init

.dockerignore

@@ -0,0 +1,37 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+venv/
+env/
+ENV/
+
+# Environment files
+.env
+.env.local
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Git
+.git/
+.gitignore
+
+# Node (if any)
+node_modules/
+package-lock.json
+
+# Misc
+*.log
+.pytest_cache/
+.coverage
+htmlcov/

.env.example

@@ -0,0 +1,12 @@
+# ── Supabase ──────────────────────────────────────────────
+# Get these from: https://supabase.com/dashboard → Project Settings → API
+SUPABASE_URL="https://your-project.supabase.co"
+SUPABASE_SERVICE_KEY="your_service_role_key_here"
+SUPABASE_ANON_KEY="your_anon_key_here"
+
+# ── Google Gemini AI ──────────────────────────────────────
+# Get from: https://makersuite.google.com/app/apikey
+GEMINI_API_KEY="your_gemini_api_key_here"
+
+# ── Frontend URL (CORS) ──────────────────────────────────
+FRONTEND_URL="http://localhost:3000"

.gitignore

@@ -0,0 +1,35 @@
+# Environment variables
+.env
+.env.local
+
+# Python cache
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+
+# Virtual environments
+venv/
+env/
+ENV/
+.venv
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Logs
+*.log
+
+# Distribution / packaging
+build/
+dist/
+*.egg-info/

Dockerfile

@@ -0,0 +1,30 @@
+# Dockerfile for Hugging Face Spaces deployment
+FROM python:3.11-slim
+
+# Set working directory
+WORKDIR /app
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y \
+    build-essential \
+    curl \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy requirements first for better caching
+COPY requirements.txt .
+
+# Install Python dependencies
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Copy application code
+COPY . .
+
+# Expose port (Hugging Face Spaces uses 7860 by default)
+EXPOSE 7860
+
+# Set environment variables
+ENV PYTHONUNBUFFERED=1
+ENV PORT=7860
+
+# Run the application
+CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "7860"]

README.md

@@ -1,11 +1,62 @@
 ---
-title: NoMoosh
-emoji: 📊
-colorFrom: gray
-colorTo: gray
+title: Nomoosh API
+emoji: 🍽️
+colorFrom: blue
+colorTo: purple
 sdk: docker
 pinned: false
-short_description: app
+license: mit
 ---
 
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
+# Nomoosh Backend API
+
+FastAPI backend for the Nomoosh restaurant onboarding and ordering platform.
+
+## Features
+
+- 🔐 Authentication with Supabase
+- 📋 Multi-step restaurant onboarding
+- 🤖 AI-powered menu digitization using Google Gemini
+- 📍 Geocoding and location services
+- ☁️ File storage with Supabase Storage
+- 🗄️ PostgreSQL database via Supabase
+
+## Environment Variables
+
+This Space requires the following environment variables to be set in Settings → Variables and secrets:
+
+```bash
+SUPABASE_URL=your_supabase_project_url
+SUPABASE_SERVICE_KEY=your_supabase_service_role_key
+SUPABASE_ANON_KEY=your_supabase_anon_key
+GEMINI_API_KEY=your_google_gemini_api_key
+FRONTEND_URL=your_frontend_url
+```
+
+## API Documentation
+
+Once deployed, visit:
+- `/docs` - Interactive Swagger UI
+- `/redoc` - ReDoc documentation
+- `/health` - Health check endpoint
+
+## Local Development
+
+```bash
+# Install dependencies
+pip install -r requirements.txt
+
+# Create .env file with your credentials
+cp .env.example .env
+
+# Run the server
+uvicorn main:app --reload
+```
+
+## Deployment
+
+This backend is designed to be deployed on Hugging Face Spaces using Docker SDK.
+
+## License
+
+MIT

auth_utils.py

@@ -0,0 +1,32 @@
+"""Helpers to extract / verify the Supabase JWT from incoming requests."""
+
+from __future__ import annotations
+from fastapi import Header, HTTPException
+from supabase_client import get_supabase
+
+
+async def get_current_user_id(authorization: str = Header(None)) -> str:
+    """Require a valid Supabase access-token. Returns the Supabase user-id (UUID)."""
+    if not authorization or not authorization.startswith("Bearer "):
+        raise HTTPException(status_code=401, detail="Missing or invalid Authorization header")
+    token = authorization.split(" ", 1)[1]
+    try:
+        sb = get_supabase()
+        user_resp = sb.auth.get_user(token)
+        if not user_resp or not user_resp.user:
+            raise HTTPException(status_code=401, detail="Invalid token")
+        return user_resp.user.id
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(status_code=401, detail=f"Token verification failed: {e}")
+
+
+async def get_optional_user_id(authorization: str = Header(None)) -> str | None:
+    """Same as above but returns *None* instead of 401 when token is absent/invalid."""
+    if not authorization or not authorization.startswith("Bearer "):
+        return None
+    try:
+        return await get_current_user_id(authorization)
+    except Exception:
+        return None

config.py

@@ -0,0 +1,15 @@
+"""Centralised configuration — reads from .env via python-dotenv."""
+
+import os
+from dotenv import load_dotenv
+
+load_dotenv()
+
+SUPABASE_URL: str = os.getenv("SUPABASE_URL", "")
+SUPABASE_SERVICE_KEY: str = os.getenv("SUPABASE_SERVICE_KEY", "")
+SUPABASE_ANON_KEY: str = os.getenv("SUPABASE_ANON_KEY", "")
+GEMINI_API_KEY: str = os.getenv("GEMINI_API_KEY", "")
+FRONTEND_URL: str = os.getenv("FRONTEND_URL", "http://localhost:3000")
+
+# Storage bucket name in Supabase
+STORAGE_BUCKET: str = "restaurant-media"

main.py

@@ -0,0 +1,48 @@
+"""
+Nomoosh Backend — FastAPI entry point.
+
+Run with:
+    uvicorn main:app --reload --port 8000
+"""
+
+from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware
+
+from config import FRONTEND_URL
+from routers import auth, onboarding, menu, geocode
+
+app = FastAPI(
+    title="Nomoosh API",
+    description="Restaurant onboarding & ordering platform",
+    version="1.0.0",
+)
+
+# ── CORS ──────────────────────────────────────────────────
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=[
+        FRONTEND_URL,
+        "http://localhost:3000",
+        "http://127.0.0.1:3000",
+    ],
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+# ── Routers ───────────────────────────────────────────────
+app.include_router(auth.router)
+app.include_router(onboarding.router)
+app.include_router(menu.router)
+app.include_router(geocode.router)
+
+
+# ── Health & root ─────────────────────────────────────────
+@app.get("/")
+def root():
+    return {"status": "ok", "service": "Nomoosh API"}
+
+
+@app.get("/health")
+def health():
+    return {"status": "healthy"}

