Merge remote-tracking branch 'gh/main' into feat/chatbot

requirements.txt

@@ -1,9 +1,11 @@
+aiosmtplib==5.0.0
 alembic==1.17.1
 annotated-doc==0.0.3
 annotated-types==0.7.0
 anyio==4.11.0
 asyncpg==0.30.0
 bcrypt==3.2.2
+cachetools==6.2.2
 certifi==2025.11.12
 cffi==2.0.0
 charset-normalizer==3.4.4
@@ -17,11 +19,17 @@ fastapi==0.121.0
 filelock==3.20.0
 flatbuffers==25.9.23
 fsspec==2025.10.0
-git-filter-repo==2.47.0
+google-api-core==2.28.1
+google-api-python-client==2.187.0
+google-auth==2.41.1
+google-auth-httplib2==0.2.1
+google-auth-oauthlib==1.2.3
+googleapis-common-protos==1.72.0
 greenlet==3.2.4
 h11==0.16.0
 hf-xet==1.2.0
 httpcore==1.0.9
+httplib2==0.31.0
 httpx==0.28.1
 huggingface-hub==0.36.0
 humanfriendly==10.0
@@ -29,18 +37,22 @@ idna==3.11
 Mako==1.3.10
 MarkupSafe==3.0.3
 mpmath==1.3.0
-numpy==2.2.6
+numpy==2.3.5
+oauthlib==3.3.1
 onnxruntime==1.23.2
 packaging==25.0
 passlib==1.7.4
 pgvector==0.4.1
+proto-plus==1.26.1
 protobuf==6.33.1
 psycopg2-binary==2.9.11
 pyasn1==0.6.1
+pyasn1_modules==0.4.2
 pycparser==2.23
 pydantic==2.12.4
 pydantic-settings==2.12.0
 pydantic_core==2.41.5
+pyparsing==3.2.5
 PyPDF2==3.0.1
 python-dotenv==1.2.1
 python-jose==3.5.0
@@ -48,6 +60,7 @@ python-multipart==0.0.20
 PyYAML==6.0.3
 regex==2025.11.3
 requests==2.32.5
+requests-oauthlib==2.0.0
 rsa==4.9.1
 safetensors==0.6.2
 six==1.17.0
@@ -61,5 +74,6 @@ tqdm==4.67.1
 transformers==4.57.1
 typing-inspection==0.4.2
 typing_extensions==4.15.0
+uritemplate==4.2.0
 urllib3==2.5.0
 uvicorn==0.38.0

src/main.py

@@ -5,6 +5,8 @@ from src.auth.router import router as auth_router
 from src.chatbot.router import router as chatbot
 from src.core.database import init_db
 from src.home.router import router as home_router
+from src.notifications.router import router as notifications_router
+
 from fastapi.staticfiles import StaticFiles
 
 
@@ -18,6 +20,7 @@ app.include_router(home_router, prefix="/home", tags=["Home"])
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
 AUDIO_DIR = os.path.join(BASE_DIR, "static", "audio")
 
+app.include_router(profile)
 app.mount("/static/audio", StaticFiles(directory=AUDIO_DIR), name="audio")
 print("Serving audio from:", AUDIO_DIR)
 
@@ -25,6 +28,8 @@ app.include_router(auth_router)
 
 app.include_router(chatbot)
 
+app.include_router(notifications_router)
+
 
 @app.get("/")
 def root():

src/notifications/fcm.py

@@ -0,0 +1,56 @@
+import os
+import json
+import httpx
+from google.oauth2 import service_account
+import google.auth.transport.requests
+
+# Your Firebase project ID (from project settings)
+FCM_PROJECT_ID = "yuvabe-478505"  # <-- change this
+
+# Path to your service account file
+SERVICE_ACCOUNT_FILE = os.path.join(
+    os.path.dirname(__file__), "yuvabe-478505-09433c5e6e33.json"
+)
+
+
+def get_access_token():
+    """Generate OAuth2 access token for FCM HTTP v1."""
+    scopes = ["https://www.googleapis.com/auth/firebase.messaging"]
+
+    credentials = service_account.Credentials.from_service_account_file(
+        SERVICE_ACCOUNT_FILE, scopes=scopes
+    )
+
+    request = google.auth.transport.requests.Request()
+    credentials.refresh(request)
+
+    return credentials.token
+
+
+async def send_fcm(tokens: list[str], title: str, body: str, data: dict | None = None):
+    """Send push notifications using Firebase HTTP v1."""
+    if not tokens:
+        return
+
+    access_token = get_access_token()
+
+    url = f"https://fcm.googleapis.com/v1/projects/{FCM_PROJECT_ID}/messages:send"
+
+    headers = {
+        "Authorization": f"Bearer {access_token}",
+        "Content-Type": "application/json; UTF-8",
+    }
+
+    # FCM v1 sends only one token per message
+    for token in tokens:
+        message = {
+            "message": {
+                "token": token,
+                "notification": {"title": title, "body": body},
+                "data": data or {},
+            }
+        }
+
+        async with httpx.AsyncClient() as client:
+            res = await client.post(url, json=message, headers=headers)
+            print("FCM Response:", res.text)

src/notifications/router.py

@@ -0,0 +1,18 @@
+from src.notifications.schemas import RegisterDeviceRequest
+from src.notifications.service import register_device
+from fastapi import APIRouter, Depends
+from src.auth.utils import get_current_user
+from src.core.database import get_async_session
+from sqlalchemy.ext.asyncio import AsyncSession
+
+router = APIRouter(prefix="/notifications", tags=["Notifications"])
+
+
+@router.post("/register-device")
+async def register_device_route(
+    body: RegisterDeviceRequest,
+    session: AsyncSession = Depends(get_async_session),
+    user=Depends(get_current_user),
+):
+    device = await register_device(user, body, session)
+    return {"message": "Device registered", "device": str(device.id)}

