Update main.py

main.py

@@ -2,7 +2,7 @@ import os
 import io
 import json
 import hashlib
-from datetime import datetime, time, timedelta
+from datetime import datetime, timedelta
 from PIL import Image
 import pytz
 from flask import Flask, request, jsonify, send_file
@@ -18,16 +18,24 @@ app = Flask(__name__)
 CORS(app)
 
 # Firebase initialization
-cred = credentials.Certificate('datingi-firebase-adminsdk-obe4r-d63a25b54e.json')
+cred = credentials.Certificate('firebase-adminsdk.json')
 firebase_admin.initialize_app(cred, {
-    'databaseURL': 'https://datingi.firebaseio.com',
-    'storageBucket': 'datingi.firebasestorage.app'
+    'databaseURL': 'https://your-db-url.firebaseio.com',
+    'storageBucket': 'your-storage-bucket.app'
 })
 
 bucket = storage.bucket()
 api_key = os.environ['Gemini']
-FIREBASE_API_KEY = os.environ.get('FIREBASE_API_KEY')
 
+# Product Categories
+CATEGORIES = [
+    'Masks',
+    'Gloves',
+    'Face Shields',
+    'Protective Suits',
+    'Sanitizers',
+    'Disinfectants'
+]
 
 # Helper functions
 def configure_gemini():
@@ -38,250 +46,9 @@ def verify_token(token):
     try:
         decoded_token = auth.verify_id_token(token)
         return decoded_token['uid']
-    except Exception as e:
+    except Exception:
         return None
 
