filipriec/kompress_eshop
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Compare commits

base: filipriec:v0.1.6
Branches Tags
filipriec:main
filipriec:v0.2.7 filipriec:v0.2.6 filipriec:v0.2.5 filipriec:v0.2.4 filipriec:v0.2.3 filipriec:v0.2.2 filipriec:v0.2.1 filipriec:v0.2.0 filipriec:v0.1.16 filipriec:v0.1.15 filipriec:v0.1.14 filipriec:v0.1.13 filipriec:v0.1.12 filipriec:v0.1.11 filipriec:v0.1.10 filipriec:v0.1.9 filipriec:v0.1.8 filipriec:v0.1.7 filipriec:v0.1.6 filipriec:v0.1.5 filipriec:v0.1.4 filipriec:v0.1.3 filipriec:v0.1.2 filipriec:v0.1.1 filipriec:v0.1.0
...
compare: filipriec:v0.2.3
Branches Tags
filipriec:main
filipriec:v0.2.7 filipriec:v0.2.6 filipriec:v0.2.5 filipriec:v0.2.4 filipriec:v0.2.3 filipriec:v0.2.2 filipriec:v0.2.1 filipriec:v0.2.0 filipriec:v0.1.16 filipriec:v0.1.15 filipriec:v0.1.14 filipriec:v0.1.13 filipriec:v0.1.12 filipriec:v0.1.11 filipriec:v0.1.10 filipriec:v0.1.9 filipriec:v0.1.8 filipriec:v0.1.7 filipriec:v0.1.6 filipriec:v0.1.5 filipriec:v0.1.4 filipriec:v0.1.3 filipriec:v0.1.2 filipriec:v0.1.1 filipriec:v0.1.0

54 Commits
v0.1.6 ... v0.2.3

Author SHA1 Message Date
Priec
2d2aa012ec multiple images in the edit product
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-22 18:20:50 +02:00
Priec
125be1798e muiltiple images in carousel 2026-06-22 17:40:55 +02:00
Priec
f724e9763f upload picture now working well 2026-06-22 16:56:14 +02:00
Priec
681c88f85d 0 is out of stock and nothing is available from now on
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-22 16:48:28 +02:00
Priec
6828854f24 the admin page now make sense for products
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-22 16:21:52 +02:00
Priec
3a1ea7cdb4 I can see the product with different options
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-22 16:14:04 +02:00
Priec
3f798432a0 now products have different options, like different parameters
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-22 15:44:02 +02:00
Priec
29854a972b save discount profile is now working perfectly well
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-22 13:51:40 +02:00
Priec
88074c1871 indicator if applied discount profile
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-22 13:22:46 +02:00
Priec
68f3472760 moved products menu up to save width 2026-06-22 13:15:29 +02:00
Priec
85f1657c67 dynamic width of the products to fit on the screen 2026-06-22 13:07:17 +02:00
Priec
4a736a8c85 collapsible admin sidebar 2026-06-22 12:59:05 +02:00
Priec
77d5c0fc25 sidebar in the admin 2026-06-22 12:49:08 +02:00
Priec
09634e1cd8 added missing remove button in the admin business
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-22 11:33:07 +02:00
Priec
088fcb60a1 effective price is only highlighted if changed 2026-06-22 11:10:12 +02:00
Priec
bf8f8e54c9 discounts page removed, all migrated to the products page in admin 2026-06-22 09:19:38 +02:00
Priec
534ba9e8ec confirm dialogs 2026-06-22 09:11:16 +02:00
Priec
262ec1bfdb dynamic prices with dicounts 2026-06-22 08:47:22 +02:00
Priec
e98c70aa63 global discount price 2026-06-22 00:18:39 +02:00
Priec
d2b463135b discount for business and personall in discount page 2026-06-22 00:04:01 +02:00
Priec
1df8d66d5d discount profiles and discounts overall implemented and working
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-21 23:46:37 +02:00
Priec
c713627a2c personal discounts to businesses done 2026-06-21 23:21:24 +02:00
Priec
ed566b5347 percentage discounts
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-21 22:41:30 +02:00
Priec
9ce1cb97f0 discounts 2026-06-21 22:33:47 +02:00
Priec
2ee87fbdd7 category creation fixed now
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-21 20:38:28 +02:00
Priec
c9eb47860d properly working csrf at checkout fixed now
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-21 20:19:58 +02:00
Priec
8dc153efcc removed redundancy 2026-06-21 20:09:57 +02:00
Priec
db6b609937 custom JS removed in favor of proper CSRF implementation 2026-06-21 18:22:21 +02:00
Priec
86888b3877 csrf implemented 2026-06-21 17:40:21 +02:00
Priec
5b203ed248 TOTP google authenticator implemented properly well
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-20 22:48:15 +02:00
Priec
b787d48665 nothing 2026-06-20 20:43:33 +02:00
Priec
e138fb6579 fix for the cart checkout
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-20 13:29:18 +02:00
Priec
3da840c0c9 the cart hover only when possible
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-20 12:22:31 +02:00
Priec
0310f2d2f4 hover menu 2026-06-20 12:13:15 +02:00
Priec
42f30261d0 proper spacing and bascket icon
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-19 23:07:39 +02:00
Priec
ffda718a46 fixed menus now 2026-06-19 22:54:15 +02:00
Priec
673b28c361 working profile pic, but its trash, redoing the navbar icons now 2026-06-19 22:34:11 +02:00
Priec
454d5cb349 navbar profile 2026-06-19 13:59:31 +02:00
Priec
14ae859152 status in the admin page order
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-19 12:22:17 +02:00
Priec
43c6c04dcf my profile orders and sidebar
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-19 11:59:56 +02:00
Priec
e51eda9a8c default unchecked
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-19 11:39:40 +02:00
Priec
12e00a782d profile name surname and save profile data 2026-06-19 11:37:51 +02:00
Priec
5278988842 registration password match 2026-06-19 11:19:30 +02:00
Priec
e70743996b register form fields 2026-06-19 11:14:47 +02:00
Priec
11762728c9 mail sent over test working fully now
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-19 10:54:30 +02:00
Priec
ebb208baba not working smtp test 2026-06-19 10:40:43 +02:00
Priec
7cba3d9eba resend verification mail 2026-06-19 01:05:18 +02:00
Priec
35e2b6edc9 hide .env credentials
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-19 00:35:48 +02:00
Priec
f3daa27ce7 account type is permanent and password registration is now working at checkout
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-18 22:10:17 +02:00
Priec
46cc2459bd required
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-18 21:38:32 +02:00
Priec
996358be87 company or personal
Some checks failed
CI / Check Style (push) Has been cancelled
Details
CI / Run Clippy (push) Has been cancelled
Details
CI / Run Tests (push) Has been cancelled
Details
2026-06-18 21:27:15 +02:00
Priec
c6624e1b3d profile of a new registered users 2026-06-18 21:11:48 +02:00
Priec
b9c1277876 upgrades that are harmless 2026-06-18 20:38:47 +02:00
Priec
42bab82960 oauth2 2026-06-18 18:26:40 +02:00
142 changed files with 9675 additions and 741 deletions
Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -19,6 +19,8 @@ target/
*.sqlite-*
.env
.env.production
.envrc
.direnv/
uploads/
*.report.html
favicon_io.zip

1411
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

24
Cargo.toml
View File

@@ -3,7 +3,7 @@
[package]
name = "kompress_eshop"
version = "0.1.0"
edition = "2021"
edition = "2024"
publish = false
default-run = "kompress-eshop-cli"
@@ -16,14 +16,14 @@ loco-rs = { version = "0.16" }
loco-rs = { workspace = true }
serde = { version = "1", features = ["derive"] }
serde_json = { version = "1" }
tokio = { version = "1.45", default-features = false, features = [
tokio = { version = "1.52", default-features = false, features = [
"rt-multi-thread",
] }
async-trait = { version = "0.1" }
axum = { version = "0.8", features = ["multipart"] }
tracing = { version = "0.1" }
tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] }
regex = { version = "1.11" }
regex = { version = "1.12" }
migration = { path = "migration" }
sea-orm = { version = "1.1", features = [
"sqlx-sqlite",
@@ -35,7 +35,7 @@ chrono = { version = "0.4" }
time = { version = "0.3" }
dotenvy = { version = "0.15" }
validator = { version = "0.20" }
uuid = { version = "1.6", features = ["v4"] }
uuid = { version = "1.23", features = ["v4"] }
include_dir = { version = "0.7" }
# outbound HTTP for carrier shipment APIs (Packeta / DPD / DHL)
reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] }
@@ -46,6 +46,18 @@ unic-langid = { version = "0.9" }
axum-extra = { version = "0.10", features = ["form"] }
bytes = { version = "1" }
axum-casbin = "1.3.0"
loco-oauth2 = "0.5.0"
passwords = "3.1.16"
tower-sessions = "0.14"
# TOTP (Google Authenticator) for optional two-factor auth
totp-rs = { version = "5", features = ["qr", "gen_secret"] }
# CSRF: HMAC-signed double-submit token + body inspection for the `_csrf` field
hmac = { version = "0.12" }
sha2 = { version = "0.10" }
subtle = { version = "2.6" }
form_urlencoded = { version = "1" }
multer = { version = "3" }
futures-util = { version = "0.3" }
[[bin]]
name = "kompress-eshop-cli"
@@ -54,6 +66,6 @@ required-features = []
[dev-dependencies]
loco-rs = { workspace = true, features = ["testing"] }
serial_test = { version = "3.1.1" }
serial_test = { version = "3.5.0" }
rstest = { version = "0.25" }
insta = { version = "1.34", features = ["redactions", "yaml", "filters"] }
insta = { version = "1.48", features = ["redactions", "yaml", "filters"] }

157
assets/i18n/en/main.ftl
View File

@@ -66,8 +66,11 @@ login-email = Email
login-password = Password
login-no-account = Don't have an account?
login-have-account = Already have an account?
auth-or = or
auth-google = Continue with Google
nav-login = Sign in
nav-register = Register
nav-profile = My profile
register-title = Create account
register-name = Name
register-submit = Create account
@@ -205,15 +208,92 @@ edit-category = Edit category
product = Product
name = Name
price = Price
sale-price = Sale price
variants-options = Variants / options
add-option = Add option
option-label = Option label
optional = optional
stock-untracked-hint = Leave blank = available without stock tracking
available = Available
choose-option = Choose an option
from-price = from { $price }
admin-discounts = Discounts
admin-discounts-desc = Set discounted product prices. A discount shows up as a sale in the shop.
business-discount-desc = A baseline discount for all business accounts (off the regular price). Profiles and negotiated prices apply on top (lowest price wins).
audience-personal = Personal
audience-business = Business
apply-profiles-personal-hint = These profiles lower the public price for all customers.
apply-profiles-business-hint = These profiles lower the price for all business accounts. Businesses always get the lower of the personal and business price.
on-sale = On sale
no-discount = No discount
discount = Discount
set-discount = Set discount
remove-discount = Remove discount
remove = Remove
discount-mode-fixed = Fixed price
discount-mode-percent = Percentage
discount-percent = Discount (%)
discount-preview-before = Original price
discount-preview-after = New price
discount-preview-save = You save
discount-invalid = Invalid price.
discount-must-be-positive = The sale price must be greater than zero.
discount-below-regular = The sale price must be below the regular price.
discount-percent-range = The percentage must be between 0 and 100.
discount-apply-confirm = Apply these discounts to the shop?
discount-remove-confirm = Remove this discount?
profile-applied = Applied
profile-will-apply = Will apply
profile-will-remove = Will remove
profiles-unsaved = Unsaved changes — Save to apply
profiles-no-changes = No changes
admin-customers = Business accounts
admin-customers-desc = Manage negotiated prices for business (B2B) accounts.
admin-no-customers = No business accounts yet.
email = Email
back = Back
negotiated-prices = Negotiated prices
negotiated-prices-hint = Set a price for a specific product for this business account. The customer always pays the lower of the public and negotiated price.
manage-prices = Manage prices
public-price = Public price
business-price = Business price
negotiated-price = Negotiated price
set-negotiated-price = Set price
negotiated-price-hint = Set a negotiated price for this product for this business account. The customer always pays the lowest of the public, business and negotiated price.
negotiated-remove-confirm = Remove this negotiated price?
effective-price = Effective price
admin-discount-profiles = Discount profiles
admin-discount-profiles-desc = Create reusable discount layers (a % over chosen products) and assign them to business accounts.
admin-no-profiles = No discount profiles yet.
new-profile = New profile
edit-profile = Edit profile
profile-name-required = Profile name is required.
scope = Scope
products = Products
scope-include = Selected products
scope-all-except = All except selected
scope-include-hint = Applies only to the products selected below.
scope-all-except-hint = Applies to every product except those selected below.
automated-price = Automated price
discount-profiles = Discount profiles
collision = Conflict
resolve = Resolve
no-profiles-assigned = No profiles assigned.
stock = Stock
sku = SKU
currency = Currency
category = Category
no-category = No category
image = Image
images = Images
main-image = Main
gallery-hint = The first image is the main one. Drag to reorder, click ✕ to remove.
add-images = Add images
slug = URL slug
slug-auto = generated automatically
position = Position
position-auto = added to the end
position-hint = Sort order in the menu (lowest first). Leave blank to add it last.
parent-category = Parent category
no-parent = — None (top level) —
quantity = Quantity
@@ -229,6 +309,7 @@ shop-subtitle = browse our products.
shop-empty = There are no products here yet.
categories = Categories
all-products = All products
uncategorized = Uncategorized
cart-title = Cart
cart-empty = Your cart is empty.
cart-total = Total
@@ -254,8 +335,83 @@ country-de = Germany
country-pl = Poland
country-hu = Hungary
checkout-note = Order note
checkout-save-profile = Save this address to my profile
account-type = Account type
account-personal = Individual
account-company = Company
account-company-details = Company details
company-name = Company name
company-ico = Company ID (IČO)
company-dic = Tax ID (DIČ)
company-icdph = VAT ID (IČ DPH)
field-optional = optional
checkout-place-order = Place order
checkout-summary = Order summary
profile-title = My profile
profile-intro = We'll use these details to prefill checkout.
profile-saved = Profile saved.
profile-save = Save profile
profile-company-required = For a company account, please fill in company name, IČO and DIČ.
profile-first-name = First name
profile-last-name = Surname
profile-edit = Edit profile
profile-cancel = Cancel
profile-not-set = Not set
nav-account = My account
account-orders = My orders
account-change-password = Change password
orders-active = Active orders
orders-past = Past orders
orders-empty = You don't have any orders yet.
password-change-title = Change password
password-current = Current password
password-current-wrong = Your current password is incorrect.
password-changed = Your password has been changed.
# Two-factor authentication (TOTP / Google Authenticator)
security-title = Security
security-2fa-intro = Two-factor authentication (2FA) adds a one-time code from an app like Google Authenticator to your sign-in.
security-2fa-on = 2FA is on
security-2fa-off = 2FA is off
security-2fa-enable = Enable two-factor authentication
security-2fa-scan = Scan this QR code in Google Authenticator (or any compatible app).
security-2fa-manual = Or enter the key manually:
security-2fa-enter-code = Enter the 6-digit code from the app
security-2fa-confirm = Confirm and enable
security-2fa-code-wrong = That code is wrong or expired. Please try again.
security-2fa-enroll-error = Could not start 2FA setup. Please try again.
security-2fa-enabled-ok = Two-factor authentication is enabled.
security-2fa-backup-intro = Save these backup codes somewhere safe. Each can be used once if you lose access to your app.
security-2fa-backup-remaining = Backup codes remaining
security-2fa-regenerate = Generate new backup codes
security-2fa-disable = Disable two-factor authentication
security-2fa-disable-hint = Enter your current password to confirm.
# Second login step (after password)
login-totp-title = Two-factor authentication
login-totp-intro = Enter the code from your authenticator app.
login-totp-error = That code is wrong or expired.
login-totp-code = Verification code
login-totp-submit = Verify
login-totp-backup-hint = No access to your app? Enter one of your backup codes.
account-type-locked = Account type can't be changed after registration.
checkout-create-account = Create an account from this order
checkout-create-account-hint = We'll email you a link to set your password. This order will be linked to your account.
order-account-created = We created an account for you. Check your email to set your password.
set-password-title = Set your password
set-password-intro = Choose a password to finish setting up your account.
set-password-new = New password
set-password-confirm = Confirm password
set-password-submit = Set password
set-password-invalid = This link is invalid or has expired.
set-password-weak = Password must be at least 8 characters.
set-password-mismatch = Passwords don't match.
resend-verification-title = Resend verification email
resend-verification-intro = Enter your email and we'll send a fresh verification link.
resend-verification-submit = Resend
resend-verification-done = If that email belongs to an unverified account, we've sent a new verification link. Check your inbox (and spam). You can request another in a minute.
login-resend = Didn't get the verification email? Resend it
order-confirmed-title = Thank you for your order!
order-confirmed-sub = We have received your order.
order-number = Order number
@@ -268,6 +424,7 @@ admin-no-orders = No orders yet.
order-status-pending = Pending
order-status-paid = Paid
order-status-shipped = Shipped
order-status-delivered = Delivered
order-status-cancelled = Cancelled
order-update-status = Update status

157
assets/i18n/sk/main.ftl
View File

@@ -66,8 +66,11 @@ login-email = E-mail
login-password = Heslo
login-no-account = Nemáte účet?
login-have-account = Už máte účet?
auth-or = alebo
auth-google = Pokračovať cez Google
nav-login = Prihlásiť sa
nav-register = Registrácia
nav-profile = Môj profil
register-title = Vytvoriť účet
register-name = Meno
register-submit = Zaregistrovať sa
@@ -205,15 +208,92 @@ edit-category = Upraviť kategóriu
product = Produkt
name = Názov
price = Cena
sale-price = Zľavnená cena
variants-options = Varianty / možnosti
add-option = Pridať možnosť
option-label = Označenie možnosti
optional = voliteľné
stock-untracked-hint = Nechajte prázdne = dostupné bez sledovania zásob
available = Dostupné
choose-option = Vyberte možnosť
from-price = od { $price }
admin-discounts = Zľavy
admin-discounts-desc = Nastavte zľavnené ceny produktov. Zľava sa v obchode zobrazí ako akcia.
business-discount-desc = Základná zľava pre všetky firemné účty (z bežnej ceny). Profily a dohodnuté ceny sa uplatnia navyše (platí najnižšia cena).
audience-personal = Osobné
audience-business = Firemné
apply-profiles-personal-hint = Tieto profily znížia verejnú cenu pre všetkých zákazníkov.
apply-profiles-business-hint = Tieto profily znížia cenu pre všetky firemné účty. Firmy vždy dostanú nižšiu z osobnej a firemnej ceny.
on-sale = V akcii
no-discount = Bez zľavy
discount = Zľava
set-discount = Nastaviť zľavu
remove-discount = Zrušiť zľavu
remove = Odstrániť
discount-mode-fixed = Pevná cena
discount-mode-percent = Percentá
discount-percent = Zľava (%)
discount-preview-before = Pôvodná cena
discount-preview-after = Nová cena
discount-preview-save = Ušetríte
discount-invalid = Neplatná cena.
discount-must-be-positive = Zľavnená cena musí byť väčšia ako nula.
discount-below-regular = Zľavnená cena musí byť nižšia ako bežná cena.
discount-percent-range = Percento musí byť medzi 0 a 100.
discount-apply-confirm = Uplatniť tieto zľavy v obchode?
discount-remove-confirm = Zrušiť túto zľavu?
profile-applied = Uplatnené
profile-will-apply = Bude uplatnené
profile-will-remove = Bude zrušené
profiles-unsaved = Neuložené zmeny — uložte na uplatnenie
profiles-no-changes = Žiadne zmeny
admin-customers = Firemné účty
admin-customers-desc = Spravujte dohodnuté ceny pre firemné (B2B) účty.
admin-no-customers = Zatiaľ žiadne firemné účty.
email = E-mail
back = Späť
negotiated-prices = Dohodnuté ceny
negotiated-prices-hint = Nastavte cenu pre konkrétny produkt pre tento firemný účet. Zákazník vždy zaplatí najnižšiu z verejnej a dohodnutej ceny.
manage-prices = Spravovať ceny
public-price = Verejná cena
business-price = Firemná cena
negotiated-price = Dohodnutá cena
set-negotiated-price = Nastaviť cenu
negotiated-price-hint = Nastavte dohodnutú cenu tohto produktu pre tento firemný účet. Zákazník vždy zaplatí najnižšiu z verejnej, firemnej a dohodnutej ceny.
negotiated-remove-confirm = Zrušiť túto dohodnutú cenu?
effective-price = Výsledná cena
admin-discount-profiles = Zľavové profily
admin-discount-profiles-desc = Vytvorte opakovane použiteľné zľavové vrstvy (% na vybrané produkty) a priraďte ich firemným účtom.
admin-no-profiles = Zatiaľ žiadne zľavové profily.
new-profile = Nový profil
edit-profile = Upraviť profil
profile-name-required = Názov profilu je povinný.
scope = Rozsah
products = Produkty
scope-include = Vybrané produkty
scope-all-except = Všetky okrem vybraných
scope-include-hint = Platí len pre vybrané produkty nižšie.
scope-all-except-hint = Platí pre všetky produkty okrem vybraných nižšie.
automated-price = Automatická cena
discount-profiles = Zľavové profily
collision = Konflikt
resolve = Vyriešiť
no-profiles-assigned = Žiadne priradené profily.
stock = Sklad
sku = Kód (SKU)
currency = Mena
category = Kategória
no-category = Bez kategórie
image = Obrázok
images = Obrázky
main-image = Hlavný
gallery-hint = Prvý obrázok je hlavný. Potiahnutím zmeníte poradie, krížikom obrázok odstránite.
add-images = Pridať obrázky
slug = URL adresa
slug-auto = vygeneruje sa automaticky
position = Poradie
position-auto = pridá sa na koniec
position-hint = Poradie v menu (najnižšie ako prvé). Nechajte prázdne a pridá sa na koniec.
parent-category = Nadradená kategória
no-parent = — Žiadna (najvyššia úroveň) —
quantity = Množstvo
@@ -229,6 +309,7 @@ shop-subtitle = prezrite si našu ponuku produktov.
shop-empty = Zatiaľ tu nie sú žiadne produkty.
categories = Kategórie
all-products = Všetky produkty
uncategorized = Bez kategórie
cart-title = Košík
cart-empty = Váš košík je prázdny.
cart-total = Spolu
@@ -254,8 +335,83 @@ country-de = Nemecko
country-pl = Poľsko
country-hu = Maďarsko
checkout-note = Poznámka k objednávke
checkout-save-profile = Uložiť túto adresu do môjho profilu
account-type = Typ účtu
account-personal = Súkromná osoba
account-company = Firma
account-company-details = Firemné údaje
company-name = Názov firmy
company-ico = IČO
company-dic = DIČ
company-icdph = IČ DPH
field-optional = nepovinné
checkout-place-order = Odoslať objednávku
checkout-summary = Súhrn objednávky
profile-title = Môj profil
profile-intro = Tieto údaje použijeme na predvyplnenie pokladne.
profile-saved = Profil bol uložený.
profile-save = Uložiť profil
profile-company-required = Pri firemnom účte vyplňte názov firmy, IČO a DIČ.
profile-first-name = Meno
profile-last-name = Priezvisko
profile-edit = Upraviť profil
profile-cancel = Zrušiť
profile-not-set = Neuvedené
nav-account = Môj účet
account-orders = Moje objednávky
account-change-password = Zmeniť heslo
orders-active = Aktívne objednávky
orders-past = Staršie objednávky
orders-empty = Zatiaľ nemáte žiadne objednávky.
password-change-title = Zmeniť heslo
password-current = Súčasné heslo
password-current-wrong = Vaše súčasné heslo je nesprávne.
password-changed = Vaše heslo bolo zmenené.
# Two-factor authentication (TOTP / Google Authenticator)
security-title = Zabezpečenie
security-2fa-intro = Dvojfaktorové overenie (2FA) pridáva k prihláseniu jednorazový kód z aplikácie ako Google Authenticator.
security-2fa-on = 2FA je zapnuté
security-2fa-off = 2FA je vypnuté
security-2fa-enable = Zapnúť dvojfaktorové overenie
security-2fa-scan = Naskenujte tento QR kód v aplikácii Google Authenticator (alebo inej kompatibilnej).
security-2fa-manual = Alebo zadajte kľúč ručne:
security-2fa-enter-code = Zadajte 6-miestny kód z aplikácie
security-2fa-confirm = Potvrdiť a zapnúť
security-2fa-code-wrong = Kód je nesprávny alebo vypršal. Skúste to znova.
security-2fa-enroll-error = Nepodarilo sa pripraviť 2FA. Skúste to znova.
security-2fa-enabled-ok = Dvojfaktorové overenie je zapnuté.
security-2fa-backup-intro = Uložte si tieto záložné kódy na bezpečné miesto. Každý sa dá použiť iba raz, ak nemáte prístup k aplikácii.
security-2fa-backup-remaining = Zostávajúce záložné kódy
security-2fa-regenerate = Vygenerovať nové záložné kódy
security-2fa-disable = Vypnúť dvojfaktorové overenie
security-2fa-disable-hint = Na potvrdenie zadajte svoje súčasné heslo.
# Second login step (after password)
login-totp-title = Dvojfaktorové overenie
login-totp-intro = Zadajte kód z vašej autentifikačnej aplikácie.
login-totp-error = Kód je nesprávny alebo vypršal.
login-totp-code = Overovací kód
login-totp-submit = Overiť
login-totp-backup-hint = Nemáte prístup k aplikácii? Zadajte jeden zo svojich záložných kódov.
account-type-locked = Typ účtu sa po registrácii nedá zmeniť.
checkout-create-account = Vytvoriť účet z tejto objednávky
checkout-create-account-hint = Pošleme vám e-mail na nastavenie hesla. Objednávka sa priradí k vášmu účtu.
order-account-created = Vytvorili sme vám účet. Skontrolujte si e-mail a nastavte si heslo.
set-password-title = Nastavte si heslo
set-password-intro = Zvoľte si heslo a dokončite vytvorenie účtu.
set-password-new = Nové heslo
set-password-confirm = Potvrďte heslo
set-password-submit = Nastaviť heslo
set-password-invalid = Odkaz je neplatný alebo vypršal.
set-password-weak = Heslo musí mať aspoň 8 znakov.
set-password-mismatch = Heslá sa nezhodujú.
resend-verification-title = Znova odoslať overovací e-mail
resend-verification-intro = Zadajte svoj e-mail a pošleme vám nový overovací odkaz.
resend-verification-submit = Odoslať znova
resend-verification-done = Ak k tomuto e-mailu patrí neoverený účet, poslali sme naň nový overovací odkaz. Skontrolujte si schránku aj priečinok so spamom. Ďalšiu žiadosť môžete odoslať o minútu.
login-resend = Nedostali ste overovací e-mail? Poslať znova
order-confirmed-title = Ďakujeme za objednávku!
order-confirmed-sub = Vašu objednávku sme prijali.
order-number = Číslo objednávky
@@ -268,6 +424,7 @@ admin-no-orders = Zatiaľ žiadne objednávky.
order-status-pending = Čaká na spracovanie
order-status-paid = Zaplatené
order-status-shipped = Odoslané
order-status-delivered = Doručené
order-status-cancelled = Zrušené
order-update-status = Zmeniť stav

2
assets/static/css/app.css
View File

File diff suppressed because one or more lines are too long

15
assets/static/vendor/alpine/alpine-focus-3.14.9.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

76
assets/views/account/order_detail.html Normal file
View File

@@ -0,0 +1,76 @@
{% extends "base.html" %}
{% import "macros/ui.html" as ui %}
{% block title %}{{ order.order_number }}{% endblock title %}
{% macro status_badge(status) %}
{% if status == "delivered" %}{{ ui::badge(label=t(key="order-status-" ~ status, lang=lang | default(value='sk')), variant="success") }}
{% elif status == "shipped" %}{{ ui::badge(label=t(key="order-status-" ~ status, lang=lang | default(value='sk')), variant="primary") }}
{% elif status == "paid" %}{{ ui::badge(label=t(key="order-status-" ~ status, lang=lang | default(value='sk')), variant="info") }}
{% elif status == "cancelled" %}{{ ui::badge(label=t(key="order-status-" ~ status, lang=lang | default(value='sk')), variant="danger") }}
{% else %}{{ ui::badge(label=t(key="order-status-" ~ status, lang=lang | default(value='sk')), variant="warning") }}
{% endif %}
{% endmacro status_badge %}
{% block content %}
<div class="mx-auto max-w-2xl space-y-6">
<a href="/account/orders" class="inline-flex items-center gap-1 text-sm text-primary underline-offset-2 hover:underline dark:text-primary-dark">
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" class="size-4"><path stroke-linecap="round" stroke-linejoin="round" d="M15.75 19.5 8.25 12l7.5-7.5" /></svg>
{{ t(key="account-orders", lang=lang | default(value='sk')) }}
</a>
<div class="flex flex-wrap items-center justify-between gap-3">
<h1 class="font-mono text-2xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ order.order_number }}</h1>
{{ self::status_badge(status=order.status) }}
</div>
<p class="text-sm text-on-surface/60 dark:text-on-surface-dark/60">{{ order.created_at | truncate(length=10, end="") }}</p>
<div class="rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
<ul class="space-y-2 pb-3 text-sm">
{% for item in items %}
<li class="flex justify-between gap-2">
<span class="text-on-surface/80 dark:text-on-surface-dark/80">{{ item.product_name }}{% if item.variant_label %} · {{ item.variant_label }}{% endif %} × {{ item.quantity }}</span>
<span class="tabular-nums">{{ item.line_total }} {{ order.currency }}</span>
</li>
{% endfor %}
</ul>
<div class="space-y-1 border-t border-outline py-3 text-sm dark:border-outline-dark">
<div class="flex justify-between"><span class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="checkout-subtotal", lang=lang | default(value='sk')) }}</span><span class="tabular-nums">{{ order.subtotal }} {{ order.currency }}</span></div>
<div class="flex justify-between"><span class="text-on-surface/70 dark:text-on-surface-dark/70">{{ order.carrier_name }}</span><span class="tabular-nums">{{ order.shipping }} {{ order.currency }}</span></div>
{% if order.pickup_point_name %}<div class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ order.pickup_point_name }}</div>{% endif %}
</div>
<div class="flex justify-between border-t border-outline pt-3 font-bold dark:border-outline-dark">
<span>{{ t(key="order-total", lang=lang | default(value='sk')) }}</span>
<span class="tabular-nums text-primary dark:text-primary-dark">{{ order.total }} {{ order.currency }}</span>
</div>
</div>
{% if order.tracking_number %}
<div class="rounded-radius border border-outline bg-surface p-4 text-sm dark:border-outline-dark dark:bg-surface-dark-alt">
<div class="flex flex-wrap items-center justify-between gap-2">
<span class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="order-tracking", lang=lang | default(value='sk')) }}</span>
<span class="font-mono font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ order.tracking_number }}</span>
</div>
</div>
{% endif %}
<div class="rounded-radius border border-outline bg-surface p-6 text-sm dark:border-outline-dark dark:bg-surface-dark-alt">
<h2 class="mb-2 font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-shipping", lang=lang | default(value='sk')) }}</h2>
<p class="text-on-surface/80 dark:text-on-surface-dark/80">{{ order.customer_name }}</p>
{% if order.address %}<p class="text-on-surface/80 dark:text-on-surface-dark/80">{{ order.address }}</p>{% endif %}
<p class="text-on-surface/80 dark:text-on-surface-dark/80">{{ order.zip }} {{ order.city }}{% if order.country %}, {{ order.country }}{% endif %}</p>
</div>
{% if order.payment_method == "bank_transfer" and order.status == "pending" %}
<div class="space-y-2 rounded-radius border border-primary/40 bg-primary/5 p-6 text-sm dark:border-primary-dark/40">
<p class="font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="payment-bank-instructions", lang=lang | default(value='sk')) }}</p>
<div class="grid grid-cols-[auto_1fr] gap-x-4 gap-y-1">
<span class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="bank-account-name", lang=lang | default(value='sk')) }}</span><span class="font-medium">{{ order.bank_account_name }}</span>
<span class="text-on-surface/70 dark:text-on-surface-dark/70">IBAN</span><span class="font-mono font-medium">{{ order.bank_iban }}</span>
<span class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="bank-variable-symbol", lang=lang | default(value='sk')) }}</span><span class="font-mono font-medium">{{ order.variable_symbol }}</span>
<span class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="bank-amount", lang=lang | default(value='sk')) }}</span><span class="font-medium tabular-nums">{{ order.total }} {{ order.currency }}</span>
</div>
</div>
{% endif %}
</div>
{% endblock content %}

52
assets/views/account/orders.html Normal file
View File

@@ -0,0 +1,52 @@
{% extends "base.html" %}
{% import "macros/ui.html" as ui %}
{% block title %}{{ t(key="account-orders", lang=lang | default(value='sk')) }}{% endblock title %}
{# status → badge variant #}
{% macro status_badge(status) %}
{% if status == "delivered" %}{{ ui::badge(label=t(key="order-status-" ~ status, lang=lang | default(value='sk')), variant="success") }}
{% elif status == "shipped" %}{{ ui::badge(label=t(key="order-status-" ~ status, lang=lang | default(value='sk')), variant="primary") }}
{% elif status == "paid" %}{{ ui::badge(label=t(key="order-status-" ~ status, lang=lang | default(value='sk')), variant="info") }}
{% elif status == "cancelled" %}{{ ui::badge(label=t(key="order-status-" ~ status, lang=lang | default(value='sk')), variant="danger") }}
{% else %}{{ ui::badge(label=t(key="order-status-" ~ status, lang=lang | default(value='sk')), variant="warning") }}
{% endif %}
{% endmacro status_badge %}
{% macro order_row(order) %}
<a href="/account/orders/{{ order.order_number }}"
class="flex flex-wrap items-center justify-between gap-3 rounded-radius border border-outline bg-surface p-4 transition hover:border-primary hover:bg-primary/5 dark:border-outline-dark dark:bg-surface-dark-alt dark:hover:border-primary-dark">
<div class="min-w-0">
<p class="font-mono text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ order.order_number }}</p>
<p class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ order.created_at | truncate(length=10, end="") }}</p>
</div>
<div class="flex items-center gap-4">
{{ self::status_badge(status=order.status) }}
<span class="tabular-nums text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ order.total }} {{ order.currency }}</span>
</div>
</a>
{% endmacro order_row %}
{% block content %}
<div class="mx-auto max-w-3xl space-y-8">
<h1 class="text-3xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-orders", lang=lang | default(value='sk')) }}</h1>
{% if active_orders | length == 0 and past_orders | length == 0 %}
<p class="rounded-radius border border-outline bg-surface p-6 text-sm text-on-surface/70 dark:border-outline-dark dark:bg-surface-dark-alt dark:text-on-surface-dark/70">{{ t(key="orders-empty", lang=lang | default(value='sk')) }}</p>
{% endif %}
{% if active_orders | length > 0 %}
<section class="space-y-3">
<h2 class="text-lg font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="orders-active", lang=lang | default(value='sk')) }}</h2>
{% for order in active_orders %}{{ self::order_row(order=order) }}{% endfor %}
</section>
{% endif %}
{% if past_orders | length > 0 %}
<section class="space-y-3">
<h2 class="text-lg font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="orders-past", lang=lang | default(value='sk')) }}</h2>
{% for order in past_orders %}{{ self::order_row(order=order) }}{% endfor %}
</section>
{% endif %}
</div>
{% endblock content %}

44
assets/views/account/password.html Normal file
View File

@@ -0,0 +1,44 @@
{% extends "base.html" %}
{% import "macros/ui.html" as ui %}
{% block title %}{{ t(key="password-change-title", lang=lang | default(value='sk')) }}{% endblock title %}
{% block content %}
<div class="mx-auto max-w-md">
<h1 class="text-3xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="password-change-title", lang=lang | default(value='sk')) }}</h1>
{% if changed %}
<div class="mt-4 rounded-radius border border-success bg-success/10 px-4 py-3 text-sm text-success" role="status">
{{ t(key="password-changed", lang=lang | default(value='sk')) }}
</div>
{% endif %}
{% if error == "current" %}
{{ ui::alert_danger(message=t(key="password-current-wrong", lang=lang | default(value='sk')), extra="mt-4") }}
{% elif error == "mismatch" %}
{{ ui::alert_danger(message=t(key="set-password-mismatch", lang=lang | default(value='sk')), extra="mt-4") }}
{% elif error == "weak" %}
{{ ui::alert_danger(message=t(key="set-password-weak", lang=lang | default(value='sk')), extra="mt-4") }}
{% endif %}
<form method="post" action="/account/password" hx-boost="false" class="mt-6 flex flex-col gap-4"
x-data="{ password: '', confirm: '' }">
{{ ui::csrf_field() }}
<div class="flex flex-col gap-1">
<label for="current_password" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="password-current", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="current_password", id="current_password", type="password", required=true, autocomplete="current-password") }}
</div>
<div class="flex flex-col gap-1">
<label for="password" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="set-password-new", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="password", id="password", type="password", required=true, autocomplete="new-password", attrs='x-model="password"') }}
</div>
<div class="flex flex-col gap-1">
<label for="password_confirm" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="set-password-confirm", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="password_confirm", id="password_confirm", type="password", required=true, autocomplete="new-password", attrs='x-model="confirm"') }}
<span x-cloak x-show="confirm.length > 0 && password !== confirm" class="text-xs text-danger dark:text-danger">
{{ t(key="set-password-mismatch", lang=lang | default(value='sk')) }}
</span>
</div>
{{ ui::button(label=t(key="password-change-title", lang=lang | default(value='sk')), type="submit", extra="mt-1 w-full", attrs=':disabled="password !== confirm"') }}
</form>
</div>
{% endblock content %}

229
assets/views/account/profile.html Normal file
View File

@@ -0,0 +1,229 @@
{% extends "base.html" %}
{% import "macros/ui.html" as ui %}
{% block title %}{{ t(key="profile-title", lang=lang | default(value='sk')) }}{% endblock title %}
{% macro field(label, value) %}
<div class="space-y-1.5">
<label class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ label }}</label>
{% if value %}
<p class="text-sm text-on-surface/80 dark:text-on-surface-dark/80">{{ value }}</p>
{% else %}
<p class="text-sm italic text-on-surface/50 dark:text-on-surface-dark/50">{{ t(key="profile-not-set", lang=lang | default(value='sk')) }}</p>
{% endif %}
</div>
{% endmacro field %}
{% block content %}
<div class="mx-auto max-w-2xl" x-data="{ editing: {% if error %}true{% else %}false{% endif %} }">
<h1 class="text-3xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="profile-title", lang=lang | default(value='sk')) }}</h1>
<p class="mt-2 text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="profile-intro", lang=lang | default(value='sk')) }}</p>
{% if saved %}
<div class="mt-4 rounded-radius border border-success bg-success/10 px-4 py-3 text-sm text-success" role="status">
{{ t(key="profile-saved", lang=lang | default(value='sk')) }}
</div>
{% endif %}
{% if error %}
{{ ui::alert_danger(message=t(key="profile-company-required", lang=lang | default(value='sk')), extra="mt-4") }}
{% endif %}
<!-- read-only view (default) -->
<div x-show="!editing" class="mt-6 space-y-6">
<fieldset class="space-y-2 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
<legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-type", lang=lang | default(value='sk')) }}</legend>
<div class="flex items-center gap-2">
{% if account_type == "company" %}
{{ ui::badge(label=t(key="account-company", lang=lang | default(value='sk')), variant="primary") }}
{% else %}
{{ ui::badge(label=t(key="account-personal", lang=lang | default(value='sk')), variant="neutral") }}
{% endif %}
<span class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="account-type-locked", lang=lang | default(value='sk')) }}</span>
</div>
</fieldset>
{% if account_type == "company" %}
<fieldset class="space-y-4 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
<legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-company-details", lang=lang | default(value='sk')) }}</legend>
{{ self::field(label=t(key="company-name", lang=lang | default(value='sk')), value=company_name) }}
<div class="grid gap-4 sm:grid-cols-3">
{{ self::field(label=t(key="company-ico", lang=lang | default(value='sk')), value=company_id) }}
{{ self::field(label=t(key="company-dic", lang=lang | default(value='sk')), value=tax_id) }}
{{ self::field(label=t(key="company-icdph", lang=lang | default(value='sk')), value=vat_id) }}
</div>
</fieldset>
{% endif %}
<fieldset class="space-y-4 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
<legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-contact", lang=lang | default(value='sk')) }}</legend>
{{ self::field(label=t(key="checkout-name", lang=lang | default(value='sk')), value=name) }}
{{ self::field(label=t(key="checkout-email", lang=lang | default(value='sk')), value=email) }}
{% if phone %}
{% set phone_full = phone_prefix | default(value='') %}
{% set phone_full = phone_full ~ ' ' ~ phone %}
{{ self::field(label=t(key="checkout-phone", lang=lang | default(value='sk')), value=phone_full) }}
{% else %}
{{ self::field(label=t(key="checkout-phone", lang=lang | default(value='sk')), value='') }}
{% endif %}
</fieldset>
<fieldset class="space-y-4 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
<legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-shipping", lang=lang | default(value='sk')) }}</legend>
{{ self::field(label=t(key="checkout-address", lang=lang | default(value='sk')), value=address) }}
<div class="grid gap-4 sm:grid-cols-3">
{{ self::field(label=t(key="checkout-city", lang=lang | default(value='sk')), value=city) }}
{{ self::field(label=t(key="checkout-zip", lang=lang | default(value='sk')), value=zip) }}
{{ self::field(label=t(key="checkout-country", lang=lang | default(value='sk')), value=country) }}
</div>
</fieldset>
{{ ui::button(label=t(key="profile-edit", lang=lang | default(value='sk')), type="button", size="px-6 py-2.5 text-sm", attrs='@click="editing = true"') }}
</div>
<!-- edit form -->
<form x-show="editing" x-cloak method="post" action="/account/profile" hx-boost="false" class="mt-6 space-y-6">
{{ ui::csrf_field() }}
<!-- account type is fixed at registration and shown read-only -->
<fieldset class="space-y-2 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
<legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-type", lang=lang | default(value='sk')) }}</legend>
<div class="flex items-center gap-2">
{% if account_type == "company" %}
{{ ui::badge(label=t(key="account-company", lang=lang | default(value='sk')), variant="primary") }}
{% else %}
{{ ui::badge(label=t(key="account-personal", lang=lang | default(value='sk')), variant="neutral") }}
{% endif %}
<span class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="account-type-locked", lang=lang | default(value='sk')) }}</span>
</div>
</fieldset>
{% if account_type == "company" %}
<!-- company billing details (company accounts only) -->
<fieldset class="space-y-4 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
<legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-company-details", lang=lang | default(value='sk')) }}</legend>
<div class="space-y-1.5">
<label for="company_name" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="company-name", lang=lang | default(value='sk')) }}{{ ui::req() }}</label>
{{ ui::input(name="company_name", id="company_name", value=company_name | default(value=''), autocomplete="organization") }}
</div>
<div class="grid gap-4 sm:grid-cols-3">
<div class="space-y-1.5">
<label for="company_id" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="company-ico", lang=lang | default(value='sk')) }}{{ ui::req() }}</label>
{{ ui::input(name="company_id", id="company_id", value=company_id | default(value='')) }}
</div>
<div class="space-y-1.5">
<label for="tax_id" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="company-dic", lang=lang | default(value='sk')) }}{{ ui::req() }}</label>
{{ ui::input(name="tax_id", id="tax_id", value=tax_id | default(value='')) }}
</div>
<div class="space-y-1.5">
<label for="vat_id" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="company-icdph", lang=lang | default(value='sk')) }} <span class="text-on-surface/50 dark:text-on-surface-dark/50">({{ t(key="field-optional", lang=lang | default(value='sk')) }})</span></label>
{{ ui::input(name="vat_id", id="vat_id", value=vat_id | default(value='')) }}
</div>
</div>
</fieldset>
{% endif %}
<!-- contact (name/email are managed by the login) -->
<fieldset class="space-y-4 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
<legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-contact", lang=lang | default(value='sk')) }}</legend>
<div class="grid gap-4 sm:grid-cols-2">
<div class="space-y-1.5">
<label for="first_name" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="profile-first-name", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="first_name", id="first_name", value=first_name | default(value=''), autocomplete="given-name") }}
</div>
<div class="space-y-1.5">
<label for="last_name" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="profile-last-name", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="last_name", id="last_name", value=last_name | default(value=''), autocomplete="family-name") }}
</div>
</div>
<div class="space-y-1.5">
<label class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-email", lang=lang | default(value='sk')) }}</label>
<p class="text-sm text-on-surface/80 dark:text-on-surface-dark/80">{{ email }}</p>
</div>
<div class="space-y-1.5">
<label for="phone" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-phone", lang=lang | default(value='sk')) }}</label>
<div class="flex gap-2">
<!-- editable combobox: type freely or pick from the dropdown -->
<div class="relative w-28 shrink-0" @click.outside="prefixOpen = false"
x-data="{ prefixOpen: false, prefix: '{{ phone_prefix | default(value='+421') }}', opts: [
{ v: '+421', l: '🇸🇰 +421' }, { v: '+420', l: '🇨🇿 +420' },
{ v: '+43', l: '🇦🇹 +43' }, { v: '+49', l: '🇩🇪 +49' },
{ v: '+48', l: '🇵🇱 +48' }, { v: '+36', l: '🇭🇺 +36' },
{ v: '+44', l: '🇬🇧 +44' }, { v: '+39', l: '🇮🇹 +39' }, { v: '+33', l: '🇫🇷 +33' }
], get filtered() { return this.opts.filter(o => !this.prefix || o.v.includes(this.prefix)) } }">
<input name="phone_prefix" type="text" x-model="prefix" @focus="prefixOpen = true" @input="prefixOpen = true"
aria-label="{{ t(key='checkout-phone', lang=lang | default(value='sk')) }}" autocomplete="tel-country-code" inputmode="tel"
class="w-full rounded-radius border border-outline bg-surface py-2 pl-3 pr-7 text-sm text-on-surface focus:outline-2 focus:outline-primary dark:border-outline-dark dark:bg-surface-dark dark:text-on-surface-dark">
<button type="button" tabindex="-1" @click="prefixOpen = !prefixOpen"
class="absolute inset-y-0 right-0 flex w-7 items-center justify-center text-on-surface/60 dark:text-on-surface-dark/60">
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor"
class="size-4 transition-transform" :class="prefixOpen && 'rotate-180'">
<path stroke-linecap="round" stroke-linejoin="round" d="m19.5 8.25-7.5 7.5-7.5-7.5" />
</svg>
</button>
<ul x-show="prefixOpen" x-cloak x-transition
class="absolute z-20 mt-1 max-h-56 w-full overflow-auto rounded-radius border border-outline bg-surface p-1 shadow-lg dark:border-outline-dark dark:bg-surface-dark-alt">
<template x-for="o in filtered" :key="o.v">
<li><button type="button" @click="prefix = o.v; prefixOpen = false" x-text="o.l"
class="block w-full rounded-radius px-3 py-1.5 text-left text-sm text-on-surface transition hover:bg-surface-alt dark:text-on-surface-dark dark:hover:bg-surface-dark"></button></li>
</template>
</ul>
</div>
{{ ui::input(name="phone", id="phone", type="tel", value=phone | default(value=''), autocomplete="tel", placeholder="900 000 000", attrs='inputmode="tel"') }}
</div>
</div>
</fieldset>
<!-- default shipping address -->
<fieldset class="space-y-4 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
<legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-shipping", lang=lang | default(value='sk')) }}</legend>
<div class="space-y-1.5">
<label for="address" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-address", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="address", id="address", value=address | default(value=''), autocomplete="street-address") }}
</div>
<div class="grid gap-4 sm:grid-cols-3">
<div class="space-y-1.5">
<label for="city" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-city", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="city", id="city", value=city | default(value=''), autocomplete="address-level2") }}
</div>
<div class="space-y-1.5">
<label for="zip" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-zip", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="zip", id="zip", value=zip | default(value=''), autocomplete="postal-code") }}
</div>
<div class="space-y-1.5">
<label for="country" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-country", lang=lang | default(value='sk')) }}</label>
<div class="relative" @click.outside="countryOpen = false"
x-data="{ countryOpen: false, country: '{{ country | default(value='') }}', opts: [
{ v: '{{ t(key='country-sk', lang=lang | default(value='sk')) }}', l: '🇸🇰 {{ t(key='country-sk', lang=lang | default(value='sk')) }}' },
{ v: '{{ t(key='country-cz', lang=lang | default(value='sk')) }}', l: '🇨🇿 {{ t(key='country-cz', lang=lang | default(value='sk')) }}' },
{ v: '{{ t(key='country-at', lang=lang | default(value='sk')) }}', l: '🇦🇹 {{ t(key='country-at', lang=lang | default(value='sk')) }}' },
{ v: '{{ t(key='country-de', lang=lang | default(value='sk')) }}', l: '🇩🇪 {{ t(key='country-de', lang=lang | default(value='sk')) }}' },
{ v: '{{ t(key='country-pl', lang=lang | default(value='sk')) }}', l: '🇵🇱 {{ t(key='country-pl', lang=lang | default(value='sk')) }}' },
{ v: '{{ t(key='country-hu', lang=lang | default(value='sk')) }}', l: '🇭🇺 {{ t(key='country-hu', lang=lang | default(value='sk')) }}' }
], get filtered() { return this.opts.filter(o => !this.country || o.v.toLowerCase().includes(this.country.toLowerCase())) } }">
<input id="country" name="country" type="text" x-model="country" @focus="countryOpen = true" @input="countryOpen = true"
class="w-full rounded-radius border border-outline bg-surface py-2 pl-3 pr-8 text-sm text-on-surface focus:outline-2 focus:outline-primary dark:border-outline-dark dark:bg-surface-dark dark:text-on-surface-dark">
<button type="button" tabindex="-1" @click="countryOpen = !countryOpen"
class="absolute inset-y-0 right-0 flex w-8 items-center justify-center text-on-surface/60 dark:text-on-surface-dark/60">
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor"
class="size-4 transition-transform" :class="countryOpen && 'rotate-180'">
<path stroke-linecap="round" stroke-linejoin="round" d="m19.5 8.25-7.5 7.5-7.5-7.5" />
</svg>
</button>
<ul x-show="countryOpen" x-cloak x-transition
class="absolute z-20 mt-1 max-h-56 w-full overflow-auto rounded-radius border border-outline bg-surface p-1 shadow-lg dark:border-outline-dark dark:bg-surface-dark-alt">
<template x-for="o in filtered" :key="o.v">
<li><button type="button" @click="country = o.v; countryOpen = false" x-text="o.l"
class="block w-full rounded-radius px-3 py-1.5 text-left text-sm text-on-surface transition hover:bg-surface-alt dark:text-on-surface-dark dark:hover:bg-surface-dark"></button></li>
</template>
</ul>
</div>
</div>
</div>
</fieldset>
<div class="flex items-center gap-3">
{{ ui::button(label=t(key="profile-save", lang=lang | default(value='sk')), type="submit", size="px-6 py-2.5 text-sm") }}
{{ ui::button(label=t(key="profile-cancel", lang=lang | default(value='sk')), type="button", variant="outline-secondary", size="px-6 py-2.5 text-sm", attrs='@click="editing = false"') }}
</div>
</form>
</div>
{% endblock content %}

