Upload folder using huggingface_hub

Dockerfile

@@ -0,0 +1,17 @@
+FROM python:3.11
+
+RUN useradd -m -u 1000 user
+USER user
+ENV PATH="/home/user/.local/bin:$PATH"
+
+WORKDIR /app
+
+COPY --chown=user ./requirements.txt requirements.txt
+RUN pip install --no-cache-dir --upgrade -r requirements.txt
+
+COPY --chown=user . /app
+EXPOSE 7860
+#ENTRYPOINT ["python"]
+WORKDIR /app
+
+ENTRYPOINT ["python","run.py"]

app/Company_Info.py

@@ -0,0 +1,29 @@
+company_info="""
+### **Detailed Summary**
+
+**1. Company Profile:**
+*   **Name:** Matax Express Ltd.
+*   **Business Type:** Wholesale produce provider.
+*   **Products:** Premium, fresh fruits and vegetables.
+*   **Experience:** Over 30 years serving the community.
+*   **Service Area:** Greater Toronto Area (GTA).
+
+**2. Target Audience:**
+*   The company is a B2B (Business-to-Business) supplier.
+*   Their clients include **restaurants, local markets, and retail stores.**
+
+**3. Key Selling Points & Commitments:**
+*   **Quality:** They promise "consistent quality" with "premium fruits and vegetables."
+*   **Price:** They claim to offer "unbeaten prices."
+*   **Service & Reliability:** This is their core focus. They emphasize "GREAT SERVICE," reliable deliveries, and personalized support. They aim to be a "daily, trusted partner" rather than just a supplier.
+*   **Convenience:** They offer delivery **7 days a week** directly to a client's business.
+*   **Customer-Focused:** They value customer feedback for continuous improvement and strive to make partnerships "seamless and efficient."
+
+**4. Contact Information & Customer Care:**
+*   **Response Time:** They aim to respond to all inquiries within 24 business hours.
+*   **Phone Support:** +1 (800) 123-4567
+*   **Email Support:** support@mataxexpress.com
+*   **Business Hours:** Monday - Friday, 9:00 AM - 5:00 PM (EST)
+*   **Mailing Address:** 123 Fresh Produce Lane, Farmville, ST 54321
+*   **Social Media:** They can be found at the handle **@MataxExpress**.
+"""

app/__init__.py

@@ -0,0 +1,66 @@
+import logging
+from flask import Flask, jsonify
+
+from . import config
+from .extensions import mongo, bcrypt, jwt, cors, session, oauth
+from .xero_client import api_client, xero  # <-- IMPORT XERO REMOTE APP
+from .ai_features import ai_bp
+from .page_features import page_bp
+# app.register_blueprint(api_bp, url_prefix='/api')
+def create_app():
+
+    app = Flask(__name__)
+
+
+    app.register_blueprint(ai_bp, url_prefix='/api')
+    app.register_blueprint(page_bp, url_prefix='/api/pages')
+    app.config.from_object(config)
+    
+    logging.basicConfig(level=logging.INFO)
+
+    # Initialize extensions with the app instance
+    mongo.init_app(app)
+    bcrypt.init_app(app)
+    jwt.init_app(app)
+    cors.init_app(app, supports_credentials=True)
+    session.init_app(app)
+    oauth.init_app(app)
+    
+    # Manually configure client credentials after the app config is loaded
+    client_id = app.config.get('CLIENT_ID')
+    client_secret = app.config.get('CLIENT_SECRET')
+
+    if client_id and client_secret:
+        # 1. Configure the flask-oauthlib remote app
+        xero.client_id = client_id
+        xero.client_secret = client_secret
+
+        # 2. Configure the xero-python SDK api_client
+        api_client.configuration.debug = app.config['DEBUG']
+        api_client.configuration.oauth2_token.client_id = client_id
+        api_client.configuration.oauth2_token.client_secret = client_secret
+    else:
+        logging.warning("Xero CLIENT_ID and/or CLIENT_SECRET are not configured.")
+
+
+    # Register JWT error handlers
+    @jwt.unauthorized_loader
+    def unauthorized_callback(reason):
+        return jsonify(message="Missing Authorization Header"), 401
+
+    @jwt.invalid_token_loader
+    def invalid_token_callback(error):
+        return jsonify(message="Signature verification failed. Token is invalid."), 401
+
+    @jwt.expired_token_loader
+    def expired_token_callback(jwt_header, jwt_payload):
+        return jsonify(message="Token has expired"), 401
+    
+    # Register blueprints to organize routes
+    from .api import api_bp
+    from .xero_routes import xero_bp
+    
+    app.register_blueprint(api_bp, url_prefix='/api')
+    app.register_blueprint(xero_bp)
+
+    return app