-def check_daily_reset(user_ref):
-    try:
-        user_data = user_ref.get()
-        now = datetime.now(pytz.UTC)
-        last_reset = datetime.fromisoformat(user_data.get('last_reset', '2000-01-01T00:00:00+00:00'))
-        
-        if now.time() >= time(8,0) and last_reset.date() < now.date():
-            user_ref.update({
-                'remaining_cash': user_data['daily_cash'],
-                'last_reset': now.isoformat()
-            })
-            return True
-        return False
-    except Exception as e:
-        print(f"Reset error: {str(e)}")
-        return False
-        
-# Process receipt image
-def process_receipt(model, image):
-    prompt = """Analyze this image and determine if it's a receipt. If it is a receipt, extract:
-    - Total amount (as float)
-    - List of items purchased (array of strings)
-    - Date of transaction (DD/MM/YYYY format)
-    - Receipt number (as string)
-    Return JSON format with keys: is_receipt (boolean), total, items, date, receipt_number.
-    If not a receipt, return {"is_receipt": false}"""
-    
-    try:
-        response = model.generate_content([prompt, image])
-        return response.text
-    except Exception as e:
-        print(f"Gemini error: {str(e)}")
-        return "{}"
-
-
-# Write report 
-@app.route('/api/write-report', methods=['POST'])
-def generate_report():
-    prompt = """You are the TrueSpend AI analyst, analyze this transaction data 
-    and write an insightful business report on the spending habits of the employees.
-    Make sure the report is in plain text"""
-    model = configure_gemini()
-    try:
-        transaction_data = request.get_json()
-        transaction_json_string = json.dumps(transaction_data['transactions'])
-        response = model.generate_content([prompt, transaction_json_string])
-        report = response.text
-        return jsonify({"report": report})
-    except Exception as e:
-        return jsonify({"error": str(e)}), 500
-
-# ========================================
-# Authentication Endpoints
-# ========================================
-# (Any existing authentication endpoints remain unchanged)
-
-# ========================================
-# Receipt Processing Endpoint (unchanged)
-# ========================================
-
-@app.route('/api/process-receipt', methods=['POST'])
-def process_receipt_endpoint():
-    try:
-        auth_header = request.headers.get('Authorization')
-        token = auth_header.split('Bearer ')[1] if auth_header else None
-        uid = verify_token(token) if token else None
-        
-        if not uid:
-            return jsonify({'error': 'Invalid token'}), 401
-
-        user_ref = db.reference(f'users/{uid}')
-        user_data = user_ref.get()
-        check_daily_reset(user_ref)
-
-        # Handle manual entry
-        if request.form.get('manual_entry') == 'true':
-            return handle_manual_entry(uid, user_ref, user_data)
-
-        # Handle image processing
-        file = request.files.get('receipt')
-        if not file:
-            return jsonify({'error': 'No file uploaded'}), 400
-
-        image_bytes = file.read()
-        file_hash = hashlib.md5(image_bytes).hexdigest()
-
-        transactions_ref = db.reference('transactions')
-        existing = transactions_ref.order_by_child('hash').equal_to(file_hash).get()
-        if existing:
-            return jsonify({'error': 'Receipt already processed'}), 400
-
-        image = Image.open(io.BytesIO(image_bytes))
-        model = configure_gemini()
-        result_text = process_receipt(model, image)
-
-        try:
-            json_str = result_text[result_text.find('{'):result_text.rfind('}')+1]
-            data = json.loads(json_str)
-        except json.JSONDecodeError:
-            return jsonify({'error': 'Failed to parse receipt data', 'raw_response': result_text}), 400
-
-        if not data.get('is_receipt', False):
-            return jsonify({'error': 'Not a valid receipt'}), 400
-
-        return validate_and_save_transaction(
-            uid=uid,
-            user_data=user_data,
-            data=data,
-            file_hash=file_hash,
-            image_bytes=image_bytes,
-            manual=False
-        )
-
-    except Exception as e:
-        print(e)
-        return jsonify({'error': str(e)}), 500
-
-def handle_manual_entry(uid, user_ref, user_data):
-    try:
-        data = {
-            'total': float(request.form.get('total')),
-            'items': [item.strip() for item in request.form.get('items', '').split(',')],
-            'date': request.form.get('date'),
-            'receipt_number': request.form.get('receipt_number'),
-            'is_receipt': True
-        }
-
-        return validate_and_save_transaction(
-            uid=uid,
-            user_data=user_data,
-            data=data,
-            file_hash=hashlib.md5(str(datetime.now()).encode()).hexdigest(),
-            image_bytes=None,
-            manual=True
-        )
-    except Exception as e:
-        return jsonify({'error': str(e)}), 400
-
-def validate_and_save_transaction(uid, user_data, data, file_hash, image_bytes, manual=False):
-    transactions_ref = db.reference('transactions')
-    receipt_number = data.get('receipt_number')
-    items = data.get('items', [])
-
-    # Check for duplicate transactions based on receipt number and items.
-    existing_transactions_with_receipt = transactions_ref.order_by_child('receipt_number').equal_to(receipt_number).get()
-
-    if existing_transactions_with_receipt:
-        for transaction_id, existing_transaction_data in existing_transactions_with_receipt.items():
-            existing_items = sorted(existing_transaction_data.get('items', []))
-            current_items = sorted(items)
-            if existing_items == current_items:
-                return jsonify({'error': f"Transaction with Receipt #{receipt_number} and identical items already exists"}), 400
-
-    total = float(data.get('total', 0))
-    if total > user_data['remaining_cash']:
-        return jsonify({'error': 'Insufficient funds'}), 400
-
-    # Upload image if available
-    image_url = None
-    if image_bytes and not manual:
-        timestamp = datetime.now().strftime('%Y%m%d_%H%M%S')
-        blob = bucket.blob(f'receipts/{uid}/{timestamp}_{file_hash}.jpg')
-        blob.upload_from_string(image_bytes, content_type='image/jpeg')
-        image_url = blob.public_url
-
-    # Update user cash
-    new_remaining = user_data['remaining_cash'] - total
-    db.reference(f'users/{uid}').update({'remaining_cash': new_remaining})
-
-    transaction_data = {
-        'uid': uid,
-        'total': total,
-        'items': items,
-        'date': data.get('date'),
-        'receipt_number': receipt_number,
-        'timestamp': datetime.now(pytz.UTC).isoformat(),
-        'hash': file_hash,
-        'image_url': image_url,
-        'manual_entry': manual
-    }
-
-    new_transaction_ref = transactions_ref.push(transaction_data)
-    return jsonify({
-        'success': True,
-        'transaction': {**transaction_data, 'id': new_transaction_ref.key},
-        'remaining_cash': new_remaining
-    })
-
-# ========================================
-# Data Endpoints for Visualizations
-# ========================================
-
-@app.route('/api/user/spending-overview', methods=['GET'])
-def get_spending_overview():
-    try:
-        uid = verify_token(request.headers.get('Authorization', '').split(' ')[1])
-        transactions_ref = db.reference('transactions')
-        transactions = transactions_ref.order_by_child('uid').equal_to(uid).get()
-
-        if transactions is None:
-            return jsonify({
-                'daily_spending': [],
-                'recent_transactions': []
-            })
-        
-        df = pd.DataFrame.from_dict(transactions, orient='index')
-        if df.empty:
-            return jsonify({
-                'daily_spending': [],
-                'recent_transactions': []
-            })
-        
-        df.dropna(subset=['uid','total','items','date', 'receipt_number', 'timestamp','hash', 'manual_entry'], inplace=True)
-        if df.empty:
-            return jsonify({
-                'daily_spending': [],
-                'recent_transactions': []
-            })
-        
-        df['date'] = pd.to_datetime(df['date'], format='%d/%m/%Y', errors='coerce')
-        df.dropna(subset=['date'], inplace=True)
-        if df.empty:
-            return jsonify({
-                'daily_spending': [],
-                'recent_transactions': []
-            })
-        
-        daily_spending = df.groupby(df['date'].dt.date)['total'].sum().reset_index()
-
-        return jsonify({
-            'daily_spending': daily_spending.to_dict(orient='records'),
-            'recent_transactions': df.sort_values(by='timestamp', ascending=False)
-                .head(10)
-                .to_dict(orient='records')
-        })
-    except Exception as e:
-        return jsonify({'error': str(e)}), 500
-
-# ========================================
-# Modified verify_admin function (now checks database is_admin flag)
-# ========================================
 def verify_admin(auth_header):
     if not auth_header or not auth_header.startswith('Bearer '):
         raise ValueError('Invalid token')
@@ -296,295 +63,324 @@ def verify_admin(auth_header):
     if not user_data or not user_data.get('is_admin', False):
         raise PermissionError('Admin access required')
 
