added postgres and updated routes.

backend/app/__init__.py

@@ -3,7 +3,6 @@ from flask import Flask
 from flask_jwt_extended import JWTManager
 from flask_cors import CORS
 from app.routes.routes import main  # ✅ Make sure this works
-from app.database import init_db
 import logging
 
 jwt = JWTManager()
@@ -19,9 +18,6 @@ def create_app(config_object):
     handler.setFormatter(formatter)
     app.logger.addHandler(handler)
 
-    # 🧱 Initialize DB
-    init_db()
-
     # 🔐 Initialize JWT
     jwt.init_app(app)
 

backend/app/database.py

@@ -1,314 +1,233 @@
-import sqlite3
-import os
-import logging
-from datetime import datetime
-import json
-
-BASE_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), '..'))
-DB_PATH = os.path.join(BASE_DIR, 'legal_docs.db')
-
-def init_db():
-    """Initialize the database with required tables"""
-    try:
-        conn = sqlite3.connect(DB_PATH)
-        cursor = conn.cursor()
-
-        # Create users table
-        cursor.execute('''
-           CREATE TABLE IF NOT EXISTS users (
-       id INTEGER PRIMARY KEY AUTOINCREMENT,
-       username TEXT UNIQUE NOT NULL,
-       email TEXT UNIQUE NOT NULL,
-       password_hash TEXT NOT NULL,
-       created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
-   )
-        ''')
-
-        # Create documents table
-        cursor.execute('''
-        CREATE TABLE IF NOT EXISTS documents (
-            id INTEGER PRIMARY KEY AUTOINCREMENT,
-            title TEXT NOT NULL,
-            full_text TEXT,
-            summary TEXT,
-            clauses TEXT,
-            features TEXT,
-            context_analysis TEXT,
-            file_path TEXT,
-            upload_time TIMESTAMP DEFAULT CURRENT_TIMESTAMP
-        )
-        ''')
-
-        # Create question_answers table for persisting Q&A
-        cursor.execute('''
-        CREATE TABLE IF NOT EXISTS question_answers (
-            id INTEGER PRIMARY KEY AUTOINCREMENT,
-            document_id INTEGER NOT NULL,
-            user_id INTEGER NOT NULL,
-            question TEXT NOT NULL,
-            answer TEXT NOT NULL,
-            score REAL DEFAULT 0.0,
-            created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-            FOREIGN KEY (document_id) REFERENCES documents (id) ON DELETE CASCADE,
-            FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE
-        )
-        ''')
-
-        conn.commit()
-        logging.info("Database initialized successfully")
-    except Exception as e:
-        logging.error(f"Error initializing database: {str(e)}")
-        raise
-    finally:
-        conn.close()
-
-def get_db_connection():
-    """Get a database connection"""
-    conn = sqlite3.connect(DB_PATH)
-    conn.row_factory = sqlite3.Row
-    return conn
-
-# Initialize database when module is imported
-init_db()
-
-def search_documents(query, search_type='all'):
-    conn = sqlite3.connect(DB_PATH)
-    c = conn.cursor()
-    
-    try:
-        # Check if query is a number (potential ID)
-        is_id_search = query.isdigit()
-        
-        if is_id_search:
-            # Search by ID
-            c.execute('''
-                SELECT id, title, summary, upload_time, 1.0 as match_score
-                FROM documents
-                WHERE id = ?
-            ''', (int(query),))
-        else:
-            # Search by title
-            c.execute('''
-                SELECT id, title, summary, upload_time, 1.0 as match_score
-                FROM documents
-                WHERE title LIKE ?
-                ORDER BY id DESC
-            ''', (f'%{query}%',))
-        
-        results = []
-        for row in c.fetchall():
-            results.append({
-                "id": row[0],
-                "title": row[1],
-                "summary": row[2] or "",
-                "upload_time": row[3],
-                "match_score": row[4]
-            })
-        
-        return results
-    except sqlite3.Error as e:
-        logging.error(f"Search error: {str(e)}")
-        raise
-    finally:
-        conn.close()
-
-def migrate_add_user_id_to_documents():
-    """Add user_id column to documents table if it doesn't exist."""
-    try:
-        conn = sqlite3.connect(DB_PATH)
-        cursor = conn.cursor()
-        # Check if user_id column exists
-        cursor.execute("PRAGMA table_info(documents)")
-        columns = [row[1] for row in cursor.fetchall()]
-        if 'user_id' not in columns:
-            cursor.execute('ALTER TABLE documents ADD COLUMN user_id INTEGER')
-            conn.commit()
-            logging.info("Added user_id column to documents table.")
-    except Exception as e:
-        logging.error(f"Migration error: {str(e)}")
-        raise
-    finally:
-        conn.close()
-
-# Call migration on import
-migrate_add_user_id_to_documents()
-
-def migrate_add_phone_company_to_users():
-    """Add phone and company columns to users table if they don't exist."""
-    try:
-        conn = sqlite3.connect(DB_PATH)
-        cursor = conn.cursor()
-        cursor.execute("PRAGMA table_info(users)")
-        columns = [row[1] for row in cursor.fetchall()]
-        if 'phone' not in columns:
-            cursor.execute('ALTER TABLE users ADD COLUMN phone TEXT')
-        if 'company' not in columns:
-            cursor.execute('ALTER TABLE users ADD COLUMN company TEXT')
-        conn.commit()
-    except Exception as e:
-        logging.error(f"Migration error: {str(e)}")
-        raise
-    finally:
-        conn.close()
-
-# Call migration on import
-migrate_add_phone_company_to_users()
+# All sqlite3 and local DB logic will be removed and replaced with SQLAlchemy/Postgres in the next step.
+# This file will be refactored to use SQLAlchemy models and sessions.
 
