Hugging Face's logo

Spaces:
Subbu1304
/
subbuok
Sleeping

App Files Community
subbuok / cart.py
lokeshloki143's picture
lokeshloki143
Update cart.py
a18c7ab verified
raw
history blame contribute delete
18.3 kB
from flask import Blueprint, render_template, request, session, jsonify, redirect, url_for
from salesforce import get_salesforce_connection
import re
sf = get_salesforce_connection()
cart_blueprint = Blueprint('cart', __name__)
# Utility function to sanitize SOQL inputs
def sanitize_input(value):
 """Remove potentially dangerous characters for SOQL injection."""
 if value:
 value = re.sub(r'[;\'"\\]', '', value)
 return value
@cart_blueprint.route("/cart", methods=["GET"])
def cart():
 email = session.get('user_email')
 if not email:
 return redirect(url_for("login"))
try:
 sanitized_email = sanitize_input(email)
 result = sf.query(f"""
 SELECT Name, Price__c, Quantity__c, Add_Ons__c, Add_Ons_Price__c, Image1__c, Instructions__c, Category__c, Section__c
 FROM Cart_Item__c
 WHERE Customer_Email__c = '{sanitized_email}'
 """)
 cart_items = result.get("records", [])
 subtotal = sum(item['Price__c'] for item in cart_items)
return render_template(
 "cart.html",
 cart_items=cart_items,
 subtotal=subtotal,
 customer_email=email
 )
except Exception as e:
 print(f"Error fetching cart items: {e}")
 return render_template("cart.html", cart_items=[], subtotal=0, customer_email=email)
@cart_blueprint.route("/bill", methods=["GET"])
def bill():
 email = session.get('user_email')
 if not email:
 return redirect(url_for("login"))
try:
 sanitized_email = sanitize_input(email)
 result = sf.query(f"""
 SELECT Name, Price__c, Quantity__c, Add_Ons__c, Add_Ons_Price__c, Image1__c, Instructions__c
 FROM Cart_Item__c
 WHERE Customer_Email__c = '{sanitized_email}'
 """)
 cart_items = result.get("records", [])
 subtotal = sum(item['Price__c'] for item in cart_items)
return render_template(
 "bill.html",
 cart_items=cart_items,
 subtotal=subtotal,
 customer_email=email
 )
except Exception as e:
 print(f"Error fetching bill items: {e}")
 return render_template("bill.html", cart_items=[], subtotal=0, customer_email=email)
@cart_blueprint.route("/bill/fetch_cart", methods=["GET"])
def fetch_cart():
 email = session.get('user_email')
 if not email:
 return jsonify({"success": False, "error": "User not logged in"}), 401
try:
 sanitized_email = sanitize_input(email)
 result = sf.query(f"""
 SELECT Name, Price__c, Quantity__c, Add_Ons__c, Add_Ons_Price__c, Image1__c, Instructions__c
 FROM Cart_Item__c
 WHERE Customer_Email__c = '{sanitized_email}'
 """)
 cart_items = result.get("records", [])
 subtotal = sum(item['Price__c'] for item in cart_items)
return jsonify({
 "success": True,
 "cart_items": cart_items,
 "subtotal": subtotal
 })
except Exception as e:
 print(f"Error fetching cart items: {e}")
 return jsonify({"success": False, "error": str(e)}), 500
@cart_blueprint.route("/fetch_menu_items", methods=["GET"])
def fetch_menu_items():
 try:
 category = request.args.get('category', 'All')
 section = request.args.get('section', '')
 category = sanitize_input(category)
 section = sanitize_input(section)
query = """
 SELECT Name, Price__c, Image1__c, Veg_NonVeg__c, Section__c
 FROM Menu_Item__c
 """
 if category != 'All':
 query += f" AND Veg_NonVeg__c = '{category}'"
 if section:
 query += f" AND Section__c = '{section}'"
 query += " LIMIT 20"
result = sf.query(query)
 menu_items = result.get("records", [])
return jsonify({"success": True, "menu_items": menu_items})
except Exception as e:
 print(f"Error fetching menu items: {str(e)}")
 return jsonify({"success": False, "error": str(e)}), 500
@cart_blueprint.route("/fetch_add_ons", methods=["GET"])
def fetch_add_ons():
 try:
 query = """
 SELECT Name, Price__c
