Update main.py

main.py

@@ -92,6 +92,31 @@ except Exception as e:
 
 #--- END Firebase Initialization ---
 
+
+# Paynow #
+# --- Paynow Initialization ---
+from paynow import Paynow
+
+PAYNOW_INTEGRATION_ID = os.getenv("PAYNOW_INTEGRATION_ID")
+PAYNOW_INTEGRATION_KEY = os.getenv("PAYNOW_INTEGRATION_KEY")
+# IMPORTANT: This should be the publicly accessible URL of your deployed application
+APP_BASE_URL = os.getenv("APP_BASE_URL", "https://tunasongaagri.co.zw") 
+
+paynow_client = None
+if PAYNOW_INTEGRATION_ID and PAYNOW_INTEGRATION_KEY:
+    try:
+        paynow_client = Paynow(
+            PAYNOW_INTEGRATION_ID,
+            PAYNOW_INTEGRATION_KEY,
+            return_url=f"{APP_BASE_URL}/my-deals", # A page for the user to land on after payment
+            result_url=f"{APP_BASE_URL}/api/payment/webhook/paynow" # The webhook URL for server-to-server updates
+        )
+        logger.info("Paynow client initialized successfully.")
+    except Exception as e:
+        logger.error(f"Failed to initialize Paynow client: {e}")
+else:
+    logger.warning("Paynow environment variables not set. Payment features will be disabled.")
+
 #--- NEW: Geolocation Helpers ---
 def _calculate_geohash(lat, lon):
     """Calculates the geohash for a given latitude and longitude."""
@@ -2272,5 +2297,137 @@ def get_ai_chat_history():
         return jsonify(dict(sorted_history)), 200
     except Exception as e: return handle_route_errors(e, uid_context=uid)
 
