from flask import Flask, request, redirect, session, Response, jsonify
import json, os, random, time, uuid
from datetime import datetime
from functools import wraps

app = Flask(__name__)
app.secret_key = "bank_secret_key_2025"
app.config['SESSION_PERMANENT'] = True
app.config['PERMANENT_SESSION_LIFETIME'] = 3600

USERS_FILE = "users.json"
HISTORY_FILE = "history.json"
CARDS_FILE = "cards.json"
SHOP_FILE = "shop.json"
PAYMENTS_FILE = "payments.json"  # Новый файл для платежей

# ---------- ИНИЦИАЛИЗАЦИЯ ФАЙЛОВ ----------
def init_files():
    """Инициализация файлов (без удаления существующих)"""
    # Создаем файлы если они не существуют
    files_to_init = [
        (USERS_FILE, {
            "admin": {
                "password": "admin123",
                "balance": 100000,
                "deposit": 0,
                "credit": 0,
                "role": "admin",
                "full_name": "Администратор Системы",
                "email": "admin@bank.com",
                "api_key": None
            }
        }),
        (HISTORY_FILE, []),
        (CARDS_FILE, {}),
        (SHOP_FILE, {"items": [], "ads": []}),
        (PAYMENTS_FILE, [])  # Инициализация файла платежей
    ]
    
    for filename, default_data in files_to_init:
        if not os.path.exists(filename):
            with open(filename, "w", encoding='utf-8') as f:
                json.dump(default_data, f, indent=4, ensure_ascii=False)

# Инициализируем файлы при запуске
init_files()

# ---------- ФУНКЦИИ ДЛЯ РАБОТЫ С ДАННЫМИ ----------
def load_users():
    try:
        with open(USERS_FILE, 'r', encoding='utf-8') as f:
            data = json.load(f)
            # Убеждаемся, что данные в правильном формате
            if not isinstance(data, dict):
                print("Warning: users.json is not a dictionary, resetting to default")
                data = {
                    "admin": {
                        "password": "admin123",
                        "balance": 100000,
                        "deposit": 0,
                        "credit": 0,
                        "role": "admin",
                        "full_name": "Администратор Системы",
                        "email": "admin@bank.com",
                        "api_key": None
                    }
                }
                save_users(data)
                return data
            # Проверяем, что все значения являются словарями
            cleaned_data = {}
            for username, user_data in data.items():
                if isinstance(user_data, dict):
                    cleaned_data[username] = user_data
                else:
                    print(f"Warning: User {username} data is not a dict, resetting")
                    cleaned_data[username] = {
                        "password": "reset123",
                        "balance": 1000,
                        "deposit": 0,
                        "credit": 0,
                        "role": "client",
                        "full_name": "Пользователь",
                        "email": "user@example.com",
                        "api_key": None
                    }
            if cleaned_data != data:
                save_users(cleaned_data)
            return cleaned_data
    except Exception as e:
        print(f"Error loading users: {e}")
        data = {
            "admin": {
                "password": "admin123",
                "balance": 100000,
                "deposit": 0,
                "credit": 0,
                "role": "admin",
                "full_name": "Администратор Системы",
                "email": "admin@bank.com",
                "api_key": None
            }
        }
        save_users(data)
        return data

def save_users(data):
    with open(USERS_FILE, "w", encoding='utf-8') as f:
        json.dump(data, f, indent=4, ensure_ascii=False)

def load_history():
    try:
        with open(HISTORY_FILE, 'r', encoding='utf-8') as f:
            return json.load(f)
    except:
        return []

def save_history(data):
    with open(HISTORY_FILE, "w", encoding='utf-8') as f:
        json.dump(data, f, indent=4, ensure_ascii=False)

def load_cards():
    try:
        with open(CARDS_FILE, 'r', encoding='utf-8') as f:
            return json.load(f)
    except:
        return {}

def save_cards(data):
    with open(CARDS_FILE, "w", encoding='utf-8') as f:
        json.dump(data, f, indent=4, ensure_ascii=False)

# ---------- ФУНКЦИИ ДЛЯ ПЛАТЕЖЕЙ ----------
def load_payments():
    """Загрузка платежей"""
    try:
        with open(PAYMENTS_FILE, 'r', encoding='utf-8') as f:
            return json.load(f)
    except:
        return []

def save_payments(data):
    """Сохранение платежей"""
    with open(PAYMENTS_FILE, "w", encoding='utf-8') as f:
        json.dump(data, f, indent=4, ensure_ascii=False)

def create_payment(payer, receiver, amount, description="", external_id=""):
    """Создание платежа"""
    payments = load_payments()
    
    payment_id = str(uuid.uuid4())[:12]
    payment_data = {
        "id": payment_id,
        "payer": payer,
        "receiver": receiver,
        "amount": int(amount),
        "description": description,
        "external_id": external_id,
        "created": int(time.time()),
        "status": "pending",  # pending, completed, failed, cancelled
        "completed_at": None
    }
    
    payments.append(payment_data)
    save_payments(payments)
    
    return payment_id, payment_data

def process_payment(payment_id, payer_username=None):
    """Обработка платежа"""
    payments = load_payments()
    users = load_users()
    
    payment = None
    for p in payments:
        if p["id"] == payment_id:
            payment = p
            break
    
    if not payment:
        return False, "Платеж не найден"
    
    if payment["status"] != "pending":
        return False, f"Платеж уже обработан (статус: {payment['status']})"
    
    # Если передан payer_username, проверяем что это тот же плательщик
    if payer_username and payment["payer"] != payer_username:
        return False, "Неверный плательщик"
    
    payer = payment["payer"]
    receiver = payment["receiver"]
    amount = payment["amount"]
    
    # Проверяем существование пользователей
    if payer not in users:
        return False, "Плательщик не найден"
    
    if receiver not in users:
        return False, "Получатель не найден"
    
    # Проверяем баланс плательщика
    if users[payer]["balance"] < amount:
        return False, "Недостаточно средств"
    
    # Выполняем перевод
    users[payer]["balance"] -= amount
    users[receiver]["balance"] += amount
    save_users(users)
    
    # Обновляем статус платежа
    for p in payments:
        if p["id"] == payment_id:
            p["status"] = "completed"
            p["completed_at"] = int(time.time())
            break
    
    save_payments(payments)
    
    # Добавляем в историю
    add_history(payer, "payment_sent", amount, f"Платеж #{payment_id} для {receiver}")
    add_history(receiver, "payment_received", amount, f"Платеж #{payment_id} от {payer}")
    
    return True, "Платеж успешно выполнен"

def cancel_payment(payment_id):
    """Отмена платежа"""
    payments = load_payments()
    
    for payment in payments:
        if payment["id"] == payment_id and payment["status"] == "pending":
            payment["status"] = "cancelled"
            save_payments(payments)
            return True, "Платеж отменен"
    
    return False, "Платеж не найден или уже обработан"

# ---------- ФУНКЦИИ ДЛЯ МАГАЗИНА ----------
def load_shop():
    """Загрузка данных магазина"""
    try:
        with open(SHOP_FILE, 'r', encoding='utf-8') as f:
            data = json.load(f)
            # Обеспечиваем наличие всех ключей
            if "items" not in data:
                data["items"] = []
            if "ads" not in data:
                data["ads"] = []
            return data
    except:
        return {"items": [], "ads": []}

def save_shop(data):
    """Сохранение данных магазина"""
    with open(SHOP_FILE, "w", encoding='utf-8') as f:
        json.dump(data, f, indent=4, ensure_ascii=False)

def create_shop_item(seller_username, title, description, price, category="other"):
    """Создание товара в магазине"""
    shop_data = load_shop()
    
    item_id = str(uuid.uuid4())[:8]
    new_item = {
        "id": item_id,
        "seller": seller_username,
        "title": title,
        "description": description,
        "price": int(price),
        "category": category,
        "created": int(time.time()),
        "status": "available",
        "buyer": None
    }
    
    shop_data["items"].append(new_item)
    save_shop(shop_data)
    
    # Добавляем в историю
    add_history(seller_username, "create_shop_item", 0, f"Товар: {title}")
    
    return item_id

def create_advertisement(author, title, content, contact_info):
    """Создание объявления"""
    shop_data = load_shop()
    
    ad_id = str(uuid.uuid4())[:8]
    new_ad = {
        "id": ad_id,
        "author": author,
        "title": title,
        "content": content,
        "contact_info": contact_info,
        "created": int(time.time()),
        "status": "active"
    }
    
    shop_data["ads"].append(new_ad)
    save_shop(shop_data)
    
    # Добавляем в историю
    add_history(author, "create_advertisement", 0, f"Объявление: {title}")
    
    return ad_id

def buy_item(item_id, buyer_username):
    """Покупка товара"""
    shop_data = load_shop()
    users = load_users()
    
    # Находим товар
    item_to_buy = None
    for item in shop_data["items"]:
        if item["id"] == item_id and item["status"] == "available":
            item_to_buy = item
            break
    
    if not item_to_buy:
        return False, "Товар не найден или уже продан"
    
    seller = item_to_buy["seller"]
    price = item_to_buy["price"]
    
    # Проверяем, есть ли у покупателя достаточно средств
    if buyer_username not in users:
        return False, "Покупатель не найден"
    
    if users[buyer_username]["balance"] < price:
        return False, "Недостаточно средств"
    
    # Проверяем, что покупатель не покупает у себя
    if buyer_username == seller:
        return False, "Нельзя купить собственный товар"
    
    # Проверяем, существует ли продавец
    if seller not in users:
        return False, "Продавец не найден"
    
    # Выполняем транзакцию
    users[buyer_username]["balance"] -= price
    users[seller]["balance"] += price
    save_users(users)
    
    # Обновляем статус товара
    for item in shop_data["items"]:
        if item["id"] == item_id:
            item["status"] = "sold"
            item["buyer"] = buyer_username
            item["sold_date"] = int(time.time())
            break
    
    save_shop(shop_data)
    
    # Добавляем в историю
    add_history(buyer_username, "buy_item", price, f"Товар: {item_to_buy['title']} от {seller}")
    add_history(seller, "sell_item", price, f"Товар: {item_to_buy['title']} покупателю {buyer_username}")
    
    return True, "Покупка успешно завершена"

# ---------- API КЛЮЧИ ----------
def generate_api_key():
    """Генерация API ключа"""
    return f"bank_api_{uuid.uuid4().hex[:16]}"

def get_user_by_api_key(api_key):
    """Получение пользователя по API ключу - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    if not api_key:
        return None, None
    
    users = load_users()
    for username, user_data in users.items():
        # Проверяем, что user_data является словарем
        if isinstance(user_data, dict) and user_data.get('api_key') == api_key:
            return username, user_data
    return None, None

# ---------- БАНКОВСКИЕ КАРТЫ ----------
def generate_card_number(user_id, card_type="standard"):
    """Генерация номера банковской карты"""
    prefixes = {
        "standard": ["5469", "4276", "5375", "4856"],
        "gold": ["5469", "5278", "5375"],
        "platinum": ["4475", "4876", "4999"]
    }
    
    prefix = random.choice(prefixes.get(card_type, prefixes["standard"]))
    middle = ''.join([str(random.randint(0, 9)) for _ in range(8)])
    last_digits = ''.join([str(random.randint(0, 9)) for _ in range(4)])
    
    card_number = f"{prefix}{middle}{last_digits}"
    formatted = ' '.join([card_number[i:i+4] for i in range(0, len(card_number), 4)])
    
    return formatted

def generate_cvv():
    """Генерация CVV кода"""
    return str(random.randint(100, 999))

def generate_expiry_date():
    """Генерация срока действия карты"""
    from datetime import datetime, timedelta
    expiry = datetime.now() + timedelta(days=365*3)
    return expiry.strftime("%m/%y")

def get_user_cards(user_id):
    """Получение всех карт пользователя"""
    cards = load_cards()
    return cards.get(user_id, [])

def create_user_card(user_id, user_data, card_type="standard"):
    """Создание новой карты для пользователя"""
    cards = load_cards()
    
    if user_id not in cards:
        cards[user_id] = []
    
    # Проверяем, не слишком ли много карт у пользователя
    if len(cards[user_id]) >= 5:
        return None
    
    card_id = str(uuid.uuid4())[:8]
    
    new_card = {
        "id": card_id,
        "number": generate_card_number(user_id, card_type),
        "holder": user_data.get('full_name', user_id.upper()),
        "type": card_type,
        "cvv": generate_cvv(),
        "expiry": generate_expiry_date(),
        "balance": user_data.get('balance', 0),
        "currency": "USD",
        "created": int(time.time()),
        "active": True,
        "limit": 10000 if card_type == "standard" else 50000 if card_type == "gold" else 100000,
        "color": {
            "standard": "#4361ee",
            "gold": "#ffd166",
            "platinum": "#e5e5e5"
        }.get(card_type, "#4361ee")
    }
    
    cards[user_id].append(new_card)
    save_cards(cards)
    
    # Добавляем в историю
    add_history(user_id, f"create_{card_type}_card", 0, f"Card {new_card['number'][-4:]}")
    
    return new_card

# ---------- БАНКОВСКИЕ ОПЕРАЦИИ ----------
def daily_update():
    """Ежедневное обновление депозитов и кредитов"""
    users = load_users()
    updated = False
    for user_id, u in users.items():
        if isinstance(u, dict):  # Проверяем, что это словарь
            if u.get('deposit', 0) > 0:
                u['deposit'] = int(u['deposit'] * 1.01)
                updated = True
            if u.get('credit', 0) > 0:
                u['credit'] = int(u['credit'] * 1.05)
                updated = True
    if updated:
        save_users(users)

def add_history(user, action, amount, target=None):
    """Добавление записи в историю"""
    hist = load_history()
    hist.append({
        "time": int(time.time()),
        "user": user,
        "action": action,
        "amount": amount,
        "target": target,
        "id": str(uuid.uuid4())[:8]
    })
    save_history(hist)