app/ai_features.py

@@ -0,0 +1,697 @@
+#your_app/ai_features.py
+
+
+import re
+from flask import Blueprint, request, jsonify, current_app
+from bson.objectid import ObjectId
+from datetime import datetime, date, timedelta
+from flask_jwt_extended import jwt_required, get_jwt_identity
+from .extensions import bcrypt, mongo
+from .Company_Info import company_info
+from .general_utils import backfill_orders,get_next_order_serial
+from google import genai
+from google.genai import types
+import os
+import json
+import traceback
+from .xero_utils import trigger_po_creation,trigger_contact_creation
+# +++ START: WHATSAPP FEATURE IMPORTS +++
+import requests
+from twilio.twiml.messaging_response import MessagingResponse
+# +++ END: WHATSAPP FEATURE IMPORTS +++
+
+ai_bp = Blueprint('ai', __name__)
+
+today = date.today()
+weekday_number = today.weekday()
+days_of_week = ["Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday", "Sunday"]
+weekday_name = days_of_week[weekday_number]
+current_date = datetime.now().strftime('%Y-%m-%d')
+
+
+
+# MODIFIED
+add_items_to_cart_function = {
+    "name": "add_items_to_cart",
+    "description": "Extracts order details from a message to add products to a specific customer's shopping cart. Use this to handle orders like 'Mr Vaibhav Arora Tomato 1 Case Apples 2 Bags'.",
+    "parameters": {
+        "type": "object", "properties": {
+            "user_identifier": {
+                "type": "string",
+                "description": "The name, email, or business name of the customer for whom the order is being placed. This MUST be extracted from the message."
+            },
+            "items": { "type": "array", "description": "A list of items to add to the cart.", "items": { "type": "object", "properties": { "product_name": { "type": "string", "description": "The name of the product. This must match one of the available product names.", }, "quantity": { "type": "number", "description": "The quantity of the product.", }, "unit": { "type": "string", "description": "The unit of measure for the quantity (e.g., 'case', 'bag', 'piece').This must match one of the available units for the product.Must be lowercase, Eg: The correct unit is:`bag` , and invalid unit is  `bags`", }, }, "required": ["product_name", "quantity", "unit"], }, },
+            "delivery_date": {
+                "type": "string",
+                "description": "The desired delivery date for the order, in YYYY-MM-DD format. Extract if the user explicitly states a date.",
+            }
+        },
+        "required": ["user_identifier", "items"],
+    },
+}
+
+# MODIFIED
+remove_items_from_cart_function = {
+    "name": "remove_items_from_cart",
+    "description": "Removes one or more specific items from a customer's shopping cart based on their name.",
+    "parameters": {
+        "type": "object",
+        "properties": {
+            "user_identifier": {
+                "type": "string",
+                "description": "The name, email, or business name of the customer. Must be extracted from the user's message."
+            },
+            "items": {
+                "type": "array",
+                "description": "A list of items to remove from the cart. Only product_name is required.",
+                "items": {
+                    "type": "object",
+                    "properties": {
+                        "product_name": {
+                            "type": "string",
+                            "description": "The name of the product to remove. This must match an available product name.",
+                        },
+                    },
+                    "required": ["product_name"],
+                },
+            }
+        },
+        "required": ["user_identifier", "items"],
+    },
+}
+
+# MODIFIED
+clear_cart_function = {
+    "name": "clear_cart",
+    "description": "Removes all items from a specific customer's shopping cart.",
+    "parameters": {
+        "type": "object",
+        "properties": {
+            "user_identifier": {
+                "type": "string",
+                "description": "The name, email, or business name of the customer whose cart should be cleared. Must be extracted from the user's message."
+            }
+        },
+        "required": ["user_identifier"]
+    }
+}
+
+# +++ START: NEW FUNCTION DEFINITION FOR DIRECT ORDER +++
+create_direct_order_function = {
+    "name": "create_direct_order",
+    "description": "Parses a complete order from a single message and places it directly, bypassing the cart. Use this when the user provides the customer name, items, and a delivery date all at once.",
+    "parameters": {
+        "type": "object",
+        "properties": {
+            "user_identifier": {
+                "type": "string",
+                "description": "The name, email, or business name of the customer for whom the order is being placed. This MUST be extracted from the message."
+            },
+            "items": {
+                "type": "array",
+                "description": "A list of items for the order.",
+                "items": {
+                    "type": "object",
+                    "properties": {
+                        "product_name": {"type": "string", "description": "The name of the product."},
+                        "quantity": {"type": "number", "description": "The quantity of the product."},
+                        "unit": {"type": "string", "description": "The unit of measure (e.g., 'case', 'bag', 'piece').Must be lowercase"}
+                    },
+                    "required": ["product_name", "quantity", "unit"]
+                }
+            },
+            "delivery_date": {
+                "type": "string",
+                "description": "The desired delivery date for the order, in YYYY-MM-DD format. This is required to use this function."
+            },
+            "additional_info": {
+                "type": "string",
+                "description": "Any special instructions or notes from the user for the delivery."
+            }
+        },
+        "required": ["user_identifier", "items", "delivery_date"],
+    },
+}
+
+navigate_to_page_function = {
+    "name": "navigate_to_page",
+    "description": "Provides a button in the chat to navigate the user to a specific page.",
+    "parameters": {
+        "type": "object",
+        "properties": {
+            "page": {
+                "type": "string",
+                "description": "The destination page. Must be one of the allowed pages.",
+                "enum": ["orders", "cart", "catalog", "home", "about", "care", "login", "register"]
+            }
+        },
+        "required": ["page"]
+    }
+}
+
+# MODIFIED
+get_my_orders_function = {
+    "name": "get_my_orders",
+    "description": "Retrieves a summary of a specific customer's most recent orders to display in the chat.",
+    "parameters": {
+        "type": "object",
+        "properties": {
+            "user_identifier": {
+                "type": "string",
+                "description": "The name, email, or business name of the customer whose orders are being requested."
+            }
+        },
+        "required": ["user_identifier"]
+    }
+}
+
+# MODIFIED
+get_cart_items_function = {
+    "name": "get_cart_items",
+    "description": "Retrieves the items currently in a specific customer's shopping cart and lists them.",
+    "parameters": {
+        "type": "object",
+        "properties": {
+            "user_identifier": {
+                "type": "string",
+                "description": "The name, email, or business name of the customer whose cart is being viewed."
+            }
+        },
+        "required": ["user_identifier"]
+    }
+}
+
+get_order_details_function = {
+    "name": "get_order_details",
+    "description": "Retrieves the specific items and details for a single order based on its ID.",
+    "parameters": {
+        "type": "object",
+        "properties": {
+            "order_id": {
+                "type": "string",
+                "description": "The ID of the order to fetch. Can be the full ID or the last 6 characters."
+            }
+        },
+        "required": ["order_id"]
+    }
+}
+
+cancel_order_function = {
+    "name": "cancel_order",
+    "description": "Proposes to cancel an order based on its ID. This requires user confirmation.",
+    "parameters": {
+        "type": "object",
+        "properties": {
+            "order_id": {
+                "type": "string",
+                "description": "The ID of the order to be cancelled."
+            }
+        },
+        "required": ["order_id"]
+    }
+}
+
+# MODIFIED
+place_order_function = {
+    "name": "place_order",
+    "description": "Places a final order for a customer using the items in their cart. This action is final and will clear the cart.",
+    "parameters": {
+        "type": "object",
+        "properties": {
+            "user_identifier": {
+                "type": "string",
+                "description": "The name, email, or business name of the customer for whom the order is being placed. Must be extracted from the user's message."
+            },
+            "delivery_date": {
+                "type": "string",
+                "description": "The desired delivery date in YYYY-MM-DD format. Must be confirmed with the user."
+            },
+            "additional_info": {
+                "type": "string",
+                "description": "Any special instructions or notes from the user for the delivery."
+            }
+        },
+        "required": ["user_identifier", "delivery_date"]
+    }
+}
+
+register_new_customer_function = {
+    "name": "register_new_customer",
+    "description": "Registers a new customer by collecting their essential details. Use this when a user expresses intent to sign up or is not recognized.",
+    "parameters": {
+        "type": "object",
+        "properties": {
+            "businessName": {
+                "type": "string",
+                "description": "The customer's business or company name."
+            },
+            "email": {
+                "type": "string",
+                "description": "The customer's primary email address. This will be their login username."
+            },
+            "password": {
+                "type": "string",
+                "description": "A password for the user's account. The user must provide this."
+            },
+            "phoneNumber": {
+                "type": "string",
+                "description": "The user's contact phone number."
+            },
+            "businessAddress": {
+                "type": "string",
+                "description": "The full delivery address for the business."
+            },
+            "contactPerson": {
+                "type": "string",
+                "description": "The customer's full name or primary contact person's name."
+            }
+        },
+        "required": ["businessName", "email", "password", "phoneNumber", "businessAddress"]
+    }
+}
+
+get_my_orders_function_website = {
+    "name": "get_my_orders",
+    "description": "Retrieves a summary of the user's most recent orders to display in the chat.",
+    "parameters": {"type": "object", "properties": {}}
+}
+
+add_items_to_cart_function_website = {
+    "name": "add_items_to_cart",
+    "description": "Extracts order details from a user's message to add products to their shopping cart. Can also set a delivery date.",
+    "parameters": {
+        "type": "object", "properties": {
+            "items": { "type": "array", "description": "A list of items to add to the cart.", "items": { "type": "object", "properties": { "product_name": { "type": "string", "description": "The name of the product. This must match one of the available product names.", }, "quantity": { "type": "number", "description": "The quantity of the product.", }, "unit": { "type": "string", "description": "The unit of measure for the quantity (e.g., 'lb', 'pieces', 'box', 'bunch'). This must match one of the available units for the product.", }, }, "required": ["product_name", "quantity", "unit"], }, },
+            "delivery_date": {
+                "type": "string",
+                "description": "The desired delivery date for the order, in YYYY-MM-DD format. The user must explicitly state a date.",
+            }
+        },
+        "required": ["items"],
+    },
+}
+cancel_order_function_website = {
+    "name": "cancel_order",
+    "description": "Proposes to cancel an order based on its ID. This requires user confirmation.",
+    "parameters": {
+        "type": "object",
+        "properties": {
+            "order_id": {
+                "type": "string",
+                "description": "The ID of the order to be cancelled. Can be the full ID or the last 6 characters."
+            }
+        },
+        "required": ["order_id"]
+    }
+}
+
+@ai_bp.route('/chat', methods=['POST'])
+@jwt_required()
+def handle_ai_chat():
+        
+    # ... (Web chat endpoint remains unchanged)
+        user_email = get_jwt_identity()
+        MODES = ['case', 'bag', 'piece', 'tray', 'weight']
+        all_products = list(mongo.db.products.find({}, {'name': 1, 'unit': 1, '_id': 0}))
+        product_context_list = []
+        for p in all_products:
+            if 'name' not in p: continue
+            unit_string = p.get('unit', '').lower()
+            available_modes = [mode for mode in MODES if mode in unit_string]
+            if available_modes:
+                product_context_list.append(f"{p['name']} (available units: {', '.join(available_modes)})")
+            else:
+                product_context_list.append(p['name'])
+        client = genai.Client(api_key="AIzaSyB7yKIdfW7Umv62G47BCdJjoHTJ9TeiAko")
+
+        min_delivery_date = (datetime.now() + timedelta(days=2)).strftime('%Y-%m-%d')
+
+        tools = types.Tool(function_declarations=[
+            add_items_to_cart_function_website,
+            navigate_to_page_function,
+            get_my_orders_function_website,
+            cancel_order_function_website,
+        ])
+        config = types.GenerateContentConfig(tools=[tools])
+        
+        instruction_prompt = f"""
+        You are an expert assistant for a food wholesale company. Your capabilities include:
+        1.  Ordering & Delivery Date: Use `add_items_to_cart` to add items to the user's cart. You can also set a delivery date if the user specifies one. The current date is {current_date,weekday_name}. The earliest possible delivery date is {min_delivery_date}. If the user asks for a date earlier than this, inform them of the constraint and ask them to provide a new valid date.
+        2.  Product List: {'; '.join(product_context_list)}.
+        3.  Page Navigation: Use `navigate_to_page` if the user wants to GO to a page like 'my orders', 'about us', 'customer care', 'login', etc.
+        4.  Order Summary: Use `get_my_orders` to LIST a summary of recent orders in the chat.
+        5.  Order Cancellation: Use `cancel_order` to start the cancellation process for a SPECIFIC order. The user must provide an order ID.
+        6.  New Customer Registration: Use `register_new_customer` if a user wants to sign up.
+        7.  The Capability You must use AT ALL TIMES: Luring the customer to place an order and persuading them to buy more products.
+        *Always Brag about the quality of our products and our customer service and try to persuade the customer to place an order.*
+        Company Info for general questions: {company_info}
+        *** IMPORTANT: When providing a text-based answer, YOU MUST USE MARKDOWN. Use headings, bold text, bullet points (`* item`), and other formatting to make your answers clear, structured, and easy to read. ***
+        Always refer to the chat history for context. **If information is missing, ask for it.**
+        """
+
+        user_input_part, history_data = None, []
+        if 'multipart/form-data' in request.content_type:
+            audio_file = request.files.get('audio')
+            history_json = request.form.get('history', '[]')
+            history_data = json.loads(history_json)
+            user_input_part = types.Part.from_bytes(data=audio_file.read(), mime_type=audio_file.mimetype.split(';')[0])
+        elif 'application/json' in request.content_type:
+            json_data = request.get_json()
+            history_data = json_data.get('history', [])
+            user_input_part = json_data.get('message')
+        else: return jsonify({"msg": "Unsupported format"}), 415
+
+        history_contents = [msg.get('data') for msg in history_data if msg.get('type') == 'text']
+        final_contents = [instruction_prompt] + history_contents + [user_input_part]
+        response = client.models.generate_content(model="gemini-2.5-flash", contents=final_contents, config=config)
+        response_part = response.candidates[0].content.parts[0]
+
+        if response_part.function_call:
+            backfill_orders()
+            function_call = response_part.function_call
+
+            if function_call.name == "add_items_to_cart":
+                proposal_data = {
+                    "items": function_call.args.get('items', []),
+                    "delivery_date": function_call.args.get('delivery_date')
+                }
+                return jsonify({"type": "order_proposal", "data": proposal_data}), 200
+
+            elif function_call.name == "register_new_customer":
+                return jsonify({
+                    "type": "navigation_proposal",
+                    "data": {
+                        "path": "/register",
+                        "button_text": "Go to Sign Up Page",
+                        "prompt_text": "Excellent! I can help with that. Please click the button below to go to our registration page."
+                    }
+                }), 200
+
+            elif function_call.name == "navigate_to_page":
+                page = function_call.args.get('page')
+                path_map = {'orders': '/order', 'cart': '/cart', 'catalog': '/catalog', 'home': '/', 'about': '/about', 'care': '/care', 'login': '/login', 'register': '/register'}
+                text_map = {'orders': 'Go to My Orders', 'cart': 'Go to Cart', 'catalog': 'Go to Catalog', 'home': 'Go to Homepage', 'about': 'Go to About Page', 'care': 'Go to Customer Care', 'login': 'Go to Login', 'register': 'Go to Sign Up'}
+                if page in path_map:
+                    return jsonify({"type": "navigation_proposal", "data": {"path": path_map[page], "button_text": text_map[page], "prompt_text": f"Sure, let's go to the {page} page."}}), 200
+
+            elif function_call.name == "get_my_orders":
+                recent_orders = list(mongo.db.orders.find({'user_email': user_email}).sort('created_at', -1).limit(5))
+                if not recent_orders: return jsonify({"type": "text", "data": "You have no recent orders."}), 200
+                details_text=""
+                for order in recent_orders:
+                    product_ids = [ObjectId(item['productId']) for item in order.get('items', [])]
+                    products_map = {str(p['_id']): p for p in mongo.db.products.find({'_id': {'$in': product_ids}})}
+                    item_lines = [f"- {item['quantity']} {item.get('mode', 'pcs')} of {products_map.get(item['productId'], {}).get('name', 'Unknown Product')}" for item in order.get('items', [])]
+                    details_text += f"\n\n **Details for Order #{str(order['serial_no'])}** _(Delivery Status: {order.get('status')})_:\n" + "\n".join(item_lines)
+                return jsonify({"type": "text", "data": "**Here are your recent orders**:\n" + details_text}), 200
