cuappdev · claiireyu · Mar 7, 2026 · Mar 25, 2026 · Apr 15, 2026 · Apr 22, 2026
diff --git a/.env_template b/.env_template
@@ -2,4 +2,6 @@ YOUTUBE_API_KEY=
 MONGO_URI=
 MONGO_DB=
 STAGE=
-DAILY_SUN_URL=
+DAILY_SUN_URL=
+GOOGLE_APPLICATION_CREDENTIALS=
+FIREBASE_CREDENTIALS_HOST_PATH=./firebase-service-account-key.json
diff --git a/.gitignore b/.gitignore
@@ -4,4 +4,5 @@ __pycache__/
 .env
 .envrc
 .DS_Store
-ca-certificate.crt
+ca-certificate.crt
+firebase-service-account-key.json
diff --git a/app.py b/app.py
@@ -23,6 +23,27 @@
 from src.utils.team_loader import TeamLoader
 from src.database import db
 
+import os
+import firebase_admin
+from firebase_admin import credentials
+
+SERVICE_ACCOUNT_PATH = os.environ.get("GOOGLE_APPLICATION_CREDENTIALS")
+
+
+def initialize_firebase():
+    if not firebase_admin._apps:
+        if not SERVICE_ACCOUNT_PATH:
+            raise ValueError(
+                "GOOGLE_APPLICATION_CREDENTIALS is not set. Set it to your firebase-service-account-key.json path."
+            )
+        cred = credentials.Certificate(SERVICE_ACCOUNT_PATH)
+        firebase_admin.initialize_app(cred)
+        logging.info("Firebase app initialized.")
+    return firebase_admin.get_app()
+
+
+initialize_firebase()
+
 app = Flask(__name__)
 
 # CORS: allow frontend (different origin) to call this API
@@ -143,16 +164,6 @@ def signal_handler(sig, frame):
 signal.signal(signal.SIGINT, signal_handler)
 signal.signal(signal.SIGTERM, signal_handler)
 
-# Only parse arguments when running directly (not when imported by gunicorn)
-if __name__ == "__main__":
-    args = parse_args()
-else:
-    # Default args when imported by gunicorn
-    class DefaultArgs:
-        no_scrape = False
-        no_daily_sun = False
-    args = DefaultArgs()
-
 # Only run scraping tasks if not disabled
 if not args.no_scrape:
     from flask_apscheduler import APScheduler

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -4,10 +4,13 @@ services:
   app:
     image: cornellappdev/score-dev:${IMAGE_TAG}
     env_file: .env
+    environment:
+      GOOGLE_APPLICATION_CREDENTIALS: /app/secrets/firebase.json
     ports:
       - "8000:8000"
     volumes:
       - ./ca-certificate.crt:/etc/ssl/ca-certificate.crt:ro # Mount MongoDB cert inside the container, ro for read only
+      - ${FIREBASE_CREDENTIALS_HOST_PATH:-./firebase-service-account-key.json}:/app/secrets/firebase.json:ro
 
   scraper:
     image: cornellappdev/score-dev:${IMAGE_TAG}

diff --git a/requirements.txt b/requirements.txt
@@ -11,3 +11,4 @@ Flask-APScheduler
 python-dotenv
 pytz
 gunicorn
+firebase-admin==7.3.0
diff --git a/src/database.py b/src/database.py
@@ -70,6 +70,7 @@ def setup_database_indexes():
         game_collection.create_index([("date", -1)], background=True)
 
         try:
+            # Ensure doubleheaders on the same day remain distinct by including `time`.
             game_collection.create_index(
                 [
                     ("sport", 1),
@@ -79,8 +80,10 @@ def setup_database_indexes():
                     ("city", 1),
                     ("state", 1),
                     ("location", 1),
+                    ("time", 1),
                 ],
                 unique=True,
+                name="uniq_game_key_with_time",
                 background=True
             )
         except (DuplicateKeyError, OperationFailure) as e:
@@ -101,6 +104,13 @@ def setup_database_indexes():
         # JWT blocklist: fast lookup by jti
         db["token_blocklist"].create_index([("jti", 1)], background=True)
 