# ---------- ДЕКОРАТОРЫ ----------
def login_required(f):
    """Декоратор для проверки авторизации"""
    @wraps(f)
    def decorated_function(*args, **kwargs):
        if 'user' not in session:
            return redirect('/')
        return f(*args, **kwargs)
    return decorated_function

def admin_required(f):
    """Декоратор для проверки прав администратора"""
    @wraps(f)
    def decorated_function(*args, **kwargs):
        if 'user' not in session:
            return redirect('/')
        
        users = load_users()
        user_data = users.get(session['user'])
        
        if not user_data or not isinstance(user_data, dict) or user_data.get('role') != 'admin':
            return redirect('/dashboard')
        
        return f(*args, **kwargs)
    return decorated_function

# ИСПРАВЛЕННЫЙ ДЕКОРАТОР API
def api_key_required(f):
    """Декоратор для проверки API ключа - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    @wraps(f)
    def decorated_function(*args, **kwargs):
        api_key = None
        
        # 1. Проверяем заголовок X-API-Key
        if 'X-API-Key' in request.headers:
            api_key = request.headers.get('X-API-Key')
        
        # 2. Проверяем параметр запроса api_key
        if not api_key and request.args.get('api_key'):
            api_key = request.args.get('api_key')
        
        # 3. Проверяем JSON тело
        if not api_key and request.is_json:
            try:
                data = request.get_json()
                if data and 'api_key' in data:
                    api_key = data.get('api_key')
            except:
                pass
        
        # 4. Проверяем форму
        if not api_key and request.form.get('api_key'):
            api_key = request.form.get('api_key')
        
        if not api_key:
            return jsonify({'success': False, 'error': 'API key required'}), 401
        
        # Получаем пользователя по API ключу
        username, user_data = get_user_by_api_key(api_key)
        if not username:
            return jsonify({'success': False, 'error': 'Invalid API key'}), 401
        
        # Сохраняем данные пользователя в объекте request
        request.username = username
        request.user_data = user_data
        
        return f(*args, **kwargs)
    return decorated_function

# ---------- HTML ШАБЛОНЫ ----------
def render_login():
    return '''
<!DOCTYPE html>
<html lang="ru">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Банк | Вход в систему</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
    <style>
        :root {
            --primary: #4361ee;
            --secondary: #3a0ca3;
            --gradient: linear-gradient(135deg, #4361ee 0%, #3a0ca3 100%);
        }
        body {
            background: var(--gradient);
            min-height: 100vh;
            display: flex;
            align-items: center;
            font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
        }
        .login-card {
            background: white;
            border-radius: 20px;
            box-shadow: 0 20px 40px rgba(0,0,0,0.1);
            overflow: hidden;
        }
        .login-header {
            background: var(--gradient);
            color: white;
            padding: 30px;
            text-align: center;
        }
        .login-body {
            padding: 40px;
        }
        .form-control {
            border: 2px solid #e9ecef;
            border-radius: 10px;
            padding: 12px 15px;
            transition: all 0.3s;
        }
        .form-control:focus {
            border-color: var(--primary);
            box-shadow: 0 0 0 0.25rem rgba(67, 97, 238, 0.25);
        }
        .btn-primary {
            background: var(--gradient);
            border: none;
            border-radius: 10px;
            padding: 12px;
            font-weight: 600;
            transition: all 0.3s;
        }
        .btn-primary:hover {
            transform: translateY(-2px);
            box-shadow: 0 10px 20px rgba(67, 97, 238, 0.3);
        }
        .alert {
            border-radius: 10px;
        }
    </style>
</head>
<body>
    <div class="container">
        <div class="row justify-content-center">
            <div class="col-md-5">
                <div class="login-card">
                    <div class="login-header">
                        <i class="fas fa-university fa-3x mb-3"></i>
                        <h2>Добро пожаловать в Банк</h2>
                        <p class="mb-0">Вход в систему</p>
                    </div>
                    <div class="login-body">
                        <form method="post">
                            <div class="mb-3">
                                <label class="form-label">Логин</label>
                                <div class="input-group">
                                    <span class="input-group-text"><i class="fas fa-user"></i></span>
                                    <input type="text" name="username" class="form-control" placeholder="Введите логин" required>
                                </div>
                            </div>
                            <div class="mb-4">
                                <label class="form-label">Пароль</label>
                                <div class="input-group">
                                    <span class="input-group-text"><i class="fas fa-lock"></i></span>
                                    <input type="password" name="password" class="form-control" placeholder="Введите пароль" required>
                                </div>
                            </div>
                            <button type="submit" class="btn btn-primary w-100 mb-3">
                                <i class="fas fa-sign-in-alt me-2"></i>Войти
                            </button>
                            <div class="text-center">
                                <p class="mb-0">Нет аккаунта? <a href="/register" class="text-decoration-none">Зарегистрироваться</a></p>
                            </div>
                        </form>
                    </div>
                </div>
            </div>
        </div>
    </div>
    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>
'''

def render_register():
    return '''
<!DOCTYPE html>
<html lang="ru">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Банк | Регистрация</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
    <style>
        :root {
            --primary: #4361ee;
            --secondary: #3a0ca3;
            --gradient: linear-gradient(135deg, #4361ee 0%, #3a0ca3 100%);
        }
        body {
            background: var(--gradient);
            min-height: 100vh;
            display: flex;
            align-items: center;
            font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
        }
        .register-card {
            background: white;
            border-radius: 20px;
            box-shadow: 0 20px 40px rgba(0,0,0,0.1);
            overflow: hidden;
        }
        .register-header {
            background: var(--gradient);
            color: white;
            padding: 30px;
            text-align: center;
        }
        .register-body {
            padding: 40px;
        }
        .form-control {
            border: 2px solid #e9ecef;
            border-radius: 10px;
            padding: 12px 15px;
            transition: all 0.3s;
        }
        .form-control:focus {
            border-color: var(--primary);
            box-shadow: 0 0 0 0.25rem rgba(67, 97, 238, 0.25);
        }
        .btn-primary {
            background: var(--gradient);
            border: none;
            border-radius: 10px;
            padding: 12px;
            font-weight: 600;
            transition: all 0.3s;
        }
        .btn-primary:hover {
            transform: translateY(-2px);
            box-shadow: 0 10px 20px rgba(67, 97, 238, 0.3);
        }
    </style>
</head>
<body>
    <div class="container">
        <div class="row justify-content-center">
            <div class="col-md-6">
                <div class="register-card">
                    <div class="register-header">
                        <i class="fas fa-user-plus fa-3x mb-3"></i>
                        <h2>Регистрация аккаунта</h2>
                        <p class="mb-0">Создайте свой банковский аккаунт</p>
                    </div>
                    <div class="register-body">
                        <form method="post">
                            <div class="row">
                                <div class="col-md-6 mb-3">
                                    <label class="form-label">Логин</label>
                                    <input type="text" name="username" class="form-control" placeholder="Придумайте логин" required>
                                </div>
                                <div class="col-md-6 mb-3">
                                    <label class="form-label">Пароль</label>
                                    <input type="password" name="password" class="form-control" placeholder="Придумайте пароль" required>
                                </div>
                            </div>
                            <div class="row">
                                <div class="col-md-6 mb-3">
                                    <label class="form-label">Имя</label>
                                    <input type="text" name="first_name" class="form-control" placeholder="Ваше имя" required>
                                </div>
                                <div class="col-md-6 mb-3">
                                    <label class="form-label">Фамилия</label>
                                    <input type="text" name="last_name" class="form-control" placeholder="Ваша фамилия" required>
                                </div>
                            </div>
                            <div class="mb-4">
                                <label class="form-label">Email</label>
                                <input type="email" name="email" class="form-control" placeholder="email@example.com" required>
                            </div>
                            <button type="submit" class="btn btn-primary w-100 mb-3">
                                <i class="fas fa-user-plus me-2"></i>Создать аккаунт
                            </button>
                            <div class="text-center">
                                <p class="mb-0">Уже есть аккаунт? <a href="/" class="text-decoration-none">Войти</a></p>
                            </div>
                        </form>
                    </div>
                </div>
            </div>
        </div>
    </div>
    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>
'''

def render_card_html(card, width="400px"):
    """Генерация HTML для банковской карты"""
    colors = {
        "standard": "#4361ee",
        "gold": "#ffd166", 
        "platinum": "#e5e5e5"
    }
    
    bg_color = card.get('color', colors.get(card['type'], "#4361ee"))
    text_color = "#ffffff" if card['type'] == 'standard' else "#000000"
    
    return f'''
<div class="bank-card" style="width: {width}; background: linear-gradient(135deg, {bg_color} 0%, {bg_color}dd 100%); color: {text_color};">
    <div class="bank-logo">
        <span>BANK CARD</span>
        <div class="chip"></div>
    </div>
    <div class="card-number">
        {card['number']}
    </div>
    <div class="card-holder">
        {card['holder']}
    </div>
</div>
'''

def render_dashboard(user_data, history_data, user_cards, shop_data=None):
    """Генерация HTML личного кабинета"""
    # Форматирование времени истории
    for h in history_data:
        h['formatted_time'] = datetime.fromtimestamp(h['time']).strftime('%d.%m.%Y %H:%M')
    
    # HTML для истории
    history_html = ""
    for h in history_data[-10:][::-1]:
        icon = "fa-history"
        color = "text-primary"
        if "deposit" in h['action']:
            icon = "fa-piggy-bank"
            color = "text-info"
        elif "credit" in h['action']:
            icon = "fa-credit-card"
            color = "text-warning"
        elif "transfer" in h['action']:
            icon = "fa-exchange-alt"
            color = "text-primary"
        elif "card" in h['action']:
            icon = "fa-credit-card"
            color = "text-success"
        elif "api" in h['action']:
            icon = "fa-key"
            color = "text-secondary"
        elif "shop" in h['action'] or "item" in h['action'] or "advertisement" in h['action']:
            icon = "fa-shopping-cart"
            color = "text-success"
        elif "payment" in h['action']:
            icon = "fa-credit-card"
            color = "text-success"
        
        history_html += f'''
        <tr>
            <td><i class="fas {icon} {color} me-2"></i>{h['formatted_time']}</td>
            <td><span class="badge bg-light text-dark">{h['user']}</span></td>
            <td>{h['action']}</td>
            <td class="fw-bold">{h['amount']:,} $</td>
            <td>{h.get('target', '-')}</td>
        </tr>
        '''
    
    # HTML для банковских карт
    cards_html = ""
    if user_cards:
        for card in user_cards:
            width = "350px" if len(card['number']) < 24 else "400px" if len(card['number']) < 28 else "450px"
            cards_html += f'''
            <div class="col-md-6 col-lg-4">
                <div class="card h-100">
                    <div class="card-body">
                        <h5 class="card-title">
                            <i class="fas fa-credit-card me-2"></i>
                            Карта {card['type'].upper()}
                        </h5>
                        {render_card_html(card, width)}
                        <div class="mt-3">
                            <p class="mb-1"><small>CVV: <strong>{card['cvv']}</strong></small></p>
                            <p class="mb-1"><small>Срок: <strong>{card['expiry']}</strong></small></p>
                            <p class="mb-0"><small>Баланс: <strong>${card['balance']:,}</strong></small></p>
                            <p class="mb-0"><small>Лимит: <strong>${card['limit']:,}</strong></small></p>
                            <form action="/delete_card/{card['id']}" method="post" class="mt-2">
                                <button type="submit" class="btn btn-danger btn-sm w-100">
                                    <i class="fas fa-trash me-1"></i> Удалить
                                </button>
                            </form>
                        </div>
                    </div>
                </div>
            </div>
            '''
    else:
        cards_html = '''
        <div class="col-12">
            <div class="alert alert-info">
                <i class="fas fa-info-circle me-2"></i>
                У вас еще нет банковских карт. Создайте свою первую карту!
            </div>
        </div>
        '''
    
    # HTML для API ключа
    api_key_html = ""
    if user_data.get('api_key'):
        api_key_html = f'''
        <div class="alert alert-success">
            <h6><i class="fas fa-key me-2"></i>Ваш API ключ</h6>
            <div class="input-group">
                <input type="text" id="apiKey" class="form-control" value="{user_data['api_key']}" readonly>
                <button class="btn btn-outline-secondary" type="button" onclick="copyApiKey()">
                    <i class="fas fa-copy"></i>
                </button>
            </div>
            <small class="text-muted">Используйте этот ключ для доступа к API</small>
        </div>
        '''
    else:
        api_key_html = '''
        <div class="alert alert-warning">
            <h6><i class="fas fa-key me-2"></i>API ключ не создан</h6>
            <form action="/generate_api_key" method="post">
                <button type="submit" class="btn btn-primary btn-sm">
                    <i class="fas fa-plus me-1"></i>Создать API ключ
                </button>
            </form>
        </div>
        '''
    
