Hugging Face's logo

Spaces:
prodevroger
/
ishingiro
Sleeping

App Files Community
ishingiro / app.py
IZERE HIRWA Roger
l
bf6d969
raw
history blame contribute delete
206 kB
 import os
import sys
import time
import uuid
import json
import re
import sqlite3
import numpy as np
import tempfile
import smtplib
import secrets
import math
import traceback
from flask import Flask, request, jsonify, send_from_directory, render_template, redirect
from flask_cors import CORS
# Replace direct ollama import with OpenAI client
from openai import OpenAI
from dotenv import load_dotenv
from werkzeug.security import generate_password_hash, check_password_hash
from datetime import datetime
from werkzeug.utils import secure_filename
from typing import Dict, List, Tuple, Optional
from translation_service import translation_service
from sms_service import initialize_sms_service, get_sms_service
from config import current_config
# Initialize OpenAI client for Ollama
openai_client = OpenAI(
base_url=current_config.OLLAMA_BASE_URL,
api_key=current_config.OLLAMA_API_KEY
)
# --- Minimal retry helpers for OpenAI calls ---
def _retry_openai_call(func, *args, _retries=1, _delay=0.5, **kwargs):
last_err = None
for attempt in range(_retries + 1):
try:
return func(*args, **kwargs)
except Exception as e:
last_err = e
app.logger.warning(f"OpenAI call attempt {attempt + 1} failed: {e}")
if attempt < _retries:
time.sleep(_delay * (attempt + 1))
else:
app.logger.error(f"All {_retries + 1} OpenAI call attempts failed")
raise last_err
# --- Minimal retry helper for Ollama style calls (keeps API parity with older code) ---
def _retry_ollama_call(func, *args, _retries=1, _delay=0.5, **kwargs):
"""
Retry wrapper for OpenAI API calls that maintains compatibility with old Ollama calls.
Maps Ollama-style parameters to OpenAI format.
"""
last_err = None
for attempt in range(_retries + 1):
try:
# Map Ollama chat parameters to OpenAI format
if func == openai_client.chat.completions.create:
# Extract options if present
options = kwargs.pop('options', {})
# Merge options into kwargs
kwargs.update({
'temperature': options.get('temperature', 0.7),
'top_p': options.get('top_p', 0.9),
'max_tokens': options.get('max_tokens', 1024)
})
response = func(*args, **kwargs)
# Map OpenAI response to Ollama format
return {
'message': {
'content': response.choices[0].message.content
}
}
return func(*args, **kwargs)
except Exception as e:
last_err = e
try:
app.logger.error(f"API call failed (attempt {attempt + 1}): {str(e)}")
except Exception:
pass
if attempt < _retries:
time.sleep(_delay * (attempt + 1))
else:
app.logger.error(f"All {_retries + 1} API call attempts failed")
raise last_err
# --- Helper Functions ---
def get_time_ago(timestamp):
"""Convert timestamp to human-readable time ago format"""
if not timestamp:
return "Unknown"
now = time.time()
diff = now - timestamp
if diff < 60:
return f"{int(diff)}s ago"
elif diff < 3600:
return f"{int(diff/60)}m ago"
elif diff < 86400:
return f"{int(diff/3600)}h ago"
elif diff < 604800:
return f"{int(diff/86400)}d ago"
else:
return f"{int(diff/604800)}w ago"
# --- Constants ---
DATA_DIR = "data" # knowledgebase directory containing source files
STORAGE_DIR = "storage"
DB_FILE = current_config.DB_FILE
EMBED_FILE = current_config.EMBED_FILE
CHAT_MODEL = current_config.CHAT_MODEL
EMBED_MODEL = current_config.EMBED_MODEL
# sentence-level embedder used for query / semantic search (prefer sentence-transformers by default)
SENT_EMBED_MODEL = current_config.SENT_EMBED_MODEL
# lazy-loaded SentenceTransformer instance (only used when SENT_EMBED_MODEL points to a sentence-transformers model)
SENT_MODEL = None
USE_SENT_TRANSFORMERS = SENT_EMBED_MODEL.startswith("sentence-transformers/")
# --- Email Configuration ---
SMTP_SERVER = current_config.SMTP_SERVER
SMTP_PORT = current_config.SMTP_PORT
SMTP_USERNAME = current_config.SMTP_USERNAME
SMTP_PASSWORD = current_config.SMTP_PASSWORD
FROM_EMAIL = current_config.FROM_EMAIL
# --- SMS Configuration ---
HDEV_SMS_API_ID = current_config.HDEV_SMS_API_ID
HDEV_SMS_API_KEY = current_config.HDEV_SMS_API_KEY
def send_password_reset_email(to_email, username, reset_code):
"""
Send password reset email with the reset code.
"""
if not SMTP_USERNAME or not SMTP_PASSWORD:
# If no email credentials are configured, just log the code
app.logger.info(f"Password reset code for {username} ({to_email}): {reset_code}")
raise Exception("Email service not configured")
try:
# Create message
msg = MIMEMultipart('alternative')
msg['Subject'] = "AIMHSA - Password Reset Code"
msg['From'] = FROM_EMAIL
msg['To'] = to_email
# Create HTML email content
html_content = f"""
<html>
<body style="font-family: Arial, sans-serif; line-height: 1.6; color: #333;">
<div style="max-width: 600px; margin: 0 auto; padding: 20px;">
<div style="text-align: center; margin-bottom: 30px;">
<h1 style="color: #2c5aa0;">AIMHSA</h1>
<p style="color: #666;">Mental Health Companion for Rwanda</p>
</div>
<div style="background-color: #f8f9fa; padding: 30px; border-radius: 8px; margin-bottom: 20px;">
<h2 style="color: #2c5aa0; margin-top: 0;">Password Reset Request</h2>
<p>Hello {username},</p>
<p>You have requested to reset your password for your AIMHSA account. Use the code below to reset your password:</p>
<div style="text-align: center; margin: 30px 0;">
<div style="background-color: #2c5aa0; color: white; padding: 15px 30px; border-radius: 5px; font-size: 24px; font-weight: bold; letter-spacing: 3px; display: inline-block;">
{reset_code}
</div>
</div>
<p><strong>Important:</strong></p>
<ul>
<li>This code will expire in 15 minutes</li>
<li>This code can only be used once</li>
<li>If you didn't request this reset, please ignore this email</li>
</ul>
</div>
<div style="text-align: center; color: #666; font-size: 12px;">
<p>© 2024 AIMHSA - Mental Health Companion for Rwanda</p>
<p>This is an automated message, please do not reply to this email.</p>
</div>
</div>
</body>
</html>
"""
# Create plain text version
text_content = f"""
AIMHSA - Password Reset Code
Hello {username},
You have requested to reset your password for your AIMHSA account.
Your reset code is: {reset_code}
Important:
- This code will expire in 15 minutes
- This code can only be used once
- If you didn't request this reset, please ignore this email
© 2024 AIMHSA - Mental Health Companion for Rwanda
"""
# Attach parts
part1 = MIMEText(text_content, 'plain')
part2 = MIMEText(html_content, 'html')
msg.attach(part1)
msg.attach(part2)
# Send email
server = smtplib.SMTP(SMTP_SERVER, SMTP_PORT)
server.starttls()
server.login(SMTP_USERNAME, SMTP_PASSWORD)
server.send_message(msg)
server.quit()
app.logger.info(f"Password reset email sent to {to_email}")
except Exception as e:
app.logger.error(f"Failed to send password reset email: {e}")
raise
def init_storage():
os.makedirs(os.path.dirname(DB_FILE), exist_ok=True)
# ensure embeddings storage dir exists too
os.makedirs(os.path.dirname(EMBED_FILE), exist_ok=True)
conn = sqlite3.connect(DB_FILE)
try:
conn.execute("""
CREATE TABLE IF NOT EXISTS messages (
id INTEGER PRIMARY KEY AUTOINCREMENT,
conv_id TEXT NOT NULL,
role TEXT NOT NULL,
content TEXT NOT NULL,
ts REAL NOT NULL
)
""")
# attachments table: stores extracted text per uploaded file
conn.execute("""
CREATE TABLE IF NOT EXISTS attachments (
id INTEGER PRIMARY KEY AUTOINCREMENT,
conv_id TEXT NOT NULL,
filename TEXT NOT NULL,
text TEXT NOT NULL,
ts REAL NOT NULL
)
""")
# sessions table: map an ip/account key to a conversation id
conn.execute("""
CREATE TABLE IF NOT EXISTS sessions (
id INTEGER PRIMARY KEY AUTOINCREMENT,
key TEXT UNIQUE NOT NULL,
conv_id TEXT NOT NULL,
ts REAL NOT NULL
)
""")
# users table: store user information
conn.execute("""
CREATE TABLE IF NOT EXISTS users (
username TEXT PRIMARY KEY,
password_hash TEXT NOT NULL,
created_ts REAL NOT NULL
)
""")
# Check if new columns exist and add them if they don't
cursor = conn.execute("PRAGMA table_info(users)")
columns = [column[1] for column in cursor.fetchall()]
if 'email' not in columns:
conn.execute("ALTER TABLE users ADD COLUMN email TEXT")
if 'fullname' not in columns:
conn.execute("ALTER TABLE users ADD COLUMN fullname TEXT")
if 'telephone' not in columns:
conn.execute("ALTER TABLE users ADD COLUMN telephone TEXT")
if 'province' not in columns:
conn.execute("ALTER TABLE users ADD COLUMN province TEXT")
if 'district' not in columns:
conn.execute("ALTER TABLE users ADD COLUMN district TEXT")
# Update existing records with default values if they have NULL values
conn.execute("""
UPDATE users
SET email = 'user@example.com',
fullname = 'User',
telephone = '+250000000000',
province = 'Kigali',
district = 'Gasabo'
WHERE email IS NULL OR fullname IS NULL OR telephone IS NULL OR province IS NULL OR district IS NULL
""")
# Make email unique for new records only
try:
conn.execute("CREATE UNIQUE INDEX IF NOT EXISTS users_email_unique ON users(email)")
except:
pass # Index might already exist
# password resets: username + token + expiry
conn.execute("""
CREATE TABLE IF NOT EXISTS password_resets (
id INTEGER PRIMARY KEY AUTOINCREMENT,
username TEXT NOT NULL,
token TEXT UNIQUE NOT NULL,
expires_ts REAL NOT NULL,
used INTEGER DEFAULT 0
)
""")
# conversations table: metadata for user-visible conversation list
conn.execute("""
CREATE TABLE IF NOT EXISTS conversations (
conv_id TEXT PRIMARY KEY,
owner_key TEXT,
preview TEXT,
ts REAL
)
""")
# Add archived column if missing
try:
cur = conn.execute("PRAGMA table_info(conversations)")
cols = [r[1] for r in cur.fetchall()]
if "archived" not in cols:
conn.execute("ALTER TABLE conversations ADD COLUMN archived INTEGER DEFAULT 0")
if "archive_pw_hash" not in cols:
conn.execute("ALTER TABLE conversations ADD COLUMN archive_pw_hash TEXT")
if "booking_prompt_shown" not in cols:
conn.execute("ALTER TABLE conversations ADD COLUMN booking_prompt_shown INTEGER DEFAULT 0")
except Exception:
pass
# --- NEW TABLES FOR THERAPY BOOKING SYSTEM ---
# Professionals table (doctors, therapists, counselors)
conn.execute("""
CREATE TABLE IF NOT EXISTS professionals (
id INTEGER PRIMARY KEY AUTOINCREMENT,
username TEXT UNIQUE NOT NULL,
password_hash TEXT NOT NULL,
first_name TEXT NOT NULL,
last_name TEXT NOT NULL,
email TEXT NOT NULL,
phone TEXT,
license_number TEXT,
specialization TEXT NOT NULL,
expertise_areas TEXT NOT NULL,
location_latitude REAL,
location_longitude REAL,
location_address TEXT,
district TEXT,
availability_schedule TEXT,
max_patients_per_day INTEGER DEFAULT 10,
consultation_fee REAL,
languages TEXT,
qualifications TEXT,
experience_years INTEGER,
bio TEXT,
profile_picture TEXT,
is_active BOOLEAN DEFAULT 1,
created_ts REAL NOT NULL,
updated_ts REAL NOT NULL
)
""")
# Risk assessment table for conversation monitoring
conn.execute("""
CREATE TABLE IF NOT EXISTS risk_assessments (
id INTEGER PRIMARY KEY AUTOINCREMENT,
conv_id TEXT NOT NULL,
user_query TEXT NOT NULL,
risk_score REAL NOT NULL,
risk_level TEXT NOT NULL,
detected_indicators TEXT,
assessment_timestamp REAL NOT NULL,
processed BOOLEAN DEFAULT 0,
booking_created BOOLEAN DEFAULT 0
)
""")
# Automated bookings table
conn.execute("""
CREATE TABLE IF NOT EXISTS automated_bookings (
id INTEGER PRIMARY KEY AUTOINCREMENT,
booking_id TEXT UNIQUE NOT NULL,
conv_id TEXT NOT NULL,
user_account TEXT,
user_ip TEXT,
professional_id INTEGER NOT NULL,
risk_level TEXT NOT NULL,
risk_score REAL NOT NULL,
detected_indicators TEXT,
conversation_summary TEXT,
booking_status TEXT DEFAULT 'pending',
scheduled_datetime REAL,
session_duration INTEGER DEFAULT 60,
session_type TEXT DEFAULT 'emergency',
location_preference TEXT,
notes TEXT,
created_ts REAL NOT NULL,
updated_ts REAL NOT NULL,
FOREIGN KEY (professional_id) REFERENCES professionals (id)
)
""")
# Professional notifications
conn.execute("""
CREATE TABLE IF NOT EXISTS professional_notifications (
id INTEGER PRIMARY KEY AUTOINCREMENT,
professional_id INTEGER NOT NULL,
booking_id TEXT NOT NULL,
notification_type TEXT NOT NULL,
title TEXT NOT NULL,
message TEXT NOT NULL,
is_read BOOLEAN DEFAULT 0,
priority TEXT DEFAULT 'normal',
created_ts REAL NOT NULL,
FOREIGN KEY (professional_id) REFERENCES professionals (id)
)
""")
# Session records
conn.execute("""
CREATE TABLE IF NOT EXISTS therapy_sessions (
id INTEGER PRIMARY KEY AUTOINCREMENT,
booking_id TEXT NOT NULL,
professional_id INTEGER NOT NULL,
conv_id TEXT NOT NULL,
session_start REAL,
session_end REAL,
session_notes TEXT,
treatment_plan TEXT,
follow_up_required BOOLEAN DEFAULT 0,
follow_up_date REAL,
session_rating INTEGER,
session_feedback TEXT,
created_ts REAL NOT NULL,
FOREIGN KEY (professional_id) REFERENCES professionals (id)
)
""")
# Admin users table
conn.execute("""
CREATE TABLE IF NOT EXISTS admin_users (
id INTEGER PRIMARY KEY AUTOINCREMENT,
username TEXT UNIQUE NOT NULL,
password_hash TEXT NOT NULL,
email TEXT NOT NULL,
role TEXT DEFAULT 'admin',
permissions TEXT,
created_ts REAL NOT NULL
)
""")
# Ensure default admin user exists
cur = conn.execute("SELECT 1 FROM admin_users WHERE username = 'eliasfeza@gmail.com'")
if not cur.fetchone():
# Create default admin user
default_password_hash = generate_password_hash("EliasFeza@12301")
conn.execute("""
INSERT INTO admin_users (username, password_hash, email, role, created_ts)
VALUES (?, ?, ?, ?, ?)
""", ("eliasfeza@gmail.com", default_password_hash, "eliasfeza@gmail.com", "admin", time.time()))
conn.commit()
finally:
conn.close()
def create_conversation(owner_key: str = None, conv_id: str = None, preview: str = "New chat"):
if not conv_id:
conv_id = str(uuid.uuid4())
conn = sqlite3.connect(DB_FILE)
try:
conn.execute(
"INSERT OR IGNORE INTO conversations (conv_id, owner_key, preview, ts, booking_prompt_shown) VALUES (?, ?, ?, ?, ?)",
(conv_id, owner_key, preview, time.time(), 0),
)
# if a row existed with no owner_key and we received one, update it
if owner_key:
conn.execute(
"UPDATE conversations SET owner_key = ?, ts = ? WHERE conv_id = ? AND (owner_key IS NULL OR owner_key = '')",
(owner_key, time.time(), conv_id),
)
conn.commit()
finally:
conn.close()
return conv_id
# helper: map conv_id -> owner_key (if any) using sessions table
def get_owner_key_for_conv(conv_id: str):
conn = sqlite3.connect(DB_FILE)
try:
cur = conn.execute("SELECT key FROM sessions WHERE conv_id = ? LIMIT 1", (conv_id,))
row = cur.fetchone()
return row[0] if row else None
finally:
conn.close()
def save_message(conv_id: str, role: str, content: str):
conn = sqlite3.connect(DB_FILE)
try:
conn.execute(
"INSERT INTO messages (conv_id, role, content, ts) VALUES (?, ?, ?, ?)",
(conv_id, role, content, time.time()),
)
# update conversation preview/timestamp for owner-visible list
try:
if role == "user":
snippet = _extract_question_from_prompt(content)
snippet = (snippet.strip().replace("\n", " ") if snippet else "").strip()
if snippet:
# find existing conversation row
cur = conn.execute("SELECT preview FROM conversations WHERE conv_id = ?", (conv_id,))
row = cur.fetchone()
# determine owner_key if needed
owner_key = get_owner_key_for_conv(conv_id)
if row is None:
conn.execute(
"INSERT OR IGNORE INTO conversations (conv_id, owner_key, preview, ts) VALUES (?, ?, ?, ?)",
(conv_id, owner_key, snippet[:120], time.time()),
)
else:
conn.execute("UPDATE conversations SET preview = ?, ts = ? WHERE conv_id = ?", (snippet[:120], time.time(), conv_id))
except Exception:
# don't break saving messages if preview update fails
pass
conn.commit()
finally:
conn.close()
def load_history(conv_id: str):
conn = sqlite3.connect(DB_FILE)
try:
cur = conn.execute(
"SELECT role, content FROM messages WHERE conv_id = ? ORDER BY id ASC",
(conv_id,),
)
rows = cur.fetchall()
return [{"role": r[0], "content": r[1]} for r in rows]
finally:
conn.close()
def reset_db():
conn = sqlite3.connect(DB_FILE)
try:
# remove all conversation messages, attachments and session mappings
conn.execute("DELETE FROM messages")
conn.execute("DELETE FROM attachments")
conn.execute("DELETE FROM sessions")
conn.execute("DELETE FROM conversations")
conn.execute("DELETE FROM users")
conn.commit()
finally:
conn.close()
# --- end DB helpers ---
# --- THERAPY BOOKING SYSTEM CLASSES ---
class RiskDetector:
def __init__(self):
# Risk indicators patterns
self.critical_indicators = [
r'\b(suicide|kill myself|end it all)\b',
]
self.high_risk_indicators = [
r'\b(hopeless|worthless|burden|better off without)\b',
r'\b(can\'t go on|can\'t take it|end this pain)\b',
r'\b(no point|nothing matters|give up)\b',
r'\b(severe depression|major depression)\b'
]
self.medium_risk_indicators = [
r'\b(depressed|sad|anxious|panic)\b',
r'\b(can\'t sleep|insomnia|nightmares)\b',
r'\b(stress|overwhelmed|burnout)\b',
r'\b(isolation|lonely|withdraw)\b'
]
# Specialized indicators for Rwanda context
self.rwanda_specific_indicators = [
r'\b(genocide|trauma|ptsd|flashback)\b',
r'\b(orphan|widow|survivor)\b',
r'\b(community violence|domestic violence)\b'
]
def assess_risk(self, user_query: str, conversation_history: List[Dict]) -> Dict:
"""Comprehensive risk assessment"""
risk_score = 0.0
detected_indicators = []
# Text-based pattern matching
text_score, text_indicators = self._analyze_text_patterns(user_query)
risk_score += text_score
detected_indicators.extend(text_indicators)
# AI-powered sentiment and context analysis
ai_score, ai_indicators = self._ai_risk_analysis(user_query, conversation_history)
risk_score += ai_score
detected_indicators.extend(ai_indicators)
# Conversation pattern analysis
pattern_score, pattern_indicators = self._analyze_conversation_patterns(conversation_history)
risk_score += pattern_score
detected_indicators.extend(pattern_indicators)
# Normalize score to 0-1 range
risk_score = min(1.0, risk_score / 3.0)
# Determine risk level
if risk_score >= 0.8:
risk_level = 'critical'
elif risk_score >= 0.6:
risk_level = 'high'
elif risk_score >= 0.4:
risk_level = 'medium'
else:
risk_level = 'low'
return {
'risk_score': risk_score,
'risk_level': risk_level,
'detected_indicators': list(set(detected_indicators)),
'assessment_timestamp': time.time()
}
def _analyze_text_patterns(self, text: str) -> Tuple[float, List[str]]:
"""Analyze text for risk indicators"""
score = 0.0
indicators = []
text_lower = text.lower()
# Critical indicators (highest weight)
for pattern in self.critical_indicators:
if re.search(pattern, text_lower):
score += 0.8
indicators.append(f"critical_pattern: {pattern}")
# High risk indicators
for pattern in self.high_risk_indicators:
if re.search(pattern, text_lower):
score += 0.6
indicators.append(f"high_risk_pattern: {pattern}")
# Medium risk indicators
for pattern in self.medium_risk_indicators:
if re.search(pattern, text_lower):
score += 0.3
indicators.append(f"medium_risk_pattern: {pattern}")
# Rwanda-specific indicators
for pattern in self.rwanda_specific_indicators:
if re.search(pattern, text_lower):
score += 0.4
indicators.append(f"rwanda_context: {pattern}")
return score, indicators
def _ai_risk_analysis(self, query: str, history: List[Dict]) -> Tuple[float, List[str]]:
"""Use AI to analyze emotional state and risk"""
try:
# Build context for AI analysis
context = f"Analyze this mental health conversation for risk indicators:\n\n"
context += f"Current message: {query}\n\n"
if history:
context += "Recent conversation:\n"
for msg in history[-5:]: # Last 5 messages
context += f"{msg['role']}: {msg['content']}\n"
# AI prompt for risk assessment
ai_prompt = f"""
{context}
Assess the risk level (0.0-1.0) and identify specific indicators.