+        try:
+            db["users"].create_index(
+                [("firebase_uid", 1)], unique=True, sparse=True, background=True
+            )
+        except (DuplicateKeyError, OperationFailure) as e:
+            print(f"Warning: Could not create unique index on users.firebase_uid: {e}")
+
         print("✅ MongoDB indexes created successfully")
     except Exception as e:
         print(f"❌ Failed to create MongoDB indexes: {e}")

diff --git a/src/models/game.py b/src/models/game.py
@@ -18,6 +18,9 @@ class Game:
         - `box_score`       The scoring summary of the game (optional)
         - `score_breakdown` The scoring breakdown of the game (optional)
         - 'ticket_link'    The ticket link for the game (optional)
+        - 'recap_link'     The recap/details link for the game (optional)
+        - 'recap_article_title' Title from the recap/story page when scraped (optional)
+        - 'recap_published_at'  Published date/time string from the recap page (optional)
     """
 
     def __init__(
@@ -37,6 +40,9 @@ def __init__(
         team=None,
         utc_date=None,
         ticket_link=None,
+        recap_link=None,
+        recap_article_title=None,
+        recap_published_at=None,
     ):
         self.id = id if id else str(ObjectId())
         self.city = city
@@ -53,6 +59,9 @@ def __init__(
         self.team = team
         self.utc_date = utc_date
         self.ticket_link = ticket_link
+        self.recap_link = recap_link
+        self.recap_article_title = recap_article_title
+        self.recap_published_at = recap_published_at
 
     def to_dict(self):
         """
@@ -74,6 +83,9 @@ def to_dict(self):
             "team": self.team,
             "utc_date": self.utc_date,
             "ticket_link": self.ticket_link,
+            "recap_link": self.recap_link,
+            "recap_article_title": self.recap_article_title,
+            "recap_published_at": self.recap_published_at,
         }
 
     @staticmethod
@@ -97,4 +109,7 @@ def from_dict(data) -> None:
             team=data.get("team"),
             utc_date=data.get("utc_date"),
             ticket_link=data.get("ticket_link"),
+            recap_link=data.get("recap_link"),
+            recap_article_title=data.get("recap_article_title"),
+            recap_published_at=data.get("recap_published_at"),
         )
diff --git a/src/mutations/create_game.py b/src/mutations/create_game.py
@@ -18,6 +18,9 @@ class Arguments:
         score_breakdown = String(required=False)
         utc_date = String(required=False)
         ticket_link = String(required=False)
+        recap_link = String(required=False)
+        recap_article_title = String(required=False)
+        recap_published_at = String(required=False)
 
     game = Field(lambda: GameType)
 
@@ -36,7 +39,10 @@ def mutate(
         box_score=None,
         score_breakdown=None,
         utc_date=None,
-        ticket_link=None
+        ticket_link=None,
+        recap_link=None,
+        recap_article_title=None,
+        recap_published_at=None,
     ):
         game_data = {
             "city": city,
@@ -51,7 +57,10 @@ def mutate(
             "box_score": box_score,
             "score_breakdown": score_breakdown,
             "utc_date": utc_date,
-            "ticket_link": ticket_link
+            "ticket_link": ticket_link,
+            "recap_link": recap_link,
+            "recap_article_title": recap_article_title,
+            "recap_published_at": recap_published_at,
         }
         new_game = GameService.create_game(game_data)
         return CreateGame(game=new_game)
diff --git a/src/mutations/login_user.py b/src/mutations/login_user.py
@@ -1,19 +1,36 @@
 from graphql import GraphQLError
-from graphene import Mutation, String, Field
+from graphene import Mutation, String
 
+from firebase_admin import auth as firebase_auth
 from flask_jwt_extended import create_access_token, create_refresh_token
 from src.database import db
 
+_TOKEN_ERRORS = (
+    firebase_auth.InvalidIdTokenError,
+    firebase_auth.ExpiredIdTokenError,
+    firebase_auth.RevokedIdTokenError,
+)
+
 
 class LoginUser(Mutation):
     class Arguments:
-        net_id = String(required=True, description="User's net ID (e.g. Cornell netid).")
+        id_token = String(required=True, description="Firebase ID token from the client.")
 
     access_token = String()
     refresh_token = String()
 
