Hugging Face's logo

Spaces:
Subbu1304
/
subbuok
Sleeping

App Files Community
subbuok / cart.py
lokeshloki143's picture
lokeshloki143
Update cart.py
a18c7ab verified
raw
history blame contribute delete
18.3 kB
 from flask import Blueprint, render_template, request, session, jsonify, redirect, url_for
from salesforce import get_salesforce_connection
import re
sf = get_salesforce_connection()
cart_blueprint = Blueprint('cart', __name__)
# Utility function to sanitize SOQL inputs
def sanitize_input(value):
"""Remove potentially dangerous characters for SOQL injection."""
if value:
value = re.sub(r'[;\'"\\]', '', value)
return value
@cart_blueprint.route("/cart", methods=["GET"])
def cart():
email = session.get('user_email')
if not email:
return redirect(url_for("login"))
try:
sanitized_email = sanitize_input(email)
result = sf.query(f"""
SELECT Name, Price__c, Quantity__c, Add_Ons__c, Add_Ons_Price__c, Image1__c, Instructions__c, Category__c, Section__c
FROM Cart_Item__c
WHERE Customer_Email__c = '{sanitized_email}'
""")
cart_items = result.get("records", [])
subtotal = sum(item['Price__c'] for item in cart_items)
return render_template(
"cart.html",
cart_items=cart_items,
subtotal=subtotal,
customer_email=email
)
except Exception as e:
print(f"Error fetching cart items: {e}")
return render_template("cart.html", cart_items=[], subtotal=0, customer_email=email)
@cart_blueprint.route("/bill", methods=["GET"])
def bill():
email = session.get('user_email')
if not email:
return redirect(url_for("login"))
try:
sanitized_email = sanitize_input(email)
result = sf.query(f"""
SELECT Name, Price__c, Quantity__c, Add_Ons__c, Add_Ons_Price__c, Image1__c, Instructions__c
FROM Cart_Item__c
WHERE Customer_Email__c = '{sanitized_email}'
""")
cart_items = result.get("records", [])
subtotal = sum(item['Price__c'] for item in cart_items)
return render_template(
"bill.html",
cart_items=cart_items,
subtotal=subtotal,
customer_email=email
)
except Exception as e:
print(f"Error fetching bill items: {e}")
return render_template("bill.html", cart_items=[], subtotal=0, customer_email=email)
@cart_blueprint.route("/bill/fetch_cart", methods=["GET"])
def fetch_cart():
email = session.get('user_email')
if not email:
return jsonify({"success": False, "error": "User not logged in"}), 401
try:
sanitized_email = sanitize_input(email)
result = sf.query(f"""
SELECT Name, Price__c, Quantity__c, Add_Ons__c, Add_Ons_Price__c, Image1__c, Instructions__c
FROM Cart_Item__c
WHERE Customer_Email__c = '{sanitized_email}'
""")
cart_items = result.get("records", [])
subtotal = sum(item['Price__c'] for item in cart_items)
return jsonify({
"success": True,
"cart_items": cart_items,
"subtotal": subtotal
})
except Exception as e:
print(f"Error fetching cart items: {e}")
return jsonify({"success": False, "error": str(e)}), 500
@cart_blueprint.route("/fetch_menu_items", methods=["GET"])
def fetch_menu_items():
try:
category = request.args.get('category', 'All')
section = request.args.get('section', '')
category = sanitize_input(category)
section = sanitize_input(section)
query = """
SELECT Name, Price__c, Image1__c, Veg_NonVeg__c, Section__c
FROM Menu_Item__c
"""
if category != 'All':
query += f" AND Veg_NonVeg__c = '{category}'"
if section:
query += f" AND Section__c = '{section}'"
query += " LIMIT 20"
result = sf.query(query)
menu_items = result.get("records", [])
return jsonify({"success": True, "menu_items": menu_items})
except Exception as e:
print(f"Error fetching menu items: {str(e)}")
return jsonify({"success": False, "error": str(e)}), 500
@cart_blueprint.route("/fetch_add_ons", methods=["GET"])
def fetch_add_ons():
try:
query = """