src/notifications/schemas.py

@@ -0,0 +1,6 @@
+from pydantic import BaseModel
+
+class RegisterDeviceRequest(BaseModel):
+    device_token: str
+    platform: str
+    device_model: str

src/notifications/service.py

@@ -0,0 +1,49 @@
+from src.profile.models import UserDevices
+from src.notifications.schemas import RegisterDeviceRequest
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy import select
+from datetime import datetime
+
+
+async def register_device(
+    user_id: str, body: RegisterDeviceRequest, session: AsyncSession
+):
+
+    # Check if the user already has this token saved
+    stmt = select(UserDevices).where(
+        UserDevices.user_id == user_id,
+        UserDevices.device_token == body.device_token,
+    )
+    result = await session.execute(stmt)
+    device = result.scalar_one_or_none()
+
+    if device:
+        device.platform = body.platform
+        device.device_model = body.device_model
+        device.last_seen = datetime.utcnow()
+        device.updated_at = datetime.utcnow()
+
+        await session.commit()
+        await session.refresh(device)
+        return device
+
+    # Create new device entry
+    new_device = UserDevices(
+        user_id=user_id,
+        device_token=body.device_token,
+        platform=body.platform,
+        device_model=body.device_model,
+    )
+
+    session.add(new_device)
+    await session.commit()
+    await session.refresh(new_device)
+    return new_device
+
+from sqlalchemy import select
+from src.profile.models import UserDevices
+
+async def get_user_device_tokens(session, user_id):
+    stmt = select(UserDevices.device_token).where(UserDevices.user_id == user_id)
+    rows = (await session.execute(stmt)).all()
+    return [r[0] for r in rows]

src/notifications/yuvabe-478505-09433c5e6e33.json

@@ -0,0 +1,13 @@
+{
+  "type": "service_account",
+  "project_id": "yuvabe-478505",
+  "private_key_id": "09433c5e6e33e97ca2ee5b9a8e7c9408ea9c3412",
+  "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJOvpUxKdDXz4a\nHyU1WBUTIQnIvoMc3xCRLFfQn1IUbbTZ8QetoChEUHDBR0uAAMuxSx2IqOXIkmlX\n52iHTffo7pqLg5AaoEUMFG3WzMs9ek5V0DE7vX+zNIecIDk8rlj/Je2k3UFS/vbv\nW7FCrGbaxr5yREuAo9p5+PPfFJj0DjaE8ZlszIzZ1cElVyXzrwNhUpdMqoa2Ozge\nHh6nsWVkO8NVFKYxIx+NXe0rh+VpaGmghydG7gfr+VnjeUEv6PrwScwP8kVrY/87\ny4UxRFD+mK7kjASezHvmqbOmlLY5xMIPVBjVbdPKqBaYFkYhTKAJjrf60OCc4xyI\nVFpDGwadAgMBAAECggEAAIguobs8WvX9Psnuyf+P3LNVaImyZIjlbRDSMZu+No4c\nsIfN1qRp/tY8mhIzbaTy5ObXLuWNZ/SVITWcJeFroprA31YLczqRvCiwqqTzc5fn\nbZwliSwk0oc0xZGjPRkT5KbHxEwOcGb6paLXKt80TWdBmSE7lt04BmMFWAVgqyJ+\nRx90LIFs2Lle+2r76EDKrT0CJb0m3CpSDdr9xWD367b5blnNHvSE0Fp+xzrLXi0V\nELfplbdTQqyo5ol/iUaOWyZmXI80EXy5FQfeSI67ctt9A+JH/wwtU+5S03zyXDa8\nW9/LDXsr29KVtgQsI/L31V74WW9fuf73WDfx/hAR0QKBgQD7IxbiXHtg0nSwXWcb\nejqzx03alizcW0xnnoXHw+1Ps+Gx3XY9Jzj6JrEh8bxIVo9xacRJgKMaUBf1CWP2\nTpHx4Y9S4leObVA+aUNikDeYdU0sZ22fJTHxXKfj4KIUgDw/4SFRgHSeScecsy89\n2tP5ZE44DUdlDJGHFseza8WOrQKBgQDNIH8IZMPoNN1AYI2q0RReVWeJvRFIXOHu\nKRYe7n6QD9Bu0QqwUzhuu40zEQ2X8gs4yRRtSNOk1f7V+CenkQq+Ie3N1ThDdJij\nQ6TatDxdh4p/WlNmGO6UuRFQ+aGWCS8BGC23CsLF83oZstXO1mFUgVcT1NN+thU8\ngzjai+IFsQKBgQC41/nnAGT7PcwPZ6AVdGCypDZkdfZs9nIFLoOPJmGMMX0kOjnm\nBvGEBWiI8HFB2RxZQJzt8NWb72nCvHer+ean3vpr6hbBySmv1jB34mhZObVkwnfI\nFEtvOGCGdHc3ma8+4UhxwZeUTf+zEZvq7h7pR+/eh7+N27Ndd+Hi6KcPPQKBgBCh\n6+sAUKpJbw9DRPluzpn/js+qVvZpIaCwEC0d5YFE5v+1T4qQlOjVqFNVtKZ3Z9WI\n6HEcEJ0zBODQqFZ7+kUEd0XTXiaKE75ZQ8rABo0G6oH9DvoeV2oTv4WzWBjUUc1i\n6oIHC1gFsAbZa2DEHUw+2JKxFR0XIo2vjjKaWQ9hAoGBALR5k276J0vzGfZhK07V\nZrjjQx+n1Mm4iQW+lGzL21D4p8T7b+jVDW+bGvCjm7X68ZNREDY8pYRjeAc4EN/U\nvLVR1q2BH7qOlVUxA6Wa3akCQeGMcUAvWfQ9wlC0baqu2yPxld8rMZSXnYB5qHkC\nsMmDU5Zruq4NMQQ+65rR5kFS\n-----END PRIVATE KEY-----\n",
+  "client_email": "firebase-adminsdk-fbsvc@yuvabe-478505.iam.gserviceaccount.com",
+  "client_id": "110219410819577512835",
+  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+  "token_uri": "https://oauth2.googleapis.com/token",
+  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/firebase-adminsdk-fbsvc%40yuvabe-478505.iam.gserviceaccount.com",
+  "universe_domain": "googleapis.com"
+}

