discount profiles and discounts overall implemented and working

personal discounts to businesses done
percentage discounts
2026-06-21 23:46:37 +02:00 · 2026-06-21 23:21:24 +02:00 · 2026-06-21 22:41:30 +02:00 · 2026-06-21 22:33:47 +02:00 · 2026-06-21 20:38:28 +02:00 · 2026-06-21 20:19:58 +02:00
93 changed files with 4788 additions and 151 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -572,6 +572,12 @@ dependencies = [
 "thiserror 1.0.69",
 ]
 [[package]]
 name = "base32"
 version = "0.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "022dfe9eb35f19ebbcb51e0b40a5ab759f46ad60cadf7297e0bd085afb50e076"
 [[package]]
 name = "base64"
 version = "0.22.1"
@@ -755,12 +761,24 @@ version = "0.6.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "175812e0be2bccb6abe50bb8d566126198344f707e304f45c648fd8f2cc0365e"
 [[package]]
 name = "bytemuck"
 version = "1.25.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c8efb64bd706a16a1bdde310ae86b351e4d21550d98d056f22f8a7f7a2183fec"
 [[package]]
 name = "byteorder"
 version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
 [[package]]
 name = "byteorder-lite"
 version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8f1fe948ff07f4bd06c30984e69f5b4899c516a3ef74f34df92a2df2ab535495"
 [[package]]
 name = "bytes"
 version = "1.12.0"
@@ -1059,6 +1077,12 @@ dependencies = [
 "tiny-keccak",
 ]
 [[package]]
 name = "constant_time_eq"
 version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7c74b8349d32d297c9134b8c88677813a227df8f779daa29bfc29c183fe3dca6"
 [[package]]
 name = "cookie"
 version = "0.18.1"
@@ -1581,6 +1605,15 @@ version = "2.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9f1f227452a390804cdb637b74a86990f2a7d7ba4b7d5693aac9b4dd6defd8d6"
 [[package]]
 name = "fdeflate"
 version = "0.3.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1e6853b52649d4ac5c0bd02320cddc5ba956bdb407c4b75a2c6b75bf51500f8c"
 dependencies = [
 "simd-adler32",
 ]
 [[package]]
 name = "find-msvc-tools"
 version = "0.1.9"
@@ -2424,6 +2457,19 @@ dependencies = [
 "winapi-util",
 ]
 [[package]]
 name = "image"
 version = "0.25.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "85ab80394333c02fe689eaf900ab500fbd0c2213da414687ebf995a65d5a6104"
 dependencies = [
 "bytemuck",
 "byteorder-lite",
 "moxcms",
 "num-traits",
 "png",
 ]
 [[package]]
 name = "include_dir"
 version = "0.7.4"
@@ -2604,11 +2650,15 @@ dependencies = [
 "chrono",
 "dotenvy",
 "fluent-templates",
 "form_urlencoded",
 "futures-util",
 "hmac",
 "include_dir",
 "insta",
 "loco-oauth2",
 "loco-rs",
 "migration",
 "multer",
 "passwords",
 "regex",
 "reqwest",
@@ -2617,8 +2667,11 @@ dependencies = [
 "serde",
 "serde_json",
 "serial_test",
 "sha2",
 "subtle",
 "time",
 "tokio",
 "totp-rs",
 "tower-sessions",
 "tracing",
 "tracing-subscriber",
@@ -3052,6 +3105,16 @@ dependencies = [
 "uuid",
 ]
 [[package]]
 name = "moxcms"
 version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bb85c154ba489f01b25c0d36ae69a87e4a1c73a72631fc6c0eb6dde34a73e44b"
 dependencies = [
 "num-traits",
 "pxfm",
 ]
 [[package]]
 name = "multer"
 version = "3.1.0"
@@ -3654,6 +3717,19 @@ version = "0.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b4596b6d070b27117e987119b4dac604f3c58cfb0b191112e24771b2faeac1a6"
 [[package]]
 name = "png"
 version = "0.18.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "60769b8b31b2a9f263dae2776c37b1b28ae246943cf719eb6946a1db05128a61"
 dependencies = [
 "bitflags",
 "crc32fast",
 "fdeflate",
 "flate2",
 "miniz_oxide",
 ]
 [[package]]
 name = "polling"
 version = "3.11.0"
@@ -3816,6 +3892,29 @@ dependencies = [
 "unicase",
 ]
 [[package]]
 name = "pxfm"
 version = "0.1.29"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e0c5ccf5294c6ccd63a74f1565028353830a9c2f5eb0c682c355c471726a6e3f"
 [[package]]
 name = "qrcodegen"
 version = "1.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4339fc7a1021c9c1621d87f5e3505f2805c8c105420ba2f2a4df86814590c142"
 [[package]]
 name = "qrcodegen-image"
 version = "1.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "99530e45ded4640c0eab5420fc60f9a0ec1be51a22e49cc8578b9a0d8be70712"
 dependencies = [
 "base64",
 "image",
 "qrcodegen",
 ]
 [[package]]
 name = "quick-xml"
 version = "0.38.4"
@@ -5739,6 +5838,23 @@ version = "0.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5d99f8c9a7727884afe522e9bd5edbfc91a3312b36a77b5fb8926e4c31a41801"
 [[package]]
 name = "totp-rs"
 version = "5.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a2b36a9dd327e9f401320a2cb4572cc76ff43742bcfc3291f871691050f140ba"
 dependencies = [
 "base32",
 "constant_time_eq",
 "hmac",
 "qrcodegen-image",
 "rand 0.9.4",
 "sha1",
 "sha2",
 "url",
 "urlencoding",
 ]
 [[package]]
 name = "tower"
 version = "0.4.13"
@@ -6144,6 +6260,12 @@ dependencies = [
 "serde_derive",
 ]
 [[package]]
 name = "urlencoding"
 version = "2.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da"
 [[package]]
 name = "utf-8"
 version = "0.7.6"
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -49,6 +49,15 @@ axum-casbin = "1.3.0"
 loco-oauth2 = "0.5.0"
 passwords = "3.1.16"
 tower-sessions = "0.14"
 # TOTP (Google Authenticator) for optional two-factor auth
 totp-rs = { version = "5", features = ["qr", "gen_secret"] }
 # CSRF: HMAC-signed double-submit token + body inspection for the `_csrf` field
 hmac = { version = "0.12" }
 sha2 = { version = "0.10" }
 subtle = { version = "2.6" }
 form_urlencoded = { version = "1" }
 multer = { version = "3" }
 futures-util = { version = "0.3" }
 [[bin]]
 name = "kompress-eshop-cli"
--- a/assets/i18n/en/main.ftl
+++ b/assets/i18n/en/main.ftl
@@ -208,6 +208,52 @@ edit-category = Edit category
 product = Product
 name = Name
 price = Price
 sale-price = Sale price
 admin-discounts = Discounts
 admin-discounts-desc = Set discounted product prices. A discount shows up as a sale in the shop.
 on-sale = On sale
 no-discount = No discount
 discount = Discount
 set-discount = Set discount
 remove-discount = Remove discount
 discount-mode-fixed = Fixed price
 discount-mode-percent = Percentage
 discount-percent = Discount (%)
 discount-preview-before = Original price
 discount-preview-after = New price
 discount-preview-save = You save
 discount-invalid = Invalid price.
 discount-must-be-positive = The sale price must be greater than zero.
 discount-below-regular = The sale price must be below the regular price.
 discount-percent-range = The percentage must be between 0 and 100.
 admin-customers = Business accounts
 admin-customers-desc = Manage negotiated prices for business (B2B) accounts.
 admin-no-customers = No business accounts yet.
 email = Email
 back = Back
 negotiated-prices = Negotiated prices
 negotiated-prices-hint = Set a price for a specific product for this business account. The customer always pays the lower of the public and negotiated price.
 manage-prices = Manage prices
 public-price = Public price
 negotiated-price = Negotiated price
 effective-price = Effective price
 admin-discount-profiles = Discount profiles
 admin-discount-profiles-desc = Create reusable discount layers (a % over chosen products) and assign them to business accounts.
 admin-no-profiles = No discount profiles yet.
 new-profile = New profile
 edit-profile = Edit profile
 profile-name-required = Profile name is required.
 scope = Scope
 products = Products
 scope-include = Selected products
 scope-all-except = All except selected
 scope-include-hint = Applies only to the products selected below.
 scope-all-except-hint = Applies to every product except those selected below.
 automated-price = Automated price
 discount-profiles = Discount profiles
 collision = Conflict
 resolve = Resolve
 no-profiles-assigned = No profiles assigned.
 stock = Stock
 sku = SKU
 currency = Currency
@@ -217,6 +263,8 @@ image = Image
 slug = URL slug
 slug-auto = generated automatically
 position = Position
 position-auto = added to the end
 position-hint = Sort order in the menu (lowest first). Leave blank to add it last.
 parent-category = Parent category
 no-parent = — None (top level) —
 quantity = Quantity
@@ -274,6 +322,49 @@ profile-intro = We'll use these details to prefill checkout.
 profile-saved = Profile saved.
 profile-save = Save profile
 profile-company-required = For a company account, please fill in company name, IČO and DIČ.
 profile-first-name = First name
 profile-last-name = Surname
 profile-edit = Edit profile
 profile-cancel = Cancel
 profile-not-set = Not set
 nav-account = My account
 account-orders = My orders
 account-change-password = Change password
 orders-active = Active orders
 orders-past = Past orders
 orders-empty = You don't have any orders yet.
 password-change-title = Change password
 password-current = Current password
 password-current-wrong = Your current password is incorrect.
 password-changed = Your password has been changed.
 # Two-factor authentication (TOTP / Google Authenticator)
 security-title = Security
 security-2fa-intro = Two-factor authentication (2FA) adds a one-time code from an app like Google Authenticator to your sign-in.
 security-2fa-on = 2FA is on
 security-2fa-off = 2FA is off
 security-2fa-enable = Enable two-factor authentication
 security-2fa-scan = Scan this QR code in Google Authenticator (or any compatible app).
 security-2fa-manual = Or enter the key manually:
 security-2fa-enter-code = Enter the 6-digit code from the app
 security-2fa-confirm = Confirm and enable
 security-2fa-code-wrong = That code is wrong or expired. Please try again.
 security-2fa-enroll-error = Could not start 2FA setup. Please try again.
 security-2fa-enabled-ok = Two-factor authentication is enabled.
 security-2fa-backup-intro = Save these backup codes somewhere safe. Each can be used once if you lose access to your app.
 security-2fa-backup-remaining = Backup codes remaining
 security-2fa-regenerate = Generate new backup codes
 security-2fa-disable = Disable two-factor authentication
 security-2fa-disable-hint = Enter your current password to confirm.
 # Second login step (after password)
 login-totp-title = Two-factor authentication
 login-totp-intro = Enter the code from your authenticator app.
 login-totp-error = That code is wrong or expired.
 login-totp-code = Verification code
 login-totp-submit = Verify
 login-totp-backup-hint = No access to your app? Enter one of your backup codes.
 account-type-locked = Account type can't be changed after registration.
 checkout-create-account = Create an account from this order
 checkout-create-account-hint = We'll email you a link to set your password. This order will be linked to your account.
@@ -303,6 +394,7 @@ admin-no-orders = No orders yet.
 order-status-pending = Pending
 order-status-paid = Paid
 order-status-shipped = Shipped
 order-status-delivered = Delivered
 order-status-cancelled = Cancelled
 order-update-status = Update status
--- a/assets/i18n/sk/main.ftl
+++ b/assets/i18n/sk/main.ftl
@@ -208,6 +208,52 @@ edit-category = Upraviť kategóriu
 product = Produkt
 name = Názov
 price = Cena
 sale-price = Zľavnená cena
 admin-discounts = Zľavy
 admin-discounts-desc = Nastavte zľavnené ceny produktov. Zľava sa v obchode zobrazí ako akcia.
 on-sale = V akcii
 no-discount = Bez zľavy
 discount = Zľava
 set-discount = Nastaviť zľavu
 remove-discount = Zrušiť zľavu
 discount-mode-fixed = Pevná cena
 discount-mode-percent = Percentá
 discount-percent = Zľava (%)
 discount-preview-before = Pôvodná cena
 discount-preview-after = Nová cena
 discount-preview-save = Ušetríte
 discount-invalid = Neplatná cena.
 discount-must-be-positive = Zľavnená cena musí byť väčšia ako nula.
 discount-below-regular = Zľavnená cena musí byť nižšia ako bežná cena.
 discount-percent-range = Percento musí byť medzi 0 a 100.
 admin-customers = Firemné účty
 admin-customers-desc = Spravujte dohodnuté ceny pre firemné (B2B) účty.
 admin-no-customers = Zatiaľ žiadne firemné účty.
 email = E-mail
 back = Späť
 negotiated-prices = Dohodnuté ceny
 negotiated-prices-hint = Nastavte cenu pre konkrétny produkt pre tento firemný účet. Zákazník vždy zaplatí najnižšiu z verejnej a dohodnutej ceny.
 manage-prices = Spravovať ceny
 public-price = Verejná cena
 negotiated-price = Dohodnutá cena
 effective-price = Výsledná cena
 admin-discount-profiles = Zľavové profily
 admin-discount-profiles-desc = Vytvorte opakovane použiteľné zľavové vrstvy (% na vybrané produkty) a priraďte ich firemným účtom.
 admin-no-profiles = Zatiaľ žiadne zľavové profily.
 new-profile = Nový profil
 edit-profile = Upraviť profil
 profile-name-required = Názov profilu je povinný.
 scope = Rozsah
 products = Produkty
 scope-include = Vybrané produkty
 scope-all-except = Všetky okrem vybraných
 scope-include-hint = Platí len pre vybrané produkty nižšie.
 scope-all-except-hint = Platí pre všetky produkty okrem vybraných nižšie.
 automated-price = Automatická cena
 discount-profiles = Zľavové profily
 collision = Konflikt
 resolve = Vyriešiť
 no-profiles-assigned = Žiadne priradené profily.
 stock = Sklad
 sku = Kód (SKU)
 currency = Mena
@@ -217,6 +263,8 @@ image = Obrázok
 slug = URL adresa
 slug-auto = vygeneruje sa automaticky
 position = Poradie
 position-auto = pridá sa na koniec
 position-hint = Poradie v menu (najnižšie ako prvé). Nechajte prázdne a pridá sa na koniec.
 parent-category = Nadradená kategória
 no-parent = — Žiadna (najvyššia úroveň) —
 quantity = Množstvo
@@ -274,6 +322,49 @@ profile-intro = Tieto údaje použijeme na predvyplnenie pokladne.
 profile-saved = Profil bol uložený.
 profile-save = Uložiť profil
 profile-company-required = Pri firemnom účte vyplňte názov firmy, IČO a DIČ.
 profile-first-name = Meno
 profile-last-name = Priezvisko
 profile-edit = Upraviť profil
 profile-cancel = Zrušiť
 profile-not-set = Neuvedené
 nav-account = Môj účet
 account-orders = Moje objednávky
 account-change-password = Zmeniť heslo
 orders-active = Aktívne objednávky
 orders-past = Staršie objednávky
 orders-empty = Zatiaľ nemáte žiadne objednávky.
 password-change-title = Zmeniť heslo
 password-current = Súčasné heslo
 password-current-wrong = Vaše súčasné heslo je nesprávne.
 password-changed = Vaše heslo bolo zmenené.
 # Two-factor authentication (TOTP / Google Authenticator)
 security-title = Zabezpečenie
 security-2fa-intro = Dvojfaktorové overenie (2FA) pridáva k prihláseniu jednorazový kód z aplikácie ako Google Authenticator.
 security-2fa-on = 2FA je zapnuté
 security-2fa-off = 2FA je vypnuté
 security-2fa-enable = Zapnúť dvojfaktorové overenie
 security-2fa-scan = Naskenujte tento QR kód v aplikácii Google Authenticator (alebo inej kompatibilnej).
 security-2fa-manual = Alebo zadajte kľúč ručne:
 security-2fa-enter-code = Zadajte 6-miestny kód z aplikácie
 security-2fa-confirm = Potvrdiť a zapnúť
 security-2fa-code-wrong = Kód je nesprávny alebo vypršal. Skúste to znova.
 security-2fa-enroll-error = Nepodarilo sa pripraviť 2FA. Skúste to znova.
 security-2fa-enabled-ok = Dvojfaktorové overenie je zapnuté.
 security-2fa-backup-intro = Uložte si tieto záložné kódy na bezpečné miesto. Každý sa dá použiť iba raz, ak nemáte prístup k aplikácii.
 security-2fa-backup-remaining = Zostávajúce záložné kódy
 security-2fa-regenerate = Vygenerovať nové záložné kódy
 security-2fa-disable = Vypnúť dvojfaktorové overenie
 security-2fa-disable-hint = Na potvrdenie zadajte svoje súčasné heslo.
 # Second login step (after password)
 login-totp-title = Dvojfaktorové overenie
 login-totp-intro = Zadajte kód z vašej autentifikačnej aplikácie.
 login-totp-error = Kód je nesprávny alebo vypršal.
 login-totp-code = Overovací kód
 login-totp-submit = Overiť
 login-totp-backup-hint = Nemáte prístup k aplikácii? Zadajte jeden zo svojich záložných kódov.
 account-type-locked = Typ účtu sa po registrácii nedá zmeniť.
 checkout-create-account = Vytvoriť účet z tejto objednávky
 checkout-create-account-hint = Pošleme vám e-mail na nastavenie hesla. Objednávka sa priradí k vášmu účtu.
@@ -303,6 +394,7 @@ admin-no-orders = Zatiaľ žiadne objednávky.
 order-status-pending = Čaká na spracovanie
 order-status-paid = Zaplatené
 order-status-shipped = Odoslané
 order-status-delivered = Doručené
 order-status-cancelled = Zrušené
 order-update-status = Zmeniť stav
--- a/assets/static/css/app.css
+++ b/assets/static/css/app.css
--- a/assets/static/vendor/alpine/alpine-focus-3.14.9.min.js
+++ b/assets/static/vendor/alpine/alpine-focus-3.14.9.min.js
--- a/assets/views/account/order_detail.html
+++ b/assets/views/account/order_detail.html
@@ -0,0 +1,76 @@
 {% extends "base.html" %}
 {% import "macros/ui.html" as ui %}
 {% block title %}{{ order.order_number }}{% endblock title %}
 {% macro status_badge(status) %}
 {% if status == "delivered" %}{{ ui::badge(label=t(key="order-status-" ~ status, lang=lang | default(value='sk')), variant="success") }}
 {% elif status == "shipped" %}{{ ui::badge(label=t(key="order-status-" ~ status, lang=lang | default(value='sk')), variant="primary") }}
 {% elif status == "paid" %}{{ ui::badge(label=t(key="order-status-" ~ status, lang=lang | default(value='sk')), variant="info") }}
 {% elif status == "cancelled" %}{{ ui::badge(label=t(key="order-status-" ~ status, lang=lang | default(value='sk')), variant="danger") }}
 {% else %}{{ ui::badge(label=t(key="order-status-" ~ status, lang=lang | default(value='sk')), variant="warning") }}
 {% endif %}
 {% endmacro status_badge %}
 {% block content %}
 <div class="mx-auto max-w-2xl space-y-6">
  <a href="/account/orders" class="inline-flex items-center gap-1 text-sm text-primary underline-offset-2 hover:underline dark:text-primary-dark">
    <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" class="size-4"><path stroke-linecap="round" stroke-linejoin="round" d="M15.75 19.5 8.25 12l7.5-7.5" /></svg>
    {{ t(key="account-orders", lang=lang | default(value='sk')) }}
  </a>
  <div class="flex flex-wrap items-center justify-between gap-3">
    <h1 class="font-mono text-2xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ order.order_number }}</h1>
    {{ self::status_badge(status=order.status) }}
  </div>
  <p class="text-sm text-on-surface/60 dark:text-on-surface-dark/60">{{ order.created_at | truncate(length=10, end="") }}</p>
  <div class="rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
    <ul class="space-y-2 pb-3 text-sm">
      {% for item in items %}
      <li class="flex justify-between gap-2">
        <span class="text-on-surface/80 dark:text-on-surface-dark/80">{{ item.product_name }} × {{ item.quantity }}</span>
        <span class="tabular-nums">{{ item.line_total }} {{ order.currency }}</span>
      </li>
      {% endfor %}
    </ul>
    <div class="space-y-1 border-t border-outline py-3 text-sm dark:border-outline-dark">
      <div class="flex justify-between"><span class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="checkout-subtotal", lang=lang | default(value='sk')) }}</span><span class="tabular-nums">{{ order.subtotal }} {{ order.currency }}</span></div>
      <div class="flex justify-between"><span class="text-on-surface/70 dark:text-on-surface-dark/70">{{ order.carrier_name }}</span><span class="tabular-nums">{{ order.shipping }} {{ order.currency }}</span></div>
      {% if order.pickup_point_name %}<div class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ order.pickup_point_name }}</div>{% endif %}
    </div>
    <div class="flex justify-between border-t border-outline pt-3 font-bold dark:border-outline-dark">
      <span>{{ t(key="order-total", lang=lang | default(value='sk')) }}</span>
      <span class="tabular-nums text-primary dark:text-primary-dark">{{ order.total }} {{ order.currency }}</span>
    </div>
  </div>
  {% if order.tracking_number %}
  <div class="rounded-radius border border-outline bg-surface p-4 text-sm dark:border-outline-dark dark:bg-surface-dark-alt">
    <div class="flex flex-wrap items-center justify-between gap-2">
      <span class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="order-tracking", lang=lang | default(value='sk')) }}</span>
      <span class="font-mono font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ order.tracking_number }}</span>
    </div>
  </div>
  {% endif %}
  <div class="rounded-radius border border-outline bg-surface p-6 text-sm dark:border-outline-dark dark:bg-surface-dark-alt">
    <h2 class="mb-2 font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-shipping", lang=lang | default(value='sk')) }}</h2>
    <p class="text-on-surface/80 dark:text-on-surface-dark/80">{{ order.customer_name }}</p>
    {% if order.address %}<p class="text-on-surface/80 dark:text-on-surface-dark/80">{{ order.address }}</p>{% endif %}
    <p class="text-on-surface/80 dark:text-on-surface-dark/80">{{ order.zip }} {{ order.city }}{% if order.country %}, {{ order.country }}{% endif %}</p>
  </div>
  {% if order.payment_method == "bank_transfer" and order.status == "pending" %}
  <div class="space-y-2 rounded-radius border border-primary/40 bg-primary/5 p-6 text-sm dark:border-primary-dark/40">
    <p class="font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="payment-bank-instructions", lang=lang | default(value='sk')) }}</p>
    <div class="grid grid-cols-[auto_1fr] gap-x-4 gap-y-1">
      <span class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="bank-account-name", lang=lang | default(value='sk')) }}</span><span class="font-medium">{{ order.bank_account_name }}</span>
      <span class="text-on-surface/70 dark:text-on-surface-dark/70">IBAN</span><span class="font-mono font-medium">{{ order.bank_iban }}</span>
      <span class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="bank-variable-symbol", lang=lang | default(value='sk')) }}</span><span class="font-mono font-medium">{{ order.variable_symbol }}</span>
      <span class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="bank-amount", lang=lang | default(value='sk')) }}</span><span class="font-medium tabular-nums">{{ order.total }} {{ order.currency }}</span>
    </div>
  </div>
  {% endif %}
 </div>
 {% endblock content %}
--- a/assets/views/account/orders.html
+++ b/assets/views/account/orders.html
@@ -0,0 +1,52 @@
 {% extends "base.html" %}
 {% import "macros/ui.html" as ui %}
 {% block title %}{{ t(key="account-orders", lang=lang | default(value='sk')) }}{% endblock title %}
 {# status → badge variant #}
 {% macro status_badge(status) %}
 {% if status == "delivered" %}{{ ui::badge(label=t(key="order-status-" ~ status, lang=lang | default(value='sk')), variant="success") }}
 {% elif status == "shipped" %}{{ ui::badge(label=t(key="order-status-" ~ status, lang=lang | default(value='sk')), variant="primary") }}
 {% elif status == "paid" %}{{ ui::badge(label=t(key="order-status-" ~ status, lang=lang | default(value='sk')), variant="info") }}
 {% elif status == "cancelled" %}{{ ui::badge(label=t(key="order-status-" ~ status, lang=lang | default(value='sk')), variant="danger") }}
 {% else %}{{ ui::badge(label=t(key="order-status-" ~ status, lang=lang | default(value='sk')), variant="warning") }}
 {% endif %}
 {% endmacro status_badge %}
 {% macro order_row(order) %}
 <a href="/account/orders/{{ order.order_number }}"
  class="flex flex-wrap items-center justify-between gap-3 rounded-radius border border-outline bg-surface p-4 transition hover:border-primary hover:bg-primary/5 dark:border-outline-dark dark:bg-surface-dark-alt dark:hover:border-primary-dark">
  <div class="min-w-0">
    <p class="font-mono text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ order.order_number }}</p>
    <p class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ order.created_at | truncate(length=10, end="") }}</p>
  </div>
  <div class="flex items-center gap-4">
    {{ self::status_badge(status=order.status) }}
    <span class="tabular-nums text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ order.total }} {{ order.currency }}</span>
  </div>
 </a>
 {% endmacro order_row %}
 {% block content %}
 <div class="mx-auto max-w-3xl space-y-8">
  <h1 class="text-3xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-orders", lang=lang | default(value='sk')) }}</h1>
  {% if active_orders | length == 0 and past_orders | length == 0 %}
  <p class="rounded-radius border border-outline bg-surface p-6 text-sm text-on-surface/70 dark:border-outline-dark dark:bg-surface-dark-alt dark:text-on-surface-dark/70">{{ t(key="orders-empty", lang=lang | default(value='sk')) }}</p>
  {% endif %}
  {% if active_orders | length > 0 %}
  <section class="space-y-3">
    <h2 class="text-lg font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="orders-active", lang=lang | default(value='sk')) }}</h2>
    {% for order in active_orders %}{{ self::order_row(order=order) }}{% endfor %}
  </section>
  {% endif %}
  {% if past_orders | length > 0 %}
  <section class="space-y-3">
    <h2 class="text-lg font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="orders-past", lang=lang | default(value='sk')) }}</h2>
    {% for order in past_orders %}{{ self::order_row(order=order) }}{% endfor %}
  </section>
  {% endif %}
 </div>
 {% endblock content %}
--- a/assets/views/account/password.html
+++ b/assets/views/account/password.html
@@ -0,0 +1,44 @@
 {% extends "base.html" %}
 {% import "macros/ui.html" as ui %}
 {% block title %}{{ t(key="password-change-title", lang=lang | default(value='sk')) }}{% endblock title %}
 {% block content %}
 <div class="mx-auto max-w-md">
  <h1 class="text-3xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="password-change-title", lang=lang | default(value='sk')) }}</h1>
  {% if changed %}
  <div class="mt-4 rounded-radius border border-success bg-success/10 px-4 py-3 text-sm text-success" role="status">
    {{ t(key="password-changed", lang=lang | default(value='sk')) }}
  </div>
  {% endif %}
  {% if error == "current" %}
  {{ ui::alert_danger(message=t(key="password-current-wrong", lang=lang | default(value='sk')), extra="mt-4") }}
  {% elif error == "mismatch" %}
  {{ ui::alert_danger(message=t(key="set-password-mismatch", lang=lang | default(value='sk')), extra="mt-4") }}
  {% elif error == "weak" %}
  {{ ui::alert_danger(message=t(key="set-password-weak", lang=lang | default(value='sk')), extra="mt-4") }}
  {% endif %}
  <form method="post" action="/account/password" hx-boost="false" class="mt-6 flex flex-col gap-4"
    x-data="{ password: '', confirm: '' }">
  {{ ui::csrf_field() }}
    <div class="flex flex-col gap-1">
      <label for="current_password" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="password-current", lang=lang | default(value='sk')) }}</label>
      {{ ui::input(name="current_password", id="current_password", type="password", required=true, autocomplete="current-password") }}
    </div>
    <div class="flex flex-col gap-1">
      <label for="password" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="set-password-new", lang=lang | default(value='sk')) }}</label>
      {{ ui::input(name="password", id="password", type="password", required=true, autocomplete="new-password", attrs='x-model="password"') }}
    </div>
    <div class="flex flex-col gap-1">
      <label for="password_confirm" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="set-password-confirm", lang=lang | default(value='sk')) }}</label>
      {{ ui::input(name="password_confirm", id="password_confirm", type="password", required=true, autocomplete="new-password", attrs='x-model="confirm"') }}
      <span x-cloak x-show="confirm.length > 0 && password !== confirm" class="text-xs text-danger dark:text-danger">
        {{ t(key="set-password-mismatch", lang=lang | default(value='sk')) }}
      </span>
    </div>
    {{ ui::button(label=t(key="password-change-title", lang=lang | default(value='sk')), type="submit", extra="mt-1 w-full", attrs=':disabled="password !== confirm"') }}
  </form>
 </div>
 {% endblock content %}
--- a/assets/views/account/profile.html
+++ b/assets/views/account/profile.html
@@ -3,8 +3,19 @@
 {% block title %}{{ t(key="profile-title", lang=lang | default(value='sk')) }}{% endblock title %}
 {% macro field(label, value) %}
 <div class="space-y-1.5">
  <label class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ label }}</label>
  {% if value %}
  <p class="text-sm text-on-surface/80 dark:text-on-surface-dark/80">{{ value }}</p>
  {% else %}
  <p class="text-sm italic text-on-surface/50 dark:text-on-surface-dark/50">{{ t(key="profile-not-set", lang=lang | default(value='sk')) }}</p>
  {% endif %}
 </div>
 {% endmacro field %}
 {% block content %}
-<div class="mx-auto max-w-2xl">
+<div class="mx-auto max-w-2xl" x-data="{ editing: {% if error %}true{% else %}false{% endif %} }">
  <h1 class="text-3xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="profile-title", lang=lang | default(value='sk')) }}</h1>
  <p class="mt-2 text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="profile-intro", lang=lang | default(value='sk')) }}</p>
@@ -17,7 +28,61 @@
  {{ ui::alert_danger(message=t(key="profile-company-required", lang=lang | default(value='sk')), extra="mt-4") }}
  {% endif %}
-  <form method="post" action="/account/profile" hx-boost="false" class="mt-6 space-y-6">
+  <!-- read-only view (default) -->
  <div x-show="!editing" class="mt-6 space-y-6">
    <fieldset class="space-y-2 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
      <legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-type", lang=lang | default(value='sk')) }}</legend>
      <div class="flex items-center gap-2">
        {% if account_type == "company" %}
        {{ ui::badge(label=t(key="account-company", lang=lang | default(value='sk')), variant="primary") }}
        {% else %}
        {{ ui::badge(label=t(key="account-personal", lang=lang | default(value='sk')), variant="neutral") }}
        {% endif %}
        <span class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="account-type-locked", lang=lang | default(value='sk')) }}</span>
      </div>
    </fieldset>
    {% if account_type == "company" %}
    <fieldset class="space-y-4 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
      <legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-company-details", lang=lang | default(value='sk')) }}</legend>
      {{ self::field(label=t(key="company-name", lang=lang | default(value='sk')), value=company_name) }}
      <div class="grid gap-4 sm:grid-cols-3">
        {{ self::field(label=t(key="company-ico", lang=lang | default(value='sk')), value=company_id) }}
        {{ self::field(label=t(key="company-dic", lang=lang | default(value='sk')), value=tax_id) }}
        {{ self::field(label=t(key="company-icdph", lang=lang | default(value='sk')), value=vat_id) }}
      </div>
    </fieldset>
    {% endif %}
    <fieldset class="space-y-4 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
      <legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-contact", lang=lang | default(value='sk')) }}</legend>
      {{ self::field(label=t(key="checkout-name", lang=lang | default(value='sk')), value=name) }}
      {{ self::field(label=t(key="checkout-email", lang=lang | default(value='sk')), value=email) }}
      {% if phone %}
      {% set phone_full = phone_prefix | default(value='') %}
      {% set phone_full = phone_full ~ ' ' ~ phone %}
      {{ self::field(label=t(key="checkout-phone", lang=lang | default(value='sk')), value=phone_full) }}
      {% else %}
      {{ self::field(label=t(key="checkout-phone", lang=lang | default(value='sk')), value='') }}
      {% endif %}
    </fieldset>
    <fieldset class="space-y-4 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
      <legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-shipping", lang=lang | default(value='sk')) }}</legend>
      {{ self::field(label=t(key="checkout-address", lang=lang | default(value='sk')), value=address) }}
      <div class="grid gap-4 sm:grid-cols-3">
        {{ self::field(label=t(key="checkout-city", lang=lang | default(value='sk')), value=city) }}
        {{ self::field(label=t(key="checkout-zip", lang=lang | default(value='sk')), value=zip) }}
        {{ self::field(label=t(key="checkout-country", lang=lang | default(value='sk')), value=country) }}
      </div>
    </fieldset>
    {{ ui::button(label=t(key="profile-edit", lang=lang | default(value='sk')), type="button", size="px-6 py-2.5 text-sm", attrs='@click="editing = true"') }}
  </div>
  <!-- edit form -->
  <form x-show="editing" x-cloak method="post" action="/account/profile" hx-boost="false" class="mt-6 space-y-6">
  {{ ui::csrf_field() }}
    <!-- account type is fixed at registration and shown read-only -->
    <fieldset class="space-y-2 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
      <legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-type", lang=lang | default(value='sk')) }}</legend>
@@ -59,9 +124,15 @@
    <!-- contact (name/email are managed by the login) -->
    <fieldset class="space-y-4 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
      <legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-contact", lang=lang | default(value='sk')) }}</legend>
-      <div class="space-y-1.5">
+      <div class="grid gap-4 sm:grid-cols-2">
-        <label class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-name", lang=lang | default(value='sk')) }}</label>
+        <div class="space-y-1.5">
-        <p class="text-sm text-on-surface/80 dark:text-on-surface-dark/80">{{ name }}</p>
+          <label for="first_name" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="profile-first-name", lang=lang | default(value='sk')) }}</label>
          {{ ui::input(name="first_name", id="first_name", value=first_name | default(value=''), autocomplete="given-name") }}
        </div>
        <div class="space-y-1.5">
          <label for="last_name" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="profile-last-name", lang=lang | default(value='sk')) }}</label>
          {{ ui::input(name="last_name", id="last_name", value=last_name | default(value=''), autocomplete="family-name") }}
        </div>
      </div>
      <div class="space-y-1.5">
        <label class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-email", lang=lang | default(value='sk')) }}</label>
@@ -149,7 +220,10 @@
      </div>
    </fieldset>
-    {{ ui::button(label=t(key="profile-save", lang=lang | default(value='sk')), type="submit", size="px-6 py-2.5 text-sm") }}
+    <div class="flex items-center gap-3">
      {{ ui::button(label=t(key="profile-save", lang=lang | default(value='sk')), type="submit", size="px-6 py-2.5 text-sm") }}
      {{ ui::button(label=t(key="profile-cancel", lang=lang | default(value='sk')), type="button", variant="outline-secondary", size="px-6 py-2.5 text-sm", attrs='@click="editing = false"') }}
    </div>
  </form>
 </div>
 {% endblock content %}
--- a/assets/views/account/security.html
+++ b/assets/views/account/security.html
@@ -0,0 +1,84 @@
 {% extends "base.html" %}
 {% import "macros/ui.html" as ui %}