-    try:
-        auth.set_custom_user_claims(uid, {"admin": True})
-        print(f"Custom admin claim set for user {uid}")
-    except Exception as e:
-        print(f"Error setting custom admin claim: {e}")
-        raise PermissionError('Error setting admin claim, but admin verified')
-
     return uid
 
-# ========================================
-# Existing Admin Endpoints
-# ========================================
-@app.route('/api/admin/overview', methods=['GET'])
-def get_admin_overview():
+# Product Management Endpoints
+@app.route('/api/admin/products', methods=['POST'])
+def create_product():
     try:
         verify_admin(request.headers.get('Authorization', ''))
         
-        users_ref = db.reference('users')
-        all_users = users_ref.get() or {}
-        users_list = []
-        for uid, user_data in all_users.items():
-            try:
-                auth_user = auth.get_user(uid)
-                email = auth_user.email
-            except:
-                email = "Deleted User"
-            users_list.append({
-                'uid': uid,
-                'email': email,
-                'daily_cash': user_data.get('daily_cash', 0),
-                'remaining_cash': user_data.get('remaining_cash', 0),
-                'last_reset': user_data.get('last_reset'),
-                'is_admin': user_data.get('is_admin', False)
-            })
-
-        transactions_ref = db.reference('transactions')
-        all_transactions = transactions_ref.get() or {}
-        transactions_list = [{'id': tid, **data} for tid, data in all_transactions.items()]
-
-        return jsonify({
-            'users': users_list,
-            'transactions': transactions_list,
-            'analytics': {
-                'total_users': len(users_list),
-                'total_transactions': len(transactions_list),
-                'total_spent': sum(t['total'] for t in transactions_list)
-            }
+        if 'image' not in request.files:
+            return jsonify({'error': 'No image file uploaded'}), 400
+            
+        file = request.files['image']
+        name = request.form.get('name')
+        category = request.form.get('category')
+        price = float(request.form.get('price'))
+        description = request.form.get('description')
+        stock = int(request.form.get('stock', 0))
+        
+        if category not in CATEGORIES:
+            return jsonify({'error': 'Invalid category'}), 400
+            
+        # Upload image
+        image_bytes = file.read()
+        timestamp = datetime.now().strftime('%Y%m%d_%H%M%S')
+        file_hash = hashlib.md5(image_bytes).hexdigest()
+        blob = bucket.blob(f'products/{timestamp}_{file_hash}.jpg')
+        blob.upload_from_string(image_bytes, content_type='image/jpeg')
+        image_url = blob.public_url
+        
+        # Create product
+        product_ref = db.reference('products').push({
+            'name': name,
+            'category': category,
+            'price': price,
+            'description': description,
+            'stock': stock,
+            'image_url': image_url,
+            'created_at': datetime.now(pytz.UTC).isoformat(),
+            'active': True
         })
+        
+        return jsonify({
+            'success': True,
+            'product_id': product_ref.key
+        }), 201
+        
     except Exception as e:
         return jsonify({'error': str(e)}), 500
 