Consider: suicidal ideation, self-harm, severe depression, trauma, crisis situations.
Respond in JSON format: {{"risk_score": 0.0-1.0, "indicators": ["indicator1", "indicator2"]}}
"""
response = _retry_openai_call(openai_client.chat.completions.create, model=CHAT_MODEL, messages=[
{"role": "system", "content": "You are a mental health risk assessment AI. Analyze conversations for risk indicators and provide structured JSON responses."},
{"role": "user", "content": ai_prompt}
])
# Parse AI response robustly (extract JSON if wrapper text present)
raw = response.choices[0].message.content if response.choices else ""
ai_result = {}
try:
ai_result = json.loads(raw)
except Exception:
# Attempt to extract JSON substring
start = raw.find('{')
end = raw.rfind('}')
if start != -1 and end != -1 and end > start:
snippet = raw[start:end+1]
try:
ai_result = json.loads(snippet)
except Exception:
ai_result = {}
else:
ai_result = {}
return ai_result.get("risk_score", 0.0), ai_result.get("indicators", [])
except Exception as e:
app.logger.error(f"AI risk analysis failed: {e}")
return 0.0, []
def _analyze_conversation_patterns(self, history: List[Dict]) -> Tuple[float, List[str]]:
"""Analyze conversation patterns for escalating risk"""
if len(history) < 3:
return 0.0, []
score = 0.0
indicators = []
# Check for escalating negative sentiment
recent_messages = history[-3:]
negative_count = 0
for msg in recent_messages:
if msg['role'] == 'user':
if any(word in msg['content'].lower() for word in ['worse', 'getting worse', 'can\'t handle', 'breaking down']):
negative_count += 1
if negative_count >= 2:
score += 0.5
indicators.append("escalating_negative_sentiment")
# Check for repeated crisis mentions
crisis_mentions = 0
for msg in history:
if msg['role'] == 'user':
if any(word in msg['content'].lower() for word in ['crisis', 'emergency', 'urgent', 'help now']):
crisis_mentions += 1
if crisis_mentions >= 2:
score += 0.4
indicators.append("repeated_crisis_mentions")
return score, indicators
class ProfessionalMatcher:
def __init__(self):
self.specialization_mapping = {
'suicide': ['psychiatrist', 'psychologist'],
'depression': ['psychiatrist', 'psychologist', 'counselor'],
'anxiety': ['psychologist', 'counselor'],
'ptsd': ['psychiatrist', 'psychologist', 'counselor'],
'trauma': ['psychologist', 'counselor', 'social_worker'],
'crisis': ['psychiatrist', 'psychologist'],
'general': ['counselor', 'social_worker']
}
def find_best_professional(self, risk_assessment: Dict, user_location: Optional[Dict] = None) -> Optional[Dict]:
"""Find the most suitable professional based on risk and availability"""
# Get detected indicators
indicators = risk_assessment.get('detected_indicators', [])
risk_level = risk_assessment.get('risk_level', 'low')
# Determine required specializations
required_specializations = self._get_required_specializations(indicators, risk_level)
# Query available professionals
available_professionals = self._get_available_professionals(required_specializations)
if not available_professionals:
return None
# Score and rank professionals
scored_professionals = []
for prof in available_professionals:
score = self._calculate_match_score(prof, indicators, risk_level, user_location)
scored_professionals.append((prof, score))
# Sort by score (highest first)
scored_professionals.sort(key=lambda x: x[1], reverse=True)
return scored_professionals[0][0] if scored_professionals else None
def _get_required_specializations(self, indicators: List[str], risk_level: str) -> List[str]:
"""Determine required specializations based on risk indicators"""
specializations = set()
# Map indicators to specializations
for indicator in indicators:
if 'suicide' in indicator or 'critical' in indicator:
specializations.update(['psychiatrist', 'psychologist'])
elif 'depression' in indicator:
specializations.update(['psychiatrist', 'psychologist', 'counselor'])
elif 'anxiety' in indicator:
specializations.update(['psychologist', 'counselor'])
elif 'ptsd' in indicator or 'trauma' in indicator:
specializations.update(['psychiatrist', 'psychologist', 'counselor'])
elif 'crisis' in indicator:
specializations.update(['psychiatrist', 'psychologist'])
# For high/critical risk, prioritize psychiatrists
if risk_level in ['high', 'critical']:
specializations.add('psychiatrist')
return list(specializations) if specializations else ['counselor']
def _get_available_professionals(self, specializations: List[str]) -> List[Dict]:
"""Get available professionals matching specializations"""
conn = sqlite3.connect(DB_FILE)
try:
placeholders = ','.join(['?' for _ in specializations])
query = f"""
SELECT * FROM professionals
WHERE specialization IN ({placeholders})
AND is_active = 1
ORDER BY experience_years DESC, created_ts ASC
"""
cur = conn.execute(query, specializations)
rows = cur.fetchall()
# Convert to dict format
professionals = []
columns = [desc[0] for desc in cur.description]
for row in rows:
prof = dict(zip(columns, row))
professionals.append(prof)
return professionals
finally:
conn.close()
def _calculate_match_score(self, professional: Dict, indicators: List[str], risk_level: str, user_location: Optional[Dict]) -> float:
"""Calculate matching score for a professional"""
score = 0.0
# Base score for specialization match
score += 0.3
# Experience bonus
experience_years = professional.get('experience_years', 0)
score += min(0.2, experience_years * 0.01)
# Expertise areas match
expertise_areas = json.loads(professional.get('expertise_areas', '[]'))
matching_expertise = 0
for indicator in indicators:
for area in expertise_areas:
if area.lower() in indicator.lower():
matching_expertise += 1
if matching_expertise > 0:
score += min(0.3, matching_expertise * 0.1)
# Location proximity (if user location provided)
if user_location and professional.get('location_latitude') and professional.get('location_longitude'):
distance = self._calculate_distance(
user_location['latitude'], user_location['longitude'],
professional['location_latitude'], professional['location_longitude']
)
# Closer professionals get higher scores
if distance < 10: # Within 10km
score += 0.2
elif distance < 25: # Within 25km
score += 0.1
# Availability bonus
if self._is_professional_available_now(professional):
score += 0.2
return score
def _calculate_distance(self, lat1: float, lon1: float, lat2: float, lon2: float) -> float:
"""Calculate distance between two coordinates in kilometers"""
R = 6371 # Earth's radius in kilometers
dlat = math.radians(lat2 - lat1)
dlon = math.radians(lon2 - lon1)
a = (math.sin(dlat/2) * math.sin(dlat/2) +
math.cos(math.radians(lat1)) * math.cos(math.radians(lat2)) *
math.sin(dlon/2) * math.sin(dlon/2))
c = 2 * math.atan2(math.sqrt(a), math.sqrt(1-a))
return R * c
def _is_professional_available_now(self, professional: Dict) -> bool:
"""Check if professional is available for immediate booking"""
# Check today's assigned sessions vs capacity (max_patients_per_day)
capacity = professional.get('max_patients_per_day') or 10
prof_id = professional.get('id')
if not prof_id:
return True
try:
conn = sqlite3.connect(DB_FILE)
start_of_day = time.time() - (time.time() % 86400)
cur = conn.execute(
"""
SELECT COUNT(*) FROM automated_bookings
WHERE professional_id = ? AND created_ts >= ? AND booking_status IN ('pending','confirmed')
""",
(prof_id, start_of_day)
)
count = cur.fetchone()[0] or 0
return count < capacity
except Exception:
return True
finally:
try:
conn.close()
except Exception:
pass
app = Flask(__name__)
# Broaden CORS for development to prevent "Failed to fetch" when loading from different ports
# In production, restrict origins to your actual domains
CORS(app, resources={r"/*": {"origins": "*"}},
methods=["GET", "POST", "PUT", "DELETE", "OPTIONS"],
allow_headers=["Content-Type", "Authorization", "X-Professional-ID"],
supports_credentials=False)
# Initialize SMS service
initialize_sms_service(HDEV_SMS_API_ID, HDEV_SMS_API_KEY)
# --- Public landing page routes (serve files from chatbot/without affecting APIs) ---
_CHATBOT_STATIC_DIR = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'chatbot')
@app.route('/')
def landing_root():
return send_from_directory(_CHATBOT_STATIC_DIR, 'landing.html')
@app.route('/landing')
@app.route('/landing.html')
def landing_page():
return send_from_directory(_CHATBOT_STATIC_DIR, 'landing.html')
@app.route('/landing.css')
def landing_css():
return send_from_directory(_CHATBOT_STATIC_DIR, 'landing.css')
@app.route('/landing.js')
def landing_js():
return send_from_directory(_CHATBOT_STATIC_DIR, 'landing.js')
# --- Auth and dashboard static routes (serve files directly from chatbot/) ---
@app.route('/login')
def login_page():
return send_from_directory(_CHATBOT_STATIC_DIR, 'login.html')
@app.route('/login.html')
def login_html():
return send_from_directory(_CHATBOT_STATIC_DIR, 'login.html')
@app.route('/register')
def register_page():
return send_from_directory(_CHATBOT_STATIC_DIR, 'register.html')
@app.route('/register.html')
def register_html():
return send_from_directory(_CHATBOT_STATIC_DIR, 'register.html')
@app.route('/index.html')
def index_html():
return send_from_directory(_CHATBOT_STATIC_DIR, 'index.html')
@app.route('/admin_dashboard.html')
def admin_dashboard_html():
return send_from_directory(_CHATBOT_STATIC_DIR, 'admin_dashboard.html')
@app.route('/professional_dashboard.html')
def professional_dashboard_html():
return send_from_directory(_CHATBOT_STATIC_DIR, 'professional_dashboard.html')
# Common JS/CSS assets referenced by the above pages
@app.route('/login.js')
def login_js_asset():
return send_from_directory(_CHATBOT_STATIC_DIR, 'login.js')
@app.route('/register.js')
def register_js_asset():
return send_from_directory(_CHATBOT_STATIC_DIR, 'register.js')
@app.route('/admin.js')
def admin_js_asset():
return send_from_directory(_CHATBOT_STATIC_DIR, 'admin.js')
@app.route('/professional.js')
def professional_js_asset():
return send_from_directory(_CHATBOT_STATIC_DIR, 'professional.js')
@app.route('/admin.css')
def admin_css_asset():
return send_from_directory(_CHATBOT_STATIC_DIR, 'admin.css')
@app.route('/professional.css')
def professional_css_asset():
return send_from_directory(_CHATBOT_STATIC_DIR, 'professional.css')
@app.route('/auth.css')
def auth_css_asset():
return send_from_directory(_CHATBOT_STATIC_DIR, 'auth.css')
@app.route('/style.css')
def style_css_asset():
return send_from_directory(_CHATBOT_STATIC_DIR, 'style.css')
@app.route('/app.js')
def app_js_asset():
return send_from_directory(_CHATBOT_STATIC_DIR, 'app.js')
@app.route('/config-ui.js')
def config_ui_js_asset():
return send_from_directory(_CHATBOT_STATIC_DIR, 'config-ui.js')
@app.route('/config.js')
def config_js_asset():
return send_from_directory(_CHATBOT_STATIC_DIR, 'config.js')
@app.route('/api.js')
def api_js_asset():
return send_from_directory(_CHATBOT_STATIC_DIR, 'api.js')
@app.route('/admin_advanced.js')
def admin_advanced_js_asset():
return send_from_directory(_CHATBOT_STATIC_DIR, 'admin_advanced.js')
@app.route('/professional_advanced.js')
def professional_advanced_js_asset():
return send_from_directory(_CHATBOT_STATIC_DIR, 'professional_advanced.js')
@app.route('/js/api.js')
def js_api_js_asset():
return send_from_directory(_CHATBOT_STATIC_DIR, 'js/api.js')
@app.route('/js/config.js')
def js_config_js_asset():
return send_from_directory(_CHATBOT_STATIC_DIR, 'js/config.js')
SYSTEM_PROMPT = """You are AIMHSA (AI Mental Health Support Assistant), a professional multilingual mental health chatbot specifically designed for Rwanda. You provide culturally-sensitive, evidence-based mental health support in four languages: English, French, Kiswahili, and Kinyarwanda.
## SCOPE BOUNDARIES - CRITICAL
- You are a mental health support assistant - ONLY respond to mental health, emotional well-being, and psychological support questions
- If asked about topics outside mental health (technology, politics, general knowledge, etc.), politely explain that you specialize in mental health support and gently redirect the conversation to mental health topics
- NEVER provide detailed answers to non-mental health questions
- Always maintain your role as a mental health support assistant
- When redirecting, be warm and empathetic, then ask about their emotional well-being or mental health concerns
## Professional Identity & Mission
- You are a professional mental health support assistant for Rwanda
- Your mission is to provide immediate, culturally-appropriate mental health support
- You understand Rwanda's unique context, including post-genocide mental health needs and cultural considerations
- You maintain the highest standards of professional mental health support
## Language Capabilities & Rules
- AUTOMATICALLY detect the user's language and respond EXCLUSIVELY in that same language
- NEVER mix multiple languages in one response
- If user writes in English → respond in English
- If user writes in French → respond in French
- If user writes in Kiswahili → respond in Kiswahili
- If user writes in Kinyarwanda → respond in pure Kinyarwanda
- Maintain professional, empathetic tone in all languages
## Professional Boundaries
- Do NOT diagnose mental health conditions or prescribe medications
- Do NOT provide medical advice beyond general wellness guidance
- Always encourage professional care when appropriate
- Refer to qualified mental health professionals for clinical concerns
- Maintain professional confidentiality and ethical standards
## Emergency Response Protocol
- If user mentions self-harm, suicidal ideation, or immediate danger:
* Express genuine care and concern in their language
* Provide immediate emergency contacts: Mental Health Hotline 105, CARAES Ndera Hospital +250 788 305 703
* For immediate danger, advise calling 112 (Rwanda National Police)
* Stay with the user and provide emotional support in their language
## Professional Response Guidelines
- Be warm, empathetic, and culturally appropriate
- Use evidence-based information and practical coping strategies
- Maintain consistent terminology across all languages
- Include relevant Rwanda-specific resources and contacts
- Keep responses professional, concise, and comprehensive
- Ensure cultural sensitivity in all interactions
## Available Resources (Use When Relevant)
- Emergency Contacts: Mental Health Hotline 105, Youth Helpline 116
- Key Facilities: CARAES Ndera Hospital, HDI Rwanda Counseling, ARCT Ruhuka Trauma Counseling
- Coverage: Mental health services available in all districts across Rwanda
- Policy: Rwanda's National Mental Health Policy (2022) provides free counseling in public hospitals
## Cultural Sensitivity
- Acknowledge Rwanda's history and its impact on mental health
- Respect cultural practices and beliefs
- Use appropriate language and terminology for each culture
- Be sensitive to trauma-related concerns, especially post-genocide experiences
- Maintain professional respect for cultural diversity
## Scope Enforcement Examples
- If asked about technology: "I'm a mental health support assistant, so I can't help with technical issues. However, I'm here to support your emotional well-being. How are you feeling today? Is there anything on your mind that's causing you stress or concern?"
- If asked about politics: "I specialize in mental health support rather than political topics. I'm here to help with your emotional well-being and mental health. What's been on your mind lately? How are you coping with current events?"
- If asked about general knowledge: "I'm focused on mental health support. I'd be happy to help with any emotional concerns or mental health questions you might have. How are you feeling today?"
Remember: You are a professional mental health support system designed to provide immediate, culturally-appropriate assistance while connecting users to professional care when needed. Always respond in the user's detected language with professional empathy and cultural sensitivity. Gently redirect out-of-scope questions to mental health topics.
"""
def rebuild_vector_store():
"""
Rebuild vector store from documents in /data directory.
- Process all .txt files in /data
- Split into chunks with overlap
- Embed chunks using EMBED_MODEL
- Save to storage/embeddings.json
"""
app.logger.info("Rebuilding vector store from /data...")
# ensure storage dir exists
os.makedirs(STORAGE_DIR, exist_ok=True)
chunks = []
chunk_id = 0
# process all .txt files in data directory
for root, _, files in os.walk(DATA_DIR):
for fname in files:
if not fname.endswith('.txt'):
continue
fpath = os.path.join(root, fname)
rel_path = os.path.relpath(fpath, DATA_DIR)
with open(fpath, 'r', encoding='utf-8') as f:
text = f.read()
# split into chunks (~500 chars with 100 char overlap)
words = text.split()
chunk_words = []
chunk_size = 500
overlap = 100
for i in range(0, len(words), chunk_size - overlap):
chunk = ' '.join(words[i:i + chunk_size])
if not chunk.strip():
continue
chunks.append({
"text": chunk,
"source": rel_path,
"chunk": chunk_id
})
chunk_id += 1
if not chunks:
app.logger.warning("No chunks found in /data directory")
return
# embed chunks using EMBED_MODEL
try:
app.logger.info(f"Embedding {len(chunks)} chunks...")
texts = [c["text"] for c in chunks]
# batch embed to avoid memory issues (32 chunks per batch)
batch_size = 32
all_embeddings = []
for i in range(0, len(texts), batch_size):
batch = texts[i:i + batch_size]
# Note: ollama.embeddings is for single prompt, for batch we need to call individually
batch_embeddings = []
for text in batch:
resp = _retry_ollama_call(ollama.embeddings, model=EMBED_MODEL, prompt=text)
batch_embeddings.append(resp["embedding"])
all_embeddings.extend(batch_embeddings)
# add embeddings to chunks
for chunk, embedding in zip(chunks, all_embeddings):
chunk["embedding"] = embedding
# save to storage/embeddings.json
with open(EMBED_FILE, 'w', encoding='utf-8') as f:
json.dump(chunks, f, ensure_ascii=False, indent=2)
app.logger.info(f"Saved {len(chunks)} embedded chunks to {EMBED_FILE}")
return chunks
except Exception as e:
app.logger.exception("Failed to embed chunks")
raise
# --- Load embeddings into memory ---
chunks_data = None
if os.path.exists(EMBED_FILE):
try:
with open(EMBED_FILE, "r", encoding="utf-8") as f:
chunks_data = json.load(f)
app.logger.info(f"Loaded {len(chunks_data)} chunks from {EMBED_FILE}")
except Exception:
app.logger.exception(f"Failed to load {EMBED_FILE}")
if not chunks_data:
# rebuild if no valid embeddings found
chunks_data = rebuild_vector_store()
if not chunks_data:
raise RuntimeError("Failed to initialize vector store")
# prepare numpy arrays for retrieval
chunk_texts = [c["text"] for c in chunks_data]
chunk_sources = [{"source": c["source"], "chunk": c["chunk"]} for c in chunks_data]
chunk_embeddings = np.array([c["embedding"] for c in chunks_data], dtype=np.float32)
# --- Cosine similarity function ---
def cosine_similarity(a, b):
a_norm = a / np.linalg.norm(a, axis=1, keepdims=True)
b_norm = b / np.linalg.norm(b, axis=1, keepdims=True)
return np.dot(a_norm, b_norm.T)
def _mmr_selection(doc_embs: np.ndarray, query_emb: np.ndarray, k: int = 4, lambda_param: float = 0.6):
"""
Maximal Marginal Relevance selection for diversity+relevance.
doc_embs: (n_docs, dim)
query_emb: (1, dim) or (dim,)
returns: list of selected indices (len <= k)
"""
if doc_embs.size == 0:
return []
# normalize
doc_norm = doc_embs / np.linalg.norm(doc_embs, axis=1, keepdims=True)
q = query_emb.reshape(-1)
q_norm = q / np.linalg.norm(q)
# relevance scores to query
sims_q = np.dot(doc_norm, q_norm)
selected = []
# pick highest relevance first
first = int(np.argmax(sims_q))
selected.append(first)
if k == 1:
return selected
candidates = set(range(doc_embs.shape[0])) - set(selected)
# precompute doc-doc similarities for speed
doc_doc_sims = np.dot(doc_norm, doc_norm.T)
while len(selected) < k and candidates:
best_score = None
best_idx = None
for cand in candidates:
# relevance
rel = sims_q[cand]
# redundancy = max similarity to already selected
red = max(doc_doc_sims[cand, s] for s in selected) if selected else 0.0
score = lambda_param * rel - (1.0 - lambda_param) * red
if best_score is None or score > best_score:
best_score = score
best_idx = cand
if best_idx is None:
break
selected.append(best_idx)
candidates.remove(best_idx)
return selected
def retrieve(query: str, k: int = 4, lambda_param: float = 0.6):
"""
Semantic retrieval: embed the query with a sentence embedding model and
select top-k chunks using MMR for a balance of relevance and diversity.
