Initial commit

.env.openai

@@ -0,0 +1,12 @@
+GROQ_API_KEY=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
+PG_HOST=localhost
+PG_PORT=5432
+PG_USER=postgres
+PG_PASS=Viaan1234
+PG_DB=edumate
+
+SMTP_EMAIL=aitutor1211@gmail.com
+SMTP_PASSWORD=yjqqpcwqxqbhkxot
+SECRET_KEY=Vr1W_xN28NU4i9SknLzJjRYLQppqj1JX_lkq9eE1HnM-PZk3XLc1fU7TD5fjxQv8FSQgVZ1lLUl4S92nT88XUgA
+USE_HTTPS=true
+CSRF_SECRET=a5e38cf0acb4e1320a87d67136b924a6c3f458eb4398ec4781e099c56c2e6e78

main.py

@@ -0,0 +1,921 @@
+import gradio as gr
+from fastapi.staticfiles import StaticFiles
+
+import asyncio, uuid, os, re, smtplib, random
+from deep_translator import GoogleTranslator
+import edge_tts
+from transformers import AutoTokenizer, AutoModelForCausalLM
+import torch
+from reportlab.pdfgen import canvas
+from datetime import datetime, timedelta
+from email.message import EmailMessage
+import bcrypt
+import html
+from dotenv import load_dotenv
+load_dotenv(".env.openai")
+email_user = os.getenv("SMTP_EMAIL")
+email_pass = os.getenv("SMTP_PASSWORD")
+import psycopg2
+from psycopg2 import sql
+import os
+import uvicorn
+from fastapi import FastAPI, Request, Response
+from fastapi.middleware.wsgi import WSGIMiddleware
+from collections import defaultdict
+
+import openai
+import requests
+import hashlib
+otp_send_tracker = defaultdict(list)
+OTP_LIMIT = 3
+OTP_WINDOW = timedelta(minutes=15)
+PG_CONN = {
+    "host": os.getenv("PG_HOST"),
+    "port": os.getenv("PG_PORT"),
+    "user": os.getenv("PG_USER"),
+    "password": os.getenv("PG_PASS"),
+    "dbname": os.getenv("PG_DB"),
+}
+from collections import defaultdict
+from itsdangerous import URLSafeSerializer
+csrf_signer = URLSafeSerializer(os.getenv("CSRF_SECRET", "defaultcsrfsecret")) # Replace with your own secret
+
+
+# Tracks login attempts: {email: [timestamps of failed attempts]}
+attempt_tracker = defaultdict(list)
+MAX_ATTEMPTS = 5
+LOCKOUT_WINDOW = timedelta(minutes=10)
+from itsdangerous import TimestampSigner, BadSignature, SignatureExpired
+
+signer = TimestampSigner(os.getenv("SECRET_KEY", "defaultsecret"))
+SESSION_COOKIE_NAME = "edumate_session"
+SESSION_EXPIRY_SECONDS = 3600  # 1 hour
+from fastapi import Request
+fastapi_app = FastAPI()
+fastapi_app.mount("/static", StaticFiles(directory="static"), name="static")
+
+@fastapi_app.get("/check-login")
+def update_csrf_token(email):
+    email = sanitize_input(email)
+    if not is_valid_email(email):
+        return gr.update(value="")
+    return gr.update(value=generate_csrf_token(email))
+
+def generate_initial_csrf():
+    return generate_csrf_token("guest")
+
+def translate_text(text, language, voice_name):
+    try:
+        # Translate using Google Translator
+        if language == "English - US":
+            translated = text  # no translation needed
+        elif language == "Hindi":
+            translated = GoogleTranslator(source="auto", target="hi").translate(text)
+        else:
+            translated = GoogleTranslator(source="auto", target="en").translate(text)
+
+        # Use Edge TTS
+        voice_id = voice_characters[language][voice_name]
+        filename = f"tts_{uuid.uuid4().hex}.mp3"
+
+        # Generate speech
+        asyncio.run(edge_tts.Communicate(translated, voice_id).save(filename))
+
+        return translated, filename
+    except Exception as e:
+        return f"❌ Error: {str(e)}", None
+def generate_csrf_token(email):
+    return csrf_signer.dumps({"email": email})
+    
+
+def toggle_logout_visibility(is_visible):
+    return not is_visible, gr.update(visible=not is_visible)
+
+def get_chat_filename(user_email):
+    user_email = sanitize_input(user_email)
+    hashed = hashlib.sha256(user_email.encode()).hexdigest()
+    return f"chat_logs/{hashed}.txt"
+
+
+def check_login(request: Request):
+    token = request.cookies.get("edumate_session")
+    try:
+        email = signer.unsign(token, max_age=3600).decode()
+        return {"status": "✅ Logged in", "email": email}
+    except:
+        return {"status": "❌ Invalid or expired session"}
+
+def generate_session_token(email):
+    return signer.sign(email.encode()).decode()
+
+
+def is_locked_out(email):
+    now = datetime.now()
+    attempts = attempt_tracker[email]
+    # Remove attempts outside the time window
+    attempt_tracker[email] = [ts for ts in attempts if now - ts < LOCKOUT_WINDOW]
+    return len(attempt_tracker[email]) >= MAX_ATTEMPTS
+
+
+def get_pg_connection():
+    return psycopg2.connect(**PG_CONN)
