Create main.py

main.py

@@ -0,0 +1,613 @@
+import os
+import io
+import uuid
+import re
+import time
+import json
+import traceback
+import wave
+from datetime import datetime, timedelta
+
+from flask import Flask, request, jsonify
+from flask_cors import CORS
+import firebase_admin
+from firebase_admin import credentials, db, storage, auth
+from PIL import Image
+import requests
+
+# Import and configure Google GenAI, matching the Streamlit app
+from google import genai
+from google.genai import types
+
+# -----------------------------------------------------------------------------
+# 1. CONFIGURATION & INITIALIZATION
+# -----------------------------------------------------------------------------
+
+# Initialize Flask app and CORS
+app = Flask(__name__)
+CORS(app)
+
+# --- Firebase Initialization ---
+try:
+    credentials_json_string = os.environ.get("FIREBASE")
+    if not credentials_json_string:
+        raise ValueError("The FIREBASE environment variable is not set.")
+    
+    credentials_json = json.loads(credentials_json_string)
+    firebase_db_url = os.environ.get("Firebase_DB")
+    firebase_storage_bucket = os.environ.get("Firebase_Storage")
+
+    if not firebase_db_url or not firebase_storage_bucket:
+        raise ValueError("Firebase_DB and Firebase_Storage environment variables must be set.")
+
+    cred = credentials.Certificate(credentials_json)
+    firebase_admin.initialize_app(cred, {
+        'databaseURL': firebase_db_url,
+        'storageBucket': firebase_storage_bucket
+    })
+    print("Firebase Admin SDK initialized successfully.")
+except Exception as e:
+    print(f"FATAL: Error initializing Firebase: {e}")
+    exit(1)
+
+# Initialize Firebase services
+bucket = storage.bucket()
+db_ref = db.reference()
+
+
+# --- Google GenAI Client Initialization (as per Streamlit app) ---
+try:
+    api_key = os.environ.get("Gemini")
+    if not api_key:
+        raise ValueError("The 'Gemini' environment variable for the API key is not set.")
+    
+    client = genai.Client(api_key=api_key)
+    print("Google GenAI Client initialized successfully.")
+except Exception as e:
+    print(f"FATAL: Error initializing GenAI Client: {e}")
+    exit(1)
+
+# --- Model Constants (as per Streamlit app) ---
+CATEGORY_MODEL = "gemini-2.0-flash-exp"
+GENERATION_MODEL = "gemini-2.0-flash-exp-image-generation"
+TTS_MODEL = "gemini-2.5-flash-preview-tts"
+
+
+# -----------------------------------------------------------------------------
+# 2. HELPER FUNCTIONS (Adapted directly from Streamlit App & Template)
+# -----------------------------------------------------------------------------
+
+def verify_token(auth_header):
+    """Verifies the Firebase ID token from the Authorization header."""
+    if not auth_header or not auth_header.startswith('Bearer '):
+        return None
+    token = auth_header.split('Bearer ')[1]
+    try:
+        decoded_token = auth.verify_id_token(token)
+        return decoded_token['uid']
+    except Exception as e:
+        print(f"Token verification failed: {e}")
+        return None
+
+def verify_admin(auth_header):
+    """Verifies if the user is an admin."""
+    uid = verify_token(auth_header)
+    if not uid:
+        raise PermissionError('Invalid or missing user token')
+    
+    user_ref = db_ref.child(f'users/{uid}')
+    user_data = user_ref.get()
+    if not user_data or not user_data.get('is_admin', False):
+        raise PermissionError('Admin access required')
+    return uid
+
+def upload_to_storage(data_bytes, destination_blob_name, content_type):
+    """Uploads a bytes object to Firebase Storage and returns its public URL."""
+    blob = bucket.blob(destination_blob_name)
+    blob.upload_from_string(data_bytes, content_type=content_type)
+    blob.make_public()
+    return blob.public_url
+
+def parse_numbered_steps(text):
+    """Helper to parse numbered steps out of Gemini text."""
+    text = "\n" + text
+    steps_found = re.findall(r"\n\s*(\d+)\.\s*(.*)", text, re.MULTILINE)
+    return [{"stepNumber": int(num), "text": desc.strip()} for num, desc in steps_found]
+
+def _convert_pcm_to_wav(pcm_data, sample_rate=24000, channels=1, sample_width=2):
+    """Wraps raw PCM audio data in a WAV container in memory."""
