Update routes/sendnotifications.py

routes/sendnotifications.py

@@ -1,17 +1,25 @@
 import os
 import aiohttp
-from fastapi import APIRouter, HTTPException
+from fastapi import APIRouter, HTTPException, Header
 from pydantic import BaseModel
 from google.oauth2 import service_account
 from google.auth.transport.requests import Request
 
 router = APIRouter()
 
-# Supabase config (pegando das variáveis de ambiente)
-SUPABASE_URL = "https://ussxqnifefkgkaumjann.supabase.co"  # Ajuste pro seu projeto
+# 🔧 Supabase Config
+SUPABASE_URL = "https://ussxqnifefkgkaumjann.supabase.co"  # ajuste para seu Supabase
+SUPABASE_KEY = os.getenv("SUPA_KEY")
 SUPABASE_ROLE_KEY = os.getenv("SUPA_SERVICE_KEY")
-if not SUPABASE_ROLE_KEY:
-    raise ValueError("❌ SUPA_SERVICE_KEY not set in environment!")
+
+if not SUPABASE_KEY or not SUPABASE_ROLE_KEY:
+    raise ValueError("❌ SUPA_KEY or SUPA_SERVICE_KEY not set in environment!")
+
+SUPABASE_HEADERS = {
+    "apikey": SUPABASE_KEY,
+    "Authorization": f"Bearer {SUPABASE_KEY}",
+    "Content-Type": "application/json"
+}
 
 SUPABASE_ROLE_HEADERS = {
     "apikey": SUPABASE_ROLE_KEY,
@@ -24,37 +32,40 @@ SUPABASE_ROLE_HEADERS = {
 SERVICE_ACCOUNT_FILE = './closetcoach-2d50b-firebase-adminsdk-fbsvc-7fcccb1.json'
 FCM_PROJECT_ID = "closetcoach-2d50b"
 
-def get_access_token():
-    credentials = service_account.Credentials.from_service_account_file(
-        SERVICE_ACCOUNT_FILE
-    )
-    scoped_credentials = credentials.with_scopes(
-        ['https://www.googleapis.com/auth/firebase.messaging']
-    )
-    scoped_credentials.refresh(Request())
-    return scoped_credentials.token
-
 class NotificationRequest(BaseModel):
     keyword: str
-    initiator_id: str
     target_user_id: str
 
-async def fetch_supabase(table: str, select: str, filters: dict):
-    # Monta query params
+async def verify_user_token(user_token: str) -> str:
+    headers = {
+        "Authorization": f"Bearer {user_token}",
+        "apikey": SUPABASE_KEY,
+        "Content-Type": "application/json"
+    }
+
+    async with aiohttp.ClientSession() as session:
+        async with session.get(f"{SUPABASE_URL}/auth/v1/user", headers=headers) as response:
+            if response.status != 200:
+                raise HTTPException(status_code=401, detail="Token inválido ou expirado")
+
+            user_data = await response.json()
+            user_id = user_data.get("id")
+            if not user_id:
+                raise HTTPException(status_code=400, detail="ID do usuário não encontrado")
+
+    return user_id
+
+async def fetch_supabase(table: str, select: str, filters: dict, headers=SUPABASE_ROLE_HEADERS):
     filter_query = '&'.join([f'{k}=eq.{v}' for k, v in filters.items()])
     url = f"{SUPABASE_URL}/rest/v1/{table}?select={select}&{filter_query}"
 
     async with aiohttp.ClientSession() as session:
-        async with session.get(url, headers=SUPABASE_ROLE_HEADERS) as resp:
+        async with session.get(url, headers=headers) as resp:
             if resp.status != 200:
                 detail = await resp.text()
                 raise HTTPException(status_code=500, detail=f"Erro Supabase: {detail}")
             return await resp.json()
 
