Updated files

Dockerfile

@@ -108,4 +108,4 @@ HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
     CMD curl -f http://localhost:7860/health || exit 1
 
 # Start the application
-CMD ["python", "main.py"]
+CMD ["python", "app.py"]

app.py

@@ -0,0 +1,784 @@
+
+# ==== Hugging Face Spaces Environment Setup (from main.py) ====
+import os
+import sys
+import json
+import asyncio
+from typing import Dict, List, Optional, Any
+from datetime import datetime
+from pathlib import Path
+from contextlib import asynccontextmanager
+
+# Set up environment variables for Hugging Face Spaces compatibility
+def setup_environment():
+    env_vars = {
+        'DATA_DIR': '/tmp/researchmate/data',
+        'LOGS_DIR': '/tmp/researchmate/logs',
+        'CHROMA_DIR': '/tmp/researchmate/chroma_persist',
+        'UPLOADS_DIR': '/tmp/researchmate/uploads',
+        'CHROMA_DB_DIR': '/tmp/researchmate/chroma_db',
+        'CONFIG_DIR': '/tmp/researchmate/config',
+        'TEMP_DIR': '/tmp/researchmate/tmp',
+        'CHROMA_PERSIST_DIR': '/tmp/researchmate/chroma_persist',
+        'MPLCONFIGDIR': '/tmp/matplotlib',
+        'TRANSFORMERS_CACHE': '/tmp/transformers',
+        'HF_HOME': '/tmp/huggingface',
+        'SENTENCE_TRANSFORMERS_HOME': '/tmp/sentence_transformers',
+        'HF_DATASETS_CACHE': '/tmp/datasets',
+        'HUGGINGFACE_HUB_CACHE': '/tmp/huggingface_hub',
+        'XDG_CACHE_HOME': '/tmp/cache',
+        'PYTORCH_KERNEL_CACHE_PATH': '/tmp/cache',
+        'TORCH_HOME': '/tmp/cache',
+        'NLTK_DATA': '/tmp/cache/nltk_data',
+        'TOKENIZERS_PARALLELISM': 'false',
+        'HOME': '/tmp/cache',
+        'TMPDIR': '/tmp/researchmate/tmp',
+        'HF_DATASETS_OFFLINE': '1',
+        'HF_HUB_OFFLINE': '0',
+    }
+    for key, value in env_vars.items():
+        os.environ[key] = value
+    sys.path.insert(0, '/tmp/cache')
+    directories = [
+        '/tmp/researchmate/data',
+        '/tmp/researchmate/logs',
+        '/tmp/researchmate/chroma_persist',
+        '/tmp/researchmate/uploads',
+        '/tmp/researchmate/chroma_db',
+        '/tmp/researchmate/config',
+        '/tmp/researchmate/tmp',
+        '/tmp/matplotlib',
+        '/tmp/transformers',
+        '/tmp/huggingface',
+        '/tmp/sentence_transformers',
+        '/tmp/datasets',
+        '/tmp/huggingface_hub',
+        '/tmp/cache',
+        '/tmp/cache/nltk_data'
+    ]
+    for directory in directories:
+        try:
+            path = Path(directory)
+            path.mkdir(parents=True, exist_ok=True)
+            path.chmod(0o777)
+        except Exception as e:
+            print(f"⚠ Warning: Could not create directory {directory}: {e}")
+
+setup_environment()
+
+# Add the project root to Python path
+sys.path.append(str(Path(__file__).parent))
+
+from fastapi import FastAPI, HTTPException, UploadFile, File, Form, Request, Depends
+from fastapi.staticfiles import StaticFiles
+from fastapi.templating import Jinja2Templates
+from fastapi.responses import HTMLResponse, JSONResponse, RedirectResponse, FileResponse
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from pydantic import BaseModel, Field
+import uvicorn
+
+# Import settings and ResearchMate components
+from src.components.research_assistant import ResearchMate
+from src.components.citation_network import CitationNetworkAnalyzer
+from src.components.auth import AuthManager
+
+# Initialize only essential components at startup (fast components only)
+auth_manager = AuthManager()
+security = HTTPBearer(auto_error=False)
+
+# Simple settings for development
+
+# Settings for Hugging Face Spaces: use /tmp dirs
+class Settings:
+    def __init__(self):
+        self.server = type('ServerSettings', (), {
+            'debug': False,
+            'host': '0.0.0.0',
+            'port': int(os.environ.get('PORT', 7860))  # Default to 7860 for HF Spaces
+        })()
+        self.security = type('SecuritySettings', (), {
+            'cors_origins': ["*"],
+            'cors_methods': ["*"],
+            'cors_headers': ["*"]
+        })()
+    def get_static_dir(self):
+        return "/tmp/researchmate/static"
+    def get_templates_dir(self):
+        return "src/templates"  # Templates can remain in src
+    def get_upload_dir(self):
+        return "/tmp/researchmate/uploads"
+    def get_logs_dir(self):
+        return "/tmp/researchmate/logs"
+
+settings = Settings()
+
+# Initialize ResearchMate and Citation Analyzer (will be done during loading screen)
+research_mate = None
+citation_analyzer = None
+
+# Global initialization flag
+research_mate_initialized = False
+initialization_in_progress = False
+
+async def initialize_research_mate():
+    """Initialize ResearchMate and Citation Analyzer in the background"""
+    global research_mate, citation_analyzer, research_mate_initialized, initialization_in_progress
+    
+    if initialization_in_progress:
+        return
+    
+    initialization_in_progress = True
+    print("🚀 Starting ResearchMate background initialization...")
+    
+    try:
+        # Run initialization in thread pool to avoid blocking
+        import concurrent.futures
+        with concurrent.futures.ThreadPoolExecutor() as executor:
+            loop = asyncio.get_event_loop()
+            
+            print("📊 Initializing Citation Network Analyzer...")
+            citation_analyzer = await loop.run_in_executor(executor, CitationNetworkAnalyzer)
+            print("✅ Citation Network Analyzer initialized!")
+            
+            print("🧠 Initializing ResearchMate core...")
+            research_mate = await loop.run_in_executor(executor, ResearchMate)
+            print("✅ ResearchMate core initialized!")
+        
+        research_mate_initialized = True
+        print("🎉 All components initialized successfully!")
+    except Exception as e:
+        print(f"❌ Failed to initialize components: {e}")
+        print("⚠️  Server will start but some features may not work")
+        research_mate = None
+        citation_analyzer = None
+        research_mate_initialized = False
+    finally:
+        initialization_in_progress = False
+
+# Pydantic models for API
+class SearchQuery(BaseModel):
+    query: str = Field(..., description="Search query")
+    max_results: int = Field(default=10, ge=1, le=50, description="Maximum number of results")
+
+class QuestionQuery(BaseModel):
+    question: str = Field(..., description="Research question")
+
+class ProjectCreate(BaseModel):
+    name: str = Field(..., description="Project name")
+    research_question: str = Field(..., description="Research question")
+    keywords: List[str] = Field(..., description="Keywords")
+
+class ProjectQuery(BaseModel):
+    project_id: str = Field(..., description="Project ID")
+    question: str = Field(..., description="Question about the project")
+
+class TrendQuery(BaseModel):
+    topic: str = Field(..., description="Research topic")
+
+# Authentication models
+class LoginRequest(BaseModel):
+    username: str = Field(..., description="Username")
+    password: str = Field(..., description="Password")
+
+class RegisterRequest(BaseModel):
+    username: str = Field(..., description="Username")
+    email: str = Field(..., description="Email address")
+    password: str = Field(..., description="Password")
+
+# Authentication dependency for API endpoints
+async def get_current_user_dependency(request: Request, credentials: HTTPAuthorizationCredentials = Depends(security)):
+    user = None
+    
+    # Try Authorization header first
+    if credentials:
+        user = auth_manager.verify_token(credentials.credentials)
+    
+    # If no user from header, try cookie
+    if not user:
+        token = request.cookies.get('authToken')
+        if token:
+            user = auth_manager.verify_token(token)
+    
+    if not user:
+        raise HTTPException(status_code=401, detail="Authentication required")
+    
+    return user
+
+# Authentication for web pages (checks both header and cookie)
+async def get_current_user_web(request: Request):
+    """Get current user for web page requests (checks both Authorization header and cookies)"""
+    user = None
+    
+    # First try Authorization header
+    try:
+        credentials = await security(request)
+        if credentials:
+            user = auth_manager.verify_token(credentials.credentials)
+    except:
+        pass
+    
+    # If no user from header, try cookie
+    if not user:
+        token = request.cookies.get('authToken')
+        if token:
+            user = auth_manager.verify_token(token)
+    
+    return user
+
+# Background task to clean up expired sessions
+async def cleanup_expired_sessions():
+    while True:
+        try:
+            expired_count = auth_manager.cleanup_expired_sessions()
+            if expired_count > 0:
+                print(f"Cleaned up {expired_count} expired sessions")
+        except Exception as e:
+            print(f"Error cleaning up sessions: {e}")
+        
+        # Run cleanup every 30 minutes
+        await asyncio.sleep(30 * 60)
+
+@asynccontextmanager
+async def lifespan(app: FastAPI):
+    # Start ResearchMate initialization in background (non-blocking)
+    asyncio.create_task(initialize_research_mate())
+    
+    # Start background cleanup task
+    cleanup_task = asyncio.create_task(cleanup_expired_sessions())
+    
+    try:
+        yield
+    finally:
+        cleanup_task.cancel()
+        try:
+            await cleanup_task
+        except asyncio.CancelledError:
+            pass
+
+# Initialize FastAPI app with lifespan
+app = FastAPI(
+    title="ResearchMate API",
+    description="AI Research Assistant powered by Groq Llama 3.3 70B",
+    version="1.0.0",
+    debug=settings.server.debug,
+    lifespan=lifespan
+)
+
+# Add CORS middleware
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=settings.security.cors_origins,
+    allow_credentials=True,
+    allow_methods=settings.security.cors_methods,
+    allow_headers=settings.security.cors_headers,
+)
+
+# Mount static files with cache control for development
