feat: multi-user SaaS, piani Freemium/Pro, Google OAuth, admin panel

BLOCCO 1 - Multi-user data model:
- User: email, display_name, avatar_url, auth_provider, google_id
- User: subscription_plan, subscription_expires_at, is_admin, post counters
- SubscriptionCode table per redeem codes
- user_id FK su Character, Post, AffiliateLink, EditorialPlan, SocialAccount, SystemSetting
- Migrazione SQLite-safe (ALTER TABLE) + preserva dati esistenti

BLOCCO 2 - Auth completo:
- Registrazione email/password + login multi-user
- Google OAuth 2.0 (httpx, no deps esterne)
- Callback flow: Google -> /auth/callback?token=JWT -> frontend
- Backward compat login admin con username

BLOCCO 3 - Piani e abbonamenti:
- Freemium: 1 character, 15 post/mese, FB+IG only, no auto-plans
- Pro: illimitato, tutte le piattaforme, tutte le feature
- Enforcement automatico in tutti i router
- Redeem codes con durate 1/3/6/12 mesi
- Admin panel: genera codici, lista utenti

BLOCCO 4 - Frontend completo:
- Login page design Leopost (split coral/cream, Google, social coming soon)
- AuthCallback per OAuth redirect
- PlanBanner, UpgradeModal con pricing
- AdminSettings per generazione codici
- CharacterForm con tab Account Social + guide setup

Deploy:
- Dockerfile con ARG VITE_BASE_PATH/VITE_API_BASE
- docker-compose.prod.yml per leopost.it (no subpath)
- docker-compose.yml aggiornato per lab

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/app/routers/comments.py

@@ -10,7 +10,8 @@ from sqlalchemy.orm import Session
 
 from ..auth import get_current_user
 from ..database import get_db
-from ..models import Comment, Post, ScheduledPost, SocialAccount, SystemSetting
+from ..models import Comment, Post, ScheduledPost, SocialAccount, SystemSetting, User
+from ..plan_limits import get_plan
 from ..schemas import CommentAction, CommentResponse
 from ..services.llm import get_llm_provider
 from ..services.social import get_publisher
@@ -18,7 +19,6 @@ from ..services.social import get_publisher
 router = APIRouter(
     prefix="/api/comments",
     tags=["comments"],
-    dependencies=[Depends(get_current_user)],
 )
 
 
@@ -28,6 +28,7 @@ def list_comments(
     reply_status: str | None = Query(None),
     scheduled_post_id: int | None = Query(None),
     db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user),
 ):
     """List comments with optional filters."""
     query = db.query(Comment)
@@ -41,8 +42,17 @@ def list_comments(
 
 
 @router.get("/pending", response_model=list[CommentResponse])
-def list_pending_comments(db: Session = Depends(get_db)):
+def list_pending_comments(
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user),
+):
     """Get only pending comments (reply_status='pending')."""
+    plan = get_plan(current_user)
+    if not plan.get("comments_management"):
+        raise HTTPException(
+            status_code=403,
+            detail={"message": "Gestione commenti disponibile solo con Pro.", "upgrade_required": True},
+        )
     return (
         db.query(Comment)
         .filter(Comment.reply_status == "pending")
@@ -52,7 +62,11 @@ def list_pending_comments(db: Session = Depends(get_db)):
 
 
 @router.get("/{comment_id}", response_model=CommentResponse)
-def get_comment(comment_id: int, db: Session = Depends(get_db)):
+def get_comment(
+    comment_id: int,
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user),
+):
     """Get a single comment by ID."""
     comment = db.query(Comment).filter(Comment.id == comment_id).first()
     if not comment:
@@ -62,9 +76,19 @@ def get_comment(comment_id: int, db: Session = Depends(get_db)):
 
 @router.post("/{comment_id}/action", response_model=CommentResponse)
 def action_on_comment(
-    comment_id: int, data: CommentAction, db: Session = Depends(get_db)
+    comment_id: int,
+    data: CommentAction,
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user),
 ):
     """Take action on a comment: approve, edit, or ignore."""
+    plan = get_plan(current_user)
+    if not plan.get("comments_management"):
+        raise HTTPException(
+            status_code=403,
+            detail={"message": "Gestione commenti disponibile solo con Pro.", "upgrade_required": True},
+        )
+
     comment = db.query(Comment).filter(Comment.id == comment_id).first()
     if not comment:
         raise HTTPException(status_code=404, detail="Comment not found")
@@ -88,7 +112,11 @@ def action_on_comment(
 
