chore: commit local changes (app.py, static assets, index.html, requirements) and add README_FIREBASE

.gitignore

@@ -4,6 +4,11 @@ users_data.json
 # Environment Variables - Contains API Keys
 .env
 
+# Firebase Service Account Key - NEVER COMMIT THIS!
+serviceAccountKey.json
+*serviceAccountKey*.json
+firebase-adminsdk-*.json
+
 # Python Virtual Environment
 .venv/
 venv/
@@ -61,4 +66,5 @@ rag_data/
 *.bak
 *.tmp
 
-docs/
+docs/
+etc/

README_FIREBASE.md

@@ -0,0 +1,209 @@
+# Spiritual Path Assessment Tool
+
+A Flask-based web application that helps users discover which religious or spiritual path aligns with their beliefs, values, and lifestyle through an interactive questionnaire.
+
+## Features
+
+- 🔐 **Firebase Authentication**
+  - Email/Password authentication
+  - Google Sign-In
+  - Email verification
+  - Password reset
+  
+- 📊 **Assessment System**
+  - 8-question spiritual path questionnaire
+  - Personalized recommendations based on responses
+  - Detailed information about each spiritual path
+  
+- 💬 **AI-Powered Chatbot**
+  - Ask questions about recommended spiritual paths
+  - RAG-enhanced responses using religion-specific data
+  - Voice input support with Whisper transcription
+  
+- 🗄️ **Firestore Database**
+  - Secure user data storage
+  - Assessment answers and results persistence
+  - Real-time synchronization
+
+## Tech Stack
+
+- **Backend**: Flask (Python)
+- **Frontend**: HTML, CSS, JavaScript
+- **Authentication**: Firebase Authentication
+- **Database**: Cloud Firestore
+- **AI/ML**: 
+  - Together AI (chatbot)
+  - OpenAI Whisper (voice transcription)
+- **Deployment**: Render.com / Docker
+
+## Quick Start
+
+### Prerequisites
+
+- Python 3.9+
+- Firebase project (see [FIREBASE_SETUP.md](FIREBASE_SETUP.md))
+- API keys for Together AI and OpenAI (optional, for chatbot features)
+
+### Installation
+
+1. **Clone the repository**
+   ```bash
+   git clone https://github.com/YoonJ-C/Spiritual-Path-Assessment.git
+   cd Spiritual-Path-Assessment
+   ```
+
+2. **Install dependencies**
+   ```bash
+   pip install -r requirements.txt
+   ```
+
+3. **Set up Firebase** (detailed guide in [FIREBASE_SETUP.md](FIREBASE_SETUP.md))
+   - Create a Firebase project
+   - Enable Authentication (Email/Password and Google)
+   - Create Firestore database
+   - Download service account key as `serviceAccountKey.json`
+
+4. **Configure environment variables**
+   ```bash
+   cp .env.example .env
+   # Edit .env with your Firebase credentials and API keys
+   ```
+
+5. **Run the application**
+   ```bash
+   python app.py
+   ```
+
+6. **Open in browser**
+   ```
+   http://localhost:5003
+   ```
+
+## Environment Variables
+
+See `.env.example` for all required environment variables. Key variables:
+
+- `FIREBASE_CREDENTIALS_PATH`: Path to service account JSON file
+- `FIREBASE_WEB_API_KEY`: Firebase web API key
+- `FIREBASE_PROJECT_ID`: Your Firebase project ID
+- `TOGETHER_API_KEY`: Together AI API key (for chatbot)
+- `OPENAI_API_KEY`: OpenAI API key (for voice input)
+
+## Deployment
+
+### Render.com
+
+1. Push your code to GitHub
+2. Create a new Web Service on Render.com
+3. Connect your GitHub repository
+4. Add environment variables in Render dashboard
+5. Upload `serviceAccountKey.json` as a secret file
+6. Deploy!
+
+See [FIREBASE_SETUP.md](FIREBASE_SETUP.md) for detailed deployment instructions.
+
+### Docker
+
+```bash
+docker build -t spiritual-path-assessment .
+docker run -p 5003:5003 --env-file .env spiritual-path-assessment
+```
+
+## Project Structure
+
+```
+Spiritual-Path-Assessment/
+├── app.py                  # Main Flask application
+├── rag_utils.py           # RAG utilities for chatbot
+├── requirements.txt       # Python dependencies
+├── Dockerfile            # Docker configuration
+├── FIREBASE_SETUP.md     # Firebase setup guide
+├── .env.example          # Environment variables template
+├── religions.csv         # Religion data for RAG
+├── static/
+│   ├── style.css         # Main styles
+│   ├── landing.css       # Landing page styles
+│   ├── script.js         # Frontend JavaScript
+│   ├── design-tokens.css # Design system tokens
+│   └── images/           # Image assets
+└── templates/
+    ├── landing.html      # Landing page
+    └── index.html        # Main app template
+```
+
+## Features in Detail
+
+### Authentication
+
+- **Firebase Authentication** provides secure user management
+- **Google Sign-In** for quick access
+- **Email verification** ensures valid user accounts
+- **Password reset** via email
+- **Legacy support** for existing username/password users
+
+### Assessment
+
+- 8 carefully crafted questions covering:
+  - Views on divinity
+  - Spiritual practices
+  - Afterlife beliefs
+  - Moral guidance
+  - Ritual importance
+  - Nature relationship
+  - Suffering perspective
+  - Community role
+
+- Results show top 3 spiritual paths with:
+  - Alignment percentage
+  - Description
+  - Common practices
+  - Core beliefs
+
+### Chatbot
+
+- Ask questions about recommended spiritual paths
+- Powered by Meta-Llama-3-8B-Instruct-Lite
+- RAG-enhanced with detailed religion data
+- Voice input with live transcription
+- Conversation history maintained per religion
+
+## Security
+
+- Firebase handles authentication securely
+- Firestore security rules restrict data access
+- Service account keys kept secure
+- HTTPS enforced in production
+- Session management with secure cookies
+
+## Contributing
+
+Contributions are welcome! Please:
+
+1. Fork the repository
+2. Create a feature branch
+3. Make your changes
+4. Test thoroughly
+5. Submit a pull request
+
+## License
+
+Apache 2.0 License - see LICENSE file for details
+
+## Support
+
+For issues or questions:
+- Open an issue on GitHub
+- Check [FIREBASE_SETUP.md](FIREBASE_SETUP.md) for setup help
+- Review Firebase documentation
+
+## Acknowledgments
+
+- Firebase for authentication and database
+- Together AI for chatbot capabilities
+- OpenAI for Whisper transcription
+- All contributors and users
+
+---
+
+Made with ❤️ for spiritual seekers everywhere
+

