dict[str, Any]:
+        """
+        Get all versions of a message.
+
+        Args:
+            message_id: ID of the message
+            user_id: ID of the user requesting versions
+
+        Returns:
+            Dictionary with version history
+        """
+        # Verify ownership
+        message = self.db.query(ChatMessage).filter(
+            ChatMessage.id == message_id
+        ).first()
+
+        if not message or message.chat_session.user_id != user_id:
+            return {
+                "success": False,
+                "error": "Message not found or access denied"
+            }
+
+        # Get all versions including current
+        versions = self.db.query(MessageVersion).filter(
+            MessageVersion.message_id == message_id
+        ).order_by(MessageVersion.version_number.desc()).all()
+
+        version_history = []
+
+        # Add current version
+        version_history.append({
+            "version": message.edit_count + 1,
+            "content": message.content,
+            "created_at": message.edited_at.isoformat() if message.edited_at else message.created_at.isoformat(),
+            "is_current": True
+        })
+
+        # Add historical versions
+        for version in versions:
+            version_history.append({
+                "version": version.version_number,
+                "content": version.content,
+                "created_at": version.created_at.isoformat(),
+                "edit_reason": version.edit_reason,
+                "is_current": False
+            })
+
+        return {
+            "success": True,
+            "versions": version_history
+        }
+
+    def _message_to_dict(self, message: ChatMessage) -> Dict[str, Any]:
+        """Convert message model to dictionary."""
+        return {
+            "id": message.id,
+            "content": message.content,
+            "role": message.role,
+            "created_at": message.created_at.isoformat(),
+            "edited_at": message.edited_at.isoformat() if message.edited_at else None,
+            "edit_count": message.edit_count
+        }
+
+
+def edit_message(
+    message_id: str,
+    new_content: str,
+    user_id: str,
+    edit_reason: Optional[str] = None
+) -> Dict[str, Any]:
+    """
+    Convenience function to edit a message.
+
+    Args:
+        message_id: ID of the message to edit
+        new_content: New content for the message
+        user_id: ID of the user editing the message
+        edit_reason: Optional reason for the edit
+
+    Returns:
+        Edit result dictionary
+    """
+    db = next(get_db())
+    try:
+        service = MessageEditorService(db)
+        return service.edit_message(message_id, new_content, user_id, edit_reason)
+    finally:
+        db.close()
+
+
+def get_message_versions(message_id: str, user_id: str) -> Dict[str, Any]:
+    """
+    Convenience function to get message versions.
+
+    Args:
+        message_id: ID of the message
+        user_id: ID of the user requesting versions
+
+    Returns:
+        Version history dictionary
+    """
+    db = next(get_db())
+    try:
+        service = MessageEditorService(db)
+        return service.get_message_versions(message_id, user_id)
+    finally:
+        db.close()

src/services/session_migration.py

@@ -0,0 +1,265 @@
+"""
+Service for handling migration of anonymous chat sessions to authenticated users.
+
+This module provides functionality to migrate chat sessions, messages,
+and related data from anonymous users to authenticated users when they sign up or log in.
+"""
+
+import logging
+from typing import Optional, List, Dict, Any
+from sqlalchemy.orm import Session
+from sqlalchemy import and_
+from datetime import datetime, timedelta
+
+from src.models.auth import User, ChatSession, ChatMessage, AnonymousSession
+from src.database.config import get_db
+
+logger = logging.getLogger(__name__)
+
+
+class SessionMigrationService:
+    """Service for migrating anonymous sessions to authenticated users."""
+
+    def __init__(self, db: Session):
+        self.db = db
+
+    def migrate_anonymous_session(
+        self,
+        anonymous_session_id: str,
+        authenticated_user_id: str
+    ) -> Dict[str, Any]:
+        """
+        Migrate all chat sessions and messages from an anonymous session to an authenticated user.
+
+        Args:
+            anonymous_session_id: ID of the anonymous session
+            authenticated_user_id: ID of the authenticated user
+
+        Returns:
+            Dictionary containing migration results including:
+            - migrated_sessions_count: Number of sessions migrated
+            - migrated_messages_count: Number of messages migrated
+            - session_ids: List of migrated session IDs
+        """
+        try:
+            # Get the anonymous session record
+            anon_session = self.db.query(AnonymousSession).filter(
+                AnonymousSession.id == anonymous_session_id
+            ).first()
+
+            if not anon_session:
+                logger.warning(f"Anonymous session not found: {anonymous_session_id}")
+                return {
+                    "success": False,
+                    "error": "Anonymous session not found",
+                    "migrated_sessions_count": 0,
+                    "migrated_messages_count": 0,
+                    "session_ids": []
+                }
+
+            # Get all chat sessions associated with this anonymous session
+            chat_sessions = self.db.query(ChatSession).filter(
+                ChatSession.anonymous_session_id == anonymous_session_id
+            ).all()
+
+            if not chat_sessions:
+                logger.info(f"No chat sessions found for anonymous session: {anonymous_session_id}")
+                return {
+                    "success": True,
+                    "migrated_sessions_count": 0,
+                    "migrated_messages_count": 0,
+                    "session_ids": []
+                }
+
+            migrated_sessions = []
+            total_messages = 0
+
+            for session in chat_sessions:
+                # Update the session to associate with the authenticated user
+                session.user_id = authenticated_user_id
+                session.anonymous_session_id = None
+
+                # Update all messages in this session
+                messages = self.db.query(ChatMessage).filter(
+                    ChatMessage.chat_session_id == session.id
+                ).all()
+
+                for message in messages:
+                    # Ensure message is properly linked
+                    message.chat_session_id = session.id
+
+                total_messages += len(messages)
+                migrated_sessions.append(session.id)
+
+                # Update session title if it's the default
+                if session.title == "New Chat":
+                    session.title = f"Chat from {datetime.utcnow().strftime('%Y-%m-%d')}"
+
+            # Commit the changes
+            self.db.commit()
+
+            # Update the anonymous session to mark it as migrated
+            anon_session.migrated_at = datetime.utcnow()
+            anon_session.migrated_to_user_id = authenticated_user_id
+            self.db.commit()
+
+            logger.info(
+                f"Successfully migrated {len(chat_sessions)} sessions "
+                f"with {total_messages} messages from anonymous session "
+                f"{anonymous_session_id} to user {authenticated_user_id}"
+            )
+
+            return {
+                "success": True,
+                "migrated_sessions_count": len(chat_sessions),
+                "migrated_messages_count": total_messages,
+                "session_ids": migrated_sessions
+            }
+
+        except Exception as e:
+            logger.error(
+                f"Failed to migrate anonymous session {anonymous_session_id}: {str(e)}",
+                exc_info=True
+            )
+            self.db.rollback()
+            return {
+                "success": False,
+                "error": str(e),
+                "migrated_sessions_count": 0,
+                "migrated_messages_count": 0,
+                "session_ids": []
+            }
+
+    def get_anonymous_session_info(self, anonymous_session_id: str) -> Optional[Dict[str, Any]]:
+        """
+        Get information about an anonymous session including session count and message count.