+
+            elif function_call.name == "cancel_order":
+                order_id_frag = function_call.args.get("order_id", "").strip()
+                all_user_orders = mongo.db.orders.find({'user_email': user_email})
+                order = None
+                for o in all_user_orders:
+                    if str(o['serial_no']) == order_id_frag:
+                        order = o
+                        break
+                if not order: return jsonify({"type": "text", "data": f"Sorry, I couldn't find an order with ID matching '{order_id_frag}'."}), 200
+                if order.get('status') not in ['pending', 'confirmed']: return jsonify({"type": "text", "data": f"Order #{order['serial_no']} cannot be cancelled as its status is '{order.get('status')}'."}), 200
+                return jsonify({
+                    "type": "cancellation_proposal",
+                    "data": {"order_id": str(order['_id']), "prompt_text": f"Are you sure you want to cancel order #{order['serial_no']}?"}
+                }), 200
+
+        return jsonify({"type": "text", "data": response.text}), 200
+
+def _find_user_by_identifier(identifier):
+    """
+    Finds a user by contact person, business name, or email with improved matching.
+    Handles prefixes and prompts for clarification on multiple matches.
+    """
+    if not identifier or not isinstance(identifier, str):
+        return None, "No user identifier was provided. Please specify a customer."
+    
+    # Clean the identifier to remove common titles for better name matching
+    titles = ['mr', 'mrs', 'ms', 'dr', 'mr.', 'mrs.']
+    original_identifier = identifier.strip()
+    # Clean the identifier for name searches by removing titles
+    cleaned_identifier = ' '.join([word for word in original_identifier.split() if word.lower().strip('.') not in titles])
+    
+    # If cleaning results in an empty string (e.g., input was just "Mr."), use the original.
+    if not cleaned_identifier:
+        cleaned_identifier = original_identifier
+
+    query = {
+        "$or": [
+            # Search for the cleaned name within the contactPerson and businessName fields
+            {"contactPerson": {"$regex": re.escape(cleaned_identifier), "$options": "i"}},
+            {"businessName": {"$regex": re.escape(cleaned_identifier), "$options": "i"}},
+            # Use a more exact match for the email with the original input
+            {"email": {"$regex": f"^{re.escape(original_identifier)}$", "$options": "i"}}
+        ]
+    }
+    users_found = list(mongo.db.users.find(query))
+    
+    if len(users_found) == 0:
+        return None, f"I could not find a customer matching '{identifier}'. Please check the name , or try finding by using their email id or register them as a new customer."
+    
+    if len(users_found) > 1:
+        options_text = "*Did you mean:*\n"
+        for u in users_found:
+            contact_person = u.get('contactPerson', 'N/A')
+            business_name = u.get('businessName', 'N/A')
+            options_text += f"- {contact_person} (from {business_name})?\n"
+        options_text += "\nPlease clarify by providing the full name, business name, or email."
+        return None, options_text
+
+    return users_found[0], None # Return user object and no error message
+
+@ai_bp.route('/whatsapp', methods=['POST'])
+def whatsapp_reply():
+    """ Responds to incoming WhatsApp messages (text or audio) via Twilio. """
+    final_response_text = "I'm sorry, I encountered an error. Please try again."
+    twilio_resp = MessagingResponse()
+    
+    try:
+        # --- 1. Get Message from Twilio Request ---
+        whatsapp_number = request.values.get('From')
+        user_message_text = request.values.get('Body', '').strip()
+        num_media = int(request.values.get('NumMedia', 0))
+
+        if not whatsapp_number:
+            current_app.logger.error("Request received without a 'From' number.")
+            twilio_resp.message("Could not identify your number. Please try again.")
+            return str(twilio_resp)
+
+        # --- 2. Setup AI Client and Product Context ---
+        client = genai.Client(api_key=os.getenv("GEMINI_API_KEY"))
+        MODES = ['case', 'bag', 'piece', 'tray', 'weight']
+        all_products = list(mongo.db.products.find({}, {'name': 1, 'unit': 1, '_id': 0}))
+        product_context_list = []
+        for p in all_products:
+            if 'name' not in p: continue
+            unit_string = p.get('unit', '').lower()
+            available_modes = [mode for mode in MODES if mode in unit_string]
+            if available_modes:
+                product_context_list.append(f"{p['name']} (available units: {', '.join(available_modes)})")
+            else:
+                product_context_list.append(p['name'])        
+        # --- 3. Process User Input (Text or Audio) ---
+        user_input_part = None
+        if num_media > 0:
+            media_url = request.values.get('MediaUrl0')
+            mime_type = request.values.get('MediaContentType0')
+            if 'audio' in mime_type:
+                audio_response = requests.get(media_url)
+                if audio_response.status_code == 200:
+                    user_input_part = types.Part.from_bytes(data=audio_response.content, mime_type=mime_type.split(';')[0])
+        
+        if not user_input_part and user_message_text:
+            user_input_part = user_message_text
+
+        if not user_input_part:
+            twilio_resp.message("Please send a message or a voice note.")
+            return str(twilio_resp)
+
+        # --- 4. Configure AI for Multi-Customer Admin ---
+        history_doc = mongo.db.whatsapp_history.find_one({'whatsapp_number': whatsapp_number})
+        chat_history = history_doc.get('history', []) if history_doc else []
+
+        tools = types.Tool(function_declarations=[
+            create_direct_order_function, # ADDED
+            add_items_to_cart_function,
+            remove_items_from_cart_function,
+            clear_cart_function,
+            get_cart_items_function,
+            place_order_function,
+            get_my_orders_function,
+            register_new_customer_function
+        ])
+        
+        instruction_prompt = f"""
+        The current date is {current_date,weekday_name}.
+        You are an expert wholesale ordering assistant for 'Matax Express', communicating via WhatsApp. You are talking to an admin user who will place orders and manage accounts for MULTIPLE different customers.
+
+        Your primary capabilities are:
+        1.  **Placing and Managing Orders for Customers:**
+            - The admin's message will specify the customer by their name (e.g., "Mr. Vaibhav Arora"), business name, or email.
+            - Your FIRST step is to extract this customer identifier. You MUST provide this `user_identifier` in all function calls related to carts or orders.
+            - If you cannot identify a customer, or if the name is ambiguous, you must ask the admin for clarification.
+
+        2.  **Direct Orders (One-Shot):**
+            - If the user provides a customer name, a list of items, AND a delivery date in a single message, use the `create_direct_order` function to place the order immediately, bypassing the cart.
+
+        3.  **Registering New Customers:**
+            - If the admin asks to register a new customer, use the `register_new_customer` function.
+
+        **Function Guide & Rules:**
+        - `create_direct_order`: Use for complete, one-shot orders with a delivery date.
+        - `add_items_to_cart`: To add items for a specific customer when NO delivery date is given.
+        - `place_order`: To finalize and place a customer's order *from their cart*.
+        - `register_new_customer`: To sign up a new customer.
+        - **Product List:** {', '.join(product_context_list)}.
+        - **Company Info:** For general questions: {company_info}.
+        - **Communication:** Always be professional. Confirm actions clearly. Respond using WhatsApp-compatible markdown (*bold*, _italic_).
+        - **Website Info:** When a customer is registered or an order is placed, inform the admin that the customer can log in at https://matax-express.vercel.app/.
+        """
+        
+        config = types.GenerateContentConfig(tools=[tools])
+        
+        final_contents = [instruction_prompt] + chat_history + [user_input_part]
+        response = client.models.generate_content(
+            model="gemini-2.5-flash", contents=final_contents, config=config
+        )
+        
+        response_part = response.candidates[0].content.parts[0]
+
+        # --- 5. Process AI Response (Function Call or Text) ---
+        if response_part.function_call:
+            backfill_orders()
+            function_call = response_part.function_call
+            args = function_call.args
+            
+            # Handle functions that don't need a user lookup first
+            if function_call.name == 'register_new_customer':
+                email = args.get('email').lower()
+                if mongo.db.users.find_one({'email': email}):
+                    final_response_text = f"An account with the email '{email}' already exists."
+                else:
+                    hashed_password = bcrypt.generate_password_hash(args.get('password')).decode('utf-8')
+                    user_doc = { "businessName": args.get('businessName'), "companyName": args.get('businessName'), "email": email, "password": hashed_password, "phoneNumber": args.get('phoneNumber'), "businessAddress": args.get('businessAddress'), "contactPerson": args.get('contactPerson'), "is_approved": False, "is_admin": False, "created_at": datetime.utcnow() }
+                    mongo.db.users.insert_one(user_doc)
+                    final_response_text = f"The User ,  {args.get('contactPerson')} is now registered and their application is pending for approval. After Apprvoal , {args.get('contactPerson')}  can log in at https://matax-express.vercel.app/."
+
+            elif function_call.name == 'get_order_details':
+                order_doc = mongo.db.orders.find_one({'_id': ObjectId(args.get("order_id"))}) if ObjectId.is_valid(args.get("order_id")) else mongo.db.orders.find_one({'_id': {'$regex': f'.*{args.get("order_id")}$'}} )
+                if not order_doc:
+                    final_response_text = f"Sorry, I couldn't find an order with ID matching '{args.get('order_id')}'."
+                else:
+                    p_ids = [ObjectId(item['productId']) for item in order_doc.get('items', [])]
+                    p_map = {str(p['_id']): p for p in mongo.db.products.find({'_id': {'$in': p_ids}})}
+                    item_lines = [f"- {i['quantity']} {i.get('mode', 'pcs')} of {p_map.get(i['productId'], {}).get('name', 'Unknown')}" for i in order_doc.get('items', [])]
+                    details = f"*Details for Order #{order['serial_no']}*\n*Customer:* {order_doc.get('user_email')}\n*Status:* {order_doc.get('status', 'N/A')}\n*Delivery:* {order_doc.get('delivery_date', 'N/A')}\n\n*Items:*\n" + "\n".join(item_lines)
+                    final_response_text = details
+            
+            # For all other functions, perform user lookup
+            else:
+                user, error_msg = _find_user_by_identifier(args.get("user_identifier"))
+                if error_msg:
+                    final_response_text = error_msg
+                else: # User was found successfully
+                    user_email = user['email']
+                    user_name = user.get('contactPerson', 'the customer')
+
+                    if function_call.name == 'create_direct_order':
+                        items_from_args = args.get('items', [])
+                        validated_items, error_items = [], []
+                        for item in items_from_args:
+                            p_doc = mongo.db.products.find_one({'name': {'$regex': f'^{item.get("product_name")}$', '$options': 'i'}})
+                            if p_doc:
+                                validated_items.append({"productId": str(p_doc['_id']), "quantity": item.get('quantity'), "mode": item.get('unit')})
+                            else:
+                                error_items.append(item.get("product_name"))
+                        
+                        if error_items:
+                            final_response_text = f"I couldn't place the order for *{user_name}* because these products were not found: {', '.join(error_items)}. Please try again."
+                        else:
+                            next_serial = get_next_order_serial()
+                            order_doc = {'user_email': user_email, 'items': validated_items, 'delivery_date': args.get('delivery_date'), 'delivery_address': user.get('businessAddress'), 'mobile_number': user.get('phoneNumber'), 'additional_info': args.get('additional_info', ''), 'status': 'pending', 'created_at': datetime.utcnow(),'serial_no': next_serial}
+                            order_id = mongo.db.orders.insert_one(order_doc).inserted_id
+                            order_details_for_xero = {
+                            "order_id": str(order_id), "user_email": user_email, "items": validated_items,
+                            "delivery_address": user.get('businessAddress'), "mobile_number": user.get('phoneNumber'),"deliverydate": args.get('delivery_date')
+                            }
+                            trigger_po_creation(order_details_for_xero)
+                            final_response_text = f"Thank you! I have directly placed order #{next_serial} for *{user_name}* for delivery on {args.get('delivery_date')}. They can view details at https://matax-express.vercel.app/."
+
+                    elif function_call.name == 'add_items_to_cart':
+                        items_to_add, added_messages, db_items = args.get('items', []), [], []
+                        for item in items_to_add:
+                            p_doc = mongo.db.products.find_one({'name': {'$regex': f'^{item.get("product_name")}$', '$options': 'i'}})
+                            if p_doc:
+                                db_items.append({"productId": str(p_doc['_id']), "quantity": item.get('quantity'), "mode": item.get('unit')})
+                                added_messages.append(f"{item.get('quantity')} {item.get('unit')} of {p_doc['name']}")
+                            else: added_messages.append(f"could not find '{item.get('product_name')}'")
+                        if db_items: mongo.db.carts.update_one({'user_email': user_email}, {'$push': {'items': {'$each': db_items}}, '$set': {'updated_at': datetime.utcnow()}}, upsert=True)
+                        final_response_text = f"OK, I've updated the cart for *{user_name}*: I added {', '.join(added_messages)}."
+
+                    elif function_call.name == 'place_order':
+
+                        next_serial = get_next_order_serial()
+                        cart = mongo.db.carts.find_one({'user_email': user_email})
+                        if not cart or not cart.get('items'):
+                            final_response_text = f"The cart for *{user_name}* is empty. Please add items first."
+                        else:
+                            order_doc = {'user_email': user_email, 'items': cart['items'], 'delivery_date': args.get('delivery_date'), 'delivery_address': user.get('businessAddress'), 'mobile_number': user.get('phoneNumber'), 'additional_info': args.get('additional_info', ''), 'status': 'pending', 'created_at': datetime.utcnow(),'serial_no': next_serial}
+                            order_id = mongo.db.orders.insert_one(order_doc).inserted_id
+                            order_details_for_xero = {
+                            "order_id": str(order_id), "user_email": user_email, "items": cart['items'],
+                            "delivery_address": user.get('businessAddress'), "mobile_number": user.get('phoneNumber'),"deliverydate": args.get('delivery_date')
+                            }
+                            trigger_po_creation(order_details_for_xero)
+                            mongo.db.carts.delete_one({'user_email': user_email}) # Clear cart
+                            final_response_text = f"Thank you! Order `#{next_serial}` has been placed for *{user_name}* for delivery on {args.get('delivery_date')}. They can view details at https://matax-express.vercel.app/."
+                    
+                    elif function_call.name == 'get_cart_items':
+                        cart = mongo.db.carts.find_one({'user_email': user_email})
+                        if not cart or not cart.get('items'):
+                            final_response_text = f"The shopping cart for *{user_name}* is currently empty."
+                        else:
+                            p_ids = [ObjectId(item['productId']) for item in cart.get('items', [])]
+                            p_map = {str(p['_id']): p for p in mongo.db.products.find({'_id': {'$in': p_ids}})}
+                            item_lines = [f"- {i.get('quantity')} {i.get('mode', 'pcs')} of {p_map.get(i.get('productId'), {}).get('name', 'Unknown')}" for i in cart.get('items', [])]
+                            final_response_text = f"*Here are the items in {user_name}'s cart:*\n" + "\n".join(item_lines) if item_lines else f"The cart for *{user_name}* is empty."
+                    
+                    elif function_call.name == 'get_my_orders':
+                        orders = list(mongo.db.orders.find({'user_email': user_email}).sort('created_at', -1).limit(3))
+                        details_text = ""
+                        if not orders:
+                            final_response_text = f"*{user_name}* doesn't have any recent orders."
+                        else:
+                            for order in orders:
+                                order_display_id = order.get('serial_no')
+                                product_ids = [ObjectId(item['productId']) for item in order.get('items', [])]
+                                products_map = {str(p['_id']): p for p in mongo.db.products.find({'_id': {'$in': product_ids}})}
+                                item_lines = [f"- {item['quantity']} {item.get('mode', 'pcs')} of {products_map.get(item['productId'], {}).get('name', 'Unknown Product')}" for item in order.get('items', [])]
+                                details_text += f"\n\n **Details for Order #{order_display_id}** _(Delivery Status: {order.get('status')})_:\n" + "\n".join(item_lines)
+                            final_response_text ="Here are your recent orders:\n" + details_text
+        else:
+            final_response_text = response.text
+
+        # --- 6. Save Conversation to Database ---
+        user_message_to_save = user_message_text if user_message_text else "Audio message"
+        chat_history.append({"role": "user", "parts": [{"text": user_message_to_save}]})
+        chat_history.append({"role": "model", "parts": [{"text": final_response_text}]})
+        if len(chat_history) > 10: chat_history = chat_history[-10:]
+        mongo.db.whatsapp_history.update_one(
+            {'whatsapp_number': whatsapp_number},
+            {'$set': {'history': chat_history, 'updated_at': datetime.utcnow()}},
+            upsert=True
+        )
+
+    except Exception as e:
+        print(traceback.format_exc())
+        current_app.logger.error(f"WhatsApp endpoint error: {e}")
+        final_response_text = "I'm having a little trouble right now. Please try again in a moment."
+
+    twilio_resp.message(final_response_text)
+    return str(twilio_resp)