app.py

@@ -15,6 +15,8 @@ from dotenv import load_dotenv
 from together import Together
 from rag_utils import load_religions_from_csv, prepare_religion_rag_context
 from openai import OpenAI
+import firebase_admin
+from firebase_admin import credentials, auth, firestore
 
 load_dotenv()
 
@@ -27,7 +29,33 @@ app.config['SESSION_COOKIE_HTTPONLY'] = True
 app.config['SESSION_COOKIE_SAMESITE'] = 'Lax'
 app.config['PERMANENT_SESSION_LIFETIME'] = 3600  # 1 hour
 
+# Initialize Firebase Admin SDK
+try:
+    firebase_cred_path = os.getenv('FIREBASE_CREDENTIALS_PATH', 'serviceAccountKey.json')
+    if os.path.exists(firebase_cred_path):
+        cred = credentials.Certificate(firebase_cred_path)
+        firebase_admin.initialize_app(cred)
+        db = firestore.client()
+        print("✅ Firebase initialized successfully")
+    else:
+        print(f"⚠️ Firebase credentials not found at {firebase_cred_path}")
+        db = None
+except Exception as e:
+    print(f"⚠️ Firebase initialization failed: {e}")
+    db = None
+
+# Firebase Web Config (for frontend)
+FIREBASE_CONFIG = {
+    'apiKey': os.getenv('FIREBASE_WEB_API_KEY'),
+    'authDomain': os.getenv('FIREBASE_AUTH_DOMAIN'),
+    'projectId': os.getenv('FIREBASE_PROJECT_ID'),
+    'storageBucket': os.getenv('FIREBASE_STORAGE_BUCKET', f"{os.getenv('FIREBASE_PROJECT_ID')}.appspot.com"),
+    'messagingSenderId': os.getenv('FIREBASE_MESSAGING_SENDER_ID'),
+    'appId': os.getenv('FIREBASE_APP_ID')
+}
+
 # File to store user data - defaults to current directory (writable in Docker)
+# Keep for backward compatibility during transition
 USERS_FILE = os.getenv("USERS_FILE", "users_data.json")
 