 {% block title %}{{ t(key="security-title", lang=lang | default(value='sk')) }}{% endblock title %}
 {% block content %}
 <div class="mx-auto max-w-md">
  <h1 class="text-3xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="security-title", lang=lang | default(value='sk')) }}</h1>
  <p class="mt-2 text-sm text-on-surface dark:text-on-surface-dark">{{ t(key="security-2fa-intro", lang=lang | default(value='sk')) }}</p>
  {% if error == "password" %}
  {{ ui::alert_danger(message=t(key="password-current-wrong", lang=lang | default(value='sk')), extra="mt-4") }}
  {% elif error == "code" %}
  {{ ui::alert_danger(message=t(key="security-2fa-code-wrong", lang=lang | default(value='sk')), extra="mt-4") }}
  {% elif error == "enroll" %}
  {{ ui::alert_danger(message=t(key="security-2fa-enroll-error", lang=lang | default(value='sk')), extra="mt-4") }}
  {% endif %}
  {# --- One-time backup codes, shown right after enabling / regenerating --- #}
  {% if backup_codes and backup_codes | length > 0 %}
  <div class="mt-6 rounded-radius border border-success bg-success/10 px-4 py-3" role="status">
    <p class="text-sm font-medium text-success">{{ t(key="security-2fa-enabled-ok", lang=lang | default(value='sk')) }}</p>
    <p class="mt-2 text-sm text-on-surface dark:text-on-surface-dark">{{ t(key="security-2fa-backup-intro", lang=lang | default(value='sk')) }}</p>
    <ul class="mt-3 grid grid-cols-2 gap-2 font-mono text-sm text-on-surface-strong dark:text-on-surface-dark-strong">
      {% for code in backup_codes %}
      <li class="rounded-radius bg-surface px-3 py-1.5 text-center tracking-wider dark:bg-surface-dark">{{ code }}</li>
      {% endfor %}
    </ul>
  </div>
  {% endif %}
  {% if enrolling %}
  {# --- Step 2: scan the QR and confirm a code --- #}
  <div class="mt-6 flex flex-col gap-4 rounded-radius border border-outline bg-surface-alt p-5 dark:border-outline-dark dark:bg-surface-dark-alt">
    <p class="text-sm text-on-surface dark:text-on-surface-dark">{{ t(key="security-2fa-scan", lang=lang | default(value='sk')) }}</p>
    <img src="{{ qr }}" alt="TOTP QR" class="mx-auto size-48 rounded-radius bg-white p-2" />
    <div class="text-center">
      <p class="text-xs text-on-surface dark:text-on-surface-dark">{{ t(key="security-2fa-manual", lang=lang | default(value='sk')) }}</p>
      <code class="mt-1 inline-block break-all font-mono text-sm text-on-surface-strong dark:text-on-surface-dark-strong">{{ secret }}</code>
    </div>
    <form method="post" action="/account/security/confirm" hx-boost="false" class="flex flex-col gap-3">
  {{ ui::csrf_field() }}
      <label for="code" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="security-2fa-enter-code", lang=lang | default(value='sk')) }}</label>
      {{ ui::input(name="code", id="code", type="text", required=true, autocomplete="one-time-code", attrs='inputmode="numeric" pattern="[0-9]*" maxlength="6" autofocus') }}
      {{ ui::button(label=t(key="security-2fa-confirm", lang=lang | default(value='sk')), type="submit", extra="w-full") }}
    </form>
  </div>
  {% elif totp_enabled %}
  {# --- Enabled: status + remaining backup codes + disable / regenerate --- #}
  <div class="mt-6 flex items-center gap-2">
    {{ ui::badge(label=t(key="security-2fa-on", lang=lang | default(value='sk')), variant="success") }}
    <span class="text-sm text-on-surface dark:text-on-surface-dark">{{ t(key="security-2fa-backup-remaining", lang=lang | default(value='sk')) }}: {{ backup_remaining }}</span>
  </div>
  <form method="post" action="/account/security/backup-codes" hx-boost="false" class="mt-6 flex flex-col gap-3 rounded-radius border border-outline bg-surface-alt p-5 dark:border-outline-dark dark:bg-surface-dark-alt">
  {{ ui::csrf_field() }}
    <p class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="security-2fa-regenerate", lang=lang | default(value='sk')) }}</p>
    <label for="regen_pw" class="text-sm text-on-surface dark:text-on-surface-dark">{{ t(key="password-current", lang=lang | default(value='sk')) }}</label>
    {{ ui::input(name="current_password", id="regen_pw", type="password", required=true, autocomplete="current-password") }}
    {{ ui::button(label=t(key="security-2fa-regenerate", lang=lang | default(value='sk')), type="submit", variant="outline-secondary", extra="w-full") }}
  </form>
  <form method="post" action="/account/security/disable" hx-boost="false" class="mt-4 flex flex-col gap-3 rounded-radius border border-danger/40 bg-danger/5 p-5">
  {{ ui::csrf_field() }}
    <p class="text-sm font-medium text-danger">{{ t(key="security-2fa-disable", lang=lang | default(value='sk')) }}</p>
    <p class="text-xs text-on-surface dark:text-on-surface-dark">{{ t(key="security-2fa-disable-hint", lang=lang | default(value='sk')) }}</p>
    <label for="disable_pw" class="text-sm text-on-surface dark:text-on-surface-dark">{{ t(key="password-current", lang=lang | default(value='sk')) }}</label>
    {{ ui::input(name="current_password", id="disable_pw", type="password", required=true, autocomplete="current-password") }}
    {{ ui::button(label=t(key="security-2fa-disable", lang=lang | default(value='sk')), type="submit", variant="danger", extra="w-full") }}
  </form>
  {% else %}
  {# --- Disabled: offer to enable --- #}
  <form method="post" action="/account/security/enable" hx-boost="false" class="mt-6">
  {{ ui::csrf_field() }}
    <div class="flex items-center gap-2">
      {{ ui::badge(label=t(key="security-2fa-off", lang=lang | default(value='sk')), variant="neutral") }}
    </div>
    {{ ui::button(label=t(key="security-2fa-enable", lang=lang | default(value='sk')), type="submit", extra="mt-4 w-full") }}
  </form>
  {% endif %}
 </div>
 {% endblock content %}
--- a/assets/views/admin/base.html
+++ b/assets/views/admin/base.html
@@ -45,6 +45,7 @@
    <script defer src="/static/vendor/alpine/alpinejs-3.14.9.min.js"></script>
  </head>
  <body
    hx-headers='{"X-CSRF-Token": "{{ csrf_token() }}"}'
    x-data="{ showSidebar: false }"
    class="min-h-screen bg-surface text-on-surface antialiased dark:bg-surface-dark dark:text-on-surface-dark">
@@ -77,6 +78,14 @@
          class="flex items-center gap-2 rounded-radius px-2 py-1.5 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-on-surface-strong focus:outline-hidden focus-visible:underline aria-[current=page]:bg-primary/10 aria-[current=page]:text-on-surface-strong dark:text-on-surface-dark dark:hover:bg-primary-dark/5 dark:hover:text-on-surface-dark-strong dark:aria-[current=page]:bg-primary-dark/10 dark:aria-[current=page]:text-on-surface-dark-strong">
          {{ t(key="admin-products", lang=lang | default(value='sk')) }}
        </a>
        <a href="/admin/catalog/discounts" data-nav="/admin/catalog/discounts"
          class="flex items-center gap-2 rounded-radius px-2 py-1.5 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-on-surface-strong focus:outline-hidden focus-visible:underline aria-[current=page]:bg-primary/10 aria-[current=page]:text-on-surface-strong dark:text-on-surface-dark dark:hover:bg-primary-dark/5 dark:hover:text-on-surface-dark-strong dark:aria-[current=page]:bg-primary-dark/10 dark:aria-[current=page]:text-on-surface-dark-strong">
          {{ t(key="admin-discounts", lang=lang | default(value='sk')) }}
        </a>
        <a href="/admin/catalog/discount-profiles" data-nav="/admin/catalog/discount-profiles"
          class="flex items-center gap-2 rounded-radius px-2 py-1.5 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-on-surface-strong focus:outline-hidden focus-visible:underline aria-[current=page]:bg-primary/10 aria-[current=page]:text-on-surface-strong dark:text-on-surface-dark dark:hover:bg-primary-dark/5 dark:hover:text-on-surface-dark-strong dark:aria-[current=page]:bg-primary-dark/10 dark:aria-[current=page]:text-on-surface-dark-strong">
          {{ t(key="admin-discount-profiles", lang=lang | default(value='sk')) }}
        </a>
        <a href="/admin/catalog/categories" data-nav="/admin/catalog/categories"
          class="flex items-center gap-2 rounded-radius px-2 py-1.5 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-on-surface-strong focus:outline-hidden focus-visible:underline aria-[current=page]:bg-primary/10 aria-[current=page]:text-on-surface-strong dark:text-on-surface-dark dark:hover:bg-primary-dark/5 dark:hover:text-on-surface-dark-strong dark:aria-[current=page]:bg-primary-dark/10 dark:aria-[current=page]:text-on-surface-dark-strong">
          {{ t(key="admin-categories", lang=lang | default(value='sk')) }}
@@ -85,6 +94,10 @@
          class="flex items-center gap-2 rounded-radius px-2 py-1.5 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-on-surface-strong focus:outline-hidden focus-visible:underline aria-[current=page]:bg-primary/10 aria-[current=page]:text-on-surface-strong dark:text-on-surface-dark dark:hover:bg-primary-dark/5 dark:hover:text-on-surface-dark-strong dark:aria-[current=page]:bg-primary-dark/10 dark:aria-[current=page]:text-on-surface-dark-strong">
          {{ t(key="admin-orders", lang=lang | default(value='sk')) }}
        </a>
        <a href="/admin/customers" data-nav="/admin/customers"
          class="flex items-center gap-2 rounded-radius px-2 py-1.5 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-on-surface-strong focus:outline-hidden focus-visible:underline aria-[current=page]:bg-primary/10 aria-[current=page]:text-on-surface-strong dark:text-on-surface-dark dark:hover:bg-primary-dark/5 dark:hover:text-on-surface-dark-strong dark:aria-[current=page]:bg-primary-dark/10 dark:aria-[current=page]:text-on-surface-dark-strong">
          {{ t(key="admin-customers", lang=lang | default(value='sk')) }}
        </a>
        <a href="/admin/shipping" data-nav="/admin/shipping"
          class="flex items-center gap-2 rounded-radius px-2 py-1.5 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-on-surface-strong focus:outline-hidden focus-visible:underline aria-[current=page]:bg-primary/10 aria-[current=page]:text-on-surface-strong dark:text-on-surface-dark dark:hover:bg-primary-dark/5 dark:hover:text-on-surface-dark-strong dark:aria-[current=page]:bg-primary-dark/10 dark:aria-[current=page]:text-on-surface-dark-strong">
          {{ t(key="admin-shipping", lang=lang | default(value='sk')) }}
@@ -96,6 +109,7 @@
          {{ t(key="admin-exit", lang=lang | default(value='sk')) }}
        </a>
        <form method="post" action="/logout">
          {{ ui::csrf_field() }}
          <button type="submit" class="flex w-full items-center gap-2 rounded-radius px-2 py-1.5 text-left text-sm font-medium text-danger underline-offset-2 transition hover:bg-danger/5 focus:outline-hidden focus-visible:underline">
            {{ t(key="logout", lang=lang | default(value='sk')) }}
          </button>
@@ -117,8 +131,8 @@
          {% block crumb %}{{ t(key="admin-title", lang=lang | default(value='sk')) }}{% endblock crumb %}
        </span>
-        <!-- settings (language + theme) dropdown -->
+        <!-- settings (language + theme) dropdown (self-contained Alpine state) -->
-        <div x-data="{ open: false }" @keydown.escape="open = false" class="relative ml-auto">
+        <div class="ml-auto">
          {% include "partials/settings_dropdown.html" %}
        </div>
      </header>
--- a/assets/views/admin/catalog/categories.html
+++ b/assets/views/admin/catalog/categories.html
@@ -46,6 +46,7 @@
            {{ ui::button(variant="outline-secondary", label=t(key="edit", lang=lang | default(value='sk')), href="/admin/catalog/categories/" ~ row.category.id ~ "/edit", size="px-3 py-1.5 text-xs") }}
            <form method="post" action="/admin/catalog/categories/{{ row.category.id }}/delete"
              onsubmit="return confirm('{{ t(key="confirm-delete", lang=lang | default(value='sk')) }}')">
  {{ ui::csrf_field() }}
              {{ ui::button(variant="outline-danger", label=t(key="delete", lang=lang | default(value='sk')), type="submit", size="px-3 py-1.5 text-xs") }}
            </form>
          </div>
--- a/assets/views/admin/catalog/category_form.html
+++ b/assets/views/admin/catalog/category_form.html
@@ -15,11 +15,12 @@
 <form method="post" enctype="multipart/form-data"
  action="{% if category %}/admin/catalog/categories/{{ category.id }}{% else %}/admin/catalog/categories{% endif %}"
  class="mt-6 space-y-5 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
  {{ ui::csrf_field() }}
  {% if category %}
-    {% set v_name = category.name %}{% set v_slug = category.slug %}{% set v_pos = category.position %}{% set v_desc = category.description | default(value="") %}{% set v_pub = category.published %}
+    {% set v_name = category.name %}{% set v_pos = category.position %}{% set v_desc = category.description | default(value="") %}{% set v_pub = category.published %}
  {% else %}
-    {% set v_name = "" %}{% set v_slug = "" %}{% set v_pos = 0 %}{% set v_desc = "" %}{% set v_pub = false %}
+    {% set v_name = "" %}{% set v_pos = "" %}{% set v_desc = "" %}{% set v_pub = false %}
  {% endif %}
  <div class="space-y-1.5">
@@ -27,17 +28,6 @@
    {{ ui::input(name="name", id="name", required=true, value=v_name) }}
  </div>
  <div class="grid gap-5 sm:grid-cols-2">
    <div class="space-y-1.5">
      <label for="slug" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="slug", lang=lang | default(value='sk')) }}</label>
      {{ ui::input(name="slug", id="slug", value=v_slug, placeholder=t(key='slug-auto', lang=lang | default(value='sk'))) }}
    </div>
    <div class="space-y-1.5">
      <label for="position" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="position", lang=lang | default(value='sk')) }}</label>
      {{ ui::input(name="position", id="position", type="number", value=v_pos) }}
    </div>
  </div>
  <div class="space-y-1.5">
    <label for="parent_id" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="parent-category", lang=lang | default(value='sk')) }}</label>
    <div class="relative">
@@ -67,6 +57,15 @@
    {{ ui::file_input(name="image", id="image", accept="image/*") }}
  </div>
  <div class="space-y-1.5">
    <label for="position" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">
      {{ t(key="position", lang=lang | default(value='sk')) }}
      <span class="font-normal text-on-surface/60 dark:text-on-surface-dark/60">({{ t(key="field-optional", lang=lang | default(value='sk')) }})</span>
    </label>
    {{ ui::input(name="position", id="position", type="number", value=v_pos, placeholder=t(key='position-auto', lang=lang | default(value='sk'))) }}
    <p class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="position-hint", lang=lang | default(value='sk')) }}</p>
  </div>
  {{ ui::checkbox(name="published", id="published", label=t(key="published", lang=lang | default(value='sk')), checked=v_pub) }}
  <div class="flex gap-3 pt-2">
--- a/assets/views/admin/catalog/discount_form.html
+++ b/assets/views/admin/catalog/discount_form.html
@@ -0,0 +1,97 @@
 {% extends "admin/base.html" %}
 {% import "macros/ui.html" as ui %}
 {% block title %}{{ t(key="set-discount", lang=lang | default(value='sk')) }}{% endblock title %}
 {% block crumb %}{{ t(key="admin-discounts", lang=lang | default(value='sk')) }}{% endblock crumb %}
 {% block content %}
 <div class="flex items-center justify-between gap-3">
  <h1 class="text-2xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ product.name }}</h1>
  {{ ui::button(variant="outline-secondary", label=t(key="cancel", lang=lang | default(value='sk')), href="/admin/catalog/discounts", size="px-3 py-2 text-sm") }}
 </div>
 <form method="post" action="/admin/catalog/discounts/{{ product.id }}"
  x-data="{
    mode: '{{ mode }}',
    fixed: '{{ fixed }}',
    percent: '{{ percent }}',
    regular: {{ product.regular_cents }},
    num(v) { let n = parseFloat(String(v).replace(',', '.')); return isFinite(n) ? n : null; },
    get afterCents() {
      if (this.mode === 'percent') {
        let p = this.num(this.percent); if (p === null) return null;
        return this.regular - Math.round(this.regular * p / 100);
      }
      let f = this.num(this.fixed); if (f === null) return null;
      return Math.round(f * 100);
    },
    money(c) { return (c / 100).toFixed(2); },
    get valid() { let a = this.afterCents; return a !== null && a > 0 && a < this.regular; },
    get percentOff() { let a = this.afterCents; return (a === null || this.regular <= 0) ? null : Math.round((this.regular - a) / this.regular * 100); }
  }"
  class="mt-6 max-w-md space-y-5 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
  {{ ui::csrf_field() }}
  {% if error %}
  {{ ui::alert_danger(message=t(key=error, lang=lang | default(value='sk'))) }}
  {% endif %}
  <div class="flex items-center justify-between gap-3 rounded-radius bg-surface-alt px-4 py-3 dark:bg-surface-dark/40">
    <span class="text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="price", lang=lang | default(value='sk')) }}</span>
    <span class="font-semibold tabular-nums text-on-surface-strong dark:text-on-surface-dark-strong">{{ product.regular_price }} {{ product.currency }}</span>
  </div>
  <!-- mode toggle -->
  <div class="grid grid-cols-2 gap-2">
    <label class="flex cursor-pointer items-center justify-center gap-2 rounded-radius border px-3 py-2 text-sm transition"
      :class="mode === 'fixed' ? 'border-primary bg-primary/10 text-on-surface-strong dark:border-primary-dark dark:bg-primary-dark/10 dark:text-on-surface-dark-strong' : 'border-outline text-on-surface dark:border-outline-dark dark:text-on-surface-dark'">
      <input type="radio" name="mode" value="fixed" x-model="mode" class="sr-only">
      {{ t(key="discount-mode-fixed", lang=lang | default(value='sk')) }}
    </label>
    <label class="flex cursor-pointer items-center justify-center gap-2 rounded-radius border px-3 py-2 text-sm transition"
      :class="mode === 'percent' ? 'border-primary bg-primary/10 text-on-surface-strong dark:border-primary-dark dark:bg-primary-dark/10 dark:text-on-surface-dark-strong' : 'border-outline text-on-surface dark:border-outline-dark dark:text-on-surface-dark'">
      <input type="radio" name="mode" value="percent" x-model="mode" class="sr-only">
      {{ t(key="discount-mode-percent", lang=lang | default(value='sk')) }}
    </label>
  </div>
  <!-- fixed price input -->
  <div class="space-y-1.5" x-show="mode === 'fixed'">
    <label for="sale_price" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="sale-price", lang=lang | default(value='sk')) }}</label>
    {{ ui::input(name="sale_price", id="sale_price", value=fixed, placeholder="0.00", attrs='inputmode="decimal" x-model="fixed"') }}
  </div>
  <!-- percentage input -->
  <div class="space-y-1.5" x-show="mode === 'percent'">
    <label for="percent" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="discount-percent", lang=lang | default(value='sk')) }}</label>
    {{ ui::input(name="percent", id="percent", value=percent, placeholder="0", attrs='inputmode="decimal" min="0" max="100" x-model="percent"') }}
  </div>
  <!-- live preview -->
  <div x-show="afterCents !== null" x-cloak
    class="space-y-2 rounded-radius border border-outline bg-surface-alt px-4 py-3 dark:border-outline-dark dark:bg-surface-dark/40">
    <div class="flex items-center justify-between gap-3 text-sm">
      <span class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="discount-preview-before", lang=lang | default(value='sk')) }}</span>
      <span class="tabular-nums text-on-surface/60 line-through dark:text-on-surface-dark/60"><span x-text="money(regular)"></span> {{ product.currency }}</span>
    </div>
    <div class="flex items-center justify-between gap-3">
      <span class="text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="discount-preview-after", lang=lang | default(value='sk')) }}</span>
      <span class="text-lg font-semibold tabular-nums" :class="valid ? 'text-danger' : 'text-on-surface/40 dark:text-on-surface-dark/40'">
        <span x-text="money(afterCents)"></span> {{ product.currency }}
      </span>
    </div>
    <div x-show="valid" class="flex items-center justify-between gap-3 text-xs text-on-surface/60 dark:text-on-surface-dark/60">
      <span>{{ t(key="discount-preview-save", lang=lang | default(value='sk')) }}</span>
      <span class="tabular-nums"><span x-text="money(regular - afterCents)"></span> {{ product.currency }} (−<span x-text="percentOff"></span>%)</span>
    </div>
    <p x-show="!valid" class="text-xs text-danger">{{ t(key="discount-below-regular", lang=lang | default(value='sk')) }}</p>
  </div>
  <div class="flex flex-wrap gap-3 pt-2">
    {{ ui::button(label=t(key="save", lang=lang | default(value='sk')), type="submit") }}
    {% if product.on_sale %}
    {{ ui::button(variant="outline-danger", label=t(key="remove-discount", lang=lang | default(value='sk')), type="submit", attrs='formaction="/admin/catalog/discounts/' ~ product.id ~ '/remove"') }}
    {% endif %}
  </div>
 </form>
 {% endblock content %}
--- a/assets/views/admin/catalog/discount_profile_form.html
+++ b/assets/views/admin/catalog/discount_profile_form.html
@@ -0,0 +1,71 @@
 {% extends "admin/base.html" %}
 {% import "macros/ui.html" as ui %}
 {% block title %}{% if profile %}{{ t(key="edit-profile", lang=lang | default(value='sk')) }}{% else %}{{ t(key="new-profile", lang=lang | default(value='sk')) }}{% endif %}{% endblock title %}
 {% block crumb %}{{ t(key="admin-discount-profiles", lang=lang | default(value='sk')) }}{% endblock crumb %}
 {% block content %}
 <div class="flex items-center justify-between gap-3">
  <h1 class="text-2xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">
    {% if profile %}{{ t(key="edit-profile", lang=lang | default(value='sk')) }}{% else %}{{ t(key="new-profile", lang=lang | default(value='sk')) }}{% endif %}
  </h1>
  {{ ui::button(variant="outline-secondary", label=t(key="cancel", lang=lang | default(value='sk')), href="/admin/catalog/discount-profiles", size="px-3 py-2 text-sm") }}
 </div>
 {% if profile %}{% set v_name = profile.name %}{% set v_percent = profile.percent %}{% set v_scope = profile.scope_type %}
 {% else %}{% set v_name = "" %}{% set v_percent = "" %}{% set v_scope = "include" %}{% endif %}
 <form method="post"
  action="{% if profile %}/admin/catalog/discount-profiles/{{ profile.id }}{% else %}/admin/catalog/discount-profiles{% endif %}"
  class="mt-6 space-y-5 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
  {{ ui::csrf_field() }}
  {% if error %}{{ ui::alert_danger(message=t(key=error, lang=lang | default(value='sk'))) }}{% endif %}
  <div class="grid gap-5 sm:grid-cols-2">
    <div class="space-y-1.5">
      <label for="name" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="name", lang=lang | default(value='sk')) }}</label>
      {{ ui::input(name="name", id="name", required=true, value=v_name) }}
    </div>
    <div class="space-y-1.5">
      <label for="percent" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="discount-percent", lang=lang | default(value='sk')) }}</label>
      {{ ui::input(name="percent", id="percent", required=true, value=v_percent, placeholder="0", attrs='inputmode="decimal" min="0" max="100"') }}
    </div>
  </div>
  <fieldset class="space-y-2">
    <legend class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="scope", lang=lang | default(value='sk')) }}</legend>
    <label class="flex items-center gap-2 text-sm text-on-surface dark:text-on-surface-dark">
      <input type="radio" name="scope_type" value="include" {% if v_scope != "all_except" %}checked{% endif %}>
      {{ t(key="scope-include-hint", lang=lang | default(value='sk')) }}
    </label>
    <label class="flex items-center gap-2 text-sm text-on-surface dark:text-on-surface-dark">
      <input type="radio" name="scope_type" value="all_except" {% if v_scope == "all_except" %}checked{% endif %}>
      {{ t(key="scope-all-except-hint", lang=lang | default(value='sk')) }}
    </label>
  </fieldset>
  <div class="space-y-1.5">
    <span class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="products", lang=lang | default(value='sk')) }}</span>
    <div class="max-h-72 overflow-y-auto rounded-radius border border-outline p-3 dark:border-outline-dark">
      {% if products | length > 0 %}
      <div class="grid gap-2 sm:grid-cols-2">
        {% for product in products %}
        <label class="flex items-center gap-2 text-sm text-on-surface dark:text-on-surface-dark">
          <input type="checkbox" name="product_ids" value="{{ product.id }}" {% if product.selected %}checked{% endif %}>
          {{ product.name }}
        </label>
        {% endfor %}
      </div>
      {% else %}
      <p class="text-sm text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="admin-no-products", lang=lang | default(value='sk')) }}</p>
      {% endif %}
    </div>
  </div>
  <div class="flex gap-3 pt-2">
    {{ ui::button(label=t(key="save", lang=lang | default(value='sk')), type="submit") }}
    {{ ui::button(variant="outline-secondary", label=t(key="cancel", lang=lang | default(value='sk')), href="/admin/catalog/discount-profiles") }}
  </div>
 </form>
 {% endblock content %}
--- a/assets/views/admin/catalog/discount_profiles.html
+++ b/assets/views/admin/catalog/discount_profiles.html
@@ -0,0 +1,58 @@
 {% extends "admin/base.html" %}
 {% import "macros/ui.html" as ui %}
 {% block title %}{{ t(key="admin-discount-profiles", lang=lang | default(value='sk')) }}{% endblock title %}
 {% block crumb %}{{ t(key="admin-discount-profiles", lang=lang | default(value='sk')) }}{% endblock crumb %}
 {% block content %}
 <div class="flex flex-wrap items-end justify-between gap-3">
  <div>
    <h1 class="text-2xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="admin-discount-profiles", lang=lang | default(value='sk')) }}</h1>
    <p class="text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="admin-discount-profiles-desc", lang=lang | default(value='sk')) }}</p>
  </div>
  {{ ui::button(label=t(key="new-profile", lang=lang | default(value='sk')), href="/admin/catalog/discount-profiles/new") }}
 </div>
 <div class="mt-6 {{ ui::table_wrap_cls() }}">
  {% if profiles | length > 0 %}
  <table class="{{ ui::table_cls() }}">
    <thead class="{{ ui::thead_cls() }}">
      <tr>
        {{ ui::th(label=t(key="name", lang=lang | default(value='sk'))) }}
        {{ ui::th(label=t(key="discount-percent", lang=lang | default(value='sk'))) }}
        {{ ui::th(label=t(key="scope", lang=lang | default(value='sk'))) }}
        {{ ui::th(label=t(key="products", lang=lang | default(value='sk'))) }}
        {{ ui::th(label=t(key="actions", lang=lang | default(value='sk')), align="text-right") }}
      </tr>
    </thead>
    <tbody class="{{ ui::tbody_cls() }}">
      {% for profile in profiles %}
      <tr class="{{ ui::row_cls() }}">
        <td class="px-4 py-3 font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ profile.name }}</td>
        <td class="px-4 py-3 tabular-nums">−{{ profile.percent }}%</td>
        <td class="px-4 py-3">
          {% if profile.scope_type == "all_except" %}{{ t(key="scope-all-except", lang=lang | default(value='sk')) }}{% else %}{{ t(key="scope-include", lang=lang | default(value='sk')) }}{% endif %}
        </td>
        <td class="px-4 py-3 tabular-nums">{{ profile.product_count }}</td>
        <td class="px-4 py-3">
          <div class="flex flex-wrap justify-end gap-2">
            {{ ui::button(variant="outline-secondary", label=t(key="edit", lang=lang | default(value='sk')), href="/admin/catalog/discount-profiles/" ~ profile.id ~ "/edit", size="px-3 py-1.5 text-xs") }}
            <form method="post" action="/admin/catalog/discount-profiles/{{ profile.id }}/delete"
              onsubmit="return confirm('{{ t(key="confirm-delete", lang=lang | default(value='sk')) }}')">
              {{ ui::csrf_field() }}
              {{ ui::button(variant="outline-danger", label=t(key="delete", lang=lang | default(value='sk')), type="submit", size="px-3 py-1.5 text-xs") }}
            </form>
          </div>
        </td>
      </tr>
      {% endfor %}
    </tbody>
  </table>
  {% else %}
  <div class="flex flex-col items-center gap-3 px-4 py-16 text-center">
    <p class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="admin-no-profiles", lang=lang | default(value='sk')) }}</p>
    {{ ui::button(label=t(key="new-profile", lang=lang | default(value='sk')), href="/admin/catalog/discount-profiles/new") }}
  </div>
  {% endif %}
 </div>
 {% endblock content %}
--- a/assets/views/admin/catalog/discounts.html
+++ b/assets/views/admin/catalog/discounts.html
@@ -0,0 +1,70 @@
 {% extends "admin/base.html" %}
 {% import "macros/ui.html" as ui %}
 {% block title %}{{ t(key="admin-discounts", lang=lang | default(value='sk')) }}{% endblock title %}
 {% block crumb %}{{ t(key="admin-discounts", lang=lang | default(value='sk')) }}{% endblock crumb %}
 {% block content %}
 <div class="flex flex-wrap items-end justify-between gap-3">
  <div>
    <h1 class="text-2xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="admin-discounts", lang=lang | default(value='sk')) }}</h1>
    <p class="text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="admin-discounts-desc", lang=lang | default(value='sk')) }}</p>
  </div>
 </div>
 <div class="mt-6 {{ ui::table_wrap_cls() }}">
  {% if products | length > 0 %}
  <table class="{{ ui::table_cls() }}">
    <thead class="{{ ui::thead_cls() }}">
      <tr>
        {{ ui::th(label=t(key="product", lang=lang | default(value='sk'))) }}
        {{ ui::th(label=t(key="price", lang=lang | default(value='sk'))) }}
        {{ ui::th(label=t(key="sale-price", lang=lang | default(value='sk'))) }}
        {{ ui::th(label=t(key="status", lang=lang | default(value='sk'))) }}
        {{ ui::th(label=t(key="actions", lang=lang | default(value='sk')), align="text-right") }}
      </tr>
    </thead>
    <tbody class="{{ ui::tbody_cls() }}">
      {% for product in products %}
      <tr class="{{ ui::row_cls() }}">
        <td class="px-4 py-3">
          <div class="font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ product.name }}</div>
        </td>
        <td class="px-4 py-3 tabular-nums">{{ product.regular_price }} {{ product.currency }}</td>
        <td class="px-4 py-3 tabular-nums">
          {% if product.on_sale %}
          <span class="font-medium text-danger">{{ product.sale_price }} {{ product.currency }}</span>
          <span class="ml-1 text-xs text-on-surface/60 dark:text-on-surface-dark/60">(−{{ product.percent_off }}%)</span>
          {% else %}
          <span class="text-on-surface/40 dark:text-on-surface-dark/40">—</span>
          {% endif %}
        </td>
        <td class="px-4 py-3">
          {% if product.on_sale %}
          {{ ui::badge(label=t(key="on-sale", lang=lang | default(value='sk')), variant="danger") }}
          {% else %}
          {{ ui::badge(label=t(key="no-discount", lang=lang | default(value='sk')), variant="neutral") }}
          {% endif %}
        </td>
        <td class="px-4 py-3">
          <div class="flex flex-wrap justify-end gap-2">
            {{ ui::button(variant="outline-secondary", label=t(key="set-discount", lang=lang | default(value='sk')), href="/admin/catalog/discounts/" ~ product.id ~ "/edit", size="px-3 py-1.5 text-xs") }}
            {% if product.on_sale %}
            <form method="post" action="/admin/catalog/discounts/{{ product.id }}/remove">
              {{ ui::csrf_field() }}
              {{ ui::button(variant="outline-danger", label=t(key="remove-discount", lang=lang | default(value='sk')), type="submit", size="px-3 py-1.5 text-xs") }}
            </form>
            {% endif %}
          </div>
        </td>
      </tr>
      {% endfor %}
    </tbody>
  </table>
  {% else %}
  <div class="flex flex-col items-center gap-3 px-4 py-16 text-center">
    <p class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="admin-no-products", lang=lang | default(value='sk')) }}</p>
  </div>
  {% endif %}
 </div>
 {% endblock content %}
--- a/assets/views/admin/catalog/product_form.html
+++ b/assets/views/admin/catalog/product_form.html
@@ -15,11 +15,12 @@
 <form method="post" enctype="multipart/form-data"
  action="{% if product %}/admin/catalog/products/{{ product.id }}{% else %}/admin/catalog/products{% endif %}"
  class="mt-6 space-y-5 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
  {{ ui::csrf_field() }}
  {% if product %}
-    {% set v_name = product.name %}{% set v_price = product.price %}{% set v_currency = product.currency %}{% set v_stock = product.stock %}{% set v_sku = product.sku | default(value="") %}{% set v_slug = product.slug %}{% set v_desc = product.description | default(value="") %}{% set v_pub = product.published %}
+    {% set v_name = product.name %}{% set v_price = product.price %}{% set v_currency = product.currency %}{% set v_stock = product.stock %}{% set v_sku = product.sku | default(value="") %}{% set v_desc = product.description | default(value="") %}{% set v_pub = product.published %}
  {% else %}
-    {% set v_name = "" %}{% set v_price = "" %}{% set v_currency = "EUR" %}{% set v_stock = 0 %}{% set v_sku = "" %}{% set v_slug = "" %}{% set v_desc = "" %}{% set v_pub = false %}
+    {% set v_name = "" %}{% set v_price = "" %}{% set v_currency = "EUR" %}{% set v_stock = 0 %}{% set v_sku = "" %}{% set v_desc = "" %}{% set v_pub = false %}
  {% endif %}
  <div class="space-y-1.5">
@@ -63,11 +64,6 @@
    </div>
  </div>
  <div class="space-y-1.5">
    <label for="slug" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="slug", lang=lang | default(value='sk')) }}</label>
    {{ ui::input(name="slug", id="slug", value=v_slug, placeholder=t(key='slug-auto', lang=lang | default(value='sk'))) }}
  </div>
  <div class="space-y-1.5">
    <label for="description" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="description", lang=lang | default(value='sk')) }}</label>
    {{ ui::textarea(name="description", id="description", rows="5", value=v_desc) }}
--- a/assets/views/admin/catalog/products.html
+++ b/assets/views/admin/catalog/products.html
@@ -41,7 +41,14 @@
            </div>
          </div>
        </td>
-        <td class="px-4 py-3 tabular-nums">{{ product.price }} {{ product.currency }}</td>
+        <td class="px-4 py-3 tabular-nums">
          {% if product.on_sale %}
          <span class="font-medium text-danger">{{ product.price }} {{ product.currency }}</span>
          <span class="text-xs text-on-surface/50 line-through dark:text-on-surface-dark/50">{{ product.regular_price }}</span>
          {% else %}
          {{ product.price }} {{ product.currency }}
          {% endif %}
        </td>
        <td class="px-4 py-3 tabular-nums">{{ product.stock }}</td>
        <td class="px-4 py-3">
          {% if product.published %}
@@ -53,9 +60,11 @@
        <td class="px-4 py-3">
