Update utils/auth.py

utils/auth.py

@@ -32,18 +32,33 @@ def _db():
             CREATE TABLE IF NOT EXISTS tracking (
                 username TEXT NOT NULL, date TEXT NOT NULL, day_idx INTEGER,
                 status TEXT DEFAULT 'pending', PRIMARY KEY (username, date));
+            CREATE TABLE IF NOT EXISTS water_intake (
+                username TEXT NOT NULL, date TEXT NOT NULL,
+                amount_ml INTEGER DEFAULT 0,
+                goal_ml INTEGER DEFAULT 2500,
+                PRIMARY KEY (username, date));
+            CREATE TABLE IF NOT EXISTS diet_log (
+                id INTEGER PRIMARY KEY AUTOINCREMENT,
+                username TEXT NOT NULL, date TEXT NOT NULL,
+                meal_name TEXT NOT NULL,
+                calories REAL DEFAULT 0, protein REAL DEFAULT 0,
+                carbs REAL DEFAULT 0, fats REAL DEFAULT 0,
+                fiber REAL DEFAULT 0, logged_at REAL);
+            CREATE TABLE IF NOT EXISTS weight_log (
+                id INTEGER PRIMARY KEY AUTOINCREMENT,
+                username TEXT NOT NULL, date TEXT NOT NULL,
+                weight REAL NOT NULL, note TEXT DEFAULT '',
+                logged_at REAL);
         """)
-        # Add columns if upgrading from old schema
-        try:
-            _conn.execute("ALTER TABLE otps ADD COLUMN username TEXT")
-            _conn.commit()
-        except Exception:
-            pass
-        try:
-            _conn.execute("ALTER TABLE otps ADD COLUMN password_hash TEXT")
-            _conn.commit()
-        except Exception:
-            pass
+        # Upgrade older schemas safely
+        for col_sql in [
+            "ALTER TABLE otps ADD COLUMN username TEXT",
+            "ALTER TABLE otps ADD COLUMN password_hash TEXT",
+        ]:
+            try:
+                _conn.execute(col_sql); _conn.commit()
+            except Exception:
+                pass
     return _conn
 
 def _hash(pw):  return hashlib.sha256(pw.encode()).hexdigest()
@@ -156,54 +171,147 @@ def delete_tracking(username):
     _db().execute("DELETE FROM tracking WHERE username=?", (username,))
     _db().commit()
 