+
+        Args:
+            anonymous_session_id: ID of the anonymous session
+
+        Returns:
+            Dictionary with session info or None if not found
+        """
+        try:
+            anon_session = self.db.query(AnonymousSession).filter(
+                AnonymousSession.id == anonymous_session_id
+            ).first()
+
+            if not anon_session:
+                return None
+
+            # Count chat sessions
+            session_count = self.db.query(ChatSession).filter(
+                ChatSession.anonymous_session_id == anonymous_session_id
+            ).count()
+
+            # Count total messages
+            message_count = self.db.query(ChatMessage).join(ChatSession).filter(
+                ChatSession.anonymous_session_id == anonymous_session_id
+            ).count()
+
+            return {
+                "id": anon_session.id,
+                "message_count": anon_session.message_count,
+                "chat_sessions_count": session_count,
+                "total_messages_count": message_count,
+                "last_activity": anon_session.last_activity,
+                "created_at": anon_session.created_at,
+                "migrated_at": anon_session.migrated_at,
+                "migrated_to_user_id": anon_session.migrated_to_user_id
+            }
+
+        except Exception as e:
+            logger.error(f"Failed to get anonymous session info: {str(e)}")
+            return None
+
+    def cleanup_expired_anonymous_sessions(self, days_old: int = 30) -> int:
+        """
+        Clean up expired anonymous sessions that haven't been migrated.
+
+        Args:
+            days_old: Delete sessions older than this many days
+
+        Returns:
+            Number of sessions cleaned up
+        """
+        try:
+            cutoff_date = datetime.utcnow() - timedelta(days=days_old)
+
+            # Get expired anonymous sessions that haven't been migrated
+            expired_sessions = self.db.query(AnonymousSession).filter(
+                and_(
+                    AnonymousSession.last_activity < cutoff_date,
+                    AnonymousSession.migrated_at.is_(None)
+                )
+            ).all()
+
+            # Delete associated chat sessions and messages
+            deleted_count = 0
+            for anon_session in expired_sessions:
+                # Get and delete chat sessions
+                chat_sessions = self.db.query(ChatSession).filter(
+                    ChatSession.anonymous_session_id == anon_session.id
+                ).all()
+
+                for session in chat_sessions:
+                    # Messages will be deleted via cascade
+                    self.db.delete(session)
+                    deleted_count += 1
+
+                # Delete the anonymous session
+                self.db.delete(anon_session)
+
+            self.db.commit()
+
+            logger.info(f"Cleaned up {len(expired_sessions)} expired anonymous sessions "
+                       f"with {deleted_count} chat sessions")
+
+            return len(expired_sessions)
+
+        except Exception as e:
+            logger.error(f"Failed to cleanup expired anonymous sessions: {str(e)}")
+            self.db.rollback()
+            return 0
+
+
+def migrate_anonymous_session_on_auth(
+    anonymous_session_id: str,
+    authenticated_user_id: str
+) -> Dict[str, Any]:
+    """
+    Convenience function to migrate an anonymous session when a user authenticates.
+
+    This is typically called during login or registration flow.
+
+    Args:
+        anonymous_session_id: ID from X-Anonymous-Session-ID header
+        authenticated_user_id: ID of the newly authenticated user
+
+    Returns:
+        Migration result dictionary
+    """
+    db = next(get_db())
+    try:
+        service = SessionMigrationService(db)
+        return service.migrate_anonymous_session(anonymous_session_id, authenticated_user_id)
+    finally:
+        db.close()
+
+
+def get_anonymous_session_for_migration(anonymous_session_id: str) -> Optional[Dict[str, Any]]:
+    """
+    Convenience function to get anonymous session info for migration preview.
+
+    Args:
+        anonymous_session_id: ID from X-Anonymous-Session-ID header
+
+    Returns:
+        Session info dictionary or None
+    """
+    db = next(get_db())
+    try:
+        service = SessionMigrationService(db)
+        return service.get_anonymous_session_info(anonymous_session_id)
+    finally:
+        db.close()

start_server.py

@@ -0,0 +1,30 @@
+"""
+Startup script for Hugging Face Spaces deployment.
+Initializes the database and starts the FastAPI server.
+"""
+import os
+import sys
+from pathlib import Path
+
+def main():
+    """Initialize database and start the server."""
+    print("🚀 Starting server initialization...")
+
+    # Initialize database first
+    print("📦 Initializing database...")
+    os.system("python init_database.py")
+
+    # Check if database initialization was successful
+    db_path = Path("database/auth.db")
+    if db_path.exists():
+        print("✅ Database initialized successfully!")
+    else:
+        print("⚠️  Database file not found after initialization. The server will create it on startup.")
