Merging: Booking Meetings & Payment and My Meetings Board

README.md

@@ -0,0 +1,101 @@
+# Toast Tutor 🍞📚
+
+<div align="center">
+  <img width="1280" alt="Screenshot 2025-05-28 at 9 49 06 PM" src="https://github.com/user-attachments/assets/22bcb795-5c01-4e10-a853-26e29d4048eb" />
+</div>
+
+
+
+A web application that connects tutors with students based on personalized learning needs, availability, and teaching preferences.
+
+## ✨ Features
+
+- **Authentication**: Secure login with role-based access for students and tutors
+- **Smart Matching**: Intelligent tutor-student pairing based on subject, level, timing, and teaching style
+- **Customizable Profiles**: Detailed profiles for both students and tutors with preferences and expertise
+- **Booking System**: Easy session scheduling with flexible timing and subject selection
+- **Payment Integration**: Secure Stripe payment processing with automated billing
+- **Rating System**: Comprehensive feedback and review system with performance metrics
+- **Tutor Dashboard**: Session management, earnings tracking, and student progress monitoring
+- **Real-time Notifications**: Toast notifications for bookings, messages, and updates
+
+## 🚀 Setup
+
+**Prerequisites**: Python 3.8+, Node.js 14+, Redis, Supabase account, Stripe account
+
+1. **Clone and Install**
+   ```bash
+   git clone https://github.com/ttrang87/toast-tutor.git
+   cd toast-tutor
+
+   # Backend
+   cd backend
+   python -m venv venv
+   source venv/bin/activate
+   pip install -r requirements.txt
+
+   # Frontend  
+   cd ../frontend
+   npm install
+   ```
+
+2. **Environment Setup**
+   ```bash
+   # Backend .env
+   SUPABASE_URL=your_supabase_url
+   SUPABASE_KEY=your_supabase_key
+   STRIPE_SECRET_KEY=your_stripe_secret
+   REDIS_URL=redis://localhost:6379
+
+   # Frontend .env.local
+   REACT_APP_SUPABASE_URL=your_supabase_url
+   REACT_APP_SUPABASE_ANON_KEY=your_supabase_key
+   REACT_APP_STRIPE_PUBLISHABLE_KEY=your_stripe_public_key
+   ```
+
+3. **Run**
+   ```bash
+   # Start Redis
+   redis-server
+
+   # Backend
+   cd backend && python manage.py runserver
+
+   # Frontend
+   cd frontend && npm start
+   ```
+
+Access: Frontend at `http://localhost:3000`, API at `http://localhost:8000`
+
+## 🏗️ Tech Stack
+
+**Frontend**: React.js + Tailwind CSS  
+**Backend**: Django (Python) + Supabase  
+**Database**: PostgreSQL (via Supabase)  
+**Payments**: Stripe  
+**Caching**: Redis  
+**Notifications**: Toast
+
+## 📱 Usage
+
+**Students**: Create account → Browse tutors → Book sessions → Make payment → Attend & rate  
+**Tutors**: Create profile → Set availability → Receive bookings → Track earnings → Manage sessions
+
+## 🔧 API
+
+Key endpoints: `/api/auth/`, `/api/users/`, `/api/tutors/`, `/api/bookings/`, `/api/payments/`, `/api/reviews/`
+
+Authentication: Include JWT token in Authorization header: `Bearer <token>`
+
+## 🤝 Contributing
+
+1. Fork the repo
+2. Create feature branch (`git checkout -b feature/amazing-feature`)
+3. Commit changes (`git commit -m 'Add amazing feature'`)
+4. Push to branch (`git push origin feature/amazing-feature`)
+5. Open Pull Request
+
+## 📄 License
+
+MIT License - see [LICENSE.md](LICENSE.md)
+

backend/backend/settings.py

@@ -96,6 +96,10 @@
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
 ]
 
+CSRF_TRUSTED_ORIGINS = [
+    "http://localhost:5173",
+]
+
 CORS_ALLOWED_ORIGINS = [
     "http://localhost:5173",  # If using Vite
     "http://127.0.0.1:8000",  # Alternative localhost format
@@ -185,7 +189,7 @@
 # Stripe
 STRIPE_PUBLIC_KEY = os.getenv("PUBLIC_KEY")
 STRIPE_SECRET_KEY = os.getenv("SECRET_KEY")
-STRIPE_WEBHOOK_SECRET = ""
+STRIPE_WEBHOOK_SECRET = os.getenv("WEBHOOK_SECRET")
 
