Fix Django backend deployment on HF Spaces

Dockerfile

@@ -0,0 +1,17 @@
+FROM python:3.10-slim
+
+ENV PYTHONDONTWRITEBYTECODE=1
+ENV PYTHONUNBUFFERED=1
+
+WORKDIR /app
+
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+COPY . .
+
+WORKDIR /app/kdon
+
+EXPOSE 7860
+
+CMD ["gunicorn", "basho_backend.basho_backend.wsgi:application", "--bind", "0.0.0.0:7860"]

basho_backend/apps/accounts/admin.py

@@ -0,0 +1,5 @@
+from django.contrib import admin
+from .models import User, EmailOTP
+
+admin.site.register(User)
+admin.site.register(EmailOTP)

basho_backend/apps/accounts/apps.py

@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+class AccountsConfig(AppConfig):
+    default_auto_field = "django.db.models.BigAutoField"
+    name = "apps.accounts"
+    label = "accounts"

basho_backend/apps/accounts/managers.py

@@ -0,0 +1,21 @@
+from django.contrib.auth.models import BaseUserManager
+
+class UserManager(BaseUserManager):
+    def create_user(self, username, email, password=None):
+        if not email:
+            raise ValueError("Email is required")
+
+        user = self.model(
+            username=username,
+            email=self.normalize_email(email),
+        )
+        user.set_password(password)
+        user.save(using=self._db)
+        return user
+
+    def create_superuser(self, username, email, password):
+        user = self.create_user(username, email, password)
+        user.is_staff = True
+        user.is_superuser = True
+        user.save(using=self._db)
+        return user

basho_backend/apps/accounts/migrations/0001_initial.py

@@ -0,0 +1,45 @@
+# Generated by Django 6.0 on 2026-01-08 12:43
+
+import django.utils.timezone
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('auth', '0012_alter_user_first_name_max_length'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='EmailOTP',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('email', models.EmailField(max_length=254)),
+                ('otp', models.CharField(max_length=6)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='User',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('password', models.CharField(max_length=128, verbose_name='password')),
+                ('last_login', models.DateTimeField(blank=True, null=True, verbose_name='last login')),
+                ('is_superuser', models.BooleanField(default=False, help_text='Designates that this user has all permissions without explicitly assigning them.', verbose_name='superuser status')),
+                ('username', models.CharField(max_length=150, unique=True)),
+                ('email', models.EmailField(max_length=254, unique=True)),
+                ('is_email_verified', models.BooleanField(default=False)),
+                ('is_active', models.BooleanField(default=True)),
+                ('is_staff', models.BooleanField(default=False)),
+                ('date_joined', models.DateTimeField(default=django.utils.timezone.now)),
+                ('groups', models.ManyToManyField(blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of their groups.', related_name='user_set', related_query_name='user', to='auth.group', verbose_name='groups')),
+                ('user_permissions', models.ManyToManyField(blank=True, help_text='Specific permissions for this user.', related_name='user_set', related_query_name='user', to='auth.permission', verbose_name='user permissions')),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+    ]

basho_backend/apps/accounts/migrations/0002_user_profile_image.py

@@ -0,0 +1,18 @@
+# Generated by Django 6.0 on 2026-01-10 13:04
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='profile_image',
+            field=models.ImageField(blank=True, null=True, upload_to='profile_pics/'),
+        ),
+    ]

basho_backend/apps/accounts/migrations/0003_alter_user_profile_image.py

@@ -0,0 +1,18 @@
+# Generated by Django 6.0 on 2026-01-12 19:52
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0002_user_profile_image'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='user',
+            name='profile_image',
+            field=models.ImageField(blank=True, default='profile_pics/default/default.png', upload_to='profile_pics/'),
+        ),
+    ]

basho_backend/apps/accounts/migrations/0004_remove_user_profile_image_user_avatar.py

@@ -0,0 +1,22 @@
+# Generated by Django 6.0 on 2026-01-15 15:47
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0003_alter_user_profile_image'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='user',
+            name='profile_image',
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='avatar',
+            field=models.CharField(default='p1.png', max_length=50),
+        ),
+    ]

basho_backend/apps/accounts/models.py

@@ -0,0 +1,39 @@
+from django.db import models
+from django.contrib.auth.models import AbstractBaseUser, PermissionsMixin
+from django.utils import timezone
+from .managers import UserManager
+
+
+class User(AbstractBaseUser, PermissionsMixin):
+    username = models.CharField(max_length=150, unique=True)
+    email = models.EmailField(unique=True)
+
+    avatar = models.CharField(
+    max_length=50,
+    default="p1.png"
+)
+
+
+
+    is_email_verified = models.BooleanField(default=False)
+    is_active = models.BooleanField(default=True)
+    is_staff = models.BooleanField(default=False)
+
+    date_joined = models.DateTimeField(default=timezone.now)
+
+    objects = UserManager()
+
+    USERNAME_FIELD = "username"
+    REQUIRED_FIELDS = ["email"]
+
+    def __str__(self):
+        return self.username
+
+
+class EmailOTP(models.Model):
+    email = models.EmailField()
+    otp = models.CharField(max_length=6)
+    created_at = models.DateTimeField(auto_now_add=True)
+
+    def __str__(self):
+        return f"{self.email} - {self.otp}"

basho_backend/apps/accounts/otp.py

@@ -0,0 +1,4 @@
+import random
+
+def generate_otp():
+    return str(random.randint(100000, 999999))

basho_backend/apps/accounts/services.py

@@ -0,0 +1,107 @@
+from django.core.mail import EmailMultiAlternatives
+from django.conf import settings
+
+def send_otp_email(email, otp):
+    subject = "Welcome to Basho byy Shivangi"
+
+    text_content = f"""
+Welcome to Basho byy Shivangi!
+
+We’re delighted to have you join us.
+
+Your One-Time Password (OTP) is: {otp}
+
+⏳This OTP is valid for 5 minutes.
+Do not share this OTP with anyone.
+
+Warm regards,
+Team Basho byy Shivangi
+"""
+
+    html_content = f"""
+    <html>
+      <body style="font-family: Arial, sans-serif; color: #333;">
+        <h2>Welcome to Basho byy Shivangi!</h2>
+
+        <p>We’re delighted to have you join us.</p>
+
+        <p>Your One-Time Password (OTP) is:</p>
+
+        <p style="
+            font-size: 32px;
+            font-weight: bold;
+            letter-spacing: 4px;
+            color: #652810;
+            margin: 16px 0;
+        ">
+          {otp}
+        </p>
+
+        <p>⏳ <strong>This OTP is valid for 5 minutes.</strong></p>
+        <p>Please do not share this OTP with anyone.</p>
+
+        <br />
+        <p>Warm regards,<br /><strong>Team Basho byy Shivangi</strong></p>
+      </body>
+    </html>
+    """
+
+    email_message = EmailMultiAlternatives(
+        subject=subject,
+        body=text_content,
+        from_email=settings.DEFAULT_FROM_EMAIL,
+        to=[email],
+    )
+
+    email_message.attach_alternative(html_content, "text/html")
+    email_message.send()
+
+
+def send_welcome_email(email, username):
+    subject = "Welcome to Basho byy Shivangi "
+
+    text_content = f"""
+Welcome to Basho byy Shivangi, {username}!
+
+Your account has been successfully created.
+
+We’re delighted to have you as part of our community.
+
+Warm regards,
+Team Basho byy Shivangi
+"""
+
+    html_content = f"""
+    <html>
+      <body style="font-family: Arial, sans-serif; color: #333;">
+        <h2>Welcome to Basho byy Shivangi </h2>
+
+        <p>Hi <strong>{username}</strong>,</p>
+
+        <p>
+          Your account has been <strong>successfully created</strong>.
+          We’re delighted to have you join our journey of handcrafted elegance.
+        </p>
+
+        <p>
+          You can now explore our collections, workshops, and custom creations.
+        </p>
+
+        <br />
+
+        <p style="color:#652810;">
+        Warm regards,<br /> <strong>Team Basho byy Shivangi!</strong>
+        </p>
+      </body>
+    </html>
+    """
+
+    email_message = EmailMultiAlternatives(
+        subject=subject,
+        body=text_content,
+        from_email=settings.DEFAULT_FROM_EMAIL,
+        to=[email],
+    )
+
+    email_message.attach_alternative(html_content, "text/html")
+    email_message.send()

basho_backend/apps/accounts/tests.py

@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.

