#!/usr/bin/env python3 """ Norda Biznes Partner - Flask Application ==================================== Main Flask application for Norda Biznes company directory with AI chat. Features: - User authentication with email confirmation - Company directory with advanced search - AI chat assistant powered by Google Gemini - PostgreSQL database integration - Analytics dashboard for chat insights Author: Norda Biznes Development Team Created: 2025-11-23 """ import os import logging import secrets import re import json import time from collections import deque from pathlib import Path from datetime import datetime, timedelta, date from flask import Flask, render_template, request, jsonify, redirect, url_for, flash, session, Response, send_file from flask_login import login_user, logout_user, login_required, current_user # Note: CSRFProtect, Limiter, LoginManager are imported from extensions.py (line ~250) from werkzeug.security import generate_password_hash, check_password_hash from dotenv import load_dotenv from user_agents import parse as parse_user_agent import uuid import traceback as tb_module # Load environment variables (override any existing env vars) # Try .env first, then nordabiz_config.txt for production flexibility import os if os.path.exists('.env'): load_dotenv('.env', override=True) elif os.path.exists('nordabiz_config.txt'): load_dotenv('nordabiz_config.txt', override=True) else: load_dotenv(override=True) # ============================================================ # GLOBAL CONSTANTS - MARKETING # ============================================================ # Liczba podmiotów gospodarczych (cel marketingowy Izby NORDA) # Używana we wszystkich miejscach wyświetlających liczbę firm COMPANY_COUNT_MARKETING = 150 # Configure logging with in-memory buffer for debug panel class DebugLogHandler(logging.Handler): """Custom handler that stores logs in memory for real-time viewing""" def __init__(self, max_logs=500): super().__init__() self.logs = deque(maxlen=max_logs) def emit(self, record): log_entry = { 'timestamp': datetime.now().isoformat(), 'level': record.levelname, 'logger': record.name, 'message': self.format(record), 'module': record.module, 'funcName': record.funcName, 'lineno': record.lineno } self.logs.append(log_entry) # Create debug handler debug_handler = DebugLogHandler(max_logs=500) debug_handler.setFormatter(logging.Formatter('%(message)s')) logging.basicConfig( level=logging.INFO, format='%(asctime)s - %(name)s - %(levelname)s - %(message)s' ) # Add debug handler to root logger logging.getLogger().addHandler(debug_handler) logger = logging.getLogger(__name__) # Security logger for fail2ban integration # Logs to /var/log/nordabiznes/security.log in production security_logger = logging.getLogger('security') security_logger.setLevel(logging.WARNING) _security_log_path = '/var/log/nordabiznes/security.log' if os.path.exists('/var/log/nordabiznes'): _security_handler = logging.FileHandler(_security_log_path) _security_handler.setFormatter(logging.Formatter( '%(asctime)s [%(levelname)s] %(message)s', datefmt='%Y-%m-%d %H:%M:%S' )) security_logger.addHandler(_security_handler) # Import database models from database import ( init_db, SessionLocal, User, Company, Category, Service, Competency, CompanyDigitalMaturity, CompanyWebsiteAnalysis, CompanyQualityTracking, CompanyWebsiteContent, CompanyAIInsights, CompanyEvent, CompanySocialMedia, CompanyContact, AIChatConversation, AIChatMessage, AIChatFeedback, AIAPICostLog, ForumTopic, ForumReply, ForumAttachment, NordaEvent, EventAttendee, PrivateMessage, Classified, UserNotification, CompanyRecommendation, MembershipFee, MembershipFeeConfig, Person, CompanyPerson, GBPAudit, ITAudit, KRSAudit, CompanyPKD, CompanyFinancialReport, UserSession, UserBlock, PageView, UserClick, AnalyticsDaily, PopularPagesDaily, SearchQuery, ConversionEvent, JSError, PopularSearchesDaily, HourlyActivity, AuditLog, SecurityAlert, ZOPKNews ) # Import services import gemini_service from nordabiz_chat import NordaBizChatEngine from search_service import search_companies import krs_api_service from file_upload_service import FileUploadService # Security service for audit log, alerting, GeoIP, 2FA try: from security_service import ( log_audit, create_security_alert, get_client_ip, is_ip_allowed, geoip_check, init_security_service, generate_totp_secret, get_totp_uri, verify_totp, generate_backup_codes, verify_backup_code, requires_2fa ) SECURITY_SERVICE_AVAILABLE = True except ImportError as e: SECURITY_SERVICE_AVAILABLE = False logger.warning(f"Security service not available: {e}") # News service for fetching company news try: from news_service import NewsService, get_news_service, init_news_service NEWS_SERVICE_AVAILABLE = True except ImportError: NEWS_SERVICE_AVAILABLE = False logger.warning("News service not available") # SEO audit components for triggering audits via API import sys _scripts_path = os.path.join(os.path.dirname(__file__), 'scripts') if _scripts_path not in sys.path: sys.path.insert(0, _scripts_path) try: from seo_audit import SEOAuditor, SEO_AUDIT_VERSION SEO_AUDIT_AVAILABLE = True except ImportError as e: SEO_AUDIT_AVAILABLE = False logger.warning(f"SEO audit service not available: {e}") # GBP (Google Business Profile) audit service try: from gbp_audit_service import ( GBPAuditService, audit_company as gbp_audit_company, get_company_audit as gbp_get_company_audit, fetch_google_business_data as gbp_fetch_google_data ) GBP_AUDIT_AVAILABLE = True GBP_AUDIT_VERSION = '1.0' except ImportError as e: GBP_AUDIT_AVAILABLE = False GBP_AUDIT_VERSION = None logger.warning(f"GBP audit service not available: {e}") # KRS (Krajowy Rejestr Sądowy) audit service try: from krs_audit_service import parse_krs_pdf, parse_krs_pdf_full KRS_AUDIT_AVAILABLE = True KRS_AUDIT_VERSION = '1.0' except ImportError as e: KRS_AUDIT_AVAILABLE = False KRS_AUDIT_VERSION = None logger.warning(f"KRS audit service not available: {e}") # Initialize Flask app app = Flask(__name__) # Security: Require strong SECRET_KEY (no default value allowed) SECRET_KEY = os.getenv('SECRET_KEY') if not SECRET_KEY or len(SECRET_KEY) < 32: raise ValueError("SECRET_KEY must be set in environment variables and be at least 32 characters long") app.config['SECRET_KEY'] = SECRET_KEY app.config['PERMANENT_SESSION_LIFETIME'] = timedelta(days=7) # Security configurations app.config['WTF_CSRF_ENABLED'] = True app.config['WTF_CSRF_TIME_LIMIT'] = None # No time limit for CSRF tokens app.config['SESSION_COOKIE_SECURE'] = os.getenv('FLASK_ENV') != 'development' # HTTPS only in production app.config['SESSION_COOKIE_HTTPONLY'] = True app.config['SESSION_COOKIE_SAMESITE'] = 'Lax' # Template filters @app.template_filter('ensure_url') def ensure_url_filter(url): """Ensure URL has http:// or https:// scheme""" if url and not url.startswith(('http://', 'https://')): return f'https://{url}' return url # Initialize extensions from centralized extensions.py from extensions import csrf, limiter, login_manager csrf.init_app(app) # Initialize rate limiter with Redis storage (persistent across restarts) # Falls back to memory if Redis unavailable _redis_available = False try: import redis _redis_client = redis.Redis(host='localhost', port=6379, db=0) _redis_client.ping() _redis_available = True logger.info("Rate limiter using Redis storage") except Exception: logger.warning("Redis unavailable, rate limiter using memory storage") # Note: default_limits are set in extensions.py # Here we only configure storage if _redis_available: limiter._storage_uri = "redis://localhost:6379/0" else: limiter._storage_uri = "memory://" limiter.init_app(app) @limiter.request_filter def is_admin_exempt(): """Exempt logged-in admins from rate limiting.""" from flask_login import current_user try: return current_user.is_authenticated and current_user.is_admin except Exception: return False # Initialize database init_db() # Initialize Login Manager (imported from extensions.py) login_manager.init_app(app) login_manager.login_view = 'login' # Will change to 'auth.login' after full migration login_manager.login_message = 'Zaloguj się, aby uzyskać dostęp do tej strony.' # Initialize Gemini service try: gemini_service.init_gemini_service(model='3-flash') # Gemini 3 Flash Preview - najnowszy model, 7x lepszy reasoning logger.info("Gemini service initialized successfully") except Exception as e: logger.error(f"Failed to initialize Gemini service: {e}") # Register blueprints (Phase 1: reports, community) from blueprints import register_blueprints register_blueprints(app) logger.info("Blueprints registered") @login_manager.user_loader def load_user(user_id): """Load user from database""" db = SessionLocal() try: return db.query(User).filter_by(id=int(user_id)).first() finally: db.close() # ============================================================ # TEMPLATE CONTEXT PROCESSORS # ============================================================ @app.context_processor def inject_globals(): """Inject global variables into all templates""" return { 'current_year': datetime.now().year, 'now': datetime.now(), # Must be value, not method - templates use now.strftime() 'COMPANY_COUNT': COMPANY_COUNT_MARKETING, # Liczba podmiotów (cel marketingowy) } @app.context_processor def inject_notifications(): """Inject unread notifications count into all templates""" if current_user.is_authenticated: db = SessionLocal() try: unread_count = db.query(UserNotification).filter( UserNotification.user_id == current_user.id, UserNotification.is_read == False ).count() return {'unread_notifications_count': unread_count} finally: db.close() return {'unread_notifications_count': 0} # ============================================================ # NOTIFICATION HELPERS # ============================================================ def create_notification(user_id, title, message, notification_type='info', related_type=None, related_id=None, action_url=None): """ Create a notification for a user. Args: user_id: ID of the user to notify title: Notification title message: Notification message/body notification_type: Type of notification (news, system, message, event, alert) related_type: Type of related entity (company_news, event, message, etc.) related_id: ID of the related entity action_url: URL to navigate when notification is clicked Returns: UserNotification object or None on error """ db = SessionLocal() try: notification = UserNotification( user_id=user_id, title=title, message=message, notification_type=notification_type, related_type=related_type, related_id=related_id, action_url=action_url ) db.add(notification) db.commit() db.refresh(notification) logger.info(f"Created notification for user {user_id}: {title}") return notification except Exception as e: logger.error(f"Error creating notification: {e}") db.rollback() return None finally: db.close() def create_news_notification(company_id, news_id, news_title): """ Create notification for company owner when their news is approved. Args: company_id: ID of the company news_id: ID of the approved news news_title: Title of the news """ db = SessionLocal() try: # Find users associated with this company users = db.query(User).filter( User.company_id == company_id, User.is_active == True ).all() for user in users: create_notification( user_id=user.id, title="Nowa aktualnosc o Twojej firmie", message=f"Aktualnosc '{news_title}' zostala zatwierdzona i jest widoczna na profilu firmy.", notification_type='news', related_type='company_news', related_id=news_id, action_url=f"/company/{company_id}" ) finally: db.close() # ============================================================ # USER ANALYTICS - TRACKING HELPERS # ============================================================ # Global variable to store current page_view_id for templates _current_page_view_id = {} def get_or_create_analytics_session(): """ Get existing analytics session or create new one. Returns the database session ID (integer). Includes GeoIP lookup and UTM parameter parsing. """ analytics_session_id = session.get('analytics_session_id') if not analytics_session_id: analytics_session_id = str(uuid.uuid4()) session['analytics_session_id'] = analytics_session_id db = SessionLocal() try: user_session = db.query(UserSession).filter_by(session_id=analytics_session_id).first() if not user_session: # Parse user agent ua_string = request.headers.get('User-Agent', '') try: ua = parse_user_agent(ua_string) device_type = 'mobile' if ua.is_mobile else ('tablet' if ua.is_tablet else 'desktop') browser = ua.browser.family browser_version = ua.browser.version_string os_name = ua.os.family os_version = ua.os.version_string except Exception: device_type = 'desktop' browser = 'Unknown' browser_version = '' os_name = 'Unknown' os_version = '' # GeoIP lookup country, city, region = None, None, None ip_address = request.headers.get('X-Forwarded-For', request.remote_addr) if ip_address: ip_address = ip_address.split(',')[0].strip() try: from security_service import get_geoip_info geo_info = get_geoip_info(ip_address) if geo_info: country = geo_info.get('country') city = geo_info.get('city') region = geo_info.get('region') except Exception as e: logger.debug(f"GeoIP lookup failed for {ip_address}: {e}") # UTM parameters (z pierwszego requestu sesji) utm_source = request.args.get('utm_source', '')[:255] or None utm_medium = request.args.get('utm_medium', '')[:255] or None utm_campaign = request.args.get('utm_campaign', '')[:255] or None utm_term = request.args.get('utm_term', '')[:255] or None utm_content = request.args.get('utm_content', '')[:255] or None user_session = UserSession( session_id=analytics_session_id, user_id=current_user.id if current_user.is_authenticated else None, ip_address=ip_address, user_agent=ua_string[:2000] if ua_string else None, device_type=device_type, browser=browser[:50] if browser else None, browser_version=browser_version[:20] if browser_version else None, os=os_name[:50] if os_name else None, os_version=os_version[:20] if os_version else None, # GeoIP country=country, city=city, region=region, # UTM utm_source=utm_source, utm_medium=utm_medium, utm_campaign=utm_campaign, utm_term=utm_term, utm_content=utm_content ) db.add(user_session) db.commit() db.refresh(user_session) else: # Update last activity AND duration user_session.last_activity_at = datetime.now() user_session.duration_seconds = int( (datetime.now() - user_session.started_at).total_seconds() ) if current_user.is_authenticated and not user_session.user_id: user_session.user_id = current_user.id db.commit() return user_session.id except Exception as e: logger.error(f"Analytics session error: {e}") db.rollback() return None finally: db.close() def track_conversion(event_type: str, company_id: int = None, target_type: str = None, target_value: str = None, metadata: dict = None): """ Track conversion event. Args: event_type: Type of conversion (register, login, contact_click, rsvp, message, classified) company_id: Related company ID (for contact_click) target_type: What was clicked (email, phone, website) target_value: The value (email address, phone number, etc.) metadata: Additional data as dict """ try: analytics_session_id = session.get('analytics_session_id') session_db_id = None db = SessionLocal() try: if analytics_session_id: user_session = db.query(UserSession).filter_by(session_id=analytics_session_id).first() if user_session: session_db_id = user_session.id # Określ kategorię konwersji category_map = { 'register': 'acquisition', 'login': 'activation', 'contact_click': 'engagement', 'rsvp': 'engagement', 'message': 'engagement', 'classified': 'engagement' } conversion = ConversionEvent( session_id=session_db_id, user_id=current_user.id if current_user.is_authenticated else None, event_type=event_type, event_category=category_map.get(event_type, 'other'), company_id=company_id, target_type=target_type, target_value=target_value[:500] if target_value else None, source_page=request.url[:500] if request.url else None, referrer=request.referrer[:500] if request.referrer else None, event_metadata=metadata ) db.add(conversion) db.commit() logger.info(f"Conversion tracked: {event_type} company={company_id} target={target_type}") except Exception as e: logger.error(f"Conversion tracking error: {e}") db.rollback() finally: db.close() except Exception as e: logger.error(f"Conversion tracking outer error: {e}") @app.before_request def check_geoip(): """Block requests from high-risk countries (RU, CN, KP, IR, BY, SY, VE, CU).""" # Skip static files and health checks if request.path.startswith('/static') or request.path == '/health': return if not is_ip_allowed(): ip = request.headers.get('X-Forwarded-For', request.remote_addr) if ip: ip = ip.split(',')[0].strip() from security_service import get_country_code country = get_country_code(ip) logger.warning(f"GEOIP_BLOCKED ip={ip} country={country} path={request.path}") # Create alert for blocked access try: db = SessionLocal() from security_service import create_security_alert create_security_alert( db, 'geo_blocked', 'low', ip_address=ip, details={'country': country, 'path': request.path, 'user_agent': request.user_agent.string[:200]} ) db.commit() db.close() except Exception as e: logger.error(f"Failed to create geo block alert: {e}") abort(403) @app.before_request def track_page_view(): """Track page views (excluding static files and API calls)""" # Skip static files if request.path.startswith('/static'): return # Skip API calls except selected ones if request.path.startswith('/api'): return # Skip analytics tracking endpoints if request.path in ['/api/analytics/track', '/api/analytics/heartbeat']: return # Skip health checks if request.path == '/health': return # Skip favicon if request.path == '/favicon.ico': return try: session_db_id = get_or_create_analytics_session() if not session_db_id: return db = SessionLocal() try: page_view = PageView( session_id=session_db_id, user_id=current_user.id if current_user.is_authenticated else None, url=request.url[:2000] if request.url else '', path=request.path[:500] if request.path else '/', referrer=request.referrer[:2000] if request.referrer else None ) # Extract company_id from path if on company page if request.path.startswith('/company/'): try: slug = request.path.split('/')[2].split('?')[0] company = db.query(Company).filter_by(slug=slug).first() if company: page_view.company_id = company.id except Exception: pass db.add(page_view) # Update session page count user_session = db.query(UserSession).filter_by(id=session_db_id).first() if user_session: user_session.page_views_count = (user_session.page_views_count or 0) + 1 db.commit() # Store page_view_id for click tracking (in request context) _current_page_view_id[id(request)] = page_view.id except Exception as e: logger.error(f"Page view tracking error: {e}") db.rollback() finally: db.close() except Exception as e: logger.error(f"Page view tracking outer error: {e}") @app.context_processor def inject_page_view_id(): """Inject page_view_id into all templates for JS tracking""" page_view_id = _current_page_view_id.get(id(request), '') return {'page_view_id': page_view_id} @app.teardown_request def cleanup_page_view_id(exception=None): """Clean up page_view_id from global dict after request""" _current_page_view_id.pop(id(request), None) # ============================================================ # SECURITY MIDDLEWARE & HELPERS # ============================================================ @app.after_request def set_security_headers(response): """Add security headers to all responses""" response.headers['X-Content-Type-Options'] = 'nosniff' response.headers['X-Frame-Options'] = 'SAMEORIGIN' response.headers['X-XSS-Protection'] = '1; mode=block' response.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains' response.headers['Referrer-Policy'] = 'strict-origin-when-cross-origin' # Content Security Policy csp = ( "default-src 'self'; " "script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; " "style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com; " "img-src 'self' data: https:; " "font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com; " "connect-src 'self'" ) response.headers['Content-Security-Policy'] = csp return response def validate_email(email): """Validate email format""" if not email or len(email) > 255: return False # RFC 5322 compliant email regex (simplified) pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$' return re.match(pattern, email) is not None def validate_password(password): """ Validate password strength Requirements: - Minimum 8 characters - At least one uppercase letter - At least one lowercase letter - At least one digit """ if not password or len(password) < 8: return False, "Hasło musi mieć minimum 8 znaków" if not re.search(r'[A-Z]', password): return False, "Hasło musi zawierać przynajmniej jedną wielką literę" if not re.search(r'[a-z]', password): return False, "Hasło musi zawierać przynajmniej jedną małą literę" if not re.search(r'\d', password): return False, "Hasło musi zawierać przynajmniej jedną cyfrę" return True, "OK" def sanitize_input(text, max_length=1000): """Sanitize user input - remove potentially dangerous characters""" if not text: return "" # Remove null bytes text = text.replace('\x00', '') # Trim to max length text = text[:max_length] # Strip whitespace text = text.strip() return text def get_free_tier_usage(): """ Get today's Gemini API usage for free tier tracking. Returns: Dict with requests_today and tokens_today """ from datetime import date from sqlalchemy import func db = SessionLocal() try: today = date.today() result = db.query( func.count(AIAPICostLog.id).label('requests'), func.coalesce(func.sum(AIAPICostLog.total_tokens), 0).label('tokens') ).filter( func.date(AIAPICostLog.timestamp) == today, AIAPICostLog.api_provider == 'gemini' ).first() return { 'requests_today': result.requests or 0, 'tokens_today': int(result.tokens or 0) } except Exception as e: logger.warning(f"Failed to get free tier usage: {e}") return {'requests_today': 0, 'tokens_today': 0} finally: db.close() def get_brave_api_usage(): """ Get Brave Search API usage for current month. Brave free tier: 2000 requests/month Returns: Dict with usage stats and limits """ from datetime import date from sqlalchemy import func, extract db = SessionLocal() try: today = date.today() current_month = today.month current_year = today.year # Monthly usage monthly_result = db.query( func.count(AIAPICostLog.id).label('requests') ).filter( extract('month', AIAPICostLog.timestamp) == current_month, extract('year', AIAPICostLog.timestamp) == current_year, AIAPICostLog.api_provider == 'brave' ).first() # Today's usage daily_result = db.query( func.count(AIAPICostLog.id).label('requests') ).filter( func.date(AIAPICostLog.timestamp) == today, AIAPICostLog.api_provider == 'brave' ).first() monthly_used = monthly_result.requests or 0 daily_used = daily_result.requests or 0 monthly_limit = 2000 # Brave free tier return { 'requests_today': daily_used, 'requests_this_month': monthly_used, 'monthly_limit': monthly_limit, 'remaining': max(0, monthly_limit - monthly_used), 'usage_percent': round((monthly_used / monthly_limit) * 100, 1) if monthly_limit > 0 else 0, 'tier': 'free', 'is_limit_reached': monthly_used >= monthly_limit } except Exception as e: logger.warning(f"Failed to get Brave API usage: {e}") return { 'requests_today': 0, 'requests_this_month': 0, 'monthly_limit': 2000, 'remaining': 2000, 'usage_percent': 0, 'tier': 'free', 'is_limit_reached': False } finally: db.close() def log_brave_api_call(user_id=None, feature='news_search', company_name=None): """ Log a Brave API call for usage tracking. Args: user_id: User who triggered the call (optional) feature: Feature name (news_search, etc.) company_name: Company being searched (for reference) """ db = SessionLocal() try: log_entry = AIAPICostLog( api_provider='brave', model_name='search_api', feature=feature, user_id=user_id, input_tokens=0, output_tokens=0, total_tokens=0 ) db.add(log_entry) db.commit() logger.debug(f"Logged Brave API call: {feature} for {company_name}") except Exception as e: logger.error(f"Failed to log Brave API call: {e}") db.rollback() finally: db.close() # ============================================================ # HEALTH CHECK # ============================================================ @app.route('/health') def health(): """Health check endpoint for monitoring""" return {'status': 'ok'}, 200 @app.route('/test-error-500') @login_required def test_error_500(): """Test endpoint to trigger 500 error for notification testing. Admin only.""" if not current_user.is_admin: flash('Brak uprawnień', 'error') return redirect(url_for('index')) # Intentionally raise an error to test error notification raise Exception("TEST ERROR 500 - Celowy błąd testowy do sprawdzenia powiadomień email") @app.route('/health/full') def health_full(): """ Extended health check - verifies all critical endpoints. Returns detailed status of each endpoint. Access: /health/full """ results = [] all_ok = True # List of ALL endpoints to check (path, name) # Comprehensive list updated 2026-01-17 endpoints = [ # ========== PUBLIC PAGES ========== ('/', 'Strona główna'), ('/login', 'Logowanie'), ('/register', 'Rejestracja'), ('/release-notes', 'Historia zmian'), ('/search?q=test', 'Wyszukiwarka'), ('/aktualnosci', 'Aktualności'), ('/forum', 'Forum'), ('/kalendarz', 'Kalendarz wydarzeń'), ('/tablica', 'Tablica ogłoszeń'), ('/nowi-czlonkowie', 'Nowi członkowie'), ('/mapa-polaczen', 'Mapa połączeń'), ('/forgot-password', 'Reset hasła'), # ========== RAPORTY ========== ('/raporty/', 'Raporty'), ('/raporty/staz-czlonkostwa', 'Raport: Staż członkostwa'), ('/raporty/social-media', 'Raport: Social Media'), ('/raporty/struktura-branzowa', 