          <div class="flex flex-wrap justify-end gap-2">
            {{ ui::button(variant="outline-secondary", label=t(key="edit", lang=lang | default(value='sk')), href="/admin/catalog/products/" ~ product.id ~ "/edit", size="px-3 py-1.5 text-xs") }}
            {{ ui::button(variant="outline-secondary", label=t(key="discount", lang=lang | default(value='sk')), href="/admin/catalog/discounts/" ~ product.id ~ "/edit", size="px-3 py-1.5 text-xs") }}
            {{ ui::button(variant="outline-secondary", label=t(key="view", lang=lang | default(value='sk')), href="/shop/" ~ product.slug, size="px-3 py-1.5 text-xs") }}
            <form method="post" action="/admin/catalog/products/{{ product.id }}/delete"
              onsubmit="return confirm('{{ t(key="confirm-delete", lang=lang | default(value='sk')) }}')">
  {{ ui::csrf_field() }}
              {{ ui::button(variant="outline-danger", label=t(key="delete", lang=lang | default(value='sk')), type="submit", size="px-3 py-1.5 text-xs") }}
            </form>
          </div>
--- a/assets/views/admin/customers/index.html
+++ b/assets/views/admin/customers/index.html
@@ -0,0 +1,45 @@
 {% extends "admin/base.html" %}
 {% import "macros/ui.html" as ui %}
 {% block title %}{{ t(key="admin-customers", lang=lang | default(value='sk')) }}{% endblock title %}
 {% block crumb %}{{ t(key="admin-customers", lang=lang | default(value='sk')) }}{% endblock crumb %}
 {% block content %}
 <div class="flex flex-wrap items-end justify-between gap-3">
  <div>
    <h1 class="text-2xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="admin-customers", lang=lang | default(value='sk')) }}</h1>
    <p class="text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="admin-customers-desc", lang=lang | default(value='sk')) }}</p>
  </div>
 </div>
 <div class="mt-6 {{ ui::table_wrap_cls() }}">
  {% if customers | length > 0 %}
  <table class="{{ ui::table_cls() }}">
    <thead class="{{ ui::thead_cls() }}">
      <tr>
        {{ ui::th(label=t(key="name", lang=lang | default(value='sk'))) }}
        {{ ui::th(label=t(key="email", lang=lang | default(value='sk'))) }}
        {{ ui::th(label=t(key="negotiated-prices", lang=lang | default(value='sk'))) }}
        {{ ui::th(label=t(key="actions", lang=lang | default(value='sk')), align="text-right") }}
      </tr>
    </thead>
    <tbody class="{{ ui::tbody_cls() }}">
      {% for customer in customers %}
      <tr class="{{ ui::row_cls() }}">
        <td class="px-4 py-3 font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ customer.name }}</td>
        <td class="px-4 py-3 text-on-surface/70 dark:text-on-surface-dark/70">{{ customer.email }}</td>
        <td class="px-4 py-3 tabular-nums">{{ customer.negotiated_count }}</td>
        <td class="px-4 py-3 text-right">
          {{ ui::button(variant="outline-secondary", label=t(key="manage-prices", lang=lang | default(value='sk')), href="/admin/customers/" ~ customer.id, size="px-3 py-1.5 text-xs") }}
        </td>
      </tr>
      {% endfor %}
    </tbody>
  </table>
  {% else %}
  <div class="flex flex-col items-center gap-3 px-4 py-16 text-center">
    <p class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="admin-no-customers", lang=lang | default(value='sk')) }}</p>
  </div>
  {% endif %}
 </div>
 {% endblock content %}
--- a/assets/views/admin/customers/show.html
+++ b/assets/views/admin/customers/show.html
@@ -0,0 +1,114 @@
 {% extends "admin/base.html" %}
 {% import "macros/ui.html" as ui %}
 {% block title %}{{ customer.name }}{% endblock title %}
 {% block crumb %}{{ t(key="admin-customers", lang=lang | default(value='sk')) }}{% endblock crumb %}
 {% block content %}
 <div class="flex items-center justify-between gap-3">
  <div>
    <h1 class="text-2xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ customer.name }}</h1>
    <p class="text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ customer.email }}</p>
  </div>
  {{ ui::button(variant="outline-secondary", label=t(key="back", lang=lang | default(value='sk')), href="/admin/customers", size="px-3 py-2 text-sm") }}
 </div>
 {% if error %}
 <div class="mt-4">{{ ui::alert_danger(message=t(key=error, lang=lang | default(value='sk'))) }}</div>
 {% endif %}
 <!-- assigned discount profiles -->
 <section class="mt-6 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
  <h2 class="text-lg font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="discount-profiles", lang=lang | default(value='sk')) }}</h2>
  {% if profiles | length > 0 %}
  <form method="post" action="/admin/customers/{{ customer.id }}/profiles" class="mt-3 space-y-3">
    {{ ui::csrf_field() }}
    <div class="grid gap-2 sm:grid-cols-2">
      {% for profile in profiles %}
      <label class="flex items-center gap-2 text-sm text-on-surface dark:text-on-surface-dark">
        <input type="checkbox" name="profile_ids" value="{{ profile.id }}" {% if profile.assigned %}checked{% endif %}>
        <span>{{ profile.name }} <span class="text-on-surface/60 dark:text-on-surface-dark/60">(−{{ profile.percent }}%, {% if profile.scope_type == "all_except" %}{{ t(key="scope-all-except", lang=lang | default(value='sk')) }}{% else %}{{ t(key="scope-include", lang=lang | default(value='sk')) }}{% endif %})</span></span>
      </label>
      {% endfor %}
    </div>
    {{ ui::button(label=t(key="save", lang=lang | default(value='sk')), type="submit", size="px-4 py-2 text-sm") }}
  </form>
  {% else %}
  <p class="mt-2 text-sm text-on-surface/70 dark:text-on-surface-dark/70">
    {{ t(key="admin-no-profiles", lang=lang | default(value='sk')) }}
    <a href="/admin/catalog/discount-profiles/new" class="text-primary dark:text-primary-dark">{{ t(key="new-profile", lang=lang | default(value='sk')) }}</a>
  </p>
  {% endif %}
 </section>
 <p class="mt-6 text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="negotiated-prices-hint", lang=lang | default(value='sk')) }}</p>
 <div class="mt-3 {{ ui::table_wrap_cls() }}">
  {% if products | length > 0 %}
  <table class="{{ ui::table_cls() }}">
    <thead class="{{ ui::thead_cls() }}">
      <tr>
        {{ ui::th(label=t(key="product", lang=lang | default(value='sk'))) }}
        {{ ui::th(label=t(key="public-price", lang=lang | default(value='sk'))) }}
        {{ ui::th(label=t(key="automated-price", lang=lang | default(value='sk'))) }}
        {{ ui::th(label=t(key="negotiated-price", lang=lang | default(value='sk'))) }}
        {{ ui::th(label=t(key="effective-price", lang=lang | default(value='sk')), align="text-right") }}
      </tr>
    </thead>
    <tbody class="{{ ui::tbody_cls() }}">
      {% for product in products %}
      <tr class="{{ ui::row_cls() }}">
        <td class="px-4 py-3 font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ product.name }}</td>
        <td class="px-4 py-3 tabular-nums">
          {% if product.on_public_sale %}
          <span class="font-medium text-danger">{{ product.public_price }} {{ product.currency }}</span>
          <span class="ml-1 text-xs text-on-surface/50 line-through dark:text-on-surface-dark/50">{{ product.regular_price }}</span>
          {% else %}
          {{ product.public_price }} {{ product.currency }}
          {% endif %}
        </td>
        <td class="px-4 py-3 tabular-nums">
          {% if product.auto_price %}
          <div>{{ product.auto_price }} {{ product.currency }}</div>
          {% if product.collision %}
          <div class="mt-1">{{ ui::badge(label=t(key="collision", lang=lang | default(value='sk')), variant="warning") }}</div>
          <form method="post" action="/admin/customers/{{ customer.id }}/resolutions/{{ product.product_id }}" class="mt-1 flex items-center gap-1">
            {{ ui::csrf_field() }}
            <select name="profile_id" class="rounded-radius border border-outline bg-surface-alt px-2 py-1 text-xs dark:border-outline-dark dark:bg-surface-dark-alt/50 dark:text-on-surface-dark">
              {% for c in product.covering %}
              <option value="{{ c.id }}" {% if c.id == product.auto_profile_id %}selected{% endif %}>{{ c.name }}</option>
              {% endfor %}
            </select>
            {{ ui::button(label=t(key="resolve", lang=lang | default(value='sk')), type="submit", size="px-2 py-1 text-xs") }}
          </form>
          {% elif product.auto_profile_name %}
          <div class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ product.auto_profile_name }}</div>
          {% endif %}
          {% else %}
          <span class="text-on-surface/40 dark:text-on-surface-dark/40">—</span>
          {% endif %}
        </td>
        <td class="px-4 py-3">
          <form method="post" action="/admin/customers/{{ customer.id }}/prices/{{ product.product_id }}" class="flex items-center gap-2">
            {{ ui::csrf_field() }}
            {{ ui::input(name="price", value=product.manual_price | default(value=""), placeholder="0.00", width="w-28", attrs='inputmode="decimal"') }}
            {{ ui::button(label=t(key="save", lang=lang | default(value='sk')), type="submit", size="px-3 py-1.5 text-xs") }}
            {% if product.manual_price %}
            {{ ui::button(variant="outline-danger", label=t(key="remove", lang=lang | default(value='sk')), type="submit", size="px-3 py-1.5 text-xs", attrs='formaction="/admin/customers/' ~ customer.id ~ '/prices/' ~ product.product_id ~ '/remove"') }}
            {% endif %}
          </form>
        </td>
        <td class="px-4 py-3 text-right tabular-nums">
          <span class="font-medium {% if product.is_business %}text-primary dark:text-primary-dark{% else %}text-on-surface-strong dark:text-on-surface-dark-strong{% endif %}">{{ product.effective_price }} {{ product.currency }}</span>
        </td>
      </tr>
      {% endfor %}
    </tbody>
  </table>
  {% else %}
  <div class="flex flex-col items-center gap-3 px-4 py-16 text-center">
    <p class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="admin-no-products", lang=lang | default(value='sk')) }}</p>
  </div>
  {% endif %}
 </div>
 {% endblock content %}
--- a/assets/views/admin/orders/show.html
+++ b/assets/views/admin/orders/show.html
@@ -6,7 +6,15 @@
 {% block content %}
 <div class="flex flex-wrap items-center justify-between gap-3">
-  <h1 class="font-mono text-2xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ order.order_number }}</h1>
+  <div class="flex flex-wrap items-center gap-3">
    <h1 class="font-mono text-2xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ order.order_number }}</h1>
    {% if order.status == "delivered" %}{{ ui::badge(label=t(key="order-status-" ~ order.status, lang=lang | default(value='sk')), variant="success") }}
    {% elif order.status == "shipped" %}{{ ui::badge(label=t(key="order-status-" ~ order.status, lang=lang | default(value='sk')), variant="primary") }}
    {% elif order.status == "paid" %}{{ ui::badge(label=t(key="order-status-" ~ order.status, lang=lang | default(value='sk')), variant="info") }}
    {% elif order.status == "cancelled" %}{{ ui::badge(label=t(key="order-status-" ~ order.status, lang=lang | default(value='sk')), variant="danger") }}
    {% else %}{{ ui::badge(label=t(key="order-status-" ~ order.status, lang=lang | default(value='sk')), variant="warning") }}
    {% endif %}
  </div>
  {{ ui::button(variant="outline-secondary", label=t(key="admin-orders", lang=lang | default(value='sk')), href="/admin/orders", size="px-3 py-2 text-sm") }}
 </div>
@@ -102,6 +110,7 @@
      <p class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="order-send-hint", lang=lang | default(value='sk')) }}</p>
      <form method="post" action="/admin/orders/{{ order.id }}/ship"
        onsubmit="return confirm('{{ t(key="order-send-confirm", lang=lang | default(value='sk')) }}')">
  {{ ui::csrf_field() }}
        {% set carrier_up = carrier | upper %}
        {% set ship_label = t(key="order-send-to-carrier", lang=lang | default(value='sk')) ~ " " ~ carrier_up %}
        {{ ui::button(label=ship_label, type="submit", extra="w-full") }}
@@ -110,6 +119,7 @@
    </div>
    <form method="post" action="/admin/orders/{{ order.id }}/status" class="space-y-3 rounded-radius border border-outline bg-surface p-5 dark:border-outline-dark dark:bg-surface-dark-alt">
  {{ ui::csrf_field() }}
      <label for="status" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="order-status", lang=lang | default(value='sk')) }}</label>
      <div class="relative">
        <select id="status" name="status"
--- a/assets/views/admin/shipping/index.html
+++ b/assets/views/admin/shipping/index.html
@@ -14,6 +14,7 @@
  {% for method in methods %}
  <form method="post" action="/admin/shipping/{{ method.id }}"
    class="flex flex-wrap items-end gap-4 rounded-radius border border-outline bg-surface p-5 dark:border-outline-dark dark:bg-surface-dark-alt">
  {{ ui::csrf_field() }}
    <div class="min-w-40">
      <p class="font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ method.name }}</p>
      <p class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ method.carrier | upper }}{% if method.requires_pickup_point %} · {{ t(key="checkout-pickup-point", lang=lang | default(value='sk')) }}{% endif %}</p>
--- a/assets/views/auth/login.html
+++ b/assets/views/auth/login.html
@@ -30,6 +30,7 @@
      {% endif %}
      <form method="post" action="/login" hx-boost="false" class="mt-4 flex flex-col gap-4">
        {{ ui::csrf_field() }}
        <div class="flex flex-col gap-1">
          <label for="email"
            class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">
--- a/assets/views/auth/login_totp.html
+++ b/assets/views/auth/login_totp.html
@@ -0,0 +1,48 @@
 {% extends "base.html" %}
 {% import "macros/ui.html" as ui %}
 {% block title %}{{ t(key="login-totp-title", lang=lang | default(value='sk')) }}{% endblock title %}
 {% block content %}
 <div class="mx-auto mt-8 max-w-sm">
  <div
    class="rounded-radius border border-outline bg-surface-alt shadow-sm dark:border-outline-dark dark:bg-surface-dark-alt">
    <div
      class="flex items-center justify-between border-b border-outline px-5 py-3 dark:border-outline-dark">
      <span class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">
        {{ t(key="brand", lang=lang | default(value='sk')) }}
      </span>
      {{ ui::badge(label=t(key="auth", lang=lang | default(value='sk')), variant="primary") }}
    </div>
    <div class="p-5">
      <h1 class="text-xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">
        {{ t(key="login-totp-title", lang=lang | default(value='sk')) }}
      </h1>
      <p class="mt-2 text-sm text-on-surface dark:text-on-surface-dark">
        {{ t(key="login-totp-intro", lang=lang | default(value='sk')) }}
      </p>
      {% if error %}
      {{ ui::alert_danger(message=t(key="login-totp-error", lang=lang | default(value='sk')), extra="mt-3") }}
      {% endif %}
      <form method="post" action="/login/totp" hx-boost="false" class="mt-4 flex flex-col gap-4">
  {{ ui::csrf_field() }}
        <div class="flex flex-col gap-1">
          <label for="code"
            class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">
            {{ t(key="login-totp-code", lang=lang | default(value='sk')) }}
          </label>
          {{ ui::input(name="code", id="code", type="text", required=true, autocomplete="one-time-code", attrs='inputmode="numeric" autofocus') }}
        </div>
        {{ ui::button(label=t(key="login-totp-submit", lang=lang | default(value='sk')), type="submit", extra="mt-1 w-full") }}
      </form>
      <p class="mt-4 text-xs text-on-surface dark:text-on-surface-dark">
        {{ t(key="login-totp-backup-hint", lang=lang | default(value='sk')) }}
      </p>
    </div>
  </div>
 </div>
 {% endblock content %}
--- a/assets/views/auth/register.html
+++ b/assets/views/auth/register.html
@@ -22,11 +22,17 @@
      {% if error == "exists" %}
      {{ ui::alert_danger(message=t(key="register-error-exists", lang=lang | default(value='sk')), extra="mt-3") }}
      {% elif error == "mismatch" %}
      {{ ui::alert_danger(message=t(key="set-password-mismatch", lang=lang | default(value='sk')), extra="mt-3") }}
      {% elif error == "weak" %}
      {{ ui::alert_danger(message=t(key="set-password-weak", lang=lang | default(value='sk')), extra="mt-3") }}
      {% elif error %}
      {{ ui::alert_danger(message=t(key="register-error-invalid", lang=lang | default(value='sk')), extra="mt-3") }}
      {% endif %}
-      <form method="post" action="/register" hx-boost="false" class="mt-4 flex flex-col gap-4">
+      <form method="post" action="/register" hx-boost="false" class="mt-4 flex flex-col gap-4"
        x-data="{ password: '', confirm: '' }">
  {{ ui::csrf_field() }}
        <div class="flex flex-col gap-1.5">
          <span class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-type", lang=lang | default(value='sk')) }}</span>
          <div class="grid grid-cols-2 gap-2">
@@ -42,20 +48,12 @@
          <span class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="account-type-locked", lang=lang | default(value='sk')) }}</span>
        </div>
        <div class="flex flex-col gap-1">
          <label for="name"
            class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">
            {{ t(key="register-name", lang=lang | default(value='sk')) }}
          </label>
          {{ ui::input(name="name", id="name", required=true, autocomplete="name", attrs="autofocus") }}
        </div>
        <div class="flex flex-col gap-1">
          <label for="email"
            class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">
            {{ t(key="login-email", lang=lang | default(value='sk')) }}
          </label>
-          {{ ui::input(name="email", id="email", type="email", required=true, autocomplete="email") }}
+          {{ ui::input(name="email", id="email", type="email", required=true, autocomplete="email", attrs="autofocus") }}
        </div>
        <div class="flex flex-col gap-1">
@@ -63,10 +61,22 @@
            class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">
            {{ t(key="login-password", lang=lang | default(value='sk')) }}
          </label>
-          {{ ui::input(name="password", id="password", type="password", required=true, autocomplete="new-password") }}
+          {{ ui::input(name="password", id="password", type="password", required=true, autocomplete="new-password", attrs='x-model="password"') }}
        </div>
-        {{ ui::button(label=t(key="register-submit", lang=lang | default(value='sk')), type="submit", extra="mt-1 w-full") }}
+        <div class="flex flex-col gap-1">
          <label for="password_confirm"
            class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">
            {{ t(key="set-password-confirm", lang=lang | default(value='sk')) }}
          </label>
          {{ ui::input(name="password_confirm", id="password_confirm", type="password", required=true, autocomplete="new-password", attrs='x-model="confirm"') }}
          <span x-cloak x-show="confirm.length > 0 && password !== confirm"
            class="text-xs text-danger dark:text-danger">
            {{ t(key="set-password-mismatch", lang=lang | default(value='sk')) }}
          </span>
        </div>
        {{ ui::button(label=t(key="register-submit", lang=lang | default(value='sk')), type="submit", extra="mt-1 w-full", attrs=':disabled="password !== confirm"') }}
      </form>
      <div class="mt-5 flex items-center gap-3 text-xs text-on-surface/50 dark:text-on-surface-dark/50">
--- a/assets/views/auth/resend_verification.html
+++ b/assets/views/auth/resend_verification.html
@@ -24,6 +24,7 @@
      {% else %}
      <p class="mt-1 text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="resend-verification-intro", lang=lang | default(value='sk')) }}</p>
      <form method="post" action="/resend-verification" hx-boost="false" class="mt-4 flex flex-col gap-4">
  {{ ui::csrf_field() }}
        <div class="flex flex-col gap-1">
          <label for="email" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="login-email", lang=lang | default(value='sk')) }}</label>
          {{ ui::input(name="email", id="email", type="email", required=true, autocomplete="email", attrs="autofocus") }}
--- a/assets/views/auth/set_password.html
+++ b/assets/views/auth/set_password.html
@@ -29,6 +29,7 @@
      {% endif %}
      <form method="post" action="/set-password" hx-boost="false" class="mt-4 flex flex-col gap-4">
  {{ ui::csrf_field() }}
        <input type="hidden" name="token" value="{{ token }}">
        <div class="flex flex-col gap-1">
          <label for="password" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="set-password-new", lang=lang | default(value='sk')) }}</label>
--- a/assets/views/base.html
+++ b/assets/views/base.html
@@ -48,6 +48,12 @@
        if (!v) return 0;
        return v.split(',').reduce(function (s, e) { return s + (parseInt(e.split(':')[1]) || 0) }, 0);
      }
      // True while any other navbar menu (profile / settings / mobile / category
      // toggle) is open — those triggers expose aria-expanded="true". Used to
      // suppress the cart hover preview so menus don't stack/overlap.
      function anyMenuOpen() {
        return !!document.querySelector('header [aria-expanded="true"]');
      }
      // Show a floating toast notification. Usage: toast('Saved').
      // Bridges to the vendored Penguin UI toast component, which listens for a
      // `notify` event with { variant, title, message }.
@@ -57,9 +63,13 @@
    </script>
    <link href="/static/css/app.css?v=2026-06-16" rel="stylesheet" type="text/css">
    <script src="/static/vendor/htmx/htmx-1.9.12.min.js"></script>
    <!-- Alpine Focus plugin (x-trap / $focus) — must load before Alpine core;
         required by the Penguin UI keyboard-accessible dropdowns. -->
    <script defer src="/static/vendor/alpine/alpine-focus-3.14.9.min.js"></script>
    <script defer src="/static/vendor/alpine/alpinejs-3.14.9.min.js"></script>
  </head>
  <body hx-boost="true"
    hx-headers='{"X-CSRF-Token": "{{ csrf_token() }}"}'
    x-data="{ cats: false, lg: window.matchMedia('(min-width: 1024px)').matches }"
    x-init="window.matchMedia('(min-width: 1024px)').addEventListener('change', e => lg = e.matches)"
    class="min-h-screen bg-surface text-on-surface antialiased dark:bg-surface-dark dark:text-on-surface-dark">
@@ -82,16 +92,12 @@
          <li>{{ ui::nav_link(label=t(key="admin-title", lang=lang | default(value='sk')), href="/admin/dashboard", data_nav="/admin", variant="warning", attrs='hx-boost="false"') }}</li>
          <li>
            <form method="post" action="/logout" hx-boost="false">
  {{ ui::csrf_field() }}
              <button type="submit" class="text-sm font-medium text-danger underline-offset-2 transition hover:opacity-75 focus:outline-hidden focus-visible:underline">{{ t(key="logout", lang=lang | default(value='sk')) }}</button>
            </form>
          </li>
          {% elif logged_in_customer %}
-          <li>{{ ui::nav_link(label=t(key="nav-profile", lang=lang | default(value='sk')), href="/account/profile", data_nav="/account") }}</li>
+          {# customer account links live in the profile dropdown next to the cart #}
          <li>
            <form method="post" action="/logout" hx-boost="false">
              <button type="submit" class="text-sm font-medium text-danger underline-offset-2 transition hover:opacity-75 focus:outline-hidden focus-visible:underline">{{ t(key="logout", lang=lang | default(value='sk')) }}</button>
            </form>
          </li>
          {% else %}
          <li>{{ ui::nav_link(label=t(key="nav-login", lang=lang | default(value='sk')), href="/login", data_nav="/login") }}</li>
          <li>{{ ui::nav_link(label=t(key="nav-register", lang=lang | default(value='sk')), href="/register", data_nav="/register") }}</li>
@@ -99,23 +105,47 @@
        </ul>
        <!-- right side: cart + settings + mobile toggle -->
-        <div class="ml-auto flex items-center gap-1">
+        <div class="ml-auto flex items-center gap-3">
-          <!-- cart with live item-count badge read from the `cart` cookie -->
+          <!-- customer profile dropdown (avatar + name + account type) -->
-          <a href="/cart" data-nav="/cart"
+          {% if logged_in_customer %}
-            x-data="{ count: 0 }"
+          {% include "partials/profile_menu.html" %}
-            x-init="count = cartCount(); ['htmx:afterSwap', 'htmx:afterRequest'].forEach(function (e) { window.addEventListener(e, function () { count = cartCount() }) })"
+          {% endif %}
-            aria-label="{{ t(key='cart-title', lang=lang | default(value='sk')) }}"
+          <!-- cart: hover opens an Alza-style mini-cart preview (Penguin
-            title="{{ t(key='cart-title', lang=lang | default(value='sk')) }}"
+               dropdown-with-hover), lazy-loaded from /partials/cart on each hover
-            class="relative inline-flex size-9 shrink-0 items-center justify-center rounded-radius bg-transparent text-secondary transition hover:opacity-75 focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-secondary active:opacity-100 active:outline-offset-0 dark:text-secondary-dark dark:focus-visible:outline-secondary-dark">
+               so it's always fresh. Click still does a full navigation to /cart
-            {{ ui::icon(name="cart") }}
+               (hx-boost=false; the explicit hx-trigger is mouseenter, so click is
-            <span x-show="count > 0" x-cloak x-text="count"
+               not an htmx trigger). The badge reads the `cart` cookie client-side. -->
-              class="absolute -right-1 -top-1 inline-flex min-w-4 items-center justify-center rounded-full bg-primary px-1 text-[10px] font-semibold leading-4 text-on-primary dark:bg-primary-dark dark:text-on-primary-dark"></span>
+          <div x-data="{ isOpen: false, leaveTimeout: null }"
-          </a>
+            x-on:mouseleave="leaveTimeout = setTimeout(() => isOpen = false, 250)"
-          <!-- settings (language + theme) dropdown -->
+            x-on:mouseenter="leaveTimeout && clearTimeout(leaveTimeout)"
-          <div x-data="{ open: false }" @keydown.escape="open = false" class="relative">
+            x-on:keydown.esc.window="isOpen = false"
-            {% include "partials/settings_dropdown.html" %}
+            class="relative">
            <a href="/cart" data-nav="/cart" hx-boost="false"
              x-on:mouseenter="if (!anyMenuOpen()) isOpen = true"
              x-data="{ count: 0 }"
              x-init="count = cartCount(); ['htmx:afterSwap', 'htmx:afterRequest'].forEach(function (e) { window.addEventListener(e, function () { count = cartCount() }) })"
              hx-get="/partials/cart" hx-trigger="mouseenter delay:150ms" hx-target="#cart-preview-body" hx-swap="innerHTML"
              aria-label="{{ t(key='cart-title', lang=lang | default(value='sk')) }}"
              title="{{ t(key='cart-title', lang=lang | default(value='sk')) }}"
              class="relative inline-flex size-9 shrink-0 items-center justify-center rounded-radius bg-transparent text-secondary transition hover:opacity-75 focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-secondary active:opacity-100 active:outline-offset-0 dark:text-secondary-dark dark:focus-visible:outline-secondary-dark">
              {{ ui::icon(name="cart") }}
              <span x-show="count > 0" x-cloak x-text="count"
                class="absolute -right-1 -top-1 inline-flex min-w-4 items-center justify-center rounded-full bg-primary px-1 text-[10px] font-semibold leading-4 text-on-primary dark:bg-primary-dark dark:text-on-primary-dark"></span>
            </a>
            <!-- hover preview panel (no id on the panel → not htmx-settled on boosted nav) -->
            <div x-cloak x-show="isOpen" x-transition
              x-on:mouseenter="isOpen = true"
              class="absolute right-0 mt-2 w-80 overflow-hidden rounded-radius border border-outline bg-surface-alt shadow-lg dark:border-outline-dark dark:bg-surface-dark-alt"
              role="dialog" aria-label="{{ t(key='cart-title', lang=lang | default(value='sk')) }}">
              <div id="cart-preview-body">
                <div class="px-4 py-10 text-center text-sm text-on-surface dark:text-on-surface-dark">…</div>
              </div>
            </div>
          </div>
          <!-- settings (language + theme) dropdown (self-contained Alpine state) -->
          {% include "partials/settings_dropdown.html" %}
          <!-- mobile hamburger — Penguin animated icon swap (bars ↔ X), kept in
               our ghost-square icon-button shell for consistency with cart/gear -->
          <button type="button" @click="mobile = !mobile" :aria-expanded="mobile" aria-label="{{ t(key='menu', lang=lang | default(value='sk')) }}"
@@ -135,6 +165,7 @@
          <li><a href="/admin/dashboard" hx-boost="false" data-nav="/admin" class="block rounded-radius px-3 py-2 text-sm font-medium text-warning underline-offset-2 transition hover:bg-primary/5 focus:outline-hidden focus-visible:underline">{{ t(key="admin-title", lang=lang | default(value='sk')) }}</a></li>
          <li>
            <form method="post" action="/logout" hx-boost="false">
  {{ ui::csrf_field() }}
              <button type="submit" class="block w-full rounded-radius px-3 py-2 text-left text-sm font-medium text-danger underline-offset-2 transition hover:bg-primary/5 focus:outline-hidden focus-visible:underline">{{ t(key="logout", lang=lang | default(value='sk')) }}</button>
            </form>
          </li>
@@ -142,6 +173,7 @@
          <li><a href="/account/profile" data-nav="/account" class="block rounded-radius px-3 py-2 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-primary focus:outline-hidden focus-visible:underline aria-[current=page]:font-semibold aria-[current=page]:bg-primary/10 aria-[current=page]:text-primary dark:text-on-surface-dark dark:hover:text-primary-dark dark:aria-[current=page]:text-primary-dark">{{ t(key="nav-profile", lang=lang | default(value='sk')) }}</a></li>
          <li>
            <form method="post" action="/logout" hx-boost="false">
  {{ ui::csrf_field() }}
              <button type="submit" class="block w-full rounded-radius px-3 py-2 text-left text-sm font-medium text-danger underline-offset-2 transition hover:bg-primary/5 focus:outline-hidden focus-visible:underline">{{ t(key="logout", lang=lang | default(value='sk')) }}</button>
            </form>
          </li>
@@ -158,6 +190,24 @@
      class="fixed inset-0 z-30 bg-black/50 lg:hidden"></div>
    <div class="mx-auto flex w-full max-w-7xl gap-8 px-4 py-8">
      {% if account_nav %}
      <!-- account-area sidebar: replaces the storefront categories while the
           customer is inside /account/*. -->
      <aside x-cloak x-show="cats || lg" aria-label="{{ t(key='nav-account', lang=lang | default(value='sk')) }}"
        class="fixed inset-y-0 left-0 z-40 w-64 overflow-y-auto border-r border-outline bg-surface-alt p-4 lg:static lg:z-auto lg:w-64 lg:shrink-0 lg:self-start lg:overflow-visible lg:rounded-radius lg:border lg:p-3 dark:border-outline-dark dark:bg-surface-dark-alt">
        <h2 class="px-3 pb-2 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="nav-account", lang=lang | default(value='sk')) }}</h2>
        <ul class="space-y-1">
          <li><a href="/account/orders" data-nav="/account/orders" class="block rounded-radius px-3 py-2 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-primary focus:outline-hidden focus-visible:underline aria-[current=page]:font-semibold aria-[current=page]:bg-primary/10 aria-[current=page]:text-primary dark:text-on-surface-dark dark:hover:text-primary-dark dark:aria-[current=page]:text-primary-dark">{{ t(key="account-orders", lang=lang | default(value='sk')) }}</a></li>
          <li><a href="/account/profile" data-nav="/account/profile" class="block rounded-radius px-3 py-2 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-primary focus:outline-hidden focus-visible:underline aria-[current=page]:font-semibold aria-[current=page]:bg-primary/10 aria-[current=page]:text-primary dark:text-on-surface-dark dark:hover:text-primary-dark dark:aria-[current=page]:text-primary-dark">{{ t(key="profile-title", lang=lang | default(value='sk')) }}</a></li>
          <li><a href="/account/password" data-nav="/account/password" class="block rounded-radius px-3 py-2 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-primary focus:outline-hidden focus-visible:underline aria-[current=page]:font-semibold aria-[current=page]:bg-primary/10 aria-[current=page]:text-primary dark:text-on-surface-dark dark:hover:text-primary-dark dark:aria-[current=page]:text-primary-dark">{{ t(key="account-change-password", lang=lang | default(value='sk')) }}</a></li>
          <li><a href="/account/security" data-nav="/account/security" class="block rounded-radius px-3 py-2 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-primary focus:outline-hidden focus-visible:underline aria-[current=page]:font-semibold aria-[current=page]:bg-primary/10 aria-[current=page]:text-primary dark:text-on-surface-dark dark:hover:text-primary-dark dark:aria-[current=page]:text-primary-dark">{{ t(key="security-title", lang=lang | default(value='sk')) }}</a></li>
        </ul>
        <form method="post" action="/logout" hx-boost="false" class="mt-4 border-t border-outline pt-3 dark:border-outline-dark">
  {{ ui::csrf_field() }}
          <button type="submit" class="block w-full rounded-radius px-3 py-2 text-left text-sm font-medium text-danger underline-offset-2 transition hover:bg-primary/5 focus:outline-hidden focus-visible:underline">{{ t(key="logout", lang=lang | default(value='sk')) }}</button>
        </form>
      </aside>
      {% else %}
      <!-- persistent category sidebar (off-canvas drawer on mobile).
           hx-preserve keeps this node across boosted page swaps, so it is
           fetched once (hx-trigger=load) and never reloaded on navigation. -->
@@ -166,6 +216,7 @@
        hx-get="/partials/categories" hx-trigger="load"
        class="fixed inset-y-0 left-0 z-40 w-64 overflow-y-auto border-r border-outline bg-surface-alt p-4 lg:static lg:z-auto lg:w-64 lg:shrink-0 lg:self-start lg:overflow-visible lg:rounded-radius lg:border lg:p-3 dark:border-outline-dark dark:bg-surface-dark-alt">
      </aside>
      {% endif %}
      <main class="min-w-0 flex-1">
        {% block content %}{% endblock content %}
--- a/assets/views/macros/ui.html
+++ b/assets/views/macros/ui.html
@@ -29,6 +29,13 @@
       outline : outline-primary | outline-secondary | outline-alternate | outline-danger
       ghost   : ghost-primary | ghost-secondary | ghost-danger #}
 {# CSRF hidden field for native (non-htmx) <form method="post"> submits. htmx
   requests instead inherit the X-CSRF-Token header from <body hx-headers>.