basho_backend/apps/accounts/urls.py

@@ -0,0 +1,38 @@
+from django.urls import path
+from .views import (
+    send_otp,
+    register_user,
+    login_user,
+    google_login,
+    google_register,
+    change_username,  
+    me,
+    set_avatar,
+
+)
+
+urlpatterns = [
+    path("send-otp/", send_otp),
+    path("register/", register_user),
+    path("login/", login_user),
+    path("google-login/", google_login),
+    path("google-register/", google_register),
+    path("change-username/", change_username),
+    path("me/", me),
+    path("set-avatar/", set_avatar),
+]
+
+from .views import (
+    forgot_password_send_otp,
+    forgot_password_verify_otp,
+    forgot_password_reset,
+    me
+)
+
+urlpatterns += [
+    path("forgot-password/send-otp/", forgot_password_send_otp),
+    path("forgot-password/verify-otp/", forgot_password_verify_otp),
+    path("forgot-password/reset-password/", forgot_password_reset),
+    path("me/", me),
+
+]

basho_backend/apps/accounts/views.py

@@ -0,0 +1,304 @@
+from rest_framework.decorators import api_view, permission_classes, authentication_classes
+from rest_framework.permissions import IsAuthenticated
+from rest_framework.response import Response
+from django.contrib.auth import authenticate
+from rest_framework_simplejwt.tokens import RefreshToken
+from rest_framework_simplejwt.authentication import JWTAuthentication
+from django.utils import timezone
+from datetime import timedelta
+from django.views.decorators.csrf import csrf_exempt
+from django.contrib.auth import get_user_model
+from django.utils.crypto import get_random_string
+import re
+
+from .models import User, EmailOTP
+from .otp import generate_otp
+from .services import send_otp_email, send_welcome_email
+
+
+import os
+from django.core.files import File
+from django.conf import settings
+from django.views.decorators.csrf import csrf_exempt
+
+
+
+# ---------------- HELPERS ----------------
+
+def is_strong_password(password):
+    if len(password) < 8:
+        return False
+    if not re.search(r"[A-Z]", password):
+        return False
+    if not re.search(r"[^A-Za-z0-9]", password):
+        return False
+    return True
+
+
+# ---------------- AUTH ----------------
+
+@api_view(["POST"])
+def send_otp(request):
+    email = request.data.get("email")
+    username = request.data.get("username")
+
+    if not email or not username:
+        return Response({"error": "Email and username required"}, status=400)
+
+    if User.objects.filter(username=username).exists():
+        return Response({"error": "Username already exists"}, status=400)
+
+    if User.objects.filter(email=email).exists():
+        return Response({"error": "Email already registered"}, status=400)
+
+    otp = generate_otp()
+
+    EmailOTP.objects.update_or_create(
+        email=email,
+        defaults={"otp": otp, "created_at": timezone.now()}
+    )
+
+    send_otp_email(email, otp)
+    return Response({"success": "OTP sent"})
+
+
+@api_view(["POST"])
+def register_user(request):
+    email = request.data.get("email")
+    username = request.data.get("username")
+    password = request.data.get("password")
+    otp = request.data.get("otp")
+
+    if not all([email, username, password, otp]):
+        return Response({"error": "All fields are required"}, status=400)
+
+    otp_obj = EmailOTP.objects.filter(email=email, otp=otp).first()
+    if not otp_obj:
+        return Response({"error": "Incorrect OTP"}, status=400)
+
+    if timezone.now() - otp_obj.created_at > timedelta(minutes=5):
+        otp_obj.delete()
+        return Response({"error": "OTP expired"}, status=400)
+
+    if not is_strong_password(password):
+        return Response(
+            {"error": "Password must be at least 8 characters, include 1 uppercase letter and 1 special character"},
+            status=400
+        )
+
+    user = User.objects.create_user(
+        username=username,
+        email=email,
+        password=password
+    )
+    user.is_email_verified = True
+    user.save()
+
+    send_welcome_email(email, username)
+    otp_obj.delete()
+
+    refresh = RefreshToken.for_user(user)
+
+    return Response({
+        "access": str(refresh.access_token),
+        "refresh": str(refresh),
+        "username": user.username,
+    })
+
+
+@api_view(["POST"])
+def login_user(request):
+    user = authenticate(
+        username=request.data.get("username"),
+        password=request.data.get("password")
+    )
+
+    if not user:
+        return Response({"error": "Incorrect username or password"}, status=400)
+
+    refresh = RefreshToken.for_user(user)
+
+    return Response({
+        "access": str(refresh.access_token),
+        "refresh": str(refresh),
+        "username": user.username,
+        "email": user.email,
+        "avatar": user.avatar,
+
+    })
+
+
+@api_view(["POST"])
+def google_login(request):
+    email = request.data.get("email")
+    user = User.objects.filter(email=email).first()
+
+    if not user:
+        return Response({"error": "Account not found. Please register first."}, status=400)
+
+    refresh = RefreshToken.for_user(user)
+
+    return Response({
+        "access": str(refresh.access_token),
+        "refresh": str(refresh),
+        "username": user.username,
+        "email": user.email,
+        "avatar": user.avatar,
+
+    })
+
+
+@api_view(["POST"])
+def google_register(request):
+    email = request.data.get("email")
+    username = request.data.get("username")
+
+    password = get_random_string(12)
+
+    user = User.objects.create_user(
+        username=username,
+        email=email,
+        password=password
+    )
+    user.is_email_verified = True
+    user.save()
+
+    refresh = RefreshToken.for_user(user)
+
+    return Response({
+        "access": str(refresh.access_token),
+        "refresh": str(refresh),
+        "username": user.username,
+    })
+
+
+# ---------------- CHANGE USERNAME (UNCHANGED LOGIC) ----------------
+
+@csrf_exempt
+@api_view(["POST"])
+@permission_classes([IsAuthenticated])
+def change_username(request):
+    user = request.user
+    new_username = request.data.get("username", "").strip()
+
+    if not new_username:
+        return Response({"error": "Username cannot be empty"}, status=400)
+
+    if User.objects.filter(username=new_username).exclude(id=user.id).exists():
+        return Response({"error": "Username already taken"}, status=400)
+
+    user.username = new_username
+    user.save(update_fields=["username"])
+
+    return Response({"username": user.username})
+
+
+# ---------------- PROFILE PICTURE ----------------
+
+@api_view(["POST"])
+@authentication_classes([JWTAuthentication])
+@permission_classes([IsAuthenticated])
+def set_avatar(request):
+    user = request.user
+    avatar = request.data.get("avatar")
+
+    if not avatar:
+        return Response({"error": "Avatar is required"}, status=400)
+
+    # optional safety check
+    allowed_avatars = [
+        "p1.png", "p2.png", "p3.png", "p4.png", "p5.png",
+        "p6.png", "p7.png", "p8.png", "p9.png", "p10.png",
+        "p11.png", "p12.png", "p13.png", "p14.png",
+        "p15.png", "p16.png", "p17.png",
+    ]
+
+    if avatar not in allowed_avatars:
+        return Response({"error": "Invalid avatar"}, status=400)
+
+    user.avatar = avatar
+    user.save(update_fields=["avatar"])
+
+    return Response({
+        "avatar": user.avatar
+    })
+
+
+@api_view(["GET"])
+@authentication_classes([JWTAuthentication])
+@permission_classes([IsAuthenticated])
+def me(request):
+    user = request.user
+    return Response({
+        "username": user.username,
+        "email": user.email,
+        "avatar": user.avatar,
+
+    })
+
+
+
+# ---------------- FORGOT PASSWORD ----------------
+
+@api_view(["POST"])
+def forgot_password_send_otp(request):
+    email = request.data.get("email")
+    user = User.objects.filter(email=email).first()
+
+    if not user:
+        return Response({"error": "Incorrect email id entered"}, status=400)
+
+    otp = generate_otp()
+    EmailOTP.objects.update_or_create(
+        email=email,
+        defaults={"otp": otp, "created_at": timezone.now()}
+    )
+
+    send_otp_email(email, otp)
+    return Response({"success": "OTP sent"})
+
+
+@api_view(["POST"])
+def forgot_password_verify_otp(request):
+    email = request.data.get("email")
+    otp = request.data.get("otp")
+
+    otp_obj = EmailOTP.objects.filter(email=email, otp=otp).first()
+    if not otp_obj:
+        return Response({"error": "Incorrect OTP entered"}, status=400)
+
+    if timezone.now() - otp_obj.created_at > timedelta(minutes=5):
+        otp_obj.delete()
+        return Response({"error": "OTP expired"}, status=400)
+
+    return Response({"success": "OTP verified"})
+
+
+@api_view(["POST"])
+def forgot_password_reset(request):
+    email = request.data.get("email")
+    new_password = request.data.get("new_password")
+    confirm_password = request.data.get("confirm_password")
+
+    if new_password != confirm_password:
+        return Response({"error": "Passwords do not match"}, status=400)
+
+    if not is_strong_password(new_password):
+        return Response({"error": "Password must be strong"}, status=400)
+
+    user = User.objects.filter(email=email).first()
+    user.set_password(new_password)
+    user.save()
+
+    EmailOTP.objects.filter(email=email).delete()
+    return Response({"success": "Password reset successful"})
+
+@api_view(["GET"])
+@permission_classes([IsAuthenticated])
+def me(request):
+    user = request.user
+    return Response({
+        "id": user.id,
+        "username": user.username,
+        "email": user.email,
+    })

basho_backend/apps/corporate/admin.py

@@ -0,0 +1,49 @@
+from django.contrib import admin
+from .models import CorporateInquiry
+
+
+@admin.register(CorporateInquiry)
+class CorporateInquiryAdmin(admin.ModelAdmin):
+    """
+    Read-only Admin for Corporate Inquiries
+    """
+
+    # ✅ Show fields in list view
+    list_display = (
+        "company_name",
+        "contact_name",
+        "email",
+        "service_type",
+        "created_at",
+    )
+
+    # ✅ Allow searching
+    search_fields = (
+        "company_name",
+        "contact_name",
+        "email",
+    )
+
+    # ✅ Filters on right sidebar
+    list_filter = (
+        "service_type",
+        "created_at",
+    )
+
+    # 🔒 Make ALL fields read-only
+    readonly_fields = [field.name for field in CorporateInquiry._meta.fields]
+
+    # ❌ Disable ADD permission
+    def has_add_permission(self, request):
+        return False
+
+    # ❌ Disable DELETE permission
+    def has_delete_permission(self, request, obj=None):
+        return False
+
+    # ❌ Disable EDIT (save) permission
+    def has_change_permission(self, request, obj=None):
+        # Allow viewing but not editing
+        if request.method in ["GET", "HEAD"]:
+            return True
+        return False