+
+def init_db():
+    conn = get_pg_connection()
+    cur = conn.cursor()
+    cur.execute("""
+        CREATE TABLE IF NOT EXISTS users (
+            email TEXT PRIMARY KEY,
+            hashed_password TEXT NOT NULL,
+            username TEXT NOT NULL
+        )
+    """)
+    conn.commit()
+    conn.close()
+
+
+init_db()
+GROQ_API_KEY = os.getenv("GROQ_API_KEY")
+GROQ_API_URL = "https://api.groq.com/openai/v1/chat/completions"
+
+GROQ_MODEL = "llama3-8b-8192"
+voice_characters = {
+    "English - US": {
+        "Aria": "en-US-AriaNeural", "Guy": "en-US-GuyNeural",
+        "Christopher": "en-US-ChristopherNeural", "Emma": "en-US-EmmaNeural",
+        
+    },
+    "Hindi": {
+        "Madhur": "hi-IN-MadhurNeural"    }
+}
+
+EMAIL_REGEX = re.compile(r"^[\w\.-]+@[\w\.-]+\.\w+$")
+def is_valid_email(email): return bool(EMAIL_REGEX.match(email))
+
+def sanitize_input(text):
+    if not isinstance(text, str): return ""
+    return html.escape(text.strip())
+
+USER_FILE = "users.txt"
+def save_user(email, password, username):
+    email = sanitize_input(email)
+    password = sanitize_input(password)
+    username = sanitize_input(username)
+    if not (email and password and username): return False
+
+    hashed = bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()
+    try:
+        conn = get_pg_connection()
+        cur = conn.cursor()
+        cur.execute("INSERT INTO users (email, hashed_password, username) VALUES (%s, %s, %s)", 
+                    (email, hashed, username))
+        conn.commit()
+        return True
+    except psycopg2.IntegrityError:
+        return False
+    finally:
+        conn.close()
+
+def get_username(email):
+    email = sanitize_input(email)
+    conn = get_pg_connection()
+    cur = conn.cursor()
+    cur.execute("SELECT username FROM users WHERE email = %s", (email,))
+    row = cur.fetchone()
+    conn.close()
+    return row[0] if row else ""
+
+def check_user(email, password):
+    email = sanitize_input(email)
+    password = sanitize_input(password)
+    conn = get_pg_connection()
+    cur = conn.cursor()
+    cur.execute("SELECT hashed_password FROM users WHERE email = %s", (email,))
+    row = cur.fetchone()
+    conn.close()
+
+    if row:
+        stored_hash = row[0]
+        #print("🔐 Stored hash from DB:", stored_hash)
+        #print("🔑 Password entered:", password)
+
+        if isinstance(stored_hash, str):
+            stored_hash = stored_hash.encode()
+
+        result = bcrypt.checkpw(password.encode(), stored_hash)
+        #print("✅ Password match:", result)
+        return result
+
+    print("❌ Email not found in DB")
+    return False
+
+
+
+otp_store = {}
+def send_otp(email):
+    email = sanitize_input(email)
+    
+    # Rate limiting
+    now = datetime.now()
+    otp_send_tracker[email] = [t for t in otp_send_tracker[email] if now - t < OTP_WINDOW]
+    if len(otp_send_tracker[email]) >= OTP_LIMIT:
+        print(f"❌ OTP limit reached for {email}")
+        return False  # limit reached
+
+    otp = str(random.randint(100000, 999999))
+    otp_store[email] = {'otp': otp, 'expires': now + timedelta(minutes=10)}
+    otp_send_tracker[email].append(now)
+
+    msg = EmailMessage()
+    msg.set_content(f"Your OTP is: {otp}")
+    msg["Subject"] = "AI Tutor Signup OTP"
+    msg["From"] = email_user
+    msg["To"] = email
+
+    try:
+        with smtplib.SMTP_SSL("smtp.gmail.com", 465) as smtp:
+            smtp.login(email_user, email_pass)
+            smtp.send_message(msg)
+    except Exception as e:
+        print("SMTP Error:", e)
+        return False
+
+    return True
+
+
+import json  # add at top if not already
+
+async def chat_with_ai(message, history, user_email):
+    message = message.strip()
+    user_email = sanitize_input(user_email)
+    if history is None:
+        history = []
+
+    history.append({"role": "user", "content": message})
+
+    messages = [
+        {
+            "role": "system",
+            "content": (
+                "You are EduMate, a helpful educational assistant created by the EduMate team. "
+                "You help students with academic questions, concepts, notes, translations, and more. "
+                "If someone asks 'Who created you?' or 'What are you?', respond that you were built and trained by EduMate for educational support. "
+                "Do not mention Meta, OpenAI, or any external company. Stay consistent with EduMate branding."
