feat: multi-user SaaS, piani Freemium/Pro, Google OAuth, admin panel

BLOCCO 1 - Multi-user data model:
- User: email, display_name, avatar_url, auth_provider, google_id
- User: subscription_plan, subscription_expires_at, is_admin, post counters
- SubscriptionCode table per redeem codes
- user_id FK su Character, Post, AffiliateLink, EditorialPlan, SocialAccount, SystemSetting
- Migrazione SQLite-safe (ALTER TABLE) + preserva dati esistenti

BLOCCO 2 - Auth completo:
- Registrazione email/password + login multi-user
- Google OAuth 2.0 (httpx, no deps esterne)
- Callback flow: Google -> /auth/callback?token=JWT -> frontend
- Backward compat login admin con username

BLOCCO 3 - Piani e abbonamenti:
- Freemium: 1 character, 15 post/mese, FB+IG only, no auto-plans
- Pro: illimitato, tutte le piattaforme, tutte le feature
- Enforcement automatico in tutti i router
- Redeem codes con durate 1/3/6/12 mesi
- Admin panel: genera codici, lista utenti

BLOCCO 4 - Frontend completo:
- Login page design Leopost (split coral/cream, Google, social coming soon)
- AuthCallback per OAuth redirect
- PlanBanner, UpgradeModal con pricing
- AdminSettings per generazione codici
- CharacterForm con tab Account Social + guide setup

Deploy:
- Dockerfile con ARG VITE_BASE_PATH/VITE_API_BASE
- docker-compose.prod.yml per leopost.it (no subpath)
- docker-compose.yml aggiornato per lab

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/app/routers/social.py

@@ -10,7 +10,7 @@ from sqlalchemy.orm import Session
 
 from ..auth import get_current_user
 from ..database import get_db
-from ..models import Post, ScheduledPost, SocialAccount
+from ..models import Post, ScheduledPost, SocialAccount, User
 from ..schemas import (
     ScheduledPostResponse,
     SocialAccountCreate,
@@ -22,7 +22,6 @@ from ..services.social import get_publisher
 router = APIRouter(
     prefix="/api/social",
     tags=["social"],
-    dependencies=[Depends(get_current_user)],
 )
 
 
@@ -33,27 +32,41 @@ router = APIRouter(
 def list_social_accounts(
     character_id: int | None = Query(None),
     db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user),
 ):
     """List all social accounts, optionally filtered by character."""
-    query = db.query(SocialAccount)
+    query = db.query(SocialAccount).filter(SocialAccount.user_id == current_user.id)
     if character_id is not None:
         query = query.filter(SocialAccount.character_id == character_id)
     return query.order_by(SocialAccount.created_at.desc()).all()
 
 
 @router.get("/accounts/{account_id}", response_model=SocialAccountResponse)
-def get_social_account(account_id: int, db: Session = Depends(get_db)):
+def get_social_account(
+    account_id: int,
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user),
+):
     """Get a single social account by ID."""
-    account = db.query(SocialAccount).filter(SocialAccount.id == account_id).first()
+    account = (
+        db.query(SocialAccount)
+        .filter(SocialAccount.id == account_id, SocialAccount.user_id == current_user.id)
+        .first()
+    )
     if not account:
         raise HTTPException(status_code=404, detail="Social account not found")
     return account
 
 
 @router.post("/accounts", response_model=SocialAccountResponse, status_code=201)
-def create_social_account(data: SocialAccountCreate, db: Session = Depends(get_db)):
+def create_social_account(
+    data: SocialAccountCreate,
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user),
+):
     """Create/connect a new social account."""
     account = SocialAccount(**data.model_dump())
+    account.user_id = current_user.id
     db.add(account)
     db.commit()
     db.refresh(account)
@@ -62,10 +75,17 @@ def create_social_account(data: SocialAccountCreate, db: Session = Depends(get_d
 
 @router.put("/accounts/{account_id}", response_model=SocialAccountResponse)
 def update_social_account(
-    account_id: int, data: SocialAccountUpdate, db: Session = Depends(get_db)
+    account_id: int,
+    data: SocialAccountUpdate,
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user),
 ):
     """Update a social account."""
-    account = db.query(SocialAccount).filter(SocialAccount.id == account_id).first()
+    account = (
+        db.query(SocialAccount)
+        .filter(SocialAccount.id == account_id, SocialAccount.user_id == current_user.id)
+        .first()
+    )
     if not account:
         raise HTTPException(status_code=404, detail="Social account not found")
     update_data = data.model_dump(exclude_unset=True)
@@ -77,9 +97,17 @@ def update_social_account(
 