+        
+@app.route('/api/deals/<deal_id>/payment/initiate', methods=['POST'])
+def initiate_payment(deal_id):
+    auth_header = request.headers.get('Authorization')
+    buyer_uid = None
+    try:
+        if not paynow_client:
+            return jsonify({'error': 'Payment service is not configured.'}), 503
+        
+        buyer_uid = verify_token(auth_header)
+        
+        deal_ref = db.reference(f'deals/{deal_id}', app=db_app)
+        deal_data = deal_ref.get()
+
+        # --- SURGICAL VALIDATION ---
+        if not deal_data:
+            return jsonify({'error': 'Deal not found.'}), 404
+        if deal_data.get('buyer_id') != buyer_uid:
+            return jsonify({'error': 'You are not authorized to pay for this deal.'}), 403
+        if deal_data.get('status') != 'active':
+            return jsonify({'error': 'This deal is not active and cannot be paid for.'}), 400
+        if deal_data.get('payment', {}).get('status') == 'paid':
+            return jsonify({'error': 'This deal has already been paid for.'}), 400
+
+        # --- BACKEND CALCULATION ---
+        price = float(deal_data['proposed_price'])
+        quantity = int(deal_data['proposed_quantity'])
+        total_amount = round(price * quantity, 2)
+
+        # Create a new payment object
+        payment = paynow_client.create_payment(
+            f"TNSG-{deal_id}",  # A unique reference for this transaction
+            deal_data.get('buyer_email', 'buyer@example.com') # Get buyer email if stored, otherwise a placeholder
+        )
+        payment.add(f"Deal {deal_id} for {deal_data.get('crop_type', 'produce')}", total_amount)
+
+        # Send the payment to Paynow
+        response = paynow_client.send(payment)
+
+        if not response.success:
+            logger.error(f"Paynow initiation failed for deal {deal_id}: {response.error}")
+            return jsonify({'error': 'Failed to initiate payment with the provider.', 'details': response.error}), 500
+
+        # --- UPDATE FIREBASE BEFORE REDIRECT ---
+        payment_update_payload = {
+            "status": "pending",
+            "paynow_reference": response.paynow_reference,
+            "poll_url": response.poll_url,
+            "amount": total_amount,
+            "currency": "USD", # Or make this dynamic if needed
+            "initiated_at": datetime.now(timezone.utc).isoformat()
+        }
+        deal_ref.child('payment').set(payment_update_payload)
+
+        # Return the redirect URL to the frontend
+        return jsonify({
+            'success': True, 
+            'message': 'Payment initiated. Redirecting...',
+            'redirect_url': response.redirect_url
+        }), 200
+
+    except Exception as e:
+        return handle_route_errors(e, uid_context=buyer_uid)
+
+@app.route('/api/payment/webhook/paynow', methods=['POST'])
+def paynow_webhook():
+    try:
+        # The Paynow SDK does not have a built-in webhook handler, so we do it manually.
+        # This is a simplified representation. Refer to Paynow docs for the exact fields and hash method.
+        paynow_data = request.form.to_dict() # Paynow sends form data
+        logger.info(f"Received Paynow webhook: {paynow_data}")
+
+        paynow_reference = paynow_data.get('paynowreference')
+        merchant_reference = paynow_data.get('reference') # This is our "TNSG-deal_id"
+        status = paynow_data.get('status', '').lower()
+        received_hash = paynow_data.get('hash')
+
+        # --- CRITICAL: HASH VERIFICATION ---
+        # You MUST generate a hash from the received data using your Integration Key
+        # and compare it to the received_hash. If they don't match, discard the request.
+        # Example (pseudo-code, check Paynow docs for exact implementation):
+        # calculated_hash = generate_hash(paynow_data, PAYNOW_INTEGRATION_KEY)
+        # if calculated_hash != received_hash:
+        #     logger.warning("Invalid hash on Paynow webhook. Discarding.")
+        #     return jsonify({'error': 'Invalid hash'}), 403
+
+        if not merchant_reference or not merchant_reference.startswith('TNSG-'):
+            return jsonify({'error': 'Invalid reference format'}), 400
+
+        deal_id = merchant_reference.split('TNSG-')[1]
+        deal_ref = db.reference(f'deals/{deal_id}', app=db_app)
+        deal_data = deal_ref.get()
+
+        if not deal_data:
+            logger.error(f"Webhook for non-existent deal {deal_id} received.")
+            return jsonify({'error': 'Deal not found'}), 404
+        
+        # Prevent processing old webhooks if deal is already paid
+        if deal_data.get('payment', {}).get('status') == 'paid':
+             logger.info(f"Webhook for already paid deal {deal_id} received. Ignoring.")
+             return jsonify({'status': 'ok'}), 200
+
+        payment_update_payload = {
+            "status": status,
+            "completed_at": datetime.now(timezone.utc).isoformat()
+        }
+        deal_ref.child('payment').update(payment_update_payload)
+        
+        # --- NOTIFY USERS BASED ON STATUS ---
+        if status == 'paid':
+            farmer_id = deal_data.get('farmer_id')
+            buyer_id = deal_data.get('buyer_id')
+            
+            # Find admins to notify
+            admins_ref = db.reference('users', app=db_app).order_by_child('is_admin').equal_to(True).get()
+
+            success_message = f"Payment for deal {deal_id} has been successfully received."
+            
+            _send_system_notification(buyer_id, f"Your payment for deal {deal_id} was successful.", "payment_success", f"/deals/{deal_id}")
+            _send_system_notification(farmer_id, success_message, "payment_received", f"/deals/{deal_id}")
+            if admins_ref:
+                for admin_id, _ in admins_ref.items():
+                    _send_system_notification(admin_id, success_message, "admin_payment_notification", f"/admin/deals/{deal_id}")
+
+        # Acknowledge receipt to Paynow
+        return jsonify({'status': 'ok'}), 200
+
+    except Exception as e:
+        logger.error(f"Error in Paynow webhook: {e}\n{traceback.format_exc()}")
+        return jsonify({'error': 'Internal server error'}), 500
+
+
 if __name__ == '__main__':
     app.run(debug=True, host="0.0.0.0", port=int(os.getenv("PORT", 7860)))