+from sqlalchemy import create_engine, Column, Integer, String, Text, Float, ForeignKey, DateTime
+from sqlalchemy.orm import declarative_base, sessionmaker, relationship
+from sqlalchemy.sql import func
+import os
+from sqlalchemy.exc import IntegrityError
+from werkzeug.security import check_password_hash, generate_password_hash
+
+# SQLAlchemy setup
+DATABASE_URL = os.environ.get('DATABASE_URL')
+engine = create_engine(DATABASE_URL)
+SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
+Base = declarative_base()
+
+# User model
+class User(Base):
+    __tablename__ = 'users'
+    id = Column(Integer, primary_key=True, index=True)
+    username = Column(String, unique=True, nullable=False, index=True)
+    email = Column(String, unique=True, nullable=False, index=True)
+    password_hash = Column(String, nullable=False)
+    phone = Column(String)
+    company = Column(String)
+    created_at = Column(DateTime(timezone=True), server_default=func.now())
+    documents = relationship('Document', back_populates='user')
+    question_answers = relationship('QuestionAnswer', back_populates='user')
+
+# Document model
+class Document(Base):
+    __tablename__ = 'documents'
+    id = Column(Integer, primary_key=True, index=True)
+    title = Column(String, nullable=False)
+    full_text = Column(Text)
+    summary = Column(Text)
+    clauses = Column(Text)
+    features = Column(Text)
+    context_analysis = Column(Text)
+    file_path = Column(String)
+    upload_time = Column(DateTime(timezone=True), server_default=func.now())
+    user_id = Column(Integer, ForeignKey('users.id'))
+    user = relationship('User', back_populates='documents')
+    question_answers = relationship('QuestionAnswer', back_populates='document')
+
+# QuestionAnswer model
+class QuestionAnswer(Base):
+    __tablename__ = 'question_answers'
+    id = Column(Integer, primary_key=True, index=True)
+    document_id = Column(Integer, ForeignKey('documents.id'), nullable=False)
+    user_id = Column(Integer, ForeignKey('users.id'), nullable=False)
+    question = Column(Text, nullable=False)
+    answer = Column(Text, nullable=False)
+    score = Column(Float, default=0.0)
+    created_at = Column(DateTime(timezone=True), server_default=func.now())
+    document = relationship('Document', back_populates='question_answers')
+    user = relationship('User', back_populates='question_answers')
+
+# Create tables if they don't exist
+Base.metadata.create_all(bind=engine)
+
+def get_db_session():
+    return SessionLocal()
+
+# --- Document CRUD ---
 def save_document(title, full_text, summary, clauses, features, context_analysis, file_path, user_id):
-    """Save a document to the database, associated with a user_id"""
+    session = get_db_session()
     try:
-        conn = get_db_connection()
-        cursor = conn.cursor()
-        cursor.execute('''
-        INSERT INTO documents (title, full_text, summary, clauses, features, context_analysis, file_path, user_id)
-        VALUES (?, ?, ?, ?, ?, ?, ?, ?)
-        ''', (title, full_text, summary, str(clauses), str(features), str(context_analysis), file_path, user_id))
-        conn.commit()
-        return cursor.lastrowid
+        doc = Document(
+            title=title,
+            full_text=full_text,
+            summary=summary,
+            clauses=str(clauses),
+            features=str(features),
+            context_analysis=str(context_analysis),
+            file_path=file_path,
+            user_id=user_id
+        )
+        session.add(doc)
+        session.commit()
+        return doc.id
     except Exception as e:
-        logging.error(f"Error saving document: {str(e)}")
+        session.rollback()
         raise
     finally:
-        conn.close()
+        session.close()
 
 def get_all_documents(user_id=None):
-    """Get all documents for a user from the database, including file size if available"""
+    session = get_db_session()
     try:
-        conn = get_db_connection()
-        cursor = conn.cursor()
+        query = session.query(Document)
         if user_id is not None:
-            cursor.execute('SELECT * FROM documents WHERE user_id = ? ORDER BY upload_time DESC', (user_id,))
-        else:
-            cursor.execute('SELECT * FROM documents ORDER BY upload_time DESC')
-        documents = [dict(row) for row in cursor.fetchall()]
+            query = query.filter(Document.user_id == user_id)
+        documents = query.order_by(Document.upload_time.desc()).all()
+        result = []
         for doc in documents:
-            file_path = doc.get('file_path')
-            if file_path and os.path.exists(file_path):
-                doc['size'] = os.path.getsize(file_path)
-            else:
-                doc['size'] = None
-        return documents
-    except Exception as e:
-        logging.error(f"Error fetching documents: {str(e)}")
-        raise
+            d = doc.__dict__.copy()
+            d.pop('_sa_instance_state', None)
+            result.append(d)
+        return result
     finally:
-        conn.close()
+        session.close()
 
