Update main.py

main.py

@@ -62,7 +62,7 @@ try:
         raise ValueError("Gemini API Key must be set in environment variables.")
     genai.configure(api_key=GEMINI_API_KEY)
     # Use a generally available model, adjust if you have access to specific previews
-    gemini_model = genai.GenerativeModel('gemini-1.5-flash-latest')
+    gemini_model = genai.GenerativeModel('gemini-2.0-flash-thinking-exp')
     print("Gemini API initialized successfully.")
 except Exception as e:
     print(f"Error initializing Gemini API: {e}")
@@ -389,6 +389,7 @@ def generate_tts_audio(text_to_speak, voice_id="Rachel"): # Example voice, choos
 
 # === Authentication Endpoints ===
 
+
 @app.route('/api/auth/signup', methods=['POST'])
 def signup():
     if not supabase: return jsonify({'error': 'Service unavailable'}), 503
@@ -399,27 +400,27 @@ def signup():
         if not email or not password:
             return jsonify({'error': 'Email and password are required'}), 400
 
-        # Create user in Supabase Auth
         res = supabase.auth.sign_up({"email": email, "password": password})
 
-        # Supabase automatically triggers the function/trigger to create the profile row
-        # If it didn't, you'd insert into 'profiles' here using res.user.id
+        # Ensure profile is created with 20 credits
+        supabase.table('profiles').upsert({
+            'id': res.user.id,
+            'email': email,
+            'credits': 20
+        }).execute()
 
-        # Return minimal info on signup, client should usually sign in after verification
         return jsonify({
             'success': True,
             'message': 'Signup successful. Please check your email for verification.',
-             # Avoid sending back full user object before verification/signin
             'user_id': res.user.id if res.user else None
         }), 201
 
     except Exception as e:
-         # Handle Supabase specific errors if needed (e.g., duplicate email)
         error_message = str(e)
-        status_code = 400 # Default bad request
+        status_code = 400
         if "User already registered" in error_message:
              error_message = "Email already exists."
-             status_code = 409 # Conflict
+             status_code = 409
         logging.error(f"Signup error: {error_message}")
         return jsonify({'error': error_message}), status_code
 
@@ -464,13 +465,7 @@ def signin():
 
 @app.route('/api/auth/google-signin', methods=['POST'])
 def google_signin():
-    # This endpoint is tricky without a frontend.
-    # Typically, the frontend uses Supabase JS client to handle the Google OAuth flow.
-    # The frontend receives an access_token and refresh_token from Supabase after Google redirects.
-    # The frontend then sends the access_token (as Bearer token) to this backend.
-    # The backend verifies the token using verify_token helper.
-    # So, this endpoint might just be for *associating* data *after* frontend login,
-    # or it could exchange an auth code (more complex server-side flow).
+
 
     # Assuming frontend handles OAuth and sends Supabase session token:
     user, error = verify_token(request.headers.get('Authorization'))
@@ -553,20 +548,15 @@ def get_user_profile():
 
 @app.route('/api/tutor/process_input', methods=['POST'])
 def process_input_and_generate_notes():
-    """
-    Handles various input types, extracts content, generates notes,
-    and saves material & notes to DB.
-    """
     user, error = verify_token(request.headers.get('Authorization'))
     if error: return jsonify({'error': error['error']}), error['status']
     if not supabase or not gemini_model: return jsonify({'error': 'Backend service unavailable'}), 503
 
-    # --- Check Credits (Example) ---
     profile_res = supabase.table('profiles').select('credits', 'suspended').eq('id', user.id).single().execute()
     if profile_res.data['suspended']:
         return jsonify({'error': 'Account suspended'}), 403
-    if profile_res.data['credits'] < 1:
-        return jsonify({'error': 'Insufficient credits'}), 402
+    if profile_res.data['credits'] < 2:
+        return jsonify({'error': 'Insufficient credits (Need 2)'}), 402
    
 
     try:
@@ -640,8 +630,9 @@ def process_input_and_generate_notes():
         notes_id = notes_res.data[0]['id']
 