+static_dir = Path(settings.get_static_dir())
+static_dir.mkdir(parents=True, exist_ok=True)
+
+# Custom static files class to add no-cache headers for development
+class NoCacheStaticFiles(StaticFiles):
+    def file_response(self, full_path, stat_result, scope):
+        response = FileResponse(
+            path=full_path, 
+            stat_result=stat_result
+        )
+        # Add no-cache headers for development
+        response.headers["Cache-Control"] = "no-cache, no-store, must-revalidate"
+        response.headers["Pragma"] = "no-cache"
+        response.headers["Expires"] = "0"
+        return response
+
+app.mount("/static", NoCacheStaticFiles(directory=str(static_dir)), name="static")
+
+# Templates
+templates_dir = Path(settings.get_templates_dir())
+templates_dir.mkdir(parents=True, exist_ok=True)
+templates = Jinja2Templates(directory=str(templates_dir))
+
+# Loading page route
+@app.get("/loading", response_class=HTMLResponse)
+async def loading_page(request: Request):
+    return templates.TemplateResponse("loading.html", {"request": request})
+
+# Authentication routes
+@app.post("/api/auth/register")
+async def register(request: RegisterRequest):
+    result = auth_manager.create_user(request.username, request.email, request.password)
+    if result["success"]:
+        return {"success": True, "message": "Account created successfully"}
+    else:
+        raise HTTPException(status_code=400, detail=result["error"])
+
+@app.post("/api/auth/login")
+async def login(request: LoginRequest):
+    result = auth_manager.authenticate_user(request.username, request.password)
+    if result["success"]:
+        return {
+            "success": True,
+            "token": result["token"],
+            "user_id": result["user_id"],
+            "username": result["username"]
+        }
+    else:
+        raise HTTPException(status_code=401, detail=result["error"])
+
+@app.get("/login", response_class=HTMLResponse)
+async def login_page(request: Request):
+    # Check if ResearchMate is initialized
+    global research_mate_initialized
+    if not research_mate_initialized:
+        return RedirectResponse(url="/loading", status_code=302)
+    
+    return templates.TemplateResponse("login.html", {"request": request})
+
+@app.post("/api/auth/logout")
+async def logout(request: Request):
+    # Get current user to invalidate their session
+    user = await get_current_user_web(request)
+    if user:
+        auth_manager.logout_user(user['user_id'])
+    
+    response = JSONResponse({"success": True, "message": "Logged out successfully"})
+    response.delete_cookie("authToken", path="/")
+    return response
+
+# Web interface routes (protected)
+@app.get("/", response_class=HTMLResponse)
+async def home(request: Request):
+    # Check if ResearchMate is initialized first
+    global research_mate_initialized
+    if not research_mate_initialized:
+        return RedirectResponse(url="/loading", status_code=302)
+    
+    # Check if user is authenticated
+    user = await get_current_user_web(request)
+    if not user:
+        return RedirectResponse(url="/login", status_code=302)
+    return templates.TemplateResponse("index.html", {"request": request, "user": user})
+
+@app.get("/search", response_class=HTMLResponse)
+async def search_page(request: Request):
+    # Check if ResearchMate is initialized first
+    global research_mate_initialized
+    if not research_mate_initialized:
+        return RedirectResponse(url="/loading", status_code=302)
+    
+    user = await get_current_user_web(request)
+    if not user:
+        return RedirectResponse(url="/login", status_code=302)
+    return templates.TemplateResponse("search.html", {"request": request, "user": user})
+
+@app.get("/projects", response_class=HTMLResponse)
+async def projects_page(request: Request):
+    user = await get_current_user_web(request)
+    if not user:
+        return RedirectResponse(url="/login", status_code=302)
+    return templates.TemplateResponse("projects.html", {"request": request, "user": user})
+
+@app.get("/trends", response_class=HTMLResponse)
+async def trends_page(request: Request):
+    user = await get_current_user_web(request)
+    if not user:
+        return RedirectResponse(url="/login", status_code=302)
+    return templates.TemplateResponse("trends.html", {"request": request, "user": user})
+
+@app.get("/upload", response_class=HTMLResponse)
+async def upload_page(request: Request):
+    user = await get_current_user_web(request)
+    if not user:
+        return RedirectResponse(url="/login", status_code=302)
+    return templates.TemplateResponse("upload.html", {"request": request, "user": user})
+
+@app.get("/citation", response_class=HTMLResponse)
+async def citation_page(request: Request):
+    try:
+        if citation_analyzer is None:
+            # If citation analyzer isn't initialized yet, show empty state
+            summary = {"total_papers": 0, "total_citations": 0, "networks": []}
+        else:
+            summary = citation_analyzer.get_network_summary()
+        return templates.TemplateResponse("citation.html", {"request": request, "summary": summary})
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+@app.get("/test-search", response_class=HTMLResponse)
+async def test_search_page(request: Request):
+    """Simple test page for debugging search"""
+    with open("test_search.html", "r") as f:
+        content = f.read()
+    return HTMLResponse(content=content)
+
+# Health check endpoint for Azure
+@app.get("/health")
+async def health_check():
+    """Health check endpoint for Azure and other platforms"""
+    return {"status": "ok", "timestamp": datetime.now().isoformat()}
+
+# API endpoints
+@app.post("/api/search")
+async def search_papers(query: SearchQuery, current_user: dict = Depends(get_current_user_dependency)):
+    try:
+        if research_mate is None:
+            raise HTTPException(status_code=503, detail="ResearchMate not initialized")
+        rm = research_mate
+        result = rm.search(query.query, query.max_results)
+        if not result.get("success"):
+            raise HTTPException(status_code=400, detail=result.get("error", "Search failed"))
+        papers = result.get("papers", [])
+        if papers and citation_analyzer is not None:  # Only add papers if citation analyzer is ready
+            citation_analyzer.add_papers(papers)
+        return result
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+@app.post("/api/ask")
+async def ask_question(question: QuestionQuery, current_user: dict = Depends(get_current_user_dependency)):
+    try:
+        if research_mate is None:
+            raise HTTPException(status_code=503, detail="ResearchMate not initialized")
+        rm = research_mate
+        result = rm.ask(question.question)
+        if not result.get("success"):
+            raise HTTPException(status_code=400, detail=result.get("error", "Question failed"))
+        return result
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+@app.post("/api/upload")
+async def upload_pdf(file: UploadFile = File(...), current_user: dict = Depends(get_current_user_dependency)):
+    if research_mate is None:
+        raise HTTPException(status_code=503, detail="ResearchMate not initialized")
+    
+    if not file.filename.endswith('.pdf'):
+        raise HTTPException(status_code=400, detail="Only PDF files are supported")
+    
+    try:
+        # Save uploaded file to /tmp/researchmate/uploads
+        upload_dir = Path(settings.get_upload_dir())
+        upload_dir.mkdir(exist_ok=True)
+        file_path = upload_dir / file.filename
+        with open(file_path, "wb") as buffer:
+            content = await file.read()
+            buffer.write(content)
+        # Process PDF
+        result = research_mate.upload_pdf(str(file_path))
+        # Clean up file
+        file_path.unlink()
+        if not result.get("success"):
+            raise HTTPException(status_code=400, detail=result.get("error", "PDF analysis failed"))
+        return result
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+@app.post("/api/projects")
+async def create_project(project: ProjectCreate, current_user: dict = Depends(get_current_user_dependency)):
+    if research_mate is None:
+        raise HTTPException(status_code=503, detail="ResearchMate not initialized")
+    
+    try:
+        user_id = current_user.get("user_id")
+        result = research_mate.create_project(project.name, project.research_question, project.keywords, user_id)
+        if not result.get("success"):
+            raise HTTPException(status_code=400, detail=result.get("error", "Project creation failed"))
+        return result
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+@app.get("/api/projects")
+async def list_projects(current_user: dict = Depends(get_current_user_dependency)):
+    if research_mate is None:
+        raise HTTPException(status_code=503, detail="ResearchMate not initialized")
+    
+    try:
+        user_id = current_user.get("user_id")
+        result = research_mate.list_projects(user_id)
+        if not result.get("success"):
+            raise HTTPException(status_code=400, detail=result.get("error", "Failed to list projects"))
+        return result
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+@app.get("/api/projects/{project_id}")
+async def get_project(project_id: str, current_user: dict = Depends(get_current_user_dependency)):
+    if research_mate is None:
+        raise HTTPException(status_code=503, detail="ResearchMate not initialized")
+    
+    try:
+        user_id = current_user.get("user_id")
+        result = research_mate.get_project(project_id, user_id)
+        if not result.get("success"):
+            raise HTTPException(status_code=404, detail=result.get("error", "Project not found"))
+        return result
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+@app.post("/api/projects/{project_id}/search")
+async def search_project_literature(project_id: str, max_papers: int = 10, current_user: dict = Depends(get_current_user_dependency)):