src/profile/notify.py

@@ -0,0 +1,59 @@
+from src.notifications.service import get_user_device_tokens
+from src.notifications.fcm import send_fcm
+
+
+# -------------------------------
+# SEND TO MENTOR + LEAD
+# -------------------------------
+async def send_leave_request_notification(session, user, leave, mentor_id, lead_id):
+    title = "New Leave Request"
+    body = f"{user.user_name} requested leave"
+
+    tokens = []
+    tokens += await get_user_device_tokens(session, mentor_id)
+    tokens += await get_user_device_tokens(session, lead_id)
+
+    await send_fcm(
+        tokens,
+        title,
+        body,
+        {
+            "type": "leave_request",
+            "screen": "MentorApproval",
+            "leave_id": str(leave.id),
+        },
+    )
+
+
+# -------------------------------
+# SEND TO USER + TEAM LEAD
+# -------------------------------
+async def send_leave_status_notification(session, leave, mentor_name):
+    title = f"Leave {leave.status}"
+    body = f"Your leave was {leave.status.lower()} by {mentor_name}"
+
+    # Send to USER
+    tokens = await get_user_device_tokens(session, leave.user_id)
+    await send_fcm(
+        tokens,
+        title,
+        body,
+        {
+            "type": "leave_status",
+            "screen": "LeaveDetails",
+            "leave_id": str(leave.id),
+        },
+    )
+
+    # Send to TEAM LEAD
+    tokens = await get_user_device_tokens(session, leave.lead_id)
+    await send_fcm(
+        tokens,
+        title,
+        f"Leave {leave.status} for user {leave.user_id}",
+        {
+            "type": "lead_update",
+            "screen": "LeaveDetails",
+            "leave_id": str(leave.id),
+        },
+    )

src/profile/router.py

@@ -1,282 +1,386 @@
-# from src.profile.service import send_email_service
-# from src.profile.schemas import SendMailRequest
-# from src.profile.utils import build_auth_url
-# from src.profile.utils import exchange_code_for_tokens
-# from src.profile.service import USER_TOKEN_STORE
-# from src.profile.utils import send_email
-# from src.profile.service import list_user_assets
-# from fastapi.routing import APIRouter
-# from src.core.database import get_async_session
-# from src.auth.utils import get_current_user
-# from src.auth.schemas import BaseResponse
-# from sqlalchemy.ext.asyncio.session import AsyncSession
-# from fastapi.params import Depends
-# from .schemas import UpdateProfileRequest
-# from src.profile.service import update_user_profile
-# from sqlmodel import select
-# from src.core.models import Users, Teams, Roles, UserTeamsRole
-# from fastapi import APIRouter, Query, HTTPException ,BackgroundTasks
-# from fastapi.responses import RedirectResponse, JSONResponse
-# import httpx
-# from fastapi import APIRouter, Depends, HTTPException, status
-# from sqlmodel.ext.asyncio.session import AsyncSession
-# from src.auth.utils import get_current_user  # adjust path
-# from src.profile.schemas import (
-#     ApplyLeaveRequest,
-#     ApproveRejectRequest,
-#     LeaveResponse,
-#     BalanceResponse,
-#     DeviceTokenIn,
-# )
-# from src.profile import service
-# from typing import List
+from src.core.database import get_async_session
+from src.auth.utils import get_current_user
+from src.profile.models import Leave, LeaveType, LeaveStatus
+from src.auth.schemas import BaseResponse
+from sqlalchemy import desc
+from sqlalchemy.ext.asyncio.session import AsyncSession
+from fastapi.params import Depends
+from src.core.models import Users, Teams, Roles, UserTeamsRole
+from fastapi import APIRouter, Query, HTTPException, BackgroundTasks
+from fastapi.responses import RedirectResponse, JSONResponse
+from fastapi import APIRouter, Depends, HTTPException, status
+from sqlmodel.ext.asyncio.session import AsyncSession
+from src.auth.utils import get_current_user  # adjust path
+from fastapi import APIRouter, Depends, HTTPException
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlmodel import select
+import uuid
+from src.core.models import Users
+from src.profile.schemas import (
+    CreateLeaveRequest,
+    LeaveResponse,
+    ApproveRejectRequest,
+    LeaveStatus,
+)
+from src.profile.service import create_leave, mentor_decide_leave
 
