from fastapi import FastAPI, Depends, HTTPException, APIRouter, status, Response from fastapi.middleware.cors import CORSMiddleware from sqlalchemy.orm import Session from typing import List, Optional, Dict, Any from datetime import datetime, timedelta, date import json import csv import io from .database import engine, get_db, Base from .models import ( Drug, DrugVariant, Dispensing, DispensingAllocation, Location, Batch, AuditLog, User, ) from .auth import hash_password, verify_password, create_access_token, get_current_user, get_current_admin_user, get_current_non_readonly_user, ACCESS_TOKEN_EXPIRE_MINUTES from .mqtt_service import publish_label_print_with_response from .migrate_to_roles import migrate_users_table from .migrate_compliance import migrate_compliance_schema from pydantic import BaseModel # Run migration to convert is_admin to role try: migrate_users_table() except Exception as e: print(f"Warning: Migration failed: {e}. Continuing anyway...") try: migrate_compliance_schema() except Exception as e: print(f"Warning: Compliance migration failed: {e}. Continuing anyway...") # Create tables Base.metadata.create_all(bind=engine) # Seed default locations after table creation. try: migrate_compliance_schema() except Exception as e: print(f"Warning: Compliance seed pass failed: {e}. Continuing anyway...") app = FastAPI(title="Drug Inventory API") # CORS middleware for frontend app.add_middleware( CORSMiddleware, allow_origins=["*"], # In production, restrict this allow_credentials=True, allow_methods=["*"], allow_headers=["*"], ) # Create a router with /api prefix router = APIRouter(prefix="/api") # Pydantic schemas class UserCreate(BaseModel): username: str password: str role: Optional[str] = "user" # admin, user, readonly class PasswordChange(BaseModel): current_password: str new_password: str class AdminPasswordChange(BaseModel): new_password: str class UserResponse(BaseModel): id: int username: str role: str class Config: from_attributes = True class TokenResponse(BaseModel): access_token: str token_type: str user: UserResponse class DrugCreate(BaseModel): name: str description: Optional[str] = None is_controlled: bool = False class DrugUpdate(BaseModel): name: Optional[str] = None description: Optional[str] = None is_controlled: Optional[bool] = None class LocationCreate(BaseModel): name: str class LocationUpdate(BaseModel): name: Optional[str] = None is_active: Optional[bool] = None class LocationResponse(BaseModel): id: int name: str is_active: bool class Config: from_attributes = True class BatchCreate(BaseModel): batch_number: str quantity: float expiry_date: date location_id: int notes: Optional[str] = None class BatchUpdate(BaseModel): batch_number: Optional[str] = None quantity: Optional[float] = None expiry_date: Optional[date] = None location_id: Optional[int] = None notes: Optional[str] = None class BatchResponse(BaseModel): id: int drug_variant_id: int batch_number: str quantity: float expiry_date: date location_id: int location_name: Optional[str] = None notes: Optional[str] = None received_at: datetime class Config: from_attributes = True class DrugResponse(BaseModel): id: int name: str description: Optional[str] = None is_controlled: bool class Config: from_attributes = True class DrugVariantCreate(BaseModel): strength: str quantity: float unit: str = "units" low_stock_threshold: float = 10 class DrugVariantUpdate(BaseModel): strength: str = None quantity: float = None unit: str = None low_stock_threshold: float = None class DrugVariantResponse(BaseModel): id: int drug_id: int strength: str quantity: float unit: str low_stock_threshold: float batches: List[BatchResponse] = [] class Config: from_attributes = True class DrugWithVariantsResponse(BaseModel): id: int name: str description: Optional[str] = None is_controlled: bool = False variants: List[DrugVariantResponse] = [] class Config: from_attributes = True class DispensingCreate(BaseModel): drug_variant_id: int quantity: float batch_id: Optional[int] = None allow_split: bool = True animal_name: Optional[str] = None user_name: Optional[str] = None notes: Optional[str] = None class DispensingAllocationResponse(BaseModel): batch_id: int quantity: float class Config: from_attributes = True class DispensingResponse(BaseModel): id: int drug_variant_id: int batch_id: Optional[int] = None actor_user_id: Optional[int] = None quantity: float animal_name: Optional[str] = None user_name: str notes: Optional[str] = None dispensed_at: datetime allocations: List[DispensingAllocationResponse] = [] class Config: from_attributes = True class LabelVariables(BaseModel): practice_name: str animal_name: str drug_name: str dosage: str quantity: str expiry_date: str class LabelPrintRequest(BaseModel): variables: LabelVariables class LabelPrintResponse(BaseModel): success: bool message: str class NotesVariables(BaseModel): animal_name: str notes: str class NotesPrintRequest(BaseModel): variables: NotesVariables class NotesPrintResponse(BaseModel): success: bool message: str def write_audit_log( db: Session, action: str, entity_type: str, entity_id: Optional[int], actor: Optional[User], details: Optional[Dict[str, Any]] = None, ) -> None: """Persist a best-effort audit event in the current transaction.""" payload = None if details is not None: payload = json.dumps(details, default=str) log = AuditLog( action=action, entity_type=entity_type, entity_id=entity_id, actor_user_id=actor.id if actor else None, actor_username=actor.username if actor else "system", details=payload, ) db.add(log) def enrich_variant_with_batches(db: Session, variant: DrugVariant) -> Dict[str, Any]: """Return variant data with active batch details for API responses.""" variant_dict = { "id": variant.id, "drug_id": variant.drug_id, "strength": variant.strength, "quantity": variant.quantity, "unit": variant.unit, "low_stock_threshold": variant.low_stock_threshold, } batches = ( db.query(Batch) .filter(Batch.drug_variant_id == variant.id, Batch.quantity > 0) .order_by(Batch.expiry_date.asc(), Batch.received_at.asc()) .all() ) variant_dict["batches"] = [serialize_batch_response(db, batch) for batch in batches] return variant_dict def serialize_batch_response(db: Session, batch: Batch) -> Dict[str, Any]: location = db.query(Location).filter(Location.id == batch.location_id).first() return { "id": batch.id, "drug_variant_id": batch.drug_variant_id, "batch_number": batch.batch_number, "quantity": batch.quantity, "expiry_date": batch.expiry_date, "location_id": batch.location_id, "location_name": location.name if location else None, "notes": batch.notes, "received_at": batch.received_at, } def select_batches_for_dispense( db: Session, variant_id: int, requested_quantity: float, preferred_batch_id: Optional[int], allow_split: bool, ) -> List[Dict[str, Any]]: """Select one or more batch allocations using FEFO with optional preferred batch override.""" today = date.today() eligible_batches = ( db.query(Batch) .filter( Batch.drug_variant_id == variant_id, Batch.quantity > 0, Batch.expiry_date >= today, ) .order_by(Batch.expiry_date.asc(), Batch.received_at.asc()) .all() ) if not eligible_batches: raise HTTPException(status_code=400, detail="No in-date stock batches available for this variant") remaining = requested_quantity allocations: List[Dict[str, Any]] = [] # If a preferred batch is supplied, consume from that batch first. if preferred_batch_id is not None: preferred = next((b for b in eligible_batches if b.id == preferred_batch_id), None) if preferred is None: raise HTTPException(status_code=400, detail="Preferred batch is unavailable or expired") used = min(preferred.quantity, remaining) if used > 0: allocations.append({"batch": preferred, "quantity": used}) remaining -= used eligible_batches = [b for b in eligible_batches if b.id != preferred_batch_id] if remaining > 0 and not allow_split: raise HTTPException( status_code=400, detail=f"Preferred batch cannot fully satisfy request. Remaining required: {remaining}", ) if remaining > 0 and not allow_split: # In non-split mode, only a single batch may satisfy the request. first = eligible_batches[0] if first.quantity >= remaining: allocations.append({"batch": first, "quantity": remaining}) remaining = 0 else: raise HTTPException(status_code=400, detail="Single-batch fulfillment is not possible for requested quantity") if remaining > 0: for batch in eligible_batches: if remaining <= 0: break used = min(batch.quantity, remaining) if used > 0: allocations.append({"batch": batch, "quantity": used}) remaining -= used if remaining > 0: raise HTTPException(status_code=400, detail="Insufficient in-date stock across available batches") return allocations # Authentication Routes @router.post("/auth/register", response_model=TokenResponse) def register(user_data: UserCreate, db: Session = Depends(get_db)): """Register the first admin user (only allowed if no users exist)""" # Check if users already exist user_count = db.query(User).count() if user_count > 0: raise HTTPException( status_code=403, detail="Registration is disabled. Contact an administrator to create an account." ) # Check if user already exists existing_user = db.query(User).filter(User.username == user_data.username).first() if existing_user: raise HTTPException(status_code=400, detail="Username already registered") # First (and only allowed) user is admin hashed_password = hash_password(user_data.password) db_user = User( username=user_data.username, hashed_password=hashed_password, role="admin" ) db.add(db_user) write_audit_log( db, action="auth.register", entity_type="user", entity_id=None, actor=None, details={"username": user_data.username, "assigned_role": "admin"}, ) db.commit() db.refresh(db_user) # Create access token access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES) access_token = create_access_token( data={"sub": db_user.username}, expires_delta=access_token_expires ) return { "access_token": access_token, "token_type": "bearer", "user": db_user } @router.post("/auth/login", response_model=TokenResponse) def login(user_data: UserCreate, db: Session = Depends(get_db)): """Login with username and password""" user = db.query(User).filter(User.username == user_data.username).first() if not user or not verify_password(user_data.password, user.hashed_password): raise HTTPException(status_code=401, detail="Invalid credentials") write_audit_log( db, action="auth.login", entity_type="user", entity_id=user.id, actor=user, details={"username": user.username}, ) db.commit() # Create access token access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES) access_token = create_access_token( data={"sub": user.username}, expires_delta=access_token_expires ) return { "access_token": access_token, "token_type": "bearer", "user": user } @router.get("/auth/me", response_model=UserResponse) def get_current_user_info(current_user: User = Depends(get_current_user)): """Get current user info""" return current_user # User Management Routes (Admin only) @router.get("/users", response_model=List[UserResponse]) def list_users(db: Session = Depends(get_db), current_user: User = Depends(get_current_admin_user)): """List all users (admin only)""" return db.query(User).all() @router.post("/users", response_model=UserResponse) def create_user(user_data: UserCreate, db: Session = Depends(get_db), current_user: User = Depends(get_current_admin_user)): """Create a new user (admin only)""" # Check if user already exists existing_user = db.query(User).filter(User.username == user_data.username).first() if existing_user: raise HTTPException(status_code=400, detail="Username already exists") # Validate role valid_roles = ["admin", "user", "readonly"] role = user_data.role or "user" if role not in valid_roles: raise HTTPException(status_code=400, detail=f"Invalid role. Must be one of: {', '.join(valid_roles)}") hashed_password = hash_password(user_data.password) db_user = User( username=user_data.username, hashed_password=hashed_password, role=role ) db.add(db_user) write_audit_log( db, action="user.create", entity_type="user", entity_id=None, actor=current_user, details={"username": user_data.username, "role": role}, ) db.commit() db.refresh(db_user) return db_user @router.delete("/users/{user_id}") def delete_user(user_id: int, db: Session = Depends(get_db), current_user: User = Depends(get_current_admin_user)): """Delete a user (admin only)""" # Don't allow deleting yourself if current_user.id == user_id: raise HTTPException(status_code=400, detail="Cannot delete your own user account") user = db.query(User).filter(User.id == user_id).first() if not user: raise HTTPException(status_code=404, detail="User not found") write_audit_log( db, action="user.delete", entity_type="user", entity_id=user_id, actor=current_user, details={"username": user.username}, ) db.delete(user) db.commit() return {"message": "User deleted successfully"} @router.post("/auth/change-password") def change_own_password(password_data: PasswordChange, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)): """Change current user's password""" user = db.query(User).filter(User.id == current_user.id).first() if not user: raise HTTPException(status_code=404, detail="User not found") # Verify current password if not verify_password(password_data.current_password, user.hashed_password): raise HTTPException(status_code=401, detail="Current password is incorrect") # Update password user.hashed_password = hash_password(password_data.new_password) write_audit_log( db, action="auth.password.change.self", entity_type="user", entity_id=user.id, actor=current_user, details={"username": user.username}, ) db.commit() return {"message": "Password changed successfully"} @router.post("/users/{user_id}/change-password") def admin_change_password(user_id: int, password_data: AdminPasswordChange, db: Session = Depends(get_db), current_user: User = Depends(get_current_admin_user)): """Change a user's password (admin only)""" user = db.query(User).filter(User.id == user_id).first() if not user: raise HTTPException(status_code=404, detail="User not found") # Don't allow changing yourself via this endpoint if current_user.id == user_id: raise HTTPException(status_code=400, detail="Use /auth/change-password to change your own password") # Update password user.hashed_password = hash_password(password_data.new_password) write_audit_log( db, action="auth.password.change.admin", entity_type="user", entity_id=user.id, actor=current_user, details={"username": user.username}, ) db.commit() return {"message": "Password changed successfully"} # Routes @router.get("/") def read_root(): return {"message": "Drug Inventory API"} @router.get("/drugs", response_model=List[DrugWithVariantsResponse]) def list_drugs(db: Session = Depends(get_db), current_user: User = Depends(get_current_user)): """Get all drugs with their variants""" drugs = db.query(Drug).all() result = [] for drug in drugs: variants = db.query(DrugVariant).filter(DrugVariant.drug_id == drug.id).all() drug_dict = { "id": drug.id, "name": drug.name, "description": drug.description, "is_controlled": bool(drug.is_controlled), "variants": [enrich_variant_with_batches(db, v) for v in variants], } result.append(drug_dict) return result @router.get("/drugs/low-stock", response_model=List[DrugWithVariantsResponse]) def low_stock_drugs(db: Session = Depends(get_db), current_user: User = Depends(get_current_user)): """Get drugs with low stock variants""" # Get variants that are low on stock low_stock_variants = db.query(DrugVariant).filter( DrugVariant.quantity <= DrugVariant.low_stock_threshold ).all() # Get unique drug IDs drug_ids = list(set(v.drug_id for v in low_stock_variants)) drugs = db.query(Drug).filter(Drug.id.in_(drug_ids)).all() result = [] for drug in drugs: variants = [v for v in low_stock_variants if v.drug_id == drug.id] drug_dict = { "id": drug.id, "name": drug.name, "description": drug.description, "is_controlled": bool(drug.is_controlled), "variants": [enrich_variant_with_batches(db, v) for v in variants], } result.append(drug_dict) return result @router.get("/drugs/{drug_id}", response_model=DrugWithVariantsResponse) def get_drug(drug_id: int, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)): """Get a specific drug with its variants""" drug = db.query(Drug).filter(Drug.id == drug_id).first() if not drug: raise HTTPException(status_code=404, detail="Drug not found") variants = db.query(DrugVariant).filter(DrugVariant.drug_id == drug.id).all() drug_dict = { "id": drug.id, "name": drug.name, "description": drug.description, "is_controlled": bool(drug.is_controlled), "variants": [enrich_variant_with_batches(db, v) for v in variants], } return drug_dict @router.post("/drugs", response_model=DrugWithVariantsResponse) def create_drug(drug: DrugCreate, db: Session = Depends(get_db), current_user: User = Depends(get_current_non_readonly_user)): """Create a new drug""" # Check if drug name already exists existing = db.query(Drug).filter(Drug.name == drug.name).first() if existing: raise HTTPException(status_code=400, detail="Drug with this name already exists") db_drug = Drug(name=drug.name, description=drug.description, is_controlled=drug.is_controlled) db.add(db_drug) write_audit_log( db, action="drug.create", entity_type="drug", entity_id=None, actor=current_user, details={"name": drug.name, "is_controlled": drug.is_controlled}, ) db.commit() db.refresh(db_drug) # Return drug with empty variants list drug_dict = { "id": db_drug.id, "name": db_drug.name, "description": db_drug.description, "is_controlled": bool(db_drug.is_controlled), "variants": [], } return drug_dict @router.put("/drugs/{drug_id}", response_model=DrugWithVariantsResponse) def update_drug(drug_id: int, drug_update: DrugUpdate, db: Session = Depends(get_db), current_user: User = Depends(get_current_non_readonly_user)): """Update a drug""" drug = db.query(Drug).filter(Drug.id == drug_id).first() if