From 66856a697d4b2628ae51140cee8a91dc70f7cb71 Mon Sep 17 00:00:00 2001 From: Maciej Pienczyn Date: Tue, 27 Jan 2026 10:10:45 +0100 Subject: [PATCH] refactor(phase1): Extract blueprints for reports, contacts, classifieds, calendar MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Phase 1 of app.py refactoring - reducing from ~14,455 to ~13,699 lines. New structure: - blueprints/reports/ - 4 routes (/raporty/*) - blueprints/community/contacts/ - 6 routes (/kontakty/*) - blueprints/community/classifieds/ - 4 routes (/tablica/*) - blueprints/community/calendar/ - 3 routes (/kalendarz/*) - utils/ - decorators, helpers, notifications, analytics - extensions.py - Flask extensions (csrf, login_manager, limiter) - config.py - environment configurations Updated templates with blueprint-prefixed url_for() calls. ⚠️ DO NOT DEPLOY before presentation on 2026-01-30 19:00 Tested on DEV: all endpoints working correctly. Co-Authored-By: Claude Opus 4.5 --- app.py | 786 +------------------ blueprints/__init__.py | 53 ++ blueprints/community/__init__.py | 9 + blueprints/community/calendar/__init__.py | 13 + blueprints/community/calendar/routes.py | 181 +++++ blueprints/community/classifieds/__init__.py | 13 + blueprints/community/classifieds/routes.py | 150 ++++ blueprints/community/contacts/__init__.py | 13 + blueprints/community/contacts/routes.py | 299 +++++++ blueprints/reports/__init__.py | 13 + blueprints/reports/routes.py | 185 +++++ config.py | 96 +++ extensions.py | 28 + templates/base.html | 12 +- templates/calendar/admin.html | 2 +- templates/calendar/event.html | 4 +- templates/calendar/index.html | 8 +- templates/classifieds/index.html | 18 +- templates/classifieds/new.html | 6 +- templates/classifieds/view.html | 6 +- templates/contacts/detail.html | 10 +- templates/contacts/form.html | 4 +- templates/contacts/list.html | 22 +- templates/dashboard.html | 2 +- templates/index.html | 2 +- templates/reports/categories.html | 2 +- templates/reports/membership.html | 2 +- templates/reports/social_media.html | 2 +- utils/__init__.py | 28 + utils/analytics.py | 280 +++++++ utils/context_processors.py | 46 ++ utils/decorators.py | 89 +++ utils/error_handlers.py | 50 ++ utils/helpers.py | 101 +++ utils/middleware.py | 120 +++ utils/notifications.py | 123 +++ 36 files changed, 1956 insertions(+), 822 deletions(-) create mode 100644 blueprints/__init__.py create mode 100644 blueprints/community/__init__.py create mode 100644 blueprints/community/calendar/__init__.py create mode 100644 blueprints/community/calendar/routes.py create mode 100644 blueprints/community/classifieds/__init__.py create mode 100644 blueprints/community/classifieds/routes.py create mode 100644 blueprints/community/contacts/__init__.py create mode 100644 blueprints/community/contacts/routes.py create mode 100644 blueprints/reports/__init__.py create mode 100644 blueprints/reports/routes.py create mode 100644 config.py create mode 100644 extensions.py create mode 100644 utils/__init__.py create mode 100644 utils/analytics.py create mode 100644 utils/context_processors.py create mode 100644 utils/decorators.py create mode 100644 utils/error_handlers.py create mode 100644 utils/helpers.py create mode 100644 utils/middleware.py create mode 100644 utils/notifications.py diff --git a/app.py b/app.py index a4843ad..f1f68fc 100644 --- a/app.py +++ b/app.py @@ -278,6 +278,11 @@ try: except Exception as e: logger.error(f"Failed to initialize Gemini service: {e}") +# Register blueprints (Phase 1: reports, community) +from blueprints import register_blueprints +register_blueprints(app) +logger.info("Blueprints registered") + @login_manager.user_loader def load_user(user_id): """Load user from database""" @@ -2800,178 +2805,11 @@ def admin_fees_export(): # ============================================================ -# CALENDAR ROUTES +# CALENDAR ROUTES - PUBLIC ROUTES MIGRATED TO blueprints/community/calendar/ # ============================================================ +# Routes: /kalendarz, /kalendarz/, /kalendarz//rsvp -@app.route('/kalendarz') -@login_required -def calendar_index(): - """Kalendarz wydarzeń Norda Biznes - widok listy lub siatki miesięcznej""" - from datetime import date - import calendar as cal_module - - # Polskie nazwy miesięcy - POLISH_MONTHS = { - 1: 'Styczeń', 2: 'Luty', 3: 'Marzec', 4: 'Kwiecień', - 5: 'Maj', 6: 'Czerwiec', 7: 'Lipiec', 8: 'Sierpień', - 9: 'Wrzesień', 10: 'Październik', 11: 'Listopad', 12: 'Grudzień' - } - - db = SessionLocal() - try: - today = date.today() - - # Parametry widoku - view_mode = request.args.get('view', 'list') # list lub grid - year = request.args.get('year', today.year, type=int) - month = request.args.get('month', today.month, type=int) - - # Walidacja miesiąca/roku - if month < 1: - month = 12 - year -= 1 - elif month > 12: - month = 1 - year += 1 - - # Oblicz poprzedni/następny miesiąc - if month == 1: - prev_month, prev_year = 12, year - 1 - else: - prev_month, prev_year = month - 1, year - - if month == 12: - next_month, next_year = 1, year + 1 - else: - next_month, next_year = month + 1, year - - # Dane dla widoku siatki - month_days = [] - events_by_day = {} - - if view_mode == 'grid': - # Pobierz wydarzenia z danego miesiąca - first_day = date(year, month, 1) - last_day = date(year, month, cal_module.monthrange(year, month)[1]) - events = db.query(NordaEvent).filter( - NordaEvent.event_date >= first_day, - NordaEvent.event_date <= last_day - ).order_by(NordaEvent.event_date.asc()).all() - - # Przygotuj strukturę kalendarza (poniedziałek = 0) - cal = cal_module.Calendar(firstweekday=0) - month_days = cal.monthdayscalendar(year, month) - - # Mapuj wydarzenia na dni - for event in events: - day = event.event_date.day - if day not in events_by_day: - events_by_day[day] = [] - events_by_day[day].append(event) - - # Dane dla widoku listy (zawsze potrzebne dla fallback) - upcoming = db.query(NordaEvent).filter( - NordaEvent.event_date >= today - ).order_by(NordaEvent.event_date.asc()).all() - - past = db.query(NordaEvent).filter( - NordaEvent.event_date < today - ).order_by(NordaEvent.event_date.desc()).limit(5).all() - - return render_template('calendar/index.html', - # Dane dla widoku listy - upcoming_events=upcoming, - past_events=past, - today=today, - # Dane dla widoku siatki - view_mode=view_mode, - year=year, - month=month, - month_name=POLISH_MONTHS.get(month, ''), - month_days=month_days, - events_by_day=events_by_day, - prev_month=prev_month, - prev_year=prev_year, - next_month=next_month, - next_year=next_year, - ) - finally: - db.close() - - -@app.route('/kalendarz/') -@login_required -def calendar_event(event_id): - """Szczegóły wydarzenia""" - db = SessionLocal() - try: - event = db.query(NordaEvent).filter(NordaEvent.id == event_id).first() - if not event: - flash('Wydarzenie nie istnieje.', 'error') - return redirect(url_for('calendar_index')) - - # Sprawdź czy użytkownik jest zapisany - user_attending = db.query(EventAttendee).filter( - EventAttendee.event_id == event_id, - EventAttendee.user_id == current_user.id - ).first() - - return render_template('calendar/event.html', - event=event, - user_attending=user_attending - ) - finally: - db.close() - - -@app.route('/kalendarz//rsvp', methods=['POST']) -@login_required -def calendar_rsvp(event_id): - """Zapisz się / wypisz z wydarzenia""" - db = SessionLocal() - try: - event = db.query(NordaEvent).filter(NordaEvent.id == event_id).first() - if not event: - return jsonify({'success': False, 'error': 'Wydarzenie nie istnieje'}), 404 - - # Sprawdź czy już zapisany - existing = db.query(EventAttendee).filter( - EventAttendee.event_id == event_id, - EventAttendee.user_id == current_user.id - ).first() - - if existing: - # Wypisz - db.delete(existing) - db.commit() - return jsonify({ - 'success': True, - 'action': 'removed', - 'message': 'Wypisano z wydarzenia', - 'attendee_count': event.attendee_count - }) - else: - # Zapisz - if event.max_attendees and event.attendee_count >= event.max_attendees: - return jsonify({'success': False, 'error': 'Brak wolnych miejsc'}), 400 - - attendee = EventAttendee( - event_id=event_id, - user_id=current_user.id, - status='confirmed' - ) - db.add(attendee) - db.commit() - return jsonify({ - 'success': True, - 'action': 'added', - 'message': 'Zapisano na wydarzenie', - 'attendee_count': event.attendee_count - }) - finally: - db.close() - - +# Admin calendar routes remain here @app.route('/admin/kalendarz') @login_required def admin_calendar(): @@ -3794,144 +3632,9 @@ def api_delete_recommendation(rec_id): # ============================================================ -# B2B CLASSIFIEDS ROUTES +# B2B CLASSIFIEDS ROUTES - MIGRATED TO blueprints/community/classifieds/ # ============================================================ - -@app.route('/tablica') -@login_required -def classifieds_index(): - """Tablica ogłoszeń B2B""" - listing_type = request.args.get('type', '') - category = request.args.get('category', '') - page = request.args.get('page', 1, type=int) - per_page = 20 - - db = SessionLocal() - try: - query = db.query(Classified).filter( - Classified.is_active == True - ) - - # Filtry - if listing_type: - query = query.filter(Classified.listing_type == listing_type) - if category: - query = query.filter(Classified.category == category) - - # Sortowanie - najnowsze pierwsze - query = query.order_by(Classified.created_at.desc()) - - total = query.count() - classifieds = query.limit(per_page).offset((page - 1) * per_page).all() - - # Kategorie do filtrów - categories = [ - ('uslugi', 'Usługi'), - ('produkty', 'Produkty'), - ('wspolpraca', 'Współpraca'), - ('praca', 'Praca'), - ('inne', 'Inne') - ] - - return render_template('classifieds/index.html', - classifieds=classifieds, - categories=categories, - listing_type=listing_type, - category_filter=category, - page=page, - total_pages=(total + per_page - 1) // per_page - ) - finally: - db.close() - - -@app.route('/tablica/nowe', methods=['GET', 'POST']) -@login_required -def classifieds_new(): - """Dodaj nowe ogłoszenie""" - if request.method == 'POST': - listing_type = request.form.get('listing_type', '') - category = request.form.get('category', '') - title = sanitize_input(request.form.get('title', ''), 255) - description = request.form.get('description', '').strip() - budget_info = sanitize_input(request.form.get('budget_info', ''), 255) - location_info = sanitize_input(request.form.get('location_info', ''), 255) - - if not listing_type or not category or not title or not description: - flash('Wszystkie wymagane pola muszą być wypełnione.', 'error') - return render_template('classifieds/new.html') - - db = SessionLocal() - try: - # Automatyczne wygaśnięcie po 30 dniach - expires = datetime.now() + timedelta(days=30) - - classified = Classified( - author_id=current_user.id, - company_id=current_user.company_id, - listing_type=listing_type, - category=category, - title=title, - description=description, - budget_info=budget_info, - location_info=location_info, - expires_at=expires - ) - db.add(classified) - db.commit() - - flash('Ogłoszenie dodane.', 'success') - return