basho_backend/apps/corporate/apps.py

@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+class CorporateConfig(AppConfig):
+    default_auto_field = "django.db.models.BigAutoField"
+    name = "apps.corporate"

basho_backend/apps/corporate/migrations/0001_initial.py

@@ -0,0 +1,32 @@
+# Generated by Django 6.0 on 2026-01-09 19:44
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='CorporateInquiry',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('company_name', models.CharField(max_length=255)),
+                ('company_website', models.URLField(blank=True)),
+                ('contact_name', models.CharField(max_length=255)),
+                ('email', models.EmailField(max_length=254)),
+                ('phone', models.CharField(blank=True, max_length=20)),
+                ('service_type', models.CharField(choices=[('Corporate Gifting', 'Corporate Gifting'), ('Team Workshop', 'Team Workshop'), ('Brand Collaboration', 'Brand Collaboration')], max_length=50)),
+                ('details', models.JSONField(blank=True, default=dict)),
+                ('message', models.TextField(blank=True)),
+                ('budget', models.CharField(blank=True, max_length=100)),
+                ('timeline', models.CharField(blank=True, max_length=100)),
+                ('consent', models.BooleanField(default=False)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+            ],
+        ),
+    ]

basho_backend/apps/corporate/migrations/0002_alter_corporateinquiry_options.py

@@ -0,0 +1,17 @@
+# Generated by Django 6.0 on 2026-01-12 15:27
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('corporate', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='corporateinquiry',
+            options={'ordering': ['-created_at']},
+        ),
+    ]

basho_backend/apps/corporate/models.py

@@ -0,0 +1,39 @@
+from django.db import models
+
+
+class CorporateInquiry(models.Model):
+    SERVICE_CHOICES = [
+        ("Corporate Gifting", "Corporate Gifting"),
+        ("Team Workshop", "Team Workshop"),
+        ("Brand Collaboration", "Brand Collaboration"),
+    ]
+
+    company_name = models.CharField(max_length=255)
+    company_website = models.URLField(blank=True)
+
+    contact_name = models.CharField(max_length=255)
+    email = models.EmailField()
+    phone = models.CharField(max_length=20, blank=True)
+
+    service_type = models.CharField(
+        max_length=50,
+        choices=SERVICE_CHOICES
+    )
+
+    # dynamic form data stored safely
+    details = models.JSONField(default=dict, blank=True)
+
+    message = models.TextField(blank=True)
+    budget = models.CharField(max_length=100, blank=True)
+    timeline = models.CharField(max_length=100, blank=True)
+
+    consent = models.BooleanField(default=False)
+
+    created_at = models.DateTimeField(auto_now_add=True)
+
+    def __str__(self):
+        return f"{self.company_name} | {self.service_type}"
+    
+    class Meta:
+        ordering = ["-created_at"]
+

basho_backend/apps/corporate/tests.py

@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.

basho_backend/apps/corporate/urls.py

@@ -0,0 +1,6 @@
+from django.urls import path
+from .views import corporate_inquiry
+
+urlpatterns = [
+    path("corporate-inquiry/", corporate_inquiry),
+]

basho_backend/apps/corporate/views.py

@@ -0,0 +1,66 @@
+from rest_framework.decorators import api_view
+from rest_framework.response import Response
+from rest_framework import status
+
+from .models import CorporateInquiry
+
+
+@api_view(["POST"])
+def corporate_inquiry(request):
+    data = request.data
+
+    # 🔒 REQUIRED FIELDS CHECK
+    required_fields = [
+        "companyName",
+        "contactName",
+        "email",
+        "serviceType",
+        "consent",
+    ]
+
+    for field in required_fields:
+        if not data.get(field):
+            return Response(
+                {"error": f"{field} is required"},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+    # ✅ Extract dynamic service-specific fields safely
+    details = data.copy()
+
+    for key in [
+        "companyName",
+        "companyWebsite",
+        "contactName",
+        "email",
+        "phone",
+        "serviceType",
+        "message",
+        "budget",
+        "timeline",
+        "consent",
+    ]:
+        details.pop(key, None)
+
+    inquiry = CorporateInquiry.objects.create(
+        company_name=data["companyName"],
+        company_website=data.get("companyWebsite", ""),
+        contact_name=data["contactName"],
+        email=data["email"],
+        phone=data.get("phone", ""),
+        service_type=data["serviceType"],
+        details=details,
+        message=data.get("message", ""),
+        budget=data.get("budget", ""),
+        timeline=data.get("timeline", ""),
+        consent=bool(data.get("consent")),
+    )
+
+    return Response(
+        {
+            "success": True,
+            "id": inquiry.id,
+            "message": "Inquiry submitted successfully",
+        },
+        status=status.HTTP_201_CREATED,
+    )

basho_backend/apps/experiences/admin.py

@@ -0,0 +1,116 @@
+from django.contrib import admin
+from .models import (
+    Experience,
+    Booking,
+    StudioBooking,
+    UpcomingEvent,
+    Workshop,
+    WorkshopSlot,
+    WorkshopRegistration,
+    ExperienceSlot,
+)
+
+# ---------- BASIC MODELS ----------
+@admin.register(Experience)
+class ExperienceAdmin(admin.ModelAdmin):
+    list_display = ("title", "price", "is_active")
+    list_filter = ("is_active",)
+    search_fields = ("title",)
+
+@admin.register(ExperienceSlot)
+class ExperienceSlotAdmin(admin.ModelAdmin):
+    list_display = (
+        "experience",
+        "date",
+        "start_time",
+        "end_time",
+        "total_slots",
+        "booked_slots",
+        "is_active",
+    )
+
+    list_filter = ("experience", "date", "is_active")
+    search_fields = ("experience__title",)
+    ordering = ("date", "start_time")
+
+    readonly_fields = ("booked_slots",)
+
+
+@admin.register(Booking)
+class BookingAdmin(admin.ModelAdmin):
+    list_display = (
+        "id",
+        "full_name",
+        "experience",
+        "status",
+        "payment_status_display",
+        "created_at",
+    )
+
+    list_filter = ("status",)
+
+    def payment_status_display(self, obj):
+        if obj.payment_order:
+            return obj.payment_order.status
+        return "NO PAYMENT"
+
+    payment_status_display.short_description = "Payment Status"
+
+
+@admin.register(StudioBooking)
+class StudioBookingAdmin(admin.ModelAdmin):
+    list_display = ("full_name", "email", "phone", "visit_date", "time_slot", "created_at")
+    search_fields = ("full_name", "email", "phone")
+
+
+@admin.register(UpcomingEvent)
+class UpcomingEventAdmin(admin.ModelAdmin):
+    list_display = ("title", "date", "location")
+    search_fields = ("title",)
+
+
+# ---------- WORKSHOPS ----------
+@admin.register(Workshop)
+class WorkshopAdmin(admin.ModelAdmin):
+    list_display = (
+        "name",
+        "type",
+        "level",
+        "price",
+        "featured",
+        "is_active",
+    )
+    list_filter = ("type", "level", "featured", "is_active")
+    search_fields = ("name", "description", "instructor")
+
+
+@admin.register(WorkshopSlot)
+class WorkshopSlotAdmin(admin.ModelAdmin):
+    list_display = (
+        "workshop",
+        "date",
+        "start_time",
+        "end_time",
+        "available_spots",
+        "is_available",
+    )
+    list_filter = ("date", "is_available")
+
+
+@admin.register(WorkshopRegistration)
+class WorkshopRegistrationAdmin(admin.ModelAdmin):
+    list_display = (
+        "id",
+        "name",
+        "workshop",
+        "status",
+        "payment_status_display",
+        "created_at",
+    )
+
+    def payment_status_display(self, obj):
+        if obj.payment_order:
+            return obj.payment_order.status
+        return "NO PAYMENT"
+
+    payment_status_display.short_description = "Payment Status"

basho_backend/apps/experiences/apps.py

@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class ExperiencesConfig(AppConfig):
+    name = "apps.experiences"

basho_backend/apps/experiences/migrations/0001_initial.py

@@ -0,0 +1,43 @@
+# Generated by Django 6.0 on 2026-01-07 15:56
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Experience',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('title', models.CharField(max_length=200)),
+                ('tagline', models.CharField(max_length=200)),
+                ('description', models.TextField()),
+                ('duration', models.CharField(max_length=50)),
+                ('people', models.CharField(max_length=50)),
+                ('price', models.IntegerField()),
+                ('image', models.ImageField(upload_to='experiences/')),
+                ('is_active', models.BooleanField(default=True)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='Booking',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('full_name', models.CharField(max_length=100)),
+                ('phone', models.CharField(max_length=15)),
+                ('email', models.EmailField(max_length=254)),
+                ('booking_date', models.DateField()),
+                ('number_of_people', models.IntegerField(default=2)),
+                ('status', models.CharField(choices=[('pending', 'Pending'), ('confirmed', 'Confirmed'), ('cancelled', 'Cancelled')], default='pending', max_length=20)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('experience', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='bookings', to='experiences.experience')),
+            ],
+        ),
+    ]

basho_backend/apps/experiences/migrations/0002_booking_payment_amount_booking_payment_status.py