 def get_document_by_id(doc_id, user_id=None):
-    """Get a specific document by ID, optionally filtered by user_id"""
+    session = get_db_session()
     try:
-        conn = get_db_connection()
-        cursor = conn.cursor()
+        query = session.query(Document).filter(Document.id == doc_id)
         if user_id is not None:
-            cursor.execute('SELECT * FROM documents WHERE id = ? AND user_id = ?', (doc_id, user_id))
-        else:
-            cursor.execute('SELECT * FROM documents WHERE id = ?', (doc_id,))
-        document = cursor.fetchone()
-        return dict(document) if document else None
-    except Exception as e:
-        logging.error(f"Error fetching document {doc_id}: {str(e)}")
-        raise
+            query = query.filter(Document.user_id == user_id)
+        doc = query.first()
+        if doc:
+            d = doc.__dict__.copy()
+            d.pop('_sa_instance_state', None)
+            return d
+        return None
     finally:
-        conn.close()
+        session.close()
 
 def delete_document(doc_id):
-    """Delete a document from the database and return its file_path"""
+    session = get_db_session()
     try:
-        conn = get_db_connection()
-        cursor = conn.cursor()
-        # Fetch the file_path before deleting
-        cursor.execute('SELECT file_path FROM documents WHERE id = ?', (doc_id,))
-        row = cursor.fetchone()
-        file_path = row[0] if row and row[0] else None
-        # Now delete the document
-        cursor.execute('DELETE FROM documents WHERE id = ?', (doc_id,))
-        conn.commit()
+        doc = session.query(Document).filter(Document.id == doc_id).first()
+        file_path = doc.file_path if doc else None
+        if doc:
+            session.delete(doc)
+            session.commit()
         return file_path
-    except Exception as e:
-        logging.error(f"Error deleting document {doc_id}: {str(e)}")
-        raise
     finally:
-        conn.close()
+        session.close()
 
+def search_documents(query, search_type='all'):
+    session = get_db_session()
+    try:
+        results = []
+        if query.isdigit():
+            docs = session.query(Document).filter(Document.id == int(query)).all()
+        else:
+            docs = session.query(Document).filter(Document.title.ilike(f'%{query}%')).order_by(Document.id.desc()).all()
+        for doc in docs:
+            results.append({
+                "id": doc.id,
+                "title": doc.title,
+                "summary": doc.summary or "",
+                "upload_time": doc.upload_time,
+                "match_score": 1.0
+            })
+        return results
+    finally:
+        session.close()
+
+# --- Q&A ---
 def search_questions_answers(query, user_id=None):
-    conn = get_db_connection()
-    c = conn.cursor()
+    session = get_db_session()
     try:
-        sql = '''
-            SELECT id, document_id, question, answer, created_at
-            FROM question_answers
-            WHERE (question LIKE ? OR answer LIKE ?)
-        '''
-        params = [f'%{query}%', f'%{query}%']
+        q = session.query(QuestionAnswer)
         if user_id is not None:
-            sql += ' AND user_id = ?'
-            params.append(user_id)
-        sql += ' ORDER BY created_at DESC'
-        c.execute(sql, params)
+            q = q.filter(QuestionAnswer.user_id == user_id)
+        q = q.filter((QuestionAnswer.question.ilike(f'%{query}%')) | (QuestionAnswer.answer.ilike(f'%{query}%')))
+        q = q.order_by(QuestionAnswer.created_at.desc())
         results = []
-        for row in c.fetchall():
+        for row in q.all():
             results.append({
-                'id': row[0],
-                'document_id': row[1],
-                'question': row[2],
-                'answer': row[3],
-                'created_at': row[4]
+                'id': row.id,
+                'document_id': row.document_id,
+                'question': row.question,
+                'answer': row.answer,
+                'created_at': row.created_at
             })
         return results
+    finally:
+        session.close()
+
+def save_question_answer(document_id, user_id, question, answer, score):
+    session = get_db_session()
+    try:
+        qa = QuestionAnswer(
+            document_id=document_id,
+            user_id=user_id,
+            question=question,
+            answer=answer,
+            score=score
+        )
+        session.add(qa)
+        session.commit()
     except Exception as e:
-        logging.error(f"Error searching questions/answers: {str(e)}")
+        session.rollback()
         raise
     finally:
-        conn.close()
+        session.close()
 
+# --- User Profile ---
 def get_user_profile(username):
-    """Fetch user profile details by username."""
+    session = get_db_session()
     try:
-        conn = get_db_connection()
-        cursor = conn.cursor()
-        cursor.execute('SELECT username, email, phone, company FROM users WHERE username = ?', (username,))
-        row = cursor.fetchone()
-        return dict(row) if row else None
-    except Exception as e:
-        logging.error(f"Error fetching user profile: {str(e)}")
-        raise
+        user = session.query(User).filter(User.username == username).first()
+        if user:
+            return {
+                'username': user.username,
+                'email': user.email,
+                'phone': user.phone,
+                'company': user.company
+            }
+        return None
     finally:
-        conn.close()
+        session.close()
 
