From 35396afecbcdd5cd43b800a6a7d09b67da5fdd3c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Tue, 29 Jul 2025 11:40:28 +0200
Subject: [PATCH 01/23] app.py - optymalizacje

---
 .gitignore |   1 +
 app.py     | 357 +++++++++++++++++++++++++++++++++++++----------------
 config.py  |   2 +-
 3 files changed, 250 insertions(+), 110 deletions(-)

diff --git a/.gitignore b/.gitignore
index 62bde8f..4ba6499 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,7 @@ env
 *.db
 __pycache__
 instance/
+database/
 uploads/
 .DS_Store
 db/*
diff --git a/app.py b/app.py
index 9a89b35..97b170c 100644
--- a/app.py
+++ b/app.py
@@ -27,9 +27,7 @@ from flask import (
     abort,
     session,
     jsonify,
-    make_response,
 )
-from markupsafe import Markup
 from flask_sqlalchemy import SQLAlchemy
 from flask_login import (
     LoginManager,
@@ -46,7 +44,7 @@ from config import Config
 from PIL import Image, ExifTags, ImageFilter, ImageOps
 from werkzeug.utils import secure_filename
 from werkzeug.middleware.proxy_fix import ProxyFix
-from sqlalchemy import func, extract, inspect, or_
+from sqlalchemy import func, extract, inspect, or_, case
 from sqlalchemy.orm import joinedload
 from collections import defaultdict, deque
 from functools import wraps
@@ -54,12 +52,9 @@ from flask_talisman import Talisman
 
 # OCR
 import pytesseract
-from collections import Counter
 from pytesseract import Output
-
 import logging
 
-
 app = Flask(__name__)
 app.config.from_object(Config)
 
@@ -173,6 +168,11 @@ class ShoppingList(db.Model):
     is_archived = db.Column(db.Boolean, default=False)
     is_public = db.Column(db.Boolean, default=True)
 
+    # Relacje
+    items = db.relationship("Item", back_populates="shopping_list", lazy="select")
+    receipts = db.relationship("Receipt", back_populates="shopping_list", lazy="select")
+    expenses = db.relationship("Expense", back_populates="shopping_list", lazy="select")
+
 
 class Item(db.Model):
     id = db.Column(db.Integer, primary_key=True)
@@ -193,6 +193,8 @@ class Item(db.Model):
     not_purchased_reason = db.Column(db.Text, nullable=True)
     position = db.Column(db.Integer, default=0)
 
+    shopping_list = db.relationship("ShoppingList", back_populates="items")
+
 
 class SuggestedProduct(db.Model):
     id = db.Column(db.Integer, primary_key=True)
@@ -206,7 +208,8 @@ class Expense(db.Model):
     amount = db.Column(db.Float, nullable=False)
     added_at = db.Column(db.DateTime, default=datetime.utcnow)
     receipt_filename = db.Column(db.String(255), nullable=True)
-    list = db.relationship("ShoppingList", backref="expenses", lazy=True)
+
+    shopping_list = db.relationship("ShoppingList", back_populates="expenses")
 
 
 class Receipt(db.Model):
@@ -214,10 +217,18 @@ class Receipt(db.Model):
     list_id = db.Column(db.Integer, db.ForeignKey("shopping_list.id"), nullable=False)
     filename = db.Column(db.String(255), nullable=False)
     uploaded_at = db.Column(db.DateTime, default=datetime.utcnow)
-    shopping_list = db.relationship("ShoppingList", backref="receipts", lazy=True)
     filesize = db.Column(db.Integer, nullable=True)
     file_hash = db.Column(db.String(64), nullable=True, unique=True)
 
+    shopping_list = db.relationship("ShoppingList", back_populates="receipts")
+
+
+if app.config["SQLALCHEMY_DATABASE_URI"].startswith("sqlite:///"):
+    db_path = app.config["SQLALCHEMY_DATABASE_URI"].replace("sqlite:///", "", 1)
+    db_dir = os.path.dirname(db_path)
+    if db_dir and not os.path.exists(db_dir):
+        os.makedirs(db_dir, exist_ok=True)
+        print(f"Utworzono katalog bazy: {db_dir}")
 
 with app.app_context():
     db.create_all()
@@ -287,17 +298,33 @@ def allowed_file(filename):
 
 
 def get_list_details(list_id):
-    shopping_list = ShoppingList.query.get_or_404(list_id)
-    items = Item.query.filter_by(list_id=list_id).order_by(Item.position.asc()).all()
-    expenses = Expense.query.filter_by(list_id=list_id).all()
-    total_expense = sum(e.amount for e in expenses)
+    shopping_list = ShoppingList.query.options(
+        joinedload(ShoppingList.items).joinedload(Item.added_by_user),
+        joinedload(ShoppingList.expenses),
+        joinedload(ShoppingList.receipts),
+    ).get_or_404(list_id)
 
-    receipts = Receipt.query.filter_by(list_id=list_id).all()
-    receipt_files = [r.filename for r in receipts]
+    items = sorted(shopping_list.items, key=lambda i: i.position or 0)
+    expenses = shopping_list.expenses
+    total_expense = sum(e.amount for e in expenses) if expenses else 0
+    receipt_files = [r.filename for r in shopping_list.receipts]
 
     return shopping_list, items, receipt_files, expenses, total_expense
 
 
+def get_total_expense_for_list(list_id, start_date=None, end_date=None):
+    query = db.session.query(func.sum(Expense.amount)).filter(
+        Expense.list_id == list_id
+    )
+
+    if start_date and end_date:
+        query = query.filter(
+            Expense.added_at >= start_date, Expense.added_at < end_date
+        )
+
+    return query.scalar() or 0
+
+
 def generate_share_token(length=8):
     return secrets.token_hex(length // 2)
 
@@ -310,17 +337,26 @@ def check_list_public(shopping_list):
 
 
 def enrich_list_data(l):
-    items = Item.query.filter_by(list_id=l.id).all()
-    l.total_count = len(items)
-    l.purchased_count = len([i for i in items if i.purchased])
-    expenses = Expense.query.filter_by(list_id=l.id).all()
-    l.total_expense = sum(e.amount for e in expenses)
+    counts = (
+        db.session.query(
+            func.count(Item.id),
+            func.sum(case((Item.purchased == True, 1), else_=0)),
+            func.sum(Expense.amount),
+        )
+        .outerjoin(Expense, Expense.list_id == Item.list_id)
+        .filter(Item.list_id == l.id)
+        .first()
+    )
+
+    l.total_count = counts[0] or 0
+    l.purchased_count = counts[1] or 0
+    l.total_expense = counts[2] or 0
+
     return l
 
 
 def save_resized_image(file, path):
     try:
-        # Otwórz i sprawdź poprawność pliku
         image = Image.open(file)
         image.verify()
         file.seek(0)
@@ -364,9 +400,17 @@ def admin_required(f):
 
 
 def get_progress(list_id):
-    items = Item.query.filter_by(list_id=list_id).order_by(Item.position.asc()).all()
-    total_count = len(items)
-    purchased_count = len([i for i in items if i.purchased])
+    total_count, purchased_count = (
+        db.session.query(
+            func.count(Item.id), func.sum(case((Item.purchased == True, 1), else_=0))
+        )
+        .filter(Item.list_id == list_id)
+        .first()
+    )
+
+    total_count = total_count or 0
+    purchased_count = purchased_count or 0
+
     percent = (purchased_count / total_count * 100) if total_count > 0 else 0
     return purchased_count, total_count, percent
 
@@ -452,7 +496,7 @@ def handle_crop_receipt(receipt_id, file):
         return {"success": False, "error": str(e)}
 