+            )
+        }
+    ] + [{"role": m["role"], "content": m["content"]} for m in history]
+
+    headers = {
+        "Authorization": f"Bearer {GROQ_API_KEY}",
+        "Content-Type": "application/json"
+    }
+
+    payload = {
+        "model": GROQ_MODEL,
+        "messages": messages,
+        "temperature": 0.7,
+        "max_tokens": 1000
+    }
+
+    try:
+        res = requests.post(GROQ_API_URL, headers=headers, json=payload)
+        res.raise_for_status()
+        reply = res.json()["choices"][0]["message"]["content"].strip()
+    except requests.exceptions.HTTPError as e:
+        reply = f"❌ Groq error: {e.response.text}"
+    except Exception as e:
+        reply = f"❌ Unexpected error: {str(e)}"
+
+    history.append({"role": "assistant", "content": ""})
+    for i in range(1, len(reply) + 1):
+        history[-1]["content"] = reply[:i]
+        yield history
+        await asyncio.sleep(0.015)  # typing delay
+
+    save_chat(user_email, message, reply)
+
+
+
+async def generate_notes_typed(prompt, user_email):
+    prompt = sanitize_input(prompt)
+    user_email = sanitize_input(user_email)
+
+    headers = {
+        "Authorization": f"Bearer {GROQ_API_KEY}",
+        "Content-Type": "application/json"
+    }
+
+    payload = {
+        "model": GROQ_MODEL,
+        "messages": [
+            {
+                "role": "system",
+                "content": (
+                    "You are a helpful academic assistant. Generate well-structured, clear, and concise notes in bullet points only. "
+                    "Use headings and subheadings. Break complex concepts into small, easy-to-understand bullet points. "
+                    "Include all relevant subtopics, including key definitions, types, applications, examples, and scientific laws (like Fick’s laws if related). "
+                    "Do not write full paragraphs. Stick to clean academic study note format."
+                )
+            },
+            {"role": "user", "content": f"Generate notes on the topic: {prompt}"}
+        ],
+        "temperature": 0.6,
+        "max_tokens": 600
+    }
+
+    try:
+        res = requests.post(GROQ_API_URL, headers=headers, json=payload)
+        res.raise_for_status()
+        reply = res.json()["choices"][0]["message"]["content"].strip()
+
+        save_chat(user_email, f"Generate notes on: {prompt}", reply)
+
+        output = ""
+        for i in range(1, len(reply) + 1):
+            output = reply[:i]
+            yield output
+            await asyncio.sleep(0.01)  # delay to simulate typing
+    except Exception as e:
+        yield f"❌ Error generating notes: {str(e)}"
+
+
+
+    
+
+
+
+def export_notes_to_pdf(chat_data, topic):
+    topic = sanitize_input(topic)
+    if isinstance(chat_data, list):  # Extract only the AI parts
+        text = "\n\n".join(reply for _, reply in chat_data if reply)
+    else:
+        text = sanitize_input(str(chat_data))
+
+    fn = f"{topic}_{datetime.now():%Y%m%d_%H%M%S}.pdf"
+    c = canvas.Canvas(fn)
+    c.setFont("Helvetica", 12)
+    y = 800
+    for line in text.split("\n"):
+        if y < 50:
+            c.showPage()
+            y = 800
+        c.drawString(50, y, line)
+        y -= 18
+    c.save()
+    return fn
+
+def load_history(user_email):
+    user_email = sanitize_input(user_email)
+    path = get_chat_filename(user_email)
+    if not os.path.exists(path):
+        return []
+
+    with open(path, encoding="utf-8") as f:
+        blocks = f.read().split("\n<<<END>>>\n")
+
+    history = []
+    for blk in blocks:
+        if not blk.strip():
+            continue
+        try:
+            user_msg, ai_msg = blk.strip().split("|||", 1)
+            history.append({"role": "user", "content": user_msg.strip()})
+            history.append({"role": "assistant", "content": ai_msg.strip()})
+        except ValueError:
+            continue
+    return history
+
+
+
+def render_chat_bubbles(user_email):
+    history = load_history(user_email)  # already a list of dicts
+    return gr.update(visible=True, value=history)
+
+
+
+
+def delete_all_history(user_email):
+    user_email = sanitize_input(user_email)
+    path = get_chat_filename(user_email)
+    if os.path.exists(path):
+        os.remove(path)
+    chatbot_update = gr.update(value=[], visible=True)