 # Together API for chatbot
@@ -193,6 +221,95 @@ def send_password_reset_email(email, token):
     # In production, replace with actual SMTP sending
     return True
 
+# ============================================================================
+# FIRESTORE HELPER FUNCTIONS
+# ============================================================================
+
+def get_user_by_uid(uid):
+    """Get user data from Firestore by Firebase UID"""
+    if not db:
+        return None
+    try:
+        user_ref = db.collection('users').document(uid)
+        user_doc = user_ref.get()
+        if user_doc.exists:
+            return user_doc.to_dict()
+        return None
+    except Exception as e:
+        print(f"Error getting user {uid}: {e}")
+        return None
+
+def create_or_update_user(uid, user_data):
+    """Create or update user in Firestore"""
+    if not db:
+        return False
+    try:
+        user_ref = db.collection('users').document(uid)
+        user_ref.set(user_data, merge=True)
+        return True
+    except Exception as e:
+        print(f"Error saving user {uid}: {e}")
+        return False
+
+def get_user_answers(uid):
+    """Get user's assessment answers from Firestore"""
+    if not db:
+        return []
+    try:
+        user_data = get_user_by_uid(uid)
+        return user_data.get('answers', []) if user_data else []
+    except Exception as e:
+        print(f"Error getting answers for {uid}: {e}")
+        return []
+
+def save_user_answers(uid, answers):
+    """Save user's assessment answers to Firestore"""
+    if not db:
+        return False
+    try:
+        user_ref = db.collection('users').document(uid)
+        user_ref.update({'answers': answers})
+        return True
+    except Exception as e:
+        print(f"Error saving answers for {uid}: {e}")
+        return False
+
+def get_user_results(uid):
+    """Get user's assessment results from Firestore"""
+    if not db:
+        return []
+    try:
+        user_data = get_user_by_uid(uid)
+        return user_data.get('results', []) if user_data else []
+    except Exception as e:
+        print(f"Error getting results for {uid}: {e}")
+        return []
+
+def save_user_results(uid, results):
+    """Save user's assessment results to Firestore"""
+    if not db:
+        return False
+    try:
+        user_ref = db.collection('users').document(uid)
+        user_ref.update({'results': results})
+        return True
+    except Exception as e:
+        print(f"Error saving results for {uid}: {e}")
+        return False
+
+def verify_firebase_token(id_token):
+    """Verify Firebase ID token and return decoded token"""
+    try:
+        decoded_token = auth.verify_id_token(id_token)
+        return decoded_token
+    except Exception as e:
+        print(f"Token verification error: {e}")
+        return None
+
+# ============================================================================
+# LEGACY JSON FILE FUNCTIONS (for backward compatibility)
+# ============================================================================
+
 def load_users():
     try:
         if os.path.exists(USERS_FILE):
@@ -259,22 +376,36 @@ def landing():
 
 @app.route("/assessment")
 def assessment():
-    if 'username' not in session:
+    # Check for Firebase user first, then legacy username
+    user_id = session.get('user_id')
+    username = session.get('username')
+    
+    if not user_id and not username:
         return redirect(url_for('login'))
     
-    users = load_users()
-    user_data = users.get(session['username'], {})
-    has_results = 'results' in user_data and user_data['results']
+    # Get user data from appropriate source
+    if user_id:
+        # Firebase user
+        user_data = get_user_by_uid(user_id) or {}
+        display_name = session.get('email', 'User')
+        has_results = 'results' in user_data and user_data['results']
+    else:
+        # Legacy user
+        users = load_users()
+        user_data = users.get(username, {})
+        display_name = username
+        has_results = 'results' in user_data and user_data['results']
     
     return render_template(
         "index.html", 
         title="Spiritual Path Finder", 
-        message=f"Welcome, {session['username']}!",
-        username=session['username'],
+        message=f"Welcome, {display_name}!",
+        username=display_name,
         logged_in=True,
         questions=QUESTIONS,
         has_results=has_results,
-        results=user_data.get('results', []) if has_results else []
+        results=user_data.get('results', []) if has_results else [],
+        firebase_config=FIREBASE_CONFIG
     )
 