Supports two modes:
- If SENT_EMBED_MODEL is "sentence-transformers/<model-name>", uses the
local sentence-transformers library (SentenceTransformer).
- Otherwise falls back to ollama.embed with the configured model.
"""
global SENT_MODEL
# Force clear any loaded sentence-transformers model if not using it
if not USE_SENT_TRANSFORMERS and SENT_MODEL is not None:
app.logger.info("Clearing loaded sentence-transformers model")
SENT_MODEL = None
app.logger.info(f"USE_SENT_TRANSFORMERS: {USE_SENT_TRANSFORMERS}, SENT_EMBED_MODEL: {SENT_EMBED_MODEL}, EMBED_MODEL: {EMBED_MODEL}")
app.logger.info(f"chunk_embeddings shape: {chunk_embeddings.shape}")
# compute query embedding
if USE_SENT_TRANSFORMERS:
app.logger.info("Attempting to use sentence-transformers")
# model name format: sentence-transformers/<model-id>
model_id = SENT_EMBED_MODEL.split("/", 1)[1]
try:
if SENT_MODEL is None:
app.logger.info(f"Loading SentenceTransformer model: {model_id}")
from sentence_transformers import SentenceTransformer
SENT_MODEL = SentenceTransformer(model_id)
# encode returns (dim,) or (1,dim) depending on args; ensure numpy array (1,dim)
q_emb = SENT_MODEL.encode(query, convert_to_numpy=True)
if q_emb.ndim == 1:
q_emb = q_emb.reshape(1, -1)
q_emb = q_emb.astype(np.float32)
app.logger.info("Successfully embedded query with sentence-transformers")
except Exception as e:
app.logger.error(f"Failed to use sentence-transformers: {e}")
# fallback to ollama if local model not available
try:
app.logger.info(f"Falling back to openai embeddings with model: {EMBED_MODEL}")
response = openai_client.embeddings.create(model=EMBED_MODEL, input=query)
q_emb = np.array([response.data[0].embedding], dtype=np.float32)
app.logger.info("Successfully embedded query with openai fallback")
except Exception as e2:
app.logger.error(f"OpenAI fallback also failed: {e2}")
raise
else:
app.logger.info(f"Using openai embeddings API with model: {SENT_EMBED_MODEL}")
# default: use openai embeddings API
try:
response = openai_client.embeddings.create(model=SENT_EMBED_MODEL, input=query)
q_emb = np.array([response.data[0].embedding], dtype=np.float32)
app.logger.info(f"Successfully embedded query with openai, shape: {q_emb.shape}")
except Exception as e:
app.logger.error(f"Failed to embed query with {SENT_EMBED_MODEL}: {e}")
# Return empty results if embedding fails
return []
# Harmonize embedding dimensions with stored chunk embeddings to avoid runtime errors
try:
if chunk_embeddings.size > 0:
doc_dim = int(chunk_embeddings.shape[1])
q_dim = int(q_emb.shape[1]) if q_emb.ndim == 2 else int(q_emb.reshape(1, -1).shape[1])
if q_dim != doc_dim:
app.logger.warning(
f"Query emb dim {q_dim} != chunk dim {doc_dim}. Using nomic-embed-text to match."
)
# Always use nomic-embed-text to match the stored chunks
try:
response = openai_client.embeddings.create(model="nomic-embed-text", input=query)
q_emb2 = np.array([response.data[0].embedding], dtype=np.float32)
q_dim2 = int(q_emb2.shape[1])
if q_dim2 == doc_dim:
q_emb = q_emb2
app.logger.info(f"Successfully re-embedded with nomic-embed-text, shape: {q_emb.shape}")
else:
app.logger.error(f"Even nomic-embed-text dimension {q_dim2} doesn't match chunk dim {doc_dim}")
return []
except Exception as re_err:
app.logger.error(f"Re-embedding with nomic-embed-text failed: {re_err}")
return []
except Exception as dim_err:
app.logger.error(f"Dimension harmonization error: {dim_err}")
return []
# ensure chunk_embeddings shape OK
if chunk_embeddings.size == 0:
return []
# select indices via MMR (works with doc embeddings and query embedding)
idxs = _mmr_selection(chunk_embeddings, q_emb, k=k, lambda_param=lambda_param)
return [(chunk_texts[i], chunk_sources[i]) for i in idxs]
def build_context(snippets):
lines = []
for i, (doc, meta) in enumerate(snippets, 1):
src = f"{meta.get('source','unknown')}#chunk{meta.get('chunk')}"
lines.append(f"[{i}] ({src}) {doc}")
return "\n\n".join(lines)
# --- THERAPY BOOKING SYSTEM HELPER FUNCTIONS ---
def create_automated_booking(conv_id: str, risk_assessment: Dict, user_account: str = None) -> Optional[Dict]:
"""Create automated booking for high-risk cases with SMS notifications"""
# Find best professional
matcher = ProfessionalMatcher()
professional = matcher.find_best_professional(risk_assessment)
if not professional:
app.logger.warning(f"No available professional found for high-risk case: {conv_id}")
return None
# Get user data for SMS notifications
user_data = None
if user_account:
user_data = get_user_data(user_account)
# Verify SMS capability before creating booking
sms_service = get_sms_service()
if not sms_service:
app.logger.error("SMS service not initialized - cannot create booking with SMS notifications")
return None
# Check if we can send SMS to both parties
can_send_user_sms = user_data and user_data.get('telephone')
can_send_prof_sms = professional.get('phone')
app.logger.info(f"📱 SMS Capability Check:")
app.logger.info(f" User SMS: {'✅ Ready' if can_send_user_sms else '❌ No phone number'}")
app.logger.info(f" Professional SMS: {'✅ Ready' if can_send_prof_sms else '❌ No phone number'}")
if not can_send_user_sms and not can_send_prof_sms:
app.logger.warning("⚠️ Neither user nor professional has phone number - booking created without SMS")
elif not can_send_user_sms:
app.logger.warning("⚠️ User has no phone number - only professional will receive SMS")
elif not can_send_prof_sms:
app.logger.warning("⚠️ Professional has no phone number - only user will receive SMS")
# Generate booking ID
booking_id = str(uuid.uuid4())
# Create conversation summary
conversation_summary = generate_conversation_summary(conv_id)
# Determine session timing (immediate for critical, within 24h for high)
if risk_assessment['risk_level'] == 'critical':
scheduled_datetime = time.time() + 3600 # 1 hour from now
session_type = 'emergency'
else:
scheduled_datetime = time.time() + 86400 # 24 hours from now
session_type = 'urgent'
# Create booking record
conn = sqlite3.connect(DB_FILE)
try:
conn.execute("""
INSERT INTO automated_bookings
(booking_id, conv_id, user_account, user_ip, professional_id, risk_level,
risk_score, detected_indicators, conversation_summary, booking_status,
scheduled_datetime, session_type, created_ts, updated_ts)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
""", (
booking_id, conv_id, user_account, request.remote_addr,
professional['id'], risk_assessment['risk_level'],
risk_assessment['risk_score'],
json.dumps(risk_assessment['detected_indicators']),
conversation_summary, 'pending', scheduled_datetime,
session_type, time.time(), time.time()
))
# Create comprehensive notification for professional with user contact info
user_contact_info = ""
if user_data:
user_contact_info = f"\n\nUser Contact Information:\n"
user_contact_info += f"Name: {user_data.get('fullname', 'Not provided')}\n"
user_contact_info += f"Phone: {user_data.get('telephone', 'Not provided')}\n"
user_contact_info += f"Email: {user_data.get('email', 'Not provided')}\n"
user_contact_info += f"Location: {user_data.get('district', 'Unknown')}, {user_data.get('province', 'Unknown')}"
conn.execute("""
INSERT INTO professional_notifications
(professional_id, booking_id, notification_type, title, message, priority, created_ts)
VALUES (?, ?, ?, ?, ?, ?, ?)
""", (
professional['id'], booking_id, 'new_booking',
f"URGENT: {risk_assessment['risk_level'].upper()} Risk Case - {user_data.get('fullname', 'Anonymous User') if user_data else 'Anonymous User'}",
f"Automated booking created for {risk_assessment['risk_level']} risk case. "
f"Risk indicators: {', '.join(risk_assessment['detected_indicators'][:3])}"
f"{user_contact_info}",
'urgent' if risk_assessment['risk_level'] == 'critical' else 'high',
time.time()
))
conn.commit()
# Prepare booking data for SMS
booking_data = {
'booking_id': booking_id,
'scheduled_time': scheduled_datetime,
'session_type': session_type,
'risk_level': risk_assessment['risk_level']
}
# Send SMS notifications to both user and professional
sms_service = get_sms_service()
sms_results = {'user_sms': None, 'professional_sms': None}
if sms_service:
app.logger.info(f"Starting SMS notifications for booking {booking_id}")
# Send SMS to user if we have their data and phone number
if user_data and user_data.get('telephone'):
try:
app.logger.info(f"Sending SMS to user {user_account} at {user_data.get('telephone')}")
user_sms_result = sms_service.send_booking_notification(
user_data, professional, booking_data
)
sms_results['user_sms'] = user_sms_result
if user_sms_result.get('success'):
app.logger.info(f"✅ SMS sent successfully to user {user_account}: {user_sms_result.get('phone')}")
else:
app.logger.warning(f"❌ Failed to send SMS to user {user_account}: {user_sms_result.get('error', 'Unknown error')}")
except Exception as e:
app.logger.error(f"❌ Error sending SMS to user: {str(e)}")
sms_results['user_sms'] = {'success': False, 'error': str(e)}
else:
app.logger.warning(f"⚠️ Cannot send SMS to user {user_account}: No phone number or user data")
if not user_data:
app.logger.warning(f"User data not found for {user_account}")
elif not user_data.get('telephone'):
app.logger.warning(f"User {user_account} has no phone number: {user_data}")
# Send SMS to professional if they have a phone number
if professional.get('phone'):
try:
app.logger.info(f"Sending SMS to professional {professional['username']} at {professional.get('phone')}")
prof_sms_result = sms_service.send_professional_notification(
professional, user_data or {}, booking_data
)
sms_results['professional_sms'] = prof_sms_result
if prof_sms_result.get('success'):
app.logger.info(f"✅ SMS sent successfully to professional {professional['username']}: {prof_sms_result.get('phone')}")
else:
app.logger.warning(f"❌ Failed to send SMS to professional: {prof_sms_result.get('error', 'Unknown error')}")
except Exception as e:
app.logger.error(f"❌ Error sending SMS to professional: {str(e)}")
sms_results['professional_sms'] = {'success': False, 'error': str(e)}
else:
app.logger.warning(f"⚠️ Cannot send SMS to professional {professional['username']}: No phone number")
app.logger.warning(f"Professional data: {professional}")
# Log summary of SMS sending results
user_success = sms_results['user_sms'] and sms_results['user_sms'].get('success', False)
prof_success = sms_results['professional_sms'] and sms_results['professional_sms'].get('success', False)
app.logger.info(f"📱 SMS Summary for booking {booking_id}:")
app.logger.info(f" User SMS: {'✅ Sent' if user_success else '❌ Failed'}")
app.logger.info(f" Professional SMS: {'✅ Sent' if prof_success else '❌ Failed'}")
else:
app.logger.error("❌ SMS service not initialized - no SMS notifications sent")
app.logger.error("Please check SMS configuration and restart the application")
return {
'booking_id': booking_id,
'professional_name': f"{professional['first_name']} {professional['last_name']}",
'specialization': professional['specialization'],
'scheduled_time': scheduled_datetime,
'session_type': session_type,
'risk_level': risk_assessment['risk_level']
}
finally:
conn.close()
def get_user_data(username: str) -> Optional[Dict]:
"""Get user data by username for SMS notifications"""
conn = sqlite3.connect(DB_FILE)
try:
cursor = conn.execute("""
SELECT username, email, fullname, telephone, province, district
FROM users
WHERE username = ?
""", (username,))
row = cursor.fetchone()
if row:
return {
'username': row[0],
'email': row[1],
'fullname': row[2],
'telephone': row[3],
'province': row[4],
'district': row[5]
}
return None
finally:
conn.close()
def generate_conversation_summary(conv_id: str) -> str:
"""Generate AI summary of conversation for professional"""
try:
# Load conversation history
history = load_history(conv_id)
if not history:
return "No conversation history available."
# Build context for AI summary
context = "Recent conversation:\n"
for msg in history[-10:]: # Last 10 messages
context += f"{msg['role']}: {msg['content']}\n"
# AI prompt for summary
ai_prompt = f"""
{context}
Create a brief professional summary of this mental health conversation.
Focus on: main concerns, emotional state, risk factors, and key issues.
Keep it concise and professional for a mental health professional.
"""
response = _retry_ollama_call(ollama.chat, model=CHAT_MODEL, messages=[
{"role": "system", "content": "You are a mental health AI assistant. Create professional summaries of conversations for mental health professionals."},
{"role": "user", "content": ai_prompt}
])
return response["message"]["content"]
except Exception as e:
app.logger.error(f"Failed to generate conversation summary: {e}")
return "Summary generation failed."
def get_professional_by_id(professional_id: int) -> Optional[Dict]:
"""Get professional details by ID"""
conn = sqlite3.connect(DB_FILE)
try:
cur = conn.execute("SELECT * FROM professionals WHERE id = ?", (professional_id,))
row = cur.fetchone()
if row:
columns = [desc[0] for desc in cur.description]
return dict(zip(columns, row))
return None
finally:
conn.close()
@app.get("/healthz")
def healthz():
return {"ok": True}
@app.get("/debug/login")
def debug_login():
"""Debug endpoint to check login status"""
conn = sqlite3.connect(DB_FILE)
try:
cur = conn.execute("SELECT username FROM users LIMIT 5")
users = [row[0] for row in cur.fetchall()]
return {
"ok": True,
"users_available": users,
"total_users": len(users),
"message": "Login debug info"
}
finally:
conn.close()
# initialize DB on startup
init_storage()
# --- helper to normalize older saved "user_prompt" shapes so we don't re-save CONTEXT ---
def _extract_question_from_prompt(content: str) -> str:
"""
If content looks like the constructed user_prompt with "QUESTION:" and "CONTEXT:",
extract and return only the QUESTION text. Otherwise return content unchanged.
"""
if not isinstance(content, str):
return content
low = content
q_marker = "QUESTION:"
c_marker = "CONTEXT:"
if q_marker in low and c_marker in low:
try:
q_start = low.index(q_marker) + len(q_marker)
c_start = low.index(c_marker)
question = low[q_start:c_start].strip()
if question:
return question
except Exception:
pass
return content
# --- end helper ---
# --- conversation helpers ---
def create_conversation(owner_key: str = None, conv_id: str = None, preview: str = "New chat"):
if not conv_id:
conv_id = str(uuid.uuid4())
conn = sqlite3.connect(DB_FILE)
try:
conn.execute(
"INSERT OR IGNORE INTO conversations (conv_id, owner_key, preview, ts, booking_prompt_shown) VALUES (?, ?, ?, ?, ?)",
(conv_id, owner_key, preview, time.time(), 0),
)
# if a row existed with no owner_key and we received one, update it
if owner_key:
conn.execute(
"UPDATE conversations SET owner_key = ?, ts = ? WHERE conv_id = ? AND (owner_key IS NULL OR owner_key = '')",
(owner_key, time.time(), conv_id),
)
conn.commit()
finally:
conn.close()
return conv_id
def list_conversations(owner_key: str):
conn = sqlite3.connect(DB_FILE)
try:
cur = conn.execute(
"SELECT conv_id, preview, ts FROM conversations WHERE owner_key = ? AND IFNULL(archived,0) = 0 ORDER BY ts DESC",
(owner_key,),
)
rows = cur.fetchall()
return [{"id": r[0], "preview": r[1] or "New chat", "timestamp": r[2]} for r in rows]
finally:
conn.close()
# --- end conversation helpers ---
# --- Language detection helpers ---
def create_language_specific_prompt(target_language: str) -> str:
"""
Create a system prompt in the target language for direct AI response generation
"""
prompts = {
'en': """You are AIMHSA, a professional mental health support assistant for Rwanda.
Professional Guidelines:
- Be warm, empathetic, and culturally sensitive
- Provide evidence-based information from the context when available
- ALWAYS respond in English - do not mix languages
- Do NOT diagnose or prescribe medications
- Encourage professional care when appropriate
- For emergencies, always mention Rwanda's Mental Health Hotline: 105
- Keep responses professional, concise, and helpful
- Use the provided context to give accurate, relevant information
- Maintain a natural, conversational tone in English
- Ensure professional mental health support standards
Remember: You are a professional mental health support system designed to provide immediate, culturally-appropriate assistance while connecting users to professional care when needed.""",
'fr': """Vous êtes AIMHSA, un assistant professionnel de soutien en santé mentale pour le Rwanda.
Directives professionnelles:
- Soyez chaleureux, empathique et culturellement sensible
- Fournissez des informations basées sur des preuves du contexte quand disponible
- RÉPONDEZ TOUJOURS en français - ne mélangez pas les langues
- NE diagnostiquez PAS et ne prescrivez PAS de médicaments
- Encouragez les soins professionnels quand approprié
- Pour les urgences, mentionnez toujours la ligne d'assistance en santé mentale du Rwanda: 105
- Gardez les réponses professionnelles, concises mais utiles
- Utilisez le contexte fourni pour donner des informations précises et pertinentes
- Maintenez un ton naturel et conversationnel en français
- Assurez des standards professionnels de soutien en santé mentale
Rappelez-vous: Vous êtes un système professionnel de soutien en santé mentale conçu pour fournir une assistance immédiate et culturellement appropriée tout en connectant les utilisateurs aux soins professionnels quand nécessaire.""",
'rw': """Uri AIMHSA, umufasha w'ubuzima bw'ubwoba bw'u Rwanda w'ubuhanga.
Amabwiriza y'ubuhanga:
- Ube umuntu w'umutima mwiza, w'umutima mwiza, kandi w'umutima mwiza
- Tanga amakuru yashyizweho ku bik
- Ku bihano, tanga umutwe wa Ligne d'assistance en santé mentale y'u Rwanda: 105
- Komeza amajwi make ariko akunze
- Koresha icyerekezo cyatanzwe kugira ngo utange amakuru y'ukuri kandi yihariye
- VUGURA BURI GIHE mu Kinyarwanda - NTUVUGE mu ndimi zindi
- Koresha amagambo y'ukuri mu Kinyarwanda gusa
- NTUVUGE mu ndimi zindi cyangwa utangire amagambo y'icyongereza
- Komeza uko uvuga mu Kinyarwanda gusa, ube w'ubuhanga
Wibuke: Uri hano kugira ngo ushyigikire, si kugira ngo usimbure ubuvuzi bw'ubuzima bw'ubwoba bw'ubuhanga. Vugura mu Kinyarwanda gusa, ube w'ubuhanga.""",
'sw': """Wewe ni AIMHSA, msaidizi wa kitaaluma wa afya ya akili wa Rwanda.
Miongozo ya kitaaluma:
- Kuwa mtu wa moyo mzuri, wa huruma, na wa utamaduni
- Toa taarifa zilizotolewa kwa mazingira wakati wa muda wowote
- JIBU KILA WAKATI kwa Kiswahili - usichanganye lugha
- USITOE utambuzi au USITOE dawa
- Himiza huduma ya kitaaluma wakati wowote
- Kwa dharura, sema daima Ligne d'assistance en santé mentale ya Rwanda: 105
- Weka majibu ya kitaaluma, mafupi lakini ya manufaa
- Tumia mazingira yaliyotolewa kutoa taarifa sahihi na muhimu
- Endelea kuzungumza kwa Kiswahili tu
- Hakikisha viwango vya kitaaluma vya msaada wa afya ya akili
Kumbuka: Wewe ni mfumo wa kitaaluma wa msaada wa afya ya akili ulioundwa kutoa msaada wa haraka na wa kitamaduni wakati wa kuhusisha watumiaji na huduma za kitaaluma wakati zinahitajika."""
