fix auth

app/auth/controls.py

@@ -78,14 +78,12 @@ async def login_control(access_token: str, db: AsyncSession) -> dict:
             detail="Email not provided by Google"
         )
     
-    # Check if user exists
+    # Check if user exists by email in profiles table
     result = await db.execute(
         text("""
-            SELECT id, full_name, avatar_url, role
-            FROM profiles
-            WHERE id = (
-                SELECT id FROM auth.users WHERE email = :email
-            )
+            SELECT p.id, p.full_name, p.avatar_url, p.role, p.email
+            FROM profiles p
+            WHERE p.email = :email
         """),
         {"email": email}
     )
@@ -106,28 +104,57 @@ async def login_control(access_token: str, db: AsyncSession) -> dict:
             )
             await db.commit()
     else:
-        # Create new user
-        user_id = str(uuid4())
+        # Create new user using Supabase Admin API
+        from app.shared.integrations.supabase_client import supabase
         
-        # Create auth.users entry (assuming Supabase-like schema)
-        await db.execute(
-            text("""
-                INSERT INTO auth.users (id, email, created_at)
-                VALUES (:id, :email, NOW())
-                ON CONFLICT (email) DO UPDATE SET email = :email
-                RETURNING id
-            """),
-            {"id": user_id, "email": email}
-        )
+        try:
+            # Create user in auth.users using Supabase Admin API
+            auth_response = supabase.auth.admin.create_user({
+                "email": email,
+                "email_confirm": True,  # Auto-confirm email for OAuth users
+                "user_metadata": {
+                    "full_name": full_name,
+                    "avatar_url": avatar_url,
+                    "provider": "google"
+                }
+            })
+            
+            user_id = auth_response.user.id
+            
+        except Exception as e:
+            # If user already exists in auth.users, try to get their ID
+            try:
+                # Query auth.users to get existing user
+                auth_result = await db.execute(
+                    text("SELECT id FROM auth.users WHERE email = :email"),
+                    {"email": email}
+                )
+                auth_row = auth_result.fetchone()
+                
+                if auth_row:
+                    user_id = str(auth_row.id)
+                else:
+                    raise HTTPException(
+                        status_code=500,
+                        detail=f"Failed to create or retrieve user: {str(e)}"
+                    )
+            except Exception as inner_e:
+                raise HTTPException(
+                    status_code=500,
+                    detail=f"Failed to create user: {str(e)}, {str(inner_e)}"
+                )
         
-        # Create profile
+        # Create profile in profiles table
         await db.execute(
             text("""
-                INSERT INTO profiles (id, full_name, avatar_url, role, locale, created_at, updated_at)
-                VALUES (:id, :full_name, :avatar_url, 'tourist', 'vi_VN', NOW(), NOW())
+                INSERT INTO profiles (id, email, full_name, avatar_url, role, locale, created_at, updated_at)
+                VALUES (:id, :email, :full_name, :avatar_url, 'tourist', 'vi_VN', NOW(), NOW())
+                ON CONFLICT (id) DO UPDATE 
+                SET email = :email, full_name = :full_name, avatar_url = :avatar_url, updated_at = NOW()
             """),
             {
                 "id": user_id,
+                "email": email,
                 "full_name": full_name,
                 "avatar_url": avatar_url
             }

app/itineraries/router.py

@@ -336,42 +336,57 @@ async def add_stop(
     # Get place snapshot - prefer from request, otherwise from DB
     snapshot = request.snapshot
     if not snapshot:
-        # Try to fetch from database
-        place_result = await db.execute(
-            text("SELECT name, category, address, rating FROM places_metadata WHERE place_id = :place_id"),
-            {"place_id": request.place_id}
-        )
-        place_row = place_result.fetchone()
-        if place_row:
-            snapshot = {
-                "name": place_row.name,
-                "category": place_row.category,
-                "address": place_row.address,
-                "rating": float(place_row.rating) if place_row.rating else None,
-            }
+        # Try to fetch from database (optional - don't fail if not found)
+        try:
+            place_result = await db.execute(
+                text("SELECT name, category, address, rating FROM places_metadata WHERE place_id = :place_id"),
+                {"place_id": request.place_id}
+            )
+            place_row = place_result.fetchone()
+            if place_row:
+                snapshot = {
+                    "name": place_row.name,
+                    "category": place_row.category,
+                    "address": place_row.address,
+                    "rating": float(place_row.rating) if place_row.rating else None,
+                }
+        except Exception as e:
+            # Log but don't fail - snapshot is optional
+            print(f"Warning: Could not fetch place metadata for {request.place_id}: {e}")
     
-    
-    # Insert stop
-    result = await db.execute(
-        text("""
-            INSERT INTO itinerary_stops (itinerary_id, day_index, order_index, place_id, arrival_time, stay_minutes, notes, tags, snapshot)
-            VALUES (:itinerary_id, :day_index, :order_index, :place_id, :arrival_time, :stay_minutes, :notes, :tags, :snapshot)
-            RETURNING id, itinerary_id, day_index, order_index, place_id, arrival_time, stay_minutes, notes, tags, snapshot, created_at, updated_at
-        """),
-        {
-            "itinerary_id": itinerary_id,
-            "day_index": request.day_index,
-            "order_index": request.order_index,
-            "place_id": request.place_id,
-            "arrival_time": request.arrival_time,
-            "stay_minutes": request.stay_minutes,
-            "notes": request.notes,
-            "tags": request.tags,
-            "snapshot": snapshot,
-        }
-    )
-    await db.commit()
-    row = result.fetchone()
+    try:
+        # Insert stop
+        result = await db.execute(
+            text("""
+                INSERT INTO itinerary_stops (itinerary_id, day_index, order_index, place_id, arrival_time, stay_minutes, notes, tags, snapshot)
+                VALUES (:itinerary_id, :day_index, :order_index, :place_id, :arrival_time, :stay_minutes, :notes, :tags, :snapshot)
+                RETURNING id, itinerary_id, day_index, order_index, place_id, arrival_time, stay_minutes, notes, tags, snapshot, created_at, updated_at
+            """),
+            {
+                "itinerary_id": itinerary_id,
+                "day_index": request.day_index,
+                "order_index": request.order_index,
+                "place_id": request.place_id,
+                "arrival_time": request.arrival_time,
+                "stay_minutes": request.stay_minutes,
+                "notes": request.notes,
+                "tags": request.tags,
+                "snapshot": snapshot,
+            }
+        )
+        await db.commit()
+        row = result.fetchone()
+    except Exception as e:
+        # Rollback and provide detailed error
+        await db.rollback()
+        error_msg = str(e)
+        print(f"❌ Database error adding stop: {error_msg}")
+        print(f"   place_id: {request.place_id}")
+        print(f"   snapshot: {snapshot}")
+        raise HTTPException(
+            status_code=500, 
+            detail=f"Database error: {error_msg}"
+        )
     
     stop = Stop(
         id=str(row.id),