 
-def get_expenses_aggregated_by_list_created_at(
+def get_total_expenses_grouped_by_list_created_at(
     user_only=False,
     admin=False,
     show_all=False,
@@ -461,14 +505,10 @@ def get_expenses_aggregated_by_list_created_at(
     end_date=None,
     user_id=None,
 ):
-    """
-    Wspólna logika: sumujemy najnowszy wydatek z każdej listy,
-    ale do agregacji/filtra bierzemy ShoppingList.created_at!
-    """
     lists_query = ShoppingList.query
+
     # Uprawnienia
     if admin:
-        # admin widzi wszystko, ewentualnie: dodać filtrowanie wg potrzeb
         pass
     elif show_all:
         lists_query = lists_query.filter(
@@ -480,7 +520,7 @@ def get_expenses_aggregated_by_list_created_at(
     else:
         lists_query = lists_query.filter(ShoppingList.owner_id == user_id)
 
-    # Filtrowanie po created_at listy
+    # Filtr daty utworzenia listy
     if start_date and end_date:
         try:
             dt_start = datetime.strptime(start_date, "%Y-%m-%d")
@@ -490,34 +530,40 @@ def get_expenses_aggregated_by_list_created_at(
         lists_query = lists_query.filter(
             ShoppingList.created_at >= dt_start, ShoppingList.created_at < dt_end
         )
+
     lists = lists_query.all()
+    if not lists:
+        return {"labels": [], "expenses": []}
 
-    # Najnowszy wydatek każdej listy
-    data = []
-    for sl in lists:
-        latest_exp = (
-            Expense.query.filter_by(list_id=sl.id)
-            .order_by(Expense.added_at.desc())
-            .first()
+    list_ids = [l.id for l in lists]
+
+    # Suma wszystkich wydatków dla każdej listy
+    total_expenses = (
+        db.session.query(
+            Expense.list_id, func.sum(Expense.amount).label("total_amount")
         )
-        if latest_exp:
-            data.append({"created_at": sl.created_at, "amount": latest_exp.amount})
+        .filter(Expense.list_id.in_(list_ids))
+        .group_by(Expense.list_id)
+        .all()
+    )
+
+    expense_map = {lid: amt for lid, amt in total_expenses}
 
-    # Grupowanie po wybranym zakresie wg utworzenia listy
     grouped = defaultdict(float)
-    for rec in data:
-        ts = rec["created_at"] or datetime.now(timezone.utc)
-        if range_type == "monthly":
-            key = ts.strftime("%Y-%m")
-        elif range_type == "quarterly":
-            key = f"{ts.year}-Q{((ts.month - 1) // 3 + 1)}"
-        elif range_type == "halfyearly":
-            key = f"{ts.year}-H{1 if ts.month <= 6 else 2}"
-        elif range_type == "yearly":
-            key = str(ts.year)
-        else:
-            key = ts.strftime("%Y-%m-%d")
-        grouped[key] += rec["amount"]
+    for sl in lists:
+        if sl.id in expense_map:
+            ts = sl.created_at or datetime.now(timezone.utc)
+            if range_type == "monthly":
+                key = ts.strftime("%Y-%m")
+            elif range_type == "quarterly":
+                key = f"{ts.year}-Q{((ts.month - 1) // 3 + 1)}"
+            elif range_type == "halfyearly":
+                key = f"{ts.year}-H{1 if ts.month <= 6 else 2}"
+            elif range_type == "yearly":
+                key = str(ts.year)
+            else:
+                key = ts.strftime("%Y-%m-%d")
+            grouped[key] += expense_map[sl.id]
 
     labels = sorted(grouped)
     expenses = [round(grouped[l], 2) for l in labels]
@@ -882,6 +928,7 @@ def main_page():
             )
         return query
 
+    # Pobranie list
     if current_user.is_authenticated:
         user_lists = (
             date_filter(
@@ -934,8 +981,47 @@ def main_page():
             .all()
         )
 
-    for l in user_lists + public_lists + archived_lists:
-        enrich_list_data(l)
+    all_lists = user_lists + public_lists + archived_lists
+    all_ids = [l.id for l in all_lists]
+
+    if all_ids:
+        # statystyki produktów
+        stats = (
+            db.session.query(
+                Item.list_id,
+                func.count(Item.id).label("total_count"),
+                func.sum(case((Item.purchased == True, 1), else_=0)).label(
+                    "purchased_count"
+                ),
+            )
+            .filter(Item.list_id.in_(all_ids))
+            .group_by(Item.list_id)
+            .all()
+        )
+        stats_map = {
+            s.list_id: (s.total_count or 0, s.purchased_count or 0) for s in stats
+        }
+
+        # ostatnia kwota (w tym przypadku max = suma z ostatniego zapisu)
+        latest_expenses_map = dict(
+            db.session.query(
+                Expense.list_id, func.coalesce(func.max(Expense.amount), 0)
+            )
+            .filter(Expense.list_id.in_(all_ids))
+            .group_by(Expense.list_id)
+            .all()
+        )
+
+        for l in all_lists:
+            total_count, purchased_count = stats_map.get(l.id, (0, 0))
+            l.total_count = total_count
+            l.purchased_count = purchased_count
+            l.total_expense = latest_expenses_map.get(l.id, 0)
+    else:
+        for l in all_lists:
+            l.total_count = 0
+            l.purchased_count = 0
+            l.total_expense = 0
 
     return render_template(
         "main.html",
@@ -1197,7 +1283,9 @@ def view_list(list_id):
 
     for item in items:
         if item.added_by != shopping_list.owner_id:
-            item.added_by_display = item.added_by_user.username if item.added_by_user else "?"
+            item.added_by_display = (
+                item.added_by_user.username if item.added_by_user else "?"
+            )
         else:
             item.added_by_display = None
 
@@ -1226,11 +1314,12 @@ def user_expenses():
     start = None
     end = None
 
-    expenses_query = Expense.query.join(
-        ShoppingList, Expense.list_id == ShoppingList.id
-    ).options(joinedload(Expense.list))
+    expenses_query = Expense.query.options(
+        joinedload(Expense.shopping_list).joinedload(ShoppingList.owner),
+        joinedload(Expense.shopping_list).joinedload(ShoppingList.expenses),
+    ).join(ShoppingList, Expense.list_id == ShoppingList.id)
 
-    # Jeśli show_all to False, filtruj tylko po bieżącym użytkowniku
+    # Filtry dostępu
     if not show_all:
         expenses_query = expenses_query.filter(ShoppingList.owner_id == current_user.id)
     else:
@@ -1240,6 +1329,7 @@ def user_expenses():
             )
         )
 
+    # Filtr daty
     if start_date_str and end_date_str:
         try:
             start = datetime.strptime(start_date_str, "%Y-%m-%d")
@@ -1250,37 +1340,43 @@ def user_expenses():
         except ValueError:
             flash("Błędny zakres dat", "danger")
 
+    # Pobranie wszystkich wydatków z powiązanymi listami
     expenses = expenses_query.order_by(Expense.added_at.desc()).all()
 
+    # Zbiorcze sumowanie wydatków per lista w SQL
     list_ids = {e.list_id for e in expenses}
-    lists = (
-        ShoppingList.query.filter(ShoppingList.id.in_(list_ids))
-        .order_by(ShoppingList.created_at.desc())
-        .all()
-    )
+    totals_map = {}
+    if list_ids:
+        totals = (
+            db.session.query(
+                Expense.list_id, func.sum(Expense.amount).label("total_expense")
+            )
+            .filter(Expense.list_id.in_(list_ids))
+            .group_by(Expense.list_id)
+            .all()
+        )
+        totals_map = {t.list_id: t.total_expense or 0 for t in totals}
 