}
return prompts.get(target_language, prompts['en'])
def determine_target_language(current_query: str, server_history: List[Dict], max_history_samples: int = 5) -> str:
"""
Determine the target reply language with improved accuracy
- Prioritizes current query language detection
- Uses conversation history for consistency
- Returns one of: 'en', 'fr', 'rw', 'sw'
"""
app.logger.info(f"Determining language for query: '{current_query[:50]}...'")
# First priority: Current query language detection
try:
current_lang = translation_service.detect_language(current_query or "")
app.logger.info(f"Detected current query language: {current_lang}")
# If current query language is detected with high confidence, use it immediately
if current_lang and current_lang != 'en':
app.logger.info(f"Using non-English current query language: {current_lang}")
return current_lang
elif current_lang == 'en':
# Check if this might be a false positive for English
# Look for non-English patterns in the query
non_english_indicators = [
'muraho', 'murakoze', 'ndabishimye', # Kinyarwanda
'bonjour', 'merci', 'je suis', # French
'hujambo', 'asante', 'nina' # Kiswahili
]
query_lower = current_query.lower()
for indicator in non_english_indicators:
if indicator in query_lower:
# Re-detect with more aggressive pattern matching
pattern_lang = translation_service._detect_by_patterns(current_query)
if pattern_lang and pattern_lang != 'en':
app.logger.info(f"Pattern override detected: {pattern_lang}")
return pattern_lang
except Exception as e:
app.logger.warning(f"Language detection error for current query: {e}")
current_lang = "en"
# Second priority: Check recent conversation history for consistency
recent_user_texts: List[str] = []
for entry in reversed(server_history):
try:
if entry.get("role") == "user":
text = (entry.get("content") or "").strip()
if text:
recent_user_texts.append(text)
except Exception:
continue
if len(recent_user_texts) >= max_history_samples:
break
# Analyze recent messages for language consistency
if recent_user_texts:
language_votes: Dict[str, int] = {}
for text in recent_user_texts:
try:
detected_lang = translation_service.detect_language(text)
if detected_lang:
language_votes[detected_lang] = language_votes.get(detected_lang, 0) + 1
except Exception:
continue
# Find the most common language in recent history
if language_votes:
most_common_lang = max(language_votes.items(), key=lambda kv: kv[1])[0]
app.logger.info(f"Most common language in history: {most_common_lang} (votes: {language_votes})")
# If current query is English but history shows another language,
# and current query is short or ambiguous, prefer history language
if (current_lang == 'en' and
most_common_lang != 'en' and
len(current_query.strip()) < 30):
app.logger.info(f"Using history language {most_common_lang} due to short/ambiguous current query")
return most_common_lang
# Final fallback: Use current query language or default to English
final_lang = current_lang if current_lang else "en"
app.logger.info(f"Final language determination: {final_lang}")
return final_lang
def validate_mental_health_scope(query: str) -> bool:
"""
Validate if the user query is within mental health scope.
Returns True if within scope, False if outside scope.
"""
query_lower = query.lower().strip()
# Mental health related keywords
mental_health_keywords = [
'mental', 'emotional', 'psychological', 'depression', 'anxiety', 'stress',
'sad', 'happy', 'angry', 'frustrated', 'overwhelmed', 'lonely', 'isolated',
'therapy', 'counseling', 'support', 'help', 'feel', 'feeling', 'mood',
'sleep', 'insomnia', 'nightmare', 'trauma', 'ptsd', 'panic', 'worry',
'cope', 'coping', 'self-care', 'wellness', 'wellbeing', 'mind', 'thoughts',
'suicide', 'self-harm', 'hopeless', 'worthless', 'burden', 'crisis',
'professional', 'therapist', 'psychologist', 'psychiatrist', 'counselor',
'session', 'treatment', 'recovery', 'healing', 'grief', 'loss', 'bereavement',
'relationship', 'family', 'friends', 'social', 'communication', 'conflict',
'work', 'job', 'career', 'school', 'study', 'academic', 'performance',
'health', 'medical', 'doctor', 'hospital', 'medication', 'medicine',
'exercise', 'fitness', 'diet', 'nutrition', 'lifestyle', 'habits',
'addiction', 'substance', 'alcohol', 'drug', 'smoking', 'gambling',
'anger', 'rage', 'violence', 'abuse', 'domestic', 'bullying', 'harassment',
'fear', 'phobia', 'worry', 'concern', 'problem', 'issue', 'challenge',
'goal', 'motivation', 'inspiration', 'hope', 'future', 'plan', 'dream',
'memory', 'concentration', 'focus', 'attention', 'learning', 'development',
'child', 'teen', 'adolescent', 'adult', 'elderly', 'aging', 'retirement',
'pregnancy', 'postpartum', 'parenting', 'childcare', 'family planning',
'lgbtq', 'gender', 'identity', 'sexuality', 'orientation', 'discrimination',
'culture', 'tradition', 'belief', 'religion', 'spiritual', 'faith',
'community', 'society', 'social', 'isolation', 'connection', 'belonging',
'purpose', 'meaning', 'value', 'worth', 'self-esteem', 'confidence',
'boundary', 'limit', 'respect', 'consent', 'safety', 'security',
'emergency', 'crisis', 'urgent', 'immediate', 'danger', 'risk', 'harm'
]
# Check if query contains mental health related terms
for keyword in mental_health_keywords:
if keyword in query_lower:
return True
# Check for greetings and general mental health inquiries
greetings = ['hello', 'hi', 'hey', 'good morning', 'good afternoon', 'good evening']
if any(greeting in query_lower for greeting in greetings):
return True
# Check for general help requests
help_requests = ['help', 'support', 'assistance', 'advice', 'guidance', 'information']
if any(request in query_lower for request in help_requests):
return True
# If no mental health keywords found, likely outside scope
return False
@app.post("/ask")
def ask():
data = request.get_json(force=True)
query = (data.get("query") or "").strip()
if not query:
return jsonify({"error": "Missing 'query'"}), 400
# Let the AI model handle scope enforcement naturally
# conversation id handling: if none provided, create one and return it
conv_id = data.get("id")
new_conv = False
if not conv_id:
conv_id = str(uuid.uuid4())
new_conv = True
# if new conv created server-side, make sure we have a conversations entry (owner inferred from account or ip)
if new_conv:
owner = None
account = (data.get("account") or "").strip()
if account:
owner = f"acct:{account}"
else:
ip = request.remote_addr or "unknown"
owner = f"ip:{ip}"
create_conversation(owner_key=owner, conv_id=conv_id, preview="New chat")
# client may supply recent history; ensure it's a list
client_history = data.get("history", [])
if not isinstance(client_history, list):
client_history = []
# load server-side history for this conv_id
server_history = load_history(conv_id)
# load attachments for this conv_id (won't be persisted into messages table;
# attachments are provided as separate CONTEXT blocks to the model)
attachments = load_attachments(conv_id)
# build a set of existing (role, content) pairs to avoid duplicates; normalize saved user prompts
existing_set = set()
normalized_server = []
for entry in server_history:
role = entry.get("role", "user")
content = entry.get("content", "")
if role == "user":
content = _extract_question_from_prompt(content)
normalized_server.append({"role": role, "content": content})
existing_set.add((role, content))
# merge histories: system prompt, then attachments as SYSTEM CONTEXT, then server_history, then client_history
messages = [{"role": "system", "content": SYSTEM_PROMPT}]
# include attachments as separate system-context blocks (kept short-ish)
for att in attachments:
att_text = att.get("text", "")
if att_text:
# truncate very long attachments to a safe limit to avoid blowing token budget
SHORT = 40_000
if len(att_text) > SHORT:
att_text = att_text[:SHORT] + "\n\n...[truncated]"
messages.append({"role": "system", "content": f"PDF CONTEXT ({att.get('filename')}):\n{att_text}"})
for entry in normalized_server:
role = entry.get("role", "user")
if role not in ("user", "assistant"):
role = "user"
content_val = entry.get("content", "") or ""
if not isinstance(content_val, str):
content_val = str(content_val)
if not content_val.strip():
continue # skip empty messages to satisfy model API
messages.append({"role": role, "content": content_val})
# If client provided additional history, append it (and persist only if not already present)
for entry in client_history:
role = entry.get("role", "user")
if role not in ("user", "assistant"):
role = "user"
content = entry.get("content", "") or ""
if not isinstance(content, str):
content = str(content)
if content.strip():
# normalize client's user entries when comparing against existing saved entries
cmp_content = _extract_question_from_prompt(content) if role == "user" else content
if (role, cmp_content) not in existing_set:
messages.append({"role": role, "content": content})
save_message(conv_id, role, cmp_content) # persist the normalized/raw client content
existing_set.add((role, cmp_content))
else:
# already present server-side; still include in messages so model has recent context
messages.append({"role": role, "content": content})
# retrieval-based context
# Retrieve more context for better grounded answers
top = retrieve(query, k=6)
context = build_context(top)
user_prompt = f"""Answer the user's question using the CONTEXT below when relevant.
You are a mental health support assistant. If the question is about mental health, provide helpful support.
If the question is outside mental health scope, politely explain your specialization and redirect to mental health topics.
If the context is insufficient, be honest and provide safe, general guidance.
If the user greets you or asks for general help, respond helpfully without requiring context.
QUESTION:
{query}
CONTEXT:
{context}
"""
# Determine stable target language from this query and recent history
target_language = determine_target_language(query, server_history)
app.logger.info(f"Target language determined: {target_language}")
# Create language-specific system prompt for direct AI response generation
system_prompt = create_language_specific_prompt(target_language)
# Add system prompt and user question to messages
messages.insert(0, {"role": "system", "content": system_prompt})
messages.append({"role": "user", "content": user_prompt})
# Get conversation message count
conn = sqlite3.connect(DB_FILE)
try:
message_count = conn.execute("""
SELECT COUNT(*) FROM messages WHERE conv_id = ?
""", (conv_id,)).fetchone()[0]
finally:
conn.close()
# NEW: Risk Assessment Integration
risk_detector = RiskDetector()
risk_assessment = risk_detector.assess_risk(query, server_history)
# Store risk assessment
conn = sqlite3.connect(DB_FILE)
try:
conn.execute("""
INSERT INTO risk_assessments
(conv_id, user_query, risk_score, risk_level, detected_indicators, assessment_timestamp)
VALUES (?, ?, ?, ?, ?, ?)
""", (
conv_id,
query,
risk_assessment['risk_score'],
risk_assessment['risk_level'],
json.dumps(risk_assessment['detected_indicators']),
risk_assessment['assessment_timestamp']
))
conn.commit()
finally:
conn.close()
# NEW: Dual Booking Triggers
booking_result = None
ask_booking = None
# Check if booking prompt was already shown for this conversation
conn = sqlite3.connect(DB_FILE)
try:
booking_prompt_shown = conn.execute("""
SELECT booking_prompt_shown FROM conversations WHERE conv_id = ?
""", (conv_id,)).fetchone()
booking_prompt_shown = booking_prompt_shown[0] if booking_prompt_shown else False
finally:
conn.close()
# Trigger 1: After 5 messages - ask user if they want to book (only once per conversation)
if message_count >= 5 and not booking_prompt_shown:
ask_booking = {
'message': 'I notice we\'ve been chatting for a while. Would you like me to connect you with a mental health professional for additional support?',
'options': ['Yes, I\'d like to book a session', 'No, I\'m okay for now']
}
# Mark that booking prompt was shown
conn = sqlite3.connect(DB_FILE)
try:
conn.execute("""
UPDATE conversations SET booking_prompt_shown = 1 WHERE conv_id = ?
""", (conv_id,))
conn.commit()
finally:
conn.close()
# Trigger 2: High risk assessment - automatically book
if risk_assessment['risk_level'] in ['high', 'critical']:
booking_result = create_automated_booking(conv_id, risk_assessment, data.get("account"))
if booking_result:
# Add emergency response to system prompt
emergency_prompt = f"""
URGENT: High-risk situation detected. Professional help has been automatically scheduled.
Professional: {booking_result['professional_name']} ({booking_result['specialization']})
Session Type: {booking_result['session_type']}
Please provide immediate support and reassurance while professional help is arranged.
"""
messages.append({"role": "system", "content": emergency_prompt})
try:
# Select chat model: allow per-request override, fallback to env CHAT_MODEL
req_model = (data.get("model") or "").strip()
chat_model = req_model or CHAT_MODEL
# Use a conservative decoding config for accuracy and stability
app.logger.info(f"Calling Ollama chat with model: {chat_model}")
# Use retry wrapper (now fixed to remove timeout parameter)
app.logger.info(f"Sending messages to Ollama: {len(messages)} messages")
reply = _retry_ollama_call(
openai_client.chat.completions.create,
model=chat_model,
messages=messages,
options={"temperature": 0.2, "top_p": 0.9}
)
answer = reply.get("message", {}).get("content", "") or ""
app.logger.info(f"Ollama response received: {answer[:100]}...")
# Check if answer is empty or too short
if not answer or len(answer.strip()) < 10:
app.logger.warning(f"Answer too short or empty: '{answer}'")
# Try a simpler prompt with just the query
simple_messages = [
{"role": "system", "content": f"You are AIMHSA, a supportive mental-health companion for Rwanda. Respond warmly and helpfully in {translation_service.get_language_name(target_language)}."},
{"role": "user", "content": query}
]
app.logger.info("Trying simpler prompt...")
reply = _retry_ollama_call(ollama.chat, model=chat_model, messages=simple_messages, options={"temperature": 0.2, "top_p": 0.9})
answer = reply.get("message", {}).get("content", "") or ""
app.logger.info(f"Simple prompt response: {answer[:100]}...")
# If still empty, provide a helpful default response
if not answer or len(answer.strip()) < 10:
if target_language == 'en':
answer = f"Hello! I'm AIMHSA, your mental health companion for Rwanda. How can I support you today? If you need immediate help, contact the Mental Health Hotline at 105."
elif target_language == 'fr':
answer = f"Bonjour! Je suis AIMHSA, votre compagnon de santé mentale pour le Rwanda. Comment puis-je vous aider aujourd'hui? Pour une aide immédiate, contactez la ligne d'assistance en santé mentale au 105."
elif target_language == 'rw':
answer = f"Muraho! Nitwa AIMHSA, umufasha wawe w'ubuzima bw'ubwoba bw'u Rwanda. Nakora iki ngo ngufashe uyu munsi? Niba ukeneye ubufasha bwihuse, hamagara Ligne d'assistance en santé mentale ku 105."
if not isinstance(answer, str) or not answer.strip():
app.logger.warning("Empty answer received, using language-specific fallback")
# Language-specific fallback responses
fallback_responses = {
'en': "I'm here to help. Could you please rephrase your question? If this is an emergency, contact Rwanda's Mental Health Hotline at 105 or CARAES Ndera Hospital at +250 788 305 703.",
'fr': "Je suis là pour vous aider. Pourriez-vous reformuler votre question? En cas d'urgence, contactez la ligne d'assistance en santé mentale du Rwanda au 105 ou l'hôpital CARAES Ndera au +250 788 305 703.",
'rw': "Ndi hano kugira ngo nkufashe. Murakoze muvugurure icyibazo cyanyu? Ku bihano, hamagara Ligne d'assistance en santé mentale y'u Rwanda ku 105 cyangwa CARAES Ndera Hospital ku +250 788 305 703.",
'sw': "Niko hapa kusaidia. Tafadhali rudia swali lako? Kwa dharura, piga simu ya Ligne d'assistance en santé mentale ya Rwanda 105 au CARAES Ndera Hospital +250 788 305 703."
}
answer = fallback_responses.get(target_language, fallback_responses['en'])
else:
app.logger.info(f"Got valid answer: {answer[:50]}...")
except Exception as e:
app.logger.error(f"Failed to get chat response with {CHAT_MODEL}: {e}")
app.logger.error(f"Exception type: {type(e).__name__}")
app.logger.error(f"Exception details: {str(e)}")
import traceback
app.logger.error(f"Traceback: {traceback.format_exc()}")
# Provide language-specific fallback response when the model is not available
fallback_responses = {
'en': "I'm sorry, I'm having trouble accessing my AI model right now. However, I can still help you with mental health resources in Rwanda. Please contact the Mental Health Hotline at 105 or CARAES Ndera Hospital at +250 788 305 703 for immediate support. You can also try refreshing the page or contacting support if this issue persists.",
'fr': "Je suis désolé, j'ai des difficultés à accéder à mon modèle IA en ce moment. Cependant, je peux toujours vous aider avec les ressources de santé mentale au Rwanda. Veuillez contacter la ligne d'assistance en santé mentale au 105 ou l'hôpital CARAES Ndera au +250 788 305 703 pour un soutien immédiat. Vous pouvez aussi essayer de rafraîchir la page ou contacter le support si ce problème persiste.",
'rw': "Ndamukanya, nfite ibibazo bwo kugera ku modere yanjye ya AI ubu. Icyakora, narakomeje gufasha ku bikoresho by'ubuzima bw'ubwoba mu Rwanda. Murakoze hamagara Ligne d'assistance en santé mentale ku 105 cyangwa CARAES Ndera Hospital ku +250 788 305 703 kugira ngo mubone ubufasha buhagije. Murashobora kandi kugerageza gusubiramo urupapuro cyangwa guhamagara ubufasha niba iki kibazo gikomeje.",
'sw': "Samahani, nina shida ya kufikia moduli yangu ya AI sasa. Hata hivyo, bado naweza kukusaidia na rasilimali za afya ya akili Rwanda. Tafadhali piga simu ya Ligne d'assistance en santé mentale 105 au CARAES Ndera Hospital +250 788 305 703 kwa msaada wa haraka. Unaweza pia kujaribu kurudisha ukurasa au kuwasiliana na msaada iki tatizo likaendelea."
}
answer = fallback_responses.get(target_language, fallback_responses['en'])
# persist the current user RAW query (not the constructed user_prompt) and assistant reply
save_message(conv_id, "user", query)
save_message(conv_id, "assistant", answer)
sources = [{"source": m["source"], "chunk": m["chunk"]} for (_, m) in top]
resp = {"answer": answer, "sources": sources, "id": conv_id}
# Add risk assessment and booking info to response
resp["risk_assessment"] = {
"risk_level": risk_assessment['risk_level'],
"risk_score": risk_assessment['risk_score'],
"detected_indicators": risk_assessment['detected_indicators'][:3] # Show top 3 indicators
}
if ask_booking:
resp["ask_booking"] = ask_booking
if booking_result:
resp["emergency_booking"] = booking_result
# if newly created conv, client will need to store/use this id
if new_conv:
resp["new"] = True
return jsonify(resp)
@app.post("/booking_response")
def booking_response():
"""
Handle user response to booking question
POST /booking_response
Body: { "conversation_id": "...", "response": "yes"|"no", "account": "..." }
"""
try:
data = request.get_json(force=True)
except Exception:
return jsonify({"error": "Invalid JSON"}), 400
conversation_id = data.get("conversation_id")
response = data.get("response", "").lower()
account = data.get("account")
if not conversation_id or not response:
return jsonify({"error": "conversation_id and response required"}), 400
if response == "yes":
# Create a booking for the user
try:
# Create a moderate risk assessment for booking
risk_assessment = {
'risk_level': 'medium',
'risk_score': 0.5,
'detected_indicators': ['user_requested_booking'],
'assessment_timestamp': time.time()
}
booking_result = create_automated_booking(conversation_id, risk_assessment, account)
if booking_result:
return jsonify({
"ok": True,
"message": "Booking created successfully!",
"booking": booking_result
})
else:
return jsonify({"error": "Failed to create booking"}), 500
except Exception as e:
app.logger.error(f"Failed to create booking: {e}")
return jsonify({"error": "Failed to create booking"}), 500
else:
return jsonify({
"ok": True,
"message": "No problem! I'm here whenever you need support."