+    chat_bubbles_update = gr.update(value=[], visible=True)
+    return chatbot_update, chat_bubbles_update
+def save_chat(user_email, user_msg, ai_msg):
+    path = get_chat_filename(user_email)
+    os.makedirs(os.path.dirname(path), exist_ok=True)
+    with open(path, "a", encoding="utf-8") as f:
+        f.write(f"{user_msg} ||| {ai_msg}\n<<<END>>>\n")
+
+
+
+
+def logout():
+    return gr.update(visible=True), gr.update(visible=False), "", "", gr.update(value=[])
+
+
+
+# Custom CSS (unchanged)
+custom_css = """
+body {
+    font-family: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+    background: #f5f7fa;
+    color: #1a1a1a;
+}
+.gradio-container {
+    max-width: 1200px;
+    margin: 0 auto;
+    padding: 20px;
+    background: #ffffff;
+    border-radius: 12px;
+    box-shadow: 0 4px 12px rgba(0, 0, 0, 0.1);
+}
+h3, .gr-markdown h3 {
+    color: #2b6cb0;
+    font-weight: 600;
+    margin-bottom: 20px;
+}
+.gr-button {
+    background: #2b6cb0;
+    color: white;
+    border: none;
+    border-radius: 8px;
+    padding: 12px 24px;
+    font-size: 16px;
+    font-weight: 500;
+    transition: background 0.3s ease;
+}
+.gr-button:hover {
+    background: #1a4971;
+}
+.gr-textbox, .gr-dropdown {
+    border: 1px solid #d1d5db;
+    border-radius: 8px;
+    padding: 12px;
+    font-size: 16px;
+}
+.gr-textbox:focus, .gr-dropdown:focus {
+    border-color: #2b6cb0;
+    box-shadow: 0 0 0 3px rgba(43, 108, 176, 0.2);
+}
+.gr-chatbot {
+    border: 1px solid #e2e8f0;
+    border-radius: 8px;
+    background: #f8fafc;
+    padding: 16px;
+    max-height: 500px;
+    overflow-y: auto;
+}
+.gr-chatbot .message {
+    margin-bottom: 16px;
+    padding: 12px;
+    border-radius: 8px;
+}
+.gr-chatbot .message.user {
+    background: #e6f0fa;
+    color: #1a1a1a;
+}
+.gr-chatbot .message.bot {
+    background: #ffffff;
+    border: 1px solid #e2e8f0;
+}
+.gr-radio {
+    display: flex;
+    gap: 12px;
+    padding: 12px;
+    background: #f8fafc;
+    border-radius: 8px;
+    border: 1px solid #e2e8f0;
+}
+.gr-radio input:checked + label {
+    background: #2b6cb0;
+    color: white;
+    border-radius: 6px;
+    padding: 8px 16px;
+}
+.gr-audio {
+    border-radius: 8px;
+    overflow: hidden;
+}
+.gr-file {
+    border: 1px solid #e2e8f0;
+    border-radius: 8px;
+    padding: 12px;
+}
+profile-icon {
+    background: none;
+    color: #2b6cb0;
+    font-size: 24px;
+    border: none;
+    margin-top: -10px;
+    margin-right: 10px;
+    float: right;
+}
+logout-btn {
+    background: #e53e3e;
+    color: white;
+    font-size: 14px;
+    margin-top: 5px;
+    margin-right: 10px;
+    float: right;
+}
+footer { display: none !important; }
+"""
+with gr.Blocks(theme=gr.themes.Soft(), css=custom_css) as app:
+    user_email = gr.State("")
+    logout_visible = gr.State(False)
+    csrf_token_box = gr.Textbox(visible=False)
+
+
+
+    with gr.Column(visible=True, elem_classes="login-ui") as login_ui:
+        gr.Image("static/logo.png", width=120, show_label=False, container=False)
+
+
+
+        gr.Markdown("### EduMate AI- Login / Sign Up", elem_classes="header")
+        email = gr.Textbox(label="Email", placeholder="Enter your email")
+        email.change(update_csrf_token, [email], csrf_token_box)
+
+        pwd = gr.Textbox(label="Password", type="password", placeholder="Enter your password")
+        username_box = gr.Textbox(label="Create Username (for signup)", placeholder="Choose a username", visible=True)
+        otp_box = gr.Textbox(label="OTP (for signup)", placeholder="Enter OTP", visible=True)
+        
+        with gr.Accordion("📃 View Terms & Conditions", open=False):
+            with gr.Accordion("📃 View Terms & Conditions", open=False):
+                gr.Markdown("""
+                                ### Terms & Conditions
+
+                                By accessing or using the EduMate AI application, you agree to the following terms:
+
+                                #### 1. Acceptance of Terms
+                                By using this app, you confirm that you are at least 13 years of age and agree to be bound by these Terms & Conditions. If you do not agree, please do not use the service.
+
+                                #### 2. Purpose of the App
