Update app.py

app.py

@@ -1,19 +1,12 @@
-"""
-ORBIT – Flask Application (SaaS Edition)
-Backend: Google OAuth · SQLite/PostgreSQL · Multi-provider LLM routing
-"""
 import os
 import json
 import requests
-import fitz  # PyMuPDF
+import fitz
 
 from functools import wraps
 from datetime import datetime
 
-from flask import (
-    Flask, render_template, redirect, url_for,
-    session, jsonify, request, abort,
-)
+from flask import Flask, render_template, redirect, url_for, session, jsonify, request, abort
 from flask_cors import CORS
 from authlib.integrations.flask_client import OAuth
 
@@ -21,25 +14,13 @@ from config import Config
 from extensions import db
 from models import User, UserSettings
 
-# ── Allow HTTP for local OAuth (dev only) ───────────────────────────────────
 os.environ.setdefault("OAUTHLIB_INSECURE_TRANSPORT", "1")
 
-# ── App Factory ─────────────────────────────────────────────────────────────
 app = Flask(__name__, template_folder="templates", static_folder="static")
 app.config.from_object(Config)
 CORS(app)
 db.init_app(app)
 
-# ── FIX IFRAME & SECURITY HEADERS ───────────────────────────────────────────
-@app.after_request
-def add_header(response):
-    # Mengizinkan domain .my.id lo untuk membungkus app ini dalam iframe
-    response.headers['Content-Security-Policy'] = "frame-ancestors 'self' https://orbit-ai.my.id https://*.my.id"
-    # Menghapus batasan X-Frame-Options agar bisa tampil di domain luar
-    response.headers.pop('X-Frame-Options', None)
-    return response
-
-# ── OAuth Setup ─────────────────────────────────────────────────────────────
 oauth = OAuth(app)
 google = oauth.register(
     name="google",
@@ -49,14 +30,9 @@ google = oauth.register(
     client_kwargs={"scope": "openid email profile"},
 )
 
-# ── DB Init ──────────────────────────────────────────────────────────────────
 with app.app_context():
     db.create_all()
 
-
-# ─────────────────────────────────────────────
-# Auth helpers
-# ─────────────────────────────────────────────
 def login_required(f):
     @wraps(f)
     def decorated(*args, **kwargs):
@@ -67,68 +43,58 @@ def login_required(f):
         return f(*args, **kwargs)
     return decorated
 
-
 def get_current_user() -> User | None:
     uid = session.get("user_id")
     if not uid:
         return None
     return db.session.get(User, uid)
 
-
 def seed_user_settings(user: User):
-    """Create default UserSettings for a brand-new user."""
     cfg = Config
     settings = UserSettings(
-        user_id           = user.id,
-        provider          = cfg.DEFAULT_PROVIDER,
-        base_url          = cfg.DEFAULT_BASE_URL,
-        api_key           = "",
-        current_model     = cfg.DEFAULT_MODEL,
-        models_openrouter = list(cfg.DEFAULT_MODELS_OPENROUTER),
-        models_nvidia     = list(cfg.DEFAULT_MODELS_NVIDIA),
+        user_id=user.id,
+        provider=cfg.DEFAULT_PROVIDER,
+        base_url=cfg.DEFAULT_BASE_URL,
+        api_key="",
+        current_model=cfg.DEFAULT_MODEL,
+        models_openrouter=list(cfg.DEFAULT_MODELS_OPENROUTER),
+        models_nvidia=list(cfg.DEFAULT_MODELS_NVIDIA),
     )
     db.session.add(settings)
     db.session.commit()
 
-
-# ─────────────────────────────────────────────
-# Auth Routes
-# ─────────────────────────────────────────────
 @app.route("/auth/login")
 def auth_login():
-    redirect_uri = url_for("auth_callback", _external=True)
+    redirect_uri = "https://orbit-ai.my.id/auth/callback"
     return google.authorize_redirect(redirect_uri)
 
-
 @app.route("/auth/callback")
 def auth_callback():
     try:
-        token     = google.authorize_access_token()
+        token = google.authorize_access_token()
         user_info = token.get("userinfo") or google.userinfo()
     except Exception as e:
         return f"<h3>OAuth Error: {e}</h3><a href='/'>Retry</a>", 400
 
     google_id = user_info.get("sub")
-    email     = user_info.get("email", "")
-    name      = user_info.get("name", email)
-    picture   = user_info.get("picture", "")
+    email = user_info.get("email", "")
+    name = user_info.get("name", email)
+    picture = user_info.get("picture", "")
 