   `csrf_token()` is a global Tera function bound per-request by shared::csrf. #}
 {% macro csrf_field() -%}
 <input type="hidden" name="_csrf" value="{{ csrf_token() }}">
 {%- endmacro %}
 {% macro button(label, variant="primary", type="button", href="", attrs="", extra="", icon="", size="px-4 py-2 text-sm") -%}
 {%- if variant == "secondary" -%}{% set cls = "border border-secondary bg-secondary text-on-secondary focus-visible:outline-secondary dark:border-secondary-dark dark:bg-secondary-dark dark:text-on-secondary-dark dark:focus-visible:outline-secondary-dark" -%}
 {%- elif variant == "danger" -%}{% set cls = "border border-danger bg-danger text-on-danger focus-visible:outline-danger dark:bg-danger dark:border-danger dark:text-on-danger dark:focus-visible:outline-danger" -%}
@@ -120,7 +127,7 @@
 {# Text/email/number/password input. #}
 {% macro input(name, type="text", id="", value="", placeholder="", required=false, autocomplete="", attrs="", extra="", width="w-full") -%}
-<input {% if id %}id="{{ id }}" {% endif %}name="{{ name }}" type="{{ type }}"{% if value != "" %} value="{{ value }}"{% endif %}{% if placeholder %} placeholder="{{ placeholder }}"{% endif %}{% if required %} required{% endif %}{% if autocomplete %} autocomplete="{{ autocomplete }}"{% endif %} class="{{ width }} rounded-radius border border-outline bg-surface-alt px-2 py-2 text-sm text-on-surface focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-primary disabled:cursor-not-allowed disabled:opacity-75 dark:border-outline-dark dark:bg-surface-dark-alt/50 dark:text-on-surface-dark dark:focus-visible:outline-primary-dark {{ extra }}" {{ attrs | safe }}/>
+<input {% if id %}id="{{ id }}" {% endif %}name="{{ name }}" type="{{ type }}"{% if value is number or value != "" %} value="{{ value }}"{% endif %}{% if placeholder %} placeholder="{{ placeholder }}"{% endif %}{% if required %} required{% endif %}{% if autocomplete %} autocomplete="{{ autocomplete }}"{% endif %} class="{{ width }} rounded-radius border border-outline bg-surface-alt px-2 py-2 text-sm text-on-surface focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-primary disabled:cursor-not-allowed disabled:opacity-75 dark:border-outline-dark dark:bg-surface-dark-alt/50 dark:text-on-surface-dark dark:focus-visible:outline-primary-dark {{ extra }}" {{ attrs | safe }}/>
 {%- endmacro input %}
 {% macro textarea(name, id="", value="", rows="3", placeholder="", required=false, attrs="", extra="") -%}
--- a/assets/views/partials/profile_menu.html
+++ b/assets/views/partials/profile_menu.html
@@ -0,0 +1,78 @@
 {# Customer profile dropdown in the storefront navbar.
   Proper Penguin UI dropdown: behaviour is the vendored
   dropdowns/dropdown-with-icons.html verbatim (isOpen / openedWithKeyboard,
   x-trap + $focus keyboard nav, x-cloak x-show, @click.outside). Trigger is the
   round initials avatar (avatar-with-initials.html, primary variant). Menu items
   are our account links.
   Needs the Alpine Focus plugin (loaded before Alpine core in base.html) for
   x-trap / $focus. Self-contained Alpine state; the host only needs to place it
   in the navbar flex row. The panel has NO id on purpose — an id would make htmx
   hx-boost "settle" it across boosted navigations and reappear; id-less Penguin
   dropdowns are unaffected. #}
 {# initials from the full name, e.g. "Filip Priec" -> "FP" #}
 {% set _name = customer_name | default(value='') | trim %}
 {% set _parts = _name | split(pat=' ') %}
 {% set _initials = _parts.0 | truncate(length=1, end='') | upper %}
 {% if _parts | length > 1 %}{% set _second = _parts | last | truncate(length=1, end='') | upper %}{% set _initials = _initials ~ _second %}{% endif %}
 {% if customer_account_type == "company" %}{% set _type_label = t(key="account-company", lang=lang | default(value='sk')) %}{% else %}{% set _type_label = t(key="account-personal", lang=lang | default(value='sk')) %}{% endif %}
 {% set _person_icon = '<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" aria-hidden="true" fill="currentColor" class="size-5"><path fill-rule="evenodd" d="M7.5 6a4.5 4.5 0 119 0 4.5 4.5 0 01-9 0zM3.751 20.105a8.25 8.25 0 0116.498 0 .75.75 0 01-.437.695A18.683 18.683 0 0112 22.5c-2.786 0-5.433-.608-7.812-1.7a.75.75 0 01-.437-.695z" clip-rule="evenodd"/></svg>' %}
 <div x-data="{ isOpen: false, openedWithKeyboard: false }"
  x-on:keydown.esc.window="isOpen = false, openedWithKeyboard = false"
  class="relative">
  <!-- Toggle Button: round initials avatar -->
  <button type="button" x-on:click="isOpen = ! isOpen"
    x-on:keydown.space.prevent="openedWithKeyboard = true" x-on:keydown.enter.prevent="openedWithKeyboard = true" x-on:keydown.down.prevent="openedWithKeyboard = true"
    x-bind:aria-expanded="isOpen || openedWithKeyboard" aria-haspopup="true"
    aria-label="{{ t(key='nav-account', lang=lang | default(value='sk')) }}"
    class="flex size-9 shrink-0 items-center justify-center overflow-hidden rounded-full border border-primary bg-primary text-sm font-bold tracking-wider text-on-primary/90 transition hover:opacity-90 focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-primary dark:border-primary-dark dark:bg-primary-dark dark:text-on-primary-dark/90 dark:focus-visible:outline-primary-dark">
    {%- if _initials %}{{ _initials }}{% else %}{{ _person_icon | safe }}{% endif -%}
  </button>
  <!-- Dropdown Menu (positioned like the settings cog: right-0 mt-2) -->
  <div x-cloak x-show="isOpen || openedWithKeyboard" x-transition x-trap="openedWithKeyboard"
    x-on:click.outside="isOpen = false, openedWithKeyboard = false"
    x-on:keydown.down.prevent="$focus.wrap().next()" x-on:keydown.up.prevent="$focus.wrap().previous()"
    class="absolute right-0 mt-2 flex w-60 min-w-48 flex-col divide-y divide-outline overflow-hidden rounded-radius border border-outline bg-surface-alt shadow-lg dark:divide-outline-dark dark:border-outline-dark dark:bg-surface-dark-alt" role="menu">
    <!-- header: avatar + name + account type -->
    <div class="flex items-center gap-3 px-4 py-2.5">
      <span class="flex size-11 shrink-0 items-center justify-center overflow-hidden rounded-full border border-primary bg-primary text-base font-bold tracking-wider text-on-primary/90 dark:border-primary-dark dark:bg-primary-dark dark:text-on-primary-dark/90">
        {%- if _initials %}{{ _initials }}{% else %}{{ _person_icon | safe }}{% endif -%}
      </span>
      <div class="flex min-w-0 flex-col">
        <span class="truncate text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ _name }}</span>
        <p class="truncate text-xs text-on-surface dark:text-on-surface-dark">{{ _type_label }}</p>
      </div>
    </div>
    <!-- account links (with icons) -->
    <div class="flex flex-col py-1.5">
      <a href="/account/orders" data-nav="/account/orders" role="menuitem" class="flex items-center gap-2 bg-surface-alt px-4 py-2 text-sm text-on-surface hover:bg-surface-dark-alt/5 hover:text-on-surface-strong focus-visible:bg-surface-dark-alt/10 focus-visible:text-on-surface-strong focus-visible:outline-hidden dark:bg-surface-dark-alt dark:text-on-surface-dark dark:hover:bg-surface-alt/5 dark:hover:text-on-surface-dark-strong dark:focus-visible:bg-surface-alt/10 dark:focus-visible:text-on-surface-dark-strong">
        {{ ui::icon(name="cart", size="size-4", extra="shrink-0") }}
        {{ t(key="account-orders", lang=lang | default(value='sk')) }}
      </a>
      <a href="/account/profile" data-nav="/account/profile" role="menuitem" class="flex items-center gap-2 bg-surface-alt px-4 py-2 text-sm text-on-surface hover:bg-surface-dark-alt/5 hover:text-on-surface-strong focus-visible:bg-surface-dark-alt/10 focus-visible:text-on-surface-strong focus-visible:outline-hidden dark:bg-surface-dark-alt dark:text-on-surface-dark dark:hover:bg-surface-alt/5 dark:hover:text-on-surface-dark-strong dark:focus-visible:bg-surface-alt/10 dark:focus-visible:text-on-surface-dark-strong">
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" aria-hidden="true" fill="currentColor" class="size-4 shrink-0"><path fill-rule="evenodd" d="M7.5 6a4.5 4.5 0 119 0 4.5 4.5 0 01-9 0zM3.751 20.105a8.25 8.25 0 0116.498 0 .75.75 0 01-.437.695A18.683 18.683 0 0112 22.5c-2.786 0-5.433-.608-7.812-1.7a.75.75 0 01-.437-.695z" clip-rule="evenodd"/></svg>
        {{ t(key="profile-title", lang=lang | default(value='sk')) }}
      </a>
      <a href="/account/password" data-nav="/account/password" role="menuitem" class="flex items-center gap-2 bg-surface-alt px-4 py-2 text-sm text-on-surface hover:bg-surface-dark-alt/5 hover:text-on-surface-strong focus-visible:bg-surface-dark-alt/10 focus-visible:text-on-surface-strong focus-visible:outline-hidden dark:bg-surface-dark-alt dark:text-on-surface-dark dark:hover:bg-surface-alt/5 dark:hover:text-on-surface-dark-strong dark:focus-visible:bg-surface-alt/10 dark:focus-visible:text-on-surface-dark-strong">
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" aria-hidden="true" fill="currentColor" class="size-4 shrink-0"><path fill-rule="evenodd" d="M15.75 1.5a6.75 6.75 0 00-6.651 7.906c.067.39-.032.717-.221.906l-6.5 6.499a3 3 0 00-.878 2.121v2.818c0 .414.336.75.75.75H6a.75.75 0 00.75-.75v-1.5h1.5A.75.75 0 009 21v-1.5h1.5a.75.75 0 00.53-.22l2.658-2.658c.19-.189.517-.288.906-.22A6.75 6.75 0 1015.75 1.5zm0 3a.75.75 0 000 1.5A2.25 2.25 0 0118 8.25a.75.75 0 001.5 0 3.75 3.75 0 00-3.75-3.75z" clip-rule="evenodd"/></svg>
        {{ t(key="account-change-password", lang=lang | default(value='sk')) }}
      </a>
      <a href="/account/security" data-nav="/account/security" role="menuitem" class="flex items-center gap-2 bg-surface-alt px-4 py-2 text-sm text-on-surface hover:bg-surface-dark-alt/5 hover:text-on-surface-strong focus-visible:bg-surface-dark-alt/10 focus-visible:text-on-surface-strong focus-visible:outline-hidden dark:bg-surface-dark-alt dark:text-on-surface-dark dark:hover:bg-surface-alt/5 dark:hover:text-on-surface-dark-strong dark:focus-visible:bg-surface-alt/10 dark:focus-visible:text-on-surface-dark-strong">
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" aria-hidden="true" fill="currentColor" class="size-4 shrink-0"><path fill-rule="evenodd" d="M12 1.5a5.25 5.25 0 00-5.25 5.25v3a3 3 0 00-3 3v6.75a3 3 0 003 3h10.5a3 3 0 003-3v-6.75a3 3 0 00-3-3v-3c0-2.9-2.35-5.25-5.25-5.25zm3.75 8.25v-3a3.75 3.75 0 10-7.5 0v3h7.5z" clip-rule="evenodd"/></svg>
        {{ t(key="security-title", lang=lang | default(value='sk')) }}
      </a>
    </div>
    <!-- logout -->
    <div class="flex flex-col py-1.5">
      <form method="post" action="/logout" hx-boost="false">
  <input type="hidden" name="_csrf" value="{{ csrf_token() }}"><button type="submit" role="menuitem" class="flex w-full items-center gap-2 bg-surface-alt px-4 py-2 text-left text-sm text-on-surface hover:bg-surface-dark-alt/5 hover:text-on-surface-strong focus-visible:bg-surface-dark-alt/10 focus-visible:text-on-surface-strong focus-visible:outline-hidden dark:bg-surface-dark-alt dark:text-on-surface-dark dark:hover:bg-surface-alt/5 dark:hover:text-on-surface-dark-strong dark:focus-visible:bg-surface-alt/10 dark:focus-visible:text-on-surface-dark-strong">
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" aria-hidden="true" fill="currentColor" class="size-4 shrink-0"><path fill-rule="evenodd" d="M7.5 3.75A1.5 1.5 0 006 5.25v13.5a1.5 1.5 0 001.5 1.5h6a1.5 1.5 0 001.5-1.5V15a.75.75 0 011.5 0v3.75a3 3 0 01-3 3h-6a3 3 0 01-3-3V5.25a3 3 0 013-3h6a3 3 0 013 3V9A.75.75 0 0115 9V5.25a1.5 1.5 0 00-1.5-1.5h-6zm10.72 4.72a.75.75 0 011.06 0l3 3a.75.75 0 010 1.06l-3 3a.75.75 0 11-1.06-1.06l1.72-1.72H9a.75.75 0 010-1.5h10.94l-1.72-1.72a.75.75 0 010-1.06z" clip-rule="evenodd"/></svg>
        {{ t(key="logout", lang=lang | default(value='sk')) }}
      </button></form>
    </div>
  </div>
 </div>
--- a/assets/views/partials/settings_dropdown.html
+++ b/assets/views/partials/settings_dropdown.html
@@ -1,21 +1,26 @@
 {# Settings dropdown (language + theme). Shared by base.html and admin/base.html
   to kill the former ~100-line copy-paste duplication.
-   Adapted from the vendored Penguin UI component
+   Proper Penguin UI dropdown: behaviour is the vendored
-   penguinui-components/dropdowns/dropdown-with-click.html: Penguin's dropdown
+   dropdowns/dropdown-with-icons.html verbatim (isOpen / openedWithKeyboard,
-   menu container + item treatment. Deviations: kept our gear icon-only trigger
+   x-trap + $focus keyboard nav, x-cloak x-show, @click.outside). Trigger is our
-   and our core-Alpine open / @click.outside toggle (upstream's x-trap / $focus
+   gear icon-only button; content is the language form + theme toggle. Needs the
-   need the Alpine Focus plugin, which we don't bundle); item hover uses
+   Alpine Focus plugin (loaded in base.html) for x-trap / $focus.
   bg-primary/5 to stay consistent with the rest of our Penguin-ified UI.
-   The host template provides the wrapper
+   Self-contained Alpine state + relative positioning; the host only places it
-   <div x-data="{ open: false }" @keydown.escape="open = false" class="relative ...">
+   (e.g. ml-auto in admin). The panel has NO id on purpose (see profile_menu.html
-   so it controls its own positioning (e.g. ml-auto in admin). #}
+   for why — htmx hx-boost settles by id). #}
-{{ ui::icon_button(aria_label=t(key='settings', lang=lang | default(value='sk')), attrs='@click="open = !open" :aria-expanded="open"', icon='<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="size-5"><path stroke-linecap="round" stroke-linejoin="round" d="M9.594 3.94c.09-.542.56-.94 1.11-.94h2.593c.55 0 1.02.398 1.11.94l.213 1.281c.063.374.313.686.645.87.074.04.147.083.22.127.324.196.72.257 1.075.124l1.217-.456a1.125 1.125 0 0 1 1.37.49l1.296 2.247a1.125 1.125 0 0 1-.26 1.431l-1.003.827c-.293.241-.438.613-.43.992a7.723 7.723 0 0 1 0 .255c-.008.378.137.75.43.991l1.004.827c.424.35.534.955.26 1.43l-1.298 2.247a1.125 1.125 0 0 1-1.369.491l-1.217-.456c-.355-.133-.75-.072-1.076.124a6.47 6.47 0 0 1-.22.128c-.331.183-.581.495-.644.869l-.213 1.281c-.09.543-.56.94-1.11.94h-2.594c-.55 0-1.019-.398-1.11-.94l-.213-1.281c-.062-.374-.312-.686-.644-.87a6.52 6.52 0 0 1-.22-.127c-.325-.196-.72-.257-1.076-.124l-1.217.456a1.125 1.125 0 0 1-1.369-.49l-1.297-2.247a1.125 1.125 0 0 1 .26-1.431l1.004-.827c.292-.24.437-.613.43-.991a6.932 6.932 0 0 1 0-.255c.007-.38-.138-.751-.43-.992l-1.004-.827a1.125 1.125 0 0 1-.26-1.43l1.297-2.247a1.125 1.125 0 0 1 1.37-.491l1.216.456c.356.133.751.072 1.076-.124.072-.044.146-.086.22-.128.332-.183.582-.495.644-.869l.214-1.28Z" /><path stroke-linecap="round" stroke-linejoin="round" d="M15 12a3 3 0 1 1-6 0 3 3 0 0 1 6 0Z" /></svg>') }}
+<div x-data="{ isOpen: false, openedWithKeyboard: false }"
-<div x-show="open" x-cloak @click.outside="open = false" x-transition.origin.top.right
+  x-on:keydown.esc.window="isOpen = false, openedWithKeyboard = false"
  class="relative">
 {{ ui::icon_button(aria_label=t(key='settings', lang=lang | default(value='sk')), attrs='x-on:click="isOpen = ! isOpen" x-on:keydown.space.prevent="openedWithKeyboard = true" x-on:keydown.enter.prevent="openedWithKeyboard = true" x-on:keydown.down.prevent="openedWithKeyboard = true" x-bind:aria-expanded="isOpen || openedWithKeyboard" aria-haspopup="true"', icon='<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="size-5"><path stroke-linecap="round" stroke-linejoin="round" d="M9.594 3.94c.09-.542.56-.94 1.11-.94h2.593c.55 0 1.02.398 1.11.94l.213 1.281c.063.374.313.686.645.87.074.04.147.083.22.127.324.196.72.257 1.075.124l1.217-.456a1.125 1.125 0 0 1 1.37.49l1.296 2.247a1.125 1.125 0 0 1-.26 1.431l-1.003.827c-.293.241-.438.613-.43.992a7.723 7.723 0 0 1 0 .255c-.008.378.137.75.43.991l1.004.827c.424.35.534.955.26 1.43l-1.298 2.247a1.125 1.125 0 0 1-1.369.491l-1.217-.456c-.355-.133-.75-.072-1.076.124a6.47 6.47 0 0 1-.22.128c-.331.183-.581.495-.644.869l-.213 1.281c-.09.543-.56.94-1.11.94h-2.594c-.55 0-1.019-.398-1.11-.94l-.213-1.281c-.062-.374-.312-.686-.644-.87a6.52 6.52 0 0 1-.22-.127c-.325-.196-.72-.257-1.076-.124l-1.217.456a1.125 1.125 0 0 1-1.369-.49l-1.297-2.247a1.125 1.125 0 0 1 .26-1.431l1.004-.827c.292-.24.437-.613.43-.991a6.932 6.932 0 0 1 0-.255c.007-.38-.138-.751-.43-.992l-1.004-.827a1.125 1.125 0 0 1-.26-1.43l1.297-2.247a1.125 1.125 0 0 1 1.37-.491l1.216.456c.356.133.751.072 1.076-.124.072-.044.146-.086.22-.128.332-.183.582-.495.644-.869l.214-1.28Z" /><path stroke-linecap="round" stroke-linejoin="round" d="M15 12a3 3 0 1 1-6 0 3 3 0 0 1 6 0Z" /></svg>') }}
 <div x-cloak x-show="isOpen || openedWithKeyboard" x-transition x-trap="openedWithKeyboard"
  x-on:click.outside="isOpen = false, openedWithKeyboard = false"
  x-on:keydown.down.prevent="$focus.wrap().next()" x-on:keydown.up.prevent="$focus.wrap().previous()"
  class="absolute right-0 mt-2 flex w-56 flex-col overflow-hidden rounded-radius border border-outline bg-surface-alt py-1 shadow-lg dark:border-outline-dark dark:bg-surface-dark-alt"
  role="menu">
  <form method="post" action="/lang" hx-boost="false">
  <input type="hidden" name="_csrf" value="{{ csrf_token() }}">
    <p class="px-4 py-1.5 text-xs font-semibold uppercase tracking-wide text-on-surface/60 dark:text-on-surface-dark/60">
      {{ t(key="settings-language", lang=lang | default(value='sk')) }}
    </p>
@@ -54,3 +59,4 @@
    </label>
  </div>
 </div>
 </div>
--- a/assets/views/shop/_card.html
+++ b/assets/views/shop/_card.html
@@ -17,7 +17,14 @@
      <!-- Header: Title & Price -->
      <div class="flex justify-between gap-4">
        <h3 class="text-lg font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ product.name }}</h3>
        {% if product.on_sale %}
        <span class="flex flex-col items-end whitespace-nowrap leading-tight">
          <span class="text-sm text-on-surface/50 line-through dark:text-on-surface-dark/50">{{ product.regular_price }} {{ product.currency }}</span>
          <span class="text-xl font-semibold text-danger"><span class="sr-only">Price</span>{{ product.price }} {{ product.currency }}</span>
        </span>
        {% else %}
        <span class="whitespace-nowrap text-xl"><span class="sr-only">Price</span>{{ product.price }} {{ product.currency }}</span>
        {% endif %}
      </div>
    </div>
  </a>
@@ -26,6 +33,7 @@
    <p class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="in-stock", lang=lang | default(value='sk')) }}: {{ product.stock }}</p>
    <form method="post" action="/cart/add" hx-post="/cart/add" hx-swap="none"
      hx-on::after-request="if (event.detail.successful) toast('{{ t(key='cart-added', lang=lang | default(value='sk')) }}')">
  <input type="hidden" name="_csrf" value="{{ csrf_token() }}">
      <input type="hidden" name="product_id" value="{{ product.id }}">
      <input type="hidden" name="quantity" value="1">
      {{ ui::button(label=t(key="add-to-cart", lang=lang | default(value='sk')), type="submit", extra="w-full", icon='<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" fill="currentColor" aria-hidden="true" class="size-3.5"><path fill-rule="evenodd" d="M5 4a3 3 0 0 1 6 0v1h.643a1.5 1.5 0 0 1 1.492 1.35l.7 7A1.5 1.5 0 0 1 12.342 15H3.657a1.5 1.5 0 0 1-1.492-1.65l.7-7A1.5 1.5 0 0 1 4.357 5H5V4Zm4.5 0v1h-3V4a1.5 1.5 0 0 1 3 0Zm-3 3.75a.75.75 0 0 0-1.5 0v1a3 3 0 1 0 6 0v-1a.75.75 0 0 0-1.5 0v1a1.5 1.5 0 1 1-3 0v-1Z" clip-rule="evenodd" /></svg>') }}
--- a/assets/views/shop/_cart_body.html
+++ b/assets/views/shop/_cart_body.html
@@ -20,13 +20,21 @@
        <td class="px-4 py-3">
          <a href="/shop/{{ item.slug }}" class="font-medium text-on-surface-strong hover:text-primary dark:text-on-surface-dark-strong dark:hover:text-primary-dark">{{ item.name }}</a>
        </td>
-        <td class="px-4 py-3 tabular-nums">{{ item.price }} {{ item.currency }}</td>
+        <td class="px-4 py-3 tabular-nums">
          {% if item.on_sale %}
          <span class="font-medium text-danger">{{ item.price }} {{ item.currency }}</span>
          <span class="ml-1 text-xs text-on-surface/50 line-through dark:text-on-surface-dark/50">{{ item.regular_price }}</span>
          {% else %}
          {{ item.price }} {{ item.currency }}
          {% endif %}
        </td>
        <td class="px-4 py-3">
          {# Changing the quantity posts via htmx (custom `cartchange` event) and
             swaps only #cart-body. Dropping to 0 asks for confirmation first,
             reverting to the previous quantity if the customer cancels. #}
          <form method="post" action="/cart/update"
            hx-post="/cart/update" hx-trigger="cartchange" hx-target="#cart-body" hx-swap="innerHTML">
  {{ ui::csrf_field() }}
            <input type="hidden" name="product_id" value="{{ item.id }}">
            <input type="number" name="quantity" min="0" max="{{ item.stock }}" value="{{ item.quantity }}"
              @change="
@@ -43,6 +51,7 @@
        <td class="px-4 py-3 text-right">
          <form method="post" action="/cart/remove"
            hx-post="/cart/remove" hx-target="#cart-body" hx-swap="innerHTML">
  {{ ui::csrf_field() }}
            <input type="hidden" name="product_id" value="{{ item.id }}">
            {{ ui::button(variant="ghost-danger", label=t(key="cart-remove", lang=lang | default(value='sk')), type="submit", size="px-2 py-1 text-xs") }}
          </form>
@@ -62,7 +71,7 @@
 <div class="mt-6 flex flex-wrap justify-between gap-3">
  {{ ui::button(variant="outline-secondary", label=t(key="cart-continue", lang=lang | default(value='sk')), href="/shop") }}
-  {{ ui::button(label=t(key="cart-checkout", lang=lang | default(value='sk')), href="/checkout", size="px-5 py-2 text-sm") }}
+  {{ ui::button(label=t(key="cart-checkout", lang=lang | default(value='sk')), href="/checkout", size="px-5 py-2 text-sm", attrs='hx-boost="false"') }}
 </div>
 {% else %}
 <div class="rounded-radius border border-outline px-6 py-16 text-center dark:border-outline-dark">
--- a/assets/views/shop/_cart_preview.html
+++ b/assets/views/shop/_cart_preview.html
@@ -0,0 +1,31 @@
 {# Mini-cart preview shown on hover over the navbar cart (Alza-style).
   Lazy-loaded via htmx from /partials/cart into the hover dropdown panel in
   base.html. Receives: items[], total, currency, lang. #}
 {% import "macros/ui.html" as ui %}
 {% if items | length > 0 %}
 <div class="max-h-80 divide-y divide-outline overflow-y-auto dark:divide-outline-dark">
  {% for item in items %}
  <div class="flex items-start gap-3 px-4 py-3">
    <div class="min-w-0 flex-1">
      <a href="/shop/{{ item.slug }}" class="block truncate text-sm font-medium text-on-surface-strong hover:text-primary dark:text-on-surface-dark-strong dark:hover:text-primary-dark">{{ item.name }}</a>
      <p class="mt-0.5 text-xs tabular-nums text-on-surface dark:text-on-surface-dark">{{ item.quantity }} × {{ item.price }} {{ item.currency }}</p>
    </div>
    <span class="shrink-0 text-sm font-semibold tabular-nums text-on-surface-strong dark:text-on-surface-dark-strong">{{ item.line_total }} {{ item.currency }}</span>
  </div>
  {% endfor %}
 </div>
 <div class="border-t border-outline px-4 py-3 dark:border-outline-dark">
  <div class="mb-3 flex items-center justify-between">
    <span class="text-sm text-on-surface dark:text-on-surface-dark">{{ t(key="cart-total", lang=lang | default(value='sk')) }}</span>
    <span class="text-base font-bold tabular-nums text-primary dark:text-primary-dark">{{ total }} {{ currency }}</span>
  </div>
  <div class="flex gap-2">
    {{ ui::button(href="/cart", variant="outline-primary", label=t(key="cart-title", lang=lang | default(value='sk')), extra="flex-1", attrs='hx-boost="false"') }}
    {{ ui::button(href="/checkout", variant="primary", label=t(key="cart-checkout", lang=lang | default(value='sk')), extra="flex-1", attrs='hx-boost="false"') }}
  </div>
 </div>
 {% else %}
 <div class="px-4 py-10 text-center text-sm text-on-surface dark:text-on-surface-dark">
  {{ t(key="cart-empty", lang=lang | default(value='sk')) }}
 </div>
 {% endif %}
--- a/assets/views/shop/checkout.html
+++ b/assets/views/shop/checkout.html
@@ -30,6 +30,7 @@
    }
  }"
  class="mt-6 grid gap-8 lg:grid-cols-3">
  {{ ui::csrf_field() }}
  <div class="space-y-6 lg:col-span-2">
    <!-- personal vs company. Fixed (read-only) for a logged-in account; a guest
@@ -229,9 +230,10 @@
      {{ ui::textarea(name="note", id="note", rows="3") }}
    </div>
-    {% if logged_in_customer %}
+    {% if logged_in_customer and not profile_filled %}
-    <!-- logged-in customers can persist this address to their profile for next time -->
+    <!-- offered only when the profile has no saved address yet; if it was filled
-    {{ ui::checkbox(name="save_profile", id="save_profile", label=t(key="checkout-save-profile", lang=lang | default(value='sk')), checked=true) }}
+         in advance we leave it untouched -->
    {{ ui::checkbox(name="save_profile", id="save_profile", label=t(key="checkout-save-profile", lang=lang | default(value='sk'))) }}
    {% endif %}
    {% if can_create_account %}
--- a/assets/views/shop/show.html
+++ b/assets/views/shop/show.html
@@ -54,7 +54,14 @@
    <a href="/category/{{ category.slug }}" class="text-sm font-medium text-primary dark:text-primary-dark">{{ category.name }}</a>
    {% endif %}
    <h1 class="text-3xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ product.name }}</h1>
    {% if product.on_sale %}
    <div class="flex items-baseline gap-3">
      <p class="text-2xl font-semibold text-danger">{{ product.price }} {{ product.currency }}</p>
      <p class="text-lg text-on-surface/50 line-through dark:text-on-surface-dark/50">{{ product.regular_price }} {{ product.currency }}</p>
    </div>
    {% else %}
    <p class="text-2xl font-semibold text-primary dark:text-primary-dark">{{ product.price }} {{ product.currency }}</p>
    {% endif %}
    {% if product.description %}
    <div class="whitespace-pre-line leading-relaxed text-on-surface/80 dark:text-on-surface-dark/80">{{ product.description }}</div>
@@ -63,6 +70,7 @@
    {% if product.stock > 0 %}
    <form method="post" action="/cart/add" hx-post="/cart/add" hx-swap="none" class="flex flex-wrap items-end gap-3"
      hx-on::after-request="if (event.detail.successful) toast('{{ t(key='cart-added', lang=lang | default(value='sk')) }}')">
  {{ ui::csrf_field() }}
      <input type="hidden" name="product_id" value="{{ product.id }}">
      <div class="space-y-1.5">
        <label for="quantity" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="quantity", lang=lang | default(value='sk')) }}</label>
--- a/migration/src/lib.rs
+++ b/migration/src/lib.rs
@@ -34,6 +34,10 @@ mod m20260618_000001_o_auth2_sessions;
 mod m20260618_000002_customer_profiles;
 mod m20260618_000003_account_type;
 mod m20260618_000004_account_ownership;
 mod m20260620_000001_add_totp_to_users;
 mod m20260621_000001_add_sale_price_to_products;
 mod m20260621_000002_account_product_prices;
 mod m20260621_000003_discount_profiles;
 pub struct Migrator;
 #[async_trait::async_trait]
@@ -72,6 +76,10 @@ impl MigratorTrait for Migrator {
            Box::new(m20260618_000002_customer_profiles::Migration),
            Box::new(m20260618_000003_account_type::Migration),
            Box::new(m20260618_000004_account_ownership::Migration),
            Box::new(m20260620_000001_add_totp_to_users::Migration),
            Box::new(m20260621_000001_add_sale_price_to_products::Migration),
            Box::new(m20260621_000002_account_product_prices::Migration),
            Box::new(m20260621_000003_discount_profiles::Migration),
            // inject-above (do not remove this comment)
        ]
    }
--- a/migration/src/m20260620_000001_add_totp_to_users.rs
+++ b/migration/src/m20260620_000001_add_totp_to_users.rs
@@ -0,0 +1,32 @@
 use loco_rs::schema::*;
 use sea_orm_migration::prelude::*;
 #[derive(DeriveMigrationName)]
 pub struct Migration;
 // Optional TOTP (Google Authenticator) two-factor auth. All three columns are
 // nullable and only populated once a user opts in:
 //   - `totp_secret`         base32 shared secret; present while enrolling/enabled.
 //                           TODO(security): stored PLAINTEXT and is password-
 //                           equivalent (must stay reversible to recompute codes).
 //                           Encrypt at rest later with an out-of-DB key. See the
 //                           TODO(security) block in src/models/users.rs.
 //   - `totp_enabled_at`     NULL = 2FA off. Set only after the user confirms a
 //                           code, so a half-finished enrollment never gates login.
 //   - `totp_backup_codes`   JSON array of hashed one-time recovery codes.