+                                This application is designed for educational purposes only. It provides AI-powered tools for learning, such as chat assistance, translation, note generation, and voice synthesis.
+
+                                #### 3. User Responsibility
+                                - You are responsible for all activity under your account.
+                                - You agree not to use the app for any illegal, harmful, or abusive activities.
+                                - Do not attempt to reverse-engineer, disrupt, or overload the service.
+
+                                #### 4. Data Privacy
+                                - We do not share your personal data with third parties.
+                                - Your email and password are securely stored using encryption.
+                                - Chat history is stored locally for user convenience and is not publicly accessible.
+
+                                #### 5. Account Security
+                                - Do not share your login credentials with anyone.
+                                - We use OTP verification to prevent fake or duplicate accounts.
+
+                                #### 6. Limitation of Liability
+                                - EduMate AI is provided "as is", without warranty of any kind.
+                                - We are not responsible for any decisions made based on the app's suggestions or AI-generated content.
+
+                                #### 7. Content Accuracy
+                                - The AI may generate inaccurate or inappropriate responses occasionally.
+                                - Users are encouraged to verify important information independently.
+
+                                #### 8. Modification or Termination
+                                - We reserve the right to update, modify, or terminate the app or these Terms at any time, with or without notice.
+
+                                #### 9. Governing Law
+                                These terms are governed by the laws of India. Any disputes shall be subject to the jurisdiction of Indian courts.
+
+                                #### 10. Contact Us
+                                For any questions or concerns about these Terms, please contact the developer at your registered support email.
+
+                                ---
+                                By continuing to use this application, you agree to abide by these terms.
+                                    """)
+
+      
+
+
+        agree_checkbox = gr.Checkbox(label="I agree to the Terms & Conditions", value=False)
+        
+                
+
+
+        with gr.Row():
+            btn_login = gr.Button("Login", variant="primary")
+            btn_signup = gr.Button("Sign Up", variant="secondary")
+            btn_verify = gr.Button("Verify OTP", variant="secondary")
+        btn_forgot = gr.Button("Forgot Password?", variant="secondary")
+
+        status = gr.Textbox(label="Status", interactive=False, placeholder="Status messages will appear here")
+        
+
+    with gr.Row(visible=False, elem_classes="main-ui") as main_ui:
+        with gr.Column(scale=1, elem_classes="sidebar"):
+            gr.Image("static/logo.png", width=120, show_label=False, container=False)
+
+            nav = gr.Radio(["Chat", "Translate", "Notes", "Chat History"], value="Chat", label="Menu")
+        with gr.Column(scale=4):
+            with gr.Row():
+                gr.Markdown("")
+                with gr.Column(scale=0, min_width=80, elem_id="profile-container"):
+                    profile_btn = gr.Button("👤", elem_id="profile-icon", size="sm")
+                    logout_btn = gr.Button("Logout", visible=False, elem_id="logout-btn", size="sm")
+                    profile_btn.click(
+                                        fn=toggle_logout_visibility,
+                                        inputs=logout_visible,
+                                        outputs=[logout_visible, logout_btn]
+                                    )
+
+                    #logout_btn.click(fn=logout, inputs=[], outputs=[login_ui, main_ui, user_email, status, chatbot])
+
+
+
+            with gr.Column(visible=True, elem_classes="tab-content") as chat_tab:
+                chatbot = gr.Chatbot(height=500, value=[], type='messages')