package-lock.json

@@ -0,0 +1,6 @@
+{
+  "name": "backend",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {}
+}

requirements.txt

@@ -0,0 +1,10 @@
+fastapi==0.115.0
+uvicorn[standard]==0.30.0
+python-multipart==0.0.12
+supabase==2.11.0
+python-dotenv==1.0.1
+httpx==0.28.0
+google-generativeai==0.8.4
+Pillow==11.1.0
+PyMuPDF==1.25.3
+pydantic>=2.0

routers/__init__.py

@@ -0,0 +1 @@
+# routers package

routers/auth.py

@@ -0,0 +1,90 @@
+"""Auth router — create_user endpoint.
+
+The actual email-OTP / Google-OAuth flows happen client-side via @supabase/supabase-js.
+This endpoint is called *after* the user has already authenticated with Supabase to
+create (or retrieve) an application-level profile row in the `accounts` table.
+"""
+
+from __future__ import annotations
+from fastapi import APIRouter, HTTPException
+from pydantic import BaseModel
+from supabase_client import get_supabase
+
+router = APIRouter(tags=["auth"])
+
+
+# ── Request / Response models ──────────────────────────────
+class CreateUserRequest(BaseModel):
+    name: str
+    email: str | None = None
+    phone: str | None = None
+    supabase_uid: str | None = None
+
+
+class CreateUserResponse(BaseModel):
+    user_id: str
+    message: str = "ok"
+
+
+# ── Endpoint ──────────────────────────────────────────────
+@router.post("/create_user", response_model=CreateUserResponse)
+async def create_user(req: CreateUserRequest):
+    """Create or return an existing account row."""
+    sb = get_supabase()
+
+    # 1. Look-up by Supabase UID first (most reliable after OAuth)
+    if req.supabase_uid:
+        existing = (
+            sb.table("accounts")
+            .select("id")
+            .eq("supabase_uid", req.supabase_uid)
+            .execute()
+        )
+        if existing.data:
+            return CreateUserResponse(user_id=str(existing.data[0]["id"]))
+
+    # 2. Fallback: look-up by email
+    if req.email:
+        existing = (
+            sb.table("accounts")
+            .select("id")
+            .eq("email", req.email)
+            .execute()
+        )
+        if existing.data:
+            # Patch supabase_uid if it was missing
+            if req.supabase_uid:
+                sb.table("accounts").update({"supabase_uid": req.supabase_uid}).eq(
+                    "id", existing.data[0]["id"]
+                ).execute()
+            return CreateUserResponse(user_id=str(existing.data[0]["id"]))
+
+    # 3. Fallback: look-up by phone
+    if req.phone:
+        existing = (
+            sb.table("accounts")
+            .select("id")
+            .eq("mob_number", req.phone)
+            .execute()
+        )
+        if existing.data:
+            if req.supabase_uid:
+                sb.table("accounts").update({"supabase_uid": req.supabase_uid}).eq(
+                    "id", existing.data[0]["id"]
+                ).execute()
+            return CreateUserResponse(user_id=str(existing.data[0]["id"]))
+
+    # 4. No match → create
+    insert_data: dict = {"name": req.name[:25]}
+    if req.email:
+        insert_data["email"] = req.email
+    if req.phone:
+        insert_data["mob_number"] = req.phone
+    if req.supabase_uid:
+        insert_data["supabase_uid"] = req.supabase_uid
+
+    result = sb.table("accounts").insert(insert_data).execute()
+    if not result.data:
+        raise HTTPException(status_code=500, detail="Failed to create account")
+
+    return CreateUserResponse(user_id=str(result.data[0]["id"]))

routers/geocode.py

@@ -0,0 +1,75 @@
+"""Geocode router — free reverse-geocoding via OpenStreetMap Nominatim."""
+
+from __future__ import annotations
+from fastapi import APIRouter, HTTPException
+from pydantic import BaseModel
+import httpx
+
+router = APIRouter(tags=["geocode"])
+
+NOMINATIM_URL = "https://nominatim.openstreetmap.org/reverse"
+USER_AGENT = "NomooshApp/1.0 (support@nomoosh.com)"   # Nominatim requires a User-Agent
+
+
+class ReverseGeocodeRequest(BaseModel):
+    lat: float
+    lng: float
+    language: str = "en"
+
+
+@router.post("/geocode/reverse")
+async def reverse_geocode(data: ReverseGeocodeRequest):
+    """
+    Reverse-geocode latitude/longitude → address components.
+    Uses the free Nominatim (OpenStreetMap) API.
+    """
+    params = {
+        "lat": data.lat,
+        "lon": data.lng,
+        "format": "jsonv2",
+        "addressdetails": 1,
+        "accept-language": data.language,
+    }
+
+    try:
+        async with httpx.AsyncClient(timeout=10) as client:
+            resp = await client.get(
+                NOMINATIM_URL,
+                params=params,
+                headers={"User-Agent": USER_AGENT},
+            )
+            resp.raise_for_status()
+            body = resp.json()
+    except httpx.HTTPStatusError as e:
+        raise HTTPException(status_code=502, detail=f"Nominatim error: {e.response.status_code}")
+    except Exception as e:
+        raise HTTPException(status_code=502, detail=f"Geocoding failed: {e}")
+
+    addr = body.get("address", {})
+
+    # Map Nominatim fields → our schema
+    street = " ".join(filter(None, [
+        addr.get("house_number"),
+        addr.get("road"),
+        addr.get("neighbourhood"),
+    ]))
+    locality = addr.get("suburb") or addr.get("village") or addr.get("town") or ""
+    city = (
+        addr.get("city")
+        or addr.get("town")
+        or addr.get("municipality")
+        or addr.get("county")
+        or ""
+    )
+    pincode = addr.get("postcode") or ""
+
+    return {
+        "latitude": data.lat,
+        "longitude": data.lng,
+        "street": street,
+        "locality": locality,
+        "city": city,
+        "pincode": pincode,
+        "display_name": body.get("display_name", ""),
+        "raw": addr,
+    }