+    audio_buffer = io.BytesIO()
+    with wave.open(audio_buffer, 'wb') as wf:
+        wf.setnchannels(channels)
+        wf.setsampwidth(sample_width)
+        wf.setframerate(sample_rate)
+        wf.writeframes(pcm_data)
+    audio_buffer.seek(0)
+    return audio_buffer.getvalue()
+
+def generate_tts_audio_and_upload(text_to_speak, uid, project_id, step_num):
+    """Generates audio using the exact method from the Streamlit app and uploads it."""
+    try:
+        response = client.models.generate_content(
+            model=TTS_MODEL,
+            contents=f"Say clearly: {text_to_speak}",
+            config=types.GenerateContentConfig(
+                response_modalities=["AUDIO"],
+                speech_config=types.SpeechConfig(
+                    voice_config=types.VoiceConfig(
+                        prebuilt_voice_config=types.PrebuiltVoiceConfig(voice_name='Kore')
+                    )
+                ),
+            )
+        )
+        audio_part = response.candidates[0].content.parts[0]
+        audio_data = audio_part.inline_data.data
+        mime_type = audio_part.inline_data.mime_type
+        
+        final_audio_bytes = _convert_pcm_to_wav(audio_data) if 'pcm' in mime_type else audio_data
+        
+        audio_path = f"users/{uid}/projects/{project_id}/narrations/step_{step_num}.wav"
+        return upload_to_storage(final_audio_bytes, audio_path, 'audio/wav')
+    except Exception as e:
+        print(f"Error during TTS generation for step {step_num}: {e}")
+        return None
+
+def send_text_request(model_name, prompt, image):
+    """Helper to send requests that expect only a text response."""
+    try:
+        chat = client.chats.create(model=model_name)
+        response = chat.send_message([prompt, image])
+        response_text = "".join(part.text for part in response.candidates[0].content.parts if hasattr(part, 'text'))
+        return response_text.strip()
+    except Exception as e:
+        print(f"Error with model {model_name}: {e}")
+        return None
+
+# -----------------------------------------------------------------------------
+# 3. AUTHENTICATION & USER MANAGEMENT
+# -----------------------------------------------------------------------------
+
+@app.route('/api/auth/signup', methods=['POST'])
+def signup():
+    try:
+        data = request.get_json()
+        email, password = data.get('email'), data.get('password')
+        if not email or not password: return jsonify({'error': 'Email and password are required'}), 400
+
+        user = auth.create_user(email=email, password=password)
+        user_ref = db_ref.child(f'users/{user.uid}')
+        user_data = {'email': email, 'credits': 15, 'is_admin': False, 'createdAt': datetime.utcnow().isoformat()}
+        user_ref.set(user_data)
+        return jsonify({'success': True, 'uid': user.uid, **user_data}), 201
+    except Exception as e:
+        return jsonify({'error': str(e)}), 400
+
+@app.route('/api/user/profile', methods=['GET'])
+def get_user_profile():
+    uid = verify_token(request.headers.get('Authorization'))
+    if not uid: return jsonify({'error': 'Invalid or expired token'}), 401
+    
+    user_data = db_ref.child(f'users/{uid}').get()
+    if not user_data: return jsonify({'error': 'User not found'}), 404
+    
+    return jsonify({'uid': uid, **user_data})
+
+# -----------------------------------------------------------------------------
+# 4. FEEDBACK AND CREDIT REQUESTS (USER-FACING)
+# -----------------------------------------------------------------------------
+
+@app.route('/api/feedback', methods=['POST'])
+def submit_feedback():
+    uid = verify_token(request.headers.get('Authorization'))
+    if not uid: return jsonify({'error': 'Invalid or expired token'}), 401
+
+    try:
+        data = request.get_json()
+        if not data or not data.get('message'): return jsonify({'error': 'Message is required'}), 400
+
+        user_email = (db_ref.child(f'users/{uid}').get() or {}).get('email', 'unknown')
+        
+        feedback_ref = db_ref.child('feedback').push()
+        feedback_record = {
+            "feedbackId": feedback_ref.key,
+            "userId": uid,
+            "userEmail": user_email,
+            "type": data.get('type', 'general'),
+            "message": data.get('message'),
+            "createdAt": datetime.utcnow().isoformat(),
+            "status": "open"
+        }
+        feedback_ref.set(feedback_record)
+        return jsonify({"success": True, "feedbackId": feedback_ref.key}), 201
+    except Exception as e:
+        return jsonify({'error': str(e)}), 500
+
+@app.route('/api/user/request-credits', methods=['POST'])
+def request_credits():
+    uid = verify_token(request.headers.get('Authorization'))