 def update_user_profile(username, email, phone, company):
-    """Update user profile details."""
+    session = get_db_session()
     try:
-        conn = get_db_connection()
-        cursor = conn.cursor()
-        cursor.execute('''
-            UPDATE users SET email = ?, phone = ?, company = ? WHERE username = ?
-        ''', (email, phone, company, username))
-        conn.commit()
-        return cursor.rowcount > 0
-    except Exception as e:
-        logging.error(f"Error updating user profile: {str(e)}")
-        raise
+        user = session.query(User).filter(User.username == username).first()
+        if user:
+            user.email = email
+            user.phone = phone
+            user.company = company
+            session.commit()
+            return True
+        return False
     finally:
-        conn.close()
+        session.close()
 
 def change_user_password(username, current_password, new_password):
-    """Change user password if current password matches."""
+    session = get_db_session()
     try:
-        conn = get_db_connection()
-        cursor = conn.cursor()
-        cursor.execute('SELECT password_hash FROM users WHERE username = ?', (username,))
-        row = cursor.fetchone()
-        if not row:
+        user = session.query(User).filter(User.username == username).first()
+        if not user:
             return False, 'User not found'
-        from werkzeug.security import check_password_hash, generate_password_hash
-        if not check_password_hash(row[0], current_password):
+        if not check_password_hash(user.password_hash, current_password):
             return False, 'Current password is incorrect'
-        new_hash = generate_password_hash(new_password)
-        cursor.execute('UPDATE users SET password_hash = ? WHERE username = ?', (new_hash, username))
-        conn.commit()
+        user.password_hash = generate_password_hash(new_password)
+        session.commit()
         return True, 'Password updated successfully'
-    except Exception as e:
-        logging.error(f"Error changing password: {str(e)}")
-        raise
     finally:
-        conn.close()
+        session.close()

backend/app/routes/routes.py

@@ -1,5 +1,4 @@
 import os
-import sqlite3
 from flask import Blueprint, request, jsonify, send_from_directory, current_app
 from werkzeug.utils import secure_filename
 from app.utils.extract_text import extract_text_from_pdf
@@ -7,7 +6,7 @@ from app.utils.summarizer import generate_summary
 from app.utils.clause_detector import detect_clauses
 from app.database import save_document, delete_document
 from app.database import get_all_documents, get_document_by_id
-from app.database import search_documents
+from app.database import search_documents, save_question_answer, search_questions_answers
 from app.nlp.qa import answer_question
 from flask_jwt_extended import create_access_token, jwt_required, get_jwt_identity, exceptions as jwt_exceptions
 from flask_jwt_extended.exceptions import JWTDecodeError as JWTError
@@ -19,6 +18,9 @@ from app.utils.context_understanding import ContextUnderstanding
 import logging
 import textract
 from app.database import get_user_profile, update_user_profile, change_user_password
+from app.database import SessionLocal, User
+from sqlalchemy.exc import IntegrityError
+from sqlalchemy import or_
 
 main = Blueprint("main", __name__)
 
@@ -28,7 +30,6 @@ legal_domain_processor = LegalDomainFeatures()
 context_processor = ContextUnderstanding()
 
 BASE_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), '..', '..'))
-DB_PATH = os.path.join(BASE_DIR, 'legal_docs.db')
 UPLOAD_FOLDER = os.path.join(BASE_DIR, 'uploads')
 
 # Ensure the upload folder exists
@@ -53,41 +54,35 @@ def extract_text_from_file(file_path):
     else:
         raise Exception("Unsupported file type for text extraction.")
 
+def get_user_id_by_username(username):
+    session = SessionLocal()
+    try:
+        user = session.query(User).filter(User.username == username).first()
+        return user.id if user else None
+    finally:
+        session.close()
+
 @main.route('/upload', methods=['POST'])
 @jwt_required()
 def upload_file():
     try:
         if 'file' not in request.files:
             return jsonify({'error': 'No file part'}), 400
-        
         file = request.files['file']
-        if file.filename == '':
+        if not file or file.filename == '':
             return jsonify({'error': 'No selected file'}), 400
-
-        # Only allow PDF files
         if not (file.filename.lower().endswith('.pdf')):
             return jsonify({'error': 'File type not allowed. Only PDF files are supported.'}), 400
-
-        # Save file first
         filename = secure_filename(file.filename)
         file_path = os.path.join(UPLOAD_FOLDER, filename)
         file.save(file_path)
-
-        # Get user_id from JWT identity
         identity = get_jwt_identity()
-        conn = sqlite3.connect(DB_PATH)
-        cursor = conn.cursor()
-        cursor.execute('SELECT id FROM users WHERE username = ?', (identity,))
-        user_row = cursor.fetchone()
-        conn.close()
-        if not user_row:
+        user_id = get_user_id_by_username(identity)
+        if not user_id:
             return jsonify({"success": False, "error": "User not found"}), 401
-        user_id = user_row[0]
-
-        # Create initial document entry
         doc_id = save_document(
             title=filename,
-            full_text="",  # Will be updated later
+            full_text="",
             summary="Processing...",
             clauses="[]",
             features="{}",
@@ -95,89 +90,44 @@ def upload_file():
             file_path=file_path,
             user_id=user_id
         )
-
-        # Return immediate response with document ID
         return jsonify({
             'message': 'File uploaded successfully',
             'document_id': doc_id,
             'title': filename,
             'status': 'processing'
         }), 200
-
     except Exception as e:
         logging.error(f"Error during file upload: {str(e)}")
         return jsonify({'error': str(e)}), 500
 
