Sergey/CloudShare
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
2610b2932d
CloudShare/bank.py

6070 lines
236 KiB
Python
Raw Blame History

from flask import Flask, request, redirect, session, Response, jsonify
import json, os, random, time, uuid, re, html, base64, hashlib, hmac, struct
from datetime import datetime
from functools import wraps
from urllib.parse import quote
app = Flask(__name__)
app.secret_key = "bank_secret_key_2025"
app.config['SESSION_PERMANENT'] = True
app.config['PERMANENT_SESSION_LIFETIME'] = 3600
USERS_FILE = "users.json"
HISTORY_FILE = "history.json"
SHOP_FILE = "shop.json"
PAYMENTS_FILE = "payments.json" # Новый файл для платежей
JOURNAL_FILE = "journal.json"
CLASSES_FILE = "classes.json"
SUBJECTS_FILE = "subjects.json"
PARENT_LINKS_FILE = "parent_links.json"
CRYPTO_FILE = "crypto.json"
SERKRIPTO_NAME = "SerKripto"
SERKRIPTO_SYMBOL = "SERK"
ROLE_ADMIN = "admin"
ROLE_MANAGER = "manager"
ROLE_TEACHER = "teacher"
ROLE_PARENT = "parent"
ROLE_STUDENT = "student"
ROLE_CLIENT = "client"
VALID_ROLES = {
ROLE_ADMIN,
ROLE_MANAGER,
ROLE_TEACHER,
ROLE_PARENT,
ROLE_STUDENT,
ROLE_CLIENT
}
FINANCE_ROLES = (ROLE_ADMIN, ROLE_MANAGER, ROLE_TEACHER, ROLE_PARENT, ROLE_STUDENT, ROLE_CLIENT)
CREDIT_ROLES = (ROLE_ADMIN, ROLE_MANAGER, ROLE_TEACHER, ROLE_PARENT, ROLE_CLIENT)
CRYPTO_ROLES = (ROLE_ADMIN, ROLE_MANAGER, ROLE_TEACHER, ROLE_PARENT, ROLE_CLIENT)
SHOP_SELL_ROLES = (ROLE_ADMIN, ROLE_MANAGER, ROLE_TEACHER, ROLE_PARENT, ROLE_CLIENT)
JOURNAL_ROLES = (ROLE_ADMIN, ROLE_TEACHER)
TOTP_DIGITS = 6
TOTP_PERIOD_SEC = 30
TOTP_DRIFT_WINDOWS = 1
PENDING_2FA_TTL_SEC = 300
def normalize_role(role_value):
role = str(role_value or ROLE_CLIENT).strip().lower()
if role not in VALID_ROLES:
return ROLE_CLIENT
return role
def parse_bool(value):
if isinstance(value, bool):
return value
if isinstance(value, (int, float)):
return value != 0
if isinstance(value, str):
return value.strip().lower() in {"1", "true", "yes", "on"}
return False
def normalize_totp_secret(secret_value):
cleaned = re.sub(r"[^A-Z2-7]", "", str(secret_value or "").upper())
return cleaned
def generate_totp_secret(length=32):
alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"
return "".join(random.choice(alphabet) for _ in range(max(16, int(length))))
def generate_totp_code(secret, for_timestamp=None):
normalized_secret = normalize_totp_secret(secret)
if not normalized_secret:
return None
pad_len = (8 - (len(normalized_secret) % 8)) % 8
padded = normalized_secret + ("=" * pad_len)
try:
key = base64.b32decode(padded, casefold=True)
except Exception:
return None
timestamp = int(time.time()) if for_timestamp is None else int(for_timestamp)
counter = int(timestamp // TOTP_PERIOD_SEC)
counter_bytes = struct.pack(">Q", counter)
digest = hmac.new(key, counter_bytes, hashlib.sha1).digest()
offset = digest[-1] & 0x0F
binary = (
((digest[offset] & 0x7F) << 24)
| ((digest[offset + 1] & 0xFF) << 16)
| ((digest[offset + 2] & 0xFF) << 8)
| (digest[offset + 3] & 0xFF)
)
return str(binary % (10 ** TOTP_DIGITS)).zfill(TOTP_DIGITS)
def verify_totp_code(secret, raw_code):
code = re.sub(r"\D", "", str(raw_code or ""))
if len(code) != TOTP_DIGITS:
return False
now = int(time.time())
for offset in range(-TOTP_DRIFT_WINDOWS, TOTP_DRIFT_WINDOWS + 1):
check_time = now + (offset * TOTP_PERIOD_SEC)
expected = generate_totp_code(secret, check_time)
if expected and code == expected:
return True
return False
def get_totp_uri(username, secret):
issuer = quote("Bank School")
account = quote(str(username or "user"))
return f"otpauth://totp/{issuer}:{account}?secret={secret}&issuer={issuer}&digits={TOTP_DIGITS}&period={TOTP_PERIOD_SEC}"
def clear_pending_2fa_session():
session.pop("pending_2fa_user", None)
session.pop("pending_2fa_started", None)
def is_pending_2fa_alive():
started = int(session.get("pending_2fa_started", 0) or 0)
if started <= 0:
return False
return (int(time.time()) - started) <= PENDING_2FA_TTL_SEC
def get_user_role(user_data):
if not isinstance(user_data, dict):
return ROLE_CLIENT
return normalize_role(user_data.get("role", ROLE_CLIENT))
def has_role(user_data, allowed_roles):
role = get_user_role(user_data)
normalized_allowed = {normalize_role(r) for r in allowed_roles}
return role in normalized_allowed
def default_admin_user():
return {
"password": "CreateSergeyPass",
"balance": 0,
"deposit": 0,
"credit": 0,
"serkripto": 0.0,
"role": "admin",
"full_name": "Администратор Системы",
"email": "kompania.bank@gmail.com",
"api_key": "Sergey_API_KEY_1",
"twofa_enabled": False,
"twofa_secret": "",
}
# ---------- ИНИЦИАЛИЗАЦИЯ ФАЙЛОВ ----------
def init_files():
"""Инициализация файлов (без удаления существующих)"""
# Создаем файлы если они не существуют
files_to_init = [
(USERS_FILE, {"Sergey": default_admin_user()}),
(HISTORY_FILE, []),
(SHOP_FILE, {"items": [], "ads": []}),
(PAYMENTS_FILE, []), # Инициализация файла платежей
(JOURNAL_FILE, {}),
(CLASSES_FILE, {}),
(SUBJECTS_FILE, []),
(PARENT_LINKS_FILE, {}),
(CRYPTO_FILE, {
"name": SERKRIPTO_NAME,
"symbol": SERKRIPTO_SYMBOL,
"price": 100.0,
"min_price": 1.0,
"max_price": 1000000.0,
"price_step_buy": 0.012,
"price_step_sell": 0.01,
"idle_decay_rate": 0.0015,
"idle_decay_interval_sec": 30,
"last_buy_at": int(time.time()),
"last_update": int(time.time()),
"stats": {
"buy_ops": 0,
"sell_ops": 0,
"buy_volume": 0.0,
"sell_volume": 0.0
}
})
]
for filename, default_data in files_to_init:
if not os.path.exists(filename):
with open(filename, "w", encoding='utf-8') as f:
json.dump(default_data, f, indent=4, ensure_ascii=False)
# Инициализируем файлы при запуске
init_files()
# Совместимые no-op хуки уведомлений
def ws_emit_system(event_name, payload=None):
return None
def ws_emit_user(username, event_name, payload=None):
return None
def ws_emit_balance_update(username):
return None
# ---------- ФУНКЦИИ ДЛЯ РАБОТЫ С ДАННЫМИ ----------
def load_users():
try:
with open(USERS_FILE, 'r', encoding='utf-8') as f:
data = json.load(f)
# Убеждаемся, что данные в правильном формате
if not isinstance(data, dict):
print("Warning: users.json is not a dictionary, resetting to default")
data = {"admin": default_admin_user()}
save_users(data)
return data
# Проверяем, что все значения являются словарями
cleaned_data = {}
for username, user_data in data.items():
if isinstance(user_data, dict):
user_data["role"] = get_user_role(user_data)
try:
user_data["serkripto"] = round(float(user_data.get("serkripto", 0.0)), 6)
except:
user_data["serkripto"] = 0.0
user_data["twofa_secret"] = normalize_totp_secret(user_data.get("twofa_secret", ""))
user_data["twofa_enabled"] = parse_bool(user_data.get("twofa_enabled", False))
if not user_data["twofa_secret"]:
user_data["twofa_enabled"] = False
cleaned_data[username] = user_data
else:
print(f"Warning: User {username} data is not a dict, resetting")
if username == "admin":
cleaned_data[username] = default_admin_user()
else:
cleaned_data[username] = {
"password": "reset123",
"balance": 1000,
"deposit": 0,
"credit": 0,
"serkripto": 0.0,
"role": "client",
"full_name": "Пользователь",
"email": "user@example.com",
"api_key": None,
"twofa_enabled": False,
"twofa_secret": "",
}
# Гарантируем наличие рабочего admin даже после ручной порчи users.json
admin_defaults = default_admin_user()
admin_user = cleaned_data.get("admin")
if not isinstance(admin_user, dict):
cleaned_data["admin"] = admin_defaults
else:
for key, value in admin_defaults.items():
admin_user.setdefault(key, value)
admin_user["role"] = ROLE_ADMIN
if not admin_user.get("password"):
admin_user["password"] = admin_defaults["password"]
if cleaned_data != data:
save_users(cleaned_data)
return cleaned_data
except Exception as e:
print(f"Error loading users: {e}")
data = {"admin": default_admin_user()}
save_users(data)
return data
def save_users(data):
with open(USERS_FILE, "w", encoding='utf-8') as f:
json.dump(data, f, indent=4, ensure_ascii=False)
def load_history():
try:
with open(HISTORY_FILE, 'r', encoding='utf-8') as f:
return json.load(f)
except:
return []
def save_history(data):
with open(HISTORY_FILE, "w", encoding='utf-8') as f:
json.dump(data, f, indent=4, ensure_ascii=False)
# ---------- ЭЛЕКТРОННЫЙ ДНЕВНИК ----------
def load_journal():
try:
with open(JOURNAL_FILE, 'r', encoding='utf-8') as f:
data = json.load(f)
return data if isinstance(data, dict) else {}
except:
return {}
def save_journal(data):
with open(JOURNAL_FILE, "w", encoding='utf-8') as f:
json.dump(data, f, indent=4, ensure_ascii=False)
def load_classes():
try:
with open(CLASSES_FILE, 'r', encoding='utf-8') as f:
data = json.load(f)
return data if isinstance(data, dict) else {}
except:
return {}
def save_classes(data):
with open(CLASSES_FILE, "w", encoding='utf-8') as f:
json.dump(data, f, indent=4, ensure_ascii=False)
def load_subjects():
try:
with open(SUBJECTS_FILE, 'r', encoding='utf-8') as f:
data = json.load(f)
return data if isinstance(data, list) else []
except:
return []
def save_subjects(data):
with open(SUBJECTS_FILE, "w", encoding='utf-8') as f:
json.dump(data, f, indent=4, ensure_ascii=False)
def load_parent_links():
try:
with open(PARENT_LINKS_FILE, 'r', encoding='utf-8') as f:
data = json.load(f)
return data if isinstance(data, dict) else {}
except:
return {}
def save_parent_links(data):
with open(PARENT_LINKS_FILE, "w", encoding='utf-8') as f:
json.dump(data, f, indent=4, ensure_ascii=False)
def get_parent_children(parent_username):
links = load_parent_links()
children = links.get(parent_username, [])
if not isinstance(children, list):
return []
unique_children = []
for child in children:
child_name = str(child).strip()
if child_name and child_name not in unique_children:
unique_children.append(child_name)
return unique_children
def calculate_money_for_grade(grade):
grade = int(grade)
mapping = {
5: 20,
4: 10,
3: -10,
2: -20
}
return mapping.get(grade, 0)
# ---------- ФУНКЦИИ ДЛЯ ПЛАТЕЖЕЙ ----------
def load_payments():
"""Загрузка платежей"""
try:
with open(PAYMENTS_FILE, 'r', encoding='utf-8') as f:
return json.load(f)
except:
return []
def save_payments(data):
"""Сохранение платежей"""
with open(PAYMENTS_FILE, "w", encoding='utf-8') as f:
json.dump(data, f, indent=4, ensure_ascii=False)
def get_payment_by_id(payment_id):
payments = load_payments()
for payment in payments:
if payment.get("id") == payment_id:
return payment
return None
def sanitize_payment_output(payment):
if not isinstance(payment, dict):
return payment
safe_payment = payment.copy()
balances = safe_payment.get("balances")
if isinstance(balances, dict):
safe_payment["balances"] = {
"payer_before": balances.get("payer_before"),
"payer_after": balances.get("payer_after")
}
return safe_payment
def ws_emit_payment_event(event_name, payment, extra_payload=None):
if not isinstance(payment, dict):
return
payload = {
"id": payment.get("id"),
"status": payment.get("status"),
"payer": payment.get("payer"),
"receiver": payment.get("receiver"),
"amount": payment.get("amount"),
"allow_any_payer": bool(payment.get("allow_any_payer", False)),
"created_by": payment.get("created_by")
}
if isinstance(extra_payload, dict):
payload.update(extra_payload)
ws_emit_system(event_name, payload)
notified_users = set()
for username in [payment.get("payer"), payment.get("receiver"), payment.get("created_by")]:
username = str(username or "").strip()
if not username or username == "*" or username in notified_users:
continue
ws_emit_user(username, event_name, payload)
notified_users.add(username)
def ws_emit_crypto_market_event(market, reason="update"):
if not isinstance(market, dict):
return
payload = {
"reason": reason,
"coin": market.get("name", SERKRIPTO_NAME),
"symbol": market.get("symbol", SERKRIPTO_SYMBOL),
"price_rub": round(float(market.get("price", 0.0)), 4),
"min_price_rub": round(float(market.get("min_price", 1.0)), 4),
"max_price_rub": round(float(market.get("max_price", 1000000.0)), 4),
"time": int(time.time())
}
ws_emit_system("crypto.market", payload)
def create_payment(payer, receiver, amount, description="", external_id="", allow_any_payer=False, created_by=None):
"""Создание платежа"""
payments = load_payments()
payment_id = str(uuid.uuid4())[:12]
safe_payer = "*" if allow_any_payer else payer
payment_data = {
"id": payment_id,
"payer": safe_payer,
"receiver": receiver,
"amount": int(amount),
"description": description,
"external_id": external_id,
"allow_any_payer": bool(allow_any_payer),
"created_by": created_by if created_by else payer,
"created": int(time.time()),
"status": "pending", # pending, completed, failed, cancelled
"completed_at": None
}
payments.append(payment_data)
save_payments(payments)
ws_emit_payment_event("payment.created", payment_data)
return payment_id, payment_data
def process_payment(payment_id, payer_username=None):
"""Обработка платежа"""
payments = load_payments()
users = load_users()
payment = None
for p in payments:
if p["id"] == payment_id:
payment = p
break
if not payment:
return False, "Платеж не найден"
if payment["status"] != "pending":
return False, f"Платеж уже обработан (статус: {payment['status']})"
receiver = payment["receiver"]
amount = payment["amount"]
allow_any_payer = bool(payment.get("allow_any_payer", False))
if allow_any_payer:
if not payer_username:
return False, "Для этого платежа нужен логин плательщика"
payer = payer_username
else:
payer = payment["payer"]
if payer_username and payer != payer_username:
return False, "Неверный плательщик"
# Проверяем существование пользователей
if payer not in users:
return False, "Плательщик не найден"
if receiver not in users:
return False, "Получатель не найден"
if payer == receiver:
return False, "Нельзя оплатить самому себе"
# Проверяем баланс плательщика
if users[payer]["balance"] < amount:
return False, "Недостаточно средств"
payer_balance_before = users[payer]["balance"]
receiver_balance_before = users[receiver]["balance"]
# Выполняем перевод
users[payer]["balance"] -= amount
users[receiver]["balance"] += amount
save_users(users)
payer_balance_after = users[payer]["balance"]
receiver_balance_after = users[receiver]["balance"]
# Обновляем статус платежа
for p in payments:
if p["id"] == payment_id:
if allow_any_payer:
p["payer"] = payer
p["status"] = "completed"
p["completed_at"] = int(time.time())
p["balances"] = {
"payer_before": payer_balance_before,
"payer_after": payer_balance_after,
"receiver_before": receiver_balance_before,
"receiver_after": receiver_balance_after
}
break
save_payments(payments)
# Добавляем в историю
add_history(payer, "payment_sent", amount, f"Платеж #{payment_id} для {receiver}")
add_history(receiver, "payment_received", amount, f"Платеж #{payment_id} от {payer}")
ws_emit_payment_event("payment.completed", payment, {
"payer_before": payer_balance_before,
"payer_after": payer_balance_after
})
return True, "Платеж успешно выполнен"
def cancel_payment(payment_id):
"""Отмена платежа"""
payments = load_payments()
for payment in payments:
if payment["id"] == payment_id and payment["status"] == "pending":
payment["status"] = "cancelled"
save_payments(payments)
ws_emit_payment_event("payment.cancelled", payment)
return True, "Платеж отменен"
return False, "Платеж не найден или уже обработан"
# ---------- ФУНКЦИИ ДЛЯ МАГАЗИНА ----------
def load_shop():
"""Загрузка данных магазина"""
try:
with open(SHOP_FILE, 'r', encoding='utf-8') as f:
data = json.load(f)
# Обеспечиваем наличие всех ключей
if "items" not in data:
data["items"] = []
if "ads" not in data:
data["ads"] = []
return data
except:
return {"items": [], "ads": []}
def save_shop(data):
"""Сохранение данных магазина"""
with open(SHOP_FILE, "w", encoding='utf-8') as f:
json.dump(data, f, indent=4, ensure_ascii=False)
def create_shop_item(seller_username, title, description, price, category="other"):
"""Создание товара в магазине"""
shop_data = load_shop()
item_id = str(uuid.uuid4())[:8]
new_item = {
"id": item_id,
"seller": seller_username,
"title": title,
"description": description,
"price": int(price),
"category": category,
"created": int(time.time()),
"status": "available",
"buyer": None
}
shop_data["items"].append(new_item)
save_shop(shop_data)
# Добавляем в историю
add_history(seller_username, "create_shop_item", 0, f"Товар: {title}")
ws_emit_system("shop.item_created", {
"item_id": item_id,
"seller": seller_username,
"title": title,
"price": int(price),
"category": category
})
ws_emit_user(seller_username, "shop.item_created", {
"item_id": item_id,
"title": title,
"price": int(price)
})
return item_id
def create_advertisement(author, title, content, contact_info):
"""Создание объявления"""
shop_data = load_shop()
ad_id = str(uuid.uuid4())[:8]
new_ad = {
"id": ad_id,
"author": author,
"title": title,
"content": content,
"contact_info": contact_info,
"created": int(time.time()),
"status": "active"
}
shop_data["ads"].append(new_ad)
save_shop(shop_data)
# Добавляем в историю
add_history(author, "create_advertisement", 0, f"Объявление: {title}")
ws_emit_system("shop.ad_created", {
"ad_id": ad_id,
"author": author,
"title": title
})
ws_emit_user(author, "shop.ad_created", {
"ad_id": ad_id,
"title": title
})
return ad_id
def buy_item(item_id, buyer_username):
"""Покупка товара"""
shop_data = load_shop()
users = load_users()
# Находим товар
item_to_buy = None
for item in shop_data["items"]:
if item["id"] == item_id and item["status"] == "available":
item_to_buy = item
break
if not item_to_buy:
return False, "Товар не найден или уже продан"
seller = item_to_buy["seller"]
price = item_to_buy["price"]
# Проверяем, есть ли у покупателя достаточно средств
if buyer_username not in users:
return False, "Покупатель не найден"
if users[buyer_username]["balance"] < price:
return False, "Недостаточно средств"
# Проверяем, что покупатель не покупает у себя
if buyer_username == seller:
return False, "Нельзя купить собственный товар"
# Проверяем, существует ли продавец
if seller not in users:
return False, "Продавец не найден"
# Выполняем транзакцию
users[buyer_username]["balance"] -= price
users[seller]["balance"] += price
save_users(users)
# Обновляем статус товара
for item in shop_data["items"]:
if item["id"] == item_id:
item["status"] = "sold"
item["buyer"] = buyer_username
item["sold_date"] = int(time.time())
break
save_shop(shop_data)
# Добавляем в историю
add_history(buyer_username, "buy_item", price, f"Товар: {item_to_buy['title']} от {seller}")
add_history(seller, "sell_item", price, f"Товар: {item_to_buy['title']} покупателю {buyer_username}")
ws_emit_system("shop.item_sold", {
"item_id": item_id,
"title": item_to_buy["title"],
"seller": seller,
"buyer": buyer_username,
"price": price
})
ws_emit_user(buyer_username, "shop.item_sold", {
"item_id": item_id,
"title": item_to_buy["title"],
"price": price,
"role": "buyer"
})
ws_emit_user(seller, "shop.item_sold", {
"item_id": item_id,
"title": item_to_buy["title"],
"price": price,
"role": "seller"
})
return True, "Покупка успешно завершена"
def default_crypto_market():
now = int(time.time())
return {
"name": SERKRIPTO_NAME,
"symbol": SERKRIPTO_SYMBOL,
"price": 100.0,
"min_price": 1.0,
"max_price": 1000000.0,
"price_step_buy": 0.012,
"price_step_sell": 0.01,
"idle_decay_rate": 0.0015,
"idle_decay_interval_sec": 30,
"last_buy_at": now,
"last_update": now,
"stats": {
"buy_ops": 0,
"sell_ops": 0,
"buy_volume": 0.0,
"sell_volume": 0.0
}
}
def normalize_crypto_market(data):
defaults = default_crypto_market()
market = {}
if not isinstance(data, dict):
data = {}
market["name"] = str(data.get("name", defaults["name"]) or defaults["name"])
market["symbol"] = str(data.get("symbol", defaults["symbol"]) or defaults["symbol"]).upper()
def to_float(value, fallback):
try:
return float(value)
except:
return float(fallback)
def to_int(value, fallback):
try:
return int(value)
except:
return int(fallback)
market["min_price"] = max(0.01, to_float(data.get("min_price"), defaults["min_price"]))
market["max_price"] = max(market["min_price"], to_float(data.get("max_price"), defaults["max_price"]))
market["price"] = to_float(data.get("price"), defaults["price"])
market["price"] = min(market["max_price"], max(market["min_price"], market["price"]))
market["price"] = round(market["price"], 4)
market["price_step_buy"] = min(0.5, max(0.0, to_float(data.get("price_step_buy"), defaults["price_step_buy"])))
market["price_step_sell"] = min(0.5, max(0.0, to_float(data.get("price_step_sell"), defaults["price_step_sell"])))
