Update app.py

app.py

@@ -84,13 +84,15 @@ app = FastAPI(
     lifespan=lifespan
 )
 
-# CORS middleware (configure as needed)
+# CORS middleware - PERMISSIVE for Flutter/Dreamflow
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=["*"],  # Configure appropriately for production
+    allow_origins=["*"],  # Allow all origins (Flutter web, HF spaces, localhost)
     allow_credentials=True,
-    allow_methods=["*"],
-    allow_headers=["*"],
+    allow_methods=["*"],  # Allow all HTTP methods
+    allow_headers=["*"],  # Allow all headers
+    expose_headers=["*"],  # Expose all response headers
+    max_age=3600,  # Cache preflight for 1 hour
 )
 
 
@@ -134,6 +136,23 @@ class VerificationResponse(BaseModel):
     assistant: Optional[dict] = None
 
 
+# ============================================================================
+# CORS PREFLIGHT HANDLER
+# ============================================================================
+
+@app.options("/{rest_of_path:path}")
+async def preflight_handler(rest_of_path: str):
+    """Handle CORS preflight requests."""
+    return JSONResponse(
+        content={"message": "OK"},
+        headers={
+            "Access-Control-Allow-Origin": "*",
+            "Access-Control-Allow-Methods": "*",
+            "Access-Control-Allow-Headers": "*",
+        }
+    )
+
+
 # ============================================================================
 # ERROR HANDLERS
 # ============================================================================
@@ -386,6 +405,160 @@ async def verify_proof(request: VerifyProofRequest):
     )
 
 
+@app.post("/proof/verify/file")
+async def verify_proof_with_file(
+    proof_id: str = Form(...),
+    file: UploadFile = File(...)
+):
+    """
+    Verify a proof by uploading the original file.
+    
+    This endpoint:
+    1. Accepts proof ID + file upload
+    2. Retrieves original proof from storage
+    3. Recomputes hash from uploaded file
+    4. Compares hashes
+    5. Returns verification result with original timestamp
+    
+    Args:
+        proof_id: Unique proof identifier
+        file: Original file to verify
+        
+    Returns:
+        - is_valid: True if hashes match, False if tampered
+        - original_hash: Hash from original proof
+        - computed_hash: Hash from uploaded file
+        - original_timestamp: When proof was created
+        - message: Human-readable result
+    """
+    if not orchestrator:
+        raise HTTPException(status_code=503, detail="Service not initialized")
+    
+    logger.info(f"Verifying proof {proof_id} with file: {file.filename}")
+    
+    # Read uploaded file
+    content = await file.read()
+    
+    if len(content) == 0:
+        raise ValidationError("Uploaded file is empty")
+    
+    # Verify proof
+    result = orchestrator.verify_proof(proof_id, content)
+    
+    if not result["success"]:
+        raise HTTPException(
+            status_code=500,
+            detail=result.get("message", "Verification failed")
+        )
+    
+    verification_result = result["verification_result"]
+    
+    # Get original proof for timestamp
+    proof_result = orchestrator.get_proof(proof_id)
+    original_proof = proof_result.get("proof") if proof_result["success"] else None
+    
+    return {
+        "success": True,
+        "is_valid": verification_result.is_valid,
+        "proof_id": proof_id,
+        "original_hash": verification_result.original_hash,
+        "computed_hash": verification_result.computed_hash,
+        "original_timestamp": original_proof.timestamp if original_proof else None,
+        "original_filename": original_proof.metadata.get("filename") if original_proof else None,
+        "file_size": len(content),
+        "message": verification_result.message,
+        "assistant": result.get("assistant")
+    }
+
+
+@app.get("/proof/{proof_id}/details")
+async def get_proof_details(proof_id: str):
+    """
+    Get detailed information about a proof by its ID.
+    Shows everything: hash, timestamp, file info, OCR results.
+    
+    Args:
+        proof_id: Unique proof identifier
+        
+    Returns:
+        Complete proof details including:
+        - Hash
+        - Original timestamp
+        - File name and size
+        - OCR results (if applicable)
+        - Content type
+    """
+    if not orchestrator:
+        raise HTTPException(status_code=503, detail="Service not initialized")
+    
+    logger.info(f"Getting details for proof: {proof_id}")
+    
+    result = orchestrator.get_proof(proof_id)
+    
+    if not result["success"]:
+        raise ProofNotFoundError(f"Proof not found: {proof_id}")
+    
+    proof = result["proof"]
+    
+    return {
+        "success": True,
+        "proof_id": proof.proof_id,
+        "hash": proof.content_hash,
+        "hash_algorithm": proof.hash_algorithm,
+        "timestamp": proof.timestamp,
+        "content_type": proof.content_type,
+        "file_size": proof.content_size,
+        "filename": proof.metadata.get("filename"),
+        "ocr_status": proof.ocr_status,
+        "extracted_text": proof.extracted_text,
+        "message": "Proof details retrieved successfully"
+    }
+
+
+@app.post("/proof/verify/hash")
+async def verify_by_hash(
+    proof_id: str = Form(...),
+    hash_to_verify: str = Form(...)
+):
+    """
+    Verify a proof by comparing hashes directly.
+    Useful when you've computed the hash separately.
+    
+    Args:
+        proof_id: Unique proof identifier
+        hash_to_verify: SHA-256 hash to compare
+        
+    Returns:
+        Verification result with timestamp info
+    """
+    if not orchestrator:
+        raise HTTPException(status_code=503, detail="Service not initialized")
+    
+    logger.info(f"Verifying proof {proof_id} with hash: {hash_to_verify[:16]}...")
+    
+    # Get original proof
+    result = orchestrator.get_proof(proof_id)
+    
+    if not result["success"]:
+        raise ProofNotFoundError(f"Proof not found: {proof_id}")
+    
+    proof = result["proof"]
+    
+    # Compare hashes
+    is_valid = proof.content_hash.lower() == hash_to_verify.lower()
+    
+    return {
+        "success": True,
+        "is_valid": is_valid,
+        "proof_id": proof_id,
+        "original_hash": proof.content_hash,
+        "provided_hash": hash_to_verify,
+        "original_timestamp": proof.timestamp,
+        "original_filename": proof.metadata.get("filename"),
+        "message": "Hash match: proof is valid" if is_valid else "Hash mismatch: content has been modified"
+    }
+
+
 # ============================================================================
 # AI ASSISTANT ENDPOINTS (OPTIONAL)
 # ============================================================================
@@ -436,7 +609,10 @@ async def root():
             "create_text_proof": "POST /proof/create/text",
             "create_file_proof": "POST /proof/create/file",
             "get_proof": "GET /proof/{proof_id}",
+            "get_proof_details": "GET /proof/{proof_id}/details",
             "verify_proof": "POST /proof/verify",
+            "verify_proof_file": "POST /proof/verify/file",
+            "verify_proof_hash": "POST /proof/verify/hash",
             "ask_assistant": "POST /assistant/ask (optional)"
         }
     }
@@ -453,7 +629,7 @@ if __name__ == "__main__":
     uvicorn.run(
         "app:app",
         host="0.0.0.0",
-        port=7860,
+        port=8000,
         reload=True,  # Enable auto-reload in development
         log_level="info"
     )