+
+                inp = gr.Textbox(label="Ask me anything…", placeholder="Type your message here")
+                btn_send = gr.Button("Send", variant="primary")
+                btn_send.click(chat_with_ai, [inp, chatbot, user_email], chatbot)
+            logout_btn.click(fn=logout, inputs=[], outputs=[login_ui, main_ui, user_email, status, chatbot])
+            with gr.Column(visible=False, elem_classes="tab-content") as tts_tab:
+                txt = gr.Textbox(label="Text to Translate")
+                lang = gr.Dropdown(list(voice_characters.keys()), value="English - US", label="Language")
+                voice = gr.Dropdown(choices=list(voice_characters["English - US"].keys()), label="Voice")
+                lang.change(lambda x: gr.update(choices=list(voice_characters[x].keys()),
+                                                value=list(voice_characters[x].keys())[0]), lang, voice)
+                btn_t = gr.Button("Translate & Speak", variant="primary")
+                out_txt = gr.Textbox(label="Translated Text")
+                out_audio = gr.Audio(label="Audio Output")
+                btn_t.click(translate_text, [txt, lang, voice], [out_txt, out_audio])
+
+            with gr.Column(visible=False, elem_classes="tab-content") as notes_tab:
+                topic = gr.Textbox(label="Note Topic", placeholder="Enter the topic for your notes")
+                btn_n = gr.Button("Generate Notes", variant="primary")
+                note_out = gr.Textbox(lines=12, label="Generated Notes")
+                btn_n.click(generate_notes_typed, [topic, user_email], note_out)
+
+
+                btn_pdf = gr.Button("Export Notes as PDF", variant="secondary")
+                file_out = gr.File(visible=False, label="Download PDF")
+                btn_pdf.click(export_notes_to_pdf, [note_out, topic], file_out)
+                file_out.change(lambda _: gr.update(visible=True), outputs=file_out)
+
+            with gr.Column(visible=False, elem_classes="tab-content") as history_tab:
+                gr.Markdown("### 🕒 Chat History", elem_classes="header")
+                btn_clear = gr.Button("🗑️ Delete All History", variant="secondary")
+                chat_bubbles = gr.Chatbot(height=500, visible=False, type='messages')
+    with gr.Column(visible=False, elem_classes="forgot-ui") as forgot_ui:
+                gr.Markdown("### 🔑 Forgot Password")
+                email_input = gr.Textbox(label="Registered Email")
+                otp_input = gr.Textbox(label="OTP (sent to email)")
+                new_pwd = gr.Textbox(label="New Password", type="password")
+                confirm_pwd = gr.Textbox(label="Confirm Password", type="password")
+                status_fp = gr.Textbox(label="Status", interactive=False)
+
+                send_btn = gr.Button("Send OTP")
+                verify_btn = gr.Button("Reset Password")
+
+                def send_otp_fp(em):
+                    em = sanitize_input(em)
+                    if not is_valid_email(em):
+                        return "❌ Invalid email"
+                    if not get_username(em):
+                        return "❌ Email not registered"
+                    if send_otp(em):
+                        return "📧 OTP sent to your email"
+                    return "❌ Failed to send OTP"
+
+                send_btn.click(send_otp_fp, [email_input], status_fp)
+
+                def verify_and_reset_fp(em, otp_inp, pwd1, pwd2):
+                    em = sanitize_input(em)
+                    otp_inp = sanitize_input(otp_inp)
+                    pwd1 = sanitize_input(pwd1)
+                    pwd2 = sanitize_input(pwd2)
+
+                    if pwd1 != pwd2:
+                        return "❌ Passwords do not match"
+                    if len(pwd1) < 6:
+                        return "❌ Password too short"
+
+                    otp_data = otp_store.get(em)
+                    if otp_data and otp_inp == otp_data["otp"] and datetime.now() < otp_data["expires"]:
+                        hashed = bcrypt.hashpw(pwd1.encode(), bcrypt.gensalt()).decode()
+                        try:
+                            conn = get_pg_connection()
+                            cur = conn.cursor()
+                            cur.execute("UPDATE users SET hashed_password = %s WHERE email = %s", (hashed, em))