'Raport: Struktura branżowa'), # ========== ZOPK PUBLIC ========== ('/zopk', 'ZOPK: Strona główna'), ('/zopk/aktualnosci', 'ZOPK: Aktualności'), # ========== CHAT ========== ('/chat', 'NordaGPT Chat'), # ========== IT AUDIT ========== ('/it-audit/form', 'IT Audit: Formularz'), # ========== PUBLIC API ========== ('/api/companies', 'API: Lista firm'), ('/api/model-info', 'API: Model info'), ('/api/gbp/audit/health', 'API: GBP health'), # ========== ADMIN: CORE ========== ('/admin/security', 'Admin: Bezpieczeństwo'), ('/admin/analytics', 'Admin: Analityka'), ('/admin/status', 'Admin: Status systemu'), ('/admin/health', 'Admin: Health dashboard'), ('/admin/debug', 'Admin: Debug'), ('/admin/ai-usage', 'Admin: AI Usage'), ('/admin/chat-analytics', 'Admin: Chat analytics'), ('/admin/users', 'Admin: Użytkownicy'), ('/admin/recommendations', 'Admin: Rekomendacje'), ('/admin/fees', 'Admin: Składki'), # ========== ADMIN: AUDITS ========== ('/admin/seo', 'Admin: SEO Audit'), ('/admin/gbp-audit', 'Admin: GBP Audit'), ('/admin/social-media', 'Admin: Social Media'), ('/admin/social-audit', 'Admin: Social Audit'), ('/admin/it-audit', 'Admin: IT Audit'), ('/admin/digital-maturity', 'Admin: Digital Maturity'), ('/admin/krs-audit', 'Admin: KRS Audit'), # ========== ADMIN: COMMUNITY ========== ('/admin/forum', 'Admin: Forum'), ('/admin/kalendarz', 'Admin: Kalendarz'), # ========== ADMIN: ZOPK ========== ('/admin/zopk', 'Admin: ZOPK Panel'), ('/admin/zopk/news', 'Admin: ZOPK News'), ('/admin/zopk/knowledge', 'Admin: ZOPK Knowledge'), ('/admin/zopk/knowledge/chunks', 'Admin: ZOPK Chunks'), ('/admin/zopk/knowledge/facts', 'Admin: ZOPK Facts'), ('/admin/zopk/knowledge/entities', 'Admin: ZOPK Entities'), ('/admin/zopk/knowledge/duplicates', 'Admin: ZOPK Duplikaty'), ('/admin/zopk/knowledge/fact-duplicates', 'Admin: ZOPK Fact Duplicates'), ('/admin/zopk/knowledge/graph', 'Admin: ZOPK Graf'), ('/admin/zopk/timeline', 'Admin: ZOPK Timeline'), # ========== ZOPK API ========== ('/api/zopk/milestones', 'API: ZOPK Milestones'), ('/api/zopk/knowledge/dashboard-stats', 'API: ZOPK Dashboard stats'), # ========== USER SETTINGS (v1.19.0) ========== ('/settings/privacy', 'Ustawienia: Prywatność'), ('/settings/blocks', 'Ustawienia: Blokady'), ('/settings/2fa', 'Ustawienia: 2FA'), # ========== WIADOMOŚCI ========== ('/wiadomosci', 'Wiadomości: Odebrane'), ('/wiadomosci/wyslane', 'Wiadomości: Wysłane'), ('/wiadomosci/nowa', 'Wiadomości: Nowa'), # ========== EDUKACJA ========== ('/edukacja', 'Edukacja: Strona główna'), # ========== ADMIN: INSIGHTS ========== ('/admin/insights', 'Admin: Insights'), ] # Dodaj losową firmę do sprawdzenia db = SessionLocal() try: random_company = db.query(Company).first() if random_company: endpoints.append((f'/company/{random_company.slug}', f'Profil: {random_company.name[:25]}')) finally: db.close() # Testuj każdy endpoint używając test client with app.test_client() as client: for path, name in endpoints: try: response = client.get(path, follow_redirects=False) status = response.status_code # 200 = OK, 302 = redirect (np. do logowania) = OK # 429 = rate limited (endpoint działa, tylko ograniczony) # 500 = błąd serwera, 404 = nie znaleziono if status in (200, 302, 304, 429): results.append({ 'endpoint': path, 'name': name, 'status': status, 'ok': True }) else: results.append({ 'endpoint': path, 'name': name, 'status': status, 'ok': False }) all_ok = False except Exception as e: results.append({ 'endpoint': path, 'name': name, 'status': 500, 'ok': False, 'error': str(e)[:100] }) all_ok = False # Podsumowanie passed = sum(1 for r in results if r['ok']) failed = len(results) - passed return { 'status': 'ok' if all_ok else 'degraded', 'summary': { 'total': len(results), 'passed': passed, 'failed': failed }, 'endpoints': results, 'timestamp': datetime.now().isoformat() }, 200 if all_ok else 503 # ============================================================ # PUBLIC ROUTES - MOVED TO blueprints/public/routes.py # ============================================================ # The routes below have been migrated to the public blueprint. # They are commented out but preserved for reference. # See: blueprints/public/routes.py # ============================================================ # RECOMMENDATIONS ADMIN ROUTES - MOVED TO: blueprints/admin/routes.py # ============================================================ # ============================================================ # USER MANAGEMENT ADMIN ROUTES # Moved to: blueprints/admin/routes.py # NOTE: AI-parse routes remain below # ============================================================ # admin_users, admin_user_add - MOVED TO: blueprints/admin/routes.py # AI-ASSISTED USER CREATION - MOVED TO blueprints/admin/routes_users_api.py # Routes: /admin/users-api/ai-parse, /admin/users-api/bulk-create # ============================================================ # USER ANALYTICS API ROUTES - MOVED TO blueprints/api/routes_analytics.py # ============================================================ # Routes: /api/analytics/track, /api/analytics/heartbeat, /api/analytics/scroll, # /api/analytics/error, /api/analytics/performance, /api/analytics/conversion # ============================================================ # RECOMMENDATIONS API ROUTES - MOVED TO blueprints/api/routes_recommendations.py # ============================================================ # Routes: /api/recommendations/, /api/recommendations/create, # /api/recommendations//edit, /api/recommendations//delete # ============================================================ # B2B CLASSIFIEDS ROUTES - MIGRATED TO blueprints/community/classifieds/ # ============================================================ # Routes: /tablica, /tablica/nowe, /tablica/, /tablica//zakoncz # ============================================================ # NEW MEMBERS ROUTE - MOVED TO blueprints/public/routes.py # ============================================================ # AUTHENTICATION ROUTES - MOVED TO blueprints/auth/routes.py # ============================================================ # The routes below have been migrated to the auth blueprint. # They are commented out but preserved for reference. # See: blueprints/auth/routes.py # ============================================================ # TWO-FACTOR AUTHENTICATION - MOVED TO blueprints/auth/routes.py # ============================================================ # MOJE KONTO - MOVED TO blueprints/auth/routes.py # ============================================================ # USER DASHBOARD - MOVED TO blueprints/public/routes.py # ============================================================ # API ROUTES (for frontend) # ============================================================ @app.route('/api/companies') def api_companies(): """API: Get all companies""" db = SessionLocal() try: companies = db.query(Company).filter_by(status='active').all() return jsonify({ 'success': True, 'companies': [ { 'id': c.id, 'name': c.name, 'category': c.category.name if c.category else None, 'description': c.description_short, 'website': c.website, 'phone': c.phone, 'email': c.email } for c in companies ] }) finally: db.close() @app.route('/api/connections') def api_connections(): """ API: Get company-person connections for D3.js visualization. Returns nodes (companies and people) and links (relationships). """ db = SessionLocal() try: # Get all companies with people data companies = db.query(Company).filter_by(status='active').all() # Get all people with company relationships people = db.query(Person).join(CompanyPerson).distinct().all() # Build nodes nodes = [] # Company nodes for c in companies: nodes.append({ 'id': f'company_{c.id}', 'name': c.name, 'type': 'company', 'category': c.category.name if c.category else 'Other', 'slug': c.slug, 'has_krs': bool(c.krs), 'city': c.address_city or '' }) # Person nodes for p in people: # Count UNIQUE companies this person is connected to (not roles) company_count = len(set(r.company_id for r in p.company_roles if r.company and r.company.status == 'active')) nodes.append({ 'id': f'person_{p.id}', 'name': f'{p.imiona} {p.nazwisko}', 'type': 'person', 'company_count': company_count }) # Build links links = [] for p in people: for role in p.company_roles: if role.company and role.company.status == 'active': links.append({ 'source': f'person_{p.id}', 'target': f'company_{role.company_id}', 'role': role.role, 'category': role.role_category }) return jsonify({ 'success': True, 'nodes': nodes, 'links': links, 'stats': { 'companies': len([n for n in nodes if n['type'] == 'company']), 'people': len([n for n in nodes if n['type'] == 'person']), 'connections': len(links) } }) finally: db.close() def _build_seo_audit_response(company, analysis): """ Helper function to build SEO audit response JSON. Used by both /api/seo/audit and /api/seo/audit/ endpoints. """ # Build issues list from various checks issues = [] # Check for images without alt if analysis.images_without_alt and analysis.images_without_alt > 0: issues.append({ 'severity': 'warning', 'message': f'{analysis.images_without_alt} obrazów nie ma atrybutu alt', 'category': 'accessibility' }) # Check for missing meta description if not analysis.meta_description: issues.append({ 'severity': 'warning', 'message': 'Brak meta description', 'category': 'on_page' }) # Check H1 count (should be exactly 1) if analysis.h1_count is not None: if analysis.h1_count == 0: issues.append({ 'severity': 'error', 'message': 'Brak nagłówka H1 na stronie', 'category': 'on_page' }) elif analysis.h1_count > 1: issues.append({ 'severity': 'warning', 'message': f'Strona zawiera {analysis.h1_count} nagłówków H1 (zalecany: 1)', 'category': 'on_page' }) # Check SSL if analysis.has_ssl is False: issues.append({ 'severity': 'error', 'message': 'Strona nie używa HTTPS (brak certyfikatu SSL)', 'category': 'security' }) # Check robots.txt if analysis.has_robots_txt is False: issues.append({ 'severity': 'info', 'message': 'Brak pliku robots.txt', 'category': 'technical' }) # Check sitemap if analysis.has_sitemap is False: issues.append({ 'severity': 'info', 'message': 'Brak pliku sitemap.xml', 'category': 'technical' }) # Check indexability if analysis.is_indexable is False: issues.append({ 'severity': 'error', 'message': f'Strona nie jest indeksowalna: {analysis.noindex_reason or "nieznana przyczyna"}', 'category': 'technical' }) # Check structured data if analysis.has_structured_data is False: issues.append({ 'severity': 'info', 'message': 'Brak danych strukturalnych (Schema.org)', 'category': 'on_page' }) # Check Open Graph tags if analysis.has_og_tags is False: issues.append({ 'severity': 'info', 'message': 'Brak tagów Open Graph (ważne dla udostępniania w social media)', 'category': 'social' }) # Check mobile-friendliness if analysis.is_mobile_friendly is False: issues.append({ 'severity': 'warning', 'message': 'Strona nie jest przyjazna dla urządzeń mobilnych', 'category': 'technical' }) # Add issues from seo_issues JSONB field if available if analysis.seo_issues: stored_issues = analysis.seo_issues if isinstance(analysis.seo_issues, list) else [] for issue in stored_issues: if isinstance(issue, dict): issues.append(issue) # Build response return { 'success': True, 'company_id': company.id, 'company_name': company.name, 'website': company.website, 'seo_audit': { 'audited_at': analysis.seo_audited_at.isoformat() if analysis.seo_audited_at else None, 'audit_version': analysis.seo_audit_version, 'overall_score': analysis.seo_overall_score, 'pagespeed': { 'seo_score': analysis.pagespeed_seo_score, 'performance_score': analysis.pagespeed_performance_score, 'accessibility_score': analysis.pagespeed_accessibility_score, 'best_practices_score': analysis.pagespeed_best_practices_score }, 'on_page': { 'meta_title': analysis.meta_title, 'meta_description': analysis.meta_description, 'h1_count': analysis.h1_count, 'h1_text': analysis.h1_text, 'h2_count': analysis.h2_count, 'h3_count': analysis.h3_count, 'total_images': analysis.total_images, 'images_without_alt': analysis.images_without_alt, 'images_with_alt': analysis.images_with_alt, 'internal_links_count': analysis.internal_links_count, 'external_links_count': analysis.external_links_count, 'has_structured_data': analysis.has_structured_data, 'structured_data_types': analysis.structured_data_types }, 'technical': { 'has_ssl': analysis.has_ssl, 'ssl_issuer': analysis.ssl_issuer, 'ssl_expires_at': analysis.ssl_expires_at.isoformat() if analysis.ssl_expires_at else None, 'has_sitemap': analysis.has_sitemap, 'has_robots_txt': analysis.has_robots_txt, 'has_canonical': analysis.has_canonical, 'canonical_url': analysis.canonical_url, 'is_indexable': analysis.is_indexable, 'noindex_reason': analysis.noindex_reason, 'is_mobile_friendly': analysis.is_mobile_friendly, 'viewport_configured': analysis.viewport_configured, 'load_time_ms': analysis.load_time_ms, 'http_status_code': analysis.http_status_code }, 'core_web_vitals': { 'largest_contentful_paint_ms': analysis.largest_contentful_paint_ms, 'first_input_delay_ms': analysis.first_input_delay_ms, 'cumulative_layout_shift': float(analysis.cumulative_layout_shift) if analysis.cumulative_layout_shift else None }, 'social': { 'has_og_tags': analysis.has_og_tags, 'og_title': analysis.og_title, 'og_description': analysis.og_description, 'og_image': analysis.og_image, 'has_twitter_cards': analysis.has_twitter_cards }, 'language': { 'html_lang': analysis.html_lang, 'has_hreflang': analysis.has_hreflang }, 'issues': issues } } def _get_seo_audit_for_company(db, company): """ Helper function to get SEO audit data for a company. Returns tuple of (response_dict, status_code) or (None, None) if audit exists. """ # Get latest SEO audit for this company analysis = db.query(CompanyWebsiteAnalysis).filter_by( company_id=company.id ).order_by(CompanyWebsiteAnalysis.analyzed_at.desc()).first() if not analysis: return { 'success': True, 'company_id': company.id, 'company_name': company.name, 'website': company.website, 'seo_audit': None, 'message': 'Brak danych SEO dla tej firmy. Audyt nie został jeszcze przeprowadzony.' }, 200 # Check if SEO audit was performed (seo_audited_at is set) if not analysis.seo_audited_at: return { 'success': True, 'company_id': company.id, 'company_name': company.name, 'website': company.website, 'seo_audit': None, 'message': 'Audyt SEO nie został jeszcze przeprowadzony dla tej firmy.' }, 200 # Build full response return _build_seo_audit_response(company, analysis), 200 @app.route('/api/seo/audit') def api_seo_audit(): """ API: Get SEO audit results for a company. Query parameters: - company_id: Company ID (integer) - slug: Company slug (string) At least one of company_id or slug must be provided. Returns JSON with: - pagespeed scores (seo, performance, accessibility, best_practices) - on_page metrics (meta tags, headings, images, links, structured data) - technical checks (ssl, sitemap, robots.txt, mobile-friendly) - issues list with severity levels """ company_id = request.args.get('company_id', type=int) slug = request.args.get('slug', type=str) if not company_id and not slug: return jsonify({ 'success': False, 'error': 'Podaj company_id lub slug firmy' }), 400 db = SessionLocal() try: # Find company by ID or slug if company_id: company = db.query(Company).filter_by(id=company_id, status='active').first() else: company = db.query(Company).filter_by(slug=slug, status='active').first() if not company: return jsonify({ 'success': False, 'error': 'Firma nie znaleziona' }), 404 response, status_code = _get_seo_audit_for_company(db, company) return jsonify(response), status_code finally: db.close() @app.route('/api/seo/audit/') def api_seo_audit_by_slug(slug): """ API: Get SEO audit results for a company by slug. Convenience endpoint that uses slug from URL path. Example: GET /api/seo/audit/pixlab-sp-z-o-o """ db = SessionLocal() try: # Find company by slug company = db.query(Company).filter_by(slug=slug, status='active').first() if not company: return jsonify({ 'success': False, 'error': 'Firma nie znaleziona' }), 404 response, status_code = _get_seo_audit_for_company(db, company) return jsonify(response), status_code finally: db.close() @app.route('/api/seo/audit', methods=['POST']) @login_required @limiter.limit("200 per hour") def api_seo_audit_trigger(): """ API: Trigger SEO audit for a company (admin-only). This endpoint runs a full SEO audit including: - Google PageSpeed Insights analysis - On-page SEO analysis (meta tags, headings, images, links) - Technical SEO checks (robots.txt, sitemap, canonical URLs) Request JSON body: - company_id: Company ID (integer) OR - slug: Company slug (string) Returns: - Success: Full SEO audit results saved to database - Error: Error message with status code Rate limited to 10 requests per hour per user to prevent API abuse. """ # Admin-only check if not current_user.is_admin: return jsonify({ 'success': False, 'error': 'Brak uprawnień. Tylko administrator może uruchamiać audyty SEO.' }), 403 # Check if SEO audit service is available if not SEO_AUDIT_AVAILABLE: return jsonify({ 'success': False, 'error': 'Usługa audytu SEO jest niedostępna. Sprawdź konfigurację serwera.' }), 503 # Parse request data data = request.get_json() if not data: return jsonify({ 'success': False, 'error': 'Brak danych w żądaniu. Podaj company_id lub slug.' }), 400 company_id = data.get('company_id') slug = data.get('slug') if not company_id and not slug: return jsonify({ 'success': False, 'error': 'Podaj company_id lub slug firmy do audytu.' }), 400 db = SessionLocal() try: # Find company by ID or slug if company_id: company = db.query(Company).filter_by(id=company_id, status='active').first() else: company = db.query(Company).filter_by(slug=slug, status='active').first() if not company: return jsonify({ 'success': False, 'error': 'Firma nie znaleziona lub nieaktywna.' }), 404 # Check if company has a website if not company.website: return jsonify({ 'success': False, 'error': f'Firma "{company.name}" nie ma zdefiniowanej strony internetowej.', 'company_id': company.id, 'company_name': company.name }), 400 logger.info(f"SEO audit triggered by admin {current_user.email} for company: {company.name} (ID: {company.id})") # Initialize SEO auditor and run audit try: auditor = SEOAuditor() # Prepare company dict for auditor company_dict = { 'id': company.id, 'name': company.name, 'slug': company.slug, 'website': company.website, 'address_city': company.address_city } # Run the audit audit_result = auditor.audit_company(company_dict) # Check for errors if audit_result.get('errors') and not audit_result.get('onpage') and not audit_result.get('pagespeed'): return jsonify({ 'success': False, 'error': f'Audyt nie powiódł się: {", ".join(audit_result["errors"])}', 'company_id': company.id, 'company_name': company.name, 'website': company.website }), 422 # Save result to database saved = auditor.save_audit_result(audit_result) if not saved: return jsonify({ 'success': False, 'error': 'Audyt został wykonany, ale nie udało się zapisać wyników do bazy danych.', 'company_id': company.id, 'company_name': company.name }), 500 # Get the updated analysis record to return db.expire_all() # Refresh the session to get updated data analysis = db.query(CompanyWebsiteAnalysis).filter_by( company_id=company.id ).order_by(CompanyWebsiteAnalysis.analyzed_at.desc()).first() # Build response using the existing helper function response = _build_seo_audit_response(company, analysis) return jsonify({ 'success': True, 'message': f'Audyt SEO dla firmy "{company.name}" został zakończony pomyślnie.', 'audit_version': SEO_AUDIT_VERSION, 'triggered_by': current_user.email, 'triggered_at': datetime.now().isoformat(), **response }), 200 except Exception as e: logger.error(f"SEO audit error for company {company.id}: {e}") return jsonify({ 'success': False, 'error': f'Błąd podczas wykonywania audytu: {str(e)}', 'company_id': company.id, 'company_name': company.name }), 500 finally: db.close() # ============================================================ # SEO & GBP AUDIT DASHBOARDS - MOVED TO: blueprints/admin/routes_audits.py # ============================================================ # ============================================================ # GBP (GOOGLE BUSINESS PROFILE) AUDIT API # ============================================================ @app.route('/api/gbp/audit/health') def api_gbp_audit_health(): """ API: Health check for GBP audit service. Returns service status and version information. Used by monitoring systems to verify service availability. """ if GBP_AUDIT_AVAILABLE: return jsonify({ 'status': 'ok', 'service': 'gbp_audit', 'version': GBP_AUDIT_VERSION, 'available': True }), 200 else: return jsonify({ 'status': 'unavailable', 'service': 'gbp_audit', 'available': False, 'error': 'GBP audit service not loaded' }), 503 @app.route('/api/gbp/audit', methods=['GET']) def api_gbp_audit_get(): """ API: Get GBP audit results for a company. Query parameters: - company_id: Company ID (integer) OR - slug: Company slug (string) Returns: - Latest audit results with completeness score and recommendations - 404 if company not found - 404 if no audit exists for the company Example: GET /api/gbp/audit?company_id=26 Example: GET /api/gbp/audit?slug=pixlab-sp-z-o-o """ if not GBP_AUDIT_AVAILABLE: return jsonify({ 'success': False, 'error': 'Usługa audytu GBP jest niedostępna.' }), 503 company_id = request.args.get('company_id', type=int) slug = request.args.get('slug') if not company_id and not slug: return jsonify({ 'success': False, 'error': 'Podaj company_id lub slug firmy.' }), 400 db = SessionLocal() try: # Find company if company_id: company = db.query(Company).filter_by(id=company_id, status='active').first() else: company = db.query(Company).filter_by(slug=slug, status='active').first() if not company: return jsonify({ 'success': False, 'error': 'Firma nie znaleziona lub nieaktywna.' }), 404 # Get latest audit audit = gbp_get_company_audit(db, company.id) if not audit: return jsonify({ 'success': False, 'error': f'Brak wyników audytu GBP dla firmy "{company.name}". Uruchom audyt używając POST /api/gbp/audit.', 'company_id': company.id, 'company_name': company.name }), 404 # Build response return jsonify({ 'success': True, 'company_id': company.id, 'company_name': company.name, 'company_slug': company.slug, 'audit': { 'id': audit.id, 'audit_date': audit.audit_date.isoformat() if audit.audit_date else None, 'completeness_score': audit.completeness_score, 'score_category': audit.score_category, 'fields_status': audit.fields_status, 'recommendations': audit.recommendations, 'has_name': audit.has_name, 'has_address': audit.has_address, 'has_phone': audit.has_phone, 'has_website': audit.has_website, 'has_hours': audit.has_hours, 'has_categories': audit.has_categories, 'has_photos': audit.has_photos, 'has_description': audit.has_description, 'has_services': audit.has_services, 'has_reviews': audit.has_reviews, 'photo_count': audit.photo_count, 'review_count': audit.review_count, 'average_rating': float(audit.average_rating) if audit.average_rating else None, 'google_place_id': audit.google_place_id, 'audit_source': audit.audit_source, 'audit_version': audit.audit_version } }), 200 except Exception as e: logger.error(f"Error fetching GBP audit: {e}") return jsonify({ 'success': False, 'error': f'Błąd podczas pobierania audytu: {str(e)}' }), 500 finally: db.close() @app.route('/api/gbp/audit/') def api_gbp_audit_by_slug(slug): """ API: Get GBP audit results for a company by slug. Convenience endpoint that uses slug from URL path. Example: GET /api/gbp/audit/pixlab-sp-z-o-o """ if not GBP_AUDIT_AVAILABLE: return jsonify({ 'success': False, 'error': 'Usługa audytu GBP jest niedostępna.' }), 503 db = SessionLocal() try: company = db.query(Company).filter_by(slug=slug, status='active').first() if not company: return jsonify({ 'success': False, 'error': f'Firma o slug "{slug}" nie znaleziona.' }), 404 audit = gbp_get_company_audit(db, company.id) if not audit: return jsonify({ 'success': False, 'error': f'Brak wyników audytu GBP dla firmy "{company.name}".', 'company_id': company.id, 'company_name': company.name }), 404 return jsonify({ 'success': True, 'company_id': company.id, 'company_name': company.name, 'company_slug': company.slug, 'audit': { 'id': audit.id, 'audit_date': audit.audit_date.isoformat() if audit.audit_date else None, 'completeness_score': audit.completeness_score, 'score_category': audit.score_category, 'fields_status': audit.fields_status, 'recommendations': audit.recommendations, 'photo_count': audit.photo_count, 'review_count': audit.review_count, 'average_rating': float(audit.average_rating) if audit.average_rating else None } }), 200 finally: db.close() @app.route('/api/gbp/audit', methods=['POST']) @login_required @limiter.limit("20 per hour") def api_gbp_audit_trigger(): """ API: Run GBP audit for a company. This endpoint runs a completeness audit for Google Business Profile data, checking fields like name, address, phone, website, hours, categories, photos, description, services, and reviews. Request JSON body: - company_id: Company ID (integer) OR - slug: Company slug (string) - save: Whether to save results to database (default: true) Returns: - Success: Audit results with completeness score and recommendations - Error: Error message with status code Access: - Members can audit their own company - Admins can audit any company Rate limited to 20 requests per hour per user. """ if not GBP_AUDIT_AVAILABLE: return jsonify({ 'success': False, 'error': 'Usługa audytu GBP jest niedostępna. Sprawdź konfigurację serwera.' }), 503 # Parse request data data = request.get_json() if not data: return jsonify({ 'success': False, 'error': 'Brak danych w żądaniu. Podaj company_id