+    if not uid: return jsonify({'error': 'Invalid or expired token'}), 401
+    
+    try:
+        data = request.get_json()
+        if not data or 'requested_credits' not in data: return jsonify({'error': 'requested_credits is required'}), 400
+
+        request_ref = db_ref.child('credit_requests').push()
+        request_ref.set({
+            'requestId': request_ref.key,
+            'userId': uid,
+            'requested_credits': data['requested_credits'],
+            'status': 'pending',
+            'requestedAt': datetime.utcnow().isoformat()
+        })
+        return jsonify({'success': True, 'requestId': request_ref.key})
+    except Exception as e:
+        return jsonify({'error': str(e)}), 500
+
+# -----------------------------------------------------------------------------
+# 5. ADMIN ENDPOINTS
+# -----------------------------------------------------------------------------
+
+@app.route('/api/admin/profile', methods=['GET'])
+def get_admin_profile():
+    try:
+        admin_uid = verify_admin(request.headers.get('Authorization'))
+        
+        # Fetch all necessary data from Firebase in one go
+        all_users = db_ref.child('users').get() or {}
+        all_projects = db_ref.child('projects').get() or {}
+        all_feedback = db_ref.child('feedback').get() or {}
+        all_credit_requests = db_ref.child('credit_requests').get() or {}
+
+        # --- User Statistics Calculation ---
+        total_users = len(all_users)
+        admin_count = 0
+        total_credits_in_system = 0
+        new_users_last_7_days = 0
+        seven_days_ago = datetime.utcnow() - timedelta(days=7)
+
+        for user_data in all_users.values():
+            if user_data.get('is_admin', False):
+                admin_count += 1
+            total_credits_in_system += user_data.get('credits', 0)
+            
+            # Check for new users
+            try:
+                created_at_str = user_data.get('createdAt')
+                if created_at_str:
+                    # Accommodate different possible ISO formats
+                    user_created_at = datetime.fromisoformat(created_at_str.replace('Z', '+00:00'))
+                    if user_created_at.replace(tzinfo=None) > seven_days_ago:
+                        new_users_last_7_days += 1
+            except (ValueError, TypeError):
+                # Ignore if date format is invalid or missing
+                pass
+
+        # --- Project Statistics Calculation ---
+        total_projects = len(all_projects)
+        projects_by_status = {
+            "awaiting_approval": 0,
+            "awaiting_selection": 0,
+            "ready": 0,
+            "unknown": 0
+        }
+        projects_by_category = {}
+
+        for project_data in all_projects.values():
+            # Tally by status
+            status = project_data.get('status', 'unknown')
+            projects_by_status[status] = projects_by_status.get(status, 0) + 1
+            
+            # Tally by category
+            category = project_data.get('category', 'N/A')
+            projects_by_category[category] = projects_by_category.get(category, 0) + 1
+
+        # --- System Health Calculation ---
+        open_feedback_count = sum(1 for fb in all_feedback.values() if fb.get('status') == 'open')
+        pending_requests_count = sum(1 for req in all_credit_requests.values() if req.get('status') == 'pending')
+
+        # Assemble the final response object
+        admin_personal_data = all_users.get(admin_uid, {})
+        
+        response_data = {
+            'uid': admin_uid,
+            'email': admin_personal_data.get('email'),
+            'credits': admin_personal_data.get('credits'),
+            'is_admin': True,
+            'dashboardStats': {
+                'users': {
+                    'total': total_users,
+                    'admins': admin_count,
+                    'regular': total_users - admin_count,
+                    'newLast7Days': new_users_last_7_days,
+                    'totalCreditsInSystem': total_credits_in_system
+                },
+                'projects': {
+                    'total': total_projects,
+                    'byStatus': projects_by_status,
+                    'byCategory': projects_by_category
+                },
+                'system': {
+                    'openFeedback': open_feedback_count,
+                    'pendingCreditRequests': pending_requests_count
+                }
+            }
+        }
+        
+        return jsonify(response_data), 200
+
+    except PermissionError as e:
+        return jsonify({'error': str(e)}), 403 # Use 403 Forbidden for permission issues
+    except Exception as e:
+        print(traceback.format_exc())
+        return jsonify({'error': f"An internal error occurred: {e}"}), 500