 
 # router = APIRouter(prefix="/profile", tags=["Profile"])
 
 
-# @router.post("/apply", response_model=LeaveResponse)
-# async def apply_leave_endpoint(
-#     payload: ApplyLeaveRequest,
-#     session: AsyncSession = Depends(get_async_session),
-#     current_user=Depends(get_current_user),
-# ):
-#     user_id = current_user
-#     leave = await service.apply_leave(session, user_id, payload)
-#     return leave
-
-
-# @router.get("/pending", response_model=List[LeaveResponse])
-# async def pending_leaves(
-#     session: AsyncSession = Depends(get_async_session),
-#     current_user=Depends(get_current_user),
-# ):
-#     user_id = current_user
-#     leaves = await service.get_pending_leaves_for_approver(session, user_id)
-#     return leaves
-
-
-# @router.get("/my", response_model=List[LeaveResponse])
-# async def my_leaves(
-#     session: AsyncSession = Depends(get_async_session),
-#     current_user=Depends(get_current_user),
-# ):
-#     leaves = await service.get_my_leaves(session, current_user)
-#     return leaves
-
-
-# @router.get("/team", response_model=List[LeaveResponse])
-# async def team_leaves(
-#     session: AsyncSession = Depends(get_async_session),
-#     current_user=Depends(get_current_user),
-# ):
-#     leaves = await service.get_team_leaves(session, current_user)
-#     return leaves
-
-
-# @router.post("/{leave_id}/approve", response_model=LeaveResponse)
-# async def approve_leave_endpoint(
-#     leave_id: str,
-#     payload: ApproveRejectRequest,
-#     session: AsyncSession = Depends(get_async_session),
-#     current_user=Depends(get_current_user),
-# ):
-#     leave = await service.approve_leave(
-#         session, current_user, leave_id, comment=payload.comment
-#     )
-#     return leave
-
-
-# @router.post("/{leave_id}/reject", response_model=LeaveResponse)
-# async def reject_leave_endpoint(
-#     leave_id: str,
-#     payload: ApproveRejectRequest,
-#     session: AsyncSession = Depends(get_async_session),
-#     current_user=Depends(get_current_user),
-# ):
-#     leave = await service.reject_leave(
-#         session,
-#         current_user,
-#         leave_id,
-#         reject_reason=payload.reject_reason,
-#         comment=payload.comment,
-#     )
-#     return leave
-
-
-# @router.get("/balance", response_model=List[BalanceResponse])
-# async def get_balance(
-#     session: AsyncSession = Depends(get_async_session),
-#     current_user=Depends(get_current_user),
-# ):
-#     return await service.get_leave_balance(session, current_user)
-
-
-# @router.post("/device-token")
-# async def save_device_token(
-#     payload: DeviceTokenIn,
-#     session: AsyncSession = Depends(get_async_session),
-#     current_user=Depends(get_current_user),
-# ):
-#     tokens = await service.add_device_token(session, current_user, payload.device_token)
-#     return {"status": "ok", "tokens": tokens}
-
-
-
-
-# @router.get("/login")
-# def google_login(state: str | None = Query(None)):
-#     return RedirectResponse(build_auth_url(state))
-
-
-# @router.get("/callback")
-# async def google_callback(code: str | None = None, state: str | None = None):
-#     if not code:
-#         raise HTTPException(400, "Missing code")
-
-#     token_data = await exchange_code_for_tokens(code)
-#     access_token = token_data["access_token"]
-#     refresh_token = token_data.get("refresh_token")
-
-#     # Get user info
-#     async with httpx.AsyncClient() as client:
-#         r = await client.get(
-#             "https://www.googleapis.com/oauth2/v3/userinfo",
-#             headers={"Authorization": f"Bearer {access_token}"},
-#         )
-#     userinfo = r.json()
-
-#     google_user_id = userinfo["sub"]
-#     user_email = userinfo["email"]
-
-#     USER_TOKEN_STORE[google_user_id] = {
-#         "access_token": access_token,
-#         "refresh_token": refresh_token,
-#         "email": user_email,
-#     }
-
-#     return JSONResponse(
-#         {
-#             "status": "ok",
-#             "user_id": google_user_id,
-#             "email": user_email,
-#             "state": state,
-#         }
-#     )
-
-
-# @router.post("/send-mail")
-# async def send_mail(req: SendMailRequest):
-#     return await send_email_service(req)
-
-
-# @router.get("/", response_model=BaseResponse)
-# async def get_assets(
-#     user_id: str = Depends(get_current_user),
-#     session: AsyncSession = Depends(get_async_session),
-# ):
-#     assets = await list_user_assets(session, user_id)
-
-#     data = {
-#         "assets": [
-#             {
-#                 "id": a.id,
-#                 "name": a.name,
-#                 "type": a.type,
-#                 "status": a.status,
-#             }
-#             for a in assets
-#         ]
-#     }
-
-#     return {"code": 200, "data": data}
-
-
-# @router.put("/update-profile", response_model=BaseResponse)
-# async def update_profile(
-#     payload: UpdateProfileRequest,
-#     user_id: str = Depends(get_current_user),
-#     session: AsyncSession = Depends(get_async_session),
-# ):
-#     result = await update_user_profile(session, user_id, payload)
-#     return {"code": 200, "data": result}
-
-
-# @router.get("/contacts", response_model=BaseResponse)
-# async def get_leave_contacts(
-#     current_user=Depends(get_current_user),
-#     session: AsyncSession = Depends(get_async_session),
-# ):
-#     # get_current_user returns a STRING user_id
-#     user_id = current_user
-
-#     if not user_id:
-#         raise HTTPException(status_code=400, detail="Invalid user token")
-
-#     # 1) Get user's team
-#     stmt = select(UserTeamsRole).where(UserTeamsRole.user_id == user_id)
-#     ut = (await session.exec(stmt)).first()
-
-#     if not ut:
-#         raise HTTPException(status_code=404, detail="User-Team mapping not found")
-
-#     # 2) Get Team Lead role
-#     lead_role = (
-#         await session.exec(select(Roles).where(Roles.name == "Team Lead"))
-#     ).first()
-
-#     if not lead_role:
-#         raise HTTPException(status_code=500, detail="Team Lead role not found")
-
-#     # 3) Find Team Lead user in same team
-#     lead_user = (
-#         await session.exec(
-#             select(Users)
-#             .join(UserTeamsRole)