+    if research_mate is None:
+        raise HTTPException(status_code=503, detail="ResearchMate not initialized")
+    
+    try:
+        user_id = current_user.get("user_id")
+        result = research_mate.search_project_literature(project_id, max_papers, user_id)
+        if not result.get("success"):
+            raise HTTPException(status_code=400, detail=result.get("error", "Literature search failed"))
+        return result
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+@app.post("/api/projects/{project_id}/analyze")
+async def analyze_project(project_id: str, current_user: dict = Depends(get_current_user_dependency)):
+    if research_mate is None:
+        raise HTTPException(status_code=503, detail="ResearchMate not initialized")
+    
+    try:
+        user_id = current_user.get("user_id")
+        result = research_mate.analyze_project(project_id, user_id)
+        if not result.get("success"):
+            raise HTTPException(status_code=400, detail=result.get("error", "Project analysis failed"))
+        return result
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+@app.post("/api/projects/{project_id}/review")
+async def generate_review(project_id: str, current_user: dict = Depends(get_current_user_dependency)):
+    if research_mate is None:
+        raise HTTPException(status_code=503, detail="ResearchMate not initialized")
+    
+    try:
+        user_id = current_user.get("user_id")
+        result = research_mate.generate_review(project_id, user_id)
+        if not result.get("success"):
+            raise HTTPException(status_code=400, detail=result.get("error", "Review generation failed"))
+        return result
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+@app.post("/api/projects/{project_id}/ask")
+async def ask_project_question(project_id: str, question: QuestionQuery):
+    if research_mate is None:
+        raise HTTPException(status_code=503, detail="ResearchMate not initialized")
+    
+    try:
+        result = research_mate.ask_project_question(project_id, question.question)
+        if not result.get("success"):
+            raise HTTPException(status_code=400, detail=result.get("error", "Project question failed"))
+        return result
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+    
+
+
+@app.post("/api/trends")
+async def get_trends(trend: TrendQuery):
+    if research_mate is None:
+        raise HTTPException(status_code=503, detail="ResearchMate not initialized")
+    
+    try:
+        result = research_mate.analyze_trends(trend.topic)
+        if result.get("error"):
+            raise HTTPException(status_code=400, detail=result.get("error", "Trend analysis failed"))
+        return result
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+@app.post("/api/trends/temporal")
+async def get_temporal_trends(trend: TrendQuery):
+    """Get temporal trend analysis"""
+    if research_mate is None:
+        raise HTTPException(status_code=503, detail="ResearchMate not initialized")
+    
+    try:
+        # Get papers for analysis
+        papers = research_mate.search_papers(trend.topic, 50)
+        if not papers:
+            raise HTTPException(status_code=404, detail="No papers found for temporal analysis")
+        
+        # Use advanced trend monitor
+        result = research_mate.trend_monitor.analyze_temporal_trends(papers)
+        if result.get("error"):
+            raise HTTPException(status_code=400, detail=result.get("error"))
+        
+        return {
+            "topic": trend.topic,
+            "temporal_analysis": result,
+            "papers_analyzed": len(papers)
+        }
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+@app.post("/api/trends/gaps")
+async def detect_research_gaps(trend: TrendQuery):
+    """Detect research gaps for a topic"""
+    if research_mate is None:
+        raise HTTPException(status_code=503, detail="ResearchMate not initialized")
+    
+    try:
+        # Get papers for gap analysis
+        papers = research_mate.search_papers(trend.topic, 50)
+        if not papers:
+            raise HTTPException(status_code=404, detail="No papers found for gap analysis")
+        
+        # Use advanced trend monitor
+        result = research_mate.trend_monitor.detect_research_gaps(papers)
+        if result.get("error"):
+            raise HTTPException(status_code=400, detail=result.get("error"))
+        
+        return {
+            "topic": trend.topic,
+            "gap_analysis": result,
+            "papers_analyzed": len(papers)
+        }
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+@app.get("/api/status")
+async def get_status(current_user: dict = Depends(get_current_user_dependency)):
+    if research_mate is None:
+        raise HTTPException(status_code=503, detail="ResearchMate not initialized")
+    
+    try:
+        result = research_mate.get_status()
+        # Ensure proper structure for frontend
+        if result.get('success'):
+            return {
+                'success': True,
+                'statistics': result.get('statistics', {
+                    'rag_documents': 0,
+                    'system_version': '1.0.0',
+                    'status_check_time': datetime.now().isoformat()
+                }),
+                'components': result.get('components', {})
+            }
+        else:
+            return result
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+# Initialization status endpoint
+@app.get("/api/init-status")
+async def get_init_status():
+    """Check if ResearchMate is initialized"""
+    global research_mate_initialized, initialization_in_progress
+    
+    if research_mate_initialized:
+        status = "ready"
+    elif initialization_in_progress:
+        status = "initializing"
+    else:
+        status = "not_started"
+    
+    return {
+        "initialized": research_mate_initialized,
+        "in_progress": initialization_in_progress,
+        "timestamp": datetime.now().isoformat(),
+        "status": status
+    }
+
+# Fast search endpoint that initializes on first call
+@app.post("/api/search-fast")
+async def search_papers_fast(query: SearchQuery, current_user: dict = Depends(get_current_user_dependency)):
+    """Fast search that shows initialization progress"""
+    try:
+        global research_mate
+        if research_mate is None:
+            # Return immediate response indicating initialization
+            return {
+                "initializing": True,
+                "message": "ResearchMate is initializing (this may take 30-60 seconds)...",
+                "query": query.query,
+                "estimated_time": "30-60 seconds"
+            }
+        
+        # Use existing search
+        result = research_mate.search(query.query, query.max_results)
+        if not result.get("success"):
+            raise HTTPException(status_code=400, detail=result.get("error", "Search failed"))
+        
+        papers = result.get("papers", [])
+        if papers and citation_analyzer is not None:
+            citation_analyzer.add_papers(papers)
+        
+        return result
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+@app.get("/api/user/status")
+async def get_user_status(current_user: dict = Depends(get_current_user_dependency)):
+    """Get current user's status and statistics"""
+    if research_mate is None:
+        raise HTTPException(status_code=503, detail="ResearchMate not initialized")
+    
+    try:
+        user_id = current_user.get("user_id")
+        
+        # Get user's projects
+        projects_result = research_mate.list_projects(user_id)
+        if not projects_result.get("success"):
+            raise HTTPException(status_code=400, detail="Failed to get user projects")
+        
+        user_projects = projects_result.get("projects", [])
+        total_papers = sum(len(p.get('papers', [])) for p in user_projects)
+        
+        return {
+            "success": True,
+            "user_id": user_id,
+            "username": current_user.get("username"),
+            "statistics": {
+                "total_projects": len(user_projects),
+                "total_papers": total_papers,
+                "active_projects": len([p for p in user_projects if p.get('status') == 'active'])
+            },
+            "last_updated": datetime.now().isoformat()
+        }
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+# Trigger initialization endpoint (for testing)
+@app.post("/api/trigger-init")
+async def trigger_initialization():
+    """Manually trigger ResearchMate initialization"""
+    if not initialization_in_progress and not research_mate_initialized:
+        asyncio.create_task(initialize_research_mate())
+        return {"message": "Initialization triggered"}
+    elif initialization_in_progress:
+        return {"message": "Initialization already in progress"}
+    else:
+        return {"message": "Already initialized"}
+
+# Legacy health check endpoint
+@app.get("/api/health")
+async def api_health_check():
+    """Legacy health check endpoint"""
+    return {"status": "ok", "timestamp": datetime.now().isoformat()}
+
+# Update the existing FastAPI app to use lifespan
+app.router.lifespan_context = lifespan
+
+# Startup event to ensure initialization begins immediately after server starts
+@app.on_event("startup")
+async def startup_event():
+    """Ensure initialization starts on startup"""
+    print("🌟 Server started, ensuring ResearchMate initialization begins...")
+    # Give the server a moment to fully start, then trigger initialization
+    await asyncio.sleep(1)
+    if not initialization_in_progress and not research_mate_initialized:
+        asyncio.create_task(initialize_research_mate())
+
+
+# Local development: run with `python app.py`
+if __name__ == "__main__":
+    import uvicorn
+    port = settings.server.port
+    host = settings.server.host
+    print(f"\nStarting ResearchMate locally at http://{host}:{port}\n")
+    uvicorn.run(
+        "app:app",
+        host=host,
+        port=port,
+        log_level="info",
+        reload=True
+    )