84
assets/views/account/security.html Normal file
View File

@@ -0,0 +1,84 @@
{% extends "base.html" %}
{% import "macros/ui.html" as ui %}
{% block title %}{{ t(key="security-title", lang=lang | default(value='sk')) }}{% endblock title %}
{% block content %}
<div class="mx-auto max-w-md">
<h1 class="text-3xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="security-title", lang=lang | default(value='sk')) }}</h1>
<p class="mt-2 text-sm text-on-surface dark:text-on-surface-dark">{{ t(key="security-2fa-intro", lang=lang | default(value='sk')) }}</p>
{% if error == "password" %}
{{ ui::alert_danger(message=t(key="password-current-wrong", lang=lang | default(value='sk')), extra="mt-4") }}
{% elif error == "code" %}
{{ ui::alert_danger(message=t(key="security-2fa-code-wrong", lang=lang | default(value='sk')), extra="mt-4") }}
{% elif error == "enroll" %}
{{ ui::alert_danger(message=t(key="security-2fa-enroll-error", lang=lang | default(value='sk')), extra="mt-4") }}
{% endif %}
{# --- One-time backup codes, shown right after enabling / regenerating --- #}
{% if backup_codes and backup_codes | length > 0 %}
<div class="mt-6 rounded-radius border border-success bg-success/10 px-4 py-3" role="status">
<p class="text-sm font-medium text-success">{{ t(key="security-2fa-enabled-ok", lang=lang | default(value='sk')) }}</p>
<p class="mt-2 text-sm text-on-surface dark:text-on-surface-dark">{{ t(key="security-2fa-backup-intro", lang=lang | default(value='sk')) }}</p>
<ul class="mt-3 grid grid-cols-2 gap-2 font-mono text-sm text-on-surface-strong dark:text-on-surface-dark-strong">
{% for code in backup_codes %}
<li class="rounded-radius bg-surface px-3 py-1.5 text-center tracking-wider dark:bg-surface-dark">{{ code }}</li>
{% endfor %}
</ul>
</div>
{% endif %}
{% if enrolling %}
{# --- Step 2: scan the QR and confirm a code --- #}
<div class="mt-6 flex flex-col gap-4 rounded-radius border border-outline bg-surface-alt p-5 dark:border-outline-dark dark:bg-surface-dark-alt">
<p class="text-sm text-on-surface dark:text-on-surface-dark">{{ t(key="security-2fa-scan", lang=lang | default(value='sk')) }}</p>
<img src="{{ qr }}" alt="TOTP QR" class="mx-auto size-48 rounded-radius bg-white p-2" />
<div class="text-center">
<p class="text-xs text-on-surface dark:text-on-surface-dark">{{ t(key="security-2fa-manual", lang=lang | default(value='sk')) }}</p>
<code class="mt-1 inline-block break-all font-mono text-sm text-on-surface-strong dark:text-on-surface-dark-strong">{{ secret }}</code>
</div>
<form method="post" action="/account/security/confirm" hx-boost="false" class="flex flex-col gap-3">
{{ ui::csrf_field() }}
<label for="code" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="security-2fa-enter-code", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="code", id="code", type="text", required=true, autocomplete="one-time-code", attrs='inputmode="numeric" pattern="[0-9]*" maxlength="6" autofocus') }}
{{ ui::button(label=t(key="security-2fa-confirm", lang=lang | default(value='sk')), type="submit", extra="w-full") }}
</form>
</div>
{% elif totp_enabled %}
{# --- Enabled: status + remaining backup codes + disable / regenerate --- #}
<div class="mt-6 flex items-center gap-2">
{{ ui::badge(label=t(key="security-2fa-on", lang=lang | default(value='sk')), variant="success") }}
<span class="text-sm text-on-surface dark:text-on-surface-dark">{{ t(key="security-2fa-backup-remaining", lang=lang | default(value='sk')) }}: {{ backup_remaining }}</span>
</div>
<form method="post" action="/account/security/backup-codes" hx-boost="false" class="mt-6 flex flex-col gap-3 rounded-radius border border-outline bg-surface-alt p-5 dark:border-outline-dark dark:bg-surface-dark-alt">
{{ ui::csrf_field() }}
<p class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="security-2fa-regenerate", lang=lang | default(value='sk')) }}</p>
<label for="regen_pw" class="text-sm text-on-surface dark:text-on-surface-dark">{{ t(key="password-current", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="current_password", id="regen_pw", type="password", required=true, autocomplete="current-password") }}
{{ ui::button(label=t(key="security-2fa-regenerate", lang=lang | default(value='sk')), type="submit", variant="outline-secondary", extra="w-full") }}
</form>
<form method="post" action="/account/security/disable" hx-boost="false" class="mt-4 flex flex-col gap-3 rounded-radius border border-danger/40 bg-danger/5 p-5">
{{ ui::csrf_field() }}
<p class="text-sm font-medium text-danger">{{ t(key="security-2fa-disable", lang=lang | default(value='sk')) }}</p>
<p class="text-xs text-on-surface dark:text-on-surface-dark">{{ t(key="security-2fa-disable-hint", lang=lang | default(value='sk')) }}</p>
<label for="disable_pw" class="text-sm text-on-surface dark:text-on-surface-dark">{{ t(key="password-current", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="current_password", id="disable_pw", type="password", required=true, autocomplete="current-password") }}
{{ ui::button(label=t(key="security-2fa-disable", lang=lang | default(value='sk')), type="submit", variant="danger", extra="w-full") }}
</form>
{% else %}
{# --- Disabled: offer to enable --- #}
<form method="post" action="/account/security/enable" hx-boost="false" class="mt-6">
{{ ui::csrf_field() }}
<div class="flex items-center gap-2">
{{ ui::badge(label=t(key="security-2fa-off", lang=lang | default(value='sk')), variant="neutral") }}
</div>
{{ ui::button(label=t(key="security-2fa-enable", lang=lang | default(value='sk')), type="submit", extra="mt-4 w-full") }}
</form>
{% endif %}
</div>
{% endblock content %}

38
assets/views/admin/base.html
View File

@@ -45,7 +45,15 @@
<script defer src="/static/vendor/alpine/alpinejs-3.14.9.min.js"></script>
</head>
<body
x-data="{ showSidebar: false }"
hx-headers='{"X-CSRF-Token": "{{ csrf_token() }}"}'
x-data="{
showSidebar: false,
collapsed: localStorage.getItem('adminSidebarCollapsed') === '1',
toggleCollapsed() {
this.collapsed = !this.collapsed;
localStorage.setItem('adminSidebarCollapsed', this.collapsed ? '1' : '0');
}
}"
class="min-h-screen bg-surface text-on-surface antialiased dark:bg-surface-dark dark:text-on-surface-dark">
<!-- dark overlay for the open sidebar on small screens -->
@@ -55,8 +63,8 @@
<!-- sidebar -->
<nav aria-label="{{ t(key='menu', lang=lang | default(value='sk')) }}"
x-bind:class="showSidebar ? 'translate-x-0' : '-translate-x-60'"
class="fixed inset-y-0 left-0 z-40 flex w-60 flex-col border-r border-outline bg-surface-alt transition-transform duration-300 md:translate-x-0 dark:border-outline-dark dark:bg-surface-dark-alt">
x-bind:class="(showSidebar ? 'translate-x-0' : '-translate-x-60') + ' ' + (collapsed ? 'md:-translate-x-60' : 'md:translate-x-0')"
class="fixed inset-y-0 left-0 z-40 flex w-60 flex-col border-r border-outline bg-surface-alt transition-transform duration-300 dark:border-outline-dark dark:bg-surface-dark-alt">
{# Sidebar nav links — adapted from the vendored Penguin UI component
penguinui-components/sidebar/simple-sidebar.html: Penguin's link
@@ -77,6 +85,10 @@
class="flex items-center gap-2 rounded-radius px-2 py-1.5 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-on-surface-strong focus:outline-hidden focus-visible:underline aria-[current=page]:bg-primary/10 aria-[current=page]:text-on-surface-strong dark:text-on-surface-dark dark:hover:bg-primary-dark/5 dark:hover:text-on-surface-dark-strong dark:aria-[current=page]:bg-primary-dark/10 dark:aria-[current=page]:text-on-surface-dark-strong">
{{ t(key="admin-products", lang=lang | default(value='sk')) }}
</a>
<a href="/admin/catalog/discount-profiles" data-nav="/admin/catalog/discount-profiles"
class="flex items-center gap-2 rounded-radius px-2 py-1.5 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-on-surface-strong focus:outline-hidden focus-visible:underline aria-[current=page]:bg-primary/10 aria-[current=page]:text-on-surface-strong dark:text-on-surface-dark dark:hover:bg-primary-dark/5 dark:hover:text-on-surface-dark-strong dark:aria-[current=page]:bg-primary-dark/10 dark:aria-[current=page]:text-on-surface-dark-strong">
{{ t(key="admin-discount-profiles", lang=lang | default(value='sk')) }}
</a>
<a href="/admin/catalog/categories" data-nav="/admin/catalog/categories"
class="flex items-center gap-2 rounded-radius px-2 py-1.5 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-on-surface-strong focus:outline-hidden focus-visible:underline aria-[current=page]:bg-primary/10 aria-[current=page]:text-on-surface-strong dark:text-on-surface-dark dark:hover:bg-primary-dark/5 dark:hover:text-on-surface-dark-strong dark:aria-[current=page]:bg-primary-dark/10 dark:aria-[current=page]:text-on-surface-dark-strong">
{{ t(key="admin-categories", lang=lang | default(value='sk')) }}
@@ -85,6 +97,10 @@
class="flex items-center gap-2 rounded-radius px-2 py-1.5 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-on-surface-strong focus:outline-hidden focus-visible:underline aria-[current=page]:bg-primary/10 aria-[current=page]:text-on-surface-strong dark:text-on-surface-dark dark:hover:bg-primary-dark/5 dark:hover:text-on-surface-dark-strong dark:aria-[current=page]:bg-primary-dark/10 dark:aria-[current=page]:text-on-surface-dark-strong">
{{ t(key="admin-orders", lang=lang | default(value='sk')) }}
</a>
<a href="/admin/customers" data-nav="/admin/customers"
class="flex items-center gap-2 rounded-radius px-2 py-1.5 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-on-surface-strong focus:outline-hidden focus-visible:underline aria-[current=page]:bg-primary/10 aria-[current=page]:text-on-surface-strong dark:text-on-surface-dark dark:hover:bg-primary-dark/5 dark:hover:text-on-surface-dark-strong dark:aria-[current=page]:bg-primary-dark/10 dark:aria-[current=page]:text-on-surface-dark-strong">
{{ t(key="admin-customers", lang=lang | default(value='sk')) }}
</a>
<a href="/admin/shipping" data-nav="/admin/shipping"
class="flex items-center gap-2 rounded-radius px-2 py-1.5 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-on-surface-strong focus:outline-hidden focus-visible:underline aria-[current=page]:bg-primary/10 aria-[current=page]:text-on-surface-strong dark:text-on-surface-dark dark:hover:bg-primary-dark/5 dark:hover:text-on-surface-dark-strong dark:aria-[current=page]:bg-primary-dark/10 dark:aria-[current=page]:text-on-surface-dark-strong">
{{ t(key="admin-shipping", lang=lang | default(value='sk')) }}
@@ -96,6 +112,7 @@
{{ t(key="admin-exit", lang=lang | default(value='sk')) }}
</a>
<form method="post" action="/logout">
{{ ui::csrf_field() }}
<button type="submit" class="flex w-full items-center gap-2 rounded-radius px-2 py-1.5 text-left text-sm font-medium text-danger underline-offset-2 transition hover:bg-danger/5 focus:outline-hidden focus-visible:underline">
{{ t(key="logout", lang=lang | default(value='sk')) }}
</button>
@@ -104,7 +121,8 @@
</nav>
<!-- content column -->
<div class="flex min-h-screen flex-col md:ml-60">
<div :class="collapsed ? 'md:ml-0' : 'md:ml-60'"
class="flex min-h-screen flex-col transition-[margin] duration-300">
<header class="sticky top-0 z-20 flex h-16 items-center gap-4 border-b border-outline bg-surface/95 px-4 backdrop-blur dark:border-outline-dark dark:bg-surface-dark/95">
<!-- Penguin animated hamburger (bars ↔ X) in our ghost-square shell -->
<button type="button" @click="showSidebar = !showSidebar" :aria-expanded="showSidebar" aria-label="{{ t(key='menu', lang=lang | default(value='sk')) }}"
@@ -113,17 +131,23 @@
{{ ui::icon(name="close", size="size-6", attrs='x-cloak x-show="showSidebar"') }}
</button>
<!-- desktop sidebar collapse toggle (chevron flips when collapsed) -->
<button type="button" @click="toggleCollapsed()" :aria-expanded="(!collapsed).toString()" aria-label="{{ t(key='menu', lang=lang | default(value='sk')) }}"
class="hidden size-9 shrink-0 items-center justify-center rounded-radius bg-transparent text-secondary transition hover:opacity-75 focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-secondary active:opacity-100 active:outline-offset-0 md:inline-flex dark:text-secondary-dark dark:focus-visible:outline-secondary-dark">
{{ ui::icon(name="chevron-double-left", size="size-6", extra="transition-transform duration-300", attrs=`x-bind:class="collapsed ? 'rotate-180' : ''"`) }}
</button>
<span class="text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">
{% block crumb %}{{ t(key="admin-title", lang=lang | default(value='sk')) }}{% endblock crumb %}
</span>
<!-- settings (language + theme) dropdown -->
<div x-data="{ open: false }" @keydown.escape="open = false" class="relative ml-auto">
<!-- settings (language + theme) dropdown (self-contained Alpine state) -->
<div class="ml-auto">
{% include "partials/settings_dropdown.html" %}
</div>
</header>
<main class="mx-auto w-full max-w-5xl flex-1 px-4 py-8">
<main class="mx-auto w-full flex-1 px-4 py-8 {% block main_class %}max-w-5xl{% endblock main_class %}">
{% block content %}{% endblock content %}
</main>
</div>

8
assets/views/admin/catalog/_price_preview.html Normal file
View File

@@ -0,0 +1,8 @@
{# OOB fragment: effective-price cells recomputed from the unsaved profile
selection on the products page. Each span replaces the matching #eff-<id>
span in the table via htmx out-of-band swap. Rendered by
admin_products::profiles_preview. #}
{% import "macros/ui.html" as ui %}
{% for product in products %}
<span id="eff-{{ product.id }}" hx-swap-oob="true">{{ ui::eff_price(p=product, preview=true) }}</span>
{% endfor %}

1
assets/views/admin/catalog/categories.html
View File

@@ -46,6 +46,7 @@
{{ ui::button(variant="outline-secondary", label=t(key="edit", lang=lang | default(value='sk')), href="/admin/catalog/categories/" ~ row.category.id ~ "/edit", size="px-3 py-1.5 text-xs") }}
<form method="post" action="/admin/catalog/categories/{{ row.category.id }}/delete"
onsubmit="return confirm('{{ t(key="confirm-delete", lang=lang | default(value='sk')) }}')">
{{ ui::csrf_field() }}
{{ ui::button(variant="outline-danger", label=t(key="delete", lang=lang | default(value='sk')), type="submit", size="px-3 py-1.5 text-xs") }}
</form>
</div>

25
assets/views/admin/catalog/category_form.html
View File

@@ -15,11 +15,12 @@
<form method="post" enctype="multipart/form-data"
action="{% if category %}/admin/catalog/categories/{{ category.id }}{% else %}/admin/catalog/categories{% endif %}"
class="mt-6 space-y-5 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
{{ ui::csrf_field() }}
{% if category %}
{% set v_name = category.name %}{% set v_slug = category.slug %}{% set v_pos = category.position %}{% set v_desc = category.description | default(value="") %}{% set v_pub = category.published %}
{% set v_name = category.name %}{% set v_pos = category.position %}{% set v_desc = category.description | default(value="") %}{% set v_pub = category.published %}
{% else %}
{% set v_name = "" %}{% set v_slug = "" %}{% set v_pos = 0 %}{% set v_desc = "" %}{% set v_pub = false %}
{% set v_name = "" %}{% set v_pos = "" %}{% set v_desc = "" %}{% set v_pub = false %}
{% endif %}
<div class="space-y-1.5">
@@ -27,17 +28,6 @@
{{ ui::input(name="name", id="name", required=true, value=v_name) }}
</div>
<div class="grid gap-5 sm:grid-cols-2">
<div class="space-y-1.5">
<label for="slug" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="slug", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="slug", id="slug", value=v_slug, placeholder=t(key='slug-auto', lang=lang | default(value='sk'))) }}
</div>
<div class="space-y-1.5">
<label for="position" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="position", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="position", id="position", type="number", value=v_pos) }}
</div>
</div>
<div class="space-y-1.5">
<label for="parent_id" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="parent-category", lang=lang | default(value='sk')) }}</label>
<div class="relative">
@@ -67,6 +57,15 @@
{{ ui::file_input(name="image", id="image", accept="image/*") }}
</div>
<div class="space-y-1.5">
<label for="position" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">
{{ t(key="position", lang=lang | default(value='sk')) }}
<span class="font-normal text-on-surface/60 dark:text-on-surface-dark/60">({{ t(key="field-optional", lang=lang | default(value='sk')) }})</span>
</label>
{{ ui::input(name="position", id="position", type="number", value=v_pos, placeholder=t(key='position-auto', lang=lang | default(value='sk'))) }}
<p class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="position-hint", lang=lang | default(value='sk')) }}</p>
</div>
{{ ui::checkbox(name="published", id="published", label=t(key="published", lang=lang | default(value='sk')), checked=v_pub) }}
<div class="flex gap-3 pt-2">

102
assets/views/admin/catalog/discount_form.html Normal file
View File

@@ -0,0 +1,102 @@
{% extends "admin/base.html" %}
{% import "macros/ui.html" as ui %}
{% block title %}{{ t(key="set-discount", lang=lang | default(value='sk')) }}{% endblock title %}
{% block crumb %}{{ t(key="admin-discounts", lang=lang | default(value='sk')) }}{% endblock crumb %}
{% block content %}
<div class="flex items-center justify-between gap-3">
<div>
<h1 class="text-2xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ product.name }}</h1>
<p class="text-sm text-on-surface/70 dark:text-on-surface-dark/70">
{% if audience == "business" %}{{ t(key="audience-business", lang=lang | default(value='sk')) }}{% else %}{{ t(key="audience-personal", lang=lang | default(value='sk')) }}{% endif %}
</p>
</div>
{{ ui::button(variant="outline-secondary", label=t(key="cancel", lang=lang | default(value='sk')), href="/admin/catalog/products?audience=" ~ audience, size="px-3 py-2 text-sm") }}
</div>
<form method="post" action="/admin/catalog/products/{{ product.id }}/discount?audience={{ audience }}"
x-data="{
mode: '{{ mode }}',
fixed: '{{ fixed }}',
percent: '{{ percent }}',
regular: {{ product.regular_cents }},
num(v) { let n = parseFloat(String(v).replace(',', '.')); return isFinite(n) ? n : null; },
get afterCents() {
if (this.mode === 'percent') {
let p = this.num(this.percent); if (p === null) return null;
return this.regular - Math.round(this.regular * p / 100);
}
let f = this.num(this.fixed); if (f === null) return null;
return Math.round(f * 100);
},
money(c) { return (c / 100).toFixed(2); },
get valid() { let a = this.afterCents; return a !== null && a > 0 && a < this.regular; },
get percentOff() { let a = this.afterCents; return (a === null || this.regular <= 0) ? null : Math.round((this.regular - a) / this.regular * 100); }
}"
class="mt-6 max-w-md space-y-5 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
{{ ui::csrf_field() }}
{% if error %}
{{ ui::alert_danger(message=t(key=error, lang=lang | default(value='sk'))) }}
{% endif %}
<div class="flex items-center justify-between gap-3 rounded-radius bg-surface-alt px-4 py-3 dark:bg-surface-dark/40">
<span class="text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="price", lang=lang | default(value='sk')) }}</span>
<span class="font-semibold tabular-nums text-on-surface-strong dark:text-on-surface-dark-strong">{{ product.regular_price }} {{ product.currency }}</span>
</div>
<!-- mode toggle -->
<div class="grid grid-cols-2 gap-2">
<label class="flex cursor-pointer items-center justify-center gap-2 rounded-radius border px-3 py-2 text-sm transition"
:class="mode === 'fixed' ? 'border-primary bg-primary/10 text-on-surface-strong dark:border-primary-dark dark:bg-primary-dark/10 dark:text-on-surface-dark-strong' : 'border-outline text-on-surface dark:border-outline-dark dark:text-on-surface-dark'">
<input type="radio" name="mode" value="fixed" x-model="mode" class="sr-only">
{{ t(key="discount-mode-fixed", lang=lang | default(value='sk')) }}
</label>
<label class="flex cursor-pointer items-center justify-center gap-2 rounded-radius border px-3 py-2 text-sm transition"
:class="mode === 'percent' ? 'border-primary bg-primary/10 text-on-surface-strong dark:border-primary-dark dark:bg-primary-dark/10 dark:text-on-surface-dark-strong' : 'border-outline text-on-surface dark:border-outline-dark dark:text-on-surface-dark'">
<input type="radio" name="mode" value="percent" x-model="mode" class="sr-only">
{{ t(key="discount-mode-percent", lang=lang | default(value='sk')) }}
</label>
</div>
<!-- fixed price input -->
<div class="space-y-1.5" x-show="mode === 'fixed'">
<label for="sale_price" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="sale-price", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="sale_price", id="sale_price", value=fixed, placeholder="0.00", attrs='inputmode="decimal" x-model="fixed"') }}
</div>
<!-- percentage input -->
<div class="space-y-1.5" x-show="mode === 'percent'">
<label for="percent" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="discount-percent", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="percent", id="percent", value=percent, placeholder="0", attrs='inputmode="decimal" min="0" max="100" x-model="percent"') }}
</div>
<!-- live preview -->
<div x-show="afterCents !== null" x-cloak
class="space-y-2 rounded-radius border border-outline bg-surface-alt px-4 py-3 dark:border-outline-dark dark:bg-surface-dark/40">
<div class="flex items-center justify-between gap-3 text-sm">
<span class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="discount-preview-before", lang=lang | default(value='sk')) }}</span>
<span class="tabular-nums text-on-surface/60 line-through dark:text-on-surface-dark/60"><span x-text="money(regular)"></span> {{ product.currency }}</span>
</div>
<div class="flex items-center justify-between gap-3">
<span class="text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="discount-preview-after", lang=lang | default(value='sk')) }}</span>
<span class="text-lg font-semibold tabular-nums" :class="valid ? 'text-danger' : 'text-on-surface/40 dark:text-on-surface-dark/40'">
<span x-text="money(afterCents)"></span> {{ product.currency }}
</span>
</div>
<div x-show="valid" class="flex items-center justify-between gap-3 text-xs text-on-surface/60 dark:text-on-surface-dark/60">
<span>{{ t(key="discount-preview-save", lang=lang | default(value='sk')) }}</span>
<span class="tabular-nums"><span x-text="money(regular - afterCents)"></span> {{ product.currency }} (<span x-text="percentOff"></span>%)</span>
</div>
<p x-show="!valid" class="text-xs text-danger">{{ t(key="discount-below-regular", lang=lang | default(value='sk')) }}</p>
</div>
<div class="flex flex-wrap gap-3 pt-2">
{{ ui::button(label=t(key="save", lang=lang | default(value='sk')), type="submit", attrs=`onclick="return confirm('` ~ t(key="discount-apply-confirm", lang=lang | default(value='sk')) ~ `')"`) }}
{% if has_discount %}
{{ ui::button(variant="outline-danger", label=t(key="remove-discount", lang=lang | default(value='sk')), type="submit", attrs=`formaction="/admin/catalog/products/` ~ product.id ~ `/discount/remove?audience=` ~ audience ~ `" onclick="return confirm('` ~ t(key="discount-remove-confirm", lang=lang | default(value='sk')) ~ `')"`) }}
{% endif %}
</div>
</form>
{% endblock content %}

71
assets/views/admin/catalog/discount_profile_form.html Normal file
View File

@@ -0,0 +1,71 @@
{% extends "admin/base.html" %}
{% import "macros/ui.html" as ui %}
{% block title %}{% if profile %}{{ t(key="edit-profile", lang=lang | default(value='sk')) }}{% else %}{{ t(key="new-profile", lang=lang | default(value='sk')) }}{% endif %}{% endblock title %}
{% block crumb %}{{ t(key="admin-discount-profiles", lang=lang | default(value='sk')) }}{% endblock crumb %}
{% block content %}
<div class="flex items-center justify-between gap-3">
<h1 class="text-2xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">
{% if profile %}{{ t(key="edit-profile", lang=lang | default(value='sk')) }}{% else %}{{ t(key="new-profile", lang=lang | default(value='sk')) }}{% endif %}
</h1>
{{ ui::button(variant="outline-secondary", label=t(key="cancel", lang=lang | default(value='sk')), href="/admin/catalog/discount-profiles", size="px-3 py-2 text-sm") }}
</div>
{% if profile %}{% set v_name = profile.name %}{% set v_percent = profile.percent %}{% set v_scope = profile.scope_type %}
{% else %}{% set v_name = "" %}{% set v_percent = "" %}{% set v_scope = "include" %}{% endif %}
<form method="post"
action="{% if profile %}/admin/catalog/discount-profiles/{{ profile.id }}{% else %}/admin/catalog/discount-profiles{% endif %}"
class="mt-6 space-y-5 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
{{ ui::csrf_field() }}
{% if error %}{{ ui::alert_danger(message=t(key=error, lang=lang | default(value='sk'))) }}{% endif %}
<div class="grid gap-5 sm:grid-cols-2">
<div class="space-y-1.5">
<label for="name" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="name", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="name", id="name", required=true, value=v_name) }}
</div>
<div class="space-y-1.5">
<label for="percent" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="discount-percent", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="percent", id="percent", required=true, value=v_percent, placeholder="0", attrs='inputmode="decimal" min="0" max="100"') }}
</div>
</div>
<fieldset class="space-y-2">
<legend class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="scope", lang=lang | default(value='sk')) }}</legend>
<label class="flex items-center gap-2 text-sm text-on-surface dark:text-on-surface-dark">
<input type="radio" name="scope_type" value="include" {% if v_scope != "all_except" %}checked{% endif %}>
{{ t(key="scope-include-hint", lang=lang | default(value='sk')) }}
</label>
<label class="flex items-center gap-2 text-sm text-on-surface dark:text-on-surface-dark">
<input type="radio" name="scope_type" value="all_except" {% if v_scope == "all_except" %}checked{% endif %}>
{{ t(key="scope-all-except-hint", lang=lang | default(value='sk')) }}
</label>
</fieldset>
<div class="space-y-1.5">
<span class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="products", lang=lang | default(value='sk')) }}</span>
<div class="max-h-72 overflow-y-auto rounded-radius border border-outline p-3 dark:border-outline-dark">
{% if products | length > 0 %}
<div class="grid gap-2 sm:grid-cols-2">
{% for product in products %}
<label class="flex items-center gap-2 text-sm text-on-surface dark:text-on-surface-dark">
<input type="checkbox" name="product_ids" value="{{ product.id }}" {% if product.selected %}checked{% endif %}>
{{ product.name }}
</label>
{% endfor %}
</div>
{% else %}
<p class="text-sm text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="admin-no-products", lang=lang | default(value='sk')) }}</p>
{% endif %}
</div>
</div>
<div class="flex gap-3 pt-2">
{{ ui::button(label=t(key="save", lang=lang | default(value='sk')), type="submit") }}
{{ ui::button(variant="outline-secondary", label=t(key="cancel", lang=lang | default(value='sk')), href="/admin/catalog/discount-profiles") }}
</div>
</form>
{% endblock content %}

58
assets/views/admin/catalog/discount_profiles.html Normal file
View File

@@ -0,0 +1,58 @@
{% extends "admin/base.html" %}
{% import "macros/ui.html" as ui %}
{% block title %}{{ t(key="admin-discount-profiles", lang=lang | default(value='sk')) }}{% endblock title %}
{% block crumb %}{{ t(key="admin-discount-profiles", lang=lang | default(value='sk')) }}{% endblock crumb %}
{% block content %}
<div class="flex flex-wrap items-end justify-between gap-3">
<div>
<h1 class="text-2xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="admin-discount-profiles", lang=lang | default(value='sk')) }}</h1>
<p class="text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="admin-discount-profiles-desc", lang=lang | default(value='sk')) }}</p>
</div>
{{ ui::button(label=t(key="new-profile", lang=lang | default(value='sk')), href="/admin/catalog/discount-profiles/new") }}
</div>
<div class="mt-6 {{ ui::table_wrap_cls() }}">
{% if profiles | length > 0 %}
<table class="{{ ui::table_cls() }}">
<thead class="{{ ui::thead_cls() }}">
<tr>
{{ ui::th(label=t(key="name", lang=lang | default(value='sk'))) }}
{{ ui::th(label=t(key="discount-percent", lang=lang | default(value='sk'))) }}
{{ ui::th(label=t(key="scope", lang=lang | default(value='sk'))) }}
{{ ui::th(label=t(key="products", lang=lang | default(value='sk'))) }}
{{ ui::th(label=t(key="actions", lang=lang | default(value='sk')), align="text-right") }}
</tr>
</thead>
<tbody class="{{ ui::tbody_cls() }}">
{% for profile in profiles %}
<tr class="{{ ui::row_cls() }}">
<td class="px-4 py-3 font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ profile.name }}</td>
<td class="px-4 py-3 tabular-nums">{{ profile.percent }}%</td>
<td class="px-4 py-3">
{% if profile.scope_type == "all_except" %}{{ t(key="scope-all-except", lang=lang | default(value='sk')) }}{% else %}{{ t(key="scope-include", lang=lang | default(value='sk')) }}{% endif %}
</td>
<td class="px-4 py-3 tabular-nums">{{ profile.product_count }}</td>
<td class="px-4 py-3">
<div class="flex flex-wrap justify-end gap-2">
{{ ui::button(variant="outline-secondary", label=t(key="edit", lang=lang | default(value='sk')), href="/admin/catalog/discount-profiles/" ~ profile.id ~ "/edit", size="px-3 py-1.5 text-xs") }}
<form method="post" action="/admin/catalog/discount-profiles/{{ profile.id }}/delete"
onsubmit="return confirm('{{ t(key="confirm-delete", lang=lang | default(value='sk')) }}')">
{{ ui::csrf_field() }}
{{ ui::button(variant="outline-danger", label=t(key="delete", lang=lang | default(value='sk')), type="submit", size="px-3 py-1.5 text-xs") }}
</form>
</div>
</td>
</tr>
{% endfor %}
</tbody>
</table>
{% else %}
<div class="flex flex-col items-center gap-3 px-4 py-16 text-center">
<p class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="admin-no-profiles", lang=lang | default(value='sk')) }}</p>
{{ ui::button(label=t(key="new-profile", lang=lang | default(value='sk')), href="/admin/catalog/discount-profiles/new") }}
</div>
{% endif %}
</div>
{% endblock content %}

178
assets/views/admin/catalog/product_form.html
View File

@@ -15,40 +15,98 @@
<form method="post" enctype="multipart/form-data"
action="{% if product %}/admin/catalog/products/{{ product.id }}{% else %}/admin/catalog/products{% endif %}"
class="mt-6 space-y-5 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
{{ ui::csrf_field() }}
{% if product %}
{% set v_name = product.name %}{% set v_price = product.price %}{% set v_currency = product.currency %}{% set v_stock = product.stock %}{% set v_sku = product.sku | default(value="") %}{% set v_slug = product.slug %}{% set v_desc = product.description | default(value="") %}{% set v_pub = product.published %}
{% set v_name = product.name %}{% set v_currency = product.currency %}{% set v_desc = product.description | default(value="") %}{% set v_pub = product.published %}
{% else %}
{% set v_name = "" %}{% set v_price = "" %}{% set v_currency = "EUR" %}{% set v_stock = 0 %}{% set v_sku = "" %}{% set v_slug = "" %}{% set v_desc = "" %}{% set v_pub = false %}
{% set v_name = "" %}{% set v_currency = "EUR" %}{% set v_desc = "" %}{% set v_pub = false %}
{% endif %}
{% set inp = "w-full rounded-radius border border-outline bg-surface-alt px-3 py-2 text-sm text-on-surface focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-primary dark:border-outline-dark dark:bg-surface-dark-alt/50 dark:text-on-surface-dark dark:focus-visible:outline-primary-dark" %}
{% set sublabel = "text-xs font-medium text-on-surface/70 dark:text-on-surface-dark/70" %}
<div class="space-y-1.5">
<label for="name" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="name", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="name", id="name", required=true, value=v_name) }}
</div>
<div class="grid gap-5 sm:grid-cols-2">
<div class="space-y-1.5">
<label for="price" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="price", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="price", id="price", required=true, value=v_price, placeholder="0.00", attrs='inputmode="decimal"') }}
</div>
<div class="space-y-1.5">
<label for="currency" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="currency", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="currency", id="currency", value=v_currency, attrs='maxlength="3"', extra="uppercase") }}
</div>
<div class="space-y-1.5 sm:max-w-[10rem]">
<label for="currency" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="currency", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="currency", id="currency", value=v_currency, attrs='maxlength="3"', extra="uppercase") }}
</div>
<div class="grid gap-5 sm:grid-cols-2">
<div class="space-y-1.5">
<label for="stock" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="stock", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="stock", id="stock", type="number", value=v_stock, attrs='min="0"') }}
</div>
<div class="space-y-1.5">
<label for="sku" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="sku", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="sku", id="sku", value=v_sku) }}
{# --- Variants / options editor ------------------------------------------- #}
{# Each product is sold as one or more variants (a free-text label such as #}
{# "10cm x 13cm" or "5ml" plus its own price). Price is required. Stock is #}
{# optional — leave it blank ("∞") to mark the option simply available (not #}
{# inventory-tracked). SKU and business price are optional too. Rows are #}
{# managed client-side; names are indexed (variants[i][…]) and read back by #}
{# the controller. #}
{% set opt = " (" ~ t(key="optional", lang=lang | default(value='sk')) ~ ")" %}
<script id="variants-data" type="application/json">{{ variants | json_encode() | safe }}</script>
<div class="space-y-3" x-data="variantEditor(JSON.parse(document.getElementById('variants-data').textContent))">
<div class="flex items-center justify-between">
<span class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="variants-options", lang=lang | default(value='sk')) }}</span>
<button type="button" @click="add()"
class="rounded-radius border border-outline px-3 py-1.5 text-sm font-medium text-on-surface hover:bg-surface-alt dark:border-outline-dark dark:text-on-surface-dark dark:hover:bg-surface-dark-alt/50">
+ {{ t(key="add-option", lang=lang | default(value='sk')) }}
</button>
</div>
<template x-for="(row, i) in rows" :key="i">
<div class="flex items-end gap-3 rounded-radius border border-outline bg-surface-alt/40 p-3 dark:border-outline-dark dark:bg-surface-dark-alt/30">
<input type="hidden" :name="`variants[${i}][id]`" :value="row.id">
{# items-end bottom-aligns every input regardless of how many lines each
label takes, so the row stays aligned even with the "(optional)" notes. #}
<div class="grid flex-1 grid-cols-2 gap-3 sm:grid-cols-12 sm:items-end">
<div class="space-y-1 col-span-2 sm:col-span-4">
<label class="{{ sublabel }} block truncate">{{ t(key="option-label", lang=lang | default(value='sk')) }}{{ opt }}</label>
<input :name="`variants[${i}][label]`" x-model="row.label" class="{{ inp }}" placeholder="napr. 10cm x 13cm">
</div>
<div class="space-y-1 sm:col-span-2">
<label class="{{ sublabel }} block truncate">{{ t(key="sku", lang=lang | default(value='sk')) }}{{ opt }}</label>
<input :name="`variants[${i}][sku]`" x-model="row.sku" class="{{ inp }}">
</div>
<div class="space-y-1 sm:col-span-2">
<label class="{{ sublabel }} block truncate">{{ t(key="stock", lang=lang | default(value='sk')) }}{{ opt }}</label>
<input type="number" min="0" :name="`variants[${i}][stock]`" x-model="row.stock" class="{{ inp }}" placeholder="∞" title="{{ t(key='stock-untracked-hint', lang=lang | default(value='sk')) }}">
</div>
<div class="space-y-1 sm:col-span-2">
<label class="{{ sublabel }} block truncate">{{ t(key="price", lang=lang | default(value='sk')) }}</label>
<input :name="`variants[${i}][price]`" x-model="row.price" inputmode="decimal" required class="{{ inp }}" placeholder="0.00">
</div>
<div class="space-y-1 sm:col-span-2">
<label class="{{ sublabel }} block truncate">{{ t(key="business-price", lang=lang | default(value='sk')) }}{{ opt }}</label>
<input :name="`variants[${i}][business_sale]`" x-model="row.business_sale" inputmode="decimal" class="{{ inp }}" placeholder="—">
</div>
</div>
<button type="button" @click="remove(i)"
class="mb-1 shrink-0 rounded-radius px-2 py-2 text-sm text-danger hover:bg-danger/10" title="{{ t(key='delete', lang=lang | default(value='sk')) }}"></button>
</div>
</template>
</div>
<script>
function variantEditor(initial) {
const blank = () => ({ id: '', label: '', sku: '', stock: '', price: '', business_sale: '' });
return {
rows: (initial || []).map(r => ({
id: r.id || '',
label: r.label || '',
sku: r.sku || '',
stock: (r.stock === null || r.stock === undefined) ? '' : r.stock,
price: r.price || '',
business_sale: r.business_sale || '',
})),
init() { if (this.rows.length === 0) this.add(); },
add() { this.rows.push(blank()); },
remove(i) { this.rows.splice(i, 1); if (this.rows.length === 0) this.add(); },
};
}
</script>
<div class="space-y-1.5">
<label for="category_id" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="category", lang=lang | default(value='sk')) }}</label>
<div class="relative">
@@ -63,22 +121,82 @@
</div>
</div>
<div class="space-y-1.5">
<label for="slug" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="slug", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="slug", id="slug", value=v_slug, placeholder=t(key='slug-auto', lang=lang | default(value='sk'))) }}
</div>
<div class="space-y-1.5">
<label for="description" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="description", lang=lang | default(value='sk')) }}</label>
{{ ui::textarea(name="description", id="description", rows="5", value=v_desc) }}
</div>
<div class="space-y-1.5">
<label for="image" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="image", lang=lang | default(value='sk')) }}</label>
{% if product and product.image %}
<img src="/images/{{ product.image }}" alt="" class="size-24 rounded-radius object-cover">
{% endif %}
{{ ui::file_input(name="image", id="image", accept="image/*") }}
{# --- Images gallery ------------------------------------------------------- #}
{# Existing images are reorderable (drag) and removable; the kept set is #}
{# submitted in order as repeated `existing_images` ids. New uploads accumulate #}
{# across separate "Add images" clicks into a DataTransfer that backs the hidden #}
{# `image` input (a native file input would otherwise replace its selection on #}
{# every pick); the controller stores and appends them after the kept images. #}
<script id="images-data" type="application/json">{% if product %}{{ product.images | json_encode() | safe }}{% else %}[]{% endif %}</script>
<div class="space-y-2" x-data="{
images: JSON.parse(document.getElementById('images-data').textContent),
staged: [],
dt: new DataTransfer(),
dragIndex: null,
onDrop(i) {
if (this.dragIndex === null || this.dragIndex === i) { this.dragIndex = null; return; }
this.images.splice(i, 0, this.images.splice(this.dragIndex, 1)[0]);
this.dragIndex = null;
},
addFiles(e) {
for (const f of e.target.files) { this.dt.items.add(f); this.staged.push({ url: URL.createObjectURL(f) }); }
this.$refs.holder.files = this.dt.files;
e.target.value = '';
},
removeStaged(i) {
this.dt.items.remove(i);
URL.revokeObjectURL(this.staged[i].url);
this.staged.splice(i, 1);
this.$refs.holder.files = this.dt.files;
},
}">
<span class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="images", lang=lang | default(value='sk')) }}</span>
<p class="{{ sublabel }}">{{ t(key="gallery-hint", lang=lang | default(value='sk')) }}</p>
<div class="flex flex-wrap gap-3" x-show="images.length || staged.length">
<template x-for="(im, i) in images" :key="im.id">
<div draggable="true"
@dragstart="dragIndex = i"
@dragover.prevent
@drop.prevent="onDrop(i)"
:class="dragIndex === i ? 'opacity-50' : ''"
class="group relative size-24 cursor-move overflow-hidden rounded-radius border border-outline dark:border-outline-dark">
<input type="hidden" name="existing_images" :value="im.id">
<img :src="`/images/${im.image_id}`" alt="" class="size-full object-cover">
<span x-show="i === 0"
class="absolute left-1 top-1 rounded-radius bg-primary px-1.5 py-0.5 text-[10px] font-semibold text-on-primary dark:bg-primary-dark dark:text-on-primary-dark">{{ t(key="main-image", lang=lang | default(value='sk')) }}</span>
<button type="button" @click="images.splice(i, 1)"
class="absolute right-1 top-1 flex size-5 items-center justify-center rounded-full bg-surface/70 text-xs text-danger opacity-0 transition group-hover:opacity-100 dark:bg-surface-dark/70"
title="{{ t(key='delete', lang=lang | default(value='sk')) }}"></button>
</div>
</template>
{# Newly staged uploads (not yet saved): previews + remove. #}
<template x-for="(f, i) in staged" :key="f.url">
<div class="group relative size-24 overflow-hidden rounded-radius border border-dashed border-outline dark:border-outline-dark">
<img :src="f.url" alt="" class="size-full object-cover">
<span x-show="images.length === 0 && i === 0"
class="absolute left-1 top-1 rounded-radius bg-primary px-1.5 py-0.5 text-[10px] font-semibold text-on-primary dark:bg-primary-dark dark:text-on-primary-dark">{{ t(key="main-image", lang=lang | default(value='sk')) }}</span>
<button type="button" @click="removeStaged(i)"
class="absolute right-1 top-1 flex size-5 items-center justify-center rounded-full bg-surface/70 text-xs text-danger opacity-0 transition group-hover:opacity-100 dark:bg-surface-dark/70"
title="{{ t(key='delete', lang=lang | default(value='sk')) }}"></button>
</div>
</template>
</div>
{# Hidden input carries the accumulated files on submit; the visible picker #}
{# only feeds addFiles() and is reset after each pick so selections stack. #}
<input type="file" name="image" multiple class="hidden" x-ref="holder">
<input type="file" accept="image/*" multiple class="hidden" x-ref="picker" @change="addFiles($event)">
<button type="button" @click="$refs.picker.click()"
class="rounded-radius border border-outline px-3 py-1.5 text-sm font-medium text-on-surface hover:bg-surface-alt dark:border-outline-dark dark:text-on-surface-dark dark:hover:bg-surface-dark-alt/50">
+ {{ t(key="add-images", lang=lang | default(value='sk')) }}
</button>
</div>
{{ ui::checkbox(name="published", id="published", label=t(key="published", lang=lang | default(value='sk')), checked=v_pub) }}