lub slug.' }), 400 company_id = data.get('company_id') slug = data.get('slug') save_result = data.get('save', True) if not company_id and not slug: return jsonify({ 'success': False, 'error': 'Podaj company_id lub slug firmy do audytu.' }), 400 db = SessionLocal() try: # Find company by ID or slug if company_id: company = db.query(Company).filter_by(id=company_id, status='active').first() else: company = db.query(Company).filter_by(slug=slug, status='active').first() if not company: return jsonify({ 'success': False, 'error': 'Firma nie znaleziona lub nieaktywna.' }), 404 # Check access: admin can audit any company, member only their own if not current_user.is_admin: # Check if user is associated with this company if current_user.company_id != company.id: return jsonify({ 'success': False, 'error': 'Brak uprawnień. Możesz audytować tylko własną firmę.' }), 403 logger.info(f"GBP audit triggered by {current_user.email} for company: {company.name} (ID: {company.id})") # Option to fetch fresh Google data before audit fetch_google = data.get('fetch_google', True) force_refresh = data.get('force_refresh', False) try: # Step 1: Fetch fresh Google Business data (if enabled) fetch_result = None if fetch_google: logger.info(f"Fetching Google Business data for company {company.id}...") fetch_result = gbp_fetch_google_data(db, company.id, force_refresh=force_refresh) if not fetch_result.get('success') and not fetch_result.get('data', {}).get('cached'): # Log warning but continue with audit logger.warning(f"Google fetch warning for company {company.id}: {fetch_result.get('error')}") # Step 2: Run the audit result = gbp_audit_company(db, company.id, save=save_result) # Build field status for response fields_response = {} for field_name, field_status in result.fields.items(): fields_response[field_name] = { 'status': field_status.status, 'value': str(field_status.value) if field_status.value is not None else None, 'score': field_status.score, 'max_score': field_status.max_score, 'recommendation': field_status.recommendation } # Determine score category score = result.completeness_score if score >= 90: score_category = 'excellent' elif score >= 70: score_category = 'good' elif score >= 50: score_category = 'needs_work' else: score_category = 'poor' response_data = { 'success': True, 'message': f'Audyt GBP dla firmy "{company.name}" został zakończony pomyślnie.', 'company_id': company.id, 'company_name': company.name, 'company_slug': company.slug, 'audit_version': GBP_AUDIT_VERSION, 'triggered_by': current_user.email, 'triggered_at': datetime.now().isoformat(), 'saved': save_result, 'audit': { 'completeness_score': result.completeness_score, 'score_category': score_category, 'fields_status': fields_response, 'recommendations': result.recommendations, 'photo_count': result.photo_count, 'logo_present': result.logo_present, 'cover_photo_present': result.cover_photo_present, 'review_count': result.review_count, 'average_rating': float(result.average_rating) if result.average_rating else None, 'google_place_id': result.google_place_id } } # Include Google fetch results if performed if fetch_result: response_data['google_fetch'] = { 'success': fetch_result.get('success', False), 'steps': fetch_result.get('steps', []), 'data': fetch_result.get('data', {}), 'error': fetch_result.get('error') } return jsonify(response_data), 200 except ValueError as e: return jsonify({ 'success': False, 'error': str(e), 'company_id': company.id if company else None }), 400 except Exception as e: logger.error(f"GBP audit error for company {company.id}: {e}") return jsonify({ 'success': False, 'error': f'Błąd podczas wykonywania audytu: {str(e)}', 'company_id': company.id, 'company_name': company.name }), 500 finally: db.close() # ============================================================ # SEO AUDIT USER-FACING DASHBOARD # ============================================================ @app.route('/audit/seo/') @login_required def seo_audit_dashboard(slug): """ User-facing SEO audit dashboard for a specific company. Displays SEO audit results with: - PageSpeed Insights scores (SEO, Performance, Accessibility, Best Practices) - Website analysis data - Improvement recommendations Access control: - Admin users can view audit for any company - Regular users can only view audit for their own company Args: slug: Company slug identifier Returns: Rendered seo_audit.html template with company and audit data """ db = SessionLocal() try: # Find company by slug company = db.query(Company).filter_by(slug=slug, status='active').first() if not company: flash('Firma nie została znaleziona.', 'error') return redirect(url_for('dashboard')) # Access control: admin can view any company, member only their own if not current_user.is_admin: if current_user.company_id != company.id: flash('Brak uprawnień. Możesz przeglądać audyt tylko własnej firmy.', 'error') return redirect(url_for('dashboard')) # Get latest SEO analysis for this company analysis = db.query(CompanyWebsiteAnalysis).filter( CompanyWebsiteAnalysis.company_id == company.id ).order_by(CompanyWebsiteAnalysis.seo_audited_at.desc()).first() # Build SEO data dict if analysis exists seo_data = None if analysis and analysis.seo_audited_at: seo_data = { 'seo_score': analysis.pagespeed_seo_score, 'performance_score': analysis.pagespeed_performance_score, 'accessibility_score': analysis.pagespeed_accessibility_score, 'best_practices_score': analysis.pagespeed_best_practices_score, 'audited_at': analysis.seo_audited_at, 'audit_version': analysis.seo_audit_version, 'url': analysis.website_url } # Determine if user can run audit (admin or company owner) can_audit = current_user.is_admin or current_user.company_id == company.id logger.info(f"SEO audit dashboard viewed by {current_user.email} for company: {company.name}") return render_template('seo_audit.html', company=company, seo_data=seo_data, can_audit=can_audit ) finally: db.close() # ============================================================ # SOCIAL MEDIA AUDIT USER-FACING DASHBOARD # ============================================================ @app.route('/audit/social/') @login_required def social_audit_dashboard(slug): """ User-facing Social Media audit dashboard for a specific company. Displays social media presence audit with: - Overall presence score (platforms found / total platforms) - Platform-by-platform status - Profile validation status - Recommendations for missing platforms Access control: - Admins: Can view all companies - Regular users: Can only view their own company Args: slug: Company URL slug Returns: Rendered social_audit.html template with company and social data """ db = SessionLocal() try: # Find company by slug company = db.query(Company).filter_by(slug=slug, status='active').first() if not company: flash('Firma nie została znaleziona.', 'error') return redirect(url_for('dashboard')) # Access control - admin can view all, users only their company if not current_user.is_admin: if current_user.company_id != company.id: flash('Brak uprawnień do wyświetlenia audytu social media tej firmy.', 'error') return redirect(url_for('dashboard')) # Get social media profiles for this company social_profiles = db.query(CompanySocialMedia).filter( CompanySocialMedia.company_id == company.id ).all() # Define all platforms we track all_platforms = ['facebook', 'instagram', 'linkedin', 'youtube', 'twitter', 'tiktok'] # Build social media data profiles_dict = {} for profile in social_profiles: profiles_dict[profile.platform] = { 'url': profile.url, 'is_valid': profile.is_valid, 'check_status': profile.check_status, 'page_name': profile.page_name, 'followers_count': profile.followers_count, 'verified_at': profile.verified_at, 'last_checked_at': profile.last_checked_at } # Calculate score (platforms with profiles / total platforms) platforms_with_profiles = len([p for p in all_platforms if p in profiles_dict]) total_platforms = len(all_platforms) score = int((platforms_with_profiles / total_platforms) * 100) if total_platforms > 0 else 0 social_data = { 'profiles': profiles_dict, 'all_platforms': all_platforms, 'platforms_count': platforms_with_profiles, 'total_platforms': total_platforms, 'score': score } # Determine if user can run audit (admin or company owner) can_audit = current_user.is_admin or current_user.company_id == company.id logger.info(f"Social Media audit dashboard viewed by {current_user.email} for company: {company.name}") return render_template('social_audit.html', company=company, social_data=social_data, can_audit=can_audit ) finally: db.close() @app.route('/api/social/audit', methods=['POST']) @login_required @limiter.limit("10 per hour") def api_social_audit_trigger(): """ API: Trigger Social Media audit for a company. This endpoint performs a comprehensive social media audit: - Scans company website for social media links - Searches for profiles via Brave Search API (if configured) - Fetches Google Business Profile data - Updates database with discovered profiles Request JSON body: - company_id: Company ID (integer) OR - slug: Company slug (string) Returns: - Success: Updated social media audit results - Error: Error message with status code Rate limited to 10 requests per hour per user. """ # Import the SocialMediaAuditor from scripts try: import sys from pathlib import Path scripts_dir = Path(__file__).parent / 'scripts' if str(scripts_dir) not in sys.path: sys.path.insert(0, str(scripts_dir)) from social_media_audit import SocialMediaAuditor except ImportError as e: logger.error(f"Failed to import SocialMediaAuditor: {e}") return jsonify({ 'success': False, 'error': 'Usługa audytu Social Media jest niedostępna. Sprawdź konfigurację serwera.' }), 503 # Parse request data data = request.get_json() if not data: return jsonify({ 'success': False, 'error': 'Brak danych w żądaniu. Podaj company_id lub slug.' }), 400 company_id = data.get('company_id') slug = data.get('slug') if not company_id and not slug: return jsonify({ 'success': False, 'error': 'Podaj company_id lub slug firmy do audytu.' }), 400 db = SessionLocal() try: # Find company by ID or slug if company_id: company = db.query(Company).filter_by(id=company_id, status='active').first() else: company = db.query(Company).filter_by(slug=slug, status='active').first() if not company: return jsonify({ 'success': False, 'error': 'Firma nie znaleziona lub nieaktywna.' }), 404 # Access control - admin can audit all, users only their company if not current_user.is_admin: if current_user.company_id != company.id: return jsonify({ 'success': False, 'error': 'Brak uprawnień do audytu social media tej firmy.' }), 403 logger.info(f"Social Media audit triggered by {current_user.email} for company: {company.name} (ID: {company.id})") # Prepare company dict for auditor company_dict = { 'id': company.id, 'name': company.name, 'slug': company.slug, 'website': company.website, 'address_city': company.address_city or 'Wejherowo' } # Initialize auditor and run audit try: auditor = SocialMediaAuditor() audit_result = auditor.audit_company(company_dict) # Check for errors if audit_result.get('errors') and not audit_result.get('social_media') and not audit_result.get('website'): return jsonify({ 'success': False, 'error': f'Audyt nie powiódł się: {", ".join(audit_result["errors"][:3])}', 'company_id': company.id, 'company_name': company.name }), 422 # Save result to database saved = auditor.save_audit_result(audit_result) if not saved: return jsonify({ 'success': False, 'error': 'Audyt został wykonany, ale nie udało się zapisać wyników do bazy danych.', 'company_id': company.id, 'company_name': company.name }), 500 # Get count of social media profiles found social_media_found = audit_result.get('social_media', {}) platforms_count = len(social_media_found) # Calculate score all_platforms = ['facebook', 'instagram', 'linkedin', 'youtube', 'twitter', 'tiktok'] score = int((platforms_count / len(all_platforms)) * 100) return jsonify({ 'success': True, 'message': f'Audyt Social Media zakończony. Znaleziono {platforms_count} profili.', 'company_id': company.id, 'company_name': company.name, 'profiles_found': platforms_count, 'platforms': list(social_media_found.keys()), 'score': score, 'google_reviews': audit_result.get('google_reviews', {}), 'errors': audit_result.get('errors') if audit_result.get('errors') else None }), 200 except Exception as e: logger.error(f"Social Media audit error for company {company.id}: {e}") return jsonify({ 'success': False, 'error': f'Błąd podczas audytu: {str(e)}' }), 500 except Exception as e: logger.error(f"Social Media audit error for company {slug or company_id}: {e}") db.rollback() return jsonify({ 'success': False, 'error': f'Błąd podczas audytu: {str(e)}' }), 500 finally: db.close() # ============================================================ # GBP AUDIT USER-FACING DASHBOARD # ============================================================ @app.route('/audit/gbp/') @login_required def gbp_audit_dashboard(slug): """ User-facing GBP audit dashboard for a specific company. Displays Google Business Profile completeness audit results with: - Overall completeness score (0-100) - Field-by-field status breakdown - AI-generated improvement recommendations - Historical audit data Access control: - Admin users can view audit for any company - Regular users can only view audit for their own company Args: slug: Company slug identifier Returns: Rendered gbp_audit.html template with company and audit data """ if not GBP_AUDIT_AVAILABLE: flash('Usługa audytu Google Business Profile jest tymczasowo niedostępna.', 'error') return redirect(url_for('dashboard')) db = SessionLocal() try: # Find company by slug company = db.query(Company).filter_by(slug=slug, status='active').first() if not company: flash('Firma nie została znaleziona.', 'error') return redirect(url_for('dashboard')) # Access control: admin can view any company, member only their own if not current_user.is_admin: if current_user.company_id != company.id: flash('Brak uprawnień. Możesz przeglądać audyt tylko własnej firmy.', 'error') return redirect(url_for('dashboard')) # Get latest audit for this company audit = gbp_get_company_audit(db, company.id) # If no audit exists, we still render the page (template handles this) # The user can trigger an audit from the dashboard # Determine if user can run audit (admin or company owner) can_audit = current_user.is_admin or current_user.company_id == company.id logger.info(f"GBP audit dashboard viewed by {current_user.email} for company: {company.name}") return render_template('gbp_audit.html', company=company, audit=audit, can_audit=can_audit, gbp_audit_available=GBP_AUDIT_AVAILABLE, gbp_audit_version=GBP_AUDIT_VERSION ) finally: db.close() # ============================================================ # IT AUDIT USER-FACING DASHBOARD # ============================================================ @app.route('/audit/it/') @login_required def it_audit_dashboard(slug): """ User-facing IT infrastructure audit dashboard for a specific company. Displays IT audit results with: - Overall score and maturity level - Security, collaboration, and completeness sub-scores - Technology stack summary (Azure AD, M365, backup, monitoring) - AI-generated recommendations Access control: - Admin users can view audit for any company - Regular users can only view audit for their own company Args: slug: Company slug identifier Returns: Rendered it_audit.html template with company and audit data """ db = SessionLocal() try: # Import IT audit models from database import ITAudit # Find company by slug company = db.query(Company).filter_by(slug=slug, status='active').first() if not company: flash('Firma nie została znaleziona.', 'error') return redirect(url_for('dashboard')) # Access control: admin can view any company, member only their own if not current_user.is_admin: if current_user.company_id != company.id: flash('Brak uprawnień. Możesz przeglądać audyt tylko własnej firmy.', 'error') return redirect(url_for('dashboard')) # Get latest IT audit for this company audit = db.query(ITAudit).filter( ITAudit.company_id == company.id ).order_by(ITAudit.audit_date.desc()).first() # Build audit data dict if audit exists audit_data = None if audit: # Get maturity label maturity_labels = { 'basic': 'Podstawowy', 'developing': 'Rozwijający się', 'established': 'Ugruntowany', 'advanced': 'Zaawansowany' } audit_data = { 'id': audit.id, 'overall_score': audit.overall_score, 'security_score': audit.security_score, 'collaboration_score': audit.collaboration_score, 'completeness_score': audit.completeness_score, 'maturity_level': audit.maturity_level, 'maturity_label': maturity_labels.get(audit.maturity_level, 'Nieznany'), 'audit_date': audit.audit_date, 'audit_source': audit.audit_source, # Technology flags 'has_azure_ad': audit.has_azure_ad, 'has_m365': audit.has_m365, 'has_google_workspace': audit.has_google_workspace, 'has_local_ad': audit.has_local_ad, 'has_edr': audit.has_edr, 'has_mfa': audit.has_mfa, 'has_vpn': audit.has_vpn, 'has_proxmox_pbs': audit.has_proxmox_pbs, 'has_dr_plan': audit.has_dr_plan, 'has_mdm': audit.has_mdm, # Solutions 'antivirus_solution': audit.antivirus_solution, 'backup_solution': audit.backup_solution, 'monitoring_solution': audit.monitoring_solution, 'virtualization_platform': audit.virtualization_platform, # Collaboration flags 'open_to_shared_licensing': audit.open_to_shared_licensing, 'open_to_backup_replication': audit.open_to_backup_replication, 'open_to_teams_federation': audit.open_to_teams_federation, 'open_to_shared_monitoring': audit.open_to_shared_monitoring, 'open_to_collective_purchasing': audit.open_to_collective_purchasing, 'open_to_knowledge_sharing': audit.open_to_knowledge_sharing, # Recommendations 'recommendations': audit.recommendations } # Determine if user can edit audit (admin or company owner) can_edit = current_user.is_admin or current_user.company_id == company.id logger.info(f"IT audit dashboard viewed by {current_user.email} for company: {company.name}") return render_template('it_audit.html', company=company, audit_data=audit_data, can_edit=can_edit ) finally: db.close() @app.route('/api/check-email', methods=['POST']) def api_check_email(): """API: Check if email is available""" data = request.get_json() email = data.get('email', '').strip().lower() # Validate email format if not email or not validate_email(email): return jsonify({ 'available': False, 'error': 'Nieprawidłowy format email' }), 400 db = SessionLocal() try: # Check if email exists existing_user = db.query(User).filter_by(email=email).first() return jsonify({ 'available': existing_user is None, 'email': email }) finally: db.close() @app.route('/api/verify-nip', methods=['POST']) def api_verify_nip(): """API: Verify NIP and check if company is NORDA member""" data = request.get_json() nip = data.get('nip', '').strip() # Validate NIP format if not nip or not re.match(r'^\d{10}$', nip): return jsonify({ 'success': False, 'error': 'Nieprawidłowy format NIP' }), 400 db = SessionLocal() try: # Check if NIP exists in companies database company = db.query(Company).filter_by(nip=nip, status='active').first() if company: return jsonify({ 'success': True, 'is_member': True, 'company_name': company.name, 'company_id': company.id }) else: return jsonify({ 'success': True, 'is_member': False, 'company_name': None, 'company_id': None }) finally: db.close() @app.route('/api/verify-krs', methods=['GET', 'POST']) def api_verify_krs(): """ API: Verify company data from KRS Open API (prs.ms.gov.pl). GET /api/verify-krs?krs=0000817317 POST /api/verify-krs with JSON body: {"krs": "0000817317"} Returns official KRS data including: - Company name, NIP, REGON - Address - Capital - Registration date - Management board (anonymized in Open API) - Shareholders (anonymized in Open API) """ # Get KRS from query params (GET) or JSON body (POST) if request.method == 'GET': krs = request.args.get('krs', '').strip() else: data = request.get_json(silent=True) or {} krs = data.get('krs', '').strip() # Validate KRS format (7-10 digits) if not krs or not re.match(r'^\d{7,10}$', krs): return jsonify({ 'success': False, 'error': 'Nieprawidłowy format KRS (wymagane 7-10 cyfr)' }), 400 # Normalize to 10 digits krs_normalized = krs.zfill(10) try: # Fetch data from KRS Open API krs_data = krs_api_service.get_company_from_krs(krs_normalized) if krs_data is None: return jsonify({ 'success': False, 'error': f'Nie znaleziono podmiotu o KRS {krs_normalized} w rejestrze', 'krs': krs_normalized }), 404 # Check if company exists in our database db = SessionLocal() try: our_company = db.query(Company).filter_by(krs=krs_normalized).first() is_member = our_company is not None company_id = our_company.id if our_company else None finally: db.close() return jsonify({ 'success': True, 'krs': krs_normalized, 'is_norda_member': is_member, 'company_id': company_id, 'data': krs_data.to_dict(), 'formatted_address': krs_api_service.format_address(krs_data), 'source': 'KRS Open API (prs.ms.gov.pl)', 'note': 'Dane osobowe (imiona, nazwiska) są zanonimizowane w Open API' }) except Exception as e: return jsonify({ 'success': False, 'error': f'Błąd podczas pobierania danych z KRS: {str(e)}' }), 500 @app.route('/api/company//refresh-krs', methods=['POST']) @login_required def api_refresh_company_krs(company_id): """ API: Refresh company data from KRS Open API. Updates company record with official KRS data. Requires login. """ db = SessionLocal() try: company = db.query(Company).filter_by(id=company_id).first() if not company: return jsonify({ 'success': False, 'error': 'Firma nie znaleziona' }), 404 if not company.krs: return jsonify({ 'success': False, 'error': 'Firma nie ma numeru KRS' }), 400 # Fetch data from KRS krs_data = krs_api_service.get_company_from_krs(company.krs) if krs_data is None: return jsonify({ 'success': False, 'error': f'Nie znaleziono podmiotu o KRS {company.krs} w rejestrze' }), 404 # Update company data (only non-personal data) updates = {} if krs_data.nip and krs_data.nip != company.nip: updates['nip'] = krs_data.nip company.nip = krs_data.nip if krs_data.regon: regon_9 = krs_data.regon[:9] if regon_9 != company.regon: updates['regon'] = regon_9 company.regon = regon_9 # Update address if significantly different new_address = krs_api_service.format_address(krs_data) if new_address and new_address != company.address: updates['address'] = new_address company.address = new_address if krs_data.miejscowosc and krs_data.miejscowosc != company.city: updates['city'] = krs_data.miejscowosc company.city = krs_data.miejscowosc if krs_data.kapital_zakladowy: updates['kapital_zakladowy'] = krs_data.kapital_zakladowy # Note: Might need to add this field to Company model # Update verification timestamp company.krs_verified_at = datetime.utcnow() db.commit() return jsonify({ 'success': True, 'company_id': company_id, 'updates': updates, 'krs_data': krs_data.to_dict(), 'message': f'Zaktualizowano {len(updates)} pól' if updates else 'Dane są aktualne' }) except Exception as e: db.rollback() return jsonify({ 'success': False, 'error': f'Błąd podczas aktualizacji: {str(e)}' }), 500 finally: db.close() def _search_brave_for_company(company_name: str, city: str = None) -> dict: """ Search Brave API for company information. Returns dict with news items and web results. """ import requests brave_api_key = os.getenv('BRAVE_API_KEY') if not brave_api_key: logger.warning("BRAVE_API_KEY not configured, skipping web search") return {'news': [], 'web': []} results = {'news': [], 'web': []} # Build search query query = f'"{company_name}"' if city: query += f' {city}' try: headers = { 'Accept': 'application/json', 'X-Subscription-Token': brave_api_key } # Search news news_params = { 'q': query, 'count': 5, 'freshness': 'py', # past year 'country': 'pl', 'search_lang': 'pl' } news_response = requests.get( 'https://api.search.brave.com/res/v1/news/search', headers=headers, params=news_params, timeout=10 ) if news_response.status_code == 200: news_data = news_response.json() for item in news_data.get('results', [])[:5]: results['news'].append({ 'title': item.get('title', ''), 'description': item.get('description', ''), 'url': item.get('url', ''), 'source': item.get('meta_url', {}).get('hostname', '') }) logger.info(f"Brave News: found {len(results['news'])} items for '{company_name}'") # Search web web_params = { 'q': query, 'count': 5, 'country': 'pl', 'search_lang': 'pl' } web_response = requests.get( 'https://api.search.brave.com/res/v1/web/search', headers=headers, params=web_params, timeout=10 ) if web_response.status_code == 200: web_data = web_response.json() for item in web_data.get('web', {}).get('results', [])[:5]: results['web'].append({ 'title': item.get('title', ''), 'description': item.get('description', ''), 'url': item.get('url', '') }) logger.info(f"Brave Web: found {len(results['web'])} items for '{company_name}'") except Exception as e: logger.error(f"Brave search error for '{company_name}': {e}") return results def _fetch_website_content(url: str) -> str: """ Fetch and extract text content from company website. Returns first 2000 chars of text content. """ import requests from bs4 import BeautifulSoup if not url: return '' try: # Ensure URL has protocol if not url.startswith('http'): url = 'https://' + url response = requests.get(url, timeout=10, headers={ 'User-Agent': 'Mozilla/5.0 (compatible; NordaBizBot/1.0)' }) if response.status_code == 200: soup = BeautifulSoup(response.text, 'html.parser') # Remove scripts and styles for tag in soup(['script', 'style', 'nav', 'footer', 'header']): tag.decompose() # Get text content text = soup.get_text(separator=' ', strip=True) # Clean up whitespace text = ' '.join(text.split()) logger.info(f"Fetched {len(text)} chars from {url}") return