@@ -0,0 +1,23 @@
+# Generated by Django 6.0 on 2026-01-07 21:07
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('experiences', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='booking',
+            name='payment_amount',
+            field=models.IntegerField(default=0),
+        ),
+        migrations.AddField(
+            model_name='booking',
+            name='payment_status',
+            field=models.CharField(choices=[('pending', 'Pending'), ('paid', 'Paid'), ('failed', 'Failed')], default='pending', max_length=20),
+        ),
+    ]

basho_backend/apps/experiences/migrations/0003_studiobooking_upcomingevent.py

@@ -0,0 +1,36 @@
+# Generated by Django 6.0 on 2026-01-07 21:58
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('experiences', '0002_booking_payment_amount_booking_payment_status'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='StudioBooking',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('full_name', models.CharField(max_length=100)),
+                ('phone', models.CharField(max_length=15)),
+                ('email', models.EmailField(max_length=254)),
+                ('visit_date', models.DateField()),
+                ('time_slot', models.CharField(max_length=50)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='UpcomingEvent',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('title', models.CharField(max_length=200)),
+                ('date', models.CharField(max_length=50)),
+                ('location', models.CharField(max_length=200)),
+                ('description', models.TextField()),
+                ('badge', models.CharField(default='✨ Upcoming', max_length=50)),
+            ],
+        ),
+    ]

basho_backend/apps/experiences/migrations/0004_workshop_workshopslot_workshopregistration.py

@@ -0,0 +1,69 @@
+# Generated by Django 6.0 on 2026-01-08 18:20
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('experiences', '0003_studiobooking_upcomingevent'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Workshop',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=200)),
+                ('type', models.CharField(choices=[('group', 'Group'), ('private', 'Private'), ('experience', 'Experience')], max_length=20)),
+                ('level', models.CharField(choices=[('beginner', 'Beginner'), ('intermediate', 'Intermediate'), ('advanced', 'Advanced')], max_length=20)),
+                ('experience_type', models.CharField(blank=True, choices=[('couples_date', 'Couple’s Date'), ('birthday_party', 'Birthday Party'), ('corporate', 'Corporate'), ('masterclass', 'Masterclass')], max_length=30, null=True)),
+                ('description', models.TextField()),
+                ('long_description', models.TextField()),
+                ('images', models.JSONField(default=list)),
+                ('duration', models.CharField(max_length=50)),
+                ('min_participants', models.PositiveIntegerField()),
+                ('max_participants', models.PositiveIntegerField()),
+                ('price', models.PositiveIntegerField()),
+                ('price_per_person', models.BooleanField(default=True)),
+                ('includes', models.JSONField(default=list)),
+                ('requirements', models.JSONField(blank=True, null=True)),
+                ('provided_materials', models.JSONField(default=list)),
+                ('location', models.CharField(max_length=200)),
+                ('instructor', models.CharField(max_length=100)),
+                ('take_home', models.CharField(max_length=200)),
+                ('certificate', models.BooleanField(default=False)),
+                ('lunch_included', models.BooleanField(default=False)),
+                ('featured', models.BooleanField(default=False)),
+                ('is_active', models.BooleanField(default=True)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='WorkshopSlot',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('date', models.DateField()),
+                ('start_time', models.TimeField()),
+                ('end_time', models.TimeField()),
+                ('available_spots', models.PositiveIntegerField()),
+                ('is_available', models.BooleanField(default=True)),
+                ('workshop', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='slots', to='experiences.workshop')),
+            ],
+        ),
+        migrations.CreateModel(
+            name='WorkshopRegistration',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=100)),
+                ('email', models.EmailField(max_length=254)),
+                ('phone', models.CharField(max_length=15)),
+                ('number_of_participants', models.PositiveIntegerField()),
+                ('special_requests', models.TextField(blank=True, null=True)),
+                ('gst_number', models.CharField(blank=True, max_length=50, null=True)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('workshop', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='registrations', to='experiences.workshop')),
+                ('slot', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='registrations', to='experiences.workshopslot')),
+            ],
+        ),
+    ]

basho_backend/apps/experiences/migrations/0005_alter_booking_options_alter_experience_options_and_more.py

@@ -0,0 +1,210 @@
+# Generated by Django 6.0 on 2026-01-10 10:20
+
+import django.core.validators
+import django.utils.timezone
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('experiences', '0004_workshop_workshopslot_workshopregistration'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='booking',
+            options={'ordering': ['-created_at']},
+        ),
+        migrations.AlterModelOptions(
+            name='experience',
+            options={'verbose_name_plural': 'Experiences'},
+        ),
+        migrations.AlterModelOptions(
+            name='studiobooking',
+            options={'ordering': ['visit_date', 'time_slot'], 'verbose_name_plural': 'Studio Bookings'},
+        ),
+        migrations.AlterModelOptions(
+            name='upcomingevent',
+            options={'ordering': ['date']},
+        ),
+        migrations.AlterModelOptions(
+            name='workshop',
+            options={'ordering': ['name']},
+        ),
+        migrations.AlterModelOptions(
+            name='workshopregistration',
+            options={'ordering': ['-created_at']},
+        ),
+        migrations.AlterModelOptions(
+            name='workshopslot',
+            options={'ordering': ['date', 'start_time']},
+        ),
+        migrations.AddField(
+            model_name='workshop',
+            name='created_at',
+            field=models.DateTimeField(default=django.utils.timezone.now),
+        ),
+        migrations.AddField(
+            model_name='workshop',
+            name='updated_at',
+            field=models.DateTimeField(default=django.utils.timezone.now),
+        ),
+        migrations.AddField(
+            model_name='workshopregistration',
+            name='payment_amount',
+            field=models.PositiveIntegerField(default=0),
+        ),
+        migrations.AddField(
+            model_name='workshopregistration',
+            name='payment_status',
+            field=models.CharField(choices=[('pending', 'Pending'), ('paid', 'Paid'), ('failed', 'Failed')], default='pending', max_length=20),
+        ),
+        migrations.AddField(
+            model_name='workshopregistration',
+            name='updated_at',
+            field=models.DateTimeField(default=django.utils.timezone.now),
+        ),
+        migrations.AddField(
+            model_name='workshopslot',
+            name='created_at',
+            field=models.DateTimeField(default=django.utils.timezone.now),
+        ),
+        migrations.AddField(
+            model_name='workshopslot',
+            name='updated_at',
+            field=models.DateTimeField(default=django.utils.timezone.now),
+        ),
+        migrations.AlterField(
+            model_name='booking',
+            name='created_at',
+            field=models.DateTimeField(default=django.utils.timezone.now),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='certificate',
+            field=models.BooleanField(default=False, help_text='Is certificate provided?'),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='description',
+            field=models.TextField(help_text='Short description for cards'),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='duration',
+            field=models.CharField(help_text="e.g., '3 hours', '2-3 hours'", max_length=50),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='experience_type',
+            field=models.CharField(blank=True, choices=[('couples_date', "Couple's Date"), ('birthday_party', 'Birthday Party'), ('corporate', 'Corporate'), ('masterclass', 'Masterclass')], max_length=30, null=True),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='featured',
+            field=models.BooleanField(default=False, help_text='Show as featured workshop?'),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='images',
+            field=models.JSONField(default=list, help_text='List of image URLs/paths'),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='includes',
+            field=models.JSONField(default=list, help_text="List of what's included (materials, tools, etc.)"),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='instructor',
+            field=models.CharField(default='Shivangi', max_length=100),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='is_active',
+            field=models.BooleanField(default=True, help_text='Is workshop available for booking?'),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='location',
+            field=models.CharField(default='Basho Studio', max_length=200),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='long_description',
+            field=models.TextField(help_text='Detailed description for workshop page'),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='lunch_included',
+            field=models.BooleanField(default=False, help_text='Is lunch included?'),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='max_participants',
+            field=models.PositiveIntegerField(validators=[django.core.validators.MinValueValidator(1)]),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='min_participants',
+            field=models.PositiveIntegerField(validators=[django.core.validators.MinValueValidator(1)]),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='price',
+            field=models.PositiveIntegerField(help_text='Price in rupees'),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='price_per_person',
+            field=models.BooleanField(default=True, help_text='If True, price is per person. If False, price is for the group.'),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='provided_materials',
+            field=models.JSONField(default=list, help_text='Materials provided by studio'),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='requirements',
+            field=models.JSONField(blank=True, help_text='What participants need to bring/know', null=True),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='take_home',
+            field=models.CharField(help_text='What participants can take home', max_length=200),
+        ),
+        migrations.AlterField(
+            model_name='workshopregistration',
+            name='created_at',
+            field=models.DateTimeField(default=django.utils.timezone.now),
+        ),
+        migrations.AlterField(
+            model_name='workshopregistration',
+            name='number_of_participants',
+            field=models.PositiveIntegerField(validators=[django.core.validators.MinValueValidator(1)]),
+        ),
+        migrations.AlterField(
+            model_name='workshopslot',
+            name='available_spots',
+            field=models.PositiveIntegerField(validators=[django.core.validators.MinValueValidator(0)]),
+        ),
+        migrations.AlterField(
+            model_name='workshopslot',
+            name='is_available',
+            field=models.BooleanField(default=True, help_text='Is this slot open for bookings?'),
+        ),
+        migrations.AlterUniqueTogether(
+            name='workshopslot',
+            unique_together={('workshop', 'date', 'start_time')},
+        ),
+        migrations.AddIndex(
+            model_name='workshopregistration',
+            index=models.Index(fields=['email'], name='experiences_email_b6e066_idx'),
+        ),
+        migrations.AddIndex(
+            model_name='workshopregistration',
+            index=models.Index(fields=['created_at'], name='experiences_created_ce420a_idx'),
+        ),
+    ]

basho_backend/apps/experiences/migrations/0006_alter_booking_options_alter_experience_options_and_more.py