+    # Tabela wydatków
     expense_table = [
         {
-            "title": e.list.title if e.list else "Nieznana",
+            "title": e.shopping_list.title if e.shopping_list else "Nieznana",
             "amount": e.amount,
             "added_at": e.added_at,
         }
         for e in expenses
     ]
 
+    # Lista z danymi i sumami
     lists_data = [
         {
             "id": l.id,
             "title": l.title,
             "created_at": l.created_at,
-            "total_expense": sum(
-                e.amount
-                for e in l.expenses
-                if (not start or not end) or (e.added_at >= start and e.added_at < end)
-            ),
+            "total_expense": totals_map.get(l.id, 0),
             "owner_username": l.owner.username if l.owner else "?",
         }
-        for l in lists
+        for l in {e.shopping_list for e in expenses if e.shopping_list}
     ]
 
     return render_template(
@@ -1299,7 +1395,7 @@ def user_expenses_data():
     end_date = request.args.get("end_date")
     show_all = request.args.get("show_all", "false").lower() == "true"
 
-    result = get_expenses_aggregated_by_list_created_at(
+    result = get_total_expenses_grouped_by_list_created_at(
         user_only=True,
         admin=False,
         show_all=show_all,
@@ -1324,13 +1420,16 @@ def shared_list(token=None, list_id=None):
 
         list_id = shopping_list.id
 
+    total_expense = get_total_expense_for_list(list_id)
     shopping_list, items, receipt_files, expenses, total_expense = get_list_details(
         list_id
     )
 
     for item in items:
         if item.added_by != shopping_list.owner_id:
-            item.added_by_display = item.added_by_user.username if item.added_by_user else "?"
+            item.added_by_display = (
+                item.added_by_user.username if item.added_by_user else "?"
+            )
         else:
             item.added_by_display = None
 
@@ -1456,7 +1555,7 @@ def upload_receipt(list_id):
         except ValueError as e:
             return _receipt_error(str(e))
 
-        filesize = os.path.getsize(file_path) if os.path.exists(file_path) else None
+        filesize = os.path.getsize(file_path)
         uploaded_at = datetime.now(timezone.utc)
 
         new_receipt = Receipt(
@@ -1625,21 +1724,59 @@ def crop_receipt_user():
 def admin_panel():
     now = datetime.now(timezone.utc)
 
+    # Liczniki globalne
     user_count = User.query.count()
     list_count = ShoppingList.query.count()
     item_count = Item.query.count()
-    all_lists = ShoppingList.query.options(db.joinedload(ShoppingList.owner)).all()
-    all_files = os.listdir(app.config["UPLOAD_FOLDER"])
+
+    all_lists = ShoppingList.query.options(
+        joinedload(ShoppingList.owner),
+        joinedload(ShoppingList.items),
+        joinedload(ShoppingList.receipts),
+        joinedload(ShoppingList.expenses),
+    ).all()
+
+    all_ids = [l.id for l in all_lists]
+
+    stats_map = {}
+    latest_expenses_map = {}
+
+    if all_ids:
+        # Statystyki produktów
+        stats = (
+            db.session.query(
+                Item.list_id,
+                func.count(Item.id).label("total_count"),
+                func.sum(case((Item.purchased == True, 1), else_=0)).label(
+                    "purchased_count"
+                ),
+            )
+            .filter(Item.list_id.in_(all_ids))
+            .group_by(Item.list_id)
+            .all()
+        )
+
+        stats_map = {
+            s.list_id: (s.total_count or 0, s.purchased_count or 0) for s in stats
+        }
+
+        # Pobranie ostatnich kwot dla wszystkich list w jednym zapytaniu
+        latest_expenses_map = dict(
+            db.session.query(
+                Expense.list_id, func.coalesce(func.max(Expense.amount), 0)
+            )
+            .filter(Expense.list_id.in_(all_ids))
+            .group_by(Expense.list_id)
+            .all()
+        )
 
     enriched_lists = []
     for l in all_lists:
-        enrich_list_data(l)
-        items = Item.query.filter_by(list_id=l.id).all()
-        total_count = l.total_count
-        purchased_count = l.purchased_count
+        total_count, purchased_count = stats_map.get(l.id, (0, 0))
         percent = (purchased_count / total_count * 100) if total_count > 0 else 0
-        comments_count = len([i for i in items if i.note and i.note.strip() != ""])
-        receipts_count = Receipt.query.filter_by(list_id=l.id).count()
+        comments_count = sum(1 for i in l.items if i.note and i.note.strip() != "")
+        receipts_count = len(l.receipts)
+        total_expense = latest_expenses_map.get(l.id, 0)
 
         if l.is_temporary and l.expires_at:
             expires_at = l.expires_at
@@ -1657,11 +1794,12 @@ def admin_panel():
                 "percent": round(percent),
                 "comments_count": comments_count,
                 "receipts_count": receipts_count,
-                "total_expense": l.total_expense,
+                "total_expense": total_expense,
                 "expired": is_expired,
             }
         )
 
+    # Top produkty
     top_products = (
         db.session.query(Item.name, func.count(Item.id).label("count"))
         .filter(Item.purchased.is_(True))
@@ -1672,8 +1810,9 @@ def admin_panel():
     )
 
     purchased_items_count = Item.query.filter_by(purchased=True).count()
-    total_expense_sum = db.session.query(func.sum(Expense.amount)).scalar() or 0
 
+    # Podsumowania wydatków globalnych
+    total_expense_sum = db.session.query(func.sum(Expense.amount)).scalar() or 0
     current_time = datetime.now(timezone.utc)
     current_year = current_time.year
     current_month = current_time.month
@@ -1682,21 +1821,19 @@ def admin_panel():
         db.session.query(func.sum(Expense.amount))
         .filter(extract("year", Expense.added_at) == current_year)
         .scalar()
-        or 0
-    )
+    ) or 0
 
     month_expense_sum = (
         db.session.query(func.sum(Expense.amount))
         .filter(extract("year", Expense.added_at) == current_year)
         .filter(extract("month", Expense.added_at) == current_month)
         .scalar()
-        or 0
-    )
+    ) or 0
 
+    # Statystyki systemowe
     process = psutil.Process(os.getpid())
     app_mem = process.memory_info().rss // (1024 * 1024)  # MB
 
-    # Engine info
     db_engine = db.engine
     db_info = {
         "engine": db_engine.name,
@@ -1704,11 +1841,9 @@ def admin_panel():
         "url": str(db_engine.url).split("?")[0],
     }
 
-    # Tabele
     inspector = inspect(db_engine)
     table_count = len(inspector.get_table_names())
 
-    # Rekordy (szybkie zliczenie)
     record_total = (
         db.session.query(func.count(User.id)).scalar()
         + db.session.query(func.count(ShoppingList.id)).scalar()
@@ -1717,7 +1852,6 @@ def admin_panel():
         + db.session.query(func.count(Expense.id)).scalar()
     )
 
-    # Uptime
     uptime_minutes = int(
         (datetime.now(timezone.utc) - app_start_time).total_seconds() // 60
     )
@@ -1999,22 +2133,23 @@ def delete_selected_lists():
 @login_required
 @admin_required
 def edit_list(list_id):
-    l = db.session.get(ShoppingList, list_id)
+    # Pobieramy listę z powiązanymi danymi jednym zapytaniem
+    l = (
+        db.session.query(ShoppingList)
+        .options(
+            joinedload(ShoppingList.expenses),
+            joinedload(ShoppingList.receipts),
+            joinedload(ShoppingList.owner),
+            joinedload(ShoppingList.items),
+        )
+        .get(list_id)
+    )
+
     if l is None:
         abort(404)
 
