from flask import Blueprint, render_template, request, session, jsonify, redirect, url_for from salesforce import get_salesforce_connection import re sf = get_salesforce_connection() cart_blueprint = Blueprint('cart', __name__) # Utility function to sanitize SOQL inputs def sanitize_input(value): """Remove potentially dangerous characters for SOQL injection.""" if value: value = re.sub(r'[;\'"\\]', '', value) return value @cart_blueprint.route("/cart", methods=["GET"]) def cart(): email = session.get('user_email') if not email: return redirect(url_for("login")) try: sanitized_email = sanitize_input(email) result = sf.query(f""" SELECT Name, Price__c, Quantity__c, Add_Ons__c, Add_Ons_Price__c, Image1__c, Instructions__c, Category__c, Section__c FROM Cart_Item__c WHERE Customer_Email__c = '{sanitized_email}' """) cart_items = result.get("records", []) subtotal = sum(item['Price__c'] for item in cart_items) return render_template( "cart.html", cart_items=cart_items, subtotal=subtotal, customer_email=email ) except Exception as e: print(f"Error fetching cart items: {e}") return render_template("cart.html", cart_items=[], subtotal=0, customer_email=email) @cart_blueprint.route("/bill", methods=["GET"]) def bill(): email = session.get('user_email') if not email: return redirect(url_for("login")) try: sanitized_email = sanitize_input(email) result = sf.query(f""" SELECT Name, Price__c, Quantity__c, Add_Ons__c, Add_Ons_Price__c, Image1__c, Instructions__c FROM Cart_Item__c WHERE Customer_Email__c = '{sanitized_email}' """) cart_items = result.get("records", []) subtotal = sum(item['Price__c'] for item in cart_items) return render_template( "bill.html", cart_items=cart_items, subtotal=subtotal, customer_email=email ) except Exception as e: print(f"Error fetching bill items: {e}") return render_template("bill.html", cart_items=[], subtotal=0, customer_email=email) @cart_blueprint.route("/bill/fetch_cart", methods=["GET"]) def fetch_cart(): email = session.get('user_email') if not email: return jsonify({"success": False, "error": "User not logged in"}), 401 try: sanitized_email = sanitize_input(email) result = sf.query(f""" SELECT Name, Price__c, Quantity__c, Add_Ons__c, Add_Ons_Price__c, Image1__c, Instructions__c FROM Cart_Item__c WHERE Customer_Email__c = '{sanitized_email}' """) cart_items = result.get("records", []) subtotal = sum(item['Price__c'] for item in cart_items) return jsonify({ "success": True, "cart_items": cart_items, "subtotal": subtotal }) except Exception as e: print(f"Error fetching cart items: {e}") return jsonify({"success": False, "error": str(e)}), 500 @cart_blueprint.route("/fetch_menu_items", methods=["GET"]) def fetch_menu_items(): try: category = request.args.get('category', 'All') section = request.args.get('section', '') category = sanitize_input(category) section = sanitize_input(section) query = """ SELECT Name, Price__c, Image1__c, Veg_NonVeg__c, Section__c FROM Menu_Item__c """ if category != 'All': query += f" AND Veg_NonVeg__c = '{category}'" if section: query += f" AND Section__c = '{section}'" query += " LIMIT 20" result = sf.query(query) menu_items = result.get("records", []) return jsonify({"success": True, "menu_items": menu_items}) except Exception as e: print(f"Error fetching menu items: {str(e)}") return jsonify({"success": False, "error": str(e)}), 500 @cart_blueprint.route("/fetch_add_ons", methods=["GET"]) def fetch_add_ons(): try: query = """ SELECT Name, Price__c FROM Add_On__c WHERE Active__c = true LIMIT 10 """ result = sf.query(query) add_ons = [ {"name": f"{addon['Name']} (${addon['Price__c']:.2f})", "price": addon['Price__c']} for addon in result.get("records", []) ] return jsonify({"success": True, "add_ons": add_ons}) except Exception as e: print(f"Error fetching add-ons: {str(e)}") return jsonify({"success": False, "error": str(e)}), 500 @cart_blueprint.route("/add_suggestion_to_cart", methods=["POST"]) def add_suggestion_to_cart(): try: data = request.get_json() item_name = sanitize_input(data.get('item_name').strip()) item_price = data.get('item_price') item_image = data.get('item_image') customer_email = sanitize_input(data.get('customer_email')) addons = data.get('addons', []) instructions = sanitize_input(data.get('instructions', "")) quantity = data.get('quantity', 1) try: quantity = int(quantity) if quantity < 1: raise ValueError("Quantity must be at least 1") item_price = float(item_price) except (ValueError, TypeError): return jsonify({"success": False, "error": "Invalid quantity or price"}), 400 if not all([item_name, item_price, customer_email]): return jsonify({"success": False, "error": "Missing required fields"}), 400 addons_price = 0 addons_string = ", ".join(addons) if addons else "None" if addons: addons_price = sum( float(addon.split("($")[1][:-1]) for addon