Update app.py

app.py

@@ -1,31 +1,23 @@
-
-from fastapi import FastAPI, Request, HTTPException
+from fastapi import FastAPI, Request, HTTPException, Response
 from fastapi.middleware.cors import CORSMiddleware
-from fastapi.responses import RedirectResponse
+from fastapi.responses import RedirectResponse, HTMLResponse
 from api import api_router
 import gradio as gr
-import aiohttp
-import asyncio
+import requests
 import logging
 import time
+import aiohttp
+import asyncio
 from typing import Optional
-from pydantic import BaseModel
-import os
-from db.mongo import users_collection
-from core.security import hash_password
-from datetime import datetime
 
 # Configure logging
-logging.basicConfig(
-    level=logging.DEBUG,
-    format="%(asctime)s - %(levelname)s - %(name)s - %(message)s"
-)
+logging.basicConfig(level=logging.DEBUG)
 logger = logging.getLogger(__name__)
 logger.debug("Initializing application")
 
 app = FastAPI()
 
-# CORS Configuration (restrict in production)
+# CORS Configuration
 app.add_middleware(
     CORSMiddleware,
     allow_origins=["*"],
@@ -37,62 +29,40 @@ app.add_middleware(
 app.include_router(api_router)
 
 # Constants
-BACKEND_URL = os.getenv("BACKEND_URL", "https://rocketfarmstudios-cps-api.hf.space")
+BACKEND_URL = "https://rocketfarmstudios-cps-api.hf.space"
 ADMIN_EMAIL = "yakdhanali97@gmail.com"
 ADMIN_PASSWORD = "123456"
 MAX_TOKEN_RETRIES = 3
 TOKEN_RETRY_DELAY = 2  # seconds
-TOKEN_EXPIRY = 3600  # 1 hour default expiry
-
-# Pydantic models
-class LoginPayload(BaseModel):
-    username: str
-    password: str
-
-class DoctorPayload(BaseModel):
-    full_name: str
-    email: str
-    license_number: str
-    password: str
-    specialty: str
 
 class TokenManager:
     def __init__(self):
         self.token = None
         self.last_refresh = 0
-        self.expires_in = TOKEN_EXPIRY
+        self.expires_in = 3600  # 1 hour default expiry
         self.lock = asyncio.Lock()
 
     async def _make_login_request(self) -> Optional[str]:
         try:
             async with aiohttp.ClientSession() as session:
-                payload = LoginPayload(
-                    username=ADMIN_EMAIL,
-                    password=ADMIN_PASSWORD
-                )
-                login_url = f"{BACKEND_URL.rstrip('/')}/auth/login"
-                logger.debug(f"Sending login request to {login_url} with payload: {payload.dict()}")
                 async with session.post(
-                    login_url,
-                    json=payload.dict(),
-                    timeout=15,
-                    headers={"Content-Type": "application/json"}
+                    f"{BACKEND_URL}/auth/login",
+                    json={
+                        "username": ADMIN_EMAIL,
+                        "password": ADMIN_PASSWORD,
+                        "device_token": "admin-device-token"
+                    },
+                    timeout=10
                 ) as response:
-                    logger.debug(f"Login response status: {response.status}, URL: {response.url}")
                     if response.status == 200:
                         data = await response.json()
-                        token = data.get("access_token")
-                        if not token:
-                            logger.error("No access_token in response")
-                            return None
-                        logger.info(f"Received token: {token[:10]}...")
-                        return token
+                        return data.get("access_token")
                     else:
                         error = await response.text()
-                        logger.error(f"Login failed: {response.status} - {error}, URL: {response.url}")
+                        logger.error(f"Login failed: {response.status} - {error}")
                         return None
-        except aiohttp.ClientError as e:
-            logger.error(f"Login request error: {str(e)}, URL: {login_url}")
+        except Exception as e:
+            logger.error(f"Login request error: {str(e)}")
             return None
 
     async def refresh_token(self) -> str:
@@ -104,12 +74,12 @@ class TokenManager:
                     self.last_refresh = time.time()
                     logger.info("Successfully refreshed admin token")
                     return token
-
-                wait_time = min(5, (attempt + 1) * TOKEN_RETRY_DELAY)
+                
+                wait_time = min(5, (attempt + 1) * 2)  # Exponential backoff with max 5s
                 logger.warning(f"Attempt {attempt + 1} failed, retrying in {wait_time}s...")
                 await asyncio.sleep(wait_time)
 
-            raise HTTPException(status_code=500, detail="Failed to obtain admin token after multiple attempts")
+            raise Exception("Failed to obtain admin token after multiple attempts")
 
     async def get_token(self) -> str:
         if not self.token or (time.time() - self.last_refresh) > (self.expires_in - 60):
@@ -121,56 +91,68 @@ token_manager = TokenManager()
 @app.get("/")
 def root():
     logger.debug("Root endpoint accessed")
-    return {"message": "\ud83d\ude80 FastAPI with MongoDB + JWT is running."}
+    return {"message": "🚀 FastAPI with MongoDB + JWT is running."}
 
 @app.post("/login")
 async def redirect_login(request: Request):
     logger.info("Redirecting /login to /auth/login")
     return RedirectResponse(url="/auth/login", status_code=307)
 