redirect(url_for('classifieds_index')) - finally: - db.close() - - return render_template('classifieds/new.html') - - -@app.route('/tablica/') -@login_required -def classifieds_view(classified_id): - """Szczegóły ogłoszenia""" - db = SessionLocal() - try: - classified = db.query(Classified).filter( - Classified.id == classified_id - ).first() - - if not classified: - flash('Ogłoszenie nie istnieje.', 'error') - return redirect(url_for('classifieds_index')) - - # Zwiększ licznik wyświetleń (handle NULL) - classified.views_count = (classified.views_count or 0) + 1 - db.commit() - - return render_template('classifieds/view.html', classified=classified) - finally: - db.close() - - -@app.route('/tablica//zakoncz', methods=['POST']) -@login_required -def classifieds_close(classified_id): - """Zamknij ogłoszenie""" - db = SessionLocal() - try: - classified = db.query(Classified).filter( - Classified.id == classified_id, - Classified.author_id == current_user.id - ).first() - - if not classified: - return jsonify({'success': False, 'error': 'Ogłoszenie nie istnieje lub brak uprawnień'}), 404 - - classified.is_active = False - db.commit() - - return jsonify({'success': True, 'message': 'Ogłoszenie zamknięte'}) - finally: - db.close() - +# Routes: /tablica, /tablica/nowe, /tablica/, /tablica//zakoncz # ============================================================ # NEW MEMBERS ROUTE @@ -9587,180 +9290,9 @@ def api_it_audit_export(): # ============================================================ -# RAPORTY +# RAPORTY - MIGRATED TO blueprints/reports/ # ============================================================ - -@app.route('/raporty') -@login_required -def reports_index(): - """Lista dostępnych raportów.""" - reports = [ - { - 'id': 'staz-czlonkostwa', - 'title': 'Staż członkostwa w Izbie NORDA', - 'description': 'Zestawienie firm według daty przystąpienia do Izby. Pokazuje historię i lojalność członków.', - 'icon': '🏆', - 'url': url_for('report_membership') - }, - { - 'id': 'social-media', - 'title': 'Pokrycie Social Media', - 'description': 'Analiza obecności firm w mediach społecznościowych: Facebook, Instagram, LinkedIn, YouTube, TikTok, X.', - 'icon': '📱', - 'url': url_for('report_social_media') - }, - { - 'id': 'struktura-branzowa', - 'title': 'Struktura branżowa', - 'description': 'Rozkład firm według kategorii działalności: IT, Budownictwo, Usługi, Produkcja, Handel.', - 'icon': '🏢', - 'url': url_for('report_categories') - }, - ] - return render_template('reports/index.html', reports=reports) - - -@app.route('/raporty/staz-czlonkostwa') -@login_required -def report_membership(): - """Raport: Staż członkostwa w Izbie NORDA.""" - from datetime import date - db = SessionLocal() - try: - # Firmy z member_since, posortowane od najstarszego - companies = db.query(Company).filter( - Company.member_since.isnot(None) - ).order_by(Company.member_since.asc()).all() - - # Statystyki - today = date.today() - stats = { - 'total_with_date': len(companies), - 'total_without_date': db.query(Company).filter( - Company.member_since.is_(None) - ).count(), - 'oldest': companies[0] if companies else None, - 'newest': companies[-1] if companies else None, - 'avg_years': sum( - (today - c.member_since).days / 365.25 - for c in companies - ) / len(companies) if companies else 0 - } - - # Dodaj obliczony staż do każdej firmy - for c in companies: - c.membership_years = int((today - c.member_since).days / 365.25) - - # Dodaj też do oldest i newest - if stats['oldest']: - stats['oldest'].membership_years = int((today - stats['oldest'].member_since).days / 365.25) - - return render_template( - 'reports/membership.html', - companies=companies, - stats=stats, - generated_at=datetime.now() - ) - finally: - db.close() - - -@app.route('/raporty/social-media') -@login_required -def report_social_media(): - """Raport: Pokrycie Social Media.""" - from sqlalchemy.orm import joinedload - db = SessionLocal() - try: - # Wszystkie firmy z ich profilami social media - companies = db.query(Company).options( - joinedload(Company.social_media_profiles) - ).order_by(Company.name).all() - - platforms = ['facebook', 'instagram', 'linkedin', 'youtube', 'tiktok', 'twitter'] - - # Statystyki platform - platform_stats = {} - for platform in platforms: - count = db.query(CompanySocialMedia).filter_by( - platform=platform - ).count() - platform_stats[platform] = { - 'count': count, - 'percent': round(count / len(companies) * 100, 1) if companies else 0 - } - - # Firmy z min. 1 profilem - companies_with_social = [ - c for c in companies if c.social_media_profiles - ] - - stats = { - 'total_companies': len(companies), - 'with_social': len(companies_with_social), - 'without_social': len(companies) - len(companies_with_social), - 'coverage_percent': round( - len(companies_with_social) / len(companies) * 100, 1 - ) if companies else 0 - } - - return render_template( - 'reports/social_media.html', - companies=companies, - platforms=platforms, - platform_stats=platform_stats, - stats=stats, - generated_at=datetime.now() - ) - finally: - db.close() - - -@app.route('/raporty/struktura-branzowa') -@login_required -def report_categories(): - """Raport: Struktura branżowa.""" - from sqlalchemy import func - db = SessionLocal() - try: - # Grupowanie po category_id (kolumna FK, nie relacja) - category_counts = db.query( - Company.category_id, - func.count(Company.id).label('count') - ).group_by(Company.category_id).all() - - total = sum(c.count for c in category_counts) - - # Pobierz mapę kategorii (id -> name) jednym zapytaniem - category_map = {cat.id: cat.name for cat in db.query(Category).all()} - - categories = [] - for cat in category_counts: - cat_id = cat.category_id - cat_name = category_map.get(cat_id, 'Brak kategorii') if cat_id else 'Brak kategorii' - - examples = db.query(Company.name).filter( - Company.category_id == cat_id - ).limit(3).all() - - categories.append({ - 'name': cat_name, - 'count': cat.count, - 'percent': round(cat.count / total * 100, 1) if total else 0, - 'examples': [e.name for e in examples] - }) - - # Sortuj od największej - categories.sort(key=lambda x: x['count'], reverse=True) - - return render_template( - 'reports/categories.html', - categories=categories, - total=total, - generated_at=datetime.now() - ) - finally: - db.close() +# Routes: /raporty, /raporty/staz-czlonkostwa, /raporty/social-media, /raporty/struktura-branzowa # ============================================================ @@ -13818,298 +13350,10 @@ def announcement_detail(slug): # ============================================================ -# EXTERNAL CONTACTS (Kontakty zewnętrzne) +# EXTERNAL CONTACTS - PAGE ROUTES MIGRATED TO blueprints/community/contacts/ # ============================================================ - -@app.route('/kontakty') -@login_required -def contacts_list(): - """ - Lista kontaktów zewnętrznych - urzędy, instytucje, partnerzy. - Dostępna dla wszystkich zalogowanych członków. - """ - from database import ExternalContact, User - - db = SessionLocal() - try: - page = request.args.get('page', 1, type=int) - per_page = 20 - search = request.args.get('q', '').strip() - org_type = request.args.get('type', '') - project = request.args.get('project', '') - - query = db.query(ExternalContact).filter(ExternalContact.is_active == True) - - # Search filter - if search: - search_pattern = f'%{search}%' - query = query.filter( - or_( - ExternalContact.first_name.ilike(search_pattern), - ExternalContact.last_name.ilike(search_pattern), - ExternalContact.organization_name.ilike(search_pattern), - ExternalContact.position.ilike(search_pattern), - ExternalContact.project_name.ilike(search_pattern), - ExternalContact.tags.ilike(search_pattern) - ) - ) - - # Organization type filter - if org_type and org_type in ExternalContact.ORGANIZATION_TYPES: - query = query.filter(ExternalContact.organization_type == org_type) - - # Project filter - if project: - query = query.filter(ExternalContact.project_name.ilike(f'%{project}%')) - - # Order by organization name, then last name - query = query.order_by( - ExternalContact.organization_name, - ExternalContact.last_name - ) - - # Pagination - total = query.count() - contacts = query.offset((page - 1) * per_page).limit(per_page).all() - total_pages = (total + per_page - 1) // per_page - - # Get unique projects for filter dropdown - projects = db.query(ExternalContact.project_name).filter( - ExternalContact.is_active == True, - ExternalContact.project_name.isnot(None), - ExternalContact.project_name != '' - ).distinct().order_by(ExternalContact.project_name).all() - project_names = [p[0] for p in projects if p[0]] - - return render_template('contacts/list.html', - contacts=contacts, - page=page, - total_pages=total_pages, - total=total, - search=search, - org_type=org_type, - project=project, - org_types=ExternalContact.ORGANIZATION_TYPES, - org_type_labels=ExternalContact.ORGANIZATION_TYPE_LABELS, - project_names=project_names) - - finally: - db.close() - - -@app.route('/kontakty/') -@login_required -def contact_detail(contact_id): - """ - Szczegóły kontaktu zewnętrznego - pełna karta osoby. - """ - from database import ExternalContact - - db = SessionLocal() - try: - contact = db.query(ExternalContact).filter( - ExternalContact.id == contact_id, - ExternalContact.is_active == True - ).first() - - if not contact: - flash('Kontakt nie został znaleziony.', 'error') - return redirect(url_for('contacts_list')) - - # Get other contacts from the same organization - related_contacts = db.query(ExternalContact).filter( - ExternalContact.organization_name == contact.organization_name, - ExternalContact.id != contact.id, - ExternalContact.is_active == True - ).order_by(ExternalContact.last_name).limit(5).all() - - # Check if current user can edit (creator or admin) - can_edit = (current_user.is_admin or - (contact.created_by and contact.created_by == current_user.id)) - - return render_template('contacts/detail.html', - contact=contact, - related_contacts=related_contacts, - can_edit=can_edit, - org_type_labels=ExternalContact.ORGANIZATION_TYPE_LABELS) - - finally: - db.close() - - -@app.route('/kontakty/dodaj', methods=['GET', 'POST']) -@login_required -def contact_add(): - """ - Dodawanie nowego kontaktu zewnętrznego. - Każdy zalogowany użytkownik może dodać kontakt. - """ - from database import ExternalContact - - if request.method == 'POST': - db = SessionLocal() - try: - # Parse related_links from form (JSON) - related_links_json = request.form.get('related_links', '[]') - try: - related_links = json.loads(related_links_json) if related_links_json else [] - except json.JSONDecodeError: - related_links = [] - - contact = ExternalContact( - first_name=request.form.get('first_name', '').strip(), - last_name=request.form.get('last_name', '').strip(), - position=request.form.get('position', '').strip() or None, - photo_url=request.form.get('photo_url', '').strip() or None, - phone=request.form.get('phone', '').strip() or None, - phone_secondary=request.form.get('phone_secondary', '').strip() or None, - email=request.form.get('email', '').strip() or None, - website=request.form.get('website', '').strip() or