duzo zmian i funkcji

app.py

@@ -3,17 +3,27 @@ import secrets
 import time
 from datetime import datetime, timedelta
 from flask import Flask, render_template, redirect, url_for, request, flash, Blueprint, send_from_directory
+from markupsafe import Markup
+
 from flask_sqlalchemy import SQLAlchemy
 from flask_login import LoginManager, UserMixin, login_user, login_required, logout_user, current_user
 from flask_socketio import SocketIO, emit, join_room
 from werkzeug.security import generate_password_hash, check_password_hash
 from config import Config
+from PIL import Image
+from werkzeug.utils import secure_filename
+from werkzeug.middleware.proxy_fix import ProxyFix
 
 app = Flask(__name__)
 app.config.from_object(Config)
+app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_host=1)
 SYSTEM_PASSWORD = app.config.get('SYSTEM_PASSWORD', 'changeme')
 DEFAULT_ADMIN_USERNAME = app.config.get('DEFAULT_ADMIN_USERNAME', 'admin')
 DEFAULT_ADMIN_PASSWORD = app.config.get('DEFAULT_ADMIN_PASSWORD', 'admin123')
+UPLOAD_FOLDER = app.config.get('UPLOAD_FOLDER', 'uploads')
+ALLOWED_EXTENSIONS = {'png', 'jpg', 'jpeg', 'gif', 'webp'}
+
+os.makedirs(UPLOAD_FOLDER, exist_ok=True)
 
 db = SQLAlchemy(app)
 socketio = SocketIO(app)
@@ -22,19 +32,6 @@ login_manager.login_view = 'login'
 
 static_bp = Blueprint('static_bp', __name__)
 
-@static_bp.route('/static/js/live.js')
-def serve_live_js():
-    response = send_from_directory('static/js', 'live.js')
-    response.cache_control.no_cache = True
-    response.cache_control.no_store = True
-    response.cache_control.must_revalidate = True
-    response.expires = 0
-    response.pragma = 'no-cache'
-    return response
-
-app.register_blueprint(static_bp)
-
-
 class User(UserMixin, db.Model):
     id = db.Column(db.Integer, primary_key=True)
     username = db.Column(db.String(150), unique=True, nullable=False)
@@ -59,11 +56,27 @@ class Item(db.Model):
     added_by = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=True)
     purchased = db.Column(db.Boolean, default=False)
     purchased_at = db.Column(db.DateTime, nullable=True)
+    note = db.Column(db.Text, nullable=True)
 
 class SuggestedProduct(db.Model):
     id = db.Column(db.Integer, primary_key=True)
     name = db.Column(db.String(150), unique=True, nullable=False)
 
+@static_bp.route('/static/js/live.js')
+def serve_live_js():
+    response = send_from_directory('static/js', 'live.js')
+    response.cache_control.no_cache = True
+    response.cache_control.no_store = True
+    response.cache_control.must_revalidate = True
+    response.expires = 0
+    response.pragma = 'no-cache'
+    return response
+
+app.register_blueprint(static_bp)
+
+def allowed_file(filename):
+    return '.' in filename and filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS
+
 @login_manager.user_loader
 def load_user(user_id):
     return User.query.get(int(user_id))
@@ -78,12 +91,39 @@ def require_system_password():
        and request.endpoint != 'system_auth' \
        and not request.endpoint.startswith('static') \
        and not request.endpoint.startswith('login'):
-        return redirect(url_for('system_auth', next=request.url))
+        # Jeśli wchodzi na '/', nie dodawaj next
+        if request.path == '/':
+            return redirect(url_for('system_auth'))
+        else:
+            # W innym przypadku poprawiamy URL jak wcześniej
+            from urllib.parse import urlparse, urlunparse
+            parsed = urlparse(request.url)
+            fixed_url = urlunparse(parsed._replace(netloc=request.host))
+            return redirect(url_for('system_auth', next=fixed_url))
+
+@app.template_filter('filemtime')
+def file_mtime_filter(path):
+    try:
+        t = os.path.getmtime(path)
+        return datetime.fromtimestamp(t)
+    except Exception:
+        return datetime.utcnow()
+
+@app.template_filter('filesizeformat')
+def filesizeformat_filter(path):
+    try:
+        size = os.path.getsize(path)
+        # Jeśli chcesz dokładniejszy format, np. KB, MB
+        for unit in ['B', 'KB', 'MB', 'GB']:
+            if size < 1024.0:
+                return f"{size:.1f} {unit}"
+            size /= 1024.0
+        return f"{size:.1f} TB"
+    except Exception:
+        return "N/A"
 
 @app.route('/system-auth', methods=['GET', 'POST'])
 def system_auth():
-    DEFAULT_ADMIN_USERNAME = app.config.get('DEFAULT_ADMIN_USERNAME', 'admin')
-    DEFAULT_ADMIN_PASSWORD = app.config.get('DEFAULT_ADMIN_PASSWORD', 'admin123')
 
     next_page = request.args.get('next') or url_for('index_guest')
 
@@ -102,7 +142,7 @@ def system_auth():
             resp = redirect(next_page)
             resp.set_cookie('authorized', 'true')
             return resp
-        flash('Nieprawidłowe hasło do systemu')
+        flash('Nieprawidłowe hasło do systemu','danger')
     return render_template('system_auth.html')
 