in addons if "($" in addon ) query = f""" SELECT Id, Quantity__c, Add_Ons__c, Add_Ons_Price__c, Instructions__c, Base_Price__c FROM Cart_Item__c WHERE Customer_Email__c = '{customer_email}' AND Name = '{item_name}' """ result = sf.query(query) cart_items = result.get("records", []) if cart_items: cart_item_id = cart_items[0]['Id'] existing_quantity = cart_items[0]['Quantity__c'] existing_addons = cart_items[0].get('Add_Ons__c', "None") existing_addons_price = cart_items[0].get('Add_Ons_Price__c', 0) existing_instructions = cart_items[0].get('Instructions__c', "") base_price = cart_items[0].get('Base_Price__c', item_price) combined_addons = existing_addons if existing_addons != "None" else "" if addons: combined_addons = f"{combined_addons}, {addons_string}".strip(", ") combined_instructions = existing_instructions if instructions: combined_instructions = f"{combined_instructions} | {instructions}".strip(" | ") new_quantity = existing_quantity + quantity new_addons_price = existing_addons_price + (addons_price * quantity) new_total_price = (base_price * new_quantity) + new_addons_price sf.Cart_Item__c.update(cart_item_id, { "Quantity__c": new_quantity, "Add_Ons__c": combined_addons if combined_addons else "None", "Add_Ons_Price__c": new_addons_price, "Instructions__c": combined_instructions, "Price__c": new_total_price }) else: total_price = (item_price * quantity) + (addons_price * quantity) sf.Cart_Item__c.create({ "Name": item_name, "Price__c": total_price, "Base_Price__c": item_price, "Quantity__c": quantity, "Add_Ons_Price__c": addons_price * quantity, "Add_Ons__c": addons_string, "Image1__c": item_image, "Customer_Email__c": customer_email, "Instructions__c": instructions }) return jsonify({"success": True, "message": "Item added to cart successfully."}) except Exception as e: print(f"Error adding item to cart: {str(e)}") return jsonify({"success": False, "error": str(e)}), 500 @cart_blueprint.route("/remove/", methods=["POST"]) def remove_cart_item(item_name): try: customer_email = session.get('user_email') if not customer_email: return jsonify({'success': False, 'message': 'User email not found.'}), 400 sanitized_email = sanitize_input(customer_email) sanitized_item_name = sanitize_input(item_name) query = f""" SELECT Id FROM Cart_Item__c WHERE Customer_Email__c = '{sanitized_email}' AND Name = '{sanitized_item_name}' """ result = sf.query(query) if result['totalSize'] == 0: return jsonify({'success': False, 'message': 'Item not found in cart.'}), 400 cart_item_id = result['records'][0]['Id'] sf.Cart_Item__c.delete(cart_item_id) return jsonify({'success': True, 'message': f"'{item_name}' removed successfully!"}), 200 except Exception as e: print(f"Error: {str(e)}") return jsonify({'success': False, 'message': f"An error occurred: {str(e)}"}), 500 @cart_blueprint.route("/update_quantity", methods=["POST"]) def update_quantity(): data = request.json email = sanitize_input(data.get('email')) item_name = sanitize_input(data.get('item_name')) try: quantity = int(data.get('quantity')) except (ValueError, TypeError): return jsonify({"success": False, "error": "Invalid quantity provided."}), 400 if not email or not item_name or quantity is None: return jsonify({"success": False, "error": "Email, item name, and quantity are required."}), 400 try: cart_items = sf.query( f"SELECT Id, Quantity__c, Price__c, Base_Price__c, Add_Ons_Price__c FROM Cart_Item__c " f"WHERE Customer_Email__c = '{email}' AND Name = '{item_name}'" )['records'] if not cart_items: return jsonify({"success": False, "error": "Cart item not found."}), 404 cart_item_id = cart_items[0]['Id'] base_price = cart_items[0]['Base_Price__c'] addons_price = cart_items[0].get('Add_Ons_Price__c', 0) new_item_price = (base_price * quantity) + addons_price sf.Cart_Item__c.update(cart_item_id, { "Quantity__c": quantity, "Price__c": new_item_price, }) cart_items = sf.query(f""" SELECT Price__c, Add_Ons_Price__c FROM Cart_Item__c WHERE Customer_Email__c = '{email}' """)['records'] new_subtotal = sum(item['Price__c'] for item in cart_items) return jsonify({"success": True, "new_item_price": new_item_price, "subtotal": new_subtotal}) except Exception as e: print(f"Error updating quantity: {str(e)}") return jsonify({"success": False, "error": str(e)}), 500 @cart_blueprint.route("/checkout", methods=["POST"]) def checkout(): email = session.get('user_email') if not email: return jsonify({"success": False, "message": "User not logged in"}), 401 try: sanitized_email = sanitize_input(email) result = sf.query(f""" SELECT Id, Name, Price__c, Add_Ons_Price__c, Quantity__c, Add_Ons__c, Instructions__c, Image1__c FROM Cart_Item__c WHERE Customer_Email__c = '{sanitized_email}' """) cart_items = result.get("records", []) if not cart_items: return jsonify({"success": False, "message": "Cart