         # --- Deduct Credits (Example) ---
-        # supabase.table('profiles').update({'credits': profile_res.data['credits'] - 1}).eq('id', user.id).execute()
-        # ---
+        new_credits = profile_res.data['credits'] - 2
+        supabase.table('profiles').update({'credits': new_credits}).eq('id', user.id).execute()
+
 
         return jsonify({
             'success': True,
@@ -666,11 +657,17 @@ def process_input_and_generate_notes():
 
 @app.route('/api/tutor/notes/<uuid:notes_id>/generate_quiz', methods=['POST'])
 def generate_quiz_for_notes(notes_id):
-    """Generates a quiz based on existing notes."""
     user, error = verify_token(request.headers.get('Authorization'))
     if error: return jsonify({'error': error['error']}), error['status']
     if not supabase or not gemini_model: return jsonify({'error': 'Backend service unavailable'}), 503
 
+    profile_res = supabase.table('profiles').select('credits', 'suspended').eq('id', user.id).single().execute()
+    if profile_res.data['suspended']:
+        return jsonify({'error': 'Account suspended'}), 403
+    if profile_res.data['credits'] < 2:
+        return jsonify({'error': 'Insufficient credits (Need 2)'}), 402
+
+
     try:
         data = request.get_json()
         difficulty = data.get('difficulty', 'medium').lower()
@@ -707,6 +704,9 @@ def generate_quiz_for_notes(notes_id):
         if not quiz_res.data: raise Exception(f"Failed to save generated quiz: {quiz_res.error}")
         quiz_id = quiz_res.data[0]['id']
 
+        new_credits = profile_res.data['credits'] - 2
+        supabase.table('profiles').update({'credits': new_credits}).eq('id', user.id).execute()
+
         return jsonify({
             'success': True,
             'quiz_id': quiz_id,
@@ -801,30 +801,15 @@ def submit_quiz_attempt(quiz_id):
 
 @app.route('/api/tutor/notes/<uuid:notes_id>/speak', methods=['GET'])
 def speak_notes(notes_id):
-    """Generates TTS audio for notes and returns it or its URL."""
     user, error = verify_token(request.headers.get('Authorization'))
     if error: return jsonify({'error': error['error']}), error['status']
     if not supabase or not elevenlabs_client: return jsonify({'error': 'Backend service unavailable'}), 503
 
-    try:
-        # --- Fetch Notes Content ---
-        notes_res = supabase.table('notes').select('content, user_id, tts_audio_url').eq('id', notes_id).maybe_single().execute()
-        if not notes_res.data:
-            return jsonify({'error': 'Notes not found'}), 404
-        if notes_res.data['user_id'] != user.id:
-             return jsonify({'error': 'You do not have permission to access these notes'}), 403
-
-        # --- Check if audio already exists ---
-        # existing_url = notes_res.data.get('tts_audio_url')
-        # if existing_url:
-        #    # Optional: Check if the URL is still valid or regenerate
-        #    # For simplicity, we'll just return the existing one if present
-        #    # To force regeneration, add a query param like ?force=true
-        #    if not request.args.get('force'):
-        #         print(f"Returning existing TTS URL for notes {notes_id}: {existing_url}")
-        #         # You might want to redirect or return the URL itself
-        #         return jsonify({'success': True, 'audio_url': existing_url})
-
+    profile_res = supabase.table('profiles').select('credits', 'suspended').eq('id', user.id).single().execute()
+    if profile_res.data['suspended']:
+        return jsonify({'error': 'Account suspended'}), 403
+    if profile_res.data['credits'] < 5:
+        return jsonify({'error': 'Insufficient credits (Need 5)'}), 402
 
         notes_content = notes_res.data['content']
         if not notes_content:
@@ -853,17 +838,22 @@ def speak_notes(notes_id):
 
              # --- Update notes table with the URL ---
             supabase.table('notes').update({'tts_audio_url': audio_url}).eq('id', notes_id).execute()
+            # Deduct 5 credits after successful generation
+            new_credits = profile_res.data['credits'] - 5
+            supabase.table('profiles').update({'credits': new_credits}).eq('id', user.id).execute()
 