 @app.route('/')
@@ -154,19 +194,38 @@ def create_list():
 def view_list(list_id):
     shopping_list = ShoppingList.query.get_or_404(list_id)
     items = Item.query.filter_by(list_id=list_id).all()
-    return render_template('list.html', list=shopping_list, items=items)
+
+    receipt_pattern = f"list_{list_id}"
+    all_files = os.listdir(app.config['UPLOAD_FOLDER'])
+
+    receipt_files = [f for f in all_files if receipt_pattern in f]
+
+    return render_template('list.html', list=shopping_list, items=items, receipt_files=receipt_files)
 
 @app.route('/share/<token>')
 def share_list(token):
     shopping_list = ShoppingList.query.filter_by(share_token=token).first_or_404()
     items = Item.query.filter_by(list_id=shopping_list.id).all()
-    return render_template('list_guest.html', list=shopping_list, items=items)
+
+    receipt_pattern = f"list_{shopping_list.id}"
+    all_files = os.listdir(app.config['UPLOAD_FOLDER'])
+    receipt_files = [f for f in all_files if receipt_pattern in f]
+
+    return render_template('list_guest.html', list=shopping_list, items=items, receipt_files=receipt_files)
+
 
 @app.route('/guest-list/<int:list_id>')
 def guest_list(list_id):
     shopping_list = ShoppingList.query.get_or_404(list_id)
     items = Item.query.filter_by(list_id=list_id).all()
-    return render_template('list_guest.html', list=shopping_list, items=items)
+
+    receipt_pattern = f"list_{list_id}"
+    all_files = os.listdir(app.config['UPLOAD_FOLDER'])
+
+    receipt_files = [f for f in all_files if receipt_pattern in f]
+
+    return render_template('list_guest.html', list=shopping_list, items=items, receipt_files=receipt_files)
+
 
 @app.route('/copy/<int:list_id>')
 @login_required
@@ -192,6 +251,47 @@ def suggest_products():
         suggestions = SuggestedProduct.query.filter(SuggestedProduct.name.ilike(f'%{query}%')).limit(5).all()
     return {'suggestions': [s.name for s in suggestions]}
 
+@app.route('/upload_receipt/<int:list_id>', methods=['POST'])
+def upload_receipt(list_id):
+    if 'receipt' not in request.files:
+        flash('Brak pliku', 'danger')
+        return redirect(request.referrer)
+
+    file = request.files['receipt']
+
+    if file.filename == '':
+        flash('Nie wybrano pliku', 'danger')
+        return redirect(request.referrer)
+
+    if file and allowed_file(file.filename):
+        filename = secure_filename(file.filename)
+        file_path = os.path.join(app.config['UPLOAD_FOLDER'], f"list_{list_id}_{filename}")
+
+        img = Image.open(file)
+        img.thumbnail((800, 800))
+        img.save(file_path)
+
+        flash('Wgrano paragon', 'success')
+        return redirect(request.referrer)
+
+    flash('Niedozwolony format pliku', 'danger')
+    return redirect(request.referrer)
+
+@app.route('/uploads/<filename>')
+def uploaded_file(filename):
+    response = send_from_directory(app.config['UPLOAD_FOLDER'], filename)
+    response.headers['Cache-Control'] = 'public, max-age=2592000, immutable'
+    response.headers.pop('Pragma', None)
+    return response
+
+@app.route('/update-note/<int:item_id>', methods=['POST'])
+def update_note(item_id):
+    item = Item.query.get_or_404(item_id)
+    note = request.form.get('note')
+    item.note = note
+    db.session.commit()
+    return {'success': True}
+
 @app.route('/admin')
 @login_required
 def admin_panel():
@@ -278,6 +378,35 @@ def delete_user(user_id):
     flash('Użytkownik usunięty', 'success')
     return redirect(url_for('list_users'))
 
+
+@app.route('/admin/receipts')
+@login_required
+def admin_receipts():
+    if not current_user.is_admin:
+        return redirect(url_for('index_guest'))
+    all_files = os.listdir(app.config['UPLOAD_FOLDER'])
+    image_files = [f for f in all_files if allowed_file(f)]
+    return render_template(
+        'admin/receipts.html',
+        image_files=image_files,
+        upload_folder=app.config['UPLOAD_FOLDER']
+    )
+
+
+@app.route('/admin/delete_receipt/<filename>')
+@login_required
+def delete_receipt(filename):
+    if not current_user.is_admin:
+        return redirect(url_for('index_guest'))
+    file_path = os.path.join(app.config['UPLOAD_FOLDER'], filename)
+    if os.path.exists(file_path):
+        os.remove(file_path)
+        flash('Plik usunięty', 'success')
+    else:
+        flash('Plik nie istnieje', 'danger')
+    return redirect(url_for('admin_receipts'))
+
+
 @socketio.on('delete_item')
 def handle_delete_item(data):
     item = Item.query.get(data['item_id'])
@@ -295,7 +424,6 @@ def handle_edit_item(data):
         db.session.commit()
         emit('item_edited', {'item_id': item.id, 'new_name': item.name}, to=str(item.list_id))
 
-
 @socketio.on('join_list')
 def handle_join(data):
     room = str(data['room'])
@@ -343,6 +471,15 @@ def handle_uncheck_item(data):
         db.session.commit()
         emit('item_unchecked', {'item_id': item.id}, to=str(item.list_id))
 
+@socketio.on('update_note')
+def handle_update_note(data):
+    item_id = data['item_id']
+    note = data['note']
+    item = Item.query.get(item_id)
+    if item:
+        item.note = note
+        db.session.commit() 
+        emit('note_updated', {'item_id': item_id, 'note': note}, to=str(item.list_id))
 
 @app.cli.command('create_db')
 def create_db():