Update Firebase initialization to auto-detect credentials file and add setup guide

FIREBASE_SETUP.md

@@ -0,0 +1,156 @@
+# Firebase Setup Guide
+
+## Firebase Project Information
+
+**Project ID:** `colorize-662df`  
+**Credentials File:** `colorize-662df-firebase-adminsdk-fbsvc-bfd21c77c6.json`
+
+## Required Firebase Configuration
+
+### 1. Firebase Admin SDK Credentials ✅
+The credentials file is already in the project:
+- File: `colorize-662df-firebase-adminsdk-fbsvc-bfd21c77c6.json`
+- The application will automatically detect and use this file
+
+### 2. Firebase Web API Key (Required for Login/Register)
+
+To get your Firebase Web API Key:
+
+1. Go to [Firebase Console](https://console.firebase.google.com/)
+2. Select your project: **colorize-662df**
+3. Click the gear icon ⚙️ → **Project settings**
+4. Scroll down to **Your apps** section
+5. Find the **Web API Key** (starts with `AIza...`)
+6. Copy this key
+
+**Set it as environment variable:**
+```bash
+export FIREBASE_API_KEY="AIzaSyBIB6rcfyyqy5niERTXWvVD714Ter4Vx68"
+```
+
+Or in Hugging Face Spaces:
+- Go to Settings → Secrets
+- Add secret: `FIREBASE_API_KEY` = `AIzaSyBIB6rcfyyqy5niERTXWvVD714Ter4Vx68`
+
+### 3. Firebase App Check Configuration
+
+For App Check to work, you need:
+
+1. **Enable App Check in Firebase Console:**
+   - Go to Firebase Console → **App Check**
+   - Register your app
+   - Choose **reCAPTCHA Enterprise** provider
+   - Get your **reCAPTCHA Site Key**
+
+2. **Frontend Setup:**
+   ```javascript
+   import { initializeApp } from "firebase/app";
+   import { initializeAppCheck, ReCaptchaEnterpriseProvider, getToken } from "firebase/app-check";
+
+   const firebaseConfig = {
+     apiKey: "AIzaSyBIB6rcfyyqy5niERTXWvVD714Ter4Vx68",
+     authDomain: "colorize-662df.firebaseapp.com",
+     projectId: "colorize-662df",
+     storageBucket: "colorize-662df.firebasestorage.app",
+     messagingSenderId: "69166278311",
+     appId: "1:69166278311:web:0e8c50b8dd8627aaeadd82",
+     measurementId: "G-58CC2J8XKX"
+   };
+
+   const app = initializeApp(firebaseConfig);
+
+   const appCheck = initializeAppCheck(app, {
+     provider: new ReCaptchaEnterpriseProvider('YOUR_RECAPTCHA_SITE_KEY'),
+     isTokenAutoRefreshEnabled: true
+   });
+
+   // Get token for API requests
+   const token = await getToken(appCheck);
+   ```
+
+## Environment Variables
+
+### For Local Development:
+```bash
+# Firebase credentials (optional if file is in project root)
+export FIREBASE_CREDENTIALS_PATH="./colorize-662df-firebase-adminsdk-fbsvc-bfd21c77c6.json"
+
+# Firebase Web API Key (required for /auth/login and /auth/register)
+export FIREBASE_API_KEY="AIzaSyBIB6rcfyyqy5niERTXWvVD714Ter4Vx68"
+
+# Optional: Disable auth for testing
+export DISABLE_AUTH="false"
+
+# Optional: Disable App Check
+export ENABLE_APP_CHECK="true"
+```
+
+### For Hugging Face Spaces:
+Add these as **Secrets** in Space Settings:
+
+1. **FIREBASE_CREDENTIALS** - Paste the entire contents of `colorize-662df-firebase-adminsdk-fbsvc-bfd21c77c6.json`
+2. **FIREBASE_API_KEY** - Your Web API Key (`AIzaSyBIB6rcfyyqy5niERTXWvVD714Ter4Vx68`)
+3. **HF_TOKEN** - Your Hugging Face token (for Inference API)
+
+## Testing Firebase Connection
+
+### Test 1: Health Check (No Auth Required)
+```bash
+curl https://logicgoinfotechspaces-text-guided-image-colorization.hf.space/health
+```
+
+### Test 2: Register User (Requires FIREBASE_API_KEY)
+```bash
+curl -X POST https://logicgoinfotechspaces-text-guided-image-colorization.hf.space/auth/register \
+  -H "Content-Type: application/json" \
+  -d '{
+    "email": "test@example.com",
+    "password": "password123",
+    "display_name": "Test User"
+  }'
+```
+
+### Test 3: Login (Requires FIREBASE_API_KEY)
+```bash
+curl -X POST https://logicgoinfotechspaces-text-guided-image-colorization.hf.space/auth/login \
+  -H "Content-Type: application/json" \
+  -d '{
+    "email": "test@example.com",
+    "password": "password123"
+  }'
+```
+
+### Test 4: Colorize with App Check Token
+```bash
+curl -X POST https://logicgoinfotechspaces-text-guided-image-colorization.hf.space/colorize \
+  -H "X-Firebase-AppCheck: YOUR_APP_CHECK_TOKEN" \
+  -F "file=@image.jpg"
+```
+
+## Troubleshooting
+
+### Issue: "Firebase not initialized"
+**Solution:** Make sure the credentials file exists and is readable
+
+### Issue: "Firebase API key not configured" (for login/register)
+**Solution:** Set `FIREBASE_API_KEY` environment variable
+
+### Issue: "Invalid App Check token"
+**Solution:** 
+1. Make sure App Check is enabled in Firebase Console
+2. Verify you're sending the token in `X-Firebase-AppCheck` header
+3. Check that reCAPTCHA Enterprise is properly configured
+
+### Issue: "Missing App Check token"
+**Solution:** 
+- Either provide `X-Firebase-AppCheck` header
+- Or set `ENABLE_APP_CHECK=false` to disable (not recommended for production)
+
+## Current Firebase Config
+
+Based on your credentials file:
+- **Project ID:** `colorize-662df`
+- **Service Account:** `firebase-adminsdk-fbsvc@colorize-662df.iam.gserviceaccount.com`
+- **Auth Domain:** `colorize-662df.firebaseapp.com`
+- **Storage Bucket:** `colorize-662df.firebasestorage.app`
+