market["idle_decay_rate"] = min(0.2, max(0.0, to_float(data.get("idle_decay_rate"), defaults["idle_decay_rate"])))
market["idle_decay_interval_sec"] = max(5, to_int(data.get("idle_decay_interval_sec"), defaults["idle_decay_interval_sec"]))
market["last_buy_at"] = to_int(data.get("last_buy_at"), defaults["last_buy_at"])
market["last_update"] = to_int(data.get("last_update"), defaults["last_update"])
stats = data.get("stats", {})
if not isinstance(stats, dict):
stats = {}
market["stats"] = {
"buy_ops": max(0, to_int(stats.get("buy_ops"), 0)),
"sell_ops": max(0, to_int(stats.get("sell_ops"), 0)),
"buy_volume": max(0.0, round(to_float(stats.get("buy_volume"), 0.0), 6)),
"sell_volume": max(0.0, round(to_float(stats.get("sell_volume"), 0.0), 6))
}
return market
def load_crypto_market():
need_save = False
raw = None
try:
with open(CRYPTO_FILE, 'r', encoding='utf-8') as f:
raw = json.load(f)
except:
raw = default_crypto_market()
need_save = True
market = normalize_crypto_market(raw)
if raw != market:
need_save = True
if need_save:
save_crypto_market(market)
return market
def save_crypto_market(data):
with open(CRYPTO_FILE, "w", encoding='utf-8') as f:
json.dump(normalize_crypto_market(data), f, indent=4, ensure_ascii=False)
def apply_serkripto_idle_decay(market):
market = normalize_crypto_market(market)
now = int(time.time())
last_update = int(market.get("last_update", now))
interval = int(market.get("idle_decay_interval_sec", 30))
if now <= last_update:
return market, False
if now - int(market.get("last_buy_at", 0)) < interval:
market["last_update"] = now
return market, False
steps = (now - last_update) // interval
if steps <= 0:
return market, False
price_before = float(market.get("price", 100.0))
decay_rate = float(market.get("idle_decay_rate", 0.0015))
min_price = float(market.get("min_price", 1.0))
decayed_price = max(min_price, price_before * ((1 - decay_rate) ** steps))
market["price"] = round(decayed_price, 4)
market["last_update"] = now
changed = abs(price_before - market["price"]) > 1e-9
return market, changed
def get_user_serkripto_amount(user_data):
if not isinstance(user_data, dict):
return 0.0
try:
return round(max(0.0, float(user_data.get("serkripto", 0.0))), 6)
except:
return 0.0
def buy_serkripto(username, rub_amount):
try:
amount = int(rub_amount)
except:
return False, "invalid_amount"
if amount <= 0:
return False, "invalid_amount"
users = load_users()
user_data = users.get(username)
if not isinstance(user_data, dict):
return False, "user_not_found"
market = load_crypto_market()
market, decayed = apply_serkripto_idle_decay(market)
if decayed:
save_crypto_market(market)
ws_emit_crypto_market_event(market, "idle_decay")
price_before = float(market.get("price", 0.0))
if price_before <= 0:
return False, "market_unavailable"
if int(user_data.get("balance", 0)) < amount:
return False, "insufficient_funds"
quantity = round(amount / price_before, 6)
if quantity <= 0:
return False, "amount_too_small"
user_data["balance"] = int(user_data.get("balance", 0)) - amount
user_data["serkripto"] = round(get_user_serkripto_amount(user_data) + quantity, 6)
save_users(users)
growth = min(0.25, quantity * float(market.get("price_step_buy", 0.012)))
max_price = float(market.get("max_price", 1000000.0))
price_after = min(max_price, price_before * (1 + growth))
now = int(time.time())
market["price"] = round(price_after, 4)
market["last_buy_at"] = now
market["last_update"] = now
market["stats"]["buy_ops"] = int(market["stats"].get("buy_ops", 0)) + 1
market["stats"]["buy_volume"] = round(float(market["stats"].get("buy_volume", 0.0)) + quantity, 6)
save_crypto_market(market)
ws_emit_crypto_market_event(market, "buy")
add_history(username, "crypto_buy", amount, f"{SERKRIPTO_NAME} +{quantity:.6f} по {price_before:.4f}")
ws_emit_balance_update(username)
ws_emit_user(username, "crypto.trade", {
"side": "buy",
"coin": SERKRIPTO_NAME,
"quantity": quantity,
"amount_rub": amount,
"price_before": round(price_before, 4),
"price_after": round(market["price"], 4)
})
ws_emit_system("crypto.trade", {
"side": "buy",
"user": username,
"coin": SERKRIPTO_NAME,
"quantity": quantity,
"price": round(market["price"], 4)
})
return True, {
"coin": SERKRIPTO_NAME,
"symbol": market.get("symbol", SERKRIPTO_SYMBOL),
"quantity": quantity,
"amount_rub": amount,
"price_before": round(price_before, 4),
"price_after": round(float(market.get("price", price_before)), 4),
"balance_rub": int(user_data.get("balance", 0)),
"wallet_quantity": get_user_serkripto_amount(user_data)
}
def sell_serkripto(username, quantity):
try:
qty = round(float(quantity), 6)
except:
return False, "invalid_quantity"
if qty <= 0:
return False, "invalid_quantity"
users = load_users()
user_data = users.get(username)
if not isinstance(user_data, dict):
return False, "user_not_found"
wallet_qty = get_user_serkripto_amount(user_data)
if wallet_qty + 1e-9 < qty:
return False, "insufficient_crypto"
market = load_crypto_market()
market, decayed = apply_serkripto_idle_decay(market)
if decayed:
save_crypto_market(market)
ws_emit_crypto_market_event(market, "idle_decay")
price_before = float(market.get("price", 0.0))
if price_before <= 0:
return False, "market_unavailable"
payout = int(round(qty * price_before))
if payout <= 0:
return False, "amount_too_small"
user_data["serkripto"] = round(max(0.0, wallet_qty - qty), 6)
user_data["balance"] = int(user_data.get("balance", 0)) + payout
save_users(users)
drop = min(0.25, qty * float(market.get("price_step_sell", 0.01)))
min_price = float(market.get("min_price", 1.0))
price_after = max(min_price, price_before * (1 - drop))
now = int(time.time())
market["price"] = round(price_after, 4)
market["last_update"] = now
market["stats"]["sell_ops"] = int(market["stats"].get("sell_ops", 0)) + 1
market["stats"]["sell_volume"] = round(float(market["stats"].get("sell_volume", 0.0)) + qty, 6)
save_crypto_market(market)
ws_emit_crypto_market_event(market, "sell")
add_history(username, "crypto_sell", payout, f"{SERKRIPTO_NAME} -{qty:.6f} по {price_before:.4f}")
ws_emit_balance_update(username)
ws_emit_user(username, "crypto.trade", {
"side": "sell",
"coin": SERKRIPTO_NAME,
"quantity": qty,
"amount_rub": payout,
"price_before": round(price_before, 4),
"price_after": round(market["price"], 4)
})
ws_emit_system("crypto.trade", {
"side": "sell",
"user": username,
"coin": SERKRIPTO_NAME,
"quantity": qty,
"price": round(market["price"], 4)
})
return True, {
"coin": SERKRIPTO_NAME,
"symbol": market.get("symbol", SERKRIPTO_SYMBOL),
"quantity": qty,
"amount_rub": payout,
"price_before": round(price_before, 4),
"price_after": round(float(market.get("price", price_before)), 4),
"balance_rub": int(user_data.get("balance", 0)),
"wallet_quantity": get_user_serkripto_amount(user_data)
}
# ---------- API КЛЮЧИ ----------
def generate_api_key():
"""Генерация API ключа"""
return f"bank_api_{uuid.uuid4().hex[:16]}"
def get_user_by_api_key(api_key):
"""Получение пользователя по API ключу - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
if not api_key:
return None, None
users = load_users()
for username, user_data in users.items():
# Проверяем, что user_data является словарем
if isinstance(user_data, dict) and user_data.get('api_key') == api_key:
return username, user_data
return None, None
# ---------- БАНКОВСКИЕ ОПЕРАЦИИ ----------
def daily_update():
"""Ежедневное обновление депозитов и кредитов"""
users = load_users()
updated = False
updated_users = []
for user_id, u in users.items():
if isinstance(u, dict): # Проверяем, что это словарь
if u.get('deposit', 0) > 0:
u['deposit'] = int(u['deposit'] * 1.01)
updated = True
updated_users.append(user_id)
if u.get('credit', 0) > 0:
u['credit'] = int(u['credit'] * 1.05)
updated = True
if user_id not in updated_users:
updated_users.append(user_id)
if updated:
save_users(users)
ws_emit_system("bank.daily_update", {"users": updated_users})
for username in updated_users:
ws_emit_balance_update(username)
def add_history(user, action, amount, target=None):
"""Добавление записи в историю"""
hist = load_history()
history_item = {
"time": int(time.time()),
"user": user,
"action": action,
"amount": amount,
"target": target,
"id": str(uuid.uuid4())[:8]
}
hist.append(history_item)
save_history(hist)
ws_emit_user(user, "history.new", history_item)
ws_emit_system("history.new", {
"user": user,
"action": action,
"amount": amount,
"target": target
})
ws_emit_balance_update(user)
# ---------- ДЕКОРАТОРЫ ----------
def login_required(f):
"""Декоратор для проверки авторизации"""
@wraps(f)
def decorated_function(*args, **kwargs):
if 'user' not in session:
return redirect('/')
return f(*args, **kwargs)
return decorated_function
def web_roles_required(*allowed_roles):
"""Проверка ролей для WEB-маршрутов (требует активную сессию)"""
normalized_allowed = {normalize_role(r) for r in allowed_roles}
def decorator(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if 'user' not in session:
return redirect('/')
users = load_users()
user_data = users.get(session['user'])
if not isinstance(user_data, dict):
return redirect('/')
user_role = get_user_role(user_data)
if user_role not in normalized_allowed:
return redirect('/dashboard')
return f(*args, **kwargs)
return decorated_function
return decorator
def admin_required(f):
"""Декоратор для проверки прав администратора"""
return web_roles_required(ROLE_ADMIN)(f)
# ИСПРАВЛЕННЫЙ ДЕКОРАТОР API
def api_key_required(f):
"""Декоратор для проверки API ключа - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
@wraps(f)
def decorated_function(*args, **kwargs):
api_key = None
# 1. Проверяем заголовок X-API-Key
if 'X-API-Key' in request.headers:
api_key = request.headers.get('X-API-Key')
# 2. Проверяем параметр запроса api_key
if not api_key and request.args.get('api_key'):
api_key = request.args.get('api_key')
# 3. Проверяем JSON тело
if not api_key and request.is_json:
try:
data = request.get_json()
if data and 'api_key' in data:
api_key = data.get('api_key')
except:
pass
# 4. Проверяем форму
if not api_key and request.form.get('api_key'):
api_key = request.form.get('api_key')
if not api_key:
return jsonify({'success': False, 'error': 'API key required'}), 401
# Получаем пользователя по API ключу
username, user_data = get_user_by_api_key(api_key)
if not username:
return jsonify({'success': False, 'error': 'Invalid API key'}), 401
# Сохраняем данные пользователя в объекте request
request.username = username
request.user_data = user_data
request.user_role = get_user_role(user_data)
return f(*args, **kwargs)
return decorated_function
def api_roles_required(*allowed_roles):
"""Проверка ролей для API маршрутов (использовать после api_key_required)"""
normalized_allowed = {normalize_role(r) for r in allowed_roles}
def decorator(f):
@wraps(f)
def decorated_function(*args, **kwargs):
user_role = getattr(request, "user_role", get_user_role(getattr(request, "user_data", {})))
if user_role not in normalized_allowed:
return jsonify({
"success": False,
"error": "Access denied for your role",
"role": user_role
}), 403
return f(*args, **kwargs)
return decorated_function
return decorator
# ---------- HTML ШАБЛОНЫ ----------
def render_login(error_message="", twofa_mode=False, username_hint=""):
safe_error = html.escape(str(error_message or "").strip())
alert_html = f'<div class="alert alert-danger mt-3">{safe_error}</div>' if safe_error else ""
safe_username_hint = html.escape(str(username_hint or "").strip())
security_notice_html = '<div class="alert alert-warning mt-3 mb-0 small"><strong>Важно:</strong> Мы не гарантируем полную безопасность сервиса. Все пароли хранятся в открытом виде, в базе данных, всем этим заведует один человек, поэтому я не гарантирую полную безопасность. Если понадобится восстановление, пишите на почту kompania.bank@gmail.com.</div>'
subtitle = "Вход в систему"
auth_form_html = '''
<form method="post">
<div class="mb-3">
<label class="form-label">Логин</label>
<div class="input-group">
<span class="input-group-text"><i class="fas fa-user"></i></span>
<input type="text" name="username" class="form-control" placeholder="Введите логин" required>
</div>
</div>
<div class="mb-4">
<label class="form-label">Пароль</label>
<div class="input-group">
<span class="input-group-text"><i class="fas fa-lock"></i></span>
<input type="password" name="password" class="form-control" placeholder="Введите пароль" required>
</div>
</div>
<button type="submit" class="btn btn-primary w-100 mb-3">
<i class="fas fa-sign-in-alt me-2"></i>Войти
</button>
<div class="text-center">
<p class="mb-0">Нет аккаунта? <a href="/register" class="text-decoration-none">Зарегистрироваться</a></p>
</div>
</form>
'''
if twofa_mode:
subtitle = f'Подтверждение входа: <b>{safe_username_hint or "пользователь"}</b>'
auth_form_html = '''
<form method="post">
<input type="hidden" name="login_step" value="2fa">
<div class="alert alert-info">
<i class="fas fa-shield-alt me-2"></i>
Введите 6-значный код из приложения-аутентификатора
</div>
<div class="mb-4">
<label class="form-label">Код 2FA</label>
<div class="input-group">
<span class="input-group-text"><i class="fas fa-mobile-alt"></i></span>
<input type="text" name="twofa_code" class="form-control" placeholder="123456" inputmode="numeric" autocomplete="one-time-code" maxlength="6" pattern="[0-9]{6}" required autofocus>
</div>
</div>
<button type="submit" class="btn btn-primary w-100 mb-3">
<i class="fas fa-check-circle me-2"></i>Подтвердить вход
</button>
<div class="text-center">
<p class="mb-0"><a href="/?reset_2fa=1" class="text-decoration-none">Войти под другим пользователем</a></p>
</div>
</form>
'''
page = '''
<!DOCTYPE html>
<html lang="ru">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Банк "Школьный" | Вход в систему</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
<style>
:root {
--primary: #4361ee;
--secondary: #3a0ca3;
--gradient: linear-gradient(135deg, #4361ee 0%, #3a0ca3 100%);
}
* {
box-sizing: border-box;
}
body {
margin: 0;
background: var(--gradient);
min-height: 100vh;
display: flex;
justify-content: center;
align-items: center;
padding: 16px;
font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
}
.auth-shell {
width: min(420px, 100%);
}
.container, .row, .col-md-5 {
width: 100%;
margin: 0;
padding: 0;
}
.login-card {
background: white;
border-radius: 20px;
box-shadow: 0 20px 40px rgba(0,0,0,0.1);
overflow: hidden;
}
.login-header {
background: var(--gradient);
color: white;
padding: 28px 24px;
text-align: center;
}
.login-header h2 {
font-size: 1.4rem;
line-height: 1.25;
margin-bottom: 8px;
}
.login-body {
padding: 24px 20px;
}
.form-label {
display: block;
margin-bottom: 8px;
font-weight: 600;
color: #283247;
}
.input-group {
display: flex;
align-items: center;
border: 2px solid #e9ecef;
border-radius: 10px;
overflow: hidden;
background: #fff;
transition: all 0.3s;
}
.input-group:focus-within {
border-color: var(--primary);
box-shadow: 0 0 0 0.25rem rgba(67, 97, 238, 0.25);
}
.input-group-text {
border: none;
background: #f8f9ff;
padding: 0 12px;
color: #657089;
display: inline-flex;
align-items: center;
justify-content: center;
}
.form-control {
border: none;
border-radius: 0;
padding: 12px 15px;
transition: all 0.3s;
flex: 1;
min-width: 0;
}
.form-control:focus {
outline: none;
box-shadow: none;
}
.btn-primary {
background: var(--gradient);
border: none;
border-radius: 10px;
padding: 12px;
font-weight: 600;
transition: all 0.3s;
color: white;
width: 100%;
cursor: pointer;
}
.btn-primary:hover {
transform: translateY(-2px);
box-shadow: 0 10px 20px rgba(67, 97, 238, 0.3);
}
.btn {
display: inline-flex;
align-items: center;
justify-content: center;
}
.alert {
border-radius: 10px;
}
.text-center {
text-align: center;
}
.mb-0 {
margin-bottom: 0;
}
.mb-3 {
margin-bottom: 1rem;
}
.mb-4 {
margin-bottom: 1.5rem;
}
.w-100 {
width: 100%;
}
.me-2 {
margin-right: 0.5rem;
}
a {
color: var(--primary);
}
.text-decoration-none {
text-decoration: none;
}
@media (min-width: 992px) {
body {
padding: 24px;
}
.auth-shell {
width: 420px;
}
}
</style>
</head>
<body>
<div class="auth-shell">
<div class="container">
<div class="row justify-content-center">
<div class="col-md-5">
<div class="login-card">
<div class="login-header">
<i class="fas fa-university fa-3x mb-3"></i>
<h2>Добро пожаловать в Банк "Школьный"</h2>
<p class="mb-0">__AUTH_SUBTITLE__</p>
</div>
<div class="login-body">
__AUTH_FORM__
__AUTH_ALERT__
__SECURITY_NOTICE__
</div>
</div>
</div>
</div>
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>
'''
return (
page.replace("__AUTH_SUBTITLE__", subtitle)
.replace("__AUTH_FORM__", auth_form_html)
.replace("__AUTH_ALERT__", alert_html)
.replace("__SECURITY_NOTICE__", security_notice_html)
)
def render_register():
return '''
<!DOCTYPE html>
<html lang="ru">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Банк "Школьный" | Регистрация</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
<style>
:root {
--primary: #4361ee;
--secondary: #3a0ca3;
--gradient: linear-gradient(135deg, #4361ee 0%, #3a0ca3 100%);
}
* {
box-sizing: border-box;
}
body {
margin: 0;
background: var(--gradient);
min-height: 100vh;
display: flex;
justify-content: center;
align-items: center;
padding: 16px;
font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
}
.auth-shell {
width: min(460px, 100%);
}
.container, .row, .col-md-6 {
width: 100%;
margin: 0;
padding: 0;
}
.register-card {
background: white;
border-radius: 20px;
box-shadow: 0 20px 40px rgba(0,0,0,0.1);
overflow: hidden;
}
.register-header {
background: var(--gradient);
color: white;
padding: 28px 24px;
text-align: center;
}
.register-header h2 {
font-size: 1.3rem;
line-height: 1.25;
margin-bottom: 8px;
}
.register-body {
padding: 24px 20px;
}
.form-label {
display: block;
margin-bottom: 8px;
font-weight: 600;
color: #283247;
}
.form-control {
border: 2px solid #e9ecef;
border-radius: 10px;
padding: 12px 15px;
transition: all 0.3s;
width: 100%;
}
.form-control:focus {
border-color: var(--primary);
outline: none;
box-shadow: 0 0 0 0.25rem rgba(67, 97, 238, 0.25);
}
.btn-primary {
background: var(--gradient);
border: none;
border-radius: 10px;
padding: 12px;
font-weight: 600;
transition: all 0.3s;
color: white;
width: 100%;
cursor: pointer;
}
.btn-primary:hover {
transform: translateY(-2px);
box-shadow: 0 10px 20px rgba(67, 97, 238, 0.3);
}
.btn {
display: inline-flex;
align-items: center;
justify-content: center;
}
.text-center {
text-align: center;
}
.mb-0 {
margin-bottom: 0;
}
.mb-3 {
margin-bottom: 1rem;
}
.mb-4 {
margin-bottom: 1.5rem;
}
.w-100 {
width: 100%;
}
.me-2 {
margin-right: 0.5rem;
}
a {
color: var(--primary);
}
.text-decoration-none {
text-decoration: none;
}
@media (min-width: 992px) {
body {
padding: 24px;
}
.auth-shell {
width: 460px;
}
}
</style>
</head>
<body>
<div class="auth-shell">
<div class="container">
<div class="row justify-content-center">
<div class="col-md-6">
<div class="register-card">
<div class="register-header">
<i class="fas fa-user-plus fa-3x mb-3"></i>
<h2>Регистрация аккаунта в банке "Школьный"</h2>
<p class="mb-0">Создайте свой банковский аккаунт</p>
</div>
<div class="register-body">
<form method="post">
<div class="row">
<div class="col-md-6 mb-3">
<label class="form-label">Логин</label>
<input type="text" name="username" class="form-control" placeholder="Придумайте логин" required>
</div>
<div class="col-md-6 mb-3">
<label class="form-label">Пароль</label>
<input type="password" name="password" class="form-control" placeholder="Придумайте пароль" required>
</div>
</div>
<div class="row">
<div class="col-md-6 mb-3">
<label class="form-label">Имя</label>
<input type="text" name="first_name" class="form-control" placeholder="Ваше имя" required>
</div>
<div class="col-md-6 mb-3">
<label class="form-label">Фамилия</label>
<input type="text" name="last_name" class="form-control" placeholder="Ваша фамилия" required>
</div>
</div>
<div class="mb-4">
<label class="form-label">Email</label>
<input type="email" name="email" class="form-control" placeholder="email@example.com" required>
</div>
<div class="alert alert-warning small">
<strong>Важно:</strong> Мы не гарантируем полную безопасность сервиса. Все пароли хранятся в открытом виде, в базе данных, всем этим заведует один человек, поэтому я не гарантирую полную безопасность. Если понадобится восстановление, пишите на почту kompania.bank@gmail.com.
</div>
<button type="submit" class="btn btn-primary w-100 mb-3">
<i class="fas fa-user-plus me-2"></i>Создать аккаунт
</button>
<div class="text-center">
<p class="mb-0">Уже есть аккаунт? <a href="/" class="text-decoration-none">Войти</a></p>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>
'''
def render_dashboard(user_data, history_data, shop_data=None, crypto_market=None, crypto_flash=None, active_tab="services"):
"""Генерация HTML личного кабинета"""
current_role = get_user_role(user_data)
can_take_credit = current_role in CREDIT_ROLES
can_trade_crypto = current_role in CRYPTO_ROLES
allowed_tabs = {"services", "shop", "history", "api"}
if can_trade_crypto:
allowed_tabs.add("crypto")
if active_tab not in allowed_tabs:
active_tab = "services"
if not isinstance(crypto_market, dict):
crypto_market = load_crypto_market()
crypto_market, decayed = apply_serkripto_idle_decay(crypto_market)
if decayed:
save_crypto_market(crypto_market)
ws_emit_crypto_market_event(crypto_market, "idle_decay")
crypto_price = round(float(crypto_market.get("price", 0.0)), 4)
crypto_user_amount = get_user_serkripto_amount(user_data)
crypto_portfolio_value = round(crypto_user_amount * crypto_price, 2)
crypto_stats = crypto_market.get("stats", {})
if not isinstance(crypto_stats, dict):
crypto_stats = {}
crypto_buy_ops = int(crypto_stats.get("buy_ops", 0))
crypto_sell_ops = int(crypto_stats.get("sell_ops", 0))
crypto_buy_volume = round(float(crypto_stats.get("buy_volume", 0.0)), 6)
crypto_sell_volume = round(float(crypto_stats.get("sell_volume", 0.0)), 6)
decay_rate_pct = round(float(crypto_market.get("idle_decay_rate", 0.0)) * 100, 3)
decay_interval = int(crypto_market.get("idle_decay_interval_sec", 30))
net_flow = round(crypto_buy_volume - crypto_sell_volume, 6)
max_buy_amount = max(0, int(user_data.get("balance", 0))) if isinstance(user_data, dict) else 0
max_sell_quantity = max(0.0, crypto_user_amount)
crypto_flash_html = ""
if isinstance(crypto_flash, dict) and crypto_flash.get("text"):
flash_class = crypto_flash.get("class", "info")
flash_text = str(crypto_flash.get("text"))
crypto_flash_html = f'<div class="alert alert-{flash_class} mb-3">{flash_text}</div>'
# Форматирование времени истории
for h in history_data:
h['formatted_time'] = datetime.fromtimestamp(h['time']).strftime('%d.%m.%Y %H:%M')
# HTML для истории
history_html = ""
for h in history_data[-10:][::-1]:
icon = "fa-history"
color = "text-primary"
if "deposit" in h['action']:
icon = "fa-piggy-bank"
color = "text-info"
elif "credit" in h['action']:
icon = "fa-credit-card"
color = "text-warning"
elif "transfer" in h['action']:
icon = "fa-exchange-alt"
color = "text-primary"
elif "card" in h['action']:
icon = "fa-credit-card"
color = "text-success"
elif "api" in h['action']:
icon = "fa-key"
color = "text-secondary"
elif "shop" in h['action'] or "item" in h['action'] or "advertisement" in h['action']:
icon = "fa-shopping-cart"
color = "text-success"
elif "payment" in h['action']:
icon = "fa-credit-card"
color = "text-success"
history_html += f'''
<tr>
<td><i class="fas {icon} {color} me-2"></i>{h['formatted_time']}</td>
<td><span class="badge bg-light text-dark">{h['user']}</span></td>
<td>{h['action']}</td>
<td class="fw-bold">{h['amount']:,} ₽</td>
<td>{h.get('target', '-')}</td>
</tr>
'''
# HTML для API ключа
api_key_html = ""
if user_data.get('api_key'):
api_key_html = f'''
<div class="alert alert-success">
<h6><i class="fas fa-key me-2"></i>Ваш API ключ</h6>
<div class="input-group">
<input type="text" id="apiKey" class="form-control" value="{user_data['api_key']}" readonly>
<button class="btn btn-outline-secondary" type="button" onclick="copyApiKey()">
<i class="fas fa-copy"></i>
</button>
</div>
<small class="text-muted">Используйте этот ключ для доступа к API</small>
</div>
'''
else:
api_key_html = '''
<div class="alert alert-warning">
<h6><i class="fas fa-key me-2"></i>API ключ не создан</h6>
<form action="/generate_api_key" method="post">
<button type="submit" class="btn btn-primary btn-sm">
<i class="fas fa-plus me-1"></i>Создать API ключ
</button>
</form>
</div>
'''
# HTML для магазина
shop_tab_content = ""
if shop_data:
# Товары
shop_items_html = ""
available_items = [item for item in shop_data["items"] if item["status"] == "available"]
if available_items:
for item in available_items[-10:][::-1]: # Последние 10 товаров
created_date = datetime.fromtimestamp(item["created"]).strftime('%d.%m.%Y')
shop_items_html += f'''
<div class="col-md-6 col-lg-4">
<div class="card h-100 shop-item-card">
<div class="card-body">
<h5 class="card-title">{item["title"]}</h5>
<p class="card-text">{item["description"]}</p>
<p class="card-text">
<small class="text-muted">Продавец: {item["seller"]}</small><br>
<small class="text-muted">Категория: {item["category"]}</small><br>
<small class="text-muted">Дата: {created_date}</small>
</p>
<div class="d-flex justify-content-between align-items-center">
<span class="h4 text-success">{item["price"]:,} ₽</span>
<form action="/buy_item/{item['id']}" method="post">
<button type="submit" class="btn btn-primary">
<i class="fas fa-shopping-cart me-1"></i> Купить
</button>
</form>
</div>
</div>
</div>
</div>
'''
else:
shop_items_html = '''
<div class="col-12">
<div class="alert alert-info">
<i class="fas fa-info-circle me-2"></i>
В магазине пока нет товаров. Будьте первым, кто добавит товар!
</div>
</div>
'''
# Объявления
ads_html = ""
active_ads = [ad for ad in shop_data["ads"] if ad["status"] == "active"]
if active_ads:
for ad in active_ads[-10:][::-1]: # Последние 10 объявлений
created_date = datetime.fromtimestamp(ad["created"]).strftime('%d.%m.%Y')
ads_html += f'''
<div class="col-md-6">
<div class="card h-100">
<div class="card-body">
<h5 class="card-title">{ad["title"]}</h5>
<p class="card-text">{ad["content"]}</p>
<p class="card-text">
<small class="text-muted">Автор: {ad["author"]}</small><br>
<small class="text-muted">Контакты: {ad["contact_info"]}</small><br>
<small class="text-muted">Дата: {created_date}</small>
</p>
</div>
</div>
</div>
'''
shop_tab_content = f'''
<div class="tab-pane fade" id="shop">
<div class="row mb-4">
<div class="col-12">
<div class="d-flex justify-content-between mb-3">
<h4><i class="fas fa-store me-2"></i>Магазин</h4>
<div>
<button class="btn btn-success me-2" data-bs-toggle="modal" data-bs-target="#addItemModal">
<i class="fas fa-plus me-1"></i>Добавить товар
</button>
<button class="btn btn-info" data-bs-toggle="modal" data-bs-target="#addAdModal">
<i class="fas fa-bullhorn me-1"></i>Добавить объявление
</button>
</div>
</div>
</div>
</div>
<h5><i class="fas fa-shopping-bag me-2"></i>Товары в магазине</h5>
<div class="row g-4 mb-4">
{shop_items_html}
</div>
<h5><i class="fas fa-bullhorn me-2"></i>Объявления</h5>
<div class="row g-4">
{ads_html}
</div>
</div>
'''
crypto_tab_content = f'''
<div class="tab-pane fade" id="crypto">
<div class="row g-4">
<div class="col-lg-7">
<div class="card border-0 shadow-sm">
<div class="card-body">
<h4 class="mb-3"><i class="fas fa-coins text-warning me-2"></i>{SERKRIPTO_NAME} ({crypto_market.get("symbol", SERKRIPTO_SYMBOL)})</h4>
{crypto_flash_html}
<div class="crypto-price-box mb-3">
<div class="small text-muted">Текущая цена</div>
<div class="display-6 fw-bold">{crypto_price:,.4f} ₽</div>
<div class="small text-muted mt-1">
Если монету покупают, цена растет. Если покупок нет и идут продажи, цена снижается.
</div>
</div>
<div class="row g-3 mb-3">
<div class="col-md-6">
<div class="crypto-stat">
<div class="text-muted small">У вас монет</div>
<div class="h5 mb-0">{crypto_user_amount:,.6f} {crypto_market.get("symbol", SERKRIPTO_SYMBOL)}</div>
</div>
</div>
<div class="col-md-6">
<div class="crypto-stat">
<div class="text-muted small">Оценка портфеля</div>
<div class="h5 mb-0">{crypto_portfolio_value:,.2f} ₽</div>
</div>
</div>
</div>
<div class="small text-muted">
Автоспад цены без покупок: {decay_rate_pct}% каждые {decay_interval} сек.
</div>
</div>
</div>
</div>
<div class="col-lg-5">
<div class="card border-0 shadow-sm mb-3">
<div class="card-body">
<h5 class="mb-3"><i class="fas fa-arrow-up text-success me-2"></i>Купить {SERKRIPTO_NAME}</h5>
<form action="/crypto/buy" method="post">
<label class="form-label">Сумма покупки (₽)</label>
<div class="input-group mb-2">
<input type="number" id="cryptoBuyAmount" name="amount" class="form-control" min="1" step="1" max="{max_buy_amount}" data-max-value="{max_buy_amount}" required placeholder="Например: 1000">
<button type="button" class="btn btn-outline-secondary" id="cryptoBuyMaxBtn">Максимум</button>
</div>
<small class="text-muted d-block mb-3">Максимум для покупки: {max_buy_amount:,} ₽</small>
<button type="submit" class="btn btn-success w-100">
<i class="fas fa-cart-plus me-1"></i>Купить
</button>
</form>
</div>
</div>
<div class="card border-0 shadow-sm">
<div class="card-body">
<h5 class="mb-3"><i class="fas fa-arrow-down text-danger me-2"></i>Продать {SERKRIPTO_NAME}</h5>
<form action="/crypto/sell" method="post">
<label class="form-label">Количество монет</label>
<div class="input-group mb-2">
<input type="number" id="cryptoSellQuantity" name="quantity" class="form-control" min="0.000001" step="0.000001" max="{max_sell_quantity:.6f}" data-max-value="{max_sell_quantity:.6f}" required placeholder="Например: 0.250000">
<button type="button" class="btn btn-outline-secondary" id="cryptoSellMaxBtn">Максимум</button>
</div>
<small class="text-muted d-block mb-3">Максимум для продажи: {max_sell_quantity:,.6f} {crypto_market.get("symbol", SERKRIPTO_SYMBOL)}</small>
<button type="submit" class="btn btn-danger w-100">
<i class="fas fa-money-bill-wave me-1"></i>Продать
</button>
</form>
</div>
</div>
</div>
</div>
<div class="card border-0 shadow-sm mt-4">
<div class="card-body">
<h5 class="mb-3"><i class="fas fa-chart-line me-2"></i>Статистика рынка</h5>
<div class="row g-3">
<div class="col-md-3">
<div class="crypto-stat"><div class="text-muted small">Покупок</div><div class="h6 mb-0">{crypto_buy_ops}</div></div>
</div>
<div class="col-md-3">
<div class="crypto-stat"><div class="text-muted small">Продаж</div><div class="h6 mb-0">{crypto_sell_ops}</div></div>
</div>
<div class="col-md-3">
<div class="crypto-stat"><div class="text-muted small">Куплено монет</div><div class="h6 mb-0">{crypto_buy_volume:,.6f}</div></div>
</div>
<div class="col-md-3">
<div class="crypto-stat"><div class="text-muted small">Чистый поток</div><div class="h6 mb-0 {'text-success' if net_flow >= 0 else 'text-danger'}">{net_flow:,.6f}</div></div>
</div>
</div>
</div>
</div>
</div>
'''
crypto_tab_block = crypto_tab_content if can_trade_crypto else ""
crypto_nav_tab = ""
crypto_service_card = ""
if can_trade_crypto:
crypto_nav_tab = '''
<li class="nav-item">
<a class="nav-link" data-bs-toggle="tab" href="#crypto">
<i class="fas fa-coins me-1"></i>SerKripto
</a>
</li>
'''
crypto_service_card = '''
<div class="service-card">
<h5><i class="fas fa-coins text-warning me-2"></i>SerKripto</h5>
<p class="text-muted">Покупки поднимают курс, продажи и отсутствие покупок снижают цену.</p>
</div>
'''
credit_action_btn = ""
if can_take_credit:
credit_action_btn = '''
<button class="btn btn-outline-primary" data-bs-toggle="modal" data-bs-target="#creditModal">
<i class="fas fa-money-bill-wave me-1"></i>Взять кредит
</button>
'''
# HTML для админ-панели
admin_tab = ""
if current_role == ROLE_ADMIN:
admin_tab = '''
<li class="nav-item">
<a class="nav-link" href="/admin">
<i class="fas fa-cogs me-2"></i>Админ-панель
</a>
</li>
'''
teacher_tab = ""
if current_role in [ROLE_TEACHER, ROLE_ADMIN]:
teacher_tab = '''
<li class="nav-item">
<a class="nav-link" href="/teacher">
<i class="fas fa-school me-2"></i>Учительская панель
</a>
</li>
'''
student_tab = ""
student_panel_btn = ""
if current_role == ROLE_STUDENT:
student_tab = '''
<li class="nav-item">
<a class="nav-link" href="/student_panel">
<i class="fas fa-user-graduate me-2"></i>Панель ученика
</a>
</li>
'''
student_panel_btn = '''
<a href="/student_panel" class="btn btn-info">
<i class="fas fa-chart-line me-1"></i>Моя успеваемость
</a>
'''
parent_tab = ""
parent_panel_btn = ""
if current_role == ROLE_PARENT:
parent_tab = '''
<li class="nav-item">
<a class="nav-link" href="/parent_panel">
<i class="fas fa-people-roof me-2"></i>Родительская панель
</a>
</li>
'''
parent_panel_btn = '''
<a href="/parent_panel" class="btn btn-secondary">
<i class="fas fa-children me-1"></i>Мои дети
</a>
'''
manager_tab = ""
manager_panel_btn = ""
if current_role in [ROLE_MANAGER, ROLE_ADMIN]:
manager_tab = '''
<li class="nav-item">
<a class="nav-link" href="/manager_panel">
<i class="fas fa-briefcase me-2"></i>Панель менеджера
</a>
</li>
'''
manager_panel_btn = '''
<a href="/manager_panel" class="btn btn-dark">
<i class="fas fa-chart-pie me-1"></i>Аналитика
</a>
'''
return f'''
<!DOCTYPE html>
<html lang="ru">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Банк "Школьный" | Личный кабинет</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
<style>
:root {{
--primary: #4361ee;
--secondary: #3a0ca3;
--gradient: linear-gradient(135deg, #4361ee 0%, #3a0ca3 100%);
}}
body {{
font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
background: #f5f7fb;
}}
.navbar-custom {{
background: var(--gradient) !important;
box-shadow: 0 4px 20px rgba(67, 97, 238, 0.3);
}}
.sidebar {{
background: white;
border-radius: 15px;
box-shadow: 0 5px 15px rgba(0,0,0,0.05);
padding: 20px;
height: fit-content;
}}
.main-content {{
background: white;
border-radius: 15px;
box-shadow: 0 5px 15px rgba(0,0,0,0.05);
padding: 25px;
}}
.balance-card {{
background: var(--gradient);
color: white;
border-radius: 15px;
padding: 20px;
margin-bottom: 20px;
}}
.stat-card {{
background: white;
border-radius: 15px;
padding: 15px;
box-shadow: 0 3px 10px rgba(0,0,0,0.05);
border-left: 4px solid var(--primary);
margin-bottom: 15px;
}}
.nav-tabs .nav-link {{
border: none;
border-radius: 10px;
padding: 10px 15px;
margin: 0 5px;
color: #666;
font-weight: 500;
}}
.nav-tabs .nav-link.active {{
background: var(--gradient);
color: white;
}}
.table-custom {{
background: white;
border-radius: 12px;
overflow: hidden;
box-shadow: 0 3px 10px rgba(0,0,0,0.05);
}}
.table-custom thead {{
background: var(--gradient);
color: white;
}}
.btn-primary {{
background: var(--gradient);
border: none;
border-radius: 10px;
padding: 8px 15px;
font-weight: 600;
}}
.btn-primary:hover {{
transform: translateY(-2px);
box-shadow: 0 5px 15px rgba(67, 97, 238, 0.3);
}}
.modal-header {{
background: var(--gradient);
color: white;
}}
.services-grid {{
display: grid;
grid-template-columns: repeat(auto-fill, minmax(250px, 1fr));
gap: 20px;
margin-top: 20px;
}}
.service-card {{
background: white;
border-radius: 12px;
padding: 20px;
box-shadow: 0 3px 10px rgba(0,0,0,0.05);
border-left: 4px solid var(--primary);
transition: all 0.3s;
}}
.service-card:hover {{
transform: translateY(-5px);
box-shadow: 0 10px 20px rgba(0,0,0,0.1);
}}
.api-docs {{
background: #f8f9fa;
border-radius: 10px;
padding: 20px;
margin-top: 20px;
}}
.code-block {{
background: #1e1e1e;
color: #d4d4d4;
padding: 15px;
border-radius: 5px;
font-family: "Courier New", monospace;
overflow-x: auto;
margin: 10px 0;
}}
.shop-item-card {{
transition: all 0.3s;
}}
.shop-item-card:hover {{
transform: translateY(-5px);
box-shadow: 0 10px 20px rgba(0,0,0,0.1);
}}
.crypto-price-box {{
background: linear-gradient(135deg, #f7fbff 0%, #eef3ff 100%);
border: 1px solid #d8e4ff;
border-radius: 12px;
padding: 16px;
}}
.crypto-stat {{
background: #f8faff;
border: 1px solid #e5edff;
border-radius: 10px;
padding: 12px;
height: 100%;
}}
</style>
</head>
<body>
<nav class="navbar navbar-expand-lg navbar-custom navbar-dark">
<div class="container">
<a class="navbar-brand d-flex align-items-center" href="/dashboard">
<i class="fas fa-university fa-2x me-2"></i>
<div>
<h4 class="mb-0">Банк "Школьный"</h4>
<small class="opacity-75">Финансовая система в школьных условиях</small>
</div>
</a>
<div class="d-flex align-items-center">
<span class="badge bg-light text-dark me-3">
<i class="fas fa-user-circle me-1"></i>
{session['user']} ({get_user_role(user_data)})
</span>
<a href="/logout" class="btn btn-outline-light btn-sm">
<i class="fas fa-sign-out-alt me-1"></i>Выход
</a>
</div>
</div>
</nav>
<div class="container mt-4 mb-5">
<div class="row g-4">
<div class="col-lg-3">
<div class="sidebar">
<h5 class="mb-3"><i class="fas fa-chart-line me-2"></i>Финансы</h5>
<div class="balance-card">
<h6 class="opacity-75">Текущий баланс</h6>
<h2 class="{'text-success' if user_data['balance'] >= 0 else 'text-danger'}">
{user_data['balance']:,}
</h2>
<small>Доступные средства</small>
</div>
<div class="stat-card">
<div class="d-flex justify-content-between">
<div>
<h6>Вклад</h6>
<h5 class="text-success">{user_data['deposit']:,} ₽</h5>
</div>
<i class="fas fa-piggy-bank fa-2x text-success"></i>
</div>
<small class="text-muted">+1% ежедневно</small>
</div>
<div class="stat-card">
<div class="d-flex justify-content-between">
<div>
<h6>Кредит</h6>
<h5 class="text-danger">{user_data['credit']:,} ₽</h5>
</div>
<i class="fas fa-credit-card fa-2x text-danger"></i>
</div>
<small class="text-muted">+5% ежедневно</small>
</div>
<div class="mt-3">
<h6><i class="fas fa-wallet me-2"></i>Операции</h6>
<div class="d-grid gap-2 mt-2">
<button class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#depositModal">
<i class="fas fa-plus-circle me-1"></i>Пополнить вклад
</button>
{credit_action_btn}
<button class="btn btn-outline-success" data-bs-toggle="modal" data-bs-target="#transferModal">
<i class="fas fa-exchange-alt me-1"></i>Перевод
</button>
<a href="/payment_page" class="btn btn-warning">
<i class="fas fa-credit-card me-1"></i>Оплата
</a>
{student_panel_btn}
{parent_panel_btn}
{manager_panel_btn}
</div>
</div>
<div class="mt-4">
{api_key_html}
</div>
</div>
</div>
<div class="col-lg-9">
<div class="main-content">
<ul class="nav nav-tabs mb-4">
<li class="nav-item">
<a class="nav-link active" data-bs-toggle="tab" href="#services">
<i class="fas fa-concierge-bell me-1"></i>Услуги
</a>
</li>
<li class="nav-item">
<a class="nav-link" data-bs-toggle="tab" href="#shop">
<i class="fas fa-store me-1"></i>Магазин
</a>
</li>
{crypto_nav_tab}
<li class="nav-item">
<a class="nav-link" data-bs-toggle="tab" href="#history">
<i class="fas fa-history me-1"></i>История
</a>
</li>
<li class="nav-item">
<a class="nav-link" data-bs-toggle="tab" href="#api">
<i class="fas fa-code me-1"></i>API
</a>
</li>
{student_tab}
{parent_tab}
{manager_tab}
{teacher_tab}
{admin_tab}
</ul>
<div class="tab-content">
<div class="tab-pane fade show active" id="services">
<div class="services-grid">
<div class="service-card">
<h5><i class="fas fa-piggy-bank text-primary me-2"></i>Вклады</h5>
<p class="text-muted">Откройте вклад под 1% ежедневно и получайте пассивный доход.</p>
</div>
<div class="service-card">
<h5><i class="fas fa-credit-card text-success me-2"></i>Кредиты</h5>
<p class="text-muted">Получите кредит на любые цели. Ставка 5% ежедневно.</p>
</div>
<div class="service-card">
<h5><i class="fas fa-exchange-alt text-info me-2"></i>Переводы</h5>
<p class="text-muted">Быстрые переводы между клиентами банка без комиссий.</p>
</div>
<div class="service-card">
<h5><i class="fas fa-store text-danger me-2"></i>Магазин</h5>
<p class="text-muted">Покупайте и продавайте товары, размещайте объявления.</p>
</div>
<div class="service-card">
<h5><i class="fas fa-credit-card text-secondary me-2"></i>Платежи</h5>
<p class="text-muted">Принимайте платежи от клиентов через API или ссылки.</p>
</div>
{crypto_service_card}
<div class="service-card">
<h5><i class="fas fa-code text-dark me-2"></i>API Доступ</h5>
<p class="text-muted">Интегрируйте банковские услуги в ваши приложения через API.</p>
</div>
</div>
</div>
{shop_tab_content}
{crypto_tab_block}
<div class="tab-pane fade" id="history">
<div class="table-responsive">
<table class="table table-custom table-hover">
<thead>
<tr>
<th><i class="fas fa-clock"></i> Время</th>
<th><i class="fas fa-user"></i> Пользователь</th>
<th><i class="fas fa-tasks"></i> Операция</th>
<th><i class="fas fa-ruble-sign"></i> Сумма</th>
<th><i class="fas fa-user-friends"></i>Получатель</th>
</tr>
</thead>
<tbody>
{history_html}
</tbody>
</table>
</div>
</div>
<div class="tab-pane fade" id="api">
<div class="api-docs">
<h4><i class="fas fa-code me-2"></i>Документация API</h4>
<p>Используйте ваш API ключ для доступа к банковским операциям через REST API.</p>
<h5 class="mt-4">Базовый URL</h5>
<div class="code-block">
http://ваш-домен/api/v1/
</div>
<h5 class="mt-4">Аутентификация</h5>
<p>Добавьте заголовок с вашим API ключом:</p>
<div class="code-block">
X-API-Key: ваш_api_ключ
</div>
<p>Или передайте как параметр:</p>
<div class="code-block">
?api_key=ваш_api_ключ
</div>
<h5 class="mt-4">Доступные методы</h5>
<div class="table-responsive">
<table class="table table-bordered">
<thead>
<tr>
<th>Метод</th>
<th>Эндпоинт</th>
<th>Описание</th>
<th>Параметры</th>
</tr>
</thead>
<tbody>
<tr>
<td><span class="badge bg-info">GET</span></td>
<td>/api/v1/balance</td>
<td>Получить информацию о балансе</td>
<td>-</td>
</tr>
<tr>
<td><span class="badge bg-info">GET</span></td>
<td>/api/v1/history</td>
<td>Получить историю операций</td>
<td>limit (опционально)</td>
</tr>
<tr>
<td><span class="badge bg-success">POST</span></td>
<td>/api/v1/deposit</td>
<td>Открыть вклад</td>
<td>amount (int)</td>
</tr>
<tr>
<td><span class="badge bg-success">POST</span></td>
<td>/api/v1/credit</td>
<td>Взять кредит</td>
<td>amount (int)</td>
</tr>
<tr>
<td><span class="badge bg-success">POST</span></td>
<td>/api/v1/transfer</td>
<td>Сделать перевод</td>
<td>target (str), amount (int)</td>
</tr>
<tr>
<td><span class="badge bg-info">GET</span></td>
<td>/api/v1/shop/items</td>
<td>Получить список товаров</td>
<td>-</td>
</tr>
<tr>
<td><span class="badge bg-info">GET</span></td>
<td>/api/v1/shop/ads</td>
<td>Получить список объявлений</td>
<td>-</td>
</tr>
<tr>
<td><span class="badge bg-info">GET</span></td>
<td>/api/v1/crypto</td>
<td>Текущая цена и кошелек SerKripto</td>
<td>-</td>
</tr>
<tr>
<td><span class="badge bg-success">POST</span></td>
<td>/api/v1/crypto/buy</td>
<td>Купить SerKripto за рубли</td>
<td>amount (int)</td>
</tr>
<tr>
<td><span class="badge bg-success">POST</span></td>
<td>/api/v1/crypto/sell</td>
<td>Продать SerKripto</td>
<td>quantity (float)</td>
</tr>
<tr>
<td><span class="badge bg-success">POST</span></td>
<td>/api/v1/payment/create</td>
<td>Создать платеж</td>
<td>receiver, amount, description</td>
</tr>
</tbody>
</table>
</div>
<h5 class="mt-4">Примеры использования</h5>
<p>Python с requests:</p>
<div class="code-block">
import requests<br>
<br>
api_key = "ваш_api_ключ"<br>
base_url = "http://ваш-домен/api/v1"<br>
<br>
# Получить баланс<br>
headers = {{"X-API-Key": api_key}}<br>
response = requests.get(f"{{base_url}}/balance", headers=headers)<br>
print(response.json())<br>
<br>
# Сделать перевод<br>
data = {{"target": "получатель", "amount": 100}}<br>
response = requests.post(f"{{base_url}}/transfer", headers=headers, json=data)<br>
print(response.json())
</div>
<p>cURL:</p>
<div class="code-block">
# Получить баланс<br>
curl -H "X-API-Key: ваш_api_ключ" http://ваш-домен/api/v1/balance<br>
<br>
# Сделать перевод<br>
curl -X POST -H "X-API-Key: ваш_api_ключ" \\<br>
-H "Content-Type: application/json" \\<br>
-d '{{"target": "получатель", "amount": 100}}' \\<br>
http://ваш-домен/api/v1/transfer
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- Модальные окна -->
<div class="modal fade" id="depositModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title"><i class="fas fa-piggy-bank me-2"></i>Вклад</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal"></button>
</div>
<form action="/deposit" method="post">
<div class="modal-body">
<div class="mb-3">
<label class="form-label">Сумма вклада (₽)</label>
<input type="number" name="amount" class="form-control" min="1" required>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Отмена</button>
<button type="submit" class="btn btn-primary">Подтвердить</button>
</div>
</form>
</div>
</div>
</div>
<div class="modal fade" id="creditModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title"><i class="fas fa-credit-card me-2"></i>Кредит</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal"></button>
</div>
<form action="/credit" method="post">
<div class="modal-body">
<div class="alert alert-warning">
<i class="fas fa-exclamation-triangle me-2"></i>
Кредит выдается под 5% ежедневно
</div>
<div class="mb-3">
<label class="form-label">Сумма кредита (₽)</label>
<input type="number" name="amount" class="form-control" min="1" required>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Отмена</button>
<button type="submit" class="btn btn-primary">Взять кредит</button>
</div>
</form>
</div>
</div>
</div>
<div class="modal fade" id="transferModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title"><i class="fas fa-exchange-alt me-2"></i>Перевод</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal"></button>
</div>
<form action="/transfer" method="post">
<div class="modal-body">
<div class="mb-3">
<label class="form-label">Получатель</label>
<input type="text" name="target" class="form-control" required>
</div>
<div class="mb-3">
<label class="form-label">Сумма (₽)</label>
<input type="number" name="amount" class="form-control" min="1" required>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Отмена</button>
<button type="submit" class="btn btn-primary">Отправить</button>
</div>
</form>
</div>
</div>
</div>
<!-- Модальные окна для магазина -->
<div class="modal fade" id="addItemModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title"><i class="fas fa-plus me-2"></i>Добавить товар</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal"></button>
</div>
<form action="/create_shop_item" method="post">
<div class="modal-body">
<div class="mb-3">
<label class="form-label">Название товара</label>
<input type="text" name="title" class="form-control" required>
</div>
<div class="mb-3">
<label class="form-label">Описание</label>
<textarea name="description" class="form-control" rows="3" required></textarea>
</div>
<div class="mb-3">
<label class="form-label">Цена (₽)</label>
<input type="number" name="price" class="form-control" min="1" required>
</div>
<div class="mb-3">
<label class="form-label">Категория</label>
<select name="category" class="form-select">
<option value="electronics">Электроника</option>
<option value="clothing">Одежда</option>
<option value="books">Книги</option>
<option value="other">Другое</option>
</select>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Отмена</button>
<button type="submit" class="btn btn-primary">Добавить товар</button>
</div>
</form>
</div>
</div>
</div>
<div class="modal fade" id="addAdModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title"><i class="fas fa-bullhorn me-2"></i>Добавить объявление</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal"></button>
</div>
<form action="/create_advertisement" method="post">
<div class="modal-body">
<div class="mb-3">
<label class="form-label">Заголовок</label>
<input type="text" name="title" class="form-control" required>
</div>
<div class="mb-3">
<label class="form-label">Содержание</label>
<textarea name="content" class="form-control" rows="3" required></textarea>
</div>
<div class="mb-3">
<label class="form-label">Контактная информация</label>
<input type="text" name="contact_info" class="form-control" placeholder="Email или телефон" required>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Отмена</button>
<button type="submit" class="btn btn-primary">Добавить объявление</button>
</div>
</form>
</div>
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
<script>
// Автообновление каждые 60 секунд
setInterval(() => {{
window.location.reload();
}}, 60000);
// Восстановление активной вкладки
(() => {{
const preferredTab = "{active_tab}";
const hashTab = window.location.hash ? window.location.hash.replace("#", "") : "";
const tabToOpen = hashTab || preferredTab;
if (!tabToOpen || !window.bootstrap) return;
const trigger = document.querySelector(`a[data-bs-toggle="tab"][href="#${{tabToOpen}}"]`);
if (trigger) {{
new bootstrap.Tab(trigger).show();
}}
}})();
// Кнопки "Максимум" для покупки/продажи SerKripto
(() => {{
const bindMaxButton = (inputId, buttonId, emptyText) => {{
const input = document.getElementById(inputId);
const button = document.getElementById(buttonId);
if (!input || !button) return;
button.addEventListener("click", () => {{
const maxValue = parseFloat(input.getAttribute("data-max-value") || "0");
if (!Number.isFinite(maxValue) || maxValue <= 0) {{
alert(emptyText);
return;
}}
input.value = input.step && input.step.includes(".") ? maxValue.toFixed(6) : Math.floor(maxValue);
input.dispatchEvent(new Event("input", {{ bubbles: true }}));
}});
}};
bindMaxButton("cryptoBuyAmount", "cryptoBuyMaxBtn", "Недостаточно средств для покупки");
bindMaxButton("cryptoSellQuantity", "cryptoSellMaxBtn", "Нет монет для продажи");
}})();
// Валидация форм
document.querySelectorAll("form").forEach(form => {{
form.addEventListener("submit", function(e) {{
const inputs = this.querySelectorAll("input[type=\"number\"]");
inputs.forEach(input => {{
if (input.value && parseFloat(input.value) <= 0) {{
e.preventDefault();
alert("Пожалуйста, введите корректное значение");
}}
}});
}});
}});
// Анимация карт
// Копирование API ключа
function copyApiKey() {{
const apiKeyInput = document.getElementById("apiKey");
if (!apiKeyInput) return;
apiKeyInput.select();
apiKeyInput.setSelectionRange(0, 99999);
document.execCommand("copy");
alert("API ключ скопирован в буфер обмена!");
}}
</script>
</body>
</html>
'''
def render_admin_panel(users):
"""Генерация HTML админ-панели - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
users_html = ""
current_user = session.get('user')
valid_users_count = 0
total_balance = 0
total_deposit = 0
total_credit = 0
for username, user in users.items():
# Пропускаем текущего пользователя
if username == current_user:
continue
# Проверяем, что пользователь - словарь (корректные данные)
if not isinstance(user, dict):
continue
# Безопасно получаем данные пользователя
role = get_user_role(user)
balance = user.get('balance', 0)
deposit = user.get('deposit', 0)
credit = user.get('credit', 0)
email = user.get('email', 'нет')
# Обновляем статистику
valid_users_count += 1
total_balance += balance
total_deposit += deposit
total_credit += credit
# Определяем цвет бейджа роли
badge_color_map = {
ROLE_ADMIN: "danger",
ROLE_MANAGER: "warning",
ROLE_TEACHER: "info",
ROLE_PARENT: "primary",
ROLE_STUDENT: "secondary",
ROLE_CLIENT: "dark"
}
badge_color = badge_color_map.get(role, "dark")
users_html += f'''
<div class="col-md-6 col-lg-4">
<div class="card h-100">
<div class="card-body">
<h5 class="card-title">{username}</h5>
<p class="card-text">
<small>Роль: <span class="badge bg-{badge_color}">{role}</span></small><br>
<small>Баланс: <strong>{balance:,} ₽</strong></small><br>
<small>Вклад: <strong>{deposit:,} ₽</strong></small><br>
<small>Кредит: <strong>{credit:,} ₽</strong></small><br>
<small>Email: {email}</small>
</p>
<form action="/admin/change_role" method="post" class="mb-2">
<input type="hidden" name="username" value="{username}">
<select name="role" class="form-select form-select-sm mb-2">
<option value="{ROLE_CLIENT}" {'selected' if role == ROLE_CLIENT else ''}>Клиент</option>
<option value="{ROLE_STUDENT}" {'selected' if role == ROLE_STUDENT else ''}>Ученик</option>
<option value="{ROLE_PARENT}" {'selected' if role == ROLE_PARENT else ''}>Родитель</option>
<option value="{ROLE_TEACHER}" {'selected' if role == ROLE_TEACHER else ''}>Учитель</option>
<option value="{ROLE_MANAGER}" {'selected' if role == ROLE_MANAGER else ''}>Менеджер</option>
<option value="{ROLE_ADMIN}" {'selected' if role == ROLE_ADMIN else ''}>Админ</option>
</select>
<button type="submit" class="btn btn-warning btn-sm w-100">Изменить роль</button>
</form>
<form action="/admin/add_money" method="post">
<input type="hidden" name="username" value="{username}">
<div class="input-group input-group-sm mb-2">
<input type="number" name="amount" class="form-control" placeholder="Сумма" min="1" required>
<button class="btn btn-success" type="submit">+</button>
</div>
</form>
</div>
</div>
</div>
'''
return f'''
<!DOCTYPE html>
<html lang="ru">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Админ-панель</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
<style>
:root {{
--primary: #4361ee;
--gradient: linear-gradient(135deg, #4361ee 0%, #3a0ca3 100%);
}}
body {{
background: #f5f7fb;
padding: 20px;
}}
.admin-header {{
background: var(--gradient);
color: white;
border-radius: 15px;
padding: 20px;
margin-bottom: 20px;
}}
.card {{
border-radius: 12px;
box-shadow: 0 3px 10px rgba(0,0,0,0.05);
}}
.stat-card {{
background: white;
border-radius: 12px;
padding: 15px;
box-shadow: 0 3px 10px rgba(0,0,0,0.05);
border-left: 4px solid var(--primary);
margin-bottom: 15px;
}}
</style>
</head>
<body>
<div class="container">
<div class="admin-header">
<div class="d-flex justify-content-between align-items-center">
<div>
<h2><i class="fas fa-cogs me-2"></i>Админ-панель</h2>
<p class="mb-0">Управление пользователями</p>
</div>
<a href="/dashboard" class="btn btn-light">
<i class="fas fa-arrow-left me-1"></i>Назад
</a>
</div>
</div>
<div class="row g-4">
{users_html if users_html else '''
<div class="col-12">
<div class="alert alert-info">
<i class="fas fa-info-circle me-2"></i>
Нет других пользователей для управления.
</div>
</div>
'''}
</div>
<div class="row mt-4">
<div class="col-12">
<div class="card">
<div class="card-body">
<h5 class="card-title"><i class="fas fa-chart-bar me-2"></i>Статистика системы</h5>
<div class="row">
<div class="col-md-3">
<div class="stat-card">
<h6>Всего пользователей</h6>
<h4>{valid_users_count + 1}</h4>
</div>
</div>
<div class="col-md-3">
<div class="stat-card">
<h6>Общий баланс</h6>
<h4 class="text-success">{total_balance:,} ₽</h4>
</div>
</div>
<div class="col-md-3">
<div class="stat-card">
<h6>Общие вклады</h6>
<h4 class="text-info">{total_deposit:,} ₽</h4>
</div>
</div>
<div class="col-md-3">
<div class="stat-card">
<h6>Общие кредиты</h6>
<h4 class="text-danger">{total_credit:,} ₽</h4>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
<script>
// Валидация форм админ-панели
document.querySelectorAll("form").forEach(form => {{
form.addEventListener("submit", function(e) {{
const amountInput = this.querySelector('input[type="number"]');
if (amountInput && amountInput.value) {{
if (parseInt(amountInput.value) <= 0) {{
e.preventDefault();
alert("Сумма должна быть положительной!");
}}
}}
}});
}});
</script>
</body>
</html>
'''
# ---------- СТРАНИЦА ОПЛАТЫ ----------
def render_payment_page(created_payment=None, error_message=""):
"""Страница оплаты"""
users = load_users()
current_user = session.get("user")
user_data = users.get(current_user, {}) if isinstance(users.get(current_user), dict) else {}
api_key = user_data.get("api_key")
payment_rows = ""
payments = load_payments()
user_payments = []
for payment in payments:
if payment.get("created_by") == current_user or payment.get("payer") == current_user or payment.get("receiver") == current_user:
user_payments.append(payment)
user_payments.sort(key=lambda x: x.get("created", 0), reverse=True)
for payment in user_payments[:20]:
status = payment.get("status", "pending")
status_class = "warning"
if status == "completed":
status_class = "success"
elif status == "failed":
status_class = "danger"
elif status == "cancelled":
status_class = "secondary"
payer_label = payment.get("payer", "-")
if payment.get("allow_any_payer") and status == "pending":
payer_label = "любой"
payment_rows += f"""
<tr>
<td><small>{payment.get('id', '-')}</small></td>
<td><strong>{payment.get('amount', 0)} ₽</strong></td>
<td>{payment.get('receiver', '-')}</td>
<td>{payer_label}</td>
<td><span class="badge bg-{status_class}">{status}</span></td>
<td><small>{datetime.fromtimestamp(payment.get('created', 0)).strftime('%Y-%m-%d %H:%M:%S')}</small></td>
<td><a class="btn btn-sm btn-outline-primary" href="/pay/{payment.get('id', '')}" target="_blank">Открыть</a></td>
</tr>
"""
if not payment_rows:
payment_rows = "<tr><td colspan='7' class='text-center text-muted'>Пока нет платежей</td></tr>"
created_block = ""
if created_payment and isinstance(created_payment, dict):
payment_url = f"{request.host_url.rstrip('/')}/pay/{created_payment.get('id')}"
created_block = f"""
<div class="alert alert-success mt-3">
<h6><i class="fas fa-check-circle me-2"></i>Ссылка создана</h6>
<p class="mb-1">ID платежа: <strong>{created_payment.get('id')}</strong></p>
<div class="payment-link" id="generatedPaymentLink">{payment_url}</div>
<button class="btn btn-sm btn-outline-success" onclick="copyPaymentLink()">
<i class="fas fa-copy me-1"></i>Скопировать ссылку
</button>
</div>
"""
api_key_hint = ""
if api_key:
api_key_hint = f"""
<div class="alert alert-success">
<small><strong>Ваш API ключ:</strong> <code>{api_key}</code></small>
</div>
"""
else:
api_key_hint = """
<div class="alert alert-warning">
<small>API ключ не создан. Сначала сгенерируйте ключ в личном кабинете.</small>
</div>
"""
error_block = ""
if error_message:
error_block = f'<div class="alert alert-danger mb-3">{error_message}</div>'
return f'''
<!DOCTYPE html>
<html lang="ru">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Оплата | Банковская система</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
<style>
:root {{
--primary: #4361ee;
--secondary: #3a0ca3;
--gradient: linear-gradient(135deg, #4361ee 0%, #3a0ca3 100%);
}}
body {{
background: #f5f7fb;
font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
}}
.payment-card {{
background: white;
border-radius: 15px;
box-shadow: 0 10px 30px rgba(0,0,0,0.1);
overflow: hidden;
}}
.payment-header {{
background: var(--gradient);
color: white;
padding: 25px;
text-align: center;
}}
.payment-body {{
padding: 30px;
}}
.form-control {{
border: 2px solid #e9ecef;
border-radius: 10px;
padding: 12px 15px;
transition: all 0.3s;
}}
.form-control:focus {{
border-color: var(--primary);
box-shadow: 0 0 0 0.25rem rgba(67, 97, 238, 0.25);
}}
.btn-primary {{
background: var(--gradient);
border: none;
border-radius: 10px;
padding: 12px;
font-weight: 600;
transition: all 0.3s;
}}
.btn-primary:hover {{
transform: translateY(-2px);
box-shadow: 0 10px 20px rgba(67, 97, 238, 0.3);
}}
.api-example {{
background: #f8f9fa;
border-radius: 10px;
padding: 15px;
font-family: 'Courier New', monospace;
font-size: 14px;
margin: 10px 0;
}}
.payment-link {{
background: #e9ecef;
border-radius: 8px;
padding: 10px;
word-break: break-all;
font-family: 'Courier New', monospace;
margin: 10px 0;
}}
</style>
</head>
<body>
<nav class="navbar navbar-expand-lg navbar-dark" style="background: var(--gradient);">
<div class="container">
<a class="navbar-brand" href="/dashboard">
<i class="fas fa-university me-2"></i>
Банк | Оплата
</a>
<div>
<a href="/dashboard" class="btn btn-outline-light btn-sm">
<i class="fas fa-arrow-left me-1"></i> Назад
</a>
</div>
</div>
</nav>
<div class="container mt-4 mb-5">
<div class="row justify-content-center">
<div class="col-lg-10">
<div class="payment-card">
<div class="payment-header">
<h3><i class="fas fa-credit-card me-2"></i>Платежная система</h3>
<p class="mb-0">Создавайте ссылки и принимайте оплату</p>
</div>
<div class="payment-body">
{error_block}
{created_block}
<div class="row">
<div class="col-md-6">
<h4><i class="fas fa-link me-2"></i>Создать ссылку для оплаты</h4>
<form action="/create_payment_link" method="post" id="paymentForm">
<div class="mb-3">
<label class="form-label">Получатель (логин)</label>
<input type="text" name="receiver" class="form-control" required value="{current_user or ''}">
</div>
<div class="mb-3">
<label class="form-label">Плательщик (логин, необязательно)</label>
<input type="text" name="payer" class="form-control" placeholder="Пусто = оплатить сможет любой пользователь">
</div>
<div class="mb-3">
<label class="form-label">Сумма (₽)</label>
<input type="number" name="amount" class="form-control" min="1" required placeholder="Введите сумму">
</div>
<div class="mb-3">
<label class="form-label">Описание платежа</label>
<input type="text" name="description" class="form-control" placeholder="Оплата за товар/услугу">
</div>
<button type="submit" class="btn btn-primary w-100">
<i class="fas fa-link me-2"></i>Создать ссылку
</button>
</form>
</div>
<div class="col-md-6">
<h4><i class="fas fa-code me-2"></i>API для оплаты</h4>
{api_key_hint}
<div class="api-example">
POST /api/v1/payment/create<br>
Header: X-API-Key: ваш_ключ<br>
Body: {{"receiver":"{current_user or 'username'}","amount":100,"description":"Оплата","allow_any_payer":true}}
</div>
<div class="api-example">
GET /api/v1/payment/status/payment_id<br>
Header: X-API-Key: ваш_ключ
</div>
</div>
</div>
<div class="mt-5">
<h4><i class="fas fa-history me-2"></i>Последние платежи</h4>
<div class="table-responsive">
<table class="table table-hover">
<thead>
<tr>
<th>ID</th>
<th>Сумма</th>
<th>Получатель</th>
<th>Плательщик</th>
<th>Статус</th>
<th>Дата</th>
<th>Ссылка</th>
</tr>
</thead>
<tbody>
{payment_rows}
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
<script>
function copyPaymentLink() {{
const linkElement = document.getElementById('generatedPaymentLink');
if (!linkElement) return;
const text = linkElement.textContent.trim();
if (navigator.clipboard) {{
navigator.clipboard.writeText(text);
}}
}}
</script>
</body>
</html>
'''
def render_pay_page(payment_id):
"""Страница оплаты для клиента"""
payments = load_payments()
error_code = request.args.get("error", "").strip()
error_map = {
"invalid_credentials": "Неверный логин или пароль",
"payment_not_found": "Платеж не найден",
"wrong_payer": "Вы не являетесь плательщиком по этому платежу",
"insufficient_funds": "Недостаточно средств на счете плательщика",
"payer_not_found": "Плательщик не найден",
"receiver_not_found": "Получатель не найден",
"role_denied": "Роль пользователя не имеет доступа к оплате",
"same_user": "Нельзя оплатить самому себе",
"payment_failed": "Ошибка при обработке платежа"
}
error_message = error_map.get(error_code, "")
payment = None
for p in payments:
if p["id"] == payment_id:
payment = p
break
if not payment:
return '''
<!DOCTYPE html>
<html>
<head>
<title>Платеж не найден</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
</head>
<body>
<div class="container mt-5">
<div class="alert alert-danger">
<h4>Платеж не найден</h4>
<p>Проверьте правильность ссылки или обратитесь к отправителю.</p>
<a href="/" class="btn btn-primary">На главную</a>
</div>
</div>
</body>
</html>
'''
if payment["status"] != "pending":
status_message = {
"completed": "Оплачен",
"failed": "Не удался",
"cancelled": "Отменен"
}.get(payment["status"], "Неизвестен")
transfer_block = ""
balances = payment.get("balances")
if payment["status"] == "completed" and isinstance(balances, dict):
transfer_block = f"""
<div class="alert alert-success text-start mt-3">
<h6 class="mb-2"><i class="fas fa-check me-2"></i>Перевод выполнен</h6>
<div>Плательщик: <strong>{payment.get('payer', '-')}</strong> | баланс: <strong>{balances.get('payer_before', 0)} ₽</strong> → <strong>{balances.get('payer_after', 0)} ₽</strong></div>
<div>Баланс получателя скрыт</div>
</div>
"""
return f'''
<!DOCTYPE html>
<html>
<head>
<title>Статус платежа</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
</head>
<body>
<div class="container mt-5">
<div class="row justify-content-center">
<div class="col-md-6">
<div class="card">
<div class="card-body text-center">
<h2>Платеж {status_message}</h2>
<div class="my-4">
<i class="fas fa-{ 'check-circle text-success' if payment['status'] == 'completed' else 'times-circle text-danger' } fa-5x"></i>
</div>
<p>ID платежа: <strong>{payment_id}</strong></p>
<p>Сумма: <strong>{payment['amount']} ₽</strong></p>
<p>Получатель: <strong>{payment['receiver']}</strong></p>
<p>Плательщик: <strong>{payment.get('payer', '-')}</strong></p>
<p>Описание: {payment['description']}</p>
{transfer_block}
<a href="/" class="btn btn-primary mt-3">На главную</a>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
'''
allow_any_payer = bool(payment.get("allow_any_payer", False))
payer_label = "Любой пользователь" if allow_any_payer else payment.get("payer", "-")
username_value = "" if allow_any_payer else payment.get("payer", "")
username_readonly = "" if allow_any_payer else "readonly"
error_block = f'<div class="alert alert-danger mb-3">{error_message}</div>' if error_message else ""
return f'''
<!DOCTYPE html>
<html lang="ru">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Оплата #{payment_id}</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
<style>
:root {{
--primary: #4361ee;
--gradient: linear-gradient(135deg, #4361ee 0%, #3a0ca3 100%);
}}
body {{
background: #f5f7fb;
font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
}}
.payment-container {{
max-width: 500px;
margin: 50px auto;
}}
.payment-card {{
background: white;
border-radius: 15px;
box-shadow: 0 10px 30px rgba(0,0,0,0.1);
overflow: hidden;
}}
.payment-header {{
background: var(--gradient);
color: white;
padding: 25px;
text-align: center;
}}
.payment-body {{
padding: 30px;
}}
.amount-display {{
font-size: 48px;
font-weight: bold;
color: var(--primary);
text-align: center;
margin: 20px 0;
}}
.btn-pay {{
background: var(--gradient);
border: none;
border-radius: 10px;
padding: 15px;
font-size: 18px;
font-weight: 600;
width: 100%;
margin-top: 20px;
}}
</style>
</head>
<body>
<div class="payment-container">
<div class="payment-card">
<div class="payment-header">
<h3><i class="fas fa-credit-card me-2"></i>Оплата</h3>
<p class="mb-0">ID: {payment_id}</p>
</div>
<div class="payment-body">
{error_block}
<div class="text-center mb-4">
<i class="fas fa-shopping-cart fa-4x text-primary"></i>
</div>
<div class="amount-display">
{payment['amount']}
</div>
<div class="payment-details">
<div class="d-flex justify-content-between mb-2">
<span>Получатель:</span>
<strong>{payment['receiver']}</strong>
</div>
<div class="d-flex justify-content-between mb-2">
<span>Плательщик:</span>
<strong>{payer_label}</strong>
</div>
<div class="d-flex justify-content-between mb-2">
<span>Описание:</span>
<strong>{payment['description'] or 'Нет описания'}</strong>
</div>
<div class="d-flex justify-content-between mb-4">
<span>Статус:</span>
<span class="badge bg-warning">Ожидает оплаты</span>
</div>
</div>
<div class="alert alert-secondary small">
Перед списанием система проверит баланс аккаунта плательщика. Если денег недостаточно, платеж не пройдет.
</div>
<form action="/process_payment/{payment_id}" method="post" id="paymentForm">
<div class="mb-3">
<label class="form-label">Ваш логин</label>
<input type="text" name="username" class="form-control" placeholder="Введите ваш логин" required value="{username_value}" {username_readonly}>
</div>
<div class="mb-3">
<label class="form-label">Пароль</label>
<input type="password" name="password" class="form-control" placeholder="Введите пароль" required>
</div>
<button type="submit" class="btn btn-pay">
<i class="fas fa-lock me-2"></i>Оплатить {payment['amount']}
</button>
<div class="text-center mt-3">
<small class="text-muted">После оплаты средства будут переведены получателю</small>
</div>
</form>
<div class="alert alert-info mt-4">
<h6><i class="fas fa-info-circle me-2"></i>Безопасная оплата</h6>
<p class="mb-0 small">Все платежи защищены банковской системой. Для оплаты требуется авторизация.</p>
</div>
</div>
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
<script>
document.getElementById('paymentForm').addEventListener('submit', function(e) {{
const submitBtn = this.querySelector('button[type="submit"]');
submitBtn.disabled = true;
submitBtn.innerHTML = '<i class="fas fa-spinner fa-spin me-2"></i>Обработка...';
}});
</script>
</body>
</html>
'''
# ---------- ИСПРАВЛЕННЫЕ API МАРШРУТЫ ----------
@app.route('/api/v1/balance', methods=['GET'])
@api_key_required
@api_roles_required(*FINANCE_ROLES)
def api_balance():
"""API: Получить информацию о балансе - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
try:
user_data = request.user_data
market = load_crypto_market()
market, decayed = apply_serkripto_idle_decay(market)
if decayed:
save_crypto_market(market)
ws_emit_crypto_market_event(market, "idle_decay")
serkripto_qty = get_user_serkripto_amount(user_data)
serkripto_value = round(serkripto_qty * float(market.get("price", 0.0)), 2)
return jsonify({
'success': True,
'username': request.username,
'balance': user_data.get('balance', 0),
'deposit': user_data.get('deposit', 0),
'credit': user_data.get('credit', 0),
'serkripto': {
'coin': market.get('name', SERKRIPTO_NAME),
'symbol': market.get('symbol', SERKRIPTO_SYMBOL),
'quantity': serkripto_qty,
'price_rub': market.get('price', 0),
'value_rub': serkripto_value
},
'total': user_data.get('balance', 0) + user_data.get('deposit', 0) - user_data.get('credit', 0)
})
except Exception as e:
return jsonify({'success': False, 'error': str(e)}), 500
@app.route('/api/v1/history', methods=['GET'])
@api_key_required
@api_roles_required(*FINANCE_ROLES)
def api_history():
"""API: Получить историю операций - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
try:
history = load_history()
user_history = [h for h in history if h['user'] == request.username]
limit = request.args.get('limit', type=int, default=50)
if limit > 0 and limit < len(user_history):
user_history = user_history[-limit:]
for h in user_history:
h['time_formatted'] = datetime.fromtimestamp(h['time']).strftime('%Y-%m-%d %H:%M:%S')
return jsonify({
'success': True,
'count': len(user_history),
'history': user_history[::-1]
})
except Exception as e:
return jsonify({'success': False, 'error': str(e)}), 500
@app.route('/api/v1/deposit', methods=['POST'])
@api_key_required
@api_roles_required(*FINANCE_ROLES)
def api_deposit():
"""API: Открыть вклад - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
try:
if not request.is_json:
return jsonify({'success': False, 'error': 'JSON data required'}), 400
data = request.get_json()
amount = data.get('amount')
if not amount:
return jsonify({'success': False, 'error': 'Amount required'}), 400
amount = int(amount)
if amount <= 0:
return jsonify({'success': False, 'error': 'Amount must be positive'}), 400
users = load_users()
user = users.get(request.username)
if not user or user['balance'] < amount:
return jsonify({'success': False, 'error': 'Insufficient funds'}), 400
user['balance'] -= amount
user['deposit'] += amount
save_users(users)
add_history(request.username, 'api_deposit', amount)
return jsonify({
'success': True,
'message': f'Deposit of {amount} ₽ created successfully',
'new_balance': user['balance'],
'new_deposit': user['deposit']
})
except Exception as e:
return jsonify({'success': False, 'error': str(e)}), 500
@app.route('/api/v1/credit', methods=['POST'])
@api_key_required
@api_roles_required(*CREDIT_ROLES)
def api_credit():
"""API: Взять кредит - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
try:
if not request.is_json:
return jsonify({'success': False, 'error': 'JSON data required'}), 400
data = request.get_json()
amount = data.get('amount')
if not amount:
return jsonify({'success': False, 'error': 'Amount required'}), 400
amount = int(amount)
if amount <= 0:
return jsonify({'success': False, 'error': 'Amount must be positive'}), 400
users = load_users()
user = users.get(request.username)
if not user:
return jsonify({'success': False, 'error': 'User not found'}), 404
user['balance'] += amount
user['credit'] += amount
save_users(users)
add_history(request.username, 'api_credit', amount)
return jsonify({
'success': True,
'message': f'Credit of {amount} ₽ taken successfully',
'new_balance': user['balance'],
'new_credit': user['credit']
})
except Exception as e:
return jsonify({'success': False, 'error': str(e)}), 500
@app.route('/api/v1/transfer', methods=['POST'])
@api_key_required
@api_roles_required(*FINANCE_ROLES)
def api_transfer():
"""API: Сделать перевод - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
try:
if not request.is_json:
return jsonify({'success': False, 'error': 'JSON data required'}), 400
data = request.get_json()
target = data.get('target', '').strip()
amount = data.get('amount')
if not target:
return jsonify({'success': False, 'error': 'Target username required'}), 400
if not amount:
return jsonify({'success': False, 'error': 'Amount required'}), 400
amount = int(amount)
if amount <= 0:
return jsonify({'success': False, 'error': 'Amount must be positive'}), 400
users = load_users()
if target not in users:
return jsonify({'success': False, 'error': 'Target user not found'}), 404
if target == request.username:
return jsonify({'success': False, 'error': 'Cannot transfer to yourself'}), 400
sender = users.get(request.username)
if not sender:
return jsonify({'success': False, 'error': 'Sender not found'}), 404
if sender['balance'] < amount:
return jsonify({'success': False, 'error': 'Insufficient funds'}), 400
sender['balance'] -= amount
users[target]['balance'] += amount
save_users(users)
add_history(request.username, 'api_transfer', amount, target)
add_history(target, 'transfer_received', amount, request.username)
ws_emit_balance_update(target)
ws_emit_user(target, "transfer.received", {
"from": request.username,
"amount": amount
})
ws_emit_system("transfer.completed", {
"from": request.username,
"to": target,
"amount": amount,
"source": "api"
})
return jsonify({
'success': True,
'message': f'Transfer of {amount} ₽ to {target} successful',
'new_balance': sender['balance']
})
except Exception as e:
return jsonify({'success': False, 'error': str(e)}), 500
# ---------- API ДЛЯ ПЛАТЕЖЕЙ ----------
@app.route('/api/v1/payment/create', methods=['POST'])
@api_key_required
@api_roles_required(*FINANCE_ROLES)
def api_payment_create():
"""API: Создать платеж"""
try:
if not request.is_json:
return jsonify({'success': False, 'error': 'JSON data required'}), 400
data = request.get_json()
receiver = str(data.get('receiver', '')).strip()
payer_from_request = str(data.get('payer', '')).strip()
allow_any_payer = bool(data.get('allow_any_payer', False))
amount = data.get('amount')
description = data.get('description', '')
external_id = data.get('external_id', '')
if not receiver:
return jsonify({'success': False, 'error': 'Receiver required'}), 400
if not amount:
return jsonify({'success': False, 'error': 'Amount required'}), 400
try:
amount_int = int(amount)
if amount_int <= 0:
return jsonify({'success': False, 'error': 'Amount must be positive'}), 400
except:
return jsonify({'success': False, 'error': 'Invalid amount'}), 400
# Проверяем существование получателя
users = load_users()
if receiver not in users:
return jsonify({'success': False, 'error': 'Receiver not found'}), 404
payer = request.username
if payer_from_request:
if payer_from_request in ["*", "any", "ANY"]:
allow_any_payer = True
payer = "*"
else:
payer = payer_from_request
allow_any_payer = False
elif allow_any_payer:
payer = "*"
if not allow_any_payer:
if payer not in users:
return jsonify({'success': False, 'error': 'Payer not found'}), 404
if payer == receiver:
return jsonify({'success': False, 'error': 'Payer and receiver must be different'}), 400
# Создаем платеж
payment_id, payment_data = create_payment(
payer=payer,
receiver=receiver,
amount=amount_int,
description=description,
external_id=external_id,
allow_any_payer=allow_any_payer,
created_by=request.username
)
return jsonify({
'success': True,
'message': 'Payment created successfully',
'payment_id': payment_id,
'payment': payment_data,
'payment_url': f'{request.host_url.rstrip("/")}/pay/{payment_id}'
})
except Exception as e:
return jsonify({'success': False, 'error': str(e)}), 500
@app.route('/api/v1/payment/status/<payment_id>', methods=['GET'])
@api_key_required
@api_roles_required(*FINANCE_ROLES)
def api_payment_status(payment_id):
"""API: Получить статус платежа"""
try:
payments = load_payments()
payment = None
for p in payments:
if p["id"] == payment_id:
payment = p
break
if not payment:
return jsonify({'success': False, 'error': 'Payment not found'}), 404
# Проверяем, имеет ли пользователь доступ к этому платежу
if (payment["payer"] != request.username and
payment["receiver"] != request.username and
payment.get("created_by") != request.username):
if getattr(request, "user_role", ROLE_CLIENT) != ROLE_ADMIN:
return jsonify({'success': False, 'error': 'Access denied'}), 403
return jsonify({
'success': True,
'payment': sanitize_payment_output(payment)
})
except Exception as e:
return jsonify({'success': False, 'error': str(e)}), 500
@app.route('/api/v1/payment/list', methods=['GET'])
@api_key_required
@api_roles_required(*FINANCE_ROLES)
def api_payment_list():
"""API: Получить список платежей пользователя"""
try:
payments = load_payments()
# Фильтруем платежи по пользователю
user_payments = []
for payment in payments:
if (payment["payer"] == request.username or
payment["receiver"] == request.username or
payment.get("created_by") == request.username):
user_payments.append(payment)
# Сортируем по дате (новые сверху)
user_payments.sort(key=lambda x: x['created'], reverse=True)
# Ограничиваем количество
limit = min(20, len(user_payments))
user_payments = user_payments[:limit]
safe_payments = [sanitize_payment_output(payment) for payment in user_payments]
return jsonify({
'success': True,
'count': len(safe_payments),
'payments': safe_payments
})
except Exception as e:
return jsonify({'success': False, 'error': str(e)}), 500
@app.route('/api/v1/shop/items', methods=['GET'])
@api_key_required
@api_roles_required(*FINANCE_ROLES)
def api_shop_items():
"""API: Получить список товаров - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
try:
shop_data = load_shop()
available_items = [item for item in shop_data["items"] if item["status"] == "available"]
for item in available_items:
item['created_formatted'] = datetime.fromtimestamp(item['created']).strftime('%Y-%m-%d %H:%M:%S')
return jsonify({
'success': True,
'count': len(available_items),
'items': available_items[::-1]
})
except Exception as e:
return jsonify({'success': False, 'error': str(e)}), 500
@app.route('/api/v1/shop/ads', methods=['GET'])
@api_key_required
@api_roles_required(*FINANCE_ROLES)
def api_shop_ads():
"""API: Получить список объявлений - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
try:
shop_data = load_shop()
active_ads = [ad for ad in shop_data["ads"] if ad["status"] == "active"]
for ad in active_ads:
ad['created_formatted'] = datetime.fromtimestamp(ad['created']).strftime('%Y-%m-%d %H:%M:%S')
return jsonify({
'success': True,
'count': len(active_ads),
'ads': active_ads[::-1]
})
except Exception as e:
return jsonify({'success': False, 'error': str(e)}), 500
@app.route('/api/v1/crypto', methods=['GET'])
@api_key_required
@api_roles_required(*CRYPTO_ROLES)
def api_crypto_market():
"""API: Получить состояние рынка SerKripto"""
try:
users = load_users()
user_data = users.get(request.username, {})
market = load_crypto_market()
market, decayed = apply_serkripto_idle_decay(market)
if decayed:
save_crypto_market(market)
ws_emit_crypto_market_event(market, "idle_decay")
qty = get_user_serkripto_amount(user_data)
price = float(market.get("price", 0.0))
value = round(qty * price, 2)
return jsonify({
"success": True,
"coin": {
"name": market.get("name", SERKRIPTO_NAME),
"symbol": market.get("symbol", SERKRIPTO_SYMBOL),
"price_rub": round(price, 4),
"min_price_rub": round(float(market.get("min_price", 1.0)), 4),
"max_price_rub": round(float(market.get("max_price", 1000000.0)), 4),
"decay_rate_pct": round(float(market.get("idle_decay_rate", 0.0)) * 100, 3),
"decay_interval_sec": int(market.get("idle_decay_interval_sec", 30)),
"stats": market.get("stats", {})
},
"wallet": {
"quantity": qty,
"value_rub": value,
"balance_rub": int(user_data.get("balance", 0)) if isinstance(user_data, dict) else 0
},
"updated_at": int(time.time())
})
except Exception as e:
return jsonify({'success': False, 'error': str(e)}), 500
@app.route('/api/v1/crypto/buy', methods=['POST'])
@api_key_required
@api_roles_required(*CRYPTO_ROLES)
def api_crypto_buy():
"""API: Купить SerKripto за рубли"""
try:
if not request.is_json:
return jsonify({'success': False, 'error': 'JSON data required'}), 400
data = request.get_json()
amount = data.get("amount")
success, result = buy_serkripto(request.username, amount)
if not success:
error_map = {
"invalid_amount": "Amount must be a positive integer",
"user_not_found": "User not found",
"market_unavailable": "Crypto market unavailable",
"insufficient_funds": "Insufficient funds",
"amount_too_small": "Amount is too small"
}
status_map = {
"user_not_found": 404,
"market_unavailable": 503
}
return jsonify({
"success": False,
"error": error_map.get(result, "Buy operation failed"),
"code": result
}), status_map.get(result, 400)
return jsonify({
"success": True,
"message": f"{SERKRIPTO_NAME} purchased successfully",
"trade": result
})
except Exception as e:
return jsonify({'success': False, 'error': str(e)}), 500
@app.route('/api/v1/crypto/sell', methods=['POST'])
@api_key_required
@api_roles_required(*CRYPTO_ROLES)
def api_crypto_sell():
"""API: Продать SerKripto"""
try:
if not request.is_json:
return jsonify({'success': False, 'error': 'JSON data required'}), 400
data = request.get_json()
quantity = data.get("quantity")
success, result = sell_serkripto(request.username, quantity)
if not success:
error_map = {
"invalid_quantity": "Quantity must be a positive number",
"user_not_found": "User not found",
"market_unavailable": "Crypto market unavailable",
"insufficient_crypto": "Insufficient crypto balance",
"amount_too_small": "Quantity is too small"
}
status_map = {
"user_not_found": 404,
"market_unavailable": 503
}
return jsonify({
"success": False,
"error": error_map.get(result, "Sell operation failed"),
"code": result
}), status_map.get(result, 400)
return jsonify({
"success": True,
"message": f"{SERKRIPTO_NAME} sold successfully",
"trade": result
})
except Exception as e:
return jsonify({'success': False, 'error': str(e)}), 500
@app.route('/api/v1/system/status', methods=['GET'])
@api_key_required
@api_roles_required(ROLE_ADMIN, ROLE_MANAGER)
def api_system_status():
"""API: Получить статус системы - ИСПРАВЛЕННАЯ ВЕРСИЯ"""
try:
users = load_users()
valid_users = [u for u in users.values() if isinstance(u, dict)]
total_users = len(valid_users)
total_balance = sum(u.get('balance', 0) for u in valid_users)
total_deposit = sum(u.get('deposit', 0) for u in valid_users)
total_credit = sum(u.get('credit', 0) for u in valid_users)
total_serkripto = round(sum(get_user_serkripto_amount(u) for u in valid_users), 6)
crypto_market = load_crypto_market()
crypto_market, decayed = apply_serkripto_idle_decay(crypto_market)
if decayed:
save_crypto_market(crypto_market)
ws_emit_crypto_market_event(crypto_market, "idle_decay")
return jsonify({
'success': True,
'system_status': 'operational',
'statistics': {
'total_users': total_users,
'total_balance': total_balance,
'total_deposit': total_deposit,
'total_credit': total_credit,
'net_worth': total_balance + total_deposit - total_credit,
'serkripto_user_holdings': total_serkripto
},
'crypto': {
'name': crypto_market.get('name', SERKRIPTO_NAME),
'symbol': crypto_market.get('symbol', SERKRIPTO_SYMBOL),
'price_rub': crypto_market.get('price', 0)
},
'timestamp': int(time.time())
})
except Exception as e:
return jsonify({'success': False, 'error': str(e)}), 500
# ДОБАВЛЕННЫЕ API ЭНДПОИНТЫ
@app.route('/api/v1/users', methods=['GET'])
@api_key_required
@api_roles_required(ROLE_ADMIN)
def api_users():
"""API: Получить список пользователей (только для админов)"""
try:
users = load_users()
safe_users = {}
for username, user in users.items():
if isinstance(user, dict):
safe_user = user.copy()
safe_user.pop('password', None)
safe_users[username] = safe_user
return jsonify({
'success': True,
'count': len(safe_users),
'users': safe_users
})
except Exception as e:
return jsonify({'success': False, 'error': str(e)}), 500
@app.route('/api/v1/health', methods=['GET'])
def api_health():
"""API: Проверка здоровья системы (не требует API ключа)"""
try:
files = [USERS_FILE, HISTORY_FILE, SHOP_FILE, PAYMENTS_FILE, JOURNAL_FILE, CLASSES_FILE, SUBJECTS_FILE, PARENT_LINKS_FILE, CRYPTO_FILE]
file_status = {}
for file in files:
file_status[file] = os.path.exists(file)
return jsonify({
'success': True,
'status': 'healthy',
'timestamp': int(time.time()),
'files': file_status,
'message': 'System is operational'
})
except Exception as e:
return jsonify({'success': False, 'status': 'unhealthy', 'error': str(e)}), 500
@app.route('/api/v1/shop/create_item', methods=['POST'])
@api_key_required
@api_roles_required(*SHOP_SELL_ROLES)
def api_create_shop_item():
"""API: Создать товар в магазине"""
try:
if not request.is_json:
return jsonify({'success': False, 'error': 'JSON data required'}), 400
data = request.get_json()
title = data.get('title')
description = data.get('description')
price = data.get('price')
category = data.get('category', 'other')
if not title or not description or not price:
return jsonify({'success': False, 'error': 'Title, description and price required'}), 400
try:
price_int = int(price)
if price_int <= 0:
return jsonify({'success': False, 'error': 'Price must be positive'}), 400
except:
return jsonify({'success': False, 'error': 'Invalid price'}), 400
item_id = create_shop_item(request.username, title, description, price_int, category)
return jsonify({
'success': True,
'message': f'Item "{title}" created successfully',
'item_id': item_id
})
except Exception as e:
return jsonify({'success': False, 'error': str(e)}), 500
@app.route('/api/v1/shop/buy_item', methods=['POST'])
@api_key_required
@api_roles_required(*FINANCE_ROLES)
def api_buy_item():
"""API: Купить товар"""
try:
if not request.is_json:
return jsonify({'success': False, 'error': 'JSON data required'}), 400
data = request.get_json()
item_id = data.get('item_id')
if not item_id:
return jsonify({'success': False, 'error': 'Item ID required'}), 400
success, message = buy_item(item_id, request.username)
return jsonify({
'success': success,
'message': message
})
except Exception as e:
return jsonify({'success': False, 'error': str(e)}), 500
# ---------- МАГАЗИН МАРШРУТЫ ----------
@app.route('/create_shop_item', methods=['POST'])
@login_required
@web_roles_required(*SHOP_SELL_ROLES)
def create_shop_item_route():
"""Создание товара в магазине"""
title = request.form.get('title')
description = request.form.get('description')
price = request.form.get('price')
category = request.form.get('category', 'other')
if not title or not description or not price:
return redirect('/dashboard')
try:
price_int = int(price)
if price_int <= 0:
return redirect('/dashboard')
except:
return redirect('/dashboard')
item_id = create_shop_item(session['user'], title, description, price_int, category)
return redirect('/dashboard')
@app.route('/create_advertisement', methods=['POST'])
@login_required
@web_roles_required(*SHOP_SELL_ROLES)
def create_advertisement_route():
"""Создание объявления"""
title = request.form.get('title')
content = request.form.get('content')
contact_info = request.form.get('contact_info')
if not title or not content or not contact_info:
return redirect('/dashboard')
ad_id = create_advertisement(session['user'], title, content, contact_info)
return redirect('/dashboard')
@app.route('/buy_item/<item_id>', methods=['POST'])
@login_required
@web_roles_required(*FINANCE_ROLES)
def buy_item_route(item_id):
"""Покупка товара"""
success, message = buy_item(item_id, session['user'])
return redirect('/dashboard')
@app.route('/crypto/buy', methods=['POST'])
@login_required
@web_roles_required(*CRYPTO_ROLES)
def crypto_buy_route():
amount = request.form.get('amount', '').strip()
success, result = buy_serkripto(session['user'], amount)
if success:
return redirect('/dashboard?tab=crypto&crypto_status=buy_success')
return redirect(f'/dashboard?tab=crypto&crypto_error={result}')
@app.route('/crypto/sell', methods=['POST'])
@login_required
@web_roles_required(*CRYPTO_ROLES)
def crypto_sell_route():
quantity = request.form.get('quantity', '').strip()
success, result = sell_serkripto(session['user'], quantity)
if success:
return redirect('/dashboard?tab=crypto&crypto_status=sell_success')
return redirect(f'/dashboard?tab=crypto&crypto_error={result}')
# ---------- ПЛАТЕЖНЫЕ МАРШРУТЫ ----------
@app.route('/payment_page')
@login_required
@web_roles_required(*FINANCE_ROLES)
def payment_page():
"""Страница управления платежами"""
created_payment = None
created_payment_id = request.args.get('created', '').strip()
if created_payment_id:
created_payment = get_payment_by_id(created_payment_id)
error_map = {
"missing_fields": "Заполните получателя и сумму",
"invalid_amount": "Сумма должна быть положительным числом",
"receiver_not_found": "Получатель не найден",
"payer_not_found": "Плательщик не найден",
"payer_role_denied": "У выбранного плательщика нет доступа к оплате",
"same_users": "Плательщик и получатель не должны совпадать"
}
error_message = error_map.get(request.args.get('error', '').strip(), "")
return render_payment_page(created_payment=created_payment, error_message=error_message)
@app.route('/create_payment_link', methods=['POST'])
@login_required
@web_roles_required(*FINANCE_ROLES)
def create_payment_link():
"""Создание ссылки для оплаты"""
receiver = request.form.get('receiver', '').strip()
payer = request.form.get('payer', '').strip()
amount = request.form.get('amount', '').strip()
description = request.form.get('description', '').strip()
if not receiver or not amount:
return redirect('/payment_page?error=missing_fields')
try:
amount_int = int(amount)
if amount_int <= 0:
return redirect('/payment_page?error=invalid_amount')
except:
return redirect('/payment_page?error=invalid_amount')
users = load_users()
if receiver not in users:
return redirect('/payment_page?error=receiver_not_found')
allow_any_payer = False
payer_for_payment = payer
if payer:
if payer not in users:
return redirect('/payment_page?error=payer_not_found')
if not has_role(users.get(payer, {}), FINANCE_ROLES):
return redirect('/payment_page?error=payer_role_denied')
if payer == receiver:
return redirect('/payment_page?error=same_users')
else:
allow_any_payer = True
payer_for_payment = "*"
payment_id, payment_data = create_payment(
payer=payer_for_payment,
receiver=receiver,
amount=amount_int,
description=description,
allow_any_payer=allow_any_payer,
created_by=session['user']
)
return redirect(f'/payment_page?created={payment_id}')
@app.route('/pay/<payment_id>', methods=['GET'])
def pay_page(payment_id):
"""Страница оплаты для клиента"""
return render_pay_page(payment_id)
@app.route('/process_payment/<payment_id>', methods=['POST'])
def process_payment_route(payment_id):
"""Обработка платежа (для неавторизованных пользователей)"""
username = request.form.get('username', '').strip()
password = request.form.get('password', '').strip()
if not username or not password:
return redirect(f'/pay/{payment_id}?error=invalid_credentials')
# Проверяем логин и пароль
users = load_users()
user_data = users.get(username)
if not user_data or user_data['password'] != password:
return redirect(f'/pay/{payment_id}?error=invalid_credentials')
if not has_role(user_data, FINANCE_ROLES):
return redirect(f'/pay/{payment_id}?error=role_denied')
# Проверяем, что пользователь является плательщиком
payments = load_payments()
payment = None
for p in payments:
if p["id"] == payment_id:
payment = p
break
if not payment:
return redirect(f'/pay/{payment_id}?error=payment_not_found')
if not payment.get("allow_any_payer", False) and payment["payer"] != username:
return redirect(f'/pay/{payment_id}?error=wrong_payer')
# Выполняем платеж
success, message = process_payment(payment_id, username)
if success:
return redirect(f'/pay/{payment_id}?paid=1')
else:
ws_emit_user(username, "payment.failed", {
"payment_id": payment_id,
"reason": message
})
ws_emit_system("payment.failed", {
"payment_id": payment_id,
"user": username,
"reason": message,
"source": "web"
})
error_map = {
"Недостаточно средств": "insufficient_funds",
"Платеж не найден": "payment_not_found",
"Неверный плательщик": "wrong_payer",
"Плательщик не найден": "payer_not_found",
"Получатель не найден": "receiver_not_found",
"Нельзя оплатить самому себе": "same_user"
}
error_code = error_map.get(message, "payment_failed")
return redirect(f'/pay/{payment_id}?error={error_code}')
# ---------- ОСНОВНЫЕ МАРШРУТЫ ----------
@app.route('/', methods=['GET', 'POST'])
def login():
if request.args.get("reset_2fa", "").strip():
clear_pending_2fa_session()
return render_login()
if request.method == 'POST':
users = load_users()
login_step = request.form.get("login_step", "").strip().lower()
if login_step == "2fa":
pending_username = str(session.get("pending_2fa_user", "")).strip()
if not pending_username or not is_pending_2fa_alive():
clear_pending_2fa_session()
return render_login("Срок подтверждения 2FA истек. Выполните вход снова.")
user_data = users.get(pending_username)
if not isinstance(user_data, dict):
clear_pending_2fa_session()
return render_login("Пользователь не найден. Выполните вход снова.")
if not parse_bool(user_data.get("twofa_enabled", False)):
clear_pending_2fa_session()
return render_login("2FA уже отключена. Выполните вход по паролю.")
twofa_secret = user_data.get("twofa_secret", "")
if not twofa_secret:
clear_pending_2fa_session()
return render_login("Секрет 2FA отсутствует. Выполните вход снова.")
twofa_code = request.form.get("twofa_code", "").strip()
if not verify_totp_code(twofa_secret, twofa_code):
return render_login("Неверный код 2FA", twofa_mode=True, username_hint=pending_username)
session['user'] = pending_username
clear_pending_2fa_session()
ws_emit_user(pending_username, "auth.login", {"username": pending_username, "twofa": True})
ws_emit_system("auth.login", {"username": pending_username, "twofa": True})
ws_emit_balance_update(pending_username)
return redirect('/dashboard')
username = request.form.get('username', '').strip()
password = request.form.get('password', '').strip()
if not username or not password:
clear_pending_2fa_session()
return render_login("Введите логин и пароль")
user_data = users.get(username)
if user_data and isinstance(user_data, dict) and user_data['password'] == password:
if parse_bool(user_data.get("twofa_enabled", False)) and user_data.get("twofa_secret"):
session["pending_2fa_user"] = username
session["pending_2fa_started"] = int(time.time())
return render_login(twofa_mode=True, username_hint=username)
session['user'] = username
clear_pending_2fa_session()
ws_emit_user(username, "auth.login", {"username": username})
ws_emit_system("auth.login", {"username": username})
ws_emit_balance_update(username)
return redirect('/dashboard')
clear_pending_2fa_session()
return render_login("Неверный логин или пароль")
if session.get("pending_2fa_user"):
if is_pending_2fa_alive():
return render_login(twofa_mode=True, username_hint=session.get("pending_2fa_user"))
clear_pending_2fa_session()
return render_login()
@app.route('/register', methods=['GET', 'POST'])
def register():
if request.method == 'POST':
users = load_users()
username = request.form.get('username', '').strip()
if username in users:
return render_register().replace('</form>',
'<div class="alert alert-danger mt-3">Пользователь уже существует</div></form>')
user_data = {
'password': request.form.get('password'),
'balance': 1000,
'deposit': 0,
'credit': 0,
'serkripto': 0.0,
'role': ROLE_CLIENT,
'full_name': f"{request.form.get('first_name')} {request.form.get('last_name')}",
'email': request.form.get('email'),
'api_key': None,
'twofa_enabled': False,
'twofa_secret': ""
}
users[username] = user_data
save_users(users)
session['user'] = username
ws_emit_user(username, "auth.register", {"username": username})
ws_emit_system("auth.register", {"username": username})
ws_emit_balance_update(username)
return redirect('/dashboard')
return render_register()
@app.route('/dashboard')
@login_required
def dashboard():
users = load_users()
history = load_history()
if session['user'] not in users:
session.clear()
return redirect('/')
user_data = users[session['user']]
user_history = [h for h in history if h['user'] == session['user']]
shop_data = load_shop()
crypto_market = load_crypto_market()
crypto_flash = None
crypto_status = request.args.get('crypto_status', '').strip()
crypto_error = request.args.get('crypto_error', '').strip()
crypto_status_map = {
"buy_success": "Покупка SerKripto выполнена",
"sell_success": "Продажа SerKripto выполнена"
}
crypto_error_map = {
"invalid_amount": "Введите корректную сумму покупки",
"invalid_quantity": "Введите корректное количество монет",
"insufficient_funds": "Недостаточно рублей для покупки",
"insufficient_crypto": "Недостаточно SerKripto на кошельке",
"market_unavailable": "Рынок SerKripto временно недоступен",
"user_not_found": "Пользователь не найден",
"amount_too_small": "Слишком маленький объем операции"
}
if crypto_status in crypto_status_map:
crypto_flash = {"class": "success", "text": crypto_status_map[crypto_status]}
elif crypto_error in crypto_error_map:
crypto_flash = {"class": "danger", "text": crypto_error_map[crypto_error]}
requested_tab = request.args.get('tab', '').strip().lower()
return render_dashboard(
user_data,
user_history[-20:],
shop_data,
crypto_market=crypto_market,
crypto_flash=crypto_flash,
active_tab=requested_tab or "services"
)
@app.route('/generate_api_key', methods=['POST'])
@login_required
@web_roles_required(*FINANCE_ROLES)
def generate_api_key_route():
users = load_users()
user = users.get(session['user'])
if user and isinstance(user, dict):
user['api_key'] = generate_api_key()
save_users(users)
add_history(session['user'], 'generate_api_key', 0)
return redirect('/dashboard')
@app.route('/deposit', methods=['POST'])
@login_required
@web_roles_required(*FINANCE_ROLES)
def deposit():
users = load_users()
user = users.get(session['user'])
try:
amount = int(request.form.get('amount', 0))
if amount > 0 and user and user['balance'] >= amount:
user['balance'] -= amount
user['deposit'] += amount
save_users(users)
add_history(session['user'], 'deposit', amount)
except:
pass
return redirect('/dashboard')
@app.route('/credit', methods=['POST'])
@login_required
@web_roles_required(*CREDIT_ROLES)
def credit():
users = load_users()
user = users.get(session['user'])
try:
amount = int(request.form.get('amount', 0))
if amount > 0 and user:
user['balance'] += amount
user['credit'] += amount
save_users(users)
add_history(session['user'], 'credit', amount)
except:
pass
return redirect('/dashboard')
@app.route('/transfer', methods=['POST'])
@login_required
@web_roles_required(*FINANCE_ROLES)
def transfer():
users = load_users()
sender = session['user']
try:
target = request.form.get('target')
amount = int(request.form.get('amount', 0))
sender_data = users.get(sender)
target_data = users.get(target)
if (amount > 0 and target_data and target != sender and
sender_data and sender_data['balance'] >= amount):
sender_data['balance'] -= amount
target_data['balance'] += amount
save_users(users)
add_history(sender, 'transfer', amount, target)
add_history(target, 'transfer_received', amount, sender)
ws_emit_balance_update(target)
ws_emit_user(target, "transfer.received", {
"from": sender,
"amount": amount
})
ws_emit_system("transfer.completed", {
"from": sender,
"to": target,
"amount": amount,
"source": "web"
})
except Exception as e:
print(f"Transfer error: {e}")
pass
return redirect('/dashboard')
# ---------- АДМИН МАРШРУТЫ (ИСПРАВЛЕННЫЕ) ----------
@app.route('/admin')
@admin_required
def admin():
users = load_users()
return render_admin_panel(users)
@app.route('/admin/change_role', methods=['POST'])
@admin_required
def admin_change_role():
users = load_users()
username = request.form.get('username')
new_role = normalize_role(request.form.get('role'))
if username in users and username != session['user'] and isinstance(users[username], dict):
users[username]['role'] = new_role
save_users(users)
add_history(session['user'], 'change_role', 0, f"{username}->{new_role}")
ws_emit_user(username, "role.changed", {"role": new_role})
ws_emit_system("role.changed", {
"username": username,
"role": new_role,
"by": session.get("user")
})
return redirect('/admin')
@app.route('/admin/add_money', methods=['POST'])
@admin_required
def admin_add_money():
users = load_users()
username = request.form.get('username')
amount = int(request.form.get('amount', 0))
if username in users and amount > 0 and isinstance(users[username], dict):
users[username]['balance'] += amount
save_users(users)
add_history(session['user'], 'add_money', amount, username)
ws_emit_balance_update(username)
ws_emit_user(username, "admin.add_money", {
"amount": amount,
"by": session.get("user")
})
ws_emit_system("admin.add_money", {
"username": username,
"amount": amount,
"by": session.get("user")
})
return redirect('/admin')
@app.route('/logout')
def logout():
username = session.get('user')
if username:
ws_emit_user(username, "auth.logout", {"username": username})
ws_emit_system("auth.logout", {"username": username})
session.clear()
return redirect('/')
# ---------- API ДОКУМЕНТАЦИЯ ----------
@app.route('/api/docs')
def api_docs():
"""Страница с документацией API"""
return '''
<!DOCTYPE html>
<html lang="ru">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>API Документация</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
<style>
body {
font-family: "Segoe UI", Tahoma, Geneva, Verdana, sans-serif;
background: #f5f7fb;
padding: 20px;
}
.code-block {
background: #1e1e1e;
color: #d4d4d4;
padding: 15px;
border-radius: 5px;
font-family: "Courier New", monospace;
overflow-x: auto;
margin: 10px 0;
}
.endpoint {
background: white;
border-radius: 10px;
padding: 20px;
margin-bottom: 20px;
box-shadow: 0 3px 10px rgba(0,0,0,0.05);
border-left: 4px solid #4361ee;
}
</style>
</head>
<body>
<div class="container">
<div class="row">
<div class="col-12">
<div class="card mb-4">
<div class="card-body">
<h1 class="card-title"><i class="fas fa-code me-2"></i>Документация API</h1>
<p class="card-text">Используйте API для интеграции банковских услуг в ваши приложения.</p>
<h3 class="mt-4">Базовый URL</h3>
<div class="code-block">
http://localhost:5000/api/v1/
</div>
<h3 class="mt-4">Аутентификация</h3>
<p>Для использования API необходим API ключ. Получите его в личном кабинете.</p>
<p>Передавайте ключ одним из способов:</p>
<h5>Заголовок HTTP:</h5>
<div class="code-block">
X-API-Key: ваш_api_ключ
</div>
<h5>Параметр запроса:</h5>
<div class="code-block">
?api_key=ваш_api_ключ
</div>
<h5>JSON тело запроса:</h5>
<div class="code-block">
{
"api_key": "ваш_api_ключ",
...
}
</div>
<h3 class="mt-4">Доступные эндпоинты</h3>
<div class="endpoint">
<h5><span class="badge bg-success">GET</span> /api/v1/health</h5>
<p>Проверка здоровья системы (не требует API ключа)</p>
<div class="code-block">
curl http://localhost:5000/api/v1/health
</div>
</div>
<div class="endpoint">
<h5><span class="badge bg-info">GET</span> /api/v1/balance</h5>
<p>Получить информацию о балансе пользователя</p>
<div class="code-block">
curl -H "X-API-Key: ваш_ключ" http://localhost:5000/api/v1/balance
</div>
</div>
<div class="endpoint">
<h5><span class="badge bg-info">GET</span> /api/v1/history?limit=50</h5>
<p>Получить историю операций (опциональный параметр limit)</p>
</div>
<div class="endpoint">
<h5><span class="badge bg-success">POST</span> /api/v1/deposit</h5>
<p>Открыть вклад. Требуется JSON: {"amount": 100}</p>
<div class="code-block">
curl -X POST -H "X-API-Key: ваш_ключ" -H "Content-Type: application/json"<br>
-d "{\\"amount\\": 100}" http://localhost:5000/api/v1/deposit
</div>
</div>
<div class="endpoint">
<h5><span class="badge bg-success">POST</span> /api/v1/credit</h5>
<p>Взять кредит. Требуется JSON: {"amount": 100}</p>
</div>
<div class="endpoint">
<h5><span class="badge bg-success">POST</span> /api/v1/transfer</h5>
<p>Сделать перевод. Требуется JSON: {"target": "username", "amount": 100}</p>
</div>
<div class="endpoint">
<h5><span class="badge bg-info">GET</span> /api/v1/shop/items</h5>
<p>Получить список товаров в магазине</p>
</div>
<div class="endpoint">
<h5><span class="badge bg-info">GET</span> /api/v1/crypto</h5>
<p>Получить текущий курс SerKripto и баланс монет пользователя</p>
</div>
<div class="endpoint">
<h5><span class="badge bg-success">POST</span> /api/v1/crypto/buy</h5>
<p>Купить SerKripto. Требуется JSON: {"amount": 1000}</p>
</div>
<div class="endpoint">
<h5><span class="badge bg-success">POST</span> /api/v1/crypto/sell</h5>
<p>Продать SerKripto. Требуется JSON: {"quantity": 0.25}</p>
</div>
<div class="endpoint">
<h5><span class="badge bg-success">POST</span> /api/v1/payment/create</h5>
<p>Создать платеж. Требуется JSON: {"receiver": "...", "amount": 100, "description": "..."}</p>
</div>
<div class="endpoint">
<h5><span class="badge bg-info">GET</span> /api/v1/payment/status/{payment_id}</h5>
<p>Получить статус платежа</p>
</div>
<div class="endpoint">
<h5><span class="badge bg-info">GET</span> /api/v1/system/status</h5>
<p>Получить статус системы</p>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
'''
# ================= ДЕКОРАТОР УЧИТЕЛЯ =================
def teacher_required(f):
return web_roles_required(*JOURNAL_ROLES)(f)
def student_required(f):
return web_roles_required(ROLE_STUDENT, ROLE_ADMIN)(f)
def parent_required(f):
return web_roles_required(ROLE_PARENT, ROLE_ADMIN)(f)
def manager_required(f):
return web_roles_required(ROLE_MANAGER, ROLE_ADMIN)(f)
def get_student_class(student):
classes = load_classes()
for class_name, students in classes.items():
if student in students:
return class_name
return "-"
def get_student_stats(student):
journal = load_journal()
users = load_users()
subjects = journal.get(student, {})
all_grades = []
for grades in subjects.values():
all_grades.extend(grades)
avg = round(sum(all_grades) / len(all_grades), 2) if all_grades else 0
grade_count = len(all_grades)
finance_delta = sum(calculate_money_for_grade(g) for g in all_grades)
current_balance = users.get(student, {}).get("balance", 0)
return {
"avg": avg,
"grade_count": grade_count,
"finance_delta": finance_delta,
"current_balance": current_balance,
"subjects": subjects
}
def get_grade_events_from_history(student):
history = load_history()
events = []
pattern = re.compile(r"^(.*?):\s*оценка\s*([2-5])\s*\(([+-]?\d+)\)")
for item in history:
if item.get("user") != student or item.get("action") != "grade_update":
continue
target = str(item.get("target", ""))
match = pattern.match(target)
if match:
subject = match.group(1).strip() or "Предмет"
grade = int(match.group(2))
delta = int(match.group(3))
else:
subject = "Предмет"
grade = 0
delta = 0
events.append({
"time": int(item.get("time", 0)),
"subject": subject,
"grade": grade,
"delta": delta
})
events.sort(key=lambda x: x["time"])
return events
def render_student_panel(student_username):
users = load_users()
if student_username not in users:
return "Ученик не найден", 404
stats = get_student_stats(student_username)
class_name = get_student_class(student_username)
grade_events = get_grade_events_from_history(student_username)
subject_rows = ""
for subject, grades in stats["subjects"].items():
subject_avg = round(sum(grades) / len(grades), 2) if grades else 0
subject_rows += f"""
<tr>
<td>{subject}</td>
<td>{', '.join(map(str, grades)) if grades else '-'}</td>
<td>{subject_avg}</td>
</tr>
"""
if not subject_rows:
subject_rows = "<tr><td colspan='3'>Нет оценок</td></tr>"
timeline_rows = ""
labels = []
grades_series = []
avg_series = []
money_series = []
positive_total = 0
negative_total = 0
cumulative_money = 0
running_grades = []
for index, event in enumerate(grade_events, start=1):
event_time = datetime.fromtimestamp(event["time"]).strftime("%d.%m.%Y %H:%M") if event["time"] else "-"
delta = int(event["delta"])
cumulative_money += delta
if delta >= 0:
positive_total += delta
delta_color = "text-success"
delta_text = f"+{delta}"
else:
negative_total += abs(delta)
delta_color = "text-danger"
delta_text = str(delta)
timeline_rows += f"""
<tr>
<td>{index}</td>
<td>{event_time}</td>
<td>{event['subject']}</td>
<td>{event['grade'] if event['grade'] else '-'}</td>
<td class="{delta_color}"><b>{delta_text}</b></td>
<td><b>{cumulative_money}</b></td>
</tr>
"""
labels.append(index)
if event["grade"]:
running_grades.append(event["grade"])
grades_series.append(event["grade"])
avg_series.append(round(sum(running_grades) / len(running_grades), 2))
else:
grades_series.append(None)
avg_series.append(avg_series[-1] if avg_series else 0)
money_series.append(cumulative_money)
if not timeline_rows:
timeline_rows = "<tr><td colspan='6'>Пока нет оценок и начислений</td></tr>"
if not labels:
labels = [1]
grades_series = [None]
avg_series = [0]
money_series = [0]
net_money = positive_total - negative_total
stats_net = stats["finance_delta"]
if not grade_events and stats_net != 0:
net_money = stats_net
if stats_net > 0:
positive_total = stats_net
else:
negative_total = abs(stats_net)
net_color = "text-success" if net_money >= 0 else "text-danger"
current_role = get_user_role(users.get(session.get("user"), {}))
role_view = "Панель ученика"
back_link = "/dashboard"
if current_role == ROLE_ADMIN:
role_view = "Панель ученика (режим администратора)"
elif current_role == ROLE_PARENT:
role_view = "Панель ученика (просмотр родителя)"
back_link = "/parent_panel"
elif current_role == ROLE_MANAGER:
role_view = "Панель ученика (просмотр менеджера)"
back_link = "/manager_panel"
return f"""
<!DOCTYPE html>
<html lang="ru">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Панель ученика</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
<style>
body {{
background: linear-gradient(180deg, #f6f9ff 0%, #eef3ff 100%);
font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
}}
.top-card {{
background: linear-gradient(135deg, #1d4ed8, #2563eb);
color: white;
border-radius: 18px;
padding: 24px;
box-shadow: 0 12px 26px rgba(37, 99, 235, 0.28);
}}
.metric {{
background: white;
border-radius: 14px;
padding: 16px;
border: 1px solid #e6ecff;
box-shadow: 0 5px 14px rgba(60, 90, 170, 0.1);
height: 100%;
}}
.table-card {{
background: white;
border-radius: 14px;
padding: 16px;
border: 1px solid #e6ecff;
box-shadow: 0 5px 14px rgba(60, 90, 170, 0.1);
margin-top: 16px;
}}
.badge-soft {{
background: #e6f0ff;
color: #1d4ed8;
border-radius: 999px;
padding: 6px 10px;
font-weight: 700;
}}
</style>
</head>
<body>
<div class="container py-4">
<div class="top-card mb-4">
<div class="d-flex justify-content-between align-items-center flex-wrap gap-2">
<div>
<h3 class="mb-1"><i class="fas fa-user-graduate me-2"></i>{role_view}</h3>
<div class="opacity-75">Ученик: <b>{student_username}</b> | Класс: <b>{class_name}</b></div>
</div>
<div class="d-flex gap-2">
<a href="{back_link}" class="btn btn-light btn-sm"><i class="fas fa-arrow-left me-1"></i>Назад</a>
<a href="/logout" class="btn btn-outline-light btn-sm">Выход</a>
</div>
</div>
</div>
<div class="row g-3">
<div class="col-md-4">
<div class="metric">
<div class="text-muted">Средний балл</div>
<h3 class="mb-0">{stats['avg']}</h3>
<small class="text-muted">Оценок: {stats['grade_count']}</small>
</div>
</div>
<div class="col-md-4">
<div class="metric">
<div class="text-muted">Деньги за оценки (всего)</div>
<h3 class="mb-0 {net_color}">{'+' if net_money >= 0 else ''}{net_money}</h3>
<small class="text-success me-2">Получено: +{positive_total}</small>
<small class="text-danger">Списано: -{negative_total}</small>
</div>
</div>
<div class="col-md-4">
<div class="metric">
<div class="text-muted">Текущий баланс счета</div>
<h3 class="mb-0">{stats['current_balance']}</h3>
<small class="text-muted">Банковский баланс аккаунта</small>
</div>
</div>
</div>
<div class="table-card">
<div class="d-flex justify-content-between align-items-center mb-3">
<h5 class="mb-0"><i class="fas fa-chart-line me-2"></i>Графики</h5>
<span class="badge-soft">Динамика оценок и денег</span>
</div>
<div class="row g-4">
<div class="col-lg-6"><canvas id="gradesChart" height="180"></canvas></div>
<div class="col-lg-6"><canvas id="moneyChart" height="180"></canvas></div>
</div>
</div>
<div class="row g-3">
<div class="col-lg-5">
<div class="table-card">
<h5><i class="fas fa-book me-2"></i>Оценки по предметам</h5>
<div class="table-responsive">
<table class="table table-sm align-middle">
<thead><tr><th>Предмет</th><th>Оценки</th><th>Средний</th></tr></thead>
<tbody>{subject_rows}</tbody>
</table>
</div>
</div>
</div>
<div class="col-lg-7">
<div class="table-card">
<h5><i class="fas fa-history me-2"></i>История начислений за оценки</h5>
<div class="table-responsive">
<table class="table table-sm align-middle">
<thead>
<tr><th>#</th><th>Дата</th><th>Предмет</th><th>Оценка</th><th>Изменение</th><th>Итог</th></tr>
</thead>
<tbody>{timeline_rows}</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
<script>
const labels = {json.dumps(labels)};
const grades = {json.dumps(grades_series)};
const avgGrades = {json.dumps(avg_series)};
const money = {json.dumps(money_series)};
new Chart(document.getElementById('gradesChart'), {{
type: 'line',
data: {{
labels,
datasets: [
{{ label: 'Оценка', data: grades, borderColor: '#2563eb', tension: 0.25 }},
{{ label: 'Средний балл', data: avgGrades, borderColor: '#16a34a', tension: 0.25 }}
]
}},
options: {{ scales: {{ y: {{ min: 2, max: 5, ticks: {{ stepSize: 1 }} }} }} }}
}});
new Chart(document.getElementById('moneyChart'), {{
type: 'line',
data: {{
labels,
datasets: [{{ label: 'Деньги за оценки', data: money, borderColor: '#f59e0b', tension: 0.25 }}]
}}
}});
</script>
</body>
</html>
"""
def render_parent_panel(parent_username):
users = load_users()
if parent_username not in users:
return "Родитель не найден", 404
children = get_parent_children(parent_username)
class_map = load_classes()
journal = load_journal()
children_rows = ""
for child in children:
if child not in users:
continue
stats = get_student_stats(child)
class_name = get_student_class(child)
net = stats["finance_delta"]
net_text = f"+{net}" if net >= 0 else str(net)
net_class = "text-success" if net >= 0 else "text-danger"
children_rows += f"""
<tr>
<td><b>{child}</b></td>
<td>{class_name}</td>
<td>{stats['avg']}</td>
<td>{stats['grade_count']}</td>
<td class="{net_class}"><b>{net_text}</b></td>
<td>
<a href="/parent/student/{child}" class="btn btn-sm btn-outline-primary">Открыть</a>
<form action="/parent/remove_child/{child}" method="post" style="display:inline;">
<button class="btn btn-sm btn-outline-danger">Удалить</button>
</form>
</td>
</tr>
"""
if not children_rows:
children_rows = "<tr><td colspan='6' class='text-center text-muted'>Пока не добавлены дети</td></tr>"
# Кандидаты для быстрого добавления ребенка
linked = set(children)
student_candidates = []
for username, user_data in users.items():
if not isinstance(user_data, dict):
continue
role = get_user_role(user_data)
in_classes = any(username in students for students in class_map.values())
in_journal = username in journal
if role == ROLE_STUDENT or in_classes or in_journal:
if username not in linked and username != parent_username:
student_candidates.append(username)
student_candidates = sorted(set(student_candidates))
options = '<option value="" selected disabled>Выберите ученика</option>'
for student_name in student_candidates:
options += f'<option value="{student_name}">{student_name}</option>'
if not student_candidates:
options = '<option value="" selected disabled>Нет доступных учеников</option>'
return f"""
<!DOCTYPE html>
<html lang="ru">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Панель родителя</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
<style>
body {{ background: #f5f8ff; font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif; }}
.hero {{ background: linear-gradient(135deg, #0f766e, #0ea5e9); color: #fff; border-radius: 16px; padding: 22px; }}
.cardx {{ background: #fff; border-radius: 14px; border: 1px solid #e5ecff; box-shadow: 0 6px 16px rgba(41,72,150,0.12); }}
</style>
</head>
<body>
<div class="container py-4">
<div class="hero mb-3">
<div class="d-flex justify-content-between align-items-center flex-wrap gap-2">
<div>
<h3 class="mb-1">Панель родителя</h3>
<div class="opacity-75">Профиль: <b>{parent_username}</b></div>
</div>
<div class="d-flex gap-2">
<a href="/dashboard" class="btn btn-light btn-sm">Назад</a>
<a href="/logout" class="btn btn-outline-light btn-sm">Выход</a>
</div>
</div>
</div>
<div class="cardx p-3 mb-3">
<h5>Добавить ребенка по логину</h5>
<form method="post" action="/parent/add_child" class="row g-2">
<div class="col-md-8">
<select name="student" class="form-select" required>
{options}
</select>
</div>
<div class="col-md-4">
<button class="btn btn-primary w-100">Добавить</button>
</div>
</form>
</div>
<div class="cardx p-3">
<h5>Дети и их успеваемость</h5>
<div class="table-responsive">
<table class="table align-middle">
<thead>
<tr>
<th>Ученик</th><th>Класс</th><th>Средний</th><th>Оценок</th><th>Деньги за оценки</th><th>Действия</th>
</tr>
</thead>
<tbody>
{children_rows}
</tbody>
</table>
</div>
</div>
</div>
</body>
</html>
"""
def render_manager_panel(manager_username):
users = load_users()
payments = load_payments()
journal = load_journal()
classes = load_classes()
history = load_history()
shop_data = load_shop()
valid_users = {u: d for u, d in users.items() if isinstance(d, dict)}
role_counts = {role: 0 for role in sorted(VALID_ROLES)}
total_balance = 0
for _, user_data in valid_users.items():
role_counts[get_user_role(user_data)] += 1
total_balance += int(user_data.get("balance", 0))
payment_total = len(payments)
payment_pending = len([p for p in payments if p.get("status") == "pending"])
payment_completed = len([p for p in payments if p.get("status") == "completed"])
recent_payments_rows = ""
for payment in sorted(payments, key=lambda x: x.get("created", 0), reverse=True)[:20]:
created = datetime.fromtimestamp(payment.get("created", 0)).strftime("%d.%m.%Y %H:%M")
recent_payments_rows += f"""
<tr>
<td>{payment.get('id')}</td>
<td>{payment.get('payer')}</td>
<td>{payment.get('receiver')}</td>
<td>{payment.get('amount')}</td>
<td>{payment.get('status')}</td>
<td>{created}</td>
</tr>
"""
if not recent_payments_rows:
recent_payments_rows = "<tr><td colspan='6' class='text-center text-muted'>Нет платежей</td></tr>"
students_set = set(journal.keys())
for _, students in classes.items():
students_set.update(students)
for username, user_data in valid_users.items():
if get_user_role(user_data) == ROLE_STUDENT:
students_set.add(username)
top_students = []
for student in students_set:
stats = get_student_stats(student)
top_students.append({
"student": student,
"avg": stats["avg"],
"grades": stats["grade_count"],
"finance": stats["finance_delta"],
"class_name": get_student_class(student)
})
top_students.sort(key=lambda x: (x["avg"], x["grades"], x["finance"]), reverse=True)
top_students_rows = ""
for i, item in enumerate(top_students[:10], start=1):
top_students_rows += f"""
<tr>
<td>{i}</td>
<td><a href="/manager/student/{item['student']}">{item['student']}</a></td>
<td>{item['class_name']}</td>
<td>{item['avg']}</td>
<td>{item['grades']}</td>
<td>{item['finance']}</td>
</tr>
"""
if not top_students_rows:
top_students_rows = "<tr><td colspan='6' class='text-center text-muted'>Нет данных об учениках</td></tr>"
role_rows = ""
for role_name in sorted(role_counts.keys()):
role_rows += f"<tr><td>{role_name}</td><td>{role_counts[role_name]}</td></tr>"
recent_ops_rows = ""
for op in sorted(history, key=lambda x: x.get("time", 0), reverse=True)[:15]:
op_time = datetime.fromtimestamp(op.get("time", 0)).strftime("%d.%m.%Y %H:%M")
recent_ops_rows += f"""
<tr>
<td>{op_time}</td>
<td>{op.get('user')}</td>
<td>{op.get('action')}</td>
<td>{op.get('amount')}</td>
<td>{op.get('target', '-')}</td>
</tr>
"""
if not recent_ops_rows:
recent_ops_rows = "<tr><td colspan='5' class='text-center text-muted'>Нет операций</td></tr>"
return f"""
<!DOCTYPE html>
<html lang="ru">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Панель менеджера</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
<style>
body {{ background: #f5f7fb; font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif; }}
.hero {{ background: linear-gradient(135deg, #7c3aed, #2563eb); color: #fff; border-radius: 16px; padding: 22px; }}
.metric {{ background: #fff; border-radius: 14px; border: 1px solid #e6ebff; box-shadow: 0 6px 16px rgba(50,70,150,0.12); padding: 16px; height: 100%; }}
.cardx {{ background: #fff; border-radius: 14px; border: 1px solid #e6ebff; box-shadow: 0 6px 16px rgba(50,70,150,0.12); padding: 16px; margin-top: 14px; }}
</style>
</head>
<body>
<div class="container py-4">
<div class="hero mb-3">
<div class="d-flex justify-content-between align-items-center flex-wrap gap-2">
<div>
<h3 class="mb-1">Панель менеджера</h3>
<div class="opacity-75">Пользователь: <b>{manager_username}</b></div>
</div>
<div class="d-flex gap-2">
<a href="/dashboard" class="btn btn-light btn-sm">Назад</a>
<a href="/logout" class="btn btn-outline-light btn-sm">Выход</a>
</div>
</div>
</div>
<div class="row g-3">
<div class="col-md-3"><div class="metric"><div class="text-muted">Пользователи</div><h3>{len(valid_users)}</h3></div></div>
<div class="col-md-3"><div class="metric"><div class="text-muted">Общий баланс</div><h3>{total_balance}</h3></div></div>
<div class="col-md-3"><div class="metric"><div class="text-muted">Платежей всего</div><h3>{payment_total}</h3></div></div>
<div class="col-md-3"><div class="metric"><div class="text-muted">Платежей pending/completed</div><h3>{payment_pending}/{payment_completed}</h3></div></div>
</div>
<div class="row g-3">
<div class="col-lg-4">
<div class="cardx">
<h5>Роли в системе</h5>
<table class="table table-sm">
<thead><tr><th>Роль</th><th>Количество</th></tr></thead>
<tbody>{role_rows}</tbody>
</table>
</div>
</div>
<div class="col-lg-8">
<div class="cardx">
<h5>Топ учеников</h5>
<table class="table table-sm align-middle">
<thead><tr><th>#</th><th>Ученик</th><th>Класс</th><th>Средний</th><th>Оценок</th><th>Деньги</th></tr></thead>
<tbody>{top_students_rows}</tbody>
</table>
</div>
</div>
</div>
<div class="cardx">
<h5>Последние платежи</h5>
<div class="table-responsive">
<table class="table table-sm align-middle">
<thead><tr><th>ID</th><th>Плательщик</th><th>Получатель</th><th>Сумма</th><th>Статус</th><th>Дата</th></tr></thead>
<tbody>{recent_payments_rows}</tbody>
</table>
</div>
</div>
<div class="cardx">
<h5>Последние операции</h5>
<div class="table-responsive">
<table class="table table-sm align-middle">
<thead><tr><th>Дата</th><th>Пользователь</th><th>Действие</th><th>Сумма</th><th>Цель</th></tr></thead>
<tbody>{recent_ops_rows}</tbody>
</table>
</div>
</div>