+
+@app.route('/api/admin/credit_requests', methods=['GET'])
+def list_credit_requests():
+    try:
+        verify_admin(request.headers.get('Authorization'))
+        requests_data = db_ref.child('credit_requests').get() or {}
+        return jsonify(list(requests_data.values()))
+    except Exception as e:
+        return jsonify({'error': str(e)}), 500
+
+@app.route('/api/admin/credit_requests/<string:request_id>', methods=['PUT'])
+def process_credit_request(request_id):
+    try:
+        admin_uid = verify_admin(request.headers.get('Authorization'))
+        req_ref = db_ref.child(f'credit_requests/{request_id}')
+        req_data = req_ref.get()
+        if not req_data: return jsonify({'error': 'Credit request not found'}), 404
+
+        decision = request.json.get('decision')
+        if decision not in ['approved', 'declined']: return jsonify({'error': 'Decision must be "approved" or "declined"'}), 400
+
+        if decision == 'approved':
+            user_ref = db_ref.child(f'users/{req_data["userId"]}')
+            user_data = user_ref.get()
+            if user_data:
+                new_total = user_data.get('credits', 0) + int(req_data.get('requested_credits', 0))
+                user_ref.update({'credits': new_total})
+        
+        req_ref.update({'status': decision, 'processedBy': admin_uid, 'processedAt': datetime.utcnow().isoformat()})
+        return jsonify({'success': True, 'message': f'Request {decision}.'})
+    except Exception as e:
+        return jsonify({'error': str(e)}), 500
+
+@app.route('/api/admin/feedback', methods=['GET'])
+def admin_view_feedback():
+    try:
+        verify_admin(request.headers.get('Authorization'))
+        feedback_data = db_ref.child('feedback').get() or {}
+        return jsonify(list(feedback_data.values()))
+    except Exception as e:
+        return jsonify({'error': str(e)}), 500
+
+@app.route('/api/admin/users', methods=['GET'])
+def admin_list_users():
+    try:
+        verify_admin(request.headers.get('Authorization'))
+        all_users = db_ref.child('users').get() or {}
+        user_list = [{'uid': uid, **data} for uid, data in all_users.items()]
+        return jsonify(user_list)
+    except Exception as e:
+        return jsonify({'error': str(e)}), 500
+
+@app.route('/api/admin/users/<string:uid>/credits', methods=['PUT'])
+def admin_update_credits(uid):
+    try:
+        verify_admin(request.headers.get('Authorization'))
+        add_credits = request.json.get('add_credits')
+        if add_credits is None: return jsonify({'error': 'add_credits is required'}), 400
+
+        user_ref = db_ref.child(f'users/{uid}')
+        user_data = user_ref.get()
+        if not user_data: return jsonify({'error': 'User not found'}), 404
+
+        new_total = user_data.get('credits', 0) + float(add_credits)
+        user_ref.update({'credits': new_total})
+        return jsonify({'success': True, 'new_total_credits': new_total})
+    except Exception as e:
+        return jsonify({'error': str(e)}), 500
+
+# -----------------------------------------------------------------------------
+# 6. DIY PROJECT ENDPOINTS (Core Logic)
+# -----------------------------------------------------------------------------
+# (The project endpoints from the previous answer go here, unchanged)
+@app.route('/api/projects', methods=['POST'])
+def create_project():
+    uid = verify_token(request.headers.get('Authorization'))
+    if not uid: return jsonify({'error': 'Unauthorized'}), 401
+
+    user_ref = db_ref.child(f'users/{uid}')
+    user_data = user_ref.get()
+    if not user_data or user_data.get('credits', 0) < 1:
+        return jsonify({'error': 'Insufficient credits'}), 402
+
+    if 'image' not in request.files:
+        return jsonify({'error': 'Image file is required'}), 400
+    
+    image_file = request.files['image']
+    context_text = request.form.get('contextText', '')
+    image_bytes = image_file.read()
+    pil_image = Image.open(io.BytesIO(image_bytes))
+
+    try:
+        category_prompt = (
+            "You are an expert DIY assistant. Analyze the user's image and context. "
+            f"Context: '{context_text}'. "
+            "Categorize the project into ONE of the following: "
+            "Home Appliance Repair, Automotive Maintenance, Gardening & Urban Farming, "
+            "Upcycling & Sustainable Crafts, or DIY Project Creation. "
+            "Reply with ONLY the category name."
+        )
+        category = send_text_request(CATEGORY_MODEL, category_prompt, pil_image)
+        if not category: return jsonify({'error': 'Failed to get project category from AI.'}), 500
+
+        plan_prompt = f"""
+        You are an expert DIY assistant in the category: {category}.