-    expenses = Expense.query.filter_by(list_id=list_id).all()
-    total_expense = sum(e.amount for e in expenses)
-    users = User.query.all()
-    items = (
-        db.session.query(Item).filter_by(list_id=list_id).order_by(Item.id.desc()).all()
-    )
-
-    receipts = (
-        Receipt.query.filter_by(list_id=list_id)
-        .order_by(Receipt.uploaded_at.desc())
-        .all()
-    )
+    # Suma wydatków z listy
+    total_expense = get_total_expense_for_list(l.id)
 
     if request.method == "POST":
         action = request.form.get("action")
@@ -2064,7 +2199,7 @@ def edit_list(list_id):
             if new_amount_str:
                 try:
                     new_amount = float(new_amount_str)
-                    for expense in expenses:
+                    for expense in l.expenses:
                         db.session.delete(expense)
                     db.session.commit()
                     db.session.add(Expense(list_id=list_id, amount=new_amount))
@@ -2184,6 +2319,11 @@ def edit_list(list_id):
                 flash("Nie znaleziono produktu", "danger")
             return redirect(url_for("edit_list", list_id=list_id))
 
+    # Dane do widoku
+    users = User.query.all()
+    items = l.items
+    receipts = l.receipts
+
     return render_template(
         "admin/edit_list.html",
         list=l,
@@ -2191,7 +2331,6 @@ def edit_list(list_id):
         users=users,
         items=items,
         receipts=receipts,
-        upload_folder=app.config["UPLOAD_FOLDER"],
     )
 
 
@@ -2269,7 +2408,7 @@ def admin_expenses_data():
     start_date = request.args.get("start_date")
     end_date = request.args.get("end_date")
 
-    result = get_expenses_aggregated_by_list_created_at(
+    result = get_total_expenses_grouped_by_list_created_at(
         user_only=False,
         admin=True,
         show_all=True,
diff --git a/config.py b/config.py
index f5349f5..8866df9 100644
--- a/config.py
+++ b/config.py
@@ -6,7 +6,7 @@ class Config:
 
     DB_ENGINE = os.environ.get("DB_ENGINE", "sqlite").lower()
     if DB_ENGINE == "sqlite":
-        SQLALCHEMY_DATABASE_URI = f"sqlite:///{os.path.join(basedir, 'instance', 'shopping.db')}"
+        SQLALCHEMY_DATABASE_URI = f"sqlite:///{os.path.join(basedir, 'database', 'shopping.db')}"
     elif DB_ENGINE == "pgsql":
         SQLALCHEMY_DATABASE_URI = f"postgresql://{os.environ['DB_USER']}:{os.environ['DB_PASSWORD']}@{os.environ['DB_HOST']}:{os.environ.get('DB_PORT', 5432)}/{os.environ['DB_NAME']}"
     elif DB_ENGINE == "mysql":
-- 
2.43.0


From 8f6669cb4194c7f02308b9ba515fb7f338caafa3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Tue, 29 Jul 2025 12:19:36 +0200
Subject: [PATCH 02/23] poprawnie zliczanie rekordow w bazie

---
 app.py | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/app.py b/app.py
index 97b170c..141dc67 100644
--- a/app.py
+++ b/app.py
@@ -355,6 +355,16 @@ def enrich_list_data(l):
     return l
 
 
+def get_total_records():
+    total = 0
+    inspector = inspect(db.engine)
+    with db.engine.connect() as conn:
+        for table_name in inspector.get_table_names():
+            count = conn.execute(text(f"SELECT COUNT(*) FROM {table_name}")).scalar()
+            total += count
+    return total
+
+
 def save_resized_image(file, path):
     try:
         image = Image.open(file)
@@ -1844,13 +1854,7 @@ def admin_panel():
     inspector = inspect(db_engine)
     table_count = len(inspector.get_table_names())
 
-    record_total = (
-        db.session.query(func.count(User.id)).scalar()
-        + db.session.query(func.count(ShoppingList.id)).scalar()
-        + db.session.query(func.count(Item.id)).scalar()
-        + db.session.query(func.count(Receipt.id)).scalar()
-        + db.session.query(func.count(Expense.id)).scalar()
-    )
+    record_total = get_total_records()
 
     uptime_minutes = int(
         (datetime.now(timezone.utc) - app_start_time).total_seconds() // 60
-- 
2.43.0


From a1fee7caafea0523af013629534cbe00316a43a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Tue, 29 Jul 2025 12:26:36 +0200
Subject: [PATCH 03/23] poprawnie zliczanie rekordow w bazie

---
 app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app.py b/app.py
index 141dc67..0461f72 100644
--- a/app.py
+++ b/app.py
@@ -44,7 +44,7 @@ from config import Config
 from PIL import Image, ExifTags, ImageFilter, ImageOps
 from werkzeug.utils import secure_filename
 from werkzeug.middleware.proxy_fix import ProxyFix
-from sqlalchemy import func, extract, inspect, or_, case
+from sqlalchemy import func, extract, inspect, or_, case, text
 from sqlalchemy.orm import joinedload
 from collections import defaultdict, deque
 from functools import wraps
-- 
2.43.0


From 22c146b313d03abd7db9070c1e5c700350b2296a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?= <gru@macbook.net.r.local>
Date: Tue, 29 Jul 2025 23:35:55 +0200
Subject: [PATCH 04/23] sesje baza i inne hashowanie

---
 .env.example     |  1 +
 app.py           | 41 +++++++++++++++++++++++++++++++++++------
 config.py        |  5 ++++-
 requirements.txt |  3 ++-
 4 files changed, 42 insertions(+), 8 deletions(-)

diff --git a/.env.example b/.env.example
index 217aac8..fbdc3c8 100644
--- a/.env.example
+++ b/.env.example
@@ -158,3 +158,4 @@ LIB_CSS_CACHE_CONTROL="public, max-age=604800"
 # Domyślnie: "public, max-age=2592000, immutable"
 UPLOADS_CACHE_CONTROL="public, max-age=2592000, immutable"
 
+BCRYPT_PEPPER=sekretnyKluczbcrypt
\ No newline at end of file
diff --git a/app.py b/app.py
index 0461f72..bfecce7 100644
--- a/app.py
+++ b/app.py
@@ -9,6 +9,7 @@ import psutil
 import hashlib
 import re
 import traceback
+import bcrypt
 
 from pillow_heif import register_heif_opener
 from datetime import datetime, timedelta, UTC, timezone
@@ -49,6 +50,7 @@ from sqlalchemy.orm import joinedload
 from collections import defaultdict, deque
 from functools import wraps
 from flask_talisman import Talisman
+from flask_session import Session
 
 # OCR
 import pytesseract
@@ -103,9 +105,11 @@ AUTHORIZED_COOKIE_VALUE = app.config.get("AUTHORIZED_COOKIE_VALUE", "80d31cdfe63
 AUTH_COOKIE_MAX_AGE = app.config.get("AUTH_COOKIE_MAX_AGE", 86400)
 HEALTHCHECK_TOKEN = app.config.get("HEALTHCHECK_TOKEN", "alamapsaikota1234")
 SESSION_TIMEOUT_MINUTES = int(app.config.get("SESSION_TIMEOUT_MINUTES", 10080))
+SESSION_COOKIE_SECURE = app.config.get("SESSION_COOKIE_SECURE")
 
 app.config["COMPRESS_ALGORITHM"] = ["zstd", "br", "gzip", "deflate"]
 app.config["PERMANENT_SESSION_LIFETIME"] = timedelta(minutes=SESSION_TIMEOUT_MINUTES)
+
 app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1)
 DEBUG_MODE = app.config.get("DEBUG_MODE", False)
 