-@app.route('/api/admin/users', methods=['POST'])
-def create_user():
+@app.route('/api/admin/products/<string:product_id>', methods=['PUT'])
+def update_product(product_id):
     try:
         verify_admin(request.headers.get('Authorization', ''))
-        data = request.get_json()
         
-        user = auth.create_user(
-            email=data['email'],
-            password=data['password']
-        )
-        
-        user_ref = db.reference(f'users/{user.uid}')
-        user_data = {
-            'daily_cash': data.get('daily_cash', 0),
-            'remaining_cash': data.get('daily_cash', 0),
-            'last_reset': '2025-01-01T00:00:00+00:00',
-            'is_admin': data.get('is_admin', False)
-        }
-        user_ref.set(user_data)
+        updates = {}
+        if 'name' in request.form:
+            updates['name'] = request.form['name']
+        if 'category' in request.form and request.form['category'] in CATEGORIES:
+            updates['category'] = request.form['category']
+        if 'price' in request.form:
+            updates['price'] = float(request.form['price'])
+        if 'description' in request.form:
+            updates['description'] = request.form['description']
+        if 'stock' in request.form:
+            updates['stock'] = int(request.form['stock'])
+        if 'active' in request.form:
+            updates['active'] = request.form['active'].lower() == 'true'
+            
+        if 'image' in request.files:
+            file = request.files['image']
+            image_bytes = file.read()
+            timestamp = datetime.now().strftime('%Y%m%d_%H%M%S')
+            file_hash = hashlib.md5(image_bytes).hexdigest()
+            blob = bucket.blob(f'products/{timestamp}_{file_hash}.jpg')
+            blob.upload_from_string(image_bytes, content_type='image/jpeg')
+            updates['image_url'] = blob.public_url
+            
+        db.reference(f'products/{product_id}').update(updates)
+        
+        return jsonify({'success': True})
         
-        return jsonify({
-            'success': True,
-            'user': {
-                'uid': user.uid,
-                'email': user.email,
-                **user_data
-            }
-        }), 201
     except Exception as e:
-        return jsonify({'error': str(e)}), 400
+        return jsonify({'error': str(e)}), 500
 
-@app.route('/api/admin/users/<string:uid>/limit', methods=['PUT'])
-def update_user_limit(uid):
+# Shopping Cart and Order Management
+@app.route('/api/cart/add', methods=['POST'])
+def add_to_cart():
     try:
-        verify_admin(request.headers.get('Authorization', ''))
         data = request.get_json()
-        new_limit = float(data['daily_cash'])
+        product_id = data['product_id']
+        quantity = int(data['quantity'])
         
-        user_ref = db.reference(f'users/{uid}')
-        user_data = user_ref.get()
+        # Get user ID if logged in
+        auth_header = request.headers.get('Authorization')
+        uid = verify_token(auth_header.split(' ')[1]) if auth_header else None
         
-        if not user_data:
-            return jsonify({'error': 'User not found'}), 404
+        # Use session ID for non-logged in users
+        session_id = data.get('session_id')
+        if not uid and not session_id:
+            return jsonify({'error': 'Either login or provide session_id'}), 400
             
-        updates = {'daily_cash': new_limit}
-        current_remaining = user_data.get('remaining_cash', new_limit)
-        if current_remaining > new_limit:
-            updates['remaining_cash'] = new_limit
+        cart_id = uid if uid else f'session_{session_id}'
+        cart_ref = db.reference(f'carts/{cart_id}')
+        
+        # Check product availability
+        product = db.reference(f'products/{product_id}').get()
+        if not product:
+            return jsonify({'error': 'Product not found'}), 404
+        if not product.get('active', False):
+            return jsonify({'error': 'Product not available'}), 400
+        if product.get('stock', 0) < quantity:
+            return jsonify({'error': 'Insufficient stock'}), 400
             