data/active_sessions.json

@@ -1,7 +1,7 @@
 {
   "admin_user": {
-    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoiYWRtaW5fdXNlciIsInVzZXJuYW1lIjoiYWRtaW4iLCJleHAiOjE3NTI1NDc2NjR9.SZ56Rw7mAUJgfScxu1ElGfI5dfWuUxTwUX6xi3d_7a8",
-    "created_at": "2025-07-15T00:17:44.795086",
-    "last_activity": "2025-07-15T00:50:22.820489"
+    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoiYWRtaW5fdXNlciIsInVzZXJuYW1lIjoiYWRtaW4iLCJleHAiOjE3NTI2MTI4NjR9.-4rWv6qNOaSp9kup3AjqbwhC_h5P6anYhxP6OfYoBWU",
+    "created_at": "2025-07-15T18:24:24.155119",
+    "last_activity": "2025-07-15T18:26:51.425464"
   }
 }

main.py

@@ -1,234 +0,0 @@
-#!/usr/bin/env python3
-"""
-ResearchMate - Main Application Entry Point
-"""
-
-import os
-import sys
-import logging
-from pathlib import Path
-
-# Set up environment variables before importing anything else
-def setup_environment():
-    """Configure environment variables for writable paths"""
-    # Force all paths to writable locations
-    env_vars = {
-        'DATA_DIR': '/tmp/researchmate/data',
-        'LOGS_DIR': '/tmp/researchmate/logs',
-        'CHROMA_DIR': '/tmp/researchmate/chroma_persist',
-        'UPLOADS_DIR': '/tmp/researchmate/uploads',
-        'CHROMA_DB_DIR': '/tmp/researchmate/chroma_db',
-        'CONFIG_DIR': '/tmp/researchmate/config',
-        'TEMP_DIR': '/tmp/researchmate/tmp',
-        'CHROMA_PERSIST_DIR': '/tmp/researchmate/chroma_persist',  # Additional key
-        
-        # Cache directories
-        'MPLCONFIGDIR': '/tmp/matplotlib',
-        'TRANSFORMERS_CACHE': '/tmp/transformers',
-        'HF_HOME': '/tmp/huggingface',
-        'SENTENCE_TRANSFORMERS_HOME': '/tmp/sentence_transformers',
-        'HF_DATASETS_CACHE': '/tmp/datasets',
-        'HUGGINGFACE_HUB_CACHE': '/tmp/huggingface_hub',
-        'XDG_CACHE_HOME': '/tmp/cache',
-        
-        # Additional variables to prevent /data access
-        'PYTORCH_KERNEL_CACHE_PATH': '/tmp/cache',
-        'TORCH_HOME': '/tmp/cache',
-        'NLTK_DATA': '/tmp/cache/nltk_data',
-        'TOKENIZERS_PARALLELISM': 'false',
-        
-        # Override any hardcoded paths
-        'HOME': '/tmp/cache',
-        'TMPDIR': '/tmp/researchmate/tmp',
-        
-        # HF Spaces specific - prevent access to /data
-        'HF_DATASETS_OFFLINE': '1',
-        'HF_HUB_OFFLINE': '0',
-    }
-    
-    for key, value in env_vars.items():
-        os.environ[key] = value  # Force set all environment variables
-    
-    # Also set any Python path variables
-    sys.path.insert(0, '/tmp/cache')
-    
-    # Create directories if they don't exist
-    directories = [
-        '/tmp/researchmate/data',
-        '/tmp/researchmate/logs',
-        '/tmp/researchmate/chroma_persist',
-        '/tmp/researchmate/uploads',
-        '/tmp/researchmate/chroma_db',
-        '/tmp/researchmate/config',
-        '/tmp/researchmate/tmp',
-        '/tmp/matplotlib',
-        '/tmp/transformers',
-        '/tmp/huggingface',
-        '/tmp/sentence_transformers',
-        '/tmp/datasets',
-        '/tmp/huggingface_hub',
-        '/tmp/cache',
-        '/tmp/cache/nltk_data'
-    ]
-    
-    for directory in directories:
-        try:
-            path = Path(directory)
-            path.mkdir(parents=True, exist_ok=True)
-            # Ensure write permissions
-            path.chmod(0o777)
-            print(f"✓ Created/verified directory: {directory}")
-        except Exception as e:
-            print(f"⚠ Warning: Could not create directory {directory}: {e}")
-
-# Set up environment FIRST, before any imports
-setup_environment()
-
-# Now import other modules
-import uvicorn
-from fastapi import FastAPI
-from fastapi.staticfiles import StaticFiles
-from fastapi.middleware.cors import CORSMiddleware
-from fastapi.middleware.gzip import GZipMiddleware
-from fastapi.responses import JSONResponse
-
-# Configure logging early
-log_file = os.path.join(os.environ.get('LOGS_DIR', '/tmp/researchmate/logs'), 'app.log')
-logging.basicConfig(
-    level=logging.INFO,
-    format='%(asctime)s - %(name)s - %(levelname)s - %(message)s',
-    handlers=[
-        logging.StreamHandler(sys.stdout),
-        logging.FileHandler(log_file, mode='a')
-    ]
-)
-
-logger = logging.getLogger(__name__)
-
-def main():
-    """Main application entry point"""
-    try:
-        print("===== ResearchMate Application Startup =====")
-        print("Setting up environment...")
-        
-        # Double-check environment is properly set
-        print(f"CHROMA_DIR: {os.environ.get('CHROMA_DIR')}")
-        print(f"UPLOADS_DIR: {os.environ.get('UPLOADS_DIR')}")
-        print(f"LOGS_DIR: {os.environ.get('LOGS_DIR')}")
-        print(f"HF_HOME: {os.environ.get('HF_HOME')}")
-        
-        # Import settings after environment setup
-        try:
-            from src.settings import get_settings
-            settings = get_settings()
-            print(f"✓ Settings loaded successfully")
-            print(f"Database directory: {settings.database.chroma_persist_dir}")
-        except Exception as e:
-            print(f"⚠ Settings loading failed: {e}")
-            # Continue with basic settings
-            settings = None
-        
-        print("Starting ResearchMate background initialization...")
-        
-        # Initialize components with error handling
-        research_mate = None
-        try:
-            from src.components.research_assistant import ResearchMate
-            research_mate = ResearchMate()
-            print("✓ ResearchMate initialized successfully")
-        except Exception as e:
-            print(f"✗ Failed to initialize ResearchMate: {e}")
-            import traceback
-            traceback.print_exc()
-            print("⚠ Server will start but ResearchMate features may not work")
-        
-        # Create FastAPI app
-        app = FastAPI(
-            title="ResearchMate",
-            description="AI-powered research assistant",
-            version="1.0.0"
-        )
-        
-        # Add middleware
-        if settings:
-            app.add_middleware(
-                CORSMiddleware,
-                allow_origins=settings.security.cors_origins,
-                allow_credentials=True,
-                allow_methods=settings.security.cors_methods,
-                allow_headers=settings.security.cors_headers,
-            )
-        else:
-            # Basic CORS for HF Spaces
-            app.add_middleware(
-                CORSMiddleware,
-                allow_origins=["*"],
-                allow_credentials=True,
-                allow_methods=["*"],
-                allow_headers=["*"],
-            )
-        
-        app.add_middleware(GZipMiddleware, minimum_size=1000)
-        
-        # Health check endpoint
-        @app.get("/health")
-        async def health_check():
-            return JSONResponse({
-                "status": "healthy", 
-                "version": "1.0.0",
-                "chroma_dir": os.environ.get('CHROMA_DIR'),
-                "writable_test": "OK"
-            })
-        
-        # Basic root endpoint
-        @app.get("/")
-        async def root():
-            return JSONResponse({
-                "message": "ResearchMate API",
-                "status": "running",
-                "research_mate_available": research_mate is not None
-            })
-        
-        # Mount static files if available
-        try:
-            if settings:
-                static_dir = settings.get_static_dir()
-            else:
-                static_dir = "src/static"
-            
-            if Path(static_dir).exists():
-                app.mount("/static", StaticFiles(directory=static_dir), name="static")
-                print(f"✓ Static files mounted from: {static_dir}")
-        except Exception as e:
-            logger.warning(f"Could not mount static files: {e}")
-        
-        # No API routers to include (src.api.routes does not exist)
-        # If you add API routers in the future, include them here.
-        
-        # For Hugging Face Spaces, use port 7860
-        port = int(os.environ.get("PORT", 7860))
-        host = os.environ.get("HOST", "0.0.0.0")
-        
-        print(f"🚀 Starting server on {host}:{port}")
-        if settings:
-            print(f"📁 Data directory: {settings.database.chroma_persist_dir}")
-            print(f"📤 Upload directory: {settings.get_upload_dir()}")
-            print(f"🔧 Config file: {settings.config_file}")
-        
-        # Start the server
-        uvicorn.run(
-            app,
-            host=host,
-            port=port,
-            log_level="info",
-            access_log=True
-        )
-        
-    except Exception as e:
-        logger.error(f"Failed to start application: {e}")
-        import traceback
-        traceback.print_exc()
-        sys.exit(1)
-
-if __name__ == "__main__":
-    main()

requirements.txt

@@ -26,4 +26,4 @@ aiofiles
 watchdog
 seaborn
 PyJWT
-flask
+flask

src/components/auth.py

@@ -1,5 +1,5 @@
 """
-FastAPI compatible authentication module
+Authentication and authorization utilities
 """
 
 import jwt
@@ -8,66 +8,34 @@ import json
 import os
 from datetime import datetime, timedelta
 from typing import Optional, Dict, Any
-from pathlib import Path
+from functools import wraps
+
+# Import Flask components only when available
+try:
+    from flask import request, jsonify, session, redirect, url_for
+    FLASK_AVAILABLE = True
+except ImportError:
+    FLASK_AVAILABLE = False
+    request = None
+    jsonify = None
+    session = None
+    redirect = None
+    url_for = None
 
 class AuthManager:
     def __init__(self, secret_key: str = None):
         self.secret_key = secret_key or os.environ.get('SECRET_KEY', 'dev-secret-key-change-in-production')
-        
-        # Use absolute paths and handle Hugging Face Spaces
-        self.base_dir = Path(__file__).parent.parent  # Go up from src/components
-        self.data_dir = self.base_dir / 'data'
-        
-        # Fallback to current directory if base_dir doesn't work
-        if not self.data_dir.exists():
-            self.data_dir = Path.cwd() / 'data'
-        
-        self.users_file = self.data_dir / 'users.json'
-        self.session_file = self.data_dir / 'active_sessions.json'
-        
-        # In-memory fallback for read-only environments
-        self.users_memory = {}
-        self.sessions_memory = {}
-        self.use_memory = False
-        
+        self.users_file = 'data/users.json'
+        self.active_sessions = {}  # Track active sessions for security
+        self.session_file = 'data/active_sessions.json'
         self.ensure_users_file()
-        self.ensure_admin_user()  # Ensure admin exists on startup
-        
-        print(f"✅ AuthManager initialized")
-        print(f"📁 Data directory: {self.data_dir}")
-        print(f"📄 Users file: {self.users_file}")
-        print(f"💾 Using memory storage: {self.use_memory}")
     