text[:3000] # Limit to 3000 chars except Exception as e: logger.warning(f"Failed to fetch website content from {url}: {e}") return '' @app.route('/api/company//enrich-ai', methods=['POST']) @login_required @limiter.limit("5 per hour") def api_enrich_company_ai(company_id): """ API: Enrich company data using AI (Gemini) with web search. Process: 1. Search Brave API for company news and web results 2. Fetch content from company website 3. Combine with existing database data 4. Send to Gemini for AI-powered enrichment Generates AI insights including: - Business summary - Services list - Target market - Unique selling points - Company values - Certifications - Industry tags Requires: Admin or company owner permissions. Rate limited to 5 requests per hour per user. """ import json db = SessionLocal() try: # Get company company = db.query(Company).filter_by(id=company_id).first() if not company: return jsonify({ 'success': False, 'error': 'Firma nie znaleziona' }), 404 # Check permissions: admin or company owner logger.info(f"Permission check: user={current_user.email}, is_admin={current_user.is_admin}, user_company_id={current_user.company_id}, target_company_id={company.id}") if not current_user.is_admin and current_user.company_id != company.id: return jsonify({ 'success': False, 'error': 'Brak uprawnien. Tylko administrator lub wlasciciel firmy moze wzbogacac dane.' }), 403 # Get Gemini service service = gemini_service.get_gemini_service() if not service: return jsonify({ 'success': False, 'error': 'Usluga AI jest niedostepna. Skontaktuj sie z administratorem.' }), 503 logger.info(f"AI enrichment triggered by {current_user.email} for company: {company.name} (ID: {company.id})") # ============================================ # STEP 1: Search the web for company info # ============================================ brave_results = _search_brave_for_company(company.name, company.address_city) # Format news for prompt news_text = "" if brave_results['news']: news_text = "\n".join([ f"- {item['title']}: {item['description'][:200]}" for item in brave_results['news'][:3] ]) # Format web results for prompt web_text = "" if brave_results['web']: web_text = "\n".join([ f"- {item['title']}: {item['description'][:200]}" for item in brave_results['web'][:3] ]) # ============================================ # STEP 2: Fetch company website content # ============================================ website_content = "" if company.website: website_content = _fetch_website_content(company.website) # ============================================ # STEP 3: Collect existing company data # ============================================ services_list = [] if company.services: services_list = [cs.service.name for cs in company.services if cs.service] elif company.services_offered: services_list = [company.services_offered] competencies_list = [] if company.competencies: competencies_list = [cc.competency.name for cc in company.competencies if cc.competency] existing_data = { 'nazwa': company.name, 'opis_krotki': company.description_short or '', 'opis_pelny': company.description_full or '', 'kategoria': company.category.name if company.category else '', 'uslugi': ', '.join(services_list) if services_list else '', 'kompetencje': ', '.join(competencies_list) if competencies_list else '', 'wartosci': company.core_values or '', 'strona_www': company.website or '', 'miasto': company.address_city or '', 'branza': company.pkd_description or '' } # ============================================ # STEP 4: Build comprehensive prompt for AI # ============================================ prompt = f"""Przeanalizuj wszystkie dostepne dane o polskiej firmie i wygeneruj wzbogacone informacje. === DANE Z BAZY DANYCH === Nazwa: {existing_data['nazwa']} Kategoria: {existing_data['kategoria']} Opis krotki: {existing_data['opis_krotki']} Opis pelny: {existing_data['opis_pelny']} Uslugi: {existing_data['uslugi']} Kompetencje: {existing_data['kompetencje']} Wartosci firmy: {existing_data['wartosci']} Strona WWW: {existing_data['strona_www']} Miasto: {existing_data['miasto']} Branza (PKD): {existing_data['branza']} === INFORMACJE Z INTERNETU (Brave Search) === Newsy o firmie: {news_text if news_text else '(brak znalezionych newsow)'} Wyniki wyszukiwania: {web_text if web_text else '(brak wynikow)'} === TRESC ZE STRONY WWW FIRMY === {website_content[:2000] if website_content else '(nie udalo sie pobrac tresci strony)'} === ZADANIE === Na podstawie WSZYSTKICH powyzszych danych (baza danych, wyszukiwarka, strona WWW) wygeneruj wzbogacone informacje o firmie. Wykorzystaj informacje z internetu do uzupelnienia brakujacych danych. Jesli znalazles nowe uslugi, certyfikaty lub informacje - dodaj je do odpowiedzi. Odpowiedz WYLACZNIE w formacie JSON (bez dodatkowego tekstu): {{ "business_summary": "Zwiezly opis dzialalnosci firmy (2-3 zdania) na podstawie wszystkich zrodel", "services_list": ["usluga1", "usluga2", "usluga3", "usluga4", "usluga5"], "target_market": "Opis grupy docelowej klientow", "unique_selling_points": ["wyroznik1", "wyroznik2", "wyroznik3"], "company_values": ["wartosc1", "wartosc2", "wartosc3"], "certifications": ["certyfikat1", "certyfikat2"], "industry_tags": ["tag1", "tag2", "tag3", "tag4", "tag5"], "recent_news": "Krotkie podsumowanie ostatnich newsow o firmie (jesli sa)", "suggested_category": "Sugerowana kategoria glowna", "category_confidence": 0.85, "data_sources_used": ["database", "brave_search", "website"] }} WAZNE: - Odpowiedz TYLKO JSON, bez markdown, bez ```json - Wszystkie teksty po polsku - Listy powinny zawierac 3-5 elementow - category_confidence to liczba od 0 do 1 - Wykorzystaj maksymalnie informacje z internetu """ # Call Gemini API start_time = time.time() response_text = service.generate_text( prompt=prompt, temperature=0.7, feature='ai_enrichment', user_id=current_user.id, company_id=company.id, related_entity_type='company', related_entity_id=company.id ) processing_time = int((time.time() - start_time) * 1000) # Parse JSON response try: # Clean response - remove markdown code blocks if present clean_response = response_text.strip() if clean_response.startswith('```'): clean_response = clean_response.split('```')[1] if clean_response.startswith('json'): clean_response = clean_response[4:] clean_response = clean_response.strip() ai_data = json.loads(clean_response) except json.JSONDecodeError as e: logger.error(f"Failed to parse AI response: {e}\nResponse: {response_text[:500]}") return jsonify({ 'success': False, 'error': 'Blad parsowania odpowiedzi AI. Sprobuj ponownie.' }), 500 # Save or update AI insights existing_insights = db.query(CompanyAIInsights).filter_by(company_id=company.id).first() if existing_insights: # Update existing existing_insights.business_summary = ai_data.get('business_summary') existing_insights.services_list = ai_data.get('services_list', []) existing_insights.target_market = ai_data.get('target_market') existing_insights.unique_selling_points = ai_data.get('unique_selling_points', []) existing_insights.company_values = ai_data.get('company_values', []) existing_insights.certifications = ai_data.get('certifications', []) existing_insights.industry_tags = ai_data.get('industry_tags', []) existing_insights.suggested_category = ai_data.get('suggested_category') existing_insights.category_confidence = ai_data.get('category_confidence') existing_insights.ai_confidence_score = 0.85 # Default confidence existing_insights.processing_time_ms = processing_time existing_insights.analyzed_at = datetime.utcnow() else: # Create new new_insights = CompanyAIInsights( company_id=company.id, business_summary=ai_data.get('business_summary'), services_list=ai_data.get('services_list', []), target_market=ai_data.get('target_market'), unique_selling_points=ai_data.get('unique_selling_points', []), company_values=ai_data.get('company_values', []), certifications=ai_data.get('certifications', []), industry_tags=ai_data.get('industry_tags', []), suggested_category=ai_data.get('suggested_category'), category_confidence=ai_data.get('category_confidence'), ai_confidence_score=0.85, processing_time_ms=processing_time, analyzed_at=datetime.utcnow() ) db.add(new_insights) db.commit() # Count sources used sources_used = ['database'] if brave_results['news'] or brave_results['web']: sources_used.append('brave_search') if website_content: sources_used.append('website') logger.info(f"AI enrichment completed for {company.name}. Processing time: {processing_time}ms. Sources: {sources_used}") return jsonify({ 'success': True, 'message': f'Dane firmy "{company.name}" zostaly wzbogacone przez AI', 'processing_time_ms': processing_time, 'sources_used': sources_used, 'brave_results_count': len(brave_results['news']) + len(brave_results['web']), 'website_content_length': len(website_content), 'insights': ai_data }) except Exception as e: db.rollback() logger.error(f"AI enrichment error for company {company_id}: {str(e)}") return jsonify({ 'success': False, 'error': f'Blad podczas wzbogacania danych: {str(e)}' }), 500 finally: db.close() @app.route('/api/model-info', methods=['GET']) def api_model_info(): """API: Get current AI model information""" service = gemini_service.get_gemini_service() if service: return jsonify({ 'success': True, 'model': service.model_name, 'provider': 'Google Gemini' }) else: return jsonify({ 'success': False, 'error': 'AI service not initialized' }), 500 @app.route('/api/admin/test-sanitization', methods=['POST']) @login_required def test_sanitization(): """ Admin API: Test sensitive data detection without saving. Allows admins to verify what data would be sanitized. """ if not current_user.is_admin: return jsonify({'success': False, 'error': 'Admin access required'}), 403 try: from sensitive_data_service import sanitize_message data = request.get_json() text = data.get('text', '') if not text: return jsonify({'success': False, 'error': 'Text is required'}), 400 sanitized, matches = sanitize_message(text) return jsonify({ 'success': True, 'original': text, 'sanitized': sanitized, 'matches': [ { 'type': m.data_type.value, 'original': m.original, 'masked': m.masked, 'confidence': m.confidence } for m in matches ], 'has_sensitive_data': len(matches) > 0 }) except ImportError: return jsonify({ 'success': False, 'error': 'Sensitive data service not available' }), 500 except Exception as e: logger.error(f"Error testing sanitization: {e}") return jsonify({'success': False, 'error': str(e)}), 500 # ============================================================ # DEVELOPMENT INSIGHTS (Roadmap from user feedback) # ============================================================ # @app.route('/admin/insights') # MOVED TO admin.admin_insights # @login_required def _old_admin_insights(): """Admin dashboard for development insights from forum and chat""" if not current_user.is_admin: flash('Brak uprawnień do tej strony.', 'error') return redirect(url_for('dashboard')) return render_template('admin/insights.html') # @app.route('/api/admin/insights', methods=['GET']) # MOVED TO admin.api_get_insights # @login_required def _old_api_get_insights(): """Get development insights for roadmap""" if not current_user.is_admin: return jsonify({'success': False, 'error': 'Admin access required'}), 403 try: from norda_knowledge_service import get_knowledge_service service = get_knowledge_service() status = request.args.get('status') insights = service.get_development_insights(status=status) return jsonify({ 'success': True, 'insights': insights, 'count': len(insights) }) except ImportError: return jsonify({ 'success': False, 'error': 'Knowledge service not available' }), 500 except Exception as e: logger.error(f"Error getting insights: {e}") return jsonify({'success': False, 'error': str(e)}), 500 # @app.route('/api/admin/insights//status', methods=['PUT']) # MOVED TO admin.api_update_insight_status # @login_required def _old_api_update_insight_status(insight_id): """Update insight status (for roadmap planning)""" if not current_user.is_admin: return jsonify({'success': False, 'error': 'Admin access required'}), 403 try: from norda_knowledge_service import get_knowledge_service service = get_knowledge_service() data = request.get_json() status = data.get('status') note = data.get('note') if not status: return jsonify({'success': False, 'error': 'Status is required'}), 400 success = service.update_insight_status(insight_id, status, note) return jsonify({'success': success}) except Exception as e: logger.error(f"Error updating insight status: {e}") return jsonify({'success': False, 'error': str(e)}), 500 # @app.route('/api/admin/insights/sync', methods=['POST']) # MOVED TO admin.api_sync_insights # @login_required def _old_api_sync_insights(): """Manually trigger knowledge sync from forum and chat""" if not current_user.is_admin: return jsonify({'success': False, 'error': 'Admin access required'}), 403 try: from norda_knowledge_service import get_knowledge_service service = get_knowledge_service() data = request.get_json() or {} days_back = data.get('days_back', 30) results = { 'forum': service.sync_forum_knowledge(days_back), 'chat': service.sync_chat_knowledge(days_back), 'questions': service.analyze_user_questions(days_back) } return jsonify({ 'success': True, 'results': results }) except ImportError: return jsonify({ 'success': False, 'error': 'Knowledge service not available' }), 500 except Exception as e: logger.error(f"Error syncing insights: {e}") return jsonify({'success': False, 'error': str(e)}), 500 # @app.route('/api/admin/insights/stats', methods=['GET']) # MOVED TO admin.api_insights_stats # @login_required def _old_api_insights_stats(): """Get knowledge base statistics""" if not current_user.is_admin: return jsonify({'success': False, 'error': 'Admin access required'}), 403 try: from norda_knowledge_service import get_knowledge_service service = get_knowledge_service() stats = service.get_knowledge_stats() return jsonify({ 'success': True, 'stats': stats }) except ImportError: return jsonify({ 'success': False, 'error': 'Knowledge service not available' }), 500 except Exception as e: logger.error(f"Error getting stats: {e}") return jsonify({'success': False, 'error': str(e)}), 500 # @app.route('/admin/analytics') # MOVED TO admin.admin_analytics # @login_required def _old_admin_analytics(): """Admin dashboard for user analytics - sessions, page views, clicks""" if not current_user.is_admin: flash('Brak uprawnien do tej strony.', 'error') return redirect(url_for('dashboard')) from sqlalchemy import func, desc from sqlalchemy.orm import joinedload from datetime import date, timedelta period = request.args.get('period', 'week') user_id = request.args.get('user_id', type=int) # Period calculation today = date.today() if period == 'day': start_date = today elif period == 'week': start_date = today - timedelta(days=7) elif period == 'month': start_date = today - timedelta(days=30) else: start_date = None db = SessionLocal() try: # Base query for sessions in period sessions_query = db.query(UserSession) if start_date: sessions_query = sessions_query.filter( func.date(UserSession.started_at) >= start_date ) # Overall stats total_sessions = sessions_query.count() unique_users = sessions_query.filter( UserSession.user_id.isnot(None) ).distinct(UserSession.user_id).count() total_page_views = db.query(func.sum(UserSession.page_views_count)).filter( func.date(UserSession.started_at) >= start_date if start_date else True ).scalar() or 0 total_clicks = db.query(func.sum(UserSession.clicks_count)).filter( func.date(UserSession.started_at) >= start_date if start_date else True ).scalar() or 0 avg_duration = db.query(func.avg(UserSession.duration_seconds)).filter( func.date(UserSession.started_at) >= start_date if start_date else True, UserSession.duration_seconds.isnot(None) ).scalar() or 0 stats = { 'total_sessions': total_sessions, 'unique_users': unique_users, 'total_page_views': int(total_page_views), 'total_clicks': int(total_clicks), 'avg_duration': float(avg_duration) } # Device breakdown device_query = db.query( UserSession.device_type, func.count(UserSession.id) ) if start_date: device_query = device_query.filter( func.date(UserSession.started_at) >= start_date ) device_stats = dict(device_query.group_by(UserSession.device_type).all()) # Top users by engagement user_query = db.query( User.id, User.name, User.email, func.count(UserSession.id).label('sessions'), func.sum(UserSession.page_views_count).label('page_views'), func.sum(UserSession.clicks_count).label('clicks'), func.sum(UserSession.duration_seconds).label('total_time') ).join(UserSession, User.id == UserSession.user_id) if start_date: user_query = user_query.filter( func.date(UserSession.started_at) >= start_date ) user_rankings = user_query.group_by(User.id).order_by( desc('page_views') ).limit(20).all() # Popular pages page_query = db.query( PageView.path, func.count(PageView.id).label('views'), func.count(func.distinct(PageView.user_id)).label('unique_users'), func.avg(PageView.time_on_page_seconds).label('avg_time') ) if start_date: page_query = page_query.filter( func.date(PageView.viewed_at) >= start_date ) popular_pages = page_query.group_by(PageView.path).order_by( desc('views') ).limit(20).all() # Recent sessions (last 50) recent_sessions = db.query(UserSession).options( joinedload(UserSession.user) ).order_by(UserSession.started_at.desc()).limit(50).all() # Single user detail (if requested) user_detail = None if user_id: user_obj = db.query(User).filter_by(id=user_id).first() user_sessions = db.query(UserSession).filter_by(user_id=user_id).order_by( UserSession.started_at.desc() ).limit(20).all() user_pages = db.query(PageView).filter_by(user_id=user_id).order_by( PageView.viewed_at.desc() ).limit(50).all() user_detail = { 'user': user_obj, 'sessions': user_sessions, 'pages': user_pages } # ============================================================ # NOWE METRYKI (Analytics Expansion 2026-01-30) # ============================================================ # Bounce rate: sesje z 1 pageview LUB czas < 10s bounced_sessions = sessions_query.filter( (UserSession.page_views_count <= 1) | ((UserSession.duration_seconds.isnot(None)) & (UserSession.duration_seconds < 10)) ).count() bounce_rate = round((bounced_sessions / total_sessions * 100), 1) if total_sessions > 0 else 0 # Geolokalizacja - top 10 krajów country_query = db.query( UserSession.country, func.count(UserSession.id).label('count') ).filter(UserSession.country.isnot(None)) if start_date: country_query = country_query.filter(func.date(UserSession.started_at) >= start_date) country_stats = dict(country_query.group_by(UserSession.country).order_by(desc('count')).limit(10).all()) # UTM sources utm_query = db.query( UserSession.utm_source, func.count(UserSession.id).label('count') ).filter(UserSession.utm_source.isnot(None)) if start_date: utm_query = utm_query.filter(func.date(UserSession.started_at) >= start_date) utm_stats = dict(utm_query.group_by(UserSession.utm_source).order_by(desc('count')).limit(10).all()) # Top wyszukiwania search_query = db.query( SearchQuery.query_normalized, func.count(SearchQuery.id).label('count'), func.avg(SearchQuery.results_count).label('avg_results') ) if start_date: search_query = search_query.filter(func.date(SearchQuery.searched_at) >= start_date) top_searches = search_query.group_by(SearchQuery.query_normalized).order_by(desc('count')).limit(15).all() # Wyszukiwania bez wyników no_results_query = db.query( SearchQuery.query_normalized, func.count(SearchQuery.id).label('count') ).filter(SearchQuery.has_results == False) if start_date: no_results_query = no_results_query.filter(func.date(SearchQuery.searched_at) >= start_date) searches_no_results = no_results_query.group_by(SearchQuery.query_normalized).order_by(desc('count')).limit(10).all() # Konwersje conversion_query = db.query( ConversionEvent.event_type, func.count(ConversionEvent.id).label('count') ) if start_date: conversion_query = conversion_query.filter(func.date(ConversionEvent.converted_at) >= start_date) conversion_stats = dict(conversion_query.group_by(ConversionEvent.event_type).all()) # Błędy JS (agregowane) error_query = db.query( JSError.message, JSError.source, func.count(JSError.id).label('count') ) if start_date: error_query = error_query.filter(func.date(JSError.occurred_at) >= start_date) js_errors = error_query.group_by(JSError.error_hash, JSError.message, JSError.source).order_by(desc('count')).limit(10).all() # Średni scroll depth avg_scroll = db.query(func.avg(PageView.scroll_depth_percent)).filter( PageView.scroll_depth_percent.isnot(None) ) if start_date: avg_scroll = avg_scroll.filter(func.date(PageView.viewed_at) >= start_date) avg_scroll_depth = round(avg_scroll.scalar() or 0, 1) # Wzorce czasowe - aktywność wg godziny hourly_query = db.query( func.extract('hour', UserSession.started_at).label('hour'), func.count(UserSession.id).label('count') ) if start_date: hourly_query = hourly_query.filter(func.date(UserSession.started_at) >= start_date) hourly_activity = dict(hourly_query.group_by('hour').all()) # Dodaj nowe statystyki do stats stats['bounce_rate'] = bounce_rate stats['avg_scroll_depth'] = avg_scroll_depth return render_template( 'admin/analytics_dashboard.html', stats=stats, device_stats=device_stats, user_rankings=user_rankings, popular_pages=popular_pages, recent_sessions=recent_sessions, user_detail=user_detail, current_period=period, # Nowe dane country_stats=country_stats, utm_stats=utm_stats, top_searches=top_searches, searches_no_results=searches_no_results, conversion_stats=conversion_stats, js_errors=js_errors, hourly_activity=hourly_activity ) except Exception as e: logger.error(f"Admin analytics error: {e}") flash('Blad podczas ladowania analityki.', 'error') return redirect(url_for('admin_users')) finally: db.close() # @app.route('/admin/analytics/export') # MOVED TO admin.admin_analytics_export # @login_required def _old_admin_analytics_export(): """Export analytics data as CSV""" import csv import io if not current_user.is_admin: flash('Brak uprawnien.', 'error') return redirect(url_for('dashboard')) export_type = request.args.get('type', 'sessions') period = request.args.get('period', 'month') from datetime import date, timedelta today = date.today() if period == 'day': start_date = today elif period == 'week': start_date = today - timedelta(days=7) elif period == 'month': start_date = today - timedelta(days=30) else: start_date = today - timedelta(days=365) # year db = SessionLocal() try: output = io.StringIO() writer = csv.writer(output) if export_type == 'sessions': writer.writerow(['ID', 'User ID', 'Started At', 'Duration (s)', 'Page Views', 'Clicks', 'Device', 'Browser', 'OS', 'Country', 'UTM Source', 'UTM Campaign']) sessions = db.query(UserSession).filter( func.date(UserSession.started_at) >= start_date ).order_by(UserSession.started_at.desc()).all() for s in sessions: writer.writerow([ s.id, s.user_id, s.started_at.isoformat() if s.started_at else '', s.duration_seconds or 0, s.page_views_count or 0, s.clicks_count or 0, s.device_type or '', s.browser or '', s.os or '', s.country or '', s.utm_source or '', s.utm_campaign or '' ]) elif export_type == 'pageviews': writer.writerow(['ID', 'Session ID', 'User ID', 'Path', 'Viewed At', 'Time on Page (s)', 'Scroll Depth (%)', 'Company ID']) views = db.query(PageView).filter( func.date(PageView.viewed_at) >= start_date ).order_by(PageView.viewed_at.desc()).limit(10000).all() for v in views: writer.writerow([ v.id, v.session_id, v.user_id, v.path, v.viewed_at.isoformat() if v.viewed_at else '', v.time_on_page_seconds or 0, v.scroll_depth_percent or 0, v.company_id or '' ]) elif export_type == 'searches': writer.writerow(['ID', 'User ID', 'Query', 'Results Count', 'Has Results', 'Clicked Company', 'Search Type', 'Searched At']) searches = db.query(SearchQuery).filter( func.date(SearchQuery.searched_at) >= start_date ).order_by(SearchQuery.searched_at.desc()).limit(10000).all() for s in searches: writer.writerow([ s.id, s.user_id, s.query, s.results_count, s.has_results, s.clicked_company_id or '', s.search_type, s.searched_at.isoformat() if s.searched_at else '' ]) elif export_type == 'conversions': writer.writerow(['ID', 'User ID', 'Event Type', 'Event Category', 'Company ID', 'Target Type', 'Converted At']) conversions = db.query(ConversionEvent).filter( func.date(ConversionEvent.converted_at) >= start_date ).order_by(ConversionEvent.converted_at.desc()).all() for c in conversions: writer.writerow([ c.id, c.user_id, c.event_type, c.event_category or '', c.company_id or '', c.target_type or '', c.converted_at.isoformat() if c.converted_at else '' ]) output.seek(0) return Response( output.getvalue(), mimetype='text/csv', headers={'Content-Disposition': f'attachment; filename=analytics_{export_type}_{period}.csv'} ) except Exception as e: logger.error(f"Export error: {e}") flash('Blad podczas eksportu.', 'error') return redirect(url_for('admin_analytics')) finally: db.close() # @app.route('/api/admin/ai-learning-status') # MOVED TO admin.api_ai_learning_status # @login_required def _old_api_ai_learning_status(): """API: Get AI feedback learning status and examples""" if not current_user.is_admin: return jsonify({'success': False, 'error': 'Not authorized'}), 403 try: from feedback_learning_service import get_feedback_learning_service service = get_feedback_learning_service() context = service.get_learning_context() # Format examples for JSON response positive_examples = [] for ex in context.get('positive_examples', []): positive_examples.append({ 'query': ex.query, 'response': ex.response[:300] + '...' if len(ex.response) > 300 else ex.response, 'companies': ex.companies_mentioned or [] }) negative_examples = [] for ex in context.get('negative_examples', []): negative_examples.append({ 