-#             .where(UserTeamsRole.team_id == ut.team_id)
-#             .where(UserTeamsRole.role_id == lead_role.id)
-#         )
-#     ).all()
-
-#     if not lead_user:
-#         raise HTTPException(status_code=404, detail="Team lead not found")
-
-#     to_email = ", ".join([u.email_id for u in lead_user])
-
-#     # 4) HR CC emails
-#     hr_team = (await session.exec(select(Teams).where(Teams.name == "HR Team"))).first()
-
-#     cc = []
-#     if hr_team:
-#         hr_users = (
-#             await session.exec(
-#                 select(Users)
-#                 .join(UserTeamsRole)
-#                 .where(UserTeamsRole.team_id == hr_team.id)
-#             )
-#         ).all()
-
-#         cc = [str(row.email_id) for row in hr_users]
-
-#     return BaseResponse(code=200, message="success", data={"to": to_email, "cc": cc})
-
-
-# @router.post("/send", response_model=BaseResponse)
-# async def send_leave_email(
-#     payload: dict,
-#     background: BackgroundTasks,
-#     current_user=Depends(get_current_user),
-# ):
-#     from_email = payload.get("from_email")
-#     to_email = payload.get("to")
-#     cc = payload.get("cc", [])
-#     subject = payload.get("subject")
-#     body = payload.get("body")
-
-#     if not subject or not body:
-#         raise HTTPException(status_code=400, detail="Subject and body required")
-
-#     # send in background so API returns fast
-#     background.add_task(send_email, to_email, subject, body, cc, from_email)
-
-#     return BaseResponse(code=200, message="Leave request sent", data=None)
+@router.post("/request", response_model=LeaveResponse)
+async def request_leave_route(
+    body: CreateLeaveRequest,
+    session: AsyncSession = Depends(get_async_session),
+    user_id: str = Depends(get_current_user),
+):
+    # convert user_id string -> UUID if needed
+    try:
+        user_uuid = uuid.UUID(user_id)
+    except ValueError:
+        raise HTTPException(status_code=400, detail="Invalid user id format")
+
+    leave = await create_leave(session, user_uuid, body)
+
+    return LeaveResponse(
+        id=str(leave.id),
+        leave_type=leave.leave_type,
+        from_date=leave.from_date,
+        to_date=leave.to_date,
+        days=leave.days,
+        reason=leave.reason,
+        status=leave.status,
+        mentor_id=str(leave.mentor_id),
+        lead_id=str(leave.lead_id),
+    )
+
+
+@router.post("/{leave_id}/mentor-decision", response_model=LeaveResponse)
+async def mentor_decision_route(
+    leave_id: str,
+    body: ApproveRejectRequest,
+    session: AsyncSession = Depends(get_async_session),
+    user_id: str = Depends(get_current_user),
+):
+    # validate leave_id + user_id UUIDs
+    try:
+        leave_uuid = uuid.UUID(leave_id)
+        mentor_uuid = uuid.UUID(user_id)
+    except ValueError:
+        raise HTTPException(status_code=400, detail="Invalid UUID")
+
+    # If rejected, comment must be provided
+    if body.status == LeaveStatus.REJECTED and not body.comment:
+        raise HTTPException(
+            status_code=400,
+            detail="Comment is required when rejecting leave",
+        )
+
+    try:
+        leave = await mentor_decide_leave(session, mentor_uuid, leave_uuid, body)
+    except PermissionError as e:
+        raise HTTPException(status_code=403, detail=str(e))
+    except ValueError as e:
+        raise HTTPException(status_code=404, detail=str(e))
+
+    return LeaveResponse(
+        id=str(leave.id),
+        leave_type=leave.leave_type,
+        from_date=leave.from_date,
+        to_date=leave.to_date,
+        days=leave.days,
+        reason=leave.reason,
+        status=leave.status,
+        mentor_id=str(leave.mentor_id),
+        lead_id=str(leave.lead_id),
+    )
+
+
+SICK_LIMIT = 10
+CASUAL_LIMIT = 10
+
+
+@router.get("/balance")
+async def get_leave_balance(
+    session: AsyncSession = Depends(get_async_session),
+    user_id: str = Depends(get_current_user),
+):
+    stmt = select(Leave).where(
+        Leave.user_id == user_id, Leave.status == LeaveStatus.APPROVED
+    )
+    results = (await session.exec(stmt)).all()
+
+    sick_used = sum(1 for l in results if l.leave_type == LeaveType.SICK)
+    casual_used = sum(1 for l in results if l.leave_type == LeaveType.CASUAL)
+
+    sick_remaining = SICK_LIMIT - sick_used
+    casual_remaining = CASUAL_LIMIT - casual_used
+
+    return {
+        "code": 200,
+        "message": "success",
+        "data": {
+            "sick_remaining": sick_remaining,
+            "casual_remaining": casual_remaining,
+        },
+    }
+
+
+@router.get("/balance/{user_id}")
+async def get_leave_balance_for_user(
+    user_id: str,
+    session: AsyncSession = Depends(get_async_session),
+):
+    stmt = select(Leave).where(
+        Leave.user_id == user_id, Leave.status == LeaveStatus.APPROVED
+    )
+    results = (await session.exec(stmt)).all()
+
+    sick_used = sum(1 for l in results if l.leave_type == LeaveType.SICK)
+    casual_used = sum(1 for l in results if l.leave_type == LeaveType.CASUAL)
+
+    sick_remaining = SICK_LIMIT - sick_used
+    casual_remaining = CASUAL_LIMIT - casual_used
+
+    return {
+        "code": 200,
+        "message": "success",
+        "data": {
+            "sick_remaining": sick_remaining,
+            "casual_remaining": casual_remaining,
+        },
+    }
+
+
+@router.get("/notifications")
+async def list_notifications(
+    session: AsyncSession = Depends(get_async_session),
+    user_id: str = Depends(get_current_user),
+):
+    from src.profile.models import Leave
+
+    stmt = (
+        select(Leave)
+        .where(
+            (Leave.user_id == user_id)
+            | (Leave.mentor_id == user_id)
+            | (Leave.lead_id == user_id)
+        )
+        .order_by(desc(Leave.updated_at))
+    )
+
+    results = (await session.exec(stmt)).all()
+
+    notifications = []
+
+    for leave in results:
+        if leave.user_id == user_id:
+            # user = leave owner
+            title = f"Your leave was {leave.status}"
+            body = f"{leave.leave_type} from {leave.from_date} to {leave.to_date}"
+        elif leave.mentor_id == user_id:
+            # mentor receives new leave request