-
 @main.route('/documents', methods=['GET'])
 @jwt_required()
 def list_documents():
-    logging.debug("Attempting to list documents...")
     try:
-        identity = get_jwt_identity()
-        logging.debug(f"JWT identity for listing documents: {identity}")
         docs = get_all_documents()
-        logging.info(f"Successfully fetched {len(docs)} documents.")
         return jsonify(docs), 200
-    except jwt_exceptions.NoAuthorizationError as e:
-        logging.error(f"No authorization token provided for list documents: {str(e)}")
-        return jsonify({"success": False, "error": "Authorization token missing"}), 401
-    except jwt_exceptions.InvalidHeaderError as e:
-        logging.error(f"Invalid authorization header for list documents: {str(e)}")
-        return jsonify({"success": False, "error": "Invalid authorization header"}), 422
-    except JWTError as e: # Catch general JWT errors
-        logging.error(f"JWT error for list documents: {str(e)}")
-        return jsonify({"success": False, "error": f"JWT error: {str(e)}"}), 422
     except Exception as e:
         logging.error(f"Error listing documents: {str(e)}", exc_info=True)
         return jsonify({"error": str(e)}), 500
 
-
 @main.route('/get_document/<int:doc_id>', methods=['GET'])
 @jwt_required()
 def get_document(doc_id):
-    logging.debug(f"Attempting to get document with ID: {doc_id}")
     try:
-        identity = get_jwt_identity()
-        logging.debug(f"JWT identity for getting document: {identity}")
         doc = get_document_by_id(doc_id)
         if doc:
-            logging.info(f"Successfully fetched document {doc_id}")
             return jsonify(doc), 200
         else:
-            logging.warning(f"Document with ID {doc_id} not found.")
             return jsonify({"error": "Document not found"}), 404
-    except jwt_exceptions.NoAuthorizationError as e:
-        logging.error(f"No authorization token provided for get document: {str(e)}")
-        return jsonify({"success": False, "error": "Authorization token missing"}), 401
-    except jwt_exceptions.InvalidHeaderError as e:
-        logging.error(f"Invalid authorization header for get document: {str(e)}")
-        return jsonify({"success": False, "error": "Invalid authorization header"}), 422
-    except JWTError as e: # Catch general JWT errors
-        logging.error(f"JWT error for get document: {str(e)}")
-        return jsonify({"success": False, "error": f"JWT error: {str(e)}"}), 422
     except Exception as e:
         logging.error(f"Error getting document {doc_id}: {str(e)}", exc_info=True)
         return jsonify({"error": str(e)}), 500
 
-
 @main.route('/documents/download/<filename>', methods=['GET'])
 @jwt_required()
 def download_document(filename):
-    logging.debug(f"Attempting to download file: {filename}")
     try:
-        identity = get_jwt_identity()
-        logging.debug(f"JWT identity for downloading document: {identity}")
         return send_from_directory(UPLOAD_FOLDER, filename, as_attachment=True)
-    except jwt_exceptions.NoAuthorizationError as e:
-        logging.error(f"No authorization token provided for download document: {str(e)}")
-        return jsonify({"success": False, "error": "Authorization token missing"}), 401
-    except jwt_exceptions.InvalidHeaderError as e:
-        logging.error(f"Invalid authorization header for download document: {str(e)}")
-        return jsonify({"success": False, "error": "Invalid authorization header"}), 422
-    except JWTError as e: # Catch general JWT errors
-        logging.error(f"JWT error for download document: {str(e)}")
-        return jsonify({"success": False, "error": f"JWT error: {str(e)}"}), 422
     except Exception as e:
         logging.error(f"Error downloading file {filename}: {str(e)}", exc_info=True)
         return jsonify({"error": f"Error downloading file: {str(e)}"}), 500
@@ -185,20 +135,8 @@ def download_document(filename):
 @main.route('/documents/view/<filename>', methods=['GET'])
 @jwt_required()
 def view_document(filename):
-    logging.debug(f"Attempting to view file: {filename}")
     try:
-        identity = get_jwt_identity()
-        logging.debug(f"JWT identity for viewing document: {identity}")
         return send_from_directory(UPLOAD_FOLDER, filename)
-    except jwt_exceptions.NoAuthorizationError as e:
-        logging.error(f"No authorization token provided for view document: {str(e)}")
-        return jsonify({"success": False, "error": "Authorization token missing"}), 401
-    except jwt_exceptions.InvalidHeaderError as e:
-        logging.error(f"Invalid authorization header for view document: {str(e)}")
-        return jsonify({"success": False, "error": "Invalid authorization header"}), 422
-    except JWTError as e: # Catch general JWT errors
-        logging.error(f"JWT error for view document: {str(e)}")
-        return jsonify({"success": False, "error": f"JWT error: {str(e)}"}), 422
     except Exception as e:
         logging.error(f"Error viewing file {filename}: {str(e)}", exc_info=True)
         return jsonify({"error": f"Error viewing file: {str(e)}"}), 500
@@ -206,30 +144,15 @@ def view_document(filename):
 @main.route('/documents/<int:doc_id>', methods=['DELETE'])
 @jwt_required()
 def delete_document_route(doc_id):
-    logging.debug(f"Attempting to delete document with ID: {doc_id}")
     try:
-        identity = get_jwt_identity()
-        logging.debug(f"JWT identity for deleting document: {identity}")
-        file_path_to_delete = delete_document(doc_id) # This returns the file path
+        file_path_to_delete = delete_document(doc_id)
         if file_path_to_delete and os.path.exists(file_path_to_delete):
             os.remove(file_path_to_delete)
-            logging.info(f"Successfully deleted file {file_path_to_delete} from file system.")
-        logging.info(f"Document {doc_id} deleted from database.")
         return jsonify({"success": True, "message": "Document deleted successfully"}), 200
-    except jwt_exceptions.NoAuthorizationError as e:
-        logging.error(f"No authorization token provided for delete document: {str(e)}")
-        return jsonify({"success": False, "error": "Authorization token missing"}), 401
-    except jwt_exceptions.InvalidHeaderError as e:
-        logging.error(f"Invalid authorization header for delete document: {str(e)}")
-        return jsonify({"success": False, "error": "Invalid authorization header"}), 422
-    except JWTError as e: # Catch general JWT errors
-        logging.error(f"JWT error for delete document: {str(e)}")
-        return jsonify({"success": False, "error": f"JWT error: {str(e)}"}), 422
     except Exception as e:
         logging.error(f"Error deleting document {doc_id}: {str(e)}", exc_info=True)
         return jsonify({"success": False, "error": f"Error deleting document: {str(e)}"}), 500
 
