import traceback from django.shortcuts import get_object_or_404, render from rest_framework.views import APIView, exception_handler from rest_framework.response import Response from rest_framework import status from rest_framework.authtoken.models import Token from adminportal.tasks import send_otp_whatsapp_message from orders.delhivery import check_pincode, get_pincode_from_latlng from products.models import ProductReview, Wishlist from utils.send_otp import send_otp_via_twilio from .models import Users, OTP, Address, UserLocation, Referral from shops.models import Shop from orders.models import Cart, Coupons, CustomCoupon, NotificationStat,DeletedOrders,Orders from datetime import timedelta from django.utils import timezone import random from rest_framework_simplejwt.tokens import AccessToken from .serializers import UserDataSerializer, UserProfileSerializer, AddressSerializer from rest_framework.permissions import IsAuthenticated import jwt import uuid import googlemaps from django.conf import settings from django.core.mail import send_mail from django.urls import reverse from firebase_admin import messaging from firebase_admin import credentials import firebase_admin from rest_framework.views import APIView from django.db import transaction class UserLoginView(APIView): """ View for user login (also used for registration). """ def post(self, request): mobile_number = request.data.get("mobile_number") if mobile_number: mobile_number = mobile_number.replace(" ", "") user, created = Users.objects.get_or_create( phone_number=mobile_number, user_type="Customer" ) if created: Referral.objects.create(user=user) OTP.objects.filter(user=user).delete() otp_code = random.randint(1000, 9999) OTP.objects.create(user=user, otp_code=otp_code) send_otp_whatsapp_message.apply_async(args=[mobile_number, otp_code], countdown=5) return Response( {"status": 1, "message": "OTP sent successfully!", "otp": otp_code}, status=status.HTTP_200_OK, ) class OTPVerificationView(APIView): """ View for OTP verification. """ def post(self, request): try: mobile_number = request.data.get("mobile_number") otp_code = request.data.get("OTP") anonymous_id = request.data.get("anonymous_id") fcm_token = request.data.get("fcm_token") if mobile_number: mobile_number = mobile_number.replace(" ", "") # OTP expiry: 1 minute one_minute_ago = timezone.now() - timedelta(minutes=1) otp = ( OTP.objects.filter( user__phone_number=mobile_number, otp_code=otp_code, created_at__gte=one_minute_ago, ) .order_by("-created_at") .first() ) if not otp: return Response( { "status": 0, "message": "Invalid or expired OTP.", }, status=status.HTTP_400_BAD_REQUEST, ) user = get_object_or_404(Users, phone_number=mobile_number) # 🔐 DELETE OTP IMMEDIATELY (prevents reuse) otp.delete() # Create or get auth token token, _ = Token.objects.get_or_create(user=user) user.fcm_token = fcm_token user.save() # Generate JWT token access_token = AccessToken.for_user(user) # Merge anonymous data if anonymous_id: Cart.objects.filter(user=user).delete() UserLocation.objects.filter(user=user).delete() Cart.objects.filter( anonymous_id=anonymous_id ).update(user=user, anonymous_id=None) UserLocation.objects.filter( anonymous_id=anonymous_id ).update(user=user, anonymous_id=None) return Response( { "status": 1, "message": "OTP verified successfully!", "auth_token": token.key, "jwt_token": str(access_token), }, status=status.HTTP_200_OK, ) except Exception as e: return Response( { "status": 0, "message": "An unexpected error occurred.", "error": str(e), }, status=status.HTTP_400_BAD_REQUEST, ) class GetReferralCodeView(APIView): permission_classes = [IsAuthenticated] def get(self, request): try: referral = request.user.referral return Response({ "status": 1, "referral_code": referral.referral_code }) except Referral.DoesNotExist: return Response({ "status": 0, "message": "Referral code not found." }, status=404) class UserProfileView(APIView): """ View for getting and updating user profile. """ permission_classes = [IsAuthenticated] def get(self, request): user = request.user serializer = UserProfileSerializer(user) return