 @app.route("/login", methods=["GET", "POST"])
@@ -284,46 +415,77 @@ def login():
             data = request.get_json()
             if not data:
                 return jsonify({"success": False, "message": "Invalid request"}), 400
-                
-            username = data.get('username', '').strip()
-            password = data.get('password', '')
             
-            if not username or not password:
-                return jsonify({"success": False, "message": "Username and password required"}), 400
+            # Firebase authentication - verify ID token from frontend
+            id_token = data.get('idToken')
             
-            users = load_users()
-            if username not in users:
-                return jsonify({"success": False, "message": "Invalid credentials"}), 401
-            
-            user_data = users[username]
-            
-            # Check if email is verified
-            if not user_data.get('verified', True):  # Default True for backward compatibility
-                return jsonify({"success": False, "message": "Please verify your email first. Check your inbox."}), 403
-            
-            stored = user_data['password']
-            
-            # Try hash-based verification first
-            if stored.startswith(('scrypt:', 'pbkdf2:')):
-                if check_password_hash(stored, password):
+            if id_token:
+                # Firebase authentication flow
+                decoded_token = verify_firebase_token(id_token)
+                if not decoded_token:
+                    return jsonify({"success": False, "message": "Invalid authentication token"}), 401
+                
+                uid = decoded_token['uid']
+                email = decoded_token.get('email', '')
+                
+                # Check if user exists in Firestore, create if not
+                user_data = get_user_by_uid(uid)
+                if not user_data:
+                    # Create new user document
+                    create_or_update_user(uid, {
+                        'email': email,
+                        'answers': [],
+                        'results': [],
+                        'created_at': firestore.SERVER_TIMESTAMP
+                    })
+                
+                # Store UID in session
+                session['user_id'] = uid
+                session['email'] = email
+                session.permanent = True
+                return jsonify({"success": True})
+            else:
+                # Legacy username/password flow (backward compatibility)
+                username = data.get('username', '').strip()
+                password = data.get('password', '')
+                
+                if not username or not password:
+                    return jsonify({"success": False, "message": "Username and password required"}), 400
+                
+                users = load_users()
+                if username not in users:
+                    return jsonify({"success": False, "message": "Invalid credentials"}), 401
+                
+                user_data = users[username]
+                
+                # Check if email is verified
+                if not user_data.get('verified', True):
+                    return jsonify({"success": False, "message": "Please verify your email first. Check your inbox."}), 403
+                
+                stored = user_data['password']
+                
+                # Try hash-based verification first
+                if stored.startswith(('scrypt:', 'pbkdf2:')):
+                    if check_password_hash(stored, password):
+                        session['username'] = username
+                        session.permanent = True
+                        return jsonify({"success": True})
+                # Legacy plaintext fallback
+                elif stored == password:
+                    users[username]['password'] = generate_password_hash(password)
+                    if not save_users(users):
+                        return jsonify({"success": False, "message": "Error saving data"}), 500
                     session['username'] = username
                     session.permanent = True
                     return jsonify({"success": True})
-            # Legacy plaintext fallback
-            elif stored == password:
-                users[username]['password'] = generate_password_hash(password)
-                if not save_users(users):
-                    return jsonify({"success": False, "message": "Error saving data"}), 500
-                session['username'] = username
-                session.permanent = True
-                return jsonify({"success": True})
-            
-            return jsonify({"success": False, "message": "Invalid credentials"}), 401
+                
+                return jsonify({"success": False, "message": "Invalid credentials"}), 401
         except Exception as e:
             print(f"Login error: {e}")
             return jsonify({"success": False, "message": "Server error"}), 500
     
-    return render_template("index.html", logged_in=False, is_signup=False)
+    # Pass Firebase config to template
+    return render_template("index.html", logged_in=False, is_signup=False, firebase_config=FIREBASE_CONFIG)
 