-async def check_follow_exists(follower_id: str, following_id: str) -> bool:
-    result = await fetch_supabase("followers", "id", {"follower_id": follower_id, "following_id": following_id})
-    return len(result) > 0
-
 def format_name(full_name: str) -> str:
     parts = full_name.strip().split()
     if len(parts) == 1:
@@ -67,8 +78,22 @@ async def get_user_info(user_id: str):
         return None
     return users[0]
 
-def build_notification_payload(title: str, body: str, token: str) -> dict:
-    return {
+async def check_follow_exists(follower_id: str, following_id: str) -> bool:
+    result = await fetch_supabase("followers", "id", {"follower_id": follower_id, "following_id": following_id})
+    return len(result) > 0
+
+def get_access_token():
+    credentials = service_account.Credentials.from_service_account_file(
+        SERVICE_ACCOUNT_FILE
+    )
+    scoped_credentials = credentials.with_scopes(
+        ['https://www.googleapis.com/auth/firebase.messaging']
+    )
+    scoped_credentials.refresh(Request())
+    return scoped_credentials.token
+
+async def send_fcm_notification(title: str, body: str, token: str):
+    payload = {
         "message": {
             "notification": {
                 "title": title,
@@ -78,7 +103,6 @@ def build_notification_payload(title: str, body: str, token: str) -> dict:
         }
     }
 
-async def send_fcm_notification(payload: dict):
     access_token = get_access_token()
     headers = {
         "Authorization": f"Bearer {access_token}",
@@ -94,35 +118,36 @@ async def send_fcm_notification(payload: dict):
             return await resp.json()
 
 @router.post("/send-notification")
-async def send_notification(data: NotificationRequest):
-    keyword = data.keyword.lower()
-
-    initiator = await get_user_info(data.initiator_id)
-    if not initiator:
-        raise HTTPException(status_code=404, detail="Initiator user not found")
-
-    target = await get_user_info(data.target_user_id)
-    if not target or not target.get("token_fcm"):
-        raise HTTPException(status_code=404, detail="Target user or token not found")
+async def send_notification(
+    data: NotificationRequest,
+    user_token: str = Header(..., alias="User-key")
+):
+    follower_id = await verify_user_token(user_token)
+    target_user_id = data.target_user_id
+
+    if data.keyword == "follow":
+        # verifica se usuário alvo existe e tem token
+        target_user = await get_user_info(target_user_id)
+        if not target_user or not target_user.get("token_fcm"):
+            raise HTTPException(status_code=404, detail="Usuário alvo ou token FCM não encontrado")
+
+        # verifica se a relação de follow existe mesmo
+        if not await check_follow_exists(follower_id, target_user_id):
+            raise HTTPException(status_code=403, detail="Relação de follow não encontrada")
+
+        # pega nome do follower para notificação
+        follower = await get_user_info(follower_id)
+        if not follower or not follower.get("name"):
+            raise HTTPException(status_code=404, detail="Usuário follower não encontrado")
+
+        follower_name = format_name(follower["name"])
 
-    if keyword == "follow":
-        if not await check_follow_exists(data.initiator_id, data.target_user_id):
-            raise HTTPException(status_code=403, detail="Follow relationship not found")
-
-        follower_name = format_name(initiator["name"])
         title = "Novo seguidor!"
         body = f"{follower_name} começou a seguir você."
 
-    elif keyword == "like":
-        liker_name = format_name(initiator["name"])
-        title = "Nova curtida!"
-        body = f"{liker_name} curtiu sua publicação."
-
-    else:
-        raise HTTPException(status_code=400, detail="Keyword não suportada")
+        fcm_response = await send_fcm_notification(title, body, target_user["token_fcm"])
 
-    payload = build_notification_payload(title, body, target["token_fcm"])
+        return {"detail": "Notificação de follow enviada com sucesso", "fcm_response": fcm_response}
 
-    result = await send_fcm_notification(payload)
-
-    return {"detail": "Notification sent successfully", "fcm_response": result}
+    else:
+        raise HTTPException(status_code=400, detail="Keyword não suportada")