+                            conn.commit()
+                            return "✅ Password reset successful"
+                        except Exception as e:
+                            return f"❌ Error: {e}"
+                        finally:
+                            conn.close()
+                    return "❌ OTP invalid or expired"
+
+                verify_btn.click(verify_and_reset_fp, [email_input, otp_input, new_pwd, confirm_pwd], status_fp)
+
+                
+
+        
+
+    
+    def open_forgot_ui():
+        return (
+            gr.update(visible=False),  # login_ui
+            gr.update(visible=False),  # main_ui
+            gr.update(visible=True)   ) # forgot_ui
+
+    
+    btn_forgot.click(open_forgot_ui, [], [login_ui, main_ui, forgot_ui])
+
+    def on_nav_change(tab, em):
+        chat_v = (tab == "Chat")
+        tts_v = (tab == "Translate")
+        notes_v = (tab == "Notes")
+        hist_v = (tab == "Chat History")
+
+        chat_bubbles_update = render_chat_bubbles(em) if hist_v else gr.update(visible=False)
+
+        return (
+            gr.update(visible=chat_v),
+            gr.update(visible=tts_v),
+            gr.update(visible=notes_v),
+            gr.update(visible=hist_v),
+            chat_bubbles_update  # 👈 assign this directly to chat_bubbles
+        )
+
+
+    nav.change(on_nav_change, [nav, user_email],
+               [chat_tab, tts_tab, notes_tab, history_tab, chat_bubbles])
+
+    btn_clear.click(delete_all_history, user_email, [chatbot, chat_bubbles])
+    def on_login(em, pw, agree, csrf_token):
+        em = sanitize_input(em)
+        pw = sanitize_input(pw)
+        csrf_token = sanitize_input(csrf_token)
+
+        if not is_valid_email(em):
+            return (gr.update(visible=True), gr.update(visible=False), "", "❌ Invalid email", gr.update(value=[]), gr.update(visible=False))
+
+        if not agree:
+            return (gr.update(visible=True), gr.update(visible=False), "", "❌ Please accept the Terms & Conditions", gr.update(value=[]), gr.update(visible=False))
+
+        # ✅ CSRF Token Verification
+        try:
+            token_data = csrf_signer.loads(csrf_token)
+            if token_data["email"] != em:
+                return (gr.update(visible=True), gr.update(visible=False), "", "❌ CSRF token mismatch", gr.update(value=[]), gr.update(visible=False))
+        except Exception as e:
+            return (gr.update(visible=True), gr.update(visible=False), "", f"❌ Invalid CSRF token: {str(e)}", gr.update(value=[]), gr.update(visible=False))
+
+        if is_locked_out(em):
+            return (gr.update(visible=True), gr.update(visible=False), "", "🔒 Too many failed attempts. Try again later.", gr.update(value=[]), gr.update(visible=False))
+
+        if check_user(em, pw):
+            attempt_tracker[em] = []
+            token = generate_session_token(em)
+            new_csrf_token = generate_csrf_token(em)
+
+            return (
+                gr.update(visible=False),
+                gr.update(visible=True),
+                em,
+                f"✅ Logged in as {em}",
+                gr.update(value=[]),
+                gr.update(value=token, visible=False),
+                gr.update(value=new_csrf_token, visible=False)
+            )
+
+        attempt_tracker[em].append(datetime.now())
+        return (gr.update(visible=True), gr.update(visible=False), "", "❌ Wrong credentials", gr.update(value=[]), gr.update(visible=False))
+
+
+
+
+
+    session_token_box = gr.Textbox(visible=False)  # Define this once at top
+
+    btn_login.click(
+        on_login,
+        [email, pwd, agree_checkbox,csrf_token_box],
+        [login_ui, main_ui, user_email, status, chatbot, session_token_box]
+    )
+
+
+
+
+    def on_signup(em, pw, un, agree):
+        em = sanitize_input(em)
+        pw = sanitize_input(pw)
+        un = sanitize_input(un)
+        if not is_valid_email(em): return "❌ Invalid email"
+        if get_username(em): return "❌ Already registered"
+        if not agree:
+            return  "❌ Please accept the Terms & Conditions"
+        if send_otp(em):
+            otp_store[em + "_pw"] = pw
+            otp_store[em + "_un"] = un
+            return "📧 OTP sent"
+        
+        return "❌ OTP failed"