    # HTML для магазина
    shop_tab_content = ""
    if shop_data:
        # Товары
        shop_items_html = ""
        available_items = [item for item in shop_data["items"] if item["status"] == "available"]
        
        if available_items:
            for item in available_items[-10:][::-1]:  # Последние 10 товаров
                created_date = datetime.fromtimestamp(item["created"]).strftime('%d.%m.%Y')
                shop_items_html += f'''
                <div class="col-md-6 col-lg-4">
                    <div class="card h-100 shop-item-card">
                        <div class="card-body">
                            <h5 class="card-title">{item["title"]}</h5>
                            <p class="card-text">{item["description"]}</p>
                            <p class="card-text">
                                <small class="text-muted">Продавец: {item["seller"]}</small><br>
                                <small class="text-muted">Категория: {item["category"]}</small><br>
                                <small class="text-muted">Дата: {created_date}</small>
                            </p>
                            <div class="d-flex justify-content-between align-items-center">
                                <span class="h4 text-success">${item["price"]:,}</span>
                                <form action="/buy_item/{item['id']}" method="post">
                                    <button type="submit" class="btn btn-primary">
                                        <i class="fas fa-shopping-cart me-1"></i> Купить
                                    </button>
                                </form>
                            </div>
                        </div>
                    </div>
                </div>
                '''
        else:
            shop_items_html = '''
            <div class="col-12">
                <div class="alert alert-info">
                    <i class="fas fa-info-circle me-2"></i>
                    В магазине пока нет товаров. Будьте первым, кто добавит товар!
                </div>
            </div>
            '''
        
        # Объявления
        ads_html = ""
        active_ads = [ad for ad in shop_data["ads"] if ad["status"] == "active"]
        
        if active_ads:
            for ad in active_ads[-10:][::-1]:  # Последние 10 объявлений
                created_date = datetime.fromtimestamp(ad["created"]).strftime('%d.%m.%Y')
                ads_html += f'''
                <div class="col-md-6">
                    <div class="card h-100">
                        <div class="card-body">
                            <h5 class="card-title">{ad["title"]}</h5>
                            <p class="card-text">{ad["content"]}</p>
                            <p class="card-text">
                                <small class="text-muted">Автор: {ad["author"]}</small><br>
                                <small class="text-muted">Контакты: {ad["contact_info"]}</small><br>
                                <small class="text-muted">Дата: {created_date}</small>
                            </p>
                        </div>
                    </div>
                </div>
                '''
        
        shop_tab_content = f'''
        <div class="tab-pane fade" id="shop">
            <div class="row mb-4">
                <div class="col-12">
                    <div class="d-flex justify-content-between mb-3">
                        <h4><i class="fas fa-store me-2"></i>Магазин</h4>
                        <div>
                            <button class="btn btn-success me-2" data-bs-toggle="modal" data-bs-target="#addItemModal">
                                <i class="fas fa-plus me-1"></i>Добавить товар
                            </button>
                            <button class="btn btn-info" data-bs-toggle="modal" data-bs-target="#addAdModal">
                                <i class="fas fa-bullhorn me-1"></i>Добавить объявление
                            </button>
                        </div>
                    </div>
                </div>
            </div>
            
            <h5><i class="fas fa-shopping-bag me-2"></i>Товары в магазине</h5>
            <div class="row g-4 mb-4">
                {shop_items_html}
            </div>
            
            <h5><i class="fas fa-bullhorn me-2"></i>Объявления</h5>
            <div class="row g-4">
                {ads_html}
            </div>
        </div>
        '''
    
    # HTML для админ-панели
    admin_tab = ""
    if user_data.get('role') == 'admin':
        admin_tab = '''
        <li class="nav-item">
            <a class="nav-link" href="/admin">
                <i class="fas fa-cogs me-2"></i>Админ-панель
            </a>
        </li>
        '''
    
    return f'''
<!DOCTYPE html>
<html lang="ru">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Банк | Личный кабинет</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
    <style>
        :root {{
            --primary: #4361ee;
            --secondary: #3a0ca3;
            --gradient: linear-gradient(135deg, #4361ee 0%, #3a0ca3 100%);
        }}
        
        body {{
            font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
            background: #f5f7fb;
        }}
        
        .navbar-custom {{
            background: var(--gradient) !important;
            box-shadow: 0 4px 20px rgba(67, 97, 238, 0.3);
        }}
        
        .sidebar {{
            background: white;
            border-radius: 15px;
            box-shadow: 0 5px 15px rgba(0,0,0,0.05);
            padding: 20px;
            height: fit-content;
        }}
        
        .main-content {{
            background: white;
            border-radius: 15px;
            box-shadow: 0 5px 15px rgba(0,0,0,0.05);
            padding: 25px;
        }}
        
        .balance-card {{
            background: var(--gradient);
            color: white;
            border-radius: 15px;
            padding: 20px;
            margin-bottom: 20px;
        }}
        
        .stat-card {{
            background: white;
            border-radius: 15px;
            padding: 15px;
            box-shadow: 0 3px 10px rgba(0,0,0,0.05);
            border-left: 4px solid var(--primary);
            margin-bottom: 15px;
        }}
        
        .bank-card {{
            border-radius: 12px;
            padding: 20px;
            color: white;
            display: flex;
            flex-direction: column;
            justify-content: space-between;
            box-shadow: 0 10px 25px rgba(0,0,0,0.2);
            position: relative;
            overflow: hidden;
            min-height: 180px;
            margin: 10px 0;
        }}
        
        .bank-card::before {{
            content: "";
            position: absolute;
            top: 0;
            left: 0;
            right: 0;
            bottom: 0;
            background: radial-gradient(circle at top right, rgba(255,255,255,0.1) 0%, transparent 50%);
        }}
        
        .bank-logo {{
            font-size: 18px;
            font-weight: bold;
            letter-spacing: 1px;
            display: flex;
            justify-content: space-between;
            align-items: center;
            margin-bottom: 20px;
        }}
        
        .chip {{
            width: 35px;
            height: 25px;
            background: linear-gradient(135deg, #ffd166 0%, #ff9e00 100%);
            border-radius: 5px;
            position: relative;
        }}
        
        .chip::before {{
            content: "";
            position: absolute;
            top: 3px;
            left: 3px;
            right: 3px;
            bottom: 3px;
            border: 2px solid rgba(0,0,0,0.2);
            border-radius: 3px;
        }}
        
        .card-number {{
            font-size: 18px;
            letter-spacing: 2px;
            font-weight: bold;
            text-align: center;
            margin: 15px 0;
            word-break: break-all;
        }}
        
        .card-holder {{
            font-size: 14px;
            letter-spacing: 1px;
            text-transform: uppercase;
        }}
        
        .nav-tabs .nav-link {{
            border: none;
            border-radius: 10px;
            padding: 10px 15px;
            margin: 0 5px;
            color: #666;
            font-weight: 500;
        }}
        
        .nav-tabs .nav-link.active {{
            background: var(--gradient);
            color: white;
        }}
        
        .table-custom {{
            background: white;
            border-radius: 12px;
            overflow: hidden;
            box-shadow: 0 3px 10px rgba(0,0,0,0.05);
        }}
        
        .table-custom thead {{
            background: var(--gradient);
            color: white;
        }}
        
        .btn-primary {{
            background: var(--gradient);
            border: none;
            border-radius: 10px;
            padding: 8px 15px;
            font-weight: 600;
        }}
        
        .btn-primary:hover {{
            transform: translateY(-2px);
            box-shadow: 0 5px 15px rgba(67, 97, 238, 0.3);
        }}
        
        .modal-header {{
            background: var(--gradient);
            color: white;
        }}
        
        .create-card-btn {{
            background: linear-gradient(135deg, #ffd166 0%, #ff9e00 100%);
            border: none;
            color: #000;
            font-weight: 600;
        }}
        
        .create-card-btn:hover {{
            background: linear-gradient(135deg, #ffc145 0%, #e68900 100%);
            color: #000;
        }}
        
        .services-grid {{
            display: grid;
            grid-template-columns: repeat(auto-fill, minmax(250px, 1fr));
            gap: 20px;
            margin-top: 20px;
        }}
        
        .service-card {{
            background: white;
            border-radius: 12px;
            padding: 20px;
            box-shadow: 0 3px 10px rgba(0,0,0,0.05);
            border-left: 4px solid var(--primary);
            transition: all 0.3s;
        }}
        
        .service-card:hover {{
            transform: translateY(-5px);
            box-shadow: 0 10px 20px rgba(0,0,0,0.1);
        }}
        
        .api-docs {{
            background: #f8f9fa;
            border-radius: 10px;
            padding: 20px;
            margin-top: 20px;
        }}
        
        .code-block {{
            background: #1e1e1e;
            color: #d4d4d4;
            padding: 15px;
            border-radius: 5px;
            font-family: "Courier New", monospace;
            overflow-x: auto;
            margin: 10px 0;
        }}
        
        .shop-item-card {{
            transition: all 0.3s;
        }}
        
        .shop-item-card:hover {{
            transform: translateY(-5px);
            box-shadow: 0 10px 20px rgba(0,0,0,0.1);
        }}
    </style>
</head>
<body>
    <nav class="navbar navbar-expand-lg navbar-custom navbar-dark">
        <div class="container">
            <a class="navbar-brand d-flex align-items-center" href="/dashboard">
                <i class="fas fa-university fa-2x me-2"></i>
                <div>
                    <h4 class="mb-0">Банк</h4>
                    <small class="opacity-75">Финансовая система</small>
                </div>
            </a>
            <div class="d-flex align-items-center">
                <span class="badge bg-light text-dark me-3">
                    <i class="fas fa-user-circle me-1"></i>
                    {session['user']} ({user_data.get('role', 'client')})
                </span>
                <a href="/logout" class="btn btn-outline-light btn-sm">
                    <i class="fas fa-sign-out-alt me-1"></i>Выход
                </a>
            </div>
        </div>
    </nav>

    <div class="container mt-4 mb-5">
        <div class="row g-4">
            <div class="col-lg-3">
                <div class="sidebar">
                    <h5 class="mb-3"><i class="fas fa-chart-line me-2"></i>Финансы</h5>
                    
                    <div class="balance-card">
                        <h6 class="opacity-75">Текущий баланс</h6>
                        <h2 class="{'text-success' if user_data['balance'] >= 0 else 'text-danger'}">
                            ${user_data['balance']:,}
                        </h2>
                        <small>Доступные средства</small>
                    </div>
                    
                    <div class="stat-card">
                        <div class="d-flex justify-content-between">
                            <div>
                                <h6>Вклад</h6>
                                <h5 class="text-success">${user_data['deposit']:,}</h5>
                            </div>
                            <i class="fas fa-piggy-bank fa-2x text-success"></i>
                        </div>
                        <small class="text-muted">+1% ежедневно</small>
                    </div>
                    
                    <div class="stat-card">
                        <div class="d-flex justify-content-between">
                            <div>
                                <h6>Кредит</h6>
                                <h5 class="text-danger">${user_data['credit']:,}</h5>
                            </div>
                            <i class="fas fa-credit-card fa-2x text-danger"></i>
                        </div>
                        <small class="text-muted">+5% ежедневно</small>
                    </div>
                    
                    <div class="mt-3">
                        <h6><i class="fas fa-wallet me-2"></i>Операции</h6>
                        <div class="d-grid gap-2 mt-2">
                            <button class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#depositModal">
                                <i class="fas fa-plus-circle me-1"></i>Пополнить вклад
                            </button>
                            <button class="btn btn-outline-primary" data-bs-toggle="modal" data-bs-target="#creditModal">
                                <i class="fas fa-hand-holding-usd me-1"></i>Взять кредит
                            </button>
                            <button class="btn btn-outline-success" data-bs-toggle="modal" data-bs-target="#transferModal">
                                <i class="fas fa-exchange-alt me-1"></i>Перевод
                            </button>
                            <button class="btn create-card-btn" data-bs-toggle="modal" data-bs-target="#cardModal">
                                <i class="fas fa-credit-card me-1"></i>Создать карту
                            </button>
                            <a href="/payment_page" class="btn btn-warning">
                                <i class="fas fa-credit-card me-1"></i>Оплата
                            </a>
                        </div>
                    </div>
                    
                    <div class="mt-4">
                        {api_key_html}
                    </div>
                </div>
            </div>

            <div class="col-lg-9">
                <div class="main-content">
                    <ul class="nav nav-tabs mb-4">
                        <li class="nav-item">
                            <a class="nav-link active" data-bs-toggle="tab" href="#services">
                                <i class="fas fa-concierge-bell me-1"></i>Услуги
                            </a>
                        </li>
                        <li class="nav-item">
                            <a class="nav-link" data-bs-toggle="tab" href="#cards">
                                <i class="fas fa-credit-card me-1"></i>Мои карты
                            </a>
                        </li>
                        <li class="nav-item">
                            <a class="nav-link" data-bs-toggle="tab" href="#shop">
                                <i class="fas fa-store me-1"></i>Магазин
                            </a>
                        </li>
                        <li class="nav-item">
                            <a class="nav-link" data-bs-toggle="tab" href="#history">
                                <i class="fas fa-history me-1"></i>История
                            </a>
                        </li>
                        <li class="nav-item">
                            <a class="nav-link" data-bs-toggle="tab" href="#api">
                                <i class="fas fa-code me-1"></i>API
                            </a>
                        </li>
                        {admin_tab}
                    </ul>