+        User Context: "{context_text if context_text else 'No context provided.'}"
+        Based on the image and context, perform the following:
+        1.  **Title:** Create a short, clear title for this project.
+        2.  **Description:** Write a brief, one-paragraph description of the goal.
+        3.  **Initial Plan:**
+            - If 'Upcycling & Sustainable Crafts' AND no specific project is mentioned, propose three distinct project options as a numbered list under "UPCYCLING OPTIONS:".
+            - For all other cases, briefly outline the main stages of the proposed solution.
+        Structure your response EXACTLY like this:
+        TITLE: [Your title]
+        DESCRIPTION: [Your description]
+        INITIAL PLAN:
+        [Your plan or 3 options]
+        """
+        plan_response = send_text_request(GENERATION_MODEL, plan_prompt, pil_image)
+        if not plan_response: return jsonify({'error': 'Failed to generate project plan from AI.'}), 500
+        
+        title = re.search(r"TITLE:\s*(.*)", plan_response).group(1).strip()
+        description = re.search(r"DESCRIPTION:\s*(.*)", plan_response, re.DOTALL).group(1).strip()
+        initial_plan_text = re.search(r"INITIAL PLAN:\s*(.*)", plan_response, re.DOTALL).group(1).strip()
+
+        upcycling_options = re.findall(r"^\s*\d+\.\s*(.*)", initial_plan_text, re.MULTILINE) if "UPCYCLING OPTIONS:" in initial_plan_text else []
+        initial_plan = initial_plan_text if not upcycling_options else ""
+        status = "awaiting_selection" if upcycling_options else "awaiting_approval"
+        
+        project_id = str(uuid.uuid4())
+        image_path = f"users/{uid}/projects/{project_id}/initial_image.png"
+        image_url = upload_to_storage(image_bytes, image_path, content_type=image_file.content_type)
+
+        project_data = {
+            "uid": uid, "projectId": project_id, "status": status, "createdAt": datetime.utcnow().isoformat(),
+            "userImageURL": image_url, "contextText": context_text, "projectTitle": title,
+            "projectDescription": description, "category": category, "initialPlan": initial_plan,
+            "upcyclingOptions": upcycling_options, "toolsList": [], "steps": []
+        }
+        db_ref.child(f'projects/{project_id}').set(project_data)
+
+        user_ref.update({'credits': user_data.get('credits', 1) - 1})
+        return jsonify(project_data), 201
+
+    except Exception as e:
+        print(traceback.format_exc())
+        return jsonify({'error': f"An error occurred: {e}"}), 500
+
+@app.route('/api/projects/<string:project_id>/approve', methods=['PUT'])
+def approve_project_plan(project_id):
+    uid = verify_token(request.headers.get('Authorization'))
+    if not uid: return jsonify({'error': 'Unauthorized'}), 401
+    
+    project_ref = db_ref.child(f'projects/{project_id}')
+    project_data = project_ref.get()
+    if not project_data or project_data.get('uid') != uid:
+        return jsonify({'error': 'Project not found or access denied'}), 404
+
+    selected_option = request.json.get('selectedOption')
+    response = requests.get(project_data['userImageURL'])
+    pil_image = Image.open(io.BytesIO(response.content))
+
+    context = f"The user chose the upcycling project: '{selected_option}'." if selected_option else f"The user has approved the plan for '{project_data['projectTitle']}'."
+
+    detailed_prompt = f"""
+    You are a DIY expert. The user wants to proceed with the project titled "{project_data['projectTitle']}".
+    {context}
+    Provide a detailed guide. For each step, you MUST provide a simple, clear illustrative image.
+    Format your response EXACTLY like this:
+
+    TOOLS AND MATERIALS:
+    - Tool A
+    - Material B
+
+    STEPS(Maximum 7 steps):
+    1. First step instructions.
+    2. Second step instructions...