 @app.route("/signup", methods=["GET", "POST"])
 def signup():
@@ -332,64 +494,97 @@ def signup():
             data = request.get_json()
             if not data:
                 return jsonify({"success": False, "message": "Invalid request"}), 400
-                
-            username = data.get('username', '').strip()
-            password = data.get('password', '')
-            email = data.get('email', '').strip().lower()
-            
-            if not username or not password:
-                return jsonify({"success": False, "message": "Username and password required"}), 400
-            
-            if not email:
-                return jsonify({"success": False, "message": "Email is required"}), 400
-            
-            if not validate_email(email):
-                return jsonify({"success": False, "message": "Invalid email format"}), 400
-            
-            users = load_users()
-            
-            if username in users:
-                return jsonify({"success": False, "message": "Username already exists"}), 409
-            
-            # Check if email already exists
-            for user_data in users.values():
-                if user_data.get('email') == email:
-                    return jsonify({"success": False, "message": "Email already registered"}), 409
-            
-            # Generate verification token
-            token = secrets.token_urlsafe(32)
-            VERIFICATION_TOKENS[token] = {
-                'username': username,
-                'email': email,
-                'password': password,
-                'timestamp': os.path.getmtime(USERS_FILE) if os.path.exists(USERS_FILE) else 0
-            }
             
-            # Send verification email
-            send_verification_email(email, token)
+            # Firebase authentication - verify ID token from frontend
+            id_token = data.get('idToken')
             
-            # Create user with verified status (auto-verify in dev mode)
-            users[username] = {
-                'password': generate_password_hash(password),
-                'email': email,
-                'verified': True,  # Auto-verify in dev mode
-                'answers': [],
-                'results': []
-            }
-            
-            if not save_users(users):
-                return jsonify({"success": False, "message": "Error saving user data"}), 500
+            if id_token:
+                # Firebase signup flow (user already created by Firebase Auth on frontend)
+                decoded_token = verify_firebase_token(id_token)
+                if not decoded_token:
+                    return jsonify({"success": False, "message": "Invalid authentication token"}), 401
                 
-            return jsonify({
-                "success": True, 
-                "message": "Account created! Please check your email to verify your account.",
-                "verification_sent": True
-            })
+                uid = decoded_token['uid']
+                email = decoded_token.get('email', '')
+                
+                # Create user document in Firestore
+                user_data = {
+                    'email': email,
+                    'answers': [],
+                    'results': [],
+                    'created_at': firestore.SERVER_TIMESTAMP
+                }
+                
+                if create_or_update_user(uid, user_data):
+                    session['user_id'] = uid
+                    session['email'] = email
+                    session.permanent = True
+                    return jsonify({
+                        "success": True,
+                        "message": "Account created successfully!"
+                    })
+                else:
+                    return jsonify({"success": False, "message": "Error creating user profile"}), 500
+            else:
+                # Legacy username/password flow (backward compatibility)
+                username = data.get('username', '').strip()
+                password = data.get('password', '')
+                email = data.get('email', '').strip().lower()
+                
+                if not username or not password:
+                    return jsonify({"success": False, "message": "Username and password required"}), 400
+                
+                if not email:
+                    return jsonify({"success": False, "message": "Email is required"}), 400
+                
+                if not validate_email(email):
+                    return jsonify({"success": False, "message": "Invalid email format"}), 400
+                
+                users = load_users()
+                
+                if username in users:
+                    return jsonify({"success": False, "message": "Username already exists"}), 409
+                
+                # Check if email already exists
+                for user_data in users.values():
+                    if user_data.get('email') == email:
+                        return jsonify({"success": False, "message": "Email already registered"}), 409
+                
+                # Generate verification token
+                token = secrets.token_urlsafe(32)
+                VERIFICATION_TOKENS[token] = {
+                    'username': username,
+                    'email': email,
+                    'password': password,
+                    'timestamp': os.path.getmtime(USERS_FILE) if os.path.exists(USERS_FILE) else 0
+                }
+                
+                # Send verification email
+                send_verification_email(email, token)
+                
+                # Create user with verified status (auto-verify in dev mode)
+                users[username] = {
+                    'password': generate_password_hash(password),
+                    'email': email,
+                    'verified': True,  # Auto-verify in dev mode
+                    'answers': [],
+                    'results': []
+                }
+                
+                if not save_users(users):
+                    return jsonify({"success": False, "message": "Error saving user data"}), 500
+                    
+                return jsonify({
+                    "success": True, 
+                    "message": "Account created! Please check your email to verify your account.",
+                    "verification_sent": True
+                })
         except Exception as e:
             print(f"Signup error: {e}")
             return jsonify({"success": False, "message": "Server error"}), 500
     
