Create main.py

main.py

@@ -0,0 +1,336 @@
+import os
+import json
+import logging
+from datetime import datetime, timedelta
+from flask import Flask, request, jsonify
+from flask_cors import CORS
+
+import firebase_admin
+from firebase_admin import credentials, auth, firestore
+
+# --- Basic Configuration ---
+logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
+
+# --- Initialize Flask App and CORS ---
+app = Flask(__name__)
+# In production, you should restrict the origins to your frontend URL
+CORS(app, resources={r"/api/*": {"origins": "*"}}) 
+
+# --- Firebase Initialization (Firestore) ---
+try:
+    # 1. Load credentials from environment variable
+    credentials_json_string = os.environ.get("FIREBASE")
+    if not credentials_json_string:
+        raise ValueError("The FIREBASE environment variable is not set.")
+    
+    # 2. Parse the JSON string into a dictionary
+    credentials_json = json.loads(credentials_json_string)
+    
+    # 3. Create a credential object
+    cred = credentials.Certificate(credentials_json)
+    
+    # 4. Initialize the app if not already done
+    if not firebase_admin._apps:
+        firebase_admin.initialize_app(cred)
+        logging.info("Firebase Admin SDK initialized successfully.")
+    
+    # 5. Get a Firestore client instance
+    db = firestore.client()
+
+except Exception as e:
+    logging.critical(f"FATAL: Error initializing Firebase: {e}")
+    # In a real deployment, this would cause the container/process to exit
+    exit(1)
+
+
+# -----------------------------------------------------------------------------
+# 2. AUTHORIZATION MIDDLEWARE (HELPER FUNCTIONS)
+# -----------------------------------------------------------------------------
+
+def verify_token(auth_header):
+    """Verifies the Firebase ID token from the Authorization header."""
+    if not auth_header or not auth_header.startswith('Bearer '):
+        return None
+    token = auth_header.split('Bearer ')[1]
+    try:
+        decoded_token = auth.verify_id_token(token)
+        return decoded_token['uid']
+    except Exception as e:
+        logging.warning(f"Token verification failed: {e}")
+        return None
+
+def verify_admin_and_get_uid(auth_header):
+    """
+    Verifies if the user is an admin based on our Firestore `users` collection.
+    Raises PermissionError if not authorized, otherwise returns admin UID.
+    """
+    uid = verify_token(auth_header)
+    if not uid:
+        raise PermissionError('Invalid or missing user token')
+    
+    user_ref = db.collection('users').document(uid)
+    user_doc = user_ref.get()
+
+    if not user_doc.exists or not user_doc.to_dict().get('isAdmin', False):
+        raise PermissionError('Admin access required')
+    return uid
+
+
+# -----------------------------------------------------------------------------
+# 3. AUTHENTICATION & USER MANAGEMENT ENDPOINTS
+# -----------------------------------------------------------------------------
+
+@app.route('/api/auth/signup', methods=['POST'])
+def signup():
+    """Handles new user sign-up with email/password and creates their Firestore profile."""
+    try:
+        data = request.get_json()
+        email, password, display_name = data.get('email'), data.get('password'), data.get('displayName')
+
+        if not email or not password or not display_name:
+            return jsonify({'error': 'Email, password, and display name are required'}), 400
+
+        # Step 1: Create the user in Firebase Authentication
+        user = auth.create_user(
+            email=email,
+            password=password,
+            display_name=display_name
+        )
+        
+        # Step 2: Create the corresponding user profile in the Firestore 'users' collection
+        user_data = {
+            'uid': user.uid,
+            'email': email,
+            'displayName': display_name,
+            'isAdmin': False,
+            'phone': None,
+            'phoneStatus': 'unsubmitted', # Initial status
+            'organizationId': None,
+            'createdAt': firestore.SERVER_TIMESTAMP
+        }
+        db.collection('users').document(user.uid).set(user_data)
+        
+        logging.info(f"New user signed up: {user.uid}, Name: {display_name}")
+        return jsonify({'success': True, 'uid': user.uid, **user_data}), 201
+        
+    except Exception as e:
+        logging.error(f"Signup failed: {e}")
+        if 'EMAIL_EXISTS' in str(e):
+            return jsonify({'error': 'An account with this email already exists.'}), 409
+        return jsonify({'error': str(e)}), 500
+
+@app.route('/api/auth/social-signin', methods=['POST'])
+def social_signin():
+    """Ensures a user record exists in Firestore after a social login."""