+    """
+    try:
+        chat = client.chats.create(model=GENERATION_MODEL, config=types.GenerateContentConfig(response_modalities=["Text", "Image"]))
+        full_resp = chat.send_message([detailed_prompt, pil_image])
+        
+        combined_text = "".join(part.text + "\n" for part in full_resp.parts if hasattr(part, 'text') and part.text)
+        inline_images = [Image.open(BytesIO(part.inline_data.data)) for part in full_resp.parts if hasattr(part, 'inline_data')]
+
+        tools_section = re.search(r"TOOLS AND MATERIALS:\s*(.*?)\s*STEPS:", combined_text, re.DOTALL).group(1).strip()
+        steps_section = re.search(r"STEPS:\s*(.*)", combined_text, re.DOTALL).group(1).strip()
+        
+        tools_list = [line.strip("- ").strip() for line in tools_section.split('\n') if line.strip()]
+        parsed_steps = parse_numbered_steps(steps_section)
+
+        if len(parsed_steps) != len(inline_images): return jsonify({'error': 'AI response mismatch: Steps and images do not match.'}), 500
+
+        final_steps = []
+        for i, step_info in enumerate(parsed_steps):
+            img_byte_arr = io.BytesIO()
+            inline_images[i].save(img_byte_arr, format='PNG')
+            img_path = f"users/{uid}/projects/{project_id}/steps/step_{i+1}_image.png"
+            img_url = upload_to_storage(img_byte_arr.getvalue(), img_path, 'image/png')
+            
+            narration_url = generate_tts_audio_and_upload(step_info['text'], uid, project_id, i + 1)
+            step_info.update({"imageUrl": img_url, "narrationUrl": narration_url, "isDone": False, "notes": ""})
+            final_steps.append(step_info)
+        
+        update_data = {"status": "ready", "toolsList": tools_list, "steps": final_steps, "selectedOption": selected_option or ""}
+        project_ref.update(update_data)
+        
+        return jsonify({"success": True, **update_data})
+
+    except Exception as e:
+        print(traceback.format_exc())
+        return jsonify({'error': f"Failed to generate detailed guide: {e}"}), 500
+
+@app.route('/api/projects', methods=['GET'])
+def list_projects():
+    uid = verify_token(request.headers.get('Authorization'))
+    if not uid: return jsonify({'error': 'Unauthorized'}), 401
+    projects = (db_ref.child('projects').order_by_child('uid').equal_to(uid).get() or {}).values()
+    return jsonify(list(projects))
+
+@app.route('/api/projects/<string:project_id>', methods=['GET'])
+def get_project(project_id):
+    uid = verify_token(request.headers.get('Authorization'))
+    if not uid: return jsonify({'error': 'Unauthorized'}), 401
+    project_data = db_ref.child(f'projects/{project_id}').get()
+    if not project_data or project_data.get('uid') != uid:
+        return jsonify({'error': 'Project not found or access denied'}), 404
+    return jsonify(project_data)
+
+@app.route('/api/projects/<string:project_id>/step/<int:step_number>', methods=['PUT'])
+def update_step(project_id, step_number):
+    uid = verify_token(request.headers.get('Authorization'))
+    if not uid: return jsonify({'error': 'Unauthorized'}), 401
+    data = request.get_json()
+    if data is None: return jsonify({'error': 'JSON body is required'}), 400
+
+    project_data = db_ref.child(f'projects/{project_id}').get()
+    if not project_data or project_data.get('uid') != uid:
+        return jsonify({'error': 'Project not found or access denied'}), 404
+
+    steps = project_data.get('steps', [])
+    step_index = next((i for i, s in enumerate(steps) if s.get('stepNumber') == step_number), -1)
+    if step_index == -1: return jsonify({'error': f'Step number {step_number} not found'}), 404
+
+    step_path = f'projects/{project_id}/steps/{step_index}'
+    if 'isDone' in data: db_ref.child(f'{step_path}/isDone').set(bool(data['isDone']))
+    if 'notes' in data: db_ref.child(f'{step_path}/notes').set(str(data['notes']))
+    
+    return jsonify({"success": True, "updatedStep": db_ref.child(step_path).get()})
+
+@app.route('/api/projects/<string:project_id>', methods=['DELETE'])
+def delete_project(project_id):
+    uid = verify_token(request.headers.get('Authorization'))
+    if not uid: return jsonify({'error': 'Unauthorized'}), 401
+    
+    project_ref = db_ref.child(f'projects/{project_id}')
+    project_data = project_ref.get()
+    if not project_data or project_data.get('uid') != uid:
+        return jsonify({'error': 'Project not found or access denied'}), 404
+
+    project_ref.delete()
+    for blob in bucket.list_blobs(prefix=f"users/{uid}/projects/{project_id}/"):
+        blob.delete()
+    return jsonify({"success": True, "message": f"Project {project_id} deleted."})
+
+
+# -----------------------------------------------------------------------------
+# 7. MAIN EXECUTION
+# -----------------------------------------------------------------------------
+if __name__ == '__main__':
+    app.run(debug=True, host="0.0.0.0", port=int(os.environ.get("PORT", 7860)))