app/main_sdxl.py

@@ -56,19 +56,46 @@ app.add_middleware(
 )
 
 # Initialize Firebase Admin SDK
-firebase_cred_path = os.getenv("FIREBASE_CREDENTIALS_PATH", "/tmp/firebase-adminsdk.json")
-if os.path.exists(firebase_cred_path):
-    try:
-        cred = credentials.Certificate(firebase_cred_path)
-        firebase_admin.initialize_app(cred)
-        logger.info("Firebase Admin SDK initialized")
-    except Exception as e:
-        logger.warning("Failed to initialize Firebase: %s", str(e))
+# Try multiple possible paths for Firebase credentials
+firebase_cred_paths = [
+    os.getenv("FIREBASE_CREDENTIALS_PATH"),
+    "/tmp/firebase-adminsdk.json",
+    "/data/firebase-adminsdk.json",
+    "colorize-662df-firebase-adminsdk-fbsvc-bfd21c77c6.json",
+    os.path.join(os.path.dirname(__file__), "..", "colorize-662df-firebase-adminsdk-fbsvc-bfd21c77c6.json"),
+]
+
+firebase_initialized = False
+for cred_path in firebase_cred_paths:
+    if not cred_path:
+        continue
+    cred_path = os.path.abspath(cred_path)
+    if os.path.exists(cred_path):
         try:
-            firebase_admin.initialize_app()
-        except:
-            pass
-else:
+            cred = credentials.Certificate(cred_path)
+            firebase_admin.initialize_app(cred)
+            logger.info("Firebase Admin SDK initialized from: %s", cred_path)
+            firebase_initialized = True
+            break
+        except Exception as e:
+            logger.warning("Failed to initialize Firebase from %s: %s", cred_path, str(e))
+            continue
+
+# Also try loading from environment variable (for Hugging Face Spaces)
+if not firebase_initialized:
+    firebase_json = os.getenv("FIREBASE_CREDENTIALS")
+    if firebase_json:
+        try:
+            import json
+            firebase_dict = json.loads(firebase_json)
+            cred = credentials.Certificate(firebase_dict)
+            firebase_admin.initialize_app(cred)
+            logger.info("Firebase Admin SDK initialized from environment variable")
+            firebase_initialized = True
+        except Exception as e:
+            logger.warning("Failed to initialize Firebase from environment: %s", str(e))
+
+if not firebase_initialized:
     logger.warning("Firebase credentials file not found. App Check will be disabled.")
     try:
         firebase_admin.initialize_app()
@@ -220,10 +247,29 @@ def _extract_bearer_token(authorization_header: str | None) -> str | None:
 
 
 async def verify_request(request: Request):
-    """Verify Firebase authentication"""
+    """
+    Verify Firebase authentication.
+    Priority:
+    1. Firebase App Check token (X-Firebase-AppCheck header) - Primary method per documentation
+    2. Firebase Auth ID token (Authorization: Bearer header) - Fallback for auth endpoints
+    """
     if not firebase_admin._apps or os.getenv("DISABLE_AUTH", "false").lower() == "true":
         return True
 