@@ -128,6 +132,13 @@ socketio = SocketIO(app, async_mode="eventlet")
 login_manager = LoginManager(app)
 login_manager.login_view = "login"
 
+
+# flask-session
+app.config["SESSION_TYPE"] = "sqlalchemy"
+app.config["SESSION_SQLALCHEMY"] = db  # instancja SQLAlchemy
+Session(app)
+
+
 # flask-compress
 compress = Compress()
 compress.init_app(app)
@@ -236,10 +247,11 @@ with app.app_context():
     admin = User.query.filter_by(is_admin=True).first()
     username = app.config.get("DEFAULT_ADMIN_USERNAME", "admin")
     password = app.config.get("DEFAULT_ADMIN_PASSWORD", "admin123")
-    password_hash = generate_password_hash(password)
+    #password_hash = generate_password_hash(password)
+    password_hash = hash_password(password)
     if admin:
-        if admin.username != username or not check_password_hash(
-            admin.password_hash, password
+        if admin.username != username or not check_password(
+                admin.password_hash, password
         ):
             admin.username = username
             admin.password_hash = password_hash
@@ -293,6 +305,20 @@ def serve_css_lib(filename):
 app.register_blueprint(static_bp)
 
 
+def hash_password(password):
+    pepper = app.config["BCRYPT_PEPPER"]
+    peppered = (password + pepper).encode("utf-8")
+    salt = bcrypt.gensalt()
+    hashed = bcrypt.hashpw(peppered, salt)
+    return hashed.decode("utf-8")
+
+
+def check_password(stored_hash, password_input):
+    pepper = app.config["BCRYPT_PEPPER"]
+    peppered = (password_input + pepper).encode("utf-8")
+    return bcrypt.checkpw(peppered, stored_hash.encode("utf-8"))
+
+
 def allowed_file(filename):
     return "." in filename and filename.rsplit(".", 1)[1].lower() in ALLOWED_EXTENSIONS
 
@@ -1237,7 +1263,8 @@ def login():
     if request.method == "POST":
         username_input = request.form["username"].lower()
         user = User.query.filter(func.lower(User.username) == username_input).first()
-        if user and check_password_hash(user.password_hash, request.form["password"]):
+        #if user and check_password_hash(user.password_hash, request.form["password"]):
+        if user and check_password(user.password_hash, request.form["password"]):
             session.permanent = True
             login_user(user)
             # session["logged"] = True
@@ -1912,7 +1939,8 @@ def add_user():
         flash("Użytkownik o takiej nazwie już istnieje", "warning")
         return redirect(url_for("list_users"))
 
-    hashed_password = generate_password_hash(password)
+    #hashed_password = generate_password_hash(password)
+    hashed_password = hash_password(password)
     new_user = User(username=username, password_hash=hashed_password)
     db.session.add(new_user)
     db.session.commit()
@@ -1950,7 +1978,8 @@ def reset_password(user_id):
         flash("Podaj nowe hasło", "danger")
         return redirect(url_for("list_users"))
 
-    user.password_hash = generate_password_hash(new_password)
+    #user.password_hash = generate_password_hash(new_password)
+    user.password_hash = hash_password(new_password)
     db.session.commit()
     flash(f"Hasło dla użytkownika {user.username} zostało zaktualizowane", "success")
     return redirect(url_for("list_users"))
diff --git a/config.py b/config.py
index 8866df9..815ba57 100644
--- a/config.py
+++ b/config.py
@@ -45,4 +45,7 @@ class Config:
     CSS_CACHE_CONTROL = os.environ.get("CSS_CACHE_CONTROL", "public, max-age=3600")
     LIB_JS_CACHE_CONTROL = os.environ.get("LIB_JS_CACHE_CONTROL", "public, max-age=604800")
     LIB_CSS_CACHE_CONTROL = os.environ.get("LIB_CSS_CACHE_CONTROL", "public, max-age=604800")
-    UPLOADS_CACHE_CONTROL = os.environ.get("UPLOADS_CACHE_CONTROL", "public, max-age=2592000, immutable")
\ No newline at end of file
+    UPLOADS_CACHE_CONTROL = os.environ.get("UPLOADS_CACHE_CONTROL", "public, max-age=2592000, immutable")
+
+    BCRYPT_PEPPER = os.environ.get("BCRYPT_PEPPER", "sekretnyKluczBcrypt")
+
diff --git a/requirements.txt b/requirements.txt
index 1d18911..84e1cf4 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -14,4 +14,5 @@ opencv-python-headless
 psycopg2-binary # pgsql
 pymysql         # mysql
 cryptography    # mysql8
-flask-talisman  # nagłówki
\ No newline at end of file
+flask-talisman  # nagłówki
+bcrypt
\ No newline at end of file
-- 
2.43.0


From 54fe9fd7a77e1cb75c868ca4ada1fb352deb4704 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?= <gru@macbook.net.r.local>
Date: Tue, 29 Jul 2025 23:37:55 +0200
Subject: [PATCH 05/23] sesje baza i inne hashowanie

---
 requirements.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 84e1cf4..600ed1b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -15,4 +15,5 @@ psycopg2-binary # pgsql
 pymysql         # mysql
 cryptography    # mysql8
 flask-talisman  # nagłówki
-bcrypt
\ No newline at end of file
+bcrypt
+Flask-Session
\ No newline at end of file
-- 
2.43.0


From 132c04215ec19bba1da3ac5dc9fd07b2b2f1f01a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?= <gru@macbook.net.r.local>
Date: Tue, 29 Jul 2025 23:39:49 +0200
Subject: [PATCH 06/23] sesje baza i inne hashowanie

---
 app.py | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/app.py b/app.py
index bfecce7..8cd7bd1 100644
--- a/app.py
+++ b/app.py
@@ -234,6 +234,20 @@ class Receipt(db.Model):
     shopping_list = db.relationship("ShoppingList", back_populates="receipts")
 
 
+def hash_password(password):
+    pepper = app.config["BCRYPT_PEPPER"]
+    peppered = (password + pepper).encode("utf-8")
+    salt = bcrypt.gensalt()
+    hashed = bcrypt.hashpw(peppered, salt)
+    return hashed.decode("utf-8")
+
+
+def check_password(stored_hash, password_input):
+    pepper = app.config["BCRYPT_PEPPER"]
+    peppered = (password_input + pepper).encode("utf-8")
+    return bcrypt.checkpw(peppered, stored_hash.encode("utf-8"))
+
+
 if app.config["SQLALCHEMY_DATABASE_URI"].startswith("sqlite:///"):
     db_path = app.config["SQLALCHEMY_DATABASE_URI"].replace("sqlite:///", "", 1)
     db_dir = os.path.dirname(db_path)
@@ -305,19 +319,6 @@ def serve_css_lib(filename):
 app.register_blueprint(static_bp)
 
 
-def hash_password(password):
-    pepper = app.config["BCRYPT_PEPPER"]
-    peppered = (password + pepper).encode("utf-8")
-    salt = bcrypt.gensalt()
-    hashed = bcrypt.hashpw(peppered, salt)
-    return hashed.decode("utf-8")
-
-
-def check_password(stored_hash, password_input):
-    pepper = app.config["BCRYPT_PEPPER"]
-    peppered = (password_input + pepper).encode("utf-8")
-    return bcrypt.checkpw(peppered, stored_hash.encode("utf-8"))
-
 
 def allowed_file(filename):
     return "." in filename and filename.rsplit(".", 1)[1].lower() in ALLOWED_EXTENSIONS
-- 
2.43.0