74
assets/views/admin/catalog/products.html
View File

@@ -3,8 +3,10 @@
{% block title %}{{ t(key="admin-products", lang=lang | default(value='sk')) }}{% endblock title %}
{% block crumb %}{{ t(key="admin-products", lang=lang | default(value='sk')) }}{% endblock crumb %}
{% block main_class %}max-w-none{% endblock main_class %}
{% block content %}
{% set business = audience == "business" %}
<div class="flex flex-wrap items-end justify-between gap-3">
<div>
<h1 class="text-2xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="admin-products", lang=lang | default(value='sk')) }}</h1>
@@ -13,13 +15,76 @@
{{ ui::button(label=t(key="new-product", lang=lang | default(value='sk')), href="/admin/catalog/products/new") }}
</div>
<div class="mt-6 {{ ui::table_wrap_cls() }}">
<!-- audience tabs -->
<div class="mt-4 inline-flex rounded-radius border border-outline p-1 dark:border-outline-dark">
<a href="/admin/catalog/products?audience=personal"
class="rounded-radius px-4 py-1.5 text-sm font-medium {% if not business %}bg-primary/10 text-on-surface-strong dark:bg-primary-dark/10 dark:text-on-surface-dark-strong{% else %}text-on-surface/70 dark:text-on-surface-dark/70{% endif %}">
{{ t(key="audience-personal", lang=lang | default(value='sk')) }}
</a>
<a href="/admin/catalog/products?audience=business"
class="rounded-radius px-4 py-1.5 text-sm font-medium {% if business %}bg-primary/10 text-on-surface-strong dark:bg-primary-dark/10 dark:text-on-surface-dark-strong{% else %}text-on-surface/70 dark:text-on-surface-dark/70{% endif %}">
{{ t(key="audience-business", lang=lang | default(value='sk')) }}
</a>
</div>
{% set category_base = "/admin/catalog/products" %}
{% set category_suffix = "&audience=" ~ audience %}
<div class="mt-4 flex flex-col gap-6 md:flex-row md:items-start">
{% include "admin/partials/category_filter.html" %}
<!-- discount profiles applied to this audience -->
<section class="min-w-0 flex-1 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
<h2 class="text-lg font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="discount-profiles", lang=lang | default(value='sk')) }}</h2>
<p class="mt-1 text-sm text-on-surface/70 dark:text-on-surface-dark/70">
{% if business %}{{ t(key="apply-profiles-business-hint", lang=lang | default(value='sk')) }}{% else %}{{ t(key="apply-profiles-personal-hint", lang=lang | default(value='sk')) }}{% endif %}
</p>
{% if profiles | length > 0 %}
<form method="post" action="/admin/catalog/products/profiles?audience={{ audience }}" class="mt-3 space-y-3"
hx-post="/admin/catalog/products/profiles/preview?audience={{ audience }}&category={{ selected_category }}"
hx-trigger="change"
hx-swap="none"
x-data="{
orig: { {% for p in profiles %}'{{ p.id }}': {% if p.assigned %}true{% else %}false{% endif %}{% if not loop.last %}, {% endif %}{% endfor %} },
sel: { {% for p in profiles %}'{{ p.id }}': {% if p.assigned %}true{% else %}false{% endif %}{% if not loop.last %}, {% endif %}{% endfor %} },
get changed() { return Object.keys(this.orig).some(k => this.orig[k] !== this.sel[k]) }
}"
onsubmit="return confirm('{{ t(key="discount-apply-confirm", lang=lang | default(value='sk')) }}')">
{{ ui::csrf_field() }}
<div class="grid gap-2 sm:grid-cols-2">
{% for profile in profiles %}
<label class="flex items-center gap-2 text-sm text-on-surface dark:text-on-surface-dark">
<input type="checkbox" name="profile_ids" value="{{ profile.id }}" x-model="sel['{{ profile.id }}']" {% if profile.assigned %}checked{% endif %}>
<span>{{ profile.name }} <span class="text-on-surface/60 dark:text-on-surface-dark/60">({{ profile.percent }}%, {% if profile.scope_type == "all_except" %}{{ t(key="scope-all-except", lang=lang | default(value='sk')) }}{% else %}{{ t(key="scope-include", lang=lang | default(value='sk')) }}{% endif %})</span></span>
<span x-cloak x-show="sel['{{ profile.id }}'] && orig['{{ profile.id }}']" class="inline-flex items-center rounded-radius border border-success px-1.5 py-0.5 text-xs font-medium text-success">{{ t(key="profile-applied", lang=lang | default(value='sk')) }}</span>
<span x-cloak x-show="sel['{{ profile.id }}'] && !orig['{{ profile.id }}']" class="inline-flex items-center rounded-radius border border-primary px-1.5 py-0.5 text-xs font-medium text-primary dark:border-primary-dark dark:text-primary-dark">{{ t(key="profile-will-apply", lang=lang | default(value='sk')) }}</span>
<span x-cloak x-show="!sel['{{ profile.id }}'] && orig['{{ profile.id }}']" class="inline-flex items-center rounded-radius border border-warning px-1.5 py-0.5 text-xs font-medium text-warning">{{ t(key="profile-will-remove", lang=lang | default(value='sk')) }}</span>
</label>
{% endfor %}
</div>
<div class="flex items-center gap-3">
{{ ui::button(label=t(key="save", lang=lang | default(value='sk')), type="submit", size="px-4 py-2 text-sm", attrs='x-bind:disabled="!changed"') }}
<span x-cloak x-show="changed" class="text-xs font-medium text-warning">{{ t(key="profiles-unsaved", lang=lang | default(value='sk')) }}</span>
<span x-cloak x-show="!changed" class="text-xs text-on-surface/50 dark:text-on-surface-dark/50">{{ t(key="profiles-no-changes", lang=lang | default(value='sk')) }}</span>
</div>
</form>
{% else %}
<p class="mt-2 text-sm text-on-surface/70 dark:text-on-surface-dark/70">
{{ t(key="admin-no-profiles", lang=lang | default(value='sk')) }}
<a href="/admin/catalog/discount-profiles/new" class="text-primary dark:text-primary-dark">{{ t(key="new-profile", lang=lang | default(value='sk')) }}</a>
</p>
{% endif %}
</section>
</div>
<div class="mt-4 {{ ui::table_wrap_cls() }}">
{% if products | length > 0 %}
<table class="{{ ui::table_cls() }}">
<thead class="{{ ui::thead_cls() }}">
<tr>
{{ ui::th(label=t(key="product", lang=lang | default(value='sk'))) }}
{{ ui::th(label=t(key="price", lang=lang | default(value='sk'))) }}
{{ ui::th(label=t(key="variants-options", lang=lang | default(value='sk'))) }}
{{ ui::th(label=t(key="effective-price", lang=lang | default(value='sk'))) }}
{{ ui::th(label=t(key="stock", lang=lang | default(value='sk'))) }}
{{ ui::th(label=t(key="status", lang=lang | default(value='sk'))) }}
{{ ui::th(label=t(key="actions", lang=lang | default(value='sk')), align="text-right") }}
@@ -41,7 +106,11 @@
</div>
</div>
</td>
<td class="px-4 py-3 tabular-nums">{{ product.price }} {{ product.currency }}</td>
<td class="px-4 py-3 tabular-nums">{% if product.has_options %}{{ t(key="from-price", price=product.regular_price, lang=lang | default(value='sk')) }}{% else %}{{ product.regular_price }}{% endif %} {{ product.currency }}</td>
<td class="px-4 py-3 tabular-nums">{{ product.variant_count }}</td>
<td class="px-4 py-3 tabular-nums">
<span id="eff-{{ product.id }}">{{ ui::eff_price(p=product) }}</span>
</td>
<td class="px-4 py-3 tabular-nums">{{ product.stock }}</td>
<td class="px-4 py-3">
{% if product.published %}
@@ -56,6 +125,7 @@
{{ ui::button(variant="outline-secondary", label=t(key="view", lang=lang | default(value='sk')), href="/shop/" ~ product.slug, size="px-3 py-1.5 text-xs") }}
<form method="post" action="/admin/catalog/products/{{ product.id }}/delete"
onsubmit="return confirm('{{ t(key="confirm-delete", lang=lang | default(value='sk')) }}')">
{{ ui::csrf_field() }}
{{ ui::button(variant="outline-danger", label=t(key="delete", lang=lang | default(value='sk')), type="submit", size="px-3 py-1.5 text-xs") }}
</form>
</div>

45
assets/views/admin/customers/index.html Normal file
View File

@@ -0,0 +1,45 @@
{% extends "admin/base.html" %}
{% import "macros/ui.html" as ui %}
{% block title %}{{ t(key="admin-customers", lang=lang | default(value='sk')) }}{% endblock title %}
{% block crumb %}{{ t(key="admin-customers", lang=lang | default(value='sk')) }}{% endblock crumb %}
{% block content %}
<div class="flex flex-wrap items-end justify-between gap-3">
<div>
<h1 class="text-2xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="admin-customers", lang=lang | default(value='sk')) }}</h1>
<p class="text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="admin-customers-desc", lang=lang | default(value='sk')) }}</p>
</div>
</div>
<div class="mt-6 {{ ui::table_wrap_cls() }}">
{% if customers | length > 0 %}
<table class="{{ ui::table_cls() }}">
<thead class="{{ ui::thead_cls() }}">
<tr>
{{ ui::th(label=t(key="name", lang=lang | default(value='sk'))) }}
{{ ui::th(label=t(key="email", lang=lang | default(value='sk'))) }}
{{ ui::th(label=t(key="negotiated-prices", lang=lang | default(value='sk'))) }}
{{ ui::th(label=t(key="actions", lang=lang | default(value='sk')), align="text-right") }}
</tr>
</thead>
<tbody class="{{ ui::tbody_cls() }}">
{% for customer in customers %}
<tr class="{{ ui::row_cls() }}">
<td class="px-4 py-3 font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ customer.name }}</td>
<td class="px-4 py-3 text-on-surface/70 dark:text-on-surface-dark/70">{{ customer.email }}</td>
<td class="px-4 py-3 tabular-nums">{{ customer.negotiated_count }}</td>
<td class="px-4 py-3 text-right">
{{ ui::button(variant="outline-secondary", label=t(key="manage-prices", lang=lang | default(value='sk')), href="/admin/customers/" ~ customer.id, size="px-3 py-1.5 text-xs") }}
</td>
</tr>
{% endfor %}
</tbody>
</table>
{% else %}
<div class="flex flex-col items-center gap-3 px-4 py-16 text-center">
<p class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="admin-no-customers", lang=lang | default(value='sk')) }}</p>
</div>
{% endif %}
</div>
{% endblock content %}

97
assets/views/admin/customers/price_form.html Normal file
View File

@@ -0,0 +1,97 @@
{% extends "admin/base.html" %}
{% import "macros/ui.html" as ui %}
{% block title %}{{ t(key="set-negotiated-price", lang=lang | default(value='sk')) }}{% endblock title %}
{% block crumb %}{{ t(key="admin-customers", lang=lang | default(value='sk')) }}{% endblock crumb %}
{% block content %}
<div class="flex items-center justify-between gap-3">
<div>
<div class="flex items-center gap-2">
<h1 class="text-2xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ product.name }}{% if product.variant_label %} <span class="text-on-surface/60 dark:text-on-surface-dark/60">· {{ product.variant_label }}</span>{% endif %}</h1>
{{ ui::badge(label=t(key="negotiated-price", lang=lang | default(value='sk')), variant="info") }}
</div>
<p class="text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ customer.name }}</p>
</div>
{{ ui::button(variant="outline-secondary", label=t(key="back", lang=lang | default(value='sk')), href="/admin/customers/" ~ customer.id, size="px-3 py-2 text-sm") }}
</div>
{% if error %}
<div class="mt-4 max-w-md">{{ ui::alert_danger(message=t(key=error, lang=lang | default(value='sk'))) }}</div>
{% endif %}
<form method="post" action="/admin/customers/{{ customer.id }}/prices/{{ product.variant_id }}"
x-data="{
price: '{{ negotiated }}',
regular: {{ product.regular_cents }},
num(v) { let n = parseFloat(String(v).replace(',', '.')); return isFinite(n) ? n : null; },
get afterCents() { let f = this.num(this.price); return f === null ? null : Math.round(f * 100); },
money(c) { return (c / 100).toFixed(2); },
get valid() { let a = this.afterCents; return a !== null && a > 0; }
}"
class="mt-6 max-w-md space-y-5 rounded-radius border-2 border-secondary/60 bg-surface p-6 dark:border-secondary-dark/60 dark:bg-surface-dark-alt">
{{ ui::csrf_field() }}
<p class="text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="negotiated-price-hint", lang=lang | default(value='sk')) }}</p>
<!-- reference prices -->
<div class="space-y-2 rounded-radius bg-surface-alt px-4 py-3 dark:bg-surface-dark/40">
<div class="flex items-center justify-between gap-3 text-sm">
<span class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="price", lang=lang | default(value='sk')) }}</span>
<span class="tabular-nums text-on-surface-strong dark:text-on-surface-dark-strong">{{ product.regular_price }} {{ product.currency }}</span>
</div>
<div class="flex items-center justify-between gap-3 text-sm">
<span class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="business-price", lang=lang | default(value='sk')) }}</span>
<span class="tabular-nums {% if product.business_reduced %}font-medium text-danger{% else %}text-on-surface-strong dark:text-on-surface-dark-strong{% endif %}">{{ product.business_price }} {{ product.currency }}</span>
</div>
<div class="flex items-center justify-between gap-3 text-sm">
<span class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="effective-price", lang=lang | default(value='sk')) }}</span>
<span class="tabular-nums font-medium {% if product.effective_differs %}text-primary dark:text-primary-dark{% else %}text-on-surface-strong dark:text-on-surface-dark-strong{% endif %}">{{ product.effective_price }} {{ product.currency }}</span>
</div>
</div>
<!-- negotiated price input -->
<div class="space-y-1.5">
<label for="price" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="negotiated-price", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="price", id="price", value=negotiated, placeholder="0.00", attrs='inputmode="decimal" x-model="price"') }}
</div>
<!-- live preview -->
<div x-show="afterCents !== null" x-cloak
class="space-y-2 rounded-radius border border-outline bg-surface-alt px-4 py-3 dark:border-outline-dark dark:bg-surface-dark/40">
<div class="flex items-center justify-between gap-3">
<span class="text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="negotiated-price", lang=lang | default(value='sk')) }}</span>
<span class="text-lg font-semibold tabular-nums" :class="valid ? 'text-secondary dark:text-secondary-dark' : 'text-on-surface/40 dark:text-on-surface-dark/40'">
<span x-text="money(afterCents)"></span> {{ product.currency }}
</span>
</div>
<p x-show="!valid" class="text-xs text-danger">{{ t(key="discount-must-be-positive", lang=lang | default(value='sk')) }}</p>
</div>
<div class="flex flex-wrap gap-3 pt-2">
{{ ui::button(variant="secondary", label=t(key="save", lang=lang | default(value='sk')), type="submit") }}
{% if has_negotiated %}
{{ ui::button(variant="outline-danger", label=t(key="remove", lang=lang | default(value='sk')), type="submit", attrs=`formaction="/admin/customers/` ~ customer.id ~ `/prices/` ~ product.variant_id ~ `/remove" onclick="return confirm('` ~ t(key="negotiated-remove-confirm", lang=lang | default(value='sk')) ~ `')"`) }}
{% endif %}
</div>
</form>
{% if collision %}
<!-- collision resolution: two assigned profiles cover this product -->
<section class="mt-4 max-w-md rounded-radius border border-warning/60 bg-surface p-6 dark:bg-surface-dark-alt">
<div class="flex items-center gap-2">
<h2 class="text-lg font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="automated-price", lang=lang | default(value='sk')) }}</h2>
{{ ui::badge(label=t(key="collision", lang=lang | default(value='sk')), variant="warning") }}
</div>
<form method="post" action="/admin/customers/{{ customer.id }}/resolutions/{{ product.variant_id }}" class="mt-3 flex items-center gap-2">
{{ ui::csrf_field() }}
<select name="profile_id" class="rounded-radius border border-outline bg-surface-alt px-2 py-1.5 text-sm dark:border-outline-dark dark:bg-surface-dark-alt/50 dark:text-on-surface-dark">
{% for c in covering %}
<option value="{{ c.id }}" {% if c.id == auto_profile_id %}selected{% endif %}>{{ c.name }}</option>
{% endfor %}
</select>
{{ ui::button(label=t(key="resolve", lang=lang | default(value='sk')), type="submit", size="px-3 py-1.5 text-sm") }}
</form>
</section>
{% endif %}
{% endblock content %}

103
assets/views/admin/customers/show.html Normal file
View File

@@ -0,0 +1,103 @@
{% extends "admin/base.html" %}
{% import "macros/ui.html" as ui %}
{% block title %}{{ customer.name }}{% endblock title %}
{% block crumb %}{{ t(key="admin-customers", lang=lang | default(value='sk')) }}{% endblock crumb %}
{% block content %}
<div class="flex items-center justify-between gap-3">
<div>
<h1 class="text-2xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ customer.name }}</h1>
<p class="text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ customer.email }}</p>
</div>
{{ ui::button(variant="outline-secondary", label=t(key="back", lang=lang | default(value='sk')), href="/admin/customers", size="px-3 py-2 text-sm") }}
</div>
{% if error %}
<div class="mt-4">{{ ui::alert_danger(message=t(key=error, lang=lang | default(value='sk'))) }}</div>
{% endif %}
<!-- assigned discount profiles -->
<section class="mt-6 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
<h2 class="text-lg font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="discount-profiles", lang=lang | default(value='sk')) }}</h2>
{% if profiles | length > 0 %}
<form method="post" action="/admin/customers/{{ customer.id }}/profiles" class="mt-3 space-y-3">
{{ ui::csrf_field() }}
<div class="grid gap-2 sm:grid-cols-2">
{% for profile in profiles %}
<label class="flex items-center gap-2 text-sm text-on-surface dark:text-on-surface-dark">
<input type="checkbox" name="profile_ids" value="{{ profile.id }}" {% if profile.assigned %}checked{% endif %}>
<span>{{ profile.name }} <span class="text-on-surface/60 dark:text-on-surface-dark/60">({{ profile.percent }}%, {% if profile.scope_type == "all_except" %}{{ t(key="scope-all-except", lang=lang | default(value='sk')) }}{% else %}{{ t(key="scope-include", lang=lang | default(value='sk')) }}{% endif %})</span></span>
</label>
{% endfor %}
</div>
{{ ui::button(label=t(key="save", lang=lang | default(value='sk')), type="submit", size="px-4 py-2 text-sm") }}
</form>
{% else %}
<p class="mt-2 text-sm text-on-surface/70 dark:text-on-surface-dark/70">
{{ t(key="admin-no-profiles", lang=lang | default(value='sk')) }}
<a href="/admin/catalog/discount-profiles/new" class="text-primary dark:text-primary-dark">{{ t(key="new-profile", lang=lang | default(value='sk')) }}</a>
</p>
{% endif %}
</section>
<p class="mt-6 text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="negotiated-prices-hint", lang=lang | default(value='sk')) }}</p>
{% set category_base = "/admin/customers/" ~ customer.id %}
{% set category_suffix = "" %}
<div class="mt-3 flex flex-col gap-6 md:flex-row md:items-start">
{% include "admin/partials/category_filter.html" %}
<div class="min-w-0 flex-1 {{ ui::table_wrap_cls() }}">
{% if products | length > 0 %}
<table class="{{ ui::table_cls() }}">
<thead class="{{ ui::thead_cls() }}">
<tr>
{{ ui::th(label=t(key="product", lang=lang | default(value='sk'))) }}
{{ ui::th(label=t(key="business-price", lang=lang | default(value='sk'))) }}
{{ ui::th(label=t(key="effective-price", lang=lang | default(value='sk'))) }}
{{ ui::th(label=t(key="actions", lang=lang | default(value='sk')), align="text-right") }}
</tr>
</thead>
<tbody class="{{ ui::tbody_cls() }}">
{% for product in products %}
<tr class="{{ ui::row_cls() }}">
<td class="px-4 py-3 font-medium text-on-surface-strong dark:text-on-surface-dark-strong">
{{ product.name }}
{% if product.variant_label %}<span class="block text-xs font-normal text-on-surface/60 dark:text-on-surface-dark/60">{{ product.variant_label }}</span>{% endif %}
</td>
<td class="px-4 py-3 tabular-nums">
{% if product.business_reduced %}
<span class="font-medium text-danger">{{ product.business_price }} {{ product.currency }}</span>
<span class="ml-1 text-xs text-on-surface/50 line-through dark:text-on-surface-dark/50">{{ product.regular_price }}</span>
{% else %}
{{ product.business_price }} {{ product.currency }}
{% endif %}
</td>
<td class="px-4 py-3 tabular-nums">
<span class="font-medium {% if product.effective_differs %}text-primary dark:text-primary-dark{% else %}text-on-surface-strong dark:text-on-surface-dark-strong{% endif %}">{{ product.effective_price }} {{ product.currency }}</span>
{% if product.collision %}<span class="ml-1">{{ ui::badge(label=t(key="collision", lang=lang | default(value='sk')), variant="warning") }}</span>{% endif %}
</td>
<td class="px-4 py-3">
<div class="flex flex-wrap justify-end gap-2">
{{ ui::button(variant="outline-secondary", label=t(key="set-negotiated-price", lang=lang | default(value='sk')), href="/admin/customers/" ~ customer.id ~ "/prices/" ~ product.variant_id ~ "/edit", size="px-3 py-1.5 text-xs") }}
{% if product.has_negotiated %}
<form method="post" action="/admin/customers/{{ customer.id }}/prices/{{ product.variant_id }}/remove"
onsubmit="return confirm('{{ t(key="negotiated-remove-confirm", lang=lang | default(value='sk')) }}')">
{{ ui::csrf_field() }}
{{ ui::button(variant="outline-danger", label=t(key="remove", lang=lang | default(value='sk')), type="submit", size="px-3 py-1.5 text-xs") }}
</form>
{% endif %}
</div>
</td>
</tr>
{% endfor %}
</tbody>
</table>
{% else %}
<div class="flex flex-col items-center gap-3 px-4 py-16 text-center">
<p class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="admin-no-products", lang=lang | default(value='sk')) }}</p>
</div>
{% endif %}
</div>
</div>
{% endblock content %}

23
assets/views/admin/orders/show.html
View File

@@ -6,7 +6,15 @@
{% block content %}
<div class="flex flex-wrap items-center justify-between gap-3">
<h1 class="font-mono text-2xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ order.order_number }}</h1>
<div class="flex flex-wrap items-center gap-3">
<h1 class="font-mono text-2xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ order.order_number }}</h1>
{% if order.status == "delivered" %}{{ ui::badge(label=t(key="order-status-" ~ order.status, lang=lang | default(value='sk')), variant="success") }}
{% elif order.status == "shipped" %}{{ ui::badge(label=t(key="order-status-" ~ order.status, lang=lang | default(value='sk')), variant="primary") }}
{% elif order.status == "paid" %}{{ ui::badge(label=t(key="order-status-" ~ order.status, lang=lang | default(value='sk')), variant="info") }}
{% elif order.status == "cancelled" %}{{ ui::badge(label=t(key="order-status-" ~ order.status, lang=lang | default(value='sk')), variant="danger") }}
{% else %}{{ ui::badge(label=t(key="order-status-" ~ order.status, lang=lang | default(value='sk')), variant="warning") }}
{% endif %}
</div>
{{ ui::button(variant="outline-secondary", label=t(key="admin-orders", lang=lang | default(value='sk')), href="/admin/orders", size="px-3 py-2 text-sm") }}
</div>
@@ -28,7 +36,7 @@
<tbody class="{{ ui::tbody_cls() }}">
{% for item in items %}
<tr>
<td class="px-4 py-3">{{ item.product_name }}</td>
<td class="px-4 py-3">{{ item.product_name }}{% if item.variant_label %} <span class="text-on-surface/60 dark:text-on-surface-dark/60">· {{ item.variant_label }}</span>{% endif %}</td>
<td class="px-4 py-3 tabular-nums">{{ item.quantity }}</td>
<td class="px-4 py-3 text-right tabular-nums">{{ item.line_total }} {{ order.currency }}</td>
</tr>
@@ -52,6 +60,15 @@
<p class="text-on-surface/80 dark:text-on-surface-dark/80">{{ order.email }}</p>
{% if order.phone %}<p class="text-on-surface/80 dark:text-on-surface-dark/80">{{ order.phone }}</p>{% endif %}
</div>
{% if order.account_type == "company" %}
<div>
<p class="text-xs uppercase tracking-wide text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="account-company-details", lang=lang | default(value='sk')) }}</p>
<p class="font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ order.company_name }}</p>
<p class="text-on-surface/80 dark:text-on-surface-dark/80">{{ t(key="company-ico", lang=lang | default(value='sk')) }}: {{ order.company_id }}</p>
<p class="text-on-surface/80 dark:text-on-surface-dark/80">{{ t(key="company-dic", lang=lang | default(value='sk')) }}: {{ order.tax_id }}</p>
{% if order.vat_id %}<p class="text-on-surface/80 dark:text-on-surface-dark/80">{{ t(key="company-icdph", lang=lang | default(value='sk')) }}: {{ order.vat_id }}</p>{% endif %}
</div>
{% endif %}
<div>
<p class="text-xs uppercase tracking-wide text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="checkout-shipping", lang=lang | default(value='sk')) }}</p>
<p class="text-on-surface/80 dark:text-on-surface-dark/80">{{ order.address }}<br>{{ order.zip }} {{ order.city }}<br>{{ order.country }}</p>
@@ -93,6 +110,7 @@
<p class="text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="order-send-hint", lang=lang | default(value='sk')) }}</p>
<form method="post" action="/admin/orders/{{ order.id }}/ship"
onsubmit="return confirm('{{ t(key="order-send-confirm", lang=lang | default(value='sk')) }}')">
{{ ui::csrf_field() }}
{% set carrier_up = carrier | upper %}
{% set ship_label = t(key="order-send-to-carrier", lang=lang | default(value='sk')) ~ " " ~ carrier_up %}
{{ ui::button(label=ship_label, type="submit", extra="w-full") }}
@@ -101,6 +119,7 @@
</div>
<form method="post" action="/admin/orders/{{ order.id }}/status" class="space-y-3 rounded-radius border border-outline bg-surface p-5 dark:border-outline-dark dark:bg-surface-dark-alt">
{{ ui::csrf_field() }}
<label for="status" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="order-status", lang=lang | default(value='sk')) }}</label>
<div class="relative">
<select id="status" name="status"

75
assets/views/admin/partials/category_filter.html Normal file
View File

@@ -0,0 +1,75 @@
{# Category-filter sidebar for admin product listings. Clicking a category
reloads the page with `?category=<id>` so the table server-side filters to
that category and its descendants. Expects in context:
- category_groups: [{ id, name, count, children: [{ id, name, count }] }]
(from views::shop::admin_category_groups)
- selected_category: "all" | "none" | "<id>" — the active filter
- total_count, uncategorized_count: ints
- category_base: page path, e.g. "/admin/catalog/products"
- category_suffix: extra query appended after the category param, e.g.
"&audience=business", or "" — set by the including template.
The link treatment mirrors shop/_sidebar.html (Penguin UI), but active state
is server-driven via aria-current (these links share a path, differing only
by query, so markActiveNav() can't pick the active one — hence no data-nav).
Numeric compare uses `| int(default=0)` because Tera string==number is false. #}
{% set sel = selected_category | int(default=0) %}
{% set link_cls = "flex flex-1 items-center gap-2 truncate rounded-radius px-2 py-1.5 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-on-surface-strong focus:outline-hidden focus-visible:underline aria-[current=page]:bg-primary/10 aria-[current=page]:text-on-surface-strong dark:text-on-surface-dark dark:hover:bg-primary-dark/5 dark:hover:text-on-surface-dark-strong dark:aria-[current=page]:bg-primary-dark/10 dark:aria-[current=page]:text-on-surface-dark-strong" %}
<aside class="w-full shrink-0 md:w-56">
<p class="px-2 pb-2 text-xs font-semibold uppercase tracking-wide text-on-surface/60 dark:text-on-surface-dark/60">
{{ t(key="categories", lang=lang | default(value='sk')) }}
</p>
<div class="flex flex-col gap-1">
<a href="{{ category_base }}?category=all{{ category_suffix }}"
{% if selected_category == "all" %}aria-current="page"{% endif %} class="{{ link_cls }}">
<span class="flex-1 truncate">{{ t(key="all-products", lang=lang | default(value='sk')) }}</span>
<span class="text-xs text-on-surface/50 dark:text-on-surface-dark/50">{{ total_count }}</span>
</a>
{% for group in category_groups %}
{% set open_group = sel == group.id %}
{% for child in group.children %}{% if sel == child.id %}{% set_global open_group = true %}{% endif %}{% endfor %}
{% if group.children | length > 0 %}
<div x-data="{ open: {% if open_group %}true{% else %}false{% endif %} }" class="flex flex-col">
<div class="flex items-stretch">
<a href="{{ category_base }}?category={{ group.id }}{{ category_suffix }}"
{% if sel == group.id %}aria-current="page"{% endif %} class="{{ link_cls }} rounded-l-radius">
<span class="flex-1 truncate">{{ group.name }}</span>
<span class="text-xs text-on-surface/50 dark:text-on-surface-dark/50">{{ group.count }}</span>
</a>
<button type="button" x-on:click="open = ! open" x-bind:aria-expanded="open ? 'true' : 'false'"
aria-label="{{ group.name }}"
class="inline-flex w-8 shrink-0 items-center justify-center rounded-r-radius text-on-surface/60 transition hover:bg-primary/5 hover:text-on-surface-strong focus:outline-hidden focus-visible:underline dark:text-on-surface-dark/60 dark:hover:bg-primary-dark/5 dark:hover:text-on-surface-dark-strong">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20" fill="currentColor"
class="size-5 shrink-0 transition-transform rotate-0" x-bind:class="open ? 'rotate-180' : 'rotate-0'" aria-hidden="true">
<path fill-rule="evenodd" d="M5.22 8.22a.75.75 0 0 1 1.06 0L10 11.94l3.72-3.72a.75.75 0 1 1 1.06 1.06l-4.25 4.25a.75.75 0 0 1-1.06 0L5.22 9.28a.75.75 0 0 1 0-1.06Z" clip-rule="evenodd" />
</svg>
</button>
</div>
<ul x-show="open" x-cloak x-transition class="ml-3 mt-0.5 flex flex-col gap-0.5 border-l border-outline pl-1 dark:border-outline-dark">
{% for child in group.children %}
<li class="flex">
<a href="{{ category_base }}?category={{ child.id }}{{ category_suffix }}"
{% if sel == child.id %}aria-current="page"{% endif %}
class="flex flex-1 items-center gap-2 truncate rounded-radius px-2 py-1.5 text-sm text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-on-surface-strong focus:outline-hidden focus-visible:underline aria-[current=page]:bg-primary/10 aria-[current=page]:text-on-surface-strong dark:text-on-surface-dark dark:hover:bg-primary-dark/5 dark:hover:text-on-surface-dark-strong dark:aria-[current=page]:bg-primary-dark/10 dark:aria-[current=page]:text-on-surface-dark-strong">
<span class="flex-1 truncate">{{ child.name }}</span>
<span class="text-xs text-on-surface/50 dark:text-on-surface-dark/50">{{ child.count }}</span>
</a>
</li>
{% endfor %}
</ul>
</div>
{% else %}
<a href="{{ category_base }}?category={{ group.id }}{{ category_suffix }}"
{% if sel == group.id %}aria-current="page"{% endif %} class="{{ link_cls }}">
<span class="flex-1 truncate">{{ group.name }}</span>
<span class="text-xs text-on-surface/50 dark:text-on-surface-dark/50">{{ group.count }}</span>
</a>
{% endif %}
{% endfor %}
<a href="{{ category_base }}?category=none{{ category_suffix }}"
{% if selected_category == "none" %}aria-current="page"{% endif %} class="{{ link_cls }}">
<span class="flex-1 truncate">{{ t(key="uncategorized", lang=lang | default(value='sk')) }}</span>
<span class="text-xs text-on-surface/50 dark:text-on-surface-dark/50">{{ uncategorized_count }}</span>
</a>
</div>
</aside>

1
assets/views/admin/shipping/index.html
View File

@@ -14,6 +14,7 @@
{% for method in methods %}
<form method="post" action="/admin/shipping/{{ method.id }}"
class="flex flex-wrap items-end gap-4 rounded-radius border border-outline bg-surface p-5 dark:border-outline-dark dark:bg-surface-dark-alt">
{{ ui::csrf_field() }}
<div class="min-w-40">
<p class="font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ method.name }}</p>
<p class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ method.carrier | upper }}{% if method.requires_pickup_point %} · {{ t(key="checkout-pickup-point", lang=lang | default(value='sk')) }}{% endif %}</p>

11
assets/views/auth/login.html
View File

@@ -22,11 +22,15 @@
{% if error == "unverified" %}
{{ ui::alert_danger(message=t(key="login-error-unverified", lang=lang | default(value='sk')), extra="mt-3") }}
<p class="mt-2 text-sm text-on-surface dark:text-on-surface-dark">
<a href="/resend-verification" class="font-medium text-primary underline-offset-2 hover:underline dark:text-primary-dark">{{ t(key="login-resend", lang=lang | default(value='sk')) }}</a>
</p>
{% elif error %}
{{ ui::alert_danger(message=t(key="login-error", lang=lang | default(value='sk')), extra="mt-3") }}
{% endif %}
<form method="post" action="/login" hx-boost="false" class="mt-4 flex flex-col gap-4">
{{ ui::csrf_field() }}
<div class="flex flex-col gap-1">
<label for="email"
class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">
@@ -46,6 +50,13 @@
{{ ui::button(label=t(key="login-auth", lang=lang | default(value='sk')), type="submit", extra="mt-1 w-full") }}
</form>
<div class="mt-5 flex items-center gap-3 text-xs text-on-surface/50 dark:text-on-surface-dark/50">
<span class="h-px flex-1 bg-outline dark:bg-outline-dark"></span>
{{ t(key="auth-or", lang=lang | default(value='sk')) }}
<span class="h-px flex-1 bg-outline dark:bg-outline-dark"></span>
</div>
{{ ui::button(label=t(key="auth-google", lang=lang | default(value='sk')), href="/api/oauth2/google", variant="outline-secondary", attrs='hx-boost="false"', extra="mt-4 w-full", icon='<svg class="size-4" viewBox="0 0 48 48" xmlns="http://www.w3.org/2000/svg" aria-hidden="true"><path fill="#FFC107" d="M43.611 20.083H42V20H24v8h11.303c-1.649 4.657-6.08 8-11.303 8-6.627 0-12-5.373-12-12s5.373-12 12-12c3.059 0 5.842 1.154 7.961 3.039l5.657-5.657C34.046 6.053 29.268 4 24 4 12.955 4 4 12.955 4 24s8.955 20 20 20 20-8.955 20-20c0-1.341-.138-2.65-.389-3.917z"/><path fill="#FF3D00" d="m6.306 14.691 6.571 4.819C14.655 15.108 18.961 12 24 12c3.059 0 5.842 1.154 7.961 3.039l5.657-5.657C34.046 6.053 29.268 4 24 4 16.318 4 9.656 8.337 6.306 14.691z"/><path fill="#4CAF50" d="M24 44c5.166 0 9.86-1.977 13.409-5.192l-6.19-5.238A11.91 11.91 0 0 1 24 36c-5.202 0-9.619-3.317-11.283-7.946l-6.522 5.025C9.505 39.556 16.227 44 24 44z"/><path fill="#1976D2" d="M43.611 20.083H42V20H24v8h11.303a12.04 12.04 0 0 1-4.087 5.571l.003-.002 6.19 5.238C36.971 39.205 44 34 44 24c0-1.341-.138-2.65-.389-3.917z"/></svg>') }}
<p class="mt-4 text-sm text-on-surface dark:text-on-surface-dark">
{{ t(key="login-no-account", lang=lang | default(value='sk')) }}
<a href="/register"

48
assets/views/auth/login_totp.html Normal file
View File

@@ -0,0 +1,48 @@
{% extends "base.html" %}
{% import "macros/ui.html" as ui %}
{% block title %}{{ t(key="login-totp-title", lang=lang | default(value='sk')) }}{% endblock title %}
{% block content %}
<div class="mx-auto mt-8 max-w-sm">
<div
class="rounded-radius border border-outline bg-surface-alt shadow-sm dark:border-outline-dark dark:bg-surface-dark-alt">
<div
class="flex items-center justify-between border-b border-outline px-5 py-3 dark:border-outline-dark">
<span class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">
{{ t(key="brand", lang=lang | default(value='sk')) }}
</span>
{{ ui::badge(label=t(key="auth", lang=lang | default(value='sk')), variant="primary") }}
</div>
<div class="p-5">
<h1 class="text-xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">
{{ t(key="login-totp-title", lang=lang | default(value='sk')) }}
</h1>
<p class="mt-2 text-sm text-on-surface dark:text-on-surface-dark">
{{ t(key="login-totp-intro", lang=lang | default(value='sk')) }}
</p>
{% if error %}
{{ ui::alert_danger(message=t(key="login-totp-error", lang=lang | default(value='sk')), extra="mt-3") }}
{% endif %}
<form method="post" action="/login/totp" hx-boost="false" class="mt-4 flex flex-col gap-4">
{{ ui::csrf_field() }}
<div class="flex flex-col gap-1">
<label for="code"
class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">
{{ t(key="login-totp-code", lang=lang | default(value='sk')) }}
</label>
{{ ui::input(name="code", id="code", type="text", required=true, autocomplete="one-time-code", attrs='inputmode="numeric" autofocus') }}
</div>
{{ ui::button(label=t(key="login-totp-submit", lang=lang | default(value='sk')), type="submit", extra="mt-1 w-full") }}
</form>
<p class="mt-4 text-xs text-on-surface dark:text-on-surface-dark">
{{ t(key="login-totp-backup-hint", lang=lang | default(value='sk')) }}
</p>
</div>
</div>
</div>
{% endblock content %}

52
assets/views/auth/register.html
View File

@@ -22,17 +22,30 @@
{% if error == "exists" %}
{{ ui::alert_danger(message=t(key="register-error-exists", lang=lang | default(value='sk')), extra="mt-3") }}
{% elif error == "mismatch" %}
{{ ui::alert_danger(message=t(key="set-password-mismatch", lang=lang | default(value='sk')), extra="mt-3") }}
{% elif error == "weak" %}
{{ ui::alert_danger(message=t(key="set-password-weak", lang=lang | default(value='sk')), extra="mt-3") }}
{% elif error %}
{{ ui::alert_danger(message=t(key="register-error-invalid", lang=lang | default(value='sk')), extra="mt-3") }}
{% endif %}
<form method="post" action="/register" hx-boost="false" class="mt-4 flex flex-col gap-4">
<div class="flex flex-col gap-1">
<label for="name"
class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">
{{ t(key="register-name", lang=lang | default(value='sk')) }}
</label>
{{ ui::input(name="name", id="name", required=true, autocomplete="name", attrs="autofocus") }}
<form method="post" action="/register" hx-boost="false" class="mt-4 flex flex-col gap-4"
x-data="{ password: '', confirm: '' }">
{{ ui::csrf_field() }}
<div class="flex flex-col gap-1.5">
<span class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-type", lang=lang | default(value='sk')) }}</span>
<div class="grid grid-cols-2 gap-2">
<label class="flex cursor-pointer items-center gap-2 rounded-radius border border-outline px-3 py-2 text-sm transition has-[:checked]:border-primary dark:border-outline-dark dark:has-[:checked]:border-primary-dark">
{{ ui::radio(name="account_type", value="personal", checked=true) }}
<span class="font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-personal", lang=lang | default(value='sk')) }}</span>
</label>
<label class="flex cursor-pointer items-center gap-2 rounded-radius border border-outline px-3 py-2 text-sm transition has-[:checked]:border-primary dark:border-outline-dark dark:has-[:checked]:border-primary-dark">
{{ ui::radio(name="account_type", value="company") }}
<span class="font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-company", lang=lang | default(value='sk')) }}</span>
</label>
</div>
<span class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="account-type-locked", lang=lang | default(value='sk')) }}</span>
</div>
<div class="flex flex-col gap-1">
@@ -40,7 +53,7 @@
class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">
{{ t(key="login-email", lang=lang | default(value='sk')) }}
</label>
{{ ui::input(name="email", id="email", type="email", required=true, autocomplete="email") }}
{{ ui::input(name="email", id="email", type="email", required=true, autocomplete="email", attrs="autofocus") }}
</div>
<div class="flex flex-col gap-1">
@@ -48,12 +61,31 @@
class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">
{{ t(key="login-password", lang=lang | default(value='sk')) }}
</label>
{{ ui::input(name="password", id="password", type="password", required=true, autocomplete="new-password") }}
{{ ui::input(name="password", id="password", type="password", required=true, autocomplete="new-password", attrs='x-model="password"') }}
</div>
{{ ui::button(label=t(key="register-submit", lang=lang | default(value='sk')), type="submit", extra="mt-1 w-full") }}
<div class="flex flex-col gap-1">
<label for="password_confirm"
class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">
{{ t(key="set-password-confirm", lang=lang | default(value='sk')) }}
</label>
{{ ui::input(name="password_confirm", id="password_confirm", type="password", required=true, autocomplete="new-password", attrs='x-model="confirm"') }}
<span x-cloak x-show="confirm.length > 0 && password !== confirm"
class="text-xs text-danger dark:text-danger">
{{ t(key="set-password-mismatch", lang=lang | default(value='sk')) }}
</span>
</div>
{{ ui::button(label=t(key="register-submit", lang=lang | default(value='sk')), type="submit", extra="mt-1 w-full", attrs=':disabled="password !== confirm"') }}
</form>
<div class="mt-5 flex items-center gap-3 text-xs text-on-surface/50 dark:text-on-surface-dark/50">
<span class="h-px flex-1 bg-outline dark:bg-outline-dark"></span>
{{ t(key="auth-or", lang=lang | default(value='sk')) }}
<span class="h-px flex-1 bg-outline dark:bg-outline-dark"></span>
</div>
{{ ui::button(label=t(key="auth-google", lang=lang | default(value='sk')), href="/api/oauth2/google", variant="outline-secondary", attrs='hx-boost="false"', extra="mt-4 w-full", icon='<svg class="size-4" viewBox="0 0 48 48" xmlns="http://www.w3.org/2000/svg" aria-hidden="true"><path fill="#FFC107" d="M43.611 20.083H42V20H24v8h11.303c-1.649 4.657-6.08 8-11.303 8-6.627 0-12-5.373-12-12s5.373-12 12-12c3.059 0 5.842 1.154 7.961 3.039l5.657-5.657C34.046 6.053 29.268 4 24 4 12.955 4 4 12.955 4 24s8.955 20 20 20 20-8.955 20-20c0-1.341-.138-2.65-.389-3.917z"/><path fill="#FF3D00" d="m6.306 14.691 6.571 4.819C14.655 15.108 18.961 12 24 12c3.059 0 5.842 1.154 7.961 3.039l5.657-5.657C34.046 6.053 29.268 4 24 4 16.318 4 9.656 8.337 6.306 14.691z"/><path fill="#4CAF50" d="M24 44c5.166 0 9.86-1.977 13.409-5.192l-6.19-5.238A11.91 11.91 0 0 1 24 36c-5.202 0-9.619-3.317-11.283-7.946l-6.522 5.025C9.505 39.556 16.227 44 24 44z"/><path fill="#1976D2" d="M43.611 20.083H42V20H24v8h11.303a12.04 12.04 0 0 1-4.087 5.571l.003-.002 6.19 5.238C36.971 39.205 44 34 44 24c0-1.341-.138-2.65-.389-3.917z"/></svg>') }}
<p class="mt-4 text-sm text-on-surface dark:text-on-surface-dark">
{{ t(key="login-have-account", lang=lang | default(value='sk')) }}
<a href="/login"