'query': ex.query, 'response': ex.response, 'comment': ex.feedback_comment }) return jsonify({ 'success': True, 'learning_active': True, 'stats': context.get('stats', {}), 'using_seed_examples': context.get('stats', {}).get('using_seed_examples', False), 'positive_examples_count': len(positive_examples), 'negative_examples_count': len(negative_examples), 'positive_examples': positive_examples, 'negative_examples': negative_examples, 'negative_patterns': context.get('negative_patterns', []), 'generated_at': context.get('generated_at') }) except ImportError: return jsonify({ 'success': True, 'learning_active': False, 'message': 'Feedback learning service not available' }) except Exception as e: logger.error(f"Error getting AI learning status: {e}") return jsonify({ 'success': False, 'error': str(e) }), 500 # ============================================================ # MODEL COMPARISON - Porównanie modeli AI # ============================================================ # @app.route('/admin/model-comparison') # MOVED TO admin.admin_model_comparison # @login_required def _old_admin_model_comparison(): """Admin page for comparing AI model responses""" if not current_user.is_admin: flash('Brak uprawnień do tej strony.', 'error') return redirect(url_for('dashboard')) # Load saved comparison results if exist results_file = '/tmp/nordabiz_model_comparison_results.json' results = None generated_at = None if os.path.exists(results_file): try: with open(results_file, 'r', encoding='utf-8') as f: data = json.load(f) results = data.get('results', {}) generated_at = data.get('generated_at', 'Nieznana data') except Exception as e: logger.error(f"Error loading model comparison results: {e}") return render_template( 'admin/model_comparison.html', results=results, generated_at=generated_at ) # @app.route('/admin/model-comparison/run', methods=['POST']) # MOVED TO admin.admin_model_comparison_run # @login_required def _old_admin_model_comparison_run(): """Run model comparison simulation""" if not current_user.is_admin: return jsonify({'success': False, 'error': 'Brak uprawnień'}), 403 try: # Questions to compare (from real conversations) comparison_questions = { 'artur': { 'user_id': 3, 'user_name': 'Artur Wiertel', 'original_conversation_id': 63, 'comparisons': [ { 'question_id': 1, 'question': 'ilu członków ma izba norda?', 'type': 'simple', 'old_model': 'gemini-2.5-flash-lite', 'old_answer': 'Izba Norda Biznes zrzesza obecnie 111 firm.', 'new_model': 'gemini-3-flash-preview', 'new_answer': None }, { 'question_id': 2, 'question': 'czy w izbie są osoby gotowe do współpracy przy wspólnych projektach inwestycyjnych?', 'type': 'complex', 'old_model': 'gemini-2.5-flash-lite', 'old_answer': 'W Norda Biznes posiadamy firmy otwarte na współpracę przy projektach inwestycyjnych. Szczególnie interesujące mogą być podmioty z kategorii Budownictwo, Nieruchomości oraz Usługi Biznesowe. Czy szukasz konkretnego rodzaju partnera lub projektu?', 'new_model': 'gemini-3-flash-preview', 'new_answer': None }, { 'question_id': 3, 'question': 'Mam pomysł i projekt ciekawego przedsięwzięcia inwestycyjnego - budowa nieruchomości komercyjnej. Szukam partnerów - 3 osoby, wkład na poziomie 1,5 mln netto', 'type': 'business', 'old_model': 'gemini-2.5-flash-lite', 'old_answer': 'Poszukujesz partnerów do inwestycji w nieruchomość komercyjną. W naszej bazie znajdują się firmy, które mogą być zainteresowane takim przedsięwzięciem. Warto zwrócić uwagę na: ARD Invest, Progress Optima, Orlex MG...', 'new_model': 'gemini-3-flash-preview', 'new_answer': None }, { 'question_id': 4, 'question': 'a co sądzisz o firmie sigma?', 'type': 'company', 'old_model': 'gemini-2.5-flash-lite', 'old_answer': 'Firma Sigma Budownictwo to generalny wykonawca robót budowlanych, który ma na swoim koncie portfolio ponad 250 tys. m² powierzchni użytkowej, w tym hale przemysłowe. Jest to rodzinna firma z Wejherowa, zarządzana przez Romana i Tomasza Wiercińskich.', 'new_model': 'gemini-3-flash-preview', 'new_answer': None }, { 'question_id': 5, 'question': 'co myślisz o pomysłach Jacka Pomieczyńskiego na forum?', 'type': 'analysis', 'old_model': 'gemini-2.5-flash-lite', 'old_answer': 'Chętnie pomogę! Aby odpowiedzieć na Twoje pytanie o pomysły Jacka Pomieczyńskiego, potrzebuję więcej informacji. Czy możesz sprecyzować, o jakie konkretnie pomysły chodzi?', 'new_model': 'gemini-3-flash-preview', 'new_answer': None } ] }, 'maciej': { 'user_id': 1, 'user_name': 'Maciej Pienczyn', 'original_conversation_id': 62, 'comparisons': [ { 'question_id': 1, 'question': 'Kto jest prezesem PIXLAB?', 'type': 'simple', 'old_model': 'gemini-2.5-flash-lite', 'old_answer': 'Prezesem firmy Pixlab Softwarehouse jest Michał Bogdan Roszman.', 'new_model': 'gemini-3-flash-preview', 'new_answer': None }, { 'question_id': 2, 'question': 'jakie znasz inne firmy IT w Norda?', 'type': 'listing', 'old_model': 'gemini-2.5-flash-lite', 'old_answer': 'W Norda Biznes działa kilka firm z branży IT i Telekomunikacja. Są to między innymi VENCODE, oferujące dedykowane aplikacje oparte na sztucznej inteligencji i technologii blockchain, oraz Delkom, specjalizujący się w usługach IT, cyberbezpieczeństwie i doradztwie informatycznym.', 'new_model': 'gemini-3-flash-preview', 'new_answer': None }, { 'question_id': 3, 'question': 'podaj osoby kontaktowe - będę budował sieć komputerową', 'type': 'contact', 'old_model': 'gemini-2.5-flash-lite', 'old_answer': 'Wśród firm z branży IT i telekomunikacja, które mogą pomóc w budowie sieci komputerowej, znajdują się: Chopin Telewizja Kablowa: Bogdan Łaga (Prezes), Delkom: Seweryn Kędziora (Członek Zarządu), INPI Sp. z o.o.', 'new_model': 'gemini-3-flash-preview', 'new_answer': None } ] } } # Use gemini_service directly with FULL NordaGPT context gs = gemini_service.get_gemini_service() logger.info(f"Running model comparison with: {gs.model_name}") # Build FULL context from database (like NordaBizChatEngine._build_conversation_context) db = SessionLocal() try: # === ALL COMPANIES in compact format === all_companies = db.query(Company).filter_by(status='active').all() companies_list = [] for c in all_companies: info = f"- {c.name}" if c.category: info += f" [{c.category.name}]" if c.description_short: info += f": {c.description_short}" if c.founding_history: info += f" Historia: {c.founding_history[:200]}" services = [cs.service.name for cs in c.services if cs.service] if c.services else [] if services: info += f" Usługi: {', '.join(services[:5])}" if c.website: info += f" WWW: {c.website}" if c.phone: info += f" Tel: {c.phone}" if c.email: info += f" Email: {c.email}" if c.address_city: info += f" Miasto: {c.address_city}" info += f" Profil: https://nordabiznes.pl/company/{c.slug}" companies_list.append(info) companies_context = "\n".join(companies_list) total_count = len(all_companies) # === CATEGORIES with counts === categories = db.query(Category).all() categories_context = "Kategorie firm:\n" + "\n".join([ f"- {cat.name}: {db.query(Company).filter_by(category_id=cat.id, status='active').count()} firm" for cat in categories ]) # === COMPANY PEOPLE (zarząd, wspólnicy) === from sqlalchemy.orm import joinedload company_people = db.query(CompanyPerson).options( joinedload(CompanyPerson.person), joinedload(CompanyPerson.company) ).all() people_lines = [] for cp in company_people: if cp.company and cp.person: line = f"- {cp.company.name}: {cp.person.full_name()}" if cp.role: line += f" ({cp.role})" if cp.shares_percent: line += f" - {cp.shares_percent}% udziałów" people_lines.append(line) people_context = "Osoby w firmach (zarząd, wspólnicy):\n" + "\n".join(people_lines) if people_lines else "" # === RECOMMENDATIONS === recommendations = db.query(CompanyRecommendation).filter_by( status='approved' ).order_by(CompanyRecommendation.created_at.desc()).limit(20).all() recs_lines = [] for rec in recommendations: if rec.company: line = f"- {rec.company.name}: {rec.recommendation_text[:150] if rec.recommendation_text else ''}" recs_lines.append(line) recommendations_context = "Rekomendacje firm:\n" + "\n".join(recs_lines) if recs_lines else "" # === FORUM TOPICS === forum_topics = db.query(ForumTopic).filter( ForumTopic.category != 'test' ).order_by(ForumTopic.created_at.desc()).limit(15).all() forum_lines = [] for topic in forum_topics: line = f"- [{topic.category_label}] {topic.title}" if topic.reply_count: line += f" ({topic.reply_count} odpowiedzi)" forum_lines.append(line) forum_context = "Tematy na forum:\n" + "\n".join(forum_lines) if forum_lines else "" # === UPCOMING EVENTS === from datetime import date, timedelta event_cutoff = date.today() + timedelta(days=60) upcoming_events = db.query(NordaEvent).filter( NordaEvent.event_date >= date.today(), NordaEvent.event_date <= event_cutoff ).order_by(NordaEvent.event_date).limit(15).all() events_lines = [] for event in upcoming_events: line = f"- {event.event_date.strftime('%Y-%m-%d')}: {event.title}" if event.location: line += f" ({event.location})" events_lines.append(line) events_context = "Nadchodzące wydarzenia:\n" + "\n".join(events_lines) if events_lines else "" # === B2B CLASSIFIEDS === active_classifieds = db.query(Classified).filter( Classified.is_active == True, Classified.is_test == False ).order_by(Classified.created_at.desc()).limit(20).all() classifieds_lines = [] for c in active_classifieds: line = f"- [{c.listing_type}] {c.title}" if c.company: line += f" - {c.company.name}" classifieds_lines.append(line) classifieds_context = "Ogłoszenia B2B:\n" + "\n".join(classifieds_lines) if classifieds_lines else "" # === RECENT NEWS (ZOPK) === news_cutoff = datetime.now() - timedelta(days=30) recent_news = db.query(ZOPKNews).filter( ZOPKNews.status.in_(['approved', 'auto_approved']), ZOPKNews.published_at >= news_cutoff ).order_by(ZOPKNews.published_at.desc()).limit(10).all() news_lines = [] for news in recent_news: line = f"- {news.published_at.strftime('%Y-%m-%d') if news.published_at else ''}: {news.title}" news_lines.append(line) news_context = "Ostatnie aktualności:\n" + "\n".join(news_lines) if news_lines else "" # === SOCIAL MEDIA === social_media = db.query(CompanySocialMedia).filter( CompanySocialMedia.is_valid == True ).options(joinedload(CompanySocialMedia.company)).all() social_lines = [] for sm in social_media: if sm.company: line = f"- {sm.company.name}: {sm.platform}" if sm.followers_count: line += f" ({sm.followers_count} obserwujących)" social_lines.append(line) social_context = "Social media firm:\n" + "\n".join(social_lines[:30]) if social_lines else "" # === GBP AUDITS (Google Business Profile) === from sqlalchemy import func # Get latest audit per company latest_audit_subq = db.query( GBPAudit.company_id, func.max(GBPAudit.audit_date).label('max_date') ).group_by(GBPAudit.company_id).subquery() latest_audits = db.query(GBPAudit).join( latest_audit_subq, (GBPAudit.company_id == latest_audit_subq.c.company_id) & (GBPAudit.audit_date == latest_audit_subq.c.max_date) ).options(joinedload(GBPAudit.company)).all() gbp_lines = [] for audit in latest_audits: if audit.company: line = f"- {audit.company.name}: Kompletność {audit.completeness_score or 0}%" if audit.review_count: line += f", {audit.review_count} recenzji" if audit.average_rating: line += f", ocena {float(audit.average_rating):.1f}/5" if audit.google_maps_url: line += f" Maps: {audit.google_maps_url}" gbp_lines.append(line) gbp_context = "Audyty Google Business Profile:\n" + "\n".join(gbp_lines) if gbp_lines else "" # === SEO AUDITS (PageSpeed) === seo_audits = db.query(CompanyWebsiteAnalysis).filter( CompanyWebsiteAnalysis.pagespeed_seo_score.isnot(None) ).options(joinedload(CompanyWebsiteAnalysis.company)).all() seo_lines = [] for audit in seo_audits: if audit.company: line = f"- {audit.company.name}: SEO {audit.pagespeed_seo_score or 0}/100" if audit.pagespeed_performance_score: line += f", Wydajność {audit.pagespeed_performance_score}/100" if audit.pagespeed_accessibility_score: line += f", Dostępność {audit.pagespeed_accessibility_score}/100" if audit.seo_overall_score: line += f", Ogólnie {audit.seo_overall_score}/100" seo_lines.append(line) seo_context = "Audyty SEO stron WWW:\n" + "\n".join(seo_lines) if seo_lines else "" # === ZOPK KNOWLEDGE BASE === zopk_knowledge = """Baza wiedzy ZOPK (Zielony Okręg Przemysłowy Kaszubia): ELEKTROWNIA JĄDROWA: - Lokalizacja: Lubiatowo-Kopalino (gmina Choczewo) - Inwestor: Polskie Elektrownie Jądrowe (PEJ) - Partner technologiczny: Westinghouse (reaktory AP1000) - Moc: 2 reaktory po 1150 MW (łącznie 2300 MW) - Harmonogram: Budowa 2028-2035, uruchomienie 2035-2037 - Zatrudnienie: 3000 miejsc pracy (budowa), 900 stałych (eksploatacja) OFFSHORE WIND (Morskie Farmy Wiatrowe): - Baltic Power (Orlen + Northland): 1.2 GW, 76 turbin, ~25 km od Łeby - Baltica 2 (PGE + Ørsted): 1.5 GW, na wschód od Łeby - Baltica 3 (PGE + Ørsted): 1 GW - Łączna moc planowana: 5.9 GW do 2030, 11 GW do 2040 - Port serwisowy: Ustka, Łeba (rozbudowa) INFRASTRUKTURA TRANSPORTOWA: - Via Pomerania: Droga S6 Szczecin-Gdańsk (w budowie) - Droga Czerwona: S7 Gdańsk-Elbląg z Obwodnicą Metropolitalną - PKM (Pomorska Kolej Metropolitalna): Rozwój sieci INWESTYCJE PRZEMYSŁOWE: - Kongsberg Maritime: Fabryka w Rumi (automatyzacja morska) - Bałtycki Port Nowych Technologii: Gdynia - Pomorska Specjalna Strefa Ekonomiczna: Ulgi podatkowe IZBA NORDA BIZNES: - Siedziba: Wejherowo - Członkowie: 150 firm - Cel: Networking, współpraca biznesowa, rozwój regionu""" finally: db.close() # Build comprehensive system prompt with ALL context system_prompt = f"""Jesteś NordaGPT - inteligentnym asystentem portalu Norda Biznes, katalogu {total_count} firm zrzeszonych w stowarzyszeniu Norda Biznes z Wejherowa (Polska). TWOJE MOŻLIWOŚCI: - Znasz WSZYSTKIE firmy członkowskie, ich dane kontaktowe, usługi, historię - Znasz osoby zarządzające firmami (prezesi, wspólnicy, udziałowcy) - Śledzisz aktualności, wydarzenia i ogłoszenia B2B - Możesz polecić firmy do współpracy na podstawie potrzeb użytkownika - Śledzisz dyskusje na forum członków - Znasz wyniki audytów Google Business Profile (oceny, recenzje) - Znasz wyniki audytów SEO stron WWW firm - Masz wiedzę o ZOPK (Zielony Okręg Przemysłowy Kaszubia) - elektrownia jądrowa, offshore wind, infrastruktura === BAZA FIRM ({total_count} aktywnych) === {companies_context} === {categories_context} === {people_context} {recommendations_context} {forum_context} {events_context} {classifieds_context} {news_context} {social_context} {gbp_context} {seo_context} {zopk_knowledge} === ZASADY ODPOWIEDZI === - Odpowiadaj konkretnie, podając nazwy firm i dane kontaktowe - Linkuj do profili firm na portalu: https://nordabiznes.pl/company/[slug] - Jeśli pytanie dotyczy konkretnej firmy - podaj szczegóły z bazy - Przy pytaniach o osoby - podaj stanowisko i firmę - NIE podawaj danych kontaktowych osób, które je ukryły w ustawieniach prywatności - Bądź pomocny i profesjonalny""" # Generate new responses for user_key, user_data in comparison_questions.items(): for comp in user_data['comparisons']: try: prompt = f"{system_prompt}\n\nPytanie użytkownika: {comp['question']}" response_text = gs.generate_text(prompt=prompt, temperature=0.7) comp['new_answer'] = response_text if response_text else 'Brak odpowiedzi' logger.info(f"Generated response for {user_key} Q{comp['question_id']}") except Exception as e: comp['new_answer'] = f'Błąd: {str(e)}' logger.error(f"Error generating response for {user_key} Q{comp['question_id']}: {e}") # Save results to /tmp (always writable) results_file = '/tmp/nordabiz_model_comparison_results.json' with open(results_file, 'w', encoding='utf-8') as f: json.dump({ 'generated_at': datetime.now().strftime('%Y-%m-%d %H:%M'), 'old_model': 'gemini-2.5-flash-lite', 'new_model': 'gemini-3-flash-preview', 'results': comparison_questions }, f, ensure_ascii=False, indent=2) return jsonify({'success': True}) except Exception as e: logger.error(f"Error running model comparison: {e}") return jsonify({'success': False, 'error': str(e)}), 500 # @app.route('/admin/ai-usage') # MOVED TO admin.admin_ai_usage # @login_required def _old_admin_ai_usage(): """Admin dashboard for AI (Gemini) API usage monitoring""" if not current_user.is_admin: flash('Brak uprawnień do tej strony.', 'error') return redirect(url_for('dashboard')) from database import AIUsageLog, AIUsageDaily, User, Company from sqlalchemy import func, desc, case from datetime import timedelta # Get period filter from query params period = request.args.get('period', 'month') # day, week, month, all db = SessionLocal() try: now = datetime.now() today = now.date() week_ago = today - timedelta(days=7) month_ago = today - timedelta(days=30) day_ago = now - timedelta(hours=24) # Determine date filter based on period period_labels = { 'day': ('Dzisiaj', today), 'week': ('Ten tydzień', week_ago), 'month': ('Ten miesiąc', month_ago), 'all': ('Od początku', None) } period_label, period_start = period_labels.get(period, period_labels['month']) # Base query filter for period def period_filter(query): if period_start: return query.filter(func.date(AIUsageLog.created_at) >= period_start) return query # Today's stats (always show) today_stats = db.query( func.count(AIUsageLog.id).label('requests'), func.coalesce(func.sum(AIUsageLog.tokens_input), 0).label('tokens_input'), func.coalesce(func.sum(AIUsageLog.tokens_output), 0).label('tokens_output'), func.coalesce(func.sum(AIUsageLog.cost_cents), 0).label('cost_cents') ).filter( func.date(AIUsageLog.created_at) == today ).first() # Week stats week_requests = db.query(func.count(AIUsageLog.id)).filter( func.date(AIUsageLog.created_at) >= week_ago ).scalar() or 0 # Month stats month_stats = db.query( func.count(AIUsageLog.id).label('requests'), func.coalesce(func.sum(AIUsageLog.cost_cents), 0).label('cost_cents') ).filter( func.date(AIUsageLog.created_at) >= month_ago ).first() # All-time stats all_time_stats = db.query( func.count(AIUsageLog.id).label('requests'), func.coalesce(func.sum(AIUsageLog.cost_cents), 0).label('cost_cents') ).first() # Error rate (last 24h) last_24h_total = db.query(func.count(AIUsageLog.id)).filter( AIUsageLog.created_at >= day_ago ).scalar() or 0 last_24h_errors = db.query(func.count(AIUsageLog.id)).filter( AIUsageLog.created_at >= day_ago, AIUsageLog.success == False ).scalar() or 0 error_rate = (last_24h_errors / last_24h_total * 100) if last_24h_total > 0 else 0 # Average response time (last 24h) avg_response_time = db.query(func.avg(AIUsageLog.response_time_ms)).filter( AIUsageLog.created_at >= day_ago, AIUsageLog.success == True ).scalar() or 0 # Usage by type (filtered by period) type_query = db.query( AIUsageLog.request_type, func.count(AIUsageLog.id).label('count') ) type_query = period_filter(type_query) type_stats = type_query.group_by(AIUsageLog.request_type).order_by(desc('count')).all() # Calculate percentages for type breakdown total_type_count = sum(t.count for t in type_stats) if type_stats else 0 type_labels = { 'ai_chat': ('Chat AI', 'chat'), 'zopk_news_evaluation': ('Ocena newsów ZOP Kaszubia', 'news'), 'ai_user_parse': ('Tworzenie user', 'user'), 'gbp_audit_ai': ('Audyt GBP', 'image'), 'general': ('Ogólne', 'other') } usage_by_type = [] for t in type_stats: label, css_class = type_labels.get(t.request_type, (t.request_type, 'other')) percentage = (t.count / total_type_count * 100) if total_type_count > 0 else 0 usage_by_type.append({ 'type': t.request_type, 'type_label': label, 'type_class': css_class, 'count': t.count, 'percentage': round(percentage, 1) }) # ======================================== # USER STATISTICS (filtered by period) # ======================================== user_query = db.query( User.id, User.name.label('user_name'), User.email, Company.name.label('company_name'), func.count(AIUsageLog.id).label('requests'), func.coalesce(func.sum(AIUsageLog.tokens_input), 0).label('tokens_input'), func.coalesce(func.sum(AIUsageLog.tokens_output), 0).label('tokens_output'), func.coalesce(func.sum(AIUsageLog.cost_cents), 0).label('cost_cents') ).join( AIUsageLog, AIUsageLog.user_id == User.id ).outerjoin( Company, User.company_id == Company.id ) user_query = period_filter(user_query) user_stats = user_query.group_by( User.id, User.name, User.email, Company.name ).order_by(desc('cost_cents')).limit(20).all() # Format user stats user_rankings = [] for u in user_stats: user_rankings.append({ 'id': u.id, 'name': u.user_name or u.email, 'email': u.email, 'company': u.company_name or '-', 'requests': u.requests, 'tokens': int(u.tokens_input) + int(u.tokens_output), 'cost_cents': float(u.cost_cents or 0), 'cost_usd': float(u.cost_cents or 0) / 100 }) # ======================================== # COMPANY STATISTICS (filtered by period) # ======================================== company_query = db.query( Company.id, Company.name, func.count(AIUsageLog.id).label('requests'), func.count(func.distinct(AIUsageLog.user_id)).label('unique_users'), func.coalesce(func.sum(AIUsageLog.tokens_input), 0).label('tokens_input'), func.coalesce(func.sum(AIUsageLog.tokens_output), 0).label('tokens_output'), func.coalesce(func.sum(AIUsageLog.cost_cents), 0).label('cost_cents') ).join( User, User.company_id == Company.id ).join( AIUsageLog, AIUsageLog.user_id == User.id ) company_query = period_filter(company_query) company_stats = company_query.group_by( Company.id, Company.name ).order_by(desc('cost_cents')).limit(20).all() # Format company stats company_rankings = [] for c in company_stats: company_rankings.append({ 'id': c.id, 'name': c.name, 'requests': c.requests, 'unique_users': c.unique_users, 'tokens': int(c.tokens_input) + int(c.tokens_output), 'cost_cents': float(c.cost_cents or 0), 'cost_usd': float(c.cost_cents or 0) / 100 }) # Recent logs with user info recent_logs = db.query(AIUsageLog).order_by(desc(AIUsageLog.created_at)).limit(20).all() # Enrich recent logs with user names for log in recent_logs: label, _ = type_labels.get(log.request_type, (log.request_type, 'other')) log.type_label = label if log.user_id: user = db.query(User).filter_by(id=log.user_id).first() if user: log.user_name = user.name or user.email else: log.user_name = None else: log.user_name = None # Daily history (last 14 days) daily_history = db.query(AIUsageDaily).filter( AIUsageDaily.date >= today - timedelta(days=14) ).order_by(desc(AIUsageDaily.date)).all() stats = { 'today_requests': today_stats.requests or 0, 'today_tokens_input': int(today_stats.tokens_input) or 0, 'today_tokens_output': int(today_stats.tokens_output) or 0, 'today_cost': float(today_stats.cost_cents or 0) / 100, 'week_requests': week_requests, 'month_requests': month_stats.requests or 0, 'month_cost': float(month_stats.cost_cents or 0) / 100, 'all_requests': all_time_stats.requests or 0, 'all_cost': float(all_time_stats.cost_cents or 0) / 100, 'error_rate': error_rate, 'avg_response_time': int(avg_response_time) } return render_template( 'admin/ai_usage_dashboard.html', stats=stats, usage_by_type=usage_by_type, recent_logs=recent_logs, daily_history=daily_history, user_rankings=user_rankings, company_rankings=company_rankings, current_period=period, period_label=period_label ) finally: db.close() # @app.route('/admin/ai-usage/user/') # MOVED TO admin.admin_ai_usage_user # @login_required def _old_admin_ai_usage_user(user_id): """Detailed AI usage for a specific user""" if not current_user.is_admin: flash('Brak uprawnień do tej strony.', 'error') return redirect(url_for('dashboard')) from database import AIUsageLog, User, Company from sqlalchemy import func, desc db = SessionLocal() try: # Get user info user = db.query(User).filter_by(id=user_id).first() if not user: flash('Użytkownik nie istnieje.', 'error') return redirect(url_for('admin_ai_usage')) company = None if user.company_id: company = db.query(Company).filter_by(id=user.company_id).first() # Get overall stats for this user stats = db.query( func.count(AIUsageLog.id).label('total_requests'), func.coalesce(func.sum(AIUsageLog.tokens_input), 0).label('tokens_input'), func.coalesce(func.sum(AIUsageLog.tokens_output), 0).label('tokens_output'), func.coalesce(func.sum(AIUsageLog.cost_cents), 0).label('cost_cents'), func.count(func.nullif(AIUsageLog.success, True)).label('errors') ).filter(AIUsageLog.user_id == user_id).first() # Usage by type type_labels = { 'ai_chat': 'Chat AI', 'zopk_news_evaluation': 'Ocena newsów ZOP Kaszubia', 'ai_user_parse': 'Tworzenie user', 'gbp_audit_ai': 'Audyt GBP', 'general': 'Ogólne' } type_stats = db.query( AIUsageLog.request_type, func.count(AIUsageLog.id).label('count'), func.coalesce(func.sum(AIUsageLog.tokens_input + AIUsageLog.tokens_output), 0).label('tokens'), func.coalesce(func.sum(AIUsageLog.cost_cents), 0).label('cost_cents') ).filter( AIUsageLog.user_id == user_id ).group_by(AIUsageLog.request_type).order_by(desc('count')).all() # Calculate total for percentages total_type_count = sum(t.count for t in type_stats) if type_stats else 1 type_classes = { 'ai_chat': 'chat', 'zopk_news_evaluation': 'news_evaluation', 'ai_user_parse': 'user_creation', 'gbp_audit_ai': 'image_analysis', 'general': 'other' } usage_by_type = [] for t in type_stats: usage_by_type.append({ 'type': t.request_type, 'type_label': type_labels.get(t.request_type, t.request_type), 'type_class': type_classes.get(t.request_type, 'other'), 'count': t.count, 'tokens': int(t.tokens), 'cost_usd': float(t.cost_cents) / 100, 'percentage': round(t.count / total_type_count * 100, 1) if total_type_count > 0 else 0 }) # Get all requests for this user (paginated) page = request.args.get('page', 1, type=int) per_page = 50 requests_query = db.query(AIUsageLog).filter( AIUsageLog.user_id == user_id ).order_by(desc(AIUsageLog.created_at)) total_requests = requests_query.count() total_pages = (total_requests + per_page - 1) // per_page