-
 @main.route('/register', methods=['POST'])
 @handle_errors
 def register():
@@ -237,32 +160,25 @@ def register():
     username = data.get("username")
     password = data.get("password")
     email = data.get("email")
-
     if not username or not password:
         logging.warning("Registration attempt with missing username or password.")
         return jsonify({"error": "Username and password are required"}), 400
-
     hashed_pw = generate_password_hash(password)
-    conn = None
-
+    session = SessionLocal()
     try:
-        conn = sqlite3.connect(DB_PATH)
-        cursor = conn.cursor()
-        cursor.execute("INSERT INTO users (username, password_hash, email) VALUES (?, ?, ?)", (username, hashed_pw, email))
-        conn.commit()
-        logging.info(f"User {username} registered successfully.")
+        user = User(username=username, password_hash=hashed_pw, email=email)
+        session.add(user)
+        session.commit()
         return jsonify({"message": "User registered successfully", "username": username, "email": email}), 201
-    except sqlite3.IntegrityError:
-        logging.warning(f"Registration attempt for existing username: {username}")
+    except IntegrityError:
+        session.rollback()
         return jsonify({"error": "Username already exists"}), 409
     except Exception as e:
+        session.rollback()
         logging.error(f"Database error during registration: {str(e)}", exc_info=True)
         return jsonify({"error": f"Database error: {str(e)}"}), 500
     finally:
-        if conn:
-            conn.close()
-    
-
+        session.close()
 
 @main.route('/login', methods=['POST'])
 @handle_errors
@@ -270,91 +186,60 @@ def login():
     data = request.get_json()
     username = data.get("username")
     password = data.get("password")
-
     if not username or not password:
         logging.warning("Login attempt with missing username or password.")
         return jsonify({"error": "Username and password are required"}), 400
-
-    conn = None
+    session = SessionLocal()
     try:
-        conn = sqlite3.connect(DB_PATH)
-        cursor = conn.cursor()
-        # Allow login with either username or email
-        cursor.execute(
-            "SELECT password_hash, email, username FROM users WHERE username = ? OR email = ?",
-            (username, username)
-        )
-        user = cursor.fetchone()
-        conn.close()
-
-        logging.debug(f"Login attempt for user: {username}")
-        if user:
-            stored_password_hash = user[0]
-            user_email = user[1]
-            user_username = user[2]
-            password_match = check_password_hash(stored_password_hash, password)
-            if password_match:
-                access_token = create_access_token(identity=user_username)
-                logging.info(f"User {user_username} logged in successfully.")
-                return jsonify(access_token=access_token, username=user_username, email=user_email), 200
-            else:
-                logging.warning(f"Failed login attempt for username/email: {username} - Incorrect password.")
-                return jsonify({"error": "Bad username or password"}), 401
+        user = session.query(User).filter(or_(User.username == username, User.email == username)).first()
+        if user and check_password_hash(user.password_hash, password):
+            access_token = create_access_token(identity=user.username)
+            return jsonify(access_token=access_token, username=user.username, email=user.email), 200
         else:
-            logging.warning(f"Failed login attempt: Username or email {username} not found.")
             return jsonify({"error": "Bad username or password"}), 401
     except Exception as e:
         logging.error(f"Database error during login: {str(e)}", exc_info=True)
         return jsonify({"error": f"Database error: {str(e)}"}), 500
     finally:
-        if conn:
-            conn.close()
-
+        session.close()
 