not drug: raise HTTPException(status_code=404, detail="Drug not found") before = { "name": drug.name, "description": drug.description, "is_controlled": bool(drug.is_controlled), } for field, value in drug_update.dict(exclude_unset=True).items(): setattr(drug, field, value) write_audit_log( db, action="drug.update", entity_type="drug", entity_id=drug.id, actor=current_user, details={"before": before, "after": drug_update.dict(exclude_unset=True)}, ) db.commit() db.refresh(drug) variants = db.query(DrugVariant).filter(DrugVariant.drug_id == drug.id).all() drug_dict = { "id": drug.id, "name": drug.name, "description": drug.description, "is_controlled": bool(drug.is_controlled), "variants": [enrich_variant_with_batches(db, v) for v in variants], } return drug_dict @router.delete("/drugs/{drug_id}") def delete_drug(drug_id: int, db: Session = Depends(get_db), current_user: User = Depends(get_current_non_readonly_user)): """Delete a drug and all its variants""" drug = db.query(Drug).filter(Drug.id == drug_id).first() if not drug: raise HTTPException(status_code=404, detail="Drug not found") variant_ids = [row[0] for row in db.query(DrugVariant.id).filter(DrugVariant.drug_id == drug_id).all()] if variant_ids: batch_ids = [row[0] for row in db.query(Batch.id).filter(Batch.drug_variant_id.in_(variant_ids)).all()] if batch_ids: db.query(DispensingAllocation).filter(DispensingAllocation.batch_id.in_(batch_ids)).delete(synchronize_session=False) db.query(Batch).filter(Batch.id.in_(batch_ids)).delete(synchronize_session=False) db.query(Dispensing).filter(Dispensing.drug_variant_id.in_(variant_ids)).delete(synchronize_session=False) db.query(DrugVariant).filter(DrugVariant.id.in_(variant_ids)).delete(synchronize_session=False) write_audit_log( db, action="drug.delete", entity_type="drug", entity_id=drug_id, actor=current_user, details={"name": drug.name}, ) # Delete the drug db.delete(drug) db.commit() return {"message": "Drug and all variants deleted successfully"} # Drug Variant endpoints @router.post("/drugs/{drug_id}/variants", response_model=DrugVariantResponse) def create_drug_variant(drug_id: int, variant: DrugVariantCreate, db: Session = Depends(get_db), current_user: User = Depends(get_current_non_readonly_user)): """Create a new variant for a drug""" # Check if drug exists drug = db.query(Drug).filter(Drug.id == drug_id).first() if not drug: raise HTTPException(status_code=404, detail="Drug not found") # Check if variant with same strength already exists for this drug existing = db.query(DrugVariant).filter( DrugVariant.drug_id == drug_id, DrugVariant.strength == variant.strength ).first() if existing: raise HTTPException(status_code=400, detail="Variant with this strength already exists for this drug") db_variant = DrugVariant( drug_id=drug_id, strength=variant.strength, quantity=variant.quantity, unit=variant.unit, low_stock_threshold=variant.low_stock_threshold ) db.add(db_variant) write_audit_log( db, action="variant.create", entity_type="drug_variant", entity_id=None, actor=current_user, details={ "drug_id": drug_id, "strength": variant.strength, "quantity": variant.quantity, "unit": variant.unit, }, ) db.commit() db.refresh(db_variant) return enrich_variant_with_batches(db, db_variant) @router.get("/variants/{variant_id}", response_model=DrugVariantResponse) def get_drug_variant(variant_id: int, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)): """Get a specific drug variant""" variant = db.query(DrugVariant).filter(DrugVariant.id == variant_id).first() if not variant: raise HTTPException(status_code=404, detail="Drug variant not found") return enrich_variant_with_batches(db, variant) @router.put("/variants/{variant_id}", response_model=DrugVariantResponse) def update_drug_variant(variant_id: int, variant_update: DrugVariantUpdate, db: Session = Depends(get_db), current_user: User = Depends(get_current_non_readonly_user)): """Update a drug variant""" variant = db.query(DrugVariant).filter(DrugVariant.id == variant_id).first() if not variant: raise HTTPException(status_code=404, detail="Drug variant not found") before = { "strength": variant.strength, "quantity": variant.quantity, "unit": variant.unit, "low_stock_threshold": variant.low_stock_threshold, } for field, value in variant_update.dict(exclude_unset=True).items(): setattr(variant, field, value) write_audit_log( db, action="variant.update", entity_type="drug_variant", entity_id=variant.id, actor=current_user, details={"before": before, "after": variant_update.dict(exclude_unset=True)}, ) db.commit() db.refresh(variant) return enrich_variant_with_batches(db, variant) @router.delete("/variants/{variant_id}") def delete_drug_variant(variant_id: int, db: Session = Depends(get_db), current_user: User = Depends(get_current_non_readonly_user)): """Delete a drug variant""" variant = db.query(DrugVariant).filter(DrugVariant.id == variant_id).first() if not variant: raise HTTPException(status_code=404, detail="Drug variant not found") batch_ids = [row[0] for row in db.query(Batch.id).filter(Batch.drug_variant_id == variant_id).all()] if batch_ids: db.query(DispensingAllocation).filter(DispensingAllocation.batch_id.in_(batch_ids)).delete(synchronize_session=False) db.query(Batch).filter(Batch.id.in_(batch_ids)).delete(synchronize_session=False) db.query(Dispensing).filter(Dispensing.drug_variant_id == variant_id).delete(synchronize_session=False) write_audit_log( db, action="variant.delete", entity_type="drug_variant", entity_id=variant_id, actor=current_user, details={"drug_id": variant.drug_id, "strength": variant.strength}, ) db.delete(variant) db.commit() return {"message": "Drug variant deleted successfully"} # Dispensing endpoints @router.post("/dispense", response_model=DispensingResponse) def dispense_drug(dispensing: DispensingCreate, db: Session = Depends(get_db), current_user: User = Depends(get_current_non_readonly_user)): """Record a drug dispensing and reduce inventory""" if