Response( { "status": 1, "message": "User profile retrieved successfully.", "data": serializer.data, }, status=status.HTTP_200_OK, ) def put(self, request): user = request.user old_email = user.email serializer = UserProfileSerializer(user, data=request.data, partial=True) if serializer.is_valid(): new_email = serializer.validated_data.get("email", old_email) # type: ignore # Check if email has changed if new_email != old_email: serializer.validated_data["email_verified"] = False # type: ignore serializer.save() return Response( { "status": 1, "message": "User profile updated successfully.", "data": serializer.data, }, status=status.HTTP_200_OK, ) return Response( { "status": 0, "message": "Profile update failed.", "errors": serializer.errors, }, status=status.HTTP_400_BAD_REQUEST, ) class UserDataView(APIView): permission_classes = [IsAuthenticated] def post(self, request): """Update logged-in user data""" user = request.user serializer = UserDataSerializer(user, data=request.data, partial=True) if serializer.is_valid(): serializer.save() return Response( { "status": 1, "message": "User data updated successfully.", "data": serializer.data, }, status=status.HTTP_200_OK ) return Response( { "status": 0, "message": "Validation error.", "errors": serializer.errors }, status=status.HTTP_400_BAD_REQUEST ) class SendVerificationEmailView(APIView): """ View to send verification email. """ permission_classes = [IsAuthenticated] def post(self, request): user = request.user email = request.data.get("email",None) if user.email: if email and email != user.email: email_exists = Users.objects.filter(email=email).exclude(uuid=user.uuid).exists() if email_exists: return Response( {"status": 0, "message": "Email already exists."}, status=status.HTTP_400_BAD_REQUEST, ) user.email = email user.email_verified = False user.save() elif not email: return Response( {"status": 0, "message": "Email is required."}, status=status.HTTP_400_BAD_REQUEST, ) else: if email: user.email = email user.email_verified = False user.save() else: return Response( {"status": 0, "message": "Email is required."}, status=status.HTTP_400_BAD_REQUEST, ) if user.email_verified: return Response( {"status": 0, "message": "Email already verified."}, status=status.HTTP_400_BAD_REQUEST, ) # Create a token token = jwt.encode( {"user_id": str(user.uuid), "exp": timezone.now() + timedelta(hours=24)}, settings.SECRET_KEY, algorithm="HS256", ) # Create verification link # verification_link = request.build_absolute_uri( # reverse("verify-email", args=[token]) # ) domain = getattr(settings, "DOMAIN", "http://localhost/") verification_link = f"{domain}{reverse('verify-email', args=[token])}" # Send the email aa = send_mail( "Verify your email", f"Click the link to verify your email: {verification_link}", settings.EMAIL_HOST_USER, [user.email], fail_silently=False, ) return Response( {"status": 1, "message": "Verification email sent."}, status=status.HTTP_200_OK, ) class VerifyEmailView(APIView): def get(self, request, token): try: payload = jwt.decode(token, settings.SECRET_KEY, algorithms=["HS256"]) try: user = get_object_or_404(Users, uuid=payload["user_id"]) except: return render( request, "email_verification.html", {"status": 0, "message": "Verification link has expired."}, ) # Update email verification status user.email_verified = True user.save() return render( request, "email_verification.html", {"status": 1, "message": "Email verified successfully."}, ) except jwt.ExpiredSignatureError: return render( request, "email_verification.html", {"status": 0, "message": "Verification link has expired."}, ) except jwt.InvalidTokenError: return render( request, "email_verification.html", {"status": 0, "message": "Invalid verification link."