SELECT Name, Price__c
FROM Add_On__c
WHERE Active__c = true
LIMIT 10
"""
result = sf.query(query)
add_ons = [
{"name": f"{addon['Name']} (${addon['Price__c']:.2f})", "price": addon['Price__c']}
for addon in result.get("records", [])
]
return jsonify({"success": True, "add_ons": add_ons})
except Exception as e:
print(f"Error fetching add-ons: {str(e)}")
return jsonify({"success": False, "error": str(e)}), 500
@cart_blueprint.route("/add_suggestion_to_cart", methods=["POST"])
def add_suggestion_to_cart():
try:
data = request.get_json()
item_name = sanitize_input(data.get('item_name').strip())
item_price = data.get('item_price')
item_image = data.get('item_image')
customer_email = sanitize_input(data.get('customer_email'))
addons = data.get('addons', [])
instructions = sanitize_input(data.get('instructions', ""))
quantity = data.get('quantity', 1)
try:
quantity = int(quantity)
if quantity < 1:
raise ValueError("Quantity must be at least 1")
item_price = float(item_price)
except (ValueError, TypeError):
return jsonify({"success": False, "error": "Invalid quantity or price"}), 400
if not all([item_name, item_price, customer_email]):
return jsonify({"success": False, "error": "Missing required fields"}), 400
addons_price = 0
addons_string = ", ".join(addons) if addons else "None"
if addons:
addons_price = sum(
float(addon.split("($")[1][:-1]) for addon in addons if "($" in addon
)
query = f"""
SELECT Id, Quantity__c, Add_Ons__c, Add_Ons_Price__c, Instructions__c, Base_Price__c
FROM Cart_Item__c
WHERE Customer_Email__c = '{customer_email}' AND Name = '{item_name}'
"""
result = sf.query(query)
cart_items = result.get("records", [])
if cart_items:
cart_item_id = cart_items[0]['Id']
existing_quantity = cart_items[0]['Quantity__c']
existing_addons = cart_items[0].get('Add_Ons__c', "None")
existing_addons_price = cart_items[0].get('Add_Ons_Price__c', 0)
existing_instructions = cart_items[0].get('Instructions__c', "")
base_price = cart_items[0].get('Base_Price__c', item_price)
combined_addons = existing_addons if existing_addons != "None" else ""
if addons:
combined_addons = f"{combined_addons}, {addons_string}".strip(", ")
combined_instructions = existing_instructions
if instructions:
combined_instructions = f"{combined_instructions} | {instructions}".strip(" | ")
new_quantity = existing_quantity + quantity
new_addons_price = existing_addons_price + (addons_price * quantity)
new_total_price = (base_price * new_quantity) + new_addons_price
sf.Cart_Item__c.update(cart_item_id, {
"Quantity__c": new_quantity,
"Add_Ons__c": combined_addons if combined_addons else "None",
"Add_Ons_Price__c": new_addons_price,
"Instructions__c": combined_instructions,
"Price__c": new_total_price
})
else:
total_price = (item_price * quantity) + (addons_price * quantity)
sf.Cart_Item__c.create({
"Name": item_name,
"Price__c": total_price,
"Base_Price__c": item_price,
"Quantity__c": quantity,
"Add_Ons_Price__c": addons_price * quantity,
"Add_Ons__c": addons_string,
"Image1__c": item_image,
"Customer_Email__c": customer_email,
"Instructions__c": instructions
})
return jsonify({"success": True, "message": "Item added to cart successfully."})
except Exception as e:
print(f"Error adding item to cart: {str(e)}")
return jsonify({"success": False, "error": str(e)}), 500
@cart_blueprint.route("/remove/<item_name>", methods=["POST"])
def remove_cart_item(item_name):
try:
customer_email = session.get('user_email')
if not customer_email:
return jsonify({'success': False, 'message': 'User email not found.'}), 400
sanitized_email = sanitize_input(customer_email)
sanitized_item_name = sanitize_input(item_name)
query = f"""
SELECT Id FROM Cart_Item__c