38
assets/views/auth/resend_verification.html Normal file
View File

@@ -0,0 +1,38 @@
{% extends "base.html" %}
{% import "macros/ui.html" as ui %}
{% block title %}{{ t(key="resend-verification-title", lang=lang | default(value='sk')) }}{% endblock title %}
{% block content %}
<div class="mx-auto mt-8 max-w-sm">
<div class="rounded-radius border border-outline bg-surface-alt shadow-sm dark:border-outline-dark dark:bg-surface-dark-alt">
<div class="flex items-center justify-between border-b border-outline px-5 py-3 dark:border-outline-dark">
<span class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="brand", lang=lang | default(value='sk')) }}</span>
{{ ui::badge(label=t(key="auth", lang=lang | default(value='sk')), variant="primary") }}
</div>
<div class="p-5">
<h1 class="text-xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="resend-verification-title", lang=lang | default(value='sk')) }}</h1>
{% if done %}
<div class="mt-3 rounded-radius border border-success bg-success/10 px-4 py-3 text-sm text-success" role="status">
{{ t(key="resend-verification-done", lang=lang | default(value='sk')) }}
</div>
<p class="mt-4 text-sm text-on-surface dark:text-on-surface-dark">
<a href="/login" class="font-medium text-primary underline-offset-2 hover:underline dark:text-primary-dark">{{ t(key="nav-login", lang=lang | default(value='sk')) }}</a>
</p>
{% else %}
<p class="mt-1 text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="resend-verification-intro", lang=lang | default(value='sk')) }}</p>
<form method="post" action="/resend-verification" hx-boost="false" class="mt-4 flex flex-col gap-4">
{{ ui::csrf_field() }}
<div class="flex flex-col gap-1">
<label for="email" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="login-email", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="email", id="email", type="email", required=true, autocomplete="email", attrs="autofocus") }}
</div>
{{ ui::button(label=t(key="resend-verification-submit", lang=lang | default(value='sk')), type="submit", extra="mt-1 w-full") }}
</form>
{% endif %}
</div>
</div>
</div>
{% endblock content %}

48
assets/views/auth/set_password.html Normal file
View File

@@ -0,0 +1,48 @@
{% extends "base.html" %}
{% import "macros/ui.html" as ui %}
{% block title %}{{ t(key="set-password-title", lang=lang | default(value='sk')) }}{% endblock title %}
{% block content %}
<div class="mx-auto mt-8 max-w-sm">
<div class="rounded-radius border border-outline bg-surface-alt shadow-sm dark:border-outline-dark dark:bg-surface-dark-alt">
<div class="flex items-center justify-between border-b border-outline px-5 py-3 dark:border-outline-dark">
<span class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="brand", lang=lang | default(value='sk')) }}</span>
{{ ui::badge(label=t(key="auth", lang=lang | default(value='sk')), variant="primary") }}
</div>
<div class="p-5">
<h1 class="text-xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="set-password-title", lang=lang | default(value='sk')) }}</h1>
{% if not valid %}
{{ ui::alert_danger(message=t(key="set-password-invalid", lang=lang | default(value='sk')), extra="mt-3") }}
<p class="mt-4 text-sm text-on-surface dark:text-on-surface-dark">
<a href="/login" class="font-medium text-primary underline-offset-2 hover:underline dark:text-primary-dark">{{ t(key="nav-login", lang=lang | default(value='sk')) }}</a>
</p>
{% else %}
<p class="mt-1 text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="set-password-intro", lang=lang | default(value='sk')) }}</p>
{% if error == "mismatch" %}
{{ ui::alert_danger(message=t(key="set-password-mismatch", lang=lang | default(value='sk')), extra="mt-3") }}
{% elif error == "weak" %}
{{ ui::alert_danger(message=t(key="set-password-weak", lang=lang | default(value='sk')), extra="mt-3") }}
{% endif %}
<form method="post" action="/set-password" hx-boost="false" class="mt-4 flex flex-col gap-4">
{{ ui::csrf_field() }}
<input type="hidden" name="token" value="{{ token }}">
<div class="flex flex-col gap-1">
<label for="password" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="set-password-new", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="password", id="password", type="password", required=true, autocomplete="new-password", attrs="autofocus") }}
</div>
<div class="flex flex-col gap-1">
<label for="password_confirm" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="set-password-confirm", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="password_confirm", id="password_confirm", type="password", required=true, autocomplete="new-password") }}
</div>
{{ ui::button(label=t(key="set-password-submit", lang=lang | default(value='sk')), type="submit", extra="mt-1 w-full") }}
</form>
{% endif %}
</div>
</div>
</div>
{% endblock content %}

95
assets/views/base.html
View File

@@ -48,6 +48,12 @@
if (!v) return 0;
return v.split(',').reduce(function (s, e) { return s + (parseInt(e.split(':')[1]) || 0) }, 0);
}
// True while any other navbar menu (profile / settings / mobile / category
// toggle) is open — those triggers expose aria-expanded="true". Used to
// suppress the cart hover preview so menus don't stack/overlap.
function anyMenuOpen() {
return !!document.querySelector('header [aria-expanded="true"]');
}
// Show a floating toast notification. Usage: toast('Saved').
// Bridges to the vendored Penguin UI toast component, which listens for a
// `notify` event with { variant, title, message }.
@@ -57,9 +63,13 @@
</script>
<link href="/static/css/app.css?v=2026-06-16" rel="stylesheet" type="text/css">
<script src="/static/vendor/htmx/htmx-1.9.12.min.js"></script>
<!-- Alpine Focus plugin (x-trap / $focus) — must load before Alpine core;
required by the Penguin UI keyboard-accessible dropdowns. -->
<script defer src="/static/vendor/alpine/alpine-focus-3.14.9.min.js"></script>
<script defer src="/static/vendor/alpine/alpinejs-3.14.9.min.js"></script>
</head>
<body hx-boost="true"
hx-headers='{"X-CSRF-Token": "{{ csrf_token() }}"}'
x-data="{ cats: false, lg: window.matchMedia('(min-width: 1024px)').matches }"
x-init="window.matchMedia('(min-width: 1024px)').addEventListener('change', e => lg = e.matches)"
class="min-h-screen bg-surface text-on-surface antialiased dark:bg-surface-dark dark:text-on-surface-dark">
@@ -82,9 +92,12 @@
<li>{{ ui::nav_link(label=t(key="admin-title", lang=lang | default(value='sk')), href="/admin/dashboard", data_nav="/admin", variant="warning", attrs='hx-boost="false"') }}</li>
<li>
<form method="post" action="/logout" hx-boost="false">
{{ ui::csrf_field() }}
<button type="submit" class="text-sm font-medium text-danger underline-offset-2 transition hover:opacity-75 focus:outline-hidden focus-visible:underline">{{ t(key="logout", lang=lang | default(value='sk')) }}</button>
</form>
</li>
{% elif logged_in_customer %}
{# customer account links live in the profile dropdown next to the cart #}
{% else %}
<li>{{ ui::nav_link(label=t(key="nav-login", lang=lang | default(value='sk')), href="/login", data_nav="/login") }}</li>
<li>{{ ui::nav_link(label=t(key="nav-register", lang=lang | default(value='sk')), href="/register", data_nav="/register") }}</li>
@@ -92,23 +105,47 @@
</ul>
<!-- right side: cart + settings + mobile toggle -->
<div class="ml-auto flex items-center gap-1">
<!-- cart with live item-count badge read from the `cart` cookie -->
<a href="/cart" data-nav="/cart"
x-data="{ count: 0 }"
x-init="count = cartCount(); ['htmx:afterSwap', 'htmx:afterRequest'].forEach(function (e) { window.addEventListener(e, function () { count = cartCount() }) })"
aria-label="{{ t(key='cart-title', lang=lang | default(value='sk')) }}"
title="{{ t(key='cart-title', lang=lang | default(value='sk')) }}"
class="relative inline-flex size-9 shrink-0 items-center justify-center rounded-radius bg-transparent text-secondary transition hover:opacity-75 focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-secondary active:opacity-100 active:outline-offset-0 dark:text-secondary-dark dark:focus-visible:outline-secondary-dark">
{{ ui::icon(name="cart") }}
<span x-show="count > 0" x-cloak x-text="count"
class="absolute -right-1 -top-1 inline-flex min-w-4 items-center justify-center rounded-full bg-primary px-1 text-[10px] font-semibold leading-4 text-on-primary dark:bg-primary-dark dark:text-on-primary-dark"></span>
</a>
<!-- settings (language + theme) dropdown -->
<div x-data="{ open: false }" @keydown.escape="open = false" class="relative">
{% include "partials/settings_dropdown.html" %}
<div class="ml-auto flex items-center gap-3">
<!-- customer profile dropdown (avatar + name + account type) -->
{% if logged_in_customer %}
{% include "partials/profile_menu.html" %}
{% endif %}
<!-- cart: hover opens an Alza-style mini-cart preview (Penguin
dropdown-with-hover), lazy-loaded from /partials/cart on each hover
so it's always fresh. Click still does a full navigation to /cart
(hx-boost=false; the explicit hx-trigger is mouseenter, so click is
not an htmx trigger). The badge reads the `cart` cookie client-side. -->
<div x-data="{ isOpen: false, leaveTimeout: null }"
x-on:mouseleave="leaveTimeout = setTimeout(() => isOpen = false, 250)"
x-on:mouseenter="leaveTimeout && clearTimeout(leaveTimeout)"
x-on:keydown.esc.window="isOpen = false"
class="relative">
<a href="/cart" data-nav="/cart" hx-boost="false"
x-on:mouseenter="if (!anyMenuOpen()) isOpen = true"
x-data="{ count: 0 }"
x-init="count = cartCount(); ['htmx:afterSwap', 'htmx:afterRequest'].forEach(function (e) { window.addEventListener(e, function () { count = cartCount() }) })"
hx-get="/partials/cart" hx-trigger="mouseenter delay:150ms" hx-target="#cart-preview-body" hx-swap="innerHTML"
aria-label="{{ t(key='cart-title', lang=lang | default(value='sk')) }}"
title="{{ t(key='cart-title', lang=lang | default(value='sk')) }}"
class="relative inline-flex size-9 shrink-0 items-center justify-center rounded-radius bg-transparent text-secondary transition hover:opacity-75 focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-secondary active:opacity-100 active:outline-offset-0 dark:text-secondary-dark dark:focus-visible:outline-secondary-dark">
{{ ui::icon(name="cart") }}
<span x-show="count > 0" x-cloak x-text="count"
class="absolute -right-1 -top-1 inline-flex min-w-4 items-center justify-center rounded-full bg-primary px-1 text-[10px] font-semibold leading-4 text-on-primary dark:bg-primary-dark dark:text-on-primary-dark"></span>
</a>
<!-- hover preview panel (no id on the panel → not htmx-settled on boosted nav) -->
<div x-cloak x-show="isOpen" x-transition
x-on:mouseenter="isOpen = true"
class="absolute right-0 mt-2 w-80 overflow-hidden rounded-radius border border-outline bg-surface-alt shadow-lg dark:border-outline-dark dark:bg-surface-dark-alt"
role="dialog" aria-label="{{ t(key='cart-title', lang=lang | default(value='sk')) }}">
<div id="cart-preview-body">
<div class="px-4 py-10 text-center text-sm text-on-surface dark:text-on-surface-dark"></div>
</div>
</div>
</div>
<!-- settings (language + theme) dropdown (self-contained Alpine state) -->
{% include "partials/settings_dropdown.html" %}
<!-- mobile hamburger — Penguin animated icon swap (bars ↔ X), kept in
our ghost-square icon-button shell for consistency with cart/gear -->
<button type="button" @click="mobile = !mobile" :aria-expanded="mobile" aria-label="{{ t(key='menu', lang=lang | default(value='sk')) }}"
@@ -128,6 +165,15 @@
<li><a href="/admin/dashboard" hx-boost="false" data-nav="/admin" class="block rounded-radius px-3 py-2 text-sm font-medium text-warning underline-offset-2 transition hover:bg-primary/5 focus:outline-hidden focus-visible:underline">{{ t(key="admin-title", lang=lang | default(value='sk')) }}</a></li>
<li>
<form method="post" action="/logout" hx-boost="false">
{{ ui::csrf_field() }}
<button type="submit" class="block w-full rounded-radius px-3 py-2 text-left text-sm font-medium text-danger underline-offset-2 transition hover:bg-primary/5 focus:outline-hidden focus-visible:underline">{{ t(key="logout", lang=lang | default(value='sk')) }}</button>
</form>
</li>
{% elif logged_in_customer %}
<li><a href="/account/profile" data-nav="/account" class="block rounded-radius px-3 py-2 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-primary focus:outline-hidden focus-visible:underline aria-[current=page]:font-semibold aria-[current=page]:bg-primary/10 aria-[current=page]:text-primary dark:text-on-surface-dark dark:hover:text-primary-dark dark:aria-[current=page]:text-primary-dark">{{ t(key="nav-profile", lang=lang | default(value='sk')) }}</a></li>
<li>
<form method="post" action="/logout" hx-boost="false">
{{ ui::csrf_field() }}
<button type="submit" class="block w-full rounded-radius px-3 py-2 text-left text-sm font-medium text-danger underline-offset-2 transition hover:bg-primary/5 focus:outline-hidden focus-visible:underline">{{ t(key="logout", lang=lang | default(value='sk')) }}</button>
</form>
</li>
@@ -144,6 +190,24 @@
class="fixed inset-0 z-30 bg-black/50 lg:hidden"></div>
<div class="mx-auto flex w-full max-w-7xl gap-8 px-4 py-8">
{% if account_nav %}
<!-- account-area sidebar: replaces the storefront categories while the
customer is inside /account/*. -->
<aside x-cloak x-show="cats || lg" aria-label="{{ t(key='nav-account', lang=lang | default(value='sk')) }}"
class="fixed inset-y-0 left-0 z-40 w-64 overflow-y-auto border-r border-outline bg-surface-alt p-4 lg:static lg:z-auto lg:w-64 lg:shrink-0 lg:self-start lg:overflow-visible lg:rounded-radius lg:border lg:p-3 dark:border-outline-dark dark:bg-surface-dark-alt">
<h2 class="px-3 pb-2 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="nav-account", lang=lang | default(value='sk')) }}</h2>
<ul class="space-y-1">
<li><a href="/account/orders" data-nav="/account/orders" class="block rounded-radius px-3 py-2 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-primary focus:outline-hidden focus-visible:underline aria-[current=page]:font-semibold aria-[current=page]:bg-primary/10 aria-[current=page]:text-primary dark:text-on-surface-dark dark:hover:text-primary-dark dark:aria-[current=page]:text-primary-dark">{{ t(key="account-orders", lang=lang | default(value='sk')) }}</a></li>
<li><a href="/account/profile" data-nav="/account/profile" class="block rounded-radius px-3 py-2 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-primary focus:outline-hidden focus-visible:underline aria-[current=page]:font-semibold aria-[current=page]:bg-primary/10 aria-[current=page]:text-primary dark:text-on-surface-dark dark:hover:text-primary-dark dark:aria-[current=page]:text-primary-dark">{{ t(key="profile-title", lang=lang | default(value='sk')) }}</a></li>
<li><a href="/account/password" data-nav="/account/password" class="block rounded-radius px-3 py-2 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-primary focus:outline-hidden focus-visible:underline aria-[current=page]:font-semibold aria-[current=page]:bg-primary/10 aria-[current=page]:text-primary dark:text-on-surface-dark dark:hover:text-primary-dark dark:aria-[current=page]:text-primary-dark">{{ t(key="account-change-password", lang=lang | default(value='sk')) }}</a></li>
<li><a href="/account/security" data-nav="/account/security" class="block rounded-radius px-3 py-2 text-sm font-medium text-on-surface underline-offset-2 transition hover:bg-primary/5 hover:text-primary focus:outline-hidden focus-visible:underline aria-[current=page]:font-semibold aria-[current=page]:bg-primary/10 aria-[current=page]:text-primary dark:text-on-surface-dark dark:hover:text-primary-dark dark:aria-[current=page]:text-primary-dark">{{ t(key="security-title", lang=lang | default(value='sk')) }}</a></li>
</ul>
<form method="post" action="/logout" hx-boost="false" class="mt-4 border-t border-outline pt-3 dark:border-outline-dark">
{{ ui::csrf_field() }}
<button type="submit" class="block w-full rounded-radius px-3 py-2 text-left text-sm font-medium text-danger underline-offset-2 transition hover:bg-primary/5 focus:outline-hidden focus-visible:underline">{{ t(key="logout", lang=lang | default(value='sk')) }}</button>
</form>
</aside>
{% else %}
<!-- persistent category sidebar (off-canvas drawer on mobile).
hx-preserve keeps this node across boosted page swaps, so it is
fetched once (hx-trigger=load) and never reloaded on navigation. -->
@@ -152,6 +216,7 @@
hx-get="/partials/categories" hx-trigger="load"
class="fixed inset-y-0 left-0 z-40 w-64 overflow-y-auto border-r border-outline bg-surface-alt p-4 lg:static lg:z-auto lg:w-64 lg:shrink-0 lg:self-start lg:overflow-visible lg:rounded-radius lg:border lg:p-3 dark:border-outline-dark dark:bg-surface-dark-alt">
</aside>
{% endif %}
<main class="min-w-0 flex-1">
{% block content %}{% endblock content %}

31
assets/views/macros/ui.html
View File

@@ -29,6 +29,13 @@
outline : outline-primary | outline-secondary | outline-alternate | outline-danger
ghost : ghost-primary | ghost-secondary | ghost-danger #}
{# CSRF hidden field for native (non-htmx) <form method="post"> submits. htmx
requests instead inherit the X-CSRF-Token header from <body hx-headers>.
`csrf_token()` is a global Tera function bound per-request by shared::csrf. #}
{% macro csrf_field() -%}
<input type="hidden" name="_csrf" value="{{ csrf_token() }}">
{%- endmacro %}
{% macro button(label, variant="primary", type="button", href="", attrs="", extra="", icon="", size="px-4 py-2 text-sm") -%}
{%- if variant == "secondary" -%}{% set cls = "border border-secondary bg-secondary text-on-secondary focus-visible:outline-secondary dark:border-secondary-dark dark:bg-secondary-dark dark:text-on-secondary-dark dark:focus-visible:outline-secondary-dark" -%}
{%- elif variant == "danger" -%}{% set cls = "border border-danger bg-danger text-on-danger focus-visible:outline-danger dark:bg-danger dark:border-danger dark:text-on-danger dark:focus-visible:outline-danger" -%}
@@ -74,6 +81,8 @@
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="{{ size }}{% if extra %} {{ extra }}{% endif %}" aria-hidden="true" {{ attrs | safe }}><path stroke-linecap="round" stroke-linejoin="round" d="M2.25 3h1.386c.51 0 .955.343 1.087.835l.383 1.437M7.5 14.25a3 3 0 0 0-3 3h15.75m-12.75-3h11.218c1.121-2.3 2.1-4.684 2.924-7.138a60.114 60.114 0 0 0-16.536-1.84M7.5 14.25 5.106 5.272M6 20.25a.75.75 0 1 1-1.5 0 .75.75 0 0 1 1.5 0Zm12.75 0a.75.75 0 1 1-1.5 0 .75.75 0 0 1 1.5 0Z" /></svg>
{%- elif name == "close" -%}
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="{{ size }}{% if extra %} {{ extra }}{% endif %}" aria-hidden="true" {{ attrs | safe }}><path stroke-linecap="round" stroke-linejoin="round" d="M6 18 18 6M6 6l12 12" /></svg>
{%- elif name == "chevron-double-left" -%}
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="{{ size }}{% if extra %} {{ extra }}{% endif %}" aria-hidden="true" {{ attrs | safe }}><path stroke-linecap="round" stroke-linejoin="round" d="m18.75 4.5-7.5 7.5 7.5 7.5m-6-15L5.25 12l7.5 7.5" /></svg>
{%- else -%}
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="{{ size }}{% if extra %} {{ extra }}{% endif %}" aria-hidden="true" {{ attrs | safe }}><path stroke-linecap="round" stroke-linejoin="round" d="M3.75 6.75h16.5M3.75 12h16.5m-16.5 5.25h16.5" /></svg>
{%- endif -%}
@@ -82,6 +91,11 @@
{# Compact danger alert (form/inline errors). Adapted from
penguinui/alert/default-alert.html (danger variant), trimmed to a single line
with the danger icon. #}
{# Required-field marker: a red asterisk appended to a field label. #}
{% macro req() -%}
<span class="ml-0.5 text-danger" aria-hidden="true">*</span>
{%- endmacro req %}
{% macro alert_danger(message, extra="") -%}
<div class="flex w-full items-center gap-2 overflow-hidden rounded-radius border border-danger bg-danger/10 px-3 py-2 text-sm text-danger {{ extra }}" role="alert">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20" fill="currentColor" class="size-5 shrink-0" aria-hidden="true">
@@ -108,6 +122,21 @@
{%- endif %}
{%- endmacro badge %}
{# Effective-price cell content for the admin products table. The value is
colored only when it differs from the regular price (effective_reduced);
when equal it renders in the plain text color, unified with the Price column.
`preview=true` uses the info color (an unsaved profile-toggle preview) instead
of the saved primary color. No t() calls, so it is safe inside a macro. #}
{% macro eff_price(p, preview=false) -%}
{%- if preview -%}{% set strong = "text-info" %}{%- else -%}{% set strong = "text-primary dark:text-primary-dark" %}{%- endif -%}
{% if p.effective_reduced %}
<span class="font-medium {{ strong }}">{{ p.effective_price }} {{ p.currency }}</span>
<span class="ml-1 text-xs text-on-surface/60 dark:text-on-surface-dark/60">({{ p.effective_percent_off }}%)</span>
{% else %}
{{ p.effective_price }} {{ p.currency }}
{% endif %}
{%- endmacro eff_price %}
{# ---- Form controls. Verbatim Penguin classes from
penguinui/{text-input,text-area,select,checkbox,file-input}/default-*.html.
These macros emit only the control (callers keep their own <label>/layout), so
@@ -115,7 +144,7 @@
{# Text/email/number/password input. #}
{% macro input(name, type="text", id="", value="", placeholder="", required=false, autocomplete="", attrs="", extra="", width="w-full") -%}
<input {% if id %}id="{{ id }}" {% endif %}name="{{ name }}" type="{{ type }}"{% if value != "" %} value="{{ value }}"{% endif %}{% if placeholder %} placeholder="{{ placeholder }}"{% endif %}{% if required %} required{% endif %}{% if autocomplete %} autocomplete="{{ autocomplete }}"{% endif %} class="{{ width }} rounded-radius border border-outline bg-surface-alt px-2 py-2 text-sm text-on-surface focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-primary disabled:cursor-not-allowed disabled:opacity-75 dark:border-outline-dark dark:bg-surface-dark-alt/50 dark:text-on-surface-dark dark:focus-visible:outline-primary-dark {{ extra }}" {{ attrs | safe }}/>
<input {% if id %}id="{{ id }}" {% endif %}name="{{ name }}" type="{{ type }}"{% if value is number or value != "" %} value="{{ value }}"{% endif %}{% if placeholder %} placeholder="{{ placeholder }}"{% endif %}{% if required %} required{% endif %}{% if autocomplete %} autocomplete="{{ autocomplete }}"{% endif %} class="{{ width }} rounded-radius border border-outline bg-surface-alt px-2 py-2 text-sm text-on-surface focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-primary disabled:cursor-not-allowed disabled:opacity-75 dark:border-outline-dark dark:bg-surface-dark-alt/50 dark:text-on-surface-dark dark:focus-visible:outline-primary-dark {{ extra }}" {{ attrs | safe }}/>
{%- endmacro input %}
{% macro textarea(name, id="", value="", rows="3", placeholder="", required=false, attrs="", extra="") -%}

78
assets/views/partials/profile_menu.html Normal file
View File

@@ -0,0 +1,78 @@
{# Customer profile dropdown in the storefront navbar.
Proper Penguin UI dropdown: behaviour is the vendored
dropdowns/dropdown-with-icons.html verbatim (isOpen / openedWithKeyboard,
x-trap + $focus keyboard nav, x-cloak x-show, @click.outside). Trigger is the
round initials avatar (avatar-with-initials.html, primary variant). Menu items
are our account links.
Needs the Alpine Focus plugin (loaded before Alpine core in base.html) for
x-trap / $focus. Self-contained Alpine state; the host only needs to place it
in the navbar flex row. The panel has NO id on purpose — an id would make htmx
hx-boost "settle" it across boosted navigations and reappear; id-less Penguin
dropdowns are unaffected. #}
{# initials from the full name, e.g. "Filip Priec" -> "FP" #}
{% set _name = customer_name | default(value='') | trim %}
{% set _parts = _name | split(pat=' ') %}
{% set _initials = _parts.0 | truncate(length=1, end='') | upper %}
{% if _parts | length > 1 %}{% set _second = _parts | last | truncate(length=1, end='') | upper %}{% set _initials = _initials ~ _second %}{% endif %}
{% if customer_account_type == "company" %}{% set _type_label = t(key="account-company", lang=lang | default(value='sk')) %}{% else %}{% set _type_label = t(key="account-personal", lang=lang | default(value='sk')) %}{% endif %}
{% set _person_icon = '<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" aria-hidden="true" fill="currentColor" class="size-5"><path fill-rule="evenodd" d="M7.5 6a4.5 4.5 0 119 0 4.5 4.5 0 01-9 0zM3.751 20.105a8.25 8.25 0 0116.498 0 .75.75 0 01-.437.695A18.683 18.683 0 0112 22.5c-2.786 0-5.433-.608-7.812-1.7a.75.75 0 01-.437-.695z" clip-rule="evenodd"/></svg>' %}
<div x-data="{ isOpen: false, openedWithKeyboard: false }"
x-on:keydown.esc.window="isOpen = false, openedWithKeyboard = false"
class="relative">
<!-- Toggle Button: round initials avatar -->
<button type="button" x-on:click="isOpen = ! isOpen"
x-on:keydown.space.prevent="openedWithKeyboard = true" x-on:keydown.enter.prevent="openedWithKeyboard = true" x-on:keydown.down.prevent="openedWithKeyboard = true"
x-bind:aria-expanded="isOpen || openedWithKeyboard" aria-haspopup="true"
aria-label="{{ t(key='nav-account', lang=lang | default(value='sk')) }}"
class="flex size-9 shrink-0 items-center justify-center overflow-hidden rounded-full border border-primary bg-primary text-sm font-bold tracking-wider text-on-primary/90 transition hover:opacity-90 focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-primary dark:border-primary-dark dark:bg-primary-dark dark:text-on-primary-dark/90 dark:focus-visible:outline-primary-dark">
{%- if _initials %}{{ _initials }}{% else %}{{ _person_icon | safe }}{% endif -%}
</button>
<!-- Dropdown Menu (positioned like the settings cog: right-0 mt-2) -->
<div x-cloak x-show="isOpen || openedWithKeyboard" x-transition x-trap="openedWithKeyboard"
x-on:click.outside="isOpen = false, openedWithKeyboard = false"
x-on:keydown.down.prevent="$focus.wrap().next()" x-on:keydown.up.prevent="$focus.wrap().previous()"
class="absolute right-0 mt-2 flex w-60 min-w-48 flex-col divide-y divide-outline overflow-hidden rounded-radius border border-outline bg-surface-alt shadow-lg dark:divide-outline-dark dark:border-outline-dark dark:bg-surface-dark-alt" role="menu">
<!-- header: avatar + name + account type -->
<div class="flex items-center gap-3 px-4 py-2.5">
<span class="flex size-11 shrink-0 items-center justify-center overflow-hidden rounded-full border border-primary bg-primary text-base font-bold tracking-wider text-on-primary/90 dark:border-primary-dark dark:bg-primary-dark dark:text-on-primary-dark/90">
{%- if _initials %}{{ _initials }}{% else %}{{ _person_icon | safe }}{% endif -%}
</span>
<div class="flex min-w-0 flex-col">
<span class="truncate text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ _name }}</span>
<p class="truncate text-xs text-on-surface dark:text-on-surface-dark">{{ _type_label }}</p>
</div>
</div>
<!-- account links (with icons) -->
<div class="flex flex-col py-1.5">
<a href="/account/orders" data-nav="/account/orders" role="menuitem" class="flex items-center gap-2 bg-surface-alt px-4 py-2 text-sm text-on-surface hover:bg-surface-dark-alt/5 hover:text-on-surface-strong focus-visible:bg-surface-dark-alt/10 focus-visible:text-on-surface-strong focus-visible:outline-hidden dark:bg-surface-dark-alt dark:text-on-surface-dark dark:hover:bg-surface-alt/5 dark:hover:text-on-surface-dark-strong dark:focus-visible:bg-surface-alt/10 dark:focus-visible:text-on-surface-dark-strong">
{{ ui::icon(name="cart", size="size-4", extra="shrink-0") }}
{{ t(key="account-orders", lang=lang | default(value='sk')) }}
</a>
<a href="/account/profile" data-nav="/account/profile" role="menuitem" class="flex items-center gap-2 bg-surface-alt px-4 py-2 text-sm text-on-surface hover:bg-surface-dark-alt/5 hover:text-on-surface-strong focus-visible:bg-surface-dark-alt/10 focus-visible:text-on-surface-strong focus-visible:outline-hidden dark:bg-surface-dark-alt dark:text-on-surface-dark dark:hover:bg-surface-alt/5 dark:hover:text-on-surface-dark-strong dark:focus-visible:bg-surface-alt/10 dark:focus-visible:text-on-surface-dark-strong">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" aria-hidden="true" fill="currentColor" class="size-4 shrink-0"><path fill-rule="evenodd" d="M7.5 6a4.5 4.5 0 119 0 4.5 4.5 0 01-9 0zM3.751 20.105a8.25 8.25 0 0116.498 0 .75.75 0 01-.437.695A18.683 18.683 0 0112 22.5c-2.786 0-5.433-.608-7.812-1.7a.75.75 0 01-.437-.695z" clip-rule="evenodd"/></svg>
{{ t(key="profile-title", lang=lang | default(value='sk')) }}
</a>
<a href="/account/password" data-nav="/account/password" role="menuitem" class="flex items-center gap-2 bg-surface-alt px-4 py-2 text-sm text-on-surface hover:bg-surface-dark-alt/5 hover:text-on-surface-strong focus-visible:bg-surface-dark-alt/10 focus-visible:text-on-surface-strong focus-visible:outline-hidden dark:bg-surface-dark-alt dark:text-on-surface-dark dark:hover:bg-surface-alt/5 dark:hover:text-on-surface-dark-strong dark:focus-visible:bg-surface-alt/10 dark:focus-visible:text-on-surface-dark-strong">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" aria-hidden="true" fill="currentColor" class="size-4 shrink-0"><path fill-rule="evenodd" d="M15.75 1.5a6.75 6.75 0 00-6.651 7.906c.067.39-.032.717-.221.906l-6.5 6.499a3 3 0 00-.878 2.121v2.818c0 .414.336.75.75.75H6a.75.75 0 00.75-.75v-1.5h1.5A.75.75 0 009 21v-1.5h1.5a.75.75 0 00.53-.22l2.658-2.658c.19-.189.517-.288.906-.22A6.75 6.75 0 1015.75 1.5zm0 3a.75.75 0 000 1.5A2.25 2.25 0 0118 8.25a.75.75 0 001.5 0 3.75 3.75 0 00-3.75-3.75z" clip-rule="evenodd"/></svg>
{{ t(key="account-change-password", lang=lang | default(value='sk')) }}
</a>
<a href="/account/security" data-nav="/account/security" role="menuitem" class="flex items-center gap-2 bg-surface-alt px-4 py-2 text-sm text-on-surface hover:bg-surface-dark-alt/5 hover:text-on-surface-strong focus-visible:bg-surface-dark-alt/10 focus-visible:text-on-surface-strong focus-visible:outline-hidden dark:bg-surface-dark-alt dark:text-on-surface-dark dark:hover:bg-surface-alt/5 dark:hover:text-on-surface-dark-strong dark:focus-visible:bg-surface-alt/10 dark:focus-visible:text-on-surface-dark-strong">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" aria-hidden="true" fill="currentColor" class="size-4 shrink-0"><path fill-rule="evenodd" d="M12 1.5a5.25 5.25 0 00-5.25 5.25v3a3 3 0 00-3 3v6.75a3 3 0 003 3h10.5a3 3 0 003-3v-6.75a3 3 0 00-3-3v-3c0-2.9-2.35-5.25-5.25-5.25zm3.75 8.25v-3a3.75 3.75 0 10-7.5 0v3h7.5z" clip-rule="evenodd"/></svg>
{{ t(key="security-title", lang=lang | default(value='sk')) }}
</a>
</div>
<!-- logout -->
<div class="flex flex-col py-1.5">
<form method="post" action="/logout" hx-boost="false">
<input type="hidden" name="_csrf" value="{{ csrf_token() }}"><button type="submit" role="menuitem" class="flex w-full items-center gap-2 bg-surface-alt px-4 py-2 text-left text-sm text-on-surface hover:bg-surface-dark-alt/5 hover:text-on-surface-strong focus-visible:bg-surface-dark-alt/10 focus-visible:text-on-surface-strong focus-visible:outline-hidden dark:bg-surface-dark-alt dark:text-on-surface-dark dark:hover:bg-surface-alt/5 dark:hover:text-on-surface-dark-strong dark:focus-visible:bg-surface-alt/10 dark:focus-visible:text-on-surface-dark-strong">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" aria-hidden="true" fill="currentColor" class="size-4 shrink-0"><path fill-rule="evenodd" d="M7.5 3.75A1.5 1.5 0 006 5.25v13.5a1.5 1.5 0 001.5 1.5h6a1.5 1.5 0 001.5-1.5V15a.75.75 0 011.5 0v3.75a3 3 0 01-3 3h-6a3 3 0 01-3-3V5.25a3 3 0 013-3h6a3 3 0 013 3V9A.75.75 0 0115 9V5.25a1.5 1.5 0 00-1.5-1.5h-6zm10.72 4.72a.75.75 0 011.06 0l3 3a.75.75 0 010 1.06l-3 3a.75.75 0 11-1.06-1.06l1.72-1.72H9a.75.75 0 010-1.5h10.94l-1.72-1.72a.75.75 0 010-1.06z" clip-rule="evenodd"/></svg>
{{ t(key="logout", lang=lang | default(value='sk')) }}
</button></form>
</div>
</div>
</div>

28
assets/views/partials/settings_dropdown.html
View File

@@ -1,21 +1,26 @@
{# Settings dropdown (language + theme). Shared by base.html and admin/base.html
to kill the former ~100-line copy-paste duplication.
Adapted from the vendored Penguin UI component
penguinui-components/dropdowns/dropdown-with-click.html: Penguin's dropdown
menu container + item treatment. Deviations: kept our gear icon-only trigger
and our core-Alpine open / @click.outside toggle (upstream's x-trap / $focus
need the Alpine Focus plugin, which we don't bundle); item hover uses
bg-primary/5 to stay consistent with the rest of our Penguin-ified UI.
Proper Penguin UI dropdown: behaviour is the vendored
dropdowns/dropdown-with-icons.html verbatim (isOpen / openedWithKeyboard,
x-trap + $focus keyboard nav, x-cloak x-show, @click.outside). Trigger is our
gear icon-only button; content is the language form + theme toggle. Needs the
Alpine Focus plugin (loaded in base.html) for x-trap / $focus.
The host template provides the wrapper
<div x-data="{ open: false }" @keydown.escape="open = false" class="relative ...">
so it controls its own positioning (e.g. ml-auto in admin). #}
{{ ui::icon_button(aria_label=t(key='settings', lang=lang | default(value='sk')), attrs='@click="open = !open" :aria-expanded="open"', icon='<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="size-5"><path stroke-linecap="round" stroke-linejoin="round" d="M9.594 3.94c.09-.542.56-.94 1.11-.94h2.593c.55 0 1.02.398 1.11.94l.213 1.281c.063.374.313.686.645.87.074.04.147.083.22.127.324.196.72.257 1.075.124l1.217-.456a1.125 1.125 0 0 1 1.37.49l1.296 2.247a1.125 1.125 0 0 1-.26 1.431l-1.003.827c-.293.241-.438.613-.43.992a7.723 7.723 0 0 1 0 .255c-.008.378.137.75.43.991l1.004.827c.424.35.534.955.26 1.43l-1.298 2.247a1.125 1.125 0 0 1-1.369.491l-1.217-.456c-.355-.133-.75-.072-1.076.124a6.47 6.47 0 0 1-.22.128c-.331.183-.581.495-.644.869l-.213 1.281c-.09.543-.56.94-1.11.94h-2.594c-.55 0-1.019-.398-1.11-.94l-.213-1.281c-.062-.374-.312-.686-.644-.87a6.52 6.52 0 0 1-.22-.127c-.325-.196-.72-.257-1.076-.124l-1.217.456a1.125 1.125 0 0 1-1.369-.49l-1.297-2.247a1.125 1.125 0 0 1 .26-1.431l1.004-.827c.292-.24.437-.613.43-.991a6.932 6.932 0 0 1 0-.255c.007-.38-.138-.751-.43-.992l-1.004-.827a1.125 1.125 0 0 1-.26-1.43l1.297-2.247a1.125 1.125 0 0 1 1.37-.491l1.216.456c.356.133.751.072 1.076-.124.072-.044.146-.086.22-.128.332-.183.582-.495.644-.869l.214-1.28Z" /><path stroke-linecap="round" stroke-linejoin="round" d="M15 12a3 3 0 1 1-6 0 3 3 0 0 1 6 0Z" /></svg>') }}
<div x-show="open" x-cloak @click.outside="open = false" x-transition.origin.top.right
Self-contained Alpine state + relative positioning; the host only places it
(e.g. ml-auto in admin). The panel has NO id on purpose (see profile_menu.html
for why — htmx hx-boost settles by id). #}
<div x-data="{ isOpen: false, openedWithKeyboard: false }"
x-on:keydown.esc.window="isOpen = false, openedWithKeyboard = false"
class="relative">
{{ ui::icon_button(aria_label=t(key='settings', lang=lang | default(value='sk')), attrs='x-on:click="isOpen = ! isOpen" x-on:keydown.space.prevent="openedWithKeyboard = true" x-on:keydown.enter.prevent="openedWithKeyboard = true" x-on:keydown.down.prevent="openedWithKeyboard = true" x-bind:aria-expanded="isOpen || openedWithKeyboard" aria-haspopup="true"', icon='<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="size-5"><path stroke-linecap="round" stroke-linejoin="round" d="M9.594 3.94c.09-.542.56-.94 1.11-.94h2.593c.55 0 1.02.398 1.11.94l.213 1.281c.063.374.313.686.645.87.074.04.147.083.22.127.324.196.72.257 1.075.124l1.217-.456a1.125 1.125 0 0 1 1.37.49l1.296 2.247a1.125 1.125 0 0 1-.26 1.431l-1.003.827c-.293.241-.438.613-.43.992a7.723 7.723 0 0 1 0 .255c-.008.378.137.75.43.991l1.004.827c.424.35.534.955.26 1.43l-1.298 2.247a1.125 1.125 0 0 1-1.369.491l-1.217-.456c-.355-.133-.75-.072-1.076.124a6.47 6.47 0 0 1-.22.128c-.331.183-.581.495-.644.869l-.213 1.281c-.09.543-.56.94-1.11.94h-2.594c-.55 0-1.019-.398-1.11-.94l-.213-1.281c-.062-.374-.312-.686-.644-.87a6.52 6.52 0 0 1-.22-.127c-.325-.196-.72-.257-1.076-.124l-1.217.456a1.125 1.125 0 0 1-1.369-.49l-1.297-2.247a1.125 1.125 0 0 1 .26-1.431l1.004-.827c.292-.24.437-.613.43-.991a6.932 6.932 0 0 1 0-.255c.007-.38-.138-.751-.43-.992l-1.004-.827a1.125 1.125 0 0 1-.26-1.43l1.297-2.247a1.125 1.125 0 0 1 1.37-.491l1.216.456c.356.133.751.072 1.076-.124.072-.044.146-.086.22-.128.332-.183.582-.495.644-.869l.214-1.28Z" /><path stroke-linecap="round" stroke-linejoin="round" d="M15 12a3 3 0 1 1-6 0 3 3 0 0 1 6 0Z" /></svg>') }}
<div x-cloak x-show="isOpen || openedWithKeyboard" x-transition x-trap="openedWithKeyboard"
x-on:click.outside="isOpen = false, openedWithKeyboard = false"
x-on:keydown.down.prevent="$focus.wrap().next()" x-on:keydown.up.prevent="$focus.wrap().previous()"
class="absolute right-0 mt-2 flex w-56 flex-col overflow-hidden rounded-radius border border-outline bg-surface-alt py-1 shadow-lg dark:border-outline-dark dark:bg-surface-dark-alt"
role="menu">
<form method="post" action="/lang" hx-boost="false">
<input type="hidden" name="_csrf" value="{{ csrf_token() }}">
<p class="px-4 py-1.5 text-xs font-semibold uppercase tracking-wide text-on-surface/60 dark:text-on-surface-dark/60">
{{ t(key="settings-language", lang=lang | default(value='sk')) }}
</p>
@@ -54,3 +59,4 @@
</label>
</div>
</div>
</div>

19
assets/views/shop/_card.html
View File

@@ -17,16 +17,27 @@
<!-- Header: Title & Price -->
<div class="flex justify-between gap-4">
<h3 class="text-lg font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ product.name }}</h3>
<span class="whitespace-nowrap text-xl"><span class="sr-only">Price</span>{{ product.price }} {{ product.currency }}</span>
{% if product.on_sale %}
<span class="flex flex-col items-end whitespace-nowrap leading-tight">
<span class="text-sm text-on-surface/50 line-through dark:text-on-surface-dark/50">{{ product.regular_price }} {{ product.currency }}</span>
<span class="text-xl font-semibold text-danger"><span class="sr-only">Price</span>{% if product.has_options %}{{ t(key="from-price", price=product.price, lang=lang | default(value='sk')) }}{% else %}{{ product.price }}{% endif %} {{ product.currency }}</span>
</span>
{% else %}
<span class="whitespace-nowrap text-xl"><span class="sr-only">Price</span>{% if product.has_options %}{{ t(key="from-price", price=product.price, lang=lang | default(value='sk')) }}{% else %}{{ product.price }}{% endif %} {{ product.currency }}</span>
{% endif %}
</div>
</div>
</a>
<div class="flex flex-col gap-2 p-6 pt-0">
{% if product.stock > 0 %}
<p class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="in-stock", lang=lang | default(value='sk')) }}: {{ product.stock }}</p>
{% if product.has_options %}
{# Multiple variants: customer must pick on the product page. #}
{{ ui::button(label=t(key="choose-option", lang=lang | default(value='sk')), href="/shop/" ~ product.slug, extra="w-full") }}
{% elif product.in_stock %}
<p class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{% if product.tracked %}{{ t(key="in-stock", lang=lang | default(value='sk')) }}: {{ product.stock }}{% else %}{{ t(key="available", lang=lang | default(value='sk')) }}{% endif %}</p>
<form method="post" action="/cart/add" hx-post="/cart/add" hx-swap="none"
hx-on::after-request="if (event.detail.successful) toast('{{ t(key='cart-added', lang=lang | default(value='sk')) }}')">
<input type="hidden" name="product_id" value="{{ product.id }}">
<input type="hidden" name="_csrf" value="{{ csrf_token() }}">
<input type="hidden" name="variant_id" value="{{ product.variant_id }}">
<input type="hidden" name="quantity" value="1">
{{ ui::button(label=t(key="add-to-cart", lang=lang | default(value='sk')), type="submit", extra="w-full", icon='<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" fill="currentColor" aria-hidden="true" class="size-3.5"><path fill-rule="evenodd" d="M5 4a3 3 0 0 1 6 0v1h.643a1.5 1.5 0 0 1 1.492 1.35l.7 7A1.5 1.5 0 0 1 12.342 15H3.657a1.5 1.5 0 0 1-1.492-1.65l.7-7A1.5 1.5 0 0 1 4.357 5H5V4Zm4.5 0v1h-3V4a1.5 1.5 0 0 1 3 0Zm-3 3.75a.75.75 0 0 0-1.5 0v1a3 3 0 1 0 6 0v-1a.75.75 0 0 0-1.5 0v1a1.5 1.5 0 1 1-3 0v-1Z" clip-rule="evenodd" /></svg>') }}
</form>

20
assets/views/shop/_cart_body.html
View File

@@ -19,16 +19,25 @@
<tr>
<td class="px-4 py-3">
<a href="/shop/{{ item.slug }}" class="font-medium text-on-surface-strong hover:text-primary dark:text-on-surface-dark-strong dark:hover:text-primary-dark">{{ item.name }}</a>
{% if item.variant_label %}<span class="block text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ item.variant_label }}</span>{% endif %}
</td>
<td class="px-4 py-3 tabular-nums">
{% if item.on_sale %}
<span class="font-medium text-danger">{{ item.price }} {{ item.currency }}</span>
<span class="ml-1 text-xs text-on-surface/50 line-through dark:text-on-surface-dark/50">{{ item.regular_price }}</span>
{% else %}
{{ item.price }} {{ item.currency }}
{% endif %}
</td>
<td class="px-4 py-3 tabular-nums">{{ item.price }} {{ item.currency }}</td>
<td class="px-4 py-3">
{# Changing the quantity posts via htmx (custom `cartchange` event) and
swaps only #cart-body. Dropping to 0 asks for confirmation first,
reverting to the previous quantity if the customer cancels. #}
<form method="post" action="/cart/update"
hx-post="/cart/update" hx-trigger="cartchange" hx-target="#cart-body" hx-swap="innerHTML">
<input type="hidden" name="product_id" value="{{ item.id }}">
<input type="number" name="quantity" min="0" max="{{ item.stock }}" value="{{ item.quantity }}"
{{ ui::csrf_field() }}
<input type="hidden" name="variant_id" value="{{ item.id }}">
<input type="number" name="quantity" min="0" {% if item.stock %}max="{{ item.stock }}"{% endif %} value="{{ item.quantity }}"
@change="
if (parseInt($el.value || '0') <= 0 && !window.confirm('{{ t(key='cart-remove-confirm', lang=lang | default(value='sk')) }}')) {
$el.value = '{{ item.quantity }}';
@@ -43,7 +52,8 @@
<td class="px-4 py-3 text-right">
<form method="post" action="/cart/remove"
hx-post="/cart/remove" hx-target="#cart-body" hx-swap="innerHTML">
<input type="hidden" name="product_id" value="{{ item.id }}">
{{ ui::csrf_field() }}
<input type="hidden" name="variant_id" value="{{ item.id }}">
{{ ui::button(variant="ghost-danger", label=t(key="cart-remove", lang=lang | default(value='sk')), type="submit", size="px-2 py-1 text-xs") }}
</form>
</td>
@@ -62,7 +72,7 @@
<div class="mt-6 flex flex-wrap justify-between gap-3">
{{ ui::button(variant="outline-secondary", label=t(key="cart-continue", lang=lang | default(value='sk')), href="/shop") }}
{{ ui::button(label=t(key="cart-checkout", lang=lang | default(value='sk')), href="/checkout", size="px-5 py-2 text-sm") }}
{{ ui::button(label=t(key="cart-checkout", lang=lang | default(value='sk')), href="/checkout", size="px-5 py-2 text-sm", attrs='hx-boost="false"') }}
</div>
{% else %}
<div class="rounded-radius border border-outline px-6 py-16 text-center dark:border-outline-dark">