-    # Upsert user
     user = User.query.filter_by(google_id=google_id).first()
     is_new = user is None
 
     if is_new:
         user = User(google_id=google_id, email=email, name=name, picture=picture)
         db.session.add(user)
-        db.session.flush()  # get user.id before commit
+        db.session.flush()
     else:
-        user.name    = name
+        user.name = name
         user.picture = picture
         user.last_login = datetime.utcnow()
 
     db.session.commit()
 
-    # Seed settings for first-time users
     if is_new or user.settings is None:
         seed_user_settings(user)
 
@@ -136,32 +102,22 @@ def auth_callback():
     session["user_id"] = user.id
     return redirect(url_for("index"))
 
-
 @app.route("/auth/logout")
 def auth_logout():
     session.clear()
     return redirect(url_for("login_page"))
 
-
-# ─────────────────────────────────────────────
-# Page Routes
-# ─────────────────────────────────────────────
 @app.route("/login")
 def login_page():
     if "user_id" in session:
         return redirect(url_for("index"))
     return render_template("login.html")
 
-
 @app.route("/")
 @login_required
 def index():
     return render_template("index.html")
 
-
-# ─────────────────────────────────────────────
-# API: Current User
-# ─────────────────────────────────────────────
 @app.route("/api/me")
 @login_required
 def api_me():
@@ -170,26 +126,21 @@ def api_me():
         return jsonify({"error": "User not found."}), 404
     return jsonify(user.to_dict())
 
-
-# ─────────────────────────────────────────────
-# API: User Settings
-# ─────────────────────────────────────────────
 @app.route("/api/settings", methods=["GET"])
 @login_required
 def api_settings_get():
     user = get_current_user()
-    s    = user.settings
+    s = user.settings
     if not s:
         seed_user_settings(user)
         s = user.settings
     return jsonify(s.to_dict())
 
-
 @app.route("/api/settings", methods=["POST"])
 @login_required
 def api_settings_post():
     user = get_current_user()
-    s    = user.settings
+    s = user.settings
     if not s:
         seed_user_settings(user)
         s = user.settings
@@ -198,7 +149,6 @@ def api_settings_post():
 
     if "provider" in data:
         s.provider = data["provider"]
-        # Auto-set base_url from known providers
         s.base_url = Config.PROVIDER_URLS.get(data["provider"], s.base_url)
 
     if "base_url" in data and data["base_url"].strip():
@@ -220,49 +170,40 @@ def api_settings_post():
     db.session.commit()
     return jsonify(s.to_dict())
 
-
-# ─────────────────────────────────────────────
-# API: Chat
-# ─────────────────────────────────────────────
 @app.route("/api/chat", methods=["POST"])
 @login_required
 def api_chat():
     user = get_current_user()
-    s    = user.settings
+    s = user.settings
     if not s:
-        return jsonify({"error": "Settings not configured. Please save your API key first."}), 400
+        return jsonify({"error": "Settings not configured."}), 400
 
-    data     = request.get_json(force=True) or {}
-    prompt   = (data.get("prompt") or "").strip()
+    data = request.get_json(force=True) or {}
+    prompt = (data.get("prompt") or "").strip()
     messages = data.get("messages", [])
-    # Allow client to override model (from the dropdown)
-    model    = (data.get("model") or s.current_model or "").strip()
+    model = (data.get("model") or s.current_model or "").strip()
 
     if not prompt:
         return jsonify({"error": "Prompt is required."}), 400
     if not s.api_key:
-        return jsonify({"error": "No API key saved. Please open Settings and add your API key."}), 400
+        return jsonify({"error": "No API key saved."}), 400
     if not model:
         return jsonify({"error": "No model selected."}), 400
 
     SYSTEM_PROMPT = (
         "You are ORBIT, an intelligent Educational Research Assistant. "
         "Provide accurate, well-structured academic answers. "
-        "Use Markdown formatting (bold, bullet points, code blocks) where appropriate. "
+        "Use Markdown formatting where appropriate. "
         "Keep responses concise unless the user requests more detail."
     )
 