@@ -0,0 +1,201 @@
+# Generated by Django 6.0 on 2026-01-10 11:04
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('experiences', '0005_alter_booking_options_alter_experience_options_and_more'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='booking',
+            options={},
+        ),
+        migrations.AlterModelOptions(
+            name='experience',
+            options={},
+        ),
+        migrations.AlterModelOptions(
+            name='studiobooking',
+            options={},
+        ),
+        migrations.AlterModelOptions(
+            name='upcomingevent',
+            options={},
+        ),
+        migrations.AlterModelOptions(
+            name='workshop',
+            options={},
+        ),
+        migrations.AlterModelOptions(
+            name='workshopregistration',
+            options={},
+        ),
+        migrations.AlterModelOptions(
+            name='workshopslot',
+            options={},
+        ),
+        migrations.RemoveIndex(
+            model_name='workshopregistration',
+            name='experiences_email_b6e066_idx',
+        ),
+        migrations.RemoveIndex(
+            model_name='workshopregistration',
+            name='experiences_created_ce420a_idx',
+        ),
+        migrations.AlterUniqueTogether(
+            name='workshopslot',
+            unique_together=set(),
+        ),
+        migrations.RemoveField(
+            model_name='workshop',
+            name='created_at',
+        ),
+        migrations.RemoveField(
+            model_name='workshop',
+            name='updated_at',
+        ),
+        migrations.AlterField(
+            model_name='booking',
+            name='created_at',
+            field=models.DateTimeField(auto_now_add=True),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='certificate',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='description',
+            field=models.TextField(),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='duration',
+            field=models.CharField(max_length=50),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='experience_type',
+            field=models.CharField(blank=True, choices=[('couples_date', 'Couple’s Date'), ('birthday_party', 'Birthday Party'), ('corporate', 'Corporate'), ('masterclass', 'Masterclass')], max_length=30, null=True),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='featured',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='images',
+            field=models.JSONField(default=list),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='includes',
+            field=models.JSONField(default=list),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='instructor',
+            field=models.CharField(max_length=100),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='is_active',
+            field=models.BooleanField(default=True),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='location',
+            field=models.CharField(max_length=200),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='long_description',
+            field=models.TextField(),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='lunch_included',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='max_participants',
+            field=models.PositiveIntegerField(),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='min_participants',
+            field=models.PositiveIntegerField(),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='price',
+            field=models.PositiveIntegerField(),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='price_per_person',
+            field=models.BooleanField(default=True),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='provided_materials',
+            field=models.JSONField(default=list),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='requirements',
+            field=models.JSONField(blank=True, null=True),
+        ),
+        migrations.AlterField(
+            model_name='workshop',
+            name='take_home',
+            field=models.CharField(max_length=200),
+        ),
+        migrations.AlterField(
+            model_name='workshopregistration',
+            name='created_at',
+            field=models.DateTimeField(auto_now_add=True),
+        ),
+        migrations.AlterField(
+            model_name='workshopregistration',
+            name='number_of_participants',
+            field=models.PositiveIntegerField(),
+        ),
+        migrations.AlterField(
+            model_name='workshopslot',
+            name='available_spots',
+            field=models.PositiveIntegerField(),
+        ),
+        migrations.AlterField(
+            model_name='workshopslot',
+            name='is_available',
+            field=models.BooleanField(default=True),
+        ),
+        migrations.RemoveField(
+            model_name='workshopregistration',
+            name='payment_amount',
+        ),
+        migrations.RemoveField(
+            model_name='workshopregistration',
+            name='payment_status',
+        ),
+        migrations.RemoveField(
+            model_name='workshopregistration',
+            name='updated_at',
+        ),
+        migrations.RemoveField(
+            model_name='workshopslot',
+            name='created_at',
+        ),
+        migrations.RemoveField(
+            model_name='workshopslot',
+            name='updated_at',
+        ),
+    ]

basho_backend/apps/experiences/migrations/0007_booking_otp_booking_otp_expires_at_experienceslot_and_more.py

@@ -0,0 +1,46 @@
+# Generated by Django 6.0 on 2026-01-10 19:09
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('experiences', '0006_alter_booking_options_alter_experience_options_and_more'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='booking',
+            name='otp',
+            field=models.CharField(blank=True, max_length=6, null=True),
+        ),
+        migrations.AddField(
+            model_name='booking',
+            name='otp_expires_at',
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+        migrations.CreateModel(
+            name='ExperienceSlot',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('date', models.DateField()),
+                ('start_time', models.TimeField()),
+                ('end_time', models.TimeField()),
+                ('min_participants', models.PositiveIntegerField()),
+                ('max_participants', models.PositiveIntegerField()),
+                ('booked_participants', models.PositiveIntegerField(default=0)),
+                ('is_active', models.BooleanField(default=True)),
+                ('experience', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='slots', to='experiences.experience')),
+            ],
+            options={
+                'ordering': ['date', 'start_time'],
+            },
+        ),
+        migrations.AddField(
+            model_name='booking',
+            name='slot',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.PROTECT, related_name='bookings', to='experiences.experienceslot'),
+        ),
+    ]

basho_backend/apps/experiences/migrations/0008_remove_booking_otp_remove_booking_otp_expires_at_and_more.py

@@ -0,0 +1,62 @@
+# Generated by Django 6.0 on 2026-01-12 18:51
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('experiences', '0007_booking_otp_booking_otp_expires_at_experienceslot_and_more'),
+        ('orders', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='booking',
+            name='otp',
+        ),
+        migrations.RemoveField(
+            model_name='booking',
+            name='otp_expires_at',
+        ),
+        migrations.RemoveField(
+            model_name='booking',
+            name='payment_status',
+        ),
+        migrations.AddField(
+            model_name='booking',
+            name='payment_order',
+            field=models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='experience_booking', to='orders.paymentorder'),
+        ),
+        migrations.AddField(
+            model_name='workshopregistration',
+            name='payment_order',
+            field=models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='workshop_registration', to='orders.paymentorder'),
+        ),
+        migrations.AddField(
+            model_name='workshopregistration',
+            name='status',
+            field=models.CharField(choices=[('pending', 'Pending'), ('confirmed', 'Confirmed'), ('failed', 'Failed')], default='pending', max_length=20),
+        ),
+        migrations.AlterField(
+            model_name='booking',
+            name='number_of_people',
+            field=models.PositiveIntegerField(),
+        ),
+        migrations.AlterField(
+            model_name='booking',
+            name='payment_amount',
+            field=models.PositiveIntegerField(),
+        ),
+        migrations.AlterField(
+            model_name='booking',
+            name='status',
+            field=models.CharField(choices=[('pending', 'Pending'), ('confirmed', 'Confirmed'), ('cancelled', 'Cancelled'), ('failed', 'Failed')], default='pending', max_length=20),
+        ),
+        migrations.AlterField(
+            model_name='workshopregistration',
+            name='slot',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, related_name='registrations', to='experiences.workshopslot'),
+        ),
+    ]

basho_backend/apps/experiences/migrations/0009_rename_booked_participants_experienceslot_booked_slots_and_more.py

@@ -0,0 +1,37 @@
+# Generated by Django 6.0 on 2026-01-15 09:40
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('experiences', '0008_remove_booking_otp_remove_booking_otp_expires_at_and_more'),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name='experienceslot',
+            old_name='booked_participants',
+            new_name='booked_slots',
+        ),
+        migrations.RenameField(
+            model_name='experienceslot',
+            old_name='max_participants',
+            new_name='total_slots',
+        ),
+        migrations.RemoveField(
+            model_name='experienceslot',
+            name='min_participants',
+        ),
+        migrations.AddField(
+            model_name='experience',
+            name='max_participants',
+            field=models.PositiveIntegerField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='experience',
+            name='min_participants',
+            field=models.PositiveIntegerField(blank=True, null=True),
+        ),
+    ]

basho_backend/apps/experiences/migrations/0010_alter_experience_image.py

@@ -0,0 +1,18 @@
+# Generated by Django 6.0 on 2026-01-16 21:04
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('experiences', '0009_rename_booked_participants_experienceslot_booked_slots_and_more'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='experience',
+            name='image',
+            field=models.JSONField(blank=True, default=list),
+        ),
+    ]