32
assets/views/shop/_cart_preview.html Normal file
View File

@@ -0,0 +1,32 @@
{# Mini-cart preview shown on hover over the navbar cart (Alza-style).
Lazy-loaded via htmx from /partials/cart into the hover dropdown panel in
base.html. Receives: items[], total, currency, lang. #}
{% import "macros/ui.html" as ui %}
{% if items | length > 0 %}
<div class="max-h-80 divide-y divide-outline overflow-y-auto dark:divide-outline-dark">
{% for item in items %}
<div class="flex items-start gap-3 px-4 py-3">
<div class="min-w-0 flex-1">
<a href="/shop/{{ item.slug }}" class="block truncate text-sm font-medium text-on-surface-strong hover:text-primary dark:text-on-surface-dark-strong dark:hover:text-primary-dark">{{ item.name }}</a>
{% if item.variant_label %}<span class="block truncate text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ item.variant_label }}</span>{% endif %}
<p class="mt-0.5 text-xs tabular-nums text-on-surface dark:text-on-surface-dark">{{ item.quantity }} × {{ item.price }} {{ item.currency }}</p>
</div>
<span class="shrink-0 text-sm font-semibold tabular-nums text-on-surface-strong dark:text-on-surface-dark-strong">{{ item.line_total }} {{ item.currency }}</span>
</div>
{% endfor %}
</div>
<div class="border-t border-outline px-4 py-3 dark:border-outline-dark">
<div class="mb-3 flex items-center justify-between">
<span class="text-sm text-on-surface dark:text-on-surface-dark">{{ t(key="cart-total", lang=lang | default(value='sk')) }}</span>
<span class="text-base font-bold tabular-nums text-primary dark:text-primary-dark">{{ total }} {{ currency }}</span>
</div>
<div class="flex gap-2">
{{ ui::button(href="/cart", variant="outline-primary", label=t(key="cart-title", lang=lang | default(value='sk')), extra="flex-1", attrs='hx-boost="false"') }}
{{ ui::button(href="/checkout", variant="primary", label=t(key="cart-checkout", lang=lang | default(value='sk')), extra="flex-1", attrs='hx-boost="false"') }}
</div>
</div>
{% else %}
<div class="px-4 py-10 text-center text-sm text-on-surface dark:text-on-surface-dark">
{{ t(key="cart-empty", lang=lang | default(value='sk')) }}
</div>
{% endif %}

100
assets/views/shop/checkout.html
View File

@@ -11,6 +11,7 @@
<form method="post" action="/checkout" hx-boost="false"
x-data="{
paymentMethod: '',
accountType: '{{ prefill_account_type | default(value='personal') }}',
carrier: '',
carrierPrice: 0,
requiresPoint: false,
@@ -29,25 +30,76 @@
}
}"
class="mt-6 grid gap-8 lg:grid-cols-3">
{{ ui::csrf_field() }}
<div class="space-y-6 lg:col-span-2">
<!-- personal vs company. Fixed (read-only) for a logged-in account; a guest
picks it and the choice will type any account they create. -->
<fieldset class="space-y-3 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
<legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-type", lang=lang | default(value='sk')) }}</legend>
{% if account_fixed %}
<div class="flex items-center gap-2">
{% if prefill_account_type == "company" %}
{{ ui::badge(label=t(key="account-company", lang=lang | default(value='sk')), variant="primary") }}
{% else %}
{{ ui::badge(label=t(key="account-personal", lang=lang | default(value='sk')), variant="neutral") }}
{% endif %}
<span class="text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="account-type-locked", lang=lang | default(value='sk')) }}</span>
</div>
{% else %}
<div class="grid gap-3 sm:grid-cols-2">
<label class="flex cursor-pointer items-center gap-3 rounded-radius border border-outline px-4 py-3 transition has-[:checked]:border-primary dark:border-outline-dark dark:has-[:checked]:border-primary-dark">
{{ ui::radio(name="account_type", value="personal", attrs='x-model="accountType"') }}
<span class="font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-personal", lang=lang | default(value='sk')) }}</span>
</label>
<label class="flex cursor-pointer items-center gap-3 rounded-radius border border-outline px-4 py-3 transition has-[:checked]:border-primary dark:border-outline-dark dark:has-[:checked]:border-primary-dark">
{{ ui::radio(name="account_type", value="company", attrs='x-model="accountType"') }}
<span class="font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-company", lang=lang | default(value='sk')) }}</span>
</label>
</div>
{% endif %}
</fieldset>
<!-- company billing details (company accounts only) -->
<fieldset x-show="accountType === 'company'" x-cloak class="space-y-4 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
<legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="account-company-details", lang=lang | default(value='sk')) }}</legend>
<div class="space-y-1.5">
<label for="company_name" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="company-name", lang=lang | default(value='sk')) }}{{ ui::req() }}</label>
{{ ui::input(name="company_name", id="company_name", value=prefill_company_name | default(value=''), autocomplete="organization") }}
</div>
<div class="grid gap-4 sm:grid-cols-3">
<div class="space-y-1.5">
<label for="company_id" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="company-ico", lang=lang | default(value='sk')) }}{{ ui::req() }}</label>
{{ ui::input(name="company_id", id="company_id", value=prefill_company_id | default(value='')) }}
</div>
<div class="space-y-1.5">
<label for="tax_id" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="company-dic", lang=lang | default(value='sk')) }}{{ ui::req() }}</label>
{{ ui::input(name="tax_id", id="tax_id", value=prefill_tax_id | default(value='')) }}
</div>
<div class="space-y-1.5">
<label for="vat_id" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="company-icdph", lang=lang | default(value='sk')) }} <span class="text-on-surface/50 dark:text-on-surface-dark/50">({{ t(key="field-optional", lang=lang | default(value='sk')) }})</span></label>
{{ ui::input(name="vat_id", id="vat_id", value=prefill_vat_id | default(value='')) }}
</div>
</div>
</fieldset>
<!-- contact -->
<fieldset class="space-y-4 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
<legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-contact", lang=lang | default(value='sk')) }}</legend>
<div class="space-y-1.5">
<label for="email" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-email", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="email", id="email", type="email", required=true, autocomplete="email") }}
<label for="email" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-email", lang=lang | default(value='sk')) }}{{ ui::req() }}</label>
{{ ui::input(name="email", id="email", type="email", value=prefill_email | default(value=''), required=true, autocomplete="email") }}
</div>
<div class="space-y-1.5">
<label for="customer_name" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-name", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="customer_name", id="customer_name", required=true, autocomplete="name") }}
<label for="customer_name" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-name", lang=lang | default(value='sk')) }}{{ ui::req() }}</label>
{{ ui::input(name="customer_name", id="customer_name", value=prefill_name | default(value=''), required=true, autocomplete="name") }}
</div>
<div class="space-y-1.5">
<label for="phone" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-phone", lang=lang | default(value='sk')) }}</label>
<label for="phone" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-phone", lang=lang | default(value='sk')) }}{{ ui::req() }}</label>
<div class="flex gap-2">
<!-- editable combobox: type freely or pick from the dropdown -->
<div class="relative w-28 shrink-0" @click.outside="prefixOpen = false"
x-data="{ prefixOpen: false, prefix: '+421', opts: [
x-data="{ prefixOpen: false, prefix: '{{ prefill_phone_prefix | default(value='+421') }}', opts: [
{ v: '+421', l: '🇸🇰 +421' }, { v: '+420', l: '🇨🇿 +420' },
{ v: '+43', l: '🇦🇹 +43' }, { v: '+49', l: '🇩🇪 +49' },
{ v: '+48', l: '🇵🇱 +48' }, { v: '+36', l: '🇭🇺 +36' },
@@ -71,7 +123,7 @@
</template>
</ul>
</div>
{{ ui::input(name="phone", id="phone", type="tel", required=true, autocomplete="tel", placeholder="900 000 000", attrs='inputmode="tel"') }}
{{ ui::input(name="phone", id="phone", type="tel", value=prefill_phone | default(value=''), required=true, autocomplete="tel", placeholder="900 000 000", attrs='inputmode="tel"') }}
</div>
</div>
</fieldset>
@@ -80,22 +132,22 @@
<fieldset class="space-y-4 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
<legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-shipping", lang=lang | default(value='sk')) }}</legend>
<div class="space-y-1.5">
<label for="address" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-address", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="address", id="address", required=true, autocomplete="street-address") }}
<label for="address" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-address", lang=lang | default(value='sk')) }}{{ ui::req() }}</label>
{{ ui::input(name="address", id="address", value=prefill_address | default(value=''), required=true, autocomplete="street-address") }}
</div>
<div class="grid gap-4 sm:grid-cols-3">
<div class="space-y-1.5">
<label for="city" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-city", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="city", id="city", required=true, autocomplete="address-level2") }}
<label for="city" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-city", lang=lang | default(value='sk')) }}{{ ui::req() }}</label>
{{ ui::input(name="city", id="city", value=prefill_city | default(value=''), required=true, autocomplete="address-level2") }}
</div>
<div class="space-y-1.5">
<label for="zip" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-zip", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="zip", id="zip", required=true, autocomplete="postal-code") }}
<label for="zip" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-zip", lang=lang | default(value='sk')) }}{{ ui::req() }}</label>
{{ ui::input(name="zip", id="zip", value=prefill_zip | default(value=''), required=true, autocomplete="postal-code") }}
</div>
<div class="space-y-1.5">
<label for="country" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-country", lang=lang | default(value='sk')) }}</label>
<label for="country" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-country", lang=lang | default(value='sk')) }}{{ ui::req() }}</label>
<div class="relative" @click.outside="countryOpen = false"
x-data="{ countryOpen: false, country: '{{ t(key='country-sk', lang=lang | default(value='sk')) }}', opts: [
x-data="{ countryOpen: false, country: '{{ prefill_country | default(value=t(key='country-sk', lang=lang | default(value='sk'))) }}', opts: [
{ v: '{{ t(key='country-sk', lang=lang | default(value='sk')) }}', l: '🇸🇰 {{ t(key='country-sk', lang=lang | default(value='sk')) }}' },
{ v: '{{ t(key='country-cz', lang=lang | default(value='sk')) }}', l: '🇨🇿 {{ t(key='country-cz', lang=lang | default(value='sk')) }}' },
{ v: '{{ t(key='country-at', lang=lang | default(value='sk')) }}', l: '🇦🇹 {{ t(key='country-at', lang=lang | default(value='sk')) }}' },
@@ -126,7 +178,7 @@
<!-- carrier -->
<fieldset class="space-y-3 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
<legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-carrier", lang=lang | default(value='sk')) }}</legend>
<legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-carrier", lang=lang | default(value='sk')) }}{{ ui::req() }}</legend>
{% for m in shipping_methods %}
<label class="flex cursor-pointer items-center justify-between gap-3 rounded-radius border border-outline px-4 py-3 transition has-[:checked]:border-primary dark:border-outline-dark dark:has-[:checked]:border-primary-dark">
<span class="flex items-center gap-3">
@@ -162,7 +214,7 @@
<!-- payment -->
<fieldset class="space-y-3 rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
<legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-payment", lang=lang | default(value='sk')) }}</legend>
<legend class="px-1 text-sm font-semibold text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-payment", lang=lang | default(value='sk')) }}{{ ui::req() }}</legend>
<label class="flex cursor-pointer items-center gap-3 rounded-radius border border-outline px-4 py-3 transition has-[:checked]:border-primary dark:border-outline-dark dark:has-[:checked]:border-primary-dark">
{{ ui::radio(name="payment_method", value="cod", attrs='required x-model="paymentMethod"') }}
<span class="font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="payment-cod", lang=lang | default(value='sk')) }}</span>
@@ -177,6 +229,20 @@
<label for="note" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="checkout-note", lang=lang | default(value='sk')) }}</label>
{{ ui::textarea(name="note", id="note", rows="3") }}
</div>
{% if logged_in_customer and not profile_filled %}
<!-- offered only when the profile has no saved address yet; if it was filled
in advance we leave it untouched -->
{{ ui::checkbox(name="save_profile", id="save_profile", label=t(key="checkout-save-profile", lang=lang | default(value='sk'))) }}
{% endif %}
{% if can_create_account %}
<!-- guests may turn this order into an account (typed by their choice above) -->
<div class="space-y-1.5 rounded-radius border border-outline bg-surface p-4 dark:border-outline-dark dark:bg-surface-dark-alt">
{{ ui::checkbox(name="create_account", id="create_account", label=t(key="checkout-create-account", lang=lang | default(value='sk'))) }}
<p class="pl-6 text-xs text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="checkout-create-account-hint", lang=lang | default(value='sk')) }}</p>
</div>
{% endif %}
</div>
<!-- summary -->

8
assets/views/shop/order_confirmed.html
View File

@@ -15,6 +15,12 @@
<p class="mt-1 text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="order-confirmed-sub", lang=lang | default(value='sk')) }}</p>
</div>
{% if account_created %}
<div class="rounded-radius border border-primary/40 bg-primary/5 p-4 text-sm text-on-surface dark:border-primary-dark/40 dark:text-on-surface-dark" role="status">
{{ t(key="order-account-created", lang=lang | default(value='sk')) }}
</div>
{% endif %}
<div class="rounded-radius border border-outline bg-surface p-6 dark:border-outline-dark dark:bg-surface-dark-alt">
<div class="flex flex-wrap justify-between gap-2 border-b border-outline pb-3 dark:border-outline-dark">
<span class="text-sm text-on-surface/70 dark:text-on-surface-dark/70">{{ t(key="order-number", lang=lang | default(value='sk')) }}</span>
@@ -23,7 +29,7 @@
<ul class="space-y-2 py-3 text-sm">
{% for item in items %}
<li class="flex justify-between gap-2">
<span class="text-on-surface/80 dark:text-on-surface-dark/80">{{ item.product_name }} × {{ item.quantity }}</span>
<span class="text-on-surface/80 dark:text-on-surface-dark/80">{{ item.product_name }}{% if item.variant_label %} · {{ item.variant_label }}{% endif %} × {{ item.quantity }}</span>
<span class="tabular-nums">{{ item.line_total }} {{ order.currency }}</span>
</li>
{% endfor %}

90
assets/views/shop/show.html
View File

@@ -49,31 +49,85 @@
</div>
<!-- details -->
<div class="space-y-6">
{% set fld = "w-full rounded-radius border border-outline bg-surface-alt px-3 py-2 text-sm text-on-surface focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-primary dark:border-outline-dark dark:bg-surface-dark-alt/50 dark:text-on-surface-dark dark:focus-visible:outline-primary-dark" %}
{% set btn = "inline-flex items-center justify-center gap-2 whitespace-nowrap rounded-radius px-5 py-2 text-sm text-center font-medium tracking-wide transition hover:opacity-75 focus-visible:outline-2 focus-visible:outline-offset-2 active:opacity-100 active:outline-offset-0 disabled:cursor-not-allowed disabled:opacity-75 border border-primary bg-primary text-on-primary focus-visible:outline-primary dark:border-primary-dark dark:bg-primary-dark dark:text-on-primary-dark dark:focus-visible:outline-primary-dark" %}
<script id="variant-data" type="application/json">{{ variants | json_encode() | safe }}</script>
<div class="space-y-6" x-data="productBuy(JSON.parse(document.getElementById('variant-data').textContent))">
{% if category %}
<a href="/category/{{ category.slug }}" class="text-sm font-medium text-primary dark:text-primary-dark">{{ category.name }}</a>
{% endif %}
<h1 class="text-3xl font-bold text-on-surface-strong dark:text-on-surface-dark-strong">{{ product.name }}</h1>
<p class="text-2xl font-semibold text-primary dark:text-primary-dark">{{ product.price }} {{ product.currency }}</p>
{% if product.description %}
<div class="whitespace-pre-line leading-relaxed text-on-surface/80 dark:text-on-surface-dark/80">{{ product.description }}</div>
{% endif %}
<template x-if="current">
<div class="space-y-6">
<!-- option picker (only when there's a real choice); first option is
selected by default and switching it updates the price + buy form -->
<template x-if="variants.length > 1">
<div class="max-w-sm space-y-1.5">
<label for="variant-select" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="choose-option", lang=lang | default(value='sk')) }}</label>
<select id="variant-select" x-model.number="sel" class="{{ fld }}">
<template x-for="(v, i) in variants" :key="v.id">
<option :value="i" x-text="(v.label || '—') + ' · ' + v.price + ' {{ product.currency }}' + (v.in_stock ? '' : ' ({{ t(key='out-of-stock', lang=lang | default(value='sk')) }})')"></option>
</template>
</select>
</div>
</template>
{% if product.stock > 0 %}
<form method="post" action="/cart/add" hx-post="/cart/add" hx-swap="none" class="flex flex-wrap items-end gap-3"
hx-on::after-request="if (event.detail.successful) toast('{{ t(key='cart-added', lang=lang | default(value='sk')) }}')">
<input type="hidden" name="product_id" value="{{ product.id }}">
<div class="space-y-1.5">
<label for="quantity" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="quantity", lang=lang | default(value='sk')) }}</label>
{{ ui::input(name="quantity", id="quantity", type="number", value="1", width="w-24", attrs='min="1" max="' ~ product.stock ~ '"') }}
<div class="flex items-baseline gap-3">
<p class="text-2xl font-semibold" :class="current.on_sale ? 'text-danger' : 'text-primary dark:text-primary-dark'">
<span x-text="current.price"></span> {{ product.currency }}
</p>
<template x-if="current.on_sale">
<p class="text-lg text-on-surface/50 line-through dark:text-on-surface-dark/50"><span x-text="current.regular_price"></span> {{ product.currency }}</p>
</template>
</div>
{% if product.description %}
<div class="whitespace-pre-line leading-relaxed text-on-surface/80 dark:text-on-surface-dark/80">{{ product.description }}</div>
{% endif %}
<template x-if="current.in_stock">
<div class="space-y-2">
<form method="post" action="/cart/add" hx-post="/cart/add" hx-swap="none" class="flex flex-wrap items-end gap-3"
hx-on::after-request="if (event.detail.successful) toast('{{ t(key='cart-added', lang=lang | default(value='sk')) }}')">
{{ ui::csrf_field() }}
<input type="hidden" name="variant_id" :value="current.id">
<div class="space-y-1.5">
<label for="quantity" class="text-sm font-medium text-on-surface-strong dark:text-on-surface-dark-strong">{{ t(key="quantity", lang=lang | default(value='sk')) }}</label>
<input type="number" id="quantity" name="quantity" value="1" min="1" :max="current.stock" class="{{ fld }} w-24">
</div>
<button type="submit" class="{{ btn }}">{{ t(key="add-to-cart", lang=lang | default(value='sk')) }}</button>
</form>
<p class="text-sm text-on-surface/60 dark:text-on-surface-dark/60">
<template x-if="current.tracked">
<span>{{ t(key="in-stock", lang=lang | default(value='sk')) }}: <span x-text="current.stock"></span></span>
</template>
<template x-if="!current.tracked">
<span>{{ t(key="available", lang=lang | default(value='sk')) }}</span>
</template>
</p>
</div>
</template>
<template x-if="!current.in_stock">
<p class="inline-flex rounded-radius bg-danger/10 px-3 py-2 text-sm font-medium text-danger">{{ t(key="out-of-stock", lang=lang | default(value='sk')) }}</p>
</template>
</div>
{{ ui::button(label=t(key="add-to-cart", lang=lang | default(value='sk')), type="submit", size="px-5 py-2 text-sm") }}
</form>
<p class="text-sm text-on-surface/60 dark:text-on-surface-dark/60">{{ t(key="in-stock", lang=lang | default(value='sk')) }}: {{ product.stock }}</p>
{% else %}
<p class="inline-flex rounded-radius bg-danger/10 px-3 py-2 text-sm font-medium text-danger">{{ t(key="out-of-stock", lang=lang | default(value='sk')) }}</p>
{% endif %}
</template>
<template x-if="!current">
<p class="inline-flex rounded-radius bg-danger/10 px-3 py-2 text-sm font-medium text-danger">{{ t(key="out-of-stock", lang=lang | default(value='sk')) }}</p>
</template>
</div>
<script>
function productBuy(variants) {
return {
variants: variants || [],
// Default to the first in-stock variant, else the first.
sel: Math.max(0, (variants || []).findIndex(v => v.in_stock)),
get current() { return this.variants[this.sel] || null; },
};
}
</script>
</div>
{% endblock content %}

48
config/development.yaml
View File

@@ -45,19 +45,24 @@ workers:
# Mailer Configuration.
mailer:
# SMTP mailer configuration.
# SMTP mailer configuration. Defaults target a local catcher (MailHog/Mailpit
# on localhost:1025); set the SMTP_* env vars to point at a real server. The
# auth block is only emitted when SMTP_PASSWORD is provided, so the secret is
# never stored here — pass it in at launch (e.g. from `pass`).
smtp:
# Enable/Disable smtp mailer.
enable: true
enable: {{ get_env(name="SMTP_ENABLE", default="true") }}
# SMTP server host. e.x localhost, smtp.gmail.com
host: localhost
host: "{{ get_env(name="SMTP_HOST", default="localhost") }}"
# SMTP server port
port: 1025
port: {{ get_env(name="SMTP_PORT", default="1025") }}
# Use secure connection (SSL/TLS).
secure: false
# auth:
# user:
# password:
secure: {{ get_env(name="SMTP_SECURE", default="false") }}
{% if get_env(name="SMTP_PASSWORD", default="") != "" %}
auth:
user: "{{ get_env(name="SMTP_USER", default="") }}"
password: "{{ get_env(name="SMTP_PASSWORD", default="") }}"
{% endif %}
# Override the SMTP hello name (default is the machine's hostname)
# hello_name:
@@ -125,3 +130,30 @@ settings:
# Bank-transfer payment details shown on the order confirmation.
bank_iban: {{ get_env(name="BANK_IBAN", default="SK00 0000 0000 0000 0000 0000") }}
bank_account_name: {{ get_env(name="BANK_ACCOUNT_NAME", default="Kompress s.r.o.") }}
# loco-oauth2: social login. Credentials come from .env (create them in the
# Google Cloud console and register the redirect_url below as an authorized
# redirect URI). Until OAUTH_CLIENT_ID/SECRET are set, the "Continue with
# Google" button will fail at the consent screen — the rest of auth is unaffected.
initializers:
oauth2:
# Key for the loco-oauth2 private cookie jar (>= 64 bytes). Override in prod.
secret_key: {{ get_env(name="OAUTH_PRIVATE_KEY", default="144, 76, 183, 1, 15, 184, 233, 174, 214, 251, 190, 186, 122, 61, 74, 84, 225, 110, 189, 115, 10, 251, 133, 128, 52, 46, 15, 66, 85, 1, 245, 73, 27, 113, 189, 15, 209, 205, 61, 100, 73, 31, 18, 58, 235, 105, 141, 36, 70, 92, 231, 151, 27, 32, 243, 117, 30, 244, 110, 89, 233, 196, 137, 130") }}
authorization_code:
- client_identifier: google
client_credentials:
client_id: {{ get_env(name="OAUTH_CLIENT_ID", default="oauth_client_id") }}
client_secret: {{ get_env(name="OAUTH_CLIENT_SECRET", default="oauth_client_secret") }}
url_config:
auth_url: {{ get_env(name="OAUTH_AUTH_URL", default="https://accounts.google.com/o/oauth2/auth") }}
token_url: {{ get_env(name="OAUTH_TOKEN_URL", default="https://www.googleapis.com/oauth2/v3/token") }}
redirect_url: {{ get_env(name="OAUTH_REDIRECT_URL", default="http://localhost:5150/api/oauth2/google/callback/cookie") }}
profile_url: {{ get_env(name="OAUTH_PROFILE_URL", default="https://openidconnect.googleapis.com/v1/userinfo") }}
scopes:
- "https://www.googleapis.com/auth/userinfo.email"
- "https://www.googleapis.com/auth/userinfo.profile"
cookie_config:
# After loco-oauth2 sets its session cookie it redirects here, where we
# mint our own auth_token cookie (see controllers/oauth2.rs::complete).
protected_url: {{ get_env(name="OAUTH_PROTECTED_URL", default="http://localhost:5150/api/oauth2/protected") }}
timeout_seconds: 600

22
config/production.yaml
View File

@@ -55,3 +55,25 @@ auth:
settings:
admin_email: "{{ get_env(name="ADMIN_EMAIL", default="") }}"
uploads_root: "{{ get_env(name="UPLOADS_ROOT", default="data/uploads") }}"
# loco-oauth2 social login. All values must come from the environment in prod;
# OAUTH_REDIRECT_URL / OAUTH_PROTECTED_URL must use the real public origin.
initializers:
oauth2:
secret_key: "{{ get_env(name="OAUTH_PRIVATE_KEY") }}"
authorization_code:
- client_identifier: google
client_credentials:
client_id: "{{ get_env(name="OAUTH_CLIENT_ID") }}"
client_secret: "{{ get_env(name="OAUTH_CLIENT_SECRET") }}"
url_config:
auth_url: "{{ get_env(name="OAUTH_AUTH_URL", default="https://accounts.google.com/o/oauth2/auth") }}"
token_url: "{{ get_env(name="OAUTH_TOKEN_URL", default="https://www.googleapis.com/oauth2/v3/token") }}"
redirect_url: "{{ get_env(name="OAUTH_REDIRECT_URL") }}"
profile_url: "{{ get_env(name="OAUTH_PROFILE_URL", default="https://openidconnect.googleapis.com/v1/userinfo") }}"
scopes:
- "https://www.googleapis.com/auth/userinfo.email"
- "https://www.googleapis.com/auth/userinfo.profile"
cookie_config:
protected_url: "{{ get_env(name="OAUTH_PROTECTED_URL") }}"
timeout_seconds: 600

55
config/test.yaml
View File

@@ -42,33 +42,58 @@ workers:
# Mailer Configuration.
# Defaults keep the whole suite on the in-memory stub mailer. The real-SMTP
# smoke test (tests/mailer/smtp_send.rs) opts in by setting these env vars
# before boot; nothing else in the suite sends real mail.
mailer:
stub: true
stub: {{ get_env(name="MAILER_STUB", default="true") }}
# SMTP mailer configuration.
smtp:
# Enable/Disable smtp mailer.
enable: true
enable: {{ get_env(name="SMTP_ENABLE", default="true") }}
# SMTP server host. e.x localhost, smtp.gmail.com
host: localhost
host: "{{ get_env(name="SMTP_HOST", default="localhost") }}"
# SMTP server port
port: 1025
port: {{ get_env(name="SMTP_PORT", default="1025") }}
# Use secure connection (SSL/TLS).
secure: false
# auth:
# user:
# password:
secure: {{ get_env(name="SMTP_SECURE", default="false") }}
auth:
user: "{{ get_env(name="SMTP_USER", default="") }}"
password: "{{ get_env(name="SMTP_PASSWORD", default="") }}"
# Initializers Configuration
# initializers:
# oauth2:
# authorization_code: # Authorization code grant type
# - client_identifier: google # Identifier for the OAuth2 provider. Replace 'google' with your provider's name if different, must be unique within the oauth2 config.
# ... other fields
# OAuth2StoreInitializer requires this block to boot (it builds the client store
# in after_routes). Static, non-secret placeholders: tests never perform a real
# OAuth2 handshake, they just need the store to construct successfully.
initializers:
oauth2:
# Private-cookie key: a ", "-separated list of >=64 byte values (not a
# plain string). This is loco-oauth2's documented sample key; fine for tests.
secret_key: "144, 76, 183, 1, 15, 184, 233, 174, 214, 251, 190, 186, 122, 61, 74, 84, 225, 110, 189, 115, 10, 251, 133, 128, 52, 46, 15, 66, 85, 1, 245, 73, 27, 113, 189, 15, 209, 205, 61, 100, 73, 31, 18, 58, 235, 105, 141, 36, 70, 92, 231, 151, 27, 32, 243, 117, 30, 244, 110, 89, 233, 196, 137, 130"
authorization_code:
- client_identifier: google
client_credentials:
client_id: test-client-id
client_secret: test-client-secret
url_config:
auth_url: https://accounts.google.com/o/oauth2/auth
token_url: https://www.googleapis.com/oauth2/v3/token
redirect_url: http://localhost:5150/api/oauth2/google/callback
profile_url: https://openidconnect.googleapis.com/v1/userinfo
scopes:
- https://www.googleapis.com/auth/userinfo.email
- https://www.googleapis.com/auth/userinfo.profile
cookie_config:
protected_url: http://localhost:5150/
timeout_seconds: 600
# Database Configuration
database:
# Database connection URI
uri: {{ get_env(name="DATABASE_URL", default="postgres://uni_loco_web_user:3@localhost:5432/kompress_eshop_test") }}
# Database connection URI. Pinned to the throwaway test DB and intentionally
# NOT read from `DATABASE_URL`: the app loads `.env` on boot (app.rs
# `load_config`), and this config has `dangerously_recreate: true`, so honoring
# an env override here would let `cargo test` recreate the dev/prod database.
uri: "postgres://uni_loco_web_user:3@localhost:5432/kompress_eshop_test"
# When enabled, the sql query will be logged.
enable_logging: false
# Set the timeout duration when acquiring a connection.

104
docs/integrations/google-oauth.md Normal file
View File

@@ -0,0 +1,104 @@
# Google OAuth2 sign-in
"Continue with Google" on `/login` and `/register` is wired through
[`loco-oauth2`](https://github.com/yinho999/loco-oauth2). The code is complete
and compiles; this doc is the checklist to make the live flow work. Until the
credentials below are set, the button reaches Google and fails at the consent
screen — the rest of auth (password login, registration, verification) is
unaffected.
## How the flow works (for context)
1. User clicks **Continue with Google**`GET /api/oauth2/google` redirects to
Google's consent screen.
2. Google redirects back to `GET /api/oauth2/google/callback/cookie`.
loco-oauth2 exchanges the code, fetches the profile, upserts the user
(`OAuth2UserTrait::upsert_with_oauth`), stores an `o_auth2_sessions` row, sets
its own private session cookie, and redirects to `protected_url`.
3. `protected_url` = `GET /api/oauth2/protected` (our bridge,
`controllers/oauth2.rs::complete`). It mints **our** `auth_token` JWT cookie
and redirects: admins (email == `ADMIN_EMAIL`) → `/admin/dashboard`,
everyone else → `/`.
From there the user is a normal logged-in user (same JWT cookie as a password
login; the Casbin layer and guards treat them identically).
## 1. Create Google OAuth credentials
1. Go to <https://console.cloud.google.com/> → create/select a project.
2. **APIs & Services → OAuth consent screen**: configure it (External), add the
`.../auth/userinfo.email` and `.../auth/userinfo.profile` scopes, and add
your Google account as a **test user** while the app is in "Testing".
3. **APIs & Services → Credentials → Create Credentials → OAuth client ID**:
- Application type: **Web application**.
- **Authorized redirect URIs** — add exactly (must match the config's
`redirect_url`, no trailing slash):
- dev: `http://localhost:5150/api/oauth2/google/callback/cookie`
- prod: `https://YOUR_DOMAIN/api/oauth2/google/callback/cookie`
4. Copy the generated **Client ID** and **Client secret**.
## 2. Set environment variables (`.env`)
Read by `config/development.yaml``initializers.oauth2` (and the prod
equivalent). dotenvy loads `.env` on boot.
```bash
# Required
OAUTH_CLIENT_ID=xxxxxxxx.apps.googleusercontent.com
OAUTH_CLIENT_SECRET=xxxxxxxx
# Required in PRODUCTION (dev has working defaults)
OAUTH_PRIVATE_KEY="comma,separated,bytes >= 64 long" # key for loco-oauth2's private cookie jar
OAUTH_REDIRECT_URL=https://YOUR_DOMAIN/api/oauth2/google/callback/cookie
OAUTH_PROTECTED_URL=https://YOUR_DOMAIN/api/oauth2/protected
```
Notes:
- **dev** ships defaults for everything except `OAUTH_CLIENT_ID` /
`OAUTH_CLIENT_SECRET`, so locally you only need those two.
- `OAUTH_PRIVATE_KEY` must be ≥ 64 bytes (the dev default is a sample key — do
**not** reuse it in production). Generate a fresh one, e.g.
`python3 -c "import os;print(','.join(str(b) for b in os.urandom(64)))"`.
- `OAUTH_REDIRECT_URL` here and the Authorized redirect URI in the Google
console must be byte-for-byte identical.
## 3. Run / test
```bash
nix develop -c cargo loco start # MUST be inside nix develop (OpenSSL link, see memory)
```
- `auto_migrate: true` (dev) creates the `o_auth2_sessions` table on boot.
- Open `http://localhost:5150/login`**Continue with Google** → consent →
you should land back on `/` logged in (cart/nav reflect the session).
## 4. Production checklist
- [ ] Separate OAuth client (or at least the prod redirect URI) in Google.
- [ ] OAuth consent screen **published** (not just "Testing"), or real users
get blocked.
- [ ] `OAUTH_PRIVATE_KEY` set to a fresh ≥64-byte key (not the dev sample).
- [ ] `OAUTH_REDIRECT_URL` / `OAUTH_PROTECTED_URL` use the real `https://` origin.
- [ ] `server.host` / public origin correct so cookies + redirects resolve.
## Troubleshooting
| Symptom | Cause / fix |
|---|---|
| `redirect_uri_mismatch` at Google | Authorized redirect URI ≠ `OAUTH_REDIRECT_URL`. Make them identical (scheme, host, port, path, no trailing slash). |
| 403 / "access blocked: app not verified" | Add your account as a test user, or publish the consent screen. |
| `openssl-sys ... Could not find directory` at build | You ran `cargo` outside the dev shell. Use `nix develop -c cargo ...`. |
| Callback 500 / "could not create oauth2 store" | `initializers.oauth2` missing/invalid, or `OAUTH_PRIVATE_KEY` < 64 bytes. |
| Logged into Google but not into the app | The bridge (`/api/oauth2/protected`) didn't run check `protected_url` (`OAUTH_PROTECTED_URL`) points at it. |
## Where things live
- Config: `config/development.yaml` / `config/production.yaml`
`initializers.oauth2`
- Client store + session initializers: `src/initializers/oauth2.rs`,
`src/initializers/oauth2_session.rs`
- Routes + bridge handler: `src/controllers/oauth2.rs`
- User upsert (random password per advisory LOC-2025-04): `src/models/users.rs`
(`OAuth2UserTrait`)
- Session table: `src/models/o_auth2_sessions.rs` +
`migration/.../m20260618_000001_o_auth2_sessions.rs`

3
flake.nix
View File

@@ -86,7 +86,10 @@
buildInputs = [
rust
pkgs.pkg-config
# OpenSSL for crypto dependencies (loco-oauth2 -> oauth2/reqwest
# use native-tls); .dev provides headers + pkg-config metadata.
pkgs.openssl
pkgs.openssl.dev
pkgs.cmake
pkgs.llvmPackages.clang
pkgs.llvmPackages.libclang.lib

2
migration/Cargo.toml
View File

@@ -13,7 +13,7 @@ loco-rs = { workspace = true }
[dependencies.sea-orm-migration]
version = "1.1.0"
version = "1.1.20"
features = [
# Enable at least one `ASYNC_RUNTIME` and `DATABASE_DRIVER` feature if you want to run migration via CLI.
# View the list of supported features at https://www.sea-ql.org/SeaORM/docs/install-and-config/database-and-async-runtime.

24
migration/src/lib.rs
View File

@@ -30,6 +30,18 @@ mod m20260616_160000_add_parent_to_categories;
mod m20260617_000001_add_carrier_to_shipping_methods;
mod m20260617_000002_add_shipment_to_orders;
mod m20260617_000003_add_phone_to_orders;
mod m20260618_000001_o_auth2_sessions;
mod m20260618_000002_customer_profiles;
mod m20260618_000003_account_type;
mod m20260618_000004_account_ownership;
mod m20260620_000001_add_totp_to_users;
mod m20260621_000001_add_sale_price_to_products;
mod m20260621_000002_account_product_prices;
mod m20260621_000003_discount_profiles;
mod m20260621_000004_add_business_sale_price_to_products;
mod m20260622_000001_audience_discount_profiles;
mod m20260622_000002_product_variants;
mod m20260622_000003_variant_stock_nullable;
pub struct Migrator;
#[async_trait::async_trait]
@@ -64,6 +76,18 @@ impl MigratorTrait for Migrator {
Box::new(m20260617_000001_add_carrier_to_shipping_methods::Migration),
Box::new(m20260617_000002_add_shipment_to_orders::Migration),
Box::new(m20260617_000003_add_phone_to_orders::Migration),
Box::new(m20260618_000001_o_auth2_sessions::Migration),
Box::new(m20260618_000002_customer_profiles::Migration),
Box::new(m20260618_000003_account_type::Migration),
Box::new(m20260618_000004_account_ownership::Migration),
Box::new(m20260620_000001_add_totp_to_users::Migration),
Box::new(m20260621_000001_add_sale_price_to_products::Migration),
Box::new(m20260621_000002_account_product_prices::Migration),
Box::new(m20260621_000003_discount_profiles::Migration),
Box::new(m20260621_000004_add_business_sale_price_to_products::Migration),
Box::new(m20260622_000001_audience_discount_profiles::Migration),
Box::new(m20260622_000002_product_variants::Migration),
Box::new(m20260622_000003_variant_stock_nullable::Migration),
// inject-above (do not remove this comment)
]
}

29
migration/src/m20260618_000001_o_auth2_sessions.rs Normal file
View File

@@ -0,0 +1,29 @@
use loco_rs::schema::*;
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, m: &SchemaManager) -> Result<(), DbErr> {
// OAuth2 session store used by loco-oauth2 to correlate the provider's
// access token with a local user during the callback flow. `user` adds
// a user_id FK to the users table.
create_table(
m,
"o_auth2_sessions",
&[
("id", ColType::PkAuto),
("session_id", ColType::StringUniq),
("expires_at", ColType::TimestampWithTimeZone),
],
&[("user", "")],
)
.await
}
async fn down(&self, m: &SchemaManager) -> Result<(), DbErr> {
drop_table(m, "o_auth2_sessions").await
}
}

44
migration/src/m20260618_000002_customer_profiles.rs Normal file
View File

@@ -0,0 +1,44 @@
use loco_rs::schema::*;
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, m: &SchemaManager) -> Result<(), DbErr> {
// One shipping/contact profile per customer, used to prefill the
// checkout form. `name`/`email` already live on `users`; this table
// holds only the address + phone fields. `user` adds a user_id FK; the
// unique index below makes the relationship 1:1.
create_table(
m,
"customer_profiles",
&[
("id", ColType::PkAuto),
("phone_prefix", ColType::StringNull),
("phone", ColType::StringNull),
("address", ColType::StringNull),
("city", ColType::StringNull),
("zip", ColType::StringNull),
("country", ColType::StringNull),
],
&[("user", "")],
)
.await?;
m.create_index(
Index::create()
.name("idx_customer_profiles_user_id_unique")
.table(Alias::new("customer_profiles"))
.col(Alias::new("user_id"))
.unique()
.to_owned(),
)
.await
}
async fn down(&self, m: &SchemaManager) -> Result<(), DbErr> {
drop_table(m, "customer_profiles").await
}
}

39
migration/src/m20260618_000003_account_type.rs Normal file
View File

@@ -0,0 +1,39 @@
use loco_rs::schema::*;
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
// Personal vs company purchasing. `account_type` is "personal" or "company";
// the company_* columns hold the Slovak invoicing identifiers (IČO, DIČ and the
// optional VAT id IČ DPH) and are only filled for company accounts/orders.
const COMPANY_COLUMNS: [&str; 4] = ["company_name", "company_id", "tax_id", "vat_id"];
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, m: &SchemaManager) -> Result<(), DbErr> {
for table in ["customer_profiles", "orders"] {
add_column(
m,
table,
"account_type",
ColType::StringWithDefault("personal".to_string()),
)
.await?;
for col in COMPANY_COLUMNS {
add_column(m, table, col, ColType::StringNull).await?;
}
}
Ok(())
}
async fn down(&self, m: &SchemaManager) -> Result<(), DbErr> {
for table in ["customer_profiles", "orders"] {
remove_column(m, table, "account_type").await?;
for col in COMPANY_COLUMNS {
remove_column(m, table, col).await?;
}
}
Ok(())
}
}

38
migration/src/m20260618_000004_account_ownership.rs Normal file
View File

@@ -0,0 +1,38 @@
use loco_rs::schema::*;
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
// Account type becomes a permanent property of the *user* (chosen at
// registration, never switchable), so it moves off `customer_profiles`. Orders
// gain a nullable `user_id` linking them to the account that placed them
// (null for guest orders that didn't create an account).
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, m: &SchemaManager) -> Result<(), DbErr> {
add_column(
m,
"users",
"account_type",
ColType::StringWithDefault("personal".to_string()),
)
.await?;
add_column(m, "orders", "user_id", ColType::IntegerNull).await?;
remove_column(m, "customer_profiles", "account_type").await?;
Ok(())
}
async fn down(&self, m: &SchemaManager) -> Result<(), DbErr> {
add_column(
m,
"customer_profiles",
"account_type",
ColType::StringWithDefault("personal".to_string()),
)
.await?;
remove_column(m, "orders", "user_id").await?;
remove_column(m, "users", "account_type").await?;
Ok(())
}
}

32
migration/src/m20260620_000001_add_totp_to_users.rs Normal file
View File

@@ -0,0 +1,32 @@
use loco_rs::schema::*;
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
// Optional TOTP (Google Authenticator) two-factor auth. All three columns are
// nullable and only populated once a user opts in:
// - `totp_secret` base32 shared secret; present while enrolling/enabled.
// TODO(security): stored PLAINTEXT and is password-
// equivalent (must stay reversible to recompute codes).
// Encrypt at rest later with an out-of-DB key. See the
// TODO(security) block in src/models/users.rs.
// - `totp_enabled_at` NULL = 2FA off. Set only after the user confirms a
// code, so a half-finished enrollment never gates login.
// - `totp_backup_codes` JSON array of hashed one-time recovery codes.
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, m: &SchemaManager) -> Result<(), DbErr> {
add_column(m, "users", "totp_secret", ColType::TextNull).await?;
add_column(m, "users", "totp_enabled_at", ColType::TimestampWithTimeZoneNull).await?;
add_column(m, "users", "totp_backup_codes", ColType::TextNull).await?;
Ok(())
}
async fn down(&self, m: &SchemaManager) -> Result<(), DbErr> {
remove_column(m, "users", "totp_backup_codes").await?;
remove_column(m, "users", "totp_enabled_at").await?;
remove_column(m, "users", "totp_secret").await?;
Ok(())
}
}

19
migration/src/m20260621_000001_add_sale_price_to_products.rs Normal file
View File

@@ -0,0 +1,19 @@
use loco_rs::schema::*;
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, m: &SchemaManager) -> Result<(), DbErr> {
// Optional discounted price in minor units. When set (and below
// `price_cents`) the product is on sale; the regular price is shown
// struck through and this is the effective price everywhere.
add_column(m, "products", "sale_price_cents", ColType::BigIntegerNull).await
}
async fn down(&self, m: &SchemaManager) -> Result<(), DbErr> {
remove_column(m, "products", "sale_price_cents").await
}
}

40
migration/src/m20260621_000002_account_product_prices.rs Normal file
View File

@@ -0,0 +1,40 @@
use loco_rs::schema::*;
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, m: &SchemaManager) -> Result<(), DbErr> {
// A manually negotiated price (in minor units) for one product, for one
// business account — the "personal agreement" layer. `user`/`product`
// add the user_id/product_id FKs; the unique index below keeps it to one
// row per (account, product).
create_table(
m,
"account_product_prices",
&[
("id", ColType::PkAuto),
("price_cents", ColType::BigInteger),
],
&[("user", ""), ("product", "")],
)
.await?;
m.create_index(
Index::create()
.name("idx_account_product_prices_user_product_unique")
.table(Alias::new("account_product_prices"))
.col(Alias::new("user_id"))
.col(Alias::new("product_id"))
.unique()
.to_owned(),
)
.await
}
async fn down(&self, m: &SchemaManager) -> Result<(), DbErr> {
drop_table(m, "account_product_prices").await
}
}

91
migration/src/m20260621_000003_discount_profiles.rs Normal file
View File

@@ -0,0 +1,91 @@
use loco_rs::schema::*;
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, m: &SchemaManager) -> Result<(), DbErr> {
// A reusable, named discount layer: a percentage (basis points, 5% = 500)
// over a product scope. `scope_type` is 'include' (covers the listed
// products) or 'all_except' (covers everything but the listed products).
create_table(
m,
"discount_profiles",
&[
("id", ColType::PkAuto),
("name", ColType::String),
("percent_bp", ColType::Integer),
("scope_type", ColType::StringWithDefault("include".to_string())),
],
&[],
)
.await?;
// Which products the scope lists (meaning depends on scope_type).
create_table(
m,
"discount_profile_products",
&[("id", ColType::PkAuto)],
&[("discount_profile", ""), ("product", "")],
)
.await?;
m.create_index(
Index::create()
.name("idx_discount_profile_products_unique")
.table(Alias::new("discount_profile_products"))
.col(Alias::new("discount_profile_id"))
.col(Alias::new("product_id"))
.unique()
.to_owned(),
)
.await?;
// Which profiles a business account has (mixable).
create_table(
m,
"account_discount_profiles",
&[("id", ColType::PkAuto)],
&[("user", ""), ("discount_profile", "")],
)
.await?;
m.create_index(
Index::create()
.name("idx_account_discount_profiles_unique")
.table(Alias::new("account_discount_profiles"))
.col(Alias::new("user_id"))
.col(Alias::new("discount_profile_id"))
.unique()
.to_owned(),
)
.await?;
// The admin's chosen winning profile when two assigned profiles cover the
// same product for an account (collision resolution).
create_table(
m,
"account_product_resolutions",
&[("id", ColType::PkAuto)],
&[("user", ""), ("product", ""), ("discount_profile", "")],
)
.await?;
m.create_index(
Index::create()
.name("idx_account_product_resolutions_unique")
.table(Alias::new("account_product_resolutions"))
.col(Alias::new("user_id"))
.col(Alias::new("product_id"))
.unique()
.to_owned(),
)
.await
}
async fn down(&self, m: &SchemaManager) -> Result<(), DbErr> {
drop_table(m, "account_product_resolutions").await?;
drop_table(m, "account_discount_profiles").await?;
drop_table(m, "discount_profile_products").await?;
drop_table(m, "discount_profiles").await
}
}

20
migration/src/m20260621_000004_add_business_sale_price_to_products.rs Normal file
View File

