Synculous-2/api/routes/medications.py

"""
Medications API - medication scheduling, logging, and adherence tracking
"""

import os
import flask
import jwt
import core.auth as auth
import core.postgres as postgres


def _get_user_uuid(token):
    try:
        payload = jwt.decode(token, os.getenv("JWT_SECRET"), algorithms=["HS256"])
        return payload.get("sub")
    except (jwt.ExpiredSignatureError, jwt.InvalidTokenError):
        return None


def _auth(request):
    """Extract and verify token. Returns user_uuid or None."""
    header = request.headers.get("Authorization", "")
    if not header.startswith("Bearer "):
        return None
    token = header[7:]
    user_uuid = _get_user_uuid(token)
    if not user_uuid or not auth.verifyLoginToken(token, userUUID=user_uuid):
        return None
    return user_uuid


def register(app):

    # ── Medications CRUD ──────────────────────────────────────────

    @app.route("/api/medications", methods=["GET"])
    def api_listMedications():
        """List all medications for the logged-in user."""
        user_uuid = _auth(flask.request)
        if not user_uuid:
            return flask.jsonify({"error": "unauthorized"}), 401
        pass

    @app.route("/api/medications", methods=["POST"])
    def api_addMedication():
        """Add a medication. Body: {name, dosage, unit, frequency, times: ["08:00","20:00"], notes?}"""
        user_uuid = _auth(flask.request)
        if not user_uuid:
            return flask.jsonify({"error": "unauthorized"}), 401
        data = flask.request.get_json()
        pass

    @app.route("/api/medications/<med_id>", methods=["GET"])
    def api_getMedication(med_id):
        """Get a single medication with its schedule."""
        user_uuid = _auth(flask.request)
        if not user_uuid:
            return flask.jsonify({"error": "unauthorized"}), 401
        pass

    @app.route("/api/medications/<med_id>", methods=["PUT"])
    def api_updateMedication(med_id):
        """Update medication details. Body: {name?, dosage?, unit?, frequency?, times?, notes?, active?}"""
        user_uuid = _auth(flask.request)
        if not user_uuid:
            return flask.jsonify({"error": "unauthorized"}), 401
        data = flask.request.get_json()
        pass

    @app.route("/api/medications/<med_id>", methods=["DELETE"])
    def api_deleteMedication(med_id):
        """Delete a medication and its logs."""
        user_uuid = _auth(flask.request)
        if not user_uuid:
            return flask.jsonify({"error": "unauthorized"}), 401
        pass

    # ── Medication Logging (take / skip / snooze) ─────────────────

    @app.route("/api/medications/<med_id>/take", methods=["POST"])
    def api_takeMedication(med_id):
        """Log that a dose was taken. Body: {scheduled_time?, notes?}"""
        user_uuid = _auth(flask.request)
        if not user_uuid:
            return flask.jsonify({"error": "unauthorized"}), 401
        data = flask.request.get_json() or {}
        pass

    @app.route("/api/medications/<med_id>/skip", methods=["POST"])
    def api_skipMedication(med_id):
        """Log a skipped dose. Body: {scheduled_time?, reason?}"""
        user_uuid = _auth(flask.request)
        if not user_uuid:
            return flask.jsonify({"error": "unauthorized"}), 401
        data = flask.request.get_json() or {}
        pass

    @app.route("/api/medications/<med_id>/snooze", methods=["POST"])
    def api_snoozeMedication(med_id):
        """Snooze a reminder. Body: {minutes: 15}"""
        user_uuid = _auth(flask.request)
        if not user_uuid:
            return flask.jsonify({"error": "unauthorized"}), 401
        data = flask.request.get_json()
        pass

    # ── Medication Log / History ──────────────────────────────────

    @app.route("/api/medications/<med_id>/log", methods=["GET"])
    def api_getMedLog(med_id):
        """Get dose log for a medication. Query: ?days=30"""
        user_uuid = _auth(flask.request)
        if not user_uuid:
            return flask.jsonify({"error": "unauthorized"}), 401
        pass

    @app.route("/api/medications/today", methods=["GET"])
    def api_todaysMeds():
        """Get today's medication schedule with taken/pending status."""
        user_uuid = _auth(flask.request)
        if not user_uuid:
            return flask.jsonify({"error": "unauthorized"}), 401
        pass

    # ── Adherence Stats ───────────────────────────────────────────

    @app.route("/api/medications/adherence", methods=["GET"])
    def api_adherenceStats():
        """Get adherence stats across all meds. Query: ?days=30"""
        user_uuid = _auth(flask.request)
        if not user_uuid:
            return flask.jsonify({"error": "unauthorized"}), 401
        pass

    @app.route("/api/medications/<med_id>/adherence", methods=["GET"])
    def api_medAdherence(med_id):
        """Get adherence stats for a single medication. Query: ?days=30"""
        user_uuid = _auth(flask.request)
        if not user_uuid:
            return flask.jsonify({"error": "unauthorized"}), 401
        pass

    # ── Refills ───────────────────────────────────────────────────

    @app.route("/api/medications/<med_id>/refill", methods=["PUT"])
    def api_setRefill(med_id):
        """Set refill info. Body: {quantity_remaining, refill_date?, pharmacy_notes?}"""
        user_uuid = _auth(flask.request)
        if not user_uuid:
            return flask.jsonify({"error": "unauthorized"}), 401
        data = flask.request.get_json()
        pass

    @app.route("/api/medications/refills-due", methods=["GET"])
    def api_refillsDue():
        """Get medications that need refills soon. Query: ?days_ahead=7"""
        user_uuid = _auth(flask.request)
        if not user_uuid:
            return flask.jsonify({"error": "unauthorized"}), 401
        pass