None, - linkedin_url=request.form.get('linkedin_url', '').strip() or None, - facebook_url=request.form.get('facebook_url', '').strip() or None, - twitter_url=request.form.get('twitter_url', '').strip() or None, - organization_name=request.form.get('organization_name', '').strip(), - organization_type=request.form.get('organization_type', 'other'), - organization_address=request.form.get('organization_address', '').strip() or None, - organization_website=request.form.get('organization_website', '').strip() or None, - organization_logo_url=request.form.get('organization_logo_url', '').strip() or None, - project_name=request.form.get('project_name', '').strip() or None, - project_description=request.form.get('project_description', '').strip() or None, - source_type='manual', - source_url=request.form.get('source_url', '').strip() or None, - related_links=related_links, - tags=request.form.get('tags', '').strip() or None, - notes=request.form.get('notes', '').strip() or None, - created_by=current_user.id - ) - - db.add(contact) - db.commit() - - flash(f'Kontakt {contact.full_name} został dodany.', 'success') - return redirect(url_for('contact_detail', contact_id=contact.id)) - - except Exception as e: - db.rollback() - app.logger.error(f"Error adding contact: {e}") - flash('Wystąpił błąd podczas dodawania kontaktu.', 'error') - - finally: - db.close() - - # GET - show form - return render_template('contacts/form.html', - contact=None, - org_types=ExternalContact.ORGANIZATION_TYPES, - org_type_labels=ExternalContact.ORGANIZATION_TYPE_LABELS) - - -@app.route('/kontakty//edytuj', methods=['GET', 'POST']) -@login_required -def contact_edit(contact_id): - """ - Edycja kontaktu zewnętrznego. - Może edytować twórca kontaktu lub admin. - """ - from database import ExternalContact - - db = SessionLocal() - try: - contact = db.query(ExternalContact).filter( - ExternalContact.id == contact_id - ).first() - - if not contact: - flash('Kontakt nie został znaleziony.', 'error') - return redirect(url_for('contacts_list')) - - # Check permissions - if not current_user.is_admin and contact.created_by != current_user.id: - flash('Nie masz uprawnień do edycji tego kontaktu.', 'error') - return redirect(url_for('contact_detail', contact_id=contact_id)) - - if request.method == 'POST': - # Parse related_links from form (JSON) - related_links_json = request.form.get('related_links', '[]') - try: - related_links = json.loads(related_links_json) if related_links_json else [] - except json.JSONDecodeError: - related_links = contact.related_links or [] - - contact.first_name = request.form.get('first_name', '').strip() - contact.last_name = request.form.get('last_name', '').strip() - contact.position = request.form.get('position', '').strip() or None - contact.photo_url = request.form.get('photo_url', '').strip() or None - contact.phone = request.form.get('phone', '').strip() or None - contact.phone_secondary = request.form.get('phone_secondary', '').strip() or None - contact.email = request.form.get('email', '').strip() or None - contact.website = request.form.get('website', '').strip() or None - contact.linkedin_url = request.form.get('linkedin_url', '').strip() or None - contact.facebook_url = request.form.get('facebook_url', '').strip() or None - contact.twitter_url = request.form.get('twitter_url', '').strip() or None - contact.organization_name = request.form.get('organization_name', '').strip() - contact.organization_type = request.form.get('organization_type', 'other') - contact.organization_address = request.form.get('organization_address', '').strip() or None - contact.organization_website = request.form.get('organization_website', '').strip() or None - contact.organization_logo_url = request.form.get('organization_logo_url', '').strip() or None - contact.project_name = request.form.get('project_name', '').strip() or None - contact.project_description = request.form.get('project_description', '').strip() or None - contact.source_url = request.form.get('source_url', '').strip() or None - contact.related_links = related_links - contact.tags = request.form.get('tags', '').strip() or None - contact.notes = request.form.get('notes', '').strip() or None - contact.updated_at = datetime.now() - - db.commit() - - flash(f'Kontakt {contact.full_name} został zaktualizowany.', 'success') - return redirect(url_for('contact_detail', contact_id=contact.id)) - - # GET - show form with existing data - return render_template('contacts/form.html', - contact=contact, - org_types=ExternalContact.ORGANIZATION_TYPES, - org_type_labels=ExternalContact.ORGANIZATION_TYPE_LABELS) - - finally: - db.close() - - -@app.route('/kontakty//usun', methods=['POST']) -@login_required -def contact_delete(contact_id): - """ - Usuwanie kontaktu zewnętrznego (soft delete). - Może usunąć twórca kontaktu lub admin. - """ - from database import ExternalContact - - db = SessionLocal() - try: - contact = db.query(ExternalContact).filter( - ExternalContact.id == contact_id - ).first() - - if not contact: - flash('Kontakt nie został znaleziony.', 'error') - return redirect(url_for('contacts_list')) - - # Check permissions - if not current_user.is_admin and contact.created_by != current_user.id: - flash('Nie masz uprawnień do usunięcia tego kontaktu.', 'error') - return redirect(url_for('contact_detail', contact_id=contact_id)) - - # Soft delete - contact.is_active = False - contact.updated_at = datetime.now() - db.commit() - - flash(f'Kontakt {contact.full_name} został usunięty.', 'success') - return redirect(url_for('contacts_list')) - - finally: - db.close() - +# Routes: /kontakty, /kontakty/, /kontakty/dodaj, /kontakty//edytuj, /kontakty//usun +# API routes remain below for backwards compatibility # ============================================================ # AI-ASSISTED EXTERNAL CONTACT CREATION diff --git a/blueprints/__init__.py b/blueprints/__init__.py new file mode 100644 index 0000000..3cfc4f6 --- /dev/null +++ b/blueprints/__init__.py @@ -0,0 +1,53 @@ +""" +Blueprints Package +================== + +Central registration of all Flask blueprints. +""" + +import logging + +logger = logging.getLogger(__name__) + + +def register_blueprints(app): + """ + Register all blueprints with the Flask application. + + Args: + app: Flask application instance + """ + # Phase 1: Low-risk modules + + # Reports blueprint + try: + from blueprints.reports import bp as reports_bp + app.register_blueprint(reports_bp) + logger.info("Registered blueprint: reports") + except ImportError as e: + logger.debug(f"Blueprint reports not yet available: {e}") + + # Community blueprints - register directly (not nested) + # to preserve endpoint names like 'calendar_index' instead of 'community.calendar.calendar_index' + try: + from blueprints.community.contacts import bp as contacts_bp + app.register_blueprint(contacts_bp) + logger.info("Registered blueprint: contacts") + except ImportError as e: + logger.debug(f"Blueprint contacts not yet available: {e}") + + try: + from blueprints.community.classifieds import bp as classifieds_bp + app.register_blueprint(classifieds_bp) + logger.info("Registered blueprint: classifieds") + except ImportError as e: + logger.debug(f"Blueprint classifieds not yet available: {e}") + + try: + from blueprints.community.calendar import bp as calendar_bp + app.register_blueprint(calendar_bp) + logger.info("Registered blueprint: calendar") + except ImportError as e: + logger.debug(f"Blueprint calendar not yet available: {e}") + + # Phase 2-7: Future blueprints will be added here diff --git a/blueprints/community/__init__.py b/blueprints/community/__init__.py new file mode 100644 index 0000000..429fbec --- /dev/null +++ b/blueprints/community/__init__.py @@ -0,0 +1,9 @@ +""" +Community Package +================= + +Community features: contacts, classifieds, calendar. + +NOTE: Each sub-module is registered directly in blueprints/__init__.py +to preserve simple endpoint names (e.g., 'calendar_index' not 'community.calendar.calendar_index'). +""" diff --git a/blueprints/community/calendar/__init__.py b/blueprints/community/calendar/__init__.py new file mode 100644 index 0000000..e76556c --- /dev/null +++ b/blueprints/community/calendar/__init__.py @@ -0,0 +1,13 @@ +""" +Calendar Blueprint +================== + +Norda Biznes events calendar. +URL prefix: /kalendarz +""" + +from flask import Blueprint + +bp = Blueprint('calendar', __name__, url_prefix='/kalendarz') + +from . import routes # noqa: F401, E402 diff --git a/blueprints/community/calendar/routes.py b/blueprints/community/calendar/routes.py new file mode 100644 index 0000000..6439389 --- /dev/null +++ b/blueprints/community/calendar/routes.py @@ -0,0 +1,181 @@ +""" +Calendar Routes +=============== + +Public calendar and event registration endpoints. +""" + +from datetime import date +import calendar as cal_module +from flask import render_template, request, redirect, url_for, flash, jsonify +from flask_login import login_required, current_user + +from . import bp +from database import SessionLocal, NordaEvent, EventAttendee + + +# Polish month names +POLISH_MONTHS = { + 1: 'Styczeń', 2: 'Luty', 3: 'Marzec', 4: 'Kwiecień', + 5: 'Maj', 6: 'Czerwiec', 7: 'Lipiec', 8: 'Sierpień', + 9: 'Wrzesień', 10: 'Październik', 11: 'Listopad', 12: 'Grudzień' +} + + +@bp.route('/', endpoint='calendar_index') +@login_required +def index(): + """Kalendarz wydarzeń Norda Biznes - widok listy lub siatki miesięcznej""" + db = SessionLocal() + try: + today = date.today() + + # Parametry widoku + view_mode = request.args.get('view', 'list') # list lub grid + year = request.args.get('year', today.year, type=int) + month = request.args.get('month', today.month, type=int) + + # Walidacja miesiąca/roku + if month < 1: + month = 12 + year -= 1 + elif month > 12: + month = 1 + year += 1 + + # Oblicz poprzedni/następny miesiąc + if month == 1: + prev_month, prev_year = 12, year - 1 + else: + prev_month, prev_year = month - 1, year + + if month == 12: + next_month, next_year = 1, year + 1 + else: + next_month, next_year = month + 1, year + + # Dane dla widoku siatki + month_days = [] + events_by_day = {} + + if view_mode == 'grid': + # Pobierz wydarzenia z danego miesiąca + first_day = date(year, month, 1) + last_day = date(year, month, cal_module.monthrange(year, month)[1]) + events = db.query(NordaEvent).filter( + NordaEvent.event_date >= first_day, + NordaEvent.event_date <= last_day + ).order_by(NordaEvent.event_date.asc()).all() + + # Przygotuj strukturę kalendarza (poniedziałek = 0) + cal = cal_module.Calendar(firstweekday=0) + month_days = cal.monthdayscalendar(year, month) + + # Mapuj wydarzenia na dni + for event in events: + day = event.event_date.day + if day not in events_by_day: + events_by_day[day] = [] + events_by_day[day].append(event) + + # Dane dla widoku listy (zawsze potrzebne dla fallback) + upcoming = db.query(NordaEvent).filter( + NordaEvent.event_date >= today + ).order_by(NordaEvent.event_date.asc()).all() + + past = db.query(NordaEvent).filter( + NordaEvent.event_date < today + ).order_by(NordaEvent.event_date.desc()).limit(5).all() + + return