@@ -0,0 +1,20 @@
use loco_rs::schema::*;
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, m: &SchemaManager) -> Result<(), DbErr> {
// Optional per-product discounted price (minor units) shown to ALL
// business (company) accounts as a baseline, computed off the regular
// price like the personal sale. Per-company profiles/negotiated prices
// still layer on top (lowest price wins).
add_column(m, "products", "business_sale_price_cents", ColType::BigIntegerNull).await
}
async fn down(&self, m: &SchemaManager) -> Result<(), DbErr> {
remove_column(m, "products", "business_sale_price_cents").await
}
}

40
migration/src/m20260622_000001_audience_discount_profiles.rs Normal file
View File

@@ -0,0 +1,40 @@
use loco_rs::schema::*;
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, m: &SchemaManager) -> Result<(), DbErr> {
// Discount profiles applied globally to a whole audience, set on the
// discounts page: "personal" lowers the public price for everyone,
// "business" lowers the price for all company accounts. Per-company
// assignments (account_discount_profiles) still layer on top.
create_table(
m,
"audience_discount_profiles",
&[
("id", ColType::PkAuto),
("audience", ColType::String),
],
&[("discount_profile", "")],
)
.await?;
m.create_index(
Index::create()
.name("idx_audience_discount_profiles_unique")
.table(Alias::new("audience_discount_profiles"))
.col(Alias::new("audience"))
.col(Alias::new("discount_profile_id"))
.unique()
.to_owned(),
)
.await
}
async fn down(&self, m: &SchemaManager) -> Result<(), DbErr> {
drop_table(m, "audience_discount_profiles").await
}
}

204
migration/src/m20260622_000002_product_variants.rs Normal file
View File

@@ -0,0 +1,204 @@
//! Introduce product variants as the purchasable unit.
//!
//! A product becomes a presentation grouping (name, description, images,
//! category, tags, percentage discount profiles). Each product owns one or more
//! `product_variants`, and the variant is what carries the things that actually
//! differ between options: a free-text `label` (e.g. "rolovaná 90cm x 10m",
//! "5ml"), its own `sku`, `stock`, regular `price_cents`, and its own optional
//! public/business quick-sale prices.
//!
//! This migration:
//! 1. creates `product_variants`,
//! 2. backfills one variant per existing product from the product's current
//! price/stock/sku/sale columns,
//! 3. moves the per-account negotiated price and collision-resolution tables
//! from keying on `product_id` to `variant_id`,
//! 4. snapshots the variant onto `order_items`,
//! 5. drops the now-moved purchasable columns from `products`.
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, m: &SchemaManager) -> Result<(), DbErr> {
let db = m.get_connection();
// 1. The variants table.
db.execute_unprepared(
r#"
CREATE TABLE product_variants (
id SERIAL PRIMARY KEY,
created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
updated_at TIMESTAMPTZ NOT NULL DEFAULT now(),
product_id INTEGER NOT NULL REFERENCES products(id) ON DELETE CASCADE,
label VARCHAR NOT NULL DEFAULT '',
position INTEGER NOT NULL DEFAULT 0,
sku VARCHAR,
stock INTEGER NOT NULL DEFAULT 0,
price_cents BIGINT NOT NULL,
sale_price_cents BIGINT,
business_sale_price_cents BIGINT
);
CREATE INDEX idx_product_variants_product ON product_variants (product_id);
"#,
)
.await?;
// 2. One variant per existing product, carrying its current pricing.
db.execute_unprepared(
r#"
INSERT INTO product_variants
(product_id, label, position, sku, stock,
price_cents, sale_price_cents, business_sale_price_cents)
SELECT id, '', 0, sku, stock,
price_cents, sale_price_cents, business_sale_price_cents
FROM products;
"#,
)
.await?;
// 3a. Negotiated prices: product_id -> variant_id.
db.execute_unprepared(
r#"
ALTER TABLE account_product_prices ADD COLUMN variant_id INTEGER;
UPDATE account_product_prices a
SET variant_id = pv.id
FROM product_variants pv
WHERE pv.product_id = a.product_id;
DROP INDEX IF EXISTS idx_account_product_prices_user_product_unique;
ALTER TABLE account_product_prices DROP COLUMN product_id;
ALTER TABLE account_product_prices ALTER COLUMN variant_id SET NOT NULL;
ALTER TABLE account_product_prices
ADD CONSTRAINT fk_account_product_prices_variant
FOREIGN KEY (variant_id) REFERENCES product_variants(id) ON DELETE CASCADE;
CREATE UNIQUE INDEX idx_account_product_prices_user_variant_unique
ON account_product_prices (user_id, variant_id);
"#,
)
.await?;
// 3b. Collision resolutions: product_id -> variant_id.
db.execute_unprepared(
r#"
ALTER TABLE account_product_resolutions ADD COLUMN variant_id INTEGER;
UPDATE account_product_resolutions a
SET variant_id = pv.id
FROM product_variants pv
WHERE pv.product_id = a.product_id;
DROP INDEX IF EXISTS idx_account_product_resolutions_unique;
ALTER TABLE account_product_resolutions DROP COLUMN product_id;
ALTER TABLE account_product_resolutions ALTER COLUMN variant_id SET NOT NULL;
ALTER TABLE account_product_resolutions
ADD CONSTRAINT fk_account_product_resolutions_variant
FOREIGN KEY (variant_id) REFERENCES product_variants(id) ON DELETE CASCADE;
CREATE UNIQUE INDEX idx_account_product_resolutions_unique
ON account_product_resolutions (user_id, variant_id);
"#,
)
.await?;
// 4. Snapshot the variant on order lines (label is frozen at order time;
// the FK is nullable + SET NULL so deleting a variant keeps history).
db.execute_unprepared(
r#"
ALTER TABLE order_items ADD COLUMN variant_label VARCHAR NOT NULL DEFAULT '';
ALTER TABLE order_items ADD COLUMN variant_id INTEGER
REFERENCES product_variants(id) ON DELETE SET NULL;
"#,
)
.await?;
// 5. Drop the purchasable columns now owned by the variant.
db.execute_unprepared(
r#"
ALTER TABLE products DROP COLUMN price_cents;
ALTER TABLE products DROP COLUMN sale_price_cents;
ALTER TABLE products DROP COLUMN business_sale_price_cents;
ALTER TABLE products DROP COLUMN sku;
ALTER TABLE products DROP COLUMN stock;
"#,
)
.await?;
Ok(())
}
async fn down(&self, m: &SchemaManager) -> Result<(), DbErr> {
let db = m.get_connection();
// Restore product columns from each product's first variant.
db.execute_unprepared(
r#"
ALTER TABLE products ADD COLUMN price_cents BIGINT NOT NULL DEFAULT 0;
ALTER TABLE products ADD COLUMN sale_price_cents BIGINT;
ALTER TABLE products ADD COLUMN business_sale_price_cents BIGINT;
ALTER TABLE products ADD COLUMN sku VARCHAR;
ALTER TABLE products ADD COLUMN stock INTEGER NOT NULL DEFAULT 0;
UPDATE products p SET
price_cents = pv.price_cents,
sale_price_cents = pv.sale_price_cents,
business_sale_price_cents = pv.business_sale_price_cents,
sku = pv.sku,
stock = pv.stock
FROM (
SELECT DISTINCT ON (product_id) product_id, price_cents,
sale_price_cents, business_sale_price_cents, sku, stock
FROM product_variants ORDER BY product_id, position, id
) pv
WHERE pv.product_id = p.id;
"#,
)
.await?;
db.execute_unprepared(
r#"
ALTER TABLE order_items DROP COLUMN variant_id;
ALTER TABLE order_items DROP COLUMN variant_label;
"#,
)
.await?;
db.execute_unprepared(
r#"
ALTER TABLE account_product_resolutions ADD COLUMN product_id INTEGER;
UPDATE account_product_resolutions a
SET product_id = pv.product_id
FROM product_variants pv WHERE pv.id = a.variant_id;
DROP INDEX IF EXISTS idx_account_product_resolutions_unique;
ALTER TABLE account_product_resolutions DROP COLUMN variant_id;
ALTER TABLE account_product_resolutions ALTER COLUMN product_id SET NOT NULL;
ALTER TABLE account_product_resolutions
ADD CONSTRAINT fk_account_product_resolutions_product
FOREIGN KEY (product_id) REFERENCES products(id) ON DELETE CASCADE;
CREATE UNIQUE INDEX idx_account_product_resolutions_unique
ON account_product_resolutions (user_id, product_id);
"#,
)
.await?;
db.execute_unprepared(
r#"
ALTER TABLE account_product_prices ADD COLUMN product_id INTEGER;
UPDATE account_product_prices a
SET product_id = pv.product_id
FROM product_variants pv WHERE pv.id = a.variant_id;
DROP INDEX IF EXISTS idx_account_product_prices_user_variant_unique;
ALTER TABLE account_product_prices DROP COLUMN variant_id;
ALTER TABLE account_product_prices ALTER COLUMN product_id SET NOT NULL;
ALTER TABLE account_product_prices
ADD CONSTRAINT fk_account_product_prices_product
FOREIGN KEY (product_id) REFERENCES products(id) ON DELETE CASCADE;
CREATE UNIQUE INDEX idx_account_product_prices_user_product_unique
ON account_product_prices (user_id, product_id);
"#,
)
.await?;
db.execute_unprepared("DROP TABLE product_variants;").await?;
Ok(())
}
}

36
migration/src/m20260622_000003_variant_stock_nullable.rs Normal file
View File

@@ -0,0 +1,36 @@
//! Make `product_variants.stock` nullable: a NULL stock means the variant is
//! "available" but not inventory-tracked — always purchasable, no quantity cap,
//! and never decremented on order. A numeric stock is tracked/capped as before.
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, m: &SchemaManager) -> Result<(), DbErr> {
m.get_connection()
.execute_unprepared(
r#"
ALTER TABLE product_variants ALTER COLUMN stock DROP DEFAULT;
ALTER TABLE product_variants ALTER COLUMN stock DROP NOT NULL;
"#,
)
.await?;
Ok(())
}
async fn down(&self, m: &SchemaManager) -> Result<(), DbErr> {
m.get_connection()
.execute_unprepared(
r#"
UPDATE product_variants SET stock = 0 WHERE stock IS NULL;
ALTER TABLE product_variants ALTER COLUMN stock SET DEFAULT 0;
ALTER TABLE product_variants ALTER COLUMN stock SET NOT NULL;
"#,
)
.await?;
Ok(())
}
}

18
src/app.rs
View File

@@ -17,8 +17,10 @@ use std::{path::Path, sync::Arc};
#[allow(unused_imports)]
use crate::{
controllers::{
admin_categories, admin_dashboard, admin_form, admin_orders,
admin_products, admin_shipping, auth, auth_pages, cart, checkout, home, i18n, media, shop,
account, admin_categories, admin_customers, admin_dashboard, admin_discount_profiles,
admin_form, admin_orders, admin_products, admin_shipping, auth, auth_pages,
cart, checkout, home, i18n, media, oauth2,
shop,
},
initializers,
models::_entities::users,
@@ -67,6 +69,12 @@ impl Hooks for App {
.layer(axum::middleware::from_fn_with_state(
ctx.clone(),
crate::shared::rbac::inject_subject,
))
// CSRF runs outermost so it validates the double-submit token before
// any handler sees the request and stamps the cookie on safe ones.
.layer(axum::middleware::from_fn_with_state(
ctx.clone(),
crate::shared::csrf::protect,
)))
}
@@ -75,6 +83,8 @@ impl Hooks for App {
Box::new(initializers::view_engine::ViewEngineInitializer),
Box::new(initializers::admin_seeder::AdminSeeder),
Box::new(initializers::shipping_seeder::ShippingSeeder),
Box::new(initializers::oauth2::OAuth2StoreInitializer),
Box::new(initializers::oauth2_session::OAuth2SessionInitializer),
])
}
@@ -88,13 +98,17 @@ impl Hooks for App {
// cross-cutting
.add_route(auth::routes())
.add_route(auth_pages::routes())
.add_route(account::routes())
.add_route(oauth2::routes())
.add_route(i18n::routes())
.add_route(media::routes())
// admin
.add_route(admin_dashboard::routes())
.add_route(admin_products::routes())
.add_route(admin_discount_profiles::routes())
.add_route(admin_categories::routes())
.add_route(admin_orders::routes())
.add_route(admin_customers::routes())
.add_route(admin_shipping::routes())
}

550
src/controllers/account.rs Normal file
View File

@@ -0,0 +1,550 @@
//! Customer account area. Currently just the shipping/contact profile, whose
//! fields prefill the checkout form. Gated to authenticated non-admin users:
//! anonymous visitors are bounced to `/login`. Admins have their own area and
//! are sent to the dashboard.
//!
//! The account *type* (personal vs company) is fixed at registration and lives
//! on the user — it is shown here read-only and can never be changed. The
//! profile only edits the type-specific details (company identity + address).
use axum_extra::extract::cookie::CookieJar;
use loco_rs::prelude::*;
use sea_orm::QueryOrder;
use serde::Deserialize;
use serde_json::json;
use crate::{
controllers::i18n::current_lang,
models::{
customer_profiles::{self, ProfileFields},
order_items, orders, users,
},
shared::{guard, settings},
views::checkout as order_view,
};
/// Active (still-being-fulfilled) order statuses. Anything else
/// (`delivered`, `cancelled`) is considered closed/past.
const ACTIVE_STATUSES: [&str; 3] = ["pending", "paid", "shipped"];
#[derive(Debug, Deserialize)]
struct ProfileForm {
first_name: Option<String>,
last_name: Option<String>,
company_name: Option<String>,
company_id: Option<String>,
tax_id: Option<String>,
vat_id: Option<String>,
phone_prefix: Option<String>,
phone: Option<String>,
address: Option<String>,
city: Option<String>,
zip: Option<String>,
country: Option<String>,
}
fn trimmed(value: Option<&str>) -> Option<String> {
value.map(str::trim).filter(|v| !v.is_empty()).map(String::from)
}
/// Split a stored full name into (first name, surname). The surname is
/// everything after the first whitespace, so multi-word surnames round-trip.
fn split_name(name: &str) -> (String, String) {
match name.trim().split_once(char::is_whitespace) {
Some((first, rest)) => (first.to_string(), rest.trim().to_string()),
None => (name.trim().to_string(), String::new()),
}
}
/// Recombine the two name fields into the single stored `name`. Returns `None`
/// when the result is too short to be a valid name (the user can't blank it out).
fn full_name_from_form(form: &ProfileForm) -> Option<String> {
let first = form.first_name.as_deref().unwrap_or("").trim();
let last = form.last_name.as_deref().unwrap_or("").trim();
let full = format!("{first} {last}").trim().to_string();
(full.chars().count() >= 2).then_some(full)
}
/// Build the persisted fields from the submitted form. Company identifiers are
/// only kept for company accounts (a personal account can never carry them).
fn fields_from_form(form: &ProfileForm, is_company: bool) -> ProfileFields {
let company = |v: Option<&str>| if is_company { trimmed(v) } else { None };
ProfileFields {
company_name: company(form.company_name.as_deref()),
company_id: company(form.company_id.as_deref()),
tax_id: company(form.tax_id.as_deref()),
vat_id: company(form.vat_id.as_deref()),
phone_prefix: trimmed(form.phone_prefix.as_deref()),
phone: trimmed(form.phone.as_deref()),
address: trimmed(form.address.as_deref()),
city: trimmed(form.city.as_deref()),
zip: trimmed(form.zip.as_deref()),
country: trimmed(form.country.as_deref()),
}
}
/// The profile fields held by a saved profile, for re-prefilling the form.
fn fields_of(profile: Option<&customer_profiles::Model>) -> ProfileFields {
match profile {
Some(p) => ProfileFields {
company_name: p.company_name.clone(),
company_id: p.company_id.clone(),
tax_id: p.tax_id.clone(),
vat_id: p.vat_id.clone(),
phone_prefix: p.phone_prefix.clone(),
phone: p.phone.clone(),
address: p.address.clone(),
city: p.city.clone(),
zip: p.zip.clone(),
country: p.country.clone(),
},
None => ProfileFields::default(),
}
}
/// A company account must carry its invoicing identity (company name + IČO +
/// DIČ; IČ DPH stays optional). Personal accounts have no such requirement.
fn company_fields_missing(fields: &ProfileFields) -> bool {
fields.company_name.is_none() || fields.company_id.is_none() || fields.tax_id.is_none()
}
/// Render the profile form for `user`, prefilled from `fields`. `saved` shows
/// the success banner; `error` shows the company-required validation message.
fn profile_view(
v: &TeraView,
jar: &CookieJar,
user: &users::Model,
fields: &ProfileFields,
saved: bool,
error: bool,
) -> Result<Response> {
let (first_name, last_name) = split_name(&user.name);
format::view(
v,
"account/profile.html",
json!({
"logged_in_admin": false,
"logged_in_customer": true,
"account_nav": true,
"customer_name": user.name,
"customer_account_type": user.account_type,
"saved": saved,
"error": error,
"name": user.name,
"first_name": first_name,
"last_name": last_name,
"email": user.email,
"account_type": user.account_type,
"company_name": fields.company_name,
"company_id": fields.company_id,
"tax_id": fields.tax_id,
"vat_id": fields.vat_id,
"phone_prefix": fields.phone_prefix,
"phone": fields.phone,
"address": fields.address,
"city": fields.city,
"zip": fields.zip,
"country": fields.country,
"lang": current_lang(jar),
}),
)
}
#[debug_handler]
async fn profile_page(
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
) -> Result<Response> {
let Some(user) = guard::current_user(&ctx, &jar).await else {
return format::redirect("/login");
};
if guard::is_admin(&ctx, &user) {
return format::redirect("/admin/dashboard");
}
let profile = customer_profiles::Model::find_for_user(&ctx.db, user.id).await?;
profile_view(&v, &jar, &user, &fields_of(profile.as_ref()), false, false)
}
#[debug_handler]
async fn save_profile(
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
Form(form): Form<ProfileForm>,
) -> Result<Response> {
let Some(user) = guard::current_user(&ctx, &jar).await else {
return format::redirect("/login");
};
if guard::is_admin(&ctx, &user) {
return format::redirect("/admin/dashboard");
}
// Apply the edited name to a working copy so it's reflected on both the
// success and re-rendered-error views. A blank/too-short name is ignored —
// the field can't be cleared.
let mut user = user;
let new_name = full_name_from_form(&form).filter(|n| *n != user.name);
if let Some(name) = new_name.clone() {
user.name = name;
}
let fields = fields_from_form(&form, user.is_company());
// A company account's profile is rejected (and re-shown with the entered
// values) until it carries its required identifiers.
if user.is_company() && company_fields_missing(&fields) {
return profile_view(&v, &jar, &user, &fields, false, true);
}
if let Some(name) = new_name {
let mut active = user.clone().into_active_model();
active.name = ActiveValue::set(name);
active.update(&ctx.db).await?;
}
customer_profiles::Model::upsert(&ctx.db, user.id, fields.clone()).await?;
profile_view(&v, &jar, &user, &fields, true, false)
}
/// Lists the signed-in customer's orders, split into still-active and past.
#[debug_handler]
async fn orders_page(
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
) -> Result<Response> {
let Some(user) = guard::current_user(&ctx, &jar).await else {
return format::redirect("/login");
};
if guard::is_admin(&ctx, &user) {
return format::redirect("/admin/dashboard");
}
let rows = orders::Entity::find()
.filter(orders::Column::UserId.eq(user.id))
.order_by_desc(orders::Column::CreatedAt)
.all(&ctx.db)
.await?;
let (active, past): (Vec<_>, Vec<_>) = rows
.iter()
.partition(|o| ACTIVE_STATUSES.contains(&o.status.as_str()));
let shape = |list: Vec<&orders::Model>| -> Vec<_> {
list.into_iter().map(order_view::summary).collect()
};
format::view(
&v,
"account/orders.html",
json!({
"logged_in_admin": false,
"logged_in_customer": true,
"account_nav": true,
"customer_name": user.name,
"customer_account_type": user.account_type,
"active_orders": shape(active),
"past_orders": shape(past),
"lang": current_lang(&jar),
}),
)
}
/// Shows a single order belonging to the signed-in customer. Orders owned by
/// someone else (or guest orders) are not found here.
#[debug_handler]
async fn order_detail_page(
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
Path(order_number): Path<String>,
) -> Result<Response> {
let Some(user) = guard::current_user(&ctx, &jar).await else {
return format::redirect("/login");
};
if guard::is_admin(&ctx, &user) {
return format::redirect("/admin/dashboard");
}
let order = orders::Entity::find()
.filter(orders::Column::OrderNumber.eq(order_number))
.one(&ctx.db)
.await?
.filter(|o| o.user_id == Some(user.id))
.ok_or_else(|| Error::NotFound)?;
let items = order_items::Entity::find()
.filter(order_items::Column::OrderId.eq(order.id))
.all(&ctx.db)
.await?;
format::view(
&v,
"account/order_detail.html",
json!({
"logged_in_admin": false,
"logged_in_customer": true,
"account_nav": true,
"customer_name": user.name,
"customer_account_type": user.account_type,
"order": order_view::detail(
&order,
settings::get(&ctx, "bank_iban").unwrap_or(""),
settings::get(&ctx, "bank_account_name").unwrap_or(""),
),
"items": order_view::items(&items),
"lang": current_lang(&jar),
}),
)
}
#[derive(Debug, Deserialize)]
struct ChangePasswordForm {
current_password: String,
password: String,
password_confirm: String,
}
fn password_view(
v: &TeraView,
jar: &CookieJar,
user: &users::Model,
changed: bool,
error: Option<&str>,
) -> Result<Response> {
format::view(
v,
"account/password.html",
json!({
"logged_in_admin": false,
"logged_in_customer": true,
"account_nav": true,
"customer_name": user.name,
"customer_account_type": user.account_type,
"changed": changed,
"error": error,
"lang": current_lang(jar),
}),
)
}
#[debug_handler]
async fn change_password_page(
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
) -> Result<Response> {
let Some(user) = guard::current_user(&ctx, &jar).await else {
return format::redirect("/login");
};
if guard::is_admin(&ctx, &user) {
return format::redirect("/admin/dashboard");
}
password_view(&v, &jar, &user, false, None)
}
#[debug_handler]
async fn change_password(
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
Form(form): Form<ChangePasswordForm>,
) -> Result<Response> {
let Some(user) = guard::current_user(&ctx, &jar).await else {
return format::redirect("/login");
};
if guard::is_admin(&ctx, &user) {
return format::redirect("/admin/dashboard");
}
if !user.verify_password(&form.current_password) {
return password_view(&v, &jar, &user, false, Some("current"));
}
if form.password != form.password_confirm {
return password_view(&v, &jar, &user, false, Some("mismatch"));
}
if form.password.len() < 8 {
return password_view(&v, &jar, &user, false, Some("weak"));
}
let user = user
.into_active_model()
.reset_password(&ctx.db, &form.password)
.await?;
password_view(&v, &jar, &user, true, None)
}
// ---- Two-factor authentication (TOTP / Google Authenticator) -------------
//
// Entirely opt-in. The security page has three shapes, all rendered from
// `security.html`:
// * disabled -> an "enable" button,
// * enrolling -> the QR + a confirm-code field (secret staged, not yet on),
// * enabled -> status, remaining backup codes, disable/regenerate forms.
// Both turning 2FA off and regenerating backup codes require re-entering the
// account password, so a walk-up attacker on an open session can't weaken it.
#[derive(Debug, Deserialize)]
struct ConfirmTotpForm {
code: String,
}
#[derive(Debug, Deserialize)]
struct PasswordConfirmForm {
current_password: String,
}
/// Render the security page. Exactly one of (`enrolling`, plain status) applies;
/// `backup_codes` is non-empty only on the one render right after enabling or
/// regenerating, where the plaintext codes are shown once.
#[allow(clippy::too_many_arguments)]
fn security_view(
v: &TeraView,
jar: &CookieJar,
user: &users::Model,
enrolling: bool,
qr: Option<&str>,
secret: Option<&str>,
backup_codes: &[String],
error: Option<&str>,
) -> Result<Response> {
format::view(
v,
"account/security.html",
json!({
"logged_in_admin": false,
"logged_in_customer": true,
"account_nav": true,
"customer_name": user.name,
"customer_account_type": user.account_type,
"totp_enabled": user.totp_enabled(),
"enrolling": enrolling,
"qr": qr,
"secret": secret,
"backup_codes": backup_codes,
"backup_remaining": user.backup_codes_remaining(),
"error": error,
"lang": current_lang(jar),
}),
)
}
/// Common guard for every security handler: a signed-in, non-admin customer.
async fn require_customer(ctx: &AppContext, jar: &CookieJar) -> Result<users::Model> {
match guard::current_user(ctx, jar).await {
Some(user) if guard::is_admin(ctx, &user) => Err(Error::string("admin")),
Some(user) => Ok(user),
None => Err(Error::Unauthorized("login required".into())),
}
}
#[debug_handler]
async fn security_page(
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
) -> Result<Response> {
let Some(user) = guard::current_user(&ctx, &jar).await else {
return format::redirect("/login");
};
if guard::is_admin(&ctx, &user) {
return format::redirect("/admin/dashboard");
}
security_view(&v, &jar, &user, false, None, None, &[], None)
}
/// Stage a fresh secret and show the QR + confirm-code field.
#[debug_handler]
async fn enable_totp(
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
) -> Result<Response> {
let Ok(user) = require_customer(&ctx, &jar).await else {
return format::redirect("/login");
};
// Already on — nothing to enroll.
if user.totp_enabled() {
return security_view(&v, &jar, &user, false, None, None, &[], None);
}
let user = user.into_active_model().begin_totp_enrollment(&ctx.db).await?;
let Some((qr, secret)) = user.totp_provisioning() else {
return security_view(&v, &jar, &user, false, None, None, &[], Some("enroll"));
};
security_view(&v, &jar, &user, true, Some(&qr), Some(&secret), &[], None)
}
/// Verify the first code against the staged secret; on success flip 2FA on and
/// show the one-time backup codes. On a wrong code, re-show the QR to retry.
#[debug_handler]
async fn confirm_totp(
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
Form(form): Form<ConfirmTotpForm>,
) -> Result<Response> {
let Ok(user) = require_customer(&ctx, &jar).await else {
return format::redirect("/login");
};
if user.totp_enabled() {
return security_view(&v, &jar, &user, false, None, None, &[], None);
}
if !user.verify_totp_code(&form.code) {
let qr = user.totp_provisioning();
let (qr, secret) = match &qr {
Some((q, s)) => (Some(q.as_str()), Some(s.as_str())),
None => (None, None),
};
return security_view(&v, &jar, &user, true, qr, secret, &[], Some("code"));
}
let (user, backup_codes) = user.into_active_model().enable_totp(&ctx.db).await?;
security_view(&v, &jar, &user, false, None, None, &backup_codes, None)
}
/// Turn 2FA off — requires the account password as confirmation.
#[debug_handler]
async fn disable_totp(
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
Form(form): Form<PasswordConfirmForm>,
) -> Result<Response> {
let Ok(user) = require_customer(&ctx, &jar).await else {
return format::redirect("/login");
};
if !user.totp_enabled() {
return security_view(&v, &jar, &user, false, None, None, &[], None);
}
if !user.verify_password(&form.current_password) {
return security_view(&v, &jar, &user, false, None, None, &[], Some("password"));
}
let user = user.into_active_model().disable_totp(&ctx.db).await?;
security_view(&v, &jar, &user, false, None, None, &[], None)
}
/// Issue a fresh set of backup codes (invalidating the old ones) — also gated by
/// the account password.
#[debug_handler]
async fn regenerate_backup_codes(
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
Form(form): Form<PasswordConfirmForm>,
) -> Result<Response> {
let Ok(user) = require_customer(&ctx, &jar).await else {
return format::redirect("/login");
};
if !user.totp_enabled() {
return security_view(&v, &jar, &user, false, None, None, &[], None);
}
if !user.verify_password(&form.current_password) {
return security_view(&v, &jar, &user, false, None, None, &[], Some("password"));
}
let (user, backup_codes) =
user.into_active_model().regenerate_backup_codes(&ctx.db).await?;
security_view(&v, &jar, &user, false, None, None, &backup_codes, None)
}
pub fn routes() -> Routes {
Routes::new()
.add("/account/profile", get(profile_page))
.add("/account/profile", post(save_profile))
.add("/account/orders", get(orders_page))
.add("/account/orders/{order_number}", get(order_detail_page))
.add("/account/password", get(change_password_page))
.add("/account/password", post(change_password))
.add("/account/security", get(security_page))
.add("/account/security/enable", post(enable_totp))
.add("/account/security/confirm", post(confirm_totp))
.add("/account/security/disable", post(disable_totp))
.add("/account/security/backup-codes", post(regenerate_backup_codes))
}

30
src/controllers/admin_categories.rs
View File

@@ -49,10 +49,6 @@ async fn parse_category_fields(
.text("name")
.ok_or_else(|| Error::BadRequest("category name is required".to_string()))?;
let description = form.text("description");
let position = form
.text("position")
.and_then(|s| s.parse::<i32>().ok())
.unwrap_or(0);
let published = form.checked("published");
// Resolve the chosen parent, rejecting cycles: a category may not be its
@@ -81,6 +77,28 @@ async fn parse_category_fields(
None => None,
};
// Position is optional: an explicit value sorts the category among its
// siblings, but a blank field appends it to the end of its parent's group
// (one past the current max), so new categories land last instead of first.
let position = match form.text("position").and_then(|s| s.parse::<i32>().ok()) {
Some(explicit) => explicit,
None => {
let mut query = categories::Entity::find();
query = match parent_id {
Some(pid) => query.filter(categories::Column::ParentId.eq(pid)),
None => query.filter(categories::Column::ParentId.is_null()),
};
query
.all(&ctx.db)
.await?
.iter()
.filter(|c| Some(c.id) != current_id)
.map(|c| c.position)
.max()
.map_or(0, |max| max + 1)
}
};
let desired = form
.text("slug")
.map(|s| slugify(&s))
@@ -180,7 +198,7 @@ async fn create(
guard::current_admin(auth, &ctx).await?;
let form = read_multipart_form(multipart).await?;
let fields = parse_category_fields(&ctx, &form, None).await?;
let image_id = match form.image {
let image_id = match form.single_image() {
Some(data) => Some(store_image(&ctx, data).await?),
None => None,
};
@@ -234,7 +252,7 @@ async fn update(
category.position = Set(fields.position);
category.published = Set(fields.published);
category.parent_id = Set(fields.parent_id);
if let Some(data) = form.image {
if let Some(data) = form.single_image() {
category.image_id = Set(Some(store_image(&ctx, data).await?));
}
category.update(&ctx.db).await?;

421
src/controllers/admin_customers.rs Normal file
View File

@@ -0,0 +1,421 @@
//! Admin management of business (company) accounts and their pricing.
//!
//! Per company the admin can: assign reusable discount profiles (the automated
//! layer), resolve per-product collisions when two assigned profiles cover the
//! same product, and set a manually negotiated price per product. The effective
//! price the business pays is always resolved by [`crate::shared::pricing`]
//! (lowest of public / automated / negotiated), shown here for reference.
use std::collections::{HashMap, HashSet};
use axum_extra::extract::cookie::CookieJar;
use loco_rs::prelude::*;
use sea_orm::{
ActiveModelTrait, ColumnTrait, EntityTrait, IntoActiveModel, PaginatorTrait, QueryFilter,
QueryOrder, Set, TransactionTrait,
};
use serde::Deserialize;
use serde_json::json;
use crate::{
controllers::i18n::current_lang,
models::{
account_discount_profiles, account_product_prices, account_product_resolutions,
categories, discount_profiles, product_variants, products, _entities::users,
},
shared::{
guard,
money::{format_bp, format_price, parse_price_to_cents},
pricing,
},
views::shop as view,
};
const COMPANY: &str = "company";
const BUSINESS_AUDIENCE: &str = "business";
#[derive(Debug, Deserialize)]
struct PriceForm {
price: String,
}
#[derive(Debug, Deserialize)]
struct ResolutionForm {
profile_id: i32,
}
async fn company_by_id(ctx: &AppContext, id: i32) -> Result<users::Model> {
let user = users::Entity::find_by_id(id)
.one(&ctx.db)
.await?
.ok_or_else(|| Error::NotFound)?;
if user.account_type != COMPANY {
return Err(Error::NotFound);
}
Ok(user)
}
async fn assigned_profile_ids(ctx: &AppContext, user_id: i32) -> Result<HashSet<i32>> {
Ok(account_discount_profiles::Entity::find()
.filter(account_discount_profiles::Column::UserId.eq(user_id))
.all(&ctx.db)
.await?
.into_iter()
.map(|a| a.discount_profile_id)
.collect())
}
#[debug_handler]
async fn index(
auth: auth::JWT,
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
) -> Result<Response> {
guard::current_admin(auth, &ctx).await?;
let companies = users::Entity::find()
.filter(users::Column::AccountType.eq(COMPANY))
.order_by_asc(users::Column::Name)
.all(&ctx.db)
.await?;
let mut rows = Vec::with_capacity(companies.len());
for company in &companies {
let negotiated = account_product_prices::Entity::find()
.filter(account_product_prices::Column::UserId.eq(company.id))
.count(&ctx.db)
.await?;
rows.push(json!({
"id": company.id,
"name": company.name,
"email": company.email,
"negotiated_count": negotiated,
}));
}
format::view(
&v,
"admin/customers/index.html",
json!({ "customers": rows, "lang": current_lang(&jar) }),
)
}
#[debug_handler]
async fn show(
auth: auth::JWT,
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
Path(id): Path<i32>,
Query(params): Query<HashMap<String, String>>,
State(ctx): State<AppContext>,
) -> Result<Response> {
guard::current_admin(auth, &ctx).await?;
let company = company_by_id(&ctx, id).await?;
// All profiles (for the assignment section + name lookup) and which are
// assigned to this company.
let all_profiles = discount_profiles::Entity::find()
.order_by_asc(discount_profiles::Column::Name)
.all(&ctx.db)
.await?;
let assigned = assigned_profile_ids(&ctx, company.id).await?;
let profiles_json: Vec<serde_json::Value> = all_profiles
.iter()
.map(|p| {
json!({
"id": p.id,
"name": p.name,
"percent": format_bp(p.percent_bp),
"scope_type": p.scope_type,
"assigned": assigned.contains(&p.id),
})
})
.collect();
let all_categories = categories::Entity::find()
.order_by_asc(categories::Column::Position)
.order_by_asc(categories::Column::Name)
.all(&ctx.db)
.await?;
let list = products::Entity::find()
.order_by_asc(products::Column::Name)
.all(&ctx.db)
.await?;
// Category sidebar tree (counts over the full, unfiltered product list) plus
// the active `?category=` filter applied to the rows.
let category_ids: Vec<Option<i32>> = list.iter().map(|p| p.category_id).collect();
let category_groups = view::admin_category_groups(&all_categories, &category_ids);
let selected_category = params
.get("category")
.map(String::as_str)
.unwrap_or("all")
.to_string();
let filter = view::category_filter_ids(&all_categories, &selected_category);
// Pricing is per variant. Flatten the (filtered) products into their variants
// in product-name then variant-position order, carrying each variant's
// product for the row's display name.
let product_ids: Vec<i32> = list.iter().map(|p| p.id).collect();
let grouped = product_variants::Entity::grouped_for_products(&ctx.db, &product_ids).await?;
let mut variant_rows: Vec<(&products::Model, product_variants::Model)> = Vec::new();
for product in &list {
if !view::category_filter_keep(&filter, product.category_id) {
continue;
}
if let Some(variants) = grouped.get(&product.id) {
for variant in variants {
variant_rows.push((product, variant.clone()));
}
}
}
// Two prices per variant:
// - the generic business price a freshly-registered company sees (business
// baseline + business-audience profiles, no per-company deals), and
// - this company's effective price (its negotiated price + assigned profiles).
// The effective price is highlighted only when it differs from the generic one.
let variants_only: Vec<product_variants::Model> =
variant_rows.iter().map(|(_, v)| v.clone()).collect();
let business = pricing::audience_price_variants(&ctx, &variants_only, BUSINESS_AUDIENCE).await?;
let details = pricing::detail_variants(&ctx, &variants_only, Some(&company)).await?;
let rows: Vec<serde_json::Value> = variant_rows
.iter()
.zip(business.iter())
.zip(details.iter())
.map(|(((product, variant), b), d)| {
json!({
"product_id": product.id,
"variant_id": variant.id,
"name": product.name,
"variant_label": variant.label,
"currency": product.currency,
"regular_price": format_price(d.regular_cents),
"business_price": format_price(b.price_cents),
"business_reduced": b.price_cents < d.regular_cents,
"has_negotiated": d.manual_cents.is_some(),
"collision": d.collision,
"effective_price": format_price(d.price_cents),
"effective_differs": d.price_cents != b.price_cents,
})
})
.collect();
format::view(
&v,
"admin/customers/show.html",
json!({
"customer": { "id": company.id, "name": company.name, "email": company.email },
"profiles": profiles_json,
"products": rows,
"category_groups": category_groups,
"selected_category": selected_category,
"total_count": list.len(),
"uncategorized_count": category_ids.iter().filter(|c| c.is_none()).count(),
"error": params.get("error"),
"lang": current_lang(&jar),
}),
)
}
/// Dedicated per-product page for the negotiated price (and, when two assigned
/// profiles collide, the resolution selector). Mirrors the catalog "Set discount"
/// page but for a single company.
#[debug_handler]
async fn price_edit(
auth: auth::JWT,
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
Path((id, variant_id)): Path<(i32, i32)>,
Query(params): Query<HashMap<String, String>>,
State(ctx): State<AppContext>,
) -> Result<Response> {
guard::current_admin(auth, &ctx).await?;
let company = company_by_id(&ctx, id).await?;
let variant = product_variants::Entity::find_by_id(variant_id)
.one(&ctx.db)
.await?
.ok_or_else(|| Error::NotFound)?;
let product = products::Entity::find_by_id(variant.product_id)
.one(&ctx.db)
.await?
.ok_or_else(|| Error::NotFound)?;
let business =
pricing::audience_price_variants(&ctx, std::slice::from_ref(&variant), BUSINESS_AUDIENCE)
.await?;
let business_cents = business[0].price_cents;
let detail =
pricing::detail_variants(&ctx, std::slice::from_ref(&variant), Some(&company)).await?;
let d = &detail[0];
// Names for the covering profiles, used by the collision resolution selector.
let covering: Vec<serde_json::Value> = if d.covering_profile_ids.is_empty() {
Vec::new()
} else {
let profiles = discount_profiles::Entity::find()
.filter(discount_profiles::Column::Id.is_in(d.covering_profile_ids.clone()))
.all(&ctx.db)
.await?;
let name: HashMap<i32, String> =
profiles.iter().map(|p| (p.id, p.name.clone())).collect();
d.covering_profile_ids
.iter()
.map(|pid| json!({ "id": pid, "name": name.get(pid) }))
.collect()
};
format::view(
&v,
"admin/customers/price_form.html",
json!({
"customer": { "id": company.id, "name": company.name },
"product": {
"id": product.id,
"variant_id": variant.id,
"name": product.name,
"variant_label": variant.label,
"currency": product.currency,
"regular_price": format_price(d.regular_cents),
"regular_cents": d.regular_cents,
"business_price": format_price(business_cents),
"business_reduced": business_cents < d.regular_cents,
"effective_price": format_price(d.price_cents),
"effective_differs": d.price_cents != business_cents,
},
"negotiated": d.manual_cents.map(format_price).unwrap_or_default(),
"has_negotiated": d.manual_cents.is_some(),
"collision": d.collision,
"covering": covering,
"auto_profile_id": d.auto_profile_id,
"error": params.get("error"),
"lang": current_lang(&jar),
}),
)
}
#[debug_handler]
async fn set_price(
auth: auth::JWT,
Path((id, variant_id)): Path<(i32, i32)>,
State(ctx): State<AppContext>,
Form(form): Form<PriceForm>,
) -> Result<Response> {
guard::current_admin(auth, &ctx).await?;
let company = company_by_id(&ctx, id).await?;
let entered = form.price.trim().to_string();
if entered.is_empty() {
account_product_prices::Model::clear(&ctx.db, company.id, variant_id).await?;
return format::redirect(&format!("/admin/customers/{id}"));
}
let cents = match parse_price_to_cents(&entered) {
Ok(cents) if cents > 0 => cents,
_ => {
return format::redirect(&format!(
"/admin/customers/{id}/prices/{variant_id}/edit?error=discount-must-be-positive"
))
}
};
account_product_prices::Model::upsert(&ctx.db, company.id, variant_id, cents).await?;
format::redirect(&format!("/admin/customers/{id}"))
}
#[debug_handler]
async fn remove_price(
auth: auth::JWT,
Path((id, variant_id)): Path<(i32, i32)>,
State(ctx): State<AppContext>,
) -> Result<Response> {
guard::current_admin(auth, &ctx).await?;
let company = company_by_id(&ctx, id).await?;
account_product_prices::Model::clear(&ctx.db, company.id, variant_id).await?;
format::redirect(&format!("/admin/customers/{id}"))
}
/// Replace the company's assigned profiles with the submitted set of checkboxes
/// (`profile_ids`, a repeated field axum `Form` can't collect, parsed directly).
#[debug_handler]
async fn sync_profiles(
auth: auth::JWT,
Path(id): Path<i32>,
State(ctx): State<AppContext>,
body: String,
) -> Result<Response> {
guard::current_admin(auth, &ctx).await?;
let company = company_by_id(&ctx, id).await?;
let profile_ids: Vec<i32> = form_urlencoded::parse(body.as_bytes())
.filter(|(k, _)| k == "profile_ids")
.filter_map(|(_, v)| v.parse::<i32>().ok())
.collect();
let txn = ctx.db.begin().await?;
account_discount_profiles::Entity::delete_many()
.filter(account_discount_profiles::Column::UserId.eq(company.id))
.exec(&txn)
.await?;
for profile_id in profile_ids {
account_discount_profiles::ActiveModel {
user_id: Set(company.id),
discount_profile_id: Set(profile_id),
..Default::default()
}
.insert(&txn)
.await?;
}
txn.commit().await?;
format::redirect(&format!("/admin/customers/{id}"))
}
/// Record the admin's chosen winning profile for a colliding product.
#[debug_handler]
async fn set_resolution(
auth: auth::JWT,
Path((id, variant_id)): Path<(i32, i32)>,
State(ctx): State<AppContext>,
Form(form): Form<ResolutionForm>,
) -> Result<Response> {
guard::current_admin(auth, &ctx).await?;
let company = company_by_id(&ctx, id).await?;
let existing = account_product_resolutions::Entity::find()
.filter(account_product_resolutions::Column::UserId.eq(company.id))
.filter(account_product_resolutions::Column::VariantId.eq(variant_id))
.one(&ctx.db)
.await?;
let mut active = match existing {
Some(row) => row.into_active_model(),
None => account_product_resolutions::ActiveModel {
user_id: Set(company.id),
variant_id: Set(variant_id),
..Default::default()
},
};
active.discount_profile_id = Set(form.profile_id);
active.save(&ctx.db).await?;
format::redirect(&format!("/admin/customers/{id}"))
}
pub fn routes() -> Routes {
Routes::new()
.add("/admin/customers", get(index))
.add("/admin/customers/{id}", get(show))
.add("/admin/customers/{id}/profiles", post(sync_profiles))
.add(
"/admin/customers/{id}/prices/{variant_id}/edit",
get(price_edit),
)
.add("/admin/customers/{id}/prices/{variant_id}", post(set_price))
.add(
"/admin/customers/{id}/prices/{variant_id}/remove",
post(remove_price),
)
.add(
"/admin/customers/{id}/resolutions/{variant_id}",
post(set_resolution),
)
}