routers/menu.py

@@ -0,0 +1,196 @@
+"""Menu router — digitise menu images via Gemini, upload dish photos, save menu items.
+
+Endpoints:
+  POST /digitize-menu          → parse menu from images/PDFs (Gemini AI)
+  POST /upload-image           → upload a single dish photo to Supabase Storage
+  POST /upload-restaurant-media→ upload restaurant photos/videos
+  POST /register-restaurant_pg2→ save finalised menu items to temp_menu
+"""
+
+from __future__ import annotations
+
+import json
+from fastapi import APIRouter, File, Form, HTTPException, Request, UploadFile
+from pydantic import BaseModel
+from supabase_client import get_supabase
+from services.gemini_service import parse_menu_images
+from services.storage_service import upload_to_storage
+
+router = APIRouter(tags=["menu"])
+
+
+# ═══════════════════════════════════════════════════════════
+# MODELS
+# ═══════════════════════════════════════════════════════════
+
+class VariantPayload(BaseModel):
+    variant_name: str = "Regular"
+    price: int | float = 0
+
+
+class ItemPayload(BaseModel):
+    name: str
+    variants: list[VariantPayload] = []
+    description: str = ""
+    image_link: str = ""
+
+
+class CategoryPayload(BaseModel):
+    category: str
+    items: list[ItemPayload] = []
+
+
+class MenuPayload(BaseModel):
+    restaurant_name: str = ""
+    categories: list[CategoryPayload] = []
+
+
+class RegisterPg2Request(BaseModel):
+    user_id: int
+    menu: MenuPayload
+
+
+# ═══════════════════════════════════════════════════════════
+# POST /digitize-menu
+# ═══════════════════════════════════════════════════════════
+
+@router.post("/digitize-menu")
+async def digitize_menu(files: list[UploadFile] = File(...)):
+    """Accept menu image(s) / PDF, run Gemini vision to extract structured menu JSON."""
+    if not files:
+        raise HTTPException(status_code=400, detail="No files provided")
+
+    file_data: list[tuple[bytes, str]] = []
+    for f in files:
+        content = await f.read()
+        ct = f.content_type or "application/octet-stream"
+        file_data.append((content, ct))
+
+    try:
+        result = await parse_menu_images(file_data)
+        return {"menu": result}
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Menu parsing failed: {e}")
+
+
+# ═══════════════════════════════════════════════════════════
+# POST /upload-image  (single dish photo)
+# ═══════════════════════════════════════════════════════════
+
+@router.post("/upload-image")
+async def upload_image(
+    file: UploadFile = File(...),
+    itemId: str = Form(""),
+):
+    """Upload a dish photo → Supabase Storage, return public URL."""
+    content = await file.read()
+    ct = file.content_type or "image/jpeg"
+    filename = file.filename or "photo.jpg"
+    try:
+        url = await upload_to_storage(content, filename, ct, folder="dishes")
+        return {"url": url}
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Upload failed: {e}")
+
+
+# ═══════════════════════════════════════════════════════════
+# POST /upload-restaurant-media  (bulk restaurant photos/videos)
+# ═══════════════════════════════════════════════════════════
+
+@router.post("/upload-restaurant-media")
+async def upload_restaurant_media(request: Request):
+    """
+    Accepts multipart form with keys like:
+        menu_files[], exterior_photos[], interior_photos[], etc.
+    Uploads each to Supabase Storage and records in temp_media.
+    """
+    form = await request.form()
+    user_id_raw = form.get("user_id")
+
+    sb = get_supabase()
+    uploaded: list[dict] = []
+
+    for key, value in form.multi_items():
+        if key == "user_id":
+            continue
+
+        # Only process file-like values
+        if not hasattr(value, "read"):
+            continue
+
+        content = await value.read()  # type: ignore[union-attr]
+        ct = getattr(value, "content_type", "application/octet-stream") or "application/octet-stream"
+        fname = getattr(value, "filename", "file") or "file"
+
+        url = await upload_to_storage(content, fname, ct, folder="restaurant")
+        uploaded.append({"key": key, "url": url})
+
+        # Persist in temp_media if we have a user_id
+        if user_id_raw:
+            is_ext = "exterior" in key
+            is_int = "interior" in key
+            is_kit = "kitchen" in key
+            is_menu = "menu" in key
+            is_video = "video" in key
+
+            sb.table("temp_media").insert({
+                "user_id":  int(user_id_raw),
+                "file_link": url,
+                "exterior": is_ext,
+                "interior": is_int,
+                "kitchen":  is_kit,
+                "menu":     is_menu,
+                "video":    is_video,
+            }).execute()
+
+    return {"message": "Media uploaded", "count": len(uploaded), "files": uploaded}
+
+
+# ═══════════════════════════════════════════════════════════
+# POST /register-restaurant_pg2  (save parsed/edited menu items)
+# ═══════════════════════════════════════════════════════════
+
+@router.post("/register-restaurant_pg2")
+async def register_restaurant_pg2(data: RegisterPg2Request):
+    """Persist the (possibly edited) menu items into temp_menu."""
+    sb = get_supabase()
+    user_id = data.user_id
+
+    # Verify temp row exists
+    temp_check = sb.table("temp").select("user_id").eq("user_id", user_id).execute()
+    if not temp_check.data:
+        raise HTTPException(
+            status_code=404,
+            detail="Onboarding session not found — complete step 1 first.",
+        )
+
+    # Clear previous menu drafts
+    sb.table("temp_menu").delete().eq("user_id", user_id).execute()
+
+    # Insert each item (one row per variant)
+    for cat in data.menu.categories:
+        for item in cat.items:
+            if not item.variants:
+                # Single-price dish
+                sb.table("temp_menu").insert({
+                    "user_id":      user_id,
+                    "dish_name":    item.name[:100],
+                    "price":        0,
+                    "category":     cat.category,
+                    "variant_name": "Regular",
+                    "image_link":   item.image_link or None,
+                    "description":  item.description or None,
+                }).execute()
+            else:
+                for v in item.variants:
+                    sb.table("temp_menu").insert({
+                        "user_id":      user_id,
+                        "dish_name":    item.name[:100],
+                        "price":        int(v.price) if v.price else 0,
+                        "category":     cat.category,
+                        "variant_name": v.variant_name or "Regular",
+                        "image_link":   item.image_link or None,
+                        "description":  item.description or None,
+                    }).execute()
+
+    return {"message": "Menu saved", "user_id": user_id}