 FROM Add_On__c
 WHERE Active__c = true
 LIMIT 10
 """
 result = sf.query(query)
 add_ons = [
 {"name": f"{addon['Name']} (${addon['Price__c']:.2f})", "price": addon['Price__c']}
 for addon in result.get("records", [])
 ]
 return jsonify({"success": True, "add_ons": add_ons})
 except Exception as e:
 print(f"Error fetching add-ons: {str(e)}")
 return jsonify({"success": False, "error": str(e)}), 500
@cart_blueprint.route("/add_suggestion_to_cart", methods=["POST"])
def add_suggestion_to_cart():
 try:
 data = request.get_json()
 item_name = sanitize_input(data.get('item_name').strip())
 item_price = data.get('item_price')
 item_image = data.get('item_image')
 customer_email = sanitize_input(data.get('customer_email'))
 addons = data.get('addons', [])
 instructions = sanitize_input(data.get('instructions', ""))
 quantity = data.get('quantity', 1)
try:
 quantity = int(quantity)
 if quantity < 1:
 raise ValueError("Quantity must be at least 1")
 item_price = float(item_price)
 except (ValueError, TypeError):
 return jsonify({"success": False, "error": "Invalid quantity or price"}), 400
if not all([item_name, item_price, customer_email]):
 return jsonify({"success": False, "error": "Missing required fields"}), 400
addons_price = 0
 addons_string = ", ".join(addons) if addons else "None"
if addons:
 addons_price = sum(
 float(addon.split("($")[1][:-1]) for addon in addons if "($" in addon
 )
query = f"""
 SELECT Id, Quantity__c, Add_Ons__c, Add_Ons_Price__c, Instructions__c, Base_Price__c
 FROM Cart_Item__c
 WHERE Customer_Email__c = '{customer_email}' AND Name = '{item_name}'
 """
 result = sf.query(query)
 cart_items = result.get("records", [])
if cart_items:
 cart_item_id = cart_items[0]['Id']
 existing_quantity = cart_items[0]['Quantity__c']
 existing_addons = cart_items[0].get('Add_Ons__c', "None")
 existing_addons_price = cart_items[0].get('Add_Ons_Price__c', 0)
 existing_instructions = cart_items[0].get('Instructions__c', "")
 base_price = cart_items[0].get('Base_Price__c', item_price)
combined_addons = existing_addons if existing_addons != "None" else ""
 if addons:
 combined_addons = f"{combined_addons}, {addons_string}".strip(", ")
combined_instructions = existing_instructions
 if instructions:
 combined_instructions = f"{combined_instructions} | {instructions}".strip(" | ")
new_quantity = existing_quantity + quantity
 new_addons_price = existing_addons_price + (addons_price * quantity)
 new_total_price = (base_price * new_quantity) + new_addons_price
sf.Cart_Item__c.update(cart_item_id, {
 "Quantity__c": new_quantity,
 "Add_Ons__c": combined_addons if combined_addons else "None",
 "Add_Ons_Price__c": new_addons_price,
 "Instructions__c": combined_instructions,
 "Price__c": new_total_price
 })
 else:
 total_price = (item_price * quantity) + (addons_price * quantity)
 sf.Cart_Item__c.create({
 "Name": item_name,
 "Price__c": total_price,
 "Base_Price__c": item_price,
 "Quantity__c": quantity,
 "Add_Ons_Price__c": addons_price * quantity,
 "Add_Ons__c": addons_string,
 "Image1__c": item_image,
 "Customer_Email__c": customer_email,
 "Instructions__c": instructions
 })
return jsonify({"success": True, "message": "Item added to cart successfully."})
except Exception as e:
 print(f"Error adding item to cart: {str(e)}")
 return jsonify({"success": False, "error": str(e)}), 500
@cart_blueprint.route("/remove/<item_name>", methods=["POST"])
def remove_cart_item(item_name):
 try:
 customer_email = session.get('user_email')
 if not customer_email:
 return jsonify({'success': False, 'message': 'User email not found.'}), 400
sanitized_email = sanitize_input(customer_email)
 sanitized_item_name = sanitize_input(item_name)
 query = f"""
 SELECT Id FROM Cart_Item__c