WHERE Customer_Email__c = '{sanitized_email}' AND Name = '{sanitized_item_name}'
"""
result = sf.query(query)
if result['totalSize'] == 0:
return jsonify({'success': False, 'message': 'Item not found in cart.'}), 400
cart_item_id = result['records'][0]['Id']
sf.Cart_Item__c.delete(cart_item_id)
return jsonify({'success': True, 'message': f"'{item_name}' removed successfully!"}), 200
except Exception as e:
print(f"Error: {str(e)}")
return jsonify({'success': False, 'message': f"An error occurred: {str(e)}"}), 500
@cart_blueprint.route("/update_quantity", methods=["POST"])
def update_quantity():
data = request.json
email = sanitize_input(data.get('email'))
item_name = sanitize_input(data.get('item_name'))
try:
quantity = int(data.get('quantity'))
except (ValueError, TypeError):
return jsonify({"success": False, "error": "Invalid quantity provided."}), 400
if not email or not item_name or quantity is None:
return jsonify({"success": False, "error": "Email, item name, and quantity are required."}), 400
try:
cart_items = sf.query(
f"SELECT Id, Quantity__c, Price__c, Base_Price__c, Add_Ons_Price__c FROM Cart_Item__c "
f"WHERE Customer_Email__c = '{email}' AND Name = '{item_name}'"
)['records']
if not cart_items:
return jsonify({"success": False, "error": "Cart item not found."}), 404
cart_item_id = cart_items[0]['Id']
base_price = cart_items[0]['Base_Price__c']
addons_price = cart_items[0].get('Add_Ons_Price__c', 0)
new_item_price = (base_price * quantity) + addons_price
sf.Cart_Item__c.update(cart_item_id, {
"Quantity__c": quantity,
"Price__c": new_item_price,
})
cart_items = sf.query(f"""
SELECT Price__c, Add_Ons_Price__c
FROM Cart_Item__c
WHERE Customer_Email__c = '{email}'
""")['records']
new_subtotal = sum(item['Price__c'] for item in cart_items)
return jsonify({"success": True, "new_item_price": new_item_price, "subtotal": new_subtotal})
except Exception as e:
print(f"Error updating quantity: {str(e)}")
return jsonify({"success": False, "error": str(e)}), 500
@cart_blueprint.route("/checkout", methods=["POST"])
def checkout():
email = session.get('user_email')
if not email:
return jsonify({"success": False, "message": "User not logged in"}), 401
try:
sanitized_email = sanitize_input(email)
result = sf.query(f"""
SELECT Id, Name, Price__c, Add_Ons_Price__c, Quantity__c, Add_Ons__c, Instructions__c, Image1__c
FROM Cart_Item__c
WHERE Customer_Email__c = '{sanitized_email}'
""")
cart_items = result.get("records", [])
if not cart_items:
return jsonify({"success": False, "message": "Cart is empty"}), 400
subtotal = sum(item['Price__c'] for item in cart_items)
total = subtotal # No discount for simplicity
bill_items = [
{
"name": item['Name'],
"quantity": item['Quantity__c'],
"price": item['Price__c'],
"addons": item.get('Add_Ons__c', 'None'),
"instructions": item.get('Instructions__c', 'None'),
"image": item['Image1__c']
} for item in cart_items
]
menu_query = """
SELECT Name, Price__c, Image1__c, Veg_NonVeg__c, Section__c
FROM Menu_Item__c
LIMIT 20
"""
menu_result = sf.query(menu_query)
menu_items = menu_result.get("records", [])
return jsonify({
"success": True,
"cart": {
"items": bill_items,
"subtotal": subtotal,
"total": total
},
"menu_items": menu_items
})
except Exception as e:
print(f"Error during checkout: {str(e)}")
return jsonify({"success": False, "error": str(e)}), 500
@cart_blueprint.route("/submit_order", methods=["POST"])
def submit_order():
email = session.get('user_email')
user_id = session.get('user_name')
table_number = session.get('table_number')
if not email or not user_id:
return jsonify({"success": False, "message": "User not logged in"}), 401
try:
sanitized_email = sanitize_input(email)