-# ── OTP ops — stores username+password_hash in DB so session_state not needed ─
+# ── Water intake ops ──────────────────────────────────────────────────────────
+def get_water_today(username, date_str):
+    c = _db().execute(
+        "SELECT amount_ml, goal_ml FROM water_intake WHERE username=? AND date=?",
+        (username, date_str)
+    ).fetchone()
+    return dict(c) if c else {"amount_ml": 0, "goal_ml": 2500}
+
+def add_water(username, date_str, amount_ml):
+    _db().execute("""
+        INSERT INTO water_intake (username, date, amount_ml, goal_ml)
+        VALUES (?, ?, ?, 2500)
+        ON CONFLICT(username, date) DO UPDATE SET
+          amount_ml = amount_ml + ?
+    """, (username, date_str, amount_ml, amount_ml))
+    _db().commit()
+
+def set_water_goal(username, date_str, goal_ml):
+    _db().execute("""
+        INSERT INTO water_intake (username, date, amount_ml, goal_ml)
+        VALUES (?, ?, 0, ?)
+        ON CONFLICT(username, date) DO UPDATE SET goal_ml=?
+    """, (username, date_str, goal_ml, goal_ml))
+    _db().commit()
+
+def reset_water(username, date_str):
+    _db().execute(
+        "UPDATE water_intake SET amount_ml=0 WHERE username=? AND date=?",
+        (username, date_str)
+    )
+    _db().commit()
+
+def get_water_history(username, days=14):
+    rows = _db().execute("""
+        SELECT date, amount_ml, goal_ml FROM water_intake
+        WHERE username=? ORDER BY date DESC LIMIT ?
+    """, (username, days)).fetchall()
+    return [dict(r) for r in rows]
+
+# ── Diet log ops ──────────────────────────────────────────────────────────────
+def log_diet(username, date_str, meal_name, calories=0, protein=0, carbs=0, fats=0, fiber=0):
+    _db().execute("""
+        INSERT INTO diet_log (username, date, meal_name, calories, protein, carbs, fats, fiber, logged_at)
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
+    """, (username, date_str, meal_name, calories, protein, carbs, fats, fiber, time.time()))
+    _db().commit()
+
+def get_diet_today(username, date_str):
+    rows = _db().execute("""
+        SELECT * FROM diet_log WHERE username=? AND date=? ORDER BY logged_at ASC
+    """, (username, date_str)).fetchall()
+    return [dict(r) for r in rows]
+
+def delete_diet_entry(entry_id):
+    _db().execute("DELETE FROM diet_log WHERE id=?", (entry_id,))
+    _db().commit()
+
+def get_diet_totals(username, date_str):
+    c = _db().execute("""
+        SELECT
+            COALESCE(SUM(calories),0) as calories,
+            COALESCE(SUM(protein),0)  as protein,
+            COALESCE(SUM(carbs),0)    as carbs,
+            COALESCE(SUM(fats),0)     as fats,
+            COALESCE(SUM(fiber),0)    as fiber
+        FROM diet_log WHERE username=? AND date=?
+    """, (username, date_str)).fetchone()
+    return dict(c) if c else {"calories":0,"protein":0,"carbs":0,"fats":0,"fiber":0}
+
+# ── Weight log ops ────────────────────────────────────────────────────────────
+def log_weight(username, date_str, weight_kg, note=""):
+    # upsert — one entry per day
+    _db().execute("""
+        INSERT INTO weight_log (username, date, weight, note, logged_at)
+        VALUES (?, ?, ?, ?, ?)
+        ON CONFLICT DO NOTHING
+    """, (username, date_str, weight_kg, note, time.time()))
+    # if already exists, update it
+    _db().execute("""
+        UPDATE weight_log SET weight=?, note=?, logged_at=?
+        WHERE username=? AND date=?
+    """, (weight_kg, note, time.time(), username, date_str))
+    _db().commit()
+
+def get_weight_history(username, limit=24):
+    rows = _db().execute("""
+        SELECT date, weight, note FROM weight_log
+        WHERE username=? ORDER BY date ASC LIMIT ?
+    """, (username, limit)).fetchall()
+    return [dict(r) for r in rows]
+
+def get_latest_weight(username):
+    c = _db().execute("""
+        SELECT weight, date FROM weight_log WHERE username=?
+        ORDER BY date DESC LIMIT 1
+    """, (username,)).fetchone()
+    return dict(c) if c else None
+
+# ── OTP ops ───────────────────────────────────────────────────────────────────
 def store_otp(email, otp, username="", password_plain=""):
     key = f"signup:{email.strip().lower()}"
     pw_hash = _hash(password_plain) if password_plain else ""
-    _db().execute(
-        """INSERT INTO otps(key,otp,expires_at,username,password_hash)
-           VALUES(?,?,?,?,?)
-           ON CONFLICT(key) DO UPDATE SET
-             otp=excluded.otp, expires_at=excluded.expires_at,
-             username=excluded.username, password_hash=excluded.password_hash""",
-        (key, otp, time.time() + 600, username, pw_hash)
-    )
+    _db().execute("""
+        INSERT INTO otps(key,otp,expires_at,username,password_hash)
+        VALUES(?,?,?,?,?)
+        ON CONFLICT(key) DO UPDATE SET
+          otp=excluded.otp, expires_at=excluded.expires_at,
+          username=excluded.username, password_hash=excluded.password_hash
+    """, (key, otp, time.time() + 600, username, pw_hash))
     _db().commit()
 
 def check_otp(email, otp_input):
-    """Returns (ok, msg, username, password_hash)"""
     key = f"signup:{email.strip().lower()}"
     c = _db().execute("SELECT * FROM otps WHERE key=?", (key,)).fetchone()
     if not c:
         return False, "Code not found. Please sign up again.", "", ""
     if time.time() > c["expires_at"]:
-        _db().execute("DELETE FROM otps WHERE key=?", (key,))
-        _db().commit()
+        _db().execute("DELETE FROM otps WHERE key=?", (key,)); _db().commit()
         return False, "Code expired. Please sign up again.", "", ""
     if c["otp"] != otp_input.strip():
         return False, "Incorrect code. Try again.", "", ""
-    username    = c["username"] or ""
-    pw_hash     = c["password_hash"] or ""
-    _db().execute("DELETE FROM otps WHERE key=?", (key,))
-    _db().commit()
+    username = c["username"] or ""
+    pw_hash  = c["password_hash"] or ""
+    _db().execute("DELETE FROM otps WHERE key=?", (key,)); _db().commit()
     return True, "OK", username, pw_hash
 