render_template('calendar/index.html', + # Dane dla widoku listy + upcoming_events=upcoming, + past_events=past, + today=today, + # Dane dla widoku siatki + view_mode=view_mode, + year=year, + month=month, + month_name=POLISH_MONTHS.get(month, ''), + month_days=month_days, + events_by_day=events_by_day, + prev_month=prev_month, + prev_year=prev_year, + next_month=next_month, + next_year=next_year, + ) + finally: + db.close() + + +@bp.route('/', endpoint='calendar_event') +@login_required +def event(event_id): + """Szczegóły wydarzenia""" + db = SessionLocal() + try: + event = db.query(NordaEvent).filter(NordaEvent.id == event_id).first() + if not event: + flash('Wydarzenie nie istnieje.', 'error') + return redirect(url_for('calendar_index')) + + # Sprawdź czy użytkownik jest zapisany + user_attending = db.query(EventAttendee).filter( + EventAttendee.event_id == event_id, + EventAttendee.user_id == current_user.id + ).first() + + return render_template('calendar/event.html', + event=event, + user_attending=user_attending + ) + finally: + db.close() + + +@bp.route('//rsvp', methods=['POST'], endpoint='calendar_rsvp') +@login_required +def rsvp(event_id): + """Zapisz się / wypisz z wydarzenia""" + db = SessionLocal() + try: + event = db.query(NordaEvent).filter(NordaEvent.id == event_id).first() + if not event: + return jsonify({'success': False, 'error': 'Wydarzenie nie istnieje'}), 404 + + # Sprawdź czy już zapisany + existing = db.query(EventAttendee).filter( + EventAttendee.event_id == event_id, + EventAttendee.user_id == current_user.id + ).first() + + if existing: + # Wypisz + db.delete(existing) + db.commit() + return jsonify({ + 'success': True, + 'action': 'removed', + 'message': 'Wypisano z wydarzenia', + 'attendee_count': event.attendee_count + }) + else: + # Zapisz + if event.max_attendees and event.attendee_count >= event.max_attendees: + return jsonify({'success': False, 'error': 'Brak wolnych miejsc'}), 400 + + attendee = EventAttendee( + event_id=event_id, + user_id=current_user.id, + status='confirmed' + ) + db.add(attendee) + db.commit() + return jsonify({ + 'success': True, + 'action': 'added', + 'message': 'Zapisano na wydarzenie', + 'attendee_count': event.attendee_count + }) + finally: + db.close() diff --git a/blueprints/community/classifieds/__init__.py b/blueprints/community/classifieds/__init__.py new file mode 100644 index 0000000..3262228 --- /dev/null +++ b/blueprints/community/classifieds/__init__.py @@ -0,0 +1,13 @@ +""" +Classifieds Blueprint +===================== + +B2B bulletin board for member offers and requests. +URL prefix: /tablica +""" + +from flask import Blueprint + +bp = Blueprint('classifieds', __name__, url_prefix='/tablica') + +from . import routes # noqa: F401, E402 diff --git a/blueprints/community/classifieds/routes.py b/blueprints/community/classifieds/routes.py new file mode 100644 index 0000000..1aed30c --- /dev/null +++ b/blueprints/community/classifieds/routes.py @@ -0,0 +1,150 @@ +""" +Classifieds Routes +================== + +B2B bulletin board endpoints. +""" + +from datetime import datetime, timedelta +from flask import render_template, request, redirect, url_for, flash, jsonify +from flask_login import login_required, current_user + +from . import bp +from database import SessionLocal, Classified +from utils.helpers import sanitize_input + + +@bp.route('/', endpoint='classifieds_index') +@login_required +def index(): + """Tablica ogłoszeń B2B""" + listing_type = request.args.get('type', '') + category = request.args.get('category', '') + page = request.args.get('page', 1, type=int) + per_page = 20 + + db = SessionLocal() + try: + query = db.query(Classified).filter( + Classified.is_active == True + ) + + # Filtry + if listing_type: + query = query.filter(Classified.listing_type == listing_type) + if category: + query = query.filter(Classified.category == category) + + # Sortowanie - najnowsze pierwsze + query = query.order_by(Classified.created_at.desc()) + + total = query.count() + classifieds = query.limit(per_page).offset((page - 1) * per_page).all() + + # Kategorie do filtrów + categories = [ + ('uslugi', 'Usługi'), + ('produkty', 'Produkty'), + ('wspolpraca', 'Współpraca'), + ('praca', 'Praca'), + ('inne', 'Inne') + ] + + return render_template('classifieds/index.html', + classifieds=classifieds, + categories=categories, + listing_type=listing_type, + category_filter=category, + page=page, + total_pages=(total + per_page - 1) // per_page + ) + finally: + db.close() + + +@bp.route('/nowe', methods=['GET', 'POST'], endpoint='classifieds_new') +@login_required +def new(): + """Dodaj nowe ogłoszenie""" + if request.method == 'POST': + listing_type = request.form.get('listing_type', '') + category = request.form.get('category', '') + title = sanitize_input(request.form.get('title', ''), 255) + description = request.form.get('description', '').strip() + budget_info = sanitize_input(request.form.get('budget_info', ''), 255) + location_info = sanitize_input(request.form.get('location_info', ''), 255) + + if not listing_type or not category or not title or not description: + flash('Wszystkie wymagane pola muszą być wypełnione.', 'error') + return render_template('classifieds/new.html') + + db = SessionLocal() + try: + # Automatyczne wygaśnięcie po 30 dniach + expires = datetime.now() + timedelta(days=30) + + classified = Classified( + author_id=current_user.id, + company_id=current_user.company_id, + listing_type=listing_type, + category=category, + title=title, + description=description, + budget_info=budget_info, + location_info=location_info, + expires_at=expires + ) + db.add(classified) + db.commit() + + flash('Ogłoszenie dodane.', 'success') + return redirect(url_for('classifieds_index')) + finally: + db.close() + + return render_template('classifieds/new.html') + + +@bp.route('/', endpoint='classifieds_view') +@login_required +def view(classified_id): + """Szczegóły ogłoszenia""" + db = SessionLocal() + try: + classified = db.query(Classified).filter( + Classified.id == classified_id + ).first() + + if not classified: + flash('Ogłoszenie nie istnieje.', 'error') + return redirect(url_for('classifieds_index')) + + # Zwiększ licznik wyświetleń (handle NULL) + classified.views_count = (classified.views_count or 0) + 1 + db.commit() + + return render_template('classifieds/view.html', classified=classified) + finally: + db.close() + + +@bp.route('//zakoncz', methods=['POST'], endpoint='classifieds_close') +@login_required +def close(classified_id): + """Zamknij ogłoszenie""" + db = SessionLocal() + try: + classified = db.query(Classified).filter( + Classified.id == classified_id, + Classified.author_id == current_user.id + ).first() + + if not classified: + return jsonify({'success': False, 'error': 'Ogłoszenie nie istnieje lub brak uprawnień'}), 404 + + classified.is_active = False + db.commit() + + return jsonify({'success': True, 'message': 'Ogłoszenie zamknięte'}) + finally: + db.close() diff --git a/blueprints/community/contacts/__init__.py b/blueprints/community/contacts/__init__.py new file mode 100644 index 0000000..a27be00 --- /dev/null +++ b/blueprints/community/contacts/__init__.py @@ -0,0 +1,13 @@ +""" +Contacts Blueprint +================== + +External contacts management (agencies, government, partners). +URL prefix: /kontakty +""" + +from flask import Blueprint + +bp = Blueprint('contacts', __name__, url_prefix='/kontakty') + +from . import routes # noqa: F401, E402 diff --git a/blueprints/community/contacts/routes.py b/blueprints/community/contacts/routes.py new file mode 100644 index 0000000..a3dbcf2 --- /dev/null +++ b/blueprints/community/contacts/routes.py @@ -0,0 +1,299 @@ +""" +Contacts Routes +=============== + +External contacts management - page endpoints only. +API endpoints (/api/contacts/*) remain in app.py for backwards compatibility. +""" + +import json +import logging +from datetime import datetime +from flask import render_template, request, redirect, url_for, flash, current_app +from flask_login import login_required, current_user +from sqlalchemy import or_ + +from . import bp +from database import SessionLocal, ExternalContact + +logger = logging.getLogger(__name__) + + +@bp.route('/', endpoint='contacts_list') +@login_required +def list(): + """ + Lista kontaktów zewnętrznych - urzędy, instytucje, partnerzy. + Dostępna dla wszystkich zalogowanych członków. + """ + db = SessionLocal() + try: + page = request.args.get('page', 1, type=int) + per_page = 20 + search = request.args.get('q', '').strip() + org_type = request.args.get('type', '') + project = request.args.get('project', '') + + query = db.query(ExternalContact).filter(ExternalContact.is_active == True) + + # Search filter + if search: + search_pattern = f'%{search}%' + query = query.filter( + or_( + ExternalContact.first_name.ilike(search_pattern), + ExternalContact.last_name.ilike(search_pattern), + ExternalContact.organization_name.ilike(search_pattern), + ExternalContact.position.ilike(search_pattern), + ExternalContact.project_name.ilike(search_pattern), + ExternalContact.tags.ilike(search_pattern) + ) + ) + + # Organization type filter + if org_type and org_type in ExternalContact.ORGANIZATION_TYPES: + query = query.filter(ExternalContact.organization_type == org_type) + + # Project filter + if project: + query = query.filter(ExternalContact.project_name.ilike(f'%{project}%')) + + # Order by organization name, then last name + query = query.order_by( + ExternalContact.organization_name, + ExternalContact.last_name + ) + + # Pagination + total = query.count() + contacts = query.offset((page - 1) * per_page).limit(per_page).all() + total_pages = (total + per_page - 1) // per_page + + # Get unique projects for filter dropdown + projects = db.query(ExternalContact.project_name).filter( + ExternalContact.is_active == True, + ExternalContact.project_name.isnot(None), + ExternalContact.project_name != '' + ).distinct().order_by(ExternalContact.project_name).all() + project_names = [p[0] for p in projects if p[0]] + + return render_template('contacts/list.html', + contacts=contacts, + page=page, + total_pages=total_pages, + total=total, + search=search, + org_type=org_type, + project=project, + org_types=ExternalContact.ORGANIZATION_TYPES, + org_type_labels=ExternalContact.ORGANIZATION_TYPE_LABELS, + project_names=project_names) + + finally: + db.close() + + +@bp.route('/', endpoint='contact_detail') +@login_required +def detail(contact_id): + """ + Szczegóły kontaktu zewnętrznego - pełna karta osoby. + """ + db = SessionLocal() + try: + contact = db.query(ExternalContact).filter( + ExternalContact.id == contact_id, + ExternalContact.is_active == True + ).first() + + if not contact: + flash('Kontakt nie został znaleziony.', 'error') + return redirect(url_for('contacts_list')) + + # Get other contacts from the same organization + related_contacts = db.query(ExternalContact).filter( + ExternalContact.organization_name == contact.organization_name, + ExternalContact.id != contact.id, + ExternalContact.is_active == True + ).order_by(ExternalContact.last_name).limit(5).all() + + # Check if