WHERE Customer_Email__c = '{sanitized_email}' AND Name = '{sanitized_item_name}'
 """
 result = sf.query(query)
if result['totalSize'] == 0:
 return jsonify({'success': False, 'message': 'Item not found in cart.'}), 400
cart_item_id = result['records'][0]['Id']
 sf.Cart_Item__c.delete(cart_item_id)
 return jsonify({'success': True, 'message': f"'{item_name}' removed successfully!"}), 200
 except Exception as e:
 print(f"Error: {str(e)}")
 return jsonify({'success': False, 'message': f"An error occurred: {str(e)}"}), 500
@cart_blueprint.route("/update_quantity", methods=["POST"])
def update_quantity():
 data = request.json
 email = sanitize_input(data.get('email'))
 item_name = sanitize_input(data.get('item_name'))
try:
 quantity = int(data.get('quantity'))
 except (ValueError, TypeError):
 return jsonify({"success": False, "error": "Invalid quantity provided."}), 400
if not email or not item_name or quantity is None:
 return jsonify({"success": False, "error": "Email, item name, and quantity are required."}), 400
try:
 cart_items = sf.query(
 f"SELECT Id, Quantity__c, Price__c, Base_Price__c, Add_Ons_Price__c FROM Cart_Item__c "
 f"WHERE Customer_Email__c = '{email}' AND Name = '{item_name}'"
 )['records']
if not cart_items:
 return jsonify({"success": False, "error": "Cart item not found."}), 404
cart_item_id = cart_items[0]['Id']
 base_price = cart_items[0]['Base_Price__c']
 addons_price = cart_items[0].get('Add_Ons_Price__c', 0)
new_item_price = (base_price * quantity) + addons_price
sf.Cart_Item__c.update(cart_item_id, {
 "Quantity__c": quantity,
 "Price__c": new_item_price,
 })
cart_items = sf.query(f"""
 SELECT Price__c, Add_Ons_Price__c
FROM Cart_Item__c
WHERE Customer_Email__c = '{email}'
 """)['records']
 new_subtotal = sum(item['Price__c'] for item in cart_items)
return jsonify({"success": True, "new_item_price": new_item_price, "subtotal": new_subtotal})
except Exception as e:
 print(f"Error updating quantity: {str(e)}")
 return jsonify({"success": False, "error": str(e)}), 500
@cart_blueprint.route("/checkout", methods=["POST"])
def checkout():
 email = session.get('user_email')
 if not email:
 return jsonify({"success": False, "message": "User not logged in"}), 401
try:
 sanitized_email = sanitize_input(email)
 result = sf.query(f"""
 SELECT Id, Name, Price__c, Add_Ons_Price__c, Quantity__c, Add_Ons__c, Instructions__c, Image1__c
 FROM Cart_Item__c
 WHERE Customer_Email__c = '{sanitized_email}'
 """)
 cart_items = result.get("records", [])
 if not cart_items:
 return jsonify({"success": False, "message": "Cart is empty"}), 400
subtotal = sum(item['Price__c'] for item in cart_items)
 total = subtotal # No discount for simplicity
bill_items = [
 {
 "name": item['Name'],
 "quantity": item['Quantity__c'],
 "price": item['Price__c'],
 "addons": item.get('Add_Ons__c', 'None'),
 "instructions": item.get('Instructions__c', 'None'),
 "image": item['Image1__c']
 } for item in cart_items
 ]
menu_query = """
 SELECT Name, Price__c, Image1__c, Veg_NonVeg__c, Section__c
 FROM Menu_Item__c
 LIMIT 20
 """
 menu_result = sf.query(menu_query)
 menu_items = menu_result.get("records", [])
return jsonify({
 "success": True,
 "cart": {
 "items": bill_items,
 "subtotal": subtotal,
 "total": total
 },
 "menu_items": menu_items
 })
except Exception as e:
 print(f"Error during checkout: {str(e)}")
 return jsonify({"success": False, "error": str(e)}), 500
@cart_blueprint.route("/submit_order", methods=["POST"])
def submit_order():
 email = session.get('user_email')
 user_id = session.get('user_name')
 table_number = session.get('table_number')
if not email or not user_id:
 return jsonify({"success": False, "message": "User not logged in"}), 401
try:
 sanitized_email = sanitize_input(email)