<div class="text-muted small mt-2">
Товаров в магазине: {len(shop_data.get('items', []))} | Объявлений: {len(shop_data.get('ads', []))}
</div>
</div>
</body>
</html>
"""
@app.route("/teacher")
@login_required
@teacher_required
def teacher_panel():
return redirect("/journal")
@app.route("/student_panel")
@login_required
@student_required
def student_panel():
current_role = get_user_role(load_users().get(session.get("user"), {}))
student_username = session.get("user")
if current_role == ROLE_ADMIN:
requested_student = request.args.get("student", "").strip()
if requested_student:
student_username = requested_student
return render_student_panel(student_username)
@app.route("/parent_panel")
@login_required
@parent_required
def parent_panel():
users = load_users()
current_user = session.get("user")
current_role = get_user_role(users.get(current_user, {}))
parent_username = current_user
if current_role == ROLE_ADMIN:
requested_parent = request.args.get("parent", "").strip()
if requested_parent in users:
parent_username = requested_parent
return render_parent_panel(parent_username)
@app.route("/parent/add_child", methods=['POST'])
@login_required
@parent_required
def parent_add_child():
users = load_users()
links = load_parent_links()
classes = load_classes()
journal = load_journal()
current_user = session.get("user")
current_role = get_user_role(users.get(current_user, {}))
parent_username = current_user
if current_role == ROLE_ADMIN:
requested_parent = request.form.get("parent", "").strip()
if requested_parent in users:
parent_username = requested_parent
student = request.form.get("student", "").strip()
if not student:
return redirect("/parent_panel")
if student not in users:
return redirect("/parent_panel")
student_role = get_user_role(users.get(student, {}))
in_classes = any(student in students for students in classes.values())
in_journal = student in journal
if student_role != ROLE_STUDENT and not in_classes and not in_journal:
return redirect("/parent_panel")
links.setdefault(parent_username, [])
if student not in links[parent_username]:
links[parent_username].append(student)
save_parent_links(links)
ws_emit_user(parent_username, "parent.child_added", {"student": student})
ws_emit_user(student, "parent.linked", {"parent": parent_username})
ws_emit_system("parent.child_added", {
"parent": parent_username,
"student": student
})
return redirect("/parent_panel")
@app.route("/parent/remove_child/<student>", methods=['POST'])
@login_required
@parent_required
def parent_remove_child(student):
links = load_parent_links()
parent_username = session.get("user")
if parent_username in links and student in links[parent_username]:
links[parent_username] = [s for s in links[parent_username] if s != student]
save_parent_links(links)
ws_emit_user(parent_username, "parent.child_removed", {"student": student})
ws_emit_user(student, "parent.unlinked", {"parent": parent_username})
ws_emit_system("parent.child_removed", {
"parent": parent_username,
"student": student
})
return redirect("/parent_panel")
@app.route("/parent/student/<student>")
@login_required
@parent_required
def parent_student_view(student):
users = load_users()
if student not in users:
return "Ученик не найден", 404
current_user = session.get("user")
current_role = get_user_role(users.get(current_user, {}))
if current_role != ROLE_ADMIN:
children = get_parent_children(current_user)
if student not in children:
return redirect("/parent_panel")
return render_student_panel(student)
@app.route("/manager_panel")
@login_required
@manager_required
def manager_panel():
return render_manager_panel(session.get("user"))
@app.route("/manager/student/<student>")
@login_required
@manager_required
def manager_student_view(student):
users = load_users()
if student not in users:
return "Ученик не найден", 404
return render_student_panel(student)
@app.route("/add_subject", methods=['POST'])
@login_required
@teacher_required
def add_subject():
subject = request.form.get("subject", "").strip()
if not subject:
return redirect("/journal")
subjects = load_subjects()
if subject not in subjects:
subjects.append(subject)
subjects.sort()
save_subjects(subjects)
ws_emit_system("journal.subject_added", {"subject": subject, "by": session.get("user")})
return redirect("/journal")
@app.route("/add_class", methods=['POST'])
@login_required
@teacher_required
def add_class():
class_name = request.form.get("class_name", "").strip()
if not class_name:
return redirect("/journal")
classes = load_classes()
is_new_class = class_name not in classes
classes.setdefault(class_name, [])
save_classes(classes)
if is_new_class:
ws_emit_system("journal.class_added", {"class_name": class_name, "by": session.get("user")})
return redirect("/journal")
@app.route("/add_student_to_class", methods=['POST'])
@login_required
@teacher_required
def add_student_to_class():
student = request.form.get("student", "").strip()
class_name = request.form.get("class_name", "").strip()
if not student or not class_name:
return redirect("/journal")
users = load_users()
if student not in users:
return "Ученик не найден", 404
classes = load_classes()
classes.setdefault(class_name, [])
if student not in classes[class_name]:
classes[class_name].append(student)
save_classes(classes)
ws_emit_system("journal.student_added_to_class", {
"student": student,
"class_name": class_name,
"by": session.get("user")
})
return redirect("/journal")
@app.route("/add_grade", methods=['POST'])
@login_required
@teacher_required
def add_grade():
student = request.form.get("student", "").strip()
subject = request.form.get("subject", "").strip()
grade_raw = request.form.get("grade", "").strip()
try:
grade = int(grade_raw)
except ValueError:
return "Оценка должна быть числом от 2 до 5", 400
if grade not in [2, 3, 4, 5]:
return "Оценка должна быть от 2 до 5", 400
users = load_users()
if student not in users:
return "Ученик не найден", 404
if not subject:
return "Укажите предмет", 400
journal = load_journal()
journal.setdefault(student, {})
journal[student].setdefault(subject, [])
journal[student][subject].append(grade)
save_journal(journal)
delta = calculate_money_for_grade(grade)
users[student]["balance"] = users[student].get("balance", 0) + delta
save_users(users)
sign = "+" if delta >= 0 else ""
add_history(student, "grade_update", abs(delta), f"{subject}: оценка {grade} ({sign}{delta})")
ws_emit_system("journal.grade_added", {
"student": student,
"subject": subject,
"grade": grade,
"delta": delta,
"by": session.get("user")
})
ws_emit_balance_update(student)
return redirect("/journal")
@app.route("/student_graph/<student>")
@login_required
@teacher_required
def student_graph(student):
stats = get_student_stats(student)
all_grades = []
for grades in stats["subjects"].values():
all_grades.extend(grades)
labels = list(range(1, len(all_grades) + 1))
return f"""
<h2>График успеваемости: {student}</h2>
<a href="/journal">Назад</a>
<canvas id="chart" width="900" height="320"></canvas>
<script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
<script>
const labels = {json.dumps(labels)};
const grades = {json.dumps(all_grades)};
new Chart(document.getElementById('chart'), {{
type: 'line',
data: {{
labels: labels,
datasets: [{{ label: 'Оценки', data: grades, borderColor: '#0d6efd', tension: 0.25 }}]
}},
options: {{ scales: {{ y: {{ min: 2, max: 5, ticks: {{ stepSize: 1 }} }} }} }}
}});
</script>
"""
@app.route("/student_avg_graph/<student>")
@login_required
@teacher_required
def student_avg_graph(student):
stats = get_student_stats(student)
all_grades = []
for grades in stats["subjects"].values():
all_grades.extend(grades)
averages = []
current = []
for g in all_grades:
current.append(g)
averages.append(round(sum(current) / len(current), 2))
labels = list(range(1, len(averages) + 1))
return f"""
<h2>Динамика среднего балла: {student}</h2>
<a href="/journal">Назад</a>
<canvas id="chart" width="900" height="320"></canvas>
<script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
<script>
const labels = {json.dumps(labels)};
const dataPoints = {json.dumps(averages)};
new Chart(document.getElementById('chart'), {{
type: 'line',
data: {{
labels: labels,
datasets: [{{ label: 'Средний балл', data: dataPoints, borderColor: '#198754', tension: 0.25 }}]
}},
options: {{ scales: {{ y: {{ min: 2, max: 5 }} }} }}
}});
</script>
"""
@app.route("/student_finance_graph/<student>")
@login_required
@teacher_required
def student_finance_graph(student):
stats = get_student_stats(student)
all_grades = []
for grades in stats["subjects"].values():
all_grades.extend(grades)
balance_history = []
balance = 0
for g in all_grades:
balance += calculate_money_for_grade(g)
balance_history.append(balance)
labels = list(range(1, len(balance_history) + 1))
return f"""
<h2>Финансовый график ученика: {student}</h2>
<a href="/journal">Назад</a>
<canvas id="chart" width="900" height="320"></canvas>
<script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
<script>
const labels = {json.dumps(labels)};
const dataPoints = {json.dumps(balance_history)};
new Chart(document.getElementById('chart'), {{
type: 'line',
data: {{
labels: labels,
datasets: [{{ label: 'Баланс от оценок', data: dataPoints, borderColor: '#fd7e14', tension: 0.25 }}]
}}
}});
</script>
"""
@app.route("/student_stats/<student>")
@login_required
@teacher_required
def student_stats(student):
users = load_users()
if student not in users:
return "Ученик не найден", 404
stats = get_student_stats(student)
class_name = get_student_class(student)
subjects_rows = ""
for subject, grades in stats["subjects"].items():
sub_avg = round(sum(grades) / len(grades), 2) if grades else 0
subjects_rows += f"<tr><td>{subject}</td><td>{', '.join(map(str, grades))}</td><td>{sub_avg}</td></tr>"
if not subjects_rows:
subjects_rows = "<tr><td colspan='3'>Нет данных</td></tr>"
return f"""
<h2>Статистика ученика: {student}</h2>
<a href="/journal">Назад</a>
<p>Класс: <b>{class_name}</b></p>
<p>Средний балл: <b>{stats['avg']}</b></p>
<p>Количество оценок: <b>{stats['grade_count']}</b></p>
<p>Финансовый итог по оценкам: <b>{stats['finance_delta']}</b></p>
<p>Текущий баланс: <b>{stats['current_balance']}</b></p>
<table border="1" cellpadding="8">
<tr><th>Предмет</th><th>Оценки</th><th>Средний</th></tr>
{subjects_rows}
</table>
"""
@app.route("/rating")
@login_required
@teacher_required
def rating():
journal = load_journal()
users = load_users()
result = []
for student in journal.keys():
stats = get_student_stats(student)
result.append({
"student": student,
"avg": stats["avg"],
"balance": users.get(student, {}).get("balance", 0),
"class_name": get_student_class(student)
})
result.sort(key=lambda x: (x["avg"], x["balance"]), reverse=True)
rows = ""
place = 1
for item in result:
rows += f"""
<tr>
<td>{place}</td>
<td>{item['student']}</td>
<td>{item['class_name']}</td>
<td>{item['avg']}</td>
<td>{item['balance']}</td>
</tr>
"""
place += 1
if not rows:
rows = "<tr><td colspan='5'>Нет данных для рейтинга</td></tr>"
return f"""
<h2>Рейтинг учеников</h2>
<a href="/journal">Назад</a>
<table border="1" cellpadding="8">
<tr>
<th>Место</th>
<th>Ученик</th>
<th>Класс</th>
<th>Средний балл</th>
<th>Баланс</th>
</tr>
{rows}
</table>
"""
@app.route("/journal")
@login_required
@teacher_required
def journal_page():
journal = load_journal()
classes = load_classes()
subjects = load_subjects()
users = load_users()
students_rows = ""
for student in sorted(journal.keys()):
stats = get_student_stats(student)
class_name = get_student_class(student)
balance_class = "pos" if stats["current_balance"] >= 0 else "neg"
students_rows += f"""
<tr>
<td><b>{student}</b></td>
<td><span class="class-pill">{class_name}</span></td>
<td>{stats['avg']}</td>
<td><span class="balance {balance_class}">{stats['current_balance']}</span></td>
<td class="actions">
<a class="link-btn" href="/student_graph/{student}">Успеваемость</a>
<a class="link-btn" href="/student_avg_graph/{student}">Средний</a>
<a class="link-btn" href="/student_finance_graph/{student}">Финансы</a>
<a class="link-btn" href="/student_stats/{student}">Статистика</a>
</td>
</tr>
"""
if not students_rows:
students_rows = "<tr><td colspan='5' class='empty'>Пока нет данных по ученикам</td></tr>"
class_rows = ""
for class_name, students in sorted(classes.items()):
student_chips = ", ".join([f"<span class='student-chip'>{s}</span>" for s in students]) if students else "<span class='muted'>—</span>"
class_rows += f"<tr><td><span class='class-pill'>{class_name}</span></td><td>{student_chips}</td></tr>"
if not class_rows:
class_rows = "<tr><td colspan='2' class='empty'>Классы не добавлены</td></tr>"
subjects_text = "".join([f"<span class='subject-chip'>{s}</span>" for s in subjects]) if subjects else "<span class='muted'>Предметы не добавлены</span>"
student_candidates = set(journal.keys())
for class_students in classes.values():
student_candidates.update(class_students)
for username, user_data in users.items():
if not isinstance(user_data, dict):
continue
role = user_data.get("role", "client")
if role in [ROLE_ADMIN, ROLE_TEACHER, ROLE_MANAGER, ROLE_PARENT]:
continue
student_candidates.add(username)
grade_students = sorted(student_candidates)
subject_candidates = set(subjects)
for student_subjects in journal.values():
if isinstance(student_subjects, dict):
subject_candidates.update(student_subjects.keys())
grade_subjects = sorted(subject_candidates)
if grade_students:
student_options = '<option value="" selected disabled>Выберите ученика</option>' + "".join(
[f'<option value="{student}">{student}</option>' for student in grade_students]
)
else:
student_options = '<option value="" selected disabled>Сначала добавьте учеников</option>'
if grade_subjects:
subject_options = '<option value="" selected disabled>Выберите предмет</option>' + "".join(
[f'<option value="{subject}">{subject}</option>' for subject in grade_subjects]
)
else:
subject_options = '<option value="" selected disabled>Сначала добавьте предметы</option>'
grade_options = """
<option value="" selected disabled>Выберите оценку</option>
<option value="5">5</option>
<option value="4">4</option>
<option value="3">3</option>
<option value="2">2</option>
"""
grade_submit_disabled = "disabled" if not grade_students or not grade_subjects else ""
return f"""
<!DOCTYPE html>
<html lang="ru">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Учительская панель</title>
<style>
:root {{
--primary: #4361ee;
--secondary: #3a0ca3;
--bg: #f4f7fc;
--surface: #ffffff;
--line: #e6ebf5;
--text: #1f2a44;
--muted: #6b7894;
--success: #168a5a;
--danger: #c63b3b;
--shadow: 0 12px 28px rgba(37, 72, 160, 0.12);
}}
* {{
box-sizing: border-box;
}}
body {{
margin: 0;
font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
background: radial-gradient(circle at top left, #e9efff 0%, var(--bg) 45%);
color: var(--text);
}}
.journal-shell {{
max-width: 1220px;
margin: 28px auto;
padding: 0 16px 28px;
}}
.header-card {{
background: linear-gradient(135deg, var(--primary) 0%, var(--secondary) 100%);
color: #fff;
border-radius: 18px;
padding: 20px;
box-shadow: var(--shadow);
margin-bottom: 18px;
}}
.top-links {{
margin-top: 12px;
display: flex;
gap: 10px;
flex-wrap: wrap;
}}
.top-links a {{
color: #fff;
background: rgba(255, 255, 255, 0.14);
text-decoration: none;
padding: 8px 14px;
border-radius: 10px;
border: 1px solid rgba(255, 255, 255, 0.18);
}}
.forms-grid {{
display: grid;
grid-template-columns: repeat(auto-fit, minmax(280px, 1fr));
gap: 14px;
margin-bottom: 16px;
}}
.panel {{
background: var(--surface);
border-radius: 14px;
border: 1px solid var(--line);
box-shadow: 0 6px 20px rgba(30, 60, 135, 0.08);
padding: 16px;
}}
.panel h3 {{
margin: 0 0 10px;
font-size: 18px;
}}
.panel form {{
display: flex;
gap: 8px;
flex-wrap: wrap;
}}
.field {{
flex: 1 1 160px;
border: 1px solid #d7deee;
border-radius: 10px;
padding: 10px 12px;
font-size: 14px;
}}
.btn {{
border: none;
border-radius: 10px;
padding: 10px 14px;
color: #fff;
cursor: pointer;
background: linear-gradient(135deg, var(--primary), var(--secondary));
font-weight: 600;
}}
.chips {{
margin-top: 10px;
display: flex;
gap: 8px;
flex-wrap: wrap;
}}
.subject-chip {{
background: #e8eeff;
color: #2e4cae;
border-radius: 999px;
padding: 5px 10px;
font-size: 13px;
font-weight: 600;
}}
.rule {{
background: #fff8e8;
border: 1px solid #fde1aa;
color: #7a570d;
border-radius: 12px;
padding: 10px 12px;
margin: 0 0 16px;
font-weight: 600;
}}
.table-card {{
background: var(--surface);
border: 1px solid var(--line);
border-radius: 14px;
box-shadow: 0 6px 20px rgba(30, 60, 135, 0.08);
padding: 16px;
margin-bottom: 14px;
overflow: auto;
}}
.table-card h3 {{
margin: 0 0 12px;
}}
table {{
width: 100%;
border-collapse: collapse;
min-width: 690px;
}}
th {{
text-align: left;
background: #f0f4ff;
color: #304478;
font-size: 13px;
text-transform: uppercase;
letter-spacing: 0.4px;
}}
th, td {{
border-bottom: 1px solid var(--line);
padding: 10px 12px;
vertical-align: top;
}}
.class-pill {{
background: #eef2ff;
color: #2a4597;
border: 1px solid #d9e2ff;
border-radius: 999px;
padding: 4px 10px;
font-weight: 700;
font-size: 13px;
}}
.student-chip {{
background: #f2f5fd;
border: 1px solid #dbe3f7;
border-radius: 999px;
padding: 4px 9px;
font-size: 13px;
white-space: nowrap;
}}
.muted {{
color: var(--muted);
}}
.balance.pos {{
color: var(--success);
font-weight: 700;
}}
.balance.neg {{
color: var(--danger);
font-weight: 700;
}}
.actions {{
display: flex;
flex-wrap: wrap;
gap: 6px;
}}
.link-btn {{
text-decoration: none;
color: #2949a1;
background: #edf2ff;
border: 1px solid #d8e2ff;
padding: 5px 10px;
border-radius: 8px;
font-size: 13px;
font-weight: 600;
}}
.empty {{
color: var(--muted);
text-align: center;
padding: 16px;
}}
@media (max-width: 768px) {{
.header-card {{
border-radius: 14px;
}}
.panel form {{
flex-direction: column;
}}
.btn {{
width: 100%;
}}
}}
</style>
</head>
<body>
<div class="journal-shell">
<div class="header-card">
<h2>Учительская панель: электронный дневник</h2>
<div class="top-links">
<a href="/dashboard">Назад в банк</a>
<a href="/rating">Рейтинг учеников</a>
</div>
</div>
<div class="forms-grid">
<div class="panel">
<h3>Добавить предмет</h3>
<form method="post" action="/add_subject">
<input class="field" name="subject" placeholder="Математика" required>
<button class="btn">Добавить предмет</button>
</form>
<div class="chips">{subjects_text}</div>
</div>
<div class="panel">
<h3>Добавить класс</h3>
<form method="post" action="/add_class">
<input class="field" name="class_name" placeholder="" required>
<button class="btn">Создать класс</button>
</form>
</div>
<div class="panel">
<h3>Добавить ученика в класс</h3>
<form method="post" action="/add_student_to_class">
<input class="field" name="student" placeholder="Логин ученика" required>
<input class="field" name="class_name" placeholder="Класс" required>
<button class="btn">Добавить</button>
</form>
</div>
</div>
<div class="panel" style="margin-bottom: 14px;">
<h3>Поставить оценку</h3>
<p class="rule">Финансовая логика: 5 => +20, 4 => +10, 3 => -10, 2 => -20</p>
<form method="post" action="/add_grade">
<select class="field" name="student" required>
{student_options}
</select>
<select class="field" name="subject" required>
{subject_options}
</select>
<select class="field" name="grade" required>
{grade_options}
</select>
<button class="btn" {grade_submit_disabled}>Поставить оценку</button>
</form>
</div>
<div class="table-card">
<h3>Классы</h3>
<table>
<tr><th>Класс</th><th>Ученики</th></tr>
{class_rows}
</table>
</div>
<div class="table-card">
<h3>Ученики</h3>
<table>
<tr>
<th>Ученик</th>
<th>Класс</th>
<th>Средний балл</th>
<th>Баланс</th>
<th>Инструменты</th>
</tr>
{students_rows}
</table>
</div>
</div>
</body>
</html>
"""
if __name__ == '__main__':
import threading
def daily_update_thread():
while True:
time.sleep(86400)
daily_update()
thread = threading.Thread(target=daily_update_thread, daemon=True)
thread.start()
requested_debug = parse_bool(os.environ.get("BANK_DEBUG", "1"))
app.run(host='0.0.0.0', port=5000, debug=requested_debug, use_reloader=requested_debug)
Reference in New Issue View Git Blame Copy Permalink