current user can edit (creator or admin) + can_edit = (current_user.is_admin or + (contact.created_by and contact.created_by == current_user.id)) + + return render_template('contacts/detail.html', + contact=contact, + related_contacts=related_contacts, + can_edit=can_edit, + org_type_labels=ExternalContact.ORGANIZATION_TYPE_LABELS) + + finally: + db.close() + + +@bp.route('/dodaj', methods=['GET', 'POST'], endpoint='contact_add') +@login_required +def add(): + """ + Dodawanie nowego kontaktu zewnętrznego. + Każdy zalogowany użytkownik może dodać kontakt. + """ + if request.method == 'POST': + db = SessionLocal() + try: + # Parse related_links from form (JSON) + related_links_json = request.form.get('related_links', '[]') + try: + related_links = json.loads(related_links_json) if related_links_json else [] + except json.JSONDecodeError: + related_links = [] + + contact = ExternalContact( + first_name=request.form.get('first_name', '').strip(), + last_name=request.form.get('last_name', '').strip(), + position=request.form.get('position', '').strip() or None, + photo_url=request.form.get('photo_url', '').strip() or None, + phone=request.form.get('phone', '').strip() or None, + phone_secondary=request.form.get('phone_secondary', '').strip() or None, + email=request.form.get('email', '').strip() or None, + website=request.form.get('website', '').strip() or None, + linkedin_url=request.form.get('linkedin_url', '').strip() or None, + facebook_url=request.form.get('facebook_url', '').strip() or None, + twitter_url=request.form.get('twitter_url', '').strip() or None, + organization_name=request.form.get('organization_name', '').strip(), + organization_type=request.form.get('organization_type', 'other'), + organization_address=request.form.get('organization_address', '').strip() or None, + organization_website=request.form.get('organization_website', '').strip() or None, + organization_logo_url=request.form.get('organization_logo_url', '').strip() or None, + project_name=request.form.get('project_name', '').strip() or None, + project_description=request.form.get('project_description', '').strip() or None, + source_type='manual', + source_url=request.form.get('source_url', '').strip() or None, + related_links=related_links, + tags=request.form.get('tags', '').strip() or None, + notes=request.form.get('notes', '').strip() or None, + created_by=current_user.id + ) + + db.add(contact) + db.commit() + + flash(f'Kontakt {contact.full_name} został dodany.', 'success') + return redirect(url_for('contact_detail', contact_id=contact.id)) + + except Exception as e: + db.rollback() + current_app.logger.error(f"Error adding contact: {e}") + flash('Wystąpił błąd podczas dodawania kontaktu.', 'error') + + finally: + db.close() + + # GET - show form + return render_template('contacts/form.html', + contact=None, + org_types=ExternalContact.ORGANIZATION_TYPES, + org_type_labels=ExternalContact.ORGANIZATION_TYPE_LABELS) + + +@bp.route('//edytuj', methods=['GET', 'POST'], endpoint='contact_edit') +@login_required +def edit(contact_id): + """ + Edycja kontaktu zewnętrznego. + Może edytować twórca kontaktu lub admin. + """ + db = SessionLocal() + try: + contact = db.query(ExternalContact).filter( + ExternalContact.id == contact_id + ).first() + + if not contact: + flash('Kontakt nie został znaleziony.', 'error') + return redirect(url_for('contacts_list')) + + # Check permissions + if not current_user.is_admin and contact.created_by != current_user.id: + flash('Nie masz uprawnień do edycji tego kontaktu.', 'error') + return redirect(url_for('contact_detail', contact_id=contact_id)) + + if request.method == 'POST': + # Parse related_links from form (JSON) + related_links_json = request.form.get('related_links', '[]') + try: + related_links = json.loads(related_links_json) if related_links_json else [] + except json.JSONDecodeError: + related_links = contact.related_links or [] + + contact.first_name = request.form.get('first_name', '').strip() + contact.last_name = request.form.get('last_name', '').strip() + contact.position = request.form.get('position', '').strip() or None + contact.photo_url = request.form.get('photo_url', '').strip() or None + contact.phone = request.form.get('phone', '').strip() or None + contact.phone_secondary = request.form.get('phone_secondary', '').strip() or None + contact.email = request.form.get('email', '').strip() or None + contact.website = request.form.get('website', '').strip() or None + contact.linkedin_url = request.form.get('linkedin_url', '').strip() or None + contact.facebook_url = request.form.get('facebook_url', '').strip() or None + contact.twitter_url = request.form.get('twitter_url', '').strip() or None + contact.organization_name = request.form.get('organization_name', '').strip() + contact.organization_type = request.form.get('organization_type', 'other') + contact.organization_address = request.form.get('organization_address', '').strip() or None + contact.organization_website = request.form.get('organization_website', '').strip() or None + contact.organization_logo_url = request.form.get('organization_logo_url', '').strip() or None + contact.project_name = request.form.get('project_name', '').strip() or None + contact.project_description = request.form.get('project_description', '').strip() or None + contact.source_url = request.form.get('source_url', '').strip() or None + contact.related_links = related_links + contact.tags = request.form.get('tags', '').strip() or None + contact.notes = request.form.get('notes', '').strip() or None + contact.updated_at = datetime.now() + + db.commit() + + flash(f'Kontakt {contact.full_name} został zaktualizowany.', 'success') + return redirect(url_for('contact_detail', contact_id=contact.id)) + + # GET - show form with existing data + return render_template('contacts/form.html', + contact=contact, + org_types=ExternalContact.ORGANIZATION_TYPES, + org_type_labels=ExternalContact.ORGANIZATION_TYPE_LABELS) + + finally: + db.close() + + +@bp.route('//usun', methods=['POST'], endpoint='contact_delete') +@login_required +def delete(contact_id): + """ + Usuwanie kontaktu zewnętrznego (soft delete). + Może usunąć twórca kontaktu lub admin. + """ + db = SessionLocal() + try: + contact = db.query(ExternalContact).filter( + ExternalContact.id == contact_id + ).first() + + if not contact: + flash('Kontakt nie został znaleziony.', 'error') + return redirect(url_for('contacts_list')) + + # Check permissions + if not current_user.is_admin and contact.created_by != current_user.id: + flash('Nie masz uprawnień do usunięcia tego kontaktu.', 'error') + return redirect(url_for('contact_detail', contact_id=contact_id)) + + # Soft delete + contact.is_active = False + contact.updated_at = datetime.now() + db.commit() + + flash(f'Kontakt {contact.full_name} został usunięty.', 'success') + return redirect(url_for('contacts_list')) + + finally: + db.close() diff --git a/blueprints/reports/__init__.py b/blueprints/reports/__init__.py new file mode 100644 index 0000000..8305f9e --- /dev/null +++ b/blueprints/reports/__init__.py @@ -0,0 +1,13 @@ +""" +Reports Blueprint +================= + +Business analytics and reporting routes. +URL prefix: /raporty +""" + +from flask import Blueprint + +bp = Blueprint('reports', __name__, url_prefix='/raporty') + +from . import routes # noqa: F401, E402 diff --git a/blueprints/reports/routes.py b/blueprints/reports/routes.py new file mode 100644 index 0000000..f6082b6 --- /dev/null +++ b/blueprints/reports/routes.py @@ -0,0 +1,185 @@ +""" +Reports Routes +============== + +Business analytics and reporting endpoints. +""" + +from datetime import datetime, date +from flask import render_template, url_for +from flask_login import login_required +from sqlalchemy import func +from sqlalchemy.orm import joinedload + +from . import bp +from database import SessionLocal, Company, Category, CompanySocialMedia + + +@bp.route('/', endpoint='reports_index') +@login_required +def index(): + """Lista dostępnych raportów.""" + reports = [ + { + 'id': 'staz-czlonkostwa', + 'title': 'Staż członkostwa w Izbie NORDA', + 'description': 'Zestawienie firm według daty przystąpienia do Izby. Pokazuje historię i lojalność członków.', + 'icon': '🏆', + 'url': url_for('.report_membership') + }, + { + 'id': 'social-media', + 'title': 'Pokrycie Social Media', + 'description': 'Analiza obecności firm w mediach społecznościowych: Facebook, Instagram, LinkedIn, YouTube, TikTok, X.', + 'icon': '📱', + 'url': url_for('.report_social_media') + }, + { + 'id': 'struktura-branzowa', + 'title': 'Struktura branżowa', + 'description': 'Rozkład firm według kategorii działalności: IT, Budownictwo, Usługi, Produkcja, Handel.', + 'icon': '🏢', + 'url': url_for('.report_categories') + }, + ] + return render_template('reports/index.html', reports=reports) + + +@bp.route('/staz-czlonkostwa', endpoint='report_membership') +@login_required +def membership(): + """Raport: Staż członkostwa w Izbie NORDA.""" + db = SessionLocal() + try: + # Firmy z member_since, posortowane od najstarszego + companies = db.query(Company).filter( + Company.member_since.isnot(None) + ).order_by(Company.member_since.asc()).all() + + # Statystyki + today = date.today() + stats = { + 'total_with_date': len(companies), + 'total_without_date': db.query(Company).filter( + Company.member_since.is_(None) + ).count(), + 'oldest': companies[0] if companies else None, + 'newest': companies[-1] if companies else None, + 'avg_years': sum( + (today - c.member_since).days / 365.25 + for c in companies + ) / len(companies) if companies else 0 + } + + # Dodaj obliczony staż do każdej firmy + for c in companies: + c.membership_years = int((today - c.member_since).days / 365.25) + + # Dodaj też do oldest i newest + if stats['oldest']: + stats['oldest'].membership_years = int((today - stats['oldest'].member_since).days / 365.25) + + return render_template( + 'reports/membership.html', + companies=companies, + stats=stats, + generated_at=datetime.now() + ) + finally: + db.close() + + +@bp.route('/social-media', endpoint='report_social_media') +@login_required +def social_media(): + """Raport: Pokrycie Social Media.""" + db = SessionLocal() + try: + # Wszystkie firmy z ich profilami social media + companies = db.query(Company).options( + joinedload(Company.social_media_profiles) + ).order_by(Company.name).all() + + platforms = ['facebook', 'instagram', 'linkedin', 'youtube', 'tiktok', 'twitter'] + + # Statystyki platform + platform_stats = {} + for platform in platforms: + count = db.query(CompanySocialMedia).filter_by( + platform=platform + ).count() + platform_stats[platform] = { + 'count': count, + 'percent': round(count / len(companies) * 100, 1) if companies else 0 + } + + # Firmy z min. 1 profilem + companies_with_social = [ + c for c in companies if c.social_media_profiles + ] + + stats = { + 'total_companies': len(companies), + 'with_social': len(companies_with_social), + 'without_social': len(companies) - len(companies_with_social), + 'coverage_percent': round( + len(companies_with_social) / len(companies) * 100, 1 + ) if companies else 0 + } + + return render_template( + 