app/api.py

@@ -0,0 +1,392 @@
+# your_app/api.py
+
+from flask import Blueprint, request, jsonify, current_app, redirect
+from bson.objectid import ObjectId
+from datetime import datetime
+from flask_jwt_extended import create_access_token, jwt_required, get_jwt_identity
+from .extensions import bcrypt, mongo
+from .xero_utils import trigger_po_creation, trigger_contact_creation,sync_user_approval_from_xero
+from .email_utils import send_order_confirmation_email, send_registration_email, send_login_notification_email, send_cart_reminder_email
+from .general_utils import get_next_order_serial
+
+
+api_bp = Blueprint('api', __name__)
+@api_bp.route('/sync_xero_users', methods=['GET'])
+def sync_xero_users():
+    sync_user_approval_from_xero()
+    return "✅"
+
+@api_bp.route('/clear')
+def clear_all():
+    mongo.db.users.delete_many({})
+    mongo.db.orders.delete_many({})
+    return "✅"
+
+@api_bp.route('/register', methods=['POST'])
+def register():
+    data = request.get_json()
+    email = data.get('email')
+    password = data.get('password')
+    company_name = data.get('businessName') 
+    
+    if not all([email, password, company_name]): 
+        return jsonify({"msg": "Missing required fields: Email, Password, and Business Name"}), 400
+    if mongo.db.users.find_one({'email': email}): 
+        return jsonify({"msg": "A user with this email already exists"}), 409
+    
+    hashed_password = bcrypt.generate_password_hash(password).decode('utf-8')
+    
+    user_document = data.copy()
+    user_document['password'] = hashed_password
+    user_document['company_name'] = company_name
+    user_document['is_approved'] = True
+    user_document['is_admin'] = False
+    
+    mongo.db.users.insert_one(user_document)
+    trigger_contact_creation(data)
+
+    try:
+        send_registration_email(data)
+    except Exception as e:
+        current_app.logger.error(f"Failed to send registration email to {email}: {e}")
+
+    return jsonify({"msg": "Registration successful! Your application is being processed."}), 201
+
+# ... (the rest of your api.py file remains unchanged)
+@api_bp.route('/login', methods=['POST'])
+def login():
+    data = request.get_json()
+    email, password = data.get('email'), data.get('password')
+    user = mongo.db.users.find_one({'email': email})
+
+    if user and user.get('password') and bcrypt.check_password_hash(user['password'], password):
+        if not user.get('is_approved', False): return jsonify({"msg": "Account pending approval"}), 403
+        
+        try:
+            send_login_notification_email(user)
+        except Exception as e:
+            current_app.logger.error(f"Failed to send login notification email to {email}: {e}")
+
+        access_token = create_access_token(identity=email)
+        return jsonify(access_token=access_token, email=user['email'], companyName=user['businessName'],contactPerson=user.get('contactPerson', '')) , 200
+    
+    return jsonify({"msg": "Bad email or password"}), 401
+
+@api_bp.route('/profile', methods=['GET'])
+@jwt_required()
+def get_user_profile():
+    user_email = get_jwt_identity()
+    user = mongo.db.users.find_one({'email': user_email})
+
+    if not user:
+        return jsonify({"msg": "User not found"}), 404
+
+    profile_data = {
+        'deliveryAddress': user.get('businessAddress', ''),
+        'mobileNumber': user.get('phoneNumber', '')
+    }
+    
+    return jsonify(profile_data), 200
+
+@api_bp.route('/products', methods=['GET'])
+def get_products():
+    products = [{
+        'id': str(p['_id']), 'name': p.get('name'), 'category': p.get('category'),
+        'unit': p.get('unit'), 'image_url': p.get('image_url', ''), 'price': p.get('price', '')
+    } for p in mongo.db.products.find()]
+    return jsonify(products)
+
+
+@api_bp.route('/cart', methods=['GET', 'POST'])
+@jwt_required()
+def handle_cart():
+    user_email = get_jwt_identity()
+
+    if request.method == 'GET':
+        cart = mongo.db.carts.find_one({'user_email': user_email})
+        if not cart:
+            return jsonify({'items': [], 'deliveryDate': None})
+
+        populated_items = []
+        if cart.get('items'):
+            product_ids = [ObjectId(item['productId']) for item in cart['items']]
+            if product_ids:
+                products = {str(p['_id']): p for p in mongo.db.products.find({'_id': {'$in': product_ids}})}
+                for item in cart['items']:
+                    details = products.get(item['productId'])
+                    if details:
+                        populated_items.append({
+                            'product': {'id': str(details['_id']), 'name': details.get('name'), 'unit': details.get('unit'), 'image_url': details.get('image_url'), 'price': details.get('price')},
+                            'quantity': item['quantity'],
+                            'mode': item.get('mode', 'pieces')
+                        })
+        
+        return jsonify({
+            'items': populated_items,
+            'deliveryDate': cart.get('deliveryDate')
+        })
+
+    if request.method == 'POST':
+        data = request.get_json()
+        
+        update_doc = {
+            'user_email': user_email,
+            'updated_at': datetime.utcnow()
+        }
+        
+        if 'items' in data:
+            update_doc['items'] = data['items']
+
+        if 'deliveryDate' in data:
+            update_doc['deliveryDate'] = data['deliveryDate']
+
+        mongo.db.carts.update_one(
+            {'user_email': user_email},
+            {'$set': update_doc},
+            upsert=True
+        )
+        return jsonify({"msg": "Cart updated successfully"})
+
+@api_bp.route('/orders', methods=['GET', 'POST'])
+@jwt_required()
+def handle_orders():
+    user_email = get_jwt_identity()
+
+    if request.method == 'POST':
+        cart = mongo.db.carts.find_one({'user_email': user_email})
+        if not cart or not cart.get('items'): return jsonify({"msg": "Your cart is empty"}), 400
+        
+        data = request.get_json()
+        if not all([data.get('deliveryDate'), data.get('deliveryAddress'), data.get('mobileNumber')]): return jsonify({"msg": "Missing delivery information"}), 400
+
+        user = mongo.db.users.find_one({'email': user_email})
+        if not user:
+            return jsonify({"msg": "User not found"}), 404
+
+        order_doc = {
+            'user_email': user_email, 'items': cart['items'], 'delivery_date': data['deliveryDate'],
+            'delivery_address': data['deliveryAddress'], 'mobile_number': data['mobileNumber'],
+            'additional_info': data.get('additionalInfo'), 'total_amount': data.get('totalAmount'),
+            'status': 'pending', 'created_at': datetime.utcnow()
+        }
+        order_doc['serial_no'] = get_next_order_serial()
+        order_id = mongo.db.orders.insert_one(order_doc).inserted_id
+        order_doc['_id'] = order_id
+
+        order_details_for_xero = {
+            "order_id": str(order_id), "user_email": user_email, "items": cart['items'],
+            "delivery_address": data['deliveryAddress'], "mobile_number": data['mobileNumber'],"deliverydate":data["deliveryDate"]
+        }
+        trigger_po_creation(order_details_for_xero)
+        
+        try:
+            product_ids = [ObjectId(item['productId']) for item in cart['items']]
+            products_map = {str(p['_id']): p for p in mongo.db.products.find({'_id': {'$in': product_ids}})}
+            
+            order_doc['populated_items'] = [{
+                "name": products_map.get(item['productId'], {}).get('name', 'N/A'),
+                "quantity": item['quantity'],
+                "mode": item.get('mode', 'pieces')
+            } for item in cart['items']]
+            
+            send_order_confirmation_email(order_doc, user)
+
+        except Exception as e:
+            current_app.logger.error(f"Failed to send confirmation email for order {order_id}: {e}")
+        
+        mongo.db.carts.delete_one({'user_email': user_email})
+        return jsonify({"msg": "Order placed successfully! You will be redirected shortly to the Orders Page!", "orderId": str(order_id)}), 201
+
+    if request.method == 'GET':
+        user_orders = list(mongo.db.orders.find({'user_email': user_email}).sort('created_at', -1))
+        if not user_orders: return jsonify([])
+        
+        all_product_ids = {ObjectId(item['productId']) for order in user_orders for item in order.get('items', [])}
+        products = {str(p['_id']): p for p in mongo.db.products.find({'_id': {'$in': list(all_product_ids)}})}
+        
+        for order in user_orders:
+            order['items'] = [
+                {
+                    'quantity': item['quantity'], 
+                    'mode': item.get('mode', 'pieces'),
+                    'product': {
+                        'id': str(p['_id']), 
+                        'name': p.get('name'), 
+                        'unit': p.get('unit'), 
+                        'image_url': p.get('image_url')
+                    }
+                } 
+                for item in order.get('items', []) if (p := products.get(item['productId']))
+            ]
+            order['_id'] = str(order['_id'])
+            order['created_at'] = order['created_at'].isoformat()
+            order['delivery_date'] = order['delivery_date'] if isinstance(order['delivery_date'], str) else order['delivery_date'].isoformat()
+        return jsonify(user_orders)
+
+@api_bp.route('/orders/<order_id>', methods=['GET'])
+@jwt_required()
+def get_order(order_id):
+    user_email = get_jwt_identity()
+    try:
+        order = mongo.db.orders.find_one({'_id': ObjectId(order_id), 'user_email': user_email})
+        if not order:
+            return jsonify({"msg": "Order not found or access denied"}), 404
+        
+        order['_id'] = str(order['_id'])
+        return jsonify(order), 200
+    except Exception as e:
+        return jsonify({"msg": f"Invalid Order ID format: {e}"}), 400
+
+@api_bp.route('/orders/<order_id>', methods=['PUT'])
+@jwt_required()
+def update_order(order_id):
+    user_email = get_jwt_identity()
+    
+    order = mongo.db.orders.find_one({'_id': ObjectId(order_id), 'user_email': user_email})
+    if not order:
+        return jsonify({"msg": "Order not found or access denied"}), 404
+    
+    if order.get('status') not in ['pending', 'confirmed']:
+        return jsonify({"msg": f"Order with status '{order.get('status')}' cannot be modified."}), 400
+
+    cart = mongo.db.carts.find_one({'user_email': user_email})
+    if not cart or not cart.get('items'):
+        return jsonify({"msg": "Cannot update with an empty cart. Please add items."}), 400
+
+    data = request.get_json()
+    update_doc = {
+        'items': cart['items'],
+        'delivery_date': data['deliveryDate'],
+        'delivery_address': data['deliveryAddress'],
+        'mobile_number': data['mobileNumber'],
+        'additional_info': data.get('additionalInfo'),
+        'total_amount': data.get('totalAmount'),
+        'updated_at': datetime.utcnow()
+    }
+
+    mongo.db.orders.update_one({'_id': ObjectId(order_id)}, {'$set': update_doc})
+    mongo.db.carts.delete_one({'user_email': user_email})
+        
+    return jsonify({"msg": "Order updated successfully!", "orderId": order_id}), 200
+
+@api_bp.route('/orders/<order_id>/cancel', methods=['POST'])
+@jwt_required()
+def cancel_order(order_id):
+    user_email = get_jwt_identity()
+    order = mongo.db.orders.find_one({'_id': ObjectId(order_id), 'user_email': user_email})
+
+    if not order:
+        return jsonify({"msg": "Order not found or access denied"}), 404
+    
+    if order.get('status') in ['delivered', 'cancelled']:
+        return jsonify({"msg": "This order can no longer be cancelled."}), 400
+    
+    mongo.db.orders.update_one(
+        {'_id': ObjectId(order_id)},
+        {'$set': {'status': 'cancelled', 'updated_at': datetime.utcnow()}}
+    )
+    
+    return jsonify({"msg": "Order has been cancelled."}), 200
+
+@api_bp.route('/sendmail', methods=['GET'])
+def send_cart_reminders():
+    try:
+        carts_with_items = list(mongo.db.carts.find({'items': {'$exists': True, '$ne': []}}))
+        
+        if not carts_with_items:
+            return jsonify({"msg": "No users with pending items in cart."}), 200
+
+        user_emails = [cart['user_email'] for cart in carts_with_items]
+        all_product_ids = {
+            ObjectId(item['productId']) 
+            for cart in carts_with_items 
+            for item in cart.get('items', [])
+        }
+
+        users_cursor = mongo.db.users.find({'email': {'$in': user_emails}})
+        products_cursor = mongo.db.products.find({'_id': {'$in': list(all_product_ids)}})
+
+        users_map = {user['email']: user for user in users_cursor}
+        products_map = {str(prod['_id']): prod for prod in products_cursor}
+
+        emails_sent_count = 0
+        
+        for cart in carts_with_items:
+            user = users_map.get(cart['user_email'])
+            if not user:
+                current_app.logger.warning(f"Cart found for non-existent user: {cart['user_email']}")
+                continue
+
+            populated_items = []
+            for item in cart.get('items', []):
+                product_details = products_map.get(item['productId'])
+                if product_details:
+                    populated_items.append({
+                        'product': {
+                            'id': str(product_details['_id']), 
+                            'name': product_details.get('name'), 
+                        },
+                        'quantity': item['quantity']
+                    })
+            
+            if populated_items:
+                try:
+                    send_cart_reminder_email(user, populated_items)
+                    emails_sent_count += 1
+                except Exception as e:
+                    current_app.logger.error(f"Failed to send cart reminder to {user['email']}: {e}")
+
+        return jsonify({"msg": f"Cart reminder process finished. Emails sent to {emails_sent_count} users."}), 200
+
+    except Exception as e:
+        current_app.logger.error(f"Error in /sendmail endpoint: {e}")
+        return jsonify({"msg": "An internal error occurred while sending reminders."}), 500
+
+@api_bp.route('/admin/users/approve/<user_id>', methods=['POST'])
+@jwt_required()
+def approve_user(user_id):
+    mongo.db.users.update_one({'_id': ObjectId(user_id)}, {'$set': {'is_approved': True}})
+    return jsonify({"msg": f"User {user_id} approved"})
+
+# +++ START: NEW ENDPOINT FOR ITEM REQUESTS +++
+@api_bp.route('/request-item', methods=['POST'])
+@jwt_required()
+def request_item():
+    """
+    Allows a logged-in user to request an item that is not in the catalog.
+    The request is saved to the database for admin review.
+    """
+    user_email = get_jwt_identity()
+    data = request.get_json()
+
+    if not data or not data.get('details'):
+        return jsonify({"msg": "Item details are required."}), 400
+
+    details = data.get('details').strip()
+    if not details:
+        return jsonify({"msg": "Item details cannot be empty."}), 400
+
+    try:
+        # Fetch user info for more context in the request
+        user = mongo.db.users.find_one({'email': user_email}, {'company_name': 1})
+        company_name = user.get('company_name', 'N/A') if user else 'N/A'
+
+        request_doc = {
+            'user_email': user_email,
+            'company_name': company_name,
+            'details': details,
+            'status': 'new',  # Possible statuses: 'new', 'reviewed', 'sourced', 'rejected'
+            'requested_at': datetime.utcnow()
+        }
+
+        # The collection 'item_requests' will be created if it doesn't exist
+        mongo.db.item_requests.insert_one(request_doc)
+
+        # Optional: Here you could add a call to an email utility to notify admins
+        # For example: send_item_request_notification(user_email, company_name, details)
+        
+        return jsonify({"msg": "Your item request has been submitted. We will look into it!"}), 201
+
+    except Exception as e:
+        current_app.logger.error(f"Error processing item request for {user_email}: {e}")
+        return jsonify({"msg": "An internal server error occurred."}), 500

app/config.py

@@ -0,0 +1,23 @@
+# from dotenv import load_dotenv
+# load_dotenv(r'C:\Users\Vaibhav Arora\Documents\MyExperimentsandCodes\APPS_WEBSITES\CANADA_WHOLESALE_PROJECT\GITHUB_REPOS\mvp-vue\wholesale-grocery-app\AIAPPS\.env')
+import os
+from datetime import timedelta
+
+# It is recommended to load sensitive data from environment variables
+SECRET_KEY = os.environ.get("SECRET_KEY")
+SESSION_TYPE = 'filesystem'
+DEBUG = True
+
+# MongoDB
+MONGO_URI = os.environ.get(
+    "MONGO_URI")
+# JWT
+JWT_SECRET_KEY = os.environ.get("JWT_SECRET_KEY")
+JWT_ACCESS_TOKEN_EXPIRES = timedelta(days=7)
+
+# Xero OAuth Credentials
+CLIENT_ID = os.environ.get("CLIENT_ID")
+CLIENT_SECRET = os.environ.get("CLIENT_SECRET")
+BREVO_API_KEY=os.environ.get("BREVO_API_KEY")
+CLIENT_ADMIN_EMAIL="namita0105@gmail.com"
+SENDER_EMAIL="vaibhavarduino@gmail.com"