routers/onboarding.py

@@ -0,0 +1,325 @@
+"""Onboarding router — multi-step restaurant registration.
+
+Endpoints:
+  GET  /check-onboarding-status   → check which steps are completed
+  POST /register-restaurant_pg1   → save restaurant details & location (step 1)
+  POST /save-cuisines-and-times   → save cuisines + operating hours   (step 3)
+  POST /save-documents            → save bank/PAN + finalise          (step 4)
+"""
+
+from __future__ import annotations
+from fastapi import APIRouter, HTTPException, Query
+from pydantic import BaseModel
+from supabase_client import get_supabase
+
+router = APIRouter(tags=["onboarding"])
+
+
+# ═══════════════════════════════════════════════════════════
+# CHECK ONBOARDING STATUS
+# ═══════════════════════════════════════════════════════════
+
+@router.get("/check-onboarding-status")
+async def check_onboarding_status(user_id: int = Query(...)):
+    """Check which onboarding steps have data in the database."""
+    sb = get_supabase()
+    
+    try:
+        # Check step 1: Restaurant details (temp table)
+        temp_res = sb.table("temp").select("user_id").eq("user_id", user_id).execute()
+        details_completed = len(temp_res.data or []) > 0
+        
+        # Check step 2: Menu items (temp_menu table)
+        menu_res = sb.table("temp_menu").select("id").eq("user_id", user_id).limit(1).execute()
+        menu_completed = len(menu_res.data or []) > 0
+        
+        # Check step 3: Cuisines and timing (temp_rest_cuisines or temp_rest_timing)
+        cuisine_res = sb.table("temp_rest_cuisines").select("user_id").eq("user_id", user_id).limit(1).execute()
+        timing_res = sb.table("temp_rest_timing").select("user_id").eq("user_id", user_id).limit(1).execute()
+        cuisine_completed = len(cuisine_res.data or []) > 0 or len(timing_res.data or []) > 0
+        
+        # Step 4 (documents) is only complete when everything is finalized (moved to permanent tables)
+        # So we don't check for it in temp tables
+        
+        return {
+            "details": details_completed,
+            "menu": menu_completed,
+            "cuisine": cuisine_completed,
+            "documents": False,  # always false in temp tables
+        }
+    except Exception as e:
+        # If tables don't exist or query fails, return all false
+        return {
+            "details": False,
+            "menu": False,
+            "cuisine": False,
+            "documents": False,
+        }
+
+
+@router.get("/get-onboarding-data")
+async def get_onboarding_data(user_id: int = Query(...)):
+    """Fetch saved onboarding data from temp tables to restore form state."""
+    sb = get_supabase()
+    
+    try:
+        # Fetch restaurant details from temp table
+        temp_res = sb.table("temp").select("*").eq("user_id", user_id).execute()
+        temp_data = temp_res.data[0] if temp_res.data else None
+        
+        return {
+            "temp": temp_data,
+        }
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Failed to fetch onboarding data: {e}")
+
+
+# ═══════════════════════════════════════════════════════════
+# MODELS
+# ═══════════════════════════════════════════════════════════
+
+class RestaurantPg1(BaseModel):
+    usr_id: str | None = None
+    rest_name: str
+    rest_phone: str = ""
+    rest_intro: str = ""
+    ownr_name: str
+    ownr_email: str
+    ownr_mobile: str
+    strret: str = ""
+    localty: str = ""
+    cty: str = ""
+    pincde: str = ""
+    landmrk: str = ""
+    latitude: str | None = None
+    longitude: str | None = None
+
+
+class Slot(BaseModel):
+    open: str
+    close: str
+
+
+class CuisineTimesRequest(BaseModel):
+    restaurant_id: str | None = None
+    cuisines: list[str] = []
+    open_days: dict[str, bool] = {}
+    timings: dict[str, list[Slot]] = {}
+
+
+class DocumentsPayload(BaseModel):
+    pan: str = ""
+    account_holder: str = ""
+    account_number: str = ""
+    ifsc: str = ""
+
+
+class SaveDocumentsRequest(BaseModel):
+    restaurantId: str | None = None
+    documents: DocumentsPayload
+
+
+# ═══════════════════════════════════════════════════════════
+# STEP 1 — Restaurant details & location
+# ═══════════════════════════════════════════════════════════
+
+@router.post("/register-restaurant_pg1")
+async def register_restaurant_pg1(data: RestaurantPg1):
+    sb = get_supabase()
+
+    user_id = data.usr_id
+    if not user_id:
+        raise HTTPException(status_code=400, detail="usr_id is required")
+
+    user_id_int = int(user_id)
+
+    # Ensure temp row exists (upsert)
+    existing = sb.table("temp").select("user_id").eq("user_id", user_id_int).execute()
+
+    row = {
+        "user_id": user_id_int,
+        "restaurant_name": data.rest_name[:100],
+        "owner_name": data.ownr_name[:25],
+        "owner_email": data.ownr_email,
+        "owner_mobile": data.ownr_mobile,
+        "rest_mob_number": data.rest_phone,
+        "description": data.rest_intro,
+        "street": data.strret,
+        "locality": data.localty,
+        "city": data.cty,
+        "pincode": data.pincde,
+        "landmark": data.landmrk,
+        "latitude": data.latitude or "0",
+        "longitude": data.longitude or "0",
+    }
+
+    if existing.data:
+        sb.table("temp").update(row).eq("user_id", user_id_int).execute()
+    else:
+        sb.table("temp").insert(row).execute()
+
+    return {"message": "Restaurant details saved", "restaurant_id": str(user_id_int)}
+
+
+# ═══════════════════════════════════════════════════════════
+# STEP 3 — Cuisines & timings
+# ═══════════════════════════════════════════════════════════
+
+@router.post("/save-cuisines-and-times")
+async def save_cuisines_and_times(data: CuisineTimesRequest):
+    sb = get_supabase()
+
+    user_id_str = data.restaurant_id
+    if not user_id_str:
+        raise HTTPException(status_code=400, detail="restaurant_id is required")
+
+    user_id = int(user_id_str)
+
+    # Verify temp row exists