}, ) from rest_framework.permissions import AllowAny class AddressDetailView(APIView): """View for retrieving, creating, updating, and deleting a specific address.""" permission_classes = [AllowAny] def get_object(self, user, pk): return Address.objects.filter(user=user).get(pk=pk) def get(self, request, pk=None, *args, **kwargs): if pk is None: addresses = Address.objects.filter(user=request.user) serializer = AddressSerializer(addresses, many=True) return Response( { "status": 1, "message": "Addresses retrieved successfully!", "data": serializer.data, }, status=status.HTTP_200_OK, ) else: address = self.get_object(request.user, pk) serializer = AddressSerializer(address) return Response( { "status": 1, "message": "Address retrieved successfully!", "data": serializer.data, }, status=status.HTTP_200_OK, ) def post(self, request, *args, **kwargs): if not request.user.is_authenticated: request.session['guest_address'] = { "latitude": request.data.get("latitude"), "longitude": request.data.get("longitude"), "flat_no": request.data.get("flat_no"), "landmark": request.data.get("landmark"), "address_type": request.data.get("address_type"), } return Response( { "status": 1, "message": "Address saved for guest user (temporary)", "data": request.session['guest_address'], }, status=status.HTTP_200_OK, ) # Logged-in user → normal DB save serializer = AddressSerializer(data=request.data) if serializer.is_valid(): address = serializer.save(user=request.user) return Response( { "status": 1, "message": "Address created successfully!", "data": AddressSerializer(address).data, }, status=status.HTTP_201_CREATED, ) return Response( { "status": 0, "message": "Address creation failed.", "errors": serializer.errors, }, status=status.HTTP_400_BAD_REQUEST, ) def put(self, request, pk, *args, **kwargs): address = self.get_object(request.user, pk) serializer = AddressSerializer(address, data=request.data, partial=True) if serializer.is_valid(): serializer.save() return Response( { "status": 1, "message": "Address updated successfully!", "data": serializer.data, }, status=status.HTTP_200_OK, ) return Response( { "status": 0, "message": "Address update failed.", "errors": serializer.errors, }, status=status.HTTP_400_BAD_REQUEST, ) def delete(self, request, pk, *args, **kwargs): address = self.get_object(request.user, pk) address.delete() return Response( {"status": 1, "message": "Address deleted successfully!"}, status=status.HTTP_200_OK, ) class SaveUserLocationView(APIView): def post(self, request): latitude = request.data.get("latitude") longitude = request.data.get("longitude") address_id = request.data.get("address_id") if not latitude or not longitude: return Response( {"status": 0, "message": "Latitude and longitude are required."}, status=400, ) # ----------------------------- # USER / ANONYMOUS HANDLING # ----------------------------- if request.user.is_authenticated: user = request.user anonymous_id = None else: user = None anonymous_id = request.data.get("anonymous_id") or uuid.uuid4() user_location = (float(latitude), float(longitude)) gmaps = googlemaps.Client(key=settings.GOOGLE_MAPS_API_KEY) # ----------------------------- # REVERSE GEOCODING # ----------------------------- try: reverse_geocode_result = gmaps.reverse_geocode(user_location) except Exception as e: return Response( { "status": 0, "message": "Reverse geocoding failed.", "error": str(e), "traceback": traceback.format_exc(), }, status=500, ) street_name = "" area_name = "" # Thripunithura city_name = "" # Kochi state_name = "" # Kerala country_name = "" if reverse_geocode_result: for result in reverse_geocode_result: for component in result.get("address_components", []): types = component.get("types", []) if "route" in types: street_name = component["long_name"] if "sublocality_level_1" in types or "sublocality" in types: area_name = component["long_name"] if "locality" in types: city_name = component["long_name"] if "administrative_area_level_1" in types: state_name = component["long_name"] if "country" in types: country_name = component["long_name"] # Stop once we got sublocality (most specific) if area_name: break location_address = ", ".join( filter(None, [area_name, city_name, state_name, country_name]) ) # ----------------------------- # FIND NEAREST SHOP # ----------------------------- shops = Shop.objects.filter(latitude__isnull=False, longitude__isnull=False) distances = [] shop_errors = [] for shop in shops: try: shop_location = (shop.latitude, shop.longitude) result = gmaps.distance_matrix( origins=user_location, destinations=shop_location, mode="driving", ) element = result["rows"][0]["elements"][0] if element.get("status") != "OK": shop_errors.append({ "shop_id": shop.unit_name, "reason": f"Non-OK status: {element.get('status')}", }) continue road_distance = element["distance"]["value"] # meters if road_distance <= shop.delivery_radius * 1000: distances.append((shop, road_distance / 1000)) except Exception as e: shop_errors.append({ "shop_id": shop.unit_name, "reason": "Exception occurred", "error": str(e), "traceback": traceback.format_exc(), }) distances.sort(key=lambda x: x[1]) nearest_shop = distances[0][0] if distances else None nearest_distance = distances[0][1] if distances else None # ----------------------------- # SAVE LOCATION # ----------------------------- if address_id: try: address = Address.objects.get(id=address_id, user=user) location, created = UserLocation.objects.update_or_create( user=user, anonymous_id=None, defaults={ "address": address, "is_selected_address": True, "latitude": latitude, "longitude": longitude, "shop": nearest_shop, "location_address": location_address, "distance": nearest_distance, }, ) except Address.DoesNotExist: return Response( {"status": 0, "message": "Address not found."}, status=404, ) else: location, created = UserLocation.objects.update_or_create( user=user if user else None, anonymous_id=anonymous_id if not user else None, defaults={ "latitude": latitude, "longitude": longitude, "shop": nearest_shop, "is_selected_address": False, "address": None, "location_address": location_address, "distance": nearest_distance, }, ) # ----------------------------- # RESPONSE # ----------------------------- return Response( { "status": 1, "message": "Location and nearest shop saved successfully.", "location": { "latitude": location.latitude, "longitude": location.longitude, "shop": location.shop.uuid if location.shop else None, "anonymous_id": anonymous_id, "is_selected_address": location.is_selected_address, "address_id": location.address.id if location.address else None, "location_address": location.location_address, }, "shop_errors": shop_errors, }, status=200, ) class AccountDelete(APIView): def post(self, request): if not request.user.is_authenticated: return Response( {"status": 0, "message": "User Not Authenticated"}, status=status.HTTP_403_FORBIDDEN ) user = request.user if Orders.objects.filter(user_uuid=user, order_status__in=["Bill Created","Confirmed", "Viewed", "Order Packed", "Delivery Assigned","Despatched"]).exists(): return Response( {"status": 0, "message": "Cannot delete account with active orders."}, status=status.HTTP_200_OK ) try: with transaction.atomic(): # --------------------------- # 1. BACKUP ORDERS (IF EXISTS) # --------------------------- orders = Orders.objects.filter(user_uuid=user) if orders.exists(): for order in orders: DeletedOrders.objects.create( order_ID=order.order_ID, order_type=order.order_type, grand_total=order.grand_total, order_status=order.order_status, store_uuid=order.store_uuid, pu_uuid=order.pu_uuid, custom_product=order.custom_product, order_assigntime=order.order_assigntime, order_delivered_time=order.order_delivered_time, created_date=order.created_date, description=order.description, message=order.message ) # --------------------------- # 2. DELETE CART (IF EXISTS) # --------------------------- cart_qs = Cart.objects.filter(user=user) if cart_qs.exists(): cart_qs.delete() # --------------------------- # 3. DELETE WISHLIST (IF EXISTS) # --------------------------- wishlist_qs = Wishlist.objects.filter(user=user) if wishlist_qs.exists(): wishlist_qs.delete() # --------------------------- # 4. REMOVE COUPON USAGE (IF EXISTS) # --------------------------- coupons = Coupons.objects.filter(CouponUsed=user) if coupons.exists(): for coupon in coupons: coupon.CouponUsed.remove(user) # --------------------------- # 5. DELETE ADDRESS (IF EXISTS) # --------------------------- address_qs = Address.objects.filter(user=user) if address_qs.exists(): address_qs.delete() # --------------------------- # 