from flask import Blueprint, jsonify, session, request import os import random import time from ..utils.db import get_db api_bp = Blueprint('api', __name__) @api_bp.route("/user") def api_user(): if "user_id" not in session: return jsonify({"logged_in": False}) conn = get_db() cur = conn.cursor() cur.execute("SELECT balance FROM users WHERE user_id = ?", (session["user_id"],)) res = cur.fetchone() return jsonify({ "logged_in": True, "username": session["username"], "avatar": session["avatar"], "balance": res["balance"] if res else 0 }) @api_bp.route("/buy_pack", methods=["POST"]) def buy_pack(): if "user_id" not in session: return jsonify({"error": "Auth required"}), 401 PRICE = 2790 user_id = session["user_id"] conn = get_db() cur = conn.cursor() cur.execute("SELECT balance FROM users WHERE user_id = ?", (user_id,)) res = cur.fetchone() if not res or res["balance"] < PRICE: return jsonify({"error": "No funds"}), 400 try: cur.execute("UPDATE users SET balance = balance - ? WHERE user_id = ?", (PRICE, user_id)) seed = os.urandom(16).hex() rnd = random.random() if rnd < 0.01: rarity = "Legendary" elif rnd < 0.05: rarity = "Epic" elif rnd < 0.20: rarity = "Rare" elif rnd < 0.50: rarity = "Uncommon" else: rarity = "Common" power = random.randint(1, 1000) luck = random.randint(1, 100) cur.execute(""" INSERT INTO cards (owner_id, seed, rarity, power, luck, mint_date) VALUES (?, ?, ?, ?, ?, ?) """, (user_id, seed, rarity, power, luck, int(time.time()))) card_id = cur.lastrowid conn.commit() return jsonify({ "success": True, "card_id": card_id, "card": { "card_id": card_id, "id": card_id, "seed": seed, "rarity": rarity, "power": power, "luck": luck, "owner_avatar": session.get("avatar"), "owner_name": session.get("username") } }) except Exception as e: conn.rollback() return jsonify({"error": str(e)}), 500 @api_bp.route("/inventory") def inventory(): if "user_id" not in session: return jsonify([]) conn = get_db() cur = conn.cursor() # Filter out listed cards cur.execute(""" SELECT * FROM cards WHERE owner_id = ? AND card_id NOT IN (SELECT card_id FROM listings) ORDER BY card_id DESC """, (session["user_id"],)) cards = [dict(row) for row in cur.fetchall()] for card in cards: card['owner_name'] = session.get("username") card['owner_avatar'] = session.get("avatar") return jsonify(cards) @api_bp.route("/sell_card_bank", methods=["POST"]) def sell_card_bank(): if "user_id" not in session: return jsonify({"error": "Auth required"}), 401 data = request.json card_id = data.get("card_id") user_id = session["user_id"] conn = get_db() cur = conn.cursor() cur.execute("SELECT * FROM cards WHERE card_id = ?", (card_id,)) card = cur.fetchone() if not card or card["owner_id"] != user_id: return jsonify({"error": "Not yours"}), 403 rarity_mult = {"common":1, "uncommon":1.2, "rare":1.5, "epic":2, "legendary":5}.get(card["rarity"].lower(), 1) base_price = 100 + (card["power"] * 0.1) + (card["luck"] * 5) final_price = int(base_price * rarity_mult) if final_price > 2500: final_price = 2500 try: cur.execute("DELETE FROM cards WHERE card_id = ?", (card_id,)) cur.execute("DELETE FROM listings WHERE card_id = ?", (card_id,)) cur.execute("UPDATE users SET balance = balance + ? WHERE user_id = ?", (final_price, user_id)) conn.commit() return jsonify({"success": True, "price": final_price}) except Exception as e: conn.rollback() return jsonify({"error": str(e)}), 500 @api_bp.route("/market_list", methods=["POST"]) def market_list(): if "user_id" not in session: return jsonify({"error": "Auth required"}), 401 data = request.json card_id = data.get("card_id") price = int(data.get("price")) if price < 100 or price > 1000000: return jsonify({"error": "Invalid price"}), 400 user_id = session["user_id"] conn = get_db() cur = conn.cursor() cur.execute("SELECT owner_id FROM cards WHERE card_id = ?", (card_id,)) card = cur.fetchone() if not card or card["owner_id"] != user_id: return jsonify({"error": "Not yours"}), 403 try: cur.execute("INSERT INTO listings (card_id, seller_id, price, created_at) VALUES (?, ?, ?, ?)", (card_id, user_id, price, int(time.time()))) conn.commit() return jsonify({"success": True}) except Exception as e: return jsonify({"error": str(e)}), 500 @api_bp.route("/market_cancel", methods=["POST"]) def market_cancel(): if "user_id" not in session: return jsonify({"error": "Auth required"}), 401 data = request.json listing_id = data.get("listing_id") user_id = session["user_id"] conn = get_db() cur = conn.cursor() cur.execute("SELECT * FROM listings WHERE listing_id = ?", (listing_id,)) listing = cur.fetchone() if not listing: return jsonify({"error": "Not found"}), 404 if listing["seller_id"] != user_id: return jsonify({"error": "Not yours"}), 403 try: cur.execute("DELETE FROM listings WHERE listing_id = ?", (listing_id,)) conn.commit() return jsonify({"success": True}) except Exception as e: return jsonify({"error": str(e)}), 500 @api_bp.route("/market_buy", methods=["POST"]) def market_buy(): if "user_id" not in session: return jsonify({"error": "Auth required"}), 401 data = request.json listing_id = data.get("listing_id") buyer_id = session["user_id"] conn = get_db() cur = conn.cursor() cur.execute(""" SELECT l.*, c.owner_id as current_owner FROM listings l JOIN cards c ON l.card_id = c.card_id WHERE l.listing_id = ? """, (listing_id,)) listing = cur.fetchone() if not listing: return jsonify({"error": "Not found"}), 404 if listing["seller_id"] == buyer_id: return jsonify({"error": "Cannot buy own"}), 400 price = listing["price"] cur.execute("SELECT balance FROM users WHERE user_id = ?", (buyer_id,)) buyer = cur.fetchone() if not buyer or buyer["balance"] < price: return jsonify({"error": "Insufficient funds"}), 400 try: cur.execute("UPDATE users SET balance = balance - ? WHERE user_id = ?", (price, buyer_id)) cur.execute("UPDATE users SET balance = balance + ? WHERE user_id = ?", (price, listing["seller_id"])) cur.execute("UPDATE cards SET owner_id = ? WHERE card_id = ?", (buyer_id, listing["card_id"])) cur.execute("DELETE FROM listings WHERE listing_id = ?", (listing_id,)) conn.commit() return jsonify({"success": True}) except Exception as e: conn.rollback() return jsonify({"error": str(e)}), 500 @api_bp.route("/market_my_listings") def market_my_listings(): if "user_id" not in session: return jsonify([]) conn = get_db() cur = conn.cursor() cur.execute(""" SELECT l.listing_id, l.price, l.created_at, c.*, u.username as seller_name, u.avatar as seller_avatar FROM listings l JOIN cards c ON l.card_id = c.card_id JOIN users u ON l.seller_id = u.user_id WHERE l.seller_id = ? ORDER BY l.created_at DESC """, (session["user_id"],)) listings = [dict(row) for row in cur.fetchall()] return jsonify(listings) @api_bp.route("/market") def get_market(): conn = get_db() cur = conn.cursor() cur.execute(""" SELECT l.listing_id, l.price, l.created_at, c.*, u.username as seller_name, u.avatar as seller_avatar FROM listings l JOIN cards c ON l.card_id = c.card_id JOIN users u ON l.seller_id = u.user_id ORDER BY l.created_at DESC """) listings = [dict(row) for row in cur.fetchall()] return jsonify(listings) @api_bp.route("/sign_card", methods=["POST"]) def sign_card(): if "user_id" not in session: return jsonify({"error": "Auth required"}), 401 data = request.json card_id = data.get("card_id") signature = data.get("signature")[:25] conn = get_db() cur = conn.cursor() cur.execute("SELECT owner_id FROM cards WHERE card_id = ?", (card_id,)) card = cur.fetchone() if not card or card["owner_id"] != session["user_id"]: return jsonify({"error": "Not yours"}), 403 cur.execute("UPDATE cards SET signature = ? WHERE card_id = ?", (signature, card_id)) conn.commit() return jsonify({"success": True})