app/email_utils.py

@@ -0,0 +1,214 @@
+# your_app/email_utils.py
+
+from flask import current_app
+import sib_api_v3_sdk
+from sib_api_v3_sdk.rest import ApiException
+from .general_utils import backfill_orders
+
+
+def send_order_confirmation_email(order, user):
+    """
+    Constructs and sends order confirmation emails to the customer and a notification
+    to the client/admin using the Brevo API.
+    
+    Args:
+        order (dict): The complete order document, including 'populated_items'.
+        user (dict): The user document, containing 'email' and 'company_name'.
+    """
+    # Setup Brevo API client from Flask app config
+    configuration = sib_api_v3_sdk.Configuration()
+    configuration.api_key['api-key'] = current_app.config['BREVO_API_KEY']
+    api_instance = sib_api_v3_sdk.TransactionalEmailsApi(sib_api_v3_sdk.ApiClient(configuration))
+
+    # --- Common variables for emails ---
+    sender_email = current_app.config['SENDER_EMAIL']
+    sender_name = "Matax Express" # You can customize this
+    client_admin_email = current_app.config['CLIENT_ADMIN_EMAIL']
+    customer_email = user['email']
+    contact_person = user['contactPerson']
+    order_id_str = str(order['serial_no'])
+    
+    # --- Generate HTML table of ordered items ---
+    items_html = "<table border='1' cellpadding='5' cellspacing='0' style='border-collapse: collapse; width: 100%;'><tr><th style='text-align: left;'>Product</th><th style='text-align: center;'>Quantity</th></tr>"
+    for item in order['populated_items']:
+        if item['mode'] == 'weight':
+            item['mode']='lb'
+        items_html += f"<tr><td>{item['name']}</td><td style='text-align: center;'>{item['quantity']} {item['mode']}</td></tr>"
+    items_html += "</table>"
+
+    # --- 1. Prepare Email for the Customer ---
+    customer_subject = f"Your Order Confirmation - #{order_id_str}"
+    customer_html_content = f"""
+    <html><body>
+    <h1>Thank You for Your Order, {contact_person}!</h1>
+    <p>We have successfully received your order #{order_id_str}. Here are the details:</p>
+    <h2>Order Summary</h2>
+    {items_html}
+    <h2>Delivery Details</h2>
+    <p><strong>Delivery Date:</strong> {order['delivery_date']}</p>
+    <p><strong>Delivery Address:</strong> {order['delivery_address']}</p>
+    <p><strong>Contact Number:</strong> {order['mobile_number']}</p>
+    <p><strong>Additional Info:</strong> {order.get('additional_info') or 'N/A'}</p>
+    <p>Thank you for your business!</p>
+    </body></html>
+    """
+
+    send_smtp_email_customer = sib_api_v3_sdk.SendSmtpEmail(
+        to=[{"email": customer_email, "name": contact_person}],
+        sender={"email": sender_email, "name": sender_name},
+        subject=customer_subject,
+        html_content=customer_html_content
+    )
+
+    # --- 2. Prepare Email for the Client/Admin ---
+    client_subject = f"New Order Received - #{order_id_str} from {contact_person}"
+    client_html_content = f"""
+    <html><body>
+    <h1>New Order Received!</h1>
+    <p>A new order #{order_id_str} has been placed by <strong>{contact_person}</strong>.</p>
+    <h2>Order Details</h2>
+    {items_html}
+    <h2>Customer & Delivery Information</h2>
+    <p><strong>Company:</strong> {contact_person}</p>
+    <p><strong>Email:</strong> {customer_email}</p>
+    <p><strong>Delivery Date:</strong> {order['delivery_date']}</p>
+    <p><strong>Delivery Address:</strong> {order['delivery_address']}</p>
+    <p><strong>Contact Number:</strong> {order['mobile_number']}</p>
+    <p><strong>Additional Info:</strong> {order.get('additional_info') or 'N/A'}</p>
+    <p><strong>Total Amount:</strong> ${order.get('total_amount', 0):.2f}</p>
+    <p>This order has also been sent for PO creation in Xero.</p>
+    </body></html>
+    """
+    
+    send_smtp_email_client = sib_api_v3_sdk.SendSmtpEmail(
+        to=[{"email": client_admin_email}],
+        sender={"email": sender_email, "name": sender_name},
+        subject=client_subject,
+        html_content=client_html_content
+    )
+
+    # --- 3. Send both emails ---
+    api_instance.send_transac_email(send_smtp_email_customer)
+    current_app.logger.info(f"Order confirmation sent to {customer_email} for order {order_id_str}")
+    
+    api_instance.send_transac_email(send_smtp_email_client)
+    current_app.logger.info(f"New order notification sent to {client_admin_email} for order {order_id_str}")
+
+# +++ START: NEW EMAIL FUNCTIONS +++
+
+def send_registration_email(user_data):
+    """Sends a welcome/application pending email upon registration."""
+    configuration = sib_api_v3_sdk.Configuration()
+    configuration.api_key['api-key'] = current_app.config['BREVO_API_KEY']
+    api_instance = sib_api_v3_sdk.TransactionalEmailsApi(sib_api_v3_sdk.ApiClient(configuration))
+
+    sender_email = current_app.config['SENDER_EMAIL']
+    sender_name = "Matax Express"
+    recipient_email = user_data['email']
+    recipient_name = user_data.get('contactPerson', user_data.get('businessName', 'New User'))
+    
+    subject = "your application is under process"
+    html_content = f"""
+    <html><body>
+    <h1>Welcome to Matax Express, {recipient_name}!</h1>
+    <p>Thank you for registering. Your application is currently under review by our team.</p>
+    <p>We will notify you via email as soon as your account is approved.</p>
+    <p>Thank you for your patience.</p>
+    <p>Best regards,<br>The Matax Express Team</p>
+    </body></html>
+    """
+    
+    send_smtp_email = sib_api_v3_sdk.SendSmtpEmail(
+        to=[{ "email": recipient_email, "name": recipient_name }],
+        sender={ "email": sender_email, "name": sender_name },
+        subject=subject,
+        html_content=html_content
+    )
+
+    try:
+        api_instance.send_transac_email(send_smtp_email)
+        current_app.logger.info(f"Registration email sent to {recipient_email}")
+    except ApiException as e:
+        current_app.logger.error(f"Failed to send registration email to {recipient_email}: {e}")
+
+def send_login_notification_email(user):
+    """Sends a notification email upon successful login."""
+    configuration = sib_api_v3_sdk.Configuration()
+    configuration.api_key['api-key'] = current_app.config['BREVO_API_KEY']
+    api_instance = sib_api_v3_sdk.TransactionalEmailsApi(sib_api_v3_sdk.ApiClient(configuration))
+
+    sender_email = current_app.config['SENDER_EMAIL']
+    sender_name = "Matax Express"
+    recipient_email = user['email']
+    recipient_name = user.get('contactPerson', user.get('company_name', 'Valued Customer'))
+    
+    subject = "New login.."
+    html_content = f"""
+    <html><body>
+    <h1>Security Alert: New Login</h1>
+    <p>Hello {recipient_name},</p>
+    <p>We detected a new login to your Matax Express account just now.</p>
+    <p>If this was you, you can safely disregard this email. If you do not recognize this activity, please change your password immediately and contact our support team.</p>
+    <p>Thank you for helping us keep your account secure.</p>
+    <p>Best regards,<br>The Matax Express Team</p>
+    </body></html>
+    """
+    
+    send_smtp_email = sib_api_v3_sdk.SendSmtpEmail(
+        to=[{ "email": recipient_email, "name": recipient_name }],
+        sender={ "email": sender_email, "name": sender_name },
+        subject=subject,
+        html_content=html_content
+    )
+
+    try:
+        api_instance.send_transac_email(send_smtp_email)
+        current_app.logger.info(f"Login notification sent to {recipient_email}")
+    except ApiException as e:
+        current_app.logger.error(f"Failed to send login notification to {recipient_email}: {e}")
+
+def send_cart_reminder_email(user, populated_items):
+    """Sends a reminder for items left in the cart."""
+    configuration = sib_api_v3_sdk.Configuration()
+    configuration.api_key['api-key'] = current_app.config['BREVO_API_KEY']
+    api_instance = sib_api_v3_sdk.TransactionalEmailsApi(sib_api_v3_sdk.ApiClient(configuration))
+
+    sender_email = current_app.config['SENDER_EMAIL']
+    sender_name = "Matax Express"
+    recipient_email = user['email']
+    recipient_name = user.get('contactPerson', user.get('company_name', 'Valued Customer'))
+    
+    subject = "Your items are waiting for you!"
+    
+    items_html = "<table border='1' cellpadding='5' cellspacing='0' style='border-collapse: collapse; width: 100%;'><tr><th style='text-align: left;'>Product</th><th style='text-align: center;'>Quantity</th></tr>"
+    for item in populated_items:
+        items_html += f"<tr><td>{item['product']['name']}</td><td style='text-align: center;'>{item['quantity']}</td></tr>"
+    items_html += "</table>"
+
+    html_content = f"""
+    <html><body>
+    <h1>Don't Forget Your Items, {recipient_name}!</h1>
+    <p>Your baby fruits are waiting to arrive! You have some delicious items waiting in your cart.</p>
+    <br>
+    {items_html}
+    <br>
+    <p>Ready to complete your order? Please log in to your account to view your cart.</p>
+    <p>These items are popular and might not be available for long!</p>
+    <p>Best regards,<br>The Matax Express Team</p>
+    </body></html>
+    """
+    
+    send_smtp_email = sib_api_v3_sdk.SendSmtpEmail(
+        to=[{ "email": recipient_email, "name": recipient_name }],
+        sender={ "email": sender_email, "name": sender_name },
+        subject=subject,
+        html_content=html_content
+    )
+
+    try:
+        api_instance.send_transac_email(send_smtp_email)
+        current_app.logger.info(f"Cart reminder sent to {recipient_email}")
+    except ApiException as e:
+        current_app.logger.error(f"Failed to send cart reminder to {recipient_email}: {e}")
+
+# +++ END: NEW EMAIL FUNCTIONS +++

app/extensions.py

@@ -0,0 +1,13 @@
+from flask_pymongo import PyMongo
+from flask_bcrypt import Bcrypt
+from flask_jwt_extended import JWTManager
+from flask_cors import CORS
+from flask_session import Session
+from flask_oauthlib.contrib.client import OAuth
+
+mongo = PyMongo()
+bcrypt = Bcrypt()
+jwt = JWTManager()
+cors = CORS()
+session = Session()
+oauth = OAuth()

app/general_utils.py

@@ -0,0 +1,70 @@
+from pymongo import ASCENDING, DESCENDING
+import time
+from .extensions import mongo
+def backfill_orders():
+    t=time.time()
+    print("Starting backfill process for order serial numbers...")
+
+    # 1. Find the highest existing serial number to know where to start.
+    highest_order = mongo.db.orders.find_one(
+        {'serial_no': {'$exists': True}},
+        sort=[('serial_no', DESCENDING)]
+    )
+    
+    next_serial_to_assign = 1
+    if highest_order and 'serial_no' in highest_order:
+        next_serial_to_assign = highest_order['serial_no'] + 1
+        print(f"Highest existing serial is {highest_order['serial_no']}. New serials will start from {next_serial_to_assign}.")
+    else:
+        print("No existing serial numbers found. Starting from 1.")
+
+    # 2. Find all orders that are missing a serial number, sorted by creation date.
+    orders_to_update = list(mongo.db.orders.find(
+        {'serial_no': {'$exists': False}},
+        sort=[('created_at', ASCENDING)]
+    ))
+
+    if not orders_to_update:
+        print("No orders found without a serial number. All good!")
+        return
+
+    print(f"Found {len(orders_to_update)} orders to update.")
+
+    # 3. Iterate and assign the new serial numbers.
+    for order in orders_to_update:
+        mongo.db.orders.update_one(
+            {'_id': order['_id']},
+            {'$set': {'serial_no': next_serial_to_assign}}
+        )
+        print(f"  - Updated order {order['_id']} with Serial No: {next_serial_to_assign}")
+        next_serial_to_assign += 1
+
+    # 4. Finally, update the global counter to the last assigned value.
+    final_serial_value = next_serial_to_assign - 1
+    mongo.db.counters.update_one(
+        {'_id': 'order_serial'},
+        {'$set': {'sequence_value': final_serial_value}},
+        upsert=True
+    )
+    print(time.time()-t)
+    print(f"\nBackfill complete. Updated {len(orders_to_update)} orders.")
+    print(f"Global order serial counter has been set to {final_serial_value}.")
+
+# --- NEW: Define functions for the AI model ---
+def get_next_order_serial():
+    """
+    Atomically retrieves and increments the global order serial number from the 'counters' collection.
+    """
+    # find_one_and_update is atomic. upsert=True creates the doc if it doesn't exist.
+    # By default, it returns the document *before* the update.
+    counter_doc = mongo.db.counters.find_one_and_update(
+        {'_id': 'order_serial'},
+        {'$inc': {'sequence_value': 1}},
+        upsert=True
+    )
+    # If counter_doc is None, it means the document was just created (upserted) with a value of 1.
+    if counter_doc is None:
+        return 1
+    # Otherwise, it returns the old document, so we add 1 to get the new value.
+    else:
+        return counter_doc['sequence_value'] + 1

app/models.py

@@ -0,0 +1,7 @@
+from .extensions import mongo
+
+users_collection = mongo.db.users
+products_collection = mongo.db.products
+orders_collection = mongo.db.orders
+carts_collection = mongo.db.carts
+xero_tokens_collection = mongo.db.xero_tokens