+
+    # Start the FastAPI server
+    print("🌟 Starting FastAPI server...")
+    os.system("uvicorn main:app --host 0.0.0.0 --port 7860 --workers 1")
+
+
+if __name__ == "__main__":
+    main()

tests/test_auth.py

@@ -24,7 +24,7 @@ from jose import jwt
 # Import modules to test
 from main import app
 from database.config import get_db, Base
-from models.auth import User, Session, UserPreferences
+from src.models.auth import User, Session, UserPreferences
 from auth.auth import create_access_token, verify_token
 from middleware.csrf import CSRFMiddleware
 from middleware.auth import AuthMiddleware

uv.lock

@@ -240,72 +240,32 @@ wheels = [
 
 [[package]]
 name = "bcrypt"
-version = "5.0.0"
-source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/d4/36/3329e2518d70ad8e2e5817d5a4cac6bba05a47767ec416c7d020a965f408/bcrypt-5.0.0.tar.gz", hash = "sha256:f748f7c2d6fd375cc93d3fba7ef4a9e3a092421b8dbf34d8d4dc06be9492dfdd", size = 25386 }
-wheels = [
-    { url = "https://files.pythonhosted.org/packages/13/85/3e65e01985fddf25b64ca67275bb5bdb4040bd1a53b66d355c6c37c8a680/bcrypt-5.0.0-cp313-cp313t-macosx_10_12_universal2.whl", hash = "sha256:f3c08197f3039bec79cee59a606d62b96b16669cff3949f21e74796b6e3cd2be", size = 481806 },
-    { url = "https://files.pythonhosted.org/packages/44/dc/01eb79f12b177017a726cbf78330eb0eb442fae0e7b3dfd84ea2849552f3/bcrypt-5.0.0-cp313-cp313t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:200af71bc25f22006f4069060c88ed36f8aa4ff7f53e67ff04d2ab3f1e79a5b2", size = 268626 },
-    { url = "https://files.pythonhosted.org/packages/8c/cf/e82388ad5959c40d6afd94fb4743cc077129d45b952d46bdc3180310e2df/bcrypt-5.0.0-cp313-cp313t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:baade0a5657654c2984468efb7d6c110db87ea63ef5a4b54732e7e337253e44f", size = 271853 },
-    { url = "https://files.pythonhosted.org/packages/ec/86/7134b9dae7cf0efa85671651341f6afa695857fae172615e960fb6a466fa/bcrypt-5.0.0-cp313-cp313t-manylinux_2_28_aarch64.whl", hash = "sha256:c58b56cdfb03202b3bcc9fd8daee8e8e9b6d7e3163aa97c631dfcfcc24d36c86", size = 269793 },
-    { url = "https://files.pythonhosted.org/packages/cc/82/6296688ac1b9e503d034e7d0614d56e80c5d1a08402ff856a4549cb59207/bcrypt-5.0.0-cp313-cp313t-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:4bfd2a34de661f34d0bda43c3e4e79df586e4716ef401fe31ea39d69d581ef23", size = 289930 },
-    { url = "https://files.pythonhosted.org/packages/d1/18/884a44aa47f2a3b88dd09bc05a1e40b57878ecd111d17e5bba6f09f8bb77/bcrypt-5.0.0-cp313-cp313t-manylinux_2_28_x86_64.whl", hash = "sha256:ed2e1365e31fc73f1825fa830f1c8f8917ca1b3ca6185773b349c20fd606cec2", size = 272194 },
-    { url = "https://files.pythonhosted.org/packages/0e/8f/371a3ab33c6982070b674f1788e05b656cfbf5685894acbfef0c65483a59/bcrypt-5.0.0-cp313-cp313t-manylinux_2_34_aarch64.whl", hash = "sha256:83e787d7a84dbbfba6f250dd7a5efd689e935f03dd83b0f919d39349e1f23f83", size = 269381 },
-    { url = "https://files.pythonhosted.org/packages/b1/34/7e4e6abb7a8778db6422e88b1f06eb07c47682313997ee8a8f9352e5a6f1/bcrypt-5.0.0-cp313-cp313t-manylinux_2_34_x86_64.whl", hash = "sha256:137c5156524328a24b9fac1cb5db0ba618bc97d11970b39184c1d87dc4bf1746", size = 271750 },
-    { url = "https://files.pythonhosted.org/packages/c0/1b/54f416be2499bd72123c70d98d36c6cd61a4e33d9b89562c22481c81bb30/bcrypt-5.0.0-cp313-cp313t-musllinux_1_1_aarch64.whl", hash = "sha256:38cac74101777a6a7d3b3e3cfefa57089b5ada650dce2baf0cbdd9d65db22a9e", size = 303757 },
-    { url = "https://files.pythonhosted.org/packages/13/62/062c24c7bcf9d2826a1a843d0d605c65a755bc98002923d01fd61270705a/bcrypt-5.0.0-cp313-cp313t-musllinux_1_1_x86_64.whl", hash = "sha256:d8d65b564ec849643d9f7ea05c6d9f0cd7ca23bdd4ac0c2dbef1104ab504543d", size = 306740 },
-    { url = "https://files.pythonhosted.org/packages/d5/c8/1fdbfc8c0f20875b6b4020f3c7dc447b8de60aa0be5faaf009d24242aec9/bcrypt-5.0.0-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:741449132f64b3524e95cd30e5cd3343006ce146088f074f31ab26b94e6c75ba", size = 334197 },
-    { url = "https://files.pythonhosted.org/packages/a6/c1/8b84545382d75bef226fbc6588af0f7b7d095f7cd6a670b42a86243183cd/bcrypt-5.0.0-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:212139484ab3207b1f0c00633d3be92fef3c5f0af17cad155679d03ff2ee1e41", size = 352974 },
-    { url = "https://files.pythonhosted.org/packages/10/a6/ffb49d4254ed085e62e3e5dd05982b4393e32fe1e49bb1130186617c29cd/bcrypt-5.0.0-cp313-cp313t-win32.whl", hash = "sha256:9d52ed507c2488eddd6a95bccee4e808d3234fa78dd370e24bac65a21212b861", size = 148498 },