'reports/social_media.html', + companies=companies, + platforms=platforms, + platform_stats=platform_stats, + stats=stats, + generated_at=datetime.now() + ) + finally: + db.close() + + +@bp.route('/struktura-branzowa', endpoint='report_categories') +@login_required +def categories(): + """Raport: Struktura branżowa.""" + db = SessionLocal() + try: + # Grupowanie po category_id (kolumna FK, nie relacja) + category_counts = db.query( + Company.category_id, + func.count(Company.id).label('count') + ).group_by(Company.category_id).all() + + total = sum(c.count for c in category_counts) + + # Pobierz mapę kategorii (id -> name) jednym zapytaniem + category_map = {cat.id: cat.name for cat in db.query(Category).all()} + + categories_list = [] + for cat in category_counts: + cat_id = cat.category_id + cat_name = category_map.get(cat_id, 'Brak kategorii') if cat_id else 'Brak kategorii' + + examples = db.query(Company.name).filter( + Company.category_id == cat_id + ).limit(3).all() + + categories_list.append({ + 'name': cat_name, + 'count': cat.count, + 'percent': round(cat.count / total * 100, 1) if total else 0, + 'examples': [e.name for e in examples] + }) + + # Sortuj od największej + categories_list.sort(key=lambda x: x['count'], reverse=True) + + return render_template( + 'reports/categories.html', + categories=categories_list, + total=total, + generated_at=datetime.now() + ) + finally: + db.close() diff --git a/config.py b/config.py new file mode 100644 index 0000000..268a91e --- /dev/null +++ b/config.py @@ -0,0 +1,96 @@ +""" +Flask Configuration +=================== + +Configuration classes for different environments. +""" + +import os +from datetime import timedelta + + +class Config: + """Base configuration with common settings.""" + + # Security: Require strong SECRET_KEY + SECRET_KEY = os.getenv('SECRET_KEY') + + # Session configuration + PERMANENT_SESSION_LIFETIME = timedelta(days=7) + + # CSRF configuration + WTF_CSRF_ENABLED = True + WTF_CSRF_TIME_LIMIT = None # No time limit for CSRF tokens + + # Cookie security + SESSION_COOKIE_HTTPONLY = True + SESSION_COOKIE_SAMESITE = 'Lax' + + # Rate limiting + RATELIMIT_STORAGE_URI = "memory://" + RATELIMIT_DEFAULT = ["200 per day", "50 per hour"] + + @staticmethod + def init_app(app): + """Initialize application-specific configuration.""" + pass + + +class DevelopmentConfig(Config): + """Development environment configuration.""" + + DEBUG = True + SESSION_COOKIE_SECURE = False # Allow HTTP in development + + # Try Redis for rate limiting, fallback to memory + @staticmethod + def init_app(app): + try: + import redis + redis_client = redis.Redis(host='localhost', port=6379, db=0) + redis_client.ping() + app.config['RATELIMIT_STORAGE_URI'] = "redis://localhost:6379/0" + except Exception: + app.config['RATELIMIT_STORAGE_URI'] = "memory://" + + +class ProductionConfig(Config): + """Production environment configuration.""" + + DEBUG = False + SESSION_COOKIE_SECURE = True # HTTPS only + + @staticmethod + def init_app(app): + # Use Redis for persistent rate limiting across restarts + try: + import redis + redis_client = redis.Redis(host='localhost', port=6379, db=0) + redis_client.ping() + app.config['RATELIMIT_STORAGE_URI'] = "redis://localhost:6379/0" + except Exception: + import logging + logging.warning("Redis unavailable, rate limiter using memory storage") + app.config['RATELIMIT_STORAGE_URI'] = "memory://" + + +class TestingConfig(Config): + """Testing environment configuration.""" + + TESTING = True + WTF_CSRF_ENABLED = False + SESSION_COOKIE_SECURE = False + + +config = { + 'development': DevelopmentConfig, + 'production': ProductionConfig, + 'testing': TestingConfig, + 'default': DevelopmentConfig +} + + +def get_config(): + """Get configuration class based on FLASK_ENV environment variable.""" + env = os.getenv('FLASK_ENV', 'development') + return config.get(env, config['default']) diff --git a/extensions.py b/extensions.py new file mode 100644 index 0000000..14167f2 --- /dev/null +++ b/extensions.py @@ -0,0 +1,28 @@ +""" +Flask Extensions +================ + +Centralized Flask extension instances. +Extensions are initialized without app, then configured in create_app(). + +This pattern allows blueprints to import extensions without circular imports. +""" + +from flask_wtf.csrf import CSRFProtect +from flask_login import LoginManager +from flask_limiter import Limiter +from flask_limiter.util import get_remote_address + +# CSRF Protection +csrf = CSRFProtect() + +# Login Manager +login_manager = LoginManager() +login_manager.login_view = 'auth.login' +login_manager.login_message = 'Zaloguj się, aby uzyskać dostęp do tej strony.' + +# Rate Limiter (storage configured in create_app) +limiter = Limiter( + key_func=get_remote_address, + default_limits=["200 per day", "50 per hour"] +) diff --git a/templates/base.html b/templates/base.html index e05e6b8..d283f65 100755 --- a/templates/base.html +++ b/templates/base.html @@ -955,18 +955,18 @@ Społeczność ▾ -
  • Raporty
    • +
  • Raporty
  • @@ -1240,8 +1240,8 @@ Katalog firm Wyszukiwarka {% if current_user.is_authenticated %} - Kalendarz - Tablica B2B + Kalendarz + Tablica B2B Nowi czlonkowie NordaGPT {% endif %} diff --git a/templates/calendar/admin.html b/templates/calendar/admin.html index 202bd0e..976863c 100755 --- a/templates/calendar/admin.html +++ b/templates/calendar/admin.html @@ -138,7 +138,7 @@ {% for event in events %} - {{ event.title }} + {{ event.title }} {{ event.event_date.strftime('%d.%m.%Y') }} {{ event.event_type }} diff --git a/templates/calendar/event.html b/templates/calendar/event.html index 7cc5c58..475c7d1 100755 --- a/templates/calendar/event.html +++ b/templates/calendar/event.html @@ -175,7 +175,7 @@ {% endblock %} {% block content %} - + @@ -339,7 +339,7 @@ async function toggleRSVP() { btn.disabled = true; try { - const response = await fetch('{{ url_for("calendar_rsvp", event_id=event.id) }}', { + const response = await fetch('{{ url_for("calendar.calendar_rsvp", event_id=event.id) }}', { method: 'POST', headers: { 'Content-Type': 'application/json', diff --git a/templates/calendar/index.html b/templates/calendar/index.html index 5f91f35..3834b84 100755 --- a/templates/calendar/index.html +++ b/templates/calendar/index.html @@ -404,7 +404,7 @@
    {{ day }}
    {% if day in events_by_day %} {% for event in events_by_day[day] %} -     {% if event.time_start %}{{ event.time_start.strftime('%H:%M') }} {% endif %}{{ event.title[:18] }}{% if event.title|length > 18 %}...{% endif %} @@ -442,7 +442,7 @@
    - {{ event.title }} + {{ event.title }}
    {{ event.event_type }} @@ -462,7 +462,7 @@
    {{ event.attendee_count }} uczestników - Szczegoly + Szczegoly
    {% endfor %} @@ -486,7 +486,7 @@
    - {{ event.title }} + {{ event.title }}
    {{ event.event_type }} diff --git a/templates/classifieds/index.html b/templates/classifieds/index.html index 755970d..d56d2fd 100755 --- a/templates/classifieds/index.html +++ b/templates/classifieds/index.html @@ -257,20 +257,20 @@

    Tablica B2B

    Ogloszenia biznesowe czlonkow Norda Biznes

    - Dodaj ogloszenie + Dodaj ogloszenie
    - Wszystkie - Szukam - Oferuje + Wszystkie + Szukam + Oferuje
    - Wszystkie + Wszystkie {% for cat_value, cat_label in categories %} - {{ cat_label }} + {{ cat_label }} {% endfor %}
    @@ -292,7 +292,7 @@ {% if classified.is_test %}Testowe{% endif %}
    - {{ classified.title }} + {{ classified.title }}
    {{ classified.description[:200] }}{% if classified.description|length > 200 %}...{% endif %} @@ -315,7 +315,7 @@ {% else %}

    Brak ogloszen w tej kategorii

    - Dodaj pierwsze ogloszenie + Dodaj pierwsze ogloszenie
    {% endif %}
    @@ -323,7 +323,7 @@ {% if total_pages > 1 %} {% endif %} diff --git a/templates/classifieds/new.html b/templates/classifieds/new.html index 4f8ab0f..a53ef0b 100755 --- a/templates/classifieds/new.html +++ b/templates/classifieds/new.html @@ -139,7 +139,7 @@ {% block content %}
    - + @@ -156,7 +156,7 @@ Ogloszenie bedzie widoczne przez 30 dni. Po tym czasie wygasnie automatycznie.
    -
    +
    @@ -217,7 +217,7 @@
    - Anuluj + Anuluj
    diff --git a/templates/classifieds/view.html b/templates/classifieds/view.html index 300ca04..9ac4c90 100755 --- a/templates/classifieds/view.html +++ b/templates/classifieds/view.html @@ -207,7 +207,7 @@ {% block content %}
    - + @@ -356,7 +356,7 @@ async function closeClassified() { if (!confirmed) return; try { - const response = await fetch('{{ url_for("classifieds_close", classified_id=classified.id) }}', { + const response = await fetch('{{ url_for("classifieds.classifieds_close", classified_id=classified.id) }}', { method: 'POST', headers: { 'Content-Type': 'application/json', @@ -367,7 +367,7 @@ async function closeClassified() { const data = await response.json(); if (data.success) { showToast('Ogłoszenie zostało zamknięte', 'success'); - setTimeout(() => window.location.href = '{{ url_for("classifieds_index") }}', 1500); + setTimeout(() => window.location.href = '{{ url_for("classifieds.classifieds_index") }}', 1500); } else { showToast(data.error || 'Wystąpił błąd', 'error'); } diff --git a/templates/contacts/detail.html b/templates/contacts/detail.html index d8fdc88..ff50db9 100644 --- a/templates/contacts/detail.html +++ b/templates/contacts/detail.html @@ -432,7 +432,7 @@ {% block content %}
    - + ← Powrot do listy kontaktow @@ -667,10 +667,10 @@

    Akcje

    - + ✎ Edytuj kontakt -
    - {{ rc.full_name }} + {{ rc.full_name }}
    {% if rc.position %}
    {{ rc.position }}
    @@ -722,7 +722,7 @@
    - + ← Lista kontaktow
    diff --git a/templates/contacts/form.html b/templates/contacts/form.html index 7618097..cc38d65 100644 --- a/templates/contacts/form.html +++ b/templates/contacts/form.html @@ -260,7 +260,7 @@ {% block content %}
    - + ← Powrot do listy kontaktow @@ -522,7 +522,7 @@
    - + Anuluj
    diff --git a/templates/contacts/list.html b/templates/contacts/list.html index 888e1aa..d112657 100644 --- a/templates/contacts/list.html +++ b/templates/contacts/list.html @@ -892,14 +892,14 @@ - + + Dodaj kontakt
    - +
    @@ -939,7 +939,7 @@
    Znaleziono: {{ total }} kontaktow {% if search or org_type or project %} - | Wyczysc filtry + | Wyczysc filtry {% endif %}
    @@ -1012,7 +1012,7 @@
    - + {{ contact.full_name }}
    @@ -1028,7 +1028,7 @@ {% if contact.email %} ✉ Email {% endif %} - Szczegoly → + Szczegoly →
    {% endfor %} @@ -1053,7 +1053,7 @@
    - + {{ contact.full_name }}
    @@ -1135,7 +1135,7 @@ {{ contact.first_name[0]|upper }} {% endif %}
    - + {{ contact.full_name }}
    @@ -1166,21 +1166,21 @@ {% if total_pages > 1 %} {% endif %} @@ -1200,7 +1200,7 @@ - + + Dodaj pierwszy kontakt
    diff --git a/templates/dashboard.html b/templates/dashboard.html index befc0c0..e6d604f 100755 --- a/templates/dashboard.html +++ b/templates/dashboard.html @@ -480,7 +480,7 @@ NordaGPT - + diff --git a/templates/index.html b/templates/index.html index 2217701..c8dabc7 100755 --- a/templates/index.html +++ b/templates/index.html @@ -727,7 +727,7 @@ {% if next_event %} - +
    📅
    Najbliższe wydarzenie – Kto weźmie udział?