-    api_key  = s.api_key
+    api_key = s.api_key
     base_url = s.base_url
     provider = s.provider
 
     try:
-        # ── Google Gemini ─────────────────────────────��──────────────────
         if provider == "Google Gemini":
-            gemini_url = (
-                f"https://generativelanguage.googleapis.com/v1beta/models/"
-                f"{model}:generateContent?key={api_key}"
-            )
+            gemini_url = f"https://generativelanguage.googleapis.com/v1beta/models/{model}:generateContent?key={api_key}"
             contents = []
             for m in messages[-10:]:
                 role = "user" if m.get("role") == "user" else "model"
@@ -281,7 +222,6 @@ def api_chat():
                 reply = json.dumps(result)
             return jsonify({"reply": reply})
 
-        # ── OpenAI-Compatible ────────────────────────────────────────────
         headers = {
             "Content-Type": "application/json",
             "Authorization": f"Bearer {api_key}",
@@ -296,7 +236,7 @@ def api_chat():
             composed.append({"role": "user", "content": prompt})
 
         payload = {"model": model, "messages": composed, "temperature": 0.6, "max_tokens": 1536}
-        resp    = requests.post(base_url, headers=headers, json=payload, timeout=60)
+        resp = requests.post(base_url, headers=headers, json=payload, timeout=60)
 
         if resp.status_code != 200:
             try:
@@ -309,16 +249,12 @@ def api_chat():
         return jsonify({"reply": reply})
 
     except requests.exceptions.Timeout:
-        return jsonify({"error": "Request timed out. The model is taking too long."}), 504
+        return jsonify({"error": "Request timed out."}), 504
     except requests.exceptions.ConnectionError:
         return jsonify({"error": "Could not connect to the AI provider."}), 503
     except Exception as e:
         return jsonify({"error": f"Server error: {str(e)}"}), 500
 
-
-# ─────────────────────────────────────────────
-# API: Upload PDF
-# ─────────────────────────────────────────────
 @app.route("/api/upload_pdf", methods=["POST"])
 @login_required
 def api_upload_pdf():
@@ -354,7 +290,7 @@ def api_upload_pdf():
 
         full_text = "\n\n".join(parts).strip()
         if not full_text:
-            return jsonify({"error": "Could not extract readable text. PDF may be image-based."}), 422
+            return jsonify({"error": "Could not extract readable text."}), 422
 
         return jsonify({"text": full_text, "filename": f.filename, "word_count": word_count})
 
@@ -363,14 +299,10 @@ def api_upload_pdf():
     except Exception as e:
         return jsonify({"error": f"PDF error: {str(e)}"}), 500
 
-
-# ─────────────────────────────────────────────
-# API: Validate DOI
-# ─────────────────────────────────────────────
 @app.route("/api/validate_doi", methods=["POST"])
 @login_required
 def api_validate_doi():
-    data    = request.get_json(force=True) or {}
+    data = request.get_json(force=True) or {}
     raw_doi = (data.get("doi") or "").strip()
     if not raw_doi:
         return jsonify({"error": "DOI is required."}), 400
@@ -393,8 +325,8 @@ def api_validate_doi():
 
         work = resp.json().get("message", {})
 
-        titles  = work.get("title", [])
-        title   = titles[0] if titles else "No title available"
+        titles = work.get("title", [])
+        title = titles[0] if titles else "No title available"
 
         authors_raw = work.get("author", [])
         if authors_raw:
@@ -413,8 +345,8 @@ def api_validate_doi():
                 break
 
         containers = work.get("container-title", [])
-        journal    = containers[0] if containers else work.get("publisher", "N/A")
-        pub_type   = work.get("type", "journal-article").replace("-", " ").title()
+        journal = containers[0] if containers else work.get("publisher", "N/A")
+        pub_type = work.get("type", "journal-article").replace("-", " ").title()
 
         return jsonify({"doi": raw_doi, "title": title, "authors": authors,
                         "year": year, "journal": journal, "type": pub_type})
@@ -426,15 +358,6 @@ def api_validate_doi():
     except Exception as e:
         return jsonify({"error": f"DOI error: {str(e)}"}), 500
 
-
-# ─────────────────────────────────────────────
-# Entry Point
-# ─────────────────────────────────────────────
 if __name__ == "__main__":
-    # Hugging Face menggunakan port 7860 secara default
     port = int(os.environ.get("PORT", 7860))
-    
-    # Cetak info untuk log server
-    print(f"[ORBIT] Starting server on port {port}...")
-    
     app.run(host="0.0.0.0", port=port, debug=False)