-    return render_template("index.html", logged_in=False, is_signup=True)
+    # Pass Firebase config to template
+    return render_template("index.html", logged_in=False, is_signup=True, firebase_config=FIREBASE_CONFIG)
 
 @app.route("/forgot-password", methods=["GET", "POST"])
 def forgot_password():
@@ -520,12 +715,18 @@ def verify_email():
 
 @app.route("/logout")
 def logout():
+    # Clear both Firebase and legacy session data
+    session.pop('user_id', None)
+    session.pop('email', None)
     session.pop('username', None)
     return redirect(url_for('login'))
 
 @app.route("/submit_assessment", methods=["POST"])
 def submit_assessment():
-    if 'username' not in session:
+    user_id = session.get('user_id')
+    username = session.get('username')
+    
+    if not user_id and not username:
         return jsonify({"success": False, "message": "Not logged in"})
     
     data = request.json
@@ -537,28 +738,53 @@ def submit_assessment():
     # Calculate results
     results = calculate_results(answers)
     
-    # Save to user data
-    users = load_users()
-    if session['username'] in users:
-        users[session['username']]['answers'] = answers
-        users[session['username']]['results'] = results
-        save_users(users)
-        
+    # Save to appropriate storage
+    if user_id:
+        # Firebase user - save to Firestore
+        user_ref = db.collection('users').document(user_id)
+        user_ref.update({
+            'answers': answers,
+            'results': results,
+            'updated_at': firestore.SERVER_TIMESTAMP
+        })
         return jsonify({"success": True, "results": results})
+    else:
+        # Legacy user - save to JSON
+        users = load_users()
+        if username in users:
+            users[username]['answers'] = answers
+            users[username]['results'] = results
+            save_users(users)
+            return jsonify({"success": True, "results": results})
     
     return jsonify({"success": False, "message": "User not found"})
 
 @app.route("/reset_assessment", methods=["POST"])
 def reset_assessment():
-    if 'username' not in session:
+    user_id = session.get('user_id')
+    username = session.get('username')
+    
+    if not user_id and not username:
         return jsonify({"success": False, "message": "Not logged in"})
     
-    users = load_users()
-    if session['username'] in users:
-        users[session['username']]['answers'] = []
-        users[session['username']]['results'] = []
-        save_users(users)
+    # Reset in appropriate storage
+    if user_id:
+        # Firebase user - reset in Firestore
+        user_ref = db.collection('users').document(user_id)
+        user_ref.update({
+            'answers': [],
+            'results': [],
+            'updated_at': firestore.SERVER_TIMESTAMP
+        })
         return jsonify({"success": True})
+    else:
+        # Legacy user - reset in JSON
+        users = load_users()
+        if username in users:
+            users[username]['answers'] = []
+            users[username]['results'] = []
+            save_users(users)
+            return jsonify({"success": True})
     
     return jsonify({"success": False, "message": "User not found"})
 

requirements.txt

@@ -4,3 +4,4 @@ python-dotenv>=0.19.0
 together>=0.2.0
 gunicorn>=21.0.0
 openai>=1.0.0
+firebase-admin>=6.0.0

static/script.js

@@ -3,9 +3,90 @@ function sanitizeReligionName(name) {
     return name.replace(/\s+/g, '-');
 }
 