-        user_ref.update(updates)
+        # Update cart
+        cart_item = cart_ref.child(product_id).get() or {'quantity': 0}
+        new_quantity = cart_item['quantity'] + quantity
         
-        return jsonify({
-            'success': True,
-            'new_daily_cash': new_limit,
-            'updated_remaining': updates.get('remaining_cash', current_remaining)
+        cart_ref.child(product_id).set({
+            'quantity': new_quantity,
+            'price': product['price'],
+            'name': product['name']
         })
+        
+        return jsonify({'success': True})
+        
     except Exception as e:
-        return jsonify({'error': str(e)}), 400
-
-# ========================================
-# New Admin Endpoints for Updating Remaining Cash, Setting Cash Limits, and Resetting Password
-# ========================================
+        return jsonify({'error': str(e)}), 500
 
-@app.route('/api/admin/users/<string:uid>/remaining-cash', methods=['PUT'])
-def update_remaining_cash(uid):
+@app.route('/api/orders', methods=['POST'])
+def create_order():
     try:
-        verify_admin(request.headers.get('Authorization', ''))
         data = request.get_json()
-        if 'remaining_cash' not in data:
-            return jsonify({'error': 'remaining_cash is required'}), 400
-        new_remaining_cash = float(data['remaining_cash'])
-        user_ref = db.reference(f'users/{uid}')
-        user_data = user_ref.get()
-        if not user_data:
-            return jsonify({'error': 'User not found'}), 404
-
-        user_ref.update({'remaining_cash': new_remaining_cash})
-        return jsonify({'success': True, 'remaining_cash': new_remaining_cash})
+        auth_header = request.headers.get('Authorization')
+        uid = verify_token(auth_header.split(' ')[1]) if auth_header else None
+        
+        cart_id = uid if uid else f'session_{data["session_id"]}'
+        cart_ref = db.reference(f'carts/{cart_id}')
+        cart = cart_ref.get()
+        
+        if not cart:
+            return jsonify({'error': 'Cart is empty'}), 400
+            
+        # Validate stock and calculate total
+        total = 0
+        items = []
+        for product_id, item in cart.items():
+            product = db.reference(f'products/{product_id}').get()
+            if not product or not product.get('active', False):
+                return jsonify({'error': f'Product {product_id} not available'}), 400
+            if product['stock'] < item['quantity']:
+                return jsonify({'error': f'Insufficient stock for {product["name"]}'}), 400
+                
+            total += item['quantity'] * product['price']
+            items.append({
+                'product_id': product_id,
+                'quantity': item['quantity'],
+                'price': product['price'],
+                'name': product['name']
+            })
+            
+            # Update stock
+            db.reference(f'products/{product_id}').update({
+                'stock': product['stock'] - item['quantity']
+            })
+            
+        # Create order
+        order_ref = db.reference('orders').push({
+            'user_id': uid,
+            'session_id': None if uid else data.get('session_id'),
+            'items': items,
+            'total': total,
+            'status': 'pending',
+            'shipping_address': data.get('shipping_address'),
+            'contact_email': data.get('contact_email'),
+            'created_at': datetime.now(pytz.UTC).isoformat()
+        })
+        
+        # Clear cart
+        cart_ref.delete()
+        
+        return jsonify({
+            'success': True,
+            'order_id': order_ref.key
+        })
+        
     except Exception as e:
-        return jsonify({'error': str(e)}), 400
-
+        return jsonify({'error': str(e)}), 500
 
-@app.route('/api/admin/users/<string:uid>/reset-password', methods=['PUT'])
-def admin_reset_password(uid):
+# AI Reporting
+@app.route('/api/admin/reports', methods=['POST'])
+def generate_report():
     try:
         verify_admin(request.headers.get('Authorization', ''))
         data = request.get_json()
-        new_password = data.get('new_password')
-        if not new_password:
-            return jsonify({'error': 'new_password is required'}), 400
-        auth.update_user(uid, password=new_password)
-        return jsonify({'success': True, 'message': 'Password reset successfully'})
-    except Exception as e:
-        return jsonify({'error': str(e)}), 400
-
-# ========================================
-# User management endpoint for profile
-# ========================================
-
-@app.route('/api/user/profile', methods=['GET'])
-def get_user_profile():
-    try:
-        uid = verify_token(request.headers.get('Authorization', '').split(' ')[1])
-        user = auth.get_user(uid)
-        user_data = db.reference(f'users/{uid}').get()
+        start_date = datetime.fromisoformat(data['start_date'])
+        end_date = datetime.fromisoformat(data['end_date'])
+        
+        # Get orders within date range
+        orders_ref = db.reference('orders')
+        orders = orders_ref.get() or {}
+        
+        filtered_orders = {
+            k: v for k, v in orders.items()
+            if start_date <= datetime.fromisoformat(v['created_at']) <= end_date
+        }
+        
+        prompt = f"""Analyze this e-commerce data for medical PPE products and generate a comprehensive business report.
+        Focus on:
+        1. Total sales and revenue
+        2. Popular products and categories
+        3. Customer behavior patterns
+        4. Stock management recommendations
+        5. Market trends and insights
+        
+        Data period: {start_date.date()} to {end_date.date()}"""
+        
+        model = configure_gemini()
+        response = model.generate_content([prompt, json.dumps(filtered_orders)])
         
