feat: Add user authentication system

[yadavchiragg]

Overview

Adds complete user authentication system to BHV, replacing the placeholder user with real registration and login.

Features Implemented

✅ User Registration

• Email and username validation
• Password strength requirements (6+ chars)
• Password confirmation
• Duplicate username/email checking
• Secure password hashing

✅ User Login/Logout

• Secure session management with Flask-Login
• Login required for uploads
• "Next" parameter for redirect after login
• Flash messages for user feedback

✅ User Profile

• Personal profile page
• Display user's uploaded images only
• User statistics (join date, image count)
• Member information

✅ Protected Routes

• Upload requires authentication
• Profile requires authentication
• Automatic redirect to login
• Session persistence

Technical Implementation

Security

• Password hashing with Werkzeug
• Flask-Login session management
• CSRF protection on forms
• Email validation
• Input sanitization

Database

• Enhanced User model with UserMixin
• User-Image relationships maintained
• No breaking changes to existing schema

File Changes

Modified

• bhv/app.py - Added auth routes and Flask-Login integration
• bhv/templates/base.html - Dynamic navigation
• requirements.txt - Added Flask-Login, email-validator

New Files

• bhv/templates/register.html - Registration page
• bhv/templates/login.html - Login page
• bhv/templates/profile.html - User profile

Screenshots

Testing Completed

✅ User registration works
✅ Duplicate username/email blocked
✅ Password validation enforced
✅ Login with valid credentials succeeds
✅ Login with invalid credentials fails
✅ Logout works correctly
✅ Upload requires login
✅ Profile shows only user's images
✅ Session persists across pages
✅ Navigation updates based on auth state

How to Test

# Install dependencies
pip install Flask-Login==0.6.3 email-validator==2.1.0

# Delete old database for fresh start
del bhv.db

# Run application
python bhv/app.py

# Test flow:
1. Register new user at /register
2. Login at /login
3. Upload image at /upload
4. View profile at /profile
5. Logout

Benefits

✅ Real multi-user support - No more fake user_id=1
✅ Secure authentication - Industry-standard practices
✅ User privacy - Each user sees only their data
✅ Production ready - Ready for real deployment
✅ Scalable - Supports unlimited users

Why This Matters

This is fundamental for BHV because:

• Healthcare apps must identify users properly
• Multiple users can now use the system safely
• Each user's data is isolated and secure
• Foundation for admin features and moderation
• Required for production deployment

This makes BHV actually usable by real people! 🚀

Builds on previous upload and testing PRs

Relates to #24

[gemini-code-assist]

Summary of Changes

Hello @yadavchiragg, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request fundamentally transforms the BHV application by integrating a comprehensive user authentication system. It moves beyond a single placeholder user to support real user registration, login, and personalized profiles, significantly enhancing the application's security, multi-user capabilities, and overall readiness for deployment.

Highlights

• User Registration: Implemented with email and username validation, password strength requirements (6+ characters), password confirmation, duplicate username/email checking, and secure password hashing.
• User Login/Logout: Features secure session management using Flask-Login, enforces login for uploads, supports a 'Next' parameter for redirecting users after login, and provides user feedback via flash messages.
• User Profile: Introduces a personal profile page where users can view their uploaded images exclusively and see personal statistics like join date and image count.
• Protected Routes: Key routes such as '/upload' and '/profile' now require user authentication, with automatic redirection to the login page if unauthenticated, and session persistence for logged-in users.
• Enhanced Security: Incorporates robust security measures including password hashing with Werkzeug, Flask-Login for session management, CSRF protection on forms, email validation, and input sanitization.
• Database Integration: The User model is enhanced with Flask-Login's UserMixin, and user-image relationships are maintained, ensuring no breaking changes to the existing database schema.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/tests.yml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[yadavchiragg]

Hi @mdxabu and @pradeeban! 👋

I've added a complete user authentication system to BHV! 🔐

Pull Request: #33

What I Built

✅ User Registration - Users can create accounts with email validation
✅ Secure Login/Logout - Flask-Login session management
✅ User Profiles - Each user sees their own uploads
✅ Protected Routes - Upload requires authentication
✅ Password Security - Hashing, validation, confirmation

Before vs After

Before: System used fake user (user_id=1)
After: Real users with their own accounts and data! ✅

Testing

Everything tested and working:

• Registration ✅
• Login/Logout ✅
• Upload protection ✅
• User profiles ✅
• Session management ✅

This makes BHV ready for real users! Looking forward to your feedback! 🙏

[gemini-code-assist]

Code Review

This pull request introduces a comprehensive user authentication system, which is a great and necessary feature. The implementation covers registration, login/logout, profile pages, and protected routes. My review focuses on improving security, maintainability, and correctness. Key areas for improvement include properly managing application configuration and secrets, preventing security vulnerabilities like open redirects and path traversal, improving the form validation workflow, and cleaning up dependencies and tests. There are also recommendations to improve code structure by moving styles out of templates and using the newly introduced configuration file.