+    temp_check = sb.table("temp").select("user_id").eq("user_id", user_id).execute()
+    if not temp_check.data:
+        raise HTTPException(status_code=404, detail="Onboarding session not found. Complete step 1 first.")
+
+    # ── Cuisines ──────────────────────────────────────────
+    # Clear old selections
+    sb.table("temp_rest_cuisines").delete().eq("user_id", user_id).execute()
+
+    for cuisine_name in data.cuisines:
+        cuis = sb.table("cuisines").select("id").eq("cuisine", cuisine_name).execute()
+        if cuis.data:
+            sb.table("temp_rest_cuisines").insert({
+                "user_id": user_id,
+                "cuisine_id": cuis.data[0]["id"],
+            }).execute()
+
+    # ── Timings ───────────────────────────────────────────
+    sb.table("temp_rest_timing").delete().eq("user_id", user_id).execute()
+
+    for day, slots in data.timings.items():
+        for slot in slots:
+            sb.table("temp_rest_timing").insert({
+                "user_id": user_id,
+                "day": day,
+                "open_time": slot.open,
+                "close_time": slot.close,
+            }).execute()
+
+    return {"message": "Cuisines and timings saved"}
+
+
+# ═══════════════════════════════════════════════════════════
+# STEP 4 — Documents + FINALISE registration
+# ═══════════════════════════════════════════════════════════
+
+@router.post("/save-documents")
+async def save_documents(data: SaveDocumentsRequest):
+    sb = get_supabase()
+
+    user_id_str = data.restaurantId
+    if not user_id_str:
+        raise HTTPException(status_code=400, detail="restaurantId is required")
+
+    user_id = int(user_id_str)
+
+    # ── 1. Update temp with bank/PAN info ─────────────────
+    sb.table("temp").update({
+        "pan": data.documents.pan,
+        "account_holder": data.documents.account_holder,
+        "account_no": data.documents.account_number,
+        "ifsc": data.documents.ifsc,
+    }).eq("user_id", user_id).execute()
+
+    # ── 2. Finalise: move everything from temp → permanent tables
+    temp_res = sb.table("temp").select("*").eq("user_id", user_id).single().execute()
+    if not temp_res.data:
+        raise HTTPException(status_code=404, detail="Onboarding data not found")
+    t = temp_res.data
+
+    # 2a. rest_location
+    loc = sb.table("rest_location").insert({
+        "street":    t.get("street") or "",
+        "locality":  t.get("locality") or "",
+        "city":      t.get("city") or "",
+        "pincode":   t.get("pincode") or "",
+        "landmark":  t.get("landmark"),
+        "latitude":  t.get("latitude") or "0",
+        "longitude": t.get("longitude") or "0",
+    }).execute()
+    location_id = loc.data[0]["id"]
+
+    # 2b. bank_details
+    bank = sb.table("bank_details").insert({
+        "pan":            t.get("pan"),
+        "account_holder": t.get("account_holder"),
+        "account_no":     t.get("account_no"),
+        "ifsc":           t.get("ifsc"),
+    }).execute()
+    bank_id = bank.data[0]["id"]
+
+    # 2c. restaurants
+    rest = sb.table("restaurants").insert({
+        "name":        t.get("restaurant_name") or "Unnamed",
+        "accounts_id": user_id,
+        "location_id": location_id,
+        "bank_id":     bank_id,
+        "mob_number":  t.get("rest_mob_number") or "",
+        "description": t.get("description"),
+    }).execute()
+    restaurant_id = rest.data[0]["id"]
+
+    # 2d. menu (from temp_menu)
+    temp_menu = sb.table("temp_menu").select("*").eq("user_id", user_id).execute()
+    for item in (temp_menu.data or []):
+        sb.table("menu").insert({
+            "restaurant_id": restaurant_id,
+            "dish_name":     item["dish_name"],
+            "price":         item.get("price", 0),
+            "category_veg":  item.get("category_veg"),
+            "description":   item.get("description"),
+            "image_link":    item.get("image_link"),
+            "cuisine":       item.get("cuisine"),
+            "category":      item.get("category"),
+            "variant_name":  item.get("variant_name", "Regular"),
+        }).execute()
+
+    # 2e. rest_cuisines (from temp_rest_cuisines)
+    temp_cuis = sb.table("temp_rest_cuisines").select("*").eq("user_id", user_id).execute()
+    for c in (temp_cuis.data or []):
+        sb.table("rest_cuisines").insert({
+            "restaurant_id": restaurant_id,
+            "cuisine_id":    c["cuisine_id"],
+        }).execute()
+
+    # 2f. rest_timing (from temp_rest_timing)
+    temp_timing = sb.table("temp_rest_timing").select("*").eq("user_id", user_id).execute()
+    for tt in (temp_timing.data or []):
+        sb.table("rest_timing").insert({
+            "restaurant_id": restaurant_id,
+            "day":           tt["day"],
+            "open_time":     tt["open_time"],
+            "close_time":    tt["close_time"],
+        }).execute()
+
+    # 2g. rest_media (from temp_media)
+    temp_media = sb.table("temp_media").select("*").eq("user_id", user_id).execute()
+    for m in (temp_media.data or []):
+        sb.table("rest_media").insert({
+            "restaurant_id": restaurant_id,
+            "image_link":    m["file_link"],
+            "exterior":      m.get("exterior", False),
+            "interior":      m.get("interior", False),
+            "kitchen":       m.get("kitchen", False),
+            "video":         m.get("video", False),
+        }).execute()
+
+    # ── 3. Cleanup temp tables ────────────────────────────
+    sb.table("temp_media").delete().eq("user_id", user_id).execute()
+    sb.table("temp_menu").delete().eq("user_id", user_id).execute()
+    sb.table("temp_rest_cuisines").delete().eq("user_id", user_id).execute()
+    sb.table("temp_rest_timing").delete().eq("user_id", user_id).execute()
+    sb.table("temp").delete().eq("user_id", user_id).execute()
+
+    return {
+        "message": "Registration complete!",
+        "restaurant_id": restaurant_id,
+    }