+            title = "New Leave Request"
+            body = f"{leave.leave_type} requested by user"
+        elif leave.lead_id == user_id:
+            # lead receives updates
+            title = f"Leave {leave.status}"
+            body = f"{leave.leave_type} for user updated"
+        else:
+            title = "Leave Update"
+            body = leave.reason or ""
+
+        notifications.append(
+            {
+                "id": str(leave.id),
+                "mentor_id": str(leave.mentor_id),
+                "lead_id": str(leave.lead_id),
+                "title": title,
+                "body": body,
+                "type": leave.status,
+                "updated_at": leave.updated_at.isoformat(),
+                "leave_type": leave.leave_type,
+                "from_date": str(leave.from_date),
+                "to_date": str(leave.to_date),
+                "reject_reason": leave.reject_reason,
+                "reason": leave.reason,
+            }
+        )
+
+    return {"code": 200, "data": notifications}
+
+
+@router.get("/leave/{leave_id}")
+async def get_leave_details(
+    leave_id: str,
+    session: AsyncSession = Depends(get_async_session),
+    user_id: str = Depends(get_current_user),
+):
+    leave = await session.get(Leave, leave_id)
+
+    if not leave:
+        raise HTTPException(status_code=404, detail="Leave not found")
+
+    # Convert to JSON response
+    return {
+        "code": 200,
+        "data": {
+            "id": str(leave.id),
+            "user_id": str(leave.user_id),
+            "mentor_id": str(leave.mentor_id),
+            "lead_id": str(leave.lead_id),
+            "leave_type": leave.leave_type,
+            "from_date": str(leave.from_date),
+            "to_date": str(leave.to_date),
+            "days": leave.days,
+            "reason": leave.reason,
+            "status": leave.status,
+            "reject_reason": leave.reject_reason,
+            "updated_at": leave.updated_at.isoformat(),
+        },
+    }
+
+
+@router.get("/mentor/pending")
+async def mentor_pending_leaves(
+    session: AsyncSession = Depends(get_async_session),
+    mentor_id: str = Depends(get_current_user),
+):
+    stmt = select(Leave).where(
+        Leave.mentor_id == mentor_id,
+        Leave.status == LeaveStatus.PENDING,
+    )
+
+    rows = (await session.exec(stmt)).all()
+
+    return {
+        "code": 200,
+        "data": [
+            LeaveResponse(
+                id=str(r.id),
+                leave_type=r.leave_type,
+                from_date=r.from_date,
+                to_date=r.to_date,
+                days=r.days,
+                reason=r.reason,
+                status=r.status,
+                mentor_id=str(r.mentor_id),
+                lead_id=str(r.lead_id),
+            )
+            for r in rows
+        ],
+    }
+
+
+@router.get("/contacts", response_model=BaseResponse)
+async def get_leave_contacts(
+    current_user=Depends(get_current_user),
+    session: AsyncSession = Depends(get_async_session),
+):
+    # get_current_user returns a STRING user_id
+    user_id = current_user
+
+    if not user_id:
+        raise HTTPException(status_code=400, detail="Invalid user token")
+
+    # 1) Get user's team
+    stmt = select(UserTeamsRole).where(UserTeamsRole.user_id == user_id)
+    ut = (await session.exec(stmt)).first()
+
+    if not ut:
+        raise HTTPException(status_code=404, detail="User-Team mapping not found")
+
+    # 2) Get Team Lead role
+    lead_role = (
+        await session.exec(select(Roles).where(Roles.name == "Team Lead"))
+    ).first()
+
+    if not lead_role:
+        raise HTTPException(status_code=500, detail="Team Lead role not found")
+
+    # 3) Find Team Lead user in same team
+    lead_user = (
+        await session.exec(
+            select(Users)
+            .join(UserTeamsRole)
+            .where(UserTeamsRole.team_id == ut.team_id)
+            .where(UserTeamsRole.role_id == lead_role.id)
+        )
+    ).all()
+
+    if not lead_user:
+        raise HTTPException(status_code=404, detail="Team lead not found")
+
+    to_email = ", ".join([u.email_id for u in lead_user])
+
+    # 4) HR CC emails
+    hr_team = (await session.exec(select(Teams).where(Teams.name == "HR Team"))).first()
+
+    cc = []
+    if hr_team:
+        hr_users = (
+            await session.exec(
+                select(Users)
+                .join(UserTeamsRole)
+                .where(UserTeamsRole.team_id == hr_team.id)
+            )
+        ).all()
+
+        cc = [str(row.email_id) for row in hr_users]
+
+    return BaseResponse(code=200, message="success", data={"to": to_email, "cc": cc})
+
+
+@router.get("/details", response_model=BaseResponse)
+async def get_profile_details(
+    current_user=Depends(get_current_user),
+    session: AsyncSession = Depends(get_async_session),
+):
+    user_id = current_user
+
+    # 1) Get the user
+    user = await session.get(Users, user_id)
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+
+    # 2) Get user's team mapping
+    user_team = (
+        await session.exec(
+            select(UserTeamsRole).where(UserTeamsRole.user_id == user_id)
+        )
+    ).first()
+
+    if not user_team:
+        raise HTTPException(status_code=404, detail="User does not belong to any team")
+
+    # 3) Get team name
+    team = await session.get(Teams, user_team.team_id)
+
+    # 4) Find mentor (team lead)
+    lead_role = (
+        await session.exec(select(Roles).where(Roles.name == "Mentor"))
+    ).first()
+
+    mentor_users = (
+        await session.exec(
+            select(Users)
+            .join(UserTeamsRole)
+            .where(UserTeamsRole.team_id == user_team.team_id)
+            .where(UserTeamsRole.role_id == lead_role.id)
+        )
+    ).all()
+
+    mentor_names = [u.user_name for u in mentor_users]
+    mentor_emails = [u.email_id for u in mentor_users]
+
+    return BaseResponse(
+        code=200,
+        message="success",
+        data={
+            "name": user.user_name,
+            "email": user.email_id,
+            "team_name": team.name,
+            "mentor_name": ", ".join(mentor_names),
+            "mentor_email": ", ".join(mentor_emails),
+        },
+    )