-    { url = "https://files.pythonhosted.org/packages/48/a9/259559edc85258b6d5fc5471a62a3299a6aa37a6611a169756bf4689323c/bcrypt-5.0.0-cp313-cp313t-win_amd64.whl", hash = "sha256:f6984a24db30548fd39a44360532898c33528b74aedf81c26cf29c51ee47057e", size = 145853 },
-    { url = "https://files.pythonhosted.org/packages/2d/df/9714173403c7e8b245acf8e4be8876aac64a209d1b392af457c79e60492e/bcrypt-5.0.0-cp313-cp313t-win_arm64.whl", hash = "sha256:9fffdb387abe6aa775af36ef16f55e318dcda4194ddbf82007a6f21da29de8f5", size = 139626 },
-    { url = "https://files.pythonhosted.org/packages/f8/14/c18006f91816606a4abe294ccc5d1e6f0e42304df5a33710e9e8e95416e1/bcrypt-5.0.0-cp314-cp314t-macosx_10_12_universal2.whl", hash = "sha256:4870a52610537037adb382444fefd3706d96d663ac44cbb2f37e3919dca3d7ef", size = 481862 },
-    { url = "https://files.pythonhosted.org/packages/67/49/dd074d831f00e589537e07a0725cf0e220d1f0d5d8e85ad5bbff251c45aa/bcrypt-5.0.0-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:48f753100931605686f74e27a7b49238122aa761a9aefe9373265b8b7aa43ea4", size = 268544 },
-    { url = "https://files.pythonhosted.org/packages/f5/91/50ccba088b8c474545b034a1424d05195d9fcbaaf802ab8bfe2be5a4e0d7/bcrypt-5.0.0-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f70aadb7a809305226daedf75d90379c397b094755a710d7014b8b117df1ebbf", size = 271787 },
-    { url = "https://files.pythonhosted.org/packages/aa/e7/d7dba133e02abcda3b52087a7eea8c0d4f64d3e593b4fffc10c31b7061f3/bcrypt-5.0.0-cp314-cp314t-manylinux_2_28_aarch64.whl", hash = "sha256:744d3c6b164caa658adcb72cb8cc9ad9b4b75c7db507ab4bc2480474a51989da", size = 269753 },
-    { url = "https://files.pythonhosted.org/packages/33/fc/5b145673c4b8d01018307b5c2c1fc87a6f5a436f0ad56607aee389de8ee3/bcrypt-5.0.0-cp314-cp314t-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:a28bc05039bdf3289d757f49d616ab3efe8cf40d8e8001ccdd621cd4f98f4fc9", size = 289587 },
-    { url = "https://files.pythonhosted.org/packages/27/d7/1ff22703ec6d4f90e62f1a5654b8867ef96bafb8e8102c2288333e1a6ca6/bcrypt-5.0.0-cp314-cp314t-manylinux_2_28_x86_64.whl", hash = "sha256:7f277a4b3390ab4bebe597800a90da0edae882c6196d3038a73adf446c4f969f", size = 272178 },
-    { url = "https://files.pythonhosted.org/packages/c8/88/815b6d558a1e4d40ece04a2f84865b0fef233513bd85fd0e40c294272d62/bcrypt-5.0.0-cp314-cp314t-manylinux_2_34_aarch64.whl", hash = "sha256:79cfa161eda8d2ddf29acad370356b47f02387153b11d46042e93a0a95127493", size = 269295 },
-    { url = "https://files.pythonhosted.org/packages/51/8c/e0db387c79ab4931fc89827d37608c31cc57b6edc08ccd2386139028dc0d/bcrypt-5.0.0-cp314-cp314t-manylinux_2_34_x86_64.whl", hash = "sha256:a5393eae5722bcef046a990b84dff02b954904c36a194f6cfc817d7dca6c6f0b", size = 271700 },
-    { url = "https://files.pythonhosted.org/packages/06/83/1570edddd150f572dbe9fc00f6203a89fc7d4226821f67328a85c330f239/bcrypt-5.0.0-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:7f4c94dec1b5ab5d522750cb059bb9409ea8872d4494fd152b53cca99f1ddd8c", size = 334034 },
-    { url = "https://files.pythonhosted.org/packages/c9/f2/ea64e51a65e56ae7a8a4ec236c2bfbdd4b23008abd50ac33fbb2d1d15424/bcrypt-5.0.0-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:0cae4cb350934dfd74c020525eeae0a5f79257e8a201c0c176f4b84fdbf2a4b4", size = 352766 },
-    { url = "https://files.pythonhosted.org/packages/d7/d4/1a388d21ee66876f27d1a1f41287897d0c0f1712ef97d395d708ba93004c/bcrypt-5.0.0-cp314-cp314t-win32.whl", hash = "sha256:b17366316c654e1ad0306a6858e189fc835eca39f7eb2cafd6aaca8ce0c40a2e", size = 152449 },
-    { url = "https://files.pythonhosted.org/packages/3f/61/3291c2243ae0229e5bca5d19f4032cecad5dfb05a2557169d3a69dc0ba91/bcrypt-5.0.0-cp314-cp314t-win_amd64.whl", hash = "sha256:92864f54fb48b4c718fc92a32825d0e42265a627f956bc0361fe869f1adc3e7d", size = 149310 },
-    { url = "https://files.pythonhosted.org/packages/3e/89/4b01c52ae0c1a681d4021e5dd3e45b111a8fb47254a274fa9a378d8d834b/bcrypt-5.0.0-cp314-cp314t-win_arm64.whl", hash = "sha256:dd19cf5184a90c873009244586396a6a884d591a5323f0e8a5922560718d4993", size = 143761 },
-    { url = "https://files.pythonhosted.org/packages/84/29/6237f151fbfe295fe3e074ecc6d44228faa1e842a81f6d34a02937ee1736/bcrypt-5.0.0-cp38-abi3-macosx_10_12_universal2.whl", hash = "sha256:fc746432b951e92b58317af8e0ca746efe93e66555f1b40888865ef5bf56446b", size = 494553 },