 @main.route('/process-document/<int:doc_id>', methods=['POST'])
 @jwt_required()
 def process_document(doc_id):
     try:
-        # Get the document
         document = get_document_by_id(doc_id)
         if not document:
             return jsonify({'error': 'Document not found'}), 404
-
         file_path = document['file_path']
-        
-        # Extract text
         text = extract_text_from_file(file_path)
         if not text:
             return jsonify({'error': 'Could not extract text from file'}), 400
-
-        # Process the document
         summary = generate_summary(text)
         clauses = detect_clauses(text)
         features = legal_domain_processor.process_legal_document(text)
         context_analysis = context_processor.analyze_context(text)
-
         # Update the document with processed content
-        conn = sqlite3.connect(DB_PATH)
-        cursor = conn.cursor()
-        cursor.execute('''
-        UPDATE documents 
-        SET full_text = ?, summary = ?, clauses = ?, features = ?, context_analysis = ?
-        WHERE id = ?
-        ''', (text, summary, str(clauses), str(features), str(context_analysis), doc_id))
-        conn.commit()
-        conn.close()
-
+        session = SessionLocal()
+        try:
+            doc = session.query(User).get(doc_id)
+            if doc:
+                doc.full_text = text
+                doc.summary = summary
+                doc.clauses = str(clauses)
+                doc.features = str(features)
+                doc.context_analysis = str(context_analysis)
+                session.commit()
+        finally:
+            session.close()
         return jsonify({
             'message': 'Document processed successfully',
             'document_id': doc_id,
             'status': 'completed'
         }), 200
-
     except Exception as e:
         logging.error(f"Error processing document: {str(e)}")
         return jsonify({'error': str(e)}), 500
 
-
 @main.route('/documents/summary/<int:doc_id>', methods=['POST'])
 @jwt_required()
 def generate_document_summary(doc_id):
@@ -362,24 +247,25 @@ def generate_document_summary(doc_id):
         doc = get_document_by_id(doc_id)
         if not doc:
             return jsonify({"error": "Document not found"}), 404
-        # If summary exists and is not empty, return it
         summary = doc.get('summary', '')
         if summary and summary.strip() and summary != 'Processing...':
             return jsonify({"summary": summary}), 200
         file_path = doc.get('file_path', '')
         if not file_path or not os.path.exists(file_path):
             return jsonify({"error": "File not found for this document"}), 404
-        # Extract text from file (PDF, DOC, DOCX)
         text = extract_text_from_file(file_path)
         if not text.strip():
             return jsonify({"error": "No text available for summarization"}), 400
         summary = generate_summary(text)
         # Save the summary to the database
-        conn = sqlite3.connect(DB_PATH)
-        cursor = conn.cursor()
-        cursor.execute('UPDATE documents SET summary = ? WHERE id = ?', (summary, doc_id))
-        conn.commit()
-        conn.close()
+        session = SessionLocal()
+        try:
+            document = session.query(User).get(doc_id)
+            if document:
+                document.summary = summary
+                session.commit()
+        finally:
+            session.close()
         return jsonify({"summary": summary}), 200
     except Exception as e:
         return jsonify({"error": f"Error generating summary: {str(e)}"}), 500
@@ -387,50 +273,29 @@ def generate_document_summary(doc_id):
 @main.route('/ask-question', methods=['POST', 'OPTIONS'])
 def ask_question():
     if request.method == 'OPTIONS':
-        # Allow CORS preflight without authentication
         return '', 204
     return _ask_question_impl()
 
 @jwt_required()
 def _ask_question_impl():
-    logging.debug('ask_question route called. Method: %s', request.method)
     data = request.get_json()
     document_id = data.get('document_id')
     question = data.get('question', '').strip()
     if not document_id or not question:
-        logging.debug('Missing document_id or question in /ask-question')
         return jsonify({"success": False, "error": "document_id and question are required"}), 400
     if not question:
-        logging.debug('Empty question in /ask-question')
         return jsonify({"success": False, "error": "Question cannot be empty"}), 400
     identity = get_jwt_identity()
-    conn = sqlite3.connect(DB_PATH)
-    cursor = conn.cursor()
-    cursor.execute('SELECT id FROM users WHERE username = ?', (identity,))
-    user_row = cursor.fetchone()
-    if not user_row:
-        conn.close()
-        logging.debug('User not found in /ask-question')
-        return jsonify({"success": False, "error": "User not found"}), 401
-    user_id = user_row[0]
-    # Fetch document and check ownership
-    cursor.execute('SELECT summary FROM documents WHERE id = ? AND user_id = ?', (document_id, user_id))
-    row = cursor.fetchone()
-    conn.close()
-    if not row:
-        logging.debug('Document not found or not owned by user in /ask-question')
+    user_id = get_user_id_by_username(identity)
+    doc = get_document_by_id(document_id, user_id=user_id)
+    if not doc:
         return jsonify({"success": False, "error": "Document not found or not owned by user"}), 404
-    summary = row[0]
+    summary = doc.get('summary', '')
     if not summary or not summary.strip():
-        logging.debug('Summary not available for this document in /ask-question')
         return jsonify({"success": False, "error": "Summary not available for this document"}), 400
     try:
         result = answer_question(question, summary)
-        logging.debug('Answer generated successfully in /ask-question')
-        
-        # Save the question and answer to database
         save_question_answer(document_id, user_id, question, result.get('answer', ''), result.get('score', 0.0))
-        
         return jsonify({"success": True, "answer": result.get('answer', ''), "score": result.get('score', 0.0)}), 200
     except Exception as e:
         logging.error(f"Error answering question: {str(e)}")
@@ -441,62 +306,17 @@ def _ask_question_impl():
 def get_previous_questions(doc_id):
     try:
         identity = get_jwt_identity()
-        conn = sqlite3.connect(DB_PATH)
-        cursor = conn.cursor()
-        cursor.execute('SELECT id FROM users WHERE username = ?', (identity,))
-        user_row = cursor.fetchone()
-        if not user_row:
-            conn.close()
-            return jsonify({"success": False, "error": "User not found"}), 401
-        user_id = user_row[0]
-        
-        # Check if document belongs to user
-        cursor.execute('SELECT id FROM documents WHERE id = ? AND user_id = ?', (doc_id, user_id))
-        if not cursor.fetchone():
-            conn.close()
+        user_id = get_user_id_by_username(identity)
+        doc = get_document_by_id(doc_id, user_id=user_id)
+        if not doc:
             return jsonify({"success": False, "error": "Document not found or not owned by user"}), 404
-        
-        # Fetch previous questions for this document
-        cursor.execute('''
-            SELECT id, question, answer, score, created_at 
-            FROM question_answers 
-            WHERE document_id = ? AND user_id = ? 
-            ORDER BY created_at DESC
-        ''', (doc_id, user_id))
-        
-        questions = []
-        for row in cursor.fetchall():
-            questions.append({
-                'id': row[0],
-                'question': row[1],
-                'answer': row[2],
-                'score': row[3],
-                'timestamp': row[4]
-            })
-        
-        conn.close()
+        qa_results = search_questions_answers('', user_id=user_id)
+        questions = [q for q in qa_results if q['document_id'] == doc_id]
         return jsonify({"success": True, "questions": questions}), 200
-        
     except Exception as e:
         logging.error(f"Error fetching previous questions: {str(e)}")
         return jsonify({"success": False, "error": f"Error fetching previous questions: {str(e)}"}), 500
 