    diff --git a/templates/reports/categories.html b/templates/reports/categories.html index 1533962..fe23471 100644 --- a/templates/reports/categories.html +++ b/templates/reports/categories.html @@ -337,7 +337,7 @@ {% block content %}
    - + diff --git a/templates/reports/membership.html b/templates/reports/membership.html index 271587f..c60f84e 100644 --- a/templates/reports/membership.html +++ b/templates/reports/membership.html @@ -209,7 +209,7 @@ {% block content %}
    - + diff --git a/templates/reports/social_media.html b/templates/reports/social_media.html index 1823861..70c98a7 100644 --- a/templates/reports/social_media.html +++ b/templates/reports/social_media.html @@ -265,7 +265,7 @@ {% block content %}
    - + diff --git a/utils/__init__.py b/utils/__init__.py new file mode 100644 index 0000000..641c7fe --- /dev/null +++ b/utils/__init__.py @@ -0,0 +1,28 @@ +""" +Utils Package +============= + +Shared utilities for NordaBiz application. +""" + +from .decorators import admin_required, verified_required, company_owner_or_admin +from .helpers import sanitize_input, validate_email, validate_password, ensure_url +from .notifications import ( + create_notification, + create_news_notification, + create_message_notification, + create_event_notification +) +from .analytics import ( + get_or_create_analytics_session, + track_page_view_for_request, + get_current_page_view_id, + set_current_page_view_id, + cleanup_page_view_id, + get_free_tier_usage, + get_brave_api_usage, + log_brave_api_call +) +from .context_processors import register_context_processors +from .error_handlers import register_error_handlers +from .middleware import register_middleware diff --git a/utils/analytics.py b/utils/analytics.py new file mode 100644 index 0000000..da3961a --- /dev/null +++ b/utils/analytics.py @@ -0,0 +1,280 @@ +""" +Analytics Helpers +================= + +Functions for tracking page views, API usage, and user analytics. +""" + +import logging +import uuid +from datetime import date +from flask import request, session +from flask_login import current_user +from sqlalchemy import func, extract +from user_agents import parse as parse_user_agent + +from database import ( + SessionLocal, UserSession, PageView, AIAPICostLog, Company +) + +logger = logging.getLogger(__name__) + +# Global variable to store current page_view_id for templates +_current_page_view_id = {} + + +def get_or_create_analytics_session(): + """ + Get existing analytics session or create new one. + + Returns: + The database session ID (integer) or None on error. + """ + analytics_session_id = session.get('analytics_session_id') + + if not analytics_session_id: + analytics_session_id = str(uuid.uuid4()) + session['analytics_session_id'] = analytics_session_id + + db = SessionLocal() + try: + user_session = db.query(UserSession).filter_by( + session_id=analytics_session_id + ).first() + + if not user_session: + # Parse user agent + ua_string = request.headers.get('User-Agent', '') + try: + ua = parse_user_agent(ua_string) + device_type = 'mobile' if ua.is_mobile else ( + 'tablet' if ua.is_tablet else 'desktop' + ) + browser = ua.browser.family + browser_version = ua.browser.version_string + os_name = ua.os.family + os_version = ua.os.version_string + except Exception: + device_type = 'desktop' + browser = 'Unknown' + browser_version = '' + os_name = 'Unknown' + os_version = '' + + user_session = UserSession( + session_id=analytics_session_id, + user_id=current_user.id if current_user.is_authenticated else None, + ip_address=request.remote_addr, + user_agent=ua_string[:2000] if ua_string else None, + device_type=device_type, + browser=browser[:50] if browser else None, + browser_version=browser_version[:20] if browser_version else None, + os=os_name[:50] if os_name else None, + os_version=os_version[:20] if os_version else None + ) + db.add(user_session) + db.commit() + db.refresh(user_session) + else: + # Update last activity + from datetime import datetime + user_session.last_activity_at = datetime.now() + if current_user.is_authenticated and not user_session.user_id: + user_session.user_id = current_user.id + db.commit() + + return user_session.id + except Exception as e: + logger.error(f"Analytics session error: {e}") + db.rollback() + return None + finally: + db.close() + + +def track_page_view_for_request(): + """ + Track page view for current request. + Called from before_request middleware. + + Returns: + page_view_id or None + """ + try: + session_db_id = get_or_create_analytics_session() + if not session_db_id: + return None + + db = SessionLocal() + try: + page_view = PageView( + session_id=session_db_id, + user_id=current_user.id if current_user.is_authenticated else None, + url=request.url[:2000] if request.url else '', + path=request.path[:500] if request.path else '/', + referrer=request.referrer[:2000] if request.referrer else None + ) + + # Extract company_id from path if on company page + if request.path.startswith('/company/'): + try: + slug = request.path.split('/')[2].split('?')[0] + company = db.query(Company).filter_by(slug=slug).first() + if company: + page_view.company_id = company.id + except Exception: + pass + + db.add(page_view) + + # Update session page count + user_session = db.query(UserSession).filter_by(id=session_db_id).first() + if user_session: + user_session.page_views_count = (user_session.page_views_count or 0) + 1 + + db.commit() + return page_view.id + + except Exception as e: + logger.error(f"Page view tracking error: {e}") + db.rollback() + return None + finally: + db.close() + except Exception as e: + logger.error(f"Page view tracking outer error: {e}") + return None + + +def get_current_page_view_id(): + """Get page_view_id for current request.""" + return _current_page_view_id.get(id(request), '') + + +def set_current_page_view_id(page_view_id): + """Set page_view_id for current request.""" + _current_page_view_id[id(request)] = page_view_id + + +def cleanup_page_view_id(): + """Clean up page_view_id from global dict after request.""" + _current_page_view_id.pop(id(request), None) + + +def get_free_tier_usage(): + """ + Get today's Gemini API usage for free tier tracking. + + Returns: + Dict with requests_today and tokens_today + """ + db = SessionLocal() + try: + today = date.today() + result = db.query( + func.count(AIAPICostLog.id).label('requests'), + func.coalesce(func.sum(AIAPICostLog.total_tokens), 0).label('tokens') + ).filter( + func.date(AIAPICostLog.timestamp) == today, + AIAPICostLog.api_provider == 'gemini' + ).first() + + return { + 'requests_today': result.requests or 0, + 'tokens_today': int(result.tokens or 0) + } + except Exception as e: + logger.warning(f"Failed to get free tier usage: {e}") + return {'requests_today': 0, 'tokens_today': 0} + finally: + db.close() + + +def get_brave_api_usage(): + """ + Get Brave Search API usage for current month. + + Brave free tier: 2000 requests/month + + Returns: + Dict with usage stats and limits + """ + db = SessionLocal() + try: + today = date.today() + current_month = today.month + current_year = today.year + + # Monthly usage + monthly_result = db.query( + func.count(AIAPICostLog.id).label('requests') + ).filter( + extract('month', AIAPICostLog.timestamp) == current_month, + extract('year', AIAPICostLog.timestamp) == current_year, + AIAPICostLog.api_provider == 'brave' + ).first() + + # Today's usage + daily_result = db.query( + func.count(AIAPICostLog.id).label('requests') + ).filter( + func.date(AIAPICostLog.timestamp) == today, + AIAPICostLog.api_provider == 'brave' + ).first() + + monthly_used = monthly_result.requests or 0 + daily_used = daily_result.requests or 0 + monthly_limit = 2000 # Brave free tier + + return { + 'requests_today': daily_used, + 'requests_this_month': monthly_used, + 'monthly_limit': monthly_limit, + 'remaining': max(0, monthly_limit - monthly_used), + 'usage_percent': round((monthly_used / monthly_limit) * 100, 1) if monthly_limit > 0 else 0, + 'tier': 'free', + 'is_limit_reached': monthly_used >= monthly_limit + } + except Exception as e: + logger.warning(f"Failed to get Brave API usage: {e}") + return { + 'requests_today': 0, + 'requests_this_month': 0, + 'monthly_limit': 2000, + 'remaining': 2000, + 'usage_percent': 0, + 'tier': 'free', + 'is_limit_reached': False + } + finally: + db.close() + + +def log_brave_api_call(user_id=None, feature='news_search', company_name=None): + """ + Log a Brave API call for usage tracking. + + Args: + user_id: User who triggered the call (optional) + feature: Feature name (news_search, etc.) + company_name: Company being searched (for reference) + """ + db = SessionLocal() + try: + log_entry = AIAPICostLog( + api_provider='brave', + model_name='search_api', + feature=feature, + user_id=user_id, + input_tokens=0, + output_tokens=0, + total_tokens=0 + ) + db.add(log_entry) + db.commit() + logger.debug(f"Logged Brave API call: {feature} for {company_name}") + except Exception as e: + logger.error(f"Failed to log Brave API call: {e}") + db.rollback() + finally: + db.close() diff --git a/utils/context_processors.py b/utils/context_processors.py new file mode 100644 index 0000000..4e67461 --- /dev/null +++ b/utils/context_processors.py @@ -0,0 +1,46 @@ +""" +Context Processors +================== + +Functions that inject global variables into all templates. +""" + +from datetime import datetime +from flask_login import current_user +from database import SessionLocal, UserNotification + + +def inject_globals(): + """Inject global variables into all templates.""" + return { + 'current_year': datetime.now().year, + 'now': datetime.now() # Must be value, not method - templates use now.strftime() + } + + +def inject_notifications(): + """Inject unread notifications count into all templates.""" + if current_user.is_authenticated: + db = SessionLocal() + try: + unread_count = db.query(UserNotification).filter( + UserNotification.user_id == current_user.id, + UserNotification.is_read == False + ).count() + return {'unread_notifications_count': unread_count} + finally: + db.close() + return {'unread_notifications_count': 0} + + +def inject_page_view_id(): + """Inject page_view_id into all templates for JS tracking.""" + from utils.analytics import get_current_page_view_id + return {'page_view_id': get_current_page_view_id()} + + +def register_context_processors(app): + """Register all context processors with the app.""" + app.context_processor(inject_globals) + app.context_processor(inject_notifications) + app.context_processor(inject_page_view_id) diff --git a/utils/decorators.py b/utils/decorators.py new file mode 100644 index 0000000..1a2f656 --- /dev/null +++ b/utils/decorators.py @@ -0,0 +1,89 @@ +""" +Custom Decorators +================= + +Reusable decorators for access control and validation. +""" + +from functools import wraps +from flask import abort, flash, redirect, url_for +from flask_login import current_user + + +def admin_required(f): + """ + Decorator that requires user to be logged in AND be an admin. + + Usage: + @bp.route('/admin/users') + @login_required + @admin_required + def admin_users(): + ... + + Note: Always use @login_required BEFORE @admin_required + """ + @wraps(f) + def decorated_function(*args, **kwargs): + if not current_user.is_authenticated: + return redirect(url_for('auth.login')) + if not current_user.is_admin: + flash('Brak uprawnień administratora.', 'error') + return redirect(url_for('public.index')) + return f(*args, **kwargs) + return decorated_function + + +def verified_required(f): + """ + Decorator that requires user to have verified email. + + Usage: + @bp.route('/forum/new') + @login_required + @verified_required + def new_topic(): + ... + """ + @wraps(f) + def decorated_function(*args, **kwargs): + if not current_user.is_authenticated: + return redirect(url_for('auth.login')) + if not current_user.is_verified: + flash('Musisz zweryfikować swój email, aby wykonać tę akcję.', 'warning') + return redirect(url_for('auth.resend_verification')) + return f(*args, **kwargs) + return decorated_function + + +def company_owner_or_admin(f): + """ + Decorator for routes that accept company_id. + Allows access only if user is admin OR owns the company. + + Usage: + @bp.route('/company//edit') + @login_required + @company_owner_or_admin + def edit_company(company_id): + ... + """ + @wraps(f) + def decorated_function(*args, **kwargs): + if not current_user.is_authenticated: + return redirect(url_for('auth.login')) + + company_id = kwargs.get('company_id') + if company_id is None: + abort(400) + + if current_user.is_admin: + return f(*args, **kwargs) + + if current_user.company_id == company_id: + return f(*args, **kwargs) + + flash('Nie masz uprawnień do tej firmy.', 'error') + return redirect(url_for('public.index')) + + return decorated_function diff --git a/utils/error_handlers.py b/utils/error_handlers.py new file mode 100644 index 0000000..e019225 --- /dev/null +++ b/utils/error_handlers.py @@ -0,0 +1,50 @@ +""" +Error Handlers +============== + +Custom error handlers for the Flask application. +""" + +from flask import render_template, jsonify, request +import logging + +logger = logging.getLogger(__name__) + + +def register_error_handlers(app): + """Register all error handlers with the app.""" + + @app.errorhandler(400) + def bad_request(e): + if request.is_json: + return jsonify({'error': 'Bad request', 'message': str(e)}), 400 + return render_template('errors/400.html'), 400 + + @app.errorhandler(403) + def forbidden(e): + if request.is_json: + return jsonify({'error': 'Forbidden', 'message': 'Access denied'}), 403 + return render_template('errors/403.html'), 403 + + @app.errorhandler(404) + def not_found(e): + if request.is_json: + return jsonify({'error': 'Not found'}), 404 + return render_template('errors/404.html'), 404 + + @app.errorhandler(429) + def ratelimit_handler(e): + logger.warning(f"Rate limit exceeded: {request.remote_addr} - {request.path}") + if request.is_json: + return jsonify({ + 'error': 'Rate limit exceeded', + 'message': 'Zbyt wiele zapytań. Spróbuj ponownie później.' + }), 429 + return render_template('errors/429.html'), 429 + + @app.errorhandler(500) + def internal_error(e): + logger.error(f"Internal server error: {e}") + if request.is_json: + return jsonify({'error': 'Internal server error'}), 500 + return render_template('errors/500.html'), 500 diff --git a/utils/helpers.py b/utils/helpers.py new file mode 100644 index 0000000..0f14bfb --- /dev/null +++ b/utils/helpers.py @@ -0,0 +1,101 @@ +""" +Helper Functions +================ + +Common utility functions used across blueprints. +""" + +import re +import logging + +logger = logging.getLogger(__name__) + + +def sanitize_input(text, max_length=1000): + """ + Sanitize user input - remove potentially dangerous characters. + + Args: + text: Input string to sanitize + max_length: Maximum allowed length (default 1000) + + Returns: + Sanitized string + """ + if not text: + return "" + + # Remove null bytes + text = text.replace('\x00', '') + + # Trim to max length + text = text[:max_length] + + # Strip whitespace + text = text.strip() + + return text + + +def validate_email(email): + """ + Validate email format. + + Args: + email: Email address to validate + + Returns: + bool: True if valid, False otherwise + """ + if not email or len(email) > 255: + return False + + # RFC 5322 compliant email regex (simplified) + pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$' + return re.match(pattern, email) is not None + + +def validate_password(password): + """ + Validate password strength. + + Requirements: + - Minimum 8 characters + - At least one uppercase letter + - At least one lowercase letter + - At least one digit + + Args: + password: Password to validate + + Returns: + tuple: (is_valid: bool, message: str) + """ + if not password or len(password) < 8: + return False, "Hasło musi mieć minimum 8 znaków" + + if not re.search(r'[A-Z]', password): + return False, "Hasło musi zawierać przynajmniej jedną wielką literę" + + if not re.search(r'[a-z]', password): + return False, "Hasło musi zawierać przynajmniej jedną małą literę" + + if not re.search(r'\d', password): + return False, "Hasło musi zawierać przynajmniej jedną cyfrę" + + return True, "OK" + + +def ensure_url(url): + """ + Ensure URL has http:// or https:// scheme. + + Args: + url: URL string + + Returns: + URL with https:// prefix if no scheme present + """ + if url and not url.startswith(('http://', 'https://')): + return f'https://{url}' + return url diff --git a/utils/middleware.py b/utils/middleware.py new file mode 100644 index 0000000..fe71187 --- /dev/null +++ b/utils/middleware.py @@ -0,0 +1,120 @@ +""" +Request Middleware +================== + +Before/after request hooks for security, analytics, etc. +""" + +import logging +from flask import request, abort + +logger = logging.getLogger(__name__) + + +def register_middleware(app): + """Register all middleware with the app.""" + + @app.before_request + def check_geoip(): + """Block requests from high-risk countries (RU, CN, KP, IR, BY, SY, VE, CU).""" + # Skip static files and health checks + if request.path.startswith('/static') or request.path == '/health': + return + + try: + from security_service import is_ip_allowed, get_country_code, create_security_alert + from database import SessionLocal + + if not is_ip_allowed(): + ip = request.headers.get('X-Forwarded-For', request.remote_addr) + if ip: + ip = ip.split(',')[0].strip() + country = get_country_code(ip) + logger.warning(f"GEOIP_BLOCKED ip={ip} country={country} path={request.path}") + + # Create alert for blocked access + try: + db = SessionLocal() + create_security_alert( + db, 'geo_blocked', 'low', + ip_address=ip, + details={ + 'country': country, + 'path': request.path, + 'user_agent': request.user_agent.string[:200] + } + ) + db.commit() + db.close() + except Exception as e: + logger.error(f"Failed to create geo block alert: {e}") + + abort(403) + except ImportError: + # Security service not available, skip GeoIP check + pass + + @app.before_request + def track_page_view(): + """Track page views (excluding static files and API calls).""" + # Skip static files + if request.path.startswith('/static'): + return + + # Skip API calls + if request.path.startswith('/api'): + return + + # Skip analytics tracking endpoints + if request.path in ['/api/analytics/track', '/api/analytics/heartbeat']: + return + + # Skip health checks + if request.path == '/health': + return + + # Skip favicon + if request.path == '/favicon.ico': + return + + try: + from utils.analytics import ( + track_page_view_for_request, + set_current_page_view_id + ) + page_view_id = track_page_view_for_request() + if page_view_id: + set_current_page_view_id(page_view_id) + except Exception as e: + logger.error(f"Page view tracking error: {e}") + + @app.after_request + def set_security_headers(response): + """Add security headers to all responses.""" + response.headers['X-Content-Type-Options'] = 'nosniff' + response.headers['X-Frame-Options'] = 'SAMEORIGIN' + response.headers['X-XSS-Protection'] = '1; mode=block' + response.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains' + response.headers['Referrer-Policy'] = 'strict-origin-when-cross-origin' + + # Content Security Policy + csp = ( + "default-src 'self'; " + "script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; " + "style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com; " + "img-src 'self' data: https:; " + "font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com; " + "connect-src 'self'" + ) + response.headers['Content-Security-Policy'] = csp + + return response + + @app.teardown_request + def cleanup_page_view_id(exception=None): + """Clean up page_view_id from global dict after request.""" + try: + from utils.analytics import cleanup_page_view_id + cleanup_page_view_id() + except Exception: + pass diff --git a/utils/notifications.py b/utils/notifications.py new file mode 100644 index 0000000..0b9d229 --- /dev/null +++ b/utils/notifications.py @@ -0,0 +1,123 @@ +""" +Notification Helpers +==================== + +Functions for creating and managing user notifications. +""" + +import logging +from database import SessionLocal, UserNotification, User + +logger = logging.getLogger(__name__) + + +def create_notification(user_id, title, message, notification_type='info', + related_type=None, related_id=None, action_url=None): + """ + Create a notification for a user. + + Args: + user_id: ID of the user to notify + title: Notification title + message: Notification message/body + notification_type: Type of notification (news, system, message, event, alert) + related_type: Type of related entity (company_news, event, message, etc.) + related_id: ID of the related entity + action_url: URL to navigate when notification is clicked + + Returns: + UserNotification object or None on error + """ + db = SessionLocal() + try: + notification = UserNotification( + user_id=user_id, + title=title, + message=message, + notification_type=notification_type, + related_type=related_type, + related_id=related_id, + action_url=action_url + ) + db.add(notification) + db.commit() + db.refresh(notification) + logger.info(f"Created notification for user {user_id}: {title}") + return notification + except Exception as e: + logger.error(f"Error creating notification: {e}") + db.rollback() + return None + finally: + db.close() + + +def create_news_notification(company_id, news_id, news_title): + """ + Create notification for company owner when their news is approved. + + Args: + company_id: ID of the company + news_id: ID of the approved news + news_title: Title of the news + """ + db = SessionLocal() + try: + # Find users associated with this company + users = db.query(User).filter( + User.company_id == company_id, + User.is_active == True + ).all() + + for user in users: + create_notification( + user_id=user.id, + title="Nowa aktualnosc o Twojej firmie", + message=f"Aktualnosc '{news_title}' zostala zatwierdzona i jest widoczna na profilu firmy.", + notification_type='news', + related_type='company_news', + related_id=news_id, + action_url=f"/company/{company_id}" + ) + finally: + db.close() + + +def create_message_notification(user_id, sender_name, message_id): + """ + Create notification when user receives a private message. + + Args: + user_id: ID of the recipient + sender_name: Name of the sender + message_id: ID of the message + """ + create_notification( + user_id=user_id, + title="Nowa wiadomość prywatna", + message=f"Otrzymałeś nową wiadomość od {sender_name}.", + notification_type='message', + related_type='private_message', + related_id=message_id, + action_url=f"/wiadomosci/{message_id}" + ) + + +def create_event_notification(user_id, event_title, event_id): + """ + Create notification for upcoming event reminder. + + Args: + user_id: ID of the user to notify + event_title: Title of the event + event_id: ID of the event + """ + create_notification( + user_id=user_id, + title="Przypomnienie o wydarzeniu", + message=f"Zbliża się wydarzenie: {event_title}", + notification_type='event', + related_type='norda_event', + related_id=event_id, + action_url=f"/kalendarz/{event_id}" + )