             # --- Return the audio file directly ---
             # Set headers for browser playback/download
+           """
             return send_file(
                 io.BytesIO(audio_bytes),
                 mimetype=content_type,
                 as_attachment=False, # Play inline if possible
                 download_name=f'notes_{notes_id}.mp3'
             )
+            """
             # OR: Return the URL
-            # return jsonify({'success': True, 'audio_url': audio_url})
+            return jsonify({'success': True, 'audio_url': audio_url})
 
         finally:
              os.remove(tmp_file_path) # Clean up temporary file
@@ -995,7 +985,95 @@ def admin_suspend_user(target_user_id):
         return jsonify({'error': str(e)}), 500
 
 # Add other admin endpoints (update credits, view specific data) similarly,
-# using Supabase table methods (.select, .update, .delete, .rpc for database functions).
+# === Credit Management Endpoints ===
+
+@app.route('/api/user/credits/request', methods=['POST'])
+def request_credits():
+    user, error = verify_token(request.headers.get('Authorization'))
+    if error: return jsonify({'error': error['error']}), error['status']
+    
+    try:
+        data = request.get_json()
+        amount = data.get('amount')
+        note = data.get('note', '')
+
+        if not amount or not isinstance(amount, int) or amount <= 0:
+            return jsonify({'error': 'Invalid amount (must be positive integer)'}), 400
+
+        res = supabase.table('credit_requests').insert({
+            'user_id': user.id,
+            'amount': amount,
+            'status': 'pending',
+            'note': note,
+            'created_at': datetime.now().isoformat()
+        }).execute()
+
+        return jsonify({
+            'success': True,
+            'request_id': res.data[0]['id']
+        }), 201
+
+    except Exception as e:
+        logging.error(f"Credit request failed for user {user.id}: {e}")
+        return jsonify({'error': str(e)}), 500
+
+@app.route('/api/admin/credit-requests', methods=['GET'])
+def admin_get_credit_requests():
+    user, error = verify_token(request.headers.get('Authorization'))
+    if error: return jsonify({'error': error['error']}), error['status']
+    is_admin, admin_error = verify_admin(user)
+    if admin_error: return jsonify({'error': admin_error['error']}), admin_error['status']
+
+    try:
+        status = request.args.get('status', 'pending')
+        res = supabase.table('credit_requests').select('*').eq('status', status).execute()
+        return jsonify(res.data), 200
+    except Exception as e:
+        logging.error(f"Admin credit requests fetch failed: {e}")
+        return jsonify({'error': str(e)}), 500
+
+@app.route('/api/admin/credit-requests/<uuid:request_id>', methods=['PUT'])
+def admin_review_credit_request(request_id):
+    user, error = verify_token(request.headers.get('Authorization'))
+    if error: return jsonify({'error': error['error']}), error['status']
+    is_admin, admin_error = verify_admin(user)
+    if admin_error: return jsonify({'error': admin_error['error']}), admin_error['status']
+
+    try:
+        data = request.get_json()
+        action = data.get('action')
+        admin_note = data.get('note', '')
+
+        if action not in ['approve', 'decline']:
+            return jsonify({'error': 'Invalid action'}), 400
+
+        req_res = supabase.table('credit_requests').select('*').eq('id', request_id).maybe_single().execute()
+        if not req_res.data:
+            return jsonify({'error': 'Request not found'}), 404
+
+        req = req_res.data
+        if req['status'] != 'pending':
+            return jsonify({'error': 'Request already processed'}), 400
+
+        update_data = {
+            'status': 'approved' if action == 'approve' else 'declined',
+            'reviewed_at': datetime.now().isoformat(),
+            'reviewed_by': user.id,
+            'admin_note': admin_note
+        }
+
+        if action == 'approve':
+            supabase.table('profiles').update(
+                {'credits': supabase.table('profiles').credits + req['amount']}
+            ).eq('id', req['user_id']).execute()
+
+        supabase.table('credit_requests').update(update_data).eq('id', request_id).execute()
+
+        return jsonify({'success': True}), 200
+
+    except Exception as e:
+        logging.error(f"Credit request processing failed: {e}")
+        return jsonify({'error': str(e)}), 500
 
 
 # === Main Execution ===