                    <div class="tab-content">
                        <div class="tab-pane fade show active" id="services">
                            <div class="services-grid">
                                <div class="service-card">
                                    <h5><i class="fas fa-piggy-bank text-primary me-2"></i>Вклады</h5>
                                    <p class="text-muted">Откройте вклад под 1% ежедневно и получайте пассивный доход.</p>
                                </div>
                                <div class="service-card">
                                    <h5><i class="fas fa-credit-card text-success me-2"></i>Кредиты</h5>
                                    <p class="text-muted">Получите кредит на любые цели. Ставка 5% ежедневно.</p>
                                </div>
                                <div class="service-card">
                                    <h5><i class="fas fa-exchange-alt text-info me-2"></i>Переводы</h5>
                                    <p class="text-muted">Быстрые переводы между клиентами банка без комиссий.</p>
                                </div>
                                <div class="service-card">
                                    <h5><i class="fas fa-credit-card text-warning me-2"></i>Банковские карты</h5>
                                    <p class="text-muted">Выпустите банковскую карту для удобных платежей.</p>
                                </div>
                                <div class="service-card">
                                    <h5><i class="fas fa-store text-danger me-2"></i>Магазин</h5>
                                    <p class="text-muted">Покупайте и продавайте товары, размещайте объявления.</p>
                                </div>
                                <div class="service-card">
                                    <h5><i class="fas fa-credit-card text-secondary me-2"></i>Платежи</h5>
                                    <p class="text-muted">Принимайте платежи от клиентов через API или ссылки.</p>
                                </div>
                                <div class="service-card">
                                    <h5><i class="fas fa-code text-dark me-2"></i>API Доступ</h5>
                                    <p class="text-muted">Интегрируйте банковские услуги в ваши приложения через API.</p>
                                </div>
                            </div>
                        </div>
                        
                        <div class="tab-pane fade" id="cards">
                            <div class="row g-4">
                                {cards_html}
                            </div>
                        </div>
                        
                        {shop_tab_content}
                        
                        <div class="tab-pane fade" id="history">
                            <div class="table-responsive">
                                <table class="table table-custom table-hover">
                                    <thead>
                                        <tr>
                                            <th><i class="fas fa-clock"></i> Время</th>
                                            <th><i class="fas fa-user"></i> Пользователь</th>
                                            <th><i class="fas fa-tasks"></i> Операция</th>
                                            <th><i class="fas fa-dollar-sign"></i> Сумма</th>
                                            <th><i class="fas fa-user-friends"></i>Получатель</th>
                                        </tr>
                                    </thead>
                                    <tbody>
                                        {history_html}
                                    </tbody>
                                </table>
                            </div>
                        </div>
                        
                        <div class="tab-pane fade" id="api">
                            <div class="api-docs">
                                <h4><i class="fas fa-code me-2"></i>Документация API</h4>
                                <p>Используйте ваш API ключ для доступа к банковским операциям через REST API.</p>
                                
                                <h5 class="mt-4">Базовый URL</h5>
                                <div class="code-block">
                                    http://ваш-домен/api/v1/
                                </div>
                                
                                <h5 class="mt-4">Аутентификация</h5>
                                <p>Добавьте заголовок с вашим API ключом:</p>
                                <div class="code-block">
                                    X-API-Key: ваш_api_ключ
                                </div>
                                <p>Или передайте как параметр:</p>
                                <div class="code-block">
                                    ?api_key=ваш_api_ключ
                                </div>
                                
                                <h5 class="mt-4">Доступные методы</h5>
                                <div class="table-responsive">
                                    <table class="table table-bordered">
                                        <thead>
                                            <tr>
                                                <th>Метод</th>
                                                <th>Эндпоинт</th>
                                                <th>Описание</th>
                                                <th>Параметры</th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                            <tr>
                                                <td><span class="badge bg-info">GET</span></td>
                                                <td>/api/v1/balance</td>
                                                <td>Получить информацию о балансе</td>
                                                <td>-</td>
                                            </tr>
                                            <tr>
                                                <td><span class="badge bg-info">GET</span></td>
                                                <td>/api/v1/history</td>
                                                <td>Получить историю операций</td>
                                                <td>limit (опционально)</td>
                                            </tr>
                                            <tr>
                                                <td><span class="badge bg-info">GET</span></td>
                                                <td>/api/v1/cards</td>
                                                <td>Получить список карт</td>
                                                <td>-</td>
                                            </tr>
                                            <tr>
                                                <td><span class="badge bg-success">POST</span></td>
                                                <td>/api/v1/deposit</td>
                                                <td>Открыть вклад</td>
                                                <td>amount (int)</td>
                                            </tr>
                                            <tr>
                                                <td><span class="badge bg-success">POST</span></td>
                                                <td>/api/v1/credit</td>
                                                <td>Взять кредит</td>
                                                <td>amount (int)</td>
                                            </tr>
                                            <tr>
                                                <td><span class="badge bg-success">POST</span></td>
                                                <td>/api/v1/transfer</td>
                                                <td>Сделать перевод</td>
                                                <td>target (str), amount (int)</td>
                                            </tr>
                                            <tr>
                                                <td><span class="badge bg-success">POST</span></td>
                                                <td>/api/v1/cards/create</td>
                                                <td>Создать карту</td>
                                                <td>card_type (standard|gold|platinum)</td>
                                            </tr>
                                            <tr>
                                                <td><span class="badge bg-danger">POST</span></td>
                                                <td>/api/v1/cards/delete</td>
                                                <td>Удалить карту</td>
                                                <td>card_id (str)</td>
                                            </tr>
                                            <tr>
                                                <td><span class="badge bg-info">GET</span></td>
                                                <td>/api/v1/shop/items</td>
                                                <td>Получить список товаров</td>
                                                <td>-</td>
                                            </tr>
                                            <tr>
                                                <td><span class="badge bg-info">GET</span></td>
                                                <td>/api/v1/shop/ads</td>
                                                <td>Получить список объявлений</td>
                                                <td>-</td>
                                            </tr>
                                            <tr>
                                                <td><span class="badge bg-success">POST</span></td>
                                                <td>/api/v1/payment/create</td>
                                                <td>Создать платеж</td>
                                                <td>receiver, amount, description</td>
                                            </tr>
                                            <tr>
                                                <td><span class="badge bg-success">POST</span></td>
                                                <td>/api/v1/payment/process</td>
                                                <td>Выполнить платеж</td>
                                                <td>payment_id</td>
                                            </tr>
                                        </tbody>
                                    </table>
                                </div>
                                
                                <h5 class="mt-4">Примеры использования</h5>
                                <p>Python с requests:</p>
                                <div class="code-block">
import requests<br>
<br>
api_key = "ваш_api_ключ"<br>
base_url = "http://ваш-домен/api/v1"<br>
<br>
# Получить баланс<br>
headers = {{"X-API-Key": api_key}}<br>
response = requests.get(f"{{base_url}}/balance", headers=headers)<br>
print(response.json())<br>
<br>
# Сделать перевод<br>
data = {{"target": "получатель", "amount": 100}}<br>
response = requests.post(f"{{base_url}}/transfer", headers=headers, json=data)<br>
print(response.json())
                                </div>
                                
                                <p>cURL:</p>
                                <div class="code-block">
# Получить баланс<br>
curl -H "X-API-Key: ваш_api_ключ" http://ваш-домен/api/v1/balance<br>
<br>
# Сделать перевод<br>
curl -X POST -H "X-API-Key: ваш_api_ключ" \\<br>
     -H "Content-Type: application/json" \\<br>
     -d '{{"target": "получатель", "amount": 100}}' \\<br>
     http://ваш-домен/api/v1/transfer
                                </div>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </div>

    <!-- Модальные окна -->
    <div class="modal fade" id="depositModal" tabindex="-1">
        <div class="modal-dialog">
            <div class="modal-content">
                <div class="modal-header">
                    <h5 class="modal-title"><i class="fas fa-piggy-bank me-2"></i>Вклад</h5>
                    <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
                </div>
                <form action="/deposit" method="post">
                    <div class="modal-body">
                        <div class="mb-3">
                            <label class="form-label">Сумма вклада ($)</label>
                            <input type="number" name="amount" class="form-control" min="1" required>
                        </div>
                    </div>
                    <div class="modal-footer">
                        <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Отмена</button>
                        <button type="submit" class="btn btn-primary">Подтвердить</button>
                    </div>
                </form>
            </div>
        </div>
    </div>

    <div class="modal fade" id="creditModal" tabindex="-1">
        <div class="modal-dialog">
            <div class="modal-content">
                <div class="modal-header">
                    <h5 class="modal-title"><i class="fas fa-credit-card me-2"></i>Кредит</h5>
                    <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
                </div>
                <form action="/credit" method="post">
                    <div class="modal-body">
                        <div class="alert alert-warning">
                            <i class="fas fa-exclamation-triangle me-2"></i>
                            Кредит выдается под 5% ежедневно
                        </div>
                        <div class="mb-3">
                            <label class="form-label">Сумма кредита ($)</label>
                            <input type="number" name="amount" class="form-control" min="1" required>
                        </div>
                    </div>
                    <div class="modal-footer">
                        <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Отмена</button>
                        <button type="submit" class="btn btn-primary">Взять кредит</button>
                    </div>
                </form>
            </div>
        </div>
    </div>

    <div class="modal fade" id="transferModal" tabindex="-1">
        <div class="modal-dialog">
            <div class="modal-content">
                <div class="modal-header">
                    <h5 class="modal-title"><i class="fas fa-exchange-alt me-2"></i>Перевод</h5>
                    <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
                </div>
                <form action="/transfer" method="post">
                    <div class="modal-body">
                        <div class="mb-3">
                            <label class="form-label">Получатель</label>
                            <input type="text" name="target" class="form-control" required>
                        </div>
                        <div class="mb-3">
                            <label class="form-label">Сумма ($)</label>
                            <input type="number" name="amount" class="form-control" min="1" required>
                        </div>
                    </div>
                    <div class="modal-footer">
                        <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Отмена</button>
                        <button type="submit" class="btn btn-primary">Отправить</button>
                    </div>
                </form>
            </div>
        </div>
    </div>

    <div class="modal fade" id="cardModal" tabindex="-1">
        <div class="modal-dialog">
            <div class="modal-content">
                <div class="modal-header">
                    <h5 class="modal-title"><i class="fas fa-credit-card me-2"></i>Создание карты</h5>
                    <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
                </div>
                <form action="/create_card" method="post">
                    <div class="modal-body">
                        <div class="mb-3">
                            <label class="form-label">Тип карты</label>
                            <select name="card_type" class="form-select">
                                <option value="standard">Стандартная (бесплатно)</option>
                                <option value="gold">Золотая ($50)</option>
                                <option value="platinum">Платиновая ($100)</option>
                            </select>
                        </div>
                    </div>
                    <div class="modal-footer">
                        <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Отмена</button>
                        <button type="submit" class="btn btn-primary">Создать карту</button>
                    </div>
                </form>
            </div>
        </div>
    </div>

    <!-- Модальные окна для магазина -->
    <div class="modal fade" id="addItemModal" tabindex="-1">
        <div class="modal-dialog">
            <div class="modal-content">
                <div class="modal-header">
                    <h5 class="modal-title"><i class="fas fa-plus me-2"></i>Добавить товар</h5>
                    <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
                </div>
                <form action="/create_shop_item" method="post">
                    <div class="modal-body">
                        <div class="mb-3">
                            <label class="form-label">Название товара</label>
                            <input type="text" name="title" class="form-control" required>
                        </div>
                        <div class="mb-3">
                            <label class="form-label">Описание</label>
                            <textarea name="description" class="form-control" rows="3" required></textarea>
                        </div>
                        <div class="mb-3">
                            <label class="form-label">Цена ($)</label>
                            <input type="number" name="price" class="form-control" min="1" required>
                        </div>
                        <div class="mb-3">
                            <label class="form-label">Категория</label>
                            <select name="category" class="form-select">
                                <option value="electronics">Электроника</option>
                                <option value="clothing">Одежда</option>
                                <option value="books">Книги</option>
                                <option value="other">Другое</option>
                            </select>
                        </div>
                    </div>
                    <div class="modal-footer">
                        <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Отмена</button>
                        <button type="submit" class="btn btn-primary">Добавить товар</button>
                    </div>
                </form>
            </div>
        </div>
    </div>

    <div class="modal fade" id="addAdModal" tabindex="-1">
        <div class="modal-dialog">
            <div class="modal-content">
                <div class="modal-header">
                    <h5 class="modal-title"><i class="fas fa-bullhorn me-2"></i>Добавить объявление</h5>
                    <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
                </div>
                <form action="/create_advertisement" method="post">
                    <div class="modal-body">
                        <div class="mb-3">
                            <label class="form-label">Заголовок</label>
                            <input type="text" name="title" class="form-control" required>
                        </div>
                        <div class="mb-3">
                            <label class="form-label">Содержание</label>
                            <textarea name="content" class="form-control" rows="3" required></textarea>
                        </div>
                        <div class="mb-3">
                            <label class="form-label">Контактная информация</label>
                            <input type="text" name="contact_info" class="form-control" placeholder="Email или телефон" required>
                        </div>
                    </div>
                    <div class="modal-footer">
                        <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Отмена</button>
                        <button type="submit" class="btn btn-primary">Добавить объявление</button>
                    </div>
                </form>
            </div>
        </div>
    </div>

    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
    <script>
        // Автообновление каждые 60 секунд
        setInterval(() => {{
            window.location.reload();
        }}, 60000);
        
        // Валидация форм
        document.querySelectorAll("form").forEach(form => {{
            form.addEventListener("submit", function(e) {{
                const inputs = this.querySelectorAll("input[type=\"number\"]");
                inputs.forEach(input => {{
                    if (input.value && parseFloat(input.value) <= 0) {{
                        e.preventDefault();
                        alert("Пожалуйста, введите корректное значение");
                    }}
                }});
            }});
        }});
        
        // Анимация карт
        document.querySelectorAll(".bank-card").forEach(card => {{
            card.addEventListener("mouseenter", function() {{
                this.style.transform = "translateY(-5px)";
                this.style.boxShadow = "0 15px 35px rgba(0,0,0,0.3)";
            }});
            
            card.addEventListener("mouseleave", function() {{
                this.style.transform = "translateY(0)";
                this.style.boxShadow = "0 10px 25px rgba(0,0,0,0.2)";
            }});
        }});
        