dispensing.quantity <= 0: raise HTTPException(status_code=400, detail="Quantity must be greater than zero") # Check if drug variant exists variant = db.query(DrugVariant).filter(DrugVariant.id == dispensing.drug_variant_id).first() if not variant: raise HTTPException(status_code=404, detail="Drug variant not found") # Check if enough total quantity available from active stock (legacy and batch-based remain in sync). if variant.quantity < dispensing.quantity: raise HTTPException( status_code=400, detail=f"Insufficient quantity. Available: {variant.quantity}, Requested: {dispensing.quantity}", ) allocations = select_batches_for_dispense( db, variant_id=variant.id, requested_quantity=dispensing.quantity, preferred_batch_id=dispensing.batch_id, allow_split=dispensing.allow_split, ) user_name = dispensing.user_name or current_user.username primary_batch_id = dispensing.batch_id if dispensing.batch_id is not None else allocations[0]["batch"].id db_dispensing = Dispensing( drug_variant_id=dispensing.drug_variant_id, batch_id=primary_batch_id, actor_user_id=current_user.id, quantity=dispensing.quantity, animal_name=dispensing.animal_name, user_name=user_name, notes=dispensing.notes, ) db.add(db_dispensing) db.flush() allocation_payload = [] for allocation in allocations: batch = allocation["batch"] qty = allocation["quantity"] batch.quantity -= qty allocation_payload.append({"batch_id": batch.id, "quantity": qty}) db.add(DispensingAllocation(dispensing_id=db_dispensing.id, batch_id=batch.id, quantity=qty)) # Keep legacy variant quantity field in sync for existing frontend flows. variant.quantity -= dispensing.quantity write_audit_log( db, action="dispense.create", entity_type="dispensing", entity_id=db_dispensing.id, actor=current_user, details={ "drug_variant_id": dispensing.drug_variant_id, "requested_quantity": dispensing.quantity, "allocations": allocation_payload, "animal_name": dispensing.animal_name, "notes": dispensing.notes, }, ) db.commit() db.refresh(db_dispensing) return { "id": db_dispensing.id, "drug_variant_id": db_dispensing.drug_variant_id, "batch_id": db_dispensing.batch_id, "actor_user_id": db_dispensing.actor_user_id, "quantity": db_dispensing.quantity, "animal_name": db_dispensing.animal_name, "user_name": db_dispensing.user_name, "notes": db_dispensing.notes, "dispensed_at": db_dispensing.dispensed_at, "allocations": allocation_payload, } @router.get("/dispense/history", response_model=List[DispensingResponse]) def list_dispensings(skip: int = 0, limit: int = 100, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)): """Get dispensing records (audit log)""" entries = db.query(Dispensing).order_by(Dispensing.dispensed_at.desc()).offset(skip).limit(limit).all() result = [] for item in entries: allocations = db.query(DispensingAllocation).filter(DispensingAllocation.dispensing_id == item.id).all() result.append( { "id": item.id, "drug_variant_id": item.drug_variant_id, "batch_id": item.batch_id, "actor_user_id": item.actor_user_id, "quantity": item.quantity, "animal_name": item.animal_name, "user_name": item.user_name, "notes": item.notes, "dispensed_at": item.dispensed_at, "allocations": [{"batch_id": a.batch_id, "quantity": a.quantity} for a in allocations], } ) return result @router.get("/drugs/{drug_id}/dispense/history", response_model=List[DispensingResponse]) def get_drug_dispensings(drug_id: int, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)): """Get dispensing history for a specific drug (all variants)""" # Verify drug exists drug = db.query(Drug).filter(Drug.id == drug_id).first() if not drug: raise HTTPException(status_code=404, detail="Drug not found") # Get all variant IDs for this drug variant_ids = db.query(DrugVariant.id).filter(DrugVariant.drug_id == drug_id).subquery() entries = db.query(Dispensing).filter(Dispensing.drug_variant_id.in_(variant_ids)).order_by(Dispensing.dispensed_at.desc()).all() result = [] for item in entries: allocations = db.query(DispensingAllocation).filter(DispensingAllocation.dispensing_id == item.id).all() result.append( { "id": item.id, "drug_variant_id": item.drug_variant_id, "batch_id": item.batch_id, "actor_user_id": item.actor_user_id, "quantity": item.quantity, "animal_name": item.animal_name, "user_name": item.user_name, "notes": item.notes, "dispensed_at": item.dispensed_at, "allocations": [{"batch_id": a.batch_id, "quantity": a.quantity} for a in allocations], } ) return result @router.get("/variants/{variant_id}/dispense/history", response_model=List[DispensingResponse]) def get_variant_dispensings(variant_id: int, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)): """Get dispensing history for a specific drug variant""" # Verify variant exists variant = db.query(DrugVariant).filter(DrugVariant.id == variant_id).first() if not variant: raise HTTPException(status_code=404, detail="Drug variant not found") entries = db.query(Dispensing).filter(Dispensing.drug_variant_id == variant_id).order_by(Dispensing.dispensed_at.desc()).all() result = [] for item in entries: allocations = db.query(DispensingAllocation).filter(DispensingAllocation.dispensing_id == item.id).all() result.append( { "id": item.id, "drug_variant_id": item.drug_variant_id, "batch_id": item.batch_id, "actor_user_id": item.actor_user_id, "quantity": item.quantity, "animal_name": item.animal_name, "user_name": item.user_name, "notes": item.notes, "dispensed_at": item.dispensed_at, "allocations": [{"batch_id": a.batch_id, "quantity": a.quantity} for a in allocations], } ) return result @router.get("/locations", response_model=List[LocationResponse]) def list_locations(active_only: bool = True, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)): query = db.query(Location) if active_only: query = query.filter(Location.is_active.is_(True)) return query.order_by(Location.name.asc()).all() @router.post("/locations", response_model=LocationResponse) def create_location(location: LocationCreate, db: Session = Depends(get_db), current_user: User = Depends(get_current_admin_user)): cleaned_name = location.name.strip() if not cleaned_name: raise HTTPException(status_code=400, detail="Location name cannot be empty") existing = db.query(Location).filter(Location.name == cleaned_name).first() if existing: raise HTTPException(status_code=400, detail="Location with this name already exists") row = Location(name=cleaned_name, is_active=True) db.add(row) write_audit_log( db, action="location.create", entity_type="location", entity_id=None, actor=current_user, details={"name": row.name}, ) db.commit() db.refresh(row) return row @router.put("/locations/{location_id}", response_model=LocationResponse) def update_location(location_id: int, payload: LocationUpdate, db: Session = Depends(get_db), current_user: User = Depends(get_current_admin_user)): location = db.query(Location).filter(Location.id == location_id).first() if not location: raise HTTPException(status_code=404, detail="Location not found") before = {"name": location.name, "is_active": location.is_active} if payload.name is not None: cleaned_name = payload.name.strip() if not cleaned_name: raise HTTPException(status_code=400, detail="Location name cannot be empty") dup = db.query(Location).filter(Location.name == cleaned_name, Location.id != location_id).first() if dup: raise HTTPException(status_code=400, detail="Another location already uses that name") location.name = cleaned_name if payload.is_active is not None and payload.is_active is False: stock_count = db.query(Batch).filter(Batch.location_id == location_id, Batch.quantity > 0).count() if stock_count > 0: raise HTTPException(status_code=400, detail="Cannot archive location while active stock remains") location.is_active = False elif payload.is_active is not None and payload.is_active is True: location.is_active = True write_audit_log( db, action="location.update", entity_type="location", entity_id=location_id, actor=current_user, details={"before": before, "after": payload.dict(exclude_unset=True)}, ) db.commit() db.refresh(location) return location @router.get("/variants/{variant_id}/batches", response_model=List[BatchResponse]) def list_variant_batches(variant_id: int, db: Session = Depends(get_db), current_user: User = Depends(get_current_user)): variant = db.query(DrugVariant).filter(DrugVariant.id == variant_id).first() if not variant: raise HTTPException(status_code=404, detail="Drug variant not found") batches = ( db.query(Batch) .filter(Batch.drug_variant_id == variant_id) .order_by(Batch.expiry_date.asc(), Batch.received_at.asc()) .all() ) return [serialize_batch_response(db, batch) for batch in batches] @router.post("/variants/{variant_id}/batches", response_model=BatchResponse) def create_variant_batch(variant_id: int, payload: BatchCreate, db: Session = Depends(get_db), current_user: User = Depends(get_current_non_readonly_user)): variant = db.query(DrugVariant).filter(DrugVariant.id == variant_id).first() if not variant: raise HTTPException(status_code=404, detail="Drug variant not found") if payload.quantity <= 0: raise HTTPException(status_code=400, detail="Batch quantity must be greater than zero") location = db.query(Location).filter(Location.id == payload.location_id, Location.is_active.is_(True)).first() if not location: raise HTTPException(status_code=400, detail="Location not found or inactive") batch_number = payload.batch_number.strip() if not batch_number: raise HTTPException(status_code=400, detail="Batch number cannot be empty") existing = ( db.query(Batch) .filter(Batch.drug_variant_id == variant_id, Batch.batch_number == batch_number) .first() ) if existing: raise HTTPException(status_code=400, detail="Batch number already exists for this variant") row = Batch( drug_variant_id=variant_id, batch_number=batch_number, quantity=payload.quantity, expiry_date=payload.expiry_date, location_id=payload.location_id, notes=payload.notes, ) db.add(row) variant.quantity += payload.quantity write_audit_log( db, action="batch.create", entity_type="batch", entity_id=None, actor=current_user, details={ "variant_id": variant_id, "batch_number": batch_number, "quantity": payload.quantity, "expiry_date": payload.expiry_date, "location_id": payload.location_id, }, ) db.commit() db.refresh(row) return serialize_batch_response(db, row) @router.put("/batches/{batch_id}", response_model=BatchResponse) def update_batch(batch_id: int, payload: BatchUpdate, db: Session = Depends(get_db), current_user: User = Depends(get_current_non_readonly_user)): batch = db.query(Batch).filter(Batch.id == batch_id).first() if not batch: raise HTTPException(status_code=404, detail="Batch not found") variant = db.query(DrugVariant).filter(DrugVariant.id == batch.drug_variant_id).first() if not variant: raise HTTPException(status_code=404, detail="Parent variant not found") before = { "batch_number": batch.batch_number, "quantity": batch.quantity, "expiry_date": batch.expiry_date, "location_id": batch.location_id, "notes": batch.notes, } if payload.batch_number is not None: cleaned_batch_number = payload.batch_number.strip() if not cleaned_batch_number: raise HTTPException(status_code=400, detail="Batch number cannot be empty") duplicate = ( db.query(Batch) .filter( Batch.drug_variant_id == batch.drug_variant_id, Batch.batch_number == cleaned_batch_number, Batch.id != batch.id, ) .first() ) if duplicate: raise HTTPException(status_code=400, detail="Batch number already exists for this variant") batch.batch_number = cleaned_batch_number if payload.location_id is not None: location = db.query(Location).filter(Location.id == payload.location_id, Location.is_active.is_(True)).first() if not location: raise HTTPException(status_code=400, detail="Location not found or inactive") batch.location_id = payload.location_id if payload.expiry_date is not None: batch.expiry_date = payload.expiry_date if payload.notes is not None: batch.notes = payload.notes if payload.quantity is not None: if payload.quantity < 0: raise HTTPException(status_code=400, detail="Batch quantity cannot be negative") delta = payload.quantity - batch.quantity projected_variant_qty = variant.quantity + delta if projected_variant_qty < 0: raise HTTPException(status_code=400, detail="Variant quantity cannot become negative") batch.quantity = payload.quantity variant.quantity = projected_variant_qty write_audit_log( db, action="batch.update", entity_type="batch", entity_id=batch_id, actor=current_user, details={"before": before, "after": payload.dict(exclude_unset=True)}, ) db.commit() db.refresh(batch) return serialize_batch_response(db, batch) @router.get("/audit", response_model=List[Dict[str, Any]]) def list_audit_events(skip: int = 0, limit: int = 200, db: Session = Depends(get_db), current_user: User = Depends(get_current_admin_user)): events = db.query(AuditLog).order_by(AuditLog.created_at.desc()).offset(skip).limit(limit).all() response = [] for evt in events: details = None if evt.details: try: details = json.loads(evt.details) except json.JSONDecodeError: details = {"raw": evt.details} response.append( { "id": evt.id, "action": evt.action, "entity_type": evt.entity_type, "entity_id": evt.entity_id, "actor_user_id": evt.actor_user_id, "actor_username": evt.actor_username, "details": details, "created_at": evt.created_at, } ) return response def _csv_response(filename: str, headers: List[str], rows: List[List[Any]]) -> Response: output = io.StringIO() writer = csv.writer(output) writer.writerow(headers) writer.writerows(rows) return Response( content=output.getvalue(), media_type="text/csv", headers={"Content-Disposition": f"attachment; filename={filename}"}, ) @router.get("/reports/controlled-movement") def report_controlled_movement( from_date: Optional[date] = None, to_date: Optional[date] = None, format: str = "json", db: Session = Depends(get_db), current_user: User = Depends(get_current_user), ): query = ( db.query(Dispensing, Drug, DrugVariant) .join(DrugVariant, Dispensing.drug_variant_id == DrugVariant.id) .join(Drug, DrugVariant.drug_id == Drug.id) .filter(Drug.is_controlled.is_(True)) ) if from_date is not None: query = query.filter(Dispensing.dispensed_at >= datetime.combine(from_date, datetime.min.time())) if to_date is not None: query = query.filter(Dispensing.dispensed_at < datetime.combine(to_date + timedelta(days=1), datetime.min.time())) rows = query.order_by(Dispensing.dispensed_at.desc()).all() result = [ { "dispensing_id": d.id, "dispensed_at": d.dispensed_at, "drug_name": drug.name, "strength": variant.strength, "quantity": d.quantity, "user_name": d.user_name, "animal_name": d.animal_name, "batch_id": d.batch_id, } for d, drug, variant in rows ] if format.lower() == "csv": csv_rows = [ [ item["dispensing_id"], item["dispensed_at"], item["drug_name"], item["strength"], item["quantity"], item["user_name"], item["animal_name"], item["batch_id"], ] for item in result ] return _csv_response( "controlled_movement.csv", ["dispensing_id", "dispensed_at", "drug_name", "strength", "quantity", "user_name", "animal_name", "batch_id"], csv_rows, ) return result @router.get("/reports/batch-expiry") def report_batch_expiry( days: int = 30, format: str = "json", db: Session = Depends(get_db), current_user: User = Depends(get_current_user), ): if days < 0: raise HTTPException(status_code=400, detail="Days must be non-negative") today = date.today() cutoff = today + timedelta(days=days) rows = ( db.query(Batch, DrugVariant, Drug, Location) .join(DrugVariant, Batch.drug_variant_id == DrugVariant.id) .join(Drug, DrugVariant.drug_id == Drug.id) .join(Location, Batch.location_id == Location.id) .filter(Batch.quantity > 0, Batch.expiry_date <= cutoff) .order_by(Batch.expiry_date.asc()) .all() ) result = [] for batch, variant, drug, location in rows: status_label = "expired" if batch.expiry_date < today else "expiring" result.append( { "batch_id": batch.id, "batch_number": batch.batch_number, "drug_name": drug.name, "strength": variant.strength, "quantity": batch.quantity, "location": location.name, "expiry_date": batch.expiry_date, "status": status_label, "is_controlled": bool(drug.is_controlled), } ) if format.lower() == "csv": csv_rows = [ [ item["batch_id"], item["batch_number"], item["drug_name"], item["strength"], item["quantity"], item["location"], item["expiry_date"], item["status"], item["is_controlled"], ] for item in result ] return _csv_response( "batch_expiry.csv", ["batch_id", "batch_number", "drug_name", "strength", "quantity", "location", "expiry_date", "status", "is_controlled"], csv_rows, ) return result @router.get("/reports/stock-by-location") def report_stock_by_location( format: str = "json", db: Session = Depends(get_db), current_user: User = Depends(get_current_user), ): rows = ( db.query(Location, Batch, DrugVariant, Drug) .join(Batch, Batch.location_id == Location.id) .join(DrugVariant, Batch.drug_variant_id == DrugVariant.id) .join(Drug, DrugVariant.drug_id == Drug.id) .filter(Batch.quantity > 0) .order_by(Location.name.asc(), Drug.name.asc(), DrugVariant.strength.asc()) .all() ) result = [ { "location_id": location.id, "location_name": location.name, "batch_id": batch.id, "batch_number": batch.batch_number, "drug_name": drug.name, "strength": variant.strength, "quantity": batch.quantity, "unit": variant.unit, "expiry_date": batch.expiry_date, "is_controlled": bool(drug.is_controlled), } for location, batch, variant, drug in rows ] if format.lower() == "csv": csv_rows = [ [ item["location_id"], item["location_name"], item["batch_id"], item["batch_number"], item["drug_name"], item["strength"], item["quantity"], item["unit"], item["expiry_date"], item["is_controlled"], ] for item in result ] return _csv_response( "stock_by_location.csv", ["location_id", "location_name", "batch_id", "batch_number", "drug_name", "strength", "quantity", "unit", "expiry_date", "is_controlled"], csv_rows, ) return result @router.get("/reports/audit-trail") def report_audit_trail( from_date: Optional[date] = None, to_date: Optional[date] = None, format: str = "json", db: Session = Depends(get_db), current_user: User = Depends(get_current_admin_user), ): query = db.query(AuditLog) if from_date is not None: query = query.filter(AuditLog.created_at >= datetime.combine(from_date, datetime.min.time())) if to_date is not None: query = query.filter(AuditLog.created_at < datetime.combine(to_date + timedelta(days=1), datetime.min.time())) rows = query.order_by(AuditLog.created_at.desc()).all() result = [] for evt in rows: details = None if evt.details: try: details = json.loads(evt.details) except json.JSONDecodeError: details = {"raw": evt.details} result.append( { "id": evt.id, "created_at": evt.created_at, "action": evt.action, "entity_type": evt.entity_type, "entity_id": evt.entity_id, "actor_user_id": evt.actor_user_id, "actor_username": evt.actor_username, "details": details, } ) if format.lower() == "csv": csv_rows = [ [ item["id"], item["created_at"], item["action"], item["entity_type"], item["entity_id"], item["actor_user_id"], item["actor_username"], json.dumps(item["details"], default=str) if item["details"] is not None else "", ] for item in result ] return _csv_response( "audit_trail.csv", ["id", "created_at", "action", "entity_type", "entity_id", "actor_user_id", "actor_username", "details"], csv_rows, ) return result # Helper function to capitalize text for labels def capitalize_label_text(text: str) -> str: """Capitalize the first letter of each sentence in the text""" if not text: return text # Capitalize first letter of the entire string result = text[0].upper() + text[1:] if len(text) > 1 else text.upper() # Also capitalize after periods and common sentence breaks for delimiter in ['. ', '! ', '? ']: parts = result.split(delimiter) result = delimiter.join([ part[0].upper() + part[1:] if part else part for part in parts ]) return result # Label printing endpoint @router.post("/labels/print", response_model=LabelPrintResponse) def print_label(label_request: LabelPrintRequest, current_user: User = Depends(get_current_non_readonly_user)): """ Print a drug label by publishing an MQTT message This endpoint publishes a label print request to the MQTT broker, which will be picked up by the label printing service. """ try: # Get label configuration from environment import os template_id = os.getenv("LABEL_TEMPLATE_ID", "vet_label") label_size = os.getenv("LABEL_SIZE", "29x90") test_mode = os.getenv("LABEL_TEST", "false").lower() == "true" # Capitalize all text fields for better presentation variables = label_request.variables.dict() variables["practice_name"] = capitalize_label_text(variables["practice_name"]) variables["animal_name"] = capitalize_label_text(variables["animal_name"]) variables["drug_name"] = capitalize_label_text(variables["drug_name"]) variables["dosage"] = capitalize_label_text(variables["dosage"]) variables["quantity"] = capitalize_label_text(variables["quantity"]) # expiry_date doesn't need capitalization # Convert the request to the MQTT message format mqtt_message = { "template_id": template_id, "label_size": label_size, "variables": variables, "test": test_mode } # Publish to MQTT and wait for response success, response = publish_label_print_with_response(mqtt_message, timeout=10.0) print(f"Label print result: success={success}, response={response}") if success: result = LabelPrintResponse( success=True, message=response.get("message", "Label printed successfully") ) print(f"Returning success response: {result}") return result else: # Return error details from printer # Check both 'message' and 'error' fields for error details if response: error_msg = response.get("message") or response.get("error", "Unknown error") else: error_msg = "No response from printer" result = LabelPrintResponse( success=False, message=f"Print failed: {error_msg}" ) print(f"Returning error response: {result}") return result except Exception as e: raise HTTPException( status_code=500, detail=f"Error sending label print request: {str(e)}" ) # Notes printing endpoint @router.post("/notes/print", response_model=NotesPrintResponse) def print_notes(notes_request: NotesPrintRequest, current_user: User = Depends(get_current_non_readonly_user)): """ Print notes by publishing an MQTT message This endpoint publishes a notes print request to the MQTT broker, which will be picked up by the label printing service. """ try: # Get notes template configuration from environment import os template_id = os.getenv("NOTES_TEMPLATE_ID", "notes_template") label_size = os.getenv("LABEL_SIZE", "29x90") test_mode = os.getenv("LABEL_TEST", "false").lower() == "true" # Capitalize text fields for better presentation variables = notes_request.variables.dict() variables["animal_name"] = capitalize_label_text(variables["animal_name"]) variables["notes"] = capitalize_label_text(variables["notes"]) # Convert the request to the MQTT message format mqtt_message = { "template_id": template_id, "label_size": label_size, "variables": variables, "test": test_mode } # Publish to MQTT and wait for response success, response = publish_label_print_with_response(mqtt_message, timeout=10.0) print(f"Notes print result: success={success}, response={response}") if success: result = NotesPrintResponse( success=True, message=response.get("message", "Notes printed successfully") ) print(f"Returning success response: {result}") return result else: # Return error details from printer # Check both 'message' and 'error' fields for error details if response: error_msg = response.get("message") or response.get("error", "Unknown error") else: error_msg = "No response from printer" result = NotesPrintResponse( success=False, message=f"Print failed: {error_msg}" ) print(f"Returning error response: {result}") return result except Exception as e: raise HTTPException( status_code=500, detail=f"Error sending notes print request: {str(e)}" ) # Include router with /api prefix app.include_router(router)