     def ensure_users_file(self):
-        """Ensure users file exists with better error handling"""
-        try:
-            self.data_dir.mkdir(parents=True, exist_ok=True)
-            
-            if not self.users_file.exists():
-                with open(self.users_file, 'w') as f:
-                    json.dump({}, f)
-                print(f"✅ Created users file: {self.users_file}")
-            
-            # Test write permissions
-            test_data = self.load_users()
-            self.save_users(test_data)
-            print(f"✅ Write permissions confirmed")
-            
-        except Exception as e:
-            print(f"⚠️ File system error: {e}")
-            print(f"🔄 Switching to in-memory storage")
-            self.use_memory = True
-            self.users_memory = {}
-            self.sessions_memory = {}
-    
-    def ensure_admin_user(self):
-        """Ensure admin user exists on startup"""
-        try:
-            result = self.create_default_admin()
-            if result.get('success'):
-                print(f"✅ Admin user ready: {result.get('message', 'Available')}")
-        except Exception as e:
-            print(f"⚠️ Admin user creation failed: {e}")
+        """Ensure users file exists"""
+        os.makedirs('data', exist_ok=True)
+        if not os.path.exists(self.users_file):
+            with open(self.users_file, 'w') as f:
+                json.dump({}, f)
     
     def hash_password(self, password: str) -> str:
         """Hash password with bcrypt"""
@@ -75,38 +43,20 @@ class AuthManager:
     
     def verify_password(self, password: str, hashed: str) -> bool:
         """Verify password against hash"""
-        try:
-            return bcrypt.checkpw(password.encode('utf-8'), hashed.encode('utf-8'))
-        except Exception as e:
-            print(f"❌ Password verification error: {e}")
-            return False
+        return bcrypt.checkpw(password.encode('utf-8'), hashed.encode('utf-8'))
     
     def load_users(self) -> Dict[str, Any]:
-        """Load users from file or memory"""
-        if self.use_memory:
-            return self.users_memory.copy()
-        
+        """Load users from file"""
         try:
-            if self.users_file.exists():
-                with open(self.users_file, 'r') as f:
-                    users = json.load(f)
-                    return users
-            return {}
-        except Exception as e:
-            print(f"❌ Error loading users: {e}")
+            with open(self.users_file, 'r') as f:
+                return json.load(f)
+        except:
             return {}
     
     def save_users(self, users: Dict[str, Any]):
-        """Save users to file or memory"""
-        if self.use_memory:
-            self.users_memory = users.copy()
-            return
-        
-        try:
-            with open(self.users_file, 'w') as f:
-                json.dump(users, f, indent=2)
-        except Exception as e:
-            print(f"❌ Error saving users: {e}")
+        """Save users to file"""
+        with open(self.users_file, 'w') as f:
+            json.dump(users, f, indent=2)
     
     def create_user(self, username: str, email: str, password: str) -> Dict[str, Any]:
         """Create a new user"""
@@ -134,51 +84,38 @@ class AuthManager:
         return {'success': True, 'user_id': user_id}
     
     def authenticate_user(self, username: str, password: str) -> Dict[str, Any]:
-        """Authenticate user credentials with detailed logging"""
-        print(f"🔐 Authentication attempt for: {username}")
-        
+        """Authenticate user credentials"""
         users = self.load_users()
-        print(f"📊 Total users in database: {len(users)}")
         
         if username not in users:
-            print(f"❌ Username '{username}' not found")
-            print(f"📋 Available usernames: {list(users.keys())}")
             return {'success': False, 'error': 'Invalid username or password'}
         
         user = users[username]
-        
         if not self.verify_password(password, user['password_hash']):
-            print(f"❌ Invalid password for '{username}'")
             return {'success': False, 'error': 'Invalid username or password'}
         
         if not user.get('is_active', True):
-            print(f"❌ User '{username}' is not active")
             return {'success': False, 'error': 'Account is disabled'}
         
-        # Generate JWT token
-        try:
-            token = jwt.encode({
-                'user_id': user['user_id'],
-                'username': username,
-                'exp': datetime.utcnow() + timedelta(hours=8)
-            }, self.secret_key, algorithm='HS256')
-            
-            # Track active session
-            self.add_active_session(user['user_id'], token)
-            
-            print(f"✅ Authentication successful for '{username}'")
-            return {
-                'success': True,
-                'token': token,
-                'user_id': user['user_id'],
-                'username': username
-            }
-        except Exception as e:
-            print(f"❌ JWT generation failed: {e}")
-            return {'success': False, 'error': 'Authentication failed'}
+        # Generate JWT token with shorter expiration for security
+        token = jwt.encode({
+            'user_id': user['user_id'],
+            'username': username,
+            'exp': datetime.utcnow() + timedelta(hours=8)  # 8 hours instead of 7 days
+        }, self.secret_key, algorithm='HS256')
+        
+        # Track active session
+        self.add_active_session(user['user_id'], token)
+        
+        return {
+            'success': True,
+            'token': token,
+            'user_id': user['user_id'],
+            'username': username
+        }
     
     def verify_token(self, token: str) -> Optional[Dict[str, Any]]:
-        """Verify JWT token"""
+        """Verify JWT token and check active session"""
         try:
             payload = jwt.decode(token, self.secret_key, algorithms=['HS256'])
             user_id = payload.get('user_id')
@@ -189,16 +126,31 @@ class AuthManager:
             
             # Update session activity
             self.update_session_activity(user_id)
+            
             return payload
         except jwt.ExpiredSignatureError:
-            print("🕐 Token expired")
             return None
         except jwt.InvalidTokenError:
-            print("❌ Invalid token")
             return None
-        except Exception as e:
-            print(f"❌ Token verification error: {e}")
+    
+    def get_current_user(self, request_obj) -> Optional[Dict[str, Any]]:
+        """Get current user from request"""
+        if not FLASK_AVAILABLE or not request_obj:
             return None
+            
+        # Try Authorization header first
+        auth_header = request_obj.headers.get('Authorization')
+        if auth_header and auth_header.startswith('Bearer '):
+            token = auth_header.split(' ')[1]
+            return self.verify_token(token)
+        
+        # Try session
+        if session:
+            token = session.get('auth_token')
+            if token:
+                return self.verify_token(token)
+        
+        return None
     
     def create_default_admin(self) -> Dict[str, Any]:
         """Create default admin user if it doesn't exist"""
@@ -207,56 +159,51 @@ class AuthManager:
         admin_username = "admin"
         admin_user_id = "admin_user"
         
-        # Check if admin already exists
+        # Check if admin already exists (by username or user_id)
         if admin_username in users:
             return {'success': True, 'message': 'Admin user already exists'}
         
+        # Check if user_id already exists
+        for user_data in users.values():
+            if user_data.get('user_id') == admin_user_id:
+                return {'success': True, 'message': 'Admin user ID already exists'}
+        
         # Create admin user
-        try:
-            users[admin_username] = {
-                'user_id': admin_user_id,
-                'email': 'admin@researchmate.local',
-                'password_hash': self.hash_password('admin123'),
-                'created_at': datetime.now().isoformat(),
-                'is_active': True,
-                'is_admin': True
-            }
-            
-            self.save_users(users)
-            return {
-                'success': True, 
-                'message': 'Default admin user created',
-                'username': admin_username,
-                'password': 'admin123'
-            }
-        except Exception as e:
-            print(f"❌ Failed to create admin user: {e}")
-            return {'success': False, 'error': str(e)}
+        users[admin_username] = {
+            'user_id': admin_user_id,
+            'email': '[email protected]',
+            'password_hash': self.hash_password('admin123'),  # Default password
+            'created_at': datetime.now().isoformat(),
+            'is_active': True,
+            'is_admin': True
+        }
+        
+        self.save_users(users)
+        return {
+            'success': True, 
+            'message': 'Default admin user created',
+            'username': admin_username,
+            'password': 'admin123',
+            'note': 'Please change the default password after first login'
+        }
     
     def load_active_sessions(self) -> Dict[str, Any]:
-        """Load active sessions"""
-        if self.use_memory:
-            return self.sessions_memory.copy()
-        
+        """Load active sessions from file"""
         try:
-            if self.session_file.exists():
+            if os.path.exists(self.session_file):
                 with open(self.session_file, 'r') as f:
                     return json.load(f)
-        except Exception as e:
-            print(f"❌ Error loading sessions: {e}")
+        except:
+            pass
         return {}
     
     def save_active_sessions(self, sessions: Dict[str, Any]):
-        """Save active sessions"""
-        if self.use_memory:
-            self.sessions_memory = sessions.copy()
-            return
-        
+        """Save active sessions to file"""
         try:
             with open(self.session_file, 'w') as f:
                 json.dump(sessions, f, indent=2)
-        except Exception as e:
-            print(f"❌ Error saving sessions: {e}")
+        except:
+            pass
     
     def add_active_session(self, user_id: str, token: str):
         """Add an active session"""
@@ -268,6 +215,13 @@ class AuthManager:
         }
         self.save_active_sessions(sessions)
     
+    def remove_active_session(self, user_id: str):
+        """Remove an active session"""
+        sessions = self.load_active_sessions()
+        if user_id in sessions:
+            del sessions[user_id]
+            self.save_active_sessions(sessions)
+    
     def is_session_active(self, user_id: str, token: str) -> bool:
         """Check if a session is active"""
         sessions = self.load_active_sessions()
@@ -278,31 +232,14 @@ class AuthManager:
         if session.get('token') != token:
             return False
         