        // Копирование API ключа
        function copyApiKey() {{
            const apiKeyInput = document.getElementById("apiKey");
            apiKeyInput.select();
            apiKeyInput.setSelectionRange(0, 99999);
            document.execCommand("copy");
            alert("API ключ скопирован в буфер обмена!");
        }}
    </script>
</body>
</html>
'''

def render_admin_panel(users):
    """Генерация HTML админ-панели - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    users_html = ""
    current_user = session.get('user')
    
    valid_users_count = 0
    total_balance = 0
    total_deposit = 0
    total_credit = 0
    
    for username, user in users.items():
        # Пропускаем текущего пользователя
        if username == current_user:
            continue
        
        # Проверяем, что пользователь - словарь (корректные данные)
        if not isinstance(user, dict):
            continue
        
        # Безопасно получаем данные пользователя
        role = user.get('role', 'client')
        balance = user.get('balance', 0)
        deposit = user.get('deposit', 0)
        credit = user.get('credit', 0)
        email = user.get('email', 'нет')
        
        # Обновляем статистику
        valid_users_count += 1
        total_balance += balance
        total_deposit += deposit
        total_credit += credit
        
        # Определяем цвет бейджа роли
        badge_color = "success" if role == 'admin' else "primary" if role == 'manager' else "secondary"
        
        users_html += f'''
        <div class="col-md-6 col-lg-4">
            <div class="card h-100">
                <div class="card-body">
                    <h5 class="card-title">{username}</h5>
                    <p class="card-text">
                        <small>Роль: <span class="badge bg-{badge_color}">{role}</span></small><br>
                        <small>Баланс: <strong>${balance:,}</strong></small><br>
                        <small>Вклад: <strong>${deposit:,}</strong></small><br>
                        <small>Кредит: <strong>${credit:,}</strong></small><br>
                        <small>Email: {email}</small>
                    </p>
                    <form action="/admin/change_role" method="post" class="mb-2">
                        <input type="hidden" name="username" value="{username}">
                        <select name="role" class="form-select form-select-sm mb-2">
                            <option value="client" {'selected' if role == 'client' else ''}>Клиент</option>
                            <option value="admin" {'selected' if role == 'admin' else ''}>Админ</option>
                            <option value="manager" {'selected' if role == 'manager' else ''}>Менеджер</option>
                        </select>
                        <button type="submit" class="btn btn-warning btn-sm w-100">Изменить роль</button>
                    </form>
                    <form action="/admin/add_money" method="post">
                        <input type="hidden" name="username" value="{username}">
                        <div class="input-group input-group-sm mb-2">
                            <input type="number" name="amount" class="form-control" placeholder="Сумма" min="1" required>
                            <button class="btn btn-success" type="submit">+</button>
                        </div>
                    </form>
                </div>
            </div>
        </div>
        '''
    
    return f'''
<!DOCTYPE html>
<html lang="ru">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Админ-панель</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
    <style>
        :root {{
            --primary: #4361ee;
            --gradient: linear-gradient(135deg, #4361ee 0%, #3a0ca3 100%);
        }}
        body {{
            background: #f5f7fb;
            padding: 20px;
        }}
        .admin-header {{
            background: var(--gradient);
            color: white;
            border-radius: 15px;
            padding: 20px;
            margin-bottom: 20px;
        }}
        .card {{
            border-radius: 12px;
            box-shadow: 0 3px 10px rgba(0,0,0,0.05);
        }}
        .stat-card {{
            background: white;
            border-radius: 12px;
            padding: 15px;
            box-shadow: 0 3px 10px rgba(0,0,0,0.05);
            border-left: 4px solid var(--primary);
            margin-bottom: 15px;
        }}
    </style>
</head>
<body>
    <div class="container">
        <div class="admin-header">
            <div class="d-flex justify-content-between align-items-center">
                <div>
                    <h2><i class="fas fa-cogs me-2"></i>Админ-панель</h2>
                    <p class="mb-0">Управление пользователями</p>
                </div>
                <a href="/dashboard" class="btn btn-light">
                    <i class="fas fa-arrow-left me-1"></i>Назад
                </a>
            </div>
        </div>
        
        <div class="row g-4">
            {users_html if users_html else '''
            <div class="col-12">
                <div class="alert alert-info">
                    <i class="fas fa-info-circle me-2"></i>
                    Нет других пользователей для управления.
                </div>
            </div>
            '''}
        </div>
        
        <div class="row mt-4">
            <div class="col-12">
                <div class="card">
                    <div class="card-body">
                        <h5 class="card-title"><i class="fas fa-chart-bar me-2"></i>Статистика системы</h5>
                        <div class="row">
                            <div class="col-md-3">
                                <div class="stat-card">
                                    <h6>Всего пользователей</h6>
                                    <h4>{valid_users_count + 1}</h4>
                                </div>
                            </div>
                            <div class="col-md-3">
                                <div class="stat-card">
                                    <h6>Общий баланс</h6>
                                    <h4 class="text-success">${total_balance:,}</h4>
                                </div>
                            </div>
                            <div class="col-md-3">
                                <div class="stat-card">
                                    <h6>Общие вклады</h6>
                                    <h4 class="text-info">${total_deposit:,}</h4>
                                </div>
                            </div>
                            <div class="col-md-3">
                                <div class="stat-card">
                                    <h6>Общие кредиты</h6>
                                    <h4 class="text-danger">${total_credit:,}</h4>
                                </div>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </div>
    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
    <script>
        // Валидация форм админ-панели
        document.querySelectorAll("form").forEach(form => {{
            form.addEventListener("submit", function(e) {{
                const amountInput = this.querySelector('input[type="number"]');
                if (amountInput && amountInput.value) {{
                    if (parseInt(amountInput.value) <= 0) {{
                        e.preventDefault();
                        alert("Сумма должна быть положительной!");
                    }}
                }}
            }});
        }});
    </script>
</body>
</html>
'''

# ---------- СТРАНИЦА ОПЛАТЫ ----------
def render_payment_page():
    """Страница оплаты"""
    return '''
<!DOCTYPE html>
<html lang="ru">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Оплата | Банковская система</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
    <style>
        :root {
            --primary: #4361ee;
            --secondary: #3a0ca3;
            --gradient: linear-gradient(135deg, #4361ee 0%, #3a0ca3 100%);
        }
        body {
            background: #f5f7fb;
            font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
        }
        .payment-card {
            background: white;
            border-radius: 15px;
            box-shadow: 0 10px 30px rgba(0,0,0,0.1);
            overflow: hidden;
        }
        .payment-header {
            background: var(--gradient);
            color: white;
            padding: 25px;
            text-align: center;
        }
        .payment-body {
            padding: 30px;
        }
        .form-control {
            border: 2px solid #e9ecef;
            border-radius: 10px;
            padding: 12px 15px;
            transition: all 0.3s;
        }
        .form-control:focus {
            border-color: var(--primary);
            box-shadow: 0 0 0 0.25rem rgba(67, 97, 238, 0.25);
        }
        .btn-primary {
            background: var(--gradient);
            border: none;
            border-radius: 10px;
            padding: 12px;
            font-weight: 600;
            transition: all 0.3s;
        }
        .btn-primary:hover {
            transform: translateY(-2px);
            box-shadow: 0 10px 20px rgba(67, 97, 238, 0.3);
        }
        .api-example {
            background: #f8f9fa;
            border-radius: 10px;
            padding: 15px;
            font-family: 'Courier New', monospace;
            font-size: 14px;
            margin: 10px 0;
        }
        .qr-code {
            width: 200px;
            height: 200px;
            background: #f8f9fa;
            border-radius: 10px;
            display: flex;
            align-items: center;
            justify-content: center;
            margin: 20px auto;
            border: 1px solid #dee2e6;
        }
        .payment-link {
            background: #e9ecef;
            border-radius: 8px;
            padding: 10px;
            word-break: break-all;
            font-family: 'Courier New', monospace;
            margin: 10px 0;
        }
    </style>
</head>
<body>
    <nav class="navbar navbar-expand-lg navbar-dark" style="background: var(--gradient);">
        <div class="container">
            <a class="navbar-brand" href="/dashboard">
                <i class="fas fa-university me-2"></i>
                Банк | Оплата
            </a>
            <div>
                <a href="/dashboard" class="btn btn-outline-light btn-sm">
                    <i class="fas fa-arrow-left me-1"></i> Назад
                </a>
            </div>
        </div>
    </nav>

    <div class="container mt-4 mb-5">
        <div class="row justify-content-center">
            <div class="col-lg-8">
                <div class="payment-card">
                    <div class="payment-header">
                        <h3><i class="fas fa-credit-card me-2"></i>Платежная система</h3>
                        <p class="mb-0">Принимайте платежи от клиентов через ссылки или API</p>
                    </div>
                    <div class="payment-body">
                        <div class="row">
                            <div class="col-md-6">
                                <h4><i class="fas fa-link me-2"></i>Создать ссылку для оплаты</h4>
                                <form action="/create_payment_link" method="post" id="paymentForm">
                                    <div class="mb-3">
                                        <label class="form-label">Получатель (логин)</label>
                                        <input type="text" name="receiver" class="form-control" required 
                                               placeholder="Введите логин получателя">
                                    </div>
                                    <div class="mb-3">
                                        <label class="form-label">Сумма ($)</label>
                                        <input type="number" name="amount" class="form-control" min="1" required 
                                               placeholder="Введите сумму">
                                    </div>
                                    <div class="mb-3">
                                        <label class="form-label">Описание платежа</label>
                                        <input type="text" name="description" class="form-control" 
                                               placeholder="Оплата за товар/услугу">
                                    </div>
                                    <button type="submit" class="btn btn-primary w-100">
                                        <i class="fas fa-link me-2"></i>Создать ссылку
                                    </button>
                                </form>
                                
                                <div class="mt-4">
                                    <h5><i class="fas fa-qrcode me-2"></i>QR-код для оплаты</h5>
                                    <div class="qr-code" id="qrCode">
                                        <span class="text-muted">QR-код появится после создания ссылки</span>
                                    </div>
                                </div>
                            </div>
                            
                            <div class="col-md-6">
                                <h4><i class="fas fa-code me-2"></i>API для оплаты</h4>
                                <p>Используйте API для интеграции платежей в ваши приложения:</p>
                                
                                <h6>1. Создать платеж:</h6>
                                <div class="api-example">
                                    POST /api/v1/payment/create<br>
                                    Headers: X-API-Key: ваш_ключ<br>
                                    Body: {<br>
                                      "receiver": "username",<br>
                                      "amount": 100,<br>
                                      "description": "Оплата за услугу"<br>
                                    }
                                </div>
                                
                                <h6>2. Получить статус платежа:</h6>
                                <div class="api-example">
                                    GET /api/v1/payment/status/{payment_id}<br>
                                    Headers: X-API-Key: ваш_ключ
                                </div>
                                
                                <h6>3. Пример ссылки для оплаты:</h6>
                                <div class="payment-link" id="paymentLinkExample">
                                    http://ваш-домен/pay/{payment_id}
                                </div>
                                
                                <div class="alert alert-info mt-3">
                                    <h6><i class="fas fa-lightbulb me-2"></i>Как это работает:</h6>
                                    <ol class="mb-0">
                                        <li>Создаете платеж через форму или API</li>
                                        <li>Получаете уникальную ссылку или payment_id</li>
                                        <li>Отправляете ссылку клиенту</li>
                                        <li>Клиент переходит по ссылке и оплачивает</li>
                                        <li>Вы получаете деньги на счет</li>
                                    </ol>
                                </div>
                            </div>
                        </div>
                        
                        <div class="mt-5">
                            <h4><i class="fas fa-history me-2"></i>Последние платежи</h4>
                            <div class="table-responsive">
                                <table class="table table-hover" id="paymentsTable">
                                    <thead>
                                        <tr>
                                            <th>ID</th>
                                            <th>Сумма</th>
                                            <th>Получатель</th>
                                            <th>Статус</th>
                                            <th>Дата</th>
                                        </tr>
                                    </thead>
                                    <tbody>
                                        <!-- Данные будут загружены через JavaScript -->
                                    </tbody>
                                </table>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </div>

    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
    <script>
        // Обработка формы создания платежа
        document.getElementById('paymentForm').addEventListener('submit', async function(e) {
            e.preventDefault();
            
            const formData = new FormData(this);
            
            try {
                const response = await fetch('/api/v1/payment/create', {
                    method: 'POST',
                    headers: {
                        'Content-Type': 'application/json'
                    },
                    body: JSON.stringify({
                        receiver: formData.get('receiver'),
                        amount: parseInt(formData.get('amount')),
                        description: formData.get('description')
                    })
                });
                
                const result = await response.json();
                
                if (result.success) {
                    // Обновляем пример ссылки
                    const paymentLink = window.location.origin + '/pay/' + result.payment_id;
                    document.getElementById('paymentLinkExample').textContent = paymentLink;
                    
                    // Показываем QR-код (простая визуализация)
                    const qrCodeDiv = document.getElementById('qrCode');
                    qrCodeDiv.innerHTML = `
                        <div class="text-center">
                            <div style="font-size: 80px;">💰</div>
                            <small class="text-muted">Ссылка: ${result.payment_id}</small>
                        </div>
                    `;
                    
                    alert('Платеж создан! ID: ' + result.payment_id);
                    
                    // Обновляем список платежей
                    loadPayments();
                } else {
                    alert('Ошибка: ' + result.error);
                }
            } catch (error) {
                alert('Ошибка соединения: ' + error.message);
            }
        });
        