298
src/controllers/admin_discount_profiles.rs Normal file
View File

@@ -0,0 +1,298 @@
//! Admin CRUD for reusable discount profiles (a named percentage over a product
//! scope). Profiles are assigned to business accounts on the customer page; here
//! the admin only defines them.
use std::collections::HashSet;
use axum_extra::extract::cookie::CookieJar;
use loco_rs::prelude::*;
use sea_orm::{
ActiveModelTrait, ColumnTrait, EntityTrait, IntoActiveModel, ModelTrait, PaginatorTrait,
QueryFilter, QueryOrder, Set, TransactionTrait,
};
use serde_json::json;
use crate::{
controllers::i18n::current_lang,
models::{discount_profile_products, discount_profiles, products},
shared::{
guard,
money::{format_bp, parse_percent, percent_to_bp},
},
};
/// Scalar + repeated fields parsed from the profile form. `product_ids` is a
/// repeated checkbox field, which `serde_urlencoded` (axum `Form`) can't collect,
/// so the body is parsed directly.
struct ProfileInput {
name: String,
percent: String,
scope_type: String,
product_ids: Vec<i32>,
}
fn parse_profile_form(body: &str) -> ProfileInput {
let mut name = String::new();
let mut percent = String::new();
let mut scope_type = discount_profiles::SCOPE_INCLUDE.to_string();
let mut product_ids = Vec::new();
for (key, value) in form_urlencoded::parse(body.as_bytes()) {
match key.as_ref() {
"name" => name = value.into_owned(),
"percent" => percent = value.into_owned(),
"scope_type" => scope_type = value.into_owned(),
"product_ids" => {
if let Ok(id) = value.parse::<i32>() {
product_ids.push(id);
}
}
_ => {}
}
}
ProfileInput {
name,
percent,
scope_type,
product_ids,
}
}
async fn profile_by_id(ctx: &AppContext, id: i32) -> Result<discount_profiles::Model> {
discount_profiles::Entity::find_by_id(id)
.one(&ctx.db)
.await?
.ok_or_else(|| Error::NotFound)
}
#[debug_handler]
async fn index(
auth: auth::JWT,
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
) -> Result<Response> {
guard::current_admin(auth, &ctx).await?;
let profiles = discount_profiles::Entity::find()
.order_by_asc(discount_profiles::Column::Name)
.all(&ctx.db)
.await?;
let mut rows = Vec::with_capacity(profiles.len());
for profile in &profiles {
let count = discount_profile_products::Entity::find()
.filter(discount_profile_products::Column::DiscountProfileId.eq(profile.id))
.count(&ctx.db)
.await?;
rows.push(json!({
"id": profile.id,
"name": profile.name,
"percent": format_bp(profile.percent_bp),
"scope_type": profile.scope_type,
"product_count": count,
}));
}
format::view(
&v,
"admin/catalog/discount_profiles.html",
json!({ "profiles": rows, "lang": current_lang(&jar) }),
)
}
/// Render the create/edit form. `profile` is null on create.
async fn render_form(
ctx: &AppContext,
v: &TeraView,
jar: &CookieJar,
profile: Option<&discount_profiles::Model>,
selected: &HashSet<i32>,
error: Option<&str>,
) -> Result<Response> {
let all_products = products::Entity::find()
.order_by_asc(products::Column::Name)
.all(&ctx.db)
.await?;
let product_rows: Vec<serde_json::Value> = all_products
.iter()
.map(|p| json!({ "id": p.id, "name": p.name, "selected": selected.contains(&p.id) }))
.collect();
let profile_json = match profile {
Some(p) => json!({
"id": p.id,
"name": p.name,
"percent": format_bp(p.percent_bp),
"scope_type": p.scope_type,
}),
None => serde_json::Value::Null,
};
format::view(
v,
"admin/catalog/discount_profile_form.html",
json!({
"profile": profile_json,
"products": product_rows,
"error": error,
"lang": current_lang(jar),
}),
)
}
#[debug_handler]
async fn new(
auth: auth::JWT,
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
) -> Result<Response> {
guard::current_admin(auth, &ctx).await?;
render_form(&ctx, &v, &jar, None, &HashSet::new(), None).await
}
#[debug_handler]
async fn edit(
auth: auth::JWT,
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
Path(id): Path<i32>,
State(ctx): State<AppContext>,
) -> Result<Response> {
guard::current_admin(auth, &ctx).await?;
let profile = profile_by_id(&ctx, id).await?;
let selected = member_ids(&ctx, id).await?;
render_form(&ctx, &v, &jar, Some(&profile), &selected, None).await
}
async fn member_ids(ctx: &AppContext, profile_id: i32) -> Result<HashSet<i32>> {
Ok(discount_profile_products::Entity::find()
.filter(discount_profile_products::Column::DiscountProfileId.eq(profile_id))
.all(&ctx.db)
.await?
.into_iter()
.map(|r| r.product_id)
.collect())
}
/// Validate the parsed form into `(name, percent_bp, scope_type)`, or an error key.
fn validate(input: &ProfileInput) -> std::result::Result<(String, i32, String), &'static str> {
let name = input.name.trim().to_string();
if name.is_empty() {
return Err("profile-name-required");
}
let pct = parse_percent(&input.percent).ok_or("discount-invalid")?;
if pct <= 0.0 || pct >= 100.0 {
return Err("discount-percent-range");
}
let scope = if input.scope_type == discount_profiles::SCOPE_ALL_EXCEPT {
discount_profiles::SCOPE_ALL_EXCEPT
} else {
discount_profiles::SCOPE_INCLUDE
};
Ok((name, percent_to_bp(pct), scope.to_string()))
}
/// Replace a profile's product membership with `product_ids`.
async fn sync_membership(
ctx: &AppContext,
profile_id: i32,
product_ids: &[i32],
) -> Result<()> {
let txn = ctx.db.begin().await?;
discount_profile_products::Entity::delete_many()
.filter(discount_profile_products::Column::DiscountProfileId.eq(profile_id))
.exec(&txn)
.await?;
for product_id in product_ids {
discount_profile_products::ActiveModel {
discount_profile_id: Set(profile_id),
product_id: Set(*product_id),
..Default::default()
}
.insert(&txn)
.await?;
}
txn.commit().await?;
Ok(())
}
#[debug_handler]
async fn create(
auth: auth::JWT,
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
body: String,
) -> Result<Response> {
guard::current_admin(auth, &ctx).await?;
let input = parse_profile_form(&body);
let (name, percent_bp, scope_type) = match validate(&input) {
Ok(values) => values,
Err(key) => {
let selected: HashSet<i32> = input.product_ids.iter().copied().collect();
return render_form(&ctx, &v, &jar, None, &selected, Some(key)).await;
}
};
let profile = discount_profiles::ActiveModel {
name: Set(name),
percent_bp: Set(percent_bp),
scope_type: Set(scope_type),
..Default::default()
}
.insert(&ctx.db)
.await?;
sync_membership(&ctx, profile.id, &input.product_ids).await?;
format::redirect("/admin/catalog/discount-profiles")
}
#[debug_handler]
async fn update(
auth: auth::JWT,
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
Path(id): Path<i32>,
State(ctx): State<AppContext>,
body: String,
) -> Result<Response> {
guard::current_admin(auth, &ctx).await?;
let profile = profile_by_id(&ctx, id).await?;
let input = parse_profile_form(&body);
let (name, percent_bp, scope_type) = match validate(&input) {
Ok(values) => values,
Err(key) => {
let selected: HashSet<i32> = input.product_ids.iter().copied().collect();
return render_form(&ctx, &v, &jar, Some(&profile), &selected, Some(key)).await;
}
};
let mut active = profile.into_active_model();
active.name = Set(name);
active.percent_bp = Set(percent_bp);
active.scope_type = Set(scope_type);
active.update(&ctx.db).await?;
sync_membership(&ctx, id, &input.product_ids).await?;
format::redirect("/admin/catalog/discount-profiles")
}
#[debug_handler]
async fn delete(
auth: auth::JWT,
Path(id): Path<i32>,
State(ctx): State<AppContext>,
) -> Result<Response> {
guard::current_admin(auth, &ctx).await?;
// FK cascades remove membership, assignments and resolutions.
profile_by_id(&ctx, id).await?.delete(&ctx.db).await?;
format::redirect("/admin/catalog/discount-profiles")
}
pub fn routes() -> Routes {
Routes::new()
.add("/admin/catalog/discount-profiles", get(index))
.add("/admin/catalog/discount-profiles/new", get(new))
.add("/admin/catalog/discount-profiles", post(create))
.add("/admin/catalog/discount-profiles/{id}/edit", get(edit))
.add("/admin/catalog/discount-profiles/{id}", post(update))
.add("/admin/catalog/discount-profiles/{id}/delete", post(delete))
}

61
src/controllers/admin_form.rs
View File

@@ -1,8 +1,10 @@
//! Multipart form handling shared by the product and category admin forms.
//!
//! Both forms submit a mix of text fields and an optional `image` file part;
//! this collects them into an easy-to-query [`MultipartForm`] and stores any
//! uploaded image through the configured storage driver.
//! Both forms submit a mix of text fields and `image` file part(s); this
//! collects them into an easy-to-query [`MultipartForm`] and stores any
//! uploaded image through the configured storage driver. The product form can
//! upload several images at once and submits the ids of the existing images it
//! keeps (in display order) as repeated `existing_images` fields.
use std::collections::HashMap;
@@ -18,11 +20,15 @@ fn normalize_empty(value: Option<String>) -> Option<String> {
})
}
/// Collected multipart form: text fields keyed by name, plus the raw bytes of
/// an `image` file part if one was uploaded (an empty file input is ignored).
/// Collected multipart form: text fields keyed by name, the raw bytes of every
/// `image` file part uploaded (empty file inputs are ignored, submission order
/// preserved), and the ids of the existing images the form kept, in the display
/// order it submitted them (`existing_images`, repeated — drives reorder and
/// delete on the edit form).
pub(crate) struct MultipartForm {
fields: HashMap<String, String>,
pub(crate) image: Option<Vec<u8>>,
pub(crate) images: Vec<Vec<u8>>,
pub(crate) kept_image_ids: Vec<i32>,
}
impl MultipartForm {
@@ -31,6 +37,12 @@ impl MultipartForm {
normalize_empty(self.fields.get(key).cloned())
}
/// The single uploaded image, for forms (like categories) that accept only
/// one. Consumes the first uploaded part; any extras are ignored.
pub(crate) fn single_image(self) -> Option<Vec<u8>> {
self.images.into_iter().next()
}
/// Whether a checkbox-style field is checked.
pub(crate) fn checked(&self, key: &str) -> bool {
matches!(
@@ -38,11 +50,29 @@ impl MultipartForm {
Some("on" | "true" | "1")
)
}
/// The distinct row indices `N` present among `variants[N][...]` fields,
/// sorted ascending. Used to read the repeated variant rows of the product
/// form (each row's fields are uniquely keyed, so the HashMap keeps them all).
pub(crate) fn variant_indices(&self) -> Vec<usize> {
let mut idx: Vec<usize> = self
.fields
.keys()
.filter_map(|k| {
let rest = k.strip_prefix("variants[")?;
rest.split(']').next()?.parse::<usize>().ok()
})
.collect();
idx.sort_unstable();
idx.dedup();
idx
}
}
pub(crate) async fn read_multipart_form(mut multipart: Multipart) -> Result<MultipartForm> {
let mut fields = HashMap::new();
let mut image = None;
let mut images = Vec::new();
let mut kept_image_ids = Vec::new();
while let Some(mut field) = multipart
.next_field()
@@ -65,8 +95,17 @@ pub(crate) async fn read_multipart_form(mut multipart: Multipart) -> Result<Mult
)));
}
}
// An empty file part (no file chosen in a slot) is ignored.
if !data.is_empty() {
image = Some(data);
images.push(data);
}
} else if name == "existing_images" {
let value = field
.text()
.await
.map_err(|err| Error::BadRequest(format!("invalid multipart field: {err}")))?;
if let Ok(id) = value.trim().parse::<i32>() {
kept_image_ids.push(id);
}
} else {
let value = field
@@ -77,7 +116,11 @@ pub(crate) async fn read_multipart_form(mut multipart: Multipart) -> Result<Mult
}
}
Ok(MultipartForm { fields, image })
Ok(MultipartForm {
fields,
images,
kept_image_ids,
})
}
/// Store an uploaded image's bytes and return its generated filename.

3
src/controllers/admin_orders.rs
View File

@@ -14,7 +14,8 @@ use crate::{
shared::{guard, settings},
};
pub(crate) const ORDER_STATUSES: [&str; 4] = ["pending", "paid", "shipped", "cancelled"];
pub(crate) const ORDER_STATUSES: [&str; 5] =
["pending", "paid", "shipped", "delivered", "cancelled"];
/// Fallback parcel weight when products carry no weight of their own.
const DEFAULT_PARCEL_WEIGHT_GRAMS: i32 = 1000;

590
src/controllers/admin_products.rs
View File

@@ -1,11 +1,20 @@
//! Admin product CRUD.
//!
//! A product is a presentation grouping; its purchasable options live in
//! `product_variants` (each with its own label, sku, stock, regular price and
//! optional public/business quick-sale prices), edited inline on the product
//! form. The products list and the per-audience percentage discount profiles
//! operate at the product level, previewing prices on each product's
//! representative (first) variant.
use std::collections::{HashMap, HashSet};
use axum::extract::{DefaultBodyLimit, Multipart};
use axum_extra::extract::cookie::CookieJar;
use loco_rs::prelude::*;
use sea_orm::{
ActiveModelTrait, ColumnTrait, EntityTrait, ModelTrait, PaginatorTrait, QueryFilter,
QueryOrder, Set,
QueryOrder, Set, TransactionTrait,
};
use serde_json::json;
@@ -17,13 +26,20 @@ use crate::{
},
shared::{
guard,
money::parse_price_to_cents,
money::{format_bp, format_price, parse_price_to_cents},
pricing,
slug::{slugify, unique_slug},
},
models::{categories, product_images, products},
models::{
audience_discount_profiles, categories, discount_profiles, product_images,
product_variants, products,
},
views::shop as view,
};
/// Which discount column an audience tab operates on.
const BUSINESS: &str = "business";
async fn product_by_id(ctx: &AppContext, id: i32) -> Result<products::Model> {
products::Entity::find_by_id(id)
.one(&ctx.db)
@@ -36,10 +52,7 @@ struct ProductFields {
name: String,
slug: String,
description: Option<String>,
price_cents: i64,
currency: String,
sku: Option<String>,
stock: i32,
category_id: Option<i32>,
published: bool,
}
@@ -52,19 +65,8 @@ async fn parse_product_fields(
let name = form
.text("name")
.ok_or_else(|| Error::BadRequest("product name is required".to_string()))?;
let price_cents = parse_price_to_cents(
form.text("price")
.ok_or_else(|| Error::BadRequest("price is required".to_string()))?
.as_str(),
)?;
let currency = form.text("currency").unwrap_or_else(|| "EUR".to_string());
let description = form.text("description");
let sku = form.text("sku");
let stock = form
.text("stock")
.and_then(|s| s.parse::<i32>().ok())
.filter(|n| *n >= 0)
.unwrap_or(0);
let category_id = form.text("category_id").and_then(|s| s.parse::<i32>().ok());
let published = form.checked("published");
@@ -89,15 +91,155 @@ async fn parse_product_fields(
name,
slug,
description,
price_cents,
currency,
sku,
stock,
category_id,
published,
})
}
/// One variant row parsed from the product form.
struct VariantInput {
id: Option<i32>,
label: String,
sku: Option<String>,
/// `None` = available but not inventory-tracked.
stock: Option<i32>,
price_cents: i64,
business_sale_cents: Option<i64>,
position: i32,
}
/// The optional business-sale price field on a variant row: blank means "no
/// business quick-sale", a value must parse and be below the regular price.
fn parse_optional_sale(
form: &MultipartForm,
i: usize,
key: &str,
price_cents: i64,
) -> Result<Option<i64>> {
let Some(raw) = form.text(&format!("variants[{i}][{key}]")) else {
return Ok(None);
};
let cents = parse_price_to_cents(&raw)?;
if cents <= 0 || cents >= price_cents {
return Err(Error::BadRequest(
"a sale price must be positive and below the regular price".to_string(),
));
}
Ok(Some(cents))
}
/// Parse the repeated variant rows from the form, in submission order. Blank
/// rows (no price and no label) are skipped; at least one valid row is required.
fn parse_variants(form: &MultipartForm) -> Result<Vec<VariantInput>> {
let mut out = Vec::new();
for i in form.variant_indices() {
let label = form
.text(&format!("variants[{i}][label]"))
.unwrap_or_default();
let price_raw = form.text(&format!("variants[{i}][price]"));
let Some(price_raw) = price_raw else {
// A completely empty leftover row is ignored; a labelled row without
// a price is a mistake worth reporting.
if label.is_empty() {
continue;
}
return Err(Error::BadRequest(
"each option needs a price".to_string(),
));
};
let price_cents = parse_price_to_cents(&price_raw)?;
if price_cents <= 0 {
return Err(Error::BadRequest(
"an option price must be positive".to_string(),
));
}
let sku = form.text(&format!("variants[{i}][sku]"));
// Stock is optional: blank means "available, not tracked". A value must
// be a non-negative integer.
let stock = match form.text(&format!("variants[{i}][stock]")) {
None => None,
Some(raw) => Some(
raw.parse::<i32>()
.ok()
.filter(|n| *n >= 0)
.ok_or_else(|| Error::BadRequest("stock must be 0 or more".to_string()))?,
),
};
let business_sale_cents = parse_optional_sale(form, i, "business_sale", price_cents)?;
let id = form
.text(&format!("variants[{i}][id]"))
.and_then(|s| s.parse::<i32>().ok());
out.push(VariantInput {
id,
label,
sku,
stock,
price_cents,
business_sale_cents,
position: out.len() as i32,
});
}
if out.is_empty() {
return Err(Error::BadRequest(
"add at least one option with a price".to_string(),
));
}
Ok(out)
}
/// Apply a parsed variant row onto a (new or existing) active model.
fn apply_variant(active: &mut product_variants::ActiveModel, input: &VariantInput) {
active.label = Set(input.label.clone());
active.sku = Set(input.sku.clone());
active.stock = Set(input.stock);
active.price_cents = Set(input.price_cents);
// The per-variant public sale price was removed from the UI; keep it cleared.
active.sale_price_cents = Set(None);
active.business_sale_price_cents = Set(input.business_sale_cents);
active.position = Set(input.position);
}
/// Reconcile the product's variants with the submitted rows inside `txn`: update
/// rows carrying an id, insert rows without one, and delete existing variants no
/// longer present.
async fn sync_variants<C: ConnectionTrait>(
txn: &C,
product_id: i32,
inputs: &[VariantInput],
) -> Result<()> {
let existing = product_variants::Entity::for_product(txn, product_id).await?;
let keep: HashSet<i32> = inputs.iter().filter_map(|v| v.id).collect();
for variant in &existing {
if !keep.contains(&variant.id) {
variant.clone().delete(txn).await?;
}
}
let by_id: HashMap<i32, product_variants::Model> =
existing.into_iter().map(|v| (v.id, v)).collect();
for input in inputs {
match input.id.and_then(|id| by_id.get(&id)) {
Some(model) => {
let mut active = model.clone().into_active_model();
apply_variant(&mut active, input);
active.update(txn).await?;
}
None => {
let mut active = product_variants::ActiveModel {
product_id: Set(product_id),
..Default::default()
};
apply_variant(&mut active, input);
active.insert(txn).await?;
}
}
}
Ok(())
}
async fn form_context(ctx: &AppContext, jar: &CookieJar) -> Result<serde_json::Value> {
let categories = categories::Entity::find()
.order_by_asc(categories::Column::Position)
@@ -107,37 +249,175 @@ async fn form_context(ctx: &AppContext, jar: &CookieJar) -> Result<serde_json::V
Ok(json!({ "categories": categories, "lang": current_lang(jar) }))
}
/// Variant shape used to pre-fill a row of the product form's variant editor.
fn variant_form_json(variant: &product_variants::Model) -> serde_json::Value {
json!({
"id": variant.id,
"label": variant.label,
"sku": variant.sku,
"stock": variant.stock,
"price": format_price(variant.price_cents),
"business_sale": variant.business_sale_price_cents.map(format_price),
})
}
#[debug_handler]
async fn index(
auth: auth::JWT,
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
Query(params): Query<HashMap<String, String>>,
State(ctx): State<AppContext>,
) -> Result<Response> {
guard::current_admin(auth, &ctx).await?;
let audience = read_audience(&params);
let all_categories = categories::Entity::find()
.order_by_asc(categories::Column::Position)
.order_by_asc(categories::Column::Name)
.all(&ctx.db)
.await?;
let category_name: HashMap<i32, String> = all_categories
.iter()
.map(|c| (c.id, c.name.clone()))
.collect();
let list = products::Entity::find()
.order_by_desc(products::Column::CreatedAt)
.all(&ctx.db)
.await?;
let mut rows = Vec::new();
for product in list {
let image = product_images::first_for(&ctx, product.id).await?;
let category_name = match product.category_id {
Some(id) => categories::Entity::find_by_id(id)
.one(&ctx.db)
.await?
.map(|c| c.name),
None => None,
};
rows.push(view::product_card(&product, image, category_name));
let ids: Vec<i32> = list.iter().map(|p| p.id).collect();
let grouped = product_variants::Entity::grouped_for_products(&ctx.db, &ids).await?;
// Category sidebar tree (counts over the full, unfiltered list) plus the
// active `?category=` filter applied to the rows.
let category_ids: Vec<Option<i32>> = list.iter().map(|p| p.category_id).collect();
let category_groups = view::admin_category_groups(&all_categories, &category_ids);
let selected_category = params
.get("category")
.map(String::as_str)
.unwrap_or("all")
.to_string();
let filter = view::category_filter_ids(&all_categories, &selected_category);
// The kept products with their representative (first) variant, priced in one
// batch for the active audience.
let mut kept: Vec<(&products::Model, &Vec<product_variants::Model>)> = Vec::new();
for product in &list {
if !view::category_filter_keep(&filter, product.category_id) {
continue;
}
if let Some(variants) = grouped.get(&product.id) {
if !variants.is_empty() {
kept.push((product, variants));
}
}
}
let reps: Vec<product_variants::Model> =
kept.iter().map(|(_, vs)| vs[0].clone()).collect();
let effective = pricing::audience_price_variants(&ctx, &reps, audience).await?;
let mut rows = Vec::new();
for ((product, variants), priced) in kept.iter().zip(effective.iter()) {
let image = product_images::first_for(&ctx, product.id).await?;
let category_name = product
.category_id
.and_then(|id| category_name.get(&id).cloned());
// Stock column: total across tracked variants, or "∞" when any option is
// untracked (always available).
let stock_display = if variants.iter().any(|v| !v.tracked()) {
"".to_string()
} else {
variants
.iter()
.filter_map(|v| v.stock)
.sum::<i32>()
.to_string()
};
rows.push(product_row(
product,
priced,
variants.len(),
stock_display,
image,
category_name,
));
}
format::view(
&v,
"admin/catalog/products.html",
json!({ "products": rows, "lang": current_lang(&jar) }),
json!({
"products": rows,
"profiles": load_audience_profiles(&ctx, audience).await?,
"audience": audience,
"category_groups": category_groups,
"selected_category": selected_category,
"total_count": list.len(),
"uncategorized_count": category_ids.iter().filter(|c| c.is_none()).count(),
"lang": current_lang(&jar),
}),
)
}
/// List-row shape: the product card fields plus its representative variant's
/// resolved effective price (after the active audience's profiles) and the count
/// of options.
fn product_row(
product: &products::Model,
effective: &pricing::PricedProduct,
variant_count: usize,
stock_display: String,
image: Option<String>,
category_name: Option<String>,
) -> serde_json::Value {
json!({
"id": product.id,
"name": product.name,
"slug": product.slug,
"currency": product.currency,
"stock": stock_display,
"variant_count": variant_count,
"has_options": variant_count > 1,
"published": product.published,
"image": image,
"category_name": category_name,
"regular_price": format_price(effective.regular_cents),
"effective_price": format_price(effective.price_cents),
"effective_reduced": effective.is_reduced(),
"effective_percent_off": percent_off(effective.regular_cents, effective.price_cents),
})
}
/// All discount profiles, flagged with whether they are assigned to `audience`.
async fn load_audience_profiles(
ctx: &AppContext,
audience: &str,
) -> Result<Vec<serde_json::Value>> {
let assigned: HashSet<i32> = audience_discount_profiles::Entity::find()
.filter(audience_discount_profiles::Column::Audience.eq(audience))
.all(&ctx.db)
.await?
.into_iter()
.map(|a| a.discount_profile_id)
.collect();
let all_profiles = discount_profiles::Entity::find()
.order_by_asc(discount_profiles::Column::Name)
.all(&ctx.db)
.await?;
Ok(all_profiles
.iter()
.map(|p| {
json!({
"id": p.id,
"name": p.name,
"percent": format_bp(p.percent_bp),
"scope_type": p.scope_type,
"assigned": assigned.contains(&p.id),
})
})
.collect())
}
#[debug_handler]
async fn new(
auth: auth::JWT,
@@ -148,6 +428,7 @@ async fn new(
guard::current_admin(auth, &ctx).await?;
let mut context = form_context(&ctx, &jar).await?;
context["product"] = serde_json::Value::Null;
context["variants"] = json!([]);
format::view(&v, "admin/catalog/product_form.html", context)
}
@@ -160,38 +441,77 @@ async fn create(
guard::current_admin(auth, &ctx).await?;
let form = read_multipart_form(multipart).await?;
let fields = parse_product_fields(&ctx, &form, None).await?;
let variants = parse_variants(&form)?;
let txn = ctx.db.begin().await?;
let product = products::ActiveModel {
name: Set(fields.name),
slug: Set(fields.slug),
description: Set(fields.description),
price_cents: Set(fields.price_cents),
currency: Set(fields.currency),
sku: Set(fields.sku),
stock: Set(fields.stock),
view_count: Set(0),
published: Set(fields.published),
published_at: Set(fields.published.then(|| chrono::Utc::now().into())),
category_id: Set(fields.category_id),
..Default::default()
}
.insert(&ctx.db)
.insert(&txn)
.await?;
sync_variants(&txn, product.id, &variants).await?;
sync_images(&ctx, &txn, product.id, &form.kept_image_ids, &form.images).await?;
txn.commit().await?;
if let Some(data) = form.image {
let filename = store_image(&ctx, data).await?;
format::redirect("/admin/catalog/products")
}
/// Reconcile a product's images inside `txn` with the submitted form: keep the
/// existing images named in `kept_ids`, re-numbering their positions to that
/// order (first = main); delete any existing image no longer named; then store
/// and append the freshly uploaded `new_images` after the kept ones.
async fn sync_images<C: ConnectionTrait>(
ctx: &AppContext,
txn: &C,
product_id: i32,
kept_ids: &[i32],
new_images: &[Vec<u8>],
) -> Result<()> {
let existing = product_images::for_product(txn, product_id).await?;
let by_id: HashMap<i32, product_images::Model> =
existing.iter().map(|m| (m.id, m.clone())).collect();
let keep: HashSet<i32> = kept_ids.iter().copied().collect();
for image in &existing {
if !keep.contains(&image.id) {
image.clone().delete(txn).await?;
}
}
// Re-number the kept images to their submitted order. Ids that no longer
// exist (a stale form) are simply skipped.
let mut position = 0i32;
for id in kept_ids {
if let Some(model) = by_id.get(id) {
let mut active = model.clone().into_active_model();
active.position = Set(position);
active.update(txn).await?;
position += 1;
}
}
for data in new_images {
let filename = store_image(ctx, data.clone()).await?;
product_images::ActiveModel {
product_id: Set(product.id),
product_id: Set(product_id),
image_id: Set(filename),
position: Set(0),
position: Set(position),
alt: Set(None),
..Default::default()
}
.insert(&ctx.db)
.insert(txn)
.await?;
position += 1;
}
format::redirect("/admin/catalog/products")
Ok(())
}
#[debug_handler]
@@ -204,9 +524,11 @@ async fn edit(
) -> Result<Response> {
guard::current_admin(auth, &ctx).await?;
let product = product_by_id(&ctx, id).await?;
let image = product_images::first_for(&ctx, id).await?;
let images = product_images::for_product(&ctx.db, id).await?;
let variants = product_variants::Entity::for_product(&ctx.db, id).await?;
let mut context = form_context(&ctx, &jar).await?;
context["product"] = view::product_form(&product, image);
context["product"] = view::product_form(&product, &images);
context["variants"] = json!(variants.iter().map(variant_form_json).collect::<Vec<_>>());
format::view(&v, "admin/catalog/product_form.html", context)
}
@@ -222,15 +544,14 @@ async fn update(
let was_published = existing.published;
let form = read_multipart_form(multipart).await?;
let fields = parse_product_fields(&ctx, &form, Some(id)).await?;
let variants = parse_variants(&form)?;
let txn = ctx.db.begin().await?;
let mut product = existing.into_active_model();
product.name = Set(fields.name);
product.slug = Set(fields.slug);
product.description = Set(fields.description);
product.price_cents = Set(fields.price_cents);
product.currency = Set(fields.currency);
product.sku = Set(fields.sku);
product.stock = Set(fields.stock);
product.category_id = Set(fields.category_id);
product.published = Set(fields.published);
if fields.published && !was_published {
@@ -238,21 +559,10 @@ async fn update(
} else if !fields.published {
product.published_at = Set(None);
}
product.update(&ctx.db).await?;
if let Some(data) = form.image {
let filename = store_image(&ctx, data).await?;
let next_position = product_images::count_for(&ctx, id).await?;
product_images::ActiveModel {
product_id: Set(id),
image_id: Set(filename),
position: Set(next_position),
alt: Set(None),
..Default::default()
}
.insert(&ctx.db)
.await?;
}
product.update(&txn).await?;
sync_variants(&txn, id, &variants).await?;
sync_images(&ctx, &txn, id, &form.kept_image_ids, &form.images).await?;
txn.commit().await?;
format::redirect("/admin/catalog/products")
}
@@ -268,8 +578,155 @@ async fn delete(
format::redirect("/admin/catalog/products")
}
// --- Discount profiles -----------------------------------------------------
//
// Two audiences, switched by an `?audience=` tab on the products page:
// - **personal** (default): what everyone sees.
// - **business**: what company accounts see (per-company profiles/negotiated
// prices still layer on top; lowest price wins).
//
// Per-product absolute quick-sale prices live on each variant and are edited in
// the product form. This section is only the reusable *percentage* discount
// profiles assigned to an audience.
fn read_audience(params: &HashMap<String, String>) -> &'static str {
match params.get("audience").map(String::as_str) {
Some(BUSINESS) => BUSINESS,
_ => "personal",
}
}
fn list_redirect(audience: &str) -> Result<Response> {
format::redirect(&format!("/admin/catalog/products?audience={audience}"))
}
/// Percent off the regular price, rounded to a whole number.
fn percent_off(regular_cents: i64, sale_cents: i64) -> i64 {
if regular_cents <= 0 {
return 0;
}
let off = (regular_cents - sale_cents) as f64 / regular_cents as f64 * 100.0;
off.round() as i64
}
/// Representative (first) variant for each product in `list`, in the same order,
/// dropping products with no variants. Returns the products kept alongside their
/// representative variant.
async fn representatives<'a>(
ctx: &AppContext,
list: &'a [products::Model],
) -> Result<(Vec<&'a products::Model>, Vec<product_variants::Model>)> {
let ids: Vec<i32> = list.iter().map(|p| p.id).collect();
let grouped = product_variants::Entity::grouped_for_products(&ctx.db, &ids).await?;
let mut products_kept = Vec::new();
let mut reps = Vec::new();
for product in list {
if let Some(variants) = grouped.get(&product.id) {
if let Some(first) = variants.first() {
products_kept.push(product);
reps.push(first.clone());
}
}
}
Ok((products_kept, reps))
}
/// Preview the effective prices that the submitted (unsaved) checkbox set would
/// produce, without persisting anything. Returns OOB `<span>`s that htmx swaps
/// into the effective-price column so the admin sees the effect before Save.
#[debug_handler]
async fn profiles_preview(
auth: auth::JWT,
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
Query(params): Query<HashMap<String, String>>,
State(ctx): State<AppContext>,
body: String,
) -> Result<Response> {
guard::current_admin(auth, &ctx).await?;
let audience = read_audience(&params);
let profile_ids: Vec<i32> = form_urlencoded::parse(body.as_bytes())
.filter(|(k, _)| k == "profile_ids")
.filter_map(|(_, value)| value.parse::<i32>().ok())
.collect();
let all_categories = categories::Entity::find()
.order_by_asc(categories::Column::Position)
.order_by_asc(categories::Column::Name)
.all(&ctx.db)
.await?;
let list = products::Entity::find()
.order_by_desc(products::Column::CreatedAt)
.all(&ctx.db)
.await?;
let (products_kept, reps) = representatives(&ctx, &list).await?;
let effective =
pricing::audience_price_variants_preview(&ctx, &reps, audience, profile_ids).await?;
let selected_category = params.get("category").map(String::as_str).unwrap_or("all");
let filter = view::category_filter_ids(&all_categories, selected_category);
let mut rows = Vec::new();
for (product, priced) in products_kept.iter().zip(effective.iter()) {
if !view::category_filter_keep(&filter, product.category_id) {
continue;
}
rows.push(json!({
"id": product.id,
"currency": product.currency,
"effective_price": format_price(priced.price_cents),
"effective_reduced": priced.is_reduced(),
"effective_percent_off": percent_off(priced.regular_cents, priced.price_cents),
}));
}
format::view(
&v,
"admin/catalog/_price_preview.html",
json!({ "products": rows, "lang": current_lang(&jar) }),
)
}
/// Replace the profiles applied to this audience with the submitted checkbox set
/// (`profile_ids`, a repeated field parsed directly from the body).
#[debug_handler]
async fn sync_profiles(
auth: auth::JWT,
Query(params): Query<HashMap<String, String>>,
State(ctx): State<AppContext>,
body: String,
) -> Result<Response> {
guard::current_admin(auth, &ctx).await?;
let audience = read_audience(&params);
let profile_ids: Vec<i32> = form_urlencoded::parse(body.as_bytes())
.filter(|(k, _)| k == "profile_ids")
.filter_map(|(_, value)| value.parse::<i32>().ok())
.collect();
let txn = ctx.db.begin().await?;
audience_discount_profiles::Entity::delete_many()
.filter(audience_discount_profiles::Column::Audience.eq(audience))
.exec(&txn)
.await?;
for profile_id in profile_ids {
audience_discount_profiles::ActiveModel {
audience: Set(audience.to_string()),
discount_profile_id: Set(profile_id),
..Default::default()
}
.insert(&txn)
.await?;
}
txn.commit().await?;
list_redirect(audience)
}
pub fn routes() -> Routes {
let image_limit = DefaultBodyLimit::max(IMAGE_MAX_BYTES + 1024 * 1024);
// Several images may be uploaded in one submission; allow a generous total
// (per-file size is still capped at IMAGE_MAX_BYTES while reading).
let image_limit = DefaultBodyLimit::max(IMAGE_MAX_BYTES * 12 + 1024 * 1024);
Routes::new()
.add("/admin/catalog/products", get(index))
.add("/admin/catalog/products/new", get(new))
@@ -277,6 +734,11 @@ pub fn routes() -> Routes {
"/admin/catalog/products",
post(create).layer(image_limit.clone()),
)
.add("/admin/catalog/products/profiles", post(sync_profiles))
.add(
"/admin/catalog/products/profiles/preview",
post(profiles_preview),
)
.add("/admin/catalog/products/{id}/edit", get(edit))
.add(
"/admin/catalog/products/{id}",

25
src/controllers/auth.rs
View File

@@ -13,6 +13,13 @@ use time::Duration as TimeDuration;
pub static EMAIL_DOMAIN_RE: OnceLock<Regex> = OnceLock::new();
pub(crate) const AUTH_COOKIE: &str = "auth_token";
/// Short-lived cookie that carries a half-authenticated session between the
/// password step and the TOTP step. It is a *separate* name from `auth_token`
/// on purpose: the auth guards only read `auth_token`, so this cookie can never
/// authenticate a request on its own — it only proves the password step passed.
pub(crate) const TOTP_PENDING_COOKIE: &str = "totp_pending";
/// How long the user has to enter their 2FA code after the password step.
pub(crate) const TOTP_PENDING_TTL_SECS: u64 = 300;
fn get_allow_email_domain_re() -> &'static Regex {
EMAIL_DOMAIN_RE.get_or_init(|| {
@@ -38,6 +45,24 @@ pub(crate) fn clear_auth_cookie() -> Cookie<'static> {
.build()
}
pub(crate) fn totp_pending_cookie(token: &str, max_age_seconds: u64) -> Cookie<'static> {
Cookie::build((TOTP_PENDING_COOKIE, token.to_string()))
.path("/")
.http_only(true)
.same_site(SameSite::Lax)
.max_age(TimeDuration::seconds(max_age_seconds as i64))
.build()
}
pub(crate) fn clear_totp_pending_cookie() -> Cookie<'static> {
Cookie::build((TOTP_PENDING_COOKIE, ""))
.path("/")
.http_only(true)
.same_site(SameSite::Lax)
.max_age(TimeDuration::seconds(0))
.build()
}
#[derive(Debug, Deserialize, Serialize)]
pub struct ForgotParams {
pub email: String,

266
src/controllers/auth_pages.rs
View File

@@ -85,6 +85,23 @@ async fn login(
}
let jwt_secret = ctx.config.get_jwt_config()?;
// If the user opted into 2FA, the password is only the first factor: don't
// issue the real auth cookie yet. Hand out a short-lived, separate "pending"
// cookie and send them to the code-entry page. Everyone without 2FA logs in
// in a single step exactly as before.
if user.totp_enabled() {
let pending = user
.generate_jwt(&jwt_secret.secret, auth_controller::TOTP_PENDING_TTL_SECS)
.or_else(|_| unauthorized("unauthorized!"))?;
return format::render()
.cookies(&[auth_controller::totp_pending_cookie(
&pending,
auth_controller::TOTP_PENDING_TTL_SECS,
)])?
.redirect("/login/totp");
}
let token = user
.generate_jwt(&jwt_secret.secret, jwt_secret.expiration)
.or_else(|_| unauthorized("unauthorized!"))?;
@@ -94,6 +111,89 @@ async fn login(
.redirect(home_for(&ctx, &user))
}
/// Resolve the user behind a valid, unexpired `totp_pending` cookie. Returns
/// `None` (never errors) when the cookie is missing, malformed, or expired —
/// the caller bounces such requests back to `/login`.
async fn user_from_pending(ctx: &AppContext, jar: &CookieJar) -> Option<users::Model> {
let cookie = jar.get(auth_controller::TOTP_PENDING_COOKIE)?;
let jwt_config = ctx.config.get_jwt_config().ok()?;
let claims = loco_rs::auth::jwt::JWT::new(&jwt_config.secret)
.validate(cookie.value())
.ok()?;
let user = users::Model::find_by_pid(&ctx.db, &claims.claims.pid).await.ok()?;
// Defend against a stale pending cookie outliving a 2FA disable.
user.totp_enabled().then_some(user)
}
fn login_totp_view(v: &TeraView, jar: &CookieJar, error: Option<&str>) -> Result<Response> {
format::view(
v,
"auth/login_totp.html",
json!({
"error": error,
"logged_in_admin": false,
"lang": current_lang(jar),
}),
)
}
#[debug_handler]
async fn login_totp_page(
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
) -> Result<Response> {
if user_from_pending(&ctx, &jar).await.is_none() {
return format::redirect("/login");
}
login_totp_view(&v, &jar, None)
}
/// Second login factor. Accepts either a 6-digit authenticator code or one of
/// the one-time backup codes (auto-detected by length). On success the pending
/// cookie is cleared and the real `auth_token` is issued.
#[derive(Debug, serde::Deserialize)]
struct TotpLoginForm {
code: String,
}
#[debug_handler]
async fn login_totp(
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
Form(form): Form<TotpLoginForm>,
) -> Result<Response> {
let Some(user) = user_from_pending(&ctx, &jar).await else {
return format::redirect("/login");
};
let code = form.code.trim();
let via_totp = user.verify_totp_code(code);
let via_backup = !via_totp && user.matches_backup_code(code);
if !via_totp && !via_backup {
return login_totp_view(&v, &jar, Some("invalid"));
}
// A used backup code must be burned so it can't be replayed.
if via_backup {
user.clone().into_active_model().consume_backup_code(&ctx.db, code).await?;
}
let jwt_secret = ctx.config.get_jwt_config()?;
let token = user
.generate_jwt(&jwt_secret.secret, jwt_secret.expiration)
.or_else(|_| unauthorized("unauthorized!"))?;
format::render()
.cookies(&[
auth_controller::auth_cookie(&token, jwt_secret.expiration),
auth_controller::clear_totp_pending_cookie(),
])?
.redirect(home_for(&ctx, &user))
}
#[debug_handler]
async fn register_page(
jar: CookieJar,
@@ -106,13 +206,50 @@ async fn register_page(
register_view(&v, &jar, None)
}
/// Registration form. The name is no longer collected from the user — it is
/// derived from the email — and the password is entered twice to guard against
/// typos.
#[derive(Debug, serde::Deserialize)]
struct RegisterForm {
email: String,
password: String,
password_confirm: String,
#[serde(default)]
account_type: Option<String>,
}
/// Derive a display name from an email address (its local part), falling back to
/// the full address when the local part is too short for the name validator.
fn name_from_email(email: &str) -> String {
let local = email.split('@').next().unwrap_or("").trim();
if local.chars().count() >= 2 {
local.to_string()
} else {
email.trim().to_string()
}
}
#[debug_handler]
async fn register(
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
Form(params): Form<RegisterParams>,
Form(form): Form<RegisterForm>,
) -> Result<Response> {
if form.password != form.password_confirm {
return register_view(&v, &jar, Some("mismatch"));
}
if form.password.len() < 8 {
return register_view(&v, &jar, Some("weak"));
}
let params = RegisterParams {
name: name_from_email(&form.email),
email: form.email,
password: form.password,
account_type: form.account_type,
};
let user = match users::Model::create_with_password(&ctx.db, &params).await {
Ok(user) => user,
Err(ModelError::EntityAlreadyExists {}) => {
@@ -185,6 +322,127 @@ fn verified_view(v: &TeraView, jar: &CookieJar, ok: bool) -> Result<Response> {
)
}
/// Resend the email-verification link. Throttled per account (see
/// [`users::Model::verification_resend_wait_secs`]) so it can't be used to spam
/// an inbox, and always returns the same neutral message so it can't be used to
/// probe which addresses are registered.
#[derive(Debug, serde::Deserialize)]
struct ResendVerificationForm {
email: String,
}
fn resend_verification_view(v: &TeraView, jar: &CookieJar, done: bool) -> Result<Response> {
format::view(
v,
"auth/resend_verification.html",
json!({
"done": done,
"logged_in_admin": false,
"lang": current_lang(jar),
}),
)
}
#[debug_handler]
async fn resend_verification_page(
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
) -> Result<Response> {
resend_verification_view(&v, &jar, false)
}
#[debug_handler]
async fn resend_verification(
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
Form(form): Form<ResendVerificationForm>,
) -> Result<Response> {
// Resend only for a real, still-unverified account that is past its cooldown.
// Anything else (unknown email, already verified, too soon) silently does
// nothing — the response is identical either way.
if let Ok(user) = users::Model::find_by_email(&ctx.db, form.email.trim()).await {
if user.email_verified_at.is_none() && user.verification_resend_wait_secs() == 0 {
match user.into_active_model().set_email_verification_sent(&ctx.db).await {
Ok(user) => {
if let Err(err) = AuthMailer::send_welcome(&ctx, &user).await {
tracing::error!(error = %err, "failed to resend verification email");
}
}
Err(err) => tracing::error!(error = %err, "failed to refresh verification token"),
}
} else {
tracing::info!("verification resend skipped (already verified or within cooldown)");
}
}
resend_verification_view(&v, &jar, true)
}
/// Set-password form for accounts created during checkout (and any account that
/// has a valid reset token). Reuses the password-reset token machinery.
#[derive(Debug, serde::Deserialize)]
struct SetPasswordForm {
token: String,
password: String,
password_confirm: String,
}
fn set_password_view(
v: &TeraView,
jar: &CookieJar,
token: &str,
valid: bool,
error: Option<&str>,
) -> Result<Response> {
format::view(
v,
"auth/set_password.html",
json!({
"token": token,
"valid": valid,
"error": error,
"logged_in_admin": false,
"lang": current_lang(jar),
}),
)
}
#[debug_handler]
async fn set_password_page(
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
Path(token): Path<String>,
) -> Result<Response> {
let valid = users::Model::find_by_reset_token(&ctx.db, &token).await.is_ok();
set_password_view(&v, &jar, &token, valid, None)
}
#[debug_handler]
async fn set_password(
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
Form(form): Form<SetPasswordForm>,
) -> Result<Response> {
let Ok(user) = users::Model::find_by_reset_token(&ctx.db, &form.token).await else {
return set_password_view(&v, &jar, &form.token, false, None);
};
if form.password != form.password_confirm {
return set_password_view(&v, &jar, &form.token, true, Some("mismatch"));
}
if form.password.len() < 8 {
return set_password_view(&v, &jar, &form.token, true, Some("weak"));
}
// Setting the password through an emailed link also proves email ownership,
// so the account is marked verified here.
let user = user.into_active_model().reset_password(&ctx.db, &form.password).await?;
if user.email_verified_at.is_none() {
user.into_active_model().verified(&ctx.db).await?;
}
format::redirect("/login")
}
#[debug_handler]
async fn logout() -> Result<Response> {
format::render()
@@ -208,9 +466,15 @@ pub fn routes() -> Routes {
Routes::new()
.add("/login", get(login_page))
.add("/login", post(login))
.add("/login/totp", get(login_totp_page))
.add("/login/totp", post(login_totp))
.add("/register", get(register_page))
.add("/register", post(register))
.add("/verify/{token}", get(verify))
.add("/resend-verification", get(resend_verification_page))
.add("/resend-verification", post(resend_verification))
.add("/set-password/{token}", get(set_password_page))
.add("/set-password", post(set_password))
.add("/logout", post(logout))
.add("/admin", get(admin_entry))
}