schema.sql

@@ -0,0 +1,376 @@
+-- ==========================================================
+-- Nomoosh — Supabase-compatible PostgreSQL schema
+-- Run this in the Supabase SQL Editor (Dashboard → SQL → New Query)
+-- ==========================================================
+
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+
+-- ==========================================================
+-- 1. ONBOARDING / MASTER DATA
+-- ==========================================================
+
+-- Accounts (Restaurant Owner / Admin)
+CREATE TABLE IF NOT EXISTS accounts (
+    id            SERIAL PRIMARY KEY,
+    supabase_uid  TEXT UNIQUE,                     -- links to auth.users.id
+    name          VARCHAR(25) NOT NULL,
+    email         VARCHAR(255) UNIQUE,
+    mob_number    VARCHAR(16) UNIQUE,
+    profile_pic   TEXT,
+    created_at    TIMESTAMPTZ DEFAULT now(),
+    updated_at    TIMESTAMPTZ DEFAULT now()
+);
+
+-- Restaurant Location
+CREATE TABLE IF NOT EXISTS rest_location (
+    id        SERIAL PRIMARY KEY,
+    street    TEXT NOT NULL,
+    locality  TEXT NOT NULL,
+    city      TEXT NOT NULL,
+    pincode   TEXT NOT NULL,
+    landmark  TEXT,
+    latitude  TEXT NOT NULL DEFAULT '0',
+    longitude TEXT NOT NULL DEFAULT '0'
+);
+
+-- Bank Details
+CREATE TABLE IF NOT EXISTS bank_details (
+    id         SERIAL PRIMARY KEY,
+    pan        TEXT,
+    bank_name  TEXT,
+    account_holder TEXT,
+    account_no TEXT,
+    ifsc       TEXT,
+    upi        TEXT
+);
+
+-- Restaurants (Master)
+CREATE TABLE IF NOT EXISTS restaurants (
+    id                  SERIAL PRIMARY KEY,
+    name                VARCHAR(100) NOT NULL,
+    accounts_id         INT NOT NULL UNIQUE,
+    location_id         INT NOT NULL UNIQUE,
+    bank_id             INT UNIQUE,
+    rating              REAL,
+    rating_by_no_of_people INT,
+    mob_number          VARCHAR(16) NOT NULL DEFAULT '',
+    description         TEXT,
+
+    FOREIGN KEY (accounts_id) REFERENCES accounts(id),
+    FOREIGN KEY (location_id) REFERENCES rest_location(id),
+    FOREIGN KEY (bank_id)     REFERENCES bank_details(id)
+);
+
+-- Cuisines (pre-seeded below)
+CREATE TABLE IF NOT EXISTS cuisines (
+    id      SERIAL PRIMARY KEY,
+    cuisine VARCHAR(50) NOT NULL UNIQUE
+);
+
+-- Restaurant ↔ Cuisines
+CREATE TABLE IF NOT EXISTS rest_cuisines (
+    restaurant_id INT NOT NULL,
+    cuisine_id    INT NOT NULL,
+    PRIMARY KEY (restaurant_id, cuisine_id),
+    FOREIGN KEY (restaurant_id) REFERENCES restaurants(id) ON DELETE CASCADE,
+    FOREIGN KEY (cuisine_id)    REFERENCES cuisines(id)
+);
+
+-- Menu
+CREATE TABLE IF NOT EXISTS menu (
+    id                       SERIAL PRIMARY KEY,
+    restaurant_id            INT NOT NULL,
+    dish_name                VARCHAR(100) NOT NULL,
+    type_maincourse          TEXT,
+    quantity                 TEXT,
+    price                    INT NOT NULL DEFAULT 0,
+    category_veg             BOOLEAN,
+    availability             BOOLEAN DEFAULT TRUE NOT NULL,
+    preperation_time         INTERVAL,
+    image_link               TEXT,
+    description              TEXT,
+    customizability          BOOLEAN DEFAULT FALSE NOT NULL,
+    order_freq               TEXT,
+    serving_for_no_of_people INT,
+    rating                   REAL,
+    rating_by_no_of_people   INT,
+    cuisine                  VARCHAR(50),
+    category                 TEXT,
+    variant_name             TEXT DEFAULT 'Regular',
+
+    FOREIGN KEY (restaurant_id) REFERENCES restaurants(id) ON DELETE CASCADE
+);
+
+-- Restaurant Timing (open/close per day per shift)
+CREATE TABLE IF NOT EXISTS rest_timing (
+    id            SERIAL PRIMARY KEY,
+    restaurant_id INT NOT NULL,
+    day           VARCHAR(9) NOT NULL,
+    open_time     TIME NOT NULL,
+    close_time    TIME NOT NULL,
+
+    FOREIGN KEY (restaurant_id) REFERENCES restaurants(id) ON DELETE CASCADE
+);
+
+-- Restaurant Media
+CREATE TABLE IF NOT EXISTS rest_media (
+    id            SERIAL PRIMARY KEY,
+    restaurant_id INT NOT NULL,
+    image_link    TEXT NOT NULL,
+    exterior      BOOLEAN DEFAULT FALSE NOT NULL,
+    interior      BOOLEAN DEFAULT FALSE NOT NULL,
+    lavatory      BOOLEAN DEFAULT FALSE NOT NULL,
+    kitchen       BOOLEAN DEFAULT FALSE NOT NULL,
+    video         BOOLEAN DEFAULT FALSE NOT NULL,
+
+    FOREIGN KEY (restaurant_id) REFERENCES restaurants(id) ON DELETE CASCADE
+);
+
+-- Customer Feedback
+CREATE TABLE IF NOT EXISTS customer_feedback (
+    id             SERIAL PRIMARY KEY,
+    customer_id    INT NOT NULL,
+    restaurant_id  INT NOT NULL,
+    food           INT CHECK (food BETWEEN 1 AND 5),
+    staff_behavior INT CHECK (staff_behavior BETWEEN 1 AND 5),
+    hygiene        INT CHECK (hygiene BETWEEN 1 AND 5),
+    optional       TEXT,
+
+    FOREIGN KEY (restaurant_id) REFERENCES restaurants(id) ON DELETE CASCADE
+);
+
+-- ==========================================================
+-- 2. TEMP / DRAFT TABLES (ONBOARDING FLOW)
+-- ==========================================================
+
+CREATE TABLE IF NOT EXISTS temp (
+    user_id         INT PRIMARY KEY,
+    restaurant_name VARCHAR(100),
+    owner_name      VARCHAR(25),
+    owner_email     VARCHAR(255),
+    owner_mobile    VARCHAR(16),
+    street          TEXT,
+    locality        TEXT,
+    city            TEXT,
+    pincode         TEXT,
+    landmark        TEXT,
+    latitude        TEXT,
+    longitude       TEXT,
+    bank_name       TEXT,
+    account_no      TEXT,
+    ifsc            TEXT,
+    upi             TEXT,
+    rest_mob_number VARCHAR(16),
+    description     TEXT,
+    pan             TEXT,
+    account_holder  TEXT,
+
+    FOREIGN KEY (user_id) REFERENCES accounts(id) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS temp_media (
+    id       SERIAL PRIMARY KEY,
+    user_id  INT NOT NULL,
+    file_link TEXT NOT NULL,
+    exterior BOOLEAN DEFAULT FALSE NOT NULL,
+    interior BOOLEAN DEFAULT FALSE NOT NULL,
+    kitchen  BOOLEAN DEFAULT FALSE NOT NULL,
+    menu     BOOLEAN DEFAULT FALSE NOT NULL,
+    video    BOOLEAN DEFAULT FALSE NOT NULL,
+
+    FOREIGN KEY (user_id) REFERENCES temp(user_id) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS temp_menu (
+    id                       SERIAL PRIMARY KEY,
+    user_id                  INT NOT NULL,
+    dish_name                VARCHAR(100) NOT NULL,
+    type_maincourse          TEXT,
+    quantity                 TEXT,
+    price                    INT NOT NULL DEFAULT 0,
+    category_veg             BOOLEAN,
+    availability             BOOLEAN DEFAULT TRUE NOT NULL,
+    preperation_time         INTERVAL,
+    image_link               TEXT,
+    description              TEXT,
+    customizability          BOOLEAN DEFAULT FALSE NOT NULL,
+    serving_for_no_of_people INT,
+    cuisine                  VARCHAR(50),
+    category                 TEXT,