app/page_features.py

@@ -0,0 +1,167 @@
+# your_app/page_features.py
+
+from flask import Blueprint, request, jsonify, redirect
+from .extensions import mongo
+
+page_bp = Blueprint('pages', __name__)
+
+# Default data for initialization if pages don't exist in the database
+DEFAULT_ABOUT_DATA = {
+    "_id": "about",
+    "title": "Our Commitment to You",
+    "slogan": "It's more than produce — it's about being your daily, trusted partner.",
+    "paragraphs": [
+        "Welcome to Matax Express Ltd, your trusted wholesale produce provider serving the Greater Toronto Area for over 30 years!",
+        "At Matax Express Ltd, our commitment to service has always been at the core of what we do. From day one, we’ve focused on understanding the needs of our customers and working tirelessly to meet them. Whether delivering to bustling restaurants, local markets, or retail stores, we strive to ensure your success and satisfaction every step of the way.",
+        "We’re proud of the journey we’ve taken over the past three decades, and we also understand the importance of continuous improvement. Your feedback has been crucial in helping us grow and adapt, and we are working hard to ensure every interaction reflects the high standard of service you deserve.",
+        "While freshness remains an important priority, we are equally dedicated to creating a service experience that exceeds expectations. From reliable deliveries to personalized support, our team is here to make partnering with Matax Express Ltd seamless and efficient.",
+        "For us, it’s not just about providing produce—it’s about being a dependable partner that you can count on daily. We look forward to building stronger relationships and delivering better service for years to come."
+    ]
+}
+
+DEFAULT_CONTACT_DATA = {
+    "_id": "contact",
+    "title": "Contact Us",
+    "intro": "We're here to help! Reach out to us through any of the channels below. We aim to respond to all inquiries within 24 business hours.",
+    "details": [
+        {"type": "Phone Support", "value": "+1 (800) 123-4567"},
+        {"type": "Email Support", "value": "support@mataxexpress.com"},
+        {"type": "Business Hours", "value": "Monday - Friday, 9:00 AM - 5:00 PM (EST)"},
+        {"type": "Mailing Address", "value": "123 Fresh Produce Lane, Farmville, ST 54321"}
+    ]
+}
+
+@page_bp.route('/<page_name>', methods=['GET'])
+def get_page_content(page_name):
+    """API endpoint for the frontend to fetch page content."""
+    content = mongo.db.pages.find_one({'_id': page_name})
+    if not content:
+        # If content doesn't exist, create it from default and return it
+        if page_name == 'about':
+            mongo.db.pages.insert_one(DEFAULT_ABOUT_DATA)
+            content = DEFAULT_ABOUT_DATA
+        elif page_name == 'contact':
+            mongo.db.pages.insert_one(DEFAULT_CONTACT_DATA)
+            content = DEFAULT_CONTACT_DATA
+        else:
+            return jsonify({"msg": "Page not found"}), 404
+    # Ensure _id is a string if it's an ObjectId
+    if '_id' in content and not isinstance(content['_id'], str):
+        content['_id'] = str(content['_id'])
+    return jsonify(content)
+
+@page_bp.route('/update', methods=['POST'])
+def update_page_content():
+    """Handles form submission from the /update UI to save changes."""
+    page_name = request.form.get('page_name')
+    if page_name == 'about':
+        paragraphs = request.form.get('paragraphs', '').strip().split('\n')
+        paragraphs = [p.strip() for p in paragraphs if p.strip()]
+        
+        update_data = {
+            "title": request.form.get('title'),
+            "slogan": request.form.get('slogan'),
+            "paragraphs": paragraphs
+        }
+    elif page_name == 'contact':
+        update_data = {
+            "title": request.form.get('title'),
+            "intro": request.form.get('intro'),
+            "details": [
+                {"type": "Phone Support", "value": request.form.get('phone_value')},
+                {"type": "Email Support", "value": request.form.get('email_value')},
+                {"type": "Business Hours", "value": request.form.get('hours_value')},
+                {"type": "Mailing Address", "value": request.form.get('address_value')}
+            ]
+        }
+    else:
+        return redirect('/api/update')
+
+    mongo.db.pages.update_one(
+        {'_id': page_name},
+        {'$set': update_data},
+        upsert=True
+    )
+    return redirect('/api/update')
+
+@page_bp.route('/update_ui', methods=['GET'])
+def update_ui():
+    """Serves the simple HTML UI for editing page content."""
+    # Note: Route changed to /update_ui to avoid conflict with /pages/update
+    about_data = mongo.db.pages.find_one({'_id': 'about'}) or DEFAULT_ABOUT_DATA
+    contact_data = mongo.db.pages.find_one({'_id': 'contact'}) or DEFAULT_CONTACT_DATA
+
+    about_paragraphs_text = "\n".join(about_data.get('paragraphs', []))
+    contact_details = {item['type']: item['value'] for item in contact_data.get('details', [])}
+
+    html = f"""
+    <!DOCTYPE html>
+    <html lang="en">
+    <head>
+        <meta charset="UTF-8">
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        <title>Update Page Content</title>
+        <style>
+            body {{ font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif; margin: 2em; background-color: #f8f9fa; color: #212529; }}
+            .container {{ max-width: 800px; margin: auto; }}
+            h1, h2 {{ color: #343a40; border-bottom: 2px solid #dee2e6; padding-bottom: 0.5em; }}
+            form {{ background: white; padding: 2em; border-radius: 8px; box-shadow: 0 4px 8px rgba(0,0,0,0.05); margin-bottom: 2em; }}
+            label {{ display: block; margin-top: 1em; margin-bottom: 0.5em; font-weight: bold; color: #495057; }}
+            input[type="text"], textarea {{ width: 100%; padding: 0.8em; border: 1px solid #ced4da; border-radius: 4px; box-sizing: border-box; font-size: 1rem; }}
+            textarea {{ height: 250px; resize: vertical; }}
+            button {{ background-color: #007bff; color: white; padding: 0.8em 1.5em; border: none; border-radius: 4px; cursor: pointer; font-size: 1em; font-weight: bold; }}
+            button:hover {{ background-color: #0056b3; }}
+        </style>
+    </head>
+    <body>
+        <div class="container">
+            <h1>Update Website Content</h1>
+
+            <!-- About Us Page Form -->
+            <h2>About Us Page</h2>
+            <form action="/api/pages/update" method="post">
+                <input type="hidden" name="page_name" value="about">
+                <label for="about_title">Title:</label>
+                <input type="text" id="about_title" name="title" value="{about_data.get('title', '')}">
+
+                <label for="about_slogan">Slogan:</label>
+                <input type="text" id="about_slogan" name="slogan" value="{about_data.get('slogan', '')}">
+                
+                <label for="about_paragraphs">Paragraphs (one paragraph per line):</label>
+                <textarea id="about_paragraphs" name="paragraphs">{about_paragraphs_text}</textarea>
+                
+                <br><br>
+                <button type="submit">Update About Page</button>
+            </form>
+
+            <!-- Contact Page Form -->
+            <h2>Customer Care Page</h2>
+            <form action="/api/pages/update" method="post">
+                <input type="hidden" name="page_name" value="contact">
+
+                <label for="contact_title">Title:</label>
+                <input type="text" id="contact_title" name="title" value="{contact_data.get('title', '')}">
+
+                <label for="contact_intro">Intro Text:</label>
+                <input type="text" id="contact_intro" name="intro" value="{contact_data.get('intro', '')}">
+
+                <label for="phone_value">Phone Support:</label>
+                <input type="text" id="phone_value" name="phone_value" value="{contact_details.get('Phone Support', '')}">
+
+                <label for="email_value">Email Support:</label>
+                <input type="text" id="email_value" name="email_value" value="{contact_details.get('Email Support', '')}">
+
+                <label for="hours_value">Business Hours:</label>
+                <input type="text" id="hours_value" name="hours_value" value="{contact_details.get('Business Hours', '')}">
+
+                <label for="address_value">Mailing Address:</label>
+                <input type="text" id="address_value" name="address_value" value="{contact_details.get('Mailing Address', '')}">
+                
+                <br><br>
+                <button type="submit">Update Contact Page</button>
+            </form>
+        </div>
+    </body>
+    </html>
+    """
+    return html

app/templates/base.html

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>{% if title %}{{ title }}{% else %}Welcome to Xero Python oauth starter{% endif %}</title>
+</head>
+<body>
+<a href="{{ url_for('xero.index') }}">Index</a> |
+<a href="{{ url_for('xero.login') }}">Login</a> |
+<a href="{{ url_for('xero.logout') }}">Logout</a> |
+
+<a href="{{ url_for('xero.fetch_inventory') }}">Sync Xero Inventory with Website</a> |
+{% block content %}{% endblock %}
+<!--<script src="https://cdn.jsdelivr.net/gh/google/code-prettify@master/loader/run_prettify.js"></script>-->
+</body>
+</html>

app/templates/code.html

@@ -0,0 +1,16 @@
+{% extends "base.html" %}
+
+{% block content %}
+    <div>
+        <h2>{{ title }}</h2>
+        {% if sub_title %}<h3>{{ sub_title }}</h3>{% endif %}
+        {% if result_list %}
+        <ul>
+            {% for message in result_list %}
+            <li>{{ message }}</li>
+            {% endfor %}
+        </ul>
+        {% endif %}
+        <pre class="prettyprint"><code class="language-javascript">{{ code }}</code></pre>
+    </div>
+{% endblock %}

app/xero_client.py

@@ -0,0 +1,66 @@
+import logging
+from functools import wraps
+from flask import redirect, url_for
+from xero_python.api_client import ApiClient, Configuration
+from xero_python.api_client.oauth2 import OAuth2Token # <-- IMPORT THIS
+from xero_python.identity import IdentityApi
+from .extensions import oauth, mongo
+
+logger = logging.getLogger(__name__)
+
+# Pass an empty OAuth2Token object during initialization
+api_client = ApiClient(
+    Configuration(oauth2_token=OAuth2Token()),
+    pool_threads=1
+)
+
+xero = oauth.remote_app(
+    name="xero",
+    version="2",
+    client_id=None, # This will be set in create_app
+    client_secret=None, # This will be set in create_app
+    endpoint_url="https://api.xero.com/",
+    authorization_url="https://login.xero.com/identity/connect/authorize",
+    access_token_url="https://identity.xero.com/connect/token",
+    refresh_token_url="https://identity.xero.com/connect/token",
+    scope="offline_access openid profile email accounting.transactions "
+    "accounting.journals.read accounting.transactions payroll.payruns accounting.reports.read "
+    "files accounting.settings.read accounting.settings accounting.attachments payroll.payslip payroll.settings files.read openid assets.read profile payroll.employees projects.read email accounting.contacts.read accounting.attachments.read projects assets accounting.contacts payroll.timesheets accounting.budgets.read",
+)
+@xero.tokengetter
+@api_client.oauth2_token_getter
+def obtain_xero_oauth2_token():
+    token_doc = mongo.db.xero_tokens.find_one({'name': 'xero_app_token'})
+    return token_doc.get('token') if token_doc else None
+
+@xero.tokensaver
+@api_client.oauth2_token_saver
+def store_xero_oauth2_token(token):
+    if token:
+        mongo.db.xero_tokens.update_one(
+            {'name': 'xero_app_token'},
+            {'$set': {'token': token}},
+            upsert=True
+        )
+        logger.info("Xero token stored/updated in database.")
+    else:
+        if mongo.db.xero_tokens.delete_one({'name': 'xero_app_token'}).deleted_count > 0:
+            logger.info("Xero token removed from database.")
+
+def get_xero_tenant_id():
+    token = obtain_xero_oauth2_token()
+    if not token:
+        return None
+
+    identity_api = IdentityApi(api_client)
+    for connection in identity_api.get_connections():
+        if connection.tenant_type == "ORGANISATION":
+            return connection.tenant_id
+
+def xero_token_required(function):
+    @wraps(function)
+    def decorator(*args, **kwargs):
+        if not obtain_xero_oauth2_token():
+            return redirect(url_for("xero.login", _external=True))
+        return function(*args, **kwargs)
+    return decorator

app/xero_routes.py

@@ -0,0 +1,104 @@
+import json
+import logging
+from flask import Blueprint, render_template, redirect, url_for, jsonify, request
+from pymongo import UpdateOne
+from xero_python.accounting import AccountingApi
+from utils import jsonify as jsonify_xero
+from search_engine import search_and_filter_images, categorise
+from .xero_client import xero, api_client, store_xero_oauth2_token, obtain_xero_oauth2_token, xero_token_required, get_xero_tenant_id
+from .extensions import mongo # <-- IMPORT MONGO
+import traceback
+xero_bp = Blueprint('xero', __name__)
+logger = logging.getLogger(__name__)
+
+
+@xero_bp.route("/")
+def index():
+    xero_access = dict(obtain_xero_oauth2_token() or {})
+    return render_template(
+        "code.html",
+        title="Home | OAuth Token",
+        code=json.dumps(xero_access, sort_keys=True, indent=4),
+    )
+
+@xero_bp.route("/login")
+def login():
+    redirect_url = url_for("xero.oauth_callback", _external=True)
+    return xero.authorize(callback_uri=redirect_url)
+
+@xero_bp.route("/callback")
+def oauth_callback():
+    try:
+        response = xero.authorized_response()
+    except Exception as e:
+        logger.error("OAuth callback failed: %s", e)
+        return "OAuth callback failed.", 500
+    
+    if response is None or response.get("access_token") is None:
+        return "Access denied: response=%s" % response
+    
+    store_xero_oauth2_token(response)
+    return redirect(url_for("xero.index", _external=True))
+
+@xero_bp.route("/logout")
+def logout():
+    store_xero_oauth2_token(None)
+    return redirect(url_for("xero.index", _external=True))
+
+@xero_bp.route("/api/inventory")
+@xero_token_required
+def fetch_inventory():
+    try:
+        xero_tenant_id = get_xero_tenant_id()
+        accounting_api = AccountingApi(api_client)
+        
+        xero_items = accounting_api.get_items(xero_tenant_id=xero_tenant_id).items
+        fetched_products = [{
+            "code": item.code, "name": item.name,
+            "price": float(item.sales_details.unit_price) if item.sales_details else 0.0,
+            "unit": item.description, "on_hand": item.quantity_on_hand  if item.quantity_on_hand else 1,
+        } for item in xero_items]
+
+        # Use mongo.db directly
+        db_products = list(mongo.db.products.find({}))
+        db_products_map = {p['code']: p for p in db_products if 'code' in p}
+        fetched_products_map = {p['code']: p for p in fetched_products}
+
+        products_to_insert = []
+        bulk_update_ops = []
+        
+        for code, fetched_p in fetched_products_map.items():
+            db_p = db_products_map.get(code)
+            if not db_p:
+                new_doc = { "code": fetched_p["code"], "name": fetched_p["name"], "price": fetched_p["price"], "unit": fetched_p["unit"],
+                    "category": str(categorise(fetched_p["name"])),
+                    "image_url": str(search_and_filter_images(str(fetched_p["name"]))[0]["image_url"]),}
+                products_to_insert.append(new_doc)
+            elif (fetched_p['name'] != db_p.get('name') or fetched_p['price'] != db_p.get('price') or fetched_p['unit'] != db_p.get('unit')):
+                update_fields = { "name": fetched_p["name"], "price": fetched_p["price"], "unit": fetched_p["unit"] }
+                if fetched_p['name'] != db_p.get('name'):
+                    update_fields["category"] = str(categorise(fetched_p["name"]))
+                    update_fields["image_url"] = str(search_and_filter_images(str(fetched_p["name"]))[0]["image_url"])
+                bulk_update_ops.append(UpdateOne({'code': code}, {'$set': update_fields}))
+        
+        db_codes = set(db_products_map.keys())
+        fetched_codes = set(fetched_products_map.keys())
+        codes_to_delete = list(db_codes - fetched_codes)
+        
+        # Use mongo.db directly
+        if codes_to_delete: mongo.db.products.delete_many({'code': {'$in': codes_to_delete}})
+        if products_to_insert: mongo.db.products.insert_many(products_to_insert)
+        if bulk_update_ops: mongo.db.products.bulk_write(bulk_update_ops)
+
+        sub_title = (f"Sync complete. Inserted: {len(products_to_insert)}, "
+                     f"Updated: {len(bulk_update_ops)}, Deleted: {len(codes_to_delete)}")
+        code_to_display = jsonify_xero(fetched_products)
+
+    except Exception as e:
+        print(traceback.format_exc())
+        logger.error("Inventory sync failed: %s", e)
+        sub_title = f"Error during sync: {e}"
+        code_to_display = jsonify({"error": str(e)})
+
+    return render_template("code.html", title="Inventory Sync", sub_title=sub_title, code=code_to_display)
+