basho_backend/apps/experiences/models.py

@@ -0,0 +1,256 @@
+from django.db import models
+from django.core.exceptions import ValidationError
+
+class Experience(models.Model):
+    title = models.CharField(max_length=200)
+    tagline = models.CharField(max_length=200)
+    description = models.TextField()
+    duration = models.CharField(max_length=50)
+    people = models.CharField(max_length=50)
+
+    min_participants = models.PositiveIntegerField(null=True, blank=True)
+    max_participants = models.PositiveIntegerField(null=True, blank=True)
+
+    price = models.IntegerField()
+    image = models.JSONField(default=list, blank=True)
+    is_active = models.BooleanField(default=True)
+
+
+    def __str__(self):
+        return self.title
+
+class ExperienceSlot(models.Model):
+    experience = models.ForeignKey(
+        Experience,
+        on_delete=models.CASCADE,
+        related_name="slots"
+    )
+
+    date = models.DateField()
+    start_time = models.TimeField()
+    end_time = models.TimeField()
+    total_slots = models.PositiveIntegerField()
+    booked_slots = models.PositiveIntegerField(default=0)
+
+    is_active = models.BooleanField(default=True)
+
+    def clean(self):
+        if self.start_time >= self.end_time:
+            raise ValidationError("Start time must be before end time.")
+
+        if self.booked_slots > self.total_slots:
+            raise ValidationError("Booked slots cannot exceed total slots.")
+
+        exp = self.experience
+        if exp.min_participants and exp.max_participants:
+            if exp.min_participants > exp.max_participants:
+                raise ValidationError(
+                    "Experience min participants cannot exceed max participants."
+                )
+
+    def save(self, *args, **kwargs):
+        self.full_clean()
+        super().save(*args, **kwargs)    
+
+    def __str__(self):
+        return f"{self.experience.title} | {self.date} {self.start_time}-{self.end_time}"
+    
+    class Meta:
+        ordering = ["date", "start_time"]
+
+class Booking(models.Model):
+    STATUS_CHOICES = (
+        ("pending", "Pending"),
+        ("confirmed", "Confirmed"),
+        ("cancelled", "Cancelled"),
+        ("failed", "Failed"),
+    )
+
+    experience = models.ForeignKey(
+        Experience,
+        on_delete=models.CASCADE,
+        related_name="bookings"
+    )
+
+    slot = models.ForeignKey(
+    ExperienceSlot,
+    on_delete=models.PROTECT,
+    related_name="bookings",
+    null=True,
+    blank=True,
+)
+
+
+    full_name = models.CharField(max_length=100)
+    phone = models.CharField(max_length=15)
+    email = models.EmailField()
+
+    booking_date = models.DateField()
+    number_of_people = models.PositiveIntegerField()
+
+    status = models.CharField(
+        max_length=20,
+        choices=STATUS_CHOICES,
+        default="pending"
+    )
+
+    payment_amount = models.PositiveIntegerField()
+
+    # 🔗 LINK TO ORDERS APP
+    payment_order = models.OneToOneField(
+        "orders.PaymentOrder",
+        on_delete=models.SET_NULL,
+        null=True,
+        blank=True,
+        related_name="experience_booking"
+    )
+
+    created_at = models.DateTimeField(auto_now_add=True)
+
+    def __str__(self):
+        return f"{self.full_name} - {self.experience.title}"
+   
+class StudioBooking(models.Model):
+    full_name = models.CharField(max_length=100)
+    phone = models.CharField(max_length=15)
+    email = models.EmailField()
+    visit_date = models.DateField()
+    time_slot = models.CharField(max_length=50)
+    created_at = models.DateTimeField(auto_now_add=True)
+
+    def __str__(self):
+        return f"{self.full_name} - {self.visit_date} ({self.time_slot})"
+
+class UpcomingEvent(models.Model):
+    title = models.CharField(max_length=200)
+    date = models.CharField(max_length=50)  # simple string for now
+    location = models.CharField(max_length=200)
+    description = models.TextField()
+    badge = models.CharField(max_length=50, default="✨ Upcoming")
+
+    def __str__(self):
+        return self.title
+
+class Workshop(models.Model):
+    WORKSHOP_TYPE_CHOICES = [
+        ("group", "Group"),
+        ("private", "Private"),
+        ("experience", "Experience"),
+    ]
+
+    LEVEL_CHOICES = [
+        ("beginner", "Beginner"),
+        ("intermediate", "Intermediate"),
+        ("advanced", "Advanced"),
+    ]
+
+    EXPERIENCE_TYPE_CHOICES = [
+        ("couples_date", "Couple’s Date"),
+        ("birthday_party", "Birthday Party"),
+        ("corporate", "Corporate"),
+        ("masterclass", "Masterclass"),
+    ]
+
+    name = models.CharField(max_length=200)
+    type = models.CharField(max_length=20, choices=WORKSHOP_TYPE_CHOICES)
+    level = models.CharField(max_length=20, choices=LEVEL_CHOICES)
+    experience_type = models.CharField(
+        max_length=30,
+        choices=EXPERIENCE_TYPE_CHOICES,
+        blank=True,
+        null=True
+    )
+
+    description = models.TextField()
+    long_description = models.TextField()
+
+    images = models.JSONField(default=list)
+
+    duration = models.CharField(max_length=50)
+
+    min_participants = models.PositiveIntegerField()
+    max_participants = models.PositiveIntegerField()
+
+    price = models.PositiveIntegerField()
+    price_per_person = models.BooleanField(default=True)
+
+    includes = models.JSONField(default=list)
+    requirements = models.JSONField(blank=True, null=True)
+    provided_materials = models.JSONField(default=list)
+
+    location = models.CharField(max_length=200)
+    instructor = models.CharField(max_length=100)
+    take_home = models.CharField(max_length=200)
+
+    certificate = models.BooleanField(default=False)
+    lunch_included = models.BooleanField(default=False)
+    featured = models.BooleanField(default=False)
+
+    is_active = models.BooleanField(default=True)
+
+    def __str__(self):
+        return self.name
+
+class WorkshopSlot(models.Model):
+    workshop = models.ForeignKey(
+        Workshop,
+        on_delete=models.CASCADE,
+        related_name="slots"
+    )
+
+    date = models.DateField()
+    start_time = models.TimeField()
+    end_time = models.TimeField()
+
+    available_spots = models.PositiveIntegerField()
+    is_available = models.BooleanField(default=True)
+
+    def __str__(self):
+        return f"{self.workshop.name} | {self.date} {self.start_time}"
+
+class WorkshopRegistration(models.Model):
+    STATUS_CHOICES = (
+        ("pending", "Pending"),
+        ("confirmed", "Confirmed"),
+        ("failed", "Failed"),
+    )
+
+    workshop = models.ForeignKey(
+        Workshop,
+        on_delete=models.CASCADE,
+        related_name="registrations"
+    )
+
+    slot = models.ForeignKey(
+        WorkshopSlot,
+        on_delete=models.PROTECT,
+        related_name="registrations"
+    )
+
+    name = models.CharField(max_length=100)
+    email = models.EmailField()
+    phone = models.CharField(max_length=15)
+
+    number_of_participants = models.PositiveIntegerField()
+    special_requests = models.TextField(blank=True, null=True)
+    gst_number = models.CharField(max_length=50, blank=True, null=True)
+
+    status = models.CharField(
+        max_length=20,
+        choices=STATUS_CHOICES,
+        default="pending"
+    )
+
+    # 🔗 LINK TO ORDERS APP
+    payment_order = models.OneToOneField(
+        "orders.PaymentOrder",
+        on_delete=models.SET_NULL,
+        null=True,
+        blank=True,
+        related_name="workshop_registration"
+    )
+
+    created_at = models.DateTimeField(auto_now_add=True)
+
+    def __str__(self):
+        return f"{self.name} - {self.workshop.name}"