-# ── Brevo email ───────────────────────────────────────────────────────────────
+# ── Email ─────────────────────────────────────────────────────────────────────
 def send_otp_email(to_email, otp):
     if not BREVO_API_KEY:
         return True, "__NO_EMAIL__"
     html = f"""<div style="background:#0a0a0f;padding:40px;font-family:system-ui;
-      max-width:520px;margin:auto;border-radius:16px;border:1px solid rgba(99,102,241,0.3)">
+      max-width:520px;margin:auto;border-radius:16px">
       <div style="text-align:center;margin-bottom:28px">
-        <div style="font-size:28px;font-weight:900;letter-spacing:3px;color:#6366f1">FITPRO AI</div>
-        <div style="font-size:11px;letter-spacing:4px;color:rgba(255,255,255,0.3);margin-top:4px">VERIFICATION</div>
+        <div style="font-size:28px;font-weight:900;color:#6366f1">FITPRO AI</div>
       </div>
       <div style="background:rgba(99,102,241,0.08);border:1px solid rgba(99,102,241,0.25);
         border-radius:12px;padding:28px;text-align:center">
         <div style="font-size:48px;font-weight:900;letter-spacing:14px;color:#6366f1">{otp}</div>
       </div>
       <p style="color:rgba(255,255,255,0.4);font-size:12px;text-align:center;margin-top:20px">
-        Expires in 10 minutes. Don't share this code.</p></div>"""
+        Expires in 10 minutes.</p></div>"""
     payload = json.dumps({
         "sender": {"name": SENDER_NAME, "email": EMAIL_SENDER},
         "to": [{"email": to_email}],
@@ -212,54 +320,36 @@ def send_otp_email(to_email, otp):
     }).encode()
     req = urllib.request.Request(
         "https://api.brevo.com/v3/smtp/email", data=payload,
-        headers={"accept": "application/json", "api-key": BREVO_API_KEY,
-                 "content-type": "application/json"},
-        method="POST"
+        headers={"accept":"application/json","api-key":BREVO_API_KEY,
+                 "content-type":"application/json"}, method="POST"
     )
     try:
         with urllib.request.urlopen(req, timeout=15) as r:
-            return (r.status in (200, 201, 202)), "Sent"
+            return (r.status in (200,201,202)), "Sent"
     except Exception as e:
         return False, str(e)
 
 # ── Auth flows ────────────────────────────────────────────────────────────────
 def initiate_signup(username, email, password):
-    """
-    Returns (ok, mode_flag, token_or_none)
-      ok=True,  mode_flag='__DIRECT__', token  → no Brevo, registered immediately
-      ok=True,  mode_flag='__OTP__',    None   → OTP sent, call complete_signup next
-      ok=False, mode_flag=error_string, None   → validation / duplicate error
-    """
     username = username.strip()
     email    = email.strip().lower()
-
     if get_user_by_username(username):
         return False, "Username already taken.", None
     if get_user_by_email(email):
         return False, "Email already registered.", None
     if len(password) < 6:
         return False, "Password must be at least 6 characters.", None
-
-    # No Brevo → register directly, log in immediately
     if not BREVO_API_KEY:
         token = create_user(username, email, password)
         return True, "__DIRECT__", token
-
-    # Brevo configured → send OTP and store everything in DB
     otp = _otp()
     ok, msg = send_otp_email(email, otp)
     if not ok:
         return False, msg, None
-    # Store username + hashed password in the OTP row so we don't need session_state
     store_otp(email, otp, username=username, password_plain=password)
     return True, "__OTP__", None
 
-
 def complete_signup(email, otp_input):
-    """
-    No longer needs username/password — reads them from the OTP row in DB.
-    Returns (ok, token_or_none, username_or_error_msg)
-    """
     ok, msg, username, pw_hash = check_otp(email, otp_input)
     if not ok:
         return False, None, msg
@@ -268,7 +358,6 @@ def complete_signup(email, otp_input):
     token = create_user(username, email, pw_hash, already_hashed=True)
     return True, token, username
 
-
 def login(username_or_email, password):
     u = get_user(username_or_email)
     if not u: