from flask import Flask, request, redirect, session, Response, jsonify
import json, os, random, time, uuid, re, html, base64, hashlib, hmac, struct
from datetime import datetime
from functools import wraps
from urllib.parse import quote

app = Flask(__name__)
app.secret_key = "bank_secret_key_2025"
app.config['SESSION_PERMANENT'] = True
app.config['PERMANENT_SESSION_LIFETIME'] = 3600

USERS_FILE = "users.json"
HISTORY_FILE = "history.json"
SHOP_FILE = "shop.json"
PAYMENTS_FILE = "payments.json"  # Новый файл для платежей
JOURNAL_FILE = "journal.json"
CLASSES_FILE = "classes.json"
SUBJECTS_FILE = "subjects.json"
PARENT_LINKS_FILE = "parent_links.json"
CRYPTO_FILE = "crypto.json"

SERKRIPTO_NAME = "SerKripto"
SERKRIPTO_SYMBOL = "SERK"

ROLE_ADMIN = "admin"
ROLE_MANAGER = "manager"
ROLE_TEACHER = "teacher"
ROLE_PARENT = "parent"
ROLE_STUDENT = "student"
ROLE_CLIENT = "client"

VALID_ROLES = {
    ROLE_ADMIN,
    ROLE_MANAGER,
    ROLE_TEACHER,
    ROLE_PARENT,
    ROLE_STUDENT,
    ROLE_CLIENT
}

FINANCE_ROLES = (ROLE_ADMIN, ROLE_MANAGER, ROLE_TEACHER, ROLE_PARENT, ROLE_STUDENT, ROLE_CLIENT)
CREDIT_ROLES = (ROLE_ADMIN, ROLE_MANAGER, ROLE_TEACHER, ROLE_PARENT, ROLE_CLIENT)
CRYPTO_ROLES = (ROLE_ADMIN, ROLE_MANAGER, ROLE_TEACHER, ROLE_PARENT, ROLE_CLIENT)
SHOP_SELL_ROLES = (ROLE_ADMIN, ROLE_MANAGER, ROLE_TEACHER, ROLE_PARENT, ROLE_CLIENT)
JOURNAL_ROLES = (ROLE_ADMIN, ROLE_TEACHER)

TOTP_DIGITS = 6
TOTP_PERIOD_SEC = 30
TOTP_DRIFT_WINDOWS = 1
PENDING_2FA_TTL_SEC = 300

def normalize_role(role_value):
    role = str(role_value or ROLE_CLIENT).strip().lower()
    if role not in VALID_ROLES:
        return ROLE_CLIENT
    return role

def parse_bool(value):
    if isinstance(value, bool):
        return value
    if isinstance(value, (int, float)):
        return value != 0
    if isinstance(value, str):
        return value.strip().lower() in {"1", "true", "yes", "on"}
    return False

def normalize_totp_secret(secret_value):
    cleaned = re.sub(r"[^A-Z2-7]", "", str(secret_value or "").upper())
    return cleaned

def generate_totp_secret(length=32):
    alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"
    return "".join(random.choice(alphabet) for _ in range(max(16, int(length))))

def generate_totp_code(secret, for_timestamp=None):
    normalized_secret = normalize_totp_secret(secret)
    if not normalized_secret:
        return None

    pad_len = (8 - (len(normalized_secret) % 8)) % 8
    padded = normalized_secret + ("=" * pad_len)

    try:
        key = base64.b32decode(padded, casefold=True)
    except Exception:
        return None

    timestamp = int(time.time()) if for_timestamp is None else int(for_timestamp)
    counter = int(timestamp // TOTP_PERIOD_SEC)
    counter_bytes = struct.pack(">Q", counter)
    digest = hmac.new(key, counter_bytes, hashlib.sha1).digest()
    offset = digest[-1] & 0x0F
    binary = (
        ((digest[offset] & 0x7F) << 24)
        | ((digest[offset + 1] & 0xFF) << 16)
        | ((digest[offset + 2] & 0xFF) << 8)
        | (digest[offset + 3] & 0xFF)
    )
    return str(binary % (10 ** TOTP_DIGITS)).zfill(TOTP_DIGITS)

def verify_totp_code(secret, raw_code):
    code = re.sub(r"\D", "", str(raw_code or ""))
    if len(code) != TOTP_DIGITS:
        return False

    now = int(time.time())
    for offset in range(-TOTP_DRIFT_WINDOWS, TOTP_DRIFT_WINDOWS + 1):
        check_time = now + (offset * TOTP_PERIOD_SEC)
        expected = generate_totp_code(secret, check_time)
        if expected and code == expected:
            return True
    return False

def get_totp_uri(username, secret):
    issuer = quote("Bank School")
    account = quote(str(username or "user"))
    return f"otpauth://totp/{issuer}:{account}?secret={secret}&issuer={issuer}&digits={TOTP_DIGITS}&period={TOTP_PERIOD_SEC}"

def clear_pending_2fa_session():
    session.pop("pending_2fa_user", None)
    session.pop("pending_2fa_started", None)

def is_pending_2fa_alive():
    started = int(session.get("pending_2fa_started", 0) or 0)
    if started <= 0:
        return False
    return (int(time.time()) - started) <= PENDING_2FA_TTL_SEC

def get_user_role(user_data):
    if not isinstance(user_data, dict):
        return ROLE_CLIENT
    return normalize_role(user_data.get("role", ROLE_CLIENT))

def has_role(user_data, allowed_roles):
    role = get_user_role(user_data)
    normalized_allowed = {normalize_role(r) for r in allowed_roles}
    return role in normalized_allowed

def default_admin_user():
    return {
        "password": "CreateSergeyPass",
        "balance": 0,
        "deposit": 0,
        "credit": 0,
        "serkripto": 0.0,
        "role": "admin",
        "full_name": "Администратор Системы",
        "email": "kompania.bank@gmail.com",
        "api_key": "Sergey_API_KEY_1",
        "twofa_enabled": False,
        "twofa_secret": "",
    }

# ---------- ИНИЦИАЛИЗАЦИЯ ФАЙЛОВ ----------
def init_files():
    """Инициализация файлов (без удаления существующих)"""
    # Создаем файлы если они не существуют
    files_to_init = [
        (USERS_FILE, {"Sergey": default_admin_user()}),
        (HISTORY_FILE, []),
        (SHOP_FILE, {"items": [], "ads": []}),
        (PAYMENTS_FILE, []),  # Инициализация файла платежей
        (JOURNAL_FILE, {}),
        (CLASSES_FILE, {}),
        (SUBJECTS_FILE, []),
        (PARENT_LINKS_FILE, {}),
        (CRYPTO_FILE, {
            "name": SERKRIPTO_NAME,
            "symbol": SERKRIPTO_SYMBOL,
            "price": 100.0,
            "min_price": 1.0,
            "max_price": 1000000.0,
            "price_step_buy": 0.012,
            "price_step_sell": 0.01,
            "idle_decay_rate": 0.0015,
            "idle_decay_interval_sec": 30,
            "last_buy_at": int(time.time()),
            "last_update": int(time.time()),
            "stats": {
                "buy_ops": 0,
                "sell_ops": 0,
                "buy_volume": 0.0,
                "sell_volume": 0.0
            }
        })
    ]
    
    for filename, default_data in files_to_init:
        if not os.path.exists(filename):
            with open(filename, "w", encoding='utf-8') as f:
                json.dump(default_data, f, indent=4, ensure_ascii=False)

# Инициализируем файлы при запуске
init_files()

# Совместимые no-op хуки уведомлений
def ws_emit_system(event_name, payload=None):
    return None

def ws_emit_user(username, event_name, payload=None):
    return None

def ws_emit_balance_update(username):
    return None

# ---------- ФУНКЦИИ ДЛЯ РАБОТЫ С ДАННЫМИ ----------
def load_users():
    try:
        with open(USERS_FILE, 'r', encoding='utf-8') as f:
            data = json.load(f)
            # Убеждаемся, что данные в правильном формате
            if not isinstance(data, dict):
                print("Warning: users.json is not a dictionary, resetting to default")
                data = {"admin": default_admin_user()}
                save_users(data)
                return data
            # Проверяем, что все значения являются словарями
            cleaned_data = {}
            for username, user_data in data.items():
                if isinstance(user_data, dict):
                    user_data["role"] = get_user_role(user_data)
                    try:
                        user_data["serkripto"] = round(float(user_data.get("serkripto", 0.0)), 6)
                    except:
                        user_data["serkripto"] = 0.0
                    user_data["twofa_secret"] = normalize_totp_secret(user_data.get("twofa_secret", ""))
                    user_data["twofa_enabled"] = parse_bool(user_data.get("twofa_enabled", False))
                    if not user_data["twofa_secret"]:
                        user_data["twofa_enabled"] = False
                    cleaned_data[username] = user_data
                else:
                    print(f"Warning: User {username} data is not a dict, resetting")
                    if username == "admin":
                        cleaned_data[username] = default_admin_user()
                    else:
                        cleaned_data[username] = {
                            "password": "reset123",
                            "balance": 1000,
                            "deposit": 0,
                            "credit": 0,
                            "serkripto": 0.0,
                            "role": "client",
                            "full_name": "Пользователь",
                            "email": "user@example.com",
                            "api_key": None,
                            "twofa_enabled": False,
                            "twofa_secret": "",
                        }

            # Гарантируем наличие рабочего admin даже после ручной порчи users.json
            admin_defaults = default_admin_user()
            admin_user = cleaned_data.get("admin")
            if not isinstance(admin_user, dict):
                cleaned_data["admin"] = admin_defaults
            else:
                for key, value in admin_defaults.items():
                    admin_user.setdefault(key, value)
                admin_user["role"] = ROLE_ADMIN
                if not admin_user.get("password"):
                    admin_user["password"] = admin_defaults["password"]

            if cleaned_data != data:
                save_users(cleaned_data)
            return cleaned_data
    except Exception as e:
        print(f"Error loading users: {e}")
        data = {"admin": default_admin_user()}
        save_users(data)
        return data

def save_users(data):
    with open(USERS_FILE, "w", encoding='utf-8') as f:
        json.dump(data, f, indent=4, ensure_ascii=False)

def load_history():
    try:
        with open(HISTORY_FILE, 'r', encoding='utf-8') as f:
            return json.load(f)
    except:
        return []

def save_history(data):
    with open(HISTORY_FILE, "w", encoding='utf-8') as f:
        json.dump(data, f, indent=4, ensure_ascii=False)

# ---------- ЭЛЕКТРОННЫЙ ДНЕВНИК ----------
def load_journal():
    try:
        with open(JOURNAL_FILE, 'r', encoding='utf-8') as f:
            data = json.load(f)
            return data if isinstance(data, dict) else {}
    except:
        return {}

def save_journal(data):
    with open(JOURNAL_FILE, "w", encoding='utf-8') as f:
        json.dump(data, f, indent=4, ensure_ascii=False)

def load_classes():
    try:
        with open(CLASSES_FILE, 'r', encoding='utf-8') as f:
            data = json.load(f)
            return data if isinstance(data, dict) else {}
    except:
        return {}

def save_classes(data):
    with open(CLASSES_FILE, "w", encoding='utf-8') as f:
        json.dump(data, f, indent=4, ensure_ascii=False)

def load_subjects():
    try:
        with open(SUBJECTS_FILE, 'r', encoding='utf-8') as f:
            data = json.load(f)
            return data if isinstance(data, list) else []
    except:
        return []

def save_subjects(data):
    with open(SUBJECTS_FILE, "w", encoding='utf-8') as f:
        json.dump(data, f, indent=4, ensure_ascii=False)

def load_parent_links():
    try:
        with open(PARENT_LINKS_FILE, 'r', encoding='utf-8') as f:
            data = json.load(f)
            return data if isinstance(data, dict) else {}
    except:
        return {}

def save_parent_links(data):
    with open(PARENT_LINKS_FILE, "w", encoding='utf-8') as f:
        json.dump(data, f, indent=4, ensure_ascii=False)

def get_parent_children(parent_username):
    links = load_parent_links()
    children = links.get(parent_username, [])
    if not isinstance(children, list):
        return []
    unique_children = []
    for child in children:
        child_name = str(child).strip()
        if child_name and child_name not in unique_children:
            unique_children.append(child_name)
    return unique_children

def calculate_money_for_grade(grade):
    grade = int(grade)
    mapping = {
        5: 20,
        4: 10,
        3: -10,
        2: -20
    }
    return mapping.get(grade, 0)

# ---------- ФУНКЦИИ ДЛЯ ПЛАТЕЖЕЙ ----------
def load_payments():
    """Загрузка платежей"""
    try:
        with open(PAYMENTS_FILE, 'r', encoding='utf-8') as f:
            return json.load(f)
    except:
        return []

def save_payments(data):
    """Сохранение платежей"""
    with open(PAYMENTS_FILE, "w", encoding='utf-8') as f:
        json.dump(data, f, indent=4, ensure_ascii=False)

def get_payment_by_id(payment_id):
    payments = load_payments()
    for payment in payments:
        if payment.get("id") == payment_id:
            return payment
    return None

def sanitize_payment_output(payment):
    if not isinstance(payment, dict):
        return payment
    safe_payment = payment.copy()
    balances = safe_payment.get("balances")
    if isinstance(balances, dict):
        safe_payment["balances"] = {
            "payer_before": balances.get("payer_before"),
            "payer_after": balances.get("payer_after")
        }
    return safe_payment

def ws_emit_payment_event(event_name, payment, extra_payload=None):
    if not isinstance(payment, dict):
        return
    payload = {
        "id": payment.get("id"),
        "status": payment.get("status"),
        "payer": payment.get("payer"),
        "receiver": payment.get("receiver"),
        "amount": payment.get("amount"),
        "allow_any_payer": bool(payment.get("allow_any_payer", False)),
        "created_by": payment.get("created_by")
    }
    if isinstance(extra_payload, dict):
        payload.update(extra_payload)

    ws_emit_system(event_name, payload)

    notified_users = set()
    for username in [payment.get("payer"), payment.get("receiver"), payment.get("created_by")]:
        username = str(username or "").strip()
        if not username or username == "*" or username in notified_users:
            continue
        ws_emit_user(username, event_name, payload)
        notified_users.add(username)

def ws_emit_crypto_market_event(market, reason="update"):
    if not isinstance(market, dict):
        return
    payload = {
        "reason": reason,
        "coin": market.get("name", SERKRIPTO_NAME),
        "symbol": market.get("symbol", SERKRIPTO_SYMBOL),
        "price_rub": round(float(market.get("price", 0.0)), 4),
        "min_price_rub": round(float(market.get("min_price", 1.0)), 4),
        "max_price_rub": round(float(market.get("max_price", 1000000.0)), 4),
        "time": int(time.time())
    }
    ws_emit_system("crypto.market", payload)

def create_payment(payer, receiver, amount, description="", external_id="", allow_any_payer=False, created_by=None):
    """Создание платежа"""
    payments = load_payments()
    
    payment_id = str(uuid.uuid4())[:12]
    safe_payer = "*" if allow_any_payer else payer
    payment_data = {
        "id": payment_id,
        "payer": safe_payer,
        "receiver": receiver,
        "amount": int(amount),
        "description": description,
        "external_id": external_id,
        "allow_any_payer": bool(allow_any_payer),
        "created_by": created_by if created_by else payer,
        "created": int(time.time()),
        "status": "pending",  # pending, completed, failed, cancelled
        "completed_at": None
    }
    
    payments.append(payment_data)
    save_payments(payments)
    ws_emit_payment_event("payment.created", payment_data)
    
    return payment_id, payment_data

def process_payment(payment_id, payer_username=None):
    """Обработка платежа"""
    payments = load_payments()
    users = load_users()
    
    payment = None
    for p in payments:
        if p["id"] == payment_id:
            payment = p
            break
    
    if not payment:
        return False, "Платеж не найден"
    
    if payment["status"] != "pending":
        return False, f"Платеж уже обработан (статус: {payment['status']})"

    receiver = payment["receiver"]
    amount = payment["amount"]
    allow_any_payer = bool(payment.get("allow_any_payer", False))

    if allow_any_payer:
        if not payer_username:
            return False, "Для этого платежа нужен логин плательщика"
        payer = payer_username
    else:
        payer = payment["payer"]
        if payer_username and payer != payer_username:
            return False, "Неверный плательщик"
    
    # Проверяем существование пользователей
    if payer not in users:
        return False, "Плательщик не найден"
    
    if receiver not in users:
        return False, "Получатель не найден"

    if payer == receiver:
        return False, "Нельзя оплатить самому себе"
    
    # Проверяем баланс плательщика
    if users[payer]["balance"] < amount:
        return False, "Недостаточно средств"

    payer_balance_before = users[payer]["balance"]
    receiver_balance_before = users[receiver]["balance"]

    # Выполняем перевод
    users[payer]["balance"] -= amount
    users[receiver]["balance"] += amount
    save_users(users)

    payer_balance_after = users[payer]["balance"]
    receiver_balance_after = users[receiver]["balance"]
    
    # Обновляем статус платежа
    for p in payments:
        if p["id"] == payment_id:
            if allow_any_payer:
                p["payer"] = payer
            p["status"] = "completed"
            p["completed_at"] = int(time.time())
            p["balances"] = {
                "payer_before": payer_balance_before,
                "payer_after": payer_balance_after,
                "receiver_before": receiver_balance_before,
                "receiver_after": receiver_balance_after
            }
            break
    
    save_payments(payments)
    
    # Добавляем в историю
    add_history(payer, "payment_sent", amount, f"Платеж #{payment_id} для {receiver}")
    add_history(receiver, "payment_received", amount, f"Платеж #{payment_id} от {payer}")
    ws_emit_payment_event("payment.completed", payment, {
        "payer_before": payer_balance_before,
        "payer_after": payer_balance_after
    })
    
    return True, "Платеж успешно выполнен"

def cancel_payment(payment_id):
    """Отмена платежа"""
    payments = load_payments()
    
    for payment in payments:
        if payment["id"] == payment_id and payment["status"] == "pending":
            payment["status"] = "cancelled"
            save_payments(payments)
            ws_emit_payment_event("payment.cancelled", payment)
            return True, "Платеж отменен"
    
    return False, "Платеж не найден или уже обработан"

# ---------- ФУНКЦИИ ДЛЯ МАГАЗИНА ----------
def load_shop():
    """Загрузка данных магазина"""
    try:
        with open(SHOP_FILE, 'r', encoding='utf-8') as f:
            data = json.load(f)
            # Обеспечиваем наличие всех ключей
            if "items" not in data:
                data["items"] = []
            if "ads" not in data:
                data["ads"] = []
            return data
    except:
        return {"items": [], "ads": []}

def save_shop(data):
    """Сохранение данных магазина"""
    with open(SHOP_FILE, "w", encoding='utf-8') as f:
        json.dump(data, f, indent=4, ensure_ascii=False)

def create_shop_item(seller_username, title, description, price, category="other"):
    """Создание товара в магазине"""
    shop_data = load_shop()
    
    item_id = str(uuid.uuid4())[:8]
    new_item = {
        "id": item_id,
        "seller": seller_username,
        "title": title,
        "description": description,
        "price": int(price),
        "category": category,
        "created": int(time.time()),
        "status": "available",
        "buyer": None
    }
    
    shop_data["items"].append(new_item)
    save_shop(shop_data)
    
    # Добавляем в историю
    add_history(seller_username, "create_shop_item", 0, f"Товар: {title}")
    ws_emit_system("shop.item_created", {
        "item_id": item_id,
        "seller": seller_username,
        "title": title,
        "price": int(price),
        "category": category
    })
    ws_emit_user(seller_username, "shop.item_created", {
        "item_id": item_id,
        "title": title,
        "price": int(price)
    })
    
    return item_id

def create_advertisement(author, title, content, contact_info):
    """Создание объявления"""
    shop_data = load_shop()
    
    ad_id = str(uuid.uuid4())[:8]
    new_ad = {
        "id": ad_id,
        "author": author,
        "title": title,
        "content": content,
        "contact_info": contact_info,
        "created": int(time.time()),
        "status": "active"
    }
    
    shop_data["ads"].append(new_ad)
    save_shop(shop_data)
    
    # Добавляем в историю
    add_history(author, "create_advertisement", 0, f"Объявление: {title}")
    ws_emit_system("shop.ad_created", {
        "ad_id": ad_id,
        "author": author,
        "title": title
    })
    ws_emit_user(author, "shop.ad_created", {
        "ad_id": ad_id,
        "title": title
    })
    
    return ad_id

def buy_item(item_id, buyer_username):
    """Покупка товара"""
    shop_data = load_shop()
    users = load_users()
    
    # Находим товар
    item_to_buy = None
    for item in shop_data["items"]:
        if item["id"] == item_id and item["status"] == "available":
            item_to_buy = item
            break
    
    if not item_to_buy:
        return False, "Товар не найден или уже продан"
    
    seller = item_to_buy["seller"]
    price = item_to_buy["price"]
    
    # Проверяем, есть ли у покупателя достаточно средств
    if buyer_username not in users:
        return False, "Покупатель не найден"
    
    if users[buyer_username]["balance"] < price:
        return False, "Недостаточно средств"
    
    # Проверяем, что покупатель не покупает у себя
    if buyer_username == seller:
        return False, "Нельзя купить собственный товар"
    
    # Проверяем, существует ли продавец
    if seller not in users:
        return False, "Продавец не найден"
    
    # Выполняем транзакцию
    users[buyer_username]["balance"] -= price
    users[seller]["balance"] += price
    save_users(users)
    
    # Обновляем статус товара
    for item in shop_data["items"]:
        if item["id"] == item_id:
            item["status"] = "sold"
            item["buyer"] = buyer_username
            item["sold_date"] = int(time.time())
            break
    
    save_shop(shop_data)
    
    # Добавляем в историю
    add_history(buyer_username, "buy_item", price, f"Товар: {item_to_buy['title']} от {seller}")
    add_history(seller, "sell_item", price, f"Товар: {item_to_buy['title']} покупателю {buyer_username}")
    ws_emit_system("shop.item_sold", {
        "item_id": item_id,
        "title": item_to_buy["title"],
        "seller": seller,
        "buyer": buyer_username,
        "price": price
    })
    ws_emit_user(buyer_username, "shop.item_sold", {
        "item_id": item_id,
        "title": item_to_buy["title"],
        "price": price,
        "role": "buyer"
    })
    ws_emit_user(seller, "shop.item_sold", {
        "item_id": item_id,
        "title": item_to_buy["title"],
        "price": price,
        "role": "seller"
    })
    
    return True, "Покупка успешно завершена"

def default_crypto_market():
    now = int(time.time())
    return {
        "name": SERKRIPTO_NAME,
        "symbol": SERKRIPTO_SYMBOL,
        "price": 100.0,
        "min_price": 1.0,
        "max_price": 1000000.0,
        "price_step_buy": 0.012,
        "price_step_sell": 0.01,
        "idle_decay_rate": 0.0015,
        "idle_decay_interval_sec": 30,
        "last_buy_at": now,
        "last_update": now,
        "stats": {
            "buy_ops": 0,
            "sell_ops": 0,
            "buy_volume": 0.0,
            "sell_volume": 0.0
        }
    }

def normalize_crypto_market(data):
    defaults = default_crypto_market()
    market = {}
    if not isinstance(data, dict):
        data = {}

    market["name"] = str(data.get("name", defaults["name"]) or defaults["name"])
    market["symbol"] = str(data.get("symbol", defaults["symbol"]) or defaults["symbol"]).upper()

    def to_float(value, fallback):
        try:
            return float(value)
        except:
            return float(fallback)

    def to_int(value, fallback):
        try:
            return int(value)
        except:
            return int(fallback)

    market["min_price"] = max(0.01, to_float(data.get("min_price"), defaults["min_price"]))
    market["max_price"] = max(market["min_price"], to_float(data.get("max_price"), defaults["max_price"]))
    market["price"] = to_float(data.get("price"), defaults["price"])
    market["price"] = min(market["max_price"], max(market["min_price"], market["price"]))
    market["price"] = round(market["price"], 4)

    market["price_step_buy"] = min(0.5, max(0.0, to_float(data.get("price_step_buy"), defaults["price_step_buy"])))
    market["price_step_sell"] = min(0.5, max(0.0, to_float(data.get("price_step_sell"), defaults["price_step_sell"])))
    market["idle_decay_rate"] = min(0.2, max(0.0, to_float(data.get("idle_decay_rate"), defaults["idle_decay_rate"])))
    market["idle_decay_interval_sec"] = max(5, to_int(data.get("idle_decay_interval_sec"), defaults["idle_decay_interval_sec"]))

    market["last_buy_at"] = to_int(data.get("last_buy_at"), defaults["last_buy_at"])
    market["last_update"] = to_int(data.get("last_update"), defaults["last_update"])

    stats = data.get("stats", {})
    if not isinstance(stats, dict):
        stats = {}
    market["stats"] = {
        "buy_ops": max(0, to_int(stats.get("buy_ops"), 0)),
        "sell_ops": max(0, to_int(stats.get("sell_ops"), 0)),
        "buy_volume": max(0.0, round(to_float(stats.get("buy_volume"), 0.0), 6)),
        "sell_volume": max(0.0, round(to_float(stats.get("sell_volume"), 0.0), 6))
    }
    return market

def load_crypto_market():
    need_save = False
    raw = None
    try:
        with open(CRYPTO_FILE, 'r', encoding='utf-8') as f:
            raw = json.load(f)
    except:
        raw = default_crypto_market()
        need_save = True

    market = normalize_crypto_market(raw)
    if raw != market:
        need_save = True
    if need_save:
        save_crypto_market(market)
    return market

def save_crypto_market(data):
    with open(CRYPTO_FILE, "w", encoding='utf-8') as f:
        json.dump(normalize_crypto_market(data), f, indent=4, ensure_ascii=False)

def apply_serkripto_idle_decay(market):
    market = normalize_crypto_market(market)
    now = int(time.time())
    last_update = int(market.get("last_update", now))
    interval = int(market.get("idle_decay_interval_sec", 30))
    if now <= last_update:
        return market, False
    if now - int(market.get("last_buy_at", 0)) < interval:
        market["last_update"] = now
        return market, False

    steps = (now - last_update) // interval
    if steps <= 0:
        return market, False

    price_before = float(market.get("price", 100.0))
    decay_rate = float(market.get("idle_decay_rate", 0.0015))
    min_price = float(market.get("min_price", 1.0))
    decayed_price = max(min_price, price_before * ((1 - decay_rate) ** steps))
    market["price"] = round(decayed_price, 4)
    market["last_update"] = now
    changed = abs(price_before - market["price"]) > 1e-9
    return market, changed

def get_user_serkripto_amount(user_data):
    if not isinstance(user_data, dict):
        return 0.0
    try:
        return round(max(0.0, float(user_data.get("serkripto", 0.0))), 6)
    except:
        return 0.0

def buy_serkripto(username, rub_amount):
    try:
        amount = int(rub_amount)
    except:
        return False, "invalid_amount"
    if amount <= 0:
        return False, "invalid_amount"

    users = load_users()
    user_data = users.get(username)
    if not isinstance(user_data, dict):
        return False, "user_not_found"

    market = load_crypto_market()
    market, decayed = apply_serkripto_idle_decay(market)
    if decayed:
        save_crypto_market(market)
        ws_emit_crypto_market_event(market, "idle_decay")

    price_before = float(market.get("price", 0.0))
    if price_before <= 0:
        return False, "market_unavailable"
    if int(user_data.get("balance", 0)) < amount:
        return False, "insufficient_funds"

    quantity = round(amount / price_before, 6)
    if quantity <= 0:
        return False, "amount_too_small"

    user_data["balance"] = int(user_data.get("balance", 0)) - amount
    user_data["serkripto"] = round(get_user_serkripto_amount(user_data) + quantity, 6)
    save_users(users)

    growth = min(0.25, quantity * float(market.get("price_step_buy", 0.012)))
    max_price = float(market.get("max_price", 1000000.0))
    price_after = min(max_price, price_before * (1 + growth))
    now = int(time.time())
    market["price"] = round(price_after, 4)
    market["last_buy_at"] = now
    market["last_update"] = now
    market["stats"]["buy_ops"] = int(market["stats"].get("buy_ops", 0)) + 1
    market["stats"]["buy_volume"] = round(float(market["stats"].get("buy_volume", 0.0)) + quantity, 6)
    save_crypto_market(market)
    ws_emit_crypto_market_event(market, "buy")

    add_history(username, "crypto_buy", amount, f"{SERKRIPTO_NAME} +{quantity:.6f} по {price_before:.4f} ₽")
    ws_emit_balance_update(username)
    ws_emit_user(username, "crypto.trade", {
        "side": "buy",
        "coin": SERKRIPTO_NAME,
        "quantity": quantity,
        "amount_rub": amount,
        "price_before": round(price_before, 4),
        "price_after": round(market["price"], 4)
    })
    ws_emit_system("crypto.trade", {
        "side": "buy",
        "user": username,
        "coin": SERKRIPTO_NAME,
        "quantity": quantity,
        "price": round(market["price"], 4)
    })

    return True, {
        "coin": SERKRIPTO_NAME,
        "symbol": market.get("symbol", SERKRIPTO_SYMBOL),
        "quantity": quantity,
        "amount_rub": amount,
        "price_before": round(price_before, 4),
        "price_after": round(float(market.get("price", price_before)), 4),
        "balance_rub": int(user_data.get("balance", 0)),
        "wallet_quantity": get_user_serkripto_amount(user_data)
    }

def sell_serkripto(username, quantity):
    try:
        qty = round(float(quantity), 6)
    except:
        return False, "invalid_quantity"
    if qty <= 0:
        return False, "invalid_quantity"

    users = load_users()
    user_data = users.get(username)
    if not isinstance(user_data, dict):
        return False, "user_not_found"

    wallet_qty = get_user_serkripto_amount(user_data)
    if wallet_qty + 1e-9 < qty:
        return False, "insufficient_crypto"

    market = load_crypto_market()
    market, decayed = apply_serkripto_idle_decay(market)
    if decayed:
        save_crypto_market(market)
        ws_emit_crypto_market_event(market, "idle_decay")

    price_before = float(market.get("price", 0.0))
    if price_before <= 0:
        return False, "market_unavailable"

    payout = int(round(qty * price_before))
    if payout <= 0:
        return False, "amount_too_small"

    user_data["serkripto"] = round(max(0.0, wallet_qty - qty), 6)
    user_data["balance"] = int(user_data.get("balance", 0)) + payout
    save_users(users)

    drop = min(0.25, qty * float(market.get("price_step_sell", 0.01)))
    min_price = float(market.get("min_price", 1.0))
    price_after = max(min_price, price_before * (1 - drop))
    now = int(time.time())
    market["price"] = round(price_after, 4)
    market["last_update"] = now
    market["stats"]["sell_ops"] = int(market["stats"].get("sell_ops", 0)) + 1
    market["stats"]["sell_volume"] = round(float(market["stats"].get("sell_volume", 0.0)) + qty, 6)
    save_crypto_market(market)
    ws_emit_crypto_market_event(market, "sell")

    add_history(username, "crypto_sell", payout, f"{SERKRIPTO_NAME} -{qty:.6f} по {price_before:.4f} ₽")
    ws_emit_balance_update(username)
    ws_emit_user(username, "crypto.trade", {
        "side": "sell",
        "coin": SERKRIPTO_NAME,
        "quantity": qty,
        "amount_rub": payout,
        "price_before": round(price_before, 4),
        "price_after": round(market["price"], 4)
    })
    ws_emit_system("crypto.trade", {
        "side": "sell",
        "user": username,
        "coin": SERKRIPTO_NAME,
        "quantity": qty,
        "price": round(market["price"], 4)
    })

    return True, {
        "coin": SERKRIPTO_NAME,
        "symbol": market.get("symbol", SERKRIPTO_SYMBOL),
        "quantity": qty,
        "amount_rub": payout,
        "price_before": round(price_before, 4),
        "price_after": round(float(market.get("price", price_before)), 4),
        "balance_rub": int(user_data.get("balance", 0)),
        "wallet_quantity": get_user_serkripto_amount(user_data)
    }

# ---------- API КЛЮЧИ ----------
def generate_api_key():
    """Генерация API ключа"""
    return f"bank_api_{uuid.uuid4().hex[:16]}"

def get_user_by_api_key(api_key):
    """Получение пользователя по API ключу - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    if not api_key:
        return None, None
    
    users = load_users()
    for username, user_data in users.items():
        # Проверяем, что user_data является словарем
        if isinstance(user_data, dict) and user_data.get('api_key') == api_key:
            return username, user_data
    return None, None

# ---------- БАНКОВСКИЕ ОПЕРАЦИИ ----------
def daily_update():
    """Ежедневное обновление депозитов и кредитов"""
    users = load_users()
    updated = False
    updated_users = []
    for user_id, u in users.items():
        if isinstance(u, dict):  # Проверяем, что это словарь
            if u.get('deposit', 0) > 0:
                u['deposit'] = int(u['deposit'] * 1.01)
                updated = True
                updated_users.append(user_id)
            if u.get('credit', 0) > 0:
                u['credit'] = int(u['credit'] * 1.05)
                updated = True
                if user_id not in updated_users:
                    updated_users.append(user_id)
    if updated:
        save_users(users)
        ws_emit_system("bank.daily_update", {"users": updated_users})
        for username in updated_users:
            ws_emit_balance_update(username)

def add_history(user, action, amount, target=None):
    """Добавление записи в историю"""
    hist = load_history()
    history_item = {
        "time": int(time.time()),
        "user": user,
        "action": action,
        "amount": amount,
        "target": target,
        "id": str(uuid.uuid4())[:8]
    }
    hist.append(history_item)
    save_history(hist)

    ws_emit_user(user, "history.new", history_item)
    ws_emit_system("history.new", {
        "user": user,
        "action": action,
        "amount": amount,
        "target": target
    })
    ws_emit_balance_update(user)

# ---------- ДЕКОРАТОРЫ ----------
def login_required(f):
    """Декоратор для проверки авторизации"""
    @wraps(f)
    def decorated_function(*args, **kwargs):
        if 'user' not in session:
            return redirect('/')
        return f(*args, **kwargs)
    return decorated_function

def web_roles_required(*allowed_roles):
    """Проверка ролей для WEB-маршрутов (требует активную сессию)"""
    normalized_allowed = {normalize_role(r) for r in allowed_roles}

    def decorator(f):
        @wraps(f)
        def decorated_function(*args, **kwargs):
            if 'user' not in session:
                return redirect('/')

            users = load_users()
            user_data = users.get(session['user'])
            if not isinstance(user_data, dict):
                return redirect('/')

            user_role = get_user_role(user_data)
            if user_role not in normalized_allowed:
                return redirect('/dashboard')

            return f(*args, **kwargs)
        return decorated_function
    return decorator

def admin_required(f):
    """Декоратор для проверки прав администратора"""
    return web_roles_required(ROLE_ADMIN)(f)

# ИСПРАВЛЕННЫЙ ДЕКОРАТОР API
def api_key_required(f):
    """Декоратор для проверки API ключа - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    @wraps(f)
    def decorated_function(*args, **kwargs):
        api_key = None
        
        # 1. Проверяем заголовок X-API-Key
        if 'X-API-Key' in request.headers:
            api_key = request.headers.get('X-API-Key')
        
        # 2. Проверяем параметр запроса api_key
        if not api_key and request.args.get('api_key'):
            api_key = request.args.get('api_key')
        
        # 3. Проверяем JSON тело
        if not api_key and request.is_json:
            try:
                data = request.get_json()
                if data and 'api_key' in data:
                    api_key = data.get('api_key')
            except:
                pass
        
        # 4. Проверяем форму
        if not api_key and request.form.get('api_key'):
            api_key = request.form.get('api_key')
        
        if not api_key:
            return jsonify({'success': False, 'error': 'API key required'}), 401
        
        # Получаем пользователя по API ключу
        username, user_data = get_user_by_api_key(api_key)
        if not username:
            return jsonify({'success': False, 'error': 'Invalid API key'}), 401
        
        # Сохраняем данные пользователя в объекте request
        request.username = username
        request.user_data = user_data
        request.user_role = get_user_role(user_data)
        
        return f(*args, **kwargs)
    return decorated_function

def api_roles_required(*allowed_roles):
    """Проверка ролей для API маршрутов (использовать после api_key_required)"""
    normalized_allowed = {normalize_role(r) for r in allowed_roles}

    def decorator(f):
        @wraps(f)
        def decorated_function(*args, **kwargs):
            user_role = getattr(request, "user_role", get_user_role(getattr(request, "user_data", {})))
            if user_role not in normalized_allowed:
                return jsonify({
                    "success": False,
                    "error": "Access denied for your role",
                    "role": user_role
                }), 403
            return f(*args, **kwargs)
        return decorated_function
    return decorator

# ---------- HTML ШАБЛОНЫ ----------
def render_login(error_message="", twofa_mode=False, username_hint=""):
    safe_error = html.escape(str(error_message or "").strip())
    alert_html = f'<div class="alert alert-danger mt-3">{safe_error}</div>' if safe_error else ""
    safe_username_hint = html.escape(str(username_hint or "").strip())
    security_notice_html = '<div class="alert alert-warning mt-3 mb-0 small"><strong>Важно:</strong> Мы не гарантируем полную безопасность сервиса. Все пароли хранятся в открытом виде, в базе данных, всем этим заведует один человек, поэтому я не гарантирую полную безопасность. Если понадобится восстановление, пишите на почту kompania.bank@gmail.com.</div>'

    subtitle = "Вход в систему"
    auth_form_html = '''
                        <form method="post">
                            <div class="mb-3">
                                <label class="form-label">Логин</label>
                                <div class="input-group">
                                    <span class="input-group-text"><i class="fas fa-user"></i></span>
                                    <input type="text" name="username" class="form-control" placeholder="Введите логин" required>
                                </div>
                            </div>
                            <div class="mb-4">
                                <label class="form-label">Пароль</label>
                                <div class="input-group">
                                    <span class="input-group-text"><i class="fas fa-lock"></i></span>
                                    <input type="password" name="password" class="form-control" placeholder="Введите пароль" required>
                                </div>
                            </div>
                            <button type="submit" class="btn btn-primary w-100 mb-3">
                                <i class="fas fa-sign-in-alt me-2"></i>Войти
                            </button>
                            <div class="text-center">
                                <p class="mb-0">Нет аккаунта? <a href="/register" class="text-decoration-none">Зарегистрироваться</a></p>
                            </div>
                        </form>
    '''

    if twofa_mode:
        subtitle = f'Подтверждение входа: <b>{safe_username_hint or "пользователь"}</b>'
        auth_form_html = '''
                        <form method="post">
                            <input type="hidden" name="login_step" value="2fa">
                            <div class="alert alert-info">
                                <i class="fas fa-shield-alt me-2"></i>
                                Введите 6-значный код из приложения-аутентификатора
                            </div>
                            <div class="mb-4">
                                <label class="form-label">Код 2FA</label>
                                <div class="input-group">
                                    <span class="input-group-text"><i class="fas fa-mobile-alt"></i></span>
                                    <input type="text" name="twofa_code" class="form-control" placeholder="123456" inputmode="numeric" autocomplete="one-time-code" maxlength="6" pattern="[0-9]{6}" required autofocus>
                                </div>
                            </div>
                            <button type="submit" class="btn btn-primary w-100 mb-3">
                                <i class="fas fa-check-circle me-2"></i>Подтвердить вход
                            </button>
                            <div class="text-center">
                                <p class="mb-0"><a href="/?reset_2fa=1" class="text-decoration-none">Войти под другим пользователем</a></p>
                            </div>
                        </form>
        '''

    page = '''
<!DOCTYPE html>
<html lang="ru">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Банк "Школьный" | Вход в систему</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
    <style>
        :root {
            --primary: #4361ee;
            --secondary: #3a0ca3;
            --gradient: linear-gradient(135deg, #4361ee 0%, #3a0ca3 100%);
        }
        * {
            box-sizing: border-box;
        }
        body {
            margin: 0;
            background: var(--gradient);
            min-height: 100vh;
            display: flex;
            justify-content: center;
            align-items: center;
            padding: 16px;
            font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
        }
        .auth-shell {
            width: min(420px, 100%);
        }
        .container, .row, .col-md-5 {
            width: 100%;
            margin: 0;
            padding: 0;
        }
        .login-card {
            background: white;
            border-radius: 20px;
            box-shadow: 0 20px 40px rgba(0,0,0,0.1);
            overflow: hidden;
        }
        .login-header {
            background: var(--gradient);
            color: white;
            padding: 28px 24px;
            text-align: center;
        }
        .login-header h2 {
            font-size: 1.4rem;
            line-height: 1.25;
            margin-bottom: 8px;
        }
        .login-body {
            padding: 24px 20px;
        }
        .form-label {
            display: block;
            margin-bottom: 8px;
            font-weight: 600;
            color: #283247;
        }
        .input-group {
            display: flex;
            align-items: center;
            border: 2px solid #e9ecef;
            border-radius: 10px;
            overflow: hidden;
            background: #fff;
            transition: all 0.3s;
        }
        .input-group:focus-within {
            border-color: var(--primary);
            box-shadow: 0 0 0 0.25rem rgba(67, 97, 238, 0.25);
        }
        .input-group-text {
            border: none;
            background: #f8f9ff;
            padding: 0 12px;
            color: #657089;
            display: inline-flex;
            align-items: center;
            justify-content: center;
        }
        .form-control {
            border: none;
            border-radius: 0;
            padding: 12px 15px;
            transition: all 0.3s;
            flex: 1;
            min-width: 0;
        }
        .form-control:focus {
            outline: none;
            box-shadow: none;
        }
        .btn-primary {
            background: var(--gradient);
            border: none;
            border-radius: 10px;
            padding: 12px;
            font-weight: 600;
            transition: all 0.3s;
            color: white;
            width: 100%;
            cursor: pointer;
        }
        .btn-primary:hover {
            transform: translateY(-2px);
            box-shadow: 0 10px 20px rgba(67, 97, 238, 0.3);
        }
        .btn {
            display: inline-flex;
            align-items: center;
            justify-content: center;
        }
        .alert {
            border-radius: 10px;
        }
        .text-center {
            text-align: center;
        }
        .mb-0 {
            margin-bottom: 0;
        }
        .mb-3 {
            margin-bottom: 1rem;
        }
        .mb-4 {
            margin-bottom: 1.5rem;
        }
        .w-100 {
            width: 100%;
        }
        .me-2 {
            margin-right: 0.5rem;
        }
        a {
            color: var(--primary);
        }
        .text-decoration-none {
            text-decoration: none;
        }
        @media (min-width: 992px) {
            body {
                padding: 24px;
            }
            .auth-shell {
                width: 420px;
            }
        }
    </style>
</head>
<body>
    <div class="auth-shell">
    <div class="container">
        <div class="row justify-content-center">
            <div class="col-md-5">
                <div class="login-card">
                    <div class="login-header">
                        <i class="fas fa-university fa-3x mb-3"></i>
                        <h2>Добро пожаловать в Банк "Школьный"</h2>
                        <p class="mb-0">__AUTH_SUBTITLE__</p>
                    </div>
                    <div class="login-body">
                        __AUTH_FORM__
                        __AUTH_ALERT__
                        __SECURITY_NOTICE__
                    </div>
                </div>
            </div>
        </div>
    </div>
    </div>
    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>
'''
    return (
        page.replace("__AUTH_SUBTITLE__", subtitle)
            .replace("__AUTH_FORM__", auth_form_html)
            .replace("__AUTH_ALERT__", alert_html)
            .replace("__SECURITY_NOTICE__", security_notice_html)
    )

def render_register():
    return '''
<!DOCTYPE html>
<html lang="ru">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Банк "Школьный" | Регистрация</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
    <style>
        :root {
            --primary: #4361ee;
            --secondary: #3a0ca3;
            --gradient: linear-gradient(135deg, #4361ee 0%, #3a0ca3 100%);
        }
        * {
            box-sizing: border-box;
        }
        body {
            margin: 0;
            background: var(--gradient);
            min-height: 100vh;
            display: flex;
            justify-content: center;
            align-items: center;
            padding: 16px;
            font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
        }
        .auth-shell {
            width: min(460px, 100%);
        }
        .container, .row, .col-md-6 {
            width: 100%;
            margin: 0;
            padding: 0;
        }
        .register-card {
            background: white;
            border-radius: 20px;
            box-shadow: 0 20px 40px rgba(0,0,0,0.1);
            overflow: hidden;
        }
        .register-header {
            background: var(--gradient);
            color: white;
            padding: 28px 24px;
            text-align: center;
        }
        .register-header h2 {
            font-size: 1.3rem;
            line-height: 1.25;
            margin-bottom: 8px;
        }
        .register-body {
            padding: 24px 20px;
        }
        .form-label {
            display: block;
            margin-bottom: 8px;
            font-weight: 600;
            color: #283247;
        }
        .form-control {
            border: 2px solid #e9ecef;
            border-radius: 10px;
            padding: 12px 15px;
            transition: all 0.3s;
            width: 100%;
        }
        .form-control:focus {
            border-color: var(--primary);
            outline: none;
            box-shadow: 0 0 0 0.25rem rgba(67, 97, 238, 0.25);
        }
        .btn-primary {
            background: var(--gradient);
            border: none;
            border-radius: 10px;
            padding: 12px;
            font-weight: 600;
            transition: all 0.3s;
            color: white;
            width: 100%;
            cursor: pointer;
        }
        .btn-primary:hover {
            transform: translateY(-2px);
            box-shadow: 0 10px 20px rgba(67, 97, 238, 0.3);
        }
        .btn {
            display: inline-flex;
            align-items: center;
            justify-content: center;
        }
        .text-center {
            text-align: center;
        }
        .mb-0 {
            margin-bottom: 0;
        }
        .mb-3 {
            margin-bottom: 1rem;
        }
        .mb-4 {
            margin-bottom: 1.5rem;
        }
        .w-100 {
            width: 100%;
        }
        .me-2 {
            margin-right: 0.5rem;
        }
        a {
            color: var(--primary);
        }
        .text-decoration-none {
            text-decoration: none;
        }
        @media (min-width: 992px) {
            body {
                padding: 24px;
            }
            .auth-shell {
                width: 460px;
            }
        }
    </style>
</head>
<body>
    <div class="auth-shell">
    <div class="container">
        <div class="row justify-content-center">
            <div class="col-md-6">
                <div class="register-card">
                    <div class="register-header">
                        <i class="fas fa-user-plus fa-3x mb-3"></i>
                        <h2>Регистрация аккаунта в банке "Школьный"</h2>
                        <p class="mb-0">Создайте свой банковский аккаунт</p>
                    </div>
                    <div class="register-body">
                        <form method="post">
                            <div class="row">
                                <div class="col-md-6 mb-3">
                                    <label class="form-label">Логин</label>
                                    <input type="text" name="username" class="form-control" placeholder="Придумайте логин" required>
                                </div>
                                <div class="col-md-6 mb-3">
                                    <label class="form-label">Пароль</label>
                                    <input type="password" name="password" class="form-control" placeholder="Придумайте пароль" required>
                                </div>
                            </div>
                            <div class="row">
                                <div class="col-md-6 mb-3">
                                    <label class="form-label">Имя</label>
                                    <input type="text" name="first_name" class="form-control" placeholder="Ваше имя" required>
                                </div>
                                <div class="col-md-6 mb-3">
                                    <label class="form-label">Фамилия</label>
                                    <input type="text" name="last_name" class="form-control" placeholder="Ваша фамилия" required>
                                </div>
                            </div>
                            <div class="mb-4">
                                <label class="form-label">Email</label>
                                <input type="email" name="email" class="form-control" placeholder="email@example.com" required>
                            </div>
                            <div class="alert alert-warning small">
                                <strong>Важно:</strong> Мы не гарантируем полную безопасность сервиса. Все пароли хранятся в открытом виде, в базе данных, всем этим заведует один человек, поэтому я не гарантирую полную безопасность. Если понадобится восстановление, пишите на почту kompania.bank@gmail.com.
                            </div>
                            <button type="submit" class="btn btn-primary w-100 mb-3">
                                <i class="fas fa-user-plus me-2"></i>Создать аккаунт
                            </button>
                            <div class="text-center">
                                <p class="mb-0">Уже есть аккаунт? <a href="/" class="text-decoration-none">Войти</a></p>
                            </div>
                        </form>
                    </div>
                </div>
            </div>
        </div>
    </div>
    </div>
    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>
'''

def render_dashboard(user_data, history_data, shop_data=None, crypto_market=None, crypto_flash=None, active_tab="services"):
    """Генерация HTML личного кабинета"""
    current_role = get_user_role(user_data)
    can_take_credit = current_role in CREDIT_ROLES
    can_trade_crypto = current_role in CRYPTO_ROLES

    allowed_tabs = {"services", "shop", "history", "api"}
    if can_trade_crypto:
        allowed_tabs.add("crypto")
    if active_tab not in allowed_tabs:
        active_tab = "services"

    if not isinstance(crypto_market, dict):
        crypto_market = load_crypto_market()
    crypto_market, decayed = apply_serkripto_idle_decay(crypto_market)
    if decayed:
        save_crypto_market(crypto_market)
        ws_emit_crypto_market_event(crypto_market, "idle_decay")

    crypto_price = round(float(crypto_market.get("price", 0.0)), 4)
    crypto_user_amount = get_user_serkripto_amount(user_data)
    crypto_portfolio_value = round(crypto_user_amount * crypto_price, 2)
    crypto_stats = crypto_market.get("stats", {})
    if not isinstance(crypto_stats, dict):
        crypto_stats = {}
    crypto_buy_ops = int(crypto_stats.get("buy_ops", 0))
    crypto_sell_ops = int(crypto_stats.get("sell_ops", 0))
    crypto_buy_volume = round(float(crypto_stats.get("buy_volume", 0.0)), 6)
    crypto_sell_volume = round(float(crypto_stats.get("sell_volume", 0.0)), 6)
    decay_rate_pct = round(float(crypto_market.get("idle_decay_rate", 0.0)) * 100, 3)
    decay_interval = int(crypto_market.get("idle_decay_interval_sec", 30))
    net_flow = round(crypto_buy_volume - crypto_sell_volume, 6)
    max_buy_amount = max(0, int(user_data.get("balance", 0))) if isinstance(user_data, dict) else 0
    max_sell_quantity = max(0.0, crypto_user_amount)

    crypto_flash_html = ""
    if isinstance(crypto_flash, dict) and crypto_flash.get("text"):
        flash_class = crypto_flash.get("class", "info")
        flash_text = str(crypto_flash.get("text"))
        crypto_flash_html = f'<div class="alert alert-{flash_class} mb-3">{flash_text}</div>'

    # Форматирование времени истории
    for h in history_data:
        h['formatted_time'] = datetime.fromtimestamp(h['time']).strftime('%d.%m.%Y %H:%M')
    
    # HTML для истории
    history_html = ""
    for h in history_data[-10:][::-1]:
        icon = "fa-history"
        color = "text-primary"
        if "deposit" in h['action']:
            icon = "fa-piggy-bank"
            color = "text-info"
        elif "credit" in h['action']:
            icon = "fa-credit-card"
            color = "text-warning"
        elif "transfer" in h['action']:
            icon = "fa-exchange-alt"
            color = "text-primary"
        elif "card" in h['action']:
            icon = "fa-credit-card"
            color = "text-success"
        elif "api" in h['action']:
            icon = "fa-key"
            color = "text-secondary"
        elif "shop" in h['action'] or "item" in h['action'] or "advertisement" in h['action']:
            icon = "fa-shopping-cart"
            color = "text-success"
        elif "payment" in h['action']:
            icon = "fa-credit-card"
            color = "text-success"
        
        history_html += f'''
        <tr>
            <td><i class="fas {icon} {color} me-2"></i>{h['formatted_time']}</td>
            <td><span class="badge bg-light text-dark">{h['user']}</span></td>
            <td>{h['action']}</td>
            <td class="fw-bold">{h['amount']:,} ₽</td>
            <td>{h.get('target', '-')}</td>
        </tr>
        '''
    
    # HTML для API ключа
    api_key_html = ""
    if user_data.get('api_key'):
        api_key_html = f'''
        <div class="alert alert-success">
            <h6><i class="fas fa-key me-2"></i>Ваш API ключ</h6>
            <div class="input-group">
                <input type="text" id="apiKey" class="form-control" value="{user_data['api_key']}" readonly>
                <button class="btn btn-outline-secondary" type="button" onclick="copyApiKey()">
                    <i class="fas fa-copy"></i>
                </button>
            </div>
            <small class="text-muted">Используйте этот ключ для доступа к API</small>
        </div>
        '''
    else:
        api_key_html = '''
        <div class="alert alert-warning">
            <h6><i class="fas fa-key me-2"></i>API ключ не создан</h6>
            <form action="/generate_api_key" method="post">
                <button type="submit" class="btn btn-primary btn-sm">
                    <i class="fas fa-plus me-1"></i>Создать API ключ
                </button>
            </form>
        </div>
        '''
    
    # HTML для магазина
    shop_tab_content = ""
    if shop_data:
        # Товары
        shop_items_html = ""
        available_items = [item for item in shop_data["items"] if item["status"] == "available"]
        
        if available_items:
            for item in available_items[-10:][::-1]:  # Последние 10 товаров
                created_date = datetime.fromtimestamp(item["created"]).strftime('%d.%m.%Y')
                shop_items_html += f'''
                <div class="col-md-6 col-lg-4">
                    <div class="card h-100 shop-item-card">
                        <div class="card-body">
                            <h5 class="card-title">{item["title"]}</h5>
                            <p class="card-text">{item["description"]}</p>
                            <p class="card-text">
                                <small class="text-muted">Продавец: {item["seller"]}</small><br>
                                <small class="text-muted">Категория: {item["category"]}</small><br>
                                <small class="text-muted">Дата: {created_date}</small>
                            </p>
                            <div class="d-flex justify-content-between align-items-center">
                                <span class="h4 text-success">{item["price"]:,} ₽</span>
                                <form action="/buy_item/{item['id']}" method="post">
                                    <button type="submit" class="btn btn-primary">
                                        <i class="fas fa-shopping-cart me-1"></i> Купить
                                    </button>
                                </form>
                            </div>
                        </div>
                    </div>
                </div>
                '''
        else:
            shop_items_html = '''
            <div class="col-12">
                <div class="alert alert-info">
                    <i class="fas fa-info-circle me-2"></i>
                    В магазине пока нет товаров. Будьте первым, кто добавит товар!
                </div>
            </div>
            '''
        
        # Объявления
        ads_html = ""
        active_ads = [ad for ad in shop_data["ads"] if ad["status"] == "active"]
        
        if active_ads:
            for ad in active_ads[-10:][::-1]:  # Последние 10 объявлений
                created_date = datetime.fromtimestamp(ad["created"]).strftime('%d.%m.%Y')
                ads_html += f'''
                <div class="col-md-6">
                    <div class="card h-100">
                        <div class="card-body">
                            <h5 class="card-title">{ad["title"]}</h5>
                            <p class="card-text">{ad["content"]}</p>
                            <p class="card-text">
                                <small class="text-muted">Автор: {ad["author"]}</small><br>
                                <small class="text-muted">Контакты: {ad["contact_info"]}</small><br>
                                <small class="text-muted">Дата: {created_date}</small>
                            </p>
                        </div>
                    </div>
                </div>
                '''
        
        shop_tab_content = f'''
        <div class="tab-pane fade" id="shop">
            <div class="row mb-4">
                <div class="col-12">
                    <div class="d-flex justify-content-between mb-3">
                        <h4><i class="fas fa-store me-2"></i>Магазин</h4>
                        <div>
                            <button class="btn btn-success me-2" data-bs-toggle="modal" data-bs-target="#addItemModal">
                                <i class="fas fa-plus me-1"></i>Добавить товар
                            </button>
                            <button class="btn btn-info" data-bs-toggle="modal" data-bs-target="#addAdModal">
                                <i class="fas fa-bullhorn me-1"></i>Добавить объявление
                            </button>
                        </div>
                    </div>
                </div>
            </div>
            
            <h5><i class="fas fa-shopping-bag me-2"></i>Товары в магазине</h5>
            <div class="row g-4 mb-4">
                {shop_items_html}
            </div>
            
            <h5><i class="fas fa-bullhorn me-2"></i>Объявления</h5>
            <div class="row g-4">
                {ads_html}
            </div>
        </div>
        '''

    crypto_tab_content = f'''
    <div class="tab-pane fade" id="crypto">
        <div class="row g-4">
            <div class="col-lg-7">
                <div class="card border-0 shadow-sm">
                    <div class="card-body">
                        <h4 class="mb-3"><i class="fas fa-coins text-warning me-2"></i>{SERKRIPTO_NAME} ({crypto_market.get("symbol", SERKRIPTO_SYMBOL)})</h4>
                        {crypto_flash_html}
                        <div class="crypto-price-box mb-3">
                            <div class="small text-muted">Текущая цена</div>
                            <div class="display-6 fw-bold">{crypto_price:,.4f} ₽</div>
                            <div class="small text-muted mt-1">
                                Если монету покупают, цена растет. Если покупок нет и идут продажи, цена снижается.
                            </div>
                        </div>
                        <div class="row g-3 mb-3">
                            <div class="col-md-6">
                                <div class="crypto-stat">
                                    <div class="text-muted small">У вас монет</div>
                                    <div class="h5 mb-0">{crypto_user_amount:,.6f} {crypto_market.get("symbol", SERKRIPTO_SYMBOL)}</div>
                                </div>
                            </div>
                            <div class="col-md-6">
                                <div class="crypto-stat">
                                    <div class="text-muted small">Оценка портфеля</div>
                                    <div class="h5 mb-0">{crypto_portfolio_value:,.2f} ₽</div>
                                </div>
                            </div>
                        </div>
                        <div class="small text-muted">
                            Автоспад цены без покупок: {decay_rate_pct}% каждые {decay_interval} сек.
                        </div>
                    </div>
                </div>
            </div>
            <div class="col-lg-5">
                <div class="card border-0 shadow-sm mb-3">
                    <div class="card-body">
                        <h5 class="mb-3"><i class="fas fa-arrow-up text-success me-2"></i>Купить {SERKRIPTO_NAME}</h5>
                        <form action="/crypto/buy" method="post">
                            <label class="form-label">Сумма покупки (₽)</label>
                            <div class="input-group mb-2">
                                <input type="number" id="cryptoBuyAmount" name="amount" class="form-control" min="1" step="1" max="{max_buy_amount}" data-max-value="{max_buy_amount}" required placeholder="Например: 1000">
                                <button type="button" class="btn btn-outline-secondary" id="cryptoBuyMaxBtn">Максимум</button>
                            </div>
                            <small class="text-muted d-block mb-3">Максимум для покупки: {max_buy_amount:,} ₽</small>
                            <button type="submit" class="btn btn-success w-100">
                                <i class="fas fa-cart-plus me-1"></i>Купить
                            </button>
                        </form>
                    </div>
                </div>
                <div class="card border-0 shadow-sm">
                    <div class="card-body">
                        <h5 class="mb-3"><i class="fas fa-arrow-down text-danger me-2"></i>Продать {SERKRIPTO_NAME}</h5>
                        <form action="/crypto/sell" method="post">
                            <label class="form-label">Количество монет</label>
                            <div class="input-group mb-2">
                                <input type="number" id="cryptoSellQuantity" name="quantity" class="form-control" min="0.000001" step="0.000001" max="{max_sell_quantity:.6f}" data-max-value="{max_sell_quantity:.6f}" required placeholder="Например: 0.250000">
                                <button type="button" class="btn btn-outline-secondary" id="cryptoSellMaxBtn">Максимум</button>
                            </div>
                            <small class="text-muted d-block mb-3">Максимум для продажи: {max_sell_quantity:,.6f} {crypto_market.get("symbol", SERKRIPTO_SYMBOL)}</small>
                            <button type="submit" class="btn btn-danger w-100">
                                <i class="fas fa-money-bill-wave me-1"></i>Продать
                            </button>
                        </form>
                    </div>
                </div>
            </div>
        </div>
        <div class="card border-0 shadow-sm mt-4">
            <div class="card-body">
                <h5 class="mb-3"><i class="fas fa-chart-line me-2"></i>Статистика рынка</h5>
                <div class="row g-3">
                    <div class="col-md-3">
                        <div class="crypto-stat"><div class="text-muted small">Покупок</div><div class="h6 mb-0">{crypto_buy_ops}</div></div>
                    </div>
                    <div class="col-md-3">
                        <div class="crypto-stat"><div class="text-muted small">Продаж</div><div class="h6 mb-0">{crypto_sell_ops}</div></div>
                    </div>
                    <div class="col-md-3">
                        <div class="crypto-stat"><div class="text-muted small">Куплено монет</div><div class="h6 mb-0">{crypto_buy_volume:,.6f}</div></div>
                    </div>
                    <div class="col-md-3">
                        <div class="crypto-stat"><div class="text-muted small">Чистый поток</div><div class="h6 mb-0 {'text-success' if net_flow >= 0 else 'text-danger'}">{net_flow:,.6f}</div></div>
                    </div>
                </div>
            </div>
        </div>
    </div>
    '''

    crypto_tab_block = crypto_tab_content if can_trade_crypto else ""

    crypto_nav_tab = ""
    crypto_service_card = ""
    if can_trade_crypto:
        crypto_nav_tab = '''
        <li class="nav-item">
            <a class="nav-link" data-bs-toggle="tab" href="#crypto">
                <i class="fas fa-coins me-1"></i>SerKripto
            </a>
        </li>
        '''
        crypto_service_card = '''
        <div class="service-card">
            <h5><i class="fas fa-coins text-warning me-2"></i>SerKripto</h5>
            <p class="text-muted">Покупки поднимают курс, продажи и отсутствие покупок снижают цену.</p>
        </div>
        '''

    credit_action_btn = ""
    if can_take_credit:
        credit_action_btn = '''
        <button class="btn btn-outline-primary" data-bs-toggle="modal" data-bs-target="#creditModal">
            <i class="fas fa-money-bill-wave me-1"></i>Взять кредит
        </button>
        '''

    # HTML для админ-панели
    admin_tab = ""
    if current_role == ROLE_ADMIN:
        admin_tab = '''
        <li class="nav-item">
            <a class="nav-link" href="/admin">
                <i class="fas fa-cogs me-2"></i>Админ-панель
            </a>
        </li>
        '''

    teacher_tab = ""
    if current_role in [ROLE_TEACHER, ROLE_ADMIN]:
        teacher_tab = '''
        <li class="nav-item">
            <a class="nav-link" href="/teacher">
                <i class="fas fa-school me-2"></i>Учительская панель
            </a>
        </li>
        '''

    student_tab = ""
    student_panel_btn = ""
    if current_role == ROLE_STUDENT:
        student_tab = '''
        <li class="nav-item">
            <a class="nav-link" href="/student_panel">
                <i class="fas fa-user-graduate me-2"></i>Панель ученика
            </a>
        </li>
        '''
        student_panel_btn = '''
        <a href="/student_panel" class="btn btn-info">
            <i class="fas fa-chart-line me-1"></i>Моя успеваемость
        </a>
        '''

    parent_tab = ""
    parent_panel_btn = ""
    if current_role == ROLE_PARENT:
        parent_tab = '''
        <li class="nav-item">
            <a class="nav-link" href="/parent_panel">
                <i class="fas fa-people-roof me-2"></i>Родительская панель
            </a>
        </li>
        '''
        parent_panel_btn = '''
        <a href="/parent_panel" class="btn btn-secondary">
            <i class="fas fa-children me-1"></i>Мои дети
        </a>
        '''

    manager_tab = ""
    manager_panel_btn = ""
    if current_role in [ROLE_MANAGER, ROLE_ADMIN]:
        manager_tab = '''
        <li class="nav-item">
            <a class="nav-link" href="/manager_panel">
                <i class="fas fa-briefcase me-2"></i>Панель менеджера
            </a>
        </li>
        '''
        manager_panel_btn = '''
        <a href="/manager_panel" class="btn btn-dark">
            <i class="fas fa-chart-pie me-1"></i>Аналитика
        </a>
        '''
    
    return f'''
<!DOCTYPE html>
<html lang="ru">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Банк "Школьный" | Личный кабинет</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
    <style>
        :root {{
            --primary: #4361ee;
            --secondary: #3a0ca3;
            --gradient: linear-gradient(135deg, #4361ee 0%, #3a0ca3 100%);
        }}
        
        body {{
            font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
            background: #f5f7fb;
        }}
        
        .navbar-custom {{
            background: var(--gradient) !important;
            box-shadow: 0 4px 20px rgba(67, 97, 238, 0.3);
        }}
        
        .sidebar {{
            background: white;
            border-radius: 15px;
            box-shadow: 0 5px 15px rgba(0,0,0,0.05);
            padding: 20px;
            height: fit-content;
        }}
        
        .main-content {{
            background: white;
            border-radius: 15px;
            box-shadow: 0 5px 15px rgba(0,0,0,0.05);
            padding: 25px;
        }}
        
        .balance-card {{
            background: var(--gradient);
            color: white;
            border-radius: 15px;
            padding: 20px;
            margin-bottom: 20px;
        }}
        
        .stat-card {{
            background: white;
            border-radius: 15px;
            padding: 15px;
            box-shadow: 0 3px 10px rgba(0,0,0,0.05);
            border-left: 4px solid var(--primary);
            margin-bottom: 15px;
        }}
        
        .nav-tabs .nav-link {{
            border: none;
            border-radius: 10px;
            padding: 10px 15px;
            margin: 0 5px;
            color: #666;
            font-weight: 500;
        }}
        
        .nav-tabs .nav-link.active {{
            background: var(--gradient);
            color: white;
        }}
        
        .table-custom {{
            background: white;
            border-radius: 12px;
            overflow: hidden;
            box-shadow: 0 3px 10px rgba(0,0,0,0.05);
        }}
        
        .table-custom thead {{
            background: var(--gradient);
            color: white;
        }}
        
        .btn-primary {{
            background: var(--gradient);
            border: none;
            border-radius: 10px;
            padding: 8px 15px;
            font-weight: 600;
        }}
        
        .btn-primary:hover {{
            transform: translateY(-2px);
            box-shadow: 0 5px 15px rgba(67, 97, 238, 0.3);
        }}
        
        .modal-header {{
            background: var(--gradient);
            color: white;
        }}
        
        .services-grid {{
            display: grid;
            grid-template-columns: repeat(auto-fill, minmax(250px, 1fr));
            gap: 20px;
            margin-top: 20px;
        }}
        
        .service-card {{
            background: white;
            border-radius: 12px;
            padding: 20px;
            box-shadow: 0 3px 10px rgba(0,0,0,0.05);
            border-left: 4px solid var(--primary);
            transition: all 0.3s;
        }}
        
        .service-card:hover {{
            transform: translateY(-5px);
            box-shadow: 0 10px 20px rgba(0,0,0,0.1);
        }}
        
        .api-docs {{
            background: #f8f9fa;
            border-radius: 10px;
            padding: 20px;
            margin-top: 20px;
        }}
        
        .code-block {{
            background: #1e1e1e;
            color: #d4d4d4;
            padding: 15px;
            border-radius: 5px;
            font-family: "Courier New", monospace;
            overflow-x: auto;
            margin: 10px 0;
        }}
        
        .shop-item-card {{
            transition: all 0.3s;
        }}
        
        .shop-item-card:hover {{
            transform: translateY(-5px);
            box-shadow: 0 10px 20px rgba(0,0,0,0.1);
        }}

        .crypto-price-box {{
            background: linear-gradient(135deg, #f7fbff 0%, #eef3ff 100%);
            border: 1px solid #d8e4ff;
            border-radius: 12px;
            padding: 16px;
        }}

        .crypto-stat {{
            background: #f8faff;
            border: 1px solid #e5edff;
            border-radius: 10px;
            padding: 12px;
            height: 100%;
        }}

    </style>
</head>
<body>
    <nav class="navbar navbar-expand-lg navbar-custom navbar-dark">
        <div class="container">
            <a class="navbar-brand d-flex align-items-center" href="/dashboard">
                <i class="fas fa-university fa-2x me-2"></i>
                <div>
                    <h4 class="mb-0">Банк "Школьный"</h4>
                    <small class="opacity-75">Финансовая система в школьных условиях</small>
                </div>
            </a>
            <div class="d-flex align-items-center">
                <span class="badge bg-light text-dark me-3">
                    <i class="fas fa-user-circle me-1"></i>
                    {session['user']} ({get_user_role(user_data)})
                </span>
                <a href="/logout" class="btn btn-outline-light btn-sm">
                    <i class="fas fa-sign-out-alt me-1"></i>Выход
                </a>
            </div>
        </div>
    </nav>

    <div class="container mt-4 mb-5">
        <div class="row g-4">
            <div class="col-lg-3">
                <div class="sidebar">
                    <h5 class="mb-3"><i class="fas fa-chart-line me-2"></i>Финансы</h5>
                    
                    <div class="balance-card">
                        <h6 class="opacity-75">Текущий баланс</h6>
                        <h2 class="{'text-success' if user_data['balance'] >= 0 else 'text-danger'}">
                            {user_data['balance']:,} ₽
                        </h2>
                        <small>Доступные средства</small>
                    </div>
                    
                    <div class="stat-card">
                        <div class="d-flex justify-content-between">
                            <div>
                                <h6>Вклад</h6>
                                <h5 class="text-success">{user_data['deposit']:,} ₽</h5>
                            </div>
                            <i class="fas fa-piggy-bank fa-2x text-success"></i>
                        </div>
                        <small class="text-muted">+1% ежедневно</small>
                    </div>
                    
                    <div class="stat-card">
                        <div class="d-flex justify-content-between">
                            <div>
                                <h6>Кредит</h6>
                                <h5 class="text-danger">{user_data['credit']:,} ₽</h5>
                            </div>
                            <i class="fas fa-credit-card fa-2x text-danger"></i>
                        </div>
                        <small class="text-muted">+5% ежедневно</small>
                    </div>
                    
                    <div class="mt-3">
                        <h6><i class="fas fa-wallet me-2"></i>Операции</h6>
                        <div class="d-grid gap-2 mt-2">
                            <button class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#depositModal">
                                <i class="fas fa-plus-circle me-1"></i>Пополнить вклад
                            </button>
                            {credit_action_btn}
                            <button class="btn btn-outline-success" data-bs-toggle="modal" data-bs-target="#transferModal">
                                <i class="fas fa-exchange-alt me-1"></i>Перевод
                            </button>
                            <a href="/payment_page" class="btn btn-warning">
                                <i class="fas fa-credit-card me-1"></i>Оплата
                            </a>
                            {student_panel_btn}
                            {parent_panel_btn}
                            {manager_panel_btn}
                        </div>
                    </div>
                    
                    <div class="mt-4">
                        {api_key_html}
                    </div>
                </div>
            </div>

            <div class="col-lg-9">
                <div class="main-content">
                    <ul class="nav nav-tabs mb-4">
                        <li class="nav-item">
                            <a class="nav-link active" data-bs-toggle="tab" href="#services">
                                <i class="fas fa-concierge-bell me-1"></i>Услуги
                            </a>
                        </li>
                        <li class="nav-item">
                            <a class="nav-link" data-bs-toggle="tab" href="#shop">
                                <i class="fas fa-store me-1"></i>Магазин
                            </a>
                        </li>
                        {crypto_nav_tab}
                        <li class="nav-item">
                            <a class="nav-link" data-bs-toggle="tab" href="#history">
                                <i class="fas fa-history me-1"></i>История
                            </a>
                        </li>
                        <li class="nav-item">
                            <a class="nav-link" data-bs-toggle="tab" href="#api">
                                <i class="fas fa-code me-1"></i>API
                            </a>
                        </li>
                        {student_tab}
                        {parent_tab}
                        {manager_tab}
                        {teacher_tab}
                        {admin_tab}
                    </ul>

                    <div class="tab-content">
                        <div class="tab-pane fade show active" id="services">
                            <div class="services-grid">
                                <div class="service-card">
                                    <h5><i class="fas fa-piggy-bank text-primary me-2"></i>Вклады</h5>
                                    <p class="text-muted">Откройте вклад под 1% ежедневно и получайте пассивный доход.</p>
                                </div>
                                <div class="service-card">
                                    <h5><i class="fas fa-credit-card text-success me-2"></i>Кредиты</h5>
                                    <p class="text-muted">Получите кредит на любые цели. Ставка 5% ежедневно.</p>
                                </div>
                                <div class="service-card">
                                    <h5><i class="fas fa-exchange-alt text-info me-2"></i>Переводы</h5>
                                    <p class="text-muted">Быстрые переводы между клиентами банка без комиссий.</p>
                                </div>
                                <div class="service-card">
                                    <h5><i class="fas fa-store text-danger me-2"></i>Магазин</h5>
                                    <p class="text-muted">Покупайте и продавайте товары, размещайте объявления.</p>
                                </div>
                                <div class="service-card">
                                    <h5><i class="fas fa-credit-card text-secondary me-2"></i>Платежи</h5>
                                    <p class="text-muted">Принимайте платежи от клиентов через API или ссылки.</p>
                                </div>
                                {crypto_service_card}
                                <div class="service-card">
                                    <h5><i class="fas fa-code text-dark me-2"></i>API Доступ</h5>
                                    <p class="text-muted">Интегрируйте банковские услуги в ваши приложения через API.</p>
                                </div>
                            </div>
                        </div>
                        
                        {shop_tab_content}
                        {crypto_tab_block}
                        
                        <div class="tab-pane fade" id="history">
                            <div class="table-responsive">
                                <table class="table table-custom table-hover">
                                    <thead>
                                        <tr>
                                            <th><i class="fas fa-clock"></i> Время</th>
                                            <th><i class="fas fa-user"></i> Пользователь</th>
                                            <th><i class="fas fa-tasks"></i> Операция</th>
                                            <th><i class="fas fa-ruble-sign"></i> Сумма</th>
                                            <th><i class="fas fa-user-friends"></i>Получатель</th>
                                        </tr>
                                    </thead>
                                    <tbody>
                                        {history_html}
                                    </tbody>
                                </table>
                            </div>
                        </div>
                        
                        <div class="tab-pane fade" id="api">
                            <div class="api-docs">
                                <h4><i class="fas fa-code me-2"></i>Документация API</h4>
                                <p>Используйте ваш API ключ для доступа к банковским операциям через REST API.</p>
                                
                                <h5 class="mt-4">Базовый URL</h5>
                                <div class="code-block">
                                    http://ваш-домен/api/v1/
                                </div>
                                
                                <h5 class="mt-4">Аутентификация</h5>
                                <p>Добавьте заголовок с вашим API ключом:</p>
                                <div class="code-block">
                                    X-API-Key: ваш_api_ключ
                                </div>
                                <p>Или передайте как параметр:</p>
                                <div class="code-block">
                                    ?api_key=ваш_api_ключ
                                </div>
                                
                                <h5 class="mt-4">Доступные методы</h5>
                                <div class="table-responsive">
                                    <table class="table table-bordered">
                                        <thead>
                                            <tr>
                                                <th>Метод</th>
                                                <th>Эндпоинт</th>
                                                <th>Описание</th>
                                                <th>Параметры</th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                            <tr>
                                                <td><span class="badge bg-info">GET</span></td>
                                                <td>/api/v1/balance</td>
                                                <td>Получить информацию о балансе</td>
                                                <td>-</td>
                                            </tr>
                                            <tr>
                                                <td><span class="badge bg-info">GET</span></td>
                                                <td>/api/v1/history</td>
                                                <td>Получить историю операций</td>
                                                <td>limit (опционально)</td>
                                            </tr>
                                            <tr>
                                                <td><span class="badge bg-success">POST</span></td>
                                                <td>/api/v1/deposit</td>
                                                <td>Открыть вклад</td>
                                                <td>amount (int)</td>
                                            </tr>
                                            <tr>
                                                <td><span class="badge bg-success">POST</span></td>
                                                <td>/api/v1/credit</td>
                                                <td>Взять кредит</td>
                                                <td>amount (int)</td>
                                            </tr>
                                            <tr>
                                                <td><span class="badge bg-success">POST</span></td>
                                                <td>/api/v1/transfer</td>
                                                <td>Сделать перевод</td>
                                                <td>target (str), amount (int)</td>
                                            </tr>
                                            <tr>
                                                <td><span class="badge bg-info">GET</span></td>
                                                <td>/api/v1/shop/items</td>
                                                <td>Получить список товаров</td>
                                                <td>-</td>
                                            </tr>
                                            <tr>
                                                <td><span class="badge bg-info">GET</span></td>
                                                <td>/api/v1/shop/ads</td>
                                                <td>Получить список объявлений</td>
                                                <td>-</td>
                                            </tr>
                                            <tr>
                                                <td><span class="badge bg-info">GET</span></td>
                                                <td>/api/v1/crypto</td>
                                                <td>Текущая цена и кошелек SerKripto</td>
                                                <td>-</td>
                                            </tr>
                                            <tr>
                                                <td><span class="badge bg-success">POST</span></td>
                                                <td>/api/v1/crypto/buy</td>
                                                <td>Купить SerKripto за рубли</td>
                                                <td>amount (int)</td>
                                            </tr>
                                            <tr>
                                                <td><span class="badge bg-success">POST</span></td>
                                                <td>/api/v1/crypto/sell</td>
                                                <td>Продать SerKripto</td>
                                                <td>quantity (float)</td>
                                            </tr>
                                            <tr>
                                                <td><span class="badge bg-success">POST</span></td>
                                                <td>/api/v1/payment/create</td>
                                                <td>Создать платеж</td>
                                                <td>receiver, amount, description</td>
                                            </tr>
                                        </tbody>
                                    </table>
                                </div>
                                
                                <h5 class="mt-4">Примеры использования</h5>
                                <p>Python с requests:</p>
                                <div class="code-block">
import requests<br>
<br>
api_key = "ваш_api_ключ"<br>
base_url = "http://ваш-домен/api/v1"<br>
<br>
# Получить баланс<br>
headers = {{"X-API-Key": api_key}}<br>
response = requests.get(f"{{base_url}}/balance", headers=headers)<br>
print(response.json())<br>
<br>
# Сделать перевод<br>
data = {{"target": "получатель", "amount": 100}}<br>
response = requests.post(f"{{base_url}}/transfer", headers=headers, json=data)<br>
print(response.json())
                                </div>
                                
                                <p>cURL:</p>
                                <div class="code-block">
# Получить баланс<br>
curl -H "X-API-Key: ваш_api_ключ" http://ваш-домен/api/v1/balance<br>
<br>
# Сделать перевод<br>
curl -X POST -H "X-API-Key: ваш_api_ключ" \\<br>
     -H "Content-Type: application/json" \\<br>
     -d '{{"target": "получатель", "amount": 100}}' \\<br>
     http://ваш-домен/api/v1/transfer
                                </div>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </div>

    <!-- Модальные окна -->
    <div class="modal fade" id="depositModal" tabindex="-1">
        <div class="modal-dialog">
            <div class="modal-content">
                <div class="modal-header">
                    <h5 class="modal-title"><i class="fas fa-piggy-bank me-2"></i>Вклад</h5>
                    <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
                </div>
                <form action="/deposit" method="post">
                    <div class="modal-body">
                        <div class="mb-3">
                            <label class="form-label">Сумма вклада (₽)</label>
                            <input type="number" name="amount" class="form-control" min="1" required>
                        </div>
                    </div>
                    <div class="modal-footer">
                        <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Отмена</button>
                        <button type="submit" class="btn btn-primary">Подтвердить</button>
                    </div>
                </form>
            </div>
        </div>
    </div>

    <div class="modal fade" id="creditModal" tabindex="-1">
        <div class="modal-dialog">
            <div class="modal-content">
                <div class="modal-header">
                    <h5 class="modal-title"><i class="fas fa-credit-card me-2"></i>Кредит</h5>
                    <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
                </div>
                <form action="/credit" method="post">
                    <div class="modal-body">
                        <div class="alert alert-warning">
                            <i class="fas fa-exclamation-triangle me-2"></i>
                            Кредит выдается под 5% ежедневно
                        </div>
                        <div class="mb-3">
                            <label class="form-label">Сумма кредита (₽)</label>
                            <input type="number" name="amount" class="form-control" min="1" required>
                        </div>
                    </div>
                    <div class="modal-footer">
                        <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Отмена</button>
                        <button type="submit" class="btn btn-primary">Взять кредит</button>
                    </div>
                </form>
            </div>
        </div>
    </div>

    <div class="modal fade" id="transferModal" tabindex="-1">
        <div class="modal-dialog">
            <div class="modal-content">
                <div class="modal-header">
                    <h5 class="modal-title"><i class="fas fa-exchange-alt me-2"></i>Перевод</h5>
                    <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
                </div>
                <form action="/transfer" method="post">
                    <div class="modal-body">
                        <div class="mb-3">
                            <label class="form-label">Получатель</label>
                            <input type="text" name="target" class="form-control" required>
                        </div>
                        <div class="mb-3">
                            <label class="form-label">Сумма (₽)</label>
                            <input type="number" name="amount" class="form-control" min="1" required>
                        </div>
                    </div>
                    <div class="modal-footer">
                        <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Отмена</button>
                        <button type="submit" class="btn btn-primary">Отправить</button>
                    </div>
                </form>
            </div>
        </div>
    </div>

    <!-- Модальные окна для магазина -->
    <div class="modal fade" id="addItemModal" tabindex="-1">
        <div class="modal-dialog">
            <div class="modal-content">
                <div class="modal-header">
                    <h5 class="modal-title"><i class="fas fa-plus me-2"></i>Добавить товар</h5>
                    <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
                </div>
                <form action="/create_shop_item" method="post">
                    <div class="modal-body">
                        <div class="mb-3">
                            <label class="form-label">Название товара</label>
                            <input type="text" name="title" class="form-control" required>
                        </div>
                        <div class="mb-3">
                            <label class="form-label">Описание</label>
                            <textarea name="description" class="form-control" rows="3" required></textarea>
                        </div>
                        <div class="mb-3">
                            <label class="form-label">Цена (₽)</label>
                            <input type="number" name="price" class="form-control" min="1" required>
                        </div>
                        <div class="mb-3">
                            <label class="form-label">Категория</label>
                            <select name="category" class="form-select">
                                <option value="electronics">Электроника</option>
                                <option value="clothing">Одежда</option>
                                <option value="books">Книги</option>
                                <option value="other">Другое</option>
                            </select>
                        </div>
                    </div>
                    <div class="modal-footer">
                        <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Отмена</button>
                        <button type="submit" class="btn btn-primary">Добавить товар</button>
                    </div>
                </form>
            </div>
        </div>
    </div>

    <div class="modal fade" id="addAdModal" tabindex="-1">
        <div class="modal-dialog">
            <div class="modal-content">
                <div class="modal-header">
                    <h5 class="modal-title"><i class="fas fa-bullhorn me-2"></i>Добавить объявление</h5>
                    <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
                </div>
                <form action="/create_advertisement" method="post">
                    <div class="modal-body">
                        <div class="mb-3">
                            <label class="form-label">Заголовок</label>
                            <input type="text" name="title" class="form-control" required>
                        </div>
                        <div class="mb-3">
                            <label class="form-label">Содержание</label>
                            <textarea name="content" class="form-control" rows="3" required></textarea>
                        </div>
                        <div class="mb-3">
                            <label class="form-label">Контактная информация</label>
                            <input type="text" name="contact_info" class="form-control" placeholder="Email или телефон" required>
                        </div>
                    </div>
                    <div class="modal-footer">
                        <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Отмена</button>
                        <button type="submit" class="btn btn-primary">Добавить объявление</button>
                    </div>
                </form>
            </div>
        </div>
    </div>

    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
    <script>
        // Автообновление каждые 60 секунд
        setInterval(() => {{
            window.location.reload();
        }}, 60000);

        // Восстановление активной вкладки
        (() => {{
            const preferredTab = "{active_tab}";
            const hashTab = window.location.hash ? window.location.hash.replace("#", "") : "";
            const tabToOpen = hashTab || preferredTab;
            if (!tabToOpen || !window.bootstrap) return;
            const trigger = document.querySelector(`a[data-bs-toggle="tab"][href="#${{tabToOpen}}"]`);
            if (trigger) {{
                new bootstrap.Tab(trigger).show();
            }}
        }})();

        // Кнопки "Максимум" для покупки/продажи SerKripto
        (() => {{
            const bindMaxButton = (inputId, buttonId, emptyText) => {{
                const input = document.getElementById(inputId);
                const button = document.getElementById(buttonId);
                if (!input || !button) return;
                button.addEventListener("click", () => {{
                    const maxValue = parseFloat(input.getAttribute("data-max-value") || "0");
                    if (!Number.isFinite(maxValue) || maxValue <= 0) {{
                        alert(emptyText);
                        return;
                    }}
                    input.value = input.step && input.step.includes(".") ? maxValue.toFixed(6) : Math.floor(maxValue);
                    input.dispatchEvent(new Event("input", {{ bubbles: true }}));
                }});
            }};

            bindMaxButton("cryptoBuyAmount", "cryptoBuyMaxBtn", "Недостаточно средств для покупки");
            bindMaxButton("cryptoSellQuantity", "cryptoSellMaxBtn", "Нет монет для продажи");
        }})();
        
        // Валидация форм
        document.querySelectorAll("form").forEach(form => {{
            form.addEventListener("submit", function(e) {{
                const inputs = this.querySelectorAll("input[type=\"number\"]");
                inputs.forEach(input => {{
                    if (input.value && parseFloat(input.value) <= 0) {{
                        e.preventDefault();
                        alert("Пожалуйста, введите корректное значение");
                    }}
                }});
            }});
        }});
        
        // Анимация карт
        // Копирование API ключа
        function copyApiKey() {{
            const apiKeyInput = document.getElementById("apiKey");
            if (!apiKeyInput) return;
            apiKeyInput.select();
            apiKeyInput.setSelectionRange(0, 99999);
            document.execCommand("copy");
            alert("API ключ скопирован в буфер обмена!");
        }}
    </script>
</body>
</html>
'''

def render_admin_panel(users):
    """Генерация HTML админ-панели - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    users_html = ""
    current_user = session.get('user')
    
    valid_users_count = 0
    total_balance = 0
    total_deposit = 0
    total_credit = 0
    
    for username, user in users.items():
        # Пропускаем текущего пользователя
        if username == current_user:
            continue
        
        # Проверяем, что пользователь - словарь (корректные данные)
        if not isinstance(user, dict):
            continue
        
        # Безопасно получаем данные пользователя
        role = get_user_role(user)
        balance = user.get('balance', 0)
        deposit = user.get('deposit', 0)
        credit = user.get('credit', 0)
        email = user.get('email', 'нет')
        
        # Обновляем статистику
        valid_users_count += 1
        total_balance += balance
        total_deposit += deposit
        total_credit += credit
        
        # Определяем цвет бейджа роли
        badge_color_map = {
            ROLE_ADMIN: "danger",
            ROLE_MANAGER: "warning",
            ROLE_TEACHER: "info",
            ROLE_PARENT: "primary",
            ROLE_STUDENT: "secondary",
            ROLE_CLIENT: "dark"
        }
        badge_color = badge_color_map.get(role, "dark")
        
        users_html += f'''
        <div class="col-md-6 col-lg-4">
            <div class="card h-100">
                <div class="card-body">
                    <h5 class="card-title">{username}</h5>
                    <p class="card-text">
                        <small>Роль: <span class="badge bg-{badge_color}">{role}</span></small><br>
                        <small>Баланс: <strong>{balance:,} ₽</strong></small><br>
                        <small>Вклад: <strong>{deposit:,} ₽</strong></small><br>
                        <small>Кредит: <strong>{credit:,} ₽</strong></small><br>
                        <small>Email: {email}</small>
                    </p>
                    <form action="/admin/change_role" method="post" class="mb-2">
                        <input type="hidden" name="username" value="{username}">
                        <select name="role" class="form-select form-select-sm mb-2">
                            <option value="{ROLE_CLIENT}" {'selected' if role == ROLE_CLIENT else ''}>Клиент</option>
                            <option value="{ROLE_STUDENT}" {'selected' if role == ROLE_STUDENT else ''}>Ученик</option>
                            <option value="{ROLE_PARENT}" {'selected' if role == ROLE_PARENT else ''}>Родитель</option>
                            <option value="{ROLE_TEACHER}" {'selected' if role == ROLE_TEACHER else ''}>Учитель</option>
                            <option value="{ROLE_MANAGER}" {'selected' if role == ROLE_MANAGER else ''}>Менеджер</option>
                            <option value="{ROLE_ADMIN}" {'selected' if role == ROLE_ADMIN else ''}>Админ</option>
                        </select>
                        <button type="submit" class="btn btn-warning btn-sm w-100">Изменить роль</button>
                    </form>
                    <form action="/admin/add_money" method="post">
                        <input type="hidden" name="username" value="{username}">
                        <div class="input-group input-group-sm mb-2">
                            <input type="number" name="amount" class="form-control" placeholder="Сумма" min="1" required>
                            <button class="btn btn-success" type="submit">+</button>
                        </div>
                    </form>
                </div>
            </div>
        </div>
        '''
    
    return f'''
<!DOCTYPE html>
<html lang="ru">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Админ-панель</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
    <style>
        :root {{
            --primary: #4361ee;
            --gradient: linear-gradient(135deg, #4361ee 0%, #3a0ca3 100%);
        }}
        body {{
            background: #f5f7fb;
            padding: 20px;
        }}
        .admin-header {{
            background: var(--gradient);
            color: white;
            border-radius: 15px;
            padding: 20px;
            margin-bottom: 20px;
        }}
        .card {{
            border-radius: 12px;
            box-shadow: 0 3px 10px rgba(0,0,0,0.05);
        }}
        .stat-card {{
            background: white;
            border-radius: 12px;
            padding: 15px;
            box-shadow: 0 3px 10px rgba(0,0,0,0.05);
            border-left: 4px solid var(--primary);
            margin-bottom: 15px;
        }}
    </style>
</head>
<body>
    <div class="container">
        <div class="admin-header">
            <div class="d-flex justify-content-between align-items-center">
                <div>
                    <h2><i class="fas fa-cogs me-2"></i>Админ-панель</h2>
                    <p class="mb-0">Управление пользователями</p>
                </div>
                <a href="/dashboard" class="btn btn-light">
                    <i class="fas fa-arrow-left me-1"></i>Назад
                </a>
            </div>
        </div>
        
        <div class="row g-4">
            {users_html if users_html else '''
            <div class="col-12">
                <div class="alert alert-info">
                    <i class="fas fa-info-circle me-2"></i>
                    Нет других пользователей для управления.
                </div>
            </div>
            '''}
        </div>
        
        <div class="row mt-4">
            <div class="col-12">
                <div class="card">
                    <div class="card-body">
                        <h5 class="card-title"><i class="fas fa-chart-bar me-2"></i>Статистика системы</h5>
                        <div class="row">
                            <div class="col-md-3">
                                <div class="stat-card">
                                    <h6>Всего пользователей</h6>
                                    <h4>{valid_users_count + 1}</h4>
                                </div>
                            </div>
                            <div class="col-md-3">
                                <div class="stat-card">
                                    <h6>Общий баланс</h6>
                                    <h4 class="text-success">{total_balance:,} ₽</h4>
                                </div>
                            </div>
                            <div class="col-md-3">
                                <div class="stat-card">
                                    <h6>Общие вклады</h6>
                                    <h4 class="text-info">{total_deposit:,} ₽</h4>
                                </div>
                            </div>
                            <div class="col-md-3">
                                <div class="stat-card">
                                    <h6>Общие кредиты</h6>
                                    <h4 class="text-danger">{total_credit:,} ₽</h4>
                                </div>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </div>
    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
    <script>
        // Валидация форм админ-панели
        document.querySelectorAll("form").forEach(form => {{
            form.addEventListener("submit", function(e) {{
                const amountInput = this.querySelector('input[type="number"]');
                if (amountInput && amountInput.value) {{
                    if (parseInt(amountInput.value) <= 0) {{
                        e.preventDefault();
                        alert("Сумма должна быть положительной!");
                    }}
                }}
            }});
        }});
    </script>
</body>
</html>
'''

# ---------- СТРАНИЦА ОПЛАТЫ ----------
def render_payment_page(created_payment=None, error_message=""):
    """Страница оплаты"""
    users = load_users()
    current_user = session.get("user")
    user_data = users.get(current_user, {}) if isinstance(users.get(current_user), dict) else {}
    api_key = user_data.get("api_key")

    payment_rows = ""
    payments = load_payments()
    user_payments = []
    for payment in payments:
        if payment.get("created_by") == current_user or payment.get("payer") == current_user or payment.get("receiver") == current_user:
            user_payments.append(payment)

    user_payments.sort(key=lambda x: x.get("created", 0), reverse=True)
    for payment in user_payments[:20]:
        status = payment.get("status", "pending")
        status_class = "warning"
        if status == "completed":
            status_class = "success"
        elif status == "failed":
            status_class = "danger"
        elif status == "cancelled":
            status_class = "secondary"

        payer_label = payment.get("payer", "-")
        if payment.get("allow_any_payer") and status == "pending":
            payer_label = "любой"

        payment_rows += f"""
        <tr>
            <td><small>{payment.get('id', '-')}</small></td>
            <td><strong>{payment.get('amount', 0)} ₽</strong></td>
            <td>{payment.get('receiver', '-')}</td>
            <td>{payer_label}</td>
            <td><span class="badge bg-{status_class}">{status}</span></td>
            <td><small>{datetime.fromtimestamp(payment.get('created', 0)).strftime('%Y-%m-%d %H:%M:%S')}</small></td>
            <td><a class="btn btn-sm btn-outline-primary" href="/pay/{payment.get('id', '')}" target="_blank">Открыть</a></td>
        </tr>
        """

    if not payment_rows:
        payment_rows = "<tr><td colspan='7' class='text-center text-muted'>Пока нет платежей</td></tr>"

    created_block = ""
    if created_payment and isinstance(created_payment, dict):
        payment_url = f"{request.host_url.rstrip('/')}/pay/{created_payment.get('id')}"
        created_block = f"""
        <div class="alert alert-success mt-3">
            <h6><i class="fas fa-check-circle me-2"></i>Ссылка создана</h6>
            <p class="mb-1">ID платежа: <strong>{created_payment.get('id')}</strong></p>
            <div class="payment-link" id="generatedPaymentLink">{payment_url}</div>
            <button class="btn btn-sm btn-outline-success" onclick="copyPaymentLink()">
                <i class="fas fa-copy me-1"></i>Скопировать ссылку
            </button>
        </div>
        """

    api_key_hint = ""
    if api_key:
        api_key_hint = f"""
        <div class="alert alert-success">
            <small><strong>Ваш API ключ:</strong> <code>{api_key}</code></small>
        </div>
        """
    else:
        api_key_hint = """
        <div class="alert alert-warning">
            <small>API ключ не создан. Сначала сгенерируйте ключ в личном кабинете.</small>
        </div>
        """

    error_block = ""
    if error_message:
        error_block = f'<div class="alert alert-danger mb-3">{error_message}</div>'

    return f'''
<!DOCTYPE html>
<html lang="ru">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Оплата | Банковская система</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
    <style>
        :root {{
            --primary: #4361ee;
            --secondary: #3a0ca3;
            --gradient: linear-gradient(135deg, #4361ee 0%, #3a0ca3 100%);
        }}
        body {{
            background: #f5f7fb;
            font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
        }}
        .payment-card {{
            background: white;
            border-radius: 15px;
            box-shadow: 0 10px 30px rgba(0,0,0,0.1);
            overflow: hidden;
        }}
        .payment-header {{
            background: var(--gradient);
            color: white;
            padding: 25px;
            text-align: center;
        }}
        .payment-body {{
            padding: 30px;
        }}
        .form-control {{
            border: 2px solid #e9ecef;
            border-radius: 10px;
            padding: 12px 15px;
            transition: all 0.3s;
        }}
        .form-control:focus {{
            border-color: var(--primary);
            box-shadow: 0 0 0 0.25rem rgba(67, 97, 238, 0.25);
        }}
        .btn-primary {{
            background: var(--gradient);
            border: none;
            border-radius: 10px;
            padding: 12px;
            font-weight: 600;
            transition: all 0.3s;
        }}
        .btn-primary:hover {{
            transform: translateY(-2px);
            box-shadow: 0 10px 20px rgba(67, 97, 238, 0.3);
        }}
        .api-example {{
            background: #f8f9fa;
            border-radius: 10px;
            padding: 15px;
            font-family: 'Courier New', monospace;
            font-size: 14px;
            margin: 10px 0;
        }}
        .payment-link {{
            background: #e9ecef;
            border-radius: 8px;
            padding: 10px;
            word-break: break-all;
            font-family: 'Courier New', monospace;
            margin: 10px 0;
        }}
    </style>
</head>
<body>
    <nav class="navbar navbar-expand-lg navbar-dark" style="background: var(--gradient);">
        <div class="container">
            <a class="navbar-brand" href="/dashboard">
                <i class="fas fa-university me-2"></i>
                Банк | Оплата
            </a>
            <div>
                <a href="/dashboard" class="btn btn-outline-light btn-sm">
                    <i class="fas fa-arrow-left me-1"></i> Назад
                </a>
            </div>
        </div>
    </nav>

    <div class="container mt-4 mb-5">
        <div class="row justify-content-center">
            <div class="col-lg-10">
                <div class="payment-card">
                    <div class="payment-header">
                        <h3><i class="fas fa-credit-card me-2"></i>Платежная система</h3>
                        <p class="mb-0">Создавайте ссылки и принимайте оплату</p>
                    </div>
                    <div class="payment-body">
                        {error_block}
                        {created_block}
                        <div class="row">
                            <div class="col-md-6">
                                <h4><i class="fas fa-link me-2"></i>Создать ссылку для оплаты</h4>
                                <form action="/create_payment_link" method="post" id="paymentForm">
                                    <div class="mb-3">
                                        <label class="form-label">Получатель (логин)</label>
                                        <input type="text" name="receiver" class="form-control" required value="{current_user or ''}">
                                    </div>
                                    <div class="mb-3">
                                        <label class="form-label">Плательщик (логин, необязательно)</label>
                                        <input type="text" name="payer" class="form-control" placeholder="Пусто = оплатить сможет любой пользователь">
                                    </div>
                                    <div class="mb-3">
                                        <label class="form-label">Сумма (₽)</label>
                                        <input type="number" name="amount" class="form-control" min="1" required placeholder="Введите сумму">
                                    </div>
                                    <div class="mb-3">
                                        <label class="form-label">Описание платежа</label>
                                        <input type="text" name="description" class="form-control" placeholder="Оплата за товар/услугу">
                                    </div>
                                    <button type="submit" class="btn btn-primary w-100">
                                        <i class="fas fa-link me-2"></i>Создать ссылку
                                    </button>
                                </form>
                            </div>
                            
                            <div class="col-md-6">
                                <h4><i class="fas fa-code me-2"></i>API для оплаты</h4>
                                {api_key_hint}
                                <div class="api-example">
                                    POST /api/v1/payment/create<br>
                                    Header: X-API-Key: ваш_ключ<br>
                                    Body: {{"receiver":"{current_user or 'username'}","amount":100,"description":"Оплата","allow_any_payer":true}}
                                </div>
                                <div class="api-example">
                                    GET /api/v1/payment/status/payment_id<br>
                                    Header: X-API-Key: ваш_ключ
                                </div>
                            </div>
                        </div>
                        
                        <div class="mt-5">
                            <h4><i class="fas fa-history me-2"></i>Последние платежи</h4>
                            <div class="table-responsive">
                                <table class="table table-hover">
                                    <thead>
                                        <tr>
                                            <th>ID</th>
                                            <th>Сумма</th>
                                            <th>Получатель</th>
                                            <th>Плательщик</th>
                                            <th>Статус</th>
                                            <th>Дата</th>
                                            <th>Ссылка</th>
                                        </tr>
                                    </thead>
                                    <tbody>
                                        {payment_rows}
                                    </tbody>
                                </table>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </div>

    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
    <script>
        function copyPaymentLink() {{
            const linkElement = document.getElementById('generatedPaymentLink');
            if (!linkElement) return;
            const text = linkElement.textContent.trim();
            if (navigator.clipboard) {{
                navigator.clipboard.writeText(text);
            }}
        }}
    </script>
</body>
</html>
'''

def render_pay_page(payment_id):
    """Страница оплаты для клиента"""
    payments = load_payments()
    error_code = request.args.get("error", "").strip()
    error_map = {
        "invalid_credentials": "Неверный логин или пароль",
        "payment_not_found": "Платеж не найден",
        "wrong_payer": "Вы не являетесь плательщиком по этому платежу",
        "insufficient_funds": "Недостаточно средств на счете плательщика",
        "payer_not_found": "Плательщик не найден",
        "receiver_not_found": "Получатель не найден",
        "role_denied": "Роль пользователя не имеет доступа к оплате",
        "same_user": "Нельзя оплатить самому себе",
        "payment_failed": "Ошибка при обработке платежа"
    }
    error_message = error_map.get(error_code, "")
    
    payment = None
    for p in payments:
        if p["id"] == payment_id:
            payment = p
            break
    
    if not payment:
        return '''
        <!DOCTYPE html>
        <html>
        <head>
            <title>Платеж не найден</title>
            <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
        </head>
        <body>
            <div class="container mt-5">
                <div class="alert alert-danger">
                    <h4>Платеж не найден</h4>
                    <p>Проверьте правильность ссылки или обратитесь к отправителю.</p>
                    <a href="/" class="btn btn-primary">На главную</a>
                </div>
            </div>
        </body>
        </html>
        '''
    
    if payment["status"] != "pending":
        status_message = {
            "completed": "Оплачен",
            "failed": "Не удался",
            "cancelled": "Отменен"
        }.get(payment["status"], "Неизвестен")

        transfer_block = ""
        balances = payment.get("balances")
        if payment["status"] == "completed" and isinstance(balances, dict):
            transfer_block = f"""
            <div class="alert alert-success text-start mt-3">
                <h6 class="mb-2"><i class="fas fa-check me-2"></i>Перевод выполнен</h6>
                <div>Плательщик: <strong>{payment.get('payer', '-')}</strong> | баланс: <strong>{balances.get('payer_before', 0)} ₽</strong> → <strong>{balances.get('payer_after', 0)} ₽</strong></div>
                <div>Баланс получателя скрыт</div>
            </div>
            """
        
        return f'''
        <!DOCTYPE html>
        <html>
        <head>
            <title>Статус платежа</title>
            <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
            <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
        </head>
        <body>
            <div class="container mt-5">
                <div class="row justify-content-center">
                    <div class="col-md-6">
                        <div class="card">
                            <div class="card-body text-center">
                                <h2>Платеж {status_message}</h2>
                                <div class="my-4">
                                    <i class="fas fa-{ 'check-circle text-success' if payment['status'] == 'completed' else 'times-circle text-danger' } fa-5x"></i>
                                </div>
                                <p>ID платежа: <strong>{payment_id}</strong></p>
                                <p>Сумма: <strong>{payment['amount']} ₽</strong></p>
                                <p>Получатель: <strong>{payment['receiver']}</strong></p>
                                <p>Плательщик: <strong>{payment.get('payer', '-')}</strong></p>
                                <p>Описание: {payment['description']}</p>
                                {transfer_block}
                                <a href="/" class="btn btn-primary mt-3">На главную</a>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        </body>
        </html>
        '''
    
    allow_any_payer = bool(payment.get("allow_any_payer", False))
    payer_label = "Любой пользователь" if allow_any_payer else payment.get("payer", "-")
    username_value = "" if allow_any_payer else payment.get("payer", "")
    username_readonly = "" if allow_any_payer else "readonly"
    error_block = f'<div class="alert alert-danger mb-3">{error_message}</div>' if error_message else ""

    return f'''
<!DOCTYPE html>
<html lang="ru">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Оплата #{payment_id}</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
    <style>
        :root {{
            --primary: #4361ee;
            --gradient: linear-gradient(135deg, #4361ee 0%, #3a0ca3 100%);
        }}
        body {{
            background: #f5f7fb;
            font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
        }}
        .payment-container {{
            max-width: 500px;
            margin: 50px auto;
        }}
        .payment-card {{
            background: white;
            border-radius: 15px;
            box-shadow: 0 10px 30px rgba(0,0,0,0.1);
            overflow: hidden;
        }}
        .payment-header {{
            background: var(--gradient);
            color: white;
            padding: 25px;
            text-align: center;
        }}
        .payment-body {{
            padding: 30px;
        }}
        .amount-display {{
            font-size: 48px;
            font-weight: bold;
            color: var(--primary);
            text-align: center;
            margin: 20px 0;
        }}
        .btn-pay {{
            background: var(--gradient);
            border: none;
            border-radius: 10px;
            padding: 15px;
            font-size: 18px;
            font-weight: 600;
            width: 100%;
            margin-top: 20px;
        }}
    </style>
</head>
<body>
    <div class="payment-container">
        <div class="payment-card">
            <div class="payment-header">
                <h3><i class="fas fa-credit-card me-2"></i>Оплата</h3>
                <p class="mb-0">ID: {payment_id}</p>
            </div>
            <div class="payment-body">
                {error_block}
                <div class="text-center mb-4">
                    <i class="fas fa-shopping-cart fa-4x text-primary"></i>
                </div>
                
                <div class="amount-display">
                    {payment['amount']} ₽
                </div>
                
                <div class="payment-details">
                    <div class="d-flex justify-content-between mb-2">
                        <span>Получатель:</span>
                        <strong>{payment['receiver']}</strong>
                    </div>
                    <div class="d-flex justify-content-between mb-2">
                        <span>Плательщик:</span>
                        <strong>{payer_label}</strong>
                    </div>
                    <div class="d-flex justify-content-between mb-2">
                        <span>Описание:</span>
                        <strong>{payment['description'] or 'Нет описания'}</strong>
                    </div>
                    <div class="d-flex justify-content-between mb-4">
                        <span>Статус:</span>
                        <span class="badge bg-warning">Ожидает оплаты</span>
                    </div>
                </div>
                <div class="alert alert-secondary small">
                    Перед списанием система проверит баланс аккаунта плательщика. Если денег недостаточно, платеж не пройдет.
                </div>
                
                <form action="/process_payment/{payment_id}" method="post" id="paymentForm">
                    <div class="mb-3">
                        <label class="form-label">Ваш логин</label>
                        <input type="text" name="username" class="form-control" placeholder="Введите ваш логин" required value="{username_value}" {username_readonly}>
                    </div>
                    <div class="mb-3">
                        <label class="form-label">Пароль</label>
                        <input type="password" name="password" class="form-control" placeholder="Введите пароль" required>
                    </div>
                    
                    <button type="submit" class="btn btn-pay">
                        <i class="fas fa-lock me-2"></i>Оплатить {payment['amount']} ₽
                    </button>
                    
                    <div class="text-center mt-3">
                        <small class="text-muted">После оплаты средства будут переведены получателю</small>
                    </div>
                </form>
                
                <div class="alert alert-info mt-4">
                    <h6><i class="fas fa-info-circle me-2"></i>Безопасная оплата</h6>
                    <p class="mb-0 small">Все платежи защищены банковской системой. Для оплаты требуется авторизация.</p>
                </div>
            </div>
        </div>
    </div>
    
    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
    <script>
        document.getElementById('paymentForm').addEventListener('submit', function(e) {{
            const submitBtn = this.querySelector('button[type="submit"]');
            submitBtn.disabled = true;
            submitBtn.innerHTML = '<i class="fas fa-spinner fa-spin me-2"></i>Обработка...';
        }});
    </script>
</body>
</html>
'''

# ---------- ИСПРАВЛЕННЫЕ API МАРШРУТЫ ----------

@app.route('/api/v1/balance', methods=['GET'])
@api_key_required
@api_roles_required(*FINANCE_ROLES)
def api_balance():
    """API: Получить информацию о балансе - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    try:
        user_data = request.user_data
        market = load_crypto_market()
        market, decayed = apply_serkripto_idle_decay(market)
        if decayed:
            save_crypto_market(market)
            ws_emit_crypto_market_event(market, "idle_decay")
        serkripto_qty = get_user_serkripto_amount(user_data)
        serkripto_value = round(serkripto_qty * float(market.get("price", 0.0)), 2)
        return jsonify({
            'success': True,
            'username': request.username,
            'balance': user_data.get('balance', 0),
            'deposit': user_data.get('deposit', 0),
            'credit': user_data.get('credit', 0),
            'serkripto': {
                'coin': market.get('name', SERKRIPTO_NAME),
                'symbol': market.get('symbol', SERKRIPTO_SYMBOL),
                'quantity': serkripto_qty,
                'price_rub': market.get('price', 0),
                'value_rub': serkripto_value
            },
            'total': user_data.get('balance', 0) + user_data.get('deposit', 0) - user_data.get('credit', 0)
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/history', methods=['GET'])
@api_key_required
@api_roles_required(*FINANCE_ROLES)
def api_history():
    """API: Получить историю операций - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    try:
        history = load_history()
        user_history = [h for h in history if h['user'] == request.username]
        
        limit = request.args.get('limit', type=int, default=50)
        if limit > 0 and limit < len(user_history):
            user_history = user_history[-limit:]
        
        for h in user_history:
            h['time_formatted'] = datetime.fromtimestamp(h['time']).strftime('%Y-%m-%d %H:%M:%S')
        
        return jsonify({
            'success': True,
            'count': len(user_history),
            'history': user_history[::-1]
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/deposit', methods=['POST'])
@api_key_required
@api_roles_required(*FINANCE_ROLES)
def api_deposit():
    """API: Открыть вклад - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    try:
        if not request.is_json:
            return jsonify({'success': False, 'error': 'JSON data required'}), 400
            
        data = request.get_json()
        amount = data.get('amount')
        
        if not amount:
            return jsonify({'success': False, 'error': 'Amount required'}), 400
        
        amount = int(amount)
        if amount <= 0:
            return jsonify({'success': False, 'error': 'Amount must be positive'}), 400
        
        users = load_users()
        user = users.get(request.username)
        
        if not user or user['balance'] < amount:
            return jsonify({'success': False, 'error': 'Insufficient funds'}), 400
        
        user['balance'] -= amount
        user['deposit'] += amount
        save_users(users)
        
        add_history(request.username, 'api_deposit', amount)
        
        return jsonify({
            'success': True,
            'message': f'Deposit of {amount} ₽ created successfully',
            'new_balance': user['balance'],
            'new_deposit': user['deposit']
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/credit', methods=['POST'])
@api_key_required
@api_roles_required(*CREDIT_ROLES)
def api_credit():
    """API: Взять кредит - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    try:
        if not request.is_json:
            return jsonify({'success': False, 'error': 'JSON data required'}), 400
            
        data = request.get_json()
        amount = data.get('amount')
        
        if not amount:
            return jsonify({'success': False, 'error': 'Amount required'}), 400
        
        amount = int(amount)
        if amount <= 0:
            return jsonify({'success': False, 'error': 'Amount must be positive'}), 400
        
        users = load_users()
        user = users.get(request.username)
        
        if not user:
            return jsonify({'success': False, 'error': 'User not found'}), 404
        
        user['balance'] += amount
        user['credit'] += amount
        save_users(users)
        
        add_history(request.username, 'api_credit', amount)
        
        return jsonify({
            'success': True,
            'message': f'Credit of {amount} ₽ taken successfully',
            'new_balance': user['balance'],
            'new_credit': user['credit']
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/transfer', methods=['POST'])
@api_key_required
@api_roles_required(*FINANCE_ROLES)
def api_transfer():
    """API: Сделать перевод - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    try:
        if not request.is_json:
            return jsonify({'success': False, 'error': 'JSON data required'}), 400
            
        data = request.get_json()
        target = data.get('target', '').strip()
        amount = data.get('amount')
        
        if not target:
            return jsonify({'success': False, 'error': 'Target username required'}), 400
        
        if not amount:
            return jsonify({'success': False, 'error': 'Amount required'}), 400
        
        amount = int(amount)
        if amount <= 0:
            return jsonify({'success': False, 'error': 'Amount must be positive'}), 400
        
        users = load_users()
        
        if target not in users:
            return jsonify({'success': False, 'error': 'Target user not found'}), 404
        
        if target == request.username:
            return jsonify({'success': False, 'error': 'Cannot transfer to yourself'}), 400
        
        sender = users.get(request.username)
        if not sender:
            return jsonify({'success': False, 'error': 'Sender not found'}), 404
        
        if sender['balance'] < amount:
            return jsonify({'success': False, 'error': 'Insufficient funds'}), 400
        
        sender['balance'] -= amount
        users[target]['balance'] += amount
        save_users(users)
        
        add_history(request.username, 'api_transfer', amount, target)
        add_history(target, 'transfer_received', amount, request.username)
        ws_emit_balance_update(target)
        ws_emit_user(target, "transfer.received", {
            "from": request.username,
            "amount": amount
        })
        ws_emit_system("transfer.completed", {
            "from": request.username,
            "to": target,
            "amount": amount,
            "source": "api"
        })
        
        return jsonify({
            'success': True,
            'message': f'Transfer of {amount} ₽ to {target} successful',
            'new_balance': sender['balance']
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

# ---------- API ДЛЯ ПЛАТЕЖЕЙ ----------

@app.route('/api/v1/payment/create', methods=['POST'])
@api_key_required
@api_roles_required(*FINANCE_ROLES)
def api_payment_create():
    """API: Создать платеж"""
    try:
        if not request.is_json:
            return jsonify({'success': False, 'error': 'JSON data required'}), 400
            
        data = request.get_json()
        receiver = str(data.get('receiver', '')).strip()
        payer_from_request = str(data.get('payer', '')).strip()
        allow_any_payer = bool(data.get('allow_any_payer', False))
        amount = data.get('amount')
        description = data.get('description', '')
        external_id = data.get('external_id', '')
        
        if not receiver:
            return jsonify({'success': False, 'error': 'Receiver required'}), 400
        
        if not amount:
            return jsonify({'success': False, 'error': 'Amount required'}), 400
        
        try:
            amount_int = int(amount)
            if amount_int <= 0:
                return jsonify({'success': False, 'error': 'Amount must be positive'}), 400
        except:
            return jsonify({'success': False, 'error': 'Invalid amount'}), 400
        
        # Проверяем существование получателя
        users = load_users()
        if receiver not in users:
            return jsonify({'success': False, 'error': 'Receiver not found'}), 404

        payer = request.username
        if payer_from_request:
            if payer_from_request in ["*", "any", "ANY"]:
                allow_any_payer = True
                payer = "*"
            else:
                payer = payer_from_request
                allow_any_payer = False
        elif allow_any_payer:
            payer = "*"

        if not allow_any_payer:
            if payer not in users:
                return jsonify({'success': False, 'error': 'Payer not found'}), 404
            if payer == receiver:
                return jsonify({'success': False, 'error': 'Payer and receiver must be different'}), 400

        # Создаем платеж
        payment_id, payment_data = create_payment(
            payer=payer,
            receiver=receiver,
            amount=amount_int,
            description=description,
            external_id=external_id,
            allow_any_payer=allow_any_payer,
            created_by=request.username
        )
        
        return jsonify({
            'success': True,
            'message': 'Payment created successfully',
            'payment_id': payment_id,
            'payment': payment_data,
            'payment_url': f'{request.host_url.rstrip("/")}/pay/{payment_id}'
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/payment/status/<payment_id>', methods=['GET'])
@api_key_required
@api_roles_required(*FINANCE_ROLES)
def api_payment_status(payment_id):
    """API: Получить статус платежа"""
    try:
        payments = load_payments()
        
        payment = None
        for p in payments:
            if p["id"] == payment_id:
                payment = p
                break
        
        if not payment:
            return jsonify({'success': False, 'error': 'Payment not found'}), 404
        
        # Проверяем, имеет ли пользователь доступ к этому платежу
        if (payment["payer"] != request.username and
            payment["receiver"] != request.username and
            payment.get("created_by") != request.username):
            if getattr(request, "user_role", ROLE_CLIENT) != ROLE_ADMIN:
                return jsonify({'success': False, 'error': 'Access denied'}), 403
        
        return jsonify({
            'success': True,
            'payment': sanitize_payment_output(payment)
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/payment/list', methods=['GET'])
@api_key_required
@api_roles_required(*FINANCE_ROLES)
def api_payment_list():
    """API: Получить список платежей пользователя"""
    try:
        payments = load_payments()
        
        # Фильтруем платежи по пользователю
        user_payments = []
        for payment in payments:
            if (payment["payer"] == request.username or
                payment["receiver"] == request.username or
                payment.get("created_by") == request.username):
                user_payments.append(payment)
        
        # Сортируем по дате (новые сверху)
        user_payments.sort(key=lambda x: x['created'], reverse=True)
        
        # Ограничиваем количество
        limit = min(20, len(user_payments))
        user_payments = user_payments[:limit]
        safe_payments = [sanitize_payment_output(payment) for payment in user_payments]
        
        return jsonify({
            'success': True,
            'count': len(safe_payments),
            'payments': safe_payments
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/shop/items', methods=['GET'])
@api_key_required
@api_roles_required(*FINANCE_ROLES)
def api_shop_items():
    """API: Получить список товаров - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    try:
        shop_data = load_shop()
        available_items = [item for item in shop_data["items"] if item["status"] == "available"]
        
        for item in available_items:
            item['created_formatted'] = datetime.fromtimestamp(item['created']).strftime('%Y-%m-%d %H:%M:%S')
        
        return jsonify({
            'success': True,
            'count': len(available_items),
            'items': available_items[::-1]
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/shop/ads', methods=['GET'])
@api_key_required
@api_roles_required(*FINANCE_ROLES)
def api_shop_ads():
    """API: Получить список объявлений - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    try:
        shop_data = load_shop()
        active_ads = [ad for ad in shop_data["ads"] if ad["status"] == "active"]
        
        for ad in active_ads:
            ad['created_formatted'] = datetime.fromtimestamp(ad['created']).strftime('%Y-%m-%d %H:%M:%S')
        
        return jsonify({
            'success': True,
            'count': len(active_ads),
            'ads': active_ads[::-1]
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/crypto', methods=['GET'])
@api_key_required
@api_roles_required(*CRYPTO_ROLES)
def api_crypto_market():
    """API: Получить состояние рынка SerKripto"""
    try:
        users = load_users()
        user_data = users.get(request.username, {})
        market = load_crypto_market()
        market, decayed = apply_serkripto_idle_decay(market)
        if decayed:
            save_crypto_market(market)
            ws_emit_crypto_market_event(market, "idle_decay")

        qty = get_user_serkripto_amount(user_data)
        price = float(market.get("price", 0.0))
        value = round(qty * price, 2)

        return jsonify({
            "success": True,
            "coin": {
                "name": market.get("name", SERKRIPTO_NAME),
                "symbol": market.get("symbol", SERKRIPTO_SYMBOL),
                "price_rub": round(price, 4),
                "min_price_rub": round(float(market.get("min_price", 1.0)), 4),
                "max_price_rub": round(float(market.get("max_price", 1000000.0)), 4),
                "decay_rate_pct": round(float(market.get("idle_decay_rate", 0.0)) * 100, 3),
                "decay_interval_sec": int(market.get("idle_decay_interval_sec", 30)),
                "stats": market.get("stats", {})
            },
            "wallet": {
                "quantity": qty,
                "value_rub": value,
                "balance_rub": int(user_data.get("balance", 0)) if isinstance(user_data, dict) else 0
            },
            "updated_at": int(time.time())
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/crypto/buy', methods=['POST'])
@api_key_required
@api_roles_required(*CRYPTO_ROLES)
def api_crypto_buy():
    """API: Купить SerKripto за рубли"""
    try:
        if not request.is_json:
            return jsonify({'success': False, 'error': 'JSON data required'}), 400

        data = request.get_json()
        amount = data.get("amount")
        success, result = buy_serkripto(request.username, amount)
        if not success:
            error_map = {
                "invalid_amount": "Amount must be a positive integer",
                "user_not_found": "User not found",
                "market_unavailable": "Crypto market unavailable",
                "insufficient_funds": "Insufficient funds",
                "amount_too_small": "Amount is too small"
            }
            status_map = {
                "user_not_found": 404,
                "market_unavailable": 503
            }
            return jsonify({
                "success": False,
                "error": error_map.get(result, "Buy operation failed"),
                "code": result
            }), status_map.get(result, 400)

        return jsonify({
            "success": True,
            "message": f"{SERKRIPTO_NAME} purchased successfully",
            "trade": result
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/crypto/sell', methods=['POST'])
@api_key_required
@api_roles_required(*CRYPTO_ROLES)
def api_crypto_sell():
    """API: Продать SerKripto"""
    try:
        if not request.is_json:
            return jsonify({'success': False, 'error': 'JSON data required'}), 400

        data = request.get_json()
        quantity = data.get("quantity")
        success, result = sell_serkripto(request.username, quantity)
        if not success:
            error_map = {
                "invalid_quantity": "Quantity must be a positive number",
                "user_not_found": "User not found",
                "market_unavailable": "Crypto market unavailable",
                "insufficient_crypto": "Insufficient crypto balance",
                "amount_too_small": "Quantity is too small"
            }
            status_map = {
                "user_not_found": 404,
                "market_unavailable": 503
            }
            return jsonify({
                "success": False,
                "error": error_map.get(result, "Sell operation failed"),
                "code": result
            }), status_map.get(result, 400)

        return jsonify({
            "success": True,
            "message": f"{SERKRIPTO_NAME} sold successfully",
            "trade": result
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/system/status', methods=['GET'])
@api_key_required
@api_roles_required(ROLE_ADMIN, ROLE_MANAGER)
def api_system_status():
    """API: Получить статус системы - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
    try:
        users = load_users()
        valid_users = [u for u in users.values() if isinstance(u, dict)]
        total_users = len(valid_users)
        total_balance = sum(u.get('balance', 0) for u in valid_users)
        total_deposit = sum(u.get('deposit', 0) for u in valid_users)
        total_credit = sum(u.get('credit', 0) for u in valid_users)
        total_serkripto = round(sum(get_user_serkripto_amount(u) for u in valid_users), 6)
        crypto_market = load_crypto_market()
        crypto_market, decayed = apply_serkripto_idle_decay(crypto_market)
        if decayed:
            save_crypto_market(crypto_market)
            ws_emit_crypto_market_event(crypto_market, "idle_decay")
        
        return jsonify({
            'success': True,
            'system_status': 'operational',
            'statistics': {
                'total_users': total_users,
                'total_balance': total_balance,
                'total_deposit': total_deposit,
                'total_credit': total_credit,
                'net_worth': total_balance + total_deposit - total_credit,
                'serkripto_user_holdings': total_serkripto
            },
            'crypto': {
                'name': crypto_market.get('name', SERKRIPTO_NAME),
                'symbol': crypto_market.get('symbol', SERKRIPTO_SYMBOL),
                'price_rub': crypto_market.get('price', 0)
            },
            'timestamp': int(time.time())
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

# ДОБАВЛЕННЫЕ API ЭНДПОИНТЫ

@app.route('/api/v1/users', methods=['GET'])
@api_key_required
@api_roles_required(ROLE_ADMIN)
def api_users():
    """API: Получить список пользователей (только для админов)"""
    try:
        users = load_users()
        
        safe_users = {}
        for username, user in users.items():
            if isinstance(user, dict):
                safe_user = user.copy()
                safe_user.pop('password', None)
                safe_users[username] = safe_user
        
        return jsonify({
            'success': True,
            'count': len(safe_users),
            'users': safe_users
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/health', methods=['GET'])
def api_health():
    """API: Проверка здоровья системы (не требует API ключа)"""
    try:
        files = [USERS_FILE, HISTORY_FILE, SHOP_FILE, PAYMENTS_FILE, JOURNAL_FILE, CLASSES_FILE, SUBJECTS_FILE, PARENT_LINKS_FILE, CRYPTO_FILE]
        file_status = {}
        
        for file in files:
            file_status[file] = os.path.exists(file)
        
        return jsonify({
            'success': True,
            'status': 'healthy',
            'timestamp': int(time.time()),
            'files': file_status,
            'message': 'System is operational'
        })
    except Exception as e:
        return jsonify({'success': False, 'status': 'unhealthy', 'error': str(e)}), 500

@app.route('/api/v1/shop/create_item', methods=['POST'])
@api_key_required
@api_roles_required(*SHOP_SELL_ROLES)
def api_create_shop_item():
    """API: Создать товар в магазине"""
    try:
        if not request.is_json:
            return jsonify({'success': False, 'error': 'JSON data required'}), 400
            
        data = request.get_json()
        title = data.get('title')
        description = data.get('description')
        price = data.get('price')
        category = data.get('category', 'other')
        
        if not title or not description or not price:
            return jsonify({'success': False, 'error': 'Title, description and price required'}), 400
        
        try:
            price_int = int(price)
            if price_int <= 0:
                return jsonify({'success': False, 'error': 'Price must be positive'}), 400
        except:
            return jsonify({'success': False, 'error': 'Invalid price'}), 400
        
        item_id = create_shop_item(request.username, title, description, price_int, category)
        
        return jsonify({
            'success': True,
            'message': f'Item "{title}" created successfully',
            'item_id': item_id
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

@app.route('/api/v1/shop/buy_item', methods=['POST'])
@api_key_required
@api_roles_required(*FINANCE_ROLES)
def api_buy_item():
    """API: Купить товар"""
    try:
        if not request.is_json:
            return jsonify({'success': False, 'error': 'JSON data required'}), 400
            
        data = request.get_json()
        item_id = data.get('item_id')
        
        if not item_id:
            return jsonify({'success': False, 'error': 'Item ID required'}), 400
        
        success, message = buy_item(item_id, request.username)
        
        return jsonify({
            'success': success,
            'message': message
        })
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)}), 500

# ---------- МАГАЗИН МАРШРУТЫ ----------
@app.route('/create_shop_item', methods=['POST'])
@login_required
@web_roles_required(*SHOP_SELL_ROLES)
def create_shop_item_route():
    """Создание товара в магазине"""
    title = request.form.get('title')
    description = request.form.get('description')
    price = request.form.get('price')
    category = request.form.get('category', 'other')
    
    if not title or not description or not price:
        return redirect('/dashboard')
    
    try:
        price_int = int(price)
        if price_int <= 0:
            return redirect('/dashboard')
    except:
        return redirect('/dashboard')
    
    item_id = create_shop_item(session['user'], title, description, price_int, category)
    
    return redirect('/dashboard')

@app.route('/create_advertisement', methods=['POST'])
@login_required
@web_roles_required(*SHOP_SELL_ROLES)
def create_advertisement_route():
    """Создание объявления"""
    title = request.form.get('title')
    content = request.form.get('content')
    contact_info = request.form.get('contact_info')
    
    if not title or not content or not contact_info:
        return redirect('/dashboard')
    
    ad_id = create_advertisement(session['user'], title, content, contact_info)
    
    return redirect('/dashboard')

@app.route('/buy_item/<item_id>', methods=['POST'])
@login_required
@web_roles_required(*FINANCE_ROLES)
def buy_item_route(item_id):
    """Покупка товара"""
    success, message = buy_item(item_id, session['user'])
    
    return redirect('/dashboard')

@app.route('/crypto/buy', methods=['POST'])
@login_required
@web_roles_required(*CRYPTO_ROLES)
def crypto_buy_route():
    amount = request.form.get('amount', '').strip()
    success, result = buy_serkripto(session['user'], amount)
    if success:
        return redirect('/dashboard?tab=crypto&crypto_status=buy_success')
    return redirect(f'/dashboard?tab=crypto&crypto_error={result}')

@app.route('/crypto/sell', methods=['POST'])
@login_required
@web_roles_required(*CRYPTO_ROLES)
def crypto_sell_route():
    quantity = request.form.get('quantity', '').strip()
    success, result = sell_serkripto(session['user'], quantity)
    if success:
        return redirect('/dashboard?tab=crypto&crypto_status=sell_success')
    return redirect(f'/dashboard?tab=crypto&crypto_error={result}')

# ---------- ПЛАТЕЖНЫЕ МАРШРУТЫ ----------
@app.route('/payment_page')
@login_required
@web_roles_required(*FINANCE_ROLES)
def payment_page():
    """Страница управления платежами"""
    created_payment = None
    created_payment_id = request.args.get('created', '').strip()
    if created_payment_id:
        created_payment = get_payment_by_id(created_payment_id)

    error_map = {
        "missing_fields": "Заполните получателя и сумму",
        "invalid_amount": "Сумма должна быть положительным числом",
        "receiver_not_found": "Получатель не найден",
        "payer_not_found": "Плательщик не найден",
        "payer_role_denied": "У выбранного плательщика нет доступа к оплате",
        "same_users": "Плательщик и получатель не должны совпадать"
    }
    error_message = error_map.get(request.args.get('error', '').strip(), "")
    return render_payment_page(created_payment=created_payment, error_message=error_message)

@app.route('/create_payment_link', methods=['POST'])
@login_required
@web_roles_required(*FINANCE_ROLES)
def create_payment_link():
    """Создание ссылки для оплаты"""
    receiver = request.form.get('receiver', '').strip()
    payer = request.form.get('payer', '').strip()
    amount = request.form.get('amount', '').strip()
    description = request.form.get('description', '').strip()

    if not receiver or not amount:
        return redirect('/payment_page?error=missing_fields')

    try:
        amount_int = int(amount)
        if amount_int <= 0:
            return redirect('/payment_page?error=invalid_amount')
    except:
        return redirect('/payment_page?error=invalid_amount')

    users = load_users()
    if receiver not in users:
        return redirect('/payment_page?error=receiver_not_found')

    allow_any_payer = False
    payer_for_payment = payer
    if payer:
        if payer not in users:
            return redirect('/payment_page?error=payer_not_found')
        if not has_role(users.get(payer, {}), FINANCE_ROLES):
            return redirect('/payment_page?error=payer_role_denied')
        if payer == receiver:
            return redirect('/payment_page?error=same_users')
    else:
        allow_any_payer = True
        payer_for_payment = "*"

    payment_id, payment_data = create_payment(
        payer=payer_for_payment,
        receiver=receiver,
        amount=amount_int,
        description=description,
        allow_any_payer=allow_any_payer,
        created_by=session['user']
    )
    
    return redirect(f'/payment_page?created={payment_id}')

@app.route('/pay/<payment_id>', methods=['GET'])
def pay_page(payment_id):
    """Страница оплаты для клиента"""
    return render_pay_page(payment_id)

@app.route('/process_payment/<payment_id>', methods=['POST'])
def process_payment_route(payment_id):
    """Обработка платежа (для неавторизованных пользователей)"""
    username = request.form.get('username', '').strip()
    password = request.form.get('password', '').strip()
    
    if not username or not password:
        return redirect(f'/pay/{payment_id}?error=invalid_credentials')
    
    # Проверяем логин и пароль
    users = load_users()
    user_data = users.get(username)
    
    if not user_data or user_data['password'] != password:
        return redirect(f'/pay/{payment_id}?error=invalid_credentials')

    if not has_role(user_data, FINANCE_ROLES):
        return redirect(f'/pay/{payment_id}?error=role_denied')
    
    # Проверяем, что пользователь является плательщиком
    payments = load_payments()
    payment = None
    for p in payments:
        if p["id"] == payment_id:
            payment = p
            break
    
    if not payment:
        return redirect(f'/pay/{payment_id}?error=payment_not_found')
    
    if not payment.get("allow_any_payer", False) and payment["payer"] != username:
        return redirect(f'/pay/{payment_id}?error=wrong_payer')
    
    # Выполняем платеж
    success, message = process_payment(payment_id, username)
    
    if success:
        return redirect(f'/pay/{payment_id}?paid=1')
    else:
        ws_emit_user(username, "payment.failed", {
            "payment_id": payment_id,
            "reason": message
        })
        ws_emit_system("payment.failed", {
            "payment_id": payment_id,
            "user": username,
            "reason": message,
            "source": "web"
        })
        error_map = {
            "Недостаточно средств": "insufficient_funds",
            "Платеж не найден": "payment_not_found",
            "Неверный плательщик": "wrong_payer",
            "Плательщик не найден": "payer_not_found",
            "Получатель не найден": "receiver_not_found",
            "Нельзя оплатить самому себе": "same_user"
        }
        error_code = error_map.get(message, "payment_failed")
        return redirect(f'/pay/{payment_id}?error={error_code}')

# ---------- ОСНОВНЫЕ МАРШРУТЫ ----------
@app.route('/', methods=['GET', 'POST'])
def login():
    if request.args.get("reset_2fa", "").strip():
        clear_pending_2fa_session()
        return render_login()

    if request.method == 'POST':
        users = load_users()
        login_step = request.form.get("login_step", "").strip().lower()

        if login_step == "2fa":
            pending_username = str(session.get("pending_2fa_user", "")).strip()
            if not pending_username or not is_pending_2fa_alive():
                clear_pending_2fa_session()
                return render_login("Срок подтверждения 2FA истек. Выполните вход снова.")

            user_data = users.get(pending_username)
            if not isinstance(user_data, dict):
                clear_pending_2fa_session()
                return render_login("Пользователь не найден. Выполните вход снова.")

            if not parse_bool(user_data.get("twofa_enabled", False)):
                clear_pending_2fa_session()
                return render_login("2FA уже отключена. Выполните вход по паролю.")

            twofa_secret = user_data.get("twofa_secret", "")
            if not twofa_secret:
                clear_pending_2fa_session()
                return render_login("Секрет 2FA отсутствует. Выполните вход снова.")

            twofa_code = request.form.get("twofa_code", "").strip()
            if not verify_totp_code(twofa_secret, twofa_code):
                return render_login("Неверный код 2FA", twofa_mode=True, username_hint=pending_username)

            session['user'] = pending_username
            clear_pending_2fa_session()
            ws_emit_user(pending_username, "auth.login", {"username": pending_username, "twofa": True})
            ws_emit_system("auth.login", {"username": pending_username, "twofa": True})
            ws_emit_balance_update(pending_username)
            return redirect('/dashboard')

        username = request.form.get('username', '').strip()
        password = request.form.get('password', '').strip()

        if not username or not password:
            clear_pending_2fa_session()
            return render_login("Введите логин и пароль")

        user_data = users.get(username)
        if user_data and isinstance(user_data, dict) and user_data['password'] == password:
            if parse_bool(user_data.get("twofa_enabled", False)) and user_data.get("twofa_secret"):
                session["pending_2fa_user"] = username
                session["pending_2fa_started"] = int(time.time())
                return render_login(twofa_mode=True, username_hint=username)

            session['user'] = username
            clear_pending_2fa_session()
            ws_emit_user(username, "auth.login", {"username": username})
            ws_emit_system("auth.login", {"username": username})
            ws_emit_balance_update(username)
            return redirect('/dashboard')

        clear_pending_2fa_session()
        return render_login("Неверный логин или пароль")

    if session.get("pending_2fa_user"):
        if is_pending_2fa_alive():
            return render_login(twofa_mode=True, username_hint=session.get("pending_2fa_user"))
        clear_pending_2fa_session()

    return render_login()

@app.route('/register', methods=['GET', 'POST'])
def register():
    if request.method == 'POST':
        users = load_users()
        username = request.form.get('username', '').strip()
        
        if username in users:
            return render_register().replace('</form>',
                '<div class="alert alert-danger mt-3">Пользователь уже существует</div></form>')
        
        user_data = {
            'password': request.form.get('password'),
            'balance': 1000,
            'deposit': 0,
            'credit': 0,
            'serkripto': 0.0,
            'role': ROLE_CLIENT,
            'full_name': f"{request.form.get('first_name')} {request.form.get('last_name')}",
            'email': request.form.get('email'),
            'api_key': None,
            'twofa_enabled': False,
            'twofa_secret': ""
        }
        
        users[username] = user_data
        save_users(users)
        
        session['user'] = username
        ws_emit_user(username, "auth.register", {"username": username})
        ws_emit_system("auth.register", {"username": username})
        ws_emit_balance_update(username)
        return redirect('/dashboard')
    
    return render_register()

@app.route('/dashboard')
@login_required
def dashboard():
    users = load_users()
    history = load_history()
    
    if session['user'] not in users:
        session.clear()
        return redirect('/')
    
    user_data = users[session['user']]
    user_history = [h for h in history if h['user'] == session['user']]
    shop_data = load_shop()
    crypto_market = load_crypto_market()
    crypto_flash = None

    crypto_status = request.args.get('crypto_status', '').strip()
    crypto_error = request.args.get('crypto_error', '').strip()
    crypto_status_map = {
        "buy_success": "Покупка SerKripto выполнена",
        "sell_success": "Продажа SerKripto выполнена"
    }
    crypto_error_map = {
        "invalid_amount": "Введите корректную сумму покупки",
        "invalid_quantity": "Введите корректное количество монет",
        "insufficient_funds": "Недостаточно рублей для покупки",
        "insufficient_crypto": "Недостаточно SerKripto на кошельке",
        "market_unavailable": "Рынок SerKripto временно недоступен",
        "user_not_found": "Пользователь не найден",
        "amount_too_small": "Слишком маленький объем операции"
    }

    if crypto_status in crypto_status_map:
        crypto_flash = {"class": "success", "text": crypto_status_map[crypto_status]}
    elif crypto_error in crypto_error_map:
        crypto_flash = {"class": "danger", "text": crypto_error_map[crypto_error]}

    requested_tab = request.args.get('tab', '').strip().lower()

    return render_dashboard(
        user_data,
        user_history[-20:],
        shop_data,
        crypto_market=crypto_market,
        crypto_flash=crypto_flash,
        active_tab=requested_tab or "services"
    )

@app.route('/generate_api_key', methods=['POST'])
@login_required
@web_roles_required(*FINANCE_ROLES)
def generate_api_key_route():
    users = load_users()
    user = users.get(session['user'])
    if user and isinstance(user, dict):
        user['api_key'] = generate_api_key()
        save_users(users)
        add_history(session['user'], 'generate_api_key', 0)
    return redirect('/dashboard')

@app.route('/deposit', methods=['POST'])
@login_required
@web_roles_required(*FINANCE_ROLES)
def deposit():
    users = load_users()
    user = users.get(session['user'])
    
    try:
        amount = int(request.form.get('amount', 0))
        if amount > 0 and user and user['balance'] >= amount:
            user['balance'] -= amount
            user['deposit'] += amount
            save_users(users)
            add_history(session['user'], 'deposit', amount)
    except:
        pass
    
    return redirect('/dashboard')

@app.route('/credit', methods=['POST'])
@login_required
@web_roles_required(*CREDIT_ROLES)
def credit():
    users = load_users()
    user = users.get(session['user'])
    
    try:
        amount = int(request.form.get('amount', 0))
        if amount > 0 and user:
            user['balance'] += amount
            user['credit'] += amount
            save_users(users)
            add_history(session['user'], 'credit', amount)
    except:
        pass
    
    return redirect('/dashboard')

@app.route('/transfer', methods=['POST'])
@login_required
@web_roles_required(*FINANCE_ROLES)
def transfer():
    users = load_users()
    sender = session['user']
    
    try:
        target = request.form.get('target')
        amount = int(request.form.get('amount', 0))
        
        sender_data = users.get(sender)
        target_data = users.get(target)
        
        if (amount > 0 and target_data and target != sender and 
            sender_data and sender_data['balance'] >= amount):
            sender_data['balance'] -= amount
            target_data['balance'] += amount
            save_users(users)
            add_history(sender, 'transfer', amount, target)
            add_history(target, 'transfer_received', amount, sender)
            ws_emit_balance_update(target)
            ws_emit_user(target, "transfer.received", {
                "from": sender,
                "amount": amount
            })
            ws_emit_system("transfer.completed", {
                "from": sender,
                "to": target,
                "amount": amount,
                "source": "web"
            })
    except Exception as e:
        print(f"Transfer error: {e}")
        pass
    
    return redirect('/dashboard')

# ---------- АДМИН МАРШРУТЫ (ИСПРАВЛЕННЫЕ) ----------
@app.route('/admin')
@admin_required
def admin():
    users = load_users()
    return render_admin_panel(users)

@app.route('/admin/change_role', methods=['POST'])
@admin_required
def admin_change_role():
    users = load_users()
    username = request.form.get('username')
    new_role = normalize_role(request.form.get('role'))
    
    if username in users and username != session['user'] and isinstance(users[username], dict):
        users[username]['role'] = new_role
        save_users(users)
        add_history(session['user'], 'change_role', 0, f"{username}->{new_role}")
        ws_emit_user(username, "role.changed", {"role": new_role})
        ws_emit_system("role.changed", {
            "username": username,
            "role": new_role,
            "by": session.get("user")
        })
    
    return redirect('/admin')

@app.route('/admin/add_money', methods=['POST'])
@admin_required
def admin_add_money():
    users = load_users()
    username = request.form.get('username')
    amount = int(request.form.get('amount', 0))
    
    if username in users and amount > 0 and isinstance(users[username], dict):
        users[username]['balance'] += amount
        save_users(users)
        add_history(session['user'], 'add_money', amount, username)
        ws_emit_balance_update(username)
        ws_emit_user(username, "admin.add_money", {
            "amount": amount,
            "by": session.get("user")
        })
        ws_emit_system("admin.add_money", {
            "username": username,
            "amount": amount,
            "by": session.get("user")
        })
    
    return redirect('/admin')

@app.route('/logout')
def logout():
    username = session.get('user')
    if username:
        ws_emit_user(username, "auth.logout", {"username": username})
        ws_emit_system("auth.logout", {"username": username})
    session.clear()
    return redirect('/')

# ---------- API ДОКУМЕНТАЦИЯ ----------
@app.route('/api/docs')
def api_docs():
    """Страница с документацией API"""
    return '''
<!DOCTYPE html>
<html lang="ru">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>API Документация</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
    <style>
        body {
            font-family: "Segoe UI", Tahoma, Geneva, Verdana, sans-serif;
            background: #f5f7fb;
            padding: 20px;
        }
        .code-block {
            background: #1e1e1e;
            color: #d4d4d4;
            padding: 15px;
            border-radius: 5px;
            font-family: "Courier New", monospace;
            overflow-x: auto;
            margin: 10px 0;
        }
        .endpoint {
            background: white;
            border-radius: 10px;
            padding: 20px;
            margin-bottom: 20px;
            box-shadow: 0 3px 10px rgba(0,0,0,0.05);
            border-left: 4px solid #4361ee;
        }
    </style>
</head>
<body>
    <div class="container">
        <div class="row">
            <div class="col-12">
                <div class="card mb-4">
                    <div class="card-body">
                        <h1 class="card-title"><i class="fas fa-code me-2"></i>Документация API</h1>
                        <p class="card-text">Используйте API для интеграции банковских услуг в ваши приложения.</p>
                        
                        <h3 class="mt-4">Базовый URL</h3>
                        <div class="code-block">
                            http://localhost:5000/api/v1/
                        </div>
                        
                        <h3 class="mt-4">Аутентификация</h3>
                        <p>Для использования API необходим API ключ. Получите его в личном кабинете.</p>
                        <p>Передавайте ключ одним из способов:</p>
                        
                        <h5>Заголовок HTTP:</h5>
                        <div class="code-block">
                            X-API-Key: ваш_api_ключ
                        </div>
                        
                        <h5>Параметр запроса:</h5>
                        <div class="code-block">
                            ?api_key=ваш_api_ключ
                        </div>
                        
                        <h5>JSON тело запроса:</h5>
                        <div class="code-block">
                            {
                                "api_key": "ваш_api_ключ",
                                ...
                            }
                        </div>
                        
                        <h3 class="mt-4">Доступные эндпоинты</h3>
                        
                        <div class="endpoint">
                            <h5><span class="badge bg-success">GET</span> /api/v1/health</h5>
                            <p>Проверка здоровья системы (не требует API ключа)</p>
                            <div class="code-block">
curl http://localhost:5000/api/v1/health
                            </div>
                        </div>
                        
                        <div class="endpoint">
                            <h5><span class="badge bg-info">GET</span> /api/v1/balance</h5>
                            <p>Получить информацию о балансе пользователя</p>
                            <div class="code-block">
curl -H "X-API-Key: ваш_ключ" http://localhost:5000/api/v1/balance
                            </div>
                        </div>
                        
                        <div class="endpoint">
                            <h5><span class="badge bg-info">GET</span> /api/v1/history?limit=50</h5>
                            <p>Получить историю операций (опциональный параметр limit)</p>
                        </div>
                        
                        <div class="endpoint">
                            <h5><span class="badge bg-success">POST</span> /api/v1/deposit</h5>
                            <p>Открыть вклад. Требуется JSON: {"amount": 100}</p>
                            <div class="code-block">
curl -X POST -H "X-API-Key: ваш_ключ" -H "Content-Type: application/json"<br>
     -d "{\\"amount\\": 100}" http://localhost:5000/api/v1/deposit
                            </div>
                        </div>
                        
                        <div class="endpoint">
                            <h5><span class="badge bg-success">POST</span> /api/v1/credit</h5>
                            <p>Взять кредит. Требуется JSON: {"amount": 100}</p>
                        </div>
                        
                        <div class="endpoint">
                            <h5><span class="badge bg-success">POST</span> /api/v1/transfer</h5>
                            <p>Сделать перевод. Требуется JSON: {"target": "username", "amount": 100}</p>
                        </div>
                        
                        <div class="endpoint">
                            <h5><span class="badge bg-info">GET</span> /api/v1/shop/items</h5>
                            <p>Получить список товаров в магазине</p>
                        </div>

                        <div class="endpoint">
                            <h5><span class="badge bg-info">GET</span> /api/v1/crypto</h5>
                            <p>Получить текущий курс SerKripto и баланс монет пользователя</p>
                        </div>

                        <div class="endpoint">
                            <h5><span class="badge bg-success">POST</span> /api/v1/crypto/buy</h5>
                            <p>Купить SerKripto. Требуется JSON: {"amount": 1000}</p>
                        </div>

                        <div class="endpoint">
                            <h5><span class="badge bg-success">POST</span> /api/v1/crypto/sell</h5>
                            <p>Продать SerKripto. Требуется JSON: {"quantity": 0.25}</p>
                        </div>
                        
                        <div class="endpoint">
                            <h5><span class="badge bg-success">POST</span> /api/v1/payment/create</h5>
                            <p>Создать платеж. Требуется JSON: {"receiver": "...", "amount": 100, "description": "..."}</p>
                        </div>
                        
                        <div class="endpoint">
                            <h5><span class="badge bg-info">GET</span> /api/v1/payment/status/{payment_id}</h5>
                            <p>Получить статус платежа</p>
                        </div>

                        <div class="endpoint">
                            <h5><span class="badge bg-info">GET</span> /api/v1/system/status</h5>
                            <p>Получить статус системы</p>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </div>
</body>
</html>
'''
# ================= ДЕКОРАТОР УЧИТЕЛЯ =================
def teacher_required(f):
    return web_roles_required(*JOURNAL_ROLES)(f)

def student_required(f):
    return web_roles_required(ROLE_STUDENT, ROLE_ADMIN)(f)

def parent_required(f):
    return web_roles_required(ROLE_PARENT, ROLE_ADMIN)(f)

def manager_required(f):
    return web_roles_required(ROLE_MANAGER, ROLE_ADMIN)(f)

def get_student_class(student):
    classes = load_classes()
    for class_name, students in classes.items():
        if student in students:
            return class_name
    return "-"

def get_student_stats(student):
    journal = load_journal()
    users = load_users()
    subjects = journal.get(student, {})
    all_grades = []
    for grades in subjects.values():
        all_grades.extend(grades)

    avg = round(sum(all_grades) / len(all_grades), 2) if all_grades else 0
    grade_count = len(all_grades)
    finance_delta = sum(calculate_money_for_grade(g) for g in all_grades)
    current_balance = users.get(student, {}).get("balance", 0)

    return {
        "avg": avg,
        "grade_count": grade_count,
        "finance_delta": finance_delta,
        "current_balance": current_balance,
        "subjects": subjects
    }

def get_grade_events_from_history(student):
    history = load_history()
    events = []

    pattern = re.compile(r"^(.*?):\s*оценка\s*([2-5])\s*\(([+-]?\d+)\)")
    for item in history:
        if item.get("user") != student or item.get("action") != "grade_update":
            continue

        target = str(item.get("target", ""))
        match = pattern.match(target)
        if match:
            subject = match.group(1).strip() or "Предмет"
            grade = int(match.group(2))
            delta = int(match.group(3))
        else:
            subject = "Предмет"
            grade = 0
            delta = 0

        events.append({
            "time": int(item.get("time", 0)),
            "subject": subject,
            "grade": grade,
            "delta": delta
        })

    events.sort(key=lambda x: x["time"])
    return events

def render_student_panel(student_username):
    users = load_users()
    if student_username not in users:
        return "Ученик не найден", 404

    stats = get_student_stats(student_username)
    class_name = get_student_class(student_username)
    grade_events = get_grade_events_from_history(student_username)

    subject_rows = ""
    for subject, grades in stats["subjects"].items():
        subject_avg = round(sum(grades) / len(grades), 2) if grades else 0
        subject_rows += f"""
        <tr>
            <td>{subject}</td>
            <td>{', '.join(map(str, grades)) if grades else '-'}</td>
            <td>{subject_avg}</td>
        </tr>
        """

    if not subject_rows:
        subject_rows = "<tr><td colspan='3'>Нет оценок</td></tr>"

    timeline_rows = ""
    labels = []
    grades_series = []
    avg_series = []
    money_series = []
    positive_total = 0
    negative_total = 0
    cumulative_money = 0
    running_grades = []

    for index, event in enumerate(grade_events, start=1):
        event_time = datetime.fromtimestamp(event["time"]).strftime("%d.%m.%Y %H:%M") if event["time"] else "-"
        delta = int(event["delta"])
        cumulative_money += delta
        if delta >= 0:
            positive_total += delta
            delta_color = "text-success"
            delta_text = f"+{delta}"
        else:
            negative_total += abs(delta)
            delta_color = "text-danger"
            delta_text = str(delta)

        timeline_rows += f"""
        <tr>
            <td>{index}</td>
            <td>{event_time}</td>
            <td>{event['subject']}</td>
            <td>{event['grade'] if event['grade'] else '-'}</td>
            <td class="{delta_color}"><b>{delta_text}</b></td>
            <td><b>{cumulative_money}</b></td>
        </tr>
        """

        labels.append(index)
        if event["grade"]:
            running_grades.append(event["grade"])
            grades_series.append(event["grade"])
            avg_series.append(round(sum(running_grades) / len(running_grades), 2))
        else:
            grades_series.append(None)
            avg_series.append(avg_series[-1] if avg_series else 0)
        money_series.append(cumulative_money)

    if not timeline_rows:
        timeline_rows = "<tr><td colspan='6'>Пока нет оценок и начислений</td></tr>"

    if not labels:
        labels = [1]
        grades_series = [None]
        avg_series = [0]
        money_series = [0]

    net_money = positive_total - negative_total
    stats_net = stats["finance_delta"]
    if not grade_events and stats_net != 0:
        net_money = stats_net
        if stats_net > 0:
            positive_total = stats_net
        else:
            negative_total = abs(stats_net)

    net_color = "text-success" if net_money >= 0 else "text-danger"
    current_role = get_user_role(users.get(session.get("user"), {}))
    role_view = "Панель ученика"
    back_link = "/dashboard"
    if current_role == ROLE_ADMIN:
        role_view = "Панель ученика (режим администратора)"
    elif current_role == ROLE_PARENT:
        role_view = "Панель ученика (просмотр родителя)"
        back_link = "/parent_panel"
    elif current_role == ROLE_MANAGER:
        role_view = "Панель ученика (просмотр менеджера)"
        back_link = "/manager_panel"

    return f"""
    <!DOCTYPE html>
    <html lang="ru">
    <head>
      <meta charset="UTF-8">
      <meta name="viewport" content="width=device-width, initial-scale=1.0">
      <title>Панель ученика</title>
      <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
      <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
      <style>
        body {{
          background: linear-gradient(180deg, #f6f9ff 0%, #eef3ff 100%);
          font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
        }}
        .top-card {{
          background: linear-gradient(135deg, #1d4ed8, #2563eb);
          color: white;
          border-radius: 18px;
          padding: 24px;
          box-shadow: 0 12px 26px rgba(37, 99, 235, 0.28);
        }}
        .metric {{
          background: white;
          border-radius: 14px;
          padding: 16px;
          border: 1px solid #e6ecff;
          box-shadow: 0 5px 14px rgba(60, 90, 170, 0.1);
          height: 100%;
        }}
        .table-card {{
          background: white;
          border-radius: 14px;
          padding: 16px;
          border: 1px solid #e6ecff;
          box-shadow: 0 5px 14px rgba(60, 90, 170, 0.1);
          margin-top: 16px;
        }}
        .badge-soft {{
          background: #e6f0ff;
          color: #1d4ed8;
          border-radius: 999px;
          padding: 6px 10px;
          font-weight: 700;
        }}
      </style>
    </head>
    <body>
      <div class="container py-4">
        <div class="top-card mb-4">
          <div class="d-flex justify-content-between align-items-center flex-wrap gap-2">
            <div>
              <h3 class="mb-1"><i class="fas fa-user-graduate me-2"></i>{role_view}</h3>
              <div class="opacity-75">Ученик: <b>{student_username}</b> | Класс: <b>{class_name}</b></div>
            </div>
            <div class="d-flex gap-2">
              <a href="{back_link}" class="btn btn-light btn-sm"><i class="fas fa-arrow-left me-1"></i>Назад</a>
              <a href="/logout" class="btn btn-outline-light btn-sm">Выход</a>
            </div>
          </div>
        </div>

        <div class="row g-3">
          <div class="col-md-4">
            <div class="metric">
              <div class="text-muted">Средний балл</div>
              <h3 class="mb-0">{stats['avg']}</h3>
              <small class="text-muted">Оценок: {stats['grade_count']}</small>
            </div>
          </div>
          <div class="col-md-4">
            <div class="metric">
              <div class="text-muted">Деньги за оценки (всего)</div>
              <h3 class="mb-0 {net_color}">{'+' if net_money >= 0 else ''}{net_money}</h3>
              <small class="text-success me-2">Получено: +{positive_total}</small>
              <small class="text-danger">Списано: -{negative_total}</small>
            </div>
          </div>
          <div class="col-md-4">
            <div class="metric">
              <div class="text-muted">Текущий баланс счета</div>
              <h3 class="mb-0">{stats['current_balance']}</h3>
              <small class="text-muted">Банковский баланс аккаунта</small>
            </div>
          </div>
        </div>

        <div class="table-card">
          <div class="d-flex justify-content-between align-items-center mb-3">
            <h5 class="mb-0"><i class="fas fa-chart-line me-2"></i>Графики</h5>
            <span class="badge-soft">Динамика оценок и денег</span>
          </div>
          <div class="row g-4">
            <div class="col-lg-6"><canvas id="gradesChart" height="180"></canvas></div>
            <div class="col-lg-6"><canvas id="moneyChart" height="180"></canvas></div>
          </div>
        </div>

        <div class="row g-3">
          <div class="col-lg-5">
            <div class="table-card">
              <h5><i class="fas fa-book me-2"></i>Оценки по предметам</h5>
              <div class="table-responsive">
                <table class="table table-sm align-middle">
                  <thead><tr><th>Предмет</th><th>Оценки</th><th>Средний</th></tr></thead>
                  <tbody>{subject_rows}</tbody>
                </table>
              </div>
            </div>
          </div>
          <div class="col-lg-7">
            <div class="table-card">
              <h5><i class="fas fa-history me-2"></i>История начислений за оценки</h5>
              <div class="table-responsive">
                <table class="table table-sm align-middle">
                  <thead>
                    <tr><th>#</th><th>Дата</th><th>Предмет</th><th>Оценка</th><th>Изменение</th><th>Итог</th></tr>
                  </thead>
                  <tbody>{timeline_rows}</tbody>
                </table>
              </div>
            </div>
          </div>
        </div>
      </div>

      <script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
      <script>
        const labels = {json.dumps(labels)};
        const grades = {json.dumps(grades_series)};
        const avgGrades = {json.dumps(avg_series)};
        const money = {json.dumps(money_series)};

        new Chart(document.getElementById('gradesChart'), {{
          type: 'line',
          data: {{
            labels,
            datasets: [
              {{ label: 'Оценка', data: grades, borderColor: '#2563eb', tension: 0.25 }},
              {{ label: 'Средний балл', data: avgGrades, borderColor: '#16a34a', tension: 0.25 }}
            ]
          }},
          options: {{ scales: {{ y: {{ min: 2, max: 5, ticks: {{ stepSize: 1 }} }} }} }}
        }});

        new Chart(document.getElementById('moneyChart'), {{
          type: 'line',
          data: {{
            labels,
            datasets: [{{ label: 'Деньги за оценки', data: money, borderColor: '#f59e0b', tension: 0.25 }}]
          }}
        }});
      </script>
    </body>
    </html>
    """

def render_parent_panel(parent_username):
    users = load_users()
    if parent_username not in users:
        return "Родитель не найден", 404

    children = get_parent_children(parent_username)
    class_map = load_classes()
    journal = load_journal()

    children_rows = ""
    for child in children:
        if child not in users:
            continue
        stats = get_student_stats(child)
        class_name = get_student_class(child)
        net = stats["finance_delta"]
        net_text = f"+{net}" if net >= 0 else str(net)
        net_class = "text-success" if net >= 0 else "text-danger"
        children_rows += f"""
        <tr>
          <td><b>{child}</b></td>
          <td>{class_name}</td>
          <td>{stats['avg']}</td>
          <td>{stats['grade_count']}</td>
          <td class="{net_class}"><b>{net_text}</b></td>
          <td>
            <a href="/parent/student/{child}" class="btn btn-sm btn-outline-primary">Открыть</a>
            <form action="/parent/remove_child/{child}" method="post" style="display:inline;">
              <button class="btn btn-sm btn-outline-danger">Удалить</button>
            </form>
          </td>
        </tr>
        """
    if not children_rows:
        children_rows = "<tr><td colspan='6' class='text-center text-muted'>Пока не добавлены дети</td></tr>"

    # Кандидаты для быстрого добавления ребенка
    linked = set(children)
    student_candidates = []
    for username, user_data in users.items():
        if not isinstance(user_data, dict):
            continue
        role = get_user_role(user_data)
        in_classes = any(username in students for students in class_map.values())
        in_journal = username in journal
        if role == ROLE_STUDENT or in_classes or in_journal:
            if username not in linked and username != parent_username:
                student_candidates.append(username)
    student_candidates = sorted(set(student_candidates))

    options = '<option value="" selected disabled>Выберите ученика</option>'
    for student_name in student_candidates:
        options += f'<option value="{student_name}">{student_name}</option>'
    if not student_candidates:
        options = '<option value="" selected disabled>Нет доступных учеников</option>'

    return f"""
    <!DOCTYPE html>
    <html lang="ru">
    <head>
      <meta charset="UTF-8">
      <meta name="viewport" content="width=device-width, initial-scale=1.0">
      <title>Панель родителя</title>
      <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
      <style>
        body {{ background: #f5f8ff; font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif; }}
        .hero {{ background: linear-gradient(135deg, #0f766e, #0ea5e9); color: #fff; border-radius: 16px; padding: 22px; }}
        .cardx {{ background: #fff; border-radius: 14px; border: 1px solid #e5ecff; box-shadow: 0 6px 16px rgba(41,72,150,0.12); }}
      </style>
    </head>
    <body>
      <div class="container py-4">
        <div class="hero mb-3">
          <div class="d-flex justify-content-between align-items-center flex-wrap gap-2">
            <div>
              <h3 class="mb-1">Панель родителя</h3>
              <div class="opacity-75">Профиль: <b>{parent_username}</b></div>
            </div>
            <div class="d-flex gap-2">
              <a href="/dashboard" class="btn btn-light btn-sm">Назад</a>
              <a href="/logout" class="btn btn-outline-light btn-sm">Выход</a>
            </div>
          </div>
        </div>

        <div class="cardx p-3 mb-3">
          <h5>Добавить ребенка по логину</h5>
          <form method="post" action="/parent/add_child" class="row g-2">
            <div class="col-md-8">
              <select name="student" class="form-select" required>
                {options}
              </select>
            </div>
            <div class="col-md-4">
              <button class="btn btn-primary w-100">Добавить</button>
            </div>
          </form>
        </div>

        <div class="cardx p-3">
          <h5>Дети и их успеваемость</h5>
          <div class="table-responsive">
            <table class="table align-middle">
              <thead>
                <tr>
                  <th>Ученик</th><th>Класс</th><th>Средний</th><th>Оценок</th><th>Деньги за оценки</th><th>Действия</th>
                </tr>
              </thead>
              <tbody>
                {children_rows}
              </tbody>
            </table>
          </div>
        </div>
      </div>
    </body>
    </html>
    """

def render_manager_panel(manager_username):
    users = load_users()
    payments = load_payments()
    journal = load_journal()
    classes = load_classes()
    history = load_history()
    shop_data = load_shop()

    valid_users = {u: d for u, d in users.items() if isinstance(d, dict)}
    role_counts = {role: 0 for role in sorted(VALID_ROLES)}
    total_balance = 0
    for _, user_data in valid_users.items():
        role_counts[get_user_role(user_data)] += 1
        total_balance += int(user_data.get("balance", 0))

    payment_total = len(payments)
    payment_pending = len([p for p in payments if p.get("status") == "pending"])
    payment_completed = len([p for p in payments if p.get("status") == "completed"])

    recent_payments_rows = ""
    for payment in sorted(payments, key=lambda x: x.get("created", 0), reverse=True)[:20]:
        created = datetime.fromtimestamp(payment.get("created", 0)).strftime("%d.%m.%Y %H:%M")
        recent_payments_rows += f"""
        <tr>
          <td>{payment.get('id')}</td>
          <td>{payment.get('payer')}</td>
          <td>{payment.get('receiver')}</td>
          <td>{payment.get('amount')}</td>
          <td>{payment.get('status')}</td>
          <td>{created}</td>
        </tr>
        """
    if not recent_payments_rows:
        recent_payments_rows = "<tr><td colspan='6' class='text-center text-muted'>Нет платежей</td></tr>"

    students_set = set(journal.keys())
    for _, students in classes.items():
        students_set.update(students)
    for username, user_data in valid_users.items():
        if get_user_role(user_data) == ROLE_STUDENT:
            students_set.add(username)

    top_students = []
    for student in students_set:
        stats = get_student_stats(student)
        top_students.append({
            "student": student,
            "avg": stats["avg"],
            "grades": stats["grade_count"],
            "finance": stats["finance_delta"],
            "class_name": get_student_class(student)
        })
    top_students.sort(key=lambda x: (x["avg"], x["grades"], x["finance"]), reverse=True)

    top_students_rows = ""
    for i, item in enumerate(top_students[:10], start=1):
        top_students_rows += f"""
        <tr>
          <td>{i}</td>
          <td><a href="/manager/student/{item['student']}">{item['student']}</a></td>
          <td>{item['class_name']}</td>
          <td>{item['avg']}</td>
          <td>{item['grades']}</td>
          <td>{item['finance']}</td>
        </tr>
        """
    if not top_students_rows:
        top_students_rows = "<tr><td colspan='6' class='text-center text-muted'>Нет данных об учениках</td></tr>"

    role_rows = ""
    for role_name in sorted(role_counts.keys()):
        role_rows += f"<tr><td>{role_name}</td><td>{role_counts[role_name]}</td></tr>"

    recent_ops_rows = ""
    for op in sorted(history, key=lambda x: x.get("time", 0), reverse=True)[:15]:
        op_time = datetime.fromtimestamp(op.get("time", 0)).strftime("%d.%m.%Y %H:%M")
        recent_ops_rows += f"""
        <tr>
          <td>{op_time}</td>
          <td>{op.get('user')}</td>
          <td>{op.get('action')}</td>
          <td>{op.get('amount')}</td>
          <td>{op.get('target', '-')}</td>
        </tr>
        """
    if not recent_ops_rows:
        recent_ops_rows = "<tr><td colspan='5' class='text-center text-muted'>Нет операций</td></tr>"

    return f"""
    <!DOCTYPE html>
    <html lang="ru">
    <head>
      <meta charset="UTF-8">
      <meta name="viewport" content="width=device-width, initial-scale=1.0">
      <title>Панель менеджера</title>
      <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
      <style>
        body {{ background: #f5f7fb; font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif; }}
        .hero {{ background: linear-gradient(135deg, #7c3aed, #2563eb); color: #fff; border-radius: 16px; padding: 22px; }}
        .metric {{ background: #fff; border-radius: 14px; border: 1px solid #e6ebff; box-shadow: 0 6px 16px rgba(50,70,150,0.12); padding: 16px; height: 100%; }}
        .cardx {{ background: #fff; border-radius: 14px; border: 1px solid #e6ebff; box-shadow: 0 6px 16px rgba(50,70,150,0.12); padding: 16px; margin-top: 14px; }}
      </style>
    </head>
    <body>
      <div class="container py-4">
        <div class="hero mb-3">
          <div class="d-flex justify-content-between align-items-center flex-wrap gap-2">
            <div>
              <h3 class="mb-1">Панель менеджера</h3>
              <div class="opacity-75">Пользователь: <b>{manager_username}</b></div>
            </div>
            <div class="d-flex gap-2">
              <a href="/dashboard" class="btn btn-light btn-sm">Назад</a>
              <a href="/logout" class="btn btn-outline-light btn-sm">Выход</a>
            </div>
          </div>
        </div>

        <div class="row g-3">
          <div class="col-md-3"><div class="metric"><div class="text-muted">Пользователи</div><h3>{len(valid_users)}</h3></div></div>
          <div class="col-md-3"><div class="metric"><div class="text-muted">Общий баланс</div><h3>{total_balance}</h3></div></div>
          <div class="col-md-3"><div class="metric"><div class="text-muted">Платежей всего</div><h3>{payment_total}</h3></div></div>
          <div class="col-md-3"><div class="metric"><div class="text-muted">Платежей pending/completed</div><h3>{payment_pending}/{payment_completed}</h3></div></div>
        </div>

        <div class="row g-3">
          <div class="col-lg-4">
            <div class="cardx">
              <h5>Роли в системе</h5>
              <table class="table table-sm">
                <thead><tr><th>Роль</th><th>Количество</th></tr></thead>
                <tbody>{role_rows}</tbody>
              </table>
            </div>
          </div>
          <div class="col-lg-8">
            <div class="cardx">
              <h5>Топ учеников</h5>
              <table class="table table-sm align-middle">
                <thead><tr><th>#</th><th>Ученик</th><th>Класс</th><th>Средний</th><th>Оценок</th><th>Деньги</th></tr></thead>
                <tbody>{top_students_rows}</tbody>
              </table>
            </div>
          </div>
        </div>

        <div class="cardx">
          <h5>Последние платежи</h5>
          <div class="table-responsive">
            <table class="table table-sm align-middle">
              <thead><tr><th>ID</th><th>Плательщик</th><th>Получатель</th><th>Сумма</th><th>Статус</th><th>Дата</th></tr></thead>
              <tbody>{recent_payments_rows}</tbody>
            </table>
          </div>
        </div>

        <div class="cardx">
          <h5>Последние операции</h5>
          <div class="table-responsive">
            <table class="table table-sm align-middle">
              <thead><tr><th>Дата</th><th>Пользователь</th><th>Действие</th><th>Сумма</th><th>Цель</th></tr></thead>
              <tbody>{recent_ops_rows}</tbody>
            </table>
          </div>
        </div>

        <div class="text-muted small mt-2">
          Товаров в магазине: {len(shop_data.get('items', []))} | Объявлений: {len(shop_data.get('ads', []))}
        </div>
      </div>
    </body>
    </html>
    """

@app.route("/teacher")
@login_required
@teacher_required
def teacher_panel():
    return redirect("/journal")

@app.route("/student_panel")
@login_required
@student_required
def student_panel():
    current_role = get_user_role(load_users().get(session.get("user"), {}))
    student_username = session.get("user")

    if current_role == ROLE_ADMIN:
        requested_student = request.args.get("student", "").strip()
        if requested_student:
            student_username = requested_student

    return render_student_panel(student_username)

@app.route("/parent_panel")
@login_required
@parent_required
def parent_panel():
    users = load_users()
    current_user = session.get("user")
    current_role = get_user_role(users.get(current_user, {}))

    parent_username = current_user
    if current_role == ROLE_ADMIN:
        requested_parent = request.args.get("parent", "").strip()
        if requested_parent in users:
            parent_username = requested_parent

    return render_parent_panel(parent_username)

@app.route("/parent/add_child", methods=['POST'])
@login_required
@parent_required
def parent_add_child():
    users = load_users()
    links = load_parent_links()
    classes = load_classes()
    journal = load_journal()

    current_user = session.get("user")
    current_role = get_user_role(users.get(current_user, {}))
    parent_username = current_user

    if current_role == ROLE_ADMIN:
        requested_parent = request.form.get("parent", "").strip()
        if requested_parent in users:
            parent_username = requested_parent

    student = request.form.get("student", "").strip()
    if not student:
        return redirect("/parent_panel")
    if student not in users:
        return redirect("/parent_panel")

    student_role = get_user_role(users.get(student, {}))
    in_classes = any(student in students for students in classes.values())
    in_journal = student in journal
    if student_role != ROLE_STUDENT and not in_classes and not in_journal:
        return redirect("/parent_panel")

    links.setdefault(parent_username, [])
    if student not in links[parent_username]:
        links[parent_username].append(student)
        save_parent_links(links)
        ws_emit_user(parent_username, "parent.child_added", {"student": student})
        ws_emit_user(student, "parent.linked", {"parent": parent_username})
        ws_emit_system("parent.child_added", {
            "parent": parent_username,
            "student": student
        })

    return redirect("/parent_panel")

@app.route("/parent/remove_child/<student>", methods=['POST'])
@login_required
@parent_required
def parent_remove_child(student):
    links = load_parent_links()
    parent_username = session.get("user")
    if parent_username in links and student in links[parent_username]:
        links[parent_username] = [s for s in links[parent_username] if s != student]
        save_parent_links(links)
        ws_emit_user(parent_username, "parent.child_removed", {"student": student})
        ws_emit_user(student, "parent.unlinked", {"parent": parent_username})
        ws_emit_system("parent.child_removed", {
            "parent": parent_username,
            "student": student
        })
    return redirect("/parent_panel")

@app.route("/parent/student/<student>")
@login_required
@parent_required
def parent_student_view(student):
    users = load_users()
    if student not in users:
        return "Ученик не найден", 404

    current_user = session.get("user")
    current_role = get_user_role(users.get(current_user, {}))
    if current_role != ROLE_ADMIN:
        children = get_parent_children(current_user)
        if student not in children:
            return redirect("/parent_panel")

    return render_student_panel(student)

@app.route("/manager_panel")
@login_required
@manager_required
def manager_panel():
    return render_manager_panel(session.get("user"))

@app.route("/manager/student/<student>")
@login_required
@manager_required
def manager_student_view(student):
    users = load_users()
    if student not in users:
        return "Ученик не найден", 404
    return render_student_panel(student)

@app.route("/add_subject", methods=['POST'])
@login_required
@teacher_required
def add_subject():
    subject = request.form.get("subject", "").strip()
    if not subject:
        return redirect("/journal")

    subjects = load_subjects()
    if subject not in subjects:
        subjects.append(subject)
        subjects.sort()
        save_subjects(subjects)
        ws_emit_system("journal.subject_added", {"subject": subject, "by": session.get("user")})
    return redirect("/journal")

@app.route("/add_class", methods=['POST'])
@login_required
@teacher_required
def add_class():
    class_name = request.form.get("class_name", "").strip()
    if not class_name:
        return redirect("/journal")

    classes = load_classes()
    is_new_class = class_name not in classes
    classes.setdefault(class_name, [])
    save_classes(classes)
    if is_new_class:
        ws_emit_system("journal.class_added", {"class_name": class_name, "by": session.get("user")})
    return redirect("/journal")

@app.route("/add_student_to_class", methods=['POST'])
@login_required
@teacher_required
def add_student_to_class():
    student = request.form.get("student", "").strip()
    class_name = request.form.get("class_name", "").strip()
    if not student or not class_name:
        return redirect("/journal")

    users = load_users()
    if student not in users:
        return "Ученик не найден", 404

    classes = load_classes()
    classes.setdefault(class_name, [])
    if student not in classes[class_name]:
        classes[class_name].append(student)
    save_classes(classes)
    ws_emit_system("journal.student_added_to_class", {
        "student": student,
        "class_name": class_name,
        "by": session.get("user")
    })
    return redirect("/journal")

@app.route("/add_grade", methods=['POST'])
@login_required
@teacher_required
def add_grade():
    student = request.form.get("student", "").strip()
    subject = request.form.get("subject", "").strip()
    grade_raw = request.form.get("grade", "").strip()

    try:
        grade = int(grade_raw)
    except ValueError:
        return "Оценка должна быть числом от 2 до 5", 400

    if grade not in [2, 3, 4, 5]:
        return "Оценка должна быть от 2 до 5", 400

    users = load_users()
    if student not in users:
        return "Ученик не найден", 404
    if not subject:
        return "Укажите предмет", 400

    journal = load_journal()
    journal.setdefault(student, {})
    journal[student].setdefault(subject, [])
    journal[student][subject].append(grade)
    save_journal(journal)

    delta = calculate_money_for_grade(grade)
    users[student]["balance"] = users[student].get("balance", 0) + delta
    save_users(users)

    sign = "+" if delta >= 0 else ""
    add_history(student, "grade_update", abs(delta), f"{subject}: оценка {grade} ({sign}{delta})")
    ws_emit_system("journal.grade_added", {
        "student": student,
        "subject": subject,
        "grade": grade,
        "delta": delta,
        "by": session.get("user")
    })
    ws_emit_balance_update(student)
    return redirect("/journal")

@app.route("/student_graph/<student>")
@login_required
@teacher_required
def student_graph(student):
    stats = get_student_stats(student)
    all_grades = []
    for grades in stats["subjects"].values():
        all_grades.extend(grades)

    labels = list(range(1, len(all_grades) + 1))
    return f"""
    <h2>График успеваемости: {student}</h2>
    <a href="/journal">Назад</a>
    <canvas id="chart" width="900" height="320"></canvas>
    <script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
    <script>
      const labels = {json.dumps(labels)};
      const grades = {json.dumps(all_grades)};
      new Chart(document.getElementById('chart'), {{
        type: 'line',
        data: {{
          labels: labels,
          datasets: [{{ label: 'Оценки', data: grades, borderColor: '#0d6efd', tension: 0.25 }}]
        }},
        options: {{ scales: {{ y: {{ min: 2, max: 5, ticks: {{ stepSize: 1 }} }} }} }}
      }});
    </script>
    """

@app.route("/student_avg_graph/<student>")
@login_required
@teacher_required
def student_avg_graph(student):
    stats = get_student_stats(student)
    all_grades = []
    for grades in stats["subjects"].values():
        all_grades.extend(grades)

    averages = []
    current = []
    for g in all_grades:
        current.append(g)
        averages.append(round(sum(current) / len(current), 2))

    labels = list(range(1, len(averages) + 1))
    return f"""
    <h2>Динамика среднего балла: {student}</h2>
    <a href="/journal">Назад</a>
    <canvas id="chart" width="900" height="320"></canvas>
    <script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
    <script>
      const labels = {json.dumps(labels)};
      const dataPoints = {json.dumps(averages)};
      new Chart(document.getElementById('chart'), {{
        type: 'line',
        data: {{
          labels: labels,
          datasets: [{{ label: 'Средний балл', data: dataPoints, borderColor: '#198754', tension: 0.25 }}]
        }},
        options: {{ scales: {{ y: {{ min: 2, max: 5 }} }} }}
      }});
    </script>
    """

@app.route("/student_finance_graph/<student>")
@login_required
@teacher_required
def student_finance_graph(student):
    stats = get_student_stats(student)
    all_grades = []
    for grades in stats["subjects"].values():
        all_grades.extend(grades)

    balance_history = []
    balance = 0
    for g in all_grades:
        balance += calculate_money_for_grade(g)
        balance_history.append(balance)

    labels = list(range(1, len(balance_history) + 1))
    return f"""
    <h2>Финансовый график ученика: {student}</h2>
    <a href="/journal">Назад</a>
    <canvas id="chart" width="900" height="320"></canvas>
    <script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
    <script>
      const labels = {json.dumps(labels)};
      const dataPoints = {json.dumps(balance_history)};
      new Chart(document.getElementById('chart'), {{
        type: 'line',
        data: {{
          labels: labels,
          datasets: [{{ label: 'Баланс от оценок', data: dataPoints, borderColor: '#fd7e14', tension: 0.25 }}]
        }}
      }});
    </script>
    """

@app.route("/student_stats/<student>")
@login_required
@teacher_required
def student_stats(student):
    users = load_users()
    if student not in users:
        return "Ученик не найден", 404

    stats = get_student_stats(student)
    class_name = get_student_class(student)

    subjects_rows = ""
    for subject, grades in stats["subjects"].items():
        sub_avg = round(sum(grades) / len(grades), 2) if grades else 0
        subjects_rows += f"<tr><td>{subject}</td><td>{', '.join(map(str, grades))}</td><td>{sub_avg}</td></tr>"

    if not subjects_rows:
        subjects_rows = "<tr><td colspan='3'>Нет данных</td></tr>"

    return f"""
    <h2>Статистика ученика: {student}</h2>
    <a href="/journal">Назад</a>
    <p>Класс: <b>{class_name}</b></p>
    <p>Средний балл: <b>{stats['avg']}</b></p>
    <p>Количество оценок: <b>{stats['grade_count']}</b></p>
    <p>Финансовый итог по оценкам: <b>{stats['finance_delta']}</b></p>
    <p>Текущий баланс: <b>{stats['current_balance']}</b></p>
    <table border="1" cellpadding="8">
      <tr><th>Предмет</th><th>Оценки</th><th>Средний</th></tr>
      {subjects_rows}
    </table>
    """

@app.route("/rating")
@login_required
@teacher_required
def rating():
    journal = load_journal()
    users = load_users()
    result = []

    for student in journal.keys():
        stats = get_student_stats(student)
        result.append({
            "student": student,
            "avg": stats["avg"],
            "balance": users.get(student, {}).get("balance", 0),
            "class_name": get_student_class(student)
        })

    result.sort(key=lambda x: (x["avg"], x["balance"]), reverse=True)
    rows = ""
    place = 1
    for item in result:
        rows += f"""
        <tr>
            <td>{place}</td>
            <td>{item['student']}</td>
            <td>{item['class_name']}</td>
            <td>{item['avg']}</td>
            <td>{item['balance']}</td>
        </tr>
        """
        place += 1

    if not rows:
        rows = "<tr><td colspan='5'>Нет данных для рейтинга</td></tr>"

    return f"""
    <h2>Рейтинг учеников</h2>
    <a href="/journal">Назад</a>
    <table border="1" cellpadding="8">
      <tr>
        <th>Место</th>
        <th>Ученик</th>
        <th>Класс</th>
        <th>Средний балл</th>
        <th>Баланс</th>
      </tr>
      {rows}
    </table>
    """

@app.route("/journal")
@login_required
@teacher_required
def journal_page():
    journal = load_journal()
    classes = load_classes()
    subjects = load_subjects()
    users = load_users()

    students_rows = ""
    for student in sorted(journal.keys()):
        stats = get_student_stats(student)
        class_name = get_student_class(student)
        balance_class = "pos" if stats["current_balance"] >= 0 else "neg"
        students_rows += f"""
        <tr>
            <td><b>{student}</b></td>
            <td><span class="class-pill">{class_name}</span></td>
            <td>{stats['avg']}</td>
            <td><span class="balance {balance_class}">{stats['current_balance']}</span></td>
            <td class="actions">
                <a class="link-btn" href="/student_graph/{student}">Успеваемость</a>
                <a class="link-btn" href="/student_avg_graph/{student}">Средний</a>
                <a class="link-btn" href="/student_finance_graph/{student}">Финансы</a>
                <a class="link-btn" href="/student_stats/{student}">Статистика</a>
            </td>
        </tr>
        """

    if not students_rows:
        students_rows = "<tr><td colspan='5' class='empty'>Пока нет данных по ученикам</td></tr>"

    class_rows = ""
    for class_name, students in sorted(classes.items()):
        student_chips = ", ".join([f"<span class='student-chip'>{s}</span>" for s in students]) if students else "<span class='muted'>—</span>"
        class_rows += f"<tr><td><span class='class-pill'>{class_name}</span></td><td>{student_chips}</td></tr>"
    if not class_rows:
        class_rows = "<tr><td colspan='2' class='empty'>Классы не добавлены</td></tr>"

    subjects_text = "".join([f"<span class='subject-chip'>{s}</span>" for s in subjects]) if subjects else "<span class='muted'>Предметы не добавлены</span>"

    student_candidates = set(journal.keys())
    for class_students in classes.values():
        student_candidates.update(class_students)
    for username, user_data in users.items():
        if not isinstance(user_data, dict):
            continue
        role = user_data.get("role", "client")
        if role in [ROLE_ADMIN, ROLE_TEACHER, ROLE_MANAGER, ROLE_PARENT]:
            continue
        student_candidates.add(username)
    grade_students = sorted(student_candidates)

    subject_candidates = set(subjects)
    for student_subjects in journal.values():
        if isinstance(student_subjects, dict):
            subject_candidates.update(student_subjects.keys())
    grade_subjects = sorted(subject_candidates)

    if grade_students:
        student_options = '<option value="" selected disabled>Выберите ученика</option>' + "".join(
            [f'<option value="{student}">{student}</option>' for student in grade_students]
        )
    else:
        student_options = '<option value="" selected disabled>Сначала добавьте учеников</option>'

    if grade_subjects:
        subject_options = '<option value="" selected disabled>Выберите предмет</option>' + "".join(
            [f'<option value="{subject}">{subject}</option>' for subject in grade_subjects]
        )
    else:
        subject_options = '<option value="" selected disabled>Сначала добавьте предметы</option>'

    grade_options = """
      <option value="" selected disabled>Выберите оценку</option>
      <option value="5">5</option>
      <option value="4">4</option>
      <option value="3">3</option>
      <option value="2">2</option>
    """
    grade_submit_disabled = "disabled" if not grade_students or not grade_subjects else ""

    return f"""
    <!DOCTYPE html>
    <html lang="ru">
    <head>
      <meta charset="UTF-8">
      <meta name="viewport" content="width=device-width, initial-scale=1.0">
      <title>Учительская панель</title>
      <style>
        :root {{
          --primary: #4361ee;
          --secondary: #3a0ca3;
          --bg: #f4f7fc;
          --surface: #ffffff;
          --line: #e6ebf5;
          --text: #1f2a44;
          --muted: #6b7894;
          --success: #168a5a;
          --danger: #c63b3b;
          --shadow: 0 12px 28px rgba(37, 72, 160, 0.12);
        }}
        * {{
          box-sizing: border-box;
        }}
        body {{
          margin: 0;
          font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
          background: radial-gradient(circle at top left, #e9efff 0%, var(--bg) 45%);
          color: var(--text);
        }}
        .journal-shell {{
          max-width: 1220px;
          margin: 28px auto;
          padding: 0 16px 28px;
        }}
        .header-card {{
          background: linear-gradient(135deg, var(--primary) 0%, var(--secondary) 100%);
          color: #fff;
          border-radius: 18px;
          padding: 20px;
          box-shadow: var(--shadow);
          margin-bottom: 18px;
        }}
        .top-links {{
          margin-top: 12px;
          display: flex;
          gap: 10px;
          flex-wrap: wrap;
        }}
        .top-links a {{
          color: #fff;
          background: rgba(255, 255, 255, 0.14);
          text-decoration: none;
          padding: 8px 14px;
          border-radius: 10px;
          border: 1px solid rgba(255, 255, 255, 0.18);
        }}
        .forms-grid {{
          display: grid;
          grid-template-columns: repeat(auto-fit, minmax(280px, 1fr));
          gap: 14px;
          margin-bottom: 16px;
        }}
        .panel {{
          background: var(--surface);
          border-radius: 14px;
          border: 1px solid var(--line);
          box-shadow: 0 6px 20px rgba(30, 60, 135, 0.08);
          padding: 16px;
        }}
        .panel h3 {{
          margin: 0 0 10px;
          font-size: 18px;
        }}
        .panel form {{
          display: flex;
          gap: 8px;
          flex-wrap: wrap;
        }}
        .field {{
          flex: 1 1 160px;
          border: 1px solid #d7deee;
          border-radius: 10px;
          padding: 10px 12px;
          font-size: 14px;
        }}
        .btn {{
          border: none;
          border-radius: 10px;
          padding: 10px 14px;
          color: #fff;
          cursor: pointer;
          background: linear-gradient(135deg, var(--primary), var(--secondary));
          font-weight: 600;
        }}
        .chips {{
          margin-top: 10px;
          display: flex;
          gap: 8px;
          flex-wrap: wrap;
        }}
        .subject-chip {{
          background: #e8eeff;
          color: #2e4cae;
          border-radius: 999px;
          padding: 5px 10px;
          font-size: 13px;
          font-weight: 600;
        }}
        .rule {{
          background: #fff8e8;
          border: 1px solid #fde1aa;
          color: #7a570d;
          border-radius: 12px;
          padding: 10px 12px;
          margin: 0 0 16px;
          font-weight: 600;
        }}
        .table-card {{
          background: var(--surface);
          border: 1px solid var(--line);
          border-radius: 14px;
          box-shadow: 0 6px 20px rgba(30, 60, 135, 0.08);
          padding: 16px;
          margin-bottom: 14px;
          overflow: auto;
        }}
        .table-card h3 {{
          margin: 0 0 12px;
        }}
        table {{
          width: 100%;
          border-collapse: collapse;
          min-width: 690px;
        }}
        th {{
          text-align: left;
          background: #f0f4ff;
          color: #304478;
          font-size: 13px;
          text-transform: uppercase;
          letter-spacing: 0.4px;
        }}
        th, td {{
          border-bottom: 1px solid var(--line);
          padding: 10px 12px;
          vertical-align: top;
        }}
        .class-pill {{
          background: #eef2ff;
          color: #2a4597;
          border: 1px solid #d9e2ff;
          border-radius: 999px;
          padding: 4px 10px;
          font-weight: 700;
          font-size: 13px;
        }}
        .student-chip {{
          background: #f2f5fd;
          border: 1px solid #dbe3f7;
          border-radius: 999px;
          padding: 4px 9px;
          font-size: 13px;
          white-space: nowrap;
        }}
        .muted {{
          color: var(--muted);
        }}
        .balance.pos {{
          color: var(--success);
          font-weight: 700;
        }}
        .balance.neg {{
          color: var(--danger);
          font-weight: 700;
        }}
        .actions {{
          display: flex;
          flex-wrap: wrap;
          gap: 6px;
        }}
        .link-btn {{
          text-decoration: none;
          color: #2949a1;
          background: #edf2ff;
          border: 1px solid #d8e2ff;
          padding: 5px 10px;
          border-radius: 8px;
          font-size: 13px;
          font-weight: 600;
        }}
        .empty {{
          color: var(--muted);
          text-align: center;
          padding: 16px;
        }}
        @media (max-width: 768px) {{
          .header-card {{
            border-radius: 14px;
          }}
          .panel form {{
            flex-direction: column;
          }}
          .btn {{
            width: 100%;
          }}
        }}
      </style>
    </head>
    <body>
      <div class="journal-shell">
        <div class="header-card">
          <h2>Учительская панель: электронный дневник</h2>
          <div class="top-links">
            <a href="/dashboard">Назад в банк</a>
            <a href="/rating">Рейтинг учеников</a>
          </div>
        </div>

        <div class="forms-grid">
          <div class="panel">
            <h3>Добавить предмет</h3>
            <form method="post" action="/add_subject">
              <input class="field" name="subject" placeholder="Математика" required>
              <button class="btn">Добавить предмет</button>
            </form>
            <div class="chips">{subjects_text}</div>
          </div>

          <div class="panel">
            <h3>Добавить класс</h3>
            <form method="post" action="/add_class">
              <input class="field" name="class_name" placeholder="5А" required>
              <button class="btn">Создать класс</button>
            </form>
          </div>

          <div class="panel">
            <h3>Добавить ученика в класс</h3>
            <form method="post" action="/add_student_to_class">
              <input class="field" name="student" placeholder="Логин ученика" required>
              <input class="field" name="class_name" placeholder="Класс" required>
              <button class="btn">Добавить</button>
            </form>
          </div>
        </div>

        <div class="panel" style="margin-bottom: 14px;">
          <h3>Поставить оценку</h3>
          <p class="rule">Финансовая логика: 5 => +20, 4 => +10, 3 => -10, 2 => -20</p>
          <form method="post" action="/add_grade">
            <select class="field" name="student" required>
              {student_options}
            </select>
            <select class="field" name="subject" required>
              {subject_options}
            </select>
            <select class="field" name="grade" required>
              {grade_options}
            </select>
            <button class="btn" {grade_submit_disabled}>Поставить оценку</button>
          </form>
        </div>

        <div class="table-card">
          <h3>Классы</h3>
          <table>
            <tr><th>Класс</th><th>Ученики</th></tr>
            {class_rows}
          </table>
        </div>

        <div class="table-card">
          <h3>Ученики</h3>
          <table>
            <tr>
              <th>Ученик</th>
              <th>Класс</th>
              <th>Средний балл</th>
              <th>Баланс</th>
              <th>Инструменты</th>
            </tr>
            {students_rows}
          </table>
        </div>
      </div>
    </body>
    </html>
    """


if __name__ == '__main__':
    import threading
    
    def daily_update_thread():
        while True:
            time.sleep(86400)
            daily_update()
    
    thread = threading.Thread(target=daily_update_thread, daemon=True)
    thread.start()
    requested_debug = parse_bool(os.environ.get("BANK_DEBUG", "1"))
    app.run(host='0.0.0.0', port=5000, debug=requested_debug, use_reloader=requested_debug)