logs = requests_query.offset((page - 1) * per_page).limit(per_page).all() # Enrich logs with type labels and cost for log in logs: log.type_label = type_labels.get(log.request_type, log.request_type) log.cost_usd = float(log.cost_cents or 0) / 100 user_stats = { 'total_requests': stats.total_requests or 0, 'tokens_total': int(stats.tokens_input or 0) + int(stats.tokens_output or 0), 'tokens_input': int(stats.tokens_input or 0), 'tokens_output': int(stats.tokens_output or 0), 'cost_usd': float(stats.cost_cents or 0) / 100, 'errors': stats.errors or 0 } return render_template( 'admin/ai_usage_user.html', user=user, company=company, stats=user_stats, usage_by_type=usage_by_type, logs=logs, page=page, total_pages=total_pages, total_requests=total_requests ) finally: db.close() # @app.route('/api/admin/chat-stats') # MOVED TO admin.api_chat_stats # @login_required def _old_api_chat_stats(): """API: Get chat statistics for dashboard""" if not current_user.is_admin: return jsonify({'success': False, 'error': 'Not authorized'}), 403 db = SessionLocal() try: from sqlalchemy import func, desc from datetime import timedelta # Stats for last 7 days week_ago = datetime.now() - timedelta(days=7) daily_stats = db.query( func.date(AIChatMessage.created_at).label('date'), func.count(AIChatMessage.id).label('count') ).filter( AIChatMessage.created_at >= week_ago, AIChatMessage.role == 'user' ).group_by( func.date(AIChatMessage.created_at) ).order_by('date').all() return jsonify({ 'success': True, 'daily_queries': [{'date': str(d.date), 'count': d.count} for d in daily_stats] }) finally: db.close() # ============================================================ # SYSTEM STATUS DASHBOARD (Admin only) # MOVED TO blueprints/admin/routes_status.py # ============================================================ # @app.route('/admin/status') # MOVED TO admin.admin_status # @login_required def _old_admin_status(): """System status dashboard with real-time metrics""" if not current_user.is_admin: flash('Brak uprawnień.', 'error') return redirect(url_for('dashboard')) import subprocess import platform from sqlalchemy import func, text db = SessionLocal() try: # Current timestamp now = datetime.now() # ===== SYSTEM METRICS ===== system_metrics = { 'hostname': platform.node(), 'os': f"{platform.system()} {platform.release()}", 'python': platform.python_version(), } # CPU usage (via top command) try: result = subprocess.run(['top', '-l', '1', '-n', '0'], capture_output=True, text=True, timeout=5) for line in result.stdout.split('\n'): if 'CPU usage' in line: # Parse: "CPU usage: 5.88% user, 8.82% sys, 85.29% idle" parts = line.split(':')[1].strip().split(',') user = float(parts[0].replace('% user', '').strip()) sys_cpu = float(parts[1].replace('% sys', '').strip()) idle = float(parts[2].replace('% idle', '').strip()) system_metrics['cpu_percent'] = round(user + sys_cpu, 1) system_metrics['cpu_idle'] = round(idle, 1) break except Exception: # Linux fallback try: result = subprocess.run(['grep', 'cpu ', '/proc/stat'], capture_output=True, text=True, timeout=5) if result.returncode == 0: parts = result.stdout.split() idle = int(parts[4]) total = sum(int(x) for x in parts[1:]) system_metrics['cpu_percent'] = round(100 * (1 - idle / total), 1) system_metrics['cpu_idle'] = round(100 * idle / total, 1) except Exception: system_metrics['cpu_percent'] = None system_metrics['cpu_idle'] = None # RAM usage try: # macOS result = subprocess.run(['vm_stat'], capture_output=True, text=True, timeout=5) if result.returncode == 0 and 'Pages' in result.stdout: lines = result.stdout.strip().split('\n') page_size = 16384 # bytes stats = {} for line in lines[1:]: if ':' in line: key, val = line.split(':') stats[key.strip()] = int(val.strip().rstrip('.')) free = stats.get('Pages free', 0) * page_size active = stats.get('Pages active', 0) * page_size inactive = stats.get('Pages inactive', 0) * page_size wired = stats.get('Pages wired down', 0) * page_size total_used = active + inactive + wired total_mem = total_used + free system_metrics['ram_total_gb'] = round(total_mem / (1024**3), 1) system_metrics['ram_used_gb'] = round(total_used / (1024**3), 1) system_metrics['ram_percent'] = round(100 * total_used / total_mem, 1) else: raise Exception("Not macOS") except Exception: # Linux fallback try: result = subprocess.run(['free', '-b'], capture_output=True, text=True, timeout=5) if result.returncode == 0: lines = result.stdout.strip().split('\n') mem_line = lines[1].split() total = int(mem_line[1]) used = int(mem_line[2]) system_metrics['ram_total_gb'] = round(total / (1024**3), 1) system_metrics['ram_used_gb'] = round(used / (1024**3), 1) system_metrics['ram_percent'] = round(100 * used / total, 1) except Exception: system_metrics['ram_total_gb'] = None system_metrics['ram_used_gb'] = None system_metrics['ram_percent'] = None # Disk usage try: result = subprocess.run(['df', '-h', '/'], capture_output=True, text=True, timeout=5) if result.returncode == 0: lines = result.stdout.strip().split('\n') parts = lines[1].split() system_metrics['disk_total'] = parts[1] system_metrics['disk_used'] = parts[2] system_metrics['disk_percent'] = int(parts[4].replace('%', '')) except Exception: system_metrics['disk_total'] = None system_metrics['disk_used'] = None system_metrics['disk_percent'] = None # System uptime try: result = subprocess.run(['uptime'], capture_output=True, text=True, timeout=5) if result.returncode == 0: system_metrics['uptime'] = result.stdout.strip().split('up')[1].split(',')[0].strip() except Exception: system_metrics['uptime'] = None # ===== DATABASE METRICS ===== db_metrics = {} try: # PostgreSQL version version_result = db.execute(text("SELECT version()")).scalar() # Extract just version number: "PostgreSQL 16.11 ..." -> "16.11" if version_result: import re match = re.search(r'PostgreSQL (\d+\.\d+)', version_result) db_metrics['version'] = match.group(1) if match else version_result.split()[1] # Database size result = db.execute(text("SELECT pg_database_size(current_database())")).scalar() db_metrics['size_mb'] = round(result / (1024 * 1024), 2) # Active connections result = db.execute(text("SELECT count(*) FROM pg_stat_activity WHERE state = 'active'")).scalar() db_metrics['active_connections'] = result # Total connections result = db.execute(text("SELECT count(*) FROM pg_stat_activity")).scalar() db_metrics['total_connections'] = result # Table counts db_metrics['companies'] = db.query(Company).count() db_metrics['users'] = db.query(User).count() # Get additional counts if tables exist try: from database import ChatMessage, ChatSession, CompanySocialMedia, SEOMetrics db_metrics['chat_messages'] = db.query(ChatMessage).count() db_metrics['chat_sessions'] = db.query(ChatSession).count() db_metrics['social_media'] = db.query(CompanySocialMedia).count() db_metrics['seo_audits'] = db.query(SEOMetrics).count() except Exception: pass db_metrics['status'] = 'ok' except Exception as e: db_metrics['status'] = 'error' db_metrics['error'] = str(e)[:100] # ===== APPLICATION METRICS ===== app_metrics = {} # Health check - test key endpoints try: with app.test_client() as client: endpoints_ok = 0 endpoints_total = 5 test_endpoints = ['/', '/login', '/api/companies', '/health', '/search?q=test'] for ep in test_endpoints: try: response = client.get(ep, follow_redirects=False) if response.status_code in (200, 302, 304): endpoints_ok += 1 except Exception: pass app_metrics['endpoints_ok'] = endpoints_ok app_metrics['endpoints_total'] = endpoints_total app_metrics['endpoints_percent'] = round(100 * endpoints_ok / endpoints_total, 0) except Exception: app_metrics['endpoints_ok'] = None # Users statistics app_metrics['admins'] = db.query(User).filter(User.is_admin == True).count() app_metrics['users_with_2fa'] = db.query(User).filter(User.totp_enabled == True).count() # Recent activity (last 24h) yesterday = now - timedelta(days=1) try: app_metrics['logins_24h'] = db.query(AuditLog).filter( AuditLog.action == 'login', AuditLog.created_at >= yesterday ).count() except Exception: app_metrics['logins_24h'] = 0 # Security alerts (last 24h) try: app_metrics['alerts_24h'] = db.query(SecurityAlert).filter( SecurityAlert.created_at >= yesterday ).count() except Exception: app_metrics['alerts_24h'] = 0 # ===== GUNICORN/PROCESS METRICS ===== process_metrics = {} try: result = subprocess.run(['pgrep', '-f', 'gunicorn'], capture_output=True, text=True, timeout=5) if result.returncode == 0: pids = result.stdout.strip().split('\n') process_metrics['gunicorn_workers'] = len(pids) - 1 # -1 for master process_metrics['gunicorn_status'] = 'running' else: process_metrics['gunicorn_status'] = 'not found' except Exception: process_metrics['gunicorn_status'] = 'unknown' # ===== TECHNOLOGY STACK ===== import flask import sqlalchemy # Technology stack - ONLY VERIFIED VERSIONS (checked via SSH 2026-01-14) # Dynamic versions are fetched at runtime, static ones were verified manually technology_stack = { 'programming': [ {'name': 'Python', 'version': platform.python_version(), 'icon': '🐍', 'category': 'Backend'}, {'name': 'Flask', 'version': flask.__version__, 'icon': '🌶️', 'category': 'Web Framework'}, {'name': 'SQLAlchemy', 'version': sqlalchemy.__version__, 'icon': '🗃️', 'category': 'ORM'}, {'name': 'Jinja2', 'version': '3.1.6', 'icon': '📄', 'category': 'Templating'}, {'name': 'Werkzeug', 'version': '3.1.3', 'icon': '🔧', 'category': 'WSGI Toolkit'}, ], 'databases': [ {'name': 'PostgreSQL', 'version': db_metrics.get('version', 'N/A'), 'icon': '🐘', 'category': 'Primary DB'}, ], 'ai': [ {'name': 'Google Gemini', 'version': '3 Flash', 'icon': '🤖', 'category': 'AI Chat'}, {'name': 'Brave Search API', 'version': 'v1', 'icon': '🔍', 'category': 'News Search'}, {'name': 'Google PageSpeed', 'version': 'v5', 'icon': '⚡', 'category': 'SEO Audit'}, ], 'infrastructure': [ {'name': 'Proxmox VE', 'version': '9.1.1', 'icon': '🖥️', 'category': 'Wirtualizacja'}, {'name': 'Ubuntu Server', 'version': '24.04.3 LTS', 'icon': '🐧', 'category': 'System OS'}, {'name': 'Nginx', 'version': '1.24.0', 'icon': '🔧', 'category': 'Web Server'}, ], 'network': [ {'name': 'Fortigate 500D', 'version': None, 'icon': '🛡️', 'category': 'Firewall/VPN'}, {'name': 'Nginx Proxy Manager', 'version': '2.12.6', 'icon': '🔀', 'category': 'Reverse Proxy'}, {'name': 'Docker', 'version': '28.2.2', 'icon': '🐳', 'category': 'Containers'}, {'name': "Let's Encrypt", 'version': 'ACME v2', 'icon': '🔒', 'category': 'SSL/TLS'}, ], 'security': [ {'name': 'Flask-Login', 'version': '0.6.3', 'icon': '🔐', 'category': 'Autentykacja'}, {'name': 'Flask-WTF', 'version': '1.2.2', 'icon': '🛡️', 'category': 'CSRF Protection'}, {'name': 'Flask-Limiter', 'version': '4.0.0', 'icon': '⏱️', 'category': 'Rate Limiting'}, {'name': 'geoip2', 'version': '5.2.0', 'icon': '🌍', 'category': 'GeoIP Blocking'}, {'name': 'PyOTP', 'version': '2.9.0', 'icon': '📱', 'category': '2FA/TOTP'}, ], 'devops': [ {'name': 'Git', 'version': '2.43.0', 'icon': '📦', 'category': 'Version Control'}, {'name': 'Gitea', 'version': '1.22.6', 'icon': '🍵', 'category': 'Git Server'}, {'name': 'systemd', 'version': '255', 'icon': '⚙️', 'category': 'Service Manager'}, ], 'servers': [ {'name': 'NORDABIZ-01', 'ip': '10.22.68.249', 'icon': '🖥️', 'role': 'App Server (VM 249)'}, {'name': 'R11-REVPROXY-01', 'ip': '10.22.68.250', 'icon': '🔀', 'role': 'Reverse Proxy (VM 119)'}, {'name': 'R11-DNS-01', 'ip': '10.22.68.171', 'icon': '📡', 'role': 'DNS Server (VM 122)'}, {'name': 'R11-GIT-INPI', 'ip': '10.22.68.180', 'icon': '📦', 'role': 'Git Server (VM 180)'}, ], } return render_template( 'admin/status_dashboard.html', system_metrics=system_metrics, db_metrics=db_metrics, app_metrics=app_metrics, process_metrics=process_metrics, technology_stack=technology_stack, generated_at=now ) finally: db.close() # @app.route('/api/admin/status') # MOVED TO admin.api_admin_status # @login_required def _old_api_admin_status(): """API endpoint for status dashboard auto-refresh""" if not current_user.is_admin: return jsonify({'success': False, 'error': 'Not authorized'}), 403 import subprocess import platform from sqlalchemy import text db = SessionLocal() try: now = datetime.now() data = {'timestamp': now.isoformat()} # System metrics system = {} try: # CPU (Linux) result = subprocess.run(['grep', 'cpu ', '/proc/stat'], capture_output=True, text=True, timeout=2) if result.returncode == 0: parts = result.stdout.split() idle = int(parts[4]) total = sum(int(x) for x in parts[1:]) system['cpu_percent'] = round(100 * (1 - idle / total), 1) except Exception: system['cpu_percent'] = None try: # RAM (Linux) result = subprocess.run(['free', '-b'], capture_output=True, text=True, timeout=2) if result.returncode == 0: lines = result.stdout.strip().split('\n') mem_line = lines[1].split() total = int(mem_line[1]) used = int(mem_line[2]) system['ram_percent'] = round(100 * used / total, 1) except Exception: system['ram_percent'] = None try: # Disk result = subprocess.run(['df', '-h', '/'], capture_output=True, text=True, timeout=2) if result.returncode == 0: lines = result.stdout.strip().split('\n') parts = lines[1].split() system['disk_percent'] = int(parts[4].replace('%', '')) except Exception: system['disk_percent'] = None data['system'] = system # Database metrics db_data = {} try: db_data['active_connections'] = db.execute(text("SELECT count(*) FROM pg_stat_activity WHERE state = 'active'")).scalar() db_data['status'] = 'ok' except Exception as e: db_data['status'] = 'error' db_data['error'] = str(e)[:50] data['database'] = db_data # App metrics yesterday = now - timedelta(days=1) app_data = { 'alerts_24h': db.query(SecurityAlert).filter(SecurityAlert.created_at >= yesterday).count() } data['app'] = app_data return jsonify(data) finally: db.close() # ============================================================ # DEBUG PANEL (Admin only) # ============================================================ # @app.route('/admin/health') # MOVED TO admin.admin_health # @login_required def _old_admin_health(): """ Graphical health check dashboard. Shows status of all critical endpoints with visual indicators. """ if not current_user.is_admin: flash('Brak uprawnień do tej strony.', 'error') return redirect(url_for('dashboard')) from datetime import datetime results = [] categories = { 'public': {'name': 'Strony publiczne', 'icon': '🌐', 'endpoints': []}, 'auth': {'name': 'Autentykacja', 'icon': '🔐', 'endpoints': []}, 'api': {'name': 'API', 'icon': '⚡', 'endpoints': []}, 'admin': {'name': 'Panel admina', 'icon': '👨‍💼', 'endpoints': []}, 'company': {'name': 'Profile firm', 'icon': '🏢', 'endpoints': []}, } # Endpoints to check (path, name, category) endpoints = [ ('/', 'Strona główna', 'public'), ('/release-notes', 'Historia zmian', 'public'), ('/search?q=test', 'Wyszukiwarka', 'public'), ('/chat', 'NordaGPT Chat', 'public'), ('/raporty/', 'Raporty', 'public'), ('/login', 'Logowanie', 'auth'), ('/register', 'Rejestracja', 'auth'), ('/api/companies', 'Lista firm', 'api'), ('/health', 'Health check', 'api'), ('/admin/security', 'Bezpieczeństwo', 'admin'), ('/admin/seo', 'SEO Audit', 'admin'), ('/admin/social-media', 'Social Media', 'admin'), ('/admin/analytics', 'Analityka', 'admin'), ('/admin/forum', 'Forum', 'admin'), ('/admin/kalendarz', 'Kalendarz', 'admin'), ('/admin/status', 'Status systemu', 'admin'), ('/admin/fees', 'Składki (FIS)', 'admin'), ('/admin/zopk/news', 'ZOPK News', 'admin'), ('/admin/recommendations', 'Rekomendacje', 'admin'), ] # Add company profiles: INPI, Waterm (fixed) + 3 random db = SessionLocal() try: import random as rnd # Fixed companies to always check fixed_companies = db.query(Company).filter( Company.name.ilike('%INPI%') | Company.name.ilike('%Waterm%') ).all() for company in fixed_companies: endpoints.append((f'/company/{company.slug}', company.name[:30], 'company')) # 3 random companies (excluding fixed ones) fixed_ids = [c.id for c in fixed_companies] all_other = db.query(Company).filter(~Company.id.in_(fixed_ids)).all() random_companies = rnd.sample(all_other, min(3, len(all_other))) for company in random_companies: endpoints.append((f'/company/{company.slug}', f'{company.name[:25]}...', 'company')) finally: db.close() # Test each endpoint with app.test_client() as client: for path, name, category in endpoints: start_time = datetime.now() try: response = client.get(path, follow_redirects=False) status_code = response.status_code response_time = (datetime.now() - start_time).total_seconds() * 1000 # ms # Determine status # 429 = rate limited (endpoint works, just protected) # 403 = forbidden (endpoint works, requires auth) if status_code in (200, 302, 304, 429): status = 'ok' elif status_code == 404: status = 'not_found' elif status_code >= 500: status = 'error' else: status = 'warning' result = { 'path': path, 'name': name, 'status_code': status_code, 'status': status, 'response_time': round(response_time, 1), 'error': None } except Exception as e: result = { 'path': path, 'name': name, 'status_code': 500, 'status': 'error', 'response_time': None, 'error': str(e)[:100] } categories[category]['endpoints'].append(result) results.append(result) # Summary stats total = len(results) ok_count = sum(1 for r in results if r['status'] == 'ok') warning_count = sum(1 for r in results if r['status'] == 'warning') error_count = sum(1 for r in results if r['status'] in ('error', 'not_found')) avg_response_time = sum(r['response_time'] for r in results if r['response_time']) / total if total else 0 summary = { 'total': total, 'ok': ok_count, 'warning': warning_count, 'error': error_count, 'health_percent': round(100 * ok_count / total, 1) if total else 0, 'avg_response_time': round(avg_response_time, 1), 'overall_status': 'ok' if error_count == 0 else ('degraded' if ok_count > error_count else 'critical') } return render_template( 'admin/health_dashboard.html', categories=categories, summary=summary, generated_at=datetime.now() ) # @app.route('/api/admin/health') # MOVED TO admin.api_admin_health # @login_required def _old_api_admin_health(): """API endpoint for health dashboard auto-refresh""" if not current_user.is_admin: return jsonify({'success': False, 'error': 'Not authorized'}), 403 # Run the same checks as admin_health but return JSON results = [] endpoints = [ ('/', 'Strona główna'), ('/release-notes', 'Historia zmian'), ('/search?q=test', 'Wyszukiwarka'), ('/chat', 'NordaGPT Chat'), ('/login', 'Logowanie'), ('/api/companies', 'Lista firm'), ('/health', 'Health check'), ('/admin/security', 'Bezpieczeństwo'), ('/admin/status', 'Status systemu'), ('/admin/fees', 'Składki (FIS)'), ('/admin/zopk/news', 'ZOPK News'), ] with app.test_client() as client: for path, name in endpoints: try: response = client.get(path, follow_redirects=False) status_code = response.status_code ok = status_code in (200, 302, 304, 429) # 429 = rate limited, endpoint works results.append({'path': path, 'name': name, 'status': status_code, 'ok': ok}) except Exception as e: results.append({'path': path, 'name': name, 'status': 500, 'ok': False, 'error': str(e)[:50]}) ok_count = sum(1 for r in results if r['ok']) return jsonify({ 'success': True, 'timestamp': datetime.now().isoformat(), 'results': results, 'summary': { 'total': len(results), 'ok': ok_count, 'failed': len(results) - ok_count, 'health_percent': round(100 * ok_count / len(results), 1) } }) # @app.route('/admin/debug') # MOVED TO admin.debug_panel # @login_required def _old_debug_panel(): """Real-time debug panel for monitoring app activity""" if not current_user.is_admin: flash('Brak uprawnień do tej strony.', 'error') return redirect(url_for('dashboard')) return render_template('admin/debug.html') # @app.route('/api/admin/logs') # MOVED TO admin.api_get_logs # @login_required def _old_api_get_logs(): """API: Get recent logs""" if not current_user.is_admin: return jsonify({'success': False, 'error': 'Not authorized'}), 403 # Get optional filters level = request.args.get('level', '') # DEBUG, INFO, WARNING, ERROR since = request.args.get('since', '') # ISO timestamp limit = min(int(request.args.get('limit', 100)), 500) logs = list(debug_handler.logs) # Filter by level if level: logs = [l for l in logs if l['level'] == level.upper()] # Filter by timestamp if since: logs = [l for l in logs if l['timestamp'] > since] # Return most recent logs = logs[-limit:] return jsonify({ 'success': True, 'logs': logs, 'total': len(debug_handler.logs) }) # @app.route('/api/admin/logs/stream') # MOVED TO admin.api_logs_stream # @login_required def _old_api_logs_stream(): """SSE endpoint for real-time log streaming""" if not current_user.is_admin: return jsonify({'success': False, 'error': 'Not authorized'}), 403 def generate(): last_count = 0 while True: current_count = len(debug_handler.logs) if current_count > last_count: # Send new logs new_logs = list(debug_handler.logs)[last_count:] for log in new_logs: yield f"data: {json.dumps(log)}\n\n" last_count = current_count import time time.sleep(0.5) return Response(generate(), mimetype='text/event-stream') # @app.route('/api/admin/logs/clear', methods=['POST']) # MOVED TO admin.api_clear_logs # @login_required def _old_api_clear_logs(): """API: Clear log buffer""" if not current_user.is_admin: return jsonify({'success': False, 'error': 'Not authorized'}), 403 debug_handler.logs.clear() logger.info("Log buffer cleared by admin") return jsonify({'success': True}) # @app.route('/api/admin/test-log', methods=['POST']) # MOVED TO admin.api_test_log # @login_required def _old_api_test_log(): """API: Generate test log entries""" if not current_user.is_admin: return jsonify({'success': False, 'error': 'Not authorized'}), 403 logger.debug("Test DEBUG message") logger.info("Test INFO message") logger.warning("Test WARNING message") logger.error("Test ERROR message") return jsonify({'success': True, 'message': 'Test logs generated'}) # @app.route('/admin/digital-maturity') # MOVED TO admin.digital_maturity_dashboard # @login_required def _old_digital_maturity_dashboard(): """Admin dashboard for digital maturity assessment results""" if not current_user.is_admin: flash('Brak uprawnień do tej strony.', 'error') return redirect(url_for('dashboard')) db = SessionLocal() try: from sqlalchemy import func, desc # Get all companies with maturity data companies_query = db.query( Company.id, Company.name, Company.slug, Company.website, CompanyDigitalMaturity.overall_score, CompanyDigitalMaturity.online_presence_score, CompanyDigitalMaturity.sales_readiness, CompanyDigitalMaturity.total_opportunity_value, CompanyWebsiteAnalysis.opportunity_score, CompanyWebsiteAnalysis.has_blog, CompanyWebsiteAnalysis.has_portfolio, CompanyWebsiteAnalysis.has_contact_form, CompanyWebsiteAnalysis.content_richness_score, CompanyDigitalMaturity.critical_gaps, CompanyWebsiteAnalysis.missing_features ).join( CompanyDigitalMaturity, Company.id == CompanyDigitalMaturity.company_id ).join( CompanyWebsiteAnalysis, Company.id == CompanyWebsiteAnalysis.company_id ).filter( CompanyDigitalMaturity.overall_score > 0 ).order_by( desc(CompanyDigitalMaturity.overall_score) ).all() # Calculate stats total_analyzed = len(companies_query) avg_score = round(sum(c.overall_score for c in companies_query) / total_analyzed, 1) if total_analyzed else 0 total_opportunity = sum(float(c.total_opportunity_value or 0) for c in companies_query) warm_leads = [c for c in companies_query if c.sales_readiness == 'warm'] cold_leads = [c for c in companies_query if c.sales_readiness == 'cold'] # Top 10 and bottom 10 top_performers = companies_query[:10] bottom_performers = sorted(companies_query, key=lambda c: c.overall_score)[:10] # Top opportunities top_opportunities = sorted( companies_query, key=lambda c: float(c.total_opportunity_value or 0), reverse=True )[:10] return render_template('admin/digital_maturity.html', total_analyzed=total_analyzed, avg_score=avg_score, total_opportunity=total_opportunity, warm_leads_count=len(warm_leads), cold_leads_count=len(cold_leads), top_performers=top_performers, bottom_performers=bottom_performers, top_opportunities=top_opportunities, all_companies=companies_query ) finally: db.close() # @app.route('/admin/social-media') # MOVED TO admin.admin_social_media # @login_required def _old_admin_social_media(): """Admin dashboard for social media analytics""" if not current_user.is_admin: flash('Brak uprawnień do tej strony.', 'error') return redirect(url_for('dashboard')) db = SessionLocal() try: from sqlalchemy import func, case, distinct from database import CompanySocialMedia # Total counts per platform platform_stats = db.query( CompanySocialMedia.platform, func.count(CompanySocialMedia.id).label('count'), func.count(distinct(CompanySocialMedia.company_id)).label('companies') ).filter( CompanySocialMedia.is_valid == True ).group_by(CompanySocialMedia.platform).all() # Companies with each platform combination company_platforms = db.query( Company.id, Company.name, Company.slug, func.array_agg(distinct(CompanySocialMedia.platform)).label('platforms') ).outerjoin( CompanySocialMedia, (Company.id == CompanySocialMedia.company_id) & (CompanySocialMedia.is_valid == True) ).group_by(Company.id, Company.name, Company.slug).all() # Analysis total_companies = len(company_platforms) companies_with_sm = [c for c in company_platforms if c.platforms and c.platforms[0] is not None] companies_without_sm = [c for c in company_platforms if not c.platforms or c.platforms[0] is None] # Platform combinations platform_combos_raw = {} for c in companies_with_sm: platforms = sorted([p for p in c.platforms if p]) if c.platforms else [] key = ', '.join(platforms) if platforms else 'Brak' if key not in platform_combos_raw: platform_combos_raw[key] = [] platform_combos_raw[key].append({'id': c.id, 'name': c.name, 'slug': c.slug}) # Sort by number of