 data = request.json
 cart = data.get("cart")
 if not cart:
 return jsonify({"success": False, "message": "Cart data is required"}), 400
result = sf.query(f"""
 SELECT Id, Name, Price__c, Add_Ons_Price__c, Quantity__c, Add_Ons__c, Instructions__c, Image1__c
 FROM Cart_Item__c
 WHERE Customer_Email__c = '{sanitized_email}'
 """)
 cart_items = result.get("records", [])
 if not cart_items:
 return jsonify({"success": False, "message": "Cart is empty"}), 400
subtotal = cart.get("subtotal")
 total = cart.get("total")
order_details = "\n".join(
 f"{item['Name']} x{item['Quantity__c']} | Add-Ons: {item.get('Add_Ons__c', 'None')} | "
 f"Instructions: {item.get('Instructions__c', 'None')} | "
 f"Price: ${item['Price__c']} | Image: {item['Image1__c']}"
 for item in cart_items
 )
customer_query = sf.query(f"""
 SELECT Id FROM Customer_Login__c
 WHERE Email__c = '{sanitized_email}'
 """)
 customer_id = customer_query["records"][0]["Id"] if customer_query["records"] else None
 if not customer_id:
 return jsonify({"success": False, "message": "Customer record not found"}), 404
table_number = table_number if table_number != 'null' else None
 order_data = {
 "Customer_Name__c": user_id,
 "Customer_Email__c": email,
 "Total_Amount__c": subtotal,
 "Total_Bill__c": total,
 "Order_Status__c": "Pending",
 "Customer2__c": customer_id,
 "Order_Details__c": order_details,
 "Table_Number__c": table_number
 }
 order_response = sf.Order__c.create(order_data)
if order_response:
 for item in cart_items:
 sf.Cart_Item__c.delete(item["Id"])
return jsonify({"success": True, "message": "Order placed successfully!"})
except Exception as e:
 print(f"Error during order submission: {str(e)}")
 return jsonify({"success": False, "error": str(e)}), 500
@cart_blueprint.route("/order", methods=["GET"])
def order():
 email = session.get('user_email')
 if not email:
 return redirect(url_for("login"))
try:
 sanitized_email = sanitize_input(email)
 # Fetch the latest order for the user
 result = sf.query(f"""
 SELECT Id, Order_Details__c, Total_Bill__c, CreatedDate
 FROM Order__c
 WHERE Customer_Email__c = '{sanitized_email}'
 ORDER BY CreatedDate DESC
 LIMIT 1
 """)
 orders = result.get("records", [])
 if not orders:
 return render_template("order.html", order=None, message="No orders found.")
order = orders[0]
 order_id = order['Id']
 total = order['Total_Bill__c']
 order_details_raw = order['Order_Details__c'] or ""
# Parse order details into a list of items
 order_items = []
 for line in order_details_raw.split("\n"):
 if not line.strip():
 continue
 # Example line: "Chicken Biryani x2 | Add-Ons: Extra Raita | Instructions: Less spicy | Price: $24.00 | Image: <url>"
 try:
 parts = line.split(" | ")
 name_quantity = parts[0].split(" x") # "Chicken Biryani x2" -> ["Chicken Biryani", "2"]
 name = name_quantity[0]
 quantity = int(name_quantity[1])
 addons = parts[1].replace("Add-Ons: ", "") if len(parts) > 1 else "None"
 instructions = parts[2].replace("Instructions: ", "") if len(parts) > 2 else "None"
 price = float(parts[3].replace("Price: $", "")) if len(parts) > 3 else 0
 image = parts[4].replace("Image: ", "") if len(parts) > 4 else "/static/placeholder.jpg"
 order_items.append({
 "name": name,
 "quantity": quantity,
 "addons": addons,
 "instructions": instructions,
 "price": price,
 "image": image
 })
 except Exception as e:
 print(f"Error parsing order line '{line}': {e}")
 continue
return render_template(
 "order.html",
 order={"id": order_id, "items": order_items, "total": total},
 message="Thank you for your order! It has been placed successfully."
 )
except Exception as e:
 print(f"Error fetching order: {e}")
 return render_template("order.html", order=None, message="Error fetching your order. Please contact support.")