})
@app.post("/reset")
def reset():
# clear stored conversations, attachments and sessions
reset_db()
return jsonify({"ok": True})
# --- attachment helpers ---
def save_attachment(conv_id: str, filename: str, text: str):
conn = sqlite3.connect(DB_FILE)
try:
conn.execute(
"INSERT INTO attachments (conv_id, filename, text, ts) VALUES (?, ?, ?, ?)",
(conv_id, filename, text, time.time()),
)
conn.commit()
finally:
conn.close()
def load_attachments(conv_id: str):
conn = sqlite3.connect(DB_FILE)
try:
cur = conn.execute(
"SELECT filename, text FROM attachments WHERE conv_id = ? ORDER BY id ASC",
(conv_id,),
)
rows = cur.fetchall()
return [{"filename": r[0], "text": r[1]} for r in rows]
finally:
conn.close()
# --- session helpers (new) ---
def get_or_create_session(key: str):
"""Return (conv_id, was_created_bool) for the given session key."""
conn = sqlite3.connect(DB_FILE)
try:
cur = conn.execute("SELECT conv_id FROM sessions WHERE key = ?", (key,))
row = cur.fetchone()
if row:
conv_id = row[0]
conn.execute("UPDATE sessions SET ts = ? WHERE key = ?", (time.time(), key))
# ensure conversations entry exists and is associated with this owner key
try:
# create conversation row if missing
conn.execute(
"INSERT OR IGNORE INTO conversations (conv_id, owner_key, preview, ts) VALUES (?, ?, ?, ?)",
(conv_id, key, "New chat", time.time()),
)
# if conversation exists without owner_key, set it
conn.execute(
"UPDATE conversations SET owner_key = ? WHERE conv_id = ? AND (owner_key IS NULL OR owner_key = '')",
(key, conv_id),
)
except Exception:
pass
conn.commit()
return conv_id, False
conv_id = str(uuid.uuid4())
conn.execute(
"INSERT INTO sessions (key, conv_id, ts) VALUES (?, ?, ?)",
(key, conv_id, time.time()),
)
# also create a conversations row bound to this owner key
try:
conn.execute(
"INSERT OR IGNORE INTO conversations (conv_id, owner_key, preview, ts) VALUES (?, ?, ?, ?)",
(conv_id, key, "New chat", time.time()),
)
except Exception:
pass
conn.commit()
return conv_id, True
finally:
conn.close()
# --- API: create/retrieve session by IP or account ---
@app.post("/session")
def session():
"""
Request JSON: { "account": "<optional account id>" }
If account is provided, session is bound to account:<account>.
Otherwise session is bound to ip:<remote_addr>.
Returns: { "id": "<conv_id>", "new": true|false }
"""
try:
data = request.get_json(silent=True) or {}
except Exception:
data = {}
account = (data.get("account") or "").strip()
if account:
key = f"acct:{account}"
else:
# request.remote_addr may be proxied; frontends should pass account when available
ip = request.remote_addr or "unknown"
key = f"ip:{ip}"
conv_id, new = get_or_create_session(key)
return jsonify({"id": conv_id, "new": new})
# --- API: get conversation history (messages + attachments) ---
@app.get("/history")
def history():
"""
Query params: ?id=<conv_id>
Returns: { "id": "<conv_id>", "history": [ {role, content}, ... ], "attachments": [ {filename,text}, ... ] }
"""
conv_id = request.args.get("id")
password = (request.args.get("password") or "").strip()
if not conv_id:
return jsonify({"error": "Missing 'id' parameter"}), 400
try:
# if conversation is archived and locked, require password to view history
try:
conn = sqlite3.connect(DB_FILE)
cur = conn.execute("SELECT IFNULL(archived,0), archive_pw_hash FROM conversations WHERE conv_id = ?", (conv_id,))
row = cur.fetchone()
finally:
conn.close()
if row and int(row[0]) == 1 and row[1]:
if not password or not check_password_hash(row[1], password):
return jsonify({"error": "password required"}), 403
hist = load_history(conv_id)
atts = load_attachments(conv_id)
return jsonify({"id": conv_id, "history": hist, "attachments": atts})
except Exception as e:
app.logger.exception("history endpoint failed")
return jsonify({"error": str(e)}), 500
# --- file upload endpoint (unchanged) ---
@app.post("/upload_pdf")
def upload_pdf():
"""
Initial upload:
Accepts multipart/form-data:
- file: PDF file (required, .pdf only)
- id: optional conversation id (if omitted, a new id is created)
Returns JSON:
{ "id": "<conv_id>", "filename": "...", "new": true|false }
Question about uploaded PDF will be handled by /ask endpoint using the stored text
"""
if "file" not in request.files:
return jsonify({"error": "Missing 'file'"}), 400
f = request.files["file"]
filename = secure_filename(f.filename or "")
if not filename.lower().endswith(".pdf"):
return jsonify({"error": "Only PDF files allowed"}), 400
conv_id = request.form.get("id")
new_conv = False
if not conv_id:
conv_id = str(uuid.uuid4())
new_conv = True
# if server created a conv for this upload, persist conversation metadata with owner
if new_conv:
account = (request.form.get("account") or "").strip()
if account:
owner = f"acct:{account}"
else:
owner = f"ip:{request.remote_addr or 'unknown'}"
create_conversation(owner_key=owner, conv_id=conv_id, preview="New chat")
# save uploaded PDF to a temp file
with tempfile.NamedTemporaryFile(suffix=".pdf", delete=False) as tmp:
tmp_path = tmp.name
f.save(tmp_path)
extracted_text = ""
extraction_errors = []
try:
# Try to render PDF pages to images using pdf2image -> pytesseract
try:
from pdf2image import convert_from_path
pages = convert_from_path(tmp_path, dpi=300)
texts = []
for img in pages:
try:
texts.append(pytesseract.image_to_string(img))
except Exception as e_img:
extraction_errors.append(f"pytesseract on pdf2image image error: {e_img}")
app.logger.exception("pytesseract error on pdf2image image")
extracted_text = "\n\n".join(t for t in texts if t).strip()
if not extracted_text:
extraction_errors.append("pdf2image+pytesseract produced empty text")
except Exception as e_pdf2:
extraction_errors.append(f"pdf2image error: {e_pdf2}")
app.logger.exception("pdf2image extraction failed")
# fallback to PyMuPDF (fitz) if first approach failed to produce text
if not extracted_text:
try:
import fitz
doc = fitz.open(tmp_path)
texts = []
for page in doc:
try:
pix = page.get_pixmap(dpi=300)
img = pix.tobytes("png")
from PIL import Image
import io
img_obj = Image.open(io.BytesIO(img))
texts.append(pytesseract.image_to_string(img_obj))
except Exception as e_page:
extraction_errors.append(f"pytesseract on fitz image error: {e_page}")
app.logger.exception("pytesseract error on fitz image")
extracted_text = "\n\n".join(t for t in texts if t).strip()
if not extracted_text:
extraction_errors.append("PyMuPDF+pytesseract produced empty text")
except Exception as e_fitz:
extraction_errors.append(f"PyMuPDF (fitz) error: {e_fitz}")
app.logger.exception("PyMuPDF extraction failed")
# fallback to text extraction using PyPDF2 (no OCR)
if not extracted_text:
try:
from PyPDF2 import PdfReader
reader = PdfReader(tmp_path)
texts = []
for p in reader.pages:
try:
texts.append(p.extract_text() or "")
except Exception as e_page_text:
extraction_errors.append(f"PyPDF2 page extract error: {e_page_text}")
app.logger.exception("PyPDF2 page extraction error")
extracted_text = "\n\n".join(t for t in texts if t).strip()
if not extracted_text:
extraction_errors.append("PyPDF2 produced empty text")
except Exception as e_pypdf2:
extraction_errors.append(f"PyPDF2 error: {e_pypdf2}")
app.logger.exception("PyPDF2 extraction failed")
finally:
try:
os.remove(tmp_path)
except Exception:
pass
if not extracted_text:
# Build user-friendly, actionable details from collected errors
hints = []
for err in extraction_errors:
hints.append(err)
# common issues -> suggested fixes
if "Unable to get page count" in err or "pdf2image error" in err or "pdf2image" in err:
hints.append(
"pdf2image needs poppler (pdftoppm). Install poppler and ensure it's in PATH "
"(e.g. 'apt-get install poppler-utils' or 'brew install poppler' on macOS)."
)
if "No module named 'fitz'" in err or "PyMuPDF (fitz) error" in err:
hints.append("Install PyMuPDF: pip install pymupdf")
if "No module named 'PyPDF2'" in err or "PyPDF2 error" in err:
hints.append("Install PyPDF2: pip install PyPDF2")
if "pytesseract" in err and ("No such file or directory" in err or "Tesseract" in err):
hints.append(
"Tesseract binary not found. Install Tesseract OCR and ensure it's in PATH "
"(e.g. 'apt-get install tesseract-ocr' or 'brew install tesseract')."
)
details = " | ".join(hints) if hints else "unknown error"
app.logger.warning("PDF extraction failed: %s", details)
return jsonify({
"error": "Could not extract text from PDF (no supported tool available or file empty)",
"details": details
}), 400
# persist attachment
save_attachment(conv_id, filename, extracted_text)
resp = {"id": conv_id, "filename": filename}
if new_conv:
resp["new"] = True
return jsonify(resp)
# new endpoints: create and list conversations
@app.post("/conversations")
def create_conversations_endpoint():
"""
POST /conversations
Body JSON: { "account": "<required account id>" }
Returns: { "id": "<conv_id>", "new": true }
"""
try:
data = request.get_json(silent=True) or {}
except Exception:
data = {}
account = (data.get("account") or "").strip()
if not account:
return jsonify({"error": "Account required to create server-backed conversations"}), 403
key = f"acct:{account}"
conv_id = create_conversation(owner_key=key, preview="New chat")
return jsonify({"id": conv_id, "new": True})
@app.get("/conversations")
def get_conversations_endpoint():
"""
GET /conversations?account=<required>
Returns: { "conversations": [ {id, preview, timestamp}, ... ] }
"""
account = (request.args.get("account") or "").strip()
if not account:
return jsonify({"error": "Account required to list conversations"}), 403
key = f"acct:{account}"
try:
rows = list_conversations(key)
return jsonify({"conversations": rows})
except Exception as e:
app.logger.exception("failed to list conversations")
return jsonify({"error": str(e)}), 500
@app.post("/conversations/rename")
def rename_conversation():
"""
POST /conversations/rename
JSON: { "account": "...", "id": "<conv_id>", "preview": "<new title>" }
"""
try:
data = request.get_json(force=True)
except Exception:
return jsonify({"error": "Invalid JSON"}), 400
account = (data.get("account") or "").strip()
conv_id = (data.get("id") or "").strip()
preview = (data.get("preview") or "").strip()
if not account or not conv_id or not preview:
return jsonify({"error": "account, id and preview required"}), 400
owner_key = f"acct:{account}"
conn = sqlite3.connect(DB_FILE)
try:
cur = conn.execute("SELECT owner_key, IFNULL(archived,0) FROM conversations WHERE conv_id = ?", (conv_id,))
row = cur.fetchone()
if not row:
return jsonify({"error": "conversation not found"}), 404
if (row[0] or "") != owner_key:
return jsonify({"error": "forbidden"}), 403
if int(row[1]) == 1:
return jsonify({"error": "cannot rename archived conversation"}), 403
conn.execute("UPDATE conversations SET preview = ?, ts = ? WHERE conv_id = ?", (preview[:120], time.time(), conv_id))
conn.commit()
return jsonify({"ok": True})
except Exception as e:
conn.rollback()
return jsonify({"error": str(e)}), 500
finally:
conn.close()
@app.get("/conversations/archived")
def get_archived_conversations_endpoint():
"""
GET /conversations/archived?account=<required>
Returns archived conversations for this account
"""
account = (request.args.get("account") or "").strip()
if not account:
return jsonify({"error": "Account required to list conversations"}), 403
key = f"acct:{account}"
conn = sqlite3.connect(DB_FILE)
try:
cur = conn.execute(
"SELECT conv_id, preview, ts, CASE WHEN archive_pw_hash IS NULL OR archive_pw_hash = '' THEN 0 ELSE 1 END AS locked FROM conversations WHERE owner_key = ? AND IFNULL(archived,0) = 1 ORDER BY ts DESC",
(key,),
)
rows = cur.fetchall()
items = [{"id": r[0], "preview": r[1] or "New chat", "timestamp": r[2], "locked": bool(r[3])} for r in rows]
return jsonify({"conversations": items})
except Exception as e:
app.logger.exception("failed to list archived conversations")
return jsonify({"error": str(e)}), 500
finally:
conn.close()
@app.post("/conversations/archive")
def archive_conversation():
"""
POST /conversations/archive
JSON: { "account": "...", "id": "<conv_id>", "archived": true|false }
"""
try:
data = request.get_json(force=True)
except Exception:
return jsonify({"error": "Invalid JSON"}), 400
account = (data.get("account") or "").strip()
conv_id = (data.get("id") or "").strip()
archived = bool(data.get("archived", True))
password = (data.get("password") or "").strip()
if not account or not conv_id:
return jsonify({"error": "account and id required"}), 400
owner_key = f"acct:{account}"
conn = sqlite3.connect(DB_FILE)
try:
cur = conn.execute("SELECT owner_key FROM conversations WHERE conv_id = ?", (conv_id,))
row = cur.fetchone()
if not row:
return jsonify({"error": "conversation not found"}), 404
if (row[0] or "") != owner_key:
return jsonify({"error": "forbidden"}), 403
# when archiving, password is REQUIRED; when unarchiving, password MUST match
if archived:
if not password:
return jsonify({"error": "password required to archive"}), 400
pw_hash = generate_password_hash(password)
conn.execute("UPDATE conversations SET archive_pw_hash = ? WHERE conv_id = ?", (pw_hash, conv_id))
else:
cur = conn.execute("SELECT archive_pw_hash FROM conversations WHERE conv_id = ?", (conv_id,))
row = cur.fetchone()
if row and row[0]:
if not password or not check_password_hash(row[0], password):
return jsonify({"error": "invalid password"}), 403
# clear hash on successful unarchive
conn.execute("UPDATE conversations SET archive_pw_hash = NULL WHERE conv_id = ?", (conv_id,))
conn.execute("UPDATE conversations SET archived = ? WHERE conv_id = ?", (1 if archived else 0, conv_id))
conn.commit()
return jsonify({"ok": True})
except Exception as e:
conn.rollback()
return jsonify({"error": str(e)}), 500
finally:
conn.close()
@app.post("/api/register")
def register():
"""
POST /register
JSON: { "username": "...", "email": "...", "fullname": "...", "telephone": "...", "province": "...", "district": "...", "password": "..." }
"""
try:
data = request.get_json(force=True)
except Exception:
return jsonify({"error": "Invalid JSON"}), 400
# Extract and validate all fields
username = (data.get("username") or "").strip()
email = (data.get("email") or "").strip()
fullname = (data.get("fullname") or "").strip()
telephone = (data.get("telephone") or "").strip()
province = (data.get("province") or "").strip()
district = (data.get("district") or "").strip()
password = (data.get("password") or "")
# Collect validation errors
errors = {}
# Validate required fields
if not username:
errors['username'] = 'Username is required'
if not email:
errors['email'] = 'Email is required'
if not fullname:
errors['fullname'] = 'Full name is required'
if not telephone:
errors['telephone'] = 'Phone number is required'
if not province:
errors['province'] = 'Province is required'
if not district:
errors['district'] = 'District is required'
if not password:
errors['password'] = 'Password is required'
# Email validation
import re
if email:
email_pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
if not re.match(email_pattern, email):
errors['email'] = 'Please enter a valid email address'
# Phone validation (Rwanda format)
if telephone:
phone_pattern = r'^(\+250|0)[0-9]{9}$'
if not re.match(phone_pattern, telephone):
errors['telephone'] = 'Please enter a valid Rwanda phone number (+250XXXXXXXXX or 07XXXXXXXX)'
# Username validation
if username:
if len(username) < 3:
errors['username'] = 'Username must be at least 3 characters'
elif len(username) > 50:
errors['username'] = 'Username must be less than 50 characters'
elif not re.match(r'^[a-zA-Z0-9_]+$', username):
errors['username'] = 'Username can only contain letters, numbers, and underscores'
# Full name validation
if fullname:
if len(fullname) < 2:
errors['fullname'] = 'Full name must be at least 2 characters'
elif len(fullname) > 100:
errors['fullname'] = 'Full name must be less than 100 characters'
elif not re.match(r'^[a-zA-Z\s\-\'\.]+$', fullname):
errors['fullname'] = 'Full name can only contain letters, spaces, hyphens, apostrophes, and periods'
elif len(fullname.strip().split()) < 2:
errors['fullname'] = 'Please enter your complete name (first and last name)'
# Password validation
if password:
if len(password) < 8:
errors['password'] = 'Password must be at least 8 characters long'
elif len(password) > 128:
errors['password'] = 'Password must be less than 128 characters'
elif not re.search(r'[a-zA-Z]', password):
errors['password'] = 'Password must contain at least one letter'
elif not re.search(r'[0-9]', password):
errors['password'] = 'Password must contain at least one number'
# Province validation
if province:
valid_provinces = ['Kigali', 'Eastern', 'Northern', 'Southern', 'Western']
if province not in valid_provinces:
errors['province'] = 'Please select a valid province'
# District validation
if district and province:
province_districts = {
'Kigali': ['Gasabo', 'Kicukiro', 'Nyarugenge'],
'Eastern': ['Bugesera', 'Gatsibo', 'Kayonza', 'Kirehe', 'Ngoma', 'Nyagatare', 'Rwamagana'],
'Northern': ['Burera', 'Gakenke', 'Gicumbi', 'Musanze', 'Rulindo'],
'Southern': ['Gisagara', 'Huye', 'Kamonyi', 'Muhanga', 'Nyamagabe', 'Nyanza', 'Nyaruguru', 'Ruhango'],
'Western': ['Karongi', 'Ngororero', 'Nyabihu', 'Nyamasheke', 'Rubavu', 'Rusizi', 'Rutsiro']
}
if province in province_districts and district not in province_districts[province]:
errors['district'] = 'Please select a valid district for the selected province'
# Return field-specific errors if any
if errors:
return jsonify({"errors": errors, "message": "Please correct the errors below"}), 400
# Check if user already exists before attempting to insert
conn = sqlite3.connect(DB_FILE)
try:
# Check if username already exists
cur = conn.execute("SELECT 1 FROM users WHERE username = ?", (username,))
if cur.fetchone():
return jsonify({"errors": {"username": "This username is already taken. Please choose another."}, "message": "Please correct the errors below"}), 409
# Check if email already exists
cur = conn.execute("SELECT 1 FROM users WHERE email = ?", (email,))
if cur.fetchone():
return jsonify({"errors": {"email": "This email is already registered. Please use a different email."}, "message": "Please correct the errors below"}), 409
# Check if telephone already exists
cur = conn.execute("SELECT 1 FROM users WHERE telephone = ?", (telephone,))
if cur.fetchone():
return jsonify({"errors": {"telephone": "This phone number is already registered. Please use a different phone number."}, "message": "Please correct the errors below"}), 409
# All validations passed, create the user
pw_hash = generate_password_hash(password)
conn.execute(
"INSERT INTO users (username, email, fullname, telephone, province, district, password_hash, created_ts) VALUES (?, ?, ?, ?, ?, ?, ?, ?)",
(username, email, fullname, telephone, province, district, pw_hash, time.time()),
)
conn.commit()
except sqlite3.IntegrityError as e:
# Fallback error handling in case of race conditions
if "username" in str(e):
return jsonify({"errors": {"username": "This username is already taken. Please choose another."}, "message": "Please correct the errors below"}), 409
elif "email" in str(e):
return jsonify({"errors": {"email": "This email is already registered. Please use a different email."}, "message": "Please correct the errors below"}), 409
elif "telephone" in str(e):
return jsonify({"errors": {"telephone": "This phone number is already registered. Please use a different phone number."}, "message": "Please correct the errors below"}), 409
else:
return jsonify({"error": "Registration failed. Please try again."}), 409
except Exception as e:
app.logger.error(f"Registration error: {e}")
return jsonify({"error": "Registration failed. Please try again."}), 500
finally:
conn.close()
return jsonify({"ok": True, "account": username, "message": "Account created successfully"})
# API endpoint for user login
@app.post("/api/login")
def login():
"""
POST /login
JSON: { "email": "...", "password": "..." }
"""
try:
data = request.get_json(force=True)
except Exception:
return jsonify({"error": "Invalid JSON"}), 400
email = (data.get("email") or "").strip()
password = (data.get("password") or "")
if not email or not password:
return jsonify({"error": "email and password required"}), 400
# Email validation
import re
email_pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
if not re.match(email_pattern, email):
return jsonify({"error": "Invalid email format"}), 400
conn = sqlite3.connect(DB_FILE)
try:
cur = conn.execute("SELECT username, password_hash FROM users WHERE email = ?", (email,))
row = cur.fetchone()
if not row:
return jsonify({"error": "invalid credentials"}), 401
username, stored = row
if not check_password_hash(stored, password):
return jsonify({"error": "invalid credentials"}), 401
finally:
conn.close()
return jsonify({"ok": True, "account": username})
# --- Forgot/Reset Password (Users) ---
@app.post("/forgot_password")
def forgot_password():
"""
POST /forgot_password
JSON: { "email": "..." }
Creates a short-lived reset token and sends it via email.