-    { url = "https://files.pythonhosted.org/packages/45/b6/4c1205dde5e464ea3bd88e8742e19f899c16fa8916fb8510a851fae985b5/bcrypt-5.0.0-cp38-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:c2388ca94ffee269b6038d48747f4ce8df0ffbea43f31abfa18ac72f0218effb", size = 275009 },
-    { url = "https://files.pythonhosted.org/packages/3b/71/427945e6ead72ccffe77894b2655b695ccf14ae1866cd977e185d606dd2f/bcrypt-5.0.0-cp38-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:560ddb6ec730386e7b3b26b8b4c88197aaed924430e7b74666a586ac997249ef", size = 278029 },
-    { url = "https://files.pythonhosted.org/packages/17/72/c344825e3b83c5389a369c8a8e58ffe1480b8a699f46c127c34580c4666b/bcrypt-5.0.0-cp38-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:d79e5c65dcc9af213594d6f7f1fa2c98ad3fc10431e7aa53c176b441943efbdd", size = 275907 },
-    { url = "https://files.pythonhosted.org/packages/0b/7e/d4e47d2df1641a36d1212e5c0514f5291e1a956a7749f1e595c07a972038/bcrypt-5.0.0-cp38-abi3-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:2b732e7d388fa22d48920baa267ba5d97cca38070b69c0e2d37087b381c681fd", size = 296500 },
-    { url = "https://files.pythonhosted.org/packages/0f/c3/0ae57a68be2039287ec28bc463b82e4b8dc23f9d12c0be331f4782e19108/bcrypt-5.0.0-cp38-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:0c8e093ea2532601a6f686edbc2c6b2ec24131ff5c52f7610dd64fa4553b5464", size = 278412 },
-    { url = "https://files.pythonhosted.org/packages/45/2b/77424511adb11e6a99e3a00dcc7745034bee89036ad7d7e255a7e47be7d8/bcrypt-5.0.0-cp38-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:5b1589f4839a0899c146e8892efe320c0fa096568abd9b95593efac50a87cb75", size = 275486 },
-    { url = "https://files.pythonhosted.org/packages/43/0a/405c753f6158e0f3f14b00b462d8bca31296f7ecfc8fc8bc7919c0c7d73a/bcrypt-5.0.0-cp38-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:89042e61b5e808b67daf24a434d89bab164d4de1746b37a8d173b6b14f3db9ff", size = 277940 },
-    { url = "https://files.pythonhosted.org/packages/62/83/b3efc285d4aadc1fa83db385ec64dcfa1707e890eb42f03b127d66ac1b7b/bcrypt-5.0.0-cp38-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:e3cf5b2560c7b5a142286f69bde914494b6d8f901aaa71e453078388a50881c4", size = 310776 },
-    { url = "https://files.pythonhosted.org/packages/95/7d/47ee337dacecde6d234890fe929936cb03ebc4c3a7460854bbd9c97780b8/bcrypt-5.0.0-cp38-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:f632fd56fc4e61564f78b46a2269153122db34988e78b6be8b32d28507b7eaeb", size = 312922 },
-    { url = "https://files.pythonhosted.org/packages/d6/3a/43d494dfb728f55f4e1cf8fd435d50c16a2d75493225b54c8d06122523c6/bcrypt-5.0.0-cp38-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:801cad5ccb6b87d1b430f183269b94c24f248dddbbc5c1f78b6ed231743e001c", size = 341367 },
-    { url = "https://files.pythonhosted.org/packages/55/ab/a0727a4547e383e2e22a630e0f908113db37904f58719dc48d4622139b5c/bcrypt-5.0.0-cp38-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:3cf67a804fc66fc217e6914a5635000259fbbbb12e78a99488e4d5ba445a71eb", size = 359187 },
-    { url = "https://files.pythonhosted.org/packages/1b/bb/461f352fdca663524b4643d8b09e8435b4990f17fbf4fea6bc2a90aa0cc7/bcrypt-5.0.0-cp38-abi3-win32.whl", hash = "sha256:3abeb543874b2c0524ff40c57a4e14e5d3a66ff33fb423529c88f180fd756538", size = 153752 },
-    { url = "https://files.pythonhosted.org/packages/41/aa/4190e60921927b7056820291f56fc57d00d04757c8b316b2d3c0d1d6da2c/bcrypt-5.0.0-cp38-abi3-win_amd64.whl", hash = "sha256:35a77ec55b541e5e583eb3436ffbbf53b0ffa1fa16ca6782279daf95d146dcd9", size = 150881 },
-    { url = "https://files.pythonhosted.org/packages/54/12/cd77221719d0b39ac0b55dbd39358db1cd1246e0282e104366ebbfb8266a/bcrypt-5.0.0-cp38-abi3-win_arm64.whl", hash = "sha256:cde08734f12c6a4e28dc6755cd11d3bdfea608d93d958fffbe95a7026ebe4980", size = 144931 },
-    { url = "https://files.pythonhosted.org/packages/5d/ba/2af136406e1c3839aea9ecadc2f6be2bcd1eff255bd451dd39bcf302c47a/bcrypt-5.0.0-cp39-abi3-macosx_10_12_universal2.whl", hash = "sha256:0c418ca99fd47e9c59a301744d63328f17798b5947b0f791e9af3c1c499c2d0a", size = 495313 },
-    { url = "https://files.pythonhosted.org/packages/ac/ee/2f4985dbad090ace5ad1f7dd8ff94477fe089b5fab2040bd784a3d5f187b/bcrypt-5.0.0-cp39-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:ddb4e1500f6efdd402218ffe34d040a1196c072e07929b9820f363a1fd1f4191", size = 275290 },
-    { url = "https://files.pythonhosted.org/packages/e4/6e/b77ade812672d15cf50842e167eead80ac3514f3beacac8902915417f8b7/bcrypt-5.0.0-cp39-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:7aeef54b60ceddb6f30ee3db090351ecf0d40ec6e2abf41430997407a46d2254", size = 278253 },