src/profile/schemas.py

@@ -1,48 +1,53 @@
-from pydantic import BaseModel, EmailStr ,Field
-from typing import Optional,List
+from pydantic import BaseModel, EmailStr, Field
+from typing import Optional, List
 import uuid
 from enum import Enum
 from datetime import date
+from enum import Enum
+
+
+class LeaveType(str, Enum):
+    SICK = "Sick"
+    CASUAL = "Casual"
+    EMERGENCY = "Emergency"
 
 
-class ApplyLeaveRequest(BaseModel):
-    leave_type: str
+class LeaveStatus(str, Enum):
+    APPROVED = "Approved"
+    REJECTED = "Rejected"
+    PENDING = "Pending"
+
+
+class CreateLeaveRequest(BaseModel):
+    leave_type: LeaveType
     from_date: date
     to_date: date
-    reason: Optional[str] = None
+    days: int
+    reason: str
+
 
 class ApproveRejectRequest(BaseModel):
-    comment: Optional[str] = None
-    reject_reason: Optional[str] = None  # used for reject endpoint
+    status: LeaveStatus  # APPROVED / REJECTED
+    comment: Optional[str] = None  # optional for approve, required for reject
+
 
 class LeaveResponse(BaseModel):
-    id: uuid.UUID
-    user_id: uuid.UUID
-    mentor_id: uuid.UUID
-    lead_id: uuid.UUID
-    leave_type: str
+    id: str
+    leave_type: LeaveType
     from_date: date
     to_date: date
     days: int
-    reason: Optional[str]
-    status: str
-    approved_by: Optional[uuid.UUID]
-    approved_at: Optional[str]
-    reject_reason: Optional[str]
-    comment: Optional[str]
-
-class BalanceResponse(BaseModel):
-    leave_type: str
-    limit: int
-    used: int
-    remaining: int
+    reason: str
+    status: LeaveStatus
+    mentor_id: str
+    lead_id: str
+
 
 class DeviceTokenIn(BaseModel):
     device_token: str
     device_type: Optional[str] = None
 
 
-
 class AssetStatus(str, Enum):
     ACTIVE = "Active"
     UNAVAILABLE = "Unavailable"