app/xero_utils.py

@@ -0,0 +1,346 @@
+import logging
+import threading
+from datetime import datetime
+from flask import current_app
+from bson.objectid import ObjectId
+from xero_python.accounting import (
+    AccountingApi, Contact, Contacts, ContactPerson,ContactGroup,ContactGroups, PurchaseOrder, 
+    PurchaseOrders, LineItem, Address, Phone, HistoryRecord, HistoryRecords
+)
+
+from .xero_client import api_client,get_xero_tenant_id
+from .extensions import mongo # <-- IMPORT MONGO
+
+logger = logging.getLogger(__name__)
+def sync_user_approval_from_xero():
+    """
+    Iterates through all users in MongoDB and updates their 'is_approved' status
+    based on their membership in the 'approve_user' contact group in Xero.
+    This function is intended to be run periodically (e.g., by a scheduler).
+    """
+    logger.info("Starting Xero 'approve_user' contact group sync.")
+    try:
+        xero_tenant_id = get_xero_tenant_id()
+        accounting_api = AccountingApi(api_client)
+
+        # --- Step 1: Find the 'approve_user' contact group in Xero ---
+        all_groups = accounting_api.get_contact_groups(xero_tenant_id).contact_groups
+        approved_group_info = next((g for g in all_groups if g.name == "approved_user"), None)
+
+        if not approved_group_info:
+            logger.warning("Xero contact group 'approve_user' not found. Skipping approval sync.")
+            return
+
+        # --- Step 2: Get the full list of contacts from that group ---
+        approved_group_full = accounting_api.get_contact_group(
+            xero_tenant_id, approved_group_info.contact_group_id
+        ).contact_groups[0]
+        
+        # Create a set of approved contact IDs for efficient lookup
+        approved_contact_ids = {str(contact.contact_id) for contact in approved_group_full.contacts}
+        logger.info(f"Found {len(approved_contact_ids)} approved contacts in Xero group 'approve_user'.")
+
+        # --- Step 3: Iterate through all users in MongoDB ---
+        users_in_db = mongo.db.users.find({})
+        update_count = 0
+
+        for user in users_in_db:
+            user_xero_id = user.get('xero_contact_id')
+            current_approval_status = user.get('is_approved', False)
+
+            if not user_xero_id:
+                # Skip users who are not yet synced to Xero
+                continue
+            
+            # --- Step 4: Check membership and update MongoDB if necessary ---
+            is_now_approved = str(user_xero_id) in approved_contact_ids
+
+            if is_now_approved != current_approval_status:
+                # Status has changed, update the user in MongoDB
+                mongo.db.users.update_one(
+                    {'_id': user['_id']},
+                    {'$set': {'is_approved': is_now_approved}}
+                )
+                logger.info(f"Updated approval status for user {user['email']} to {is_now_approved}.")
+                update_count += 1
+            
+        logger.info(f"Xero approval sync complete. Updated {update_count} users.")
+
+    except Exception as e:
+        logger.error(f"An error occurred during Xero user approval sync: {e}")
+
+# --- NEW FUNCTION: The core logic to create a Xero Contact ---
+def create_xero_contact_async(app_context, registration_data):
+    """
+    Creates a contact in Xero, then adds the detailed registration info
+    as a history note. Runs in a background thread.
+    """
+    with app_context:
+        user_email = registration_data.get('email')
+        try:
+            xero_tenant_id = get_xero_tenant_id()
+            accounting_api = AccountingApi(api_client)
+
+            # --- Step 1: Map and Create the Core Contact ---
+            
+            contact_person_name = registration_data.get('contactPerson', '')
+            first_name, last_name = (contact_person_name.split(' ', 1) + [''])[:2]
+
+            contact_person = ContactPerson(
+                first_name=first_name,
+                last_name=last_name,
+                email_address=user_email,
+                include_in_emails=True,
+            )
+            business_address = Address(
+                address_type='STREET',
+                address_line1=registration_data.get('businessAddress', 'N/A')
+            )
+            phone = Phone(
+                phone_type='DEFAULT',
+                phone_number=registration_data.get('phoneNumber')
+            )
+
+            # Create the main Contact object WITHOUT the notes field
+            contact_to_create = Contact(
+                name=registration_data.get('businessName'),
+                email_address=user_email,
+                contact_persons=[contact_person],
+                addresses=[business_address],
+                phones=[phone],
+                website=registration_data.get('companyWebsite'),
+                is_customer=True
+                # The 'notes' field is intentionally left out here
+            )
+
+            contacts_payload = Contacts(contacts=[contact_to_create])
+            created_contact_response = accounting_api.create_contacts(
+                xero_tenant_id, contacts=contacts_payload
+            )
+
+            # --- Step 2: Add Registration Details as a History Note ---
+
+            if not created_contact_response.contacts:
+                logger.error(f"Xero contact creation failed for {user_email}. No contact returned.")
+                return
+
+            # Get the ID of the contact we just created
+            new_contact_id = created_contact_response.contacts[0].contact_id
+            logger.info(f"Successfully created base Xero contact ({new_contact_id}) for user {user_email}. Now adding history.")
+            contact_groups = accounting_api.get_contact_groups(xero_tenant_id).contact_groups
+            pending_group = next((group for group in contact_groups if group.name == "pending_for_approval"), None)
+
+            if pending_group:
+                logger.info(f"Adding contact {new_contact_id} to pending_for_approval group {pending_group.contact_group_id}.")
+                # Prepare the group update payload with the new contact added
+                cg = ContactGroup(
+                    contact_group_id=pending_group.contact_group_id,
+                    contacts=[Contact(contact_id=new_contact_id)]
+                )
+                response = accounting_api.create_contact_group_contacts(
+                    xero_tenant_id=xero_tenant_id,
+                    contact_group_id=pending_group.contact_group_id,
+                    contacts=Contacts(contacts=[Contact(contact_id=new_contact_id)])
+                )
+                logger.info(response)
+                logger.info(f"Contact {new_contact_id} added to contact group 'pending_for_approval'.")
+            else:
+                logger.warning("Contact group 'pending_for_approval' not found—skipping group update.")
+            # First, update our own database with the new ID
+            mongo.db.users.update_one(
+                {'email': user_email},
+                {'$set': {'xero_contact_id': new_contact_id}}
+            )
+
+            # Prepare the detailed notes for the history record
+            history_details = (
+            f"--- Client Application Details ---\n"
+            f"Business Name: {registration_data.get('businessName')}\n"
+            f"Contact Person: {registration_data.get('contactPerson')}\n"
+            f"Email: {registration_data.get('email')}\n"
+            f"Phone: {registration_data.get('phoneNumber')}\n"
+            f"Company Website: {registration_data.get('companyWebsite')}\n"
+            f"Business Address: {registration_data.get('businessAddress')}\n"
+            f"Business Type: {registration_data.get('businessType')}\n"
+            f"Years Operating: {registration_data.get('yearsOperating')}\n"
+            f"Number of Locations: {registration_data.get('numLocations')}\n"
+            f"Estimated Weekly Volume: {registration_data.get('estimatedVolume')}\n\n"
+            
+            f"--- Logistics Information ---\n"
+            f"Preferred Delivery Times: {registration_data.get('preferredDeliveryTimes')}\n"
+            f"Has Loading Dock: {registration_data.get('hasLoadingDock')}\n"
+            f"Special Delivery Instructions: {registration_data.get('specialDeliveryInstructions')}\n"
+            f"Minimum Quantity Requirements: {registration_data.get('minQuantityRequirements')}\n\n"
+            
+            f"--- Service & Billing ---\n"
+            f"Reason for Switching: {registration_data.get('reasonForSwitch')}\n"
+            f"Preferred Payment Method: {registration_data.get('paymentMethod')}\n\n"
+            
+            f"--- Additional Notes ---\n"
+            f"{registration_data.get('additionalNotes')}"
+            )
+            #f"Supplier Priorities: {registration_data.get('priorities')}\n"
+
+
+            # Create the HistoryRecord payload
+            history_record = HistoryRecord(details=history_details)
+            history_payload = HistoryRecords(history_records=[history_record])
+            
+            # Make the second API call to add the note
+            accounting_api.create_contact_history(
+                xero_tenant_id=xero_tenant_id,
+                contact_id=new_contact_id,
+                history_records=history_payload
+            )
+            
+            logger.info(f"Successfully added registration history note to Xero contact {new_contact_id}.")
+
+        except Exception as e:
+            # This will catch errors from either the contact creation or history creation
+            logger.error(f"Failed during Xero contact/history creation for user {user_email}. Error: {e}")
+# --- NEW FUNCTION: The trigger to run the contact creation in the background ---
+def trigger_contact_creation(registration_data):
+    """Starts a background thread to create a Xero contact."""
+    try:
+        app_context = current_app.app_context()
+        thread = threading.Thread(
+            target=create_xero_contact_async,
+            args=(app_context, registration_data)
+        )
+        thread.daemon = True
+        thread.start()
+        logger.info(f"Started Xero contact creation thread for {registration_data.get('email')}")
+    except Exception as e:
+        logger.error(f"Failed to start Xero contact creation thread. Error: {e}")
+
+
+# # --- Your existing Purchase Order functions below ---
+# def create_xero_purchase_order_async(app_context, xero_tenant_id, order_details):
+#     with app_context:
+#         # try:
+#             accounting_api = AccountingApi(api_client)
+            
+#             # --- MODIFICATION: Use the stored xero_contact_id ---
+#             user = mongo.db.users.find_one({"email": order_details['user_email']})
+#             contact_id = user.get('xero_contact_id')
+
+#             if not contact_id:
+#                 logger.error(f"Cannot create PO. User {order_details['user_email']} does not have a Xero Contact ID.")
+#                 # As a fallback, you could get the first contact, but it's better to be specific.
+#                 # contact_id = accounting_api.get_contacts(xero_tenant_id).contacts[0].contact_id
+#                 return
+            
+#             # ... (rest of your PO logic is mostly the same)
+#             all_product_ids = [ObjectId(item['productId']) for item in order_details['items']]
+#             products_cursor = mongo.db.products.find({'_id': {'$in': all_product_ids}})
+#             product_map = {str(p['_id']): p for p in products_cursor}
+            
+#             xero_items = accounting_api.get_items(xero_tenant_id).items
+#             xero_item_map = {item.name: item.code for item in xero_items}
+
+#             line_items = []
+#             for item in order_details['items']:
+#                 product = product_map.get(item['productId'])
+#                 if product:
+#                     product_name = product.get('name', 'N/A')
+#                     item_code = xero_item_map.get(product_name, "")
+#                     line_items.append(
+#                         LineItem(
+#                             item_code=item_code,
+#                             description=product_name+" ("+str(item["mode"]) + ")",
+#                             quantity=item['quantity'],
+#                             unit_amount=float(product.get('price', 0))
+#                         )
+#                     )
+            
+#             if not line_items:
+#                 logger.error("Xero PO failed: No valid line items for order %s", order_details['order_id'])
+#                 return
+
+#             purchase_order = PurchaseOrder(
+#                 contact=Contact(contact_id=contact_id), # <-- Use the specific contact_id
+#                 date=datetime.now().date(),
+#                 delivery_date=datetime.strptime(order_details["deliverydate"], "%Y-%m-%d").date(),
+#                 delivery_address=order_details['delivery_address'],
+#                 telephone=order_details['mobile_number'],
+#                 reference=str(order_details['user_email']),
+#                 line_items=line_items,
+#                 status="AUTHORISED"
+#             )
+
+#             result = accounting_api.create_purchase_orders(
+#                 xero_tenant_id, purchase_orders=PurchaseOrders(purchase_orders=[purchase_order])
+#             )
+#             logger.info("Created Xero PO for order ID: %s", order_details['order_id'])
+
+#         # except Exception as e:
+#         #     logger.error("Failed to create Xero PO for order %s. Error: %s", order_details['order_id'], e)
+
+def create_xero_purchase_order_async(app_context, xero_tenant_id, order_details):
+    with app_context:
+        # try:
+            accounting_api = AccountingApi(api_client)
+            
+            all_product_ids = [ObjectId(item['productId']) for item in order_details['items']]
+            # Use mongo.db directly
+            products_cursor = mongo.db.products.find({'_id': {'$in': all_product_ids}})
+            product_map = {str(p['_id']): p for p in products_cursor}
+            
+            xero_items = accounting_api.get_items(xero_tenant_id).items
+            xero_item_map = {item.name: item.code for item in xero_items}
+
+            line_items = []
+            for item in order_details['items']:
+                product = product_map.get(item['productId'])
+                if product:
+                    product_name = product.get('name', 'N/A')
+                    item_code = xero_item_map.get(product_name, "")
+                    line_items.append(
+                        LineItem(
+                            item_code=item_code,
+                            description=product_name+" ("+str(item["mode"]) + ")",
+                            quantity=item['quantity'],
+                            unit_amount=float(product.get('price', 0))
+                        )
+                    )
+            
+            if not line_items:
+                logger.error("Xero PO failed: No valid line items for order %s", order_details['order_id'])
+                return
+            email_id=order_details['user_email']
+
+            contact_id = accounting_api.get_contacts(xero_tenant_id,where=f'EmailAddress=="{email_id}"').contacts[0].contact_id
+            print(order_details["deliverydate"])
+            purchase_order = PurchaseOrder(
+                contact=Contact(contact_id=contact_id),
+                date=datetime.now().date(),
+                delivery_date=datetime.strptime(order_details["deliverydate"], "%Y-%m-%d").date(),
+                delivery_address=order_details['delivery_address'],
+                telephone=order_details['mobile_number'],
+                reference=str(order_details['user_email']),
+                line_items=line_items,
+                status="SUBMITTED"
+            )
+
+            result = accounting_api.create_purchase_orders(
+                xero_tenant_id, purchase_orders=PurchaseOrders(purchase_orders=[purchase_order])
+            )
+            logger.info("Created Xero PO for order ID: %s", order_details['order_id'])
+
+        # except Exception as e:
+        #     logger.error("Failed to create Xero PO for order %s. Error: %s", order_details['order_id'], e)
+
+def trigger_po_creation(order_details):
+    # try:
+        from .xero_client import get_xero_tenant_id # Import locally to prevent cycles
+        xero_tenant_id = get_xero_tenant_id()
+        app_context = current_app.app_context()
+
+        thread = threading.Thread(
+            target=create_xero_purchase_order_async,
+            args=(app_context, xero_tenant_id, order_details)
+        )
+        thread.daemon = True
+        thread.start()
+    # except Exception as e:
+    #     logger.error("Failed to start Xero PO creation thread for order %s. Error: %s", order_details.get('order_id'), e)