-def save_question_answer(document_id, user_id, question, answer, score):
-    """Save question and answer to database"""
-    try:
-        conn = sqlite3.connect(DB_PATH)
-        cursor = conn.cursor()
-        cursor.execute('''
-            INSERT INTO question_answers (document_id, user_id, question, answer, score, created_at)
-            VALUES (?, ?, ?, ?, ?, CURRENT_TIMESTAMP)
-        ''', (document_id, user_id, question, answer, score))
-        conn.commit()
-        conn.close()
-        logging.info(f"Question and answer saved for document {document_id}")
-    except Exception as e:
-        logging.error(f"Error saving question and answer: {str(e)}")
-        raise
-
 @main.route('/search', methods=['GET'])
 @jwt_required()
 def search_all():
@@ -505,19 +325,8 @@ def search_all():
         if not query:
             return jsonify({'error': 'Query parameter "q" is required.'}), 400
         identity = get_jwt_identity()
-        # Get user_id
-        conn = sqlite3.connect(DB_PATH)
-        cursor = conn.cursor()
-        cursor.execute('SELECT id FROM users WHERE username = ?', (identity,))
-        user_row = cursor.fetchone()
-        conn.close()
-        if not user_row:
-            return jsonify({'error': 'User not found'}), 401
-        user_id = user_row[0]
-        # Search documents (title, summary)
-        from app.database import search_documents, search_questions_answers
+        user_id = get_user_id_by_username(identity)
         doc_results = search_documents(query)
-        # Search Q&A
         qa_results = search_questions_answers(query, user_id=user_id)
         return jsonify({
             'documents': doc_results,
@@ -575,34 +384,16 @@ def change_password():
 def dashboard_stats():
     try:
         identity = get_jwt_identity()
-        # Get user_id
-        conn = sqlite3.connect(DB_PATH)
-        cursor = conn.cursor()
-        cursor.execute('SELECT id FROM users WHERE username = ?', (identity,))
-        user_row = cursor.fetchone()
-        if not user_row:
-            conn.close()
-            return jsonify({'error': 'User not found'}), 401
-        user_id = user_row[0]
-        conn.close()
-
-        # Get all documents for this user
-        from app.database import get_all_documents
+        user_id = get_user_id_by_username(identity)
         documents = get_all_documents(user_id=user_id)
         total_documents = len(documents)
         processed_documents = sum(1 for doc in documents if doc.get('summary') and doc.get('summary') != 'Processing...')
         pending_analysis = total_documents - processed_documents
-
-        # Count recent questions (last 30 days)
-        conn = sqlite3.connect(DB_PATH)
-        cursor = conn.cursor()
-        cursor.execute('''
-            SELECT COUNT(*) FROM question_answers 
-            WHERE user_id = ? AND created_at >= datetime('now', '-30 days')
-        ''', (user_id,))
-        recent_questions = cursor.fetchone()[0]
-        conn.close()
-
+        qa_results = search_questions_answers('', user_id=user_id)
+        from datetime import datetime, timedelta
+        now = datetime.utcnow()
+        last_30_days = now - timedelta(days=30)
+        recent_questions = sum(1 for q in qa_results if q['created_at'] and q['created_at'] >= last_30_days)
         return jsonify({
             'total_documents': total_documents,
             'processed_documents': processed_documents,

backend/create_db.py

@@ -1,17 +0,0 @@
-import sqlite3
-
-conn = sqlite3.connect('./legal_docs.db')
-cursor = conn.cursor()
-
-cursor.execute('''
-CREATE TABLE IF NOT EXISTS users (
-    id INTEGER PRIMARY KEY AUTOINCREMENT,
-    username TEXT UNIQUE NOT NULL,
-    password_hash TEXT NOT NULL,
-    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
-)
-''')
-
-conn.commit()
-conn.close()
-