 #[async_trait::async_trait]
 impl MigrationTrait for Migration {
    async fn up(&self, m: &SchemaManager) -> Result<(), DbErr> {
        add_column(m, "users", "totp_secret", ColType::TextNull).await?;
        add_column(m, "users", "totp_enabled_at", ColType::TimestampWithTimeZoneNull).await?;
        add_column(m, "users", "totp_backup_codes", ColType::TextNull).await?;
        Ok(())
    }
    async fn down(&self, m: &SchemaManager) -> Result<(), DbErr> {
        remove_column(m, "users", "totp_backup_codes").await?;
        remove_column(m, "users", "totp_enabled_at").await?;
        remove_column(m, "users", "totp_secret").await?;
        Ok(())
    }
 }
--- a/migration/src/m20260621_000001_add_sale_price_to_products.rs
+++ b/migration/src/m20260621_000001_add_sale_price_to_products.rs
@@ -0,0 +1,19 @@
 use loco_rs::schema::*;
 use sea_orm_migration::prelude::*;
 #[derive(DeriveMigrationName)]
 pub struct Migration;
 #[async_trait::async_trait]
 impl MigrationTrait for Migration {
    async fn up(&self, m: &SchemaManager) -> Result<(), DbErr> {
        // Optional discounted price in minor units. When set (and below
        // `price_cents`) the product is on sale; the regular price is shown
        // struck through and this is the effective price everywhere.
        add_column(m, "products", "sale_price_cents", ColType::BigIntegerNull).await
    }
    async fn down(&self, m: &SchemaManager) -> Result<(), DbErr> {
        remove_column(m, "products", "sale_price_cents").await
    }
 }
--- a/migration/src/m20260621_000002_account_product_prices.rs
+++ b/migration/src/m20260621_000002_account_product_prices.rs
@@ -0,0 +1,40 @@
 use loco_rs::schema::*;
 use sea_orm_migration::prelude::*;
 #[derive(DeriveMigrationName)]
 pub struct Migration;
 #[async_trait::async_trait]
 impl MigrationTrait for Migration {
    async fn up(&self, m: &SchemaManager) -> Result<(), DbErr> {
        // A manually negotiated price (in minor units) for one product, for one
        // business account — the "personal agreement" layer. `user`/`product`
        // add the user_id/product_id FKs; the unique index below keeps it to one
        // row per (account, product).
        create_table(
            m,
            "account_product_prices",
            &[
                ("id", ColType::PkAuto),
                ("price_cents", ColType::BigInteger),
            ],
            &[("user", ""), ("product", "")],
        )
        .await?;
        m.create_index(
            Index::create()
                .name("idx_account_product_prices_user_product_unique")
                .table(Alias::new("account_product_prices"))
                .col(Alias::new("user_id"))
                .col(Alias::new("product_id"))
                .unique()
                .to_owned(),
        )
        .await
    }
    async fn down(&self, m: &SchemaManager) -> Result<(), DbErr> {
        drop_table(m, "account_product_prices").await
    }
 }
--- a/migration/src/m20260621_000003_discount_profiles.rs
+++ b/migration/src/m20260621_000003_discount_profiles.rs
@@ -0,0 +1,91 @@
 use loco_rs::schema::*;
 use sea_orm_migration::prelude::*;
 #[derive(DeriveMigrationName)]
 pub struct Migration;
 #[async_trait::async_trait]
 impl MigrationTrait for Migration {
    async fn up(&self, m: &SchemaManager) -> Result<(), DbErr> {
        // A reusable, named discount layer: a percentage (basis points, 5% = 500)
        // over a product scope. `scope_type` is 'include' (covers the listed
        // products) or 'all_except' (covers everything but the listed products).
        create_table(
            m,
            "discount_profiles",
            &[
                ("id", ColType::PkAuto),
                ("name", ColType::String),
                ("percent_bp", ColType::Integer),
                ("scope_type", ColType::StringWithDefault("include".to_string())),
            ],
            &[],
        )
        .await?;
        // Which products the scope lists (meaning depends on scope_type).
        create_table(
            m,
            "discount_profile_products",
            &[("id", ColType::PkAuto)],
            &[("discount_profile", ""), ("product", "")],
        )
        .await?;
        m.create_index(
            Index::create()
                .name("idx_discount_profile_products_unique")
                .table(Alias::new("discount_profile_products"))
                .col(Alias::new("discount_profile_id"))
                .col(Alias::new("product_id"))
                .unique()
                .to_owned(),
        )
        .await?;
        // Which profiles a business account has (mixable).
        create_table(
            m,
            "account_discount_profiles",
            &[("id", ColType::PkAuto)],
            &[("user", ""), ("discount_profile", "")],
        )
        .await?;
        m.create_index(
            Index::create()
                .name("idx_account_discount_profiles_unique")
                .table(Alias::new("account_discount_profiles"))
                .col(Alias::new("user_id"))
                .col(Alias::new("discount_profile_id"))
                .unique()
                .to_owned(),
        )
        .await?;
        // The admin's chosen winning profile when two assigned profiles cover the
        // same product for an account (collision resolution).
        create_table(
            m,
            "account_product_resolutions",
            &[("id", ColType::PkAuto)],
            &[("user", ""), ("product", ""), ("discount_profile", "")],
        )
        .await?;
        m.create_index(
            Index::create()
                .name("idx_account_product_resolutions_unique")
                .table(Alias::new("account_product_resolutions"))
                .col(Alias::new("user_id"))
                .col(Alias::new("product_id"))
                .unique()
                .to_owned(),
        )
        .await
    }
    async fn down(&self, m: &SchemaManager) -> Result<(), DbErr> {
        drop_table(m, "account_product_resolutions").await?;
        drop_table(m, "account_discount_profiles").await?;
        drop_table(m, "discount_profile_products").await?;
        drop_table(m, "discount_profiles").await
    }
 }
--- a/src/app.rs
+++ b/src/app.rs
@@ -17,8 +17,9 @@ use std::{path::Path, sync::Arc};
 #[allow(unused_imports)]
 use crate::{
    controllers::{
-        account, admin_categories, admin_dashboard, admin_form, admin_orders,
+        account, admin_categories, admin_customers, admin_dashboard, admin_discount_profiles,
-        admin_products, admin_shipping, auth, auth_pages, cart, checkout, home, i18n, media, oauth2,
+        admin_discounts, admin_form, admin_orders, admin_products, admin_shipping, auth, auth_pages,
        cart, checkout, home, i18n, media, oauth2,
        shop,
    },
    initializers,
@@ -68,6 +69,12 @@ impl Hooks for App {
            .layer(axum::middleware::from_fn_with_state(
                ctx.clone(),
                crate::shared::rbac::inject_subject,
            ))
            // CSRF runs outermost so it validates the double-submit token before
            // any handler sees the request and stamps the cookie on safe ones.
            .layer(axum::middleware::from_fn_with_state(
                ctx.clone(),
                crate::shared::csrf::protect,
            )))
    }
@@ -98,8 +105,11 @@ impl Hooks for App {
            // admin
            .add_route(admin_dashboard::routes())
            .add_route(admin_products::routes())
            .add_route(admin_discounts::routes())
            .add_route(admin_discount_profiles::routes())
            .add_route(admin_categories::routes())
            .add_route(admin_orders::routes())
            .add_route(admin_customers::routes())
            .add_route(admin_shipping::routes())
    }
--- a/src/controllers/account.rs
+++ b/src/controllers/account.rs
@@ -9,6 +9,7 @@
 use axum_extra::extract::cookie::CookieJar;
 use loco_rs::prelude::*;
 use sea_orm::QueryOrder;
 use serde::Deserialize;
 use serde_json::json;
@@ -16,13 +17,20 @@ use crate::{
    controllers::i18n::current_lang,
    models::{
        customer_profiles::{self, ProfileFields},
-        users,
+        order_items, orders, users,
    },
-    shared::guard,
+    shared::{guard, settings},
    views::checkout as order_view,
 };
 /// Active (still-being-fulfilled) order statuses. Anything else
 /// (`delivered`, `cancelled`) is considered closed/past.
 const ACTIVE_STATUSES: [&str; 3] = ["pending", "paid", "shipped"];
 #[derive(Debug, Deserialize)]
 struct ProfileForm {
    first_name: Option<String>,
    last_name: Option<String>,
    company_name: Option<String>,
    company_id: Option<String>,
    tax_id: Option<String>,
@@ -39,6 +47,24 @@ fn trimmed(value: Option<&str>) -> Option<String> {
    value.map(str::trim).filter(|v| !v.is_empty()).map(String::from)
 }
 /// Split a stored full name into (first name, surname). The surname is
 /// everything after the first whitespace, so multi-word surnames round-trip.
 fn split_name(name: &str) -> (String, String) {
    match name.trim().split_once(char::is_whitespace) {
        Some((first, rest)) => (first.to_string(), rest.trim().to_string()),
        None => (name.trim().to_string(), String::new()),
    }
 }
 /// Recombine the two name fields into the single stored `name`. Returns `None`
 /// when the result is too short to be a valid name (the user can't blank it out).
 fn full_name_from_form(form: &ProfileForm) -> Option<String> {
    let first = form.first_name.as_deref().unwrap_or("").trim();
    let last = form.last_name.as_deref().unwrap_or("").trim();
    let full = format!("{first} {last}").trim().to_string();
    (full.chars().count() >= 2).then_some(full)
 }
 /// Build the persisted fields from the submitted form. Company identifiers are
 /// only kept for company accounts (a personal account can never carry them).
 fn fields_from_form(form: &ProfileForm, is_company: bool) -> ProfileFields {
@@ -92,15 +118,21 @@ fn profile_view(
    saved: bool,
    error: bool,
 ) -> Result<Response> {
    let (first_name, last_name) = split_name(&user.name);
    format::view(
        v,
        "account/profile.html",
        json!({
            "logged_in_admin": false,
            "logged_in_customer": true,
            "account_nav": true,
            "customer_name": user.name,
            "customer_account_type": user.account_type,
            "saved": saved,
            "error": error,
            "name": user.name,
            "first_name": first_name,
            "last_name": last_name,
            "email": user.email,
            "account_type": user.account_type,
            "company_name": fields.company_name,
@@ -147,18 +179,372 @@ async fn save_profile(
    if guard::is_admin(&ctx, &user) {
        return format::redirect("/admin/dashboard");
    }
    // Apply the edited name to a working copy so it's reflected on both the
    // success and re-rendered-error views. A blank/too-short name is ignored —
    // the field can't be cleared.
    let mut user = user;
    let new_name = full_name_from_form(&form).filter(|n| *n != user.name);
    if let Some(name) = new_name.clone() {
        user.name = name;
    }
    let fields = fields_from_form(&form, user.is_company());
    // A company account's profile is rejected (and re-shown with the entered
    // values) until it carries its required identifiers.
    if user.is_company() && company_fields_missing(&fields) {
        return profile_view(&v, &jar, &user, &fields, false, true);
    }
    if let Some(name) = new_name {
        let mut active = user.clone().into_active_model();
        active.name = ActiveValue::set(name);
        active.update(&ctx.db).await?;
    }
    customer_profiles::Model::upsert(&ctx.db, user.id, fields.clone()).await?;
    profile_view(&v, &jar, &user, &fields, true, false)
 }
 /// Lists the signed-in customer's orders, split into still-active and past.
 #[debug_handler]
 async fn orders_page(
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    State(ctx): State<AppContext>,
 ) -> Result<Response> {
    let Some(user) = guard::current_user(&ctx, &jar).await else {
        return format::redirect("/login");
    };
    if guard::is_admin(&ctx, &user) {
        return format::redirect("/admin/dashboard");
    }
    let rows = orders::Entity::find()
        .filter(orders::Column::UserId.eq(user.id))
        .order_by_desc(orders::Column::CreatedAt)
        .all(&ctx.db)
        .await?;
    let (active, past): (Vec<_>, Vec<_>) = rows
        .iter()
        .partition(|o| ACTIVE_STATUSES.contains(&o.status.as_str()));
    let shape = |list: Vec<&orders::Model>| -> Vec<_> {
        list.into_iter().map(order_view::summary).collect()
    };
    format::view(
        &v,
        "account/orders.html",
        json!({
            "logged_in_admin": false,
            "logged_in_customer": true,
            "account_nav": true,
            "customer_name": user.name,
            "customer_account_type": user.account_type,
            "active_orders": shape(active),
            "past_orders": shape(past),
            "lang": current_lang(&jar),
        }),
    )
 }
 /// Shows a single order belonging to the signed-in customer. Orders owned by
 /// someone else (or guest orders) are not found here.
 #[debug_handler]
 async fn order_detail_page(
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    State(ctx): State<AppContext>,
    Path(order_number): Path<String>,
 ) -> Result<Response> {
    let Some(user) = guard::current_user(&ctx, &jar).await else {
        return format::redirect("/login");
    };
    if guard::is_admin(&ctx, &user) {
        return format::redirect("/admin/dashboard");
    }
    let order = orders::Entity::find()
        .filter(orders::Column::OrderNumber.eq(order_number))
        .one(&ctx.db)
        .await?
        .filter(|o| o.user_id == Some(user.id))
        .ok_or_else(|| Error::NotFound)?;
    let items = order_items::Entity::find()
        .filter(order_items::Column::OrderId.eq(order.id))
        .all(&ctx.db)
        .await?;
    format::view(
        &v,
        "account/order_detail.html",
        json!({
            "logged_in_admin": false,
            "logged_in_customer": true,
            "account_nav": true,
            "customer_name": user.name,
            "customer_account_type": user.account_type,
            "order": order_view::detail(
                &order,
                settings::get(&ctx, "bank_iban").unwrap_or(""),
                settings::get(&ctx, "bank_account_name").unwrap_or(""),
            ),
            "items": order_view::items(&items),
            "lang": current_lang(&jar),
        }),
    )
 }
 #[derive(Debug, Deserialize)]
 struct ChangePasswordForm {
    current_password: String,
    password: String,
    password_confirm: String,
 }
 fn password_view(
    v: &TeraView,
    jar: &CookieJar,
    user: &users::Model,
    changed: bool,
    error: Option<&str>,
 ) -> Result<Response> {
    format::view(
        v,
        "account/password.html",
        json!({
            "logged_in_admin": false,
            "logged_in_customer": true,
            "account_nav": true,
            "customer_name": user.name,
            "customer_account_type": user.account_type,
            "changed": changed,
            "error": error,
            "lang": current_lang(jar),
        }),
    )
 }
 #[debug_handler]
 async fn change_password_page(
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    State(ctx): State<AppContext>,
 ) -> Result<Response> {
    let Some(user) = guard::current_user(&ctx, &jar).await else {
        return format::redirect("/login");
    };
    if guard::is_admin(&ctx, &user) {
        return format::redirect("/admin/dashboard");
    }
    password_view(&v, &jar, &user, false, None)
 }
 #[debug_handler]
 async fn change_password(
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    State(ctx): State<AppContext>,
    Form(form): Form<ChangePasswordForm>,
 ) -> Result<Response> {
    let Some(user) = guard::current_user(&ctx, &jar).await else {
        return format::redirect("/login");
    };
    if guard::is_admin(&ctx, &user) {
        return format::redirect("/admin/dashboard");
    }
    if !user.verify_password(&form.current_password) {
        return password_view(&v, &jar, &user, false, Some("current"));
    }
    if form.password != form.password_confirm {
        return password_view(&v, &jar, &user, false, Some("mismatch"));
    }
    if form.password.len() < 8 {
        return password_view(&v, &jar, &user, false, Some("weak"));
    }
    let user = user
        .into_active_model()
        .reset_password(&ctx.db, &form.password)
        .await?;
    password_view(&v, &jar, &user, true, None)
 }
 // ---- Two-factor authentication (TOTP / Google Authenticator) -------------
 //
 // Entirely opt-in. The security page has three shapes, all rendered from
 // `security.html`:
 //   * disabled  -> an "enable" button,
 //   * enrolling -> the QR + a confirm-code field (secret staged, not yet on),
 //   * enabled   -> status, remaining backup codes, disable/regenerate forms.
 // Both turning 2FA off and regenerating backup codes require re-entering the
 // account password, so a walk-up attacker on an open session can't weaken it.
 #[derive(Debug, Deserialize)]
 struct ConfirmTotpForm {
    code: String,
 }
 #[derive(Debug, Deserialize)]
 struct PasswordConfirmForm {
    current_password: String,
 }
 /// Render the security page. Exactly one of (`enrolling`, plain status) applies;
 /// `backup_codes` is non-empty only on the one render right after enabling or
 /// regenerating, where the plaintext codes are shown once.
 #[allow(clippy::too_many_arguments)]
 fn security_view(
    v: &TeraView,
    jar: &CookieJar,
    user: &users::Model,
    enrolling: bool,
    qr: Option<&str>,
    secret: Option<&str>,
    backup_codes: &[String],
    error: Option<&str>,
 ) -> Result<Response> {
    format::view(
        v,
        "account/security.html",
        json!({
            "logged_in_admin": false,
            "logged_in_customer": true,
            "account_nav": true,
            "customer_name": user.name,
            "customer_account_type": user.account_type,
            "totp_enabled": user.totp_enabled(),
            "enrolling": enrolling,
            "qr": qr,
            "secret": secret,
            "backup_codes": backup_codes,
            "backup_remaining": user.backup_codes_remaining(),
            "error": error,
            "lang": current_lang(jar),
        }),
    )
 }
 /// Common guard for every security handler: a signed-in, non-admin customer.
 async fn require_customer(ctx: &AppContext, jar: &CookieJar) -> Result<users::Model> {
    match guard::current_user(ctx, jar).await {
        Some(user) if guard::is_admin(ctx, &user) => Err(Error::string("admin")),
        Some(user) => Ok(user),
        None => Err(Error::Unauthorized("login required".into())),
    }
 }
 #[debug_handler]
 async fn security_page(
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    State(ctx): State<AppContext>,
 ) -> Result<Response> {
    let Some(user) = guard::current_user(&ctx, &jar).await else {
        return format::redirect("/login");
    };
    if guard::is_admin(&ctx, &user) {
        return format::redirect("/admin/dashboard");
    }
    security_view(&v, &jar, &user, false, None, None, &[], None)
 }
 /// Stage a fresh secret and show the QR + confirm-code field.
 #[debug_handler]
 async fn enable_totp(
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    State(ctx): State<AppContext>,
 ) -> Result<Response> {
    let Ok(user) = require_customer(&ctx, &jar).await else {
        return format::redirect("/login");
    };
    // Already on — nothing to enroll.
    if user.totp_enabled() {
        return security_view(&v, &jar, &user, false, None, None, &[], None);
    }
    let user = user.into_active_model().begin_totp_enrollment(&ctx.db).await?;
    let Some((qr, secret)) = user.totp_provisioning() else {
        return security_view(&v, &jar, &user, false, None, None, &[], Some("enroll"));
    };
    security_view(&v, &jar, &user, true, Some(&qr), Some(&secret), &[], None)
 }
 /// Verify the first code against the staged secret; on success flip 2FA on and
 /// show the one-time backup codes. On a wrong code, re-show the QR to retry.
 #[debug_handler]
 async fn confirm_totp(
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    State(ctx): State<AppContext>,
    Form(form): Form<ConfirmTotpForm>,
 ) -> Result<Response> {
    let Ok(user) = require_customer(&ctx, &jar).await else {
        return format::redirect("/login");
    };
    if user.totp_enabled() {
        return security_view(&v, &jar, &user, false, None, None, &[], None);
    }
    if !user.verify_totp_code(&form.code) {
        let qr = user.totp_provisioning();
        let (qr, secret) = match &qr {
            Some((q, s)) => (Some(q.as_str()), Some(s.as_str())),
            None => (None, None),
        };
        return security_view(&v, &jar, &user, true, qr, secret, &[], Some("code"));
    }
    let (user, backup_codes) = user.into_active_model().enable_totp(&ctx.db).await?;
    security_view(&v, &jar, &user, false, None, None, &backup_codes, None)
 }
 /// Turn 2FA off — requires the account password as confirmation.
 #[debug_handler]
 async fn disable_totp(
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    State(ctx): State<AppContext>,
    Form(form): Form<PasswordConfirmForm>,
 ) -> Result<Response> {
    let Ok(user) = require_customer(&ctx, &jar).await else {
        return format::redirect("/login");
    };
    if !user.totp_enabled() {
        return security_view(&v, &jar, &user, false, None, None, &[], None);
    }
    if !user.verify_password(&form.current_password) {
        return security_view(&v, &jar, &user, false, None, None, &[], Some("password"));
    }
    let user = user.into_active_model().disable_totp(&ctx.db).await?;
    security_view(&v, &jar, &user, false, None, None, &[], None)
 }
 /// Issue a fresh set of backup codes (invalidating the old ones) — also gated by
 /// the account password.
 #[debug_handler]
 async fn regenerate_backup_codes(
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    State(ctx): State<AppContext>,
    Form(form): Form<PasswordConfirmForm>,
 ) -> Result<Response> {
    let Ok(user) = require_customer(&ctx, &jar).await else {
        return format::redirect("/login");
    };
    if !user.totp_enabled() {
        return security_view(&v, &jar, &user, false, None, None, &[], None);
    }
    if !user.verify_password(&form.current_password) {
        return security_view(&v, &jar, &user, false, None, None, &[], Some("password"));
    }
    let (user, backup_codes) =
        user.into_active_model().regenerate_backup_codes(&ctx.db).await?;
    security_view(&v, &jar, &user, false, None, None, &backup_codes, None)
 }
 pub fn routes() -> Routes {
    Routes::new()
        .add("/account/profile", get(profile_page))
        .add("/account/profile", post(save_profile))
        .add("/account/orders", get(orders_page))
        .add("/account/orders/{order_number}", get(order_detail_page))
        .add("/account/password", get(change_password_page))
        .add("/account/password", post(change_password))
        .add("/account/security", get(security_page))
        .add("/account/security/enable", post(enable_totp))
        .add("/account/security/confirm", post(confirm_totp))
        .add("/account/security/disable", post(disable_totp))
        .add("/account/security/backup-codes", post(regenerate_backup_codes))
 }
--- a/src/controllers/admin_categories.rs
+++ b/src/controllers/admin_categories.rs
@@ -49,10 +49,6 @@ async fn parse_category_fields(
        .text("name")
        .ok_or_else(|| Error::BadRequest("category name is required".to_string()))?;
    let description = form.text("description");
    let position = form
        .text("position")
        .and_then(|s| s.parse::<i32>().ok())
        .unwrap_or(0);
    let published = form.checked("published");
    // Resolve the chosen parent, rejecting cycles: a category may not be its
@@ -81,6 +77,28 @@ async fn parse_category_fields(
        None => None,
    };
    // Position is optional: an explicit value sorts the category among its
    // siblings, but a blank field appends it to the end of its parent's group
    // (one past the current max), so new categories land last instead of first.
    let position = match form.text("position").and_then(|s| s.parse::<i32>().ok()) {
        Some(explicit) => explicit,
        None => {
            let mut query = categories::Entity::find();
            query = match parent_id {
                Some(pid) => query.filter(categories::Column::ParentId.eq(pid)),
                None => query.filter(categories::Column::ParentId.is_null()),
            };
            query
                .all(&ctx.db)
                .await?
                .iter()
                .filter(|c| Some(c.id) != current_id)
                .map(|c| c.position)
                .max()
                .map_or(0, |max| max + 1)
        }
    };
    let desired = form
        .text("slug")
        .map(|s| slugify(&s))
--- a/src/controllers/admin_customers.rs
+++ b/src/controllers/admin_customers.rs
@@ -0,0 +1,300 @@
 //! Admin management of business (company) accounts and their pricing.
 //!
 //! Per company the admin can: assign reusable discount profiles (the automated
 //! layer), resolve per-product collisions when two assigned profiles cover the
 //! same product, and set a manually negotiated price per product. The effective
 //! price the business pays is always resolved by [`crate::shared::pricing`]
 //! (lowest of public / automated / negotiated), shown here for reference.
 use std::collections::{HashMap, HashSet};
 use axum_extra::extract::cookie::CookieJar;
 use loco_rs::prelude::*;
 use sea_orm::{
    ActiveModelTrait, ColumnTrait, EntityTrait, IntoActiveModel, PaginatorTrait, QueryFilter,
    QueryOrder, Set, TransactionTrait,
 };
 use serde::Deserialize;
 use serde_json::json;
 use crate::{
    controllers::i18n::current_lang,
    models::{
        account_discount_profiles, account_product_prices, account_product_resolutions,
        discount_profiles, products, _entities::users,
    },
    shared::{
        guard,
        money::{format_bp, format_price, parse_price_to_cents},
        pricing,
    },
 };
 const COMPANY: &str = "company";
 #[derive(Debug, Deserialize)]
 struct PriceForm {
    price: String,
 }
 #[derive(Debug, Deserialize)]
 struct ResolutionForm {
    profile_id: i32,
 }
 async fn company_by_id(ctx: &AppContext, id: i32) -> Result<users::Model> {
    let user = users::Entity::find_by_id(id)
        .one(&ctx.db)
        .await?
        .ok_or_else(|| Error::NotFound)?;
    if user.account_type != COMPANY {
        return Err(Error::NotFound);
    }
    Ok(user)
 }
 async fn assigned_profile_ids(ctx: &AppContext, user_id: i32) -> Result<HashSet<i32>> {
    Ok(account_discount_profiles::Entity::find()
        .filter(account_discount_profiles::Column::UserId.eq(user_id))
        .all(&ctx.db)
        .await?
        .into_iter()
        .map(|a| a.discount_profile_id)
        .collect())
 }
 #[debug_handler]
 async fn index(
    auth: auth::JWT,
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    State(ctx): State<AppContext>,
 ) -> Result<Response> {
    guard::current_admin(auth, &ctx).await?;
    let companies = users::Entity::find()
        .filter(users::Column::AccountType.eq(COMPANY))
        .order_by_asc(users::Column::Name)
        .all(&ctx.db)
        .await?;
    let mut rows = Vec::with_capacity(companies.len());
    for company in &companies {
        let negotiated = account_product_prices::Entity::find()
            .filter(account_product_prices::Column::UserId.eq(company.id))
            .count(&ctx.db)
            .await?;
        rows.push(json!({
            "id": company.id,
            "name": company.name,
            "email": company.email,
            "negotiated_count": negotiated,
        }));
    }
    format::view(
        &v,
        "admin/customers/index.html",
        json!({ "customers": rows, "lang": current_lang(&jar) }),
    )
 }
 #[debug_handler]
 async fn show(
    auth: auth::JWT,
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    Path(id): Path<i32>,
    Query(params): Query<HashMap<String, String>>,
    State(ctx): State<AppContext>,
 ) -> Result<Response> {
    guard::current_admin(auth, &ctx).await?;
    let company = company_by_id(&ctx, id).await?;
    // All profiles (for the assignment section + name lookup) and which are
    // assigned to this company.
    let all_profiles = discount_profiles::Entity::find()
        .order_by_asc(discount_profiles::Column::Name)
        .all(&ctx.db)
        .await?;
    let assigned = assigned_profile_ids(&ctx, company.id).await?;
    let profile_name: HashMap<i32, String> =
        all_profiles.iter().map(|p| (p.id, p.name.clone())).collect();
    let profiles_json: Vec<serde_json::Value> = all_profiles
        .iter()
        .map(|p| {
            json!({
                "id": p.id,
                "name": p.name,
                "percent": format_bp(p.percent_bp),
                "scope_type": p.scope_type,
                "assigned": assigned.contains(&p.id),
            })
        })
        .collect();
    let list = products::Entity::find()
        .order_by_asc(products::Column::Name)
        .all(&ctx.db)
        .await?;
    let details = pricing::detail_many(&ctx, &list, Some(&company)).await?;
    let rows: Vec<serde_json::Value> = list
        .iter()
        .zip(details.iter())
        .map(|(product, d)| {
            let covering: Vec<serde_json::Value> = d
                .covering_profile_ids
                .iter()
                .map(|pid| json!({ "id": pid, "name": profile_name.get(pid) }))
                .collect();
            json!({
                "product_id": product.id,
                "name": product.name,
                "currency": product.currency,
                "regular_price": format_price(d.regular_cents),
                "public_price": format_price(d.public_cents),
                "on_public_sale": product.on_sale(),
                "manual_price": d.manual_cents.map(format_price),
                "auto_price": d.auto_cents.map(format_price),
                "auto_profile_name": d.auto_profile_id.and_then(|pid| profile_name.get(&pid)),
                "auto_profile_id": d.auto_profile_id,
                "collision": d.collision,
                "covering": covering,
                "effective_price": format_price(d.price_cents),
                "is_business": d.is_business,
            })
        })
        .collect();
    format::view(
        &v,
        "admin/customers/show.html",
        json!({
            "customer": { "id": company.id, "name": company.name, "email": company.email },
            "profiles": profiles_json,
            "products": rows,
            "error": params.get("error"),
            "lang": current_lang(&jar),
        }),
    )
 }
 #[debug_handler]
 async fn set_price(
    auth: auth::JWT,
    Path((id, product_id)): Path<(i32, i32)>,
    State(ctx): State<AppContext>,
    Form(form): Form<PriceForm>,
 ) -> Result<Response> {
    guard::current_admin(auth, &ctx).await?;
    let company = company_by_id(&ctx, id).await?;
    let entered = form.price.trim().to_string();
    if entered.is_empty() {
        account_product_prices::Model::clear(&ctx.db, company.id, product_id).await?;
        return format::redirect(&format!("/admin/customers/{id}"));
    }
    let cents = match parse_price_to_cents(&entered) {
        Ok(cents) if cents > 0 => cents,
        _ => {
            return format::redirect(&format!(
                "/admin/customers/{id}?error=discount-must-be-positive"
            ))
        }
    };
    account_product_prices::Model::upsert(&ctx.db, company.id, product_id, cents).await?;
    format::redirect(&format!("/admin/customers/{id}"))
 }
 #[debug_handler]
 async fn remove_price(
    auth: auth::JWT,
    Path((id, product_id)): Path<(i32, i32)>,
    State(ctx): State<AppContext>,
 ) -> Result<Response> {
    guard::current_admin(auth, &ctx).await?;
    let company = company_by_id(&ctx, id).await?;
    account_product_prices::Model::clear(&ctx.db, company.id, product_id).await?;
    format::redirect(&format!("/admin/customers/{id}"))
 }
 /// Replace the company's assigned profiles with the submitted set of checkboxes
 /// (`profile_ids`, a repeated field axum `Form` can't collect, parsed directly).
 #[debug_handler]
 async fn sync_profiles(
    auth: auth::JWT,
    Path(id): Path<i32>,
    State(ctx): State<AppContext>,
    body: String,
 ) -> Result<Response> {
    guard::current_admin(auth, &ctx).await?;
    let company = company_by_id(&ctx, id).await?;
    let profile_ids: Vec<i32> = form_urlencoded::parse(body.as_bytes())
        .filter(|(k, _)| k == "profile_ids")
        .filter_map(|(_, v)| v.parse::<i32>().ok())
        .collect();
    let txn = ctx.db.begin().await?;
    account_discount_profiles::Entity::delete_many()
        .filter(account_discount_profiles::Column::UserId.eq(company.id))
        .exec(&txn)
        .await?;
    for profile_id in profile_ids {
        account_discount_profiles::ActiveModel {
            user_id: Set(company.id),
            discount_profile_id: Set(profile_id),
            ..Default::default()
        }
        .insert(&txn)
        .await?;
    }
    txn.commit().await?;
    format::redirect(&format!("/admin/customers/{id}"))
 }
 /// Record the admin's chosen winning profile for a colliding product.
 #[debug_handler]
 async fn set_resolution(
    auth: auth::JWT,
    Path((id, product_id)): Path<(i32, i32)>,
    State(ctx): State<AppContext>,
    Form(form): Form<ResolutionForm>,
 ) -> Result<Response> {
    guard::current_admin(auth, &ctx).await?;
    let company = company_by_id(&ctx, id).await?;
    let existing = account_product_resolutions::Entity::find()
        .filter(account_product_resolutions::Column::UserId.eq(company.id))
        .filter(account_product_resolutions::Column::ProductId.eq(product_id))
        .one(&ctx.db)
        .await?;
    let mut active = match existing {
        Some(row) => row.into_active_model(),
        None => account_product_resolutions::ActiveModel {
            user_id: Set(company.id),
            product_id: Set(product_id),
            ..Default::default()
        },
    };
    active.discount_profile_id = Set(form.profile_id);
    active.save(&ctx.db).await?;
    format::redirect(&format!("/admin/customers/{id}"))
 }
 pub fn routes() -> Routes {
    Routes::new()
        .add("/admin/customers", get(index))
        .add("/admin/customers/{id}", get(show))
        .add("/admin/customers/{id}/profiles", post(sync_profiles))
        .add("/admin/customers/{id}/prices/{product_id}", post(set_price))
        .add(
            "/admin/customers/{id}/prices/{product_id}/remove",
            post(remove_price),
        )
        .add(
            "/admin/customers/{id}/resolutions/{product_id}",
            post(set_resolution),
        )
 }
--- a/src/controllers/admin_discount_profiles.rs
+++ b/src/controllers/admin_discount_profiles.rs
@@ -0,0 +1,298 @@
 //! Admin CRUD for reusable discount profiles (a named percentage over a product
 //! scope). Profiles are assigned to business accounts on the customer page; here
 //! the admin only defines them.
 use std::collections::HashSet;
 use axum_extra::extract::cookie::CookieJar;
 use loco_rs::prelude::*;
 use sea_orm::{
    ActiveModelTrait, ColumnTrait, EntityTrait, IntoActiveModel, ModelTrait, PaginatorTrait,
    QueryFilter, QueryOrder, Set, TransactionTrait,
 };
 use serde_json::json;
 use crate::{
    controllers::i18n::current_lang,
    models::{discount_profile_products, discount_profiles, products},
    shared::{
        guard,
        money::{format_bp, parse_percent, percent_to_bp},
    },
 };
 /// Scalar + repeated fields parsed from the profile form. `product_ids` is a
 /// repeated checkbox field, which `serde_urlencoded` (axum `Form`) can't collect,
 /// so the body is parsed directly.
 struct ProfileInput {
    name: String,
    percent: String,
    scope_type: String,
    product_ids: Vec<i32>,
 }
 fn parse_profile_form(body: &str) -> ProfileInput {
    let mut name = String::new();
    let mut percent = String::new();
    let mut scope_type = discount_profiles::SCOPE_INCLUDE.to_string();
    let mut product_ids = Vec::new();
    for (key, value) in form_urlencoded::parse(body.as_bytes()) {
        match key.as_ref() {
            "name" => name = value.into_owned(),
            "percent" => percent = value.into_owned(),
            "scope_type" => scope_type = value.into_owned(),
            "product_ids" => {
                if let Ok(id) = value.parse::<i32>() {
                    product_ids.push(id);
                }
            }
            _ => {}
        }
    }
    ProfileInput {
        name,
        percent,
        scope_type,
        product_ids,
    }
 }
 async fn profile_by_id(ctx: &AppContext, id: i32) -> Result<discount_profiles::Model> {
    discount_profiles::Entity::find_by_id(id)
        .one(&ctx.db)
        .await?
        .ok_or_else(|| Error::NotFound)
 }
 #[debug_handler]
 async fn index(
    auth: auth::JWT,
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    State(ctx): State<AppContext>,
 ) -> Result<Response> {
    guard::current_admin(auth, &ctx).await?;
    let profiles = discount_profiles::Entity::find()
        .order_by_asc(discount_profiles::Column::Name)
        .all(&ctx.db)
        .await?;
    let mut rows = Vec::with_capacity(profiles.len());
    for profile in &profiles {
        let count = discount_profile_products::Entity::find()
            .filter(discount_profile_products::Column::DiscountProfileId.eq(profile.id))
            .count(&ctx.db)
            .await?;
        rows.push(json!({
            "id": profile.id,
            "name": profile.name,
            "percent": format_bp(profile.percent_bp),
            "scope_type": profile.scope_type,
            "product_count": count,
        }));
    }
    format::view(
        &v,
        "admin/catalog/discount_profiles.html",
        json!({ "profiles": rows, "lang": current_lang(&jar) }),
    )
 }
 /// Render the create/edit form. `profile` is null on create.
 async fn render_form(
    ctx: &AppContext,
    v: &TeraView,
    jar: &CookieJar,
    profile: Option<&discount_profiles::Model>,
    selected: &HashSet<i32>,
    error: Option<&str>,
 ) -> Result<Response> {
    let all_products = products::Entity::find()
        .order_by_asc(products::Column::Name)
        .all(&ctx.db)
        .await?;
    let product_rows: Vec<serde_json::Value> = all_products
        .iter()
        .map(|p| json!({ "id": p.id, "name": p.name, "selected": selected.contains(&p.id) }))
        .collect();
    let profile_json = match profile {
        Some(p) => json!({
            "id": p.id,
            "name": p.name,
            "percent": format_bp(p.percent_bp),
            "scope_type": p.scope_type,
        }),
        None => serde_json::Value::Null,
    };
    format::view(
        v,
        "admin/catalog/discount_profile_form.html",
        json!({
            "profile": profile_json,
            "products": product_rows,
            "error": error,
            "lang": current_lang(jar),
        }),
    )
 }
 #[debug_handler]
 async fn new(
    auth: auth::JWT,
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    State(ctx): State<AppContext>,
 ) -> Result<Response> {
    guard::current_admin(auth, &ctx).await?;
    render_form(&ctx, &v, &jar, None, &HashSet::new(), None).await
 }
 #[debug_handler]
 async fn edit(
    auth: auth::JWT,
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    Path(id): Path<i32>,
    State(ctx): State<AppContext>,
 ) -> Result<Response> {
    guard::current_admin(auth, &ctx).await?;
    let profile = profile_by_id(&ctx, id).await?;
    let selected = member_ids(&ctx, id).await?;
    render_form(&ctx, &v, &jar, Some(&profile), &selected, None).await
 }
 async fn member_ids(ctx: &AppContext, profile_id: i32) -> Result<HashSet<i32>> {
    Ok(discount_profile_products::Entity::find()
        .filter(discount_profile_products::Column::DiscountProfileId.eq(profile_id))
        .all(&ctx.db)
        .await?