data = request.json
cart = data.get("cart")
if not cart:
return jsonify({"success": False, "message": "Cart data is required"}), 400
result = sf.query(f"""
SELECT Id, Name, Price__c, Add_Ons_Price__c, Quantity__c, Add_Ons__c, Instructions__c, Image1__c
FROM Cart_Item__c
WHERE Customer_Email__c = '{sanitized_email}'
""")
cart_items = result.get("records", [])
if not cart_items:
return jsonify({"success": False, "message": "Cart is empty"}), 400
subtotal = cart.get("subtotal")
total = cart.get("total")
order_details = "\n".join(
f"{item['Name']} x{item['Quantity__c']} | Add-Ons: {item.get('Add_Ons__c', 'None')} | "
f"Instructions: {item.get('Instructions__c', 'None')} | "
f"Price: ${item['Price__c']} | Image: {item['Image1__c']}"
for item in cart_items
)
customer_query = sf.query(f"""
SELECT Id FROM Customer_Login__c
WHERE Email__c = '{sanitized_email}'
""")
customer_id = customer_query["records"][0]["Id"] if customer_query["records"] else None
if not customer_id:
return jsonify({"success": False, "message": "Customer record not found"}), 404
table_number = table_number if table_number != 'null' else None
order_data = {
"Customer_Name__c": user_id,
"Customer_Email__c": email,
"Total_Amount__c": subtotal,
"Total_Bill__c": total,
"Order_Status__c": "Pending",
"Customer2__c": customer_id,
"Order_Details__c": order_details,
"Table_Number__c": table_number
}
order_response = sf.Order__c.create(order_data)
if order_response:
for item in cart_items:
sf.Cart_Item__c.delete(item["Id"])
return jsonify({"success": True, "message": "Order placed successfully!"})
except Exception as e:
print(f"Error during order submission: {str(e)}")
return jsonify({"success": False, "error": str(e)}), 500
@cart_blueprint.route("/order", methods=["GET"])
def order():
email = session.get('user_email')
if not email:
return redirect(url_for("login"))
try:
sanitized_email = sanitize_input(email)
# Fetch the latest order for the user
result = sf.query(f"""
SELECT Id, Order_Details__c, Total_Bill__c, CreatedDate
FROM Order__c
WHERE Customer_Email__c = '{sanitized_email}'
ORDER BY CreatedDate DESC
LIMIT 1
""")
orders = result.get("records", [])
if not orders:
return render_template("order.html", order=None, message="No orders found.")
order = orders[0]
order_id = order['Id']
total = order['Total_Bill__c']
order_details_raw = order['Order_Details__c'] or ""
# Parse order details into a list of items
order_items = []
for line in order_details_raw.split("\n"):
if not line.strip():
continue
# Example line: "Chicken Biryani x2 | Add-Ons: Extra Raita | Instructions: Less spicy | Price: $24.00 | Image: <url>"
try:
parts = line.split(" | ")
name_quantity = parts[0].split(" x") # "Chicken Biryani x2" -> ["Chicken Biryani", "2"]
name = name_quantity[0]
quantity = int(name_quantity[1])
addons = parts[1].replace("Add-Ons: ", "") if len(parts) > 1 else "None"
instructions = parts[2].replace("Instructions: ", "") if len(parts) > 2 else "None"
price = float(parts[3].replace("Price: $", "")) if len(parts) > 3 else 0
image = parts[4].replace("Image: ", "") if len(parts) > 4 else "/static/placeholder.jpg"
order_items.append({
"name": name,
"quantity": quantity,
"addons": addons,
"instructions": instructions,
"price": price,
"image": image
})
except Exception as e:
print(f"Error parsing order line '{line}': {e}")
continue
return render_template(
"order.html",
order={"id": order_id, "items": order_items, "total": total},
message="Thank you for your order! It has been placed successfully."
)
except Exception as e:
print(f"Error fetching order: {e}")
return render_template("order.html", order=None, message="Error fetching your order. Please contact support.")