"""
try:
data = request.get_json(force=True)
except Exception:
return jsonify({"error": "Invalid JSON"}), 400
email = (data.get("email") or "").strip()
if not email:
return jsonify({"error": "email required"}), 400
# Email validation
import re
email_pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
if not re.match(email_pattern, email):
return jsonify({"error": "Invalid email format"}), 400
# verify user exists
conn = sqlite3.connect(DB_FILE)
try:
cur = conn.execute("SELECT username, fullname FROM users WHERE email = ?", (email,))
user_row = cur.fetchone()
if not user_row:
# do not reveal whether the user exists; still return ok
return jsonify({"ok": True, "message": "If the email exists, a reset code has been sent."})
username, fullname = user_row
# Check if there's already an active reset token for this user
cur = conn.execute(
"SELECT id FROM password_resets WHERE username = ? AND used = 0 AND expires_ts > ?",
(username, time.time())
)
existing_token = cur.fetchone()
if existing_token:
# Invalidate the existing token
conn.execute("UPDATE password_resets SET used = 1 WHERE id = ?", (existing_token[0],))
# Generate new reset token
token = uuid.uuid4().hex[:6].upper() # 6-char code
expires = time.time() + 15 * 60 # 15 minutes
# Store the reset token
conn.execute(
"INSERT INTO password_resets (username, token, expires_ts, used) VALUES (?, ?, ?, 0)",
(username, token, expires),
)
conn.commit()
# Send email with reset code
try:
send_password_reset_email(email, username, token)
return jsonify({
"ok": True,
"message": "Password reset code sent to your email.",
"user_info": {
"username": username,
"fullname": fullname
}
})
except Exception as e:
# If email fails, still return the token for demo purposes
app.logger.error(f"Failed to send email: {e}")
return jsonify({
"ok": True,
"token": token,
"expires_in": 900,
"message": "Email service unavailable. Use this code for testing.",
"user_info": {
"username": username,
"fullname": fullname
}
})
finally:
conn.close()
@app.get("/forgot_password/available_emails")
def get_available_emails():
"""
GET /forgot_password/available_emails
Returns list of available emails for testing purposes
"""
conn = sqlite3.connect(DB_FILE)
try:
cur = conn.execute("SELECT DISTINCT email, username, fullname FROM users ORDER BY email")
users = cur.fetchall()
emails = []
for user in users:
emails.append({
"email": user[0],
"username": user[1],
"fullname": user[2]
})
return jsonify({
"ok": True,
"available_emails": emails,
"count": len(emails)
})
finally:
conn.close()
@app.post("/reset_password")
def reset_password():
"""
POST /reset_password
JSON: { "email": "...", "token": "ABC123", "new_password": "..." }
Validates token and updates the user's password.
"""
try:
data = request.get_json(force=True)
except Exception:
return jsonify({"error": "Invalid JSON"}), 400
email = (data.get("email") or "").strip()
token = (data.get("token") or "").strip().upper()
new_password = (data.get("new_password") or "")
if not email or not token or not new_password:
return jsonify({"error": "email, token, and new_password required"}), 400
if len(new_password) < 6:
return jsonify({"error": "new_password too short"}), 400
# Email validation
import re
email_pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
if not re.match(email_pattern, email):
return jsonify({"error": "Invalid email format"}), 400
conn = sqlite3.connect(DB_FILE)
try:
# First get the username from email
cur = conn.execute("SELECT username FROM users WHERE email = ?", (email,))
user_row = cur.fetchone()
if not user_row:
return jsonify({"error": "invalid email"}), 400
username = user_row[0]
# Then validate the token
cur = conn.execute(
"SELECT id, expires_ts, used FROM password_resets WHERE username = ? AND token = ?",
(username, token),
)
row = cur.fetchone()
if not row:
return jsonify({"error": "invalid token"}), 400
reset_id, expires_ts, used = row
if used:
return jsonify({"error": "token already used"}), 400
if time.time() > float(expires_ts):
return jsonify({"error": "token expired"}), 400
# Update password and mark token used
pw_hash = generate_password_hash(new_password)
conn.execute("UPDATE users SET password_hash = ? WHERE username = ?", (pw_hash, username))
conn.execute("UPDATE password_resets SET used = 1 WHERE id = ?", (reset_id,))
conn.commit()
# Get user info for confirmation
cur = conn.execute("SELECT email, fullname FROM users WHERE username = ?", (username,))
user_info = cur.fetchone()
return jsonify({
"ok": True,
"message": "Password reset successfully. You can now login with your new password.",
"user_info": {
"username": username,
"email": user_info[0] if user_info else email,
"fullname": user_info[1] if user_info else "User"
}
})
finally:
conn.close()
@app.post("/clear_chat")
def clear_chat():
"""Clear messages and attachments for a conversation."""
data = request.get_json(force=True)
conv_id = data.get("id")
if not conv_id:
return jsonify({"error": "Missing conversation id"}), 400
conn = sqlite3.connect(DB_FILE)
try:
# Delete messages and attachments for this conversation
conn.execute("DELETE FROM messages WHERE conv_id = ?", (conv_id,))
conn.execute("DELETE FROM attachments WHERE conv_id = ?", (conv_id,))
# Reset conversation preview
conn.execute(
"UPDATE conversations SET preview = ? WHERE conv_id = ?",
("New chat", conv_id),
)
conn.commit()
return jsonify({"ok": True})
except Exception as e:
return jsonify({"error": str(e)}), 500
finally:
conn.close()
# --- delete a conversation (requires account owner) ---
@app.post("/conversations/delete")
def delete_conversation():
"""
POST /conversations/delete
JSON: { "account": "...", "id": "<conv_id>" }
Only allows deletion when the conversation owner matches acct:<account>.
"""
try:
data = request.get_json(force=True)
except Exception:
return jsonify({"error": "Invalid JSON"}), 400
account = (data.get("account") or "").strip()
conv_id = (data.get("id") or "").strip()
password = (data.get("password") or "").strip()
if not account or not conv_id:
return jsonify({"error": "account and id required"}), 400
owner_key = f"acct:{account}"
conn = sqlite3.connect(DB_FILE)
try:
cur = conn.execute("SELECT owner_key, IFNULL(archived,0), archive_pw_hash FROM conversations WHERE conv_id = ?", (conv_id,))
row = cur.fetchone()
if not row:
return jsonify({"error": "conversation not found"}), 404
if (row[0] or "") != owner_key:
return jsonify({"error": "forbidden"}), 403
# If archived and locked, require correct password to delete
if int(row[1]) == 1 and row[2]:
if not password or not check_password_hash(row[2], password):
return jsonify({"error": "invalid password"}), 403
# delete related rows
conn.execute("DELETE FROM messages WHERE conv_id = ?", (conv_id,))
conn.execute("DELETE FROM attachments WHERE conv_id = ?", (conv_id,))
conn.execute("DELETE FROM sessions WHERE conv_id = ?", (conv_id,))
conn.execute("DELETE FROM conversations WHERE conv_id = ?", (conv_id,))
conn.commit()
return jsonify({"ok": True})
except Exception as e:
conn.rollback()
return jsonify({"error": str(e)}), 500
finally:
conn.close()
# --- NEW API ENDPOINTS FOR THERAPY BOOKING SYSTEM ---
# Admin endpoints
@app.post("/admin/professionals")
def create_professional():
"""Create a new professional"""
try:
data = request.get_json(force=True)
except Exception:
return jsonify({"error": "Invalid JSON"}), 400
required_fields = ['username', 'password', 'first_name', 'last_name', 'email', 'specialization', 'expertise_areas']
for field in required_fields:
if not data.get(field):
return jsonify({"error": f"Missing required field: {field}"}), 400
# Hash password
password_hash = generate_password_hash(data['password'])
# Prepare expertise areas as JSON
expertise_areas = json.dumps(data.get('expertise_areas', []))
languages = json.dumps(data.get('languages', ['english']))
qualifications = json.dumps(data.get('qualifications', []))
availability_schedule = json.dumps(data.get('availability_schedule', {}))
conn = sqlite3.connect(DB_FILE)
try:
# Check if username already exists
existing_username = conn.execute(
"SELECT username FROM professionals WHERE username = ?",
(data['username'],)
).fetchone()
if existing_username:
return jsonify({
"error": "Username already exists",
"details": f"Username '{data['username']}' is already taken. Please choose a different username."
}), 409
# Check if email already exists
existing_email = conn.execute(
"SELECT email FROM professionals WHERE email = ?",
(data['email'],)
).fetchone()
if existing_email:
return jsonify({
"error": "Email already exists",
"details": f"Email '{data['email']}' is already registered. Please use a different email."
}), 409
conn.execute("""
INSERT INTO professionals
(username, password_hash, first_name, last_name, email, phone, license_number,
specialization, expertise_areas, location_latitude, location_longitude,
location_address, district, availability_schedule, max_patients_per_day,
consultation_fee, languages, qualifications, experience_years, bio,
profile_picture, created_ts, updated_ts)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
""", (
data['username'], password_hash, data['first_name'], data['last_name'],
data['email'], data.get('phone'), data.get('license_number'),
data['specialization'], expertise_areas, data.get('location_latitude'),
data.get('location_longitude'), data.get('location_address'), data.get('district'),
availability_schedule, data.get('max_patients_per_day', 10),
data.get('consultation_fee'), languages, qualifications,
data.get('experience_years', 0), data.get('bio'), data.get('profile_picture'),
time.time(), time.time()
))
conn.commit()
return jsonify({"ok": True, "message": "Professional created successfully"})
except sqlite3.IntegrityError as e:
return jsonify({
"error": "Database constraint violation",
"details": str(e)
}), 409
except Exception as e:
return jsonify({"error": str(e)}), 500
finally:
conn.close()
@app.get("/admin/professionals/check-availability")
def check_professional_availability():
"""Check if username or email is available"""
username = request.args.get('username')
email = request.args.get('email')
if not username and not email:
return jsonify({"error": "Provide either username or email to check"}), 400
conn = sqlite3.connect(DB_FILE)
try:
result = {"username_available": True, "email_available": True}
if username:
existing_username = conn.execute(
"SELECT username FROM professionals WHERE username = ?",
(username,)
).fetchone()
result["username_available"] = existing_username is None
result["username"] = username
if email:
existing_email = conn.execute(
"SELECT email FROM professionals WHERE email = ?",
(email,)
).fetchone()
result["email_available"] = existing_email is None
result["email"] = email
return jsonify(result)
finally:
conn.close()
@app.get("/admin/professionals")
def list_professionals():
"""List all professionals with filtering"""
specialization = request.args.get('specialization')
is_active = request.args.get('is_active') # Remove default value to show all
conn = sqlite3.connect(DB_FILE)
try:
query = "SELECT * FROM professionals"
params = []
conditions = []
if is_active is not None:
conditions.append("is_active = ?")
params.append(is_active)
if specialization:
conditions.append("specialization = ?")
params.append(specialization)
if conditions:
query += " WHERE " + " AND ".join(conditions)
query += " ORDER BY created_ts DESC"
cur = conn.execute(query, params)
rows = cur.fetchall()
professionals = []
columns = [desc[0] for desc in cur.description]
for row in rows:
prof = dict(zip(columns, row))
# Parse JSON fields
prof['expertise_areas'] = json.loads(prof.get('expertise_areas', '[]'))
prof['languages'] = json.loads(prof.get('languages', '[]'))
prof['qualifications'] = json.loads(prof.get('qualifications', '[]'))
prof['availability_schedule'] = json.loads(prof.get('availability_schedule', '{}'))
professionals.append(prof)
return jsonify({"professionals": professionals})
finally:
conn.close()
@app.put("/admin/professionals/<int:prof_id>")
def update_professional(prof_id: int):
"""Update a professional's information"""
try:
data = request.get_json(force=True)
except Exception:
return jsonify({"error": "Invalid JSON"}), 400
conn = sqlite3.connect(DB_FILE)
try:
# Debug: Log received data
print(f"Update professional {prof_id} - Received data: {data}")
# Check if professional exists
cur = conn.execute("SELECT id FROM professionals WHERE id = ?", (prof_id,))
if not cur.fetchone():
return jsonify({"error": "Professional not found"}), 404
# Prepare update fields
update_fields = []
update_values = []
# Handle password update separately
if 'password' in data and data['password']:
password_hash = generate_password_hash(data['password'])
update_fields.append("password_hash = ?")
update_values.append(password_hash)
# Handle other fields
allowed_fields = [
'username', 'first_name', 'last_name', 'email', 'phone', 'license_number',
'specialization', 'location_latitude', 'location_longitude',
'location_address', 'district', 'max_patients_per_day',
'consultation_fee', 'experience_years', 'bio', 'profile_picture'
]
for field in allowed_fields:
if field in data:
update_fields.append(f"{field} = ?")
update_values.append(data[field])
print(f"Processing field: {field} = {data[field]}")
print(f"Update fields: {update_fields}")
# Handle JSON fields
if 'expertise_areas' in data:
update_fields.append("expertise_areas = ?")
update_values.append(json.dumps(data['expertise_areas']))
if 'languages' in data:
update_fields.append("languages = ?")
update_values.append(json.dumps(data['languages']))
if 'qualifications' in data:
update_fields.append("qualifications = ?")
update_values.append(json.dumps(data['qualifications']))
if 'availability_schedule' in data:
update_fields.append("availability_schedule = ?")
update_values.append(json.dumps(data['availability_schedule']))
if not update_fields:
return jsonify({"error": "No fields to update"}), 400
# Add updated timestamp
update_fields.append("updated_ts = ?")
update_values.append(time.time())
# Add professional ID for WHERE clause
update_values.append(prof_id)
# Execute update
query = f"UPDATE professionals SET {', '.join(update_fields)} WHERE id = ?"
conn.execute(query, update_values)
conn.commit()
return jsonify({"ok": True, "message": "Professional updated successfully"})
except Exception as e:
return jsonify({"error": str(e)}), 500
finally:
conn.close()
@app.delete("/admin/professionals/<int:prof_id>")
def delete_professional(prof_id: int):
"""Delete a professional account"""
conn = sqlite3.connect(DB_FILE)
try:
# Check if professional exists
cur = conn.execute("SELECT id, username FROM professionals WHERE id = ?", (prof_id,))
professional = cur.fetchone()
if not professional:
return jsonify({"error": "Professional not found"}), 404
# Check if professional has any active bookings
cur = conn.execute("""
SELECT COUNT(*) FROM automated_bookings
WHERE professional_id = ? AND booking_status IN ('pending', 'confirmed')
""", (prof_id,))
active_bookings = cur.fetchone()[0]
if active_bookings > 0:
return jsonify({
"error": "Cannot delete professional with active bookings",
"details": f"Professional has {active_bookings} active booking(s). Please resolve these bookings first."
}), 409
# Delete the professional
conn.execute("DELETE FROM professionals WHERE id = ?", (prof_id,))
conn.commit()
return jsonify({
"ok": True,
"message": f"Professional '{professional[1]}' deleted successfully"
})
except Exception as e:
return jsonify({"error": str(e)}), 500
finally:
conn.close()
@app.post("/admin/professionals/<int:prof_id>/status")
def toggle_professional_status(prof_id: int):
"""Activate/Deactivate a professional account"""
try:
data = request.get_json(force=True)
except Exception:
return jsonify({"error": "Invalid JSON"}), 400
if 'is_active' not in data:
return jsonify({"error": "Missing is_active"}), 400
is_active = 1 if bool(data['is_active']) else 0
conn = sqlite3.connect(DB_FILE)
try:
cur = conn.execute("SELECT id FROM professionals WHERE id = ?", (prof_id,))
if not cur.fetchone():
return jsonify({"error": "Professional not found"}), 404
conn.execute(
"UPDATE professionals SET is_active = ?, updated_ts = ? WHERE id = ?",
(is_active, time.time(), prof_id)
)
conn.commit()
return jsonify({"ok": True, "id": prof_id, "is_active": bool(is_active)})
finally:
conn.close()
@app.get("/admin/bookings")
def list_bookings():
"""List all automated bookings with user and professional information"""
status = request.args.get('status')
risk_level = request.args.get('risk_level')
limit = int(request.args.get('limit', 100))
conn = sqlite3.connect(DB_FILE)
try:
# Get all bookings with user and professional information
query = """
SELECT
ab.*,
u.fullname as user_fullname,
u.email as user_email,
u.telephone as user_phone,
u.province as user_province,
u.district as user_district,
(u.district || ', ' || u.province) as user_location,
u.created_ts as user_created_ts,
p.first_name as professional_first_name,
p.last_name as professional_last_name,
p.specialization as professional_specialization,
p.email as professional_email,
p.phone as professional_phone,
p.experience_years as professional_experience,
(p.first_name || ' ' || p.last_name) as professional_name
FROM automated_bookings ab
LEFT JOIN users u ON ab.user_account = u.username
LEFT JOIN professionals p ON ab.professional_id = p.id
"""
params = []
conditions = []
if status:
conditions.append("ab.booking_status = ?")
params.append(status)
if risk_level:
conditions.append("ab.risk_level = ?")
params.append(risk_level)
if conditions:
query += " WHERE " + " AND ".join(conditions)
query += " ORDER BY ab.created_ts DESC LIMIT ?"
params.append(limit)
cur = conn.execute(query, params)
rows = cur.fetchall()
bookings = []
columns = [desc[0] for desc in cur.description]
for row in rows:
booking = dict(zip(columns, row))
booking['detected_indicators'] = json.loads(booking.get('detected_indicators', '[]'))
# Handle professional name
if booking.get('professional_first_name') and booking.get('professional_last_name'):
booking['professional_name'] = f"{booking['professional_first_name']} {booking['professional_last_name']}"
else:
booking['professional_name'] = 'Unassigned'
# Handle user name
if not booking.get('user_fullname'):
booking['user_fullname'] = booking.get('user_account', 'Guest User')
bookings.append(booking)
# Calculate statistics
stats_query = """
SELECT
COUNT(*) as total,
SUM(CASE WHEN booking_status = 'confirmed' THEN 1 ELSE 0 END) as confirmed,
SUM(CASE WHEN booking_status = 'pending' THEN 1 ELSE 0 END) as pending,
SUM(CASE WHEN risk_level = 'critical' THEN 1 ELSE 0 END) as critical
FROM automated_bookings
"""
stats_cur = conn.execute(stats_query)
stats_row = stats_cur.fetchone()
stats = {
'total': stats_row[0] if stats_row[0] else 0,
'confirmed': stats_row[1] if stats_row[1] else 0,
'pending': stats_row[2] if stats_row[2] else 0,
'critical': stats_row[3] if stats_row[3] else 0
}
return jsonify({
"bookings": bookings,
"total": stats['total'],
"confirmed": stats['confirmed'],
"pending": stats['pending'],
"critical": stats['critical']
})
finally:
conn.close()
@app.get("/admin/risk-assessments")
def list_risk_assessments():
"""List recent risk assessments"""
limit = int(request.args.get('limit', 50))
conn = sqlite3.connect(DB_FILE)
try:
cur = conn.execute("""
SELECT * FROM risk_assessments
ORDER BY assessment_timestamp DESC
LIMIT ?
