Update app.py

app.py

@@ -44,24 +44,17 @@ def token_required(f):
     def decorated(*args, **kwargs):
         token = request.headers.get('Authorization')
         if not token:
-            print("No token provided")
             return jsonify({'message': 'Token is missing!'}), 401
         try:
             token = token.split(" ")[1] if token.startswith("Bearer ") else token
             data = jwt.decode(token, app.config['SECRET_KEY'], algorithms=["HS256"])
             current_user = db.users.find_one({'_id': ObjectId(data['user_id'])})
             if not current_user:
-                print(f"User not found for id: {data['user_id']}")
                 raise jwt.InvalidTokenError
         except jwt.ExpiredSignatureError:
-            print("Token has expired")
             return jsonify({'message': 'Token has expired!'}), 401
         except jwt.InvalidTokenError:
-            print("Invalid token")
             return jsonify({'message': 'Invalid token!'}), 401
-        except Exception as e:
-            print(f"Unexpected error: {str(e)}")
-            return jsonify({'message': 'Token verification failed!'}), 401
         return f(current_user, *args, **kwargs)
     return decorated
 
@@ -100,6 +93,12 @@ def login():
 def verify_token(current_user):
     return jsonify({'user': {'id': str(current_user['_id']), 'username': current_user['username'], 'email': current_user['email']}}), 200
 
+@app.route('/api/auth/logout', methods=['POST'])
+@token_required
+def logout(current_user):
+    # 由于使用JWT,服务器端不需要做特殊处理
+    return jsonify({'message': 'Successfully logged out'}), 200
+
 @app.route('/api/products', methods=['GET'])
 def get_products():
     product_type = request.args.get('type', 'all')
@@ -234,39 +233,68 @@ def remove_from_cart(current_user, item_id):
 def create_order(current_user):
     data = request.json
     order = {
-        'user_id': current_user['_id'],
+        'user_id': str(current_user['_id']),
+        'orderNumber': generate_order_number(),
         'items': data['items'],
-        'total': data['total'],
-        'status': 'pending',
-        'created_at': datetime.utcnow(),
-        'updated_at': datetime.utcnow()
+        'subtotal': sum(item['price'] * item['quantity'] for item in data['items']),
+        'shippingFee': 10,  # 固定运费,您可以根据需要修改
+        'total': sum(item['price'] * item['quantity'] for item in data['items']) + 10,
+        'status': 'unpaid',
+        'createdAt': datetime.utcnow(),
+        'updatedAt': datetime.utcnow(),
+        'paymentMethod': 'Pending',
+        'shippingAddress': data.get('shippingAddress', {})
     }
     result = db.orders.insert_one(order)
     return jsonify({'message': 'Order created successfully', 'order_id': str(result.inserted_id)}), 201
 
-@app.route('/api/orders', methods=['GET'])
-@token_required
-def get_orders(current_user):
-    orders = list(db.orders.find({'user_id': current_user['_id']}))
-    for order in orders:
-        order['_id'] = str(order['_id'])
-        order['user_id'] = str(order['user_id'])
-        for item in order['items']:
-            item['product_id'] = str(item['product_id'])
-    return jsonify({'data': orders}), 200
-
 @app.route('/api/orders/<order_id>', methods=['GET'])
 @token_required
 def get_order_details(current_user, order_id):
-    order = db.orders.find_one({'_id': ObjectId(order_id), 'user_id': current_user['_id']})
+    order = db.orders.find_one({'_id': ObjectId(order_id), 'user_id': str(current_user['_id'])})
     if order:
         order['_id'] = str(order['_id'])
-        order['user_id'] = str(order['user_id'])
-        for item in order['items']:
-            item['product_id'] = str(item['product_id'])
         return jsonify({'data': order}), 200
     return jsonify({'message': 'Order not found'}), 404
 
+@app.route('/api/orders/<order_id>/status', methods=['PUT'])
+@token_required
+def update_order_status(current_user, order_id):
+    data = request.json
+    new_status = data.get('status')
+    if not new_status:
+        return jsonify({'message': 'Status is required'}), 400
+
+    order = db.orders.find_one({'_id': ObjectId(order_id), 'user_id': str(current_user['_id'])})
+    if not order:
+        return jsonify({'message': 'Order not found'}), 404
+
+    update_data = {
+        'status': new_status,
+        'updatedAt': datetime.utcnow()
+    }
+
+    if new_status == 'unshipped':
+        update_data['paymentMethod'] = data.get('paymentMethod', 'Not specified')
+
+    db.orders.update_one({'_id': ObjectId(order_id)}, {'$set': update_data})
+
+    return jsonify({'message': 'Order status updated successfully'}), 200
+
+@app.route('/api/orders', methods=['GET'])
+@token_required
+def get_user_orders(current_user):
+    status = request.args.get('status')
+    query = {'user_id': str(current_user['_id'])}
+    if status:
+        query['status'] = status
+    
+    orders = list(db.orders.find(query).sort('createdAt', -1))
+    for order in orders:
+        order['_id'] = str(order['_id'])
+    
+    return jsonify({'data': orders}), 200
+
 @app.route('/api/upload', methods=['POST'])
 @token_required
 def upload_image(current_user):
@@ -281,13 +309,8 @@ def upload_image(current_user):
         url = f"https://{bucket_name}.{endpoint}/{filename}"
         return jsonify({'message': 'File uploaded successfully', 'url': url}), 200
 
-@app.route('/api/auth/logout', methods=['POST'])
-@token_required
-def logout(current_user):
-    # 在这里，我们实际上不需要做太多事情，因为 JWT 是无状态的
-    # 客户端只需要删除本地存储的 token 即可
-    # 但是，我们可以在这里添加一些额外的逻辑，比如记录用户登出时间等
-    return jsonify({'message': 'Successfully logged out'}), 200
+def generate_order_number():
+    return f"ORD{datetime.utcnow().strftime('%Y%m%d%H%M%S')}{random.randint(1000, 9999)}"
 
 if __name__ == '__main__':
     app.run(host='0.0.0.0', port=7860, debug=True)