 
 @router.post("/{comment_id}/reply", response_model=CommentResponse)
-def reply_to_comment(comment_id: int, db: Session = Depends(get_db)):
+def reply_to_comment(
+    comment_id: int,
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user),
+):
     """Send the approved reply via the social platform API."""
     comment = db.query(Comment).filter(Comment.id == comment_id).first()
     if not comment:
@@ -100,7 +128,6 @@ def reply_to_comment(comment_id: int, db: Session = Depends(get_db)):
     if not comment.external_comment_id:
         raise HTTPException(status_code=400, detail="No external comment ID available for reply")
 
-    # Find the social account for this platform via the scheduled post
     if not comment.scheduled_post_id:
         raise HTTPException(status_code=400, detail="Comment is not linked to a scheduled post")
 
@@ -131,7 +158,6 @@ def reply_to_comment(comment_id: int, db: Session = Depends(get_db)):
             detail=f"No active {comment.platform} account found for this character",
         )
 
-    # Build publisher kwargs
     kwargs: dict = {}
     if account.platform == "facebook":
         kwargs["page_id"] = account.page_id
@@ -156,13 +182,12 @@ def reply_to_comment(comment_id: int, db: Session = Depends(get_db)):
 
 
 @router.post("/fetch/{platform}")
-def fetch_comments(platform: str, db: Session = Depends(get_db)):
-    """Fetch new comments from a platform for all published posts.
-
-    Creates Comment records for any new comments not already in the database.
-    Uses LLM to generate AI-suggested replies for each new comment.
-    """
-    # Get all published scheduled posts for this platform
+def fetch_comments(
+    platform: str,
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user),
+):
+    """Fetch new comments from a platform for all published posts."""
     published_posts = (
         db.query(ScheduledPost)
         .filter(
@@ -176,12 +201,17 @@ def fetch_comments(platform: str, db: Session = Depends(get_db)):
     if not published_posts:
         return {"new_comments": 0, "message": f"No published posts found for {platform}"}
 
-    # Get LLM settings for AI reply generation
     llm_provider_name = None
     llm_api_key = None
     llm_model = None
     for key in ("llm_provider", "llm_api_key", "llm_model"):
-        setting = db.query(SystemSetting).filter(SystemSetting.key == key).first()
+        setting = (
+            db.query(SystemSetting)
+            .filter(SystemSetting.key == key, SystemSetting.user_id == current_user.id)
+            .first()
+        )
+        if not setting:
+            setting = db.query(SystemSetting).filter(SystemSetting.key == key, SystemSetting.user_id == None).first()
         if setting:
             if key == "llm_provider":
                 llm_provider_name = setting.value
@@ -195,17 +225,15 @@ def fetch_comments(platform: str, db: Session = Depends(get_db)):
         try:
             llm = get_llm_provider(llm_provider_name, llm_api_key, llm_model)
         except ValueError:
-            pass  # LLM not available, skip AI replies
+            pass
 
     new_comment_count = 0
 
     for scheduled in published_posts:
-        # Get the post to find the character
         post = db.query(Post).filter(Post.id == scheduled.post_id).first()
         if not post:
             continue
 
-        # Find the social account
         account = (
             db.query(SocialAccount)
             .filter(
@@ -218,7 +246,6 @@ def fetch_comments(platform: str, db: Session = Depends(get_db)):
         if not account or not account.access_token:
             continue
 
-        # Build publisher kwargs
         kwargs: dict = {}
         if account.platform == "facebook":
             kwargs["page_id"] = account.page_id
@@ -229,14 +256,13 @@ def fetch_comments(platform: str, db: Session = Depends(get_db)):
             publisher = get_publisher(account.platform, account.access_token, **kwargs)
             comments = publisher.get_comments(scheduled.external_post_id)
         except (RuntimeError, ValueError):
-            continue  # Skip this post if API call fails
+            continue
 
         for ext_comment in comments:
             ext_id = ext_comment.get("id", "")
             if not ext_id:
                 continue
 
-            # Check if comment already exists
             existing = (
                 db.query(Comment)
                 .filter(Comment.external_comment_id == ext_id)
@@ -245,7 +271,6 @@ def fetch_comments(platform: str, db: Session = Depends(get_db)):
             if existing:
                 continue
 
-            # Generate AI suggested reply if LLM is available
             ai_reply = None
             if llm:
                 try:
@@ -261,9 +286,8 @@ def fetch_comments(platform: str, db: Session = Depends(get_db)):
                     )
                     ai_reply = llm.generate(prompt, system=system_prompt)
                 except RuntimeError:
-                    pass  # Skip AI reply if generation fails
+                    pass
 
-            # Create comment record
             comment = Comment(
                 scheduled_post_id=scheduled.id,
                 platform=platform,