from flask import Flask, Blueprint, request, jsonify, send_from_directory from flask_jwt_extended import jwt_required from db.db import get_db_connection from config.auth import role_required # ✅ imported properly now import base64 from werkzeug.security import generate_password_hash, check_password_hash import os from flask_jwt_extended import ( JWTManager, create_access_token, jwt_required, get_jwt_identity, get_jwt, verify_jwt_in_request ) import secrets from werkzeug.utils import secure_filename user_bp = Blueprint('user', __name__) app = Flask(__name__) # -------------------- FILE UPLOAD CONFIG -------------------- UPLOAD_FOLDER = os.path.join(app.root_path, 'static', 'uploads') os.makedirs(UPLOAD_FOLDER, exist_ok=True) app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER # # -------------------- REGISTER USER -------------------- # @user_bp.route('/register', methods=['POST']) # def register_user(): # data = request.get_json() # # Required fields # required = ["user_name", "user_email", "user_password"] # for field in required: # if field not in data: # return jsonify({"message": f"Missing field: {field}"}), 400 # name = data['user_name'] # address = data.get('user_address') # contact = data.get('user_contact') # email = data['user_email'] # password = data['user_password'] # role = data.get('user_role', 'cashier') # default role # image = data.get('user_image', None) # hashed_password = generate_password_hash(password) # image_path = None # # Handle image if provided # if image: # try: # # Handle both raw base64 and base64 with prefix # if ',' in image: # image = image.split(',')[1] # img_data = base64.b64decode(image) # upload_folder = app.config.get('UPLOAD_FOLDER', 'uploads') # os.makedirs(upload_folder, exist_ok=True) # image_path = os.path.join(upload_folder, f'{name}_image.jpg') # with open(image_path, 'wb') as f: # f.write(img_data) # except Exception as e: # return jsonify({'message': f'Image processing failed: {str(e)}'}), 400 # # Insert into database # conn = get_db_connection() # if not conn: # return jsonify({'message': 'Database connection failed'}), 500 # try: # cursor = conn.cursor() # cursor.execute(""" # INSERT INTO users (name, address, contact, email, password, role, image) # VALUES (%s, %s, %s, %s, %s, %s, %s) # """, (name, address, contact, email, hashed_password, role, image_path)) # conn.commit() # cursor.close() # return jsonify({'message': 'User registered successfully!'}), 201 # except Exception as e: # return jsonify({'message': f'Registration failed: {str(e)}'}), 500 # finally: # conn.close() # # -------------------- CHECK REGISTER OPEN -------------------- # @user_bp.route('/check_register_open', methods=['GET']) # @jwt_required() # @role_required('admin','user') # def check_register_open(): # user_id = get_jwt_identity() # <-- identity from JWT # if not user_id: # return jsonify({'success': False, 'message': 'Missing user_id'}), 400 # conn = get_db_connection() # cursor = conn.cursor() # try: # cursor.execute(""" # SELECT id FROM close_register_logs # WHERE user_id = %s AND logout_time IS NULL AND status = 'open' # """, (user_id,)) # row = cursor.fetchone() # return jsonify({'success': True, 'open': bool(row)}) # except Exception as e: # return jsonify({'success': False, 'message': str(e)}), 500 # finally: # cursor.close() # conn.close() @user_bp.route('/view_all_users', methods=['GET']) @jwt_required() @role_required('admin','cashier') # Only admin can register new users def view_all_users(): conn = get_db_connection() if not conn: return jsonify({'message': 'Database connection failed'}), 500 role_filter = request.args.get('role') # Get role filter from query params (if any) try: cursor = conn.cursor() # Modify SQL query based on role filter (if provided) if role_filter: cursor.execute("SELECT id, name, address, contact, email, role, image FROM users WHERE role = %s", (role_filter,)) else: cursor.execute("SELECT id, name, address, contact, email, role, image FROM users") users = cursor.fetchall() cursor.close() user_list = [] for user in users: user_data = { 'user_id': user[0], 'user_name': user[1], 'user_address': user[2], 'user_contact': user[3], 'user_email': user[4], 'user_role': user[5], 'user_image': None } image_path = user[6] if image_path and os.path.exists(image_path): with open(image_path, 'rb') as image_file: user_data['user_image'] = base64.b64encode(image_file.read()).decode('utf-8') user_list.append(user_data) return jsonify({ 'message': 'Users fetched successfully!', 'users': user_list }), 200 if user_list else 404 except Exception as e: return jsonify({'message': f'Error: {str(e)}'}), 500 finally: conn.close() @user_bp.route('/get_user_details', methods=['GET']) @jwt_required() @role_required('admin','cashier') # Only admin can register new users def get_user_details(): user_id = request.args.get('user_id') # Get the user_id from the query parameters if not user_id: return jsonify({'message': 'User ID is required.'