         return jsonify({
-            'uid': uid,
-            'email': user.email,
-            'daily_cash': user_data.get('daily_cash', 0),
-            'remaining_cash': user_data.get('remaining_cash', 0),
-            'last_reset': user_data.get('last_reset'),
-            'is_admin': user_data.get('is_admin', False)
+            'report': response.text,
+            'data': {
+                'total_orders': len(filtered_orders),
+                'total_revenue': sum(order['total'] for order in filtered_orders.values())
+            }
         })
+        
     except Exception as e:
-        uid = verify_token(request.headers.get('Authorization', '').split(' ')[1])
-        user = auth.get_user(uid)
-        user_data = db.reference(f'users/{uid}').get()
-        return jsonify({'error': str(e)+ f'user data: {user_data}'}), 500
-
-# ========================================
-# Receipt media endpoints
-# ========================================
-
-def get_blob_from_image_url(image_url):
-    parsed = urlparse(image_url)
-    if parsed.netloc == "storage.googleapis.com":
-        parts = parsed.path.strip("/").split("/", 1)
-        if len(parts) == 2:
-            bucket_name, blob_path = parts
-            return blob_path
-    prefix = f"/v0/b/{bucket.name}/o/"
-    if parsed.path.startswith(prefix):
-        encoded_blob_path = parsed.path[len(prefix):]
-        blob_path = unquote(encoded_blob_path)
-        return blob_path
-    return None
+        return jsonify({'error': str(e)}), 500
 
-@app.route('/api/admin/receipt/<string:transaction_id>/view', methods=['GET'])
-def view_receipt(transaction_id):
+# Product Browsing
+@app.route('/api/products', methods=['GET'])
+def get_products():
     try:
-        verify_admin(request.headers.get('Authorization', ''))
-        transaction_ref = db.reference(f'transactions/{transaction_id}')
-        transaction_data = transaction_ref.get()
-        if not transaction_data:
-            return jsonify({'error': 'Transaction not found'}), 404
-
-        image_url = transaction_data.get('image_url')
-        if not image_url:
-            return jsonify({'error': 'No receipt image found for this transaction'}), 404
-
-        blob_path = get_blob_from_image_url(image_url)
-        if not blob_path:
-            return jsonify({'error': 'Could not determine blob path from URL'}), 500
-
-        print(f"Blob path for view: {blob_path}")
-        blob = bucket.blob(blob_path)
-        if not blob.exists():
-            print("Blob does not exist at path:", blob_path)
-            return jsonify({'error': 'Blob not found'}), 404
-
-        signed_url = blob.generate_signed_url(expiration=timedelta(minutes=10))
-        r = requests.get(signed_url)
-        if r.status_code != 200:
-            return jsonify({'error': 'Unable to fetch image from storage'}), 500
-
-        return send_file(io.BytesIO(r.content), mimetype='image/jpeg')
+        category = request.args.get('category')
+        search = request.args.get('search', '').lower()
+        
+        products_ref = db.reference('products')
+        products = products_ref.get() or {}
+        
+        filtered_products = []
+        for product_id, product in products.items():
+            if not product.get('active', False):
+                continue
+            if category and product['category'] != category:
+                continue
+            if search and search not in product['name'].lower():
+                continue
+                
+            filtered_products.append({
+                'id': product_id,
+                **product
+            })
+            
+        return jsonify(filtered_products)
+        
     except Exception as e:
-        print(f"View receipt error: {str(e)}")
         return jsonify({'error': str(e)}), 500
 