-    def mutate(self, info, net_id):
-        user = db["users"].find_one({"net_id": net_id})
+    def mutate(self, info, id_token):
+        try:
+            decoded = firebase_auth.verify_id_token(id_token)
+        except _TOKEN_ERRORS as err:
+            raise GraphQLError("Invalid or expired token.") from err
+        except ValueError as err:
+            raise GraphQLError("Invalid or expired token.") from err
+
+        firebase_uid = decoded.get("uid")
+        if not firebase_uid:
+            raise GraphQLError("Invalid or expired token.")
+        user = db["users"].find_one({"firebase_uid": firebase_uid})
         if not user:
             raise GraphQLError("User not found.")
         identity = str(user["_id"])

diff --git a/src/mutations/signup_user.py b/src/mutations/signup_user.py
@@ -1,31 +1,51 @@
 from graphql import GraphQLError
 from graphene import Mutation, String
 
+from firebase_admin import auth as firebase_auth
 from flask_jwt_extended import create_access_token, create_refresh_token
+from pymongo.errors import DuplicateKeyError
 from src.database import db
 
+_TOKEN_ERRORS = (
+    firebase_auth.InvalidIdTokenError,
+    firebase_auth.ExpiredIdTokenError,
+    firebase_auth.RevokedIdTokenError,
+)
+
 
 class SignupUser(Mutation):
     class Arguments:
-        net_id = String(required=True, description="User's net ID (e.g. Cornell netid).")
+        id_token = String(required=True, description="Firebase ID token from the client.")
         name = String(required=False, description="Display name.")
-        email = String(required=False, description="Email address.")
+        email = String(required=False, description="Email (overrides token email if provided).")
 
     access_token = String()
     refresh_token = String()
 
-    def mutate(self, info, net_id, name=None, email=None):
-        if db["users"].find_one({"net_id": net_id}):
-            raise GraphQLError("Net ID already exists.")
+    def mutate(self, info, id_token, name=None, email=None):
+        try:
+            decoded = firebase_auth.verify_id_token(id_token)
+        except _TOKEN_ERRORS as err:
+            raise GraphQLError("Invalid or expired token.") from err
+        except ValueError as err:
+            raise GraphQLError("Invalid or expired token.") from err
+
+        firebase_uid = decoded.get("uid")
+        if firebase_uid is None:
+            raise GraphQLError("Token missing uid") from KeyError("uid")
+
+        email = email or decoded.get("email")
         user_doc = {
-            "net_id": net_id,
+            "firebase_uid": firebase_uid,
+            "email": email,
             "favorite_game_ids": [],
         }
         if name is not None:
             user_doc["name"] = name
-        if email is not None:
-            user_doc["email"] = email
-        result = db["users"].insert_one(user_doc)
+        try:
+            result = db["users"].insert_one(user_doc)
+        except DuplicateKeyError as err:
+            raise GraphQLError("User already exists.") from err
-        firebase_uid = decoded.get("uid")
-        if firebase_uid is None:
-            raise GraphQLError("Token missing uid") from KeyError("uid")
-
-        email = email or decoded.get("email")
-        user_doc = {
-            "net_id": net_id,
-            "firebase_uid": firebase_uid,
-            "email": email,
-            "favorite_game_ids": [],
-        }
-        if name is not None:
-            user_doc["name"] = name
-        if email is not None:
-            user_doc["email"] = email
-        result = db["users"].insert_one(user_doc)
-        try:
-            result = db["users"].insert_one(user_doc)
-        except DuplicateKeyError as err:
-            raise GraphQLError("User already exists.") from err
+        firebase_uid = decoded.get("uid")
+        if not firebase_uid:
+            raise GraphQLError("Invalid or expired token.")
+
+        email = email or decoded.get("email")
+        user_doc = {
+            "firebase_uid": firebase_uid,
+            "email": email,
+            "favorite_game_ids": [],
+        }
+        if name is not None:
+            user_doc["name"] = name
+        try:
+            result = db["users"].insert_one(user_doc)
+        except DuplicateKeyError as err:
+            raise GraphQLError("User already exists.") from err
-        firebase_uid = decoded.get("uid")
-        if firebase_uid is None:
-            raise GraphQLError("Token missing uid") from KeyError("uid")
-
-        email = email or decoded.get("email")
-        user_doc = {
-            "net_id": net_id,
-            "firebase_uid": firebase_uid,
-            "email": email,
-            "favorite_game_ids": [],
-        }
-        if name is not None:
-            user_doc["name"] = name
-        if email is not None:
-            user_doc["email"] = email
-        result = db["users"].insert_one(user_doc)
-        try:
-            result = db["users"].insert_one(user_doc)
-        except DuplicateKeyError as err:
-            raise GraphQLError("User already exists.") from err
+        firebase_uid = decoded.get("uid")
+        if not firebase_uid:
+            raise GraphQLError("Invalid or expired token.")
+
+        email = email or decoded.get("email")
+        user_doc = {
+            "firebase_uid": firebase_uid,
+            "email": email,
+            "favorite_game_ids": [],
+        }
+        if name is not None:
+            user_doc["name"] = name
+        try:
+            result = db["users"].insert_one(user_doc)
+        except DuplicateKeyError as err:
+            raise GraphQLError("User already exists.") from err
         identity = str(result.inserted_id)
         return SignupUser(
             access_token=create_access_token(identity=identity),