 
 # EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'

backend/toast_tutor/controller/meeting.py

@@ -0,0 +1,171 @@
+from django.utils import timezone
+from django.shortcuts import get_object_or_404
+from rest_framework.decorators import api_view
+from rest_framework.response import Response
+from rest_framework import status
+
+from ..serializers import MeetingSerializer
+from django.db.models import Q
+from ..models import Meeting, User
+
+
+# pk = primary key
+@api_view(["GET"])
+def get_meeting(request, pk):
+    meeting = get_object_or_404(Meeting, pk=pk)
+    # Pass request context to serializer
+    return Response(
+        MeetingSerializer(meeting, context={"request": request}).data, status=status.HTTP_200_OK
+    )
+
+
+@api_view(["GET"])
+def get_meetings(request):
+    meetings = Meeting.objects.all().order_by("start_time")
+    # Pass request context to serializer
+    return Response(
+        MeetingSerializer(meetings, many=True, context={"request": request}).data, status=200
+    )
+
+
+@api_view(["GET"])
+def get_meetings_by_tutor(request, tutor_id):
+    meetings = Meeting.objects.filter(organizer_id=tutor_id, status="scheduled").order_by(
+        "start_time"
+    )
+    # Pass request context to serializer
+    return Response(
+        MeetingSerializer(meetings, many=True, context={"request": request}).data, status=200
+    )
+
+
+@api_view(["POST"])
+def create_meeting(request):
+    serializer = MeetingSerializer(data=request.data, context={"request": request})
+    if serializer.is_valid():
+        meeting = serializer.save()
+        return Response(
+            MeetingSerializer(meeting, context={"request": request}).data,
+            status=status.HTTP_201_CREATED,
+        )
+    return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+
+
+@api_view(["PATCH"])
+def update_meeting(request, pk):
+    meeting = get_object_or_404(Meeting, pk=pk)
+    serializer = MeetingSerializer(
+        meeting, data=request.data, partial=True, context={"request": request}
+    )
+    serializer.is_valid(raise_exception=True)
+    serializer.save()
+    return Response(serializer.data, status=status.HTTP_200_OK)
+
+
+@api_view(["DELETE"])
+def delete_meeting(request, pk):
+    meeting = get_object_or_404(Meeting, pk=pk)
+    meeting.delete()
+    return Response(status=status.HTTP_204_NO_CONTENT)
+
+
+@api_view(["POST"])
+def book_meeting(request, pk):
+    meeting = get_object_or_404(Meeting, pk=pk, status="scheduled")
+    student_id = request.data.get("student")
+    if not student_id:
+        return Response({"detail": "student id required"}, status=status.HTTP_400_BAD_REQUEST)
+    if meeting.organizer_id == int(student_id):
+        return Response(
+            {"detail": "organizer cannot book own meeting"}, status=status.HTTP_400_BAD_REQUEST
+        )
+
+    meeting.set_pending(student_id)
+    # Pass request context to serializer - this was missing!
+    return Response(
+        MeetingSerializer(meeting, context={"request": request}).data, status=status.HTTP_200_OK
+    )
+
+
+@api_view(["POST"])
+def confirm_payment(request, pk):
+
+    meeting = get_object_or_404(Meeting, pk=pk, status="pending")
+
+    if meeting.payment_expires_at and timezone.now() > meeting.payment_expires_at:
+        meeting.student = None
+        meeting.status = "scheduled"
+        meeting.payment_expires_at = None
+        meeting.save(update_fields=["student", "status", "payment_expires_at"])
+        return Response({"detail": "payment window expired"}, status=status.HTTP_400_BAD_REQUEST)
+
+    # if confirmed payment
+    meeting.status = "booked"
+    meeting.payment_expires_at = None
+    meeting.save(update_fields=["status", "payment_expires_at"])
+    # Pass request context to serializer
+    return Response(
+        MeetingSerializer(meeting, context={"request": request}).data, status=status.HTTP_200_OK
+    )
+
+
+@api_view(["POST"])
+def cancel_payment(request, pk):
+    meeting = get_object_or_404(Meeting, pk=pk)
+    if meeting.status != "pending":
+        return Response({"detail": "nothing to cancel"}, status=status.HTTP_400_BAD_REQUEST)
+
+    meeting.student = None
+    meeting.status = "scheduled"
+    meeting.payment_expires_at = None
+    # Note: google_event_id and google_meet_link are preserved when canceling
+    meeting.save(update_fields=["student", "status", "payment_expires_at"])
+    # Pass request context to serializer
+    return Response(
+        MeetingSerializer(meeting, context={"request": request}).data, status=status.HTTP_200_OK
+    )
+
+
+@api_view(["GET"])
+def get_user_meetings(request, user_id):
+    """
+    Fetch all meetings for a specific user (as organizer or student)
+    """
+    try:
+        user = User.objects.get(id=user_id)
+    except User.DoesNotExist:
+        return Response({"error": "User not found"}, status=status.HTTP_404_NOT_FOUND)
+
+    # Get meetings where user is either organizer or student
+    meetings = Meeting.objects.filter(Q(organizer=user) | Q(student=user)).order_by("start_time")
+
+    # Pass context with request and the specific user
+    serializer = MeetingSerializer(meetings, many=True, context={"request": request, "user": user})
+    return Response(serializer.data, status=status.HTTP_200_OK)
+
+
+@api_view(["GET"])
+def get_user_meetings_by_status(request, user_id, meeting_status):
+    """
+    Fetch meetings for a specific user filtered by status
+    """
+    try:
+        user = User.objects.get(id=user_id)
+    except User.DoesNotExist:
+        return Response({"error": "User not found"}, status=status.HTTP_404_NOT_FOUND)
+
+    # Validate status
+    valid_statuses = ["scheduled", "booked", "completed"]
+    if meeting_status not in valid_statuses:
+        return Response(
+            {"error": "Invalid status. Valid options: scheduled, booked, completed"},
+            status=status.HTTP_400_BAD_REQUEST,
+        )
+
+    meetings = Meeting.objects.filter(
+        Q(organizer=user) | Q(student=user), status=meeting_status
+    ).order_by("start_time")
+
+    # Pass context with request and the specific user
+    serializer = MeetingSerializer(meetings, many=True, context={"request": request, "user": user})
+    return Response(serializer.data, status=status.HTTP_200_OK)