+    uid = verify_token(request.headers.get('Authorization'))
+    if not uid:
+        return jsonify({'error': 'Invalid or expired token'}), 401
+
+    user_ref = db.collection('users').document(uid)
+    user_doc = user_ref.get()
+
+    if user_doc.exists:
+        # User already exists, return their profile
+        return jsonify({'uid': uid, **user_doc.to_dict()}), 200
+    else:
+        # This is a new user (first social login), create their full profile in Firestore.
+        logging.info(f"New social user detected: {uid}. Creating database profile.")
+        try:
+            firebase_user = auth.get_user(uid)
+            new_user_data = {
+                'uid': uid,
+                'email': firebase_user.email,
+                'displayName': firebase_user.display_name,
+                'isAdmin': False,
+                'phone': None,
+                'phoneStatus': 'unsubmitted',
+                'organizationId': None,
+                'createdAt': firestore.SERVER_TIMESTAMP
+            }
+            user_ref.set(new_user_data)
+            
+            logging.info(f"Successfully created profile for new social user: {uid}")
+            return jsonify({'success': True, 'uid': uid, **new_user_data}), 201
+        except Exception as e:
+            logging.error(f"Error creating profile for new social user {uid}: {e}")
+            return jsonify({'error': f'Failed to create user profile: {str(e)}'}), 500
+
+# -----------------------------------------------------------------------------
+# 4. LOGGED-IN USER ENDPOINTS
+# -----------------------------------------------------------------------------
+
+@app.route('/api/user/profile', methods=['GET'])
+def get_user_profile():
+    """Retrieves the logged-in user's profile from Firestore."""
+    uid = verify_token(request.headers.get('Authorization'))
+    if not uid:
+        return jsonify({'error': 'Invalid or expired token'}), 401
+    
+    user_doc = db.collection('users').document(uid).get()
+    if not user_doc.exists:
+        return jsonify({'error': 'User profile not found in database'}), 404
+    
+    return jsonify({'uid': uid, **user_doc.to_dict()})
+
+@app.route('/api/user/profile/phone', methods=['PUT'])
+def update_user_phone():
+    """Allows a user to submit their WhatsApp phone number for admin approval."""
+    uid = verify_token(request.headers.get('Authorization'))
+    if not uid:
+        return jsonify({'error': 'Invalid or expired token'}), 401
+
+    data = request.get_json()
+    phone_number = data.get('phone')
+
+    if not phone_number or not isinstance(phone_number, str):
+        return jsonify({'error': 'A valid phone number is required.'}), 400
+
+    try:
+        user_ref = db.collection('users').document(uid)
+        user_ref.update({
+            'phone': phone_number,
+            'phoneStatus': 'pending'
+        })
+        
+        logging.info(f"User {uid} submitted phone number {phone_number} for approval.")
+        return jsonify({'success': True, 'message': 'Phone number submitted for approval.'}), 200
+
+    except Exception as e:
+        logging.error(f"Error updating phone for user {uid}: {e}")
+        return jsonify({'error': 'Failed to update phone number'}), 500
+
+@app.route('/api/user/dashboard', methods=['GET'])
+def get_user_dashboard():
+    """
+    Retrieves and aggregates data for the logged-in user's dashboard.
+    This endpoint reads from the bot's data collections.