+
+    btn_signup.click(on_signup, [email, pwd, username_box, agree_checkbox], status)
+
+    def on_verify(em, otp_inp):
+        em = sanitize_input(em)
+        otp_inp = sanitize_input(otp_inp)
+        otp_data = otp_store.get(em)
+        pw = otp_store.get(em + "_pw", "")
+        un = otp_store.get(em + "_un", "")
+        if otp_data and otp_inp == otp_data['otp'] and datetime.now() < otp_data['expires'] and pw and un:
+            save_user(em, pw, un)
+            del otp_store[em], otp_store[em + "_pw"], otp_store[em + "_un"]
+            return "✅ Signup complete—please login"
+        return "❌ Wrong OTP"
+    btn_verify.click(on_verify, [email, otp_box], status)
+
+
+  # ✅ 1. FastAPI app created first
+
+
+
+fastapi_app.mount("/", WSGIMiddleware(app.launch(prevent_thread_lock=True)))
+
+
+@fastapi_app.get("/ping")
+def health_check():
+    return {"status": "✅ FastAPI is working"}
+
+
+# Mount your Gradio app at `/`
+fastapi_app.mount("/", WSGIMiddleware(app))
+
+@fastapi_app.post("/login")
+async def fastapi_login(request: Request):
+    try:
+        data = await request.json()
+        email = sanitize_input(data.get("email", ""))
+        password = sanitize_input(data.get("password", ""))
+        csrf_token = sanitize_input(data.get("csrf_token", ""))
+                # ✅ Check CSRF token format
+        if not csrf_token or '.' not in csrf_token:
+            return JSONResponse(status_code=403, content={"success": False, "message": "❌ Invalid CSRF token format"})
+
+        try:
+            csrf_payload = csrf_signer.loads(csrf_token)
+            if csrf_payload.get("email") != email:
+                return JSONResponse(status_code=403, content={"success": False, "message": "❌ CSRF email mismatch"})
+        except Exception as e:
+            return JSONResponse(status_code=403, content={"success": False, "message": f"❌ Invalid CSRF token: {str(e)}"})
+
+
+        # 1. Check if email and password are valid
+        if not is_valid_email(email) or not check_user(email, password):
+            return JSONResponse(status_code=401, content={"success": False, "message": "❌ Invalid credentials"})
+
+        # 2. Validate CSRF token
+        session_token = request.cookies.get(SESSION_COOKIE_NAME)
+        if not session_token:
+            return JSONResponse(status_code=403, content={"success": False, "message": "❌ Missing session token"})
+        
+        try:
+            # Re-sign the email from session cookie to validate it's still intact
+            signed_email = signer.unsign(session_token, max_age=SESSION_EXPIRY_SECONDS).decode()
+            if signed_email != email:
+                return JSONResponse(status_code=403, content={"success": False, "message": "❌ Email mismatch in session"})
+        except Exception as e:
+            return JSONResponse(status_code=403, content={"success": False, "message": f"❌ Invalid session token: {str(e)}"})
+
+        # Optional: Match CSRF token logic if you're storing tokens somewhere
+
+        # 3. If everything is valid, regenerate session
+        new_token = generate_session_token(email)
+
+        response = JSONResponse(content={"success": True, "message": "✅ Logged in successfully"})
+        response.set_cookie(
+            key=SESSION_COOKIE_NAME,
+            value=new_token,
+            httponly=True,
+            secure=os.getenv("USE_HTTPS", "false").lower() == "true",
+            samesite="Strict",
+            max_age=SESSION_EXPIRY_SECONDS,
+            path="/"
+        )
+        return response
+
+    except Exception as e:
+        return JSONResponse(status_code=500, content={"success": False, "message": f"❌ Server error: {str(e)}"})
+
+
+@fastapi_app.get("/check-login")
+def check_login(request: Request):
+    token = request.cookies.get(SESSION_COOKIE_NAME)
+    try:
+        email = signer.unsign(token, max_age=SESSION_EXPIRY_SECONDS).decode()
+        return {"status": "✅ Logged in", "email": email}
+    except Exception:
+        return {"status": "❌ Invalid or expired session"}
+
+if __name__ == "__main__":
+    uvicorn.run(fastapi_app, host="0.0.0.0", port=7860)
+
+

requirements.txt

@@ -0,0 +1,12 @@
+gradio
+fastapi
+uvicorn
+edge-tts
+torch
+transformers
+deep-translator
+python-dotenv
+bcrypt
+psycopg2
+reportlab
+itsdangerous