default_settings.py

@@ -0,0 +1,11 @@
+# -*- coding: utf-8 -*-
+import os
+from os.path import dirname, join
+
+SECRET_KEY = os.urandom(16)
+# configure file based session
+SESSION_TYPE = "filesystem"
+SESSION_FILE_DIR = join(dirname(__file__), "cache")
+
+# configure flask app for local development
+ENV = "development"

hfapis.py

@@ -0,0 +1,25 @@
+from huggingface_hub import HfApi
+from dotenv import dotenv_values
+
+# Load .env variables (dotenv_values returns a dict)
+env_vars = dotenv_values(r'C:\Users\Vaibhav Arora\Documents\MyExperimentsandCodes\APPS_WEBSITES\CANADA_WHOLESALE_PROJECT\GITHUB_REPOS\mvp-vue\wholesale-grocery-app\AIAPPS\.env')
+
+# Initialize API
+api = HfApi(token=env_vars.get("HF_TOKEN"))
+
+# Space repo ID (username_or_org/space_name)
+REPO_ID = "akiko19191/randomisedbackend2"
+
+# Loop through all variables in .env and add them as Space secrets
+for key, value in env_vars.items():
+    print(value)
+    if value is None:
+        continue  # skip empty entries
+    print(f"Setting secret: {key}")
+    api.add_space_secret(
+        repo_id=REPO_ID,
+        key=key,
+        value=value
+    )
+
+print("✅ All .env variables uploaded as Hugging Face Space secrets.")

logging_settings.py

@@ -0,0 +1,26 @@
+# -*- coding: utf-8 -*-
+
+default_settings = {
+    "version": 1,
+    "formatters": {
+        "default": {"format": "[%(asctime)s] %(levelname)s in %(module)s: %(message)s"},
+        "verbose": {
+            "format": "%(asctime)s | %(levelname)s [%(name)s.%(filename)s:%(lineno)s] %(message)s",
+            "datefmt": "%Y-%m-%d %H:%M:%S%z",
+        },
+    },
+    "handlers": {
+        "console": {
+            "class": "logging.StreamHandler",
+            "stream": "ext://flask.logging.wsgi_errors_stream",
+            "formatter": "verbose",
+            "level": "DEBUG",
+        }
+    },
+    "loggers": {
+        "requests_oauthlib": {"handlers": ["console"], "level": "DEBUG"},
+        "xero_python": {"handlers": ["console"], "level": "DEBUG"},
+        "urllib3": {"handlers": ["console"], "level": "DEBUG"},
+    },
+    # "root": {"level": "DEBUG", "handlers": ["console"]},
+}

requirements.txt

@@ -0,0 +1,16 @@
+flask
+flask-session
+flask-oauthlib
+xero-python
+flask-jwt-extended
+flask-cors
+Flask-PyMongo
+flask-session
+Flask-OAuthlib
+flask-bcrypt
+google-api-python-client
+google-genai
+pydantic
+sib-api-v3-sdk
+google-generativeai
+twilio

run.py

@@ -0,0 +1,7 @@
+from app import create_app
+import os
+os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
+app = create_app()
+
+if __name__ == '__main__':
+    app.run(host="0.0.0.0",debug=False, port=7860)

search_engine.py

@@ -0,0 +1,90 @@
+from googleapiclient.discovery import build
+from dotenv import load_dotenv
+load_dotenv(r'C:\Users\Vaibhav Arora\Documents\MyExperimentsandCodes\APPS_WEBSITES\CANADA_WHOLESALE_PROJECT\GITHUB_REPOS\mvp-vue\wholesale-grocery-app\AIAPPS\.env')
+from google import genai
+from pydantic import BaseModel
+import ast
+import os
+import json
+import random
+import time
+class Categorise(BaseModel):
+    category: str
+client = genai.Client(api_key=random.choice(json.loads(os.getenv("GEMINI_KEY_LIST"))))
+
+def categorise(product):
+    try:
+
+
+    
+        response = client.models.generate_content(
+            model="gemini-2.5-flash-lite-preview-06-17",
+            contents=f"Categorise this product:{product} , into one of the following categories: `Fruits,Vegetables,Bakery,Others`",
+            config={
+                "response_mime_type": "application/json",
+                "response_schema": list[Categorise],
+            },
+        )
+        
+    except:
+        time.sleep(2)
+        response = client.models.generate_content(
+            model="gemini-2.5-flash",
+            contents=f"Categorise this product:{product} , into one of the following categories: `Fruits,Vegetables,Bakery,Others`",
+            config={
+                "response_mime_type": "application/json",
+                "response_schema": list[Categorise],
+            },
+        )
+    return ast.literal_eval(response.text)[0]["category"]
+
+def search_images(query: str, api_key: str, cse_id: str,no) -> dict | None:
+    """
+    Performs an image search using the Google Custom Search API.
+    """
+    print(f"Searching for images with query: '{query}'...")
+    try:
+        service = build("customsearch", "v1", developerKey=api_key)
+        result = service.cse().list(
+            q=query,
+            cx=cse_id,
+            searchType='image',
+            num=no
+        ).execute()
+        print("Search successful.")
+        return result
+    except Exception as e:
+        print(f"An error occurred during Google Search: {e}")
+        return None
+
+def search_and_filter_images(query,no=2):
+
+
+    search_results = search_images(query, os.getenv("CSE_API_KEY"), os.getenv("CSE_ID"),no)
+
+    if search_results and 'items' in search_results:
+        top_10_items = search_results['items']
+        print(f"Found {len(top_10_items)} image results. Downloading them...")
+
+        image_files_for_llm = []
+        downloaded_filenames = []
+
+        for i, item in enumerate(top_10_items):
+            image_url = item.get('link')
+            if not image_url:
+                continue
+
+            file_extension = os.path.splitext(image_url.split("?")[0])[-1]
+            if not file_extension:
+                file_extension = ".unknown" # Default extension
+            if not file_extension in [".jpeg", ".jpg", ".png", ".gif", ".bmp", ".webp"]:
+                continue
+
+
+            image_files_for_llm.append({
+                "type": "image_url",
+                "image_url": f"{image_url}"
+            })
+        # print(image_files_for_llm)
+        return (image_files_for_llm)
+

twillio_gemini_api.py

@@ -0,0 +1,168 @@
+# app.py
+
+import os
+import requests  # To download the audio file from Twilio's URL
+from flask import Flask, request
+from dotenv import load_dotenv
+# Use the new top-level import and types
+from google import genai
+from google.genai import types
+from twilio.twiml.messaging_response import MessagingResponse
+
+# --- Define Calculator Functions for the Model to Use ---
+# The SDK uses the function signature (name, parameters) and docstring
+# to tell the model how and when to use these tools.
+
+def add(a: float, b: float):
+    """
+    Adds two numbers together.
+
+    Args:
+        a: The first number.
+        b: The second number.
+    """
+    print(f"Tool Call: add(a={a}, b={b})")
+    return a + b
+
+def subtract(a: float, b: float):
+    """
+    Subtracts the second number from the first.
+
+    Args:
+        a: The number to subtract from.
+        b: The number to subtract.
+    """
+    print(f"Tool Call: subtract(a={a}, b={b})")
+    return a - b
+
+def multiply(a: float, b: float):
+    """
+    Multiplies two numbers.
+
+    Args:
+        a: The first number.
+        b: The second number.
+    """
+    print(f"Tool Call: multiply(a={a}, b={b})")
+    return a * b
+
+def divide(a: float, b: float):
+    """
+    Divides the first number by the second.
+
+    Args:
+        a: The numerator.
+        b: The denominator.
+    """
+    print(f"Tool Call: divide(a={a}, b={b})")
+    if b == 0:
+        return "Error: Cannot divide by zero."
+    return a / b
+
+# A list of all the functions the model can call
+calculator_tools = [add, subtract, multiply, divide]
+
+
+# --- Initialize Flask App and APIs ---
+
+# Load environment variables from .env file
+load_dotenv(r"C:\Users\Vaibhav Arora\Documents\MyExperimentsandCodes\APPS_WEBSITES\CANADA_WHOLESALE_PROJECT\GITHUB_REPOS\mvp-vue\wholesale-grocery-app\AIAPPS\.env")
+
+app = Flask(__name__)
+
+# Configure the Gemini API and initialize the client
+try:
+    client = genai.Client(api_key=os.environ.get("GEMINI_API_KEY"))
+    print("Gemini client and calculator tools initialized successfully.")
+except Exception as e:
+    print(f"Error initializing Gemini client: {e}")
+    client = None
+
+
+# --- Define the Webhook Endpoint ---
+@app.route("/sms", methods=['POST'])
+def sms_reply():
+    """Respond to incoming text or audio messages, using calculator functions if needed."""
+    
+    twilio_resp = MessagingResponse()
+
+    if not client:
+        twilio_resp.message("The AI client is not configured correctly. Please check the server logs.")
+        return str(twilio_resp)
+
+    # Prepare the contents list for the Gemini API call
+    contents = []
+    
+    # Check if the incoming message contains media
+    num_media = int(request.values.get('NumMedia', 0))
+
+    if num_media > 0:
+        media_url = request.values.get('MediaUrl0')
+        mime_type = request.values.get('MediaContentType0')
+
+        # Process only if the media is audio
+        if 'audio' in mime_type:
+            print(f"Received audio message. URL: {media_url}, MIME Type: {mime_type}")
+            
+            # Download the audio file from the Twilio URL
+            audio_response = requests.get(media_url)
+            
+            if audio_response.status_code == 200:
+                audio_bytes = audio_response.content
+                audio_part = types.Part.from_bytes(data=audio_bytes, mime_type=mime_type)
+                prompt = "Please transcribe this audio. If it contains a calculation or a question, please answer it."
+                contents = [prompt, audio_part]
+            else:
+                error_message = "Sorry, I couldn't download the audio file to process it. Please try again."
+                twilio_resp.message(error_message)
+                return str(twilio_resp)
+        else:
+            # Handle non-audio media like images or videos
+            twilio_resp.message("Sorry, I can only process text and audio messages.")
+            return str(twilio_resp)
+
+    else:
+        # Fallback to text message processing
+        incoming_msg = request.values.get('Body', '').strip()
+        print(f"Received text message: '{incoming_msg}'")
+        if not incoming_msg:
+            twilio_resp.message("Please send a text or audio message to get a response.")
+            return str(twilio_resp)
+        contents = [incoming_msg]
+
+    if not contents:
+        twilio_resp.message("Could not determine content to process. Please send a message.")
+        return str(twilio_resp)
+        
+    try:
+        print("Sending content to Gemini with calculator tools...")
+
+        # Configure the request to use our calculator functions
+        config = types.GenerateContentConfig(tools=calculator_tools)
+
+        # The SDK handles the multi-turn process for function calling automatically
+        gemini_response = client.models.generate_content(
+            model="gemini-2.5-flash",
+            contents=contents, # This will contain either text or [prompt, audio_part]
+            config=config,
+        )
+        
+        # This is the final text answer after any function calls have been resolved.
+        ai_answer = gemini_response.text
+        print(f"Gemini final response: '{ai_answer}'")
+        
+        # Add the Gemini response to the TwiML message
+        twilio_resp.message(ai_answer)
+
+    except Exception as e:
+        print(f"An error occurred with the Gemini API: {e}")
+        # Send a user-friendly error message
+        error_message = "Sorry, I'm having trouble connecting to my brain right now. Please try again later."
+        twilio_resp.message(error_message)
+
+    return str(twilio_resp)
+
+
+# --- Run the Flask App ---
+if __name__ == "__main__":
+    app.run(debug=True, port=5000)

utils.py

@@ -0,0 +1,30 @@
+# -*- coding: utf-8 -*-
+import json
+import uuid
+from datetime import datetime, date
+from decimal import Decimal
+
+from xero_python.api_client.serializer import serialize
+
+
+class JSONEncoder(json.JSONEncoder):
+    def default(self, o):
+        if isinstance(o, datetime):
+            return o.isoformat()
+        if isinstance(o, date):
+            return o.isoformat()
+        if isinstance(o, (uuid.UUID, Decimal)):
+            return str(o)
+        return super(JSONEncoder, self).default(o)
+
+
+def parse_json(data):
+    return json.loads(data, parse_float=Decimal)
+
+
+def serialize_model(model):
+    return jsonify(serialize(model))
+
+
+def jsonify(data):
+    return json.dumps(data, sort_keys=True, indent=4, cls=JSONEncoder)