122
src/controllers/cart.rs
View File

@@ -1,4 +1,4 @@
use crate::{controllers::i18n::current_lang, shared::money::format_price, models::products};
use crate::{controllers::i18n::current_lang, shared::{guard, money::format_price, pricing}, models::{product_variants, products}};
use axum::{
http::{HeaderMap, StatusCode},
response::Redirect,
@@ -15,22 +15,22 @@ const CART_MAX_AGE_DAYS: i64 = 30;
#[derive(Debug, Deserialize)]
struct AddForm {
product_id: i32,
variant_id: i32,
quantity: Option<i32>,
}
#[derive(Debug, Deserialize)]
struct UpdateForm {
product_id: i32,
variant_id: i32,
quantity: i32,
}
#[derive(Debug, Deserialize)]
struct RemoveForm {
product_id: i32,
variant_id: i32,
}
/// Parse the `cart` cookie ("id:qty,id:qty") into `(product_id, quantity)`
/// Parse the `cart` cookie ("id:qty,id:qty") into `(variant_id, quantity)`
/// pairs, silently dropping malformed or non-positive entries.
pub(crate) fn parse_cart(jar: &CookieJar) -> Vec<(i32, i32)> {
let Some(cookie) = jar.get(CART_COOKIE) else {
@@ -64,12 +64,23 @@ fn cart_cookie(value: String) -> Cookie<'static> {
.build()
}
/// Look up a published product, returning its current stock cap.
async fn published_product(ctx: &AppContext, id: i32) -> Result<Option<products::Model>> {
Ok(products::Entity::find_by_id(id)
/// Look up a variant whose product is published, returning the variant together
/// with its parent product (for name/slug/currency).
async fn published_variant(
ctx: &AppContext,
variant_id: i32,
) -> Result<Option<(product_variants::Model, products::Model)>> {
let Some(variant) = product_variants::Entity::find_by_id(variant_id)
.one(&ctx.db)
.await?
else {
return Ok(None);
};
let product = products::Entity::find_by_id(variant.product_id)
.filter(products::Column::Published.eq(true))
.one(&ctx.db)
.await?)
.await?;
Ok(product.map(|p| (variant, p)))
}
#[debug_handler]
@@ -79,16 +90,16 @@ async fn add(
headers: HeaderMap,
Form(form): Form<AddForm>,
) -> Result<Response> {
let Some(product) = published_product(&ctx, form.product_id).await? else {
let Some((variant, _product)) = published_variant(&ctx, form.variant_id).await? else {
return Err(Error::NotFound);
};
let mut items = parse_cart(&jar);
let add_qty = form.quantity.unwrap_or(1).max(1);
if let Some(entry) = items.iter_mut().find(|(id, _)| *id == product.id) {
entry.1 = (entry.1 + add_qty).min(product.stock);
if let Some(entry) = items.iter_mut().find(|(id, _)| *id == variant.id) {
entry.1 = variant.cap(entry.1 + add_qty);
} else {
items.push((product.id, add_qty.min(product.stock)));
items.push((variant.id, variant.cap(add_qty)));
}
items.retain(|(_, qty)| *qty > 0);
@@ -117,14 +128,15 @@ async fn update(
headers: HeaderMap,
Form(form): Form<UpdateForm>,
) -> Result<Response> {
let stock = published_product(&ctx, form.product_id)
.await?
.map(|p| p.stock)
.unwrap_or(0);
// Clamp the requested quantity to what's available (no cap for untracked
// variants); a removed variant clamps to 0 and drops out below.
let clamped = match published_variant(&ctx, form.variant_id).await? {
Some((variant, _)) => variant.cap(form.quantity),
None => 0,
};
let mut items = parse_cart(&jar);
let clamped = form.quantity.clamp(0, stock);
if let Some(entry) = items.iter_mut().find(|(id, _)| *id == form.product_id) {
if let Some(entry) = items.iter_mut().find(|(id, _)| *id == form.variant_id) {
entry.1 = clamped;
}
items.retain(|(_, qty)| *qty > 0);
@@ -142,7 +154,7 @@ async fn remove(
Form(form): Form<RemoveForm>,
) -> Result<Response> {
let mut items = parse_cart(&jar);
items.retain(|(id, _)| *id != form.product_id);
items.retain(|(id, _)| *id != form.variant_id);
let jar = jar.add(cart_cookie(serialize_cart(&items)));
cart_response(&ctx, &v, jar, &headers).await
@@ -189,29 +201,43 @@ pub(crate) async fn resolve_cart(
ctx: &AppContext,
jar: &CookieJar,
) -> Result<(Vec<serde_json::Value>, Vec<(i32, i32)>, i64)> {
let mut lines = Vec::new();
let mut valid = Vec::new();
let mut total: i64 = 0;
// Resolve the cart entries to in-stock products first, then price them all
// for the current viewer in one batch (the price depends on who's logged in).
let user = guard::current_user(ctx, jar).await;
let mut items: Vec<(product_variants::Model, products::Model, i32)> = Vec::new();
for (id, qty) in parse_cart(jar) {
let Some(product) = published_product(ctx, id).await? else {
let Some((variant, product)) = published_variant(ctx, id).await? else {
continue;
};
let qty = qty.clamp(0, product.stock);
let qty = variant.cap(qty);
if qty == 0 {
continue;
}
let line_total = product.price_cents * i64::from(qty);
items.push((variant, product, qty));
}
let variants_only: Vec<product_variants::Model> =
items.iter().map(|(v, _, _)| v.clone()).collect();
let priced = pricing::price_variants(ctx, &variants_only, user.as_ref()).await?;
let mut lines = Vec::new();
let mut valid = Vec::new();
let mut total: i64 = 0;
for ((variant, product, qty), priced) in items.iter().zip(priced.iter()) {
let unit_price = priced.price_cents;
let line_total = unit_price * i64::from(*qty);
total += line_total;
valid.push((product.id, qty));
valid.push((variant.id, *qty));
lines.push(json!({
"id": product.id,
"id": variant.id,
"name": product.name,
"variant_label": variant.label,
"slug": product.slug,
"price": format_price(product.price_cents),
"price": format_price(unit_price),
"regular_price": format_price(priced.regular_cents),
"on_sale": priced.is_reduced(),
"currency": product.currency,
"quantity": qty,
"stock": product.stock,
"stock": variant.stock,
"line_total": format_price(line_total),
}));
}
@@ -234,6 +260,7 @@ async fn show(
// Drop any now-invalid lines from the cookie so the badge stays accurate.
let rebuilt = serialize_cart(&valid);
let c = guard::chrome(&ctx, &jar).await;
let response = format::view(
&v,
"shop/cart.html",
@@ -241,6 +268,10 @@ async fn show(
"items": lines,
"total": format_price(total),
"currency": currency,
"logged_in_admin": c.logged_in_admin,
"logged_in_customer": c.logged_in_customer,
"customer_name": c.customer_name,
"customer_account_type": c.customer_account_type,
"lang": current_lang(&jar),
}),
)?;
@@ -248,10 +279,39 @@ async fn show(
Ok((jar.add(cart_cookie(rebuilt)), response).into_response())
}
/// Mini-cart preview for the navbar hover dropdown. Lazy-loaded via htmx from
/// the header; returns just the `shop/_cart_preview.html` fragment.
#[debug_handler]
async fn preview(
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
) -> Result<Response> {
let (lines, valid, total) = resolve_cart(&ctx, &jar).await?;
let currency = lines
.first()
.and_then(|line| line["currency"].as_str())
.unwrap_or("EUR")
.to_string();
let rebuilt = serialize_cart(&valid);
let response = format::view(
&v,
"shop/_cart_preview.html",
json!({
"items": lines,
"total": format_price(total),
"currency": currency,
"lang": current_lang(&jar),
}),
)?;
Ok((jar.add(cart_cookie(rebuilt)), response).into_response())
}
pub fn routes() -> Routes {
Routes::new()
.add("/cart", get(show))
.add("/cart/add", post(add))
.add("/cart/update", post(update))
.add("/cart/remove", post(remove))
.add("/partials/cart", get(preview))
}

179
src/controllers/checkout.rs
View File

@@ -1,6 +1,7 @@
//! Public checkout flow: the checkout form, placing an order, and the order
//! confirmation page.
use axum::extract::Query;
use axum_extra::extract::cookie::{Cookie, CookieJar, SameSite};
use loco_rs::prelude::*;
use sea_orm::{ColumnTrait, EntityTrait, QueryFilter, QueryOrder};
@@ -10,9 +11,14 @@ use time::Duration as TimeDuration;
use crate::{
controllers::cart::{resolve_cart, CART_COOKIE},
models::{order_items, orders, shipping_methods},
mailers::auth::AuthMailer,
models::{
customer_profiles::{self, ProfileFields},
order_items, orders, shipping_methods,
users::{self, normalize_account_type},
},
controllers::i18n::current_lang,
shared::{money::format_price, settings},
shared::{guard, money::format_price, settings},
views::checkout as view,
};
@@ -24,6 +30,11 @@ struct CheckoutForm {
phone_prefix: String,
phone: String,
customer_name: String,
account_type: Option<String>,
company_name: Option<String>,
company_id: Option<String>,
tax_id: Option<String>,
vat_id: Option<String>,
address: String,
city: String,
zip: String,
@@ -33,6 +44,10 @@ struct CheckoutForm {
carrier_code: String,
pickup_point_id: Option<String>,
pickup_point_name: Option<String>,
// Present (as "on") only when a logged-in customer ticks "save my address".
save_profile: Option<String>,
// Present only when a guest ticks "create an account from this order".
create_account: Option<String>,
}
fn trimmed(value: &str) -> Option<String> {
@@ -86,6 +101,25 @@ async fn checkout_page(
})
.collect();
// Prefill the form for a logged-in customer: contact name/email come from
// the user account, the address/phone from their saved profile (if any).
let user = guard::current_user(&ctx, &jar).await;
let is_admin = user.as_ref().is_some_and(|u| guard::is_admin(&ctx, u));
let is_customer = user.is_some() && !is_admin;
let profile = match (&user, is_customer) {
(Some(u), true) => customer_profiles::Model::find_for_user(&ctx.db, u.id).await?,
_ => None,
};
let p = |get: fn(&customer_profiles::Model) -> Option<String>| {
profile.as_ref().and_then(get)
};
// Whether the customer already has a shipping address on file. When they do,
// the "save this address to my profile" opt-in is pointless (the profile was
// filled in advance), so it's hidden and the existing profile is left alone.
let profile_filled = profile
.as_ref()
.is_some_and(|pr| pr.address.is_some() && pr.city.is_some() && pr.zip.is_some());
format::view(
&v,
"shop/checkout.html",
@@ -96,6 +130,30 @@ async fn checkout_page(
"currency": currency,
"shipping_methods": methods,
"packeta_api_key": settings::get(&ctx, "packeta_api_key").unwrap_or(""),
"logged_in_admin": is_admin,
"logged_in_customer": is_customer,
// Required by the navbar profile menu (base.html includes it whenever
// logged_in_customer is true); None for admins/guests.
"customer_name": user.as_ref().filter(|_| is_customer).map(|u| u.name.clone()),
"customer_account_type": user.as_ref().filter(|_| is_customer).map(|u| u.account_type.clone()),
"profile_filled": profile_filled,
// A logged-in customer's account type is fixed; only guests pick it
// and may opt to create an account from the order.
"account_fixed": is_customer,
"can_create_account": user.is_none(),
"prefill_email": user.as_ref().filter(|_| is_customer).map(|u| u.email.clone()),
"prefill_name": user.as_ref().filter(|_| is_customer).map(|u| u.name.clone()),
"prefill_account_type": user.as_ref().filter(|_| is_customer).map_or("personal", |u| u.account_type.as_str()),
"prefill_company_name": p(|x| x.company_name.clone()),
"prefill_company_id": p(|x| x.company_id.clone()),
"prefill_tax_id": p(|x| x.tax_id.clone()),
"prefill_vat_id": p(|x| x.vat_id.clone()),
"prefill_phone_prefix": p(|x| x.phone_prefix.clone()),
"prefill_phone": p(|x| x.phone.clone()),
"prefill_address": p(|x| x.address.clone()),
"prefill_city": p(|x| x.city.clone()),
"prefill_zip": p(|x| x.zip.clone()),
"prefill_country": p(|x| x.country.clone()),
"lang": current_lang(&jar),
}),
)
@@ -119,7 +177,7 @@ async fn place_order(
trimmed(&form.phone).ok_or_else(|| Error::BadRequest("phone is required".to_string()))?;
let phone = match trimmed(&form.phone_prefix) {
Some(prefix) => format!("{prefix} {number}"),
None => number,
None => number.clone(),
};
// Contact and shipping-address fields are mandatory (also enforced in the
@@ -133,6 +191,31 @@ async fn place_order(
let zip = require(&form.zip, "zip")?;
let country = require(&form.country, "country")?;
// The account type is fixed for a logged-in customer (taken from their
// account, never the form); a guest picks it on the form. Admins are treated
// as guests here.
let current_user = guard::current_user(&ctx, &jar).await;
let logged_in_customer = current_user
.as_ref()
.filter(|u| !guard::is_admin(&ctx, u));
let account_type = match logged_in_customer {
Some(u) => u.account_type.clone(),
None => normalize_account_type(form.account_type.as_deref()),
};
// Company purchases must carry the invoicing identifiers (IČO + DIČ
// required, IČ DPH optional). Personal orders carry none.
let (company_name, company_id, tax_id, vat_id) = if account_type == "company" {
(
Some(require(form.company_name.as_deref().unwrap_or(""), "company name")?),
Some(require(form.company_id.as_deref().unwrap_or(""), "IČO")?),
Some(require(form.tax_id.as_deref().unwrap_or(""), "DIČ")?),
form.vat_id.as_deref().and_then(trimmed),
)
} else {
(None, None, None, None)
};
if !PAYMENT_METHODS.contains(&form.payment_method.as_str()) {
return Err(Error::BadRequest("invalid payment method".to_string()));
}
@@ -157,6 +240,74 @@ async fn place_order(
(None, None)
};
// The address/contact captured here, ready to seed a profile (for the
// logged-in "save my address" opt-in or a freshly created guest account).
let entered_profile = || ProfileFields {
company_name: company_name.clone(),
company_id: company_id.clone(),
tax_id: tax_id.clone(),
vat_id: vat_id.clone(),
phone_prefix: trimmed(&form.phone_prefix),
phone: Some(number.clone()),
address: Some(address.clone()),
city: Some(city.clone()),
zip: Some(zip.clone()),
country: Some(country.clone()),
};
// Resolve the account that will own this order. A logged-in customer always
// owns their orders. A guest may opt to create an account from the order;
// the new account's type matches what they bought as, its profile is seeded
// from the entered details, and a "set your password" link is emailed. If
// the email already belongs to an account we silently fall back to a guest
// order (no hijacking an existing account).
let mut order_user_id = logged_in_customer.map(|u| u.id);
let mut account_created = false;
if order_user_id.is_none() && form.create_account.is_some() {
match users::Model::create_guest_account(&ctx.db, &email, &customer_name, &account_type)
.await
{
Ok(new_user) => {
if let Err(err) =
customer_profiles::Model::upsert(&ctx.db, new_user.id, entered_profile()).await
{
tracing::error!(error = %err, user_id = new_user.id, "failed to seed guest profile");
}
let user_id = new_user.id;
match new_user.into_active_model().set_forgot_password_sent(&ctx.db).await {
Ok(user) => {
if let Err(err) = AuthMailer::send_set_password(&ctx, &user).await {
tracing::error!(error = %err, "failed to send set-password email");
}
order_user_id = Some(user_id);
account_created = true;
}
Err(err) => {
tracing::error!(error = %err, "failed to issue set-password token");
order_user_id = Some(user_id);
}
}
}
Err(ModelError::EntityAlreadyExists {}) => {
tracing::info!(email = %email, "checkout account-create skipped: email already registered");
}
Err(err) => tracing::error!(error = %err, "failed to create checkout account"),
}
}
// If a logged-in customer opted in, persist this address to their profile so
// the next checkout is prefilled. Best-effort: a failure here is logged but
// must not block the order.
if form.save_profile.is_some() {
if let Some(user) = logged_in_customer {
if let Err(err) =
customer_profiles::Model::upsert(&ctx.db, user.id, entered_profile()).await
{
tracing::error!(error = %err, user_id = user.id, "failed to save checkout profile");
}
}
}
let order = orders::place(
&ctx,
&valid,
@@ -164,6 +315,12 @@ async fn place_order(
email,
phone,
customer_name: Some(customer_name),
user_id: order_user_id,
account_type,
company_name,
company_id,
tax_id,
vat_id,
address: Some(address),
city: Some(city),
zip: Some(zip),
@@ -174,12 +331,18 @@ async fn place_order(
pickup_point_id,
pickup_point_name,
},
logged_in_customer,
)
.await?;
let target = if account_created {
format!("/orders/{}?account_created=1", order.order_number)
} else {
format!("/orders/{}", order.order_number)
};
format::render()
.cookies(&[cleared_cart_cookie()])?
.redirect(&format!("/orders/{}", order.order_number))
.redirect(&target)
}
#[debug_handler]
@@ -187,6 +350,7 @@ async fn order_confirmation(
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
Path(order_number): Path<String>,
Query(params): Query<std::collections::HashMap<String, String>>,
State(ctx): State<AppContext>,
) -> Result<Response> {
let order = orders::Entity::find()
@@ -198,6 +362,8 @@ async fn order_confirmation(
.filter(order_items::Column::OrderId.eq(order.id))
.all(&ctx.db)
.await?;
let c = guard::chrome(&ctx, &jar).await;
let account_created = params.contains_key("account_created");
format::view(
&v,
@@ -209,6 +375,11 @@ async fn order_confirmation(
settings::get(&ctx, "bank_account_name").unwrap_or(""),
),
"items": view::items(&items),
"logged_in_admin": c.logged_in_admin,
"logged_in_customer": c.logged_in_customer,
"customer_name": c.customer_name,
"customer_account_type": c.customer_account_type,
"account_created": account_created,
"lang": current_lang(&jar),
}),
)

9
src/controllers/home.rs
View File

@@ -12,14 +12,19 @@ async fn index(
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
) -> Result<Response> {
let products = shop::featured_products(&ctx, 8).await?;
let user = guard::current_user(&ctx, &jar).await;
let products = shop::featured_products(&ctx, user.as_ref(), 8).await?;
let c = guard::chrome_from(&ctx, user.as_ref());
format::view(
&v,
"home/index.html",
json!({
"products": products,
"logged_in_admin": guard::logged_in(&ctx, &jar).await,
"logged_in_admin": c.logged_in_admin,
"logged_in_customer": c.logged_in_customer,
"customer_name": c.customer_name,
"customer_account_type": c.customer_account_type,
"lang": current_lang(&jar),
}),
)

4
src/controllers/mod.rs
View File

@@ -1,7 +1,11 @@
pub mod account;
pub mod auth;
pub mod auth_pages;
pub mod oauth2;
pub mod admin_categories;
pub mod admin_customers;
pub mod admin_dashboard;
pub mod admin_discount_profiles;
pub mod admin_form;
pub mod admin_orders;
pub mod admin_products;

56
src/controllers/oauth2.rs Normal file
View File

@@ -0,0 +1,56 @@
//! HTML OAuth2 (Google) sign-in.
//!
//! The provider round-trip is handled by loco-oauth2's built-in authorize +
//! cookie-callback handlers. The callback upserts the user, stores an OAuth2
//! session, sets loco-oauth2's *private* session cookie, and redirects to the
//! configured `protected_url` — which is our [`complete`] handler. There we
//! trade the OAuth2 session for OUR Loco `auth_token` JWT cookie, so the rest of
//! the app (the Casbin layer, `guard`, the unified `/login`) treats a Google
//! user exactly like a password login. Admins (matching `ADMIN_EMAIL`) land on
//! the dashboard, everyone else on the storefront.
use loco_oauth2::controllers::{
middleware::OAuth2CookieUser,
oauth2::{google_authorization_url, google_callback_cookie},
};
use loco_rs::prelude::*;
use crate::{
controllers::auth as auth_controller,
models::{o_auth2_sessions, users, users::OAuth2UserProfile},
shared::guard,
};
type GoogleCookieUser = OAuth2CookieUser<OAuth2UserProfile, users::Model, o_auth2_sessions::Model>;
/// Bridge from loco-oauth2's session cookie to our own auth cookie.
#[debug_handler]
async fn complete(State(ctx): State<AppContext>, user: GoogleCookieUser) -> Result<Response> {
let user: &users::Model = user.as_ref();
let jwt_secret = ctx.config.get_jwt_config()?;
let token = user
.generate_jwt(&jwt_secret.secret, jwt_secret.expiration)
.or_else(|_| unauthorized("unauthorized!"))?;
let dest = if guard::is_admin(&ctx, user) {
"/admin/dashboard"
} else {
"/"
};
format::render()
.cookies(&[auth_controller::auth_cookie(&token, jwt_secret.expiration)])?
.redirect(dest)
}
pub fn routes() -> Routes {
Routes::new()
.prefix("api/oauth2")
// Redirects the browser to Google's consent screen.
.add("/google", get(google_authorization_url))
// Google redirects back here; loco-oauth2 exchanges the code, upserts
// the user, and redirects to `protected_url` (/api/oauth2/protected).
.add(
"/google/callback/cookie",
get(google_callback_cookie::<OAuth2UserProfile, users::Model, o_auth2_sessions::Model>),
)
.add("/protected", get(complete))
}

100
src/controllers/shop.rs
View File

@@ -8,17 +8,41 @@ use serde_json::json;
use crate::{
controllers::i18n::current_lang,
shared::guard,
models::{categories, product_images, products},
shared::{guard, pricing},
models::{categories, product_images, product_variants, products, users},
views::shop as view,
};
/// Shape a list of products into card rows, loading each one's primary image.
async fn product_rows(ctx: &AppContext, list: Vec<products::Model>) -> Result<Vec<serde_json::Value>> {
let mut rows = Vec::with_capacity(list.len());
for product in list {
/// Shape a list of products into card rows for `user` (None = public). Each card
/// shows the resolved price of the product's representative (first) variant; the
/// `variant_count` lets the template render "from {price}" for multi-variant
/// products. Products with no variants are skipped (not purchasable).
async fn product_rows(
ctx: &AppContext,
user: Option<&users::Model>,
list: Vec<products::Model>,
) -> Result<Vec<serde_json::Value>> {
let ids: Vec<i32> = list.iter().map(|p| p.id).collect();
let grouped = product_variants::Entity::grouped_for_products(&ctx.db, &ids).await?;
// Representative (first) variant per product, in list order, dropping any
// product that has no variants.
let mut entries: Vec<(&products::Model, product_variants::Model, usize)> = Vec::new();
for product in &list {
if let Some(variants) = grouped.get(&product.id) {
if let Some(first) = variants.first() {
entries.push((product, first.clone(), variants.len()));
}
}
}
let reps: Vec<product_variants::Model> = entries.iter().map(|(_, v, _)| v.clone()).collect();
let priced = pricing::price_variants(ctx, &reps, user).await?;
let mut rows = Vec::with_capacity(entries.len());
for ((product, rep, count), priced) in entries.iter().zip(priced.iter()) {
let image = product_images::first_for(ctx, product.id).await?;
rows.push(view::product_card(&product, image, None));
rows.push(view::product_card(product, rep, priced, *count, image, None));
}
Ok(rows)
}
@@ -27,6 +51,7 @@ async fn product_rows(ctx: &AppContext, list: Vec<products::Model>) -> Result<Ve
/// by the home-page landing grid.
pub(crate) async fn featured_products(
ctx: &AppContext,
user: Option<&users::Model>,
limit: u64,
) -> Result<Vec<serde_json::Value>> {
let list = products::Entity::find()
@@ -35,7 +60,7 @@ pub(crate) async fn featured_products(
.limit(limit)
.all(&ctx.db)
.await?;
product_rows(ctx, list).await
product_rows(ctx, user, list).await
}
/// The site-wide category sidebar, loaded lazily via htmx by the base layout so
@@ -69,12 +94,17 @@ async fn index(
.all(&ctx.db)
.await?;
let user = guard::current_user(&ctx, &jar).await;
let c = guard::chrome_from(&ctx, user.as_ref());
format::view(
&v,
"shop/index.html",
json!({
"products": product_rows(&ctx, list).await?,
"logged_in_admin": guard::logged_in(&ctx, &jar).await,
"products": product_rows(&ctx, user.as_ref(), list).await?,
"logged_in_admin": c.logged_in_admin,
"logged_in_customer": c.logged_in_customer,
"customer_name": c.customer_name,
"customer_account_type": c.customer_account_type,
"lang": current_lang(&jar),
}),
)
@@ -108,14 +138,51 @@ async fn show(
None => None,
};
let user = guard::current_user(&ctx, &jar).await;
let variants = product_variants::Entity::for_product(&ctx.db, product.id).await?;
let variant_prices = pricing::price_variants(&ctx, &variants, user.as_ref()).await?;
let options: Vec<serde_json::Value> = variants
.iter()
.zip(variant_prices.iter())
.map(|(variant, priced)| view::variant_option(variant, priced))
.collect();
// The card header uses the representative (first) variant for its headline
// price; the picker below lets the customer switch.
let representative = variants.first();
let priced = variant_prices.first().copied();
let card = match (representative, priced) {
(Some(rep), Some(priced)) => view::product_card(
&product,
rep,
&priced,
variants.len(),
None,
category.as_ref().map(|c| c.name.clone()),
),
// A product with no variants isn't purchasable; show it without a price.
_ => serde_json::json!({
"id": product.id,
"name": product.name,
"slug": product.slug,
"description": product.description,
"currency": product.currency,
"variant_count": 0,
"has_options": false,
}),
};
let c = guard::chrome_from(&ctx, user.as_ref());
format::view(
&v,
"shop/show.html",
json!({
"product": view::product_card(&product, None, category.as_ref().map(|c| c.name.clone())),
"product": card,
"variants": options,
"images": images.iter().map(|i| i.image_id.clone()).collect::<Vec<_>>(),
"category": category,
"logged_in_admin": guard::logged_in(&ctx, &jar).await,
"logged_in_admin": c.logged_in_admin,
"logged_in_customer": c.logged_in_customer,
"customer_name": c.customer_name,
"customer_account_type": c.customer_account_type,
"lang": current_lang(&jar),
}),
)
@@ -151,6 +218,8 @@ async fn category(
.all(&ctx.db)
.await?;
let user = guard::current_user(&ctx, &jar).await;
let c = guard::chrome_from(&ctx, user.as_ref());
format::view(
&v,
"shop/category.html",
@@ -158,8 +227,11 @@ async fn category(
"category": category,
"breadcrumbs": breadcrumbs,
"children": children,
"products": product_rows(&ctx, list).await?,
"logged_in_admin": guard::logged_in(&ctx, &jar).await,
"products": product_rows(&ctx, user.as_ref(), list).await?,
"logged_in_admin": c.logged_in_admin,
"logged_in_customer": c.logged_in_customer,
"customer_name": c.customer_name,
"customer_account_type": c.customer_account_type,
"lang": current_lang(&jar),
}),
)

2
src/fixtures/users.yaml
View File

@@ -6,6 +6,7 @@
api_key: lo-95ec80d7-cb60-4b70-9b4b-9ef74cb88758
name: user1
theme: light
account_type: personal
created_at: "2023-11-12T12:34:56.789Z"
updated_at: "2023-11-12T12:34:56.789Z"
- id: 3
@@ -15,5 +16,6 @@
api_key: lo-153561ca-fa84-4e1b-813a-c62526d0a77e
name: user2
theme: light
account_type: personal
created_at: "2023-11-12T12:34:56.789Z"
updated_at: "2023-11-12T12:34:56.789Z"

1
src/initializers/admin_seeder.rs
View File

@@ -43,6 +43,7 @@ impl Initializer for AdminSeeder {
email: email.clone(),
password,
name,
account_type: None,
},
)
.await?;

2
src/initializers/mod.rs
View File

@@ -1,3 +1,5 @@
pub mod admin_seeder;
pub mod oauth2;
pub mod oauth2_session;
pub mod shipping_seeder;
pub mod view_engine;

36
src/initializers/oauth2.rs Normal file
View File

@@ -0,0 +1,36 @@
//! Builds the loco-oauth2 client store from `initializers.oauth2` config and
//! injects it as an Axum extension so the oauth2 controllers can reach it.
use axum::{Extension, Router as AxumRouter};
use loco_oauth2::{config::Config as OAuth2Config, OAuth2ClientStore};
use loco_rs::prelude::*;
pub struct OAuth2StoreInitializer;
#[async_trait]
impl Initializer for OAuth2StoreInitializer {
fn name(&self) -> String {
"oauth2-store".to_string()
}
async fn after_routes(&self, router: AxumRouter, ctx: &AppContext) -> Result<AxumRouter> {
let settings = ctx.config.initializers.clone().ok_or_else(|| {
Error::Message("Initializers config not configured for OAuth2".to_string())
})?;
let oauth2_config_value = settings
.get("oauth2")
.ok_or_else(|| {
Error::Message("oauth2 config not found in initializers configuration".to_string())
})?
.clone();
let oauth2_config: OAuth2Config = oauth2_config_value.try_into().map_err(|e| {
tracing::error!(error = ?e, "could not convert oauth2 config from yaml");
Error::Message("could not convert oauth2 config from yaml".to_string())
})?;
let oauth2_store = OAuth2ClientStore::new(oauth2_config).map_err(|e| {
tracing::error!(error = ?e, "could not create oauth2 store from config");
Error::Message("could not create oauth2 store from config".to_string())
})?;
Ok(router.layer(Extension(oauth2_store)))
}
}

25
src/initializers/oauth2_session.rs Normal file
View File

@@ -0,0 +1,25 @@
//! tower-sessions layer that loco-oauth2 uses to hold the short-lived CSRF /
//! PKCE state between the authorize redirect and the provider callback. An
//! in-memory store is sufficient since the state only needs to survive the
//! round-trip to the provider.
use axum::Router as AxumRouter;
use loco_rs::prelude::*;
use tower_sessions::{cookie::time::Duration, Expiry, MemoryStore, SessionManagerLayer};
pub struct OAuth2SessionInitializer;
#[async_trait]
impl Initializer for OAuth2SessionInitializer {
fn name(&self) -> String {
"oauth2-session".to_string()
}
async fn after_routes(&self, router: AxumRouter, _ctx: &AppContext) -> Result<AxumRouter> {
let session_store = MemoryStore::default();
let session_layer = SessionManagerLayer::new(session_store)
.with_secure(false)
.with_expiry(Expiry::OnInactivity(Duration::minutes(10)));
Ok(router.layer(session_layer))
}
}

30
src/initializers/view_engine.rs
View File

@@ -6,6 +6,7 @@ use loco_rs::{
controller::views::{engines, ViewEngine},
Error, Result,
};
use std::collections::HashMap;
use tracing::info;
const I18N_DIR: &str = "assets/i18n";
@@ -23,7 +24,9 @@ impl Initializer for ViewEngineInitializer {
}
async fn after_routes(&self, router: AxumRouter, _ctx: &AppContext) -> Result<AxumRouter> {
let tera_engine = if std::path::Path::new(I18N_DIR).exists() {
// Load locales only if present; `t` is registered conditionally below so
// the single post-process closure covers both cases.
let locales = if std::path::Path::new(I18N_DIR).exists() {
let arc = std::sync::Arc::new(
ArcLoader::builder(&I18N_DIR, unic_langid::langid!("sk"))
.shared_resources(Some(&[I18N_SHARED.into()]))
@@ -32,15 +35,28 @@ impl Initializer for ViewEngineInitializer {
.map_err(|e| Error::string(&e.to_string()))?,
);
info!("locales loaded");
engines::TeraView::build()?.post_process(move |tera| {
tera.register_function("t", FluentLoader::new(arc.clone()));
Ok(())
})?
Some(arc)
} else {
engines::TeraView::build()?
None
};
let tera_engine = engines::TeraView::build()?.post_process(move |tera| {
if let Some(arc) = &locales {
tera.register_function("t", FluentLoader::new(arc.clone()));
}
// `csrf_token()`: the in-flight request's CSRF token (bound by
// `shared::csrf::protect`), rendered into `<body hx-headers>` and
// `ui::csrf_field()`. Inlined so its `tera::Error` return is inferred
// from `register_function` — we never name a `tera` type, keeping it
// off our direct deps and pinned to loco's.
tera.register_function("csrf_token", |_args: &HashMap<String, serde_json::Value>| {
Ok(serde_json::Value::String(
crate::shared::csrf::current_token().unwrap_or_default(),
))
});
Ok(())
})?;
Ok(router.layer(Extension(ViewEngine::from(tera_engine))))
}
}

38
src/mailers/auth.rs
View File

@@ -9,10 +9,21 @@ use crate::models::users;
static welcome: Dir<'_> = include_dir!("src/mailers/auth/welcome");
static forgot: Dir<'_> = include_dir!("src/mailers/auth/forgot");
static magic_link: Dir<'_> = include_dir!("src/mailers/auth/magic_link");
static set_password: Dir<'_> = include_dir!("src/mailers/auth/set_password");
#[allow(clippy::module_name_repetitions)]
pub struct AuthMailer {}
impl Mailer for AuthMailer {}
impl Mailer for AuthMailer {
/// Override the framework default (`System <system@example.com>`), which any
/// real MX rejects (`example.com` is nullMX). Must be a sender the SMTP
/// account is allowed to send as.
fn opts() -> mailer::MailerOpts {
mailer::MailerOpts {
from: "Kompress <info@kompress.sk>".to_string(),
..Default::default()
}
}
}
impl AuthMailer {
/// Sending welcome email the the given user
///
@@ -62,6 +73,31 @@ impl AuthMailer {
Ok(())
}
/// Sends a "set your password" email to a checkout-created account. Reuses
/// the reset token; the link lands on the HTML `/set-password/{token}` page.
///
/// # Errors
///
/// When email sending is failed
pub async fn send_set_password(ctx: &AppContext, user: &users::Model) -> Result<()> {
Self::mail_template(
ctx,
&set_password,
mailer::Args {
to: user.email.to_string(),
locals: json!({
"name": user.name,
"resetToken": user.reset_token,
"domain": ctx.config.server.full_url()
}),
..Default::default()
},
)
.await?;
Ok(())
}
/// Sends a magic link authentication email to the user.
///
/// # Errors

10
src/mailers/auth/set_password/html.t Normal file
View File

@@ -0,0 +1,10 @@
<html>
<body>
Hey {{name}},
Thanks for your order! We created an account for you. Set your password to finish, then you can track your orders:
<a href="{{domain}}/set-password/{{resetToken}}">Set your password</a>
If you didn't place this order, you can ignore this email.
</body>
</html>

1
src/mailers/auth/set_password/subject.t Normal file
View File

@@ -0,0 +1 @@
Set your password

7
src/mailers/auth/set_password/text.t Normal file
View File

@@ -0,0 +1,7 @@
Hey {{name}},
Thanks for your order! We created an account for you. Set your password to finish, then you can track your orders:
{{domain}}/set-password/{{resetToken}}
If you didn't place this order, you can ignore this email.

47
src/models/_entities/account_discount_profiles.rs Normal file
View File

@@ -0,0 +1,47 @@
//! `SeaORM` Entity, @generated by sea-orm-codegen 1.1.19
use sea_orm::entity::prelude::*;
use serde::{Deserialize, Serialize};
#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
#[sea_orm(table_name = "account_discount_profiles")]
pub struct Model {
pub created_at: DateTimeWithTimeZone,
pub updated_at: DateTimeWithTimeZone,
#[sea_orm(primary_key)]
pub id: i32,
pub user_id: i32,
pub discount_profile_id: i32,
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {
#[sea_orm(
belongs_to = "super::discount_profiles::Entity",
from = "Column::DiscountProfileId",
to = "super::discount_profiles::Column::Id",
on_update = "Cascade",
on_delete = "Cascade"
)]
DiscountProfiles,
#[sea_orm(
belongs_to = "super::users::Entity",
from = "Column::UserId",
to = "super::users::Column::Id",
on_update = "Cascade",
on_delete = "Cascade"
)]
Users,
}
impl Related<super::discount_profiles::Entity> for Entity {
fn to() -> RelationDef {
Relation::DiscountProfiles.def()
}
}
impl Related<super::users::Entity> for Entity {
fn to() -> RelationDef {
Relation::Users.def()
}
}

48
src/models/_entities/account_product_prices.rs Normal file
View File

@@ -0,0 +1,48 @@
//! `SeaORM` Entity, @generated by sea-orm-codegen 1.1.19
use sea_orm::entity::prelude::*;
use serde::{Deserialize, Serialize};
#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
#[sea_orm(table_name = "account_product_prices")]
pub struct Model {
pub created_at: DateTimeWithTimeZone,
pub updated_at: DateTimeWithTimeZone,
#[sea_orm(primary_key)]
pub id: i32,
pub price_cents: i64,
pub user_id: i32,
pub variant_id: i32,
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {
#[sea_orm(
belongs_to = "super::product_variants::Entity",
from = "Column::VariantId",
to = "super::product_variants::Column::Id",
on_update = "NoAction",
on_delete = "Cascade"
)]
ProductVariants,
#[sea_orm(
belongs_to = "super::users::Entity",
from = "Column::UserId",
to = "super::users::Column::Id",
on_update = "Cascade",
on_delete = "Cascade"
)]
Users,
}
impl Related<super::product_variants::Entity> for Entity {
fn to() -> RelationDef {
Relation::ProductVariants.def()
}
}
impl Related<super::users::Entity> for Entity {
fn to() -> RelationDef {
Relation::Users.def()
}
}

62
src/models/_entities/account_product_resolutions.rs Normal file
View File

@@ -0,0 +1,62 @@
//! `SeaORM` Entity, @generated by sea-orm-codegen 1.1.19
use sea_orm::entity::prelude::*;
use serde::{Deserialize, Serialize};
#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
#[sea_orm(table_name = "account_product_resolutions")]
pub struct Model {
pub created_at: DateTimeWithTimeZone,
pub updated_at: DateTimeWithTimeZone,
#[sea_orm(primary_key)]
pub id: i32,
pub user_id: i32,
pub discount_profile_id: i32,
pub variant_id: i32,
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {
#[sea_orm(
belongs_to = "super::discount_profiles::Entity",
from = "Column::DiscountProfileId",
to = "super::discount_profiles::Column::Id",
on_update = "Cascade",
on_delete = "Cascade"
)]
DiscountProfiles,
#[sea_orm(
belongs_to = "super::product_variants::Entity",
from = "Column::VariantId",
to = "super::product_variants::Column::Id",
on_update = "NoAction",
on_delete = "Cascade"
)]
ProductVariants,
#[sea_orm(
belongs_to = "super::users::Entity",
from = "Column::UserId",
to = "super::users::Column::Id",
on_update = "Cascade",
on_delete = "Cascade"
)]
Users,
}
impl Related<super::discount_profiles::Entity> for Entity {
fn to() -> RelationDef {
Relation::DiscountProfiles.def()
}
}
impl Related<super::product_variants::Entity> for Entity {
fn to() -> RelationDef {
Relation::ProductVariants.def()
}
}
impl Related<super::users::Entity> for Entity {
fn to() -> RelationDef {
Relation::Users.def()
}
}

33
src/models/_entities/audience_discount_profiles.rs Normal file
View File

@@ -0,0 +1,33 @@
//! `SeaORM` Entity, @generated by sea-orm-codegen 1.1.19
use sea_orm::entity::prelude::*;
use serde::{Deserialize, Serialize};
#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
#[sea_orm(table_name = "audience_discount_profiles")]
pub struct Model {
pub created_at: DateTimeWithTimeZone,
pub updated_at: DateTimeWithTimeZone,
#[sea_orm(primary_key)]
pub id: i32,
pub audience: String,
pub discount_profile_id: i32,
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {
#[sea_orm(
belongs_to = "super::discount_profiles::Entity",
from = "Column::DiscountProfileId",
to = "super::discount_profiles::Column::Id",
on_update = "Cascade",
on_delete = "Cascade"
)]
DiscountProfiles,
}
impl Related<super::discount_profiles::Entity> for Entity {
fn to() -> RelationDef {
Relation::DiscountProfiles.def()
}
}

2
src/models/_entities/audit_logs.rs
View File

@@ -1,4 +1,4 @@
//! `SeaORM` Entity, @generated by sea-orm-codegen 1.1.20
//! `SeaORM` Entity, @generated by sea-orm-codegen 1.1.19
use sea_orm::entity::prelude::*;
use serde::{Deserialize, Serialize};

8
src/models/_entities/categories.rs
View File

@@ -1,4 +1,4 @@
//! `SeaORM` Entity, @generated by sea-orm-codegen 1.1.20
//! `SeaORM` Entity, @generated by sea-orm-codegen 1.1.19
use sea_orm::entity::prelude::*;
use serde::{Deserialize, Serialize};
@@ -23,8 +23,6 @@ pub struct Model {
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {
#[sea_orm(has_many = "super::products::Entity")]
Products,
#[sea_orm(
belongs_to = "Entity",
from = "Column::ParentId",
@@ -32,7 +30,9 @@ pub enum Relation {
on_update = "Cascade",
on_delete = "SetNull"
)]
Parent,
SelfRef,
#[sea_orm(has_many = "super::products::Entity")]
Products,
}
impl Related<super::products::Entity> for Entity {

43
src/models/_entities/customer_profiles.rs Normal file
View File

@@ -0,0 +1,43 @@
//! `SeaORM` Entity, @generated by sea-orm-codegen 1.1.19
use sea_orm::entity::prelude::*;
use serde::{Deserialize, Serialize};
#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
#[sea_orm(table_name = "customer_profiles")]
pub struct Model {
pub created_at: DateTimeWithTimeZone,
pub updated_at: DateTimeWithTimeZone,
#[sea_orm(primary_key)]
pub id: i32,
pub phone_prefix: Option<String>,
pub phone: Option<String>,
pub address: Option<String>,
pub city: Option<String>,
pub zip: Option<String>,
pub country: Option<String>,
#[sea_orm(unique)]
pub user_id: i32,
pub company_name: Option<String>,
pub company_id: Option<String>,
pub tax_id: Option<String>,
pub vat_id: Option<String>,
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {
#[sea_orm(
belongs_to = "super::users::Entity",
from = "Column::UserId",
to = "super::users::Column::Id",
on_update = "Cascade",
on_delete = "Cascade"
)]
Users,
}
impl Related<super::users::Entity> for Entity {
fn to() -> RelationDef {
Relation::Users.def()
}
}

47
src/models/_entities/discount_profile_products.rs Normal file
View File

@@ -0,0 +1,47 @@
//! `SeaORM` Entity, @generated by sea-orm-codegen 1.1.19
use sea_orm::entity::prelude::*;
use serde::{Deserialize, Serialize};
#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
#[sea_orm(table_name = "discount_profile_products")]
pub struct Model {
pub created_at: DateTimeWithTimeZone,
pub updated_at: DateTimeWithTimeZone,
#[sea_orm(primary_key)]
pub id: i32,
pub discount_profile_id: i32,
pub product_id: i32,
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {
#[sea_orm(
belongs_to = "super::discount_profiles::Entity",
from = "Column::DiscountProfileId",
to = "super::discount_profiles::Column::Id",
on_update = "Cascade",
on_delete = "Cascade"
)]
DiscountProfiles,
#[sea_orm(
belongs_to = "super::products::Entity",
from = "Column::ProductId",
to = "super::products::Column::Id",
on_update = "Cascade",
on_delete = "Cascade"
)]
Products,
}
impl Related<super::discount_profiles::Entity> for Entity {
fn to() -> RelationDef {
Relation::DiscountProfiles.def()
}
}
impl Related<super::products::Entity> for Entity {
fn to() -> RelationDef {
Relation::Products.def()
}
}

52
src/models/_entities/discount_profiles.rs Normal file
View File

@@ -0,0 +1,52 @@
//! `SeaORM` Entity, @generated by sea-orm-codegen 1.1.19
use sea_orm::entity::prelude::*;
use serde::{Deserialize, Serialize};
#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
#[sea_orm(table_name = "discount_profiles")]
pub struct Model {
pub created_at: DateTimeWithTimeZone,
pub updated_at: DateTimeWithTimeZone,
#[sea_orm(primary_key)]
pub id: i32,
pub name: String,
pub percent_bp: i32,
pub scope_type: String,
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {
#[sea_orm(has_many = "super::account_discount_profiles::Entity")]
AccountDiscountProfiles,
#[sea_orm(has_many = "super::account_product_resolutions::Entity")]
AccountProductResolutions,
#[sea_orm(has_many = "super::audience_discount_profiles::Entity")]
AudienceDiscountProfiles,
#[sea_orm(has_many = "super::discount_profile_products::Entity")]
DiscountProfileProducts,
}
impl Related<super::account_discount_profiles::Entity> for Entity {
fn to() -> RelationDef {
Relation::AccountDiscountProfiles.def()
}
}
impl Related<super::account_product_resolutions::Entity> for Entity {
fn to() -> RelationDef {
Relation::AccountProductResolutions.def()
}
}
impl Related<super::audience_discount_profiles::Entity> for Entity {
fn to() -> RelationDef {
Relation::AudienceDiscountProfiles.def()
}
}
impl Related<super::discount_profile_products::Entity> for Entity {
fn to() -> RelationDef {
Relation::DiscountProfileProducts.def()
}
}

11
src/models/_entities/mod.rs
View File

@@ -1,14 +1,23 @@
//! `SeaORM` Entity, @generated by sea-orm-codegen 1.1.20
//! `SeaORM` Entity, @generated by sea-orm-codegen 1.1.19
pub mod prelude;
pub mod account_discount_profiles;
pub mod account_product_prices;
pub mod account_product_resolutions;
pub mod audience_discount_profiles;
pub mod audit_logs;
pub mod categories;
pub mod customer_profiles;
pub mod discount_profile_products;
pub mod discount_profiles;
pub mod o_auth2_sessions;
pub mod order_items;
pub mod orders;
pub mod product_images;
pub mod product_product_tags;
pub mod product_tags;
pub mod product_variants;
pub mod products;
pub mod shipping_methods;
pub mod users;

35
src/models/_entities/o_auth2_sessions.rs Normal file
View File

@@ -0,0 +1,35 @@
//! `SeaORM` Entity, @generated by sea-orm-codegen 1.1.19
use sea_orm::entity::prelude::*;
use serde::{Deserialize, Serialize};
#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq, Serialize, Deserialize)]
#[sea_orm(table_name = "o_auth2_sessions")]
pub struct Model {
pub created_at: DateTimeWithTimeZone,
pub updated_at: DateTimeWithTimeZone,
#[sea_orm(primary_key)]
pub id: i32,
#[sea_orm(unique)]
pub session_id: String,
pub expires_at: DateTimeWithTimeZone,
pub user_id: i32,
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {
#[sea_orm(
belongs_to = "super::users::Entity",
from = "Column::UserId",
to = "super::users::Column::Id",
on_update = "Cascade",
on_delete = "Cascade"
)]
Users,
}
impl Related<super::users::Entity> for Entity {
fn to() -> RelationDef {
Relation::Users.def()
}
}

18
src/models/_entities/order_items.rs
View File

@@ -1,4 +1,4 @@
//! `SeaORM` Entity, @generated by sea-orm-codegen 1.1.20
//! `SeaORM` Entity, @generated by sea-orm-codegen 1.1.19
use sea_orm::entity::prelude::*;
use serde::{Deserialize, Serialize};
@@ -15,6 +15,8 @@ pub struct Model {
pub quantity: i32,
pub order_id: i32,
pub product_id: Option<i32>,
pub variant_label: String,
pub variant_id: Option<i32>,
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
@@ -27,6 +29,14 @@ pub enum Relation {
on_delete = "Cascade"
)]
Orders,
#[sea_orm(
belongs_to = "super::product_variants::Entity",
from = "Column::VariantId",
to = "super::product_variants::Column::Id",
on_update = "NoAction",
on_delete = "SetNull"
)]
ProductVariants,
#[sea_orm(
belongs_to = "super::products::Entity",
from = "Column::ProductId",
@@ -43,6 +53,12 @@ impl Related<super::orders::Entity> for Entity {
}
}
impl Related<super::product_variants::Entity> for Entity {
fn to() -> RelationDef {
Relation::ProductVariants.def()
}
}
impl Related<super::products::Entity> for Entity {
fn to() -> RelationDef {
Relation::Products.def()

10
src/models/_entities/orders.rs
View File

@@ -1,4 +1,4 @@
//! `SeaORM` Entity, @generated by sea-orm-codegen 1.1.20
//! `SeaORM` Entity, @generated by sea-orm-codegen 1.1.19
use sea_orm::entity::prelude::*;
use serde::{Deserialize, Serialize};
@@ -13,7 +13,6 @@ pub struct Model {
#[sea_orm(unique)]
pub order_number: String,
pub email: String,
pub phone: Option<String>,
pub customer_name: Option<String>,
pub status: String,
pub total_cents: i64,
@@ -33,6 +32,13 @@ pub struct Model {
pub tracking_number: Option<String>,
pub shipment_id: Option<String>,
pub label_url: Option<String>,
pub phone: Option<String>,
pub account_type: String,
pub company_name: Option<String>,
pub company_id: Option<String>,
pub tax_id: Option<String>,
pub vat_id: Option<String>,
pub user_id: Option<i32>,
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]

Some files were not shown because too many files have changed in this diff Show More