        .into_iter()
        .map(|r| r.product_id)
        .collect())
 }
 /// Validate the parsed form into `(name, percent_bp, scope_type)`, or an error key.
 fn validate(input: &ProfileInput) -> std::result::Result<(String, i32, String), &'static str> {
    let name = input.name.trim().to_string();
    if name.is_empty() {
        return Err("profile-name-required");
    }
    let pct = parse_percent(&input.percent).ok_or("discount-invalid")?;
    if pct <= 0.0 || pct >= 100.0 {
        return Err("discount-percent-range");
    }
    let scope = if input.scope_type == discount_profiles::SCOPE_ALL_EXCEPT {
        discount_profiles::SCOPE_ALL_EXCEPT
    } else {
        discount_profiles::SCOPE_INCLUDE
    };
    Ok((name, percent_to_bp(pct), scope.to_string()))
 }
 /// Replace a profile's product membership with `product_ids`.
 async fn sync_membership(
    ctx: &AppContext,
    profile_id: i32,
    product_ids: &[i32],
 ) -> Result<()> {
    let txn = ctx.db.begin().await?;
    discount_profile_products::Entity::delete_many()
        .filter(discount_profile_products::Column::DiscountProfileId.eq(profile_id))
        .exec(&txn)
        .await?;
    for product_id in product_ids {
        discount_profile_products::ActiveModel {
            discount_profile_id: Set(profile_id),
            product_id: Set(*product_id),
            ..Default::default()
        }
        .insert(&txn)
        .await?;
    }
    txn.commit().await?;
    Ok(())
 }
 #[debug_handler]
 async fn create(
    auth: auth::JWT,
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    State(ctx): State<AppContext>,
    body: String,
 ) -> Result<Response> {
    guard::current_admin(auth, &ctx).await?;
    let input = parse_profile_form(&body);
    let (name, percent_bp, scope_type) = match validate(&input) {
        Ok(values) => values,
        Err(key) => {
            let selected: HashSet<i32> = input.product_ids.iter().copied().collect();
            return render_form(&ctx, &v, &jar, None, &selected, Some(key)).await;
        }
    };
    let profile = discount_profiles::ActiveModel {
        name: Set(name),
        percent_bp: Set(percent_bp),
        scope_type: Set(scope_type),
        ..Default::default()
    }
    .insert(&ctx.db)
    .await?;
    sync_membership(&ctx, profile.id, &input.product_ids).await?;
    format::redirect("/admin/catalog/discount-profiles")
 }
 #[debug_handler]
 async fn update(
    auth: auth::JWT,
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    Path(id): Path<i32>,
    State(ctx): State<AppContext>,
    body: String,
 ) -> Result<Response> {
    guard::current_admin(auth, &ctx).await?;
    let profile = profile_by_id(&ctx, id).await?;
    let input = parse_profile_form(&body);
    let (name, percent_bp, scope_type) = match validate(&input) {
        Ok(values) => values,
        Err(key) => {
            let selected: HashSet<i32> = input.product_ids.iter().copied().collect();
            return render_form(&ctx, &v, &jar, Some(&profile), &selected, Some(key)).await;
        }
    };
    let mut active = profile.into_active_model();
    active.name = Set(name);
    active.percent_bp = Set(percent_bp);
    active.scope_type = Set(scope_type);
    active.update(&ctx.db).await?;
    sync_membership(&ctx, id, &input.product_ids).await?;
    format::redirect("/admin/catalog/discount-profiles")
 }
 #[debug_handler]
 async fn delete(
    auth: auth::JWT,
    Path(id): Path<i32>,
    State(ctx): State<AppContext>,
 ) -> Result<Response> {
    guard::current_admin(auth, &ctx).await?;
    // FK cascades remove membership, assignments and resolutions.
    profile_by_id(&ctx, id).await?.delete(&ctx.db).await?;
    format::redirect("/admin/catalog/discount-profiles")
 }
 pub fn routes() -> Routes {
    Routes::new()
        .add("/admin/catalog/discount-profiles", get(index))
        .add("/admin/catalog/discount-profiles/new", get(new))
        .add("/admin/catalog/discount-profiles", post(create))
        .add("/admin/catalog/discount-profiles/{id}/edit", get(edit))
        .add("/admin/catalog/discount-profiles/{id}", post(update))
        .add("/admin/catalog/discount-profiles/{id}/delete", post(delete))
 }
--- a/src/controllers/admin_discounts.rs
+++ b/src/controllers/admin_discounts.rs
@@ -0,0 +1,240 @@
 //! Admin management of per-product discounts.
 //!
 //! Discounts live on the product (`sale_price_cents`) but are set here, in a
 //! place of their own, rather than on the product editor: an admin picks a
 //! product, enters a discounted price, and the storefront then shows it on sale.
 //! Editing a product never touches its discount, and vice versa.
 use axum_extra::extract::cookie::CookieJar;
 use loco_rs::prelude::*;
 use sea_orm::{ActiveModelTrait, EntityTrait, QueryOrder, Set};
 use serde::Deserialize;
 use serde_json::json;
 use crate::{
    controllers::i18n::current_lang,
    models::products,
    shared::{
        guard,
        money::{format_price, parse_percent, parse_price_to_cents},
    },
 };
 #[derive(Debug, Deserialize)]
 struct DiscountForm {
    /// "fixed" (enter the new price) or "percent" (enter % off). Defaults to
    /// fixed for older/JSON callers.
    mode: Option<String>,
    sale_price: Option<String>,
    percent: Option<String>,
 }
 /// Resolve a percentage off the regular price into a fixed sale price in cents.
 /// Rounds the discount amount to the nearest cent.
 fn percent_to_sale_cents(regular_cents: i64, percent: f64) -> i64 {
    let off = (regular_cents as f64 * percent / 100.0).round() as i64;
    regular_cents - off
 }
 async fn product_by_id(ctx: &AppContext, id: i32) -> Result<products::Model> {
    products::Entity::find_by_id(id)
        .one(&ctx.db)
        .await?
        .ok_or_else(|| Error::NotFound)
 }
 /// Percent off the regular price, rounded to a whole number. `0` when there is
 /// no positive regular price to discount from.
 fn percent_off(regular_cents: i64, sale_cents: i64) -> i64 {
    if regular_cents <= 0 {
        return 0;
    }
    let off = (regular_cents - sale_cents) as f64 / regular_cents as f64 * 100.0;
    off.round() as i64
 }
 /// Row shape for the discounts list.
 fn list_row(product: &products::Model) -> serde_json::Value {
    json!({
        "id": product.id,
        "name": product.name,
        "slug": product.slug,
        "currency": product.currency,
        "regular_price": format_price(product.price_cents),
        "on_sale": product.on_sale(),
        "sale_price": product.sale_price_cents.map(format_price),
        "percent_off": product.sale_price_cents.map(|sale| percent_off(product.price_cents, sale)),
    })
 }
 #[debug_handler]
 async fn index(
    auth: auth::JWT,
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    State(ctx): State<AppContext>,
 ) -> Result<Response> {
    guard::current_admin(auth, &ctx).await?;
    let list = products::Entity::find()
        .order_by_asc(products::Column::Name)
        .all(&ctx.db)
        .await?;
    let rows: Vec<serde_json::Value> = list.iter().map(list_row).collect();
    format::view(
        &v,
        "admin/catalog/discounts.html",
        json!({ "products": rows, "lang": current_lang(&jar) }),
    )
 }
 /// What to pre-fill the form with: the chosen input mode and the raw values for
 /// each field, so a rejected submit (or a re-edit) shows what the admin had.
 #[derive(Default)]
 struct FormPrefill {
    mode: String,
    fixed: String,
    percent: String,
 }
 /// Render the single-product discount form, optionally with a validation error.
 fn render_form(
    v: &TeraView,
    jar: &CookieJar,
    product: &products::Model,
    prefill: &FormPrefill,
    error: Option<&str>,
 ) -> Result<Response> {
    let mode = if prefill.mode == "percent" { "percent" } else { "fixed" };
    format::view(
        v,
        "admin/catalog/discount_form.html",
        json!({
            "product": {
                "id": product.id,
                "name": product.name,
                "currency": product.currency,
                "regular_price": format_price(product.price_cents),
                "regular_cents": product.price_cents,
                "on_sale": product.on_sale(),
                "sale_price": product.sale_price_cents.map(format_price),
            },
            "mode": mode,
            "fixed": prefill.fixed,
            "percent": prefill.percent,
            "error": error,
            "lang": current_lang(jar),
        }),
    )
 }
 #[debug_handler]
 async fn edit(
    auth: auth::JWT,
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    Path(id): Path<i32>,
    State(ctx): State<AppContext>,
 ) -> Result<Response> {
    guard::current_admin(auth, &ctx).await?;
    let product = product_by_id(&ctx, id).await?;
    // Re-editing always opens in fixed mode showing the current sale price.
    let prefill = FormPrefill {
        mode: "fixed".to_string(),
        fixed: product.sale_price_cents.map(format_price).unwrap_or_default(),
        percent: String::new(),
    };
    render_form(&v, &jar, &product, &prefill, None)
 }
 #[debug_handler]
 async fn update(
    auth: auth::JWT,
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    Path(id): Path<i32>,
    State(ctx): State<AppContext>,
    Form(form): Form<DiscountForm>,
 ) -> Result<Response> {
    guard::current_admin(auth, &ctx).await?;
    let product = product_by_id(&ctx, id).await?;
    let mode = match form.mode.as_deref() {
        Some("percent") => "percent",
        _ => "fixed",
    };
    let fixed = form.sale_price.unwrap_or_default().trim().to_string();
    let percent = form.percent.unwrap_or_default().trim().to_string();
    // Whatever the mode, both raw inputs are echoed back on error so neither tab
    // loses what was typed.
    let prefill = FormPrefill {
        mode: mode.to_string(),
        fixed: fixed.clone(),
        percent: percent.clone(),
    };
    let render_err = |key: &str| render_form(&v, &jar, &product, &prefill, Some(key));
    // Resolve the entered discount into a fixed sale price in cents. An empty
    // input in the active mode clears the discount (same as the Remove action).
    let sale_cents = if mode == "percent" {
        if percent.is_empty() {
            return clear_discount(&ctx, product).await;
        }
        let pct = match parse_percent(&percent) {
            Some(pct) => pct,
            None => return render_err("discount-invalid"),
        };
        if pct <= 0.0 || pct >= 100.0 {
            return render_err("discount-percent-range");
        }
        percent_to_sale_cents(product.price_cents, pct)
    } else {
        if fixed.is_empty() {
            return clear_discount(&ctx, product).await;
        }
        match parse_price_to_cents(&fixed) {
            Ok(cents) => cents,
            Err(_) => return render_err("discount-invalid"),
        }
    };
    // A discount must be a positive price strictly below the regular price —
    // otherwise it isn't a discount.
    if sale_cents <= 0 {
        return render_err("discount-must-be-positive");
    }
    if sale_cents >= product.price_cents {
        return render_err("discount-below-regular");
    }
    let mut active = product.into_active_model();
    active.sale_price_cents = Set(Some(sale_cents));
    active.update(&ctx.db).await?;
    format::redirect("/admin/catalog/discounts")
 }
 async fn clear_discount(ctx: &AppContext, product: products::Model) -> Result<Response> {
    let mut active = product.into_active_model();
    active.sale_price_cents = Set(None);
    active.update(&ctx.db).await?;
    format::redirect("/admin/catalog/discounts")
 }
 #[debug_handler]
 async fn remove(
    auth: auth::JWT,
    Path(id): Path<i32>,
    State(ctx): State<AppContext>,
 ) -> Result<Response> {
    guard::current_admin(auth, &ctx).await?;
    let product = product_by_id(&ctx, id).await?;
    clear_discount(&ctx, product).await
 }
 pub fn routes() -> Routes {
    Routes::new()
        .add("/admin/catalog/discounts", get(index))
        .add("/admin/catalog/discounts/{id}/edit", get(edit))
        .add("/admin/catalog/discounts/{id}", post(update))
        .add("/admin/catalog/discounts/{id}/remove", post(remove))
 }
--- a/src/controllers/admin_orders.rs
+++ b/src/controllers/admin_orders.rs
@@ -14,7 +14,8 @@ use crate::{
    shared::{guard, settings},
 };
-pub(crate) const ORDER_STATUSES: [&str; 4] = ["pending", "paid", "shipped", "cancelled"];
+pub(crate) const ORDER_STATUSES: [&str; 5] =
    ["pending", "paid", "shipped", "delivered", "cancelled"];
 /// Fallback parcel weight when products carry no weight of their own.
 const DEFAULT_PARCEL_WEIGHT_GRAMS: i32 = 1000;
--- a/src/controllers/admin_products.rs
+++ b/src/controllers/admin_products.rs
@@ -18,6 +18,7 @@ use crate::{
    shared::{
        guard,
        money::parse_price_to_cents,
        pricing,
        slug::{slugify, unique_slug},
    },
    models::{categories, product_images, products},
@@ -129,7 +130,8 @@ async fn index(
                .map(|c| c.name),
            None => None,
        };
-        rows.push(view::product_card(&product, image, category_name));
+        let priced = pricing::price_for(&ctx, &product, None).await?;
        rows.push(view::product_card(&product, &priced, image, category_name));
    }
    format::view(
        &v,
--- a/src/controllers/auth.rs
+++ b/src/controllers/auth.rs
@@ -13,6 +13,13 @@ use time::Duration as TimeDuration;
 pub static EMAIL_DOMAIN_RE: OnceLock<Regex> = OnceLock::new();
 pub(crate) const AUTH_COOKIE: &str = "auth_token";
 /// Short-lived cookie that carries a half-authenticated session between the
 /// password step and the TOTP step. It is a *separate* name from `auth_token`
 /// on purpose: the auth guards only read `auth_token`, so this cookie can never
 /// authenticate a request on its own — it only proves the password step passed.
 pub(crate) const TOTP_PENDING_COOKIE: &str = "totp_pending";
 /// How long the user has to enter their 2FA code after the password step.
 pub(crate) const TOTP_PENDING_TTL_SECS: u64 = 300;
 fn get_allow_email_domain_re() -> &'static Regex {
    EMAIL_DOMAIN_RE.get_or_init(|| {
@@ -38,6 +45,24 @@ pub(crate) fn clear_auth_cookie() -> Cookie<'static> {
        .build()
 }
 pub(crate) fn totp_pending_cookie(token: &str, max_age_seconds: u64) -> Cookie<'static> {
    Cookie::build((TOTP_PENDING_COOKIE, token.to_string()))
        .path("/")
        .http_only(true)
        .same_site(SameSite::Lax)
        .max_age(TimeDuration::seconds(max_age_seconds as i64))
        .build()
 }
 pub(crate) fn clear_totp_pending_cookie() -> Cookie<'static> {
    Cookie::build((TOTP_PENDING_COOKIE, ""))
        .path("/")
        .http_only(true)
        .same_site(SameSite::Lax)
        .max_age(TimeDuration::seconds(0))
        .build()
 }
 #[derive(Debug, Deserialize, Serialize)]
 pub struct ForgotParams {
    pub email: String,
--- a/src/controllers/auth_pages.rs
+++ b/src/controllers/auth_pages.rs
@@ -85,6 +85,23 @@ async fn login(
    }
    let jwt_secret = ctx.config.get_jwt_config()?;
    // If the user opted into 2FA, the password is only the first factor: don't
    // issue the real auth cookie yet. Hand out a short-lived, separate "pending"
    // cookie and send them to the code-entry page. Everyone without 2FA logs in
    // in a single step exactly as before.
    if user.totp_enabled() {
        let pending = user
            .generate_jwt(&jwt_secret.secret, auth_controller::TOTP_PENDING_TTL_SECS)
            .or_else(|_| unauthorized("unauthorized!"))?;
        return format::render()
            .cookies(&[auth_controller::totp_pending_cookie(
                &pending,
                auth_controller::TOTP_PENDING_TTL_SECS,
            )])?
            .redirect("/login/totp");
    }
    let token = user
        .generate_jwt(&jwt_secret.secret, jwt_secret.expiration)
        .or_else(|_| unauthorized("unauthorized!"))?;
@@ -94,6 +111,89 @@ async fn login(
        .redirect(home_for(&ctx, &user))
 }
 /// Resolve the user behind a valid, unexpired `totp_pending` cookie. Returns
 /// `None` (never errors) when the cookie is missing, malformed, or expired —
 /// the caller bounces such requests back to `/login`.
 async fn user_from_pending(ctx: &AppContext, jar: &CookieJar) -> Option<users::Model> {
    let cookie = jar.get(auth_controller::TOTP_PENDING_COOKIE)?;
    let jwt_config = ctx.config.get_jwt_config().ok()?;
    let claims = loco_rs::auth::jwt::JWT::new(&jwt_config.secret)
        .validate(cookie.value())
        .ok()?;
    let user = users::Model::find_by_pid(&ctx.db, &claims.claims.pid).await.ok()?;
    // Defend against a stale pending cookie outliving a 2FA disable.
    user.totp_enabled().then_some(user)
 }
 fn login_totp_view(v: &TeraView, jar: &CookieJar, error: Option<&str>) -> Result<Response> {
    format::view(
        v,
        "auth/login_totp.html",
        json!({
            "error": error,
            "logged_in_admin": false,
            "lang": current_lang(jar),
        }),
    )
 }
 #[debug_handler]
 async fn login_totp_page(
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    State(ctx): State<AppContext>,
 ) -> Result<Response> {
    if user_from_pending(&ctx, &jar).await.is_none() {
        return format::redirect("/login");
    }
    login_totp_view(&v, &jar, None)
 }
 /// Second login factor. Accepts either a 6-digit authenticator code or one of
 /// the one-time backup codes (auto-detected by length). On success the pending
 /// cookie is cleared and the real `auth_token` is issued.
 #[derive(Debug, serde::Deserialize)]
 struct TotpLoginForm {
    code: String,
 }
 #[debug_handler]
 async fn login_totp(
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    State(ctx): State<AppContext>,
    Form(form): Form<TotpLoginForm>,
 ) -> Result<Response> {
    let Some(user) = user_from_pending(&ctx, &jar).await else {
        return format::redirect("/login");
    };
    let code = form.code.trim();
    let via_totp = user.verify_totp_code(code);
    let via_backup = !via_totp && user.matches_backup_code(code);
    if !via_totp && !via_backup {
        return login_totp_view(&v, &jar, Some("invalid"));
    }
    // A used backup code must be burned so it can't be replayed.
    if via_backup {
        user.clone().into_active_model().consume_backup_code(&ctx.db, code).await?;
    }
    let jwt_secret = ctx.config.get_jwt_config()?;
    let token = user
        .generate_jwt(&jwt_secret.secret, jwt_secret.expiration)
        .or_else(|_| unauthorized("unauthorized!"))?;
    format::render()
        .cookies(&[
            auth_controller::auth_cookie(&token, jwt_secret.expiration),
            auth_controller::clear_totp_pending_cookie(),
        ])?
        .redirect(home_for(&ctx, &user))
 }
 #[debug_handler]
 async fn register_page(
    jar: CookieJar,
@@ -106,13 +206,50 @@ async fn register_page(
    register_view(&v, &jar, None)
 }
 /// Registration form. The name is no longer collected from the user — it is
 /// derived from the email — and the password is entered twice to guard against
 /// typos.
 #[derive(Debug, serde::Deserialize)]
 struct RegisterForm {
    email: String,
    password: String,
    password_confirm: String,
    #[serde(default)]
    account_type: Option<String>,
 }
 /// Derive a display name from an email address (its local part), falling back to
 /// the full address when the local part is too short for the name validator.
 fn name_from_email(email: &str) -> String {
    let local = email.split('@').next().unwrap_or("").trim();
    if local.chars().count() >= 2 {
        local.to_string()
    } else {
        email.trim().to_string()
    }
 }
 #[debug_handler]
 async fn register(
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    State(ctx): State<AppContext>,
-    Form(params): Form<RegisterParams>,
+    Form(form): Form<RegisterForm>,
 ) -> Result<Response> {
    if form.password != form.password_confirm {
        return register_view(&v, &jar, Some("mismatch"));
    }
    if form.password.len() < 8 {
        return register_view(&v, &jar, Some("weak"));
    }
    let params = RegisterParams {
        name: name_from_email(&form.email),
        email: form.email,
        password: form.password,
        account_type: form.account_type,
    };
    let user = match users::Model::create_with_password(&ctx.db, &params).await {
        Ok(user) => user,
        Err(ModelError::EntityAlreadyExists {}) => {
@@ -329,6 +466,8 @@ pub fn routes() -> Routes {
    Routes::new()
        .add("/login", get(login_page))
        .add("/login", post(login))
        .add("/login/totp", get(login_totp_page))
        .add("/login/totp", post(login_totp))
        .add("/register", get(register_page))
        .add("/register", post(register))
        .add("/verify/{token}", get(verify))
--- a/src/controllers/cart.rs
+++ b/src/controllers/cart.rs
@@ -1,4 +1,4 @@
-use crate::{controllers::i18n::current_lang, shared::{guard, money::format_price}, models::products};
+use crate::{controllers::i18n::current_lang, shared::{guard, money::format_price, pricing}, models::products};
 use axum::{
    http::{HeaderMap, StatusCode},
    response::Redirect,
@@ -189,10 +189,10 @@ pub(crate) async fn resolve_cart(
    ctx: &AppContext,
    jar: &CookieJar,
 ) -> Result<(Vec<serde_json::Value>, Vec<(i32, i32)>, i64)> {
-    let mut lines = Vec::new();
+    // Resolve the cart entries to in-stock products first, then price them all
-    let mut valid = Vec::new();
+    // for the current viewer in one batch (the price depends on who's logged in).
-    let mut total: i64 = 0;
+    let user = guard::current_user(ctx, jar).await;
-
+    let mut items: Vec<(products::Model, i32)> = Vec::new();
    for (id, qty) in parse_cart(jar) {
        let Some(product) = published_product(ctx, id).await? else {
            continue;
@@ -201,14 +201,26 @@ pub(crate) async fn resolve_cart(
        if qty == 0 {
            continue;
        }
-        let line_total = product.price_cents * i64::from(qty);
+        items.push((product, qty));
    }
    let products_only: Vec<products::Model> = items.iter().map(|(p, _)| p.clone()).collect();
    let priced = pricing::price_many(ctx, &products_only, user.as_ref()).await?;
    let mut lines = Vec::new();
    let mut valid = Vec::new();
    let mut total: i64 = 0;
    for ((product, qty), priced) in items.iter().zip(priced.iter()) {
        let unit_price = priced.price_cents;
        let line_total = unit_price * i64::from(*qty);
        total += line_total;
-        valid.push((product.id, qty));
+        valid.push((product.id, *qty));
        lines.push(json!({
            "id": product.id,
            "name": product.name,
            "slug": product.slug,
-            "price": format_price(product.price_cents),
+            "price": format_price(unit_price),
            "regular_price": format_price(priced.regular_cents),
            "on_sale": priced.is_reduced(),
            "currency": product.currency,
            "quantity": qty,
            "stock": product.stock,
@@ -234,7 +246,7 @@ async fn show(
    // Drop any now-invalid lines from the cookie so the badge stays accurate.
    let rebuilt = serialize_cart(&valid);
-    let (logged_in_admin, logged_in_customer) = guard::chrome(&ctx, &jar).await;
+    let c = guard::chrome(&ctx, &jar).await;
    let response = format::view(
        &v,
        "shop/cart.html",
@@ -242,8 +254,10 @@ async fn show(
            "items": lines,
            "total": format_price(total),
            "currency": currency,
-            "logged_in_admin": logged_in_admin,
+            "logged_in_admin": c.logged_in_admin,
-            "logged_in_customer": logged_in_customer,
+            "logged_in_customer": c.logged_in_customer,
            "customer_name": c.customer_name,
            "customer_account_type": c.customer_account_type,
            "lang": current_lang(&jar),
        }),
    )?;
@@ -251,10 +265,39 @@ async fn show(
    Ok((jar.add(cart_cookie(rebuilt)), response).into_response())
 }
 /// Mini-cart preview for the navbar hover dropdown. Lazy-loaded via htmx from
 /// the header; returns just the `shop/_cart_preview.html` fragment.
 #[debug_handler]
 async fn preview(
    jar: CookieJar,
    ViewEngine(v): ViewEngine<TeraView>,
    State(ctx): State<AppContext>,
 ) -> Result<Response> {
    let (lines, valid, total) = resolve_cart(&ctx, &jar).await?;
    let currency = lines
        .first()
        .and_then(|line| line["currency"].as_str())
        .unwrap_or("EUR")
        .to_string();
    let rebuilt = serialize_cart(&valid);
    let response = format::view(
        &v,
        "shop/_cart_preview.html",
        json!({
            "items": lines,
            "total": format_price(total),
            "currency": currency,
            "lang": current_lang(&jar),
        }),
    )?;
    Ok((jar.add(cart_cookie(rebuilt)), response).into_response())
 }
 pub fn routes() -> Routes {
    Routes::new()
        .add("/cart", get(show))
        .add("/cart/add", post(add))
        .add("/cart/update", post(update))
        .add("/cart/remove", post(remove))
        .add("/partials/cart", get(preview))
 }
--- a/src/controllers/checkout.rs
+++ b/src/controllers/checkout.rs
@@ -113,6 +113,12 @@ async fn checkout_page(
    let p = |get: fn(&customer_profiles::Model) -> Option<String>| {
        profile.as_ref().and_then(get)
    };
    // Whether the customer already has a shipping address on file. When they do,
    // the "save this address to my profile" opt-in is pointless (the profile was
    // filled in advance), so it's hidden and the existing profile is left alone.
    let profile_filled = profile
        .as_ref()
        .is_some_and(|pr| pr.address.is_some() && pr.city.is_some() && pr.zip.is_some());
    format::view(
        &v,
@@ -126,6 +132,11 @@ async fn checkout_page(
            "packeta_api_key": settings::get(&ctx, "packeta_api_key").unwrap_or(""),
            "logged_in_admin": is_admin,
            "logged_in_customer": is_customer,
            // Required by the navbar profile menu (base.html includes it whenever
            // logged_in_customer is true); None for admins/guests.
            "customer_name": user.as_ref().filter(|_| is_customer).map(|u| u.name.clone()),
            "customer_account_type": user.as_ref().filter(|_| is_customer).map(|u| u.account_type.clone()),
            "profile_filled": profile_filled,
            // A logged-in customer's account type is fixed; only guests pick it
            // and may opt to create an account from the order.
            "account_fixed": is_customer,
@@ -320,6 +331,7 @@ async fn place_order(
            pickup_point_id,
            pickup_point_name,
        },
        logged_in_customer,
    )
    .await?;
@@ -350,7 +362,7 @@ async fn order_confirmation(
        .filter(order_items::Column::OrderId.eq(order.id))
        .all(&ctx.db)
        .await?;
-    let (logged_in_admin, logged_in_customer) = guard::chrome(&ctx, &jar).await;
+    let c = guard::chrome(&ctx, &jar).await;
    let account_created = params.contains_key("account_created");
    format::view(
@@ -363,8 +375,10 @@ async fn order_confirmation(
                settings::get(&ctx, "bank_account_name").unwrap_or(""),
            ),
            "items": view::items(&items),
-            "logged_in_admin": logged_in_admin,
+            "logged_in_admin": c.logged_in_admin,
-            "logged_in_customer": logged_in_customer,
+            "logged_in_customer": c.logged_in_customer,
            "customer_name": c.customer_name,
            "customer_account_type": c.customer_account_type,
            "account_created": account_created,
            "lang": current_lang(&jar),
        }),
--- a/src/controllers/home.rs
+++ b/src/controllers/home.rs
@@ -12,16 +12,19 @@ async fn index(
    ViewEngine(v): ViewEngine<TeraView>,
    State(ctx): State<AppContext>,
 ) -> Result<Response> {
-    let products = shop::featured_products(&ctx, 8).await?;
+    let user = guard::current_user(&ctx, &jar).await;
-    let (logged_in_admin, logged_in_customer) = guard::chrome(&ctx, &jar).await;
+    let products = shop::featured_products(&ctx, user.as_ref(), 8).await?;
    let c = guard::chrome_from(&ctx, user.as_ref());
    format::view(
        &v,
        "home/index.html",
        json!({
            "products": products,
-            "logged_in_admin": logged_in_admin,
+            "logged_in_admin": c.logged_in_admin,
-            "logged_in_customer": logged_in_customer,
+            "logged_in_customer": c.logged_in_customer,
            "customer_name": c.customer_name,
            "customer_account_type": c.customer_account_type,
            "lang": current_lang(&jar),
        }),
    )
--- a/src/controllers/mod.rs
+++ b/src/controllers/mod.rs
@@ -3,7 +3,10 @@ pub mod auth;
 pub mod auth_pages;
 pub mod oauth2;
 pub mod admin_categories;
 pub mod admin_customers;
 pub mod admin_dashboard;
 pub mod admin_discount_profiles;
 pub mod admin_discounts;
 pub mod admin_form;
 pub mod admin_orders;
 pub mod admin_products;
--- a/src/controllers/shop.rs
+++ b/src/controllers/shop.rs
@@ -8,17 +8,23 @@ use serde_json::json;
 use crate::{
    controllers::i18n::current_lang,
-    shared::guard,
+    shared::{guard, pricing},
-    models::{categories, product_images, products},
+    models::{categories, product_images, products, users},
    views::shop as view,
 };
-/// Shape a list of products into card rows, loading each one's primary image.
+/// Shape a list of products into card rows for `user` (None = public), pricing
-async fn product_rows(ctx: &AppContext, list: Vec<products::Model>) -> Result<Vec<serde_json::Value>> {
+/// each via [`pricing::price_many`] and loading its primary image.
 async fn product_rows(
    ctx: &AppContext,
    user: Option<&users::Model>,
    list: Vec<products::Model>,
 ) -> Result<Vec<serde_json::Value>> {
    let priced = pricing::price_many(ctx, &list, user).await?;
    let mut rows = Vec::with_capacity(list.len());
-    for product in list {
+    for (product, priced) in list.iter().zip(priced.iter()) {
        let image = product_images::first_for(ctx, product.id).await?;
-        rows.push(view::product_card(&product, image, None));
+        rows.push(view::product_card(product, priced, image, None));
    }
    Ok(rows)
 }
@@ -27,6 +33,7 @@ async fn product_rows(ctx: &AppContext, list: Vec<products::Model>) -> Result<Ve
 /// by the home-page landing grid.
 pub(crate) async fn featured_products(
    ctx: &AppContext,
    user: Option<&users::Model>,
    limit: u64,
 ) -> Result<Vec<serde_json::Value>> {
    let list = products::Entity::find()
@@ -35,7 +42,7 @@ pub(crate) async fn featured_products(
        .limit(limit)
        .all(&ctx.db)
        .await?;
-    product_rows(ctx, list).await
+    product_rows(ctx, user, list).await
 }
 /// The site-wide category sidebar, loaded lazily via htmx by the base layout so
@@ -69,14 +76,17 @@ async fn index(
        .all(&ctx.db)
        .await?;
-    let (logged_in_admin, logged_in_customer) = guard::chrome(&ctx, &jar).await;
+    let user = guard::current_user(&ctx, &jar).await;
    let c = guard::chrome_from(&ctx, user.as_ref());
    format::view(
        &v,
        "shop/index.html",
        json!({
-            "products": product_rows(&ctx, list).await?,
+            "products": product_rows(&ctx, user.as_ref(), list).await?,
-            "logged_in_admin": logged_in_admin,
+            "logged_in_admin": c.logged_in_admin,
-            "logged_in_customer": logged_in_customer,
+            "logged_in_customer": c.logged_in_customer,
            "customer_name": c.customer_name,
            "customer_account_type": c.customer_account_type,
            "lang": current_lang(&jar),
        }),
    )
@@ -110,16 +120,20 @@ async fn show(
        None => None,
    };
-    let (logged_in_admin, logged_in_customer) = guard::chrome(&ctx, &jar).await;
+    let user = guard::current_user(&ctx, &jar).await;
    let priced = pricing::price_for(&ctx, &product, user.as_ref()).await?;
    let c = guard::chrome_from(&ctx, user.as_ref());
    format::view(
        &v,
        "shop/show.html",
        json!({
-            "product": view::product_card(&product, None, category.as_ref().map(|c| c.name.clone())),
+            "product": view::product_card(&product, &priced, None, category.as_ref().map(|c| c.name.clone())),
            "images": images.iter().map(|i| i.image_id.clone()).collect::<Vec<_>>(),
            "category": category,
-            "logged_in_admin": logged_in_admin,
+            "logged_in_admin": c.logged_in_admin,
-            "logged_in_customer": logged_in_customer,
+            "logged_in_customer": c.logged_in_customer,
            "customer_name": c.customer_name,
            "customer_account_type": c.customer_account_type,
            "lang": current_lang(&jar),
        }),
    )
@@ -155,7 +169,8 @@ async fn category(
        .all(&ctx.db)
        .await?;
-    let (logged_in_admin, logged_in_customer) = guard::chrome(&ctx, &jar).await;
+    let user = guard::current_user(&ctx, &jar).await;
    let c = guard::chrome_from(&ctx, user.as_ref());
    format::view(
        &v,
        "shop/category.html",
@@ -163,9 +178,11 @@ async fn category(
            "category": category,
            "breadcrumbs": breadcrumbs,
            "children": children,
-            "products": product_rows(&ctx, list).await?,
+            "products": product_rows(&ctx, user.as_ref(), list).await?,
-            "logged_in_admin": logged_in_admin,
+            "logged_in_admin": c.logged_in_admin,
-            "logged_in_customer": logged_in_customer,
+            "logged_in_customer": c.logged_in_customer,
            "customer_name": c.customer_name,
            "customer_account_type": c.customer_account_type,
            "lang": current_lang(&jar),
        }),
    )
--- a/src/fixtures/users.yaml
+++ b/src/fixtures/users.yaml
@@ -6,6 +6,7 @@
  api_key: lo-95ec80d7-cb60-4b70-9b4b-9ef74cb88758
  name: user1
  theme: light
  account_type: personal
  created_at: "2023-11-12T12:34:56.789Z"
  updated_at: "2023-11-12T12:34:56.789Z"
 - id: 3
@@ -15,5 +16,6 @@
  api_key: lo-153561ca-fa84-4e1b-813a-c62526d0a77e
  name: user2
  theme: light
  account_type: personal
  created_at: "2023-11-12T12:34:56.789Z"
  updated_at: "2023-11-12T12:34:56.789Z"
--- a/src/initializers/view_engine.rs
+++ b/src/initializers/view_engine.rs
@@ -6,6 +6,7 @@ use loco_rs::{
    controller::views::{engines, ViewEngine},
    Error, Result,
 };
 use std::collections::HashMap;
 use tracing::info;
 const I18N_DIR: &str = "assets/i18n";
@@ -23,7 +24,9 @@ impl Initializer for ViewEngineInitializer {
    }
    async fn after_routes(&self, router: AxumRouter, _ctx: &AppContext) -> Result<AxumRouter> {
-        let tera_engine = if std::path::Path::new(I18N_DIR).exists() {
+        // Load locales only if present; `t` is registered conditionally below so
        // the single post-process closure covers both cases.
        let locales = if std::path::Path::new(I18N_DIR).exists() {
            let arc = std::sync::Arc::new(
                ArcLoader::builder(&I18N_DIR, unic_langid::langid!("sk"))
                    .shared_resources(Some(&[I18N_SHARED.into()]))
@@ -32,15 +35,28 @@ impl Initializer for ViewEngineInitializer {
                    .map_err(|e| Error::string(&e.to_string()))?,
            );
            info!("locales loaded");
-
+            Some(arc)
            engines::TeraView::build()?.post_process(move |tera| {
                tera.register_function("t", FluentLoader::new(arc.clone()));
                Ok(())
            })?