+// ==================== FIREBASE AUTHENTICATION ====================
+
+// Google Sign-In with Firebase
+async function signInWithGoogle() {
+    if (!window.firebaseEnabled || !window.firebaseAuth) {
+        document.getElementById('result').innerHTML = 
+            '<p class="error-msg">⚠️ Firebase not configured</p>';
+        return;
+    }
+    
+    const provider = new firebase.auth.GoogleAuthProvider();
+    
+    try {
+        const result = await window.firebaseAuth.signInWithPopup(provider);
+        const user = result.user;
+        
+        // Get ID token to send to backend
+        const idToken = await user.getIdToken();
+        
+        // Send to backend for session creation
+        const endpoint = window.location.pathname === '/signup' ? '/signup' : '/login';
+        const response = await fetch(endpoint, {
+            method: 'POST',
+            headers: {'Content-Type': 'application/json'},
+            body: JSON.stringify({idToken}),
+            credentials: 'same-origin'
+        });
+        
+        const data = await response.json();
+        
+        if (data.success) {
+            window.location.href = '/assessment';
+        } else {
+            document.getElementById('result').innerHTML = 
+                `<p class="error-msg">${data.message || 'Authentication failed'}</p>`;
+        }
+    } catch (error) {
+        console.error('Google Sign-In Error:', error);
+        document.getElementById('result').innerHTML = 
+            `<p class="error-msg">⚠️ ${error.message || 'Google Sign-In failed'}</p>`;
+    }
+}
+
+// Firebase Email/Password Authentication
+async function authenticateWithFirebase(email, password, isSignup) {
+    if (!window.firebaseEnabled || !window.firebaseAuth) {
+        return null; // Fall back to legacy auth
+    }
+    
+    try {
+        let userCredential;
+        
+        if (isSignup) {
+            // Create new user with Firebase
+            userCredential = await window.firebaseAuth.createUserWithEmailAndPassword(email, password);
+            
+            // Send email verification
+            await userCredential.user.sendEmailVerification();
+        } else {
+            // Sign in existing user
+            userCredential = await window.firebaseAuth.signInWithEmailAndPassword(email, password);
+            
+            // Check if email is verified
+            if (!userCredential.user.emailVerified) {
+                document.getElementById('result').innerHTML = 
+                    '<p class="error-msg">⚠️ Please verify your email first. Check your inbox.</p>';
+                await window.firebaseAuth.signOut();
+                return null;
+            }
+        }
+        
+        // Get ID token
+        const idToken = await userCredential.user.getIdToken();
+        return idToken;
+        
+    } catch (error) {
+        console.error('Firebase Auth Error:', error);
+        throw error;
+    }
+}
+
 // ==================== AUTHENTICATION ====================
 
-function authenticate() {
+async function authenticate() {
     const username = document.getElementById('authUsername').value.trim();
     const password = document.getElementById('authPassword').value;
     const email = document.getElementById('authEmail') ? document.getElementById('authEmail').value.trim() : '';
@@ -22,8 +103,48 @@ function authenticate() {
         return;
     }
     
-    const endpoint = window.location.pathname === '/signup' ? '/signup' : '/login';
-    const body = window.location.pathname === '/signup' 
+    const isSignup = window.location.pathname === '/signup';
+    const endpoint = isSignup ? '/signup' : '/login';
+    
+    // Try Firebase authentication first if available and email is provided
+    if (window.firebaseEnabled && email) {
+        try {
+            const idToken = await authenticateWithFirebase(email, password, isSignup);
+            
+            if (!idToken) {
+                return; // Error already displayed
+            }
+            
+            // Send token to backend
+            const response = await fetch(endpoint, {
+                method: 'POST',
+                headers: {'Content-Type': 'application/json'},
+                body: JSON.stringify({idToken}),
+                credentials: 'same-origin'
+            });
+            
+            const data = await response.json();
+            
+            if (data.success) {
+                if (isSignup) {
+                    document.getElementById('result').innerHTML = 
+                        '<p class="success-msg">✅ Account created! Please check your email to verify.</p>';
+                } else {
+                    window.location.href = '/assessment';
+                }
+            } else {
+                document.getElementById('result').innerHTML = 
+                    `<p class="error-msg">${data.message || 'Authentication failed'}</p>`;
+            }
+            return;
+        } catch (error) {
+            console.error('Firebase auth error:', error);
+            // Fall through to legacy auth
+        }
+    }
+    
+    // Legacy authentication (username/password)
+    const body = isSignup 
         ? {username, password, email} 
         : {username, password};
     