+    variant_name             TEXT DEFAULT 'Regular',
+
+    FOREIGN KEY (user_id) REFERENCES temp(user_id) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS temp_rest_timing (
+    id       SERIAL PRIMARY KEY,
+    user_id  INT NOT NULL,
+    day      VARCHAR(9) NOT NULL,
+    open_time TIME NOT NULL,
+    close_time TIME NOT NULL,
+
+    FOREIGN KEY (user_id) REFERENCES temp(user_id) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS temp_rest_cuisines (
+    user_id    INT NOT NULL,
+    cuisine_id INT NOT NULL,
+    PRIMARY KEY (user_id, cuisine_id),
+    FOREIGN KEY (user_id)    REFERENCES temp(user_id) ON DELETE CASCADE,
+    FOREIGN KEY (cuisine_id) REFERENCES cuisines(id)
+);
+
+-- ==========================================================
+-- 3. CORE APPLICATION (TRANSACTIONAL)
+-- ==========================================================
+
+CREATE TABLE IF NOT EXISTS restaurant_tables (
+    id            UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    restaurant_id INT NOT NULL,
+    number        VARCHAR(50) NOT NULL,
+    FOREIGN KEY (restaurant_id) REFERENCES restaurants(id) ON DELETE CASCADE
+);
+
+DO $$ BEGIN
+    CREATE TYPE session_status AS ENUM ('active','payment_pending','completed','expired');
+EXCEPTION
+    WHEN duplicate_object THEN null;
+END $$;
+
+CREATE TABLE IF NOT EXISTS sessions (
+    id            UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    table_id      UUID NOT NULL,
+    restaurant_id INT NOT NULL,
+    status        session_status DEFAULT 'active',
+    created_at    TIMESTAMPTZ DEFAULT now(),
+    expires_at    TIMESTAMPTZ,
+    payment_lock  BOOLEAN DEFAULT FALSE,
+    FOREIGN KEY (table_id)      REFERENCES restaurant_tables(id),
+    FOREIGN KEY (restaurant_id) REFERENCES restaurants(id)
+);
+
+DO $$ BEGIN
+    CREATE TYPE participant_role AS ENUM ('guest','host');
+EXCEPTION
+    WHEN duplicate_object THEN null;
+END $$;
+
+CREATE TABLE IF NOT EXISTS participants (
+    id                 UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    session_id         UUID NOT NULL,
+    device_fingerprint VARCHAR(255),
+    joined_at          TIMESTAMPTZ DEFAULT now(),
+    last_active_at     TIMESTAMPTZ DEFAULT now(),
+    role               participant_role DEFAULT 'guest',
+    FOREIGN KEY (session_id) REFERENCES sessions(id)
+);
+
+CREATE TABLE IF NOT EXISTS carts (
+    id         UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    session_id UUID NOT NULL UNIQUE,
+    version    INT DEFAULT 1,
+    updated_at TIMESTAMPTZ DEFAULT now(),
+    FOREIGN KEY (session_id) REFERENCES sessions(id)
+);
+
+CREATE TABLE IF NOT EXISTS cart_items (
+    id           UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    cart_id      UUID NOT NULL,
+    menu_item_id INT NOT NULL,
+    quantity     INT DEFAULT 1,
+    added_by     UUID,
+    notes        TEXT,
+    created_at   TIMESTAMPTZ DEFAULT now(),
+    FOREIGN KEY (cart_id)      REFERENCES carts(id) ON DELETE CASCADE,
+    FOREIGN KEY (menu_item_id) REFERENCES menu(id),
+    FOREIGN KEY (added_by)     REFERENCES participants(id)
+);
+
+DO $$ BEGIN
+    CREATE TYPE order_status AS ENUM ('pending','paid','failed');
+EXCEPTION
+    WHEN duplicate_object THEN null;
+END $$;
+
+CREATE TABLE IF NOT EXISTS orders (
+    id             UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    session_id     UUID NOT NULL,
+    total_amount   DECIMAL(10,2) NOT NULL,
+    status         order_status DEFAULT 'pending',
+    transaction_id VARCHAR(255),
+    created_at     TIMESTAMPTZ DEFAULT now(),
+    FOREIGN KEY (session_id) REFERENCES sessions(id)
+);
+
+CREATE TABLE IF NOT EXISTS order_items (
+    id            UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    order_id      UUID NOT NULL,
+    menu_item_id  INT NOT NULL,
+    quantity      INT NOT NULL,
+    price_at_time DECIMAL(10,2) NOT NULL,
+    FOREIGN KEY (order_id)     REFERENCES orders(id) ON DELETE CASCADE,
+    FOREIGN KEY (menu_item_id) REFERENCES menu(id)
+);
+
+-- ==========================================================
+-- 4. PAYMENTS
+-- ==========================================================
+
+DO $$ BEGIN
+    CREATE TYPE payment_status AS ENUM ('initiated','success','failed','refunded');
+EXCEPTION
+    WHEN duplicate_object THEN null;
+END $$;
+
+DO $$ BEGIN
+    CREATE TYPE payment_method AS ENUM ('upi','card','wallet','net_banking','cash');
+EXCEPTION
+    WHEN duplicate_object THEN null;
+END $$;
+
+CREATE TABLE IF NOT EXISTS payments (
+    id                     UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    order_id               UUID NOT NULL,
+    participant_id         UUID NOT NULL,
+    amount                 DECIMAL(10,2) NOT NULL,
+    method                 payment_method NOT NULL,
+    status                 payment_status DEFAULT 'initiated',
+    gateway_transaction_id VARCHAR(255),
+    gateway_response       JSONB,
+    created_at             TIMESTAMPTZ DEFAULT now(),
+    updated_at             TIMESTAMPTZ DEFAULT now(),
+    FOREIGN KEY (order_id)       REFERENCES orders(id) ON DELETE CASCADE,
+    FOREIGN KEY (participant_id) REFERENCES participants(id)
+);
+
+-- ==========================================================
+-- 5. SEED: Cuisines
+-- ==========================================================
+INSERT INTO cuisines (cuisine) VALUES
+  ('North Indian'),('South Indian'),('Chinese'),('Fast Food'),('Biryani'),
+  ('Pizza'),('Bakery'),('Street Food'),('Burger'),('Mughlai'),
+  ('Momos'),('Sandwich'),('Fresh Veggie'),('Kebab'),('Ice Cream'),
+  ('Cafe'),('Healthy Food'),('Italian'),('Continental'),('Lebanese'),
+  ('Salad'),('Shawarma'),('Gujarati'),('Andhra'),('Waffle'),
+  ('Coffee'),('Rajasthani'),('Wraps'),('Mexican'),('Bengali'),
+  ('Sushi'),('Lucknowi'),('Goan'),('Assamese'),('American'),
+  ('Mandi'),('Chettinad'),('Mishti'),('Bar Food'),('Malwani'),
+  ('Odia'),('Japanese'),('Finger Food'),('Korean'),('North Eastern'),
+  ('Thai'),('Steak'),('Frozen Yogurt'),('Panini'),('Parsi'),
+  ('Sichuan'),('Iranian'),('Grilled Chicken'),('French'),('Raw Meats'),
+  ('Drinks Only'),('Vietnamese'),('Liquor'),('Greek'),('Himachali'),
+  ('Bohri'),('Garhwali'),('Cantonese'),('Malaysian'),('Belgian'),
+  ('British'),('African'),('Spanish'),('Manipur'),('Egyptian')
+ON CONFLICT (cuisine) DO NOTHING;
+
+-- ==========================================================
+-- 6. SUPABASE STORAGE (run these manually in Dashboard)
+-- ==========================================================
+-- 1. Go to Supabase Dashboard → Storage → Create bucket
+--    Name: restaurant-media   |  Public: ON
+--
+-- 2. Add a Storage Policy (allow uploads via service key):
+--    INSERT policy: Allowed for service_role
+--    SELECT policy: Allowed for everyone (public read)
+--
+-- These are NOT SQL commands — do them through the Dashboard UI.