 
 @router.delete("/accounts/{account_id}", status_code=204)
-def delete_social_account(account_id: int, db: Session = Depends(get_db)):
+def delete_social_account(
+    account_id: int,
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user),
+):
     """Delete a social account."""
-    account = db.query(SocialAccount).filter(SocialAccount.id == account_id).first()
+    account = (
+        db.query(SocialAccount)
+        .filter(SocialAccount.id == account_id, SocialAccount.user_id == current_user.id)
+        .first()
+    )
     if not account:
         raise HTTPException(status_code=404, detail="Social account not found")
     db.delete(account)
@@ -87,9 +115,17 @@ def delete_social_account(account_id: int, db: Session = Depends(get_db)):
 
 
 @router.post("/accounts/{account_id}/test")
-def test_social_account(account_id: int, db: Session = Depends(get_db)):
+def test_social_account(
+    account_id: int,
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user),
+):
     """Test connection to a social account by making a simple API call."""
-    account = db.query(SocialAccount).filter(SocialAccount.id == account_id).first()
+    account = (
+        db.query(SocialAccount)
+        .filter(SocialAccount.id == account_id, SocialAccount.user_id == current_user.id)
+        .first()
+    )
     if not account:
         raise HTTPException(status_code=404, detail="Social account not found")
 
@@ -97,7 +133,6 @@ def test_social_account(account_id: int, db: Session = Depends(get_db)):
         raise HTTPException(status_code=400, detail="No access token configured for this account")
 
     try:
-        # Build kwargs based on platform
         kwargs: dict = {}
         if account.platform == "facebook":
             if not account.page_id:
@@ -109,7 +144,6 @@ def test_social_account(account_id: int, db: Session = Depends(get_db)):
                 raise HTTPException(status_code=400, detail="Instagram account requires ig_user_id")
             kwargs["ig_user_id"] = ig_user_id
 
-        # Try to instantiate the publisher (validates credentials format)
         get_publisher(account.platform, account.access_token, **kwargs)
         return {"status": "ok", "message": f"Connection to {account.platform} account is configured correctly"}
 
@@ -123,7 +157,11 @@ def test_social_account(account_id: int, db: Session = Depends(get_db)):
 
 
 @router.post("/publish/{scheduled_post_id}", response_model=ScheduledPostResponse)
-def publish_scheduled_post(scheduled_post_id: int, db: Session = Depends(get_db)):
+def publish_scheduled_post(
+    scheduled_post_id: int,
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user),
+):
     """Manually trigger publishing of a scheduled post."""
     scheduled = (
         db.query(ScheduledPost)
@@ -133,18 +171,17 @@ def publish_scheduled_post(scheduled_post_id: int, db: Session = Depends(get_db)
     if not scheduled:
         raise HTTPException(status_code=404, detail="Scheduled post not found")
 
-    # Get the post content
-    post = db.query(Post).filter(Post.id == scheduled.post_id).first()
+    post = db.query(Post).filter(Post.id == scheduled.post_id, Post.user_id == current_user.id).first()
     if not post:
         raise HTTPException(status_code=404, detail="Associated post not found")
 
-    # Find the social account for this platform and character
     account = (
         db.query(SocialAccount)
         .filter(
             SocialAccount.character_id == post.character_id,
             SocialAccount.platform == scheduled.platform,
             SocialAccount.is_active == True,
+            SocialAccount.user_id == current_user.id,
         )
         .first()
     )
@@ -157,7 +194,6 @@ def publish_scheduled_post(scheduled_post_id: int, db: Session = Depends(get_db)
     if not account.access_token:
         raise HTTPException(status_code=400, detail="Social account has no access token configured")
 
-    # Build publisher kwargs
     kwargs: dict = {}
     if account.platform == "facebook":
         kwargs["page_id"] = account.page_id
@@ -170,7 +206,6 @@ def publish_scheduled_post(scheduled_post_id: int, db: Session = Depends(get_db)
 
         publisher = get_publisher(account.platform, account.access_token, **kwargs)
 
-        # Determine publish method based on content type
         text = post.text_content or ""
         if post.hashtags:
             text = f"{text}\n\n{' '.join(post.hashtags)}"
@@ -182,12 +217,10 @@ def publish_scheduled_post(scheduled_post_id: int, db: Session = Depends(get_db)
         else:
             external_id = publisher.publish_text(text)
 
-        # Update scheduled post
         scheduled.status = "published"
         scheduled.published_at = datetime.utcnow()
         scheduled.external_post_id = external_id
 
-        # Update post status
         post.status = "published"
         post.updated_at = datetime.utcnow()