basho_backend/apps/experiences/serializers.py

@@ -0,0 +1,186 @@
+from rest_framework import serializers
+from .models import (
+    Booking, 
+    Experience, 
+    StudioBooking, 
+    UpcomingEvent,
+    Workshop, 
+    WorkshopSlot, 
+    WorkshopRegistration,
+    ExperienceSlot)
+
+class BookingSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Booking
+        fields = [
+            "id",
+            "experience",
+            "slot",
+            "full_name",
+            "phone",
+            "email",
+            "booking_date",
+            "number_of_people",
+            "status",
+        ]
+        read_only_fields = ["status"]
+
+    def validate(self, data):
+        slot = data.get("slot")
+        people = data.get("number_of_people")
+
+        if not slot:
+            raise serializers.ValidationError({
+                "slot": "Please select a valid time slot."
+            })
+
+        if not slot.is_active:
+            raise serializers.ValidationError({
+                "slot": "This slot is no longer available."
+            })
+
+        experience = slot.experience
+
+        # ✅ Booking-level rules (from Experience)
+        if experience.min_participants is not None:
+            if people < experience.min_participants:
+                raise serializers.ValidationError({
+                    "number_of_people": f"Minimum {experience.min_participants} participants required."
+                })
+
+        if experience.max_participants is not None:
+            if people > experience.max_participants:
+                raise serializers.ValidationError({
+                    "number_of_people": f"Maximum {experience.max_participants} participants allowed per booking."
+                })
+
+
+        # ✅ Slot capacity rule
+        available = slot.total_slots - slot.booked_slots
+        if people > available:
+            raise serializers.ValidationError({
+                "number_of_people": f"Only {available} slots left for this time."
+            })
+
+        return data
+
+class ExperienceSlotSerializer(serializers.ModelSerializer):
+    startTime = serializers.TimeField(source="start_time")
+    endTime = serializers.TimeField(source="end_time")
+    availableSlots = serializers.SerializerMethodField()
+
+    class Meta:
+        model = ExperienceSlot
+        fields = [
+            "id",
+            "date",
+            "startTime",
+            "endTime",
+            "availableSlots",
+        ]
+
+    def get_availableSlots(self, obj):
+        return max(0, obj.total_slots - obj.booked_slots)
+
+class StudioBookingSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = StudioBooking
+        fields = "__all__"
+
+class UpcomingEventSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = UpcomingEvent
+        fields = "__all__"
+
+class WorkshopSlotSerializer(serializers.ModelSerializer):
+    startTime = serializers.TimeField(source="start_time")
+    endTime = serializers.TimeField(source="end_time")
+    availableSpots = serializers.IntegerField(source="available_spots")
+    isAvailable = serializers.BooleanField(source="is_available")
+
+    class Meta:
+        model = WorkshopSlot
+        fields = [
+            "id",
+            "date",
+            "startTime",
+            "endTime",
+            "availableSpots",
+            "isAvailable",
+        ]
+
+class WorkshopSerializer(serializers.ModelSerializer):
+    participants = serializers.SerializerMethodField()
+    schedule = WorkshopSlotSerializer(source="slots", many=True)
+
+    experienceType = serializers.CharField(source="experience_type", allow_null=True)
+    longDescription = serializers.CharField(source="long_description")
+    pricePerPerson = serializers.BooleanField(source="price_per_person")
+    takeHome = serializers.CharField(source="take_home")
+    providedMaterials = serializers.JSONField(source="provided_materials")
+    lunchIncluded = serializers.BooleanField(source="lunch_included")
+
+    class Meta:
+        model = Workshop
+        fields = [
+            "id",
+            "name",
+            "type",
+            "level",
+            "experienceType",
+            "description",
+            "longDescription",
+            "images",
+            "duration",
+            "participants",
+            "price",
+            "pricePerPerson",
+            "includes",
+            "requirements",
+            "location",
+            "instructor",
+            "takeHome",
+            "providedMaterials",
+            "certificate",
+            "lunchIncluded",
+            "featured",
+            "schedule",
+        ]
+
+    def get_participants(self, obj):
+        return {
+            "min": obj.min_participants,
+            "max": obj.max_participants,
+        }
+
+class WorkshopRegistrationSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = WorkshopRegistration
+        fields = "__all__"
+
+class ExperienceSerializer(serializers.ModelSerializer):
+    slots = ExperienceSlotSerializer(many=True, read_only=True)
+    participants = serializers.SerializerMethodField()
+    image = serializers.JSONField()
+
+    class Meta:
+        model = Experience
+        fields = [
+            "id",
+            "title",
+            "tagline",
+            "description",
+            "duration",
+            "people",
+            "price",
+            "image",
+            "is_active",
+            "participants",
+            "slots",
+        ]
+
+    def get_participants(self, obj):
+        return {
+            "min": obj.min_participants,
+            "max": obj.max_participants,
+        }

basho_backend/apps/experiences/tests.py

@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.

basho_backend/apps/experiences/urls.py

@@ -0,0 +1,67 @@
+from django.urls import path
+from .views import (
+    CreateBookingView,
+    CreateStudioBookingView,
+    ListUpcomingEventsView,
+    ListWorkshopsView,
+    ReleaseExperienceSlotView,
+    WorkshopDetailView,
+    ListWorkshopSlotsView,
+    CreateWorkshopRegistrationView,
+    ListExperienceSlotsView,
+    ListExperiencesView,
+    ListExperienceAvailableDatesView,
+    ListExperienceSlotsByDateView,
+    VerifyExperiencePaymentView,  
+    my_workshops,
+    my_experiences
+)
+
+
+
+urlpatterns = [
+    # Experiences
+    path("book/", CreateBookingView.as_view(), name="create-booking"),
+    path("verify-payment/", VerifyExperiencePaymentView.as_view()),
+    #path("book/confirm/", ConfirmBookingView.as_view(), name="confirm-booking"),
+    path(
+        "<int:experience_id>/slots/",
+        ListExperienceSlotsView.as_view(),
+        name="experience-slots",
+    ),
+    path("", ListExperiencesView.as_view(), name="list-experiences"),
+    path("release-slot/", ReleaseExperienceSlotView.as_view()),
+    path("<int:experience_id>/available-dates/", ListExperienceAvailableDatesView.as_view(), name="experience-available-dates"),
+    path("<int:experience_id>/slots-by-date/", ListExperienceSlotsByDateView.as_view(), name="experience-slots-by-date"),
+    path(
+    "<int:experience_id>/available-dates/",
+    ListExperienceAvailableDatesView.as_view(),),
+
+    path(
+        "<int:experience_id>/slots-by-date/",
+        ListExperienceSlotsByDateView.as_view(),
+    ),
+    # Studio
+    path("studio-book/", CreateStudioBookingView.as_view(), name="create-studio-booking"),
+
+    # Events
+    path("events/", ListUpcomingEventsView.as_view(), name="list-upcoming-events"),
+
+    # Workshops (UNCHANGED)
+    path("workshops/", ListWorkshopsView.as_view(), name="list-workshops"),
+    path("workshops/<int:workshop_id>/", WorkshopDetailView.as_view(), name="workshop-detail"),
+    path(
+        "workshops/<int:workshop_id>/slots/",
+        ListWorkshopSlotsView.as_view(),
+        name="workshop-slots",
+    ),
+    path(
+        "workshops/register/",
+        CreateWorkshopRegistrationView.as_view(),
+        name="workshop-register",
+    ),
+    path("my-workshops/", my_workshops),
+    path("my-experiences/", my_experiences),
+
+
+]