From abca2e505d1122b067263c98ec5666459738f281 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?= <gru@macbook.net.r.local>
Date: Tue, 29 Jul 2025 23:42:07 +0200
Subject: [PATCH 07/23] sesje baza i inne hashowanie

---
 app.py | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/app.py b/app.py
index 8cd7bd1..8797e1f 100644
--- a/app.py
+++ b/app.py
@@ -243,9 +243,33 @@ def hash_password(password):
 
 
 def check_password(stored_hash, password_input):
+    """Obsługuje zarówno hashe bcrypt (nowe), jak i stare Werkzeugowe (PBKDF2)."""
     pepper = app.config["BCRYPT_PEPPER"]
     peppered = (password_input + pepper).encode("utf-8")
-    return bcrypt.checkpw(peppered, stored_hash.encode("utf-8"))
+
+    # Rozpoznaj format hasha
+    if stored_hash.startswith("$2b$") or stored_hash.startswith("$2a$"):
+        # bcrypt
+        try:
+            return bcrypt.checkpw(peppered, stored_hash.encode("utf-8"))
+        except Exception:
+            return False
+    elif stored_hash.startswith("pbkdf2:"):
+        # STARY HASH! (Werkzeug)
+        # opcjonalnie: zrób check_password_hash, pozwól się zalogować, wymuś zmianę hasła
+        from werkzeug.security import check_password_hash
+        if check_password_hash(stored_hash, password_input):
+            # tu np. możesz zapisać nowe hasło w formie bcrypt!
+            # user.password_hash = hash_password(password_input)
+            # db.session.commit()
+            print("Użytkownik loguje się starym hasłem: wymuś zmianę na nowe!")
+            return True  # POZWÓL JEDNORAZOWO
+        else:
+            return False
+    else:
+        # Nieznany format
+        return False
+
 
 
 if app.config["SQLALCHEMY_DATABASE_URI"].startswith("sqlite:///"):
-- 
2.43.0


From 4f8c5b27d197ebcb35f923c9bcc0abe28cc2cb4a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?= <gru@macbook.net.r.local>
Date: Tue, 29 Jul 2025 23:44:04 +0200
Subject: [PATCH 08/23] sesje baza i inne hashowanie

---
 app.py | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/app.py b/app.py
index 8797e1f..8dd2cc7 100644
--- a/app.py
+++ b/app.py
@@ -279,27 +279,29 @@ if app.config["SQLALCHEMY_DATABASE_URI"].startswith("sqlite:///"):
         os.makedirs(db_dir, exist_ok=True)
         print(f"Utworzono katalog bazy: {db_dir}")
 
-with app.app_context():
-    db.create_all()
 
-    admin = User.query.filter_by(is_admin=True).first()
-    username = app.config.get("DEFAULT_ADMIN_USERNAME", "admin")
-    password = app.config.get("DEFAULT_ADMIN_PASSWORD", "admin123")
-    #password_hash = generate_password_hash(password)
-    password_hash = hash_password(password)
+with app.app_context():
+    admin_username = app.config.get("DEFAULT_ADMIN_USERNAME", "admin")
+    admin_password = app.config.get("DEFAULT_ADMIN_PASSWORD", "admin123")
+    password_hash = hash_password(admin_password)
+
+    # Szukamy użytkownika o loginie "admin"
+    admin = User.query.filter_by(username=admin_username).first()
+
     if admin:
-        if admin.username != username or not check_password(
-                admin.password_hash, password
-        ):
-            admin.username = username
-            admin.password_hash = password_hash
-            db.session.commit()
+        if not admin.is_admin:
+            admin.is_admin = True  # Ustaw admina jeśli był user ale nie admin
+        if not check_password(admin.password_hash, admin_password):
+            admin.password_hash = password_hash  # Ewentualna zmiana hasła
+        db.session.commit()
     else:
-        admin = User(username=username, password_hash=password_hash, is_admin=True)
+        # Tworzymy tylko jeśli NIE istnieje taki username!
+        admin = User(username=admin_username, password_hash=password_hash, is_admin=True)
         db.session.add(admin)
         db.session.commit()
 
 
+
 @static_bp.route("/static/js/<path:filename>")
 def serve_js(filename):
     response = send_from_directory("static/js", filename)
-- 
2.43.0


From b8fe02c96f273d3c35009b0521b2bf58dffba898 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?= <gru@macbook.net.r.local>
Date: Tue, 29 Jul 2025 23:55:19 +0200
Subject: [PATCH 09/23] sesje baza i inne hashowanie

---
 app.py | 27 +--------------------------
 1 file changed, 1 insertion(+), 26 deletions(-)

diff --git a/app.py b/app.py
index 8dd2cc7..22984a9 100644
--- a/app.py
+++ b/app.py
@@ -40,10 +40,8 @@ from flask_login import (
 )
 from flask_compress import Compress
 from flask_socketio import SocketIO, emit, join_room
-from werkzeug.security import generate_password_hash, check_password_hash
 from config import Config
 from PIL import Image, ExifTags, ImageFilter, ImageOps
-from werkzeug.utils import secure_filename
 from werkzeug.middleware.proxy_fix import ProxyFix
 from sqlalchemy import func, extract, inspect, or_, case, text
 from sqlalchemy.orm import joinedload
@@ -126,7 +124,6 @@ WEBP_SAVE_PARAMS = {
     # "quality": 95,  # tylko jeśli lossless=False
 }
 
-
 db = SQLAlchemy(app)
 socketio = SocketIO(app, async_mode="eventlet")
 login_manager = LoginManager(app)
@@ -243,33 +240,14 @@ def hash_password(password):
 
 
 def check_password(stored_hash, password_input):
-    """Obsługuje zarówno hashe bcrypt (nowe), jak i stare Werkzeugowe (PBKDF2)."""
     pepper = app.config["BCRYPT_PEPPER"]
     peppered = (password_input + pepper).encode("utf-8")
-
-    # Rozpoznaj format hasha
     if stored_hash.startswith("$2b$") or stored_hash.startswith("$2a$"):
-        # bcrypt
         try:
             return bcrypt.checkpw(peppered, stored_hash.encode("utf-8"))
         except Exception:
             return False
-    elif stored_hash.startswith("pbkdf2:"):
-        # STARY HASH! (Werkzeug)
-        # opcjonalnie: zrób check_password_hash, pozwól się zalogować, wymuś zmianę hasła
-        from werkzeug.security import check_password_hash
-        if check_password_hash(stored_hash, password_input):
-            # tu np. możesz zapisać nowe hasło w formie bcrypt!
-            # user.password_hash = hash_password(password_input)
-            # db.session.commit()
-            print("Użytkownik loguje się starym hasłem: wymuś zmianę na nowe!")
-            return True  # POZWÓL JEDNORAZOWO
-        else:
-            return False
-    else:
-        # Nieznany format
-        return False
-
+    return False
 
 
 if app.config["SQLALCHEMY_DATABASE_URI"].startswith("sqlite:///"):
@@ -1290,7 +1268,6 @@ def login():
     if request.method == "POST":
         username_input = request.form["username"].lower()
         user = User.query.filter(func.lower(User.username) == username_input).first()
-        #if user and check_password_hash(user.password_hash, request.form["password"]):
         if user and check_password(user.password_hash, request.form["password"]):
             session.permanent = True
             login_user(user)
@@ -1966,7 +1943,6 @@ def add_user():
         flash("Użytkownik o takiej nazwie już istnieje", "warning")
         return redirect(url_for("list_users"))
 