""", (limit,))
rows = cur.fetchall()
assessments = []
columns = [desc[0] for desc in cur.description]
for row in rows:
assessment = dict(zip(columns, row))
assessment['detected_indicators'] = json.loads(assessment.get('detected_indicators', '[]'))
assessments.append(assessment)
return jsonify({"assessments": assessments})
finally:
conn.close()
@app.get("/admin/users")
def list_users():
"""List all users for admin dashboard"""
limit = int(request.args.get('limit', 100))
search = request.args.get('search', '')
conn = sqlite3.connect(DB_FILE)
try:
# Build query with optional search
query = """
SELECT u.username, u.email, u.fullname, u.telephone, u.province, u.district, u.created_ts,
COALESCE(ra.risk_level, 'low') as latest_risk_level,
COALESCE(ra.risk_score, 0.0) as latest_risk_score,
COALESCE(ra.assessment_timestamp, 0) as last_assessment_time
FROM users u
LEFT JOIN (
SELECT user_account, risk_level, risk_score, assessment_timestamp,
ROW_NUMBER() OVER (PARTITION BY user_account ORDER BY assessment_timestamp DESC) as rn
FROM risk_assessments
) ra ON u.username = ra.user_account AND ra.rn = 1
"""
params = []
if search:
query += " WHERE (u.username LIKE ? OR u.fullname LIKE ? OR u.email LIKE ?)"
search_term = f"%{search}%"
params.extend([search_term, search_term, search_term])
query += " ORDER BY u.created_ts DESC LIMIT ?"
params.append(limit)
cur = conn.execute(query, params)
rows = cur.fetchall()
users = []
columns = [desc[0] for desc in cur.description]
for row in rows:
user = dict(zip(columns, row))
# Format last active time
if user['last_assessment_time'] > 0:
user['last_active'] = datetime.fromtimestamp(user['last_assessment_time']).strftime('%Y-%m-%d %H:%M')
else:
user['last_active'] = 'Never'
# Determine status based on recent activity
if user['last_assessment_time'] > 0:
days_since_active = (time.time() - user['last_assessment_time']) / 86400
user['status'] = 'Active' if days_since_active < 7 else 'Inactive'
else:
user['status'] = 'New'
users.append(user)
return jsonify({"users": users})
finally:
conn.close()
# Professional endpoints
@app.post("/professional/login")
def professional_login():
"""Professional login"""
try:
data = request.get_json(force=True)
except Exception:
return jsonify({"error": "Invalid JSON"}), 400
# Accept either username or email for convenience
username = (data.get("username") or "").strip()
email = (data.get("email") or "").strip()
password = (data.get("password") or "")
if (not username and not email) or not password:
return jsonify({"error": "username/email and password required"}), 400
conn = sqlite3.connect(DB_FILE)
try:
if username:
cur = conn.execute(
"SELECT id, password_hash, first_name, last_name, username, email FROM professionals WHERE username = ? AND is_active = 1",
(username,)
)
else:
cur = conn.execute(
"SELECT id, password_hash, first_name, last_name, username, email FROM professionals WHERE email = ? AND is_active = 1",
(email,)
)
row = cur.fetchone()
if not row:
return jsonify({"error": "invalid credentials"}), 401
prof_id, stored_hash, first_name, last_name, uname, uemail = row
if not check_password_hash(stored_hash, password):
return jsonify({"error": "invalid credentials"}), 401
return jsonify({
"ok": True,
"professional_id": prof_id,
"name": f"{first_name} {last_name}",
"username": uname,
"email": uemail
})
finally:
conn.close()
@app.post("/logout")
def logout():
"""Logout endpoint - clears all sessions"""
return jsonify({"ok": True, "message": "Logged out successfully"})
@app.post("/admin/login")
def admin_login():
"""Admin login - redirects to dashboard"""
try:
data = request.get_json(force=True)
except Exception:
return jsonify({"error": "Invalid JSON"}), 400
username = (data.get("username") or "").strip()
password = (data.get("password") or "")
if not username or not password:
return jsonify({"error": "username and password required"}), 400
conn = sqlite3.connect(DB_FILE)
try:
cur = conn.execute("SELECT id, password_hash, email, role FROM admin_users WHERE username = ?", (username,))
row = cur.fetchone()
if not row:
return jsonify({"error": "invalid credentials"}), 401
admin_id, stored_hash, email, role = row
if not check_password_hash(stored_hash, password):
return jsonify({"error": "invalid credentials"}), 401
# Create admin session token
import secrets
session_token = secrets.token_urlsafe(32)
return jsonify({
"ok": True,
"redirect": "/admin_dashboard.html",
"admin_id": admin_id,
"username": username,
"email": email,
"role": role,
"session_token": session_token
})
finally:
conn.close()
@app.get("/admin_dashboard.html")
def admin_dashboard():
"""Serve admin dashboard page"""
return send_from_directory(_CHATBOT_STATIC_DIR, 'admin_dashboard.html')
@app.put("/professional/sessions/<booking_id>/status")
def update_session_status(booking_id):
"""Update session status (accept/decline)"""
try:
data = request.get_json(force=True)
except Exception:
return jsonify({"error": "Invalid JSON"}), 400
new_status = data.get('status')
professional_id = data.get('professional_id')
if not new_status or not professional_id:
return jsonify({"error": "status and professional_id required"}), 400
if new_status not in ['confirmed', 'declined', 'completed']:
return jsonify({"error": "Invalid status"}), 400
conn = sqlite3.connect(DB_FILE)
try:
# Verify professional owns this booking
cur = conn.execute("SELECT professional_id FROM automated_bookings WHERE booking_id = ?", (booking_id,))
row = cur.fetchone()
if not row or row[0] != professional_id:
return jsonify({"error": "Unauthorized"}), 403
# Update booking status
conn.execute("UPDATE automated_bookings SET booking_status = ?, updated_ts = ? WHERE booking_id = ?",
(new_status, time.time(), booking_id))
# If confirmed, create session record
if new_status == 'confirmed':
conn.execute("""
INSERT INTO therapy_sessions
(booking_id, professional_id, conv_id, created_ts)
SELECT booking_id, professional_id, conv_id, ?
FROM automated_bookings WHERE booking_id = ?
""", (time.time(), booking_id))
conn.commit()
return jsonify({"ok": True})
finally:
conn.close()
@app.post("/professional/sessions/<booking_id>/notes")
def add_session_notes(booking_id):
"""Add notes to a session"""
try:
data = request.get_json(force=True)
except Exception:
return jsonify({"error": "Invalid JSON"}), 400
notes = data.get('notes', '')
professional_id = data.get('professional_id')
if not professional_id:
return jsonify({"error": "professional_id required"}), 400
conn = sqlite3.connect(DB_FILE)
try:
# Verify professional owns this booking
cur = conn.execute("SELECT professional_id FROM automated_bookings WHERE booking_id = ?", (booking_id,))
row = cur.fetchone()
if not row or row[0] != professional_id:
return jsonify({"error": "Unauthorized"}), 403
# Update session notes
conn.execute("""
UPDATE therapy_sessions
SET session_notes = ?, session_start = COALESCE(session_start, ?)
WHERE booking_id = ?
""", (notes, time.time(), booking_id))
conn.commit()
return jsonify({"ok": True})
finally:
conn.close()
# Real-time monitoring endpoints
@app.get("/monitor/risk-stats")
def get_risk_stats():
"""Get real-time risk statistics"""
conn = sqlite3.connect(DB_FILE)
try:
# Get counts by risk level for last 24 hours
cur = conn.execute("""
SELECT risk_level, COUNT(*) as count
FROM risk_assessments
WHERE assessment_timestamp > ?
GROUP BY risk_level
""", (time.time() - 86400,))
rows = cur.fetchall()
stats = {'critical': 0, 'high': 0, 'medium': 0, 'low': 0}
for row in rows:
stats[row[0]] = row[1]
return jsonify({"risk_stats": stats})
finally:
conn.close()
@app.get("/monitor/recent-assessments")
def get_recent_assessments():
"""Get recent risk assessments"""
limit = int(request.args.get('limit', 10))
conn = sqlite3.connect(DB_FILE)
try:
cur = conn.execute("""
SELECT ra.*, c.owner_key
FROM risk_assessments ra
LEFT JOIN conversations c ON ra.conv_id = c.conv_id
ORDER BY ra.assessment_timestamp DESC
LIMIT ?
""", (limit,))
rows = cur.fetchall()
assessments = []
columns = [desc[0] for desc in cur.description]
for row in rows:
assessment = dict(zip(columns, row))
assessment['detected_indicators'] = json.loads(assessment.get('detected_indicators', '[]'))
assessments.append(assessment)
return jsonify({"recent_assessments": assessments})
finally:
conn.close()
# Update run configuration to use port 7860 for API only
# --- PROFESSIONAL DASHBOARD API ENDPOINTS ---
@app.put("/professional/profile")
def update_professional_profile():
"""Update professional profile information"""
try:
data = request.get_json(force=True)
except Exception:
return jsonify({"error": "Invalid JSON"}), 400
professional_id = request.headers.get('X-Professional-ID')
if not professional_id:
return jsonify({"error": "Professional ID required"}), 400
# Optional fields that can be updated
update_fields = []
update_values = []
# Check which fields are provided and prepare update query
if 'first_name' in data:
update_fields.append("first_name = ?")
update_values.append(data['first_name'])
if 'last_name' in data:
update_fields.append("last_name = ?")
update_values.append(data['last_name'])
if 'email' in data:
update_fields.append("email = ?")
update_values.append(data['email'])
if 'phone' in data:
update_fields.append("phone = ?")
update_values.append(data['phone'])
if 'license_number' in data:
update_fields.append("license_number = ?")
update_values.append(data['license_number'])
if 'specialization' in data:
update_fields.append("specialization = ?")
update_values.append(data['specialization'])
if 'expertise_areas' in data:
update_fields.append("expertise_areas = ?")
update_values.append(json.dumps(data['expertise_areas']))
if 'location_latitude' in data:
update_fields.append("location_latitude = ?")
update_values.append(data['location_latitude'])
if 'location_longitude' in data:
update_fields.append("location_longitude = ?")
update_values.append(data['location_longitude'])
if 'location_address' in data:
update_fields.append("location_address = ?")
update_values.append(data['location_address'])
if 'district' in data:
update_fields.append("district = ?")
update_values.append(data['district'])
if 'availability_schedule' in data:
update_fields.append("availability_schedule = ?")
update_values.append(json.dumps(data['availability_schedule']))
if 'max_patients_per_day' in data:
update_fields.append("max_patients_per_day = ?")
update_values.append(data['max_patients_per_day'])
if 'consultation_fee' in data:
update_fields.append("consultation_fee = ?")
update_values.append(data['consultation_fee'])
if 'languages' in data:
update_fields.append("languages = ?")
update_values.append(json.dumps(data['languages']))
if 'qualifications' in data:
update_fields.append("qualifications = ?")
update_values.append(json.dumps(data['qualifications']))
if 'experience_years' in data:
update_fields.append("experience_years = ?")
update_values.append(data['experience_years'])
if 'bio' in data:
update_fields.append("bio = ?")
update_values.append(data['bio'])
if 'profile_picture' in data:
update_fields.append("profile_picture = ?")
update_values.append(data['profile_picture'])
if not update_fields:
return jsonify({"error": "No fields to update"}), 400
# Add updated timestamp
update_fields.append("updated_ts = ?")
update_values.append(time.time())
# Add professional_id for WHERE clause
update_values.append(professional_id)
conn = sqlite3.connect(DB_FILE)
try:
# Check if professional exists
cur = conn.execute("SELECT id FROM professionals WHERE id = ?", (professional_id,))
if not cur.fetchone():
return jsonify({"error": "Professional not found"}), 404
# Check for email conflicts if email is being updated
if 'email' in data:
existing_email = conn.execute(
"SELECT id FROM professionals WHERE email = ? AND id != ?",
(data['email'], professional_id)
).fetchone()
if existing_email:
return jsonify({
"error": "Email already exists",
"details": f"Email '{data['email']}' is already registered by another professional."
}), 409
# Build and execute update query
update_query = f"UPDATE professionals SET {', '.join(update_fields)} WHERE id = ?"
conn.execute(update_query, update_values)
conn.commit()
return jsonify({"ok": True, "message": "Professional profile updated successfully"})
except sqlite3.IntegrityError as e:
return jsonify({
"error": "Database constraint violation",
"details": str(e)
}), 409
except Exception as e:
return jsonify({"error": str(e)}), 500
finally:
conn.close()
@app.get("/professional/profile")
def get_professional_profile():
"""Get current professional's profile information"""
professional_id = request.headers.get('X-Professional-ID')
if not professional_id:
return jsonify({"error": "Professional ID required"}), 400
conn = sqlite3.connect(DB_FILE)
try:
cur = conn.execute("""
SELECT id, username, first_name, last_name, email, phone, license_number,
specialization, expertise_areas, location_latitude, location_longitude,
location_address, district, availability_schedule, max_patients_per_day,
consultation_fee, languages, qualifications, experience_years, bio,
profile_picture, is_active, created_ts, updated_ts
FROM professionals WHERE id = ?
""", (professional_id,))
row = cur.fetchone()
if not row:
return jsonify({"error": "Professional not found"}), 404
# Parse JSON fields
expertise_areas = json.loads(row[8]) if row[8] else []
availability_schedule = json.loads(row[13]) if row[13] else {}
languages = json.loads(row[16]) if row[16] else []
qualifications = json.loads(row[17]) if row[17] else []
profile = {
"id": row[0],
"username": row[1],
"first_name": row[2],
"last_name": row[3],
"email": row[4],
"phone": row[5],
"license_number": row[6],
"specialization": row[7],
"expertise_areas": expertise_areas,
"location_latitude": row[9],
"location_longitude": row[10],
"location_address": row[11],
"district": row[12],
"availability_schedule": availability_schedule,
"max_patients_per_day": row[14],
"consultation_fee": row[15],
"languages": languages,
"qualifications": qualifications,
"experience_years": row[18],
"bio": row[19],
"profile_picture": row[20],
"is_active": bool(row[21]),
"created_ts": row[22],
"updated_ts": row[23]
}
return jsonify(profile)
except Exception as e:
return jsonify({"error": str(e)}), 500
finally:
conn.close()
@app.get("/professional/dashboard-stats")
def get_professional_dashboard_stats():
"""Get dashboard statistics for professional"""
try:
conn = sqlite3.connect(DB_FILE)
# Get professional ID from session or request
professional_id = request.headers.get('X-Professional-ID', '1') # Default to Jean Ntwari for testing
# Total sessions
total_sessions = conn.execute("""
SELECT COUNT(*) FROM automated_bookings WHERE professional_id = ?
""", (professional_id,)).fetchone()[0]
# Active users (users with recent sessions)
active_users = conn.execute("""
SELECT COUNT(DISTINCT user_account) FROM automated_bookings
WHERE professional_id = ? AND booking_status IN ('confirmed', 'completed')
""", (professional_id,)).fetchone()[0]
# High risk cases
high_risk_cases = conn.execute("""
SELECT COUNT(*) FROM automated_bookings
WHERE professional_id = ? AND risk_level IN ('high', 'critical')
""", (professional_id,)).fetchone()[0]
# Unread notifications
unread_notifications = conn.execute("""
SELECT COUNT(*) FROM professional_notifications
WHERE professional_id = ? AND is_read = 0
""", (professional_id,)).fetchone()[0]
conn.close()
return jsonify({
'totalSessions': total_sessions,
'activeUsers': active_users,
'highRiskCases': high_risk_cases,
'unreadNotifications': unread_notifications
})
except Exception as e:
app.logger.error(f"Error getting dashboard stats: {e}")
return jsonify({'error': 'Failed to get dashboard stats'}), 500
@app.get("/professional/sessions")
def get_professional_sessions():
"""Get sessions for professional"""
try:
limit = request.args.get('limit', 50)
professional_id = request.headers.get('X-Professional-ID', '1') # Default to Jean Ntwari for testing
conn = sqlite3.connect(DB_FILE)
sessions = conn.execute("""
SELECT ab.booking_id, ab.conv_id, ab.user_account, ab.user_ip, ab.risk_level, ab.risk_score,
ab.detected_indicators, ab.conversation_summary, ab.booking_status,
ab.scheduled_datetime, ab.session_type, ab.created_ts, ab.updated_ts,
u.fullname, u.email, u.telephone, u.province, u.district
FROM automated_bookings ab
LEFT JOIN users u ON ab.user_account = u.username
WHERE ab.professional_id = ?
ORDER BY ab.created_ts DESC
LIMIT ?
""", (professional_id, limit)).fetchall()
conn.close()
sessions_data = []
for session in sessions:
# Format user location
user_location = None
if session[16] and session[17]: # province and district
user_location = f"{session[17]}, {session[16]}"
elif session[16]: # only province
user_location = session[16]
elif session[17]: # only district
user_location = session[17]
sessions_data.append({
'bookingId': session[0],
'convId': session[1],
'userAccount': session[2],
'userName': session[13] or session[2], # Use fullname if available, otherwise account
'userIp': session[3],
'riskLevel': session[4],
'riskScore': session[5],
'detectedIndicators': session[6],
'conversationSummary': session[7],
'bookingStatus': session[8],
'scheduledDatetime': session[9],
'sessionType': session[10],
'createdTs': session[11],
'updatedTs': session[12],
'userPhone': session[15], # telephone
'userEmail': session[14], # email
'userLocation': user_location
})
return jsonify(sessions_data)
except Exception as e:
app.logger.error(f"Error getting sessions: {e}")
return jsonify({'error': 'Failed to get sessions'}), 500
@app.get("/debug/test")
def debug_test():
"""Debug endpoint to test if new code is loaded"""
return jsonify({
'message': 'New code is loaded!',
'timestamp': time.time(),
'version': '2.0'
})
@app.get("/professional/sessions/<booking_id>")
def get_professional_session_details(booking_id):
"""Get detailed session information for professional"""
try:
professional_id = request.headers.get('X-Professional-ID', '1') # Default to Jean Ntwari for testing
conn = sqlite3.connect(DB_FILE)
# Get session details with complete user information
session = conn.execute("""
SELECT ab.booking_id, ab.conv_id, ab.user_account, ab.user_ip, ab.risk_level, ab.risk_score,
ab.detected_indicators, ab.conversation_summary, ab.booking_status,
ab.scheduled_datetime, ab.session_type, ab.created_ts, ab.updated_ts,
u.fullname, u.email, u.telephone, u.province, u.district, u.created_at
FROM automated_bookings ab
LEFT JOIN users u ON ab.user_account = u.username
WHERE ab.booking_id = ? AND ab.professional_id = ?
""", (booking_id, professional_id)).fetchone()
if not session:
conn.close()
return jsonify({'error': 'Session not found'}), 404
# Format user location
user_location = None
if session[17] and session[16]: # district and province
user_location = f"{session[17]}, {session[16]}"
elif session[16]: # only province
user_location = session[16]
elif session[17]: # only district
user_location = session[17]
# Get user's session history
user_sessions = conn.execute("""
SELECT booking_id, session_type, booking_status, risk_level, risk_score,
scheduled_datetime, created_ts
FROM automated_bookings
WHERE user_account = ? AND professional_id = ?
ORDER BY created_ts DESC
LIMIT 10
""", (session[2], professional_id)).fetchall()
# Get user's risk assessment history
risk_history = conn.execute("""
SELECT risk_level, risk_score, created_ts
FROM automated_bookings
WHERE user_account = ? AND professional_id = ?
ORDER BY created_ts DESC
LIMIT 10
""", (session[2], professional_id)).fetchall()
# Get conversation history for this session
conversation_history = conn.execute("""
SELECT role, content, ts
FROM messages
WHERE conv_id = ?
ORDER BY ts ASC
""", (session[1],)).fetchall()
# Get session notes if any (table may not exist)
session_notes = None
try:
session_notes = conn.execute("""
SELECT notes, treatment_plan, follow_up_required, follow_up_date
FROM session_notes
WHERE booking_id = ?
""", (booking_id,)).fetchone()
except sqlite3.OperationalError:
# session_notes table doesn't exist, that's okay
pass
conn.close()
# Format session data
session_data = {
'bookingId': session[0],
'convId': session[1],
'userAccount': session[2],
'userName': session[13] or session[2], # Use fullname if available, otherwise account
'userIp': session[3],
'riskLevel': session[4],
'riskScore': session[5],
'detectedIndicators': session[6],
'conversationSummary': session[7],
'bookingStatus': session[8],
'scheduledDatetime': session[9],
'sessionType': session[10],
'createdTs': session[11],
'updatedTs': session[12],
'userPhone': session[15], # telephone
'userEmail': session[14], # email
'userLocation': user_location,
'userFullName': session[13],
'userProvince': session[16],
'userDistrict': session[17],
'userCreatedAt': session[18],
'sessions': [
{
'bookingId': s[0],
'sessionType': s[1],
'bookingStatus': s[2],
'riskLevel': s[3],
'riskScore': s[4],
'scheduledDatetime': s[5],
'createdTs': s[6]
} for s in user_sessions
],
'riskAssessments': [
{
'riskLevel': r[0],
'riskScore': r[1],
'timestamp': r[2]
} for r in risk_history
],
'conversationHistory': [
{
'sender': c[0], # role
'content': c[1],
'timestamp': c[2] # ts
} for c in conversation_history
],
'sessionNotes': {
'notes': session_notes[0] if session_notes else None,
'treatmentPlan': session_notes[1] if session_notes else None,
'followUpRequired': session_notes[2] if session_notes else False,
'followUpDate': session_notes[3] if session_notes else None
} if session_notes else None
}
return jsonify(session_data)
except Exception as e:
app.logger.error(f"Error getting session details: {e}")
import traceback
error_details = traceback.format_exc()
app.logger.error(f"Full error traceback: {error_details}")
return jsonify({
'error': 'Failed to get session details',
'details': str(e),
'traceback': error_details
}), 500
@app.get("/professional/users/<username>")
def get_professional_user_details(username: str):
"""Get detailed user information for professional"""
try:
professional_id = request.headers.get('X-Professional-ID', '1') # Default to Jean Ntwari for testing
conn = sqlite3.connect(DB_FILE)
# Get user details
user = conn.execute("""
SELECT username, fullname, email, telephone, province, district, created_at
FROM users
WHERE username = ?
""", (username,)).fetchone()
if not user:
conn.close()
return jsonify({'error': 'User not found'}), 404
# Get user's session statistics
session_stats = conn.execute("""
SELECT COUNT(*) as total_bookings,
MAX(risk_score) as highest_risk_score,
MIN(created_ts) as first_booking_time,
MAX(created_ts) as last_booking_time
FROM automated_bookings
WHERE user_account = ? AND professional_id = ?
""", (username, professional_id)).fetchone()
# Get highest risk level
highest_risk = conn.execute("""
SELECT risk_level
FROM automated_bookings
WHERE user_account = ? AND professional_id = ? AND risk_score = ?
ORDER BY created_ts DESC
LIMIT 1
""", (username, professional_id, session_stats[1] or 0)).fetchone()
# Get user's sessions
sessions = conn.execute("""
SELECT booking_id, session_type, booking_status, risk_level, risk_score,
scheduled_datetime, created_ts
FROM automated_bookings
WHERE user_account = ? AND professional_id = ?