basho_backend/apps/experiences/views.py

@@ -0,0 +1,434 @@
+from django.shortcuts import get_object_or_404
+from django.db import transaction
+from rest_framework.exceptions import ValidationError
+from rest_framework.views import APIView
+from rest_framework.response import Response
+from rest_framework import status
+from django.http import JsonResponse
+from django.core.mail import send_mail
+from django.conf import settings
+from rest_framework.permissions import IsAuthenticated
+from rest_framework.decorators import api_view, permission_classes
+import razorpay
+from django.utils.decorators import method_decorator
+from django.views.decorators.csrf import csrf_exempt
+from django.conf import settings
+from django.db.models import F
+
+
+
+from apps.orders.models import PaymentOrder
+from .models import (
+    Booking,
+    StudioBooking,
+    UpcomingEvent,
+    Workshop,
+    WorkshopSlot,
+    WorkshopRegistration,
+    Experience,
+    ExperienceSlot,
+)
+from .serializers import (
+    BookingSerializer,
+    StudioBookingSerializer,
+    UpcomingEventSerializer,
+    WorkshopSerializer,
+    WorkshopSlotSerializer,
+    WorkshopRegistrationSerializer,
+    ExperienceSlotSerializer,
+    ExperienceSerializer,   # ✅ ADD THIS
+)
+
+razorpay_client = razorpay.Client(
+    auth=(settings.RAZORPAY_KEY_ID, settings.RAZORPAY_KEY_SECRET)
+)
+
+# =========================
+# EXPERIENCE BOOKING (PAYMENT FIRST)
+# =========================
+
+class CreateBookingView(APIView):
+    def post(self, request):
+        serializer = BookingSerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+
+        slot = serializer.validated_data["slot"]
+        people = serializer.validated_data["number_of_people"]
+        experience = serializer.validated_data["experience"]
+
+        # 🔒 ATOMIC BLOCK (prevents race conditions)
+        with transaction.atomic():
+            slot = ExperienceSlot.objects.select_for_update().get(id=slot.id)
+
+            available = slot.total_slots - slot.booked_slots
+
+            if people > available:
+                raise ValidationError({
+                    "slot": f"Only {available} slots left for this time slot."
+                })
+
+            booking = serializer.save(
+                status="pending",
+                payment_amount=experience.price
+            )
+
+            # ✅ Reserve seats
+            slot.booked_slots += people
+            slot.save()
+
+
+        # ✅ CREATE RAZORPAY ORDER
+        razorpay_order = razorpay_client.order.create({
+            "amount": booking.payment_amount * 100,
+            "currency": "INR",
+            "payment_capture": 1
+        })
+
+        payment_order = PaymentOrder.objects.create(
+            user=request.user if request.user.is_authenticated else None,
+            order_type="EXPERIENCE",
+            linked_object_id=booking.id,
+            linked_app="experiences",
+            amount=booking.payment_amount,
+            razorpay_order_id=razorpay_order["id"],
+        )
+
+        booking.payment_order = payment_order
+        booking.save()
+
+        return Response({
+            "booking_id": booking.id,
+            "razorpay_order_id": payment_order.razorpay_order_id,
+            "amount": payment_order.amount,
+        }, status=status.HTTP_201_CREATED)
+
+ 
+
+razorpay_client = razorpay.Client(
+    auth=(settings.RAZORPAY_KEY_ID, settings.RAZORPAY_KEY_SECRET)
+)
+
+class ReleaseExperienceSlotView(APIView):
+    def post(self, request):
+        booking_id = request.data.get("booking_id")
+
+        if not booking_id:
+            return Response(
+                {"error": "booking_id required"},
+                status=status.HTTP_400_BAD_REQUEST
+            )
+
+        try:
+            with transaction.atomic():
+                booking = Booking.objects.select_for_update().get(id=booking_id)
+
+                # Only release if not confirmed
+                if booking.status != "pending":
+                    return Response(
+                        {"message": "Booking already processed"},
+                        status=status.HTTP_200_OK
+                    )
+
+                slot = booking.slot
+                slot.booked_slots -= booking.number_of_people
+                slot.save()
+
+
+                booking.status = "failed"
+                booking.save()
+
+            return Response(
+                {"message": "Slot released successfully"},
+                status=status.HTTP_200_OK
+            )
+
+        except Booking.DoesNotExist:
+            return Response(
+                {"error": "Booking not found"},
+                status=status.HTTP_404_NOT_FOUND
+            )
+
+class VerifyExperiencePaymentView(APIView):
+    def post(self, request):
+        data = request.data
+
+        try:
+            # 1️⃣ Verify signature
+            razorpay_client.utility.verify_payment_signature({
+                "razorpay_order_id": data["razorpay_order_id"],
+                "razorpay_payment_id": data["razorpay_payment_id"],
+                "razorpay_signature": data["razorpay_signature"],
+            })
+
+            # 2️⃣ Fetch payment order
+            payment_order = PaymentOrder.objects.get(
+                razorpay_order_id=data["razorpay_order_id"]
+            )
+
+            # 3️⃣ Mark payment as paid
+            payment_order.status = "PAID"
+            payment_order.razorpay_payment_id = data["razorpay_payment_id"]
+            payment_order.save()
+
+            # 4️⃣ Confirm booking
+            booking = Booking.objects.get(id=payment_order.linked_object_id)
+            booking.status = "confirmed"
+            booking.save()
+
+            # 🔍 TEMP DEBUG — add just above send_mail
+            print("Experience fields:")
+            print(booking.experience._meta.get_fields())
+
+            # 5️⃣ Send email
+            if booking.email:
+                send_mail(
+                    subject="Your Experience Booking is Confirmed 🎉",
+                    message=f"""
+Hi {booking.full_name},
+
+Your experience booking has been successfully confirmed!
+
+📅  Date: {booking.booking_date}
+🎨 Experience: {booking.experience.title}
+💰 Amount Paid: ₹{booking.payment_amount}
+
+We look forward to welcoming you ✨
+
+– Team Basho
+""",
+                    from_email=settings.DEFAULT_FROM_EMAIL,
+                    recipient_list=[booking.email],
+                    fail_silently=False,
+                )
+
+            return Response({
+                "message": "Successfully placed order / booked experience"
+            }, status=status.HTTP_200_OK)
+
+        except razorpay.errors.SignatureVerificationError:
+            return Response(
+                {"error": "Payment verification failed"},
+                status=status.HTTP_400_BAD_REQUEST
+            )
+
+# =========================
+# STUDIO BOOKING (NO PAYMENT)
+# =========================
+@method_decorator(csrf_exempt, name="dispatch")
+class CreateStudioBookingView(APIView):
+    def post(self, request):
+        serializer = StudioBookingSerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+
+        booking = serializer.save()
+
+        try:
+            send_mail(
+                subject="Your Studio Visit is Confirmed ✨",
+                message=(
+                    f"Hi {booking.full_name},\n\n"
+                    f"Your studio visit has been confirmed.\n\n"
+                    f"Date: {booking.visit_date}\n"
+                    f"Time Slot: {booking.time_slot}\n\n"
+                    f"– Basho Studio"
+                ),
+                from_email=settings.DEFAULT_FROM_EMAIL,
+                recipient_list=[booking.email],
+                fail_silently=True,  # 🔥 THIS IS THE KEY
+            )
+        except Exception as e:
+            print("⚠️ Studio email failed:", str(e))
+
+
+        return Response(
+            {"message": "Studio booking confirmed"},
+            status=status.HTTP_201_CREATED
+        )
+
+
+# =========================
+# LISTING VIEWS
+# =========================
+
+class ListUpcomingEventsView(APIView):
+    def get(self, request):
+        events = UpcomingEvent.objects.all()
+        serializer = UpcomingEventSerializer(events, many=True)
+        return Response(serializer.data)
+
+
+class ListWorkshopsView(APIView):
+    def get(self, request):
+        workshops = Workshop.objects.filter(is_active=True)
+        serializer = WorkshopSerializer(workshops, many=True)
+        return Response(serializer.data, status=status.HTTP_200_OK)
+
+
+class WorkshopDetailView(APIView):
+    def get(self, request, workshop_id):
+        workshop = get_object_or_404(Workshop, id=workshop_id, is_active=True)
+        serializer = WorkshopSerializer(workshop)
+        return Response(serializer.data, status=status.HTTP_200_OK)
+
+
+class ListWorkshopSlotsView(APIView):
+    def get(self, request, workshop_id):
+        workshop = get_object_or_404(Workshop, id=workshop_id, is_active=True)
+        slots = WorkshopSlot.objects.filter(
+            workshop=workshop,
+            is_available=True
+        ).order_by("date", "start_time")
+
+        serializer = WorkshopSlotSerializer(slots, many=True)
+        return Response(serializer.data)
+
+
+class ListExperienceSlotsView(APIView):
+    def get(self, request, experience_id):
+        experience = get_object_or_404(Experience, id=experience_id, is_active=True)
+        slots = ExperienceSlot.objects.filter(
+            experience=experience,
+            is_active=True
+        ).order_by("date", "start_time")
+
+        serializer = ExperienceSlotSerializer(slots, many=True)
+        return Response(serializer.data, status=status.HTTP_200_OK)
+
+class ListExperiencesView(APIView):
+    def get(self, request):
+        experiences = Experience.objects.filter(is_active=True)
+        serializer = ExperienceSerializer(experiences, many=True)
+        return Response(serializer.data, status=status.HTTP_200_OK)
+
+class ListExperienceAvailableDatesView(APIView):
+    def get(self, request, experience_id):
+        experience = get_object_or_404(
+            Experience,
+            id=experience_id,
+            is_active=True
+        )
+
+        # Slots that still have availability
+        slots = (
+            ExperienceSlot.objects
+            .filter(
+                experience=experience,
+                is_active=True,
+                total_slots__gt=F("booked_slots")
+            )
+            .values_list("date", flat=True)
+            .distinct()
+            .order_by("date")
+        )
+
+        # Convert dates to string (frontend-friendly)
+        dates = [d.isoformat() for d in slots]
+
+        return Response(dates, status=status.HTTP_200_OK)
+
+class ListExperienceSlotsByDateView(APIView):
+    def get(self, request, experience_id):
+        date = request.query_params.get("date")
+
+        if not date:
+            return Response(
+                {"error": "date query param is required"},
+                status=status.HTTP_400_BAD_REQUEST
+            )
+
+        experience = get_object_or_404(
+            Experience,
+            id=experience_id,
+            is_active=True
+        )
+
+        slots = (
+            ExperienceSlot.objects
+            .filter(
+                experience=experience,
+                date=date,
+                is_active=True
+            )
+            .order_by("start_time")
+        )
+
+        serializer = ExperienceSlotSerializer(slots, many=True)
+        return Response(serializer.data, status=status.HTTP_200_OK)
+
+# =========================
+# WORKSHOP REGISTRATION (PAYMENT FIRST)
+# =========================
+
+class CreateWorkshopRegistrationView(APIView):
+    def post(self, request):
+        serializer = WorkshopRegistrationSerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+
+        registration = serializer.save(status="pending")
+
+        amount = (
+            registration.workshop.price * registration.number_of_participants
+            if registration.workshop.price_per_person
+            else registration.workshop.price
+        )
+
+        razorpay_order = razorpay_client.order.create({
+            "amount": amount * 100,  # paise
+            "currency": "INR",
+            "payment_capture": 1
+        })
+
+        payment_order = PaymentOrder.objects.create(
+            user=request.user if request.user.is_authenticated else None,
+            order_type="WORKSHOP",
+            linked_object_id=registration.id,
+            linked_app="experiences",
+            amount=amount,
+            razorpay_order_id=razorpay_order["id"],
+        )
+
+        registration.payment_order = payment_order
+        registration.save()
+
+        return Response(
+            {
+                "registration_id": registration.id,
+                "razorpay_order_id": payment_order.razorpay_order_id,
+                "amount": amount,
+            },
+            status=status.HTTP_201_CREATED
+        )
+@api_view(["GET"])
+@permission_classes([IsAuthenticated])
+def my_workshops(request):
+    orders = PaymentOrder.objects.filter(
+        user=request.user,
+        order_type="WORKSHOP",
+        status="PAID"
+    ).order_by("-created_at")
+
+    data = [{
+        "id": o.id,
+        "amount": o.amount,
+        "date": o.created_at,
+        "linked_object_id": o.linked_object_id
+    } for o in orders]
+
+    return JsonResponse({"workshops": data})
+@api_view(["GET"])
+@permission_classes([IsAuthenticated])
+def my_experiences(request):
+    orders = PaymentOrder.objects.filter(
+        user=request.user,
+        order_type="EXPERIENCE",
+        status="PAID"
+    ).order_by("-created_at")
+
+    data = [{
+        "id": o.id,
+        "amount": o.amount,
+        "date": o.created_at,
+        "linked_object_id": o.linked_object_id
+    } for o in orders]
+
+    return JsonResponse({"experiences": data})

basho_backend/apps/main/admin.py

@@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.

basho_backend/apps/main/apps.py

@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class MainConfig(AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'apps.main'