-        # Check if session is expired
-        try:
-            created_at = datetime.fromisoformat(session['created_at'])
-            if datetime.now() - created_at > timedelta(hours=8):
-                self.remove_active_session(user_id)
-                return False
-        except:
+        # Check if session is expired (8 hours)
+        created_at = datetime.fromisoformat(session['created_at'])
+        if datetime.now() - created_at > timedelta(hours=8):
+            self.remove_active_session(user_id)
             return False
         
         return True
     
-    def remove_active_session(self, user_id: str):
-        """Remove an active session"""
-        sessions = self.load_active_sessions()
-        if user_id in sessions:
-            del sessions[user_id]
-            self.save_active_sessions(sessions)
-    
-    def update_session_activity(self, user_id: str):
-        """Update last activity time for a session"""
-        sessions = self.load_active_sessions()
-        if user_id in sessions:
-            sessions[user_id]['last_activity'] = datetime.now().isoformat()
-            self.save_active_sessions(sessions)
-    
     def logout_user(self, user_id: str):
         """Logout user and invalidate session"""
         self.remove_active_session(user_id)
@@ -315,11 +252,8 @@ class AuthManager:
         
         expired_sessions = []
         for user_id, session in sessions.items():
-            try:
-                created_at = datetime.fromisoformat(session['created_at'])
-                if current_time - created_at > timedelta(hours=8):
-                    expired_sessions.append(user_id)
-            except:
+            created_at = datetime.fromisoformat(session['created_at'])
+            if current_time - created_at > timedelta(hours=8):
                 expired_sessions.append(user_id)
         
         for user_id in expired_sessions:
@@ -330,23 +264,34 @@ class AuthManager:
         
         return len(expired_sessions)
     
-    def debug_status(self):
-        """Debug authentication status"""
-        users = self.load_users()
+    def update_session_activity(self, user_id: str):
+        """Update last activity time for a session"""
         sessions = self.load_active_sessions()
-        
-        print("=== AUTH DEBUG STATUS ===")
-        print(f"Storage mode: {'Memory' if self.use_memory else 'File'}")
-        print(f"Users file exists: {self.users_file.exists() if not self.use_memory else 'N/A'}")
-        print(f"Total users: {len(users)}")
-        print(f"Active sessions: {len(sessions)}")
-        
-        if users:
-            print("Users:")
-            for username, user_data in users.items():
-                print(f"  - {username}: {user_data.get('user_id', 'No ID')}")
-        
-        print("========================")
+        if user_id in sessions:
+            sessions[user_id]['last_activity'] = datetime.now().isoformat()
+            self.save_active_sessions(sessions)
+
+# Global auth manager
+auth_manager = AuthManager()
+
+def require_auth(f):
+    """Decorator to require authentication"""
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        if not FLASK_AVAILABLE:
+            return f(*args, **kwargs)
+            
+        user = auth_manager.get_current_user(request)
+        if not user:
+            if request.is_json:
+                return jsonify({'success': False, 'error': 'Authentication required'}), 401
+            else:
+                return redirect(url_for('login'))
+        return f(*args, **kwargs)
+    return decorated_function
 
-# Global auth manager instance
-auth_manager = AuthManager()
+def get_current_user() -> Optional[Dict[str, Any]]:
+    """Get current authenticated user"""
+    if not FLASK_AVAILABLE:
+        return None
+    return auth_manager.get_current_user(request)

src/scripts/dev_server.py

@@ -24,7 +24,7 @@ import socket
 sys.path.append(str(Path(__file__).parent.parent.parent))
 
 # Import the main app from main.py
-from main import app
+from ResearchMate.app import app
 
 # Setup logging
 logging.basicConfig(
@@ -104,7 +104,7 @@ Auto-reload enabled for Python files
         """Check if virtual environment exists"""
         # Since we're importing directly, just check if we can import the modules
         try:
-            import main
+            import ResearchMate.app as app
             logger.info("Successfully imported main application")
             return True
         except ImportError as e:

src/static/js/main.js

@@ -3,62 +3,182 @@
 // Global variables
 let currentToast = null;
 
-// Authentication/session handled by backend HttpOnly cookie and /api/user/status
-// All API calls should use apiRequest with credentials: 'include'.
-// No token storage or Authorization header needed.
-// Session timeout and activity tracking handled server-side.
+// Authentication utilities with enhanced security
+let sessionTimeout = null;
+let lastActivityTime = Date.now();
+const SESSION_TIMEOUT_MINUTES = 480; // 8 hours for prototype (less aggressive)
+const ACTIVITY_CHECK_INTERVAL = 300000; // Check every 5 minutes
+
+function getAuthToken() {
+    // Check both sessionStorage (preferred) and localStorage (fallback)
+    return sessionStorage.getItem('authToken') || localStorage.getItem('authToken');
+}
 
+function setAuthToken(token) {
+    // Store in sessionStorage for better security (clears on browser close)
+    sessionStorage.setItem('authToken', token);
+    // Also store in localStorage for compatibility, but with shorter expiry
+    localStorage.setItem('authToken', token);
+    localStorage.setItem('tokenTimestamp', Date.now().toString());
+    
+    // Set cookie with HttpOnly equivalent behavior
+    document.cookie = `authToken=${token}; path=/; SameSite=Strict; Secure=${location.protocol === 'https:'}`;
+    
+    // Reset activity tracking
+    lastActivityTime = Date.now();
+    startSessionTimeout();
+}
 
-// Document ready
-document.addEventListener('DOMContentLoaded', function() {
-    // Always verify authentication with backend on page load
-    fetch('/api/user/status', {
-        credentials: 'include'
-    })
-    .then(response => {
-        if (response.ok) {
-            // User is authenticated, continue
-            // Optionally, start session timeout or other logic here
+function clearAuthToken() {
+    sessionStorage.removeItem('authToken');
+    sessionStorage.removeItem('userId');
+    localStorage.removeItem('authToken');
+    localStorage.removeItem('userId');
+    localStorage.removeItem('tokenTimestamp');
+    
+    // Clear cookie
+    document.cookie = 'authToken=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict';
+    
+    clearTimeout(sessionTimeout);
+}
+
+function isTokenExpired() {
+    const timestamp = localStorage.getItem('tokenTimestamp');
+    if (!timestamp) return true;
+    
+    const tokenAge = Date.now() - parseInt(timestamp);
+    const maxAge = 24 * 60 * 60 * 1000; // 24 hours
+    
+    return tokenAge > maxAge;
+}
+
+function startSessionTimeout() {
+    clearTimeout(sessionTimeout);
+    sessionTimeout = setTimeout(() => {
+        const inactivityTime = Date.now() - lastActivityTime;
+        if (inactivityTime >= SESSION_TIMEOUT_MINUTES * 60 * 1000) {
+            // Session expired due to inactivity
+            showToast('Session expired due to inactivity. Please log in again.', 'warning');
+            logout();
         } else {
-            // Not authenticated, redirect to login if not already there
-            if (window.location.pathname !== '/login') {
-                window.location.href = '/login';
-            }
-        }
-    })
-    .catch((error) => {
-        console.error('User status check error:', error);
-        if (window.location.pathname !== '/login') {
-            window.location.href = '/login';
+            // Still active, reset timer
+            startSessionTimeout();
         }
+    }, ACTIVITY_CHECK_INTERVAL);
+}
+
+function trackActivity() {
+    lastActivityTime = Date.now();
+}
+
+function setAuthHeaders(headers = {}) {
+    const token = getAuthToken();
+    if (token && !isTokenExpired()) {
+        headers['Authorization'] = `Bearer ${token}`;
+    }
+    return headers;
+}
+
+function makeAuthenticatedRequest(url, options = {}) {
+    const headers = setAuthHeaders(options.headers || {});
+    return fetch(url, {
+        ...options,
+        headers: headers
     });
+}
+
+// Check if user is authenticated
+function isAuthenticated() {
+    const token = getAuthToken();
+    return !!(token && !isTokenExpired());
+}
 
-    // (trackActivity removed: no longer needed)
+// Redirect to login if not authenticated
+function requireAuth() {
+    if (!isAuthenticated()) {
+        clearAuthToken();
+        window.location.href = '/login';
+        return false;
+    }
+    return true;
+}
 