        } else {
-            engines::TeraView::build()?
+            None
        };
        let tera_engine = engines::TeraView::build()?.post_process(move |tera| {
            if let Some(arc) = &locales {
                tera.register_function("t", FluentLoader::new(arc.clone()));
            }
            // `csrf_token()`: the in-flight request's CSRF token (bound by
            // `shared::csrf::protect`), rendered into `<body hx-headers>` and
            // `ui::csrf_field()`. Inlined so its `tera::Error` return is inferred
            // from `register_function` — we never name a `tera` type, keeping it
            // off our direct deps and pinned to loco's.
            tera.register_function("csrf_token", |_args: &HashMap<String, serde_json::Value>| {
                Ok(serde_json::Value::String(
                    crate::shared::csrf::current_token().unwrap_or_default(),
                ))
            });
            Ok(())
        })?;
        Ok(router.layer(Extension(ViewEngine::from(tera_engine))))
    }
 }
--- a/src/models/_entities/account_discount_profiles.rs
+++ b/src/models/_entities/account_discount_profiles.rs
@@ -0,0 +1,48 @@
 //! `SeaORM` Entity assigning a discount profile to a business account.
 //! Hand-written to match the `account_discount_profiles` migration.
 use sea_orm::entity::prelude::*;
 use serde::{Deserialize, Serialize};
 #[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
 #[sea_orm(table_name = "account_discount_profiles")]
 pub struct Model {
    pub created_at: DateTimeWithTimeZone,
    pub updated_at: DateTimeWithTimeZone,
    #[sea_orm(primary_key)]
    pub id: i32,
    pub user_id: i32,
    pub discount_profile_id: i32,
 }
 #[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
 pub enum Relation {
    #[sea_orm(
        belongs_to = "super::users::Entity",
        from = "Column::UserId",
        to = "super::users::Column::Id",
        on_update = "Cascade",
        on_delete = "Cascade"
    )]
    Users,
    #[sea_orm(
        belongs_to = "super::discount_profiles::Entity",
        from = "Column::DiscountProfileId",
        to = "super::discount_profiles::Column::Id",
        on_update = "Cascade",
        on_delete = "Cascade"
    )]
    DiscountProfiles,
 }
 impl Related<super::users::Entity> for Entity {
    fn to() -> RelationDef {
        Relation::Users.def()
    }
 }
 impl Related<super::discount_profiles::Entity> for Entity {
    fn to() -> RelationDef {
        Relation::DiscountProfiles.def()
    }
 }
--- a/src/models/_entities/account_product_prices.rs
+++ b/src/models/_entities/account_product_prices.rs
@@ -0,0 +1,49 @@
 //! `SeaORM` Entity for per-account negotiated product prices. Hand-written to
 //! match the `account_product_prices` migration (one row per (user, product)).
 use sea_orm::entity::prelude::*;
 use serde::{Deserialize, Serialize};
 #[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
 #[sea_orm(table_name = "account_product_prices")]
 pub struct Model {
    pub created_at: DateTimeWithTimeZone,
    pub updated_at: DateTimeWithTimeZone,
    #[sea_orm(primary_key)]
    pub id: i32,
    pub user_id: i32,
    pub product_id: i32,
    pub price_cents: i64,
 }
 #[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
 pub enum Relation {
    #[sea_orm(
        belongs_to = "super::users::Entity",
        from = "Column::UserId",
        to = "super::users::Column::Id",
        on_update = "Cascade",
        on_delete = "Cascade"
    )]
    Users,
    #[sea_orm(
        belongs_to = "super::products::Entity",
        from = "Column::ProductId",
        to = "super::products::Column::Id",
        on_update = "Cascade",
        on_delete = "Cascade"
    )]
    Products,
 }
 impl Related<super::users::Entity> for Entity {
    fn to() -> RelationDef {
        Relation::Users.def()
    }
 }
 impl Related<super::products::Entity> for Entity {
    fn to() -> RelationDef {
        Relation::Products.def()
    }
 }
--- a/src/models/_entities/account_product_resolutions.rs
+++ b/src/models/_entities/account_product_resolutions.rs
@@ -0,0 +1,64 @@
 //! `SeaORM` Entity for an account's chosen profile when two assigned profiles
 //! cover one product. Hand-written to match the `account_product_resolutions`
 //! migration.
 use sea_orm::entity::prelude::*;
 use serde::{Deserialize, Serialize};
 #[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
 #[sea_orm(table_name = "account_product_resolutions")]
 pub struct Model {
    pub created_at: DateTimeWithTimeZone,
    pub updated_at: DateTimeWithTimeZone,
    #[sea_orm(primary_key)]
    pub id: i32,
    pub user_id: i32,
    pub product_id: i32,
    pub discount_profile_id: i32,
 }
 #[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
 pub enum Relation {
    #[sea_orm(
        belongs_to = "super::users::Entity",
        from = "Column::UserId",
        to = "super::users::Column::Id",
        on_update = "Cascade",
        on_delete = "Cascade"
    )]
    Users,
    #[sea_orm(
        belongs_to = "super::products::Entity",
        from = "Column::ProductId",
        to = "super::products::Column::Id",
        on_update = "Cascade",
        on_delete = "Cascade"
    )]
    Products,
    #[sea_orm(
        belongs_to = "super::discount_profiles::Entity",
        from = "Column::DiscountProfileId",
        to = "super::discount_profiles::Column::Id",
        on_update = "Cascade",
        on_delete = "Cascade"
    )]
    DiscountProfiles,
 }
 impl Related<super::users::Entity> for Entity {
    fn to() -> RelationDef {
        Relation::Users.def()
    }
 }
 impl Related<super::products::Entity> for Entity {
    fn to() -> RelationDef {
        Relation::Products.def()
    }
 }
 impl Related<super::discount_profiles::Entity> for Entity {
    fn to() -> RelationDef {
        Relation::DiscountProfiles.def()
    }
 }
--- a/src/models/_entities/discount_profile_products.rs
+++ b/src/models/_entities/discount_profile_products.rs
@@ -0,0 +1,48 @@
 //! `SeaORM` Entity for a discount profile's product membership. Hand-written to
 //! match the `discount_profile_products` migration.
 use sea_orm::entity::prelude::*;
 use serde::{Deserialize, Serialize};
 #[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
 #[sea_orm(table_name = "discount_profile_products")]
 pub struct Model {
    pub created_at: DateTimeWithTimeZone,
    pub updated_at: DateTimeWithTimeZone,
    #[sea_orm(primary_key)]
    pub id: i32,
    pub discount_profile_id: i32,
    pub product_id: i32,
 }
 #[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
 pub enum Relation {
    #[sea_orm(
        belongs_to = "super::discount_profiles::Entity",
        from = "Column::DiscountProfileId",
        to = "super::discount_profiles::Column::Id",
        on_update = "Cascade",
        on_delete = "Cascade"
    )]
    DiscountProfiles,
    #[sea_orm(
        belongs_to = "super::products::Entity",
        from = "Column::ProductId",
        to = "super::products::Column::Id",
        on_update = "Cascade",
        on_delete = "Cascade"
    )]
    Products,
 }
 impl Related<super::discount_profiles::Entity> for Entity {
    fn to() -> RelationDef {
        Relation::DiscountProfiles.def()
    }
 }
 impl Related<super::products::Entity> for Entity {
    fn to() -> RelationDef {
        Relation::Products.def()
    }
 }
--- a/src/models/_entities/discount_profiles.rs
+++ b/src/models/_entities/discount_profiles.rs
@@ -0,0 +1,39 @@
 //! `SeaORM` Entity for reusable discount profiles. Hand-written to match the
 //! `discount_profiles` migration.
 use sea_orm::entity::prelude::*;
 use serde::{Deserialize, Serialize};
 #[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
 #[sea_orm(table_name = "discount_profiles")]
 pub struct Model {
    pub created_at: DateTimeWithTimeZone,
    pub updated_at: DateTimeWithTimeZone,
    #[sea_orm(primary_key)]
    pub id: i32,
    pub name: String,
    /// Discount in basis points (5% = 500).
    pub percent_bp: i32,
    /// "include" (covers listed products) or "all_except" (covers all but them).
    pub scope_type: String,
 }
 #[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
 pub enum Relation {
    #[sea_orm(has_many = "super::discount_profile_products::Entity")]
    DiscountProfileProducts,
    #[sea_orm(has_many = "super::account_discount_profiles::Entity")]
    AccountDiscountProfiles,
 }
 impl Related<super::discount_profile_products::Entity> for Entity {
    fn to() -> RelationDef {
        Relation::DiscountProfileProducts.def()
    }
 }
 impl Related<super::account_discount_profiles::Entity> for Entity {
    fn to() -> RelationDef {
        Relation::AccountDiscountProfiles.def()
    }
 }
--- a/src/models/_entities/mod.rs
+++ b/src/models/_entities/mod.rs
@@ -2,8 +2,13 @@
 pub mod prelude;
 pub mod account_discount_profiles;
 pub mod account_product_prices;
 pub mod account_product_resolutions;
 pub mod audit_logs;
 pub mod categories;
 pub mod discount_profile_products;
 pub mod discount_profiles;
 pub mod customer_profiles;
 pub mod o_auth2_sessions;
 pub mod order_items;
--- a/src/models/_entities/prelude.rs
+++ b/src/models/_entities/prelude.rs
@@ -1,8 +1,13 @@
 //! `SeaORM` Entity, @generated by sea-orm-codegen 1.1.20
 pub use super::account_discount_profiles::Entity as AccountDiscountProfiles;
 pub use super::account_product_prices::Entity as AccountProductPrices;
 pub use super::account_product_resolutions::Entity as AccountProductResolutions;
 pub use super::audit_logs::Entity as AuditLogs;
 pub use super::categories::Entity as Categories;
 pub use super::customer_profiles::Entity as CustomerProfiles;
 pub use super::discount_profile_products::Entity as DiscountProfileProducts;
 pub use super::discount_profiles::Entity as DiscountProfiles;
 pub use super::o_auth2_sessions::Entity as OAuth2Sessions;
 pub use super::order_items::Entity as OrderItems;
 pub use super::orders::Entity as Orders;
--- a/src/models/_entities/products.rs
+++ b/src/models/_entities/products.rs
@@ -16,6 +16,7 @@ pub struct Model {
    #[sea_orm(column_type = "Text", nullable)]
    pub description: Option<String>,
    pub price_cents: i64,
    pub sale_price_cents: Option<i64>,
    pub currency: String,
    pub sku: Option<String>,
    pub stock: i32,
--- a/src/models/_entities/users.rs
+++ b/src/models/_entities/users.rs
@@ -26,6 +26,9 @@ pub struct Model {
    pub magic_link_expiration: Option<DateTimeWithTimeZone>,
    pub theme: String,
    pub account_type: String,
    pub totp_secret: Option<String>,
    pub totp_enabled_at: Option<DateTimeWithTimeZone>,
    pub totp_backup_codes: Option<String>,
 }
 #[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
--- a/src/models/account_discount_profiles.rs
+++ b/src/models/account_discount_profiles.rs
@@ -0,0 +1,16 @@
 //! Assignment of a discount profile to a business account.
 pub use crate::models::_entities::account_discount_profiles::{ActiveModel, Column, Entity, Model};
 use sea_orm::entity::prelude::*;
 pub type AccountDiscountProfiles = Entity;
 #[async_trait::async_trait]
 impl ActiveModelBehavior for ActiveModel {
    async fn before_save<C>(self, _db: &C, _insert: bool) -> std::result::Result<Self, DbErr>
    where
        C: ConnectionTrait,
    {
        Ok(self)
    }
 }
--- a/src/models/account_product_prices.rs
+++ b/src/models/account_product_prices.rs
@@ -0,0 +1,77 @@
 //! Per-account negotiated product prices: an admin-set price for one product,
 //! for one business account ("personal agreement"). One row per (user, product),
 //! kept unique by the index in the migration.
 pub use crate::models::_entities::account_product_prices::{ActiveModel, Column, Entity, Model};
 use sea_orm::entity::prelude::*;
 use sea_orm::{ActiveValue, IntoActiveModel, QueryFilter, TryIntoModel};
 pub type AccountProductPrices = Entity;
 #[async_trait::async_trait]
 impl ActiveModelBehavior for ActiveModel {
    async fn before_save<C>(self, _db: &C, insert: bool) -> std::result::Result<Self, DbErr>
    where
        C: ConnectionTrait,
    {
        if !insert && self.updated_at.is_unchanged() {
            let mut this = self;
            this.updated_at = ActiveValue::set(chrono::Utc::now().into());
            Ok(this)
        } else {
            Ok(self)
        }
    }
 }
 impl Model {
    /// All negotiated prices for one account, as a `(product_id -> cents)` map.
    pub async fn map_for_user(
        db: &DatabaseConnection,
        user_id: i32,
    ) -> Result<std::collections::HashMap<i32, i64>, DbErr> {
        let rows = Entity::find()
            .filter(Column::UserId.eq(user_id))
            .all(db)
            .await?;
        Ok(rows.into_iter().map(|r| (r.product_id, r.price_cents)).collect())
    }
    /// Insert or update the negotiated price for `(user_id, product_id)`.
    pub async fn upsert(
        db: &DatabaseConnection,
        user_id: i32,
        product_id: i32,
        price_cents: i64,
    ) -> Result<Self, DbErr> {
        let existing = Entity::find()
            .filter(Column::UserId.eq(user_id))
            .filter(Column::ProductId.eq(product_id))
            .one(db)
            .await?;
        let mut active = match existing {
            Some(row) => row.into_active_model(),
            None => ActiveModel {
                user_id: ActiveValue::set(user_id),
                product_id: ActiveValue::set(product_id),
                ..Default::default()
            },
        };
        active.price_cents = ActiveValue::set(price_cents);
        active.save(db).await?.try_into_model()
    }
    /// Remove the negotiated price for `(user_id, product_id)`, if any.
    pub async fn clear(
        db: &DatabaseConnection,
        user_id: i32,
        product_id: i32,
    ) -> Result<(), DbErr> {
        Entity::delete_many()
            .filter(Column::UserId.eq(user_id))
            .filter(Column::ProductId.eq(product_id))
            .exec(db)
            .await?;
        Ok(())
    }
 }
--- a/src/models/account_product_resolutions.rs
+++ b/src/models/account_product_resolutions.rs
@@ -0,0 +1,19 @@
 //! The chosen winning profile for an account+product when assigned profiles
 //! collide on that product.
 pub use crate::models::_entities::account_product_resolutions::{
    ActiveModel, Column, Entity, Model,
 };
 use sea_orm::entity::prelude::*;
 pub type AccountProductResolutions = Entity;
 #[async_trait::async_trait]
 impl ActiveModelBehavior for ActiveModel {
    async fn before_save<C>(self, _db: &C, _insert: bool) -> std::result::Result<Self, DbErr>
    where
        C: ConnectionTrait,
    {
        Ok(self)
    }
 }
--- a/src/models/discount_profile_products.rs
+++ b/src/models/discount_profile_products.rs
@@ -0,0 +1,17 @@
 //! A discount profile's product membership (meaning depends on the profile's
 //! scope: included products, or excluded ones).
 pub use crate::models::_entities::discount_profile_products::{ActiveModel, Column, Entity, Model};
 use sea_orm::entity::prelude::*;
 pub type DiscountProfileProducts = Entity;
 #[async_trait::async_trait]
 impl ActiveModelBehavior for ActiveModel {
    async fn before_save<C>(self, _db: &C, _insert: bool) -> std::result::Result<Self, DbErr>
    where
        C: ConnectionTrait,
    {
        Ok(self)
    }
 }
--- a/src/models/discount_profiles.rs
+++ b/src/models/discount_profiles.rs
@@ -0,0 +1,42 @@
 //! Reusable discount profiles: a named percentage over a product scope, mixable
 //! across business accounts.
 pub use crate::models::_entities::discount_profiles::{ActiveModel, Column, Entity, Model};
 use sea_orm::entity::prelude::*;
 pub type DiscountProfiles = Entity;
 /// Scope value: the profile covers exactly the listed products.
 pub const SCOPE_INCLUDE: &str = "include";
 /// Scope value: the profile covers every product except the listed ones.
 pub const SCOPE_ALL_EXCEPT: &str = "all_except";
 #[async_trait::async_trait]
 impl ActiveModelBehavior for ActiveModel {
    async fn before_save<C>(self, _db: &C, insert: bool) -> std::result::Result<Self, DbErr>
    where
        C: ConnectionTrait,
    {
        if !insert && self.updated_at.is_unchanged() {
            let mut this = self;
            this.updated_at = sea_orm::ActiveValue::set(chrono::Utc::now().into());
            Ok(this)
        } else {
            Ok(self)
        }
    }
 }
 impl Model {
    /// A profile covers `product_id` when its scope lists the product (include)
    /// or does not list it (all_except). `membership` is the profile's product
    /// id set.
    #[must_use]
    pub fn covers(&self, product_id: i32, membership: &std::collections::HashSet<i32>) -> bool {
        let listed = membership.contains(&product_id);
        match self.scope_type.as_str() {
            SCOPE_ALL_EXCEPT => !listed,
            _ => listed,
        }
    }
 }
--- a/src/models/mod.rs
+++ b/src/models/mod.rs
@@ -6,8 +6,13 @@
 pub mod _entities;
 pub mod account_discount_profiles;
 pub mod account_product_prices;
 pub mod account_product_resolutions;
 pub mod audit_logs;
 pub mod categories;
 pub mod discount_profile_products;
 pub mod discount_profiles;
 pub mod customer_profiles;
 pub mod o_auth2_sessions;
 pub mod order_items;
--- a/src/models/orders.rs
+++ b/src/models/orders.rs
@@ -4,6 +4,8 @@ use sea_orm::{Set, TransactionTrait};
 use uuid::Uuid;
 use crate::models::_entities::{order_items, products, shipping_methods};
 use crate::models::users;
 use crate::shared::pricing;
 pub use crate::models::_entities::orders::{ActiveModel, Column, Entity, Model};
 pub type Orders = Entity;
@@ -42,7 +44,12 @@ fn generate_order_number() -> String {
 /// snapshot each product's price/name, decrement stock (re-checking inside the
 /// transaction so an item can't oversell between cart and pay), then write the
 /// order and its line items. Returns the persisted order.
-pub async fn place(ctx: &AppContext, items: &[(i32, i32)], details: Checkout) -> Result<Model> {
+pub async fn place(
    ctx: &AppContext,
    items: &[(i32, i32)],
    details: Checkout,
    user: Option<&users::Model>,
 ) -> Result<Model> {
    let txn = ctx.db.begin().await?;
    let mut subtotal: i64 = 0;
@@ -61,13 +68,17 @@ pub async fn place(ctx: &AppContext, items: &[(i32, i32)], details: Checkout) ->
            )));
        }
        currency = product.currency.clone();
-        subtotal += product.price_cents * i64::from(*qty);
+        // Snapshot the price the buyer actually pays — public sale or, for a
        // business account, their negotiated/lowest price (same resolver the
        // cart and storefront use).
        let unit_price_cents = pricing::price_for(ctx, &product, user).await?.price_cents;
        subtotal += unit_price_cents * i64::from(*qty);
        let mut active = product.clone().into_active_model();
        active.stock = Set(product.stock - *qty);
        active.update(&txn).await?;
-        snapshots.push((product.id, product.name, product.price_cents, *qty));
+        snapshots.push((product.id, product.name, unit_price_cents, *qty));
    }
    let order = ActiveModel {
--- a/src/models/products.rs
+++ b/src/models/products.rs
@@ -19,7 +19,25 @@ impl ActiveModelBehavior for ActiveModel {
 }
 // implement your read-oriented logic here
-impl Model {}
+impl Model {
    /// Whether a discount is currently active: a sale price is set and is
    /// strictly below the regular price.
    #[must_use]
    pub fn on_sale(&self) -> bool {
        matches!(self.sale_price_cents, Some(sale) if sale < self.price_cents)
    }
    /// The price actually charged: the sale price when [`Model::on_sale`],
    /// otherwise the regular price.
    #[must_use]
    pub fn effective_price_cents(&self) -> i64 {
        if self.on_sale() {
            self.sale_price_cents.unwrap_or(self.price_cents)
        } else {
            self.price_cents
        }
    }
 }
 // implement your write-oriented logic here
 impl ActiveModel {}
--- a/src/models/users.rs
+++ b/src/models/users.rs
@@ -5,6 +5,7 @@ use loco_rs::{auth::jwt, hash, prelude::*};
 use passwords::PasswordGenerator;
 use serde::{Deserialize, Serialize};
 use serde_json::Map;
 use totp_rs::{Algorithm, Secret, TOTP};
 use uuid::Uuid;
 use crate::models::_entities::o_auth2_sessions;
@@ -16,6 +17,45 @@ pub const MAGIC_LINK_EXPIRATION_MIN: i8 = 5;
 /// Minimum gap between verification-email resends for one account, in seconds.
 pub const VERIFICATION_RESEND_COOLDOWN_SECS: i64 = 60;
 // TODO(security): `users.totp_secret` is stored as a PLAINTEXT base32 string.
 // Unlike `password` (a one-way hash) the TOTP secret must be kept in reversible
 // form — the server needs the original value to recompute codes — so it is
 // effectively password-equivalent: anyone who can read this column can mint
 // valid 2FA codes for that user. It is deliberately left in plaintext for now
 // and treated like the app's other server-side secrets (e.g. the SMTP password,
 // kept out of the DB entirely). When secrets get a proper at-rest story, encrypt
 // this column with a key held OUTSIDE the database (env / `pass`), decrypting
 // only in memory. The single read/write site is `build_totp` +
 // `begin_totp_enrollment` below; `totp_backup_codes` are already hashed and need
 // no change. Grep `TODO(security)` to find this.
 /// TOTP (Google Authenticator) parameters. These are the values Google
 /// Authenticator assumes; it ignores anything else encoded in the otpauth URL,
 /// so they must stay SHA1 / 6 digits / 30s or codes won't match.
 const TOTP_ISSUER: &str = "Kompress";
 const TOTP_DIGITS: usize = 6;
 /// Accept codes ±1 time-step (~30s) to tolerate client/server clock drift.
 const TOTP_SKEW: u8 = 1;
 const TOTP_STEP: u64 = 30;
 /// Number of one-time recovery codes generated when 2FA is enabled.
 pub const TOTP_BACKUP_CODE_COUNT: usize = 8;
 /// Build a [`TOTP`] from a stored base32 secret and the account label (email).
 /// Returns `None` if the secret can't be decoded.
 fn build_totp(secret_base32: &str, account: &str) -> Option<TOTP> {
    let bytes = Secret::Encoded(secret_base32.to_string()).to_bytes().ok()?;
    TOTP::new(
        Algorithm::SHA1,
        TOTP_DIGITS,
        TOTP_SKEW,
        TOTP_STEP,
        bytes,
        Some(TOTP_ISSUER.to_string()),
        account.to_string(),
    )
    .ok()
 }
 #[derive(Debug, Deserialize, Serialize)]
 pub struct LoginParams {
    pub email: String,
@@ -241,6 +281,68 @@ impl Model {
        self.account_type == "company"
    }
    /// Whether two-factor auth is active for this account. This is the single
    /// source of truth used by the login flow: a secret may be present during a
    /// half-finished enrollment, but 2FA only gates login once it is *confirmed*
    /// (which is what sets `totp_enabled_at`).
    #[must_use]
    pub fn totp_enabled(&self) -> bool {
        self.totp_enabled_at.is_some()
    }
    /// Build the [`TOTP`] for this user from its stored secret, if any.
    fn totp(&self) -> Option<TOTP> {
        let secret = self.totp_secret.as_deref()?;
        build_totp(secret, &self.email)
    }
    /// A `data:image/png;base64,...` QR for the *pending* secret plus the secret
    /// itself (shown as a manual-entry fallback). Used on the enrollment page.
    /// Returns `None` if no secret is staged or QR rendering fails.
    #[must_use]
    pub fn totp_provisioning(&self) -> Option<(String, String)> {
        let totp = self.totp()?;
        let qr = totp.get_qr_base64().ok()?;
        Some((
            format!("data:image/png;base64,{qr}"),
            self.totp_secret.clone()?,
        ))
    }
    /// Verify a 6-digit authenticator code against the stored secret. Returns
    /// false if no secret is staged or the code is wrong. Works both during
    /// enrollment confirmation and at login.
    #[must_use]
    pub fn verify_totp_code(&self, code: &str) -> bool {
        let code = code.trim().replace(' ', "");
        self.totp()
            .and_then(|t| t.check_current(&code).ok())
            .unwrap_or(false)
    }
    /// Whether `code` matches one of the still-unused backup codes.
    #[must_use]
    pub fn matches_backup_code(&self, code: &str) -> bool {
        let code = code.trim().replace([' ', '-'], "");
        self.backup_code_hashes()
            .iter()
            .any(|h| hash::verify_password(&code, h))
    }
    /// The stored hashed backup codes (empty if none).
    fn backup_code_hashes(&self) -> Vec<String> {
        self.totp_backup_codes
            .as_deref()
            .and_then(|s| serde_json::from_str::<Vec<String>>(s).ok())
            .unwrap_or_default()
    }
    /// How many unused backup codes remain.
    #[must_use]
    pub fn backup_codes_remaining(&self) -> usize {
        self.backup_code_hashes().len()
    }
    /// Seconds the user must still wait before another verification email may be
    /// sent — 0 means a resend is allowed now. Throttling resends off the last
    /// `email_verification_sent_at` keeps the endpoint from being an easy way to
@@ -446,6 +548,96 @@ impl ActiveModel {
        self.magic_link_expiration = ActiveValue::set(None);
        self.update(db).await.map_err(ModelError::from)
    }
    /// Stage a fresh TOTP secret for enrollment. This does **not** turn 2FA on —
    /// `totp_enabled_at` stays null until the user proves they scanned it by
    /// confirming a code (see [`Self::enable_totp`]). Any previously staged
    /// secret/backup codes are discarded so re-enrolling always starts clean.
    pub async fn begin_totp_enrollment(mut self, db: &DatabaseConnection) -> ModelResult<Model> {
        let secret = match Secret::generate_secret().to_encoded() {
            Secret::Encoded(s) => s,
            // generate_secret() always yields raw bytes that encode cleanly.
            Secret::Raw(_) => unreachable!("to_encoded() returns Encoded"),
        };
        self.totp_secret = ActiveValue::set(Some(secret));
        self.totp_enabled_at = ActiveValue::set(None);
        self.totp_backup_codes = ActiveValue::set(None);
        self.update(db).await.map_err(ModelError::from)
    }
    /// Confirm enrollment and switch 2FA on. The caller must have already
    /// verified a code against the staged secret. Generates and stores hashed
    /// one-time backup codes and returns the plaintext codes to display **once**.
    pub async fn enable_totp(
        mut self,
        db: &DatabaseConnection,
    ) -> ModelResult<(Model, Vec<String>)> {
        let (plain, hashes) = generate_backup_codes()?;
        let encoded = serde_json::to_string(&hashes).map_err(|e| ModelError::Any(e.into()))?;
        self.totp_enabled_at = ActiveValue::set(Some(Local::now().into()));
        self.totp_backup_codes = ActiveValue::set(Some(encoded));
        let model = self.update(db).await.map_err(ModelError::from)?;
        Ok((model, plain))
    }
    /// Turn 2FA off and wipe all TOTP state. Callers gate this behind a fresh
    /// confirmation (password or a current code).
    pub async fn disable_totp(mut self, db: &DatabaseConnection) -> ModelResult<Model> {
        self.totp_secret = ActiveValue::set(None);
        self.totp_enabled_at = ActiveValue::set(None);
        self.totp_backup_codes = ActiveValue::set(None);
        self.update(db).await.map_err(ModelError::from)
    }
    /// Remove a used backup code from the stored set so it can't be reused.
    /// `code` is matched against the remaining hashes; a no-op if it doesn't
    /// match (the caller decides whether a match was required).
    pub async fn consume_backup_code(
        mut self,
        db: &DatabaseConnection,
        code: &str,
    ) -> ModelResult<Model> {
        let code = code.trim().replace([' ', '-'], "");
        let current: Vec<String> = match self.totp_backup_codes.as_ref() {
            Some(s) => serde_json::from_str(s.as_str()).unwrap_or_default(),
            None => Vec::new(),
        };
        let remaining: Vec<String> = current
            .into_iter()
            .filter(|h| !hash::verify_password(&code, h))
            .collect();
        let encoded = serde_json::to_string(&remaining).map_err(|e| ModelError::Any(e.into()))?;
        self.totp_backup_codes = ActiveValue::set(Some(encoded));
        self.update(db).await.map_err(ModelError::from)
    }
    /// Replace the backup codes with a fresh set (e.g. after the user used some).
    /// Only meaningful while 2FA is enabled; returns the new plaintext codes.
    pub async fn regenerate_backup_codes(
        mut self,
        db: &DatabaseConnection,
    ) -> ModelResult<(Model, Vec<String>)> {
        let (plain, hashes) = generate_backup_codes()?;
        let encoded = serde_json::to_string(&hashes).map_err(|e| ModelError::Any(e.into()))?;
        self.totp_backup_codes = ActiveValue::set(Some(encoded));
        let model = self.update(db).await.map_err(ModelError::from)?;
        Ok((model, plain))
    }
 }
 /// Generate `TOTP_BACKUP_CODE_COUNT` recovery codes, returning
 /// `(plaintext, hashes)`. Only the hashes are persisted; the plaintext is shown
 /// to the user once and never stored.
 fn generate_backup_codes() -> ModelResult<(Vec<String>, Vec<String>)> {
    let mut plain = Vec::with_capacity(TOTP_BACKUP_CODE_COUNT);
    let mut hashes = Vec::with_capacity(TOTP_BACKUP_CODE_COUNT);
    for _ in 0..TOTP_BACKUP_CODE_COUNT {
        let code = hash::random_string(10).to_lowercase();
        let hashed = hash::hash_password(&code).map_err(|e| ModelError::Any(e.into()))?;
        plain.push(code);
        hashes.push(hashed);
    }
    Ok((plain, hashes))
 }
 /// Google OpenID Connect user profile (the fields our scopes request).
--- a/src/shared/csrf.rs
+++ b/src/shared/csrf.rs
@@ -0,0 +1,304 @@
 //! Stateless CSRF protection (signed double-submit cookie).
 //!
 //! Authentication is cookie-based (the `auth_token` JWT cookie, see
 //! [`crate::shared::guard`]), so any state-changing request the browser can be
 //! tricked into making carries the victim's credentials. `SameSite=Lax` on the
 //! auth cookie already blocks the cross-site *form* POST case; this layer is the
 //! defense-in-depth on top of it.
 //!
 //! ## How it works
 //! On every safe request we ensure the browser holds a `csrf_token` cookie whose
 //! value is `<random>.<hmac>` — the HMAC is keyed by the app's JWT secret, so the
 //! server can recognise its own tokens without storing any per-session state
 //! (no session table, survives restarts and multiple instances). On every unsafe
 //! request ([`protect`]) the same token must be echoed back, either as the
 //! `X-CSRF-Token` header (htmx requests) or a `_csrf` form field (native
 //! `<form>` submits, which cannot set a custom header). Because a cross-origin
 //! attacker can neither read the cookie nor forge a valid signature, they cannot
 //! produce a matching echo.
 //!
 //! The browser side lives in the two base templates (`base.html`,
 //! `admin/base.html`): an `htmx:configRequest` hook adds the header and a
 //! `submit` hook injects the hidden `_csrf` field.
 //!
 //! `/api/*` is exempt: that subtree is the token-authenticated JSON API and the
 //! OAuth2 callback, neither of which is driven by the browser session cookie.
 use axum::{
    body::{to_bytes, Body},
    extract::{Request, State},
    http::{header, Method, StatusCode},
    middleware::Next,
    response::{IntoResponse, Response},
 };
 use axum_extra::extract::cookie::{Cookie, CookieJar, SameSite};
 use bytes::Bytes;
 use hmac::{Hmac, Mac};
 use loco_rs::prelude::*;
 use sha2::Sha256;
 use subtle::ConstantTimeEq;
 use time::Duration as TimeDuration;
 use uuid::Uuid;
 /// Cookie that holds the signed token. Deliberately *not* `HttpOnly`: the page
 /// JS has to read it to echo it back in the header / hidden field.
 pub const CSRF_COOKIE: &str = "csrf_token";
 /// Header carrying the echoed token on htmx (and any scripted) requests.
 pub const CSRF_HEADER: &str = "x-csrf-token";
 /// Hidden form field carrying the echoed token on native `<form>` submits.
 pub const CSRF_FIELD: &str = "_csrf";
 /// Cookie lifetime. Long enough to outlast a normal browsing session; the token
 /// only needs to be stable, not short-lived (it is not a credential on its own).
 const COOKIE_MAX_AGE_SECS: i64 = 60 * 60 * 24 * 14;
 /// Upper bound on a body we will buffer to find the `_csrf` field. Covers the
 /// largest native multipart submit (a 10 MiB image upload plus the other
 /// fields); anything bigger is rejected rather than buffered.
 const MAX_BODY_BYTES: usize = 16 * 1024 * 1024;
 tokio::task_local! {
    /// CSRF token bound to the in-flight request. [`protect`] sets it so the
    /// `csrf_token()` Tera function can render it into pages (the `hx-headers`
    /// on `<body>` and the `ui::csrf_field()` hidden input) without every
    /// controller having to thread it through the view context.
    static REQUEST_TOKEN: String;
 }
 /// The CSRF token for the current request task, if one is bound. Returns `None`
 /// outside a request (e.g. a mailer rendering a template). Used by the
 /// `csrf_token()` Tera function registered in the view engine.