        // Загрузка списка платежей
        async function loadPayments() {
            try {
                const response = await fetch('/api/v1/payment/list');
                const result = await response.json();
                
                if (result.success) {
                    const tbody = document.querySelector('#paymentsTable tbody');
                    tbody.innerHTML = '';
                    
                    result.payments.forEach(payment => {
                        const row = document.createElement('tr');
                        
                        // Определяем цвет статуса
                        let statusClass = 'warning';
                        if (payment.status === 'completed') statusClass = 'success';
                        if (payment.status === 'failed') statusClass = 'danger';
                        if (payment.status === 'cancelled') statusClass = 'secondary';
                        
                        const date = new Date(payment.created * 1000).toLocaleString();
                        
                        row.innerHTML = `
                            <td><small>${payment.id}</small></td>
                            <td><strong>$${payment.amount}</strong></td>
                            <td>${payment.receiver}</td>
                            <td><span class="badge bg-${statusClass}">${payment.status}</span></td>
                            <td><small>${date}</small></td>
                        `;
                        
                        tbody.appendChild(row);
                    });
                }
            } catch (error) {
                console.error('Ошибка загрузки платежей:', error);
            }
        }
        
        // Загружаем платежи при загрузке страницы
        document.addEventListener('DOMContentLoaded', loadPayments);
    </script>
</body>
</html>
'''

def render_pay_page(payment_id):
    """Страница оплаты для клиента"""
    payments = load_payments()
    
    payment = None
    for p in payments:
        if p["id"] == payment_id:
            payment = p
            break
    
    if not payment:
        return '''
        <!DOCTYPE html>
        <html>
        <head>
            <title>Платеж не найден</title>
            <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
        </head>
        <body>
            <div class="container mt-5">
                <div class="alert alert-danger">
                    <h4>Платеж не найден</h4>
                    <p>Проверьте правильность ссылки или обратитесь к отправителю.</p>
                    <a href="/" class="btn btn-primary">На главную</a>
                </div>
            </div>
        </body>
        </html>
        '''
    
    if payment["status"] != "pending":
        status_message = {
            "completed": "Оплачен",
            "failed": "Не удался",
            "cancelled": "Отменен"
        }.get(payment["status"], "Неизвестен")
        
        return f'''
        <!DOCTYPE html>
        <html>
        <head>
            <title>Статус платежа</title>
            <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
            <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
        </head>
        <body>
            <div class="container mt-5">
                <div class="row justify-content-center">
                    <div class="col-md-6">
                        <div class="card">
                            <div class="card-body text-center">
                                <h2>Платеж {status_message}</h2>
                                <div class="my-4">
                                    <i class="fas fa-{ 'check-circle text-success' if payment['status'] == 'completed' else 'times-circle text-danger' } fa-5x"></i>
                                </div>
                                <p>ID платежа: <strong>{payment_id}</strong></p>
                                <p>Сумма: <strong>${payment['amount']}</strong></p>
                                <p>Получатель: <strong>{payment['receiver']}</strong></p>
                                <p>Описание: {payment['description']}</p>
                                <a href="/" class="btn btn-primary mt-3">На главную</a>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        </body>
        </html>
        '''
    
    return f'''
<!DOCTYPE html>
<html lang="ru">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Оплата #{payment_id}</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
    <style>
        :root {{
            --primary: #4361ee;
            --gradient: linear-gradient(135deg, #4361ee 0%, #3a0ca3 100%);
        }}
        body {{
            background: #f5f7fb;
            font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
        }}
        .payment-container {{
            max-width: 500px;
            margin: 50px auto;
        }}
        .payment-card {{
            background: white;
            border-radius: 15px;
            box-shadow: 0 10px 30px rgba(0,0,0,0.1);
            overflow: hidden;
        }}
        .payment-header {{
            background: var(--gradient);
            color: white;
            padding: 25px;
            text-align: center;
        }}
        .payment-body {{
            padding: 30px;
        }}
        .amount-display {{
            font-size: 48px;
            font-weight: bold;
            color: var(--primary);
            text-align: center;
            margin: 20px 0;
        }}
        .btn-pay {{
            background: var(--gradient);
            border: none;
            border-radius: 10px;
            padding: 15px;
            font-size: 18px;
            font-weight: 600;
            width: 100%;
            margin-top: 20px;
        }}
    </style>
</head>
<body>
    <div class="payment-container">
        <div class="payment-card">
            <div class="payment-header">
                <h3><i class="fas fa-credit-card me-2"></i>Оплата</h3>
                <p class="mb-0">ID: {payment_id}</p>
            </div>
            <div class="payment-body">
                <div class="text-center mb-4">
                    <i class="fas fa-shopping-cart fa-4x text-primary"></i>
                </div>
                
                <div class="amount-display">
                    ${payment['amount']}
                </div>
                
                <div class="payment-details">
                    <div class="d-flex justify-content-between mb-2">
                        <span>Получатель:</span>
                        <strong>{payment['receiver']}</strong>
                    </div>
                    <div class="d-flex justify-content-between mb-2">
                        <span>Описание:</span>
                        <strong>{payment['description'] or 'Нет описания'}</strong>
                    </div>
                    <div class="d-flex justify-content-between mb-4">
                        <span>Статус:</span>
                        <span class="badge bg-warning">Ожидает оплаты</span>
                    </div>
                </div>
                
                <form action="/process_payment/{payment_id}" method="post" id="paymentForm">
                    <div class="mb-3">
                        <label class="form-label">Ваш логин</label>
                        <input type="text" name="username" class="form-control" placeholder="Введите ваш логин" required>
                    </div>
                    <div class="mb-3">
                        <label class="form-label">Пароль</label>
                        <input type="password" name="password" class="form-control" placeholder="Введите пароль" required>
                    </div>
                    
                    <button type="submit" class="btn btn-pay">
                        <i class="fas fa-lock me-2"></i>Оплатить ${payment['amount']}
                    </button>
                    
                    <div class="text-center mt-3">
                        <small class="text-muted">После оплаты средства будут переведены получателю</small>
                    </div>
                </form>
                
                <div class="alert alert-info mt-4">
                    <h6><i class="fas fa-info-circle me-2"></i>Безопасная оплата</h6>
                    <p class="mb-0 small">Все платежи защищены банковской системой. Для оплаты требуется авторизация.</p>
                </div>
            </div>
        </div>
    </div>
    
    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
    <script>
        document.getElementById('paymentForm').addEventListener('submit', function(e) {{
            const submitBtn = this.querySelector('button[type="submit"]');
            submitBtn.disabled = true;
            submitBtn.innerHTML = '<i class="fas fa-spinner fa-spin me-2"></i>Обработка...';
        }});
    </script>
</body>
</html>
'''

# ---------- ИСПРАВЛЕННЫЕ API МАРШРУТЫ ----------

@app.route('/api/v1/balance', methods=['GET'])
@api_key_required
def api_balance():
    """API: Получить информацию о балансе - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    try:
        user_data = request.user_data
        return jsonify({
            'success': True,
            'username': request.username,
            'balance': user_data.get('balance', 0),
            'deposit': user_data.get('deposit', 0),
            'credit': user_data.get('credit', 0),
            'total': user_data.get('balance', 0) + user_data.get('deposit', 0) - user_data.get('credit', 0)
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/history', methods=['GET'])
@api_key_required
def api_history():
    """API: Получить историю операций - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    try:
        history = load_history()
        user_history = [h for h in history if h['user'] == request.username]
        
        limit = request.args.get('limit', type=int, default=50)
        if limit > 0 and limit < len(user_history):
            user_history = user_history[-limit:]
        
        for h in user_history:
            h['time_formatted'] = datetime.fromtimestamp(h['time']).strftime('%Y-%m-%d %H:%M:%S')
        
        return jsonify({
            'success': True,
            'count': len(user_history),
            'history': user_history[::-1]
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/cards', methods=['GET'])
@api_key_required
def api_cards():
    """API: Получить список карт - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    try:
        cards = get_user_cards(request.username)
        
        safe_cards = []
        for card in cards:
            safe_card = card.copy()
            if 'number' in safe_card and len(safe_card['number']) > 4:
                safe_card['number_masked'] = '**** **** **** ' + safe_card['number'][-4:]
            safe_card['cvv'] = '***'
            safe_cards.append(safe_card)
        
        return jsonify({
            'success': True,
            'count': len(safe_cards),
            'cards': safe_cards
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/deposit', methods=['POST'])
@api_key_required
def api_deposit():
    """API: Открыть вклад - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    try:
        if not request.is_json:
            return jsonify({'success': False, 'error': 'JSON data required'}), 400
            
        data = request.get_json()
        amount = data.get('amount')
        
        if not amount:
            return jsonify({'success': False, 'error': 'Amount required'}), 400
        
        amount = int(amount)
        if amount <= 0:
            return jsonify({'success': False, 'error': 'Amount must be positive'}), 400
        
        users = load_users()
        user = users.get(request.username)
        
        if not user or user['balance'] < amount:
            return jsonify({'success': False, 'error': 'Insufficient funds'}), 400
        
        user['balance'] -= amount
        user['deposit'] += amount
        save_users(users)
        
        add_history(request.username, 'api_deposit', amount)
        
        return jsonify({
            'success': True,
            'message': f'Deposit of ${amount} created successfully',
            'new_balance': user['balance'],
            'new_deposit': user['deposit']
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/credit', methods=['POST'])
@api_key_required
def api_credit():
    """API: Взять кредит - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    try:
        if not request.is_json:
            return jsonify({'success': False, 'error': 'JSON data required'}), 400
            
        data = request.get_json()
        amount = data.get('amount')
        
        if not amount:
            return jsonify({'success': False, 'error': 'Amount required'}), 400
        
        amount = int(amount)
        if amount <= 0:
            return jsonify({'success': False, 'error': 'Amount must be positive'}), 400
        
        users = load_users()
        user = users.get(request.username)
        
        if not user:
            return jsonify({'success': False, 'error': 'User not found'}), 404
        
        user['balance'] += amount
        user['credit'] += amount
        save_users(users)
        
        add_history(request.username, 'api_credit', amount)
        
        return jsonify({
            'success': True,
            'message': f'Credit of ${amount} taken successfully',
            'new_balance': user['balance'],
            'new_credit': user['credit']
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/transfer', methods=['POST'])
@api_key_required
def api_transfer():
    """API: Сделать перевод - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    try:
        if not request.is_json:
            return jsonify({'success': False, 'error': 'JSON data required'}), 400
            
        data = request.get_json()
        target = data.get('target', '').strip()
        amount = data.get('amount')
        
        if not target:
            return jsonify({'success': False, 'error': 'Target username required'}), 400
        
        if not amount:
            return jsonify({'success': False, 'error': 'Amount required'}), 400
        
        amount = int(amount)
        if amount <= 0:
            return jsonify({'success': False, 'error': 'Amount must be positive'}), 400
        
        users = load_users()
        
        if target not in users:
            return jsonify({'success': False, 'error': 'Target user not found'}), 404
        
        if target == request.username:
            return jsonify({'success': False, 'error': 'Cannot transfer to yourself'}), 400
        
        sender = users.get(request.username)
        if not sender:
            return jsonify({'success': False, 'error': 'Sender not found'}), 404
        
        if sender['balance'] < amount:
            return jsonify({'success': False, 'error': 'Insufficient funds'}), 400
        
        sender['balance'] -= amount
        users[target]['balance'] += amount
        save_users(users)
        
        add_history(request.username, 'api_transfer', amount, target)
        
        return jsonify({
            'success': True,
            'message': f'Transfer of ${amount} to {target} successful',
            'new_balance': sender['balance']
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/cards/create', methods=['POST'])
@api_key_required
def api_create_card():
    """API: Создать карту - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    try:
        if not request.is_json:
            return jsonify({'success': False, 'error': 'JSON data required'}), 400
            
        data = request.get_json()
        card_type = data.get('card_type', 'standard')
        
        if card_type not in ['standard', 'gold', 'platinum']:
            return jsonify({'success': False, 'error': 'Invalid card type'}), 400
        
        users = load_users()
        user = users.get(request.username)
        
        if not user:
            return jsonify({'success': False, 'error': 'User not found'}), 404
        
        costs = {'standard': 0, 'gold': 50, 'platinum': 100}
        cost = costs.get(card_type, 0)
        
        if user['balance'] < cost:
            return jsonify({'success': False, 'error': 'Insufficient funds'}), 400
        
        if cost > 0:
            user['balance'] -= cost
            save_users(users)
        
        card = create_user_card(request.username, user, card_type)
        
        if not card:
            if cost > 0:
                user['balance'] += cost
                save_users(users)
            return jsonify({'success': False, 'error': 'Card creation failed. Maximum cards limit reached?'}), 400
        
        safe_card = card.copy()
        if 'number' in safe_card and len(safe_card['number']) > 4:
            safe_card['number_masked'] = '**** **** **** ' + safe_card['number'][-4:]
        safe_card['cvv'] = '***'
        
        return jsonify({
            'success': True,
            'message': f'{card_type.capitalize()} card created successfully',
            'card': safe_card,
            'cost': cost,
            'new_balance': user['balance']
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/cards/delete', methods=['POST'])
@api_key_required
def api_delete_card():
    """API: Удалить карту - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    try:
        if not request.is_json:
            return jsonify({'success': False, 'error': 'JSON data required'}), 400
            
        data = request.get_json()
        card_id = data.get('card_id')
        
        if not card_id:
            return jsonify({'success': False, 'error': 'Card ID required'}), 400
        
        cards = load_cards()
        user_cards = cards.get(request.username, [])
        
        card_to_delete = None
        for card in user_cards:
            if card['id'] == card_id:
                card_to_delete = card
                break
        
        if not card_to_delete:
            return jsonify({'success': False, 'error': 'Card not found'}), 404
        
        cards[request.username] = [c for c in user_cards if c['id'] != card_id]
        save_cards(cards)
        
        add_history(request.username, 'api_delete_card', 0, f"Card {card_to_delete['number'][-4:]}")
        
        return jsonify({
            'success': True,
            'message': f"Card ending with {card_to_delete['number'][-4:]} deleted successfully"
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