diff --git a/src/repositories/game_repository.py b/src/repositories/game_repository.py
@@ -11,6 +11,16 @@
 logger = logging.getLogger(__name__)
 
 
+def _time_for_lookup(time):
+    """True when `time` should be included in a query (aligned with uniq_game_key_with_time)."""
+    if time is None:
+        return False
+    s = str(time).strip()
+    if not s or s in ("TBD", "TBA"):
+        return False
+    return True
+
+
 class GameRepository:
     @staticmethod
     def find_all(limit=100, offset=0):
@@ -103,24 +113,26 @@ def find_by_data(city, date, gender, location, opponent_id, sport, state, time):
         return Game.from_dict(game_data) if game_data else None
 
     @staticmethod
-    def find_by_key_fields(city, date, gender, location, opponent_id, sport, state):
+    def find_by_key_fields(city, date, gender, location, opponent_id, sport, state, time=None):
         """
-        Find games without time for duplicate games
+        Find games by key fields. When `time` is a concrete value (not TBD/TBA), the query
+        includes it so doubleheaders resolve to a single row. Otherwise falls back to the
+        legacy filter without time (multiple rows possible).
         """
         game_collection = db["game"]
-        games = list(
-            game_collection.find(
-                {
-                    "city": city,
-                    "date": date,
-                    "gender": gender,
-                    "location": location,
-                    "opponent_id": opponent_id,
-                    "sport": sport,
-                    "state": state,
-                }
-            )
-        )
+        base = {
+            "city": city,
+            "date": date,
+            "gender": gender,
+            "location": location,
+            "opponent_id": opponent_id,
+            "sport": sport,
+            "state": state,
+        }
+        if _time_for_lookup(time):
+            games = list(game_collection.find({**base, "time": time}))
+        else:
+            games = list(game_collection.find(base))
 
         if not games:
             return None
@@ -131,7 +143,7 @@ def find_by_key_fields(city, date, gender, location, opponent_id, sport, state):
         return [Game.from_dict(game) for game in games]
 
     @staticmethod
-    def find_by_tournament_key_fields(city, date, gender, location, sport, state):
+    def find_by_tournament_key_fields(city, date, gender, location, sport, state, time=None):
         """
         Find tournament games by location and date (excluding opponent_id).
         This is used when we need to find a tournament game that might have a placeholder team.
@@ -145,6 +157,8 @@ def find_by_tournament_key_fields(city, date, gender, location, sport, state):
             "gender": gender,
             "sport": sport,
         }
+        if _time_for_lookup(time):
+            query["time"] = time
 
         # For city, state, and location, use flexible matching
         # This allows finding games even when TBD/TBA values change to real values

diff --git a/src/schema.py b/src/schema.py
@@ -31,9 +31,11 @@ class Mutation(ObjectType):
     create_team = CreateTeam.Field(description="Creates a new team.")
     create_youtube_video = CreateYoutubeVideo.Field(description="Creates a new youtube video.")
     create_article = CreateArticle.Field(description="Creates a new article.")
-    login_user = LoginUser.Field(description="Login by net_id; returns access_token and refresh_token.")
+    login_user = LoginUser.Field(
+        description="Login with Firebase ID token; returns access_token and refresh_token.",
+    )
     signup_user = SignupUser.Field(
-        description="Create a new user by net_id; returns access_token and refresh_token (no separate login needed).",
+        description="Create a new user with Firebase ID token; returns access_token and refresh_token.",
     )
     refresh_access_token = RefreshAccessToken.Field(
         description="Exchange a valid refresh token (in Authorization header) for a new access_token.",