-    #hashed_password = generate_password_hash(password)
     hashed_password = hash_password(password)
     new_user = User(username=username, password_hash=hashed_password)
     db.session.add(new_user)
@@ -2005,7 +1981,6 @@ def reset_password(user_id):
         flash("Podaj nowe hasło", "danger")
         return redirect(url_for("list_users"))
 
-    #user.password_hash = generate_password_hash(new_password)
     user.password_hash = hash_password(new_password)
     db.session.commit()
     flash(f"Hasło dla użytkownika {user.username} zostało zaktualizowane", "success")
-- 
2.43.0


From e25ea1e4fbc5d259a0b2849d50ff9016b4165f8c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Wed, 30 Jul 2025 09:48:28 +0200
Subject: [PATCH 10/23] fix tworzenia baz

---
 app.py        | 91 ++++++++++++++++++++-------------------------------
 config.py     | 42 +++++++++++++++++-------
 entrypoint.sh |  2 +-
 3 files changed, 66 insertions(+), 69 deletions(-)

diff --git a/app.py b/app.py
index 22984a9..a26fd14 100644
--- a/app.py
+++ b/app.py
@@ -81,7 +81,6 @@ talisman_kwargs = {
     "content_security_policy": csp_policy,
     "x_content_type_options": app.config.get("ENABLE_XCTO", True),
     "strict_transport_security_include_subdomains": False,
-    "session_cookie_secure": app.config.get("SESSION_COOKIE_SECURE", False),
 }
 
 referrer_policy = app.config.get("REFERRER_POLICY")
@@ -91,18 +90,17 @@ if referrer_policy:
 talisman = Talisman(app, **talisman_kwargs)
 
 register_heif_opener()  # pillow_heif dla HEIC
-
-ALLOWED_EXTENSIONS = {"png", "jpg", "jpeg", "gif", "webp", "heic"}
 SQLALCHEMY_ECHO = True
+ALLOWED_EXTENSIONS = {"png", "jpg", "jpeg", "gif", "webp", "heic"}
 
-SYSTEM_PASSWORD = app.config.get("SYSTEM_PASSWORD", "changeme")
-DEFAULT_ADMIN_USERNAME = app.config.get("DEFAULT_ADMIN_USERNAME", "admin")
-DEFAULT_ADMIN_PASSWORD = app.config.get("DEFAULT_ADMIN_PASSWORD", "admin123")
-UPLOAD_FOLDER = app.config.get("UPLOAD_FOLDER", "uploads")
-AUTHORIZED_COOKIE_VALUE = app.config.get("AUTHORIZED_COOKIE_VALUE", "80d31cdfe63539c9")
-AUTH_COOKIE_MAX_AGE = app.config.get("AUTH_COOKIE_MAX_AGE", 86400)
-HEALTHCHECK_TOKEN = app.config.get("HEALTHCHECK_TOKEN", "alamapsaikota1234")
-SESSION_TIMEOUT_MINUTES = int(app.config.get("SESSION_TIMEOUT_MINUTES", 10080))
+SYSTEM_PASSWORD = app.config.get("SYSTEM_PASSWORD")
+DEFAULT_ADMIN_USERNAME = app.config.get("DEFAULT_ADMIN_USERNAME")
+DEFAULT_ADMIN_PASSWORD = app.config.get("DEFAULT_ADMIN_PASSWORD")
+UPLOAD_FOLDER = app.config.get("UPLOAD_FOLDER")
+AUTHORIZED_COOKIE_VALUE = app.config.get("AUTHORIZED_COOKIE_VALUE")
+AUTH_COOKIE_MAX_AGE = app.config.get("AUTH_COOKIE_MAX_AGE")
+HEALTHCHECK_TOKEN = app.config.get("HEALTHCHECK_TOKEN")
+SESSION_TIMEOUT_MINUTES = int(app.config.get("SESSION_TIMEOUT_MINUTES"))
 SESSION_COOKIE_SECURE = app.config.get("SESSION_COOKIE_SECURE")
 
 app.config["COMPRESS_ALGORITHM"] = ["zstd", "br", "gzip", "deflate"]
@@ -259,8 +257,10 @@ if app.config["SQLALCHEMY_DATABASE_URI"].startswith("sqlite:///"):
 
 
 with app.app_context():
-    admin_username = app.config.get("DEFAULT_ADMIN_USERNAME", "admin")
-    admin_password = app.config.get("DEFAULT_ADMIN_PASSWORD", "admin123")
+    db.create_all()
+
+    admin_username = DEFAULT_ADMIN_USERNAME
+    admin_password = DEFAULT_ADMIN_PASSWORD
     password_hash = hash_password(admin_password)
 
     # Szukamy użytkownika o loginie "admin"
@@ -270,16 +270,18 @@ with app.app_context():
         if not admin.is_admin:
             admin.is_admin = True  # Ustaw admina jeśli był user ale nie admin
         if not check_password(admin.password_hash, admin_password):
-            admin.password_hash = password_hash  # Ewentualna zmiana hasła
+            admin.password_hash = password_hash
+            print(f"[INFO] Zmieniono hasło admina '{admin_username}' z konfiguracji.")
         db.session.commit()
     else:
         # Tworzymy tylko jeśli NIE istnieje taki username!
-        admin = User(username=admin_username, password_hash=password_hash, is_admin=True)
+        admin = User(
+            username=admin_username, password_hash=password_hash, is_admin=True
+        )
         db.session.add(admin)
         db.session.commit()
 
 
-
 @static_bp.route("/static/js/<path:filename>")
 def serve_js(filename):
     response = send_from_directory("static/js", filename)
@@ -323,7 +325,6 @@ def serve_css_lib(filename):
 app.register_blueprint(static_bp)
 
 
-
 def allowed_file(filename):
     return "." in filename and filename.rsplit(".", 1)[1].lower() in ALLOWED_EXTENSIONS
 
@@ -2869,48 +2870,26 @@ def handle_unmark_not_purchased(data):
         emit("item_unmarked_not_purchased", {"item_id": item.id}, to=str(item.list_id))
 
 
-@app.cli.command("create_db")
+@app.cli.command("db_info")
 def create_db():
-    inspector = inspect(db.engine)
-    expected_tables = set(db.Model.metadata.tables.keys())
-    actual_tables = set(inspector.get_table_names())
-    missing_tables = expected_tables - actual_tables
-    extra_tables = actual_tables - expected_tables
+    with app.app_context():
+        inspector = inspect(db.engine)
+        actual_tables = inspector.get_table_names()
 
-    if missing_tables:
-        print(f"Brakuje tabel: {', '.join(sorted(missing_tables))}")
+        table_count = len(actual_tables)
+        record_total = 0
+        with db.engine.connect() as conn:
+            for table in actual_tables:
+                try:
+                    count = conn.execute(text(f"SELECT COUNT(*) FROM {table}")).scalar()
+                    record_total += count
+                except Exception:
+                    pass
 