-    { url = "https://files.pythonhosted.org/packages/36/c4/ed00ed32f1040f7990dac7115f82273e3c03da1e1a1587a778d8cea496d8/bcrypt-5.0.0-cp39-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:f0ce778135f60799d89c9693b9b398819d15f1921ba15fe719acb3178215a7db", size = 276084 },
-    { url = "https://files.pythonhosted.org/packages/e7/c4/fa6e16145e145e87f1fa351bbd54b429354fd72145cd3d4e0c5157cf4c70/bcrypt-5.0.0-cp39-abi3-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:a71f70ee269671460b37a449f5ff26982a6f2ba493b3eabdd687b4bf35f875ac", size = 297185 },
-    { url = "https://files.pythonhosted.org/packages/24/b4/11f8a31d8b67cca3371e046db49baa7c0594d71eb40ac8121e2fc0888db0/bcrypt-5.0.0-cp39-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:f8429e1c410b4073944f03bd778a9e066e7fad723564a52ff91841d278dfc822", size = 278656 },
-    { url = "https://files.pythonhosted.org/packages/ac/31/79f11865f8078e192847d2cb526e3fa27c200933c982c5b2869720fa5fce/bcrypt-5.0.0-cp39-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:edfcdcedd0d0f05850c52ba3127b1fce70b9f89e0fe5ff16517df7e81fa3cbb8", size = 275662 },
-    { url = "https://files.pythonhosted.org/packages/d4/8d/5e43d9584b3b3591a6f9b68f755a4da879a59712981ef5ad2a0ac1379f7a/bcrypt-5.0.0-cp39-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:611f0a17aa4a25a69362dcc299fda5c8a3d4f160e2abb3831041feb77393a14a", size = 278240 },
-    { url = "https://files.pythonhosted.org/packages/89/48/44590e3fc158620f680a978aafe8f87a4c4320da81ed11552f0323aa9a57/bcrypt-5.0.0-cp39-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:db99dca3b1fdc3db87d7c57eac0c82281242d1eabf19dcb8a6b10eb29a2e72d1", size = 311152 },
-    { url = "https://files.pythonhosted.org/packages/5f/85/e4fbfc46f14f47b0d20493669a625da5827d07e8a88ee460af6cd9768b44/bcrypt-5.0.0-cp39-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:5feebf85a9cefda32966d8171f5db7e3ba964b77fdfe31919622256f80f9cf42", size = 313284 },
-    { url = "https://files.pythonhosted.org/packages/25/ae/479f81d3f4594456a01ea2f05b132a519eff9ab5768a70430fa1132384b1/bcrypt-5.0.0-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:3ca8a166b1140436e058298a34d88032ab62f15aae1c598580333dc21d27ef10", size = 341643 },
-    { url = "https://files.pythonhosted.org/packages/df/d2/36a086dee1473b14276cd6ea7f61aef3b2648710b5d7f1c9e032c29b859f/bcrypt-5.0.0-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:61afc381250c3182d9078551e3ac3a41da14154fbff647ddf52a769f588c4172", size = 359698 },
-    { url = "https://files.pythonhosted.org/packages/c0/f6/688d2cd64bfd0b14d805ddb8a565e11ca1fb0fd6817175d58b10052b6d88/bcrypt-5.0.0-cp39-abi3-win32.whl", hash = "sha256:64d7ce196203e468c457c37ec22390f1a61c85c6f0b8160fd752940ccfb3a683", size = 153725 },
-    { url = "https://files.pythonhosted.org/packages/9f/b9/9d9a641194a730bda138b3dfe53f584d61c58cd5230e37566e83ec2ffa0d/bcrypt-5.0.0-cp39-abi3-win_amd64.whl", hash = "sha256:64ee8434b0da054d830fa8e89e1c8bf30061d539044a39524ff7dec90481e5c2", size = 150912 },
-    { url = "https://files.pythonhosted.org/packages/27/44/d2ef5e87509158ad2187f4dd0852df80695bb1ee0cfe0a684727b01a69e0/bcrypt-5.0.0-cp39-abi3-win_arm64.whl", hash = "sha256:f2347d3534e76bf50bca5500989d6c1d05ed64b440408057a37673282c654927", size = 144953 },
-    { url = "https://files.pythonhosted.org/packages/8a/75/4aa9f5a4d40d762892066ba1046000b329c7cd58e888a6db878019b282dc/bcrypt-5.0.0-pp311-pypy311_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:7edda91d5ab52b15636d9c30da87d2cc84f426c72b9dba7a9b4fe142ba11f534", size = 271180 },
-    { url = "https://files.pythonhosted.org/packages/54/79/875f9558179573d40a9cc743038ac2bf67dfb79cecb1e8b5d70e88c94c3d/bcrypt-5.0.0-pp311-pypy311_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:046ad6db88edb3c5ece4369af997938fb1c19d6a699b9c1b27b0db432faae4c4", size = 273791 },
-    { url = "https://files.pythonhosted.org/packages/bc/fe/975adb8c216174bf70fc17535f75e85ac06ed5252ea077be10d9cff5ce24/bcrypt-5.0.0-pp311-pypy311_pp73-manylinux_2_34_aarch64.whl", hash = "sha256:dcd58e2b3a908b5ecc9b9df2f0085592506ac2d5110786018ee5e160f28e0911", size = 270746 },
-    { url = "https://files.pythonhosted.org/packages/e4/f8/972c96f5a2b6c4b3deca57009d93e946bbdbe2241dca9806d502f29dd3ee/bcrypt-5.0.0-pp311-pypy311_pp73-manylinux_2_34_x86_64.whl", hash = "sha256:6b8f520b61e8781efee73cba14e3e8c9556ccfb375623f4f97429544734545b4", size = 273375 },