}), 400 conn = get_db_connection() if not conn: return jsonify({'message': 'Database connection failed.'}), 500 try: cursor = conn.cursor() cursor.execute("SELECT id, name, email, address, contact, role, image FROM users WHERE id = %s", (user_id,)) user = cursor.fetchone() cursor.close() if user: user_id, user_name, user_email, user_address, user_contact, user_role, user_image = user # Optionally, you can encode the image in base64 format if user_image and os.path.exists(user_image): with open(user_image, 'rb') as image_file: user_image = base64.b64encode(image_file.read()).decode('utf-8') else: user_image = None return jsonify({ 'user_id': user_id, 'user_name': user_name, 'user_email': user_email, 'user_address': user_address, 'user_contact': user_contact, 'user_role': user_role, 'user_image': user_image }), 200 else: return jsonify({'message': 'User not found.'}), 404 except Exception as e: return jsonify({'message': f'Error: {str(e)}'}), 500 finally: conn.close() # -------------------- DELETE USER -------------------- @user_bp.route('/delete_user/', methods=['DELETE']) @jwt_required() @role_required('admin') def delete_user(user_id): conn = get_db_connection() if not conn: return jsonify({'message': 'Database connection failed'}), 500 try: cursor = conn.cursor() cursor.execute("DELETE FROM users WHERE id = %s", (user_id,)) conn.commit() if cursor.rowcount > 0: return jsonify({'message': 'User deleted successfully!'}), 200 else: return jsonify({'message': 'User not found.'}), 404 except Exception as e: return jsonify({'message': f'Error: {str(e)}'}), 500 finally: cursor.close() conn.close() # -------------------- RUN APP -------------------- # Allowed image extensions ALLOWED_EXTENSIONS = {'png', 'jpg', 'jpeg', 'gif'} @user_bp.route('/update_user/', methods=['PUT']) @jwt_required() @role_required('admin','cashier') # Only admin can register new users def update_user(user_id): name = request.form.get('user_name') address = request.form.get('user_address') contact = request.form.get('user_contact') email = request.form.get('user_email') role = request.form.get('user_role') if not (name and email and role): return jsonify({'message': 'Name, email, and role are required.'}), 400 # Handle image upload image = request.files.get('user_image') image_path = None if image and allowed_file(image.filename): filename = f"{secrets.token_hex(8)}_{secure_filename(image.filename)}" image_path = os.path.join(app.config['UPLOAD_FOLDER'], filename) image.save(image_path) # Database connection conn = get_db_connection() if not conn: return jsonify({'message': 'Database connection failed'}), 500 try: cursor = conn.cursor() if image_path: cursor.execute(""" UPDATE users SET name=%s, address=%s, contact=%s, email=%s, role=%s, image=%s WHERE id=%s """, (name, address, contact, email, role, image_path, user_id)) else: cursor.execute(""" UPDATE users SET name=%s, address=%s, contact=%s, email=%s, role=%s WHERE id=%s """, (name, address, contact, email, role, user_id)) conn.commit() # Return updated user cursor.execute("SELECT id, name, address, contact, email, role, image FROM users WHERE id=%s", (user_id,)) updated_user = cursor.fetchone() cursor.close() return jsonify({'message': 'User updated successfully!', 'user': updated_user}), 200 except Exception as e: return jsonify({'message': f'Update failed: {str(e)}'}), 500 finally: conn.close() # Helper function to check allowed file extensions def allowed_file(filename): return '.' in filename and filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS # ------------------------- # PUT API - Update Doctor # ------------------------- app.config['UPLOAD_FOLDER'] = 'static/uploads' # Ensure upload folder exists os.makedirs(app.config['UPLOAD_FOLDER'], exist_ok=True) # Route to serve uploaded images (static) @user_bp.route('/static/uploads/') def serve_uploaded_file(filename): return send_from_directory(app.config['UPLOAD_FOLDER'], filename)