+// Document ready with enhanced security
+document.addEventListener('DOMContentLoaded', function() {
+    // Check authentication on protected pages
+    if (window.location.pathname !== '/login' && !isAuthenticated()) {
+        clearAuthToken();
+        window.location.href = '/login';
+        return;
+    }
+    
+    // Start session timeout if authenticated
+    if (isAuthenticated()) {
+        startSessionTimeout();
+    }
+    
+    // Track user activity for session timeout
+    document.addEventListener('click', trackActivity);
+    document.addEventListener('keypress', trackActivity);
+    document.addEventListener('scroll', trackActivity);
+    document.addEventListener('mousemove', trackActivity);
+    
     // Initialize tooltips
     initializeTooltips();
-
+    
+    // Handle page visibility changes (user switches tabs or minimizes browser)
+    document.addEventListener('visibilitychange', function() {
+        if (document.hidden) {
+            // Page is hidden, reduce activity tracking
+            clearTimeout(sessionTimeout);
+        } else {
+            // Page is visible again, resume activity tracking
+            if (isAuthenticated()) {
+                trackActivity();
+                startSessionTimeout();
+            }
+        }
+    });
+    
     // Handle beforeunload event (browser/tab closing)
     window.addEventListener('beforeunload', function() {
         // Clear sessionStorage on page unload (but keep localStorage for potential restoration)
         sessionStorage.clear();
     });
-
+    
+    // Periodically validate token with server (disabled for prototype)
+    // if (isAuthenticated()) {
+    //     setInterval(async function() {
+    //         try {
+    //             const response = await makeAuthenticatedRequest('/api/user/status');
+    //             if (!response.ok) {
+    //                 // Token is invalid or expired
+    //                 showToast('Session expired. Please log in again.', 'warning');
+    //                 logout();
+    //             }
+    //         } catch (error) {
+    //             console.log('Token validation failed:', error);
+    //         }
+    //     }, 5 * 60 * 1000); // Check every 5 minutes
+    // }
+    
     // Initialize smooth scrolling
     initializeSmoothScrolling();
-
+    
     // Initialize animations
     initializeAnimations();
-
+    
     // Initialize keyboard shortcuts
     initializeKeyboardShortcuts();
-
+    
+    // Theme toggle removed
+    
     // Initialize upload
     initializeUpload();
-
+    
     // Initialize search page (if on search page)
     initializeSearchPage();
-
+    
     console.log('ResearchMate initialized successfully!');
 });
 
@@ -72,8 +192,11 @@ function initializeTooltips() {
 function initializeSmoothScrolling() {
     document.querySelectorAll('a[href^="#"]').forEach(anchor => {
         anchor.addEventListener('click', function (e) {
+            const href = this.getAttribute('href');
+            // Skip if href is just '#', which is not a valid selector
+            if (href === '#') return;
             e.preventDefault();
-            const target = document.querySelector(this.getAttribute('href'));
+            const target = document.querySelector(href);
             if (target) {
                 target.scrollIntoView({
                     behavior: 'smooth',
@@ -139,35 +262,35 @@ function initializeKeyboardShortcuts() {
 // Theme toggle removed: always use dark theme
 
 // Enhanced Upload functionality
-async function initializeUpload() {
+function initializeUpload() {
     const uploadArea = document.getElementById('upload-area');
     const fileInput = document.getElementById('pdf-file');
     const uploadBtn = document.getElementById('upload-btn');
-
+    
     if (!uploadArea || !fileInput || !uploadBtn) return;
-
+    
     // Restore previous upload results if they exist
-    await restoreUploadResults();
-
+    restoreUploadResults();
+    
     // Click to browse files
     uploadArea.addEventListener('click', () => {
         fileInput.click();
     });
-
+    
     // Drag and drop functionality
     uploadArea.addEventListener('dragover', (e) => {
         e.preventDefault();
         uploadArea.classList.add('dragover');
     });
-
+    
     uploadArea.addEventListener('dragleave', () => {
         uploadArea.classList.remove('dragover');
     });
-
+    
     uploadArea.addEventListener('drop', (e) => {
         e.preventDefault();
         uploadArea.classList.remove('dragover');
-
+        
         const files = e.dataTransfer.files;
         if (files.length > 0 && files[0].type === 'application/pdf') {
             fileInput.files = files;
@@ -176,18 +299,18 @@ async function initializeUpload() {
             showToast('Please select a valid PDF file', 'danger');
         }
     });
-
+    
     // File input change
     fileInput.addEventListener('change', (e) => {
         if (e.target.files.length > 0) {
             handleFileSelection(e.target.files[0]);
         }
     });
-
+    
     function handleFileSelection(file) {
         uploadBtn.disabled = false;
         uploadBtn.innerHTML = `<i class="fas fa-upload me-2"></i>Upload "${file.name}"`;
-
+        
         // Update upload area
         uploadArea.innerHTML = `
             <i class="fas fa-file-pdf text-danger"></i>
@@ -215,36 +338,43 @@ function toggleUploadArea() {
 }
 
 // Upload result persistence functions
-async function saveUploadResults(data) {
+function saveUploadResults(data) {
     try {
-        const currentUser = await getCurrentUserId();
-        if (!currentUser) {
-            console.warn('Cannot save upload results: no user');
+        const currentUser = getCurrentUserId();
+        const currentSession = getSessionId();
+        
+        if (!currentUser || !currentSession) {
+            console.warn('Cannot save upload results: no user or session');
             return;
         }
+        
         const dataToSave = {
             ...data,
             userId: currentUser,
+            sessionId: currentSession,
             savedAt: new Date().toISOString(),
             pageUrl: window.location.pathname
         };
+        
         saveToLocalStorage('researchmate_upload_results', dataToSave);
     } catch (error) {
         console.error('Failed to save upload results:', error);
     }
 }
 
-async function restoreUploadResults() {
+function restoreUploadResults() {
     try {
         const resultsContainer = document.getElementById('results-container');
         if (!resultsContainer) return;
-        // Get current user from backend
-        const currentUser = await getCurrentUserId();
+        
+        // Get current user from session/token
+        const currentUser = getCurrentUserId(); // You'll need to implement this
         if (!currentUser) {
             // No user logged in, clear any existing results
             clearUploadResults();
             return;
         }
+        
         const savedData = loadFromLocalStorage('researchmate_upload_results');
         if (savedData && savedData.pageUrl === window.location.pathname) {
             // Check if data belongs to current user
@@ -253,12 +383,22 @@ async function restoreUploadResults() {
                 clearUploadResults();
                 return;
             }
-            // Check if data is recent (max 1 hour)
+            
+            // Check if data is from current session
+            const currentSessionId = getSessionId(); // You'll need to implement this
+            if (savedData.sessionId !== currentSessionId) {
+                console.log('Upload results from different session, clearing');
+                clearUploadResults();
+                return;
+            }
+            
+            // Check if data is recent (within current session, max 1 hour)
             const savedTime = new Date(savedData.savedAt);
             const now = new Date();
             const hoursDiff = (now - savedTime) / (1000 * 60 * 60);
+            
             if (hoursDiff < 1) {
-                console.log('Restoring upload results for user');
+                console.log('Restoring upload results from current session');
                 displayUploadResults(savedData);
                 showToast('Previous PDF analysis restored', 'info', 3000);
             } else {
@@ -271,14 +411,15 @@ async function restoreUploadResults() {
     }
 }
 
-// Helper function to get current user ID from backend
-async function getCurrentUserId() {
+// Helper function to get current user ID
+function getCurrentUserId() {
     try {
-        const response = await fetch('/api/user/status', { credentials: 'include' });
-        if (!response.ok) return null;
-        const data = await response.json();
-        // Try user_id, id, or username as fallback
-        return data.user_id || data.id || data.username || null;
+        const token = localStorage.getItem('authToken') || sessionStorage.getItem('authToken');
+        if (!token) return null;
+        
+        // Decode JWT token to get user ID (simple base64 decode)
+        const payload = JSON.parse(atob(token.split('.')[1]));
+        return payload.user_id || payload.sub;
     } catch (error) {
         console.error('Failed to get current user ID:', error);
         return null;
@@ -1056,18 +1197,22 @@ function loadFromLocalStorage(key, defaultValue = null) {
 
 // Enhanced logout function with security cleanup
 function logout() {
+    // Clear all authentication data
+    clearAuthToken();
+    
     // Clear all session data
     sessionStorage.clear();
-    // Clear user info from localStorage
-    localStorage.removeItem('userId');
-    localStorage.removeItem('username');
+    
+    // Clear specific localStorage items but keep non-sensitive data
+    const keysToRemove = ['authToken', 'userId', 'tokenTimestamp', 'userSession'];
+    keysToRemove.forEach(key => localStorage.removeItem(key));
+    
     // Call logout API
     fetch('/api/auth/logout', {
         method: 'POST',
         headers: {
             'Content-Type': 'application/json',
-        },
-        credentials: 'include'
+        }
     })
     .then(() => {
         // Redirect to login page
@@ -1082,7 +1227,8 @@ function logout() {
 // Make logout function globally available
 window.logout = logout;
 
-
+// Make makeAuthenticatedRequest globally available
+window.makeAuthenticatedRequest = makeAuthenticatedRequest;
 
 // Export functions for global use
 window.ResearchMate = {
@@ -1104,8 +1250,7 @@ window.ResearchMate = {
     saveUploadResults,
     restoreUploadResults,
     clearUploadResults,
-    displayUploadResults,
-    getCurrentUserId
+    displayUploadResults
 };
 
 // Make clearUploadResults globally available for onclick handlers

src/templates/login.html

@@ -12,10 +12,6 @@
                     <h3 class="text-primary-custom">Welcome to ResearchMate</h3>
                     <p class="text-muted">Please log in to access your research projects</p>
                 </div>
-                
-                <!-- Alert container for messages -->
-                <div id="alert-container"></div>
-                
                 <form id="login-form">
                     <div class="mb-3">
                         <label for="username" class="form-label">Username</label>
@@ -26,7 +22,7 @@
                         <input type="password" class="form-control" id="password" name="password" required>
                     </div>
                     <div class="d-grid">
-                        <button type="submit" class="btn btn-primary" id="login-btn">
+                        <button type="submit" class="btn btn-primary">
                             <i class="fas fa-sign-in-alt me-2"></i>Login
                         </button>
                     </div>
@@ -56,19 +52,19 @@
                 <form id="register-form">
                     <div class="mb-3">
                         <label for="reg-username" class="form-label">Username</label>
-                        <input type="text" class="form-control bg-white text-dark" id="reg-username" name="username" required>
+<input type="text" class="form-control bg-white text-dark" id="reg-username" name="username" required>
                     </div>
                     <div class="mb-3">
                         <label for="reg-email" class="form-label">Email</label>
-                        <input type="email" class="form-control bg-white text-dark" id="reg-email" name="email" required>
+<input type="email" class="form-control bg-white text-dark" id="reg-email" name="email" required>
                     </div>
                     <div class="mb-3">
                         <label for="reg-password" class="form-label">Password</label>
-                        <input type="password" class="form-control bg-white text-dark" id="reg-password" name="password" required>
+<input type="password" class="form-control bg-white text-dark" id="reg-password" name="password" required>
                     </div>
                     <div class="mb-3">
                         <label for="reg-confirm-password" class="form-label">Confirm Password</label>
-                        <input type="password" class="form-control bg-white text-dark" id="reg-confirm-password" name="confirm_password" required>
+<input type="password" class="form-control bg-white text-dark" id="reg-confirm-password" name="confirm_password" required>
                     </div>
                 </form>
             </div>
@@ -85,215 +81,129 @@
 
