Added forgot-password route and updated main.py

Uttam Singh · Uttam Singh · commit 7a0a234b8eb8 · 2025-11-10T22:10:01.000+05:30
diff --git a/backend/app/main.py b/backend/app/main.py
@@ -7,21 +7,50 @@
 import os, shutil
 from dotenv import load_dotenv
 
-# ⬇️ your database bits
+# ==============================
+# 1️⃣ Load environment variables
+# ==============================
 load_dotenv()
+
 DATABASE_URL = os.getenv("DATABASE_URL", "sqlite:///./app.db")
 engine = create_engine(DATABASE_URL, pool_pre_ping=True)
 SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
 Base = declarative_base()
 
-# ⬇️ import models so SQLAlchemy knows about User
-from app import models
-# … define Task/AuditLog classes …
+
+# ==============================
+# 2️⃣ Database models (Tasks, Audit Logs)
+# ==============================
+class Task(Base):
+    __tablename__ = "tasks"
+    id = Column(Integer, primary_key=True, index=True)
+    title = Column(String(255), nullable=False)
+    department = Column(String(100), nullable=True)
+    assignee = Column(String(100), nullable=True)
+    status = Column(String(50), nullable=False, default="Pending")
+    due_date = Column(Date, nullable=True)
+    priority = Column(String(20), nullable=True)
+    remarks = Column(Text, nullable=True)
+    attachment = Column(String(255), nullable=True)
+
+
+class AuditLog(Base):
+    __tablename__ = "audit_logs"
+    id = Column(Integer, primary_key=True)
+    action = Column(String(50))
+    detail = Column(Text)
+
+
+# ✅ Create all tables initially (will also be re-created by /create-db)
 Base.metadata.create_all(bind=engine)
 
+
+# ==============================
+# 3️⃣ FastAPI app setup
+# ==============================
 app = FastAPI(title="FAT-EIBL (Edme) – API")
 
-# CORS
+# ✅ Enable CORS for frontend
 allow = os.getenv("ALLOW_ORIGINS", "*").split(",")
 app.add_middleware(
     CORSMiddleware,
@@ -31,18 +60,75 @@
     allow_headers=["*"],
 )
 
-# at the bottom: include users router
-from app.routers import users
+
+# ==============================
+# 4️⃣ Database dependency
+# ==============================
+def get_db():
+    db = SessionLocal()
+    try:
+        yield db
+    finally:
+        db.close()
+
+
+# ==============================
+# 5️⃣ Import Routers (User + Forgot Password)
+# ==============================
+from app.routers import users, forgot_password
+
 app.include_router(users.router, prefix="/users", tags=["Users"])
-# --- TEMPORARY: Create Database Tables on Render ---
+app.include_router(forgot_password.router, prefix="/users", tags=["Forgot Password"])
+
+
+# ==============================
+# 6️⃣ Health check
+# ==============================
+@app.get("/health")
+def health():
+    return {"status": "ok", "message": "Backend is running"}
+
+
+# ==============================
+# 7️⃣ File Uploads (optional)
+# ==============================
+UPLOAD_DIR = os.path.join(os.getcwd(), "uploads")
+os.makedirs(UPLOAD_DIR, exist_ok=True)
+
+
+@app.post("/upload/{task_id}")
+async def upload_file(task_id: int, file: UploadFile = File(...), db: Session = Depends(get_db)):
+    obj = db.get(Task, task_id)
+    if not obj:
+        raise HTTPException(status_code=404, detail="Task not found")
+
+    safe_name = f"task_{task_id}_" + os.path.basename(file.filename)
+    dest = os.path.join(UPLOAD_DIR, safe_name)
+
+    with open(dest, "wb") as buffer:
+        shutil.copyfileobj(file.file, buffer)
+
+    obj.attachment = safe_name
+    db.add(AuditLog(action="upload", detail=f"Task ID {task_id} file {safe_name}"))
+    db.commit()
+
+    return {"task_id": task_id, "filename": safe_name}
+
+
+# ==============================
+# 8️⃣ Emergency endpoint: Create database tables
+# ==============================
 from app.models.user import User
-from app.database import Base, engine
+from app.database import Base as DBBase, engine as DBEngine
+
 
 @app.get("/create-db")
 def create_database():
+    """
+    🔧 Use this endpoint on Render once if tables fail to auto-create.
+    """
     try:
-        Base.metadata.create_all(bind=engine)
+        DBBase.metadata.create_all(bind=DBEngine)
         return {"ok": True, "message": "Database tables created successfully"}
     except Exception as e:
         return {"ok": False, "error": str(e)}
-
diff --git a/backend/app/routers/forgot_password.py b/backend/app/routers/forgot_password.py
@@ -0,0 +1,71 @@
+from fastapi import APIRouter, Form, HTTPException, Depends
+from sqlalchemy.orm import Session
+from app.database import get_db
+from app.models.user import User
+import random
+import smtplib
+from email.mime.text import MIMEText
+from email.mime.multipart import MIMEMultipart
+import os
+
+router = APIRouter()
+
+# ✅ Generate random 6-digit OTP
+def generate_otp():
+    return str(random.randint(100000, 999999))
+
+# ✅ Send email via company mail (SMTP)
+def send_otp_email(recipient_email: str, otp: str):
+    sender_email = os.getenv("SMTP_SENDER_EMAIL", "support@edmeinsurance.com")
+    sender_password = os.getenv("SMTP_PASSWORD", "your-app-password")
+    smtp_server = os.getenv("SMTP_SERVER", "smtp.office365.com")
+    smtp_port = int(os.getenv("SMTP_PORT", 587))
+
+    subject = "FAT-EIBL Password Reset OTP"
+    body = f"""
+    <html>
+        <body>
+            <p>Dear User,</p>
+            <p>Your OTP for password reset is: <b>{otp}</b></p>
+            <p>This OTP will expire in 10 minutes.</p>
+            <p>Regards,<br>Finance Audit Tracker - Edme Insurance Brokers Ltd</p>
+        </body>
+    </html>
+    """
+
+    msg = MIMEMultipart()
+    msg["From"] = sender_email
+    msg["To"] = recipient_email
+    msg["Subject"] = subject
+    msg.attach(MIMEText(body, "html"))
+
+    try:
+        with smtplib.SMTP(smtp_server, smtp_port) as server:
+            server.starttls()
+            server.login(sender_email, sender_password)
+            server.send_message(msg)
+        print(f"✅ OTP sent to {recipient_email}")
+    except Exception as e:
+        print(f"❌ Error sending OTP: {e}")
+        raise HTTPException(status_code=500, detail="Failed to send OTP email")
+
+# ✅ Store OTP temporarily (in memory)
+otp_storage = {}
+
+@router.post("/forgot-password")
+def forgot_password(email: str = Form(...), db: Session = Depends(get_db)):
+    # Check if user exists
+    user = db.query(User).filter(User.email == email).first()
+    if not user:
+        raise HTTPException(status_code=404, detail="Email not registered")
+
+    # Generate OTP
+    otp = generate_otp()
+
+    # Save OTP temporarily (could use Redis or DB for production)
+    otp_storage[email] = otp
+
+    # Send email
+    send_otp_email(email, otp)
+
+    return {"ok": True, "message": f"OTP sent to {email}. Please check your inbox."}