ORDER BY created_ts DESC
LIMIT 10
""", (username, professional_id)).fetchall()
# Get risk assessment history
risk_assessments = conn.execute("""
SELECT risk_level, risk_score, created_ts
FROM automated_bookings
WHERE user_account = ? AND professional_id = ?
ORDER BY created_ts DESC
LIMIT 10
""", (username, professional_id)).fetchall()
# Get recent conversations
conversations = conn.execute("""
SELECT DISTINCT cm.conv_id, cm.content, cm.timestamp
FROM conversation_messages cm
JOIN automated_bookings ab ON cm.conv_id = ab.conv_id
WHERE ab.user_account = ? AND ab.professional_id = ?
ORDER BY cm.timestamp DESC
LIMIT 5
""", (username, professional_id)).fetchall()
conn.close()
# Format user data
user_data = {
'userAccount': user[0],
'fullName': user[1],
'email': user[2],
'telephone': user[3],
'province': user[4],
'district': user[5],
'userCreatedAt': user[6],
'totalBookings': session_stats[0] or 0,
'highestRiskScore': session_stats[1] or 0,
'highestRiskLevel': highest_risk[0] if highest_risk else 'unknown',
'firstBookingTime': session_stats[2],
'lastBookingTime': session_stats[3],
'sessions': [
{
'bookingId': s[0],
'sessionType': s[1],
'bookingStatus': s[2],
'riskLevel': s[3],
'riskScore': s[4],
'scheduledDatetime': s[5],
'createdTs': s[6]
} for s in sessions
],
'riskAssessments': [
{
'riskLevel': r[0],
'riskScore': r[1],
'timestamp': r[2]
} for r in risk_assessments
],
'conversations': [
{
'convId': c[0],
'preview': c[1][:100] + '...' if len(c[1]) > 100 else c[1],
'timestamp': c[2]
} for c in conversations
]
}
return jsonify(user_data)
except Exception as e:
app.logger.error(f"Error getting user details: {e}")
return jsonify({'error': 'Failed to get user details'}), 500
@app.get("/professional/users")
def get_professional_users():
"""Get users for professional"""
try:
professional_id = request.headers.get('X-Professional-ID', '1') # Default to Jean Ntwari for testing
conn = sqlite3.connect(DB_FILE)
# Get users who have sessions with this professional
users = conn.execute("""
SELECT DISTINCT ab.user_account,
COUNT(*) as total_sessions,
MAX(ab.created_ts) as last_active,
MAX(ab.risk_level) as highest_risk_level,
COUNT(DISTINCT ab.conv_id) as total_conversations
FROM automated_bookings ab
WHERE ab.professional_id = ?
GROUP BY ab.user_account
ORDER BY last_active DESC
""", (professional_id,)).fetchall()
conn.close()
users_data = []
for user in users:
users_data.append({
'username': user[0],
'email': f"{user[0]}@example.com", # Placeholder
'totalSessions': user[1],
'lastActive': user[2],
'highestRiskLevel': user[3],
'totalConversations': user[4],
'status': 'active'
})
return jsonify(users_data)
except Exception as e:
app.logger.error(f"Error getting users: {e}")
return jsonify({'error': 'Failed to get users'}), 500
@app.get("/notifications")
def get_notifications():
"""Get all notifications for dashboard"""
try:
conn = sqlite3.connect(DB_FILE)
# Get notification counts and recent notifications
stats = {}
# Professional notifications count
prof_notifications = conn.execute("""
SELECT COUNT(*) FROM professional_notifications
WHERE is_read = 0
""").fetchone()[0]
# Recent bookings count (last 24 hours)
recent_bookings = conn.execute("""
SELECT COUNT(*) FROM automated_bookings
WHERE created_ts > ?
""", (time.time() - 86400,)).fetchone()[0]
# Critical risk assessments count
critical_risks = conn.execute("""
SELECT COUNT(*) FROM risk_assessments
WHERE risk_level = 'critical' AND assessment_timestamp > ?
""", (time.time() - 86400,)).fetchone()[0]
# New users count (last 24 hours)
new_users = conn.execute("""
SELECT COUNT(*) FROM users
WHERE created_ts > ?
""", (time.time() - 86400,)).fetchone()[0]
# Recent notifications (last 10)
recent_notifications = conn.execute("""
SELECT
pn.id,
pn.title,
pn.message,
pn.notification_type,
pn.is_read,
pn.created_ts,
(p.first_name || ' ' || p.last_name) as professional_name
FROM professional_notifications pn
LEFT JOIN professionals p ON pn.professional_id = p.id
ORDER BY pn.created_ts DESC
LIMIT 10
""").fetchall()
notifications_data = []
for notification in recent_notifications:
time_ago = get_time_ago(notification[5])
notifications_data.append({
'id': notification[0],
'title': notification[1],
'message': notification[2],
'type': notification[3],
'isRead': bool(notification[4]),
'createdAt': notification[5],
'timeAgo': time_ago,
'professionalName': notification[6] or 'System'
})
stats = {
'totalNotifications': prof_notifications,
'recentBookings': recent_bookings,
'criticalRisks': critical_risks,
'newUsers': new_users,
'notifications': notifications_data
}
conn.close()
return jsonify(stats)
except Exception as e:
app.logger.error(f"Error getting notifications: {e}")
return jsonify({'error': 'Failed to get notifications'}), 500
@app.get("/professional/notifications")
def get_professional_notifications():
"""Get notifications for professional"""
try:
limit = request.args.get('limit', 50)
professional_id = request.headers.get('X-Professional-ID', '1') # Default to Jean Ntwari for testing
conn = sqlite3.connect(DB_FILE)
notifications = conn.execute("""
SELECT id, title, message, notification_type, is_read, created_at
FROM professional_notifications
WHERE professional_id = ?
ORDER BY created_at DESC
LIMIT ?
""", (professional_id, limit)).fetchall()
conn.close()
notifications_data = []
for notification in notifications:
notifications_data.append({
'id': notification[0],
'title': notification[1],
'message': notification[2],
'type': notification[3],
'isRead': bool(notification[4]),
'createdAt': notification[5]
})
return jsonify(notifications_data)
except Exception as e:
app.logger.error(f"Error getting notifications: {e}")
return jsonify({'error': 'Failed to get notifications'}), 500
@app.get("/professional/users/<username>")
def get_user_profile(username):
"""Get detailed user profile"""
try:
conn = sqlite3.connect(DB_FILE)
# Get user's sessions
sessions = conn.execute("""
SELECT booking_id, risk_level, risk_score, detected_indicators,
scheduled_datetime, booking_status, session_type
FROM automated_bookings
WHERE user_account = ?
ORDER BY created_ts DESC
""", (username,)).fetchall()
# Get user's conversations
conversations = conn.execute("""
SELECT conv_id, preview, ts
FROM conversations
WHERE owner_key = ?
ORDER BY ts DESC
LIMIT 10
""", (username,)).fetchall()
conn.close()
# Calculate stats
total_sessions = len(sessions)
total_conversations = len(conversations)
highest_risk_level = max([s[1] for s in sessions], default='low')
last_active = max([s[4] for s in sessions], default=0) if sessions else 0
# Build risk history
risk_history = []
for session in sessions[:10]: # Last 10 sessions
risk_history.append({
'level': session[1],
'score': session[2],
'indicators': json.loads(session[3]) if session[3] else [],
'timestamp': session[4]
})
user_profile = {
'username': username,
'email': f"{username}@example.com", # Placeholder
'totalSessions': total_sessions,
'totalConversations': total_conversations,
'highestRiskLevel': highest_risk_level,
'lastActive': last_active,
'recentConversations': [
{
'title': conv[1] or 'Conversation',
'preview': conv[1] or 'No preview available',
'timestamp': conv[2]
} for conv in conversations
],
'riskHistory': risk_history
}
return jsonify(user_profile)
except Exception as e:
app.logger.error(f"Error getting user profile: {e}")
return jsonify({'error': 'Failed to get user profile'}), 500
@app.get("/professional/booked-users")
def get_all_booked_users():
"""Get comprehensive information for all booked users"""
try:
professional_id = request.headers.get('X-Professional-ID', '6')
conn = sqlite3.connect(DB_FILE)
# Get all booked users with comprehensive information
booked_users = conn.execute("""
SELECT DISTINCT
ab.user_account,
ab.user_ip,
u.fullname,
u.email,
u.telephone,
u.province,
u.district,
u.created_ts as user_created_at,
COUNT(ab.booking_id) as total_bookings,
MAX(ab.risk_level) as highest_risk_level,
MAX(ab.risk_score) as highest_risk_score,
MAX(ab.created_ts) as last_booking_time,
MIN(ab.created_ts) as first_booking_time
FROM automated_bookings ab
LEFT JOIN users u ON ab.user_account = u.username
WHERE ab.professional_id = ?
GROUP BY ab.user_account, ab.user_ip, u.fullname, u.email, u.telephone, u.province, u.district, u.created_ts
ORDER BY last_booking_time DESC
""", (professional_id,)).fetchall()
# Get detailed session information for each user
users_data = []
for user in booked_users:
user_account = user[0]
# Get all sessions for this user
sessions = conn.execute("""
SELECT booking_id, conv_id, risk_level, risk_score, detected_indicators,
conversation_summary, booking_status, scheduled_datetime, session_type,
created_ts, updated_ts
FROM automated_bookings
WHERE user_account = ? AND professional_id = ?
ORDER BY created_ts DESC
""", (user_account, professional_id)).fetchall()
# Get conversation history
conversations = conn.execute("""
SELECT conv_id, preview, ts
FROM conversations
WHERE owner_key = ?
ORDER BY ts DESC
LIMIT 5
""", (user_account,)).fetchall()
# Get risk assessment history
risk_assessments = conn.execute("""
SELECT risk_level, risk_score, detected_indicators, created_ts
FROM risk_assessments
WHERE user_account = ?
ORDER BY created_ts DESC
LIMIT 10
""", (user_account,)).fetchall()
user_data = {
'userAccount': user[0],
'userIp': user[1],
'fullName': user[2] or 'Not provided',
'email': user[3] or 'Not provided',
'telephone': user[4] or 'Not provided',
'province': user[5] or 'Not provided',
'district': user[6] or 'Not provided',
'userCreatedAt': user[7],
'totalBookings': user[8],
'highestRiskLevel': user[9],
'highestRiskScore': user[10],
'lastBookingTime': user[11],
'firstBookingTime': user[12],
'sessions': [],
'conversations': [],
'riskAssessments': []
}
# Add session details
for session in sessions:
user_data['sessions'].append({
'bookingId': session[0],
'convId': session[1],
'riskLevel': session[2],
'riskScore': session[3],
'detectedIndicators': session[4],
'conversationSummary': session[5],
'bookingStatus': session[6],
'scheduledDatetime': session[7],
'sessionType': session[8],
'createdTs': session[9],
'updatedTs': session[10]
})
# Add conversation details
for conv in conversations:
user_data['conversations'].append({
'convId': conv[0],
'preview': conv[1],
'timestamp': conv[2]
})
# Add risk assessment details
for risk in risk_assessments:
user_data['riskAssessments'].append({
'riskLevel': risk[0],
'riskScore': risk[1],
'detectedIndicators': risk[2],
'timestamp': risk[3]
})
users_data.append(user_data)
conn.close()
return jsonify({
'users': users_data,
'totalUsers': len(users_data),
'professionalId': professional_id
})
except Exception as e:
app.logger.error(f"Error getting booked users: {e}")
return jsonify({'error': 'Failed to get booked users'}), 500
@app.post("/professional/sessions/<booking_id>/accept")
def accept_session(booking_id):
"""Accept a session"""
try:
conn = sqlite3.connect(DB_FILE)
conn.execute("""
UPDATE automated_bookings
SET booking_status = 'confirmed', updated_ts = ?
WHERE booking_id = ?
""", (time.time(), booking_id))
conn.commit()
conn.close()
return jsonify({'success': True, 'message': 'Session accepted'})
except Exception as e:
app.logger.error(f"Error accepting session: {e}")
return jsonify({'error': 'Failed to accept session'}), 500
@app.post("/professional/sessions/<booking_id>/decline")
def decline_session(booking_id):
"""Decline a session"""
try:
conn = sqlite3.connect(DB_FILE)
conn.execute(
"""
UPDATE automated_bookings
SET booking_status = 'declined', updated_ts = ?
WHERE booking_id = ?
""",
(time.time(), booking_id)
)
conn.commit()
conn.close()
return jsonify({'success': True, 'message': 'Session declined'})
except Exception as e:
app.logger.error(f"Error declining session: {e}")
return jsonify({'error': 'Failed to decline session'}), 500
@app.post("/professional/notifications/mark-all-read")
def mark_all_notifications_read():
"""Mark all notifications as read"""
try:
professional_id = request.headers.get('X-Professional-ID', '1')
conn = sqlite3.connect(DB_FILE)
conn.execute("""
UPDATE professional_notifications
SET is_read = 1
WHERE professional_id = ?
""", (professional_id,))
conn.commit()
conn.close()
return jsonify({'success': True, 'message': 'All notifications marked as read'})
except Exception as e:
app.logger.error(f"Error marking notifications as read: {e}")
return jsonify({'error': 'Failed to mark notifications as read'}), 500
@app.post("/professional/notifications/<notification_id>/read")
def mark_notification_read(notification_id):
"""Mark a specific notification as read"""
try:
conn = sqlite3.connect(DB_FILE)
conn.execute("""
UPDATE professional_notifications
SET is_read = 1
WHERE id = ?
""", (notification_id,))
conn.commit()
conn.close()
return jsonify({'success': True, 'message': 'Notification marked as read'})
except Exception as e:
app.logger.error(f"Error marking notification as read: {e}")
return jsonify({'error': 'Failed to mark notification as read'}), 500
@app.post("/professional/reports/generate")
def generate_professional_report():
"""Generate comprehensive report for professional"""
try:
data = request.get_json()
period = data.get('period', 30)
professional_id = request.headers.get('X-Professional-ID', '1')
conn = sqlite3.connect(DB_FILE)
# Calculate date range
end_date = time.time()
start_date = end_date - (int(period) * 24 * 60 * 60)
# Get session statistics
sessions = conn.execute("""
SELECT user_account, risk_level, booking_status, scheduled_datetime, session_type
FROM automated_bookings
WHERE professional_id = ? AND created_ts >= ?
ORDER BY created_ts DESC
""", (professional_id, start_date)).fetchall()
conn.close()
# Calculate statistics
total_sessions = len(sessions)
unique_users = len(set(s[0] for s in sessions))
high_risk_cases = len([s for s in sessions if s[1] in ['high', 'critical']])
average_response_time = 15 # Placeholder - would need actual calculation
# Build session breakdown
session_breakdown = []
for session in sessions[:20]: # Last 20 sessions
session_breakdown.append({
'userName': session[0],
'sessionType': session[4],
'status': session[2],
'date': session[3],
'duration': 60, # Placeholder
'riskLevel': session[1]
})
report = {
'totalSessions': total_sessions,
'uniqueUsers': unique_users,
'highRiskCases': high_risk_cases,
'averageResponseTime': average_response_time,
'sessionBreakdown': session_breakdown
}
return jsonify(report)
except Exception as e:
app.logger.error(f"Error generating report: {e}")
return jsonify({'error': 'Failed to generate report'}), 500
# --- User intake for professionals ---
@app.post("/professional/users/intake")
def professional_user_intake():
"""Create or update user profile based on professional intake form."""
try:
data = request.get_json(force=True)
except Exception:
return jsonify({"error": "Invalid JSON"}), 400
username = (data.get('username') or '').strip()
email = (data.get('email') or '').strip()
full_name = (data.get('full_name') or '').strip()
phone = (data.get('phone') or '').strip()
province = (data.get('province') or '').strip()
district = (data.get('district') or '').strip()
password = data.get('password') or ''
confirm_password = data.get('confirm_password') or ''
if not username and not email:
return jsonify({"error": "username or email is required"}), 400
if password and password != confirm_password:
return jsonify({"error": "passwords do not match"}), 400
conn = sqlite3.connect(DB_FILE)
try:
cur = conn.execute("SELECT username FROM users WHERE username = ? OR email = ?", (username, email))
row = cur.fetchone()
if row:
# Update existing user
if password:
pw_hash = generate_password_hash(password)
conn.execute(
"UPDATE users SET email = ?, fullname = ?, phone = ?, province = ?, district = ?, password_hash = ? WHERE username = ?",
(email, full_name, phone, province, district, pw_hash, row[0])
)
else:
conn.execute(
"UPDATE users SET email = ?, fullname = ?, phone = ?, province = ?, district = ? WHERE username = ?",
(email, full_name, phone, province, district, row[0])
)
conn.commit()
return jsonify({"ok": True, "updated": True, "username": row[0]})
else:
# Create new user
if not username or not email:
return jsonify({"error": "username and email are required for new users"}), 400
pw_hash = generate_password_hash(password) if password else generate_password_hash(uuid.uuid4().hex[:10])
conn.execute(
"INSERT INTO users (username, email, fullname, phone, province, district, password_hash, created_ts) VALUES (?, ?, ?, ?, ?, ?, ?, ?)",
(username, email, full_name, phone, province, district, pw_hash, time.time())
)
conn.commit()
return jsonify({"ok": True, "created": True, "username": username})
except Exception as e:
app.logger.error(f"User intake failed: {e}")
return jsonify({"error": "Failed to save user"}), 500
finally:
conn.close()
# --- SMS Testing and Management Endpoints ---
@app.post("/admin/sms/test")
def test_sms_service():
"""Test SMS service connection and send test message"""
try:
sms_service = get_sms_service()
if not sms_service:
return jsonify({'error': 'SMS service not initialized'}), 500
data = request.get_json()
test_phone = data.get('phone', '+250000000000')
test_message = data.get('message', 'AIMHSA SMS Test - Service is working correctly')
result = sms_service.send_sms(
sender_id="AIMHSA",
phone_number=test_phone,
message=test_message
)
return jsonify({
'success': result.get('success', False),
'message': 'SMS test completed',
'result': result
})
except Exception as e:
app.logger.error(f"SMS test failed: {e}")
return jsonify({'error': f'SMS test failed: {str(e)}'}), 500
@app.post("/admin/sms/send-booking-notification")
def send_booking_sms():
"""Manually send booking notification SMS"""
try:
data = request.get_json()
booking_id = data.get('booking_id')
if not booking_id:
return jsonify({'error': 'Booking ID required'}), 400
# Get booking details
conn = sqlite3.connect(DB_FILE)
try:
booking = conn.execute("""
SELECT ab.*, p.first_name, p.last_name, p.specialization, p.phone as prof_phone,
u.fullname, u.telephone as user_phone
FROM automated_bookings ab
LEFT JOIN professionals p ON ab.professional_id = p.id
LEFT JOIN users u ON ab.user_account = u.username
WHERE ab.booking_id = ?
""", (booking_id,)).fetchone()
if not booking:
return jsonify({'error': 'Booking not found'}), 404
# Prepare data for SMS
professional_data = {
'first_name': booking[12],
'last_name': booking[13],
'specialization': booking[14],
'phone': booking[15]
}
user_data = {
'fullname': booking[16],
'telephone': booking[17]
}
booking_data = {
'booking_id': booking[1],
'scheduled_time': booking[10],
'session_type': booking[11],
'risk_level': booking[6]
}
# Send SMS notifications
sms_service = get_sms_service()
results = {}
if sms_service:
# Send to user
if user_data.get('telephone'):
user_result = sms_service.send_booking_notification(
user_data, professional_data, booking_data
)
results['user_sms'] = user_result
# Send to professional
if professional_data.get('phone'):
prof_result = sms_service.send_professional_notification(
professional_data, user_data, booking_data
)
results['professional_sms'] = prof_result
return jsonify({
'success': True,
'message': 'SMS notifications sent',
'results': results
})
else:
return jsonify({'error': 'SMS service not available'}), 500
finally:
conn.close()
except Exception as e:
app.logger.error(f"Failed to send booking SMS: {e}")
return jsonify({'error': f'Failed to send SMS: {str(e)}'}), 500
@app.get("/admin/sms/status")
def get_sms_status():
"""Get SMS service status and configuration"""
try:
sms_service = get_sms_service()
if not sms_service:
return jsonify({
'status': 'not_initialized',
'message': 'SMS service not initialized'
})
# Test connection
connection_test = sms_service.test_connection()
return jsonify({
'status': 'initialized',
'api_id': HDEV_SMS_API_ID,
'api_key_masked': HDEV_SMS_API_KEY[:10] + '...' if HDEV_SMS_API_KEY else 'Not set',
'connection_test': connection_test,
'message': 'SMS service is ready' if connection_test else 'SMS service initialized but connection test failed'
})
except Exception as e:
app.logger.error(f"Failed to get SMS status: {e}")
return jsonify({'error': f'Failed to get SMS status: {str(e)}'}), 500
if __name__ == "__main__":
app.run(host="0.0.0.0", port=7860, debug=True)