# ---------- API ДЛЯ ПЛАТЕЖЕЙ ----------

@app.route('/api/v1/payment/create', methods=['POST'])
@api_key_required
def api_payment_create():
    """API: Создать платеж"""
    try:
        if not request.is_json:
            return jsonify({'success': False, 'error': 'JSON data required'}), 400
            
        data = request.get_json()
        receiver = data.get('receiver')
        amount = data.get('amount')
        description = data.get('description', '')
        external_id = data.get('external_id', '')
        
        if not receiver:
            return jsonify({'success': False, 'error': 'Receiver required'}), 400
        
        if not amount:
            return jsonify({'success': False, 'error': 'Amount required'}), 400
        
        try:
            amount_int = int(amount)
            if amount_int <= 0:
                return jsonify({'success': False, 'error': 'Amount must be positive'}), 400
        except:
            return jsonify({'success': False, 'error': 'Invalid amount'}), 400
        
        # Проверяем существование получателя
        users = load_users()
        if receiver not in users:
            return jsonify({'success': False, 'error': 'Receiver not found'}), 404
        
        # Создаем платеж
        payment_id, payment_data = create_payment(
            payer=request.username,
            receiver=receiver,
            amount=amount_int,
            description=description,
            external_id=external_id
        )
        
        return jsonify({
            'success': True,
            'message': 'Payment created successfully',
            'payment_id': payment_id,
            'payment': payment_data,
            'payment_url': f'/pay/{payment_id}'
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/payment/process', methods=['POST'])
@api_key_required
def api_payment_process():
    """API: Выполнить платеж"""
    try:
        if not request.is_json:
            return jsonify({'success': False, 'error': 'JSON data required'}), 400
            
        data = request.get_json()
        payment_id = data.get('payment_id')
        
        if not payment_id:
            return jsonify({'success': False, 'error': 'Payment ID required'}), 400
        
        success, message = process_payment(payment_id, request.username)
        
        return jsonify({
            'success': success,
            'message': message
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/payment/status/<payment_id>', methods=['GET'])
@api_key_required
def api_payment_status(payment_id):
    """API: Получить статус платежа"""
    try:
        payments = load_payments()
        
        payment = None
        for p in payments:
            if p["id"] == payment_id:
                payment = p
                break
        
        if not payment:
            return jsonify({'success': False, 'error': 'Payment not found'}), 404
        
        # Проверяем, имеет ли пользователь доступ к этому платежу
        if payment["payer"] != request.username and payment["receiver"] != request.username:
            users = load_users()
            if users.get(request.username, {}).get('role') != 'admin':
                return jsonify({'success': False, 'error': 'Access denied'}), 403
        
        return jsonify({
            'success': True,
            'payment': payment
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/payment/list', methods=['GET'])
@api_key_required
def api_payment_list():
    """API: Получить список платежей пользователя"""
    try:
        payments = load_payments()
        
        # Фильтруем платежи по пользователю
        user_payments = []
        for payment in payments:
            if payment["payer"] == request.username or payment["receiver"] == request.username:
                user_payments.append(payment)
        
        # Сортируем по дате (новые сверху)
        user_payments.sort(key=lambda x: x['created'], reverse=True)
        
        # Ограничиваем количество
        limit = min(20, len(user_payments))
        user_payments = user_payments[:limit]
        
        return jsonify({
            'success': True,
            'count': len(user_payments),
            'payments': user_payments
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/shop/items', methods=['GET'])
@api_key_required
def api_shop_items():
    """API: Получить список товаров - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    try:
        shop_data = load_shop()
        available_items = [item for item in shop_data["items"] if item["status"] == "available"]
        
        for item in available_items:
            item['created_formatted'] = datetime.fromtimestamp(item['created']).strftime('%Y-%m-%d %H:%M:%S')
        
        return jsonify({
            'success': True,
            'count': len(available_items),
            'items': available_items[::-1]
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/shop/ads', methods=['GET'])
@api_key_required
def api_shop_ads():
    """API: Получить список объявлений - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    try:
        shop_data = load_shop()
        active_ads = [ad for ad in shop_data["ads"] if ad["status"] == "active"]
        
        for ad in active_ads:
            ad['created_formatted'] = datetime.fromtimestamp(ad['created']).strftime('%Y-%m-%d %H:%M:%S')
        
        return jsonify({
            'success': True,
            'count': len(active_ads),
            'ads': active_ads[::-1]
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/system/status', methods=['GET'])
@api_key_required
def api_system_status():
    """API: Получить статус системы - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    try:
        users = load_users()
        valid_users = [u for u in users.values() if isinstance(u, dict)]
        total_users = len(valid_users)
        total_balance = sum(u.get('balance', 0) for u in valid_users)
        total_deposit = sum(u.get('deposit', 0) for u in valid_users)
        total_credit = sum(u.get('credit', 0) for u in valid_users)
        
        return jsonify({
            'success': True,
            'system_status': 'operational',
            'statistics': {
                'total_users': total_users,
                'total_balance': total_balance,
                'total_deposit': total_deposit,
                'total_credit': total_credit,
                'net_worth': total_balance + total_deposit - total_credit
            },
            'timestamp': int(time.time())
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

# ДОБАВЛЕННЫЕ API ЭНДПОИНТЫ

@app.route('/api/v1/users', methods=['GET'])
@api_key_required
def api_users():
    """API: Получить список пользователей (только для админов)"""
    try:
        users = load_users()
        
        if not isinstance(request.user_data, dict) or request.user_data.get('role') != 'admin':
            return jsonify({'success': False, 'error': 'Admin access required'}), 403
        
        safe_users = {}
        for username, user in users.items():
            if isinstance(user, dict):
                safe_user = user.copy()
                safe_user.pop('password', None)
                safe_users[username] = safe_user
        
        return jsonify({
            'success': True,
            'count': len(safe_users),
            'users': safe_users
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/health', methods=['GET'])
def api_health():
    """API: Проверка здоровья системы (не требует API ключа)"""
    try:
        files = [USERS_FILE, HISTORY_FILE, CARDS_FILE, SHOP_FILE, PAYMENTS_FILE]
        file_status = {}
        
        for file in files:
            file_status[file] = os.path.exists(file)
        
        return jsonify({
            'status': 'healthy',
            'timestamp': int(time.time()),
            'files': file_status,
            'message': 'System is operational'
        })
    except Exception as e:
        return jsonify({'status': 'unhealthy', 'error': str(e)}), 500

@app.route('/api/v1/shop/create_item', methods=['POST'])
@api_key_required
def api_create_shop_item():
    """API: Создать товар в магазине"""
    try:
        if not request.is_json:
            return jsonify({'success': False, 'error': 'JSON data required'}), 400
            
        data = request.get_json()
        title = data.get('title')
        description = data.get('description')
        price = data.get('price')
        category = data.get('category', 'other')
        
        if not title or not description or not price:
            return jsonify({'success': False, 'error': 'Title, description and price required'}), 400
        
        try:
            price_int = int(price)
            if price_int <= 0:
                return jsonify({'success': False, 'error': 'Price must be positive'}), 400
        except:
            return jsonify({'success': False, 'error': 'Invalid price'}), 400
        
        item_id = create_shop_item(request.username, title, description, price_int, category)
        
        return jsonify({
            'success': True,
            'message': f'Item "{title}" created successfully',
            'item_id': item_id
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/shop/buy_item', methods=['POST'])
@api_key_required
def api_buy_item():
    """API: Купить товар"""
    try:
        if not request.is_json:
            return jsonify({'success': False, 'error': 'JSON data required'}), 400
            
        data = request.get_json()
        item_id = data.get('item_id')
        
        if not item_id:
            return jsonify({'success': False, 'error': 'Item ID required'}), 400
        
        success, message = buy_item(item_id, request.username)
        
        return jsonify({
            'success': success,
            'message': message
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

# ---------- МАГАЗИН МАРШРУТЫ ----------
@app.route('/create_shop_item', methods=['POST'])
@login_required
def create_shop_item_route():
    """Создание товара в магазине"""
    title = request.form.get('title')
    description = request.form.get('description')
    price = request.form.get('price')
    category = request.form.get('category', 'other')
    
    if not title or not description or not price:
        return redirect('/dashboard')
    
    try:
        price_int = int(price)
        if price_int <= 0:
            return redirect('/dashboard')
    except:
        return redirect('/dashboard')
    
    item_id = create_shop_item(session['user'], title, description, price_int, category)
    
    return redirect('/dashboard')

@app.route('/create_advertisement', methods=['POST'])
@login_required
def create_advertisement_route():
    """Создание объявления"""
    title = request.form.get('title')
    content = request.form.get('content')
    contact_info = request.form.get('contact_info')
    
    if not title or not content or not contact_info:
        return redirect('/dashboard')
    
    ad_id = create_advertisement(session['user'], title, content, contact_info)
    
    return redirect('/dashboard')

@app.route('/buy_item/<item_id>', methods=['POST'])
@login_required
def buy_item_route(item_id):
    """Покупка товара"""
    success, message = buy_item(item_id, session['user'])
    
    return redirect('/dashboard')

# ---------- ПЛАТЕЖНЫЕ МАРШРУТЫ ----------
@app.route('/payment_page')
@login_required
def payment_page():
    """Страница управления платежами"""
    return render_payment_page()

@app.route('/create_payment_link', methods=['POST'])
@login_required
def create_payment_link():
    """Создание ссылки для оплаты"""
    receiver = request.form.get('receiver')
    amount = request.form.get('amount')
    description = request.form.get('description', '')
    
    if not receiver or not amount:
        return redirect('/payment_page')
    
    try:
        amount_int = int(amount)
        if amount_int <= 0:
            return redirect('/payment_page')
    except:
        return redirect('/payment_page')
    
    payment_id, payment_data = create_payment(
        payer=session['user'],
        receiver=receiver,
        amount=amount_int,
        description=description
    )
    
    return redirect(f'/payment_page')

@app.route('/pay/<payment_id>', methods=['GET'])
def pay_page(payment_id):
    """Страница оплаты для клиента"""
    return render_pay_page(payment_id)

@app.route('/process_payment/<payment_id>', methods=['POST'])
def process_payment_route(payment_id):
    """Обработка платежа (для неавторизованных пользователей)"""
    username = request.form.get('username')
    password = request.form.get('password')
    
    if not username or not password:
        return "Неверные данные", 400
    
    # Проверяем логин и пароль
    users = load_users()
    user_data = users.get(username)
    
    if not user_data or user_data['password'] != password:
        return "Неверный логин или пароль", 401
    
    # Проверяем, что пользователь является плательщиком
    payments = load_payments()
    payment = None
    for p in payments:
        if p["id"] == payment_id:
            payment = p
            break
    
    if not payment:
        return "Платеж не найден", 404
    
    if payment["payer"] != username:
        return "Вы не являетесь плательщиком по этому платежу", 403
    
    # Выполняем платеж
    success, message = process_payment(payment_id, username)
    
    if success:
        return redirect(f'/pay/{payment_id}')
    else:
        return f"Ошибка: {message}", 400

# ---------- ОСНОВНЫЕ МАРШРУТЫ ----------
@app.route('/', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        users = load_users()
        username = request.form.get('username')
        password = request.form.get('password')
        
        user_data = users.get(username)
        if user_data and isinstance(user_data, dict) and user_data['password'] == password:
            session['user'] = username
            return redirect('/dashboard')
        else:
            return render_login().replace('</form>', 
                '<div class="alert alert-danger mt-3">Неверный логин или пароль</div></form>')
    
    return render_login()

@app.route('/register', methods=['GET', 'POST'])
def register():
    if request.method == 'POST':
        users = load_users()
        username = request.form.get('username')
        
        if username in users:
            return render_register().replace('</form>',
                '<div class="alert alert-danger mt-3">Пользователь уже существует</div></form>')
        
        user_data = {
            'password': request.form.get('password'),
            'balance': 1000,
            'deposit': 0,
            'credit': 0,
            'role': 'client',
            'full_name': f"{request.form.get('first_name')} {request.form.get('last_name')}",
            'email': request.form.get('email'),
            'api_key': None
        }
        
        users[username] = user_data
        save_users(users)
        
        session['user'] = username
        return redirect('/dashboard')
    
    return render_register()

@app.route('/dashboard')
@login_required
def dashboard():
    users = load_users()
    history = load_history()
    
    if session['user'] not in users:
        session.clear()
        return redirect('/')
    
    user_data = users[session['user']]
    user_history = [h for h in history if h['user'] == session['user']]
    user_cards = get_user_cards(session['user'])
    shop_data = load_shop()
    
    return render_dashboard(user_data, user_history[-20:], user_cards, shop_data)

@app.route('/generate_api_key', methods=['POST'])
@login_required
def generate_api_key_route():
    users = load_users()
    user = users.get(session['user'])
    if user and isinstance(user, dict):
        user['api_key'] = generate_api_key()
        save_users(users)
        add_history(session['user'], 'generate_api_key', 0)
    return redirect('/dashboard')

