fyp

app/ai/agent/brain.py

@@ -86,7 +86,12 @@ AVAILABLE_TOOLS = """
    - This saves their last search criteria so they get a DM when a matching property is listed
    - Only use AFTER a search with 0 results where user was prompted about notifications
 
-8. respond(message: str)
+8. delete_listing(listing_id: str)
+   - Use this IMMEDIATELY when user says "delete listing X" or confirms deletion
+   - The UI handles the "Are you sure?" confirmation dialog, so if you receive this command, EXECUTE it.
+   - Do not ask for confirmation again.
+
+9. respond(message: str)
    - Use this for general chat, greeting, or asking clarifying questions
    - If no other tool fits, use this
 """

app/config.py

@@ -50,8 +50,8 @@ class Settings(BaseSettings):
     JWT_SECRET: str = os.getenv("JWT_SECRET", "")  # MUST be set in production
     JWT_REFRESH_SECRET: str = os.getenv("JWT_REFRESH_SECRET", "")  # Separate secret for refresh tokens
     JWT_ALGORITHM: str = "HS256"
-    JWT_ACCESS_EXPIRY_MINUTES: int = 15  # Short-lived access token (15 min)
-    JWT_REFRESH_EXPIRY_DAYS: int = 30    # Long-lived refresh token (30 days)
+    JWT_ACCESS_EXPIRY_MINUTES: int = 60 * 24 * 60  # Long-lived access token (60 days)
+    JWT_REFRESH_EXPIRY_DAYS: int = 60    # (Unused/Legacy)
     JWT_RESET_EXPIRY_MINUTES: int = 10
     JWT_ISSUER: str = "lojiz-api"
     JWT_AUDIENCE: str = "lojiz-app"

app/core/security.py

@@ -232,19 +232,19 @@ def create_token_pair(
     role: str,
 ) -> Dict[str, str]:
     """
-    Create both access and refresh tokens for login.
-    Returns dict with both tokens.
+    Create long-lived access token for login.
+    Returns dict with access_token.
     """
     access_token = create_access_token(user_id, email, phone, role)
-    refresh_token = create_refresh_token(user_id, email, phone, role)
+    # refresh_token = create_refresh_token(user_id, email, phone, role) # DEPRECATED
     
-    logger.info(f"Token pair created for user: {user_id}")
+    logger.info(f"Long-lived token created for user: {user_id}")
     
     return {
         "access_token": access_token,
-        "refresh_token": refresh_token,
+        # "refresh_token": refresh_token, # DEPRECATED
         "token_type": "bearer",
-        "expires_in": settings.JWT_ACCESS_EXPIRY_MINUTES * 60,  # In seconds
+        "expires_in": settings.JWT_ACCESS_EXPIRY_MINUTES * 60,  # In seconds (60 days)
     }
 
 # ============================================================

app/routes/auth.py

@@ -181,49 +181,9 @@ async def logout(current_user: dict = Depends(get_current_user)):
 # REFRESH TOKEN ENDPOINT
 # ============================================================
 
-from pydantic import BaseModel
-
-class RefreshTokenDto(BaseModel):
-    refresh_token: str
+# ============================================================
+# REFRESH TOKEN ENDPOINT
+# ============================================================
 
-@router.post("/refresh", status_code=status.HTTP_200_OK)
-async def refresh_tokens(dto: RefreshTokenDto):
-    """
-    Refresh Access Token
-    
-    Use this endpoint to get a new access token when the current one expires.
-    Send your refresh_token in the request body.
-    
-    Returns new access_token and refresh_token pair.
-    
-    **Frontend Implementation:**
-    1. When API returns 401 (token expired)
-    2. Call this endpoint with your stored refresh_token
-    3. Store the new tokens and retry the original request
-    """
-    from app.core.security import verify_refresh_token, create_token_pair
-    
-    payload = verify_refresh_token(dto.refresh_token)
-    
-    if not payload:
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED,
-            detail="Invalid or expired refresh token. Please login again.",
-            headers={"WWW-Authenticate": "Bearer"},
-        )
-    
-    # Generate new token pair
-    tokens = create_token_pair(
-        user_id=payload.get("user_id"),
-        email=payload.get("email"),
-        phone=payload.get("phone"),
-        role=payload.get("role"),
-    )
-    
-    logger.info(f"Tokens refreshed for user: {payload.get('user_id')}")
-    
-    return {
-        "success": True,
-        "message": "Tokens refreshed successfully.",
-        "data": tokens,
-    }
+# DEPRECATED: Refresh token mechanism replaced by 60-day long-lived access tokens
+# Endpoint removed to simplify auth flow.

app/services/auth_service.py

@@ -197,7 +197,7 @@ class AuthService:
             # Delete OTP
             await otp_service.delete_otp(identifier, "signup")
             
-            # Generate token pair (access + refresh)
+            # Generate token pair (access only)
             tokens = create_token_pair(
                 user_id=str(user["_id"]),
                 email=user.get("email"),
@@ -212,7 +212,7 @@ class AuthService:
                 "message": "Welcome! Your account is now verified.",
                 "data": {
                     "user": User.format_response(user),
-                    **tokens,  # access_token, refresh_token, token_type, expires_in
+                    **tokens,  # access_token, token_type, expires_in
                 },
             }
         
@@ -277,7 +277,7 @@ class AuthService:
                 {"$set": {"lastLogin": now, "updatedAt": now}}
             )
             
-            # Generate token pair (access + refresh)
+            # Generate token pair (access only)
             tokens = create_token_pair(
                 user_id=str(user["_id"]),
                 email=user.get("email"),
@@ -292,7 +292,7 @@ class AuthService:
                 "message": "Login successful!",
                 "data": {
                     "user": User.format_response(user),
-                    **tokens,  # access_token, refresh_token, token_type, expires_in
+                    **tokens,  # access_token, token_type, expires_in
                 },
             }