services/__init__.py

@@ -0,0 +1 @@
+# services package

services/gemini_service.py

@@ -0,0 +1,137 @@
+"""Gemini vision service — extracts structured menu data from images / PDFs.
+
+Uses the free-tier of Google Gemini (gemini-1.5-flash) which supports image input.
+For PDFs → pages are rasterised with PyMuPDF first, then sent as images.
+"""
+
+from __future__ import annotations
+
+import io
+import json
+import re
+from typing import Any
+
+import google.generativeai as genai
+from PIL import Image
+
+from config import GEMINI_API_KEY
+
+# ── Configure Gemini ──────────────────────────────────────
+if GEMINI_API_KEY:
+    genai.configure(api_key=GEMINI_API_KEY)
+
+_model = None
+
+
+def _get_model():
+    global _model
+    if _model is None:
+        _model = genai.GenerativeModel("gemini-2.5-flash")
+    return _model
+
+
+# ── Prompt ────────────────────────────────────────────────
+MENU_PROMPT = """You are an expert restaurant-menu digitiser.
+
+Analyse the menu image(s) below and extract **every** dish you can see.
+
+Return ONLY valid JSON (no markdown fences, no explanation) in this exact format:
+
+{
+  "restaurant_name": "Name if visible, else empty string",
+  "categories": [
+    {
+      "category": "Category Name (e.g. Starters, Main Course, Beverages)",
+      "items": [
+        {
+          "name": "Dish Name",
+          "description": "Brief description if visible, else empty string",
+          "variants": [
+            { "variant_name": "Half", "price": 150 },
+            { "variant_name": "Full", "price": 250 }
+          ]
+        }
+      ]
+    }
+  ]
+}
+
+Rules:
+- If a dish has only one price, use variant_name "Regular".
+- Price must be a number (no currency symbols).
+- Include ALL dishes visible in the menu.
+- Group dishes logically by category — use "General" if unclear.
+- If the same dish has sizes (Half / Full / Regular / Large), list them as variants.
+- Keep names concise, preserve original language if non-English.
+"""
+
+
+# ── PDF → images ─────────────────────────────────────────
+def _pdf_to_pil_images(pdf_bytes: bytes) -> list[Image.Image]:
+    """Convert every page of a PDF to a PIL Image via PyMuPDF (fitz)."""
+    try:
+        import fitz  # PyMuPDF
+    except ImportError:
+        raise RuntimeError(
+            "PyMuPDF is required for PDF menu parsing. "
+            "Install it with: pip install PyMuPDF"
+        )
+
+    images: list[Image.Image] = []
+    doc = fitz.open(stream=pdf_bytes, filetype="pdf")
+    for page in doc:
+        pix = page.get_pixmap(dpi=150)
+        img = Image.open(io.BytesIO(pix.tobytes("png")))
+        images.append(img)
+    doc.close()
+    return images
+
+
+# ── Parse Gemini response ─────────────────────────────────
+def _extract_json(text: str) -> dict[str, Any]:
+    """Best-effort JSON extraction — handles markdown code-fences."""
+    # Try stripping ```json ... ``` first
+    m = re.search(r"```(?:json)?\s*([\s\S]*?)\s*```", text)
+    raw = m.group(1) if m else text.strip()
+    return json.loads(raw)
+
+
+# ── Main entry point ──────────────────────────────────────
+async def parse_menu_images(
+    file_data: list[tuple[bytes, str]],
+) -> dict[str, Any]:
+    """
+    Accepts a list of (raw_bytes, content_type) tuples.
+    Returns the structured menu dict.
+    """
+    if not GEMINI_API_KEY:
+        raise RuntimeError("GEMINI_API_KEY is not configured — see .env.example")
+
+    model = _get_model()
+    parts: list[Any] = [MENU_PROMPT]
+
+    for raw, ct in file_data:
+        if ct == "application/pdf":
+            for img in _pdf_to_pil_images(raw):
+                parts.append(img)
+        elif ct.startswith("image/"):
+            img = Image.open(io.BytesIO(raw))
+            parts.append(img)
+        else:
+            # Try to open as image anyway (some browsers send generic MIME)
+            try:
+                img = Image.open(io.BytesIO(raw))
+                parts.append(img)
+            except Exception:
+                continue  # skip unsupported files
+
+    if len(parts) <= 1:
+        raise ValueError("No valid images found in the uploaded files")
+
+    response = model.generate_content(parts)
+    text = response.text
+    if not text:
+        raise ValueError("Gemini returned an empty response")
+
+    menu = _extract_json(text)
+    return menu

services/storage_service.py

@@ -0,0 +1,41 @@
+"""Storage service — upload files to Supabase Storage.
+
+Bucket expected: ``restaurant-media`` (created via Supabase Dashboard, public read).
+"""
+
+from __future__ import annotations
+
+import uuid
+from supabase_client import get_supabase
+from config import STORAGE_BUCKET
+
+
+async def upload_to_storage(
+    file_bytes: bytes,
+    filename: str,
+    content_type: str,
+    folder: str = "uploads",
+) -> str:
+    """
+    Upload a file to Supabase Storage and return the public URL.
+
+    :param file_bytes:   raw bytes of the file
+    :param filename:     original filename (used for extension)
+    :param content_type: MIME type
+    :param folder:       sub-folder inside the bucket
+    :return: public URL
+    """
+    sb = get_supabase()
+
+    # Deterministic unique path: <folder>/<uuid>.<ext>
+    ext = filename.rsplit(".", 1)[-1] if "." in filename else "bin"
+    path = f"{folder}/{uuid.uuid4()}.{ext}"
+
+    sb.storage.from_(STORAGE_BUCKET).upload(
+        path=path,
+        file=file_bytes,
+        file_options={"content-type": content_type},
+    )
+
+    public_url: str = sb.storage.from_(STORAGE_BUCKET).get_public_url(path)
+    return public_url

supabase_client.py

@@ -0,0 +1,19 @@
+"""Lazy-initialised Supabase client (uses service-role key → bypasses RLS)."""
+
+from __future__ import annotations
+from supabase import create_client, Client
+from config import SUPABASE_URL, SUPABASE_SERVICE_KEY
+
+_client: Client | None = None
+
+
+def get_supabase() -> Client:
+    global _client
+    if _client is None:
+        if not SUPABASE_URL or not SUPABASE_SERVICE_KEY:
+            raise RuntimeError(
+                "SUPABASE_URL and SUPABASE_SERVICE_KEY must be set in .env  "
+                "→ see .env.example"
+            )
+        _client = create_client(SUPABASE_URL, SUPABASE_SERVICE_KEY)
+    return _client