6. DELETE USER LOCATION (IF EXISTS) # --------------------------- location_qs = UserLocation.objects.filter(user=user) if location_qs.exists(): location_qs.delete() # --------------------------- # 7. DELETE OTPs (IF EXISTS) # --------------------------- otp_qs = OTP.objects.filter(user=user) if otp_qs.exists(): otp_qs.delete() # --------------------------- # 8. DELETE REFERRAL (IF EXISTS) # --------------------------- referral_qs = Referral.objects.filter(user=user) if referral_qs.exists(): referral_qs.delete() # --------------------------- # 9. DELETE CUSTOM COUPONS (IF EXISTS) # --------------------------- custom_coupon_qs = CustomCoupon.objects.filter(user=user) if custom_coupon_qs.exists(): custom_coupon_qs.delete() # --------------------------- # 10. ANONYMIZE USER (DO NOT DELETE) # --------------------------- user.first_name = "Anonymous" user.last_name = "" user.email = None user.phone_number = None user.gender = None user.dob = None user.fcm_token = None user.opt_in = False user.user_verify_status = False user.status = "inactive" user.save() return Response( {"status": 1, "message": "Account deleted successfully"}, status=status.HTTP_200_OK ) except Exception as e: return Response( { "status": 0, "message": "Something went wrong, please contact administrator", "error": str(e), }, status=status.HTTP_400_BAD_REQUEST ) # class FetchUserLocationView(APIView): # def post(self, request): # anonymous_id = request.data.get("anonymous_id") # if request.user.is_authenticated: # user = request.user # try: # location = UserLocation.objects.get(user=user) # response_data = { # "latitude": location.latitude, # "longitude": location.longitude, # "shop": location.shop.uuid if location.shop else None, # "anonymous_id": None, # No anonymous ID for authenticated users # "is_selected_address": location.is_selected_address, # "address_id": location.address.id if location.address else None, # type: ignore # "address": { # "flat_no": location.address.flat_no if location.address else None, # "landmark": location.address.landmark if location.address else None, # } if location.address else None, # "location_address": location.location_address, # } # return Response( # { # "status": 1, # "message": "Location fetched successfully.", # "location": response_data, # }, # status=200, # ) # except UserLocation.DoesNotExist: # return Response( # {"status": 0, "message": "Location not found for this user."}, # status=404, # ) # else: # if not anonymous_id: # return Response( # {"status": 0, "message": "Anonymous ID is required."}, # status=400, # ) # try: # location = UserLocation.objects.get(anonymous_id=anonymous_id) # response_data = { # "latitude": location.latitude, # "longitude": location.longitude, # "shop": location.shop.uuid if location.shop else None, # "anonymous_id": anonymous_id, # "is_selected_address": location.is_selected_address, # "address_id": location.address.id if location.address else None, # type: ignore # "address": { # "flat_no": location.address.flat_no if location.address else None, # "landmark": location.address.landmark if location.address else None, # } if location.address else None, # "location_address": location.location_address # } # return Response( # { # "status": 1, # "message": "Location fetched successfully.", # "location": response_data, # }, # status=200, # ) # except UserLocation.DoesNotExist: # return Response( # {"status": 0, "message": "Location not found for anonymous user."}, # status=404, # ) class FetchUserLocationView(APIView): def post(self, request): anonymous_id = request.data.get("anonymous_id") long_distance = False deliverable = True if request.user.is_authenticated: user = request.user try: location = UserLocation.objects.get(user=user) if location.shop is None: long_distance = True else: shop_uuid = location.shop.uuid except UserLocation.DoesNotExist: return Response( {"status": 0, "message": "Location not found for this user."}, status=404, ) else: if not anonymous_id: return Response( {"status": 0, "message": "Anonymous ID is required."