static/style.css

@@ -188,6 +188,56 @@ button:disabled {
     width: 100%;
 }
 
+/* Google Sign-In Button */
+.google-signin-btn {
+    width: 100%;
+    padding: var(--space-sm) var(--space-lg);
+    background: white;
+    color: #444;
+    border: 1px solid #ddd;
+    border-radius: var(--radius-md);
+    font-size: var(--font-size-base);
+    font-weight: 500;
+    cursor: pointer;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    gap: 12px;
+    transition: all var(--transition-fast);
+    margin-bottom: var(--space-md);
+}
+
+.google-signin-btn:hover {
+    background: #f8f8f8;
+    border-color: #ccc;
+    box-shadow: 0 2px 4px rgba(0,0,0,0.1);
+}
+
+.google-signin-btn svg {
+    flex-shrink: 0;
+}
+
+/* Divider for "or" between Google and email/password */
+.divider {
+    display: flex;
+    align-items: center;
+    text-align: center;
+    margin: var(--space-md) 0;
+    color: var(--text-secondary);
+    font-size: var(--font-size-sm);
+}
+
+.divider::before,
+.divider::after {
+    content: '';
+    flex: 1;
+    border-bottom: 1px solid #ddd;
+}
+
+.divider span {
+    padding: 0 var(--space-sm);
+}
+
 #result {
     margin-bottom: var(--space-md);  /* 16px bottom margin only */
     margin-top: 0;

templates/index.html

@@ -7,6 +7,31 @@
     <link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
     <!-- Add Font Awesome here -->
     <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css">
+    
+    <!-- Firebase SDK -->
+    <script src="https://www.gstatic.com/firebasejs/10.7.1/firebase-app-compat.js"></script>
+    <script src="https://www.gstatic.com/firebasejs/10.7.1/firebase-auth-compat.js"></script>
+    
+    {% if firebase_config and firebase_config.apiKey %}
+    <script>
+        // Initialize Firebase
+        const firebaseConfig = {
+            apiKey: "{{ firebase_config.apiKey }}",
+            authDomain: "{{ firebase_config.authDomain }}",
+            projectId: "{{ firebase_config.projectId }}",
+            storageBucket: "{{ firebase_config.storageBucket }}",
+            messagingSenderId: "{{ firebase_config.messagingSenderId }}",
+            appId: "{{ firebase_config.appId }}"
+        };
+        firebase.initializeApp(firebaseConfig);
+        window.firebaseAuth = firebase.auth();
+        window.firebaseEnabled = true;
+    </script>
+    {% else %}
+    <script>
+        window.firebaseEnabled = false;
+    </script>
+    {% endif %}
 </head>
 <body>
     <div class="{% if not logged_in %}auth-container{% else %}assessment-container{% endif %}">
@@ -38,6 +63,24 @@
             
             <div class="auth-form">
                 {% if not is_forgot_password %}
+                <!-- Firebase Google Sign-In Button -->
+                {% if firebase_config and firebase_config.apiKey %}
+                <button class="google-signin-btn" onclick="signInWithGoogle()">
+                    <svg width="18" height="18" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 48 48">
+                        <path fill="#EA4335" d="M24 9.5c3.54 0 6.71 1.22 9.21 3.6l6.85-6.85C35.9 2.38 30.47 0 24 0 14.62 0 6.51 5.38 2.56 13.22l7.98 6.19C12.43 13.72 17.74 9.5 24 9.5z"/>
+                        <path fill="#4285F4" d="M46.98 24.55c0-1.57-.15-3.09-.38-4.55H24v9.02h12.94c-.58 2.96-2.26 5.48-4.78 7.18l7.73 6c4.51-4.18 7.09-10.36 7.09-17.65z"/>
+                        <path fill="#FBBC05" d="M10.53 28.59c-.48-1.45-.76-2.99-.76-4.59s.27-3.14.76-4.59l-7.98-6.19C.92 16.46 0 20.12 0 24c0 3.88.92 7.54 2.56 10.78l7.97-6.19z"/>
+                        <path fill="#34A853" d="M24 48c6.48 0 11.93-2.13 15.89-5.81l-7.73-6c-2.15 1.45-4.92 2.3-8.16 2.3-6.26 0-11.57-4.22-13.47-9.91l-7.98 6.19C6.51 42.62 14.62 48 24 48z"/>
+                        <path fill="none" d="M0 0h48v48H0z"/>
+                    </svg>
+                    Continue with Google
+                </button>
+                
+                <div class="divider">
+                    <span>or</span>
+                </div>
+                {% endif %}
+                
                 <input type="text" id="authUsername" placeholder="User name">
                 {% if is_signup %}
                 <input type="email" id="authEmail" placeholder="Email">