feat: multi-user SaaS, piani Freemium/Pro, Google OAuth, admin panel

BLOCCO 1 - Multi-user data model:
- User: email, display_name, avatar_url, auth_provider, google_id
- User: subscription_plan, subscription_expires_at, is_admin, post counters
- SubscriptionCode table per redeem codes
- user_id FK su Character, Post, AffiliateLink, EditorialPlan, SocialAccount, SystemSetting
- Migrazione SQLite-safe (ALTER TABLE) + preserva dati esistenti

BLOCCO 2 - Auth completo:
- Registrazione email/password + login multi-user
- Google OAuth 2.0 (httpx, no deps esterne)
- Callback flow: Google -> /auth/callback?token=JWT -> frontend
- Backward compat login admin con username

BLOCCO 3 - Piani e abbonamenti:
- Freemium: 1 character, 15 post/mese, FB+IG only, no auto-plans
- Pro: illimitato, tutte le piattaforme, tutte le feature
- Enforcement automatico in tutti i router
- Redeem codes con durate 1/3/6/12 mesi
- Admin panel: genera codici, lista utenti

BLOCCO 4 - Frontend completo:
- Login page design Leopost (split coral/cream, Google, social coming soon)
- AuthCallback per OAuth redirect
- PlanBanner, UpgradeModal con pricing
- AdminSettings per generazione codici
- CharacterForm con tab Account Social + guide setup

Deploy:
- Dockerfile con ARG VITE_BASE_PATH/VITE_API_BASE
- docker-compose.prod.yml per leopost.it (no subpath)
- docker-compose.yml aggiornato per lab

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/app/routers/characters.py

@@ -5,32 +5,59 @@ from sqlalchemy.orm import Session
 
 from ..auth import get_current_user
 from ..database import get_db
-from ..models import Character
+from ..models import Character, User
+from ..plan_limits import check_limit
 from ..schemas import CharacterCreate, CharacterResponse, CharacterUpdate
 
 router = APIRouter(
     prefix="/api/characters",
     tags=["characters"],
-    dependencies=[Depends(get_current_user)],
 )
 
 
 @router.get("/", response_model=list[CharacterResponse])
-def list_characters(db: Session = Depends(get_db)):
-    return db.query(Character).order_by(Character.created_at.desc()).all()
+def list_characters(
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user),
+):
+    return (
+        db.query(Character)
+        .filter(Character.user_id == current_user.id)
+        .order_by(Character.created_at.desc())
+        .all()
+    )
 
 
 @router.get("/{character_id}", response_model=CharacterResponse)
-def get_character(character_id: int, db: Session = Depends(get_db)):
-    character = db.query(Character).filter(Character.id == character_id).first()
+def get_character(
+    character_id: int,
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user),
+):
+    character = (
+        db.query(Character)
+        .filter(Character.id == character_id, Character.user_id == current_user.id)
+        .first()
+    )
     if not character:
         raise HTTPException(status_code=404, detail="Character not found")
     return character
 
 
 @router.post("/", response_model=CharacterResponse, status_code=201)
-def create_character(data: CharacterCreate, db: Session = Depends(get_db)):
+def create_character(
+    data: CharacterCreate,
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user),
+):
+    # Check plan limit for characters
+    count = db.query(Character).filter(Character.user_id == current_user.id).count()
+    allowed, msg = check_limit(current_user, "characters_max", count)
+    if not allowed:
+        raise HTTPException(status_code=403, detail={"message": msg, "upgrade_required": True})
+
     character = Character(**data.model_dump())
+    character.user_id = current_user.id
     db.add(character)
     db.commit()
     db.refresh(character)
@@ -39,9 +66,16 @@ def create_character(data: CharacterCreate, db: Session = Depends(get_db)):
 
 @router.put("/{character_id}", response_model=CharacterResponse)
 def update_character(
-    character_id: int, data: CharacterUpdate, db: Session = Depends(get_db)
+    character_id: int,
+    data: CharacterUpdate,
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user),
 ):
-    character = db.query(Character).filter(Character.id == character_id).first()
+    character = (
+        db.query(Character)
+        .filter(Character.id == character_id, Character.user_id == current_user.id)
+        .first()
+    )
     if not character:
         raise HTTPException(status_code=404, detail="Character not found")
     update_data = data.model_dump(exclude_unset=True)
@@ -54,8 +88,16 @@ def update_character(
 
 
 @router.delete("/{character_id}", status_code=204)
-def delete_character(character_id: int, db: Session = Depends(get_db)):
-    character = db.query(Character).filter(Character.id == character_id).first()
+def delete_character(
+    character_id: int,
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user),
+):
+    character = (
+        db.query(Character)
+        .filter(Character.id == character_id, Character.user_id == current_user.id)
+        .first()
+    )
     if not character:
         raise HTTPException(status_code=404, detail="Character not found")
     db.delete(character)