src/profile/service.py

@@ -1,26 +1,24 @@
-# from src.profile.utils import build_raw_message, refresh_access_token
-# from src.profile.schemas import SendMailRequest
-# from src.core.models import Assets, Users
-# from datetime import datetime
-# import uuid
-# from fastapi import HTTPException
-# from passlib.context import CryptContext
-# from src.core.models import Users
-# import uuid
-# from typing import List
-# from sqlmodel import select
-# from sqlmodel.ext.asyncio.session import AsyncSession
-# import httpx
-# from src.core.config import settings
-# from typing import List, Optional
-# from sqlmodel import select
-# from sqlmodel.ext.asyncio.session import AsyncSession
-# from fastapi import HTTPException
-# from datetime import datetime
-# from src.profile.schemas import ApplyLeaveRequest, ApproveRejectRequest
-# from src.profile.utils import calculate_days, find_mentor_and_lead
-# from src.profile.utils import get_tokens_for_user, send_push_to_tokens
-# from src.core.config import settings
+from src.notifications.service import get_user_device_tokens
+from src.profile.utils import build_raw_message, refresh_access_token
+from src.profile.schemas import SendMailRequest
+from src.core.models import Assets, Users, UserTeamsRole, Roles
+from fastapi import HTTPException
+from passlib.context import CryptContext
+import httpx
+from src.core.config import settings
+from sqlmodel import select
+from sqlmodel.ext.asyncio.session import AsyncSession
+from datetime import datetime
+import uuid
+from typing import List
+from src.profile.models import (
+    Leave,
+    UserDevices,
+)
+from src.profile.notify import send_leave_request_notification
+
+from src.profile.schemas import CreateLeaveRequest, LeaveStatus, ApproveRejectRequest
+from src.notifications.fcm import send_fcm
 
 
 # pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
@@ -32,6 +30,151 @@
 # CASUAL_LIMIT = getattr(settings, "CASUAL_LEAVE_LIMIT", 10)
 
 
+async def _get_team_roles(session: AsyncSession, user_id: uuid.UUID):
+    """
+    Find user's team, mentor and team lead in that team.
+    """
+    # 1) Get user's team mapping
+    user_team = (
+        await session.exec(
+            select(UserTeamsRole).where(UserTeamsRole.user_id == user_id)
+        )
+    ).first()
+
+    if not user_team:
+        raise ValueError("User has no team mapping")
+
+    # 2) Get Mentor role
+    mentor_role = (
+        await session.exec(select(Roles).where(Roles.name == "Mentor"))
+    ).first()
+    if not mentor_role:
+        raise ValueError("Mentor role not found")
+
+    # 3) Get Team Lead role
+    lead_role = (
+        await session.exec(select(Roles).where(Roles.name == "Team Lead"))
+    ).first()
+    if not lead_role:
+        raise ValueError("Team Lead role not found")
+
+    # 4) Find mentor in same team
+    mentor_user = (
+        await session.exec(
+            select(Users)
+            .join(UserTeamsRole, UserTeamsRole.user_id == Users.id)
+            .where(UserTeamsRole.team_id == user_team.team_id)
+            .where(UserTeamsRole.role_id == mentor_role.id)
+        )
+    ).first()
+
+    if not mentor_user:
+        raise ValueError("Mentor not found in user's team")
+
+    # 5) Find team lead in same team
+    lead_user = (
+        await session.exec(
+            select(Users)
+            .join(UserTeamsRole, UserTeamsRole.user_id == Users.id)
+            .where(UserTeamsRole.team_id == user_team.team_id)
+            .where(UserTeamsRole.role_id == lead_role.id)
+        )
+    ).first()
+
+    if not lead_user:
+        raise ValueError("Team Lead not found in user's team")
+
+    return mentor_user, lead_user
+
+
+async def _get_tokens_for_users(
+    session: AsyncSession, user_ids: List[uuid.UUID]
+) -> List[str]:
+    """
+    Get all device tokens for all given users.
+    """
+    tokens: List[str] = []
+    for uid in user_ids:
+        rows = (
+            await session.exec(select(UserDevices).where(UserDevices.user_id == uid))
+        ).all()
+        for row in rows:
+            if row.device_token:
+                tokens.append(row.device_token)
+    return tokens
+
+
+async def create_leave(session, user_id, body):
+    # Get the user
+    user = await session.get(Users, user_id)
+
+    # Get mentor + team lead
+    mentor_user, lead_user = await _get_team_roles(session, user_id)
+
+    leave = Leave(
+        user_id=user_id,
+        leave_type=body.leave_type,
+        from_date=body.from_date,
+        to_date=body.to_date,
+        reason=body.reason,
+        days=body.days,
+        mentor_id=mentor_user.id,
+        lead_id=lead_user.id,
+    )
+
+    session.add(leave)
+    await session.commit()
+    await session.refresh(leave)
+
+    # Send notification
+    await send_leave_request_notification(
+        session,
+        user,
+        leave,
+        leave.mentor_id,
+        leave.lead_id,
+    )
+
+#     return leave
+
+
+async def mentor_decide_leave(session, mentor_id, leave_id, body):
+    leave = await session.get(Leave, leave_id)
+    if not leave:
+        raise ValueError("Leave not found")
+
+    mentor = await session.get(Users, mentor_id)
+    if not mentor:
+        raise ValueError("Mentor not found")
+
+    # Update leave status
+    leave.status = body.status
+    leave.updated_at = datetime.utcnow()
+
+    if body.status == LeaveStatus.REJECTED:
+        leave.reject_reason = body.comment
+
+    await session.commit()
+    await session.refresh(leave)
+
+    # 🔥 Send notification to USER
+    from src.profile.notify import send_leave_status_notification
+
+    await send_leave_status_notification(session, leave, mentor.user_name)
+
+    # 🔥 Send notification to TEAM LEAD also
+    tokens = await get_user_device_tokens(session, leave.lead_id)
+
+    await send_fcm(
+        tokens,
+        "Leave Update",
+        f"{leave.user_id} leave was {body.status.lower()}",
+        {"type": "leave_status"},
+    )
+
+#     return leave
+
+
 # async def apply_leave(session: AsyncSession, user_id, payload: ApplyLeaveRequest):
 #     # compute days
 #     days = calculate_days(payload.from_date, payload.to_date)