@app.route('/deposit', methods=['POST'])
@login_required
def deposit():
    users = load_users()
    user = users.get(session['user'])
    
    try:
        amount = int(request.form.get('amount', 0))
        if amount > 0 and user and user['balance'] >= amount:
            user['balance'] -= amount
            user['deposit'] += amount
            save_users(users)
            add_history(session['user'], 'deposit', amount)
    except:
        pass
    
    return redirect('/dashboard')

@app.route('/credit', methods=['POST'])
@login_required
def credit():
    users = load_users()
    user = users.get(session['user'])
    
    try:
        amount = int(request.form.get('amount', 0))
        if amount > 0 and user:
            user['balance'] += amount
            user['credit'] += amount
            save_users(users)
            add_history(session['user'], 'credit', amount)
    except:
        pass
    
    return redirect('/dashboard')

@app.route('/transfer', methods=['POST'])
@login_required
def transfer():
    users = load_users()
    sender = session['user']
    
    try:
        target = request.form.get('target')
        amount = int(request.form.get('amount', 0))
        
        sender_data = users.get(sender)
        target_data = users.get(target)
        
        if (amount > 0 and target_data and target != sender and 
            sender_data and sender_data['balance'] >= amount):
            sender_data['balance'] -= amount
            target_data['balance'] += amount
            save_users(users)
            add_history(sender, 'transfer', amount, target)
    except Exception as e:
        print(f"Transfer error: {e}")
        pass
    
    return redirect('/dashboard')

@app.route('/create_card', methods=['POST'])
@login_required
def create_card():
    users = load_users()
    user = users.get(session['user'])
    card_type = request.form.get('card_type', 'standard')
    
    costs = {
        'standard': 0,
        'gold': 50,
        'platinum': 100
    }
    
    cost = costs.get(card_type, 0)
    
    if user and user['balance'] >= cost:
        user['balance'] -= cost
        save_users(users)
        
        card = create_user_card(session['user'], user, card_type)
        if card:
            add_history(session['user'], 'create_card', cost, f"{card_type}_{card['number'][-4:]}")
    
    return redirect('/dashboard')

@app.route('/delete_card/<card_id>', methods=['POST'])
@login_required
def delete_card(card_id):
    cards = load_cards()
    user_cards = cards.get(session['user'], [])
    cards[session['user']] = [c for c in user_cards if c['id'] != card_id]
    save_cards(cards)
    return redirect('/dashboard')

# ---------- АДМИН МАРШРУТЫ (ИСПРАВЛЕННЫЕ) ----------
@app.route('/admin')
@admin_required
def admin():
    users = load_users()
    return render_admin_panel(users)

@app.route('/admin/change_role', methods=['POST'])
@admin_required
def admin_change_role():
    users = load_users()
    username = request.form.get('username')
    new_role = request.form.get('role')
    
    if username in users and username != session['user'] and isinstance(users[username], dict):
        users[username]['role'] = new_role
        save_users(users)
        add_history(session['user'], 'change_role', 0, f"{username}->{new_role}")
    
    return redirect('/admin')

@app.route('/admin/add_money', methods=['POST'])
@admin_required
def admin_add_money():
    users = load_users()
    username = request.form.get('username')
    amount = int(request.form.get('amount', 0))
    
    if username in users and amount > 0 and isinstance(users[username], dict):
        users[username]['balance'] += amount
        save_users(users)
        add_history('admin', 'add_money', amount, username)
    
    return redirect('/admin')

@app.route('/logout')
def logout():
    session.clear()
    return redirect('/')

# ---------- API ДОКУМЕНТАЦИЯ ----------
@app.route('/api/docs')
def api_docs():
    """Страница с документацией API"""
    return '''
<!DOCTYPE html>
<html lang="ru">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>API Документация</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
    <style>
        body {
            font-family: "Segoe UI", Tahoma, Geneva, Verdana, sans-serif;
            background: #f5f7fb;
            padding: 20px;
        }
        .code-block {
            background: #1e1e1e;
            color: #d4d4d4;
            padding: 15px;
            border-radius: 5px;
            font-family: "Courier New", monospace;
            overflow-x: auto;
            margin: 10px 0;
        }
        .endpoint {
            background: white;
            border-radius: 10px;
            padding: 20px;
            margin-bottom: 20px;
            box-shadow: 0 3px 10px rgba(0,0,0,0.05);
            border-left: 4px solid #4361ee;
        }
    </style>
</head>
<body>
    <div class="container">
        <div class="row">
            <div class="col-12">
                <div class="card mb-4">
                    <div class="card-body">
                        <h1 class="card-title"><i class="fas fa-code me-2"></i>Документация API</h1>
                        <p class="card-text">Используйте API для интеграции банковских услуг в ваши приложения.</p>
                        
                        <h3 class="mt-4">Базовый URL</h3>
                        <div class="code-block">
                            http://localhost:5000/api/v1/
                        </div>
                        
                        <h3 class="mt-4">Аутентификация</h3>
                        <p>Для использования API необходим API ключ. Получите его в личном кабинете.</p>
                        <p>Передавайте ключ одним из способов:</p>
                        
                        <h5>Заголовок HTTP:</h5>
                        <div class="code-block">
                            X-API-Key: ваш_api_ключ
                        </div>
                        
                        <h5>Параметр запроса:</h5>
                        <div class="code-block">
                            ?api_key=ваш_api_ключ
                        </div>
                        
                        <h5>JSON тело запроса:</h5>
                        <div class="code-block">
                            {
                                "api_key": "ваш_api_ключ",
                                ...
                            }
                        </div>
                        
                        <h3 class="mt-4">Доступные эндпоинты</h3>
                        
                        <div class="endpoint">
                            <h5><span class="badge bg-success">GET</span> /api/v1/health</h5>
                            <p>Проверка здоровья системы (не требует API ключа)</p>
                            <div class="code-block">
curl http://localhost:5000/api/v1/health
                            </div>
                        </div>
                        
                        <div class="endpoint">
                            <h5><span class="badge bg-info">GET</span> /api/v1/balance</h5>
                            <p>Получить информацию о балансе пользователя</p>
                            <div class="code-block">
curl -H "X-API-Key: ваш_ключ" http://localhost:5000/api/v1/balance
                            </div>
                        </div>
                        
                        <div class="endpoint">
                            <h5><span class="badge bg-info">GET</span> /api/v1/history?limit=50</h5>
                            <p>Получить историю операций (опциональный параметр limit)</p>
                        </div>
                        
                        <div class="endpoint">
                            <h5><span class="badge bg-success">POST</span> /api/v1/deposit</h5>
                            <p>Открыть вклад. Требуется JSON: {"amount": 100}</p>
                            <div class="code-block">
curl -X POST -H "X-API-Key: ваш_ключ" -H "Content-Type: application/json"<br>
     -d "{\\"amount\\": 100}" http://localhost:5000/api/v1/deposit
                            </div>
                        </div>
                        
                        <div class="endpoint">
                            <h5><span class="badge bg-success">POST</span> /api/v1/credit</h5>
                            <p>Взять кредит. Требуется JSON: {"amount": 100}</p>
                        </div>
                        
                        <div class="endpoint">
                            <h5><span class="badge bg-success">POST</span> /api/v1/transfer</h5>
                            <p>Сделать перевод. Требуется JSON: {"target": "username", "amount": 100}</p>
                        </div>
                        
                        <div class="endpoint">
                            <h5><span class="badge bg-info">GET</span> /api/v1/cards</h5>
                            <p>Получить список карт пользователя</p>
                        </div>
                        
                        <div class="endpoint">
                            <h5><span class="badge bg-success">POST</span> /api/v1/cards/create</h5>
                            <p>Создать карту. Требуется JSON: {"card_type": "standard"}</p>
                        </div>
                        
                        <div class="endpoint">
                            <h5><span class="badge bg-info">GET</span> /api/v1/shop/items</h5>
                            <p>Получить список товаров в магазине</p>
                        </div>
                        
                        <div class="endpoint">
                            <h5><span class="badge bg-success">POST</span> /api/v1/payment/create</h5>
                            <p>Создать платеж. Требуется JSON: {"receiver": "...", "amount": 100, "description": "..."}</p>
                        </div>
                        
                        <div class="endpoint">
                            <h5><span class="badge bg-success">POST</span> /api/v1/payment/process</h5>
                            <p>Выполнить платеж. Требуется JSON: {"payment_id": "..."}</p>
                        </div>
                        
                        <div class="endpoint">
                            <h5><span class="badge bg-info">GET</span> /api/v1/payment/status/{payment_id}</h5>
                            <p>Получить статус платежа</p>
                        </div>
                        
                        <div class="endpoint">
                            <h5><span class="badge bg-info">GET</span> /api/v1/system/status</h5>
                            <p>Получить статус системы</p>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </div>
</body>
</html>
'''
# ================= ДЕКОРАТОР УЧИТЕЛЯ =================

from functools import wraps

def teacher_required(f):
    @wraps(f)
    def decorated(*args, **kwargs):
        if 'user' not in session:
            return redirect("/")

        users = load_users()
        user = users.get(session['user'])

        if not user:
            return redirect("/")

        if user.get("role") not in ["teacher", "admin"]:
            return redirect("/dashboard")

        return f(*args, **kwargs)
    return decorated

# ============================================================
# ========= ГРАФИК ДИНАМИКИ СРЕДНЕГО БАЛЛА ==================
# ============================================================

@app.route("/student_avg_graph/<student>")
@login_required
@teacher_required
def student_avg_graph(student):
    journal = load_journal()

    if student not in journal:
        return "Нет данных"

    subjects = journal[student]

    # собираем оценки по порядку добавления
    all_grades = []
    for subject, grades in subjects.items():
        all_grades += grades

    averages = []
    current = []

    for g in all_grades:
        current.append(g)
        averages.append(sum(current) / len(current))

    plt.figure()
    plt.plot(range(1, len(averages)+1), averages)

    plt.xlabel("Количество оценок")
    plt.ylabel("Средний балл")
    plt.title(f"Динамика среднего балла {student}")

    img = BytesIO()
    plt.savefig(img, format="png")
    plt.close()
    img.seek(0)

    graph_url = base64.b64encode(img.getvalue()).decode()

    return f"""
    <h2>📈 Динамика среднего балла: {student}</h2>
    <a href="/journal">Назад</a>
    <br><br>
    <img src="data:image/png;base64,{graph_url}">
    """


# ============================================================
# ========= ФИНАНСОВЫЙ ГРАФИК УЧЕНИКА ========================
# ============================================================

@app.route("/student_finance_graph/<student>")
@login_required
@teacher_required
def student_finance_graph(student):
    journal = load_journal()
    users = load_users()

    if student not in journal:
        return "Нет данных"

    subjects = journal[student]

    # считаем баланс на основе оценок
    balance_history = []
    balance = 0

    for subject, grades in subjects.items():
        for g in grades:
            balance += calculate_money_for_grade(g)
            balance_history.append(balance)

    if not balance_history:
        return "Нет оценок"

    plt.figure()
    plt.plot(range(1, len(balance_history)+1), balance_history)

    plt.xlabel("Количество оценок")
    plt.ylabel("Баланс ($)")
    plt.title(f"Финансовая динамика {student}")

    img = BytesIO()
    plt.savefig(img, format="png")
    plt.close()
    img.seek(0)

    graph_url = base64.b64encode(img.getvalue()).decode()

    return f"""
    <h2>💰 Финансовый график: {student}</h2>
    <a href="/journal">Назад</a>
    <br><br>
    <img src="data:image/png;base64,{graph_url}">
    """


# ============================================================
# ОБНОВЛЕНИЕ ТАБЛИЦЫ В ЖУРНАЛЕ (добавление ссылок)
# ============================================================

@app.route("/journal")
@login_required
@teacher_required
def journal_page():
    journal = load_journal()

    table = ""

    for student, subjects in journal.items():
        total = []
        for grades in subjects.values():
            total += grades

        avg = round(sum(total)/len(total),2) if total else 0

        table += f"""
        <tr>
            <td>{student}</td>
            <td>{avg}</td>
            <td>
                <a href="/student_graph/{student}">📊 Успеваемость</a><br>
                <a href="/student_avg_graph/{student}">📈 Средний</a><br>
                <a href="/student_finance_graph/{student}">💰 Финансы</a>
            </td>
        </tr>
        """

    return f"""
    <h2>Электронный журнал PRO MAX</h2>
    <a href="/dashboard">Назад</a>
    <hr>

    <h3>Создать класс</h3>
    <form method="post" action="/add_class">
        <input name="class_name" placeholder="5А" required>
        <button>Создать</button>
    </form>

    <h3>Добавить ученика в класс</h3>
    <form method="post" action="/add_student_to_class">
        <input name="student" placeholder="Логин ученика" required>
        <input name="class_name" placeholder="Класс" required>
        <button>Добавить</button>
    </form>

    <h3>Поставить оценку</h3>
    <form method="post" action="/add_grade">
        <input name="student" placeholder="Логин ученика" required>
        <input name="subject" placeholder="Предмет" required>
        <input name="grade" type="number" min="2" max="5" required>
        <button>Поставить</button>
    </form>

    <hr>
    <h3>Ученики</h3>
    <table border="1" cellpadding="10">
        <tr>
            <th>Ученик</th>
            <th>Средний балл</th>
            <th>Графики</th>
        </tr>
        {table}
    </table>

    <br>
    <a href="/rating">🏆 Смотреть рейтинг</a>
    """
	

if __name__ == '__main__':
    import threading
    
    def daily_update_thread():
        while True:
            time.sleep(86400)
            daily_update()
    
    thread = threading.Thread(target=daily_update_thread, daemon=True)
    thread.start()
    app.run(host='0.0.0.0', port=5000, debug=True)