+    """
+    uid = verify_token(request.headers.get('Authorization'))
+    if not uid:
+        return jsonify({'error': 'Invalid or expired token'}), 401
+
+    # Get the user's phone number from their main profile
+    user_doc = db.collection('users').document(uid).get()
+    if not user_doc.exists:
+        return jsonify({'error': 'User not found'}), 404
+
+    user_data = user_doc.to_dict()
+    if user_data.get('phoneStatus') != 'approved':
+        return jsonify({'error': 'Your phone number is not yet approved. Bot data is unavailable.'}), 403
+
+    phone_number = user_data.get('phone')
+    if not phone_number:
+        return jsonify({'error': 'No phone number is associated with your account.'}), 404
+    
+    try:
+        # The phone number is the document ID in the bot's user collection
+        bot_user_ref = db.collection('users').document(phone_number)
+        
+        # Fetch data from sub-collections
+        sales_docs = bot_user_ref.collection('sales').stream()
+        expenses_docs = bot_user_ref.collection('expenses').stream()
+
+        # Aggregate data
+        total_sales = 0
+        total_expenses = 0
+        sales_count = 0
+        for doc in sales_docs:
+            details = doc.to_dict().get('details', {})
+            total_sales += float(details.get('price', 0))
+            sales_count += 1
+        
+        for doc in expenses_docs:
+            details = doc.to_dict().get('details', {})
+            total_expenses += float(details.get('amount', 0))
+            
+        dashboard_data = {
+            'totalSalesAmount': total_sales,
+            'totalSalesCount': sales_count,
+            'totalExpensesAmount': total_expenses,
+            'net': total_sales - total_expenses
+        }
+        return jsonify(dashboard_data), 200
+        
+    except Exception as e:
+        logging.error(f"Error fetching dashboard data for user {uid} (phone: {phone_number}): {e}")
+        return jsonify({'error': 'An error occurred while fetching your dashboard data.'}), 500
+
+# -----------------------------------------------------------------------------
+# 5. ADMIN ENDPOINTS
+# -----------------------------------------------------------------------------
+
+@app.route('/api/admin/users', methods=['GET'])
+def get_all_users():
+    """Admin endpoint to retrieve a list of all users."""
+    try:
+        verify_admin_and_get_uid(request.headers.get('Authorization'))
+        
+        users_ref = db.collection('users')
+        all_users = [doc.to_dict() for doc in users_ref.stream()]
+        
+        return jsonify(all_users), 200
+    except PermissionError as e:
+        return jsonify({'error': str(e)}), 403
+    except Exception as e:
+        logging.error(f"Admin failed to fetch all users: {e}")
+        return jsonify({'error': 'An internal error occurred'}), 500
+
+@app.route('/api/admin/users/approve', methods=['POST'])
+def approve_user_phone():
+    """Admin endpoint to approve a user's phone number."""
+    try:
+        verify_admin_and_get_uid(request.headers.get('Authorization'))
+        data = request.get_json()
+        target_uid = data.get('uid')
+        if not target_uid:
+            return jsonify({'error': 'User UID is required'}), 400
+
+        user_ref = db.collection('users').document(target_uid)
+        user_doc = user_ref.get()
+        if not user_doc.exists:
+            return jsonify({'error': 'User to approve not found'}), 404
+        
+        user_data = user_doc.to_dict()
+        phone_number = user_data.get('phone')
+        if not phone_number:
+            return jsonify({'error': 'User has not submitted a phone number'}), 400
+
+        # Create a batch for atomic writes
+        batch = db.batch()
+
+        # Write 1: Update the main user profile
+        batch.update(user_ref, {'phoneStatus': 'approved'})
+
+        # Write 2: Update the bot's user data document
+        bot_user_ref = db.collection('users').document(phone_number)
+        batch.set(bot_user_ref, {'status': 'approved'}, merge=True)
+        
+        # Commit both writes
+        batch.commit()
+        
+        logging.info(f"Admin approved phone {phone_number} for user {target_uid}")
+        return jsonify({'success': True, 'message': f'User {target_uid} approved.'}), 200
+
+    except PermissionError as e:
+        return jsonify({'error': str(e)}), 403
+    except Exception as e:
+        logging.error(f"Admin approval failed for user {data.get('uid')}: {e}")
+        return jsonify({'error': 'An internal error occurred during approval'}), 500
+
+# Additional admin endpoints like 'reject', 'create_user', 'stats' can be added here
+# following the same pattern.
+
+# -----------------------------------------------------------------------------
+# 6. SERVER EXECUTION
+# -----------------------------------------------------------------------------
+
+if __name__ == '__main__':
+    port = int(os.environ.get("PORT", 8080)) # Port 8080 is common for web backends
+    debug_mode = os.environ.get("FLASK_DEBUG", "False").lower() == "true"
+    
+    logging.info(f"Starting Dashboard Server. Debug mode: {debug_mode}, Port: {port}")
+    if not debug_mode:
+        from waitress import serve
+        serve(app, host="0.0.0.0", port=port)
+    else:
+        app.run(debug=True, host="0.0.0.0", port=port)