companies (descending) platform_combos = dict(sorted(platform_combos_raw.items(), key=lambda x: len(x[1]), reverse=True)) # Only Facebook only_facebook = [c for c in companies_with_sm if set(c.platforms) == {'facebook'}] # Only LinkedIn only_linkedin = [c for c in companies_with_sm if set(c.platforms) == {'linkedin'}] # Only Instagram only_instagram = [c for c in companies_with_sm if set(c.platforms) == {'instagram'}] # Has all major (FB + LI + IG) has_all_major = [c for c in companies_with_sm if {'facebook', 'linkedin', 'instagram'}.issubset(set(c.platforms or []))] # Get all social media entries with company info for detailed view all_entries = db.query( CompanySocialMedia, Company.name.label('company_name'), Company.slug.label('company_slug') ).join(Company).order_by( Company.name, CompanySocialMedia.platform ).all() # Freshness analysis from datetime import datetime, timedelta now = datetime.now() fresh_30d = db.query(func.count(CompanySocialMedia.id)).filter( CompanySocialMedia.verified_at >= now - timedelta(days=30) ).scalar() stale_90d = db.query(func.count(CompanySocialMedia.id)).filter( CompanySocialMedia.verified_at < now - timedelta(days=90) ).scalar() return render_template('admin/social_media.html', platform_stats=platform_stats, total_companies=total_companies, companies_with_sm=len(companies_with_sm), companies_without_sm=companies_without_sm, platform_combos=platform_combos, only_facebook=only_facebook, only_linkedin=only_linkedin, only_instagram=only_instagram, has_all_major=has_all_major, all_entries=all_entries, fresh_30d=fresh_30d, stale_90d=stale_90d, now=now ) finally: db.close() # ============================================================ # SOCIAL MEDIA AUDIT ADMIN DASHBOARD # ============================================================ # @app.route('/admin/social-audit') # MOVED TO admin.admin_social_audit # @login_required def _old_admin_social_audit(): """ Admin dashboard for Social Media audit overview. Displays: - Summary stats (coverage per platform, total profiles) - Platform coverage with progress bars - Sortable table with platform icons per company - Followers aggregate statistics """ if not current_user.is_admin: flash('Brak uprawnień do tej strony.', 'error') return redirect(url_for('dashboard')) db = SessionLocal() try: from sqlalchemy import func, distinct from database import CompanySocialMedia, Category # Platform definitions platforms = ['facebook', 'instagram', 'linkedin', 'youtube', 'twitter', 'tiktok'] # Total companies count total_companies = db.query(func.count(Company.id)).filter(Company.status == 'active').scalar() # Get all companies with their social media profiles companies_query = db.query( Company.id, Company.name, Company.slug, Company.website, Category.name.label('category_name') ).outerjoin( Category, Company.category_id == Category.id ).filter( Company.status == 'active' ).order_by(Company.name).all() # Get social media data per company social_data = db.query( CompanySocialMedia.company_id, CompanySocialMedia.platform, CompanySocialMedia.url, CompanySocialMedia.followers_count, CompanySocialMedia.verified_at, CompanySocialMedia.is_valid ).filter( CompanySocialMedia.is_valid == True ).all() # Group social media by company company_social = {} for sm in social_data: if sm.company_id not in company_social: company_social[sm.company_id] = {} company_social[sm.company_id][sm.platform] = { 'url': sm.url, 'followers': sm.followers_count or 0, 'verified_at': sm.verified_at } # Build companies list with social media info companies = [] for row in companies_query: sm_data = company_social.get(row.id, {}) total_followers = sum(p.get('followers', 0) for p in sm_data.values()) platform_count = len(sm_data) # Get last verified date across all platforms verified_dates = [p.get('verified_at') for p in sm_data.values() if p.get('verified_at')] last_verified = max(verified_dates) if verified_dates else None companies.append({ 'id': row.id, 'name': row.name, 'slug': row.slug, 'website': row.website, 'category': row.category_name, 'platforms': sm_data, 'platform_count': platform_count, 'total_followers': total_followers, 'last_verified': last_verified, 'has_facebook': 'facebook' in sm_data, 'has_instagram': 'instagram' in sm_data, 'has_linkedin': 'linkedin' in sm_data, 'has_youtube': 'youtube' in sm_data, 'has_twitter': 'twitter' in sm_data, 'has_tiktok': 'tiktok' in sm_data }) # Platform statistics platform_stats = {} for platform in platforms: count = db.query(func.count(distinct(CompanySocialMedia.company_id))).filter( CompanySocialMedia.platform == platform, CompanySocialMedia.is_valid == True ).scalar() or 0 platform_stats[platform] = { 'count': count, 'percent': round(count / total_companies * 100) if total_companies > 0 else 0 } # Summary stats companies_with_sm = len([c for c in companies if c['platform_count'] > 0]) companies_without_sm = total_companies - companies_with_sm total_profiles = sum(c['platform_count'] for c in companies) total_followers = sum(c['total_followers'] for c in companies) # Top followers (top 10 companies by total followers) top_followers = sorted([c for c in companies if c['total_followers'] > 0], key=lambda x: x['total_followers'], reverse=True)[:10] stats = { 'total_companies': total_companies, 'companies_with_sm': companies_with_sm, 'companies_without_sm': companies_without_sm, 'total_profiles': total_profiles, 'total_followers': total_followers, 'platform_stats': platform_stats } # Get unique categories categories = sorted(set(c['category'] for c in companies if c['category'])) # Convert to objects for template class CompanyRow: def __init__(self, data): for key, value in data.items(): setattr(self, key, value) companies_objects = [CompanyRow(c) for c in companies] top_followers_objects = [CompanyRow(c) for c in top_followers] return render_template('admin/social_audit_dashboard.html', companies=companies_objects, stats=stats, categories=categories, platforms=platforms, top_followers=top_followers_objects, now=datetime.now() ) finally: db.close() # ============================================================ # IT AUDIT ADMIN DASHBOARD # ============================================================ # @app.route('/admin/it-audit') # MOVED TO admin.admin_it_audit # @login_required def _old_admin_it_audit(): """ Admin dashboard for IT audit overview. Displays: - Summary stats (audit count, average scores, maturity distribution) - Technology adoption stats (Azure AD, M365, PBS, Zabbix, EDR, DR) - Collaboration flags distribution - Company table with IT audit data - Collaboration matches matrix Access: Admin only """ if not current_user.is_admin: flash('Brak uprawnień do tej strony.', 'error') return redirect(url_for('dashboard')) db = SessionLocal() try: from sqlalchemy import func, distinct # Import IT audit models and service from database import ITAudit, ITCollaborationMatch from it_audit_service import get_maturity_level_label # Get all active companies with their latest IT audit # Using subquery to get only the latest audit per company latest_audit_subq = db.query( ITAudit.company_id, func.max(ITAudit.audit_date).label('max_date') ).group_by(ITAudit.company_id).subquery() companies_query = db.query( Company.id, Company.name, Company.slug, ITAudit.id.label('audit_id'), ITAudit.overall_score, ITAudit.security_score, ITAudit.collaboration_score, ITAudit.completeness_score, ITAudit.maturity_level, ITAudit.audit_date, ITAudit.has_azure_ad, ITAudit.has_m365, ITAudit.has_proxmox_pbs, ITAudit.monitoring_solution, ITAudit.has_edr, ITAudit.has_dr_plan ).outerjoin( latest_audit_subq, Company.id == latest_audit_subq.c.company_id ).outerjoin( ITAudit, (Company.id == ITAudit.company_id) & (ITAudit.audit_date == latest_audit_subq.c.max_date) ).filter( Company.status == 'active' ).order_by( Company.name ).all() # Build companies list with named attributes for template companies = [] for row in companies_query: # Detect Zabbix from monitoring_solution field has_zabbix = row.monitoring_solution and 'zabbix' in str(row.monitoring_solution).lower() companies.append({ 'id': row.id, 'name': row.name, 'slug': row.slug, 'audit_id': row.audit_id, 'overall_score': row.overall_score, 'security_score': row.security_score, 'collaboration_score': row.collaboration_score, 'completeness_score': row.completeness_score, 'maturity_level': row.maturity_level, 'maturity_label': get_maturity_level_label(row.maturity_level) if row.maturity_level else None, 'audit_date': row.audit_date, 'has_azure_ad': row.has_azure_ad, 'has_m365': row.has_m365, 'has_proxmox_pbs': row.has_proxmox_pbs, 'has_zabbix': has_zabbix, 'has_edr': row.has_edr, 'has_dr_plan': row.has_dr_plan }) # Calculate statistics audited_companies = [c for c in companies if c['overall_score'] is not None] not_audited = [c for c in companies if c['overall_score'] is None] # Maturity distribution maturity_counts = { 'basic': 0, 'developing': 0, 'established': 0, 'advanced': 0 } for c in audited_companies: level = c['maturity_level'] if level in maturity_counts: maturity_counts[level] += 1 # Calculate average scores if audited_companies: avg_overall = round(sum(c['overall_score'] for c in audited_companies) / len(audited_companies)) avg_security = round(sum(c['security_score'] or 0 for c in audited_companies) / len(audited_companies)) avg_collaboration = round(sum(c['collaboration_score'] or 0 for c in audited_companies) / len(audited_companies)) else: avg_overall = None avg_security = None avg_collaboration = None # Technology adoption stats tech_stats = { 'azure_ad': len([c for c in audited_companies if c['has_azure_ad']]), 'm365': len([c for c in audited_companies if c['has_m365']]), 'proxmox_pbs': len([c for c in audited_companies if c['has_proxmox_pbs']]), 'zabbix': len([c for c in audited_companies if c['has_zabbix']]), 'edr': len([c for c in audited_companies if c['has_edr']]), 'dr_plan': len([c for c in audited_companies if c['has_dr_plan']]) } # Collaboration flags stats from latest audits collab_stats = {} if audited_companies: collab_flags = [ 'open_to_shared_licensing', 'open_to_backup_replication', 'open_to_teams_federation', 'open_to_shared_monitoring', 'open_to_collective_purchasing', 'open_to_knowledge_sharing' ] for flag in collab_flags: count = db.query(func.count(ITAudit.id)).filter( ITAudit.id.in_([c['audit_id'] for c in audited_companies if c['audit_id']]), getattr(ITAudit, flag) == True ).scalar() collab_stats[flag] = count # Get collaboration matches with both companies' info matches = db.query(ITCollaborationMatch).order_by( ITCollaborationMatch.match_score.desc() ).all() # Build flat list of collaboration matches with all necessary attributes class CollabMatchRow: """Helper class for template attribute access""" def __init__(self, **kwargs): for key, value in kwargs.items(): setattr(self, key, value) collaboration_matches = [] for match in matches: # Get company A and B info company_a = db.query(Company).filter(Company.id == match.company_a_id).first() company_b = db.query(Company).filter(Company.id == match.company_b_id).first() collaboration_matches.append(CollabMatchRow( id=match.id, match_type=match.match_type, company_a_id=match.company_a_id, company_a_name=company_a.name if company_a else 'Nieznana', company_a_slug=company_a.slug if company_a else '', company_b_id=match.company_b_id, company_b_name=company_b.name if company_b else 'Nieznana', company_b_slug=company_b.slug if company_b else '', match_reason=match.match_reason, match_score=match.match_score, status=match.status, created_at=match.created_at )) stats = { # Main stats 'total_audits': len(audited_companies), 'total_companies': len(companies), 'companies_without_audit': len(not_audited), # Score averages 'avg_overall_score': avg_overall, 'avg_security_score': avg_security, 'avg_collaboration_score': avg_collaboration, # Maturity distribution (flattened for template) 'maturity_basic': maturity_counts['basic'], 'maturity_developing': maturity_counts['developing'], 'maturity_established': maturity_counts['established'], 'maturity_advanced': maturity_counts['advanced'], # Technology adoption stats (matching template naming with has_* prefix) 'has_azure_ad': tech_stats['azure_ad'], 'has_m365': tech_stats['m365'], 'has_proxmox_pbs': tech_stats['proxmox_pbs'], 'has_zabbix': tech_stats['zabbix'], 'has_edr': tech_stats['edr'], 'has_dr_plan': tech_stats['dr_plan'], # Collaboration flags 'open_to_shared_licensing': collab_stats.get('open_to_shared_licensing', 0), 'open_to_backup_replication': collab_stats.get('open_to_backup_replication', 0), 'open_to_teams_federation': collab_stats.get('open_to_teams_federation', 0), 'open_to_shared_monitoring': collab_stats.get('open_to_shared_monitoring', 0), 'open_to_collective_purchasing': collab_stats.get('open_to_collective_purchasing', 0), 'open_to_knowledge_sharing': collab_stats.get('open_to_knowledge_sharing', 0), # Legacy nested structures (for any templates that still use them) 'maturity_counts': maturity_counts, 'tech_stats': tech_stats, 'collab_stats': collab_stats, 'total_matches': len(collaboration_matches) } # Convert companies list to objects with attribute access for template class CompanyRow: def __init__(self, data): for key, value in data.items(): setattr(self, key, value) companies_objects = [CompanyRow(c) for c in companies] return render_template('admin/it_audit_dashboard.html', companies=companies_objects, stats=stats, collaboration_matches=collaboration_matches, now=datetime.now() ) finally: db.close() # ============================================================ # IT AUDIT FORM - MOVED TO blueprints/it_audit/ # ============================================================ # Routes: /it-audit/form, /it-audit/save, /api/it-audit/* # ============================================================ # RAPORTY - MIGRATED TO blueprints/reports/ # ============================================================ # Routes: /raporty, /raporty/staz-czlonkostwa, /raporty/social-media, /raporty/struktura-branzowa # RELEASE NOTES - MOVED TO blueprints/admin/routes.py (admin_notify_release) # ============================================================ # ============================================================ # ZOPK PUBLIC ROUTES - MOVED TO blueprints/public/routes_zopk.py # Routes: /zopk, /zopk/projekty/, /zopk/aktualnosci # ============================================================ # ============================================================ # ZOPK ROUTES - MOVED TO BLUEPRINTS # ============================================================ # All ZOPK routes have been migrated to: # - blueprints/admin/routes_zopk_dashboard.py # - blueprints/admin/routes_zopk_news.py # - blueprints/admin/routes_zopk_knowledge.py # - blueprints/admin/routes_zopk_timeline.py # ============================================================ # Endpoint aliases for ZOPK are created in blueprints/__init__.py # ============================================================ # KRS AUDIT (Krajowy Rejestr Sądowy) # ============================================================ # @app.route('/admin/krs-audit') # MOVED TO admin.admin_krs_audit # @login_required def _old_admin_krs_audit(): """ Admin dashboard for KRS (Krajowy Rejestr Sądowy) audit. Displays: - Summary stats (with KRS, audited count, data extraction status) - List of companies with KRS numbers - Audit progress and status for each company - Links to source PDF files """ if not current_user.is_admin: flash('Brak uprawnień do tej strony.', 'error') return redirect(url_for('dashboard')) db = SessionLocal() try: from sqlalchemy import func # Get all active companies with KRS numbers companies_query = db.query(Company).filter( Company.status == 'active', Company.krs.isnot(None), Company.krs != '' ).order_by(Company.name).all() # Get latest audit for each company companies = [] for company in companies_query: # Get latest audit latest_audit = db.query(KRSAudit).filter( KRSAudit.company_id == company.id ).order_by(KRSAudit.audit_date.desc()).first() # Get PKD codes (all) pkd_codes = db.query(CompanyPKD).filter( CompanyPKD.company_id == company.id ).order_by(CompanyPKD.is_primary.desc(), CompanyPKD.pkd_code).all() pkd_count = len(pkd_codes) # Get people count people_count = db.query(CompanyPerson).filter( CompanyPerson.company_id == company.id ).count() companies.append({ 'id': company.id, 'name': company.name, 'slug': company.slug, 'krs': company.krs, 'nip': company.nip, 'capital_amount': company.capital_amount, 'krs_last_audit_at': company.krs_last_audit_at, 'krs_pdf_path': company.krs_pdf_path, 'audit': latest_audit, 'pkd_count': pkd_count, 'pkd_codes': [{ 'code': pkd.pkd_code, 'description': pkd.pkd_description, 'is_primary': pkd.is_primary } for pkd in pkd_codes], 'people_count': people_count, 'capital_shares_count': company.capital_shares_count }) # Calculate stats total_with_krs = len(companies) audited_count = len([c for c in companies if c['krs_last_audit_at']]) not_audited_count = total_with_krs - audited_count with_capital = len([c for c in companies if c['capital_amount']]) with_people = len([c for c in companies if c['people_count'] > 0]) with_pkd = len([c for c in companies if c['pkd_count'] > 0]) # Companies without KRS no_krs_count = db.query(Company).filter( Company.status == 'active', (Company.krs.is_(None)) | (Company.krs == '') ).count() stats = { 'total_with_krs': total_with_krs, 'audited_count': audited_count, 'not_audited_count': not_audited_count, 'no_krs_count': no_krs_count, 'with_capital': with_capital, 'with_people': with_people, 'with_pkd': with_pkd } return render_template('admin/krs_audit_dashboard.html', companies=companies, stats=stats, krs_audit_available=KRS_AUDIT_AVAILABLE, now=datetime.now() ) finally: db.close() # ============================================================ # KRS API ROUTES - MOVED TO blueprints/admin/routes_krs_api.py # ============================================================ # Routes: /admin/krs-api/audit, /admin/krs-api/audit/batch, /admin/krs-api/pdf/ # ============================================================ # ERROR HANDLERS # ============================================================ @app.errorhandler(404) def not_found(error): return render_template('errors/404.html'), 404 def send_registration_notification(user_info): """Send email notification when a new user registers""" try: from email_service import send_email, is_configured if not is_configured(): logger.warning("Email service not configured - skipping registration notification") return notify_email = os.getenv('ERROR_NOTIFY_EMAIL', 'maciej.pienczyn@inpi.pl') if not notify_email: return reg_time = datetime.now().strftime('%Y-%m-%d %H:%M:%S') is_member = "✅ TAK" if user_info.get('is_norda_member') else "❌ NIE" company_name = user_info.get('company_name', 'Brak przypisanej firmy') subject = f"👤 NordaBiz: Nowa rejestracja - {user_info.get('name', 'Nieznany')}" body_text = f"""👤 NOWA REJESTRACJA NA NORDABIZNES.PL {'='*50} 🕐 Czas: {reg_time} 👤 Imię: {user_info.get('name', 'N/A')} 📧 Email: {user_info.get('email', 'N/A')} 🏢 NIP: {user_info.get('company_nip', 'N/A')} 🏛️ Firma: {company_name} 🎫 Członek NORDA: {is_member} {'='*50} 🔗 Panel użytkowników: https://nordabiznes.pl/admin/users """ body_html = f"""

👤 Nowa rejestracja na NordaBiznes.pl

🕐 Czas:{reg_time}
👤 Imię:{user_info.get('name', 'N/A')}
📧 Email:{user_info.get('email', 'N/A')}
🏢 NIP:{user_info.get('company_nip', 'N/A')}
🏛️ Firma:{company_name}
🎫 Członek NORDA:{is_member}
""" result = send_email( to=[notify_email], subject=subject, body_text=body_text, body_html=body_html, email_type='registration_notification' ) if result: logger.info(f"Registration notification sent to {notify_email}") else: logger.error(f"Failed to send registration notification to {notify_email}") except Exception as e: logger.error(f"Failed to send registration notification: {e}") def send_error_notification(error, request_info): """Send email notification about 500 errors via Microsoft Graph""" try: from email_service import send_email, is_configured if not is_configured(): logger.warning("Email service not configured - skipping error notification") return error_email = os.getenv('ERROR_NOTIFY_EMAIL', 'maciej.pienczyn@inpi.pl') if not error_email: return # Build error details error_time = datetime.now().strftime('%Y-%m-%d %H:%M:%S') traceback_str = tb_module.format_exc() subject = f"🚨 NordaBiz ERROR 500: {request_info.get('path', 'Unknown')}" body_text = f"""⚠️ BŁĄD 500 NA NORDABIZNES.PL {'='*50} 🕐 Czas: {error_time} 🌐 URL: {request_info.get('url', 'N/A')} 📍 Ścieżka: {request_info.get('path', 'N/A')} 📝 Metoda: {request_info.get('method', 'N/A')} 👤 Użytkownik: {request_info.get('user', 'Anonimowy')} 🖥️ IP: {request_info.get('ip', 'N/A')} 🌍 User-Agent: {request_info.get('user_agent', 'N/A')} {'='*50} 📋 BŁĄD: {str(error)} {'='*50} 📜 TRACEBACK: {traceback_str} {'='*50} 🔧 Sprawdź logi: ssh maciejpi@10.22.68.249 "sudo journalctl -u nordabiznes --since '10 minutes ago'" """ body_html = f"""

🚨 BŁĄD 500 NA NORDABIZNES.PL

🕐 Czas:{error_time}
🌐 URL:{request_info.get('url', 'N/A')}
📍 Ścieżka:{request_info.get('path', 'N/A')}
📝 Metoda:{request_info.get('method', 'N/A')}
👤 Użytkownik:{request_info.get('user', 'Anonimowy')}
🖥️ IP:{request_info.get('ip', 'N/A')}
📋 BŁĄD:
{str(error)}
📜 TRACEBACK:
{traceback_str}
🔧 Sprawdź logi:
ssh maciejpi@10.22.68.249 "sudo journalctl -u nordabiznes --since '10 minutes ago'"
""" result = send_email( to=[error_email], subject=subject, body_text=body_text, body_html=body_html, email_type='error_notification' ) if result: logger.info(f"Error notification sent to {error_email}") else: logger.error(f"Failed to send error notification to {error_email}") except Exception as e: logger.error(f"Failed to send error notification: {e}") @app.errorhandler(500) def internal_error(error): # Collect request info for notification request_info = { 'url': request.url if request else 'N/A', 'path': request.path if request else 'N/A', 'method': request.method if request else 'N/A', 'ip': request.remote_addr if request else 'N/A', 'user_agent': request.headers.get('User-Agent', 'N/A') if request else 'N/A', 'user': current_user.email if current_user and current_user.is_authenticated else 'Anonimowy' } # Send notification in background (don't block response) try: send_error_notification(error, request_info) except Exception as e: logger.error(f"Error notification failed: {e}") return render_template('errors/500.html'), 500 # ============================================================ # ADMIN - SECURITY DASHBOARD # ============================================================ # @app.route('/admin/security') # MOVED TO admin.admin_security # @login_required def _old_admin_security(): """Security dashboard - audit logs, alerts, GeoIP stats""" if not current_user.is_admin: flash('Brak uprawnień.', 'error') return redirect(url_for('dashboard')) db = SessionLocal() try: from sqlalchemy import func, desc # Get recent audit logs audit_logs = db.query(AuditLog).order_by( desc(AuditLog.created_at) ).limit(50).all() # Get security alerts alerts = db.query(SecurityAlert).order_by( desc(SecurityAlert.created_at) ).limit(50).all() # Alert stats new_alerts_count = db.query(SecurityAlert).filter( SecurityAlert.status == 'new' ).count() # Recent locked accounts locked_accounts = db.query(User).filter( User.locked_until > datetime.now() ).all() # Users with 2FA enabled users_with_2fa = db.query(User).filter( User.totp_enabled == True ).count() total_admins = db.query(User).filter( User.is_admin == True ).count() # Alert type breakdown alert_breakdown = db.query( SecurityAlert.alert_type, func.count(SecurityAlert.id).label('count') ).group_by(SecurityAlert.alert_type).all() stats = { 'new_alerts': new_alerts_count, 'locked_accounts': len(locked_accounts), 'users_with_2fa': users_with_2fa, 'total_admins': total_admins, 'alert_breakdown': {a.alert_type: a.count for a in alert_breakdown} } # GeoIP stats from security_service import _get_geoip_enabled geoip_enabled = _get_geoip_enabled() geoip_stats = {'today': 0, 'this_month': 0, 'this_year': 0, 'total': 0, 'by_country': []} if geoip_enabled: today = datetime.now().date() first_of_month = today.replace(day=1) first_of_year = today.replace(month=1, day=1) # Count geo_blocked alerts geoip_stats['today'] = db.query(SecurityAlert).filter( SecurityAlert.alert_type == 'geo_blocked', func.date(SecurityAlert.created_at) == today ).count() geoip_stats['this_month'] = db.query(SecurityAlert).filter( SecurityAlert.alert_type == 'geo_blocked', func.date(SecurityAlert.created_at) >= first_of_month ).count() geoip_stats['this_year'] = db.query(SecurityAlert).filter( SecurityAlert.alert_type == 'geo_blocked', func.date(SecurityAlert.created_at) >= first_of_year ).count() geoip_stats['total'] = db.query(SecurityAlert).filter( SecurityAlert.alert_type == 'geo_blocked' ).count() # Country breakdown (from details JSON) country_flags = { 'RU': ('🇷🇺', 'Rosja'), 'CN': ('🇨🇳', 'Chiny'), 'KP': ('🇰🇵', 'Korea Płn.'), 'IR': ('🇮🇷', 'Iran'), 'BY': ('🇧🇾', 'Białoruś'), 'SY': ('🇸🇾', 'Syria'), 'VE': ('🇻🇪', 'Wenezuela'), 'CU': ('🇨🇺', 'Kuba') } geo_alerts = db.query(SecurityAlert).filter( SecurityAlert.alert_type == 'geo_blocked' ).all() country_counts = {} for alert in geo_alerts: if alert.details and 'country' in alert.details: country = alert.details['country'] if country: country_counts[country] = country_counts.get(country, 0) + 1 # Sort by count descending sorted_countries = sorted(country_counts.items(), key=lambda x: x[1], reverse=True) for code, count in sorted_countries: flag, name = country_flags.get(code, ('🏴', code)) geoip_stats['by_country'].append({ 'code': code, 'flag': flag, 'name': name, 'count': count }) return render_template( 