WebSVN – SmartDukaan – Diff – //trunk/profitmandi-web/src/main/java/com/spice/profitmandi/web/controller/LeadController.java

 import org.apache.commons.csv.CSVRecord;
 import org.apache.commons.io.output.ByteArrayOutputStream;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.format.annotation.DateTimeFormat;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 @Controller
 @Transactional(rollbackFor = Throwable.class)
 public class LeadController {
     private static final Logger LOGGER = LogManager.getLogger(LeadController.class);
+    /** Source/createdBy label for leads captured by the AI assistant. */
+    private static final String AI_LEAD_SOURCE = "AI Assistant";
     @Autowired
     private ResponseSender<?> responseSender;
+    @Value("${ai.lead.intake.token}")
+    private String aiLeadIntakeToken;
     @Autowired
     private AuthRepository authRepository;
     @Autowired
     private LeadRepository leadRepository;
         return responseSender.ok(true);
+    }
+    /**
+     * Intake endpoint for leads captured by the AI assistant (chat + voice flows, external system).
+     * <p>
+     * The source is stamped server-side as {@value #AI_LEAD_SOURCE} so the caller cannot spoof it.
+     * Authenticated with a shared secret sent in the standard {@code Auth-Token} header; this path is
+     * excluded from the JWT {@code AuthenticationInterceptor} (see WebMVCConfig) so the secret is not
+     * treated as a user token. The call is idempotent: the AI side fires fire-and-forget with retry,
+     * so a repeat POST for a mobile that already has an AI lead returns OK without creating a
+     * duplicate. Leads from other sources (SD-WEB, manual) for the same mobile do not block creation.
+     */
+    @RequestMapping(value = ProfitMandiConstants.URL_AI_LEAD_INTAKE, method = RequestMethod.POST)
+    public ResponseEntity<?> aiLead(HttpServletRequest request,
+                                    @RequestHeader(name = "Auth-Token", required = false) String authToken,
+                                    @RequestBody AiLeadRequest aiLeadRequest)
+            throws ProfitMandiBusinessException {
+        LOGGER.info("AI lead intake request: {}", aiLeadRequest);
+        if (aiLeadIntakeToken == null || aiLeadIntakeToken.trim().isEmpty()
+                || authToken == null || !aiLeadIntakeToken.equals(authToken)) {
+            LOGGER.warn("AI lead intake rejected: invalid or missing Auth-Token");
+            return responseSender.forbidden(null);
+        }
+        // Normalise mobile to the 10-digit number the lead table stores (mobile column is length 10).
+        // The AI side sends digits-only 10-12 chars; strip any stray non-digits and drop a leading
+        // country code (e.g. 91) when present.
+        String rawMobile = aiLeadRequest.getMobile();
+        String mobile = rawMobile == null ? "" : rawMobile.replaceAll("\\D", "");
+        if (mobile.length() > 10) {
+            mobile = mobile.substring(mobile.length() - 10);
+        }
+        if (mobile.length() != 10) {
+            throw new ProfitMandiBusinessException("Mobile Number", String.valueOf(rawMobile),
+                    "Mobile number must contain 10 digits");
+        }
+        String firstName = aiLeadRequest.getFirstName();
+        if (firstName == null || firstName.trim().isEmpty()) {
+            throw new ProfitMandiBusinessException("First Name", firstName, "First name is required");
+        }
+        // Idempotency: scoped to AI leads only - the AI side retries fire-and-forget posts. A lead
+        // for the same mobile under another source (e.g. SD-WEB, manual) does NOT block creation.
+        Lead existing = leadRepository.selectByMobileNumberAndSource(mobile, AI_LEAD_SOURCE);
+        if (existing != null) {
+            LOGGER.info("AI lead intake: AI lead already exists for mobile {} (id={}), skipping create",
+                    mobile, existing.getId());
+            return responseSender.ok(existing.getId());
+        }
+        Lead lead = new Lead();
+        lead.setLeadMobile(mobile);
+        lead.setFirstName(firstName.trim());
+        lead.setLastName(aiLeadRequest.getLastName());
+        lead.setCity(aiLeadRequest.getCity());
+        lead.setOutLetName(aiLeadRequest.getOutletName());
+        // AI flow does not collect a separate address; mirror web capture and fall back to city
+        lead.setAddress(aiLeadRequest.getCity());
+        // Source is stamped server-side; the caller cannot override it
+        lead.setSource(AI_LEAD_SOURCE);
+        lead.setCreatedBy(AI_LEAD_SOURCE);
+        lead.setStatus(LeadStatus.followUp);
+        lead.setColor("yellow");
+        // Auto-assign using the same routing the public web capture uses today
+        lead.setAssignTo(53);
+        lead.setAuthId(lead.getAssignTo());
+        lead.setCreatedTimestamp(LocalDateTime.now());
+        lead.setUpdatedTimestamp(LocalDateTime.now());
+        leadRepository.persist(lead);
+        LOGGER.info("AI lead intake: created lead id={} for mobile {}", lead.getId(), mobile);
+        return responseSender.ok(lead.getId());
+    }
     @RequestMapping(value = "/getPartnersList", method = RequestMethod.GET)
     @ApiImplicitParams({@ApiImplicitParam(name = "Auth-Token", value = "Auth-Token", required = true, dataType = "string", paramType = "header")})
     public ResponseEntity<?> getPartners(HttpServletRequest request, @RequestParam(name = "gmailId") String gmailId)
             throws ProfitMandiBusinessException {

Subversion Repositories SmartDukaan

(root)//trunk/profitmandi-web/src/main/java/com/spice/profitmandi/web/controller/LeadController.java – Rev 36930 → 36957