 #[must_use]
 pub fn current_token() -> Option<String> {
    REQUEST_TOKEN.try_with(String::clone).ok()
 }
 type HmacSha256 = Hmac<Sha256>;
 fn to_hex(bytes: &[u8]) -> String {
    let mut s = String::with_capacity(bytes.len() * 2);
    for b in bytes {
        s.push_str(&format!("{b:02x}"));
    }
    s
 }
 /// HMAC-SHA256 of the random part, keyed by the app secret.
 fn sign(secret: &str, random: &str) -> String {
    let mut mac =
        HmacSha256::new_from_slice(secret.as_bytes()).expect("HMAC accepts a key of any length");
    mac.update(random.as_bytes());
    to_hex(&mac.finalize().into_bytes())
 }
 /// Mint a fresh `<random>.<hmac>` token.
 pub fn make_token(secret: &str) -> String {
    let random = Uuid::new_v4().simple().to_string();
    let sig = sign(secret, &random);
    format!("{random}.{sig}")
 }
 /// True when `token` is well-formed and its signature is the one this server
 /// would produce — i.e. it is one of *our* tokens, not an attacker-injected one.
 fn signature_valid(secret: &str, token: &str) -> bool {
    let Some((random, sig)) = token.split_once('.') else {
        return false;
    };
    let expected = sign(secret, random);
    expected.as_bytes().ct_eq(sig.as_bytes()).into()
 }
 /// Constant-time equality of two full tokens (the double-submit comparison).
 fn tokens_match(a: &str, b: &str) -> bool {
    a.as_bytes().ct_eq(b.as_bytes()).into()
 }
 fn issue_cookie(token: String) -> Cookie<'static> {
    Cookie::build((CSRF_COOKIE, token))
        .path("/")
        .http_only(false)
        .same_site(SameSite::Lax)
        .max_age(TimeDuration::seconds(COOKIE_MAX_AGE_SECS))
        .build()
 }
 fn forbidden(reason: &str) -> Response {
    tracing::debug!(reason, "CSRF check rejected request");
    (StatusCode::FORBIDDEN, "CSRF validation failed").into_response()
 }
 /// Attach the given token to an outgoing response as the `csrf_token` cookie.
 fn attach_cookie(res: &mut Response, token: &str) {
    let cookie = issue_cookie(token.to_string());
    if let Ok(value) = cookie.encoded().to_string().parse() {
        res.headers_mut().append(header::SET_COOKIE, value);
    }
 }
 /// Pull the `_csrf` value out of an `application/x-www-form-urlencoded` body.
 fn field_from_urlencoded(bytes: &[u8]) -> Option<String> {
    form_urlencoded::parse(bytes)
        .find(|(k, _)| k == CSRF_FIELD)
        .map(|(_, v)| v.into_owned())
 }
 /// Pull the `_csrf` value out of a `multipart/form-data` body. Parses a *copy*
 /// of the buffered bytes purely to read the field; the original bytes are still
 /// forwarded to the handler unchanged.
 async fn field_from_multipart(content_type: &str, bytes: Bytes) -> Option<String> {
    let boundary = multer::parse_boundary(content_type).ok()?;
    let stream = futures_util::stream::once(async move { Ok::<_, std::io::Error>(bytes) });
    let mut multipart = multer::Multipart::new(stream, boundary);
    while let Ok(Some(field)) = multipart.next_field().await {
        if field.name() == Some(CSRF_FIELD) {
            return field.text().await.ok();
        }
    }
    None
 }
 /// CSRF enforcement middleware. Safe methods get a token cookie (minted if
 /// missing); unsafe methods must echo a valid, matching token. See the module
 /// docs for the full scheme.
 pub async fn protect(
    State(ctx): State<AppContext>,
    jar: CookieJar,
    req: Request,
    next: Next,
 ) -> Response {
    // The token is keyed by the JWT secret. If no secret is configured we cannot
    // validate, so fail open rather than 403 the whole site — the same secret is
    // already required for auth to work at all.
    let Ok(jwt) = ctx.config.get_jwt_config() else {
        return next.run(req).await;
    };
    let secret = jwt.secret.clone();
    // The token the browser currently holds, accepted only if untampered.
    let cookie_token = jar
        .get(CSRF_COOKIE)
        .map(|c| c.value().to_string())
        .filter(|t| signature_valid(&secret, t));
    let is_safe = matches!(
        *req.method(),
        Method::GET | Method::HEAD | Method::OPTIONS | Method::TRACE
    );
    // Token-auth JSON API + OAuth2 callback: not browser-cookie-driven.
    let exempt = req.uri().path().starts_with("/api/");
    if is_safe || exempt {
        // Bind a token for the page to render even on the very first visit, and
        // persist that same token in the cookie so the later submit matches.
        let token = cookie_token.clone().unwrap_or_else(|| make_token(&secret));
        let mut res = REQUEST_TOKEN.scope(token.clone(), next.run(req)).await;
        if cookie_token.is_none() {
            attach_cookie(&mut res, &token);
        }
        return res;
    }
    // ---- unsafe, non-exempt: require a valid double-submit ----
    let Some(expected) = cookie_token else {
        return forbidden("missing or tampered CSRF cookie");
    };
    // htmx and other scripted requests send the token as a header; prefer it so
    // we never have to touch the body.
    let header_token = req
        .headers()
        .get(CSRF_HEADER)
        .and_then(|v| v.to_str().ok())
        .map(str::to_string);
    if let Some(header_token) = header_token {
        if tokens_match(&header_token, &expected) {
            return REQUEST_TOKEN.scope(expected, next.run(req)).await;
        }
        return forbidden("CSRF header did not match cookie");
    }
    // Native <form> submit: the token is a `_csrf` body field. Buffer the body,
    // read the field from a copy, then forward the original bytes untouched.
    let content_type = req
        .headers()
        .get(header::CONTENT_TYPE)
        .and_then(|v| v.to_str().ok())
        .unwrap_or("")
        .to_string();
    let (parts, body) = req.into_parts();
    let Ok(bytes) = to_bytes(body, MAX_BODY_BYTES).await else {
        return forbidden("request body too large to validate CSRF");
    };
    let submitted = if content_type.starts_with("application/x-www-form-urlencoded") {
        field_from_urlencoded(&bytes)
    } else if content_type.starts_with("multipart/form-data") {
        field_from_multipart(&content_type, bytes.clone()).await
    } else {
        None
    };
    let valid = submitted
        .as_deref()
        .is_some_and(|t| tokens_match(t, &expected));
    if !valid {
        return forbidden("missing or non-matching CSRF form field");
    }
    let req = Request::from_parts(parts, Body::from(bytes));
    REQUEST_TOKEN.scope(expected, next.run(req)).await
 }
 #[cfg(test)]
 mod tests {
    use super::*;
    const SECRET: &str = "test-secret";
    #[test]
    fn fresh_token_validates() {
        let token = make_token(SECRET);
        assert!(signature_valid(SECRET, &token));
    }
    #[test]
    fn tampered_or_foreign_token_rejected() {
        let token = make_token(SECRET);
        // Flip the random part but keep the old signature.
        let (_, sig) = token.split_once('.').unwrap();
        let forged = format!("{}.{sig}", Uuid::new_v4().simple());
        assert!(!signature_valid(SECRET, &forged));
        // A token minted under a different secret is not ours.
        assert!(!signature_valid(SECRET, &make_token("other-secret")));
        // Malformed input never validates.
        assert!(!signature_valid(SECRET, "no-dot-here"));
    }
    #[test]
    fn double_submit_compare() {
        let token = make_token(SECRET);
        assert!(tokens_match(&token, &token.clone()));
        assert!(!tokens_match(&token, &make_token(SECRET)));
    }
    #[test]
    fn extract_field_from_urlencoded() {
        let body = b"email=a%40b.com&_csrf=abc.def&password=x";
        assert_eq!(field_from_urlencoded(body), Some("abc.def".to_string()));
        assert_eq!(field_from_urlencoded(b"email=x"), None);
    }
    #[tokio::test]
    async fn extract_field_from_multipart() {
        let boundary = "X-BOUNDARY";
        let content_type = format!("multipart/form-data; boundary={boundary}");
        let body = format!(
            "--{b}\r\nContent-Disposition: form-data; name=\"name\"\r\n\r\nWidget\r\n\
             --{b}\r\nContent-Disposition: form-data; name=\"_csrf\"\r\n\r\nabc.def\r\n\
             --{b}--\r\n",
            b = boundary
        );
        let got = field_from_multipart(&content_type, Bytes::from(body)).await;
        assert_eq!(got, Some("abc.def".to_string()));
    }
 }
--- a/src/shared/guard.rs
+++ b/src/shared/guard.rs
@@ -46,13 +46,36 @@ pub async fn logged_in(ctx: &AppContext, jar: &CookieJar) -> bool {
    }
 }
-/// Nav chrome flags for storefront pages, in one DB lookup: returns
+/// Nav chrome for storefront pages, resolved in one DB lookup. A customer is any
-/// `(logged_in_admin, logged_in_customer)`. A customer is any authenticated
+/// authenticated non-admin user; `customer_name`/`customer_account_type` are set
-/// non-admin user. Both are `false` for anonymous visitors.
+/// only for such a customer (used by the navbar profile menu). Everything is the
-pub async fn chrome(ctx: &AppContext, jar: &CookieJar) -> (bool, bool) {
+/// zero value for anonymous visitors and the name/type stay `None` for admins.
-    match current_user(ctx, jar).await {
+#[derive(Debug, Default)]
-        Some(user) if is_admin(ctx, &user) => (true, false),
+pub struct Chrome {
-        Some(_) => (false, true),
+    pub logged_in_admin: bool,
-        None => (false, false),
+    pub logged_in_customer: bool,
    pub customer_name: Option<String>,
    pub customer_account_type: Option<String>,
 }
 pub async fn chrome(ctx: &AppContext, jar: &CookieJar) -> Chrome {
    chrome_from(ctx, current_user(ctx, jar).await.as_ref())
 }
 /// Same as [`chrome`] but from an already-loaded user, so a handler that needs
 /// the user model (e.g. for pricing) can resolve chrome without a second lookup.
 pub fn chrome_from(ctx: &AppContext, user: Option<&users::Model>) -> Chrome {
    match user {
        Some(user) if is_admin(ctx, user) => Chrome {
            logged_in_admin: true,
            ..Default::default()
        },
        Some(user) => Chrome {
            logged_in_customer: true,
            customer_name: Some(user.name.clone()),
            customer_account_type: Some(user.account_type.clone()),
            ..Default::default()
        },
        None => Chrome::default(),
    }
 }
--- a/src/shared/mod.rs
+++ b/src/shared/mod.rs
@@ -1,7 +1,9 @@
 //! Cross-cutting helpers used across feature slices.
 pub mod csrf;
 pub mod guard;
 pub mod money;
 pub mod pricing;
 pub mod rbac;
 pub mod settings;
 pub mod slug;
--- a/src/shared/money.rs
+++ b/src/shared/money.rs
@@ -34,3 +34,41 @@ pub fn parse_price_to_cents(value: &str) -> Result<i64> {
 pub fn format_price(cents: i64) -> String {
    format!("{}.{:02}", cents / 100, (cents % 100).abs())
 }
 /// Parse a percentage typed as "20", "20.5" or "20,5" into an `f64`. Returns
 /// `None` for anything non-numeric or non-finite.
 #[must_use]
 pub fn parse_percent(value: &str) -> Option<f64> {
    let parsed: f64 = value.trim().replace(',', ".").parse().ok()?;
    parsed.is_finite().then_some(parsed)
 }
 /// Convert a percentage to basis points (5% -> 500), rounded to the nearest bp.
 #[must_use]
 pub fn percent_to_bp(percent: f64) -> i32 {
    (percent * 100.0).round() as i32
 }
 /// Render basis points as a human percentage string, e.g. `550` -> `"5.5"`,
 /// `500` -> `"5"`.
 #[must_use]
 pub fn format_bp(bp: i32) -> String {
    let whole = bp / 100;
    let frac = (bp % 100).abs();
    if frac == 0 {
        whole.to_string()
    } else if frac % 10 == 0 {
        format!("{whole}.{}", frac / 10)
    } else {
        format!("{whole}.{frac:02}")
    }
 }
 /// Apply a basis-point discount to a price in minor units, rounding the discount
 /// amount to the nearest cent. Never returns more than `cents`.
 #[must_use]
 pub fn apply_discount_bp(cents: i64, percent_bp: i32) -> i64 {
    let bp = percent_bp.max(0) as i128;
    let discount = (cents as i128 * bp + 5000) / 10000; // round half up
    (cents - discount as i64).max(0)
 }
--- a/src/shared/pricing.rs
+++ b/src/shared/pricing.rs
@@ -0,0 +1,309 @@
 //! Single source of truth for the price a given viewer pays for a product, so
 //! the storefront, cart, and placed orders always agree.
 //!
 //! Everyone sees the public price — the lower of the regular price and any
 //! public sale ([`products::Model::effective_price_cents`]). A logged-in
 //! **company** account additionally gets their business price: the lowest of the
 //! public price, any admin-set negotiated price, and the price from their
 //! assigned automated discount profiles. **Lowest wins.**
 use std::collections::{HashMap, HashSet};
 use loco_rs::prelude::*;
 use sea_orm::{ColumnTrait, EntityTrait, QueryFilter};
 use crate::models::{
    account_discount_profiles, account_product_prices, account_product_resolutions,
    discount_profile_products, discount_profiles, products, users,
 };
 use crate::shared::money::apply_discount_bp;
 /// `account_type` value that unlocks business pricing.
 const COMPANY: &str = "company";
 /// The resolved price for one product and one viewer (the slim shape templates
 /// and the cart use).
 #[derive(Debug, Clone, Copy)]
 pub struct PricedProduct {
    /// What the viewer pays, in minor units.
    pub price_cents: i64,
    /// The regular list price, used as the struck-through reference.
    pub regular_cents: i64,
    /// True when a business-specific deal (not just a public sale) set the price.
    pub is_business: bool,
 }
 impl PricedProduct {
    /// Whether the final price is below the regular price (render it reduced).
    #[must_use]
    pub fn is_reduced(&self) -> bool {
        self.price_cents < self.regular_cents
    }
 }
 /// Full breakdown for one product and one viewer, used by the admin company page
 /// (which needs to show each layer and any collision). The storefront only needs
 /// [`PriceDetail::priced`].
 #[derive(Debug, Clone)]
 pub struct PriceDetail {
    pub regular_cents: i64,
    pub public_cents: i64,
    pub manual_cents: Option<i64>,
    pub auto_cents: Option<i64>,
    /// The profile that produced `auto_cents` (the resolved/only/biggest one).
    pub auto_profile_id: Option<i32>,
    /// Every assigned profile that covers this product.
    pub covering_profile_ids: Vec<i32>,
    /// True when more than one profile covers the product and the admin has not
    /// resolved which wins (a fallback was used).
    pub collision: bool,
    pub price_cents: i64,
    pub is_business: bool,
 }
 impl PriceDetail {
    fn public_only(regular_cents: i64, public_cents: i64) -> Self {
        Self {
            regular_cents,
            public_cents,
            manual_cents: None,
            auto_cents: None,
            auto_profile_id: None,
            covering_profile_ids: Vec::new(),
            collision: false,
            price_cents: public_cents,
            is_business: false,
        }
    }
    #[must_use]
    pub fn priced(&self) -> PricedProduct {
        PricedProduct {
            price_cents: self.price_cents,
            regular_cents: self.regular_cents,
            is_business: self.is_business,
        }
    }
 }
 /// The "lowest wins" decision: pick the business price only when it is at or
 /// below the public price. Pure, so it is unit-tested directly.
 fn decide(regular_cents: i64, public_cents: i64, business: Option<i64>) -> PricedProduct {
    match business {
        Some(b) if b <= public_cents => PricedProduct {
            price_cents: b,
            regular_cents,
            is_business: true,
        },
        _ => PricedProduct {
            price_cents: public_cents,
            regular_cents,
            is_business: false,
        },
    }
 }
 /// Is this viewer a business (company) account?
 fn is_company(user: Option<&users::Model>) -> bool {
    matches!(user, Some(u) if u.account_type == COMPANY)
 }
 /// Everything needed to resolve every product's business price for one account,
 /// loaded once so listing pages and the cart avoid N+1 queries.
 struct B2bContext {
    manual: HashMap<i32, i64>,
    profiles: Vec<discount_profiles::Model>,
    membership: HashMap<i32, HashSet<i32>>,
    resolutions: HashMap<i32, i32>,
 }
 async fn load_b2b(ctx: &AppContext, user_id: i32) -> Result<B2bContext> {
    let manual = account_product_prices::Model::map_for_user(&ctx.db, user_id).await?;
    let assigns = account_discount_profiles::Entity::find()
        .filter(account_discount_profiles::Column::UserId.eq(user_id))
        .all(&ctx.db)
        .await?;
    let profile_ids: Vec<i32> = assigns.iter().map(|a| a.discount_profile_id).collect();
    let (profiles, membership) = if profile_ids.is_empty() {
        (Vec::new(), HashMap::new())
    } else {
        let profiles = discount_profiles::Entity::find()
            .filter(discount_profiles::Column::Id.is_in(profile_ids.clone()))
            .all(&ctx.db)
            .await?;
        let rows = discount_profile_products::Entity::find()
            .filter(discount_profile_products::Column::DiscountProfileId.is_in(profile_ids))
            .all(&ctx.db)
            .await?;
        let mut membership: HashMap<i32, HashSet<i32>> = HashMap::new();
        for row in rows {
            membership
                .entry(row.discount_profile_id)
                .or_default()
                .insert(row.product_id);
        }
        (profiles, membership)
    };
    let resolutions = account_product_resolutions::Entity::find()
        .filter(account_product_resolutions::Column::UserId.eq(user_id))
        .all(&ctx.db)
        .await?
        .into_iter()
        .map(|r| (r.product_id, r.discount_profile_id))
        .collect();
    Ok(B2bContext {
        manual,
        profiles,
        membership,
        resolutions,
    })
 }
 /// Resolve one product's full price breakdown for `b2b` (None = public viewer).
 fn detail_for(product: &products::Model, b2b: Option<&B2bContext>) -> PriceDetail {
    let regular = product.price_cents;
    let public = product.effective_price_cents();
    let Some(b2b) = b2b else {
        return PriceDetail::public_only(regular, public);
    };
    let manual = b2b.manual.get(&product.id).copied();
    // Which assigned profiles cover this product.
    let empty = HashSet::new();
    let covering: Vec<&discount_profiles::Model> = b2b
        .profiles
        .iter()
        .filter(|p| p.covers(product.id, b2b.membership.get(&p.id).unwrap_or(&empty)))
        .collect();
    let mut auto_cents = None;
    let mut auto_profile_id = None;
    let mut collision = false;
    if !covering.is_empty() {
        let chosen = if covering.len() == 1 {
            covering[0]
        } else {
            // Two+ profiles collide: honour the admin's resolution, else fall
            // back to the biggest discount and flag it for resolving.
            match b2b
                .resolutions
                .get(&product.id)
                .and_then(|rid| covering.iter().find(|p| p.id == *rid).copied())
            {
                Some(resolved) => resolved,
                None => {
                    collision = true;
                    covering
                        .iter()
                        .max_by_key(|p| p.percent_bp)
                        .copied()
                        .expect("covering is non-empty")
                }
            }
        };
        auto_profile_id = Some(chosen.id);
        auto_cents = Some(apply_discount_bp(regular, chosen.percent_bp));
    }
    let business = [manual, auto_cents].into_iter().flatten().min();
    let priced = decide(regular, public, business);
    PriceDetail {
        regular_cents: regular,
        public_cents: public,
        manual_cents: manual,
        auto_cents,
        auto_profile_id,
        covering_profile_ids: covering.iter().map(|p| p.id).collect(),
        collision,
        price_cents: priced.price_cents,
        is_business: priced.is_business,
    }
 }
 /// Full breakdowns for many products for `user`, batching per-account lookups.
 pub async fn detail_many(
    ctx: &AppContext,
    list: &[products::Model],
    user: Option<&users::Model>,
 ) -> Result<Vec<PriceDetail>> {
    let b2b = if is_company(user) {
        Some(load_b2b(ctx, user.expect("is_company implies Some").id).await?)
    } else {
        None
    };
    Ok(list.iter().map(|p| detail_for(p, b2b.as_ref())).collect())
 }
 /// Price one product for `user` (`None` = anonymous/public).
 pub async fn price_for(
    ctx: &AppContext,
    product: &products::Model,
    user: Option<&users::Model>,
 ) -> Result<PricedProduct> {
    let detail = detail_many(ctx, std::slice::from_ref(product), user).await?;
    Ok(detail[0].priced())
 }
 /// Price many products for `user`, batching the per-account lookups to avoid
 /// N+1 queries on listing pages and the cart.
 pub async fn price_many(
    ctx: &AppContext,
    list: &[products::Model],
    user: Option<&users::Model>,
 ) -> Result<Vec<PricedProduct>> {
    Ok(detail_many(ctx, list, user)
        .await?
        .iter()
        .map(PriceDetail::priced)
        .collect())
 }
 #[cfg(test)]
 mod tests {
    use super::decide;
    use crate::shared::money::apply_discount_bp;
    #[test]
    fn public_only() {
        let p = decide(10000, 10000, None);
        assert_eq!(p.price_cents, 10000);
        assert!(!p.is_reduced());
        assert!(!p.is_business);
    }
    #[test]
    fn business_lower_wins() {
        let p = decide(10000, 10000, Some(9000));
        assert_eq!(p.price_cents, 9000);
        assert!(p.is_business);
    }
    #[test]
    fn public_sale_beats_business() {
        // regular 100, public sale 80, business best 90 -> pay 80, not business.
        let p = decide(10000, 8000, Some(9000));
        assert_eq!(p.price_cents, 8000);
        assert!(!p.is_business);
    }
    #[test]
    fn business_equal_is_business() {
        let p = decide(10000, 10000, Some(10000));
        assert_eq!(p.price_cents, 10000);
        assert!(p.is_business);
    }
    #[test]
    fn discount_bp_rounds_half_up() {
        assert_eq!(apply_discount_bp(10000, 500), 9500); // 5%
        assert_eq!(apply_discount_bp(10000, 1500), 8500); // 15%
        assert_eq!(apply_discount_bp(999, 500), 949); // 49.95 -> 50 off
        assert_eq!(apply_discount_bp(10000, 0), 10000);
    }
 }
--- a/src/views/shop.rs
+++ b/src/views/shop.rs
@@ -4,11 +4,16 @@ use serde_json::{json, Value};
 use crate::models::_entities::{categories, products};
 use crate::shared::money::format_price;
 use crate::shared::pricing::PricedProduct;
-/// Card/list shape for a product: model fields plus a formatted price, its
+/// Card/list shape for a product: model fields plus the viewer's resolved price
-/// optional primary image filename and category name.
+/// (from [`crate::shared::pricing`]), its optional primary image and category.
 /// `on_sale` means "render the price as reduced" — driven by the resolved price,
 /// so it covers both public sales and business deals; `is_business` flags the
 /// latter.
 pub fn product_card(
    product: &products::Model,
    priced: &PricedProduct,
    image: Option<String>,
    category_name: Option<String>,
 ) -> Value {
@@ -17,7 +22,10 @@ pub fn product_card(
        "name": product.name,
        "slug": product.slug,
        "description": product.description,
-        "price": format_price(product.price_cents),
+        "price": format_price(priced.price_cents),
        "on_sale": priced.is_reduced(),
        "is_business": priced.is_business,
        "regular_price": format_price(priced.regular_cents),
        "currency": product.currency,
        "sku": product.sku,
        "stock": product.stock,
--- a/tests/models/snapshots/can_create_with_password@users.snap.new
+++ b/tests/models/snapshots/can_create_with_password@users.snap.new
@@ -0,0 +1,29 @@
 ---
 source: tests/models/users.rs
 assertion_line: 61
 expression: res
 ---
 Ok(
    Model {
        created_at: DATE,
        updated_at: DATE,
        id: ID
        pid: PID,
        email: "test@framework.com",
        password: "PASSWORD",
        api_key: "lo-PID",
        name: "framework",
        reset_token: None,
        reset_sent_at: None,
        email_verification_token: None,
        email_verification_sent_at: None,
        email_verified_at: None,
        magic_link_token: None,
        magic_link_expiration: None,
        theme: "light",
        account_type: "personal",
        totp_secret: None,
        totp_enabled_at: None,
        totp_backup_codes: None,
    },
 )
--- a/tests/models/snapshots/can_find_by_email@users.snap.new
+++ b/tests/models/snapshots/can_find_by_email@users.snap.new
@@ -0,0 +1,29 @@
 ---
 source: tests/models/users.rs
 assertion_line: 106
 expression: existing_user
 ---
 Ok(
    Model {
        created_at: 2023-11-12T12:34:56.789+00:00,
        updated_at: 2023-11-12T12:34:56.789+00:00,
        id: 2,
        pid: 11111111-1111-1111-1111-111111111111,
        email: "user1@example.com",
        password: "$argon2id$v=19$m=19456,t=2,p=1$ETQBx4rTgNAZhSaeYZKOZg$eYTdH26CRT6nUJtacLDEboP0li6xUwUF/q5nSlQ8uuc",
        api_key: "lo-95ec80d7-cb60-4b70-9b4b-9ef74cb88758",
        name: "user1",
        reset_token: None,
        reset_sent_at: None,
        email_verification_token: None,
        email_verification_sent_at: None,
        email_verified_at: None,
        magic_link_token: None,
        magic_link_expiration: None,
        theme: "light",
        account_type: "personal",
        totp_secret: None,
        totp_enabled_at: None,
        totp_backup_codes: None,
    },
 )
--- a/tests/models/snapshots/can_find_by_pid@users.snap.new
+++ b/tests/models/snapshots/can_find_by_pid@users.snap.new
@@ -0,0 +1,29 @@
 ---
 source: tests/models/users.rs
 assertion_line: 127
 expression: existing_user
 ---
 Ok(
    Model {
        created_at: 2023-11-12T12:34:56.789+00:00,
        updated_at: 2023-11-12T12:34:56.789+00:00,
        id: 2,
        pid: 11111111-1111-1111-1111-111111111111,
        email: "user1@example.com",
        password: "$argon2id$v=19$m=19456,t=2,p=1$ETQBx4rTgNAZhSaeYZKOZg$eYTdH26CRT6nUJtacLDEboP0li6xUwUF/q5nSlQ8uuc",
        api_key: "lo-95ec80d7-cb60-4b70-9b4b-9ef74cb88758",
        name: "user1",
        reset_token: None,
        reset_sent_at: None,
        email_verification_token: None,
        email_verification_sent_at: None,
        email_verified_at: None,
        magic_link_token: None,
        magic_link_expiration: None,
        theme: "light",
        account_type: "personal",
        totp_secret: None,
        totp_enabled_at: None,
        totp_backup_codes: None,
    },
 )
--- a/tests/requests/snapshots/can_auth_with_magic_link@auth_request.snap.new
+++ b/tests/requests/snapshots/can_auth_with_magic_link@auth_request.snap.new
@@ -0,0 +1,6 @@
 ---
 source: tests/requests/auth.rs
 assertion_line: 365
 expression: magic_link_response.text()
 ---
 "{\"token\":\"TOKEN\",\"pid\":\"PID\",\"name\":\"user1\",\"is_verified\":false,\"is_admin\":false}"
--- a/tests/requests/snapshots/can_get_current_user@auth_request.snap.new
+++ b/tests/requests/snapshots/can_get_current_user@auth_request.snap.new
@@ -0,0 +1,9 @@
 ---
 source: tests/requests/auth.rs
 assertion_line: 309
 expression: "(response.status_code(), response.text())"
 ---
 (
    200,
    "{\"pid\":\"PID\",\"name\":\"loco\",\"email\":\"test@loco.com\",\"is_admin\":false}",
 )
--- a/tests/requests/snapshots/can_login_without_verify@auth_request.snap.new
+++ b/tests/requests/snapshots/can_login_without_verify@auth_request.snap.new
@@ -0,0 +1,6 @@
 ---
 source: tests/requests/auth.rs
 assertion_line: 189
 expression: login_response.text()
 ---
 "{\"token\":\"TOKEN\",\"pid\":\"PID\",\"name\":\"loco\",\"is_verified\":false,\"is_admin\":false}"
--- a/tests/requests/snapshots/can_register@auth_request.snap.new
+++ b/tests/requests/snapshots/can_register@auth_request.snap.new
@@ -0,0 +1,33 @@
 ---
 source: tests/requests/auth.rs
 assertion_line: 44
 expression: saved_user
 ---
 Ok(
    Model {
        created_at: DATE,
        updated_at: DATE,
        id: ID
        pid: PID,
        email: "test@loco.com",
        password: "PASSWORD",
        api_key: "lo-PID",
        name: "loco",
        reset_token: None,
        reset_sent_at: None,
        email_verification_token: Some(
            "PID",
        ),
        email_verification_sent_at: Some(
            DATE,
        ),
        email_verified_at: None,
        magic_link_token: None,
        magic_link_expiration: None,
        theme: "light",
        account_type: "personal",
        totp_secret: None,
        totp_enabled_at: None,
        totp_backup_codes: None,
    },
 )
--- a/tests/requests/snapshots/login_with_valid_password@auth_request.snap.new
+++ b/tests/requests/snapshots/login_with_valid_password@auth_request.snap.new
@@ -0,0 +1,9 @@
 ---
 source: tests/requests/auth.rs
 assertion_line: 118
 expression: "(response.status_code(), response.text())"
 ---
 (
    200,
    "{\"token\":\"TOKEN\",\"pid\":\"PID\",\"name\":\"loco\",\"is_verified\":true,\"is_admin\":false}",
 )
--- a/tests/requests/snapshots/resend_verification_user@auth_request.snap.new
+++ b/tests/requests/snapshots/resend_verification_user@auth_request.snap.new
@@ -0,0 +1,31 @@
 ---
 source: tests/requests/auth.rs
 assertion_line: 454
 expression: user
 ---
 Model {
    created_at: DATE,
    updated_at: DATE,
    id: ID
    pid: PID,
    email: "test@loco.com",
    password: "PASSWORD",
    api_key: "lo-PID",
    name: "loco",
    reset_token: None,
    reset_sent_at: None,
    email_verification_token: Some(
        "PID",
    ),
    email_verification_sent_at: Some(
        DATE,
    ),
    email_verified_at: None,
    magic_link_token: None,
    magic_link_expiration: None,
    theme: "light",
    account_type: "personal",
    totp_secret: None,
    totp_enabled_at: None,
    totp_backup_codes: None,
 }
Author	SHA1	Message	Date
Priec	1df8d66d5d	discount profiles and discounts overall implemented and working Some checks are pending CI / Check Style (push) Waiting to run Details CI / Run Clippy (push) Waiting to run Details CI / Run Tests (push) Waiting to run Details	2026-06-21 23:46:37 +02:00
Priec	c713627a2c	personal discounts to businesses done	2026-06-21 23:21:24 +02:00
Priec	ed566b5347	percentage discounts Some checks failed CI / Check Style (push) Has been cancelled Details CI / Run Clippy (push) Has been cancelled Details CI / Run Tests (push) Has been cancelled Details	2026-06-21 22:41:30 +02:00
Priec	9ce1cb97f0	discounts	2026-06-21 22:33:47 +02:00
Priec	2ee87fbdd7	category creation fixed now Some checks failed CI / Check Style (push) Has been cancelled Details CI / Run Clippy (push) Has been cancelled Details CI / Run Tests (push) Has been cancelled Details	2026-06-21 20:38:28 +02:00
Priec	c9eb47860d	properly working csrf at checkout fixed now Some checks failed CI / Check Style (push) Has been cancelled Details CI / Run Clippy (push) Has been cancelled Details CI / Run Tests (push) Has been cancelled Details	2026-06-21 20:19:58 +02:00
Priec	8dc153efcc	removed redundancy	2026-06-21 20:09:57 +02:00
Priec	db6b609937	custom JS removed in favor of proper CSRF implementation	2026-06-21 18:22:21 +02:00
Priec	86888b3877	csrf implemented	2026-06-21 17:40:21 +02:00
Priec	5b203ed248	TOTP google authenticator implemented properly well Some checks failed CI / Check Style (push) Has been cancelled Details CI / Run Clippy (push) Has been cancelled Details CI / Run Tests (push) Has been cancelled Details	2026-06-20 22:48:15 +02:00
Priec	b787d48665	nothing	2026-06-20 20:43:33 +02:00
Priec	e138fb6579	fix for the cart checkout Some checks failed CI / Check Style (push) Has been cancelled Details CI / Run Clippy (push) Has been cancelled Details CI / Run Tests (push) Has been cancelled Details	2026-06-20 13:29:18 +02:00
Priec	3da840c0c9	the cart hover only when possible Some checks failed CI / Check Style (push) Has been cancelled Details CI / Run Clippy (push) Has been cancelled Details CI / Run Tests (push) Has been cancelled Details	2026-06-20 12:22:31 +02:00
Priec	0310f2d2f4	hover menu	2026-06-20 12:13:15 +02:00
Priec	42f30261d0	proper spacing and bascket icon Some checks failed CI / Check Style (push) Has been cancelled Details CI / Run Clippy (push) Has been cancelled Details CI / Run Tests (push) Has been cancelled Details	2026-06-19 23:07:39 +02:00
Priec	ffda718a46	fixed menus now	2026-06-19 22:54:15 +02:00
Priec	673b28c361	working profile pic, but its trash, redoing the navbar icons now	2026-06-19 22:34:11 +02:00
Priec	454d5cb349	navbar profile	2026-06-19 13:59:31 +02:00
Priec	14ae859152	status in the admin page order Some checks failed CI / Check Style (push) Has been cancelled Details CI / Run Clippy (push) Has been cancelled Details CI / Run Tests (push) Has been cancelled Details	2026-06-19 12:22:17 +02:00
Priec	43c6c04dcf	my profile orders and sidebar Some checks failed CI / Check Style (push) Has been cancelled Details CI / Run Clippy (push) Has been cancelled Details CI / Run Tests (push) Has been cancelled Details	2026-06-19 11:59:56 +02:00
Priec	e51eda9a8c	default unchecked Some checks failed CI / Check Style (push) Has been cancelled Details CI / Run Clippy (push) Has been cancelled Details CI / Run Tests (push) Has been cancelled Details	2026-06-19 11:39:40 +02:00
Priec	12e00a782d	profile name surname and save profile data	2026-06-19 11:37:51 +02:00
Priec	5278988842	registration password match	2026-06-19 11:19:30 +02:00
Priec	e70743996b	register form fields	2026-06-19 11:14:47 +02:00