'admin/security_dashboard.html', audit_logs=audit_logs, alerts=alerts, locked_accounts=locked_accounts, stats=stats, geoip_enabled=geoip_enabled, geoip_stats=geoip_stats, generated_at=datetime.now() ) finally: db.close() # @app.route('/admin/security/alert//acknowledge', methods=['POST']) # MOVED TO admin.acknowledge_security_alert # @login_required def _old_acknowledge_security_alert(alert_id): """Acknowledge a security alert""" if not current_user.is_admin: return jsonify({'success': False, 'error': 'Not authorized'}), 403 db = SessionLocal() try: alert = db.query(SecurityAlert).get(alert_id) if not alert: return jsonify({'success': False, 'error': 'Alert not found'}), 404 alert.status = 'acknowledged' alert.acknowledged_by = current_user.id alert.acknowledged_at = datetime.now() # Log audit if SECURITY_SERVICE_AVAILABLE: log_audit(db, 'alert.acknowledge', 'security_alert', alert_id, details={'alert_type': alert.alert_type}) db.commit() return jsonify({'success': True}) finally: db.close() # @app.route('/admin/security/alert//resolve', methods=['POST']) # MOVED TO admin.resolve_security_alert # @login_required def _old_resolve_security_alert(alert_id): """Resolve a security alert""" if not current_user.is_admin: return jsonify({'success': False, 'error': 'Not authorized'}), 403 note = request.form.get('note', '') db = SessionLocal() try: alert = db.query(SecurityAlert).get(alert_id) if not alert: return jsonify({'success': False, 'error': 'Alert not found'}), 404 alert.status = 'resolved' alert.resolution_note = note if not alert.acknowledged_by: alert.acknowledged_by = current_user.id alert.acknowledged_at = datetime.now() # Log audit if SECURITY_SERVICE_AVAILABLE: log_audit(db, 'alert.resolve', 'security_alert', alert_id, details={'alert_type': alert.alert_type, 'note': note}) db.commit() flash('Alert został rozwiązany.', 'success') return redirect(url_for('admin_security')) finally: db.close() # @app.route('/admin/security/unlock-account/', methods=['POST']) # MOVED TO admin.unlock_account # @login_required def _old_unlock_account(user_id): """Unlock a locked user account""" if not current_user.is_admin: return jsonify({'success': False, 'error': 'Not authorized'}), 403 db = SessionLocal() try: user = db.query(User).get(user_id) if not user: return jsonify({'success': False, 'error': 'User not found'}), 404 user.locked_until = None user.failed_login_attempts = 0 # Log audit if SECURITY_SERVICE_AVAILABLE: log_audit(db, 'user.unlock', 'user', user_id, user.email) db.commit() flash(f'Konto {user.email} zostało odblokowane.', 'success') return redirect(url_for('admin_security')) finally: db.close() # @app.route('/api/admin/security/geoip-stats') # MOVED TO admin.api_geoip_stats # @login_required def _old_api_geoip_stats(): """API endpoint for GeoIP stats auto-refresh""" if not current_user.is_admin: return jsonify({'success': False, 'error': 'Not authorized'}), 403 from sqlalchemy import func from security_service import _get_geoip_enabled db = SessionLocal() try: now = datetime.now() geoip_enabled = _get_geoip_enabled() if not geoip_enabled: return jsonify({ 'enabled': False, 'timestamp': now.isoformat() }) today = now.date() first_of_month = today.replace(day=1) first_of_year = today.replace(month=1, day=1) stats = { 'enabled': True, 'timestamp': now.isoformat(), 'today': db.query(SecurityAlert).filter( SecurityAlert.alert_type == 'geo_blocked', func.date(SecurityAlert.created_at) == today ).count(), 'this_month': db.query(SecurityAlert).filter( SecurityAlert.alert_type == 'geo_blocked', func.date(SecurityAlert.created_at) >= first_of_month ).count(), 'this_year': db.query(SecurityAlert).filter( SecurityAlert.alert_type == 'geo_blocked', func.date(SecurityAlert.created_at) >= first_of_year ).count(), 'total': db.query(SecurityAlert).filter( SecurityAlert.alert_type == 'geo_blocked' ).count() } # Country breakdown country_flags = { 'RU': ('🇷🇺', 'Rosja'), 'CN': ('🇨🇳', 'Chiny'), 'KP': ('🇰🇵', 'Korea Płn.'), 'IR': ('🇮🇷', 'Iran'), 'BY': ('🇧🇾', 'Białoruś'), 'SY': ('🇸🇾', 'Syria'), 'VE': ('🇻🇪', 'Wenezuela'), 'CU': ('🇨🇺', 'Kuba') } geo_alerts = db.query(SecurityAlert).filter( SecurityAlert.alert_type == 'geo_blocked' ).all() country_counts = {} for alert in geo_alerts: if alert.details and 'country' in alert.details: country = alert.details['country'] if country: country_counts[country] = country_counts.get(country, 0) + 1 by_country = [] for code, count in sorted(country_counts.items(), key=lambda x: x[1], reverse=True): flag, name = country_flags.get(code, ('🏴', code)) by_country.append({'code': code, 'flag': flag, 'name': name, 'count': count}) stats['by_country'] = by_country return jsonify(stats) finally: db.close() # ============================================================ # ANNOUNCEMENTS (Ogłoszenia dla członków) # ============================================================ def generate_slug(title): """ Generate URL-friendly slug from title. Uses unidecode for proper Polish character handling. """ import re try: from unidecode import unidecode text = unidecode(title.lower()) except ImportError: # Fallback without unidecode text = title.lower() replacements = { 'ą': 'a', 'ć': 'c', 'ę': 'e', 'ł': 'l', 'ń': 'n', 'ó': 'o', 'ś': 's', 'ź': 'z', 'ż': 'z' } for pl, en in replacements.items(): text = text.replace(pl, en) # Remove special characters, replace spaces with hyphens text = re.sub(r'[^\w\s-]', '', text) text = re.sub(r'[-\s]+', '-', text).strip('-') return text[:200] # Limit slug length # @app.route('/admin/announcements') # MOVED TO admin.admin_announcements # @login_required def _old_admin_announcements(): """Admin panel - lista ogłoszeń""" if not current_user.is_admin: flash('Brak uprawnień do tej strony.', 'error') return redirect(url_for('dashboard')) from database import Announcement db = SessionLocal() try: # Filters status_filter = request.args.get('status', 'all') category_filter = request.args.get('category', 'all') query = db.query(Announcement) if status_filter != 'all': query = query.filter(Announcement.status == status_filter) if category_filter != 'all': from sqlalchemy.dialects.postgresql import array as pg_array query = query.filter(Announcement.categories.op('@>')(pg_array([category_filter]))) # Sort: pinned first, then by created_at desc query = query.order_by( Announcement.is_pinned.desc(), Announcement.created_at.desc() ) announcements = query.all() return render_template('admin/announcements.html', announcements=announcements, now=datetime.now(), status_filter=status_filter, category_filter=category_filter, categories=Announcement.CATEGORIES, category_labels=Announcement.CATEGORY_LABELS, statuses=Announcement.STATUSES, status_labels=Announcement.STATUS_LABELS) finally: db.close() # @app.route('/admin/announcements/new', methods=['GET', 'POST']) # MOVED TO admin.admin_announcements_new # @login_required def _old_admin_announcements_new(): """Admin panel - nowe ogłoszenie""" if not current_user.is_admin: flash('Brak uprawnień do tej strony.', 'error') return redirect(url_for('dashboard')) from database import Announcement if request.method == 'POST': db = SessionLocal() try: title = request.form.get('title', '').strip() excerpt = request.form.get('excerpt', '').strip() content = request.form.get('content', '').strip() categories = request.form.getlist('categories') if not categories: categories = ['internal'] # Default category category = categories[0] # Backwards compatibility image_url = request.form.get('image_url', '').strip() or None external_link = request.form.get('external_link', '').strip() or None is_featured = 'is_featured' in request.form is_pinned = 'is_pinned' in request.form # Handle expires_at expires_at_str = request.form.get('expires_at', '').strip() expires_at = None if expires_at_str: try: expires_at = datetime.strptime(expires_at_str, '%Y-%m-%dT%H:%M') except ValueError: pass # Generate unique slug base_slug = generate_slug(title) slug = base_slug counter = 1 while db.query(Announcement).filter(Announcement.slug == slug).first(): slug = f"{base_slug}-{counter}" counter += 1 # Determine status based on button clicked action = request.form.get('action', 'draft') status = 'published' if action == 'publish' else 'draft' published_at = datetime.now() if status == 'published' else None announcement = Announcement( title=title, slug=slug, excerpt=excerpt or None, content=content, category=category, categories=categories, image_url=image_url, external_link=external_link, status=status, published_at=published_at, expires_at=expires_at, is_featured=is_featured, is_pinned=is_pinned, created_by=current_user.id ) db.add(announcement) db.commit() flash(f'Ogłoszenie zostało {"opublikowane" if status == "published" else "zapisane jako szkic"}.', 'success') return redirect(url_for('admin_announcements')) except Exception as e: db.rollback() logger.error(f"Error creating announcement: {e}") flash(f'Błąd podczas tworzenia ogłoszenia: {e}', 'error') finally: db.close() # GET request - show form from database import Announcement return render_template('admin/announcements_form.html', announcement=None, categories=Announcement.CATEGORIES, category_labels=Announcement.CATEGORY_LABELS) # @app.route('/admin/announcements//edit', methods=['GET', 'POST']) # MOVED TO admin.admin_announcements_edit # @login_required def _old_admin_announcements_edit(id): """Admin panel - edycja ogłoszenia""" if not current_user.is_admin: flash('Brak uprawnień do tej strony.', 'error') return redirect(url_for('dashboard')) from database import Announcement db = SessionLocal() try: announcement = db.query(Announcement).filter(Announcement.id == id).first() if not announcement: flash('Nie znaleziono ogłoszenia.', 'error') return redirect(url_for('admin_announcements')) if request.method == 'POST': announcement.title = request.form.get('title', '').strip() announcement.excerpt = request.form.get('excerpt', '').strip() or None announcement.content = request.form.get('content', '').strip() categories = request.form.getlist('categories') if not categories: categories = ['internal'] # Default category announcement.categories = categories announcement.category = categories[0] # Backwards compatibility announcement.image_url = request.form.get('image_url', '').strip() or None announcement.external_link = request.form.get('external_link', '').strip() or None announcement.is_featured = 'is_featured' in request.form announcement.is_pinned = 'is_pinned' in request.form # Handle expires_at expires_at_str = request.form.get('expires_at', '').strip() if expires_at_str: try: announcement.expires_at = datetime.strptime(expires_at_str, '%Y-%m-%dT%H:%M') except ValueError: pass else: announcement.expires_at = None # Regenerate slug if title changed significantly new_slug = generate_slug(announcement.title) if new_slug != announcement.slug.split('-')[0]: # Check if base changed base_slug = new_slug slug = base_slug counter = 1 while db.query(Announcement).filter( Announcement.slug == slug, Announcement.id != id ).first(): slug = f"{base_slug}-{counter}" counter += 1 announcement.slug = slug # Handle status change action = request.form.get('action', 'save') if action == 'publish' and announcement.status != 'published': announcement.status = 'published' announcement.published_at = datetime.now() elif action == 'archive': announcement.status = 'archived' elif action == 'draft': announcement.status = 'draft' announcement.updated_at = datetime.now() db.commit() flash('Zmiany zostały zapisane.', 'success') return redirect(url_for('admin_announcements')) # GET request - show form return render_template('admin/announcements_form.html', announcement=announcement, categories=Announcement.CATEGORIES, category_labels=Announcement.CATEGORY_LABELS) except Exception as e: db.rollback() logger.error(f"Error editing announcement {id}: {e}") flash(f'Błąd: {e}', 'error') return redirect(url_for('admin_announcements')) finally: db.close() # @app.route('/admin/announcements//publish', methods=['POST']) # MOVED TO admin.admin_announcements_publish # @login_required def _old_admin_announcements_publish(id): """Publikacja ogłoszenia""" if not current_user.is_admin: return jsonify({'success': False, 'error': 'Brak uprawnień'}), 403 from database import Announcement db = SessionLocal() try: announcement = db.query(Announcement).filter(Announcement.id == id).first() if not announcement: return jsonify({'success': False, 'error': 'Nie znaleziono ogłoszenia'}), 404 announcement.status = 'published' if not announcement.published_at: announcement.published_at = datetime.now() announcement.updated_at = datetime.now() db.commit() # Notify all users about new announcement from utils.notifications import notify_all_users_announcement notify_count = notify_all_users_announcement( announcement_id=announcement.id, title=announcement.title, category=announcement.category ) logger.info(f"Sent {notify_count} notifications for announcement: {announcement.title}") return jsonify({'success': True, 'message': f'Ogłoszenie zostało opublikowane. Wysłano {notify_count} powiadomień.'}) except Exception as e: db.rollback() logger.error(f"Error publishing announcement {id}: {e}") return jsonify({'success': False, 'error': str(e)}), 500 finally: db.close() # @app.route('/admin/announcements//archive', methods=['POST']) # MOVED TO admin.admin_announcements_archive # @login_required def _old_admin_announcements_archive(id): """Archiwizacja ogłoszenia""" if not current_user.is_admin: return jsonify({'success': False, 'error': 'Brak uprawnień'}), 403 from database import Announcement db = SessionLocal() try: announcement = db.query(Announcement).filter(Announcement.id == id).first() if not announcement: return jsonify({'success': False, 'error': 'Nie znaleziono ogłoszenia'}), 404 announcement.status = 'archived' announcement.updated_at = datetime.now() db.commit() return jsonify({'success': True, 'message': 'Ogłoszenie zostało zarchiwizowane'}) except Exception as e: db.rollback() logger.error(f"Error archiving announcement {id}: {e}") return jsonify({'success': False, 'error': str(e)}), 500 finally: db.close() # @app.route('/admin/announcements//delete', methods=['POST']) # MOVED TO admin.admin_announcements_delete # @login_required def _old_admin_announcements_delete(id): """Usunięcie ogłoszenia""" if not current_user.is_admin: return jsonify({'success': False, 'error': 'Brak uprawnień'}), 403 from database import Announcement db = SessionLocal() try: announcement = db.query(Announcement).filter(Announcement.id == id).first() if not announcement: return jsonify({'success': False, 'error': 'Nie znaleziono ogłoszenia'}), 404 db.delete(announcement) db.commit() return jsonify({'success': True, 'message': 'Ogłoszenie zostało usunięte'}) except Exception as e: db.rollback() logger.error(f"Error deleting announcement {id}: {e}") return jsonify({'success': False, 'error': str(e)}), 500 finally: db.close() # ============================================================ # PUBLIC ANNOUNCEMENTS - MOVED TO blueprints/public/routes_announcements.py # ============================================================ # Routes: /ogloszenia, /ogloszenia/ # ============================================================ # EXTERNAL CONTACTS - PAGE ROUTES MIGRATED TO blueprints/community/contacts/ # ============================================================ # Routes: /kontakty, /kontakty/, /kontakty/dodaj, /kontakty//edytuj, /kontakty//usun # API routes remain below for backwards compatibility # ============================================================ # AI-ASSISTED EXTERNAL CONTACT CREATION # ============================================================ AI_CONTACT_PARSE_PROMPT = """Jesteś asystentem systemu NordaBiz pomagającym dodawać kontakty zewnętrzne. ZADANIE: Przeanalizuj podany tekst i wyodrębnij informacje o osobach kontaktowych z zewnętrznych organizacji (urzędy, agencje, instytucje, firmy partnerskie - osoby spoza Norda Biznes). DANE WEJŚCIOWE: ``` {input_text} ``` TYPY ORGANIZACJI: - government = Urząd (np. ministerstwo, urząd gminy/powiatu) - agency = Agencja (np. ARP, PARP, agencje rozwoju) - company = Firma (przedsiębiorstwa, spółki) - ngo = Organizacja pozarządowa (fundacje, stowarzyszenia) - university = Uczelnia (uniwersytety, politechniki) - other = Inne INSTRUKCJE: 1. Wyodrębnij każdą osobę kontaktową z tekstu 2. Dla każdej osoby zidentyfikuj: - imię i nazwisko (WYMAGANE) - stanowisko/funkcja (jeśli dostępne) - telefon (jeśli dostępny) - email (jeśli dostępny) - organizacja (WYMAGANE - nazwa instytucji) - typ organizacji (government/agency/company/ngo/university/other) - projekt/kontekst (jeśli tekst wspomina o konkretnym projekcie) - tagi (słowa kluczowe związane z osobą/projektem) 3. Jeśli brak imienia i nazwiska - pomiń osobę 4. Jeśli brak nazwy organizacji - pomiń osobę ZWRÓĆ TYLKO CZYSTY JSON w dokładnie takim formacie (bez żadnego tekstu przed ani po): {{ "analysis": "Krótki opis znalezionych kontaktów (1-2 zdania po polsku)", "contacts": [ {{ "first_name": "Imię", "last_name": "Nazwisko", "position": "Stanowisko lub null", "phone": "Numer telefonu lub null", "email": "Email lub null", "organization_name": "Nazwa organizacji", "organization_type": "government|agency|company|ngo|university|other", "project_name": "Nazwa projektu lub null", "tags": "tagi, oddzielone, przecinkami", "warnings": [] }} ] }}""" AI_CONTACT_IMAGE_PROMPT = """Jesteś asystentem systemu NordaBiz pomagającym dodawać kontakty zewnętrzne. ZADANIE: Przeanalizuj ten obraz (screenshot) i wyodrębnij informacje o osobach kontaktowych. Szukaj: imion i nazwisk, stanowisk, telefonów, emaili, nazw organizacji, projektów. TYPY ORGANIZACJI: - government = Urząd (np. ministerstwo, urząd gminy/powiatu) - agency = Agencja (np. ARP, PARP, agencje rozwoju) - company = Firma (przedsiębiorstwa, spółki) - ngo = Organizacja pozarządowa (fundacje, stowarzyszenia) - university = Uczelnia (uniwersytety, politechniki) - other = Inne INSTRUKCJE: 1. Przeczytaj cały tekst widoczny na obrazie 2. Wyodrębnij każdą osobę kontaktową 3. Dla każdej osoby zidentyfikuj: - imię i nazwisko (WYMAGANE) - stanowisko/funkcja - telefon - email - organizacja (WYMAGANE) - typ organizacji - projekt/kontekst - tagi 4. Jeśli brak imienia/nazwiska lub organizacji - pomiń osobę ZWRÓĆ TYLKO CZYSTY JSON w dokładnie takim formacie: {{ "analysis": "Krótki opis znalezionych kontaktów (1-2 zdania po polsku)", "contacts": [ {{ "first_name": "Imię", "last_name": "Nazwisko", "position": "Stanowisko lub null", "phone": "Numer telefonu lub null", "email": "Email lub null", "organization_name": "Nazwa organizacji", "organization_type": "government|agency|company|ngo|university|other", "project_name": "Nazwa projektu lub null", "tags": "tagi, oddzielone, przecinkami", "warnings": [] }} ] }}""" @app.route('/api/contacts/ai-parse', methods=['POST']) @login_required def contacts_ai_parse(): """Parse text or image with AI to extract external contact data.""" db = SessionLocal() try: # Check input type input_type = request.form.get('input_type') or (request.get_json() or {}).get('input_type', 'text') if input_type == 'image': # Handle image upload if 'file' not in request.files: return jsonify({'success': False, 'error': 'Brak pliku obrazu'}), 400 file = request.files['file'] if file.filename == '': return jsonify({'success': False, 'error': 'Nie wybrano pliku'}), 400 # Validate file type allowed_extensions = {'png', 'jpg', 'jpeg', 'gif', 'webp'} ext = file.filename.rsplit('.', 1)[-1].lower() if '.' in file.filename else '' if ext not in allowed_extensions: return jsonify({'success': False, 'error': 'Dozwolone formaty: PNG, JPG, JPEG, GIF, WEBP'}), 400 # Save temp file import tempfile with tempfile.NamedTemporaryFile(delete=False, suffix=f'.{ext}') as tmp: file.save(tmp.name) temp_path = tmp.name try: # Get Gemini service and analyze image service = gemini_service.get_gemini_service() ai_response = service.analyze_image(temp_path, AI_CONTACT_IMAGE_PROMPT) finally: # Clean up temp file import os if os.path.exists(temp_path): os.unlink(temp_path) else: # Handle text input data = request.get_json() or {} # Support both 'text' (from frontend modal) and 'content' for backwards compatibility content = (data.get('text') or data.get('content', '')).strip() if not content: return jsonify({'success': False, 'error': 'Brak treści do analizy'}), 400 # Get Gemini service and analyze text service = gemini_service.get_gemini_service() prompt = AI_CONTACT_PARSE_PROMPT.format(input_text=content) ai_response = service.generate_text( prompt=prompt, feature='ai_contact_parse', user_id=current_user.id, temperature=0.3 ) # Parse AI response as JSON import re json_match = re.search(r'\{[\s\S]*\}', ai_response) if not json_match: logger.error(f"AI contact response not valid JSON: {ai_response[:500]}") return jsonify({ 'success': False, 'error': 'AI nie zwróciło prawidłowej odpowiedzi. Spróbuj ponownie.' }), 500 try: parsed = json.loads(json_match.group()) except json.JSONDecodeError as e: logger.error(f"JSON parse error: {e}, response: {ai_response[:500]}") return jsonify({ 'success': False, 'error': 'Błąd parsowania odpowiedzi AI. Spróbuj ponownie.' }), 500 # Check for potential duplicates from database import ExternalContact proposed_contacts = parsed.get('contacts', []) for contact in proposed_contacts: first_name = contact.get('first_name', '').strip() last_name = contact.get('last_name', '').strip() org_name = contact.get('organization_name', '').strip() if first_name and last_name and org_name: # Check for existing similar contact existing = db.query(ExternalContact).filter( ExternalContact.first_name.ilike(first_name), ExternalContact.last_name.ilike(last_name), ExternalContact.organization_name.ilike(f'%{org_name}%'), ExternalContact.is_active == True ).first() if existing: contact['warnings'] = contact.get('warnings', []) + [ f'Podobny kontakt może już istnieć: {existing.full_name} @ {existing.organization_name}' ] contact['potential_duplicate_id'] = existing.id logger.info(f"User {current_user.email} used AI to parse contacts: {len(proposed_contacts)} found") return jsonify({ 'success': True, 'analysis': parsed.get('analysis', 'Analiza zakończona'), 'contacts': proposed_contacts }) except Exception as e: logger.error(f"Error in AI contact parse: {e}") return jsonify({'success': False, 'error': f'Błąd: {str(e)}'}), 500 finally: db.close() @app.route('/api/contacts/bulk-create', methods=['POST']) @login_required def contacts_bulk_create(): """Create multiple external contacts from confirmed proposals.""" from database import ExternalContact db = SessionLocal() try: data = request.get_json() or {} contacts_to_create = data.get('contacts', []) if not contacts_to_create: return jsonify({'success': False, 'error': 'Brak kontaktów do utworzenia'}), 400 created = [] failed = [] for contact_data in contacts_to_create: try: # Validate required fields first_name = contact_data.get('first_name', '').strip() last_name = contact_data.get('last_name', '').strip() organization_name = contact_data.get('organization_name', '').strip() if not first_name or not last_name or not organization_name: failed.append({ 'name': f"{first_name} {last_name}", 'error': 'Brak wymaganych danych (imię, nazwisko lub organizacja)' }) continue # Create contact contact = ExternalContact( first_name=first_name, last_name=last_name, position=contact_data.get('position', '').strip() or None, phone=contact_data.get('phone', '').strip() or None, email=contact_data.get('email', '').strip() or None, organization_name=organization_name, organization_type=contact_data.get('organization_type', 'other'), project_name=contact_data.get('project_name', '').strip() or None, tags=contact_data.get('tags', '').strip() or None, source_type='ai_import', created_by=current_user.id ) db.add(contact) db.flush() created.append({ 'id': contact.id, 'name': contact.full_name, 'organization': contact.organization_name }) except Exception as e: failed.append({ 'name': f"{contact_data.get('first_name', '')} {contact_data.get('last_name', '')}", 'error': str(e) }) db.commit() logger.info(f"User {current_user.email} bulk created {len(created)} contacts via AI") return jsonify({ 'success': True, 'created': created, 'failed': failed, 'message': f'Utworzono {len(created)} kontaktów' + (f', {len(failed)} błędów' if failed else '') }) except Exception as e: db.rollback() logger.error(f"Error in contacts bulk create: {e}") return jsonify({'success': False, 'error': f'Błąd: {str(e)}'}), 500 finally: db.close() # ============================================================ # HONEYPOT ENDPOINTS (trap for malicious bots) # ============================================================ @app.route('/wp-admin') @app.route('/wp-admin/') @app.route('/wp-login.php') @app.route('/administrator') @app.route('/phpmyadmin') @app.route('/phpmyadmin/') @app.route('/.env') @app.route('/.git/config') @app.route('/xmlrpc.php') @app.route('/config.php') @app.route('/admin.php') def honeypot_trap(path=None): """ Honeypot endpoints - log and return 404. These URLs are commonly probed by malicious bots looking for WordPress, phpMyAdmin, or exposed configuration files. """ client_ip = request.headers.get('X-Forwarded-For', request.remote_addr) if client_ip and ',' in client_ip: client_ip = client_ip.split(',')[0].strip() security_logger.warning(f"HONEYPOT ip={client_ip} path={request.path} ua={request.user_agent.string[:100]}") # Return 404 to not reveal this is a trap return render_template('errors/404.html'), 404 # ============================================================ # MAIN # ============================================================ if __name__ == '__main__': # Port 5001 jako domyślny - macOS AirPlay zajmuje 5000 port = int(os.getenv('PORT', 5001)) debug = os.getenv('FLASK_ENV') == 'development' logger.info(f"Starting Norda Biznes Partner on port {port}") app.run(host='0.0.0.0', port=port, debug=debug)