 {% block extra_js %}
 <script>
+// Include authentication utilities
+function setAuthToken(token) {
+    // Store in sessionStorage for better security (clears on browser close)
+    sessionStorage.setItem('authToken', token);
+    // Also store in localStorage for compatibility, but with shorter expiry
+    localStorage.setItem('authToken', token);
+    localStorage.setItem('tokenTimestamp', Date.now().toString());
+    
+    // Set cookie with HttpOnly equivalent behavior
+    document.cookie = `authToken=${token}; path=/; SameSite=Strict; Secure=${location.protocol === 'https:'}`;
+}
+
 document.addEventListener('DOMContentLoaded', function() {
-    // Always verify authentication with backend on page load
-    fetch('/api/user/status', {
-        credentials: 'include'
-    })
-    .then(response => {
-        if (response.ok) {
-            // User is authenticated, redirect to home if not already there
-            if (window.location.pathname === '/login') {
-                window.location.href = '/';
-            }
-        } else {
-            // Not authenticated, redirect to login if not already there
-            if (window.location.pathname !== '/login') {
-                window.location.href = '/login';
-            }
-        }
-    })
-    .catch((error) => {
-        console.error('User status check error:', error);
-        if (window.location.pathname !== '/login') {
-            window.location.href = '/login';
-        }
-    });
     const loginForm = document.getElementById('login-form');
     const registerForm = document.getElementById('register-form');
-    const loginBtn = document.getElementById('login-btn');
     
     // Login handler
-    loginForm.addEventListener('submit', async function(e) {
+    loginForm.addEventListener('submit', function(e) {
         e.preventDefault();
         
-        const username = document.getElementById('username').value.trim();
+        const username = document.getElementById('username').value;
         const password = document.getElementById('password').value;
         
-        if (!username || !password) {
-            showAlert('danger', 'Please fill in all fields');
-            return;
-        }
-        
-        // Show loading state
-        const originalBtnText = loginBtn.innerHTML;
-        loginBtn.disabled = true;
-        loginBtn.innerHTML = '<i class="fas fa-spinner fa-spin me-2"></i>Logging in...';
-        
-        try {
-            const response = await fetch('/api/auth/login', {
-                method: 'POST',
-                headers: {
-                    'Content-Type': 'application/json',
-                },
-                credentials: 'include', // Important: Include cookies
-                body: JSON.stringify({
-                    username: username,
-                    password: password
-                })
-            });
-            
-            const data = await response.json();
-            console.log('Login response:', data); // Debug log
-            
-            if (response.ok && data.success) {
-                // Store user info for UI only
-                if (data.user_id) {
-                    localStorage.setItem('userId', data.user_id);
-                }
-                if (data.username) {
-                    localStorage.setItem('username', data.username);
-                }
+        fetch('/api/auth/login', {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({
+                username: username,
+                password: password
+            })
+        })
+        .then(response => response.json())
+        .then(data => {
+            if (data.success) {
+                // Use secure token storage
+                setAuthToken(data.token);
+                sessionStorage.setItem('userId', data.user_id);
+                localStorage.setItem('userId', data.user_id);
                 
                 // Show success message
                 showAlert('success', 'Login successful! Redirecting...');
                 
-                // Multiple redirect strategies
-                const redirectUrl = data.redirect_url || '/';
-                console.log('Redirecting to:', redirectUrl); // Debug log
-                
-                // Try immediate redirect first
+                // Redirect to home page after a short delay
                 setTimeout(() => {
-                    try {
-                        window.location.href = redirectUrl;
-                    } catch (error) {
-                        console.error('Redirect error:', error);
-                        // Fallback redirect methods
-                        try {
-                            window.location.replace(redirectUrl);
-                        } catch (error2) {
-                            console.error('Replace redirect error:', error2);
-                            // Last resort
-                            window.location = redirectUrl;
-                        }
-                    }
-                }, 1000); // Reduced delay
-                
+                    window.location.href = '/';
+                }, 1000);
             } else {
-                console.error('Login failed:', data); // Debug log
-                showAlert('danger', data.detail || data.error || data.message || 'Login failed. Please try again.');
+                showAlert('danger', data.error || 'Login failed');
             }
-        } catch (error) {
-            console.error('Login error:', error);
-            showAlert('danger', 'Network error. Please check your connection and try again.');
-        } finally {
-            // Reset button state
-            loginBtn.disabled = false;
-            loginBtn.innerHTML = originalBtnText;
-        }
+        })
+        .catch(error => {
+            showAlert('danger', 'Network error: ' + error.message);
+        });
     });
     
     // Register handler
-    registerForm.addEventListener('submit', async function(e) {
+    registerForm.addEventListener('submit', function(e) {
         e.preventDefault();
         
-        const username = document.getElementById('reg-username').value.trim();
-        const email = document.getElementById('reg-email').value.trim();
+        const username = document.getElementById('reg-username').value;
+        const email = document.getElementById('reg-email').value;
         const password = document.getElementById('reg-password').value;
         const confirmPassword = document.getElementById('reg-confirm-password').value;
         
-        if (!username || !email || !password || !confirmPassword) {
-            showAlert('danger', 'Please fill in all fields');
-            return;
-        }
-        
         if (password !== confirmPassword) {
             showAlert('danger', 'Passwords do not match');
             return;
         }
         
-        if (password.length < 6) {
-            showAlert('danger', 'Password must be at least 6 characters long');
-            return;
-        }
-        
-        try {
-            const response = await fetch('/api/auth/register', {
-                method: 'POST',
-                headers: {
-                    'Content-Type': 'application/json',
-                },
-                body: JSON.stringify({
-                    username: username,
-                    email: email,
-                    password: password
-                })
-            });
-            
-            const data = await response.json();
-            
-            if (response.ok && data.success) {
+        fetch('/api/auth/register', {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({
+                username: username,
+                email: email,
+                password: password
+            })
+        })
+        .then(response => response.json())
+        .then(data => {
+            if (data.success) {
                 const modal = bootstrap.Modal.getInstance(document.getElementById('registerModal'));
-                if (modal) {
-                    modal.hide();
-                }
+                modal.hide();
                 showAlert('success', 'Account created successfully! Please log in.');
                 registerForm.reset();
             } else {
-                showAlert('danger', data.detail || data.error || data.message || 'Registration failed. Please try again.');
+                showAlert('danger', data.error || 'Registration failed');
             }
-        } catch (error) {
-            console.error('Registration error:', error);
-            showAlert('danger', 'Network error. Please check your connection and try again.');
-        }
+        })
+        .catch(error => {
+            showAlert('danger', 'Network error: ' + error.message);
+        });
     });
     
     function showAlert(type, message) {
-        const alertContainer = document.getElementById('alert-container');
-        
-        // Clear existing alerts
-        alertContainer.innerHTML = '';
-        
         const alert = document.createElement('div');
         alert.className = `alert alert-${type} alert-dismissible fade show`;
         alert.innerHTML = `
-            <i class="fas fa-${type === 'success' ? 'check-circle' : 'exclamation-triangle'} me-2"></i>
+            <i class="fas fa-${type === 'success' ? 'check' : 'exclamation-triangle'} me-2"></i>
             ${message}
             <button type="button" class="btn-close" data-bs-dismiss="alert"></button>
         `;
-        
-        alertContainer.appendChild(alert);
-        
-        // Auto-remove after 5 seconds for error messages
-        if (type === 'danger') {
-            setTimeout(() => {
-                if (alert.parentNode) {
-                    alert.remove();
-                }
-            }, 5000);
-        }
-    }
-    
-    // Check if user is already logged in (cookie-based)
-    fetch('/api/user/status', {
-        credentials: 'include'
-    })
-    .then(response => {
-        if (response.ok) {
-            // User is already logged in, redirect
-            console.log('User already logged in, redirecting...');
-            window.location.href = '/';
+
+        // Try to insert into .container, else fallback to main content
+        const container = document.querySelector('.container');
+        if (container) {
+            container.insertBefore(alert, container.firstChild);
         } else {
-            // Not logged in, clear any UI user info
-            localStorage.removeItem('userId');
-            localStorage.removeItem('username');
+            // Fallback: insert at top of main content
+            const main = document.querySelector('main') || document.body;
+            main.insertBefore(alert, main.firstChild);
         }
-    })
-    .catch((error) => {
-        console.error('User status check error:', error);
-        localStorage.removeItem('userId');
-        localStorage.removeItem('username');
-    });
+
+        setTimeout(() => {
+            if (alert.parentNode) {
+                alert.remove();
+            }
+        }, 5000);
+    }
 });
 </script>
-{% endblock %}
+{% endblock %}