-@app.route('/api/admin/receipt/<string:transaction_id>/download', methods=['GET'])
-def download_receipt(transaction_id):
+# User Order History
+@app.route('/api/user/orders', methods=['GET'])
+def get_user_orders():
     try:
-        verify_admin(request.headers.get('Authorization', ''))
-        transaction_ref = db.reference(f'transactions/{transaction_id}')
-        transaction_data = transaction_ref.get()
-        if not transaction_data:
-            return jsonify({'error': 'Transaction not found'}), 404
-
-        image_url = transaction_data.get('image_url')
-        if not image_url:
-            return jsonify({'error': 'No receipt image found for this transaction'}), 404
-
-        blob_path = get_blob_from_image_url(image_url)
-        if not blob_path:
-            return jsonify({'error': 'Could not determine blob path from URL'}), 500
-
-        print(f"Blob path for download: {blob_path}")
-        blob = bucket.blob(blob_path)
-        if not blob.exists():
-            print("Blob does not exist at path:", blob_path)
-            return jsonify({'error': 'Blob not found'}), 404
-
-        signed_url = blob.generate_signed_url(expiration=timedelta(minutes=10))
-        r = requests.get(signed_url)
-        if r.status_code != 200:
-            return jsonify({'error': 'Unable to fetch image from storage'}), 500
-
-        return send_file(
-            io.BytesIO(r.content),
-            mimetype='image/jpeg',
-            as_attachment=True,
-            attachment_filename='receipt.jpg'
-        )
+        auth_header = request.headers.get('Authorization')
+        if not auth_header:
+            return jsonify({'error': 'Authorization required'}), 401
+            
+        uid = verify_token(auth_header.split(' ')[1])
+        if not uid:
+            return jsonify({'error': 'Invalid token'}), 401
+            
+        orders_ref = db.reference('orders')
+        orders = orders_ref.order_by_child('user_id').equal_to(uid).get() or {}
+        
+        return jsonify([{
+            'id': order_id,
+            **order_data
+        } for order_id, order_data in orders.items()])
+        
     except Exception as e:
-        print(f"Download receipt error: {str(e)}")
         return jsonify({'error': str(e)}), 500
 
-# ========================================
-# Delete user endpoint
-# ========================================
-
-@app.route('/api/admin/users/<string:uid>', methods=['DELETE'])
-def delete_user(uid):
+# Admin Dashboard Data
+@app.route('/api/admin/dashboard', methods=['GET'])
+def get_admin_dashboard():
     try:
         verify_admin(request.headers.get('Authorization', ''))
         
-        try:
-            user = auth.get_user(uid)
-        except auth.UserNotFoundError:
-            return jsonify({'error': 'User not found'}), 404
-
-        auth.delete_user(uid)
-        db.reference(f'users/{uid}').delete()
+        # Get recent orders
+        orders_ref = db.reference('orders')
+        recent_orders = orders_ref.order_by_child('created_at').limit_to_last(10).get() or {}
+        
+        # Get low stock products
+        products_ref = db.reference('products')
+        products = products_ref.get() or {}
+        low_stock = [
+            {'id': pid, **p}
+            for pid, p in products.items()
+            if p.get('active', False) and p.get('stock', 0) < 10
+        ]
         
-        transactions_ref = db.reference('transactions')
-        user_transactions = transactions_ref.order_by_child('uid').equal_to(uid).get()
-        if user_transactions:
-            for transaction_id in user_transactions.keys():
-                transactions_ref.child(transaction_id).delete()
+        # Calculate statistics
+        total_revenue = sum(order['total'] for order in recent_orders.values())
+        total_orders = len(recent_orders)
         
         return jsonify({
-            'success': True,
-            'message': f'User {uid} and all associated data deleted successfully'
+            'recent_orders': recent_orders,
+            'low_stock_products': low_stock,
+            'statistics': {
+                'total_revenue': total_revenue,
+                'total_orders': total_orders,
+                'total_products': len(products),
+                'low_stock_count': len(low_stock)
+            }
         })
+        
     except Exception as e:
         return jsonify({'error': str(e)}), 500
 
 if __name__ == '__main__':
-    app.run(debug=True, host="0.0.0.0", port=7860)
+    app.run(debug=True, host="0.0.0.0", port=7860)