Update main.py

main.py

@@ -95,17 +95,28 @@ def normalize_currency_code(raw_code, default_code='USD'):
 # -----------------------------------------------------------------------------
 # 3. AUTHENTICATION & USER MANAGEMENT ENDPOINTS
 # -----------------------------------------------------------------------------
-
 @app.route('/api/auth/signup', methods=['POST'])
 def signup():
     """Handles new user sign-up with email/password and creates their Firestore profile."""
     try:
         data = request.get_json()
         email, password, display_name = data.get('email'), data.get('password'), data.get('displayName')
+        phone = data.get('phone')  # Optional phone number
 
         if not email or not password or not display_name:
             return jsonify({'error': 'Email, password, and display name are required'}), 400
 
+        # Validate phone number if provided
+        if phone:
+            phone = phone.strip()
+            if not phone:
+                phone = None  # Treat empty string as None
+            else:
+                # Check if phone number is already registered
+                existing_user_query = db.collection('users').where('phone', '==', phone).limit(1).stream()
+                if len(list(existing_user_query)) > 0:
+                    return jsonify({'error': 'This phone number is already registered to another account.'}), 409
+
         # Step 1: Create the user in Firebase Authentication
         user = auth.create_user(
             email=email,
@@ -119,14 +130,18 @@ def signup():
             'email': email,
             'displayName': display_name,
             'isAdmin': False,
-            'phone': None,
-            'phoneStatus': 'unsubmitted',
+            'phone': phone,
+            'phoneStatus': 'pending' if phone else 'unsubmitted',  # Auto-submit for approval if phone provided
             'organizationId': None,
             'createdAt': firestore.SERVER_TIMESTAMP # This is for Firestore
         }
         db.collection('users').document(user.uid).set(user_data_for_db)
         
-        logging.info(f"New user signed up: {user.uid}, Name: {display_name}")
+        # Log signup with phone status
+        if phone:
+            logging.info(f"New user signed up: {user.uid}, Name: {display_name}, Phone: {phone} (submitted for approval)")
+        else:
+            logging.info(f"New user signed up: {user.uid}, Name: {display_name} (no phone number)")
 
         # --- THE FIX IS HERE ---
         # Step 3: Create a SEPARATE dictionary for the JSON response
@@ -134,7 +149,16 @@ def signup():
         response_data = user_data_for_db.copy()
         response_data['createdAt'] = datetime.utcnow().isoformat() + "Z" # This is for the client
 
-        return jsonify({'success': True, **response_data}), 201
+        # Add appropriate success message based on phone submission
+        success_message = 'Account created successfully.'
+        if phone:
+            success_message += ' Your phone number has been submitted for admin approval.'
+
+        return jsonify({
+            'success': True, 
+            'message': success_message,
+            **response_data
+        }), 201
         
     except Exception as e:
         logging.error(f"Signup failed: {e}", exc_info=True) # exc_info=True gives more detail