+version = "4.2.0"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/e4/7e/d95e7d96d4828e965891af92e43b52a4cd3395dc1c1ef4ee62748d0471d0/bcrypt-4.2.0.tar.gz", hash = "sha256:cf69eaf5185fd58f268f805b505ce31f9b9fc2d64b376642164e9244540c1221", size = 24294 }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/a9/81/4e8f5bc0cd947e91fb720e1737371922854da47a94bc9630454e7b2845f8/bcrypt-4.2.0-cp37-abi3-macosx_10_12_universal2.whl", hash = "sha256:096a15d26ed6ce37a14c1ac1e48119660f21b24cba457f160a4b830f3fe6b5cb", size = 471568 },
+    { url = "https://files.pythonhosted.org/packages/05/d2/1be1e16aedec04bcf8d0156e01b987d16a2063d38e64c3f28030a3427d61/bcrypt-4.2.0-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c02d944ca89d9b1922ceb8a46460dd17df1ba37ab66feac4870f6862a1533c00", size = 277372 },
+    { url = "https://files.pythonhosted.org/packages/e3/96/7a654027638ad9b7589effb6db77eb63eba64319dfeaf9c0f4ca953e5f76/bcrypt-4.2.0-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:1d84cf6d877918620b687b8fd1bf7781d11e8a0998f576c7aa939776b512b98d", size = 273488 },
+    { url = "https://files.pythonhosted.org/packages/46/54/dc7b58abeb4a3d95bab653405935e27ba32f21b812d8ff38f271fb6f7f55/bcrypt-4.2.0-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:1bb429fedbe0249465cdd85a58e8376f31bb315e484f16e68ca4c786dcc04291", size = 277759 },
+    { url = "https://files.pythonhosted.org/packages/ac/be/da233c5f11fce3f8adec05e8e532b299b64833cc962f49331cdd0e614fa9/bcrypt-4.2.0-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:655ea221910bcac76ea08aaa76df427ef8625f92e55a8ee44fbf7753dbabb328", size = 273796 },
+    { url = "https://files.pythonhosted.org/packages/b0/b8/8b4add88d55a263cf1c6b8cf66c735280954a04223fcd2880120cc767ac3/bcrypt-4.2.0-cp37-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:1ee38e858bf5d0287c39b7a1fc59eec64bbf880c7d504d3a06a96c16e14058e7", size = 311082 },
+    { url = "https://files.pythonhosted.org/packages/7b/76/2aa660679abbdc7f8ee961552e4bb6415a81b303e55e9374533f22770203/bcrypt-4.2.0-cp37-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:0da52759f7f30e83f1e30a888d9163a81353ef224d82dc58eb5bb52efcabc399", size = 305912 },
+    { url = "https://files.pythonhosted.org/packages/00/03/2af7c45034aba6002d4f2b728c1a385676b4eab7d764410e34fd768009f2/bcrypt-4.2.0-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:3698393a1b1f1fd5714524193849d0c6d524d33523acca37cd28f02899285060", size = 325185 },
+    { url = "https://files.pythonhosted.org/packages/dc/5d/6843443ce4ab3af40bddb6c7c085ed4a8418b3396f7a17e60e6d9888416c/bcrypt-4.2.0-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:762a2c5fb35f89606a9fde5e51392dad0cd1ab7ae64149a8b935fe8d79dd5ed7", size = 335188 },
+    { url = "https://files.pythonhosted.org/packages/cb/4c/ff8ca83d816052fba36def1d24e97d9a85739b9bbf428c0d0ecd296a07c8/bcrypt-4.2.0-cp37-abi3-win32.whl", hash = "sha256:5a1e8aa9b28ae28020a3ac4b053117fb51c57a010b9f969603ed885f23841458", size = 156481 },
+    { url = "https://files.pythonhosted.org/packages/65/f1/e09626c88a56cda488810fb29d5035f1662873777ed337880856b9d204ae/bcrypt-4.2.0-cp37-abi3-win_amd64.whl", hash = "sha256:8f6ede91359e5df88d1f5c1ef47428a4420136f3ce97763e31b86dd8280fbdf5", size = 151336 },
+    { url = "https://files.pythonhosted.org/packages/96/86/8c6a84daed4dd878fbab094400c9174c43d9b838ace077a2f8ee8bc3ae12/bcrypt-4.2.0-cp39-abi3-macosx_10_12_universal2.whl", hash = "sha256:c52aac18ea1f4a4f65963ea4f9530c306b56ccd0c6f8c8da0c06976e34a6e841", size = 472414 },
+    { url = "https://files.pythonhosted.org/packages/f6/05/e394515f4e23c17662e5aeb4d1859b11dc651be01a3bd03c2e919a155901/bcrypt-4.2.0-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3bbbfb2734f0e4f37c5136130405332640a1e46e6b23e000eeff2ba8d005da68", size = 277599 },
+    { url = "https://files.pythonhosted.org/packages/4b/3b/ad784eac415937c53da48983756105d267b91e56aa53ba8a1b2014b8d930/bcrypt-4.2.0-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3413bd60460f76097ee2e0a493ccebe4a7601918219c02f503984f0a7ee0aebe", size = 273491 },
+    { url = "https://files.pythonhosted.org/packages/cc/14/b9ff8e0218bee95e517b70e91130effb4511e8827ac1ab00b4e30943a3f6/bcrypt-4.2.0-cp39-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:8d7bb9c42801035e61c109c345a28ed7e84426ae4865511eb82e913df18f58c2", size = 277934 },
+    { url = "https://files.pythonhosted.org/packages/3e/d0/31938bb697600a04864246acde4918c4190a938f891fd11883eaaf41327a/bcrypt-4.2.0-cp39-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:3d3a6d28cb2305b43feac298774b997e372e56c7c7afd90a12b3dc49b189151c", size = 273804 },