}, status=400, ) try: location = UserLocation.objects.get(anonymous_id=anonymous_id) if location.shop is None: long_distance = True else: shop_uuid = location.shop.uuid except UserLocation.DoesNotExist: return Response( {"status": 0, "message": "Location not found for anonymous user."}, status=404, ) # Check pincode deliverability ONLY when long distance is True if long_distance: pincode = get_pincode_from_latlng( location.latitude, location.longitude ) deliverable = check_pincode(pincode) response_data = { "latitude": location.latitude, "longitude": location.longitude, "shop": location.shop.uuid if location.shop else None, "is_selected_address": location.is_selected_address, "address_id": location.address.id if location.address else None, "address": { "flat_no": location.address.flat_no if location.address else None, "landmark": location.address.landmark if location.address else None, } if location.address else None, "location_address": location.location_address, "long_distance": long_distance, } # Add anonymous_id only for unauthenticated users if not request.user.is_authenticated: response_data["anonymous_id"] = anonymous_id return Response( { "status": 1, "message": "Location fetched successfully.", "location": response_data, "deliverable": deliverable, }, status=200, ) def notification_stat_post(Order, Notification_title, sendTo,description ): try: notification_data = NotificationStat.objects.create(Sendmsg=Notification_title, OrderID=Order, sendTo=sendTo, Description= description) notification_data.save() except Exception as e: pass def send_notification(fcmToken, Order, title, description,sendTo): notification_stat_post(Order, title, sendTo, description) if not firebase_admin._apps: cred = credentials.Certificate( r"/var/www/html/Testing_prj/Navya-Bakers/constants/navyabakers-1d955-firebase-adminsdk-fbsvc-d2f9578075.json") # # cred = credentials.Certificate( # r"C:\NavyaProject\Navya-Bakers\constants\navyabakers-1d955-firebase-adminsdk-fbsvc-d2f9578075.json") firebase_admin.initialize_app(cred) # "priority": "high", # "restricted_package_name": "com.collabll.orderpickyboy" # # See documentation on defining a message payload. message = messaging.Message( data={"title": title, "description": description, "orderID": Order.order_ID}, android=messaging.AndroidConfig( priority='high' ), apns=messaging.APNSConfig(headers={"apns-priority": "5"}, payload=messaging.APNSPayload( aps=messaging.Aps(badge=99, alert=messaging.ApsAlert(title=title, body=description, ), sound="default", custom_data={"orderID": Order.order_ID}), )) , token=fcmToken, ) try: response = messaging.send(message) except Exception as e: pass else: message = messaging.Message( data={"title": title, "description": description, "orderID": Order.order_ID}, android = messaging.AndroidConfig( priority='high' ), apns=messaging.APNSConfig(headers={"apns-priority": "5"}, payload=messaging.APNSPayload( aps=messaging.Aps(badge=99, alert=messaging.ApsAlert(title=title, body=description, ), sound="default", custom_data={"orderID": Order.order_ID}), )) , token=fcmToken) try: response = messaging.send(message) except Exception as e: pass def initialize_fcm_app(): if not firebase_admin._apps: # cred = credentials.Certificate( # r"C:\NavyaProject\Navya-Bakers\constants\navyabakers-1d955-firebase-adminsdk-fbsvc-d2f9578075.json") cred = credentials.Certificate( r"/var/www/html/Testing_prj/Navya-Bakers/constants/navyabakers-1d955-firebase-adminsdk-fbsvc-d2f9578075.json") firebase_admin.initialize_app(cred) class CheckOptInView(APIView): permission_classes = [IsAuthenticated] def get(self, request): user = request.user return Response( { "status": 1, "opt_in": user.opt_in }, status=status.HTTP_200_OK, ) def put(self, request): user = request.user opt_in = request.data.get("opt_in") if isinstance(opt_in, bool): user.opt_in = opt_in user.save() return Response( { "status": 1, "message": "Opt-in status updated successfully.", "opt_in": user.opt_in }, status=status.HTTP_200_OK, ) else: return Response( { "status": 0, "message": "Invalid value for opt_in. It should be a boolean." }, status=status.HTTP_400_BAD_REQUEST, )