is empty"}), 400 subtotal = sum(item['Price__c'] for item in cart_items) total = subtotal # No discount for simplicity bill_items = [ { "name": item['Name'], "quantity": item['Quantity__c'], "price": item['Price__c'], "addons": item.get('Add_Ons__c', 'None'), "instructions": item.get('Instructions__c', 'None'), "image": item['Image1__c'] } for item in cart_items ] menu_query = """ SELECT Name, Price__c, Image1__c, Veg_NonVeg__c, Section__c FROM Menu_Item__c LIMIT 20 """ menu_result = sf.query(menu_query) menu_items = menu_result.get("records", []) return jsonify({ "success": True, "cart": { "items": bill_items, "subtotal": subtotal, "total": total }, "menu_items": menu_items }) except Exception as e: print(f"Error during checkout: {str(e)}") return jsonify({"success": False, "error": str(e)}), 500 @cart_blueprint.route("/submit_order", methods=["POST"]) def submit_order(): email = session.get('user_email') user_id = session.get('user_name') table_number = session.get('table_number') if not email or not user_id: return jsonify({"success": False, "message": "User not logged in"}), 401 try: sanitized_email = sanitize_input(email) data = request.json cart = data.get("cart") if not cart: return jsonify({"success": False, "message": "Cart data is required"}), 400 result = sf.query(f""" SELECT Id, Name, Price__c, Add_Ons_Price__c, Quantity__c, Add_Ons__c, Instructions__c, Image1__c FROM Cart_Item__c WHERE Customer_Email__c = '{sanitized_email}' """) cart_items = result.get("records", []) if not cart_items: return jsonify({"success": False, "message": "Cart is empty"}), 400 subtotal = cart.get("subtotal") total = cart.get("total") order_details = "\n".join( f"{item['Name']} x{item['Quantity__c']} | Add-Ons: {item.get('Add_Ons__c', 'None')} | " f"Instructions: {item.get('Instructions__c', 'None')} | " f"Price: ${item['Price__c']} | Image: {item['Image1__c']}" for item in cart_items ) customer_query = sf.query(f""" SELECT Id FROM Customer_Login__c WHERE Email__c = '{sanitized_email}' """) customer_id = customer_query["records"][0]["Id"] if customer_query["records"] else None if not customer_id: return jsonify({"success": False, "message": "Customer record not found"}), 404 table_number = table_number if table_number != 'null' else None order_data = { "Customer_Name__c": user_id, "Customer_Email__c": email, "Total_Amount__c": subtotal, "Total_Bill__c": total, "Order_Status__c": "Pending", "Customer2__c": customer_id, "Order_Details__c": order_details, "Table_Number__c": table_number } order_response = sf.Order__c.create(order_data) if order_response: for item in cart_items: sf.Cart_Item__c.delete(item["Id"]) return jsonify({"success": True, "message": "Order placed successfully!"}) except Exception as e: print(f"Error during order submission: {str(e)}") return jsonify({"success": False, "error": str(e)}), 500 @cart_blueprint.route("/order", methods=["GET"]) def order(): email = session.get('user_email') if not email: return redirect(url_for("login")) try: sanitized_email = sanitize_input(email) # Fetch the latest order for the user result = sf.query(f""" SELECT Id, Order_Details__c, Total_Bill__c, CreatedDate FROM Order__c WHERE Customer_Email__c = '{sanitized_email}' ORDER BY CreatedDate DESC LIMIT 1 """) orders = result.get("records", []) if not orders: return render_template("order.html", order=None, message="No orders found.") order = orders[0] order_id = order['Id'] total = order['Total_Bill__c'] order_details_raw = order['Order_Details__c'] or "" # Parse order details into a list of items order_items = [] for line in order_details_raw.split("\n"): if not line.strip(): continue # Example line: "Chicken Biryani x2 | Add-Ons: Extra Raita | Instructions: Less spicy | Price: $24.00 | Image: " try: parts = line.split(" | ") name_quantity = parts[0].split(" x") # "Chicken Biryani x2" -> ["Chicken Biryani", "2"] name = name_quantity[0] quantity = int(name_quantity[1]) addons = parts[1].replace("Add-Ons: ", "") if len(parts) > 1 else "None" instructions = parts[2].replace("Instructions: ", "") if len(parts) > 2 else "None" price = float(parts[3].replace("Price: $", "")) if len(parts) > 3 else 0 image = parts[4].replace("Image: ", "") if len(parts) > 4 else "/static/placeholder.jpg" order_items.append({ "name": name, "quantity": quantity, "addons": addons, "instructions": instructions, "price": price, "image": image }) except Exception as e: print(f"Error parsing order line '{line}': {e}") continue return render_template( "order.html", order={"id": order_id, "items": order_items, "total": total}, message="Thank you for your order! It has been placed successfully." ) except Exception as e: print(f"Error fetching order: {e}") return render_template("order.html", order=None, message="Error fetching your order. Please contact support.")