-# NEW PUBLIC DOCTOR CREATION ENDPOINT (NO AUTH REQUIRED)
-@app.post("/public/create-doctor")
-async def create_doctor_public(payload: DoctorPayload):
+def authenticate_admin(email: str = None, password: str = None):
+    if email != ADMIN_EMAIL or password != ADMIN_PASSWORD:
+        logger.warning(f"Failed admin login attempt with email: {email}")
+        raise HTTPException(status_code=401, detail="Unauthorized: Invalid email or password")
+    
+    logger.info(f"Admin authenticated successfully: {email}")
+    return True
+
+async def async_create_doctor(full_name, email, matricule, password, specialty):
     try:
-        logger.info(f"[PUBLIC] Creating doctor: {payload.email}")
-        email = payload.email.strip().lower()
-        existing = await users_collection.find_one({"email": email})
-        if existing:
-            raise HTTPException(status_code=409, detail="Email already exists")
-
-        hashed_pw = hash_password(payload.password)
-        doctor_doc = {
+        token = await token_manager.get_token()
+        
+        payload = {
+            "full_name": full_name,
             "email": email,
-            "full_name": payload.full_name.strip(),
-            "password": hashed_pw,
-            "role": "doctor",
-            "specialty": payload.specialty,
-            "license_number": payload.license_number,
-            "created_at": datetime.utcnow().isoformat(),
-            "updated_at": datetime.utcnow().isoformat(),
-            "device_token": ""
+            "license_number": matricule,
+            "password": password,
+            "specialty": specialty,
         }
-        result = await users_collection.insert_one(doctor_doc)
-        logger.info(f"[PUBLIC] Doctor inserted successfully: {email}")
-        return {"status": "success", "id": str(result.inserted_id), "email": email}
-
-    except HTTPException:
-        raise
-    except Exception as e:
-        logger.error(f"[PUBLIC] Failed to create doctor: {str(e)}")
-        raise HTTPException(status_code=500, detail="Failed to create doctor")point to verify backend connectivity
-@app.get("/test-backend")
-async def test_backend():
-    try:
+        headers = {
+            "Authorization": f"Bearer {token}",
+            "Content-Type": "application/json"
+        }
+        
         async with aiohttp.ClientSession() as session:
-            test_url = f"{BACKEND_URL.rstrip('/')}/"
-            logger.debug(f"Testing backend connectivity to {test_url}")
-            async with session.get(test_url, timeout=5) as response:
-                logger.debug(f"Test backend response status: {response.status}, URL: {response.url}")
-                return {"status": response.status, "url": str(response.url), "message": await response.text()}
-    except aiohttp.ClientError as e:
-        logger.error(f"Test backend error: {str(e)}")
-        return {"status": "error", "message": str(e)}
+            async with session.post(
+                f"{BACKEND_URL}/auth/admin/doctors",
+                json=payload,
+                headers=headers,
+                timeout=10
+            ) as response:
+                if response.status == 201:
+                    return "✅ Doctor created successfully!"
+                elif response.status == 401:  # Token might be expired
+                    logger.warning("Token expired, attempting refresh...")
+                    token = await token_manager.refresh_token()
+                    headers["Authorization"] = f"Bearer {token}"
+                    async with session.post(
+                        f"{BACKEND_URL}/auth/admin/doctors",
+                        json=payload,
+                        headers=headers,
+                        timeout=10
+                    ) as retry_response:
+                        if retry_response.status == 201:
+                            return "✅ Doctor created successfully!"
+                
+                error_detail = await response.text()
+                return f"❌ Error: {error_detail} (Status: {response.status})"
+                
+    except Exception as e:
+        logger.error(f"Doctor creation failed: {str(e)}")
+        return f"❌ System Error: {str(e)}"
+
+def sync_create_doctor(*args):
+    return asyncio.run(async_create_doctor(*args))
 
 admin_ui = gr.Blocks(
     css="""
@@ -204,15 +186,14 @@ with admin_ui:
     gr.Markdown("# Doctor Account Creator")
     
     with gr.Column():
-        full_name = gr.Textbox(label="Full Name", placeholder="e.g., Dr. John Doe")
-        email = gr.Textbox(label="Email", placeholder="e.g., john.doe@example.com")
-        matricule = gr.Textbox(label="License Number", placeholder="e.g., 12345")
+        full_name = gr.Textbox(label="Full Name")
+        email = gr.Textbox(label="Email")
+        matricule = gr.Textbox(label="License Number")
         specialty = gr.Dropdown(
             label="Specialty",
-            choices=["General Practice", "Cardiology", "Neurology", "Pediatrics"],
-            value="General Practice"
+            choices=["General Practice", "Cardiology", "Neurology", "Pediatrics"]
         )
-        password = gr.Textbox(label="Password", type="password", placeholder="Enter a secure password")
+        password = gr.Textbox(label="Password", type="password")
         submit_btn = gr.Button("Create Account")
         output = gr.Textbox(label="Status", interactive=False)
         
@@ -224,18 +205,24 @@ with admin_ui:
 
 app = gr.mount_gradio_app(app, admin_ui, path="/admin-auth")
 
-# Admin dashboard (no authentication)
 @app.get("/admin")
-async def admin_dashboard():
+async def admin_dashboard(email: str = None, password: str = None, response: Response = None):
     logger.debug("Admin dashboard accessed")
-    return RedirectResponse(url="/admin-auth", status_code=307)
+    try:
+        authenticate_admin(email, password)
+        return RedirectResponse(url="/admin-auth", status_code=307)
+    except HTTPException as e:
+        response.status_code = 401
+        return HTMLResponse(content="""
+            <h1>401 Unauthorized</h1>
+            <p>Invalid admin credentials</p>
+        """)
 
 @app.on_event("startup")
 async def startup_event():
     """Initialize token but don't fail startup"""
     try:
         await token_manager.get_token()
-        logger.info("Initial token fetch successful")
     except Exception as e:
         logger.error(f"Initial token fetch failed: {str(e)}")