+    # Primary: Check Firebase App Check token (X-Firebase-AppCheck header)
+    app_check_token = request.headers.get("X-Firebase-AppCheck")
+    if app_check_token:
+        try:
+            app_check_claims = app_check.verify_token(app_check_token)
+            logger.info("App Check token verified for: %s", app_check_claims.get("app_id"))
+            return True
+        except Exception as e:
+            logger.warning("App Check token verification failed: %s", str(e))
+            if settings.ENABLE_APP_CHECK:
+                raise HTTPException(status_code=401, detail="Invalid App Check token")
+
+    # Secondary: Check Firebase Auth ID token (Authorization: Bearer header)
+    # This is for /auth/* endpoints that use email/password login
     bearer = _extract_bearer_token(request.headers.get("Authorization"))
     if bearer:
         try:
@@ -234,18 +280,13 @@ async def verify_request(request: Request):
         except Exception as e:
             logger.warning("Auth token verification failed: %s", str(e))
 
+    # If App Check is enabled and no valid token provided, require it
     if settings.ENABLE_APP_CHECK:
-        app_check_token = request.headers.get("X-Firebase-AppCheck")
         if not app_check_token:
             raise HTTPException(status_code=401, detail="Missing App Check token")
-        try:
-            app_check_claims = app_check.verify_token(app_check_token)
-            logger.info("App Check token verified for: %s", app_check_claims.get("app_id"))
-            return True
-        except Exception as e:
-            logger.warning("App Check token verification failed: %s", str(e))
-            raise HTTPException(status_code=401, detail="Invalid App Check token")
+        raise HTTPException(status_code=401, detail="Invalid App Check token")
 
+    # If auth is disabled, allow access
     return True
 
 
@@ -447,15 +488,17 @@ async def api_info():
         "version": "1.0.0",
         "endpoints": {
             "health": "/health",
+            "upload": "/upload",
+            "colorize": "/colorize",
+            "download": "/download/{file_id}",
+            "results": "/results/{filename}",
+            "uploads": "/uploads/{filename}",
             "auth": {
                 "register": "/auth/register",
                 "login": "/auth/login",
                 "me": "/auth/me",
                 "refresh": "/auth/refresh"
             },
-            "colorize": "/colorize",
-            "download": "/download/{file_id}",
-            "results": "/results/{filename}",
             "gradio": "/"
         }
     }
@@ -543,6 +586,48 @@ def colorize_image_sdxl(
         raise RuntimeError(f"Failed to colorize image: {str(e)}")
 
 
+@app.post("/upload")
+async def upload_image(
+    file: UploadFile = File(...),
+    verified: bool = Depends(verify_request)
+):
+    """
+    Upload an image and get the uploaded image URL.
+    Requires Firebase App Check authentication.
+    """
+    if not file.content_type or not file.content_type.startswith("image/"):
+        raise HTTPException(status_code=400, detail="File must be an image")
+    
+    try:
+        # Generate unique filename
+        file_extension = file.filename.split('.')[-1] if file.filename else 'jpg'
+        image_id = f"{uuid.uuid4()}.{file_extension}"
+        file_path = UPLOAD_DIR / image_id
+        
+        # Save uploaded file
+        img_bytes = await file.read()
+        with open(file_path, "wb") as f:
+            f.write(img_bytes)
+        
+        logger.info("Image uploaded: %s", image_id)
+        
+        # Get base URL from settings or environment
+        base_url = os.getenv("BASE_URL", settings.BASE_URL)
+        if not base_url or base_url == "http://localhost:8000":
+            # Try to get from request
+            base_url = "https://logicgoinfotechspaces-text-guided-image-colorization.hf.space"
+        
+        return JSONResponse({
+            "success": True,
+            "image_id": image_id.replace(f".{file_extension}", ""),
+            "image_url": f"{base_url}/uploads/{image_id}",
+            "filename": image_id
+        })
+    except Exception as e:
+        logger.error("Error uploading image: %s", str(e))
+        raise HTTPException(status_code=500, detail=f"Error uploading image: {str(e)}")
+
+
 @app.post("/colorize")
 async def colorize_api(
     file: UploadFile = File(...),
@@ -581,12 +666,20 @@ async def colorize_api(
         
         logger.info("Colorized image saved: %s", output_filename)
         
+        # Get base URL from settings or environment
+        base_url = os.getenv("BASE_URL", settings.BASE_URL)
+        if not base_url or base_url == "http://localhost:8000":
+            base_url = "https://logicgoinfotechspaces-text-guided-image-colorization.hf.space"
+        
+        result_id = output_filename.replace(".png", "")
+        
         return JSONResponse({
             "success": True,
-            "result_id": output_filename.replace(".png", ""),
-            "caption": caption,
-            "download_url": f"/results/{output_filename}",
-            "api_download": f"/download/{output_filename.replace('.png', '')}"
+            "result_id": result_id,
+            "download_url": f"{base_url}/results/{output_filename}",
+            "api_download_url": f"{base_url}/download/{result_id}",
+            "filename": output_filename,
+            "caption": caption
         })
     except Exception as e:
         logger.error("Error colorizing image: %s", str(e))