Update app.py

app.py

@@ -80,5 +80,43 @@ async def get_itinerary_data(authorization: str = Header(...)):
         raise e
     except Exception as e:
         # Catch any other unexpected errors
+        print(f"An unexpected error occurred: {e}")
+        raise HTTPException(status_code=500, detail="Internal server error")
+
+@app.delete("/itinerary/{itinerary_id}")
+async def delete_itinerary(itinerary_id: int, authorization: str = Header(...)):
+    """
+    Deletes a specific itinerary, ensuring the user owns it.
+    """
+    if not supabase:
+        raise HTTPException(status_code=500, detail="Database connection not configured.")
+
+    try:
+        # First, verify the user's token to get their ID
+        token_type, token = authorization.split()
+        if token_type.lower() != "bearer":
+            raise HTTPException(status_code=401, detail="Invalid token type")
+        
+        payload = jwt.decode(token, JWT_SECRET_KEY, algorithms=[ALGORITHM])
+        user_id = payload.get("user_id")
+        if user_id is None:
+            raise HTTPException(status_code=401, detail="User ID not found in token payload")
+
+        # Securely delete the itinerary by matching both its ID and the user's ID
+        # This prevents a user from deleting someone else's itinerary
+        response = supabase.table("itineraries").delete().match({
+            "id": itinerary_id,
+            "user_id": user_id
+        }).execute()
+
+        # Check if the delete operation affected any rows
+        if not response.data:
+            raise HTTPException(status_code=404, detail="Itinerary not found or you do not have permission to delete it.")
+
+        return {"message": "Itinerary deleted successfully"}
+
+    except JWTError:
+        raise HTTPException(status_code=401, detail="Could not validate credentials")
+    except Exception as e:
         print(f"An unexpected error occurred: {e}")
         raise HTTPException(status_code=500, detail="Internal server error")