+    { url = "https://files.pythonhosted.org/packages/e7/c3/dae866739989e3f04ae304e1201932571708cb292a28b2f1b93283e2dcd8/bcrypt-4.2.0-cp39-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:9c1c4ad86351339c5f320ca372dfba6cb6beb25e8efc659bedd918d921956bae", size = 311275 },
+    { url = "https://files.pythonhosted.org/packages/5d/2c/019bc2c63c6125ddf0483ee7d914a405860327767d437913942b476e9c9b/bcrypt-4.2.0-cp39-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:27fe0f57bb5573104b5a6de5e4153c60814c711b29364c10a75a54bb6d7ff48d", size = 306355 },
+    { url = "https://files.pythonhosted.org/packages/75/fe/9e137727f122bbe29771d56afbf4e0dbc85968caa8957806f86404a5bfe1/bcrypt-4.2.0-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:8ac68872c82f1add6a20bd489870c71b00ebacd2e9134a8aa3f98a0052ab4b0e", size = 325381 },
+    { url = "https://files.pythonhosted.org/packages/1a/d4/586b9c18a327561ea4cd336ff4586cca1a7aa0f5ee04e23a8a8bb9ca64f1/bcrypt-4.2.0-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:cb2a8ec2bc07d3553ccebf0746bbf3d19426d1c6d1adbd4fa48925f66af7b9e8", size = 335685 },
+    { url = "https://files.pythonhosted.org/packages/24/55/1a7127faf4576138bb278b91e9c75307490178979d69c8e6e273f74b974f/bcrypt-4.2.0-cp39-abi3-win32.whl", hash = "sha256:77800b7147c9dc905db1cba26abe31e504d8247ac73580b4aa179f98e6608f34", size = 155857 },
+    { url = "https://files.pythonhosted.org/packages/1c/2a/c74052e54162ec639266d91539cca7cbf3d1d3b8b36afbfeaee0ea6a1702/bcrypt-4.2.0-cp39-abi3-win_amd64.whl", hash = "sha256:61ed14326ee023917ecd093ee6ef422a72f3aec6f07e21ea5f10622b735538a9", size = 151717 },
 ]
 
 [[package]]
@@ -707,6 +667,15 @@ wheels = [
     { url = "https://files.pythonhosted.org/packages/12/b3/231ffd4ab1fc9d679809f356cebee130ac7daa00d6d6f3206dd4fd137e9e/distro-1.9.0-py3-none-any.whl", hash = "sha256:7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2", size = 20277 },
 ]
 
+[[package]]
+name = "dnspython"
+version = "2.8.0"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/8c/8b/57666417c0f90f08bcafa776861060426765fdb422eb10212086fb811d26/dnspython-2.8.0.tar.gz", hash = "sha256:181d3c6996452cb1189c4046c61599b84a5a86e099562ffde77d26984ff26d0f", size = 368251 }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/ba/5a/18ad964b0086c6e62e2e7500f7edc89e3faa45033c71c1893d34eed2b2de/dnspython-2.8.0-py3-none-any.whl", hash = "sha256:01d9bbc4a2d76bf0db7c1f729812ded6d912bd318d3b1cf81d30c0f845dbf3af", size = 331094 },
+]
+
 [[package]]
 name = "ecdsa"
 version = "0.19.1"
@@ -719,6 +688,19 @@ wheels = [
     { url = "https://files.pythonhosted.org/packages/cb/a3/460c57f094a4a165c84a1341c373b0a4f5ec6ac244b998d5021aade89b77/ecdsa-0.19.1-py2.py3-none-any.whl", hash = "sha256:30638e27cf77b7e15c4c4cc1973720149e1033827cfd00661ca5c8cc0cdb24c3", size = 150607 },
 ]
 
+[[package]]
+name = "email-validator"
+version = "2.3.0"
+source = { registry = "https://pypi.org/simple" }
+dependencies = [
+    { name = "dnspython" },
+    { name = "idna" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/f5/22/900cb125c76b7aaa450ce02fd727f452243f2e91a61af068b40adba60ea9/email_validator-2.3.0.tar.gz", hash = "sha256:9fc05c37f2f6cf439ff414f8fc46d917929974a82244c20eb10231ba60c54426", size = 51238 }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/de/15/545e2b6cf2e3be84bc1ed85613edd75b8aea69807a71c26f4ca6a9258e82/email_validator-2.3.0-py3-none-any.whl", hash = "sha256:80f13f623413e6b197ae73bb10bf4eb0908faf509ad8362c5edeb0be7fd450b4", size = 35604 },
+]
+
 [[package]]
 name = "faker"
 version = "38.2.0"
@@ -2461,6 +2443,8 @@ dependencies = [
     { name = "alembic" },
     { name = "authlib" },
     { name = "backoff" },
+    { name = "bcrypt" },
+    { name = "email-validator" },
     { name = "fastapi" },
     { name = "httpx" },
     { name = "itsdangerous" },
@@ -2524,7 +2508,9 @@ requires-dist = [
     { name = "alembic", specifier = ">=1.12.0" },
     { name = "authlib", specifier = ">=1.2.1" },
     { name = "backoff", specifier = ">=2.2.1" },
+    { name = "bcrypt", specifier = "==4.2.0" },
     { name = "black", marker = "extra == 'dev'", specifier = ">=23.12.1" },
+    { name = "email-validator", specifier = ">=2.3.0" },
     { name = "faker", marker = "extra == 'test'", specifier = ">=20.1.0" },
     { name = "fastapi", specifier = ">=0.109.0" },
     { name = "httpx", specifier = ">=0.26.0" },