-    if extra_tables:
-        print(f"Dodatkowe tabele w bazie: {', '.join(sorted(extra_tables))}")
-
-    critical_error = False
-
-    for table in expected_tables & actual_tables:
-        expected_columns = set(c.name for c in db.Model.metadata.tables[table].columns)
-        actual_columns = set(c["name"] for c in inspector.get_columns(table))
-        missing_cols = expected_columns - actual_columns
-        extra_cols = actual_columns - expected_columns
-
-        if missing_cols:
-            print(
-                f"Brakuje kolumn w tabeli '{table}': {', '.join(sorted(missing_cols))}"
-            )
-            critical_error = True
-
-        if extra_cols:
-            print(
-                f"Dodatkowe kolumny w tabeli '{table}': {', '.join(sorted(extra_cols))}"
-            )
-
-    if missing_tables or critical_error:
-        print("Struktura bazy jest niekompletna lub niezgodna. Przerwano.")
-        return
-
-    if not actual_tables:
-        db.create_all()
-        print("Utworzono strukturę bazy danych.")
-    else:
-        print("Struktura bazy danych jest poprawna.")
+        print("\nStruktura bazy danych jest poprawna.")
+        print(f"Silnik: {db.engine.name}")
+        print(f"Liczba tabel: {table_count}")
+        print(f"Łączna liczba rekordów: {record_total}")
 
 
 if __name__ == "__main__":
diff --git a/config.py b/config.py
index 815ba57..2419e97 100644
--- a/config.py
+++ b/config.py
@@ -1,12 +1,16 @@
 import os
+
 basedir = os.path.abspath(os.path.dirname(__file__))
 
+
 class Config:
     SECRET_KEY = os.environ.get("SECRET_KEY", "D8pceNZ8q%YR7^7F&9wAC2")
 
     DB_ENGINE = os.environ.get("DB_ENGINE", "sqlite").lower()
     if DB_ENGINE == "sqlite":
-        SQLALCHEMY_DATABASE_URI = f"sqlite:///{os.path.join(basedir, 'database', 'shopping.db')}"
+        SQLALCHEMY_DATABASE_URI = (
+            f"sqlite:///{os.path.join(basedir, 'db', 'shopping.db')}"
+        )
     elif DB_ENGINE == "pgsql":
         SQLALCHEMY_DATABASE_URI = f"postgresql://{os.environ['DB_USER']}:{os.environ['DB_PASSWORD']}@{os.environ['DB_HOST']}:{os.environ.get('DB_PORT', 5432)}/{os.environ['DB_NAME']}"
     elif DB_ENGINE == "mysql":
@@ -20,17 +24,23 @@ class Config:
     DEFAULT_ADMIN_PASSWORD = os.environ.get("DEFAULT_ADMIN_PASSWORD", "admin123")
     UPLOAD_FOLDER = os.environ.get("UPLOAD_FOLDER", "uploads")
     AUTHORIZED_COOKIE_VALUE = os.environ.get("AUTHORIZED_COOKIE_VALUE", "cookievalue")
+    BCRYPT_PEPPER = os.environ.get("BCRYPT_PEPPER", "sekretnyKluczBcrypt")
+    SESSION_COOKIE_SECURE = os.environ.get("SESSION_COOKIE_SECURE", "0") == "1"
+    HEALTHCHECK_TOKEN = os.environ.get("HEALTHCHECK_TOKEN", "alamapsaikota1234")
+
     try:
-        AUTH_COOKIE_MAX_AGE = int(os.environ.get("AUTH_COOKIE_MAX_AGE", "86400") or "86400")
+        AUTH_COOKIE_MAX_AGE = int(
+            os.environ.get("AUTH_COOKIE_MAX_AGE", "86400") or "86400"
+        )
     except ValueError:
         AUTH_COOKIE_MAX_AGE = 86400
 
-    HEALTHCHECK_TOKEN = os.environ.get("HEALTHCHECK_TOKEN", "alamapsaikota1234")
     try:
-        SESSION_TIMEOUT_MINUTES = int(os.environ.get("SESSION_TIMEOUT_MINUTES", "10080") or "10080")
+        SESSION_TIMEOUT_MINUTES = int(
+            os.environ.get("SESSION_TIMEOUT_MINUTES", "10080") or "10080"
+        )
     except ValueError:
         SESSION_TIMEOUT_MINUTES = 10080
-    SESSION_COOKIE_SECURE = os.environ.get("SESSION_COOKIE_SECURE", "0") == "1"
 
     ENABLE_HSTS = os.environ.get("ENABLE_HSTS", "0") == "1"
     ENABLE_XFO = os.environ.get("ENABLE_XFO", "0") == "1"
@@ -41,11 +51,19 @@ class Config:
 
     DEBUG_MODE = os.environ.get("DEBUG_MODE", "1") == "1"
     DISABLE_ROBOTS = os.environ.get("DISABLE_ROBOTS", "0") == "1"
-    JS_CACHE_CONTROL = os.environ.get("JS_CACHE_CONTROL", "no-cache, no-store, must-revalidate")
-    CSS_CACHE_CONTROL = os.environ.get("CSS_CACHE_CONTROL", "public, max-age=3600")
-    LIB_JS_CACHE_CONTROL = os.environ.get("LIB_JS_CACHE_CONTROL", "public, max-age=604800")
-    LIB_CSS_CACHE_CONTROL = os.environ.get("LIB_CSS_CACHE_CONTROL", "public, max-age=604800")
-    UPLOADS_CACHE_CONTROL = os.environ.get("UPLOADS_CACHE_CONTROL", "public, max-age=2592000, immutable")
-
-    BCRYPT_PEPPER = os.environ.get("BCRYPT_PEPPER", "sekretnyKluczBcrypt")
 
+    JS_CACHE_CONTROL = os.environ.get(
+        "JS_CACHE_CONTROL", "no-cache, no-store, must-revalidate"
+    )
+    CSS_CACHE_CONTROL = os.environ.get(
+        "CSS_CACHE_CONTROL", "public, max-age=3600"
+    )
+    LIB_JS_CACHE_CONTROL = os.environ.get(
+        "LIB_JS_CACHE_CONTROL", "public, max-age=604800"
+    )
+    LIB_CSS_CACHE_CONTROL = os.environ.get(
+        "LIB_CSS_CACHE_CONTROL", "public, max-age=604800"
+    )
+    UPLOADS_CACHE_CONTROL = os.environ.get(
+        "UPLOADS_CACHE_CONTROL", "public, max-age=2592000, immutable"
+    )
diff --git a/entrypoint.sh b/entrypoint.sh
index d2c9f92..505dc84 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,3 +1,3 @@
 #!/bin/sh
-flask db upgrade 2>/dev/null || flask create_db
+flask db upgrade 2>/dev/null || flask db_info
 exec python app.py
-- 
2.43.0


From 247e06bad585110378d8059aeb9e20e45237d586 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Wed, 30 Jul 2025 09:54:05 +0200
Subject: [PATCH 11/23] error jak baza

---
 app.py        | 22 ++++++++++++++++++++++
 entrypoint.sh |  9 +++++++++
 2 files changed, 31 insertions(+)

diff --git a/app.py b/app.py
index a26fd14..23a960f 100644
--- a/app.py
+++ b/app.py
@@ -49,6 +49,8 @@ from collections import defaultdict, deque
 from functools import wraps
 from flask_talisman import Talisman
 from flask_session import Session
+from sqlalchemy.exc import OperationalError
+
 
 # OCR
 import pytesseract
@@ -229,6 +231,26 @@ class Receipt(db.Model):
     shopping_list = db.relationship("ShoppingList", back_populates="receipts")
 
 
+@app.errorhandler(OperationalError)
+def handle_db_error(e):
+    app.logger.error(f"[Błąd DB] {e}")
+
+    if request.accept_mimetypes.best == "application/json":
+        return jsonify({
+            "error": "Baza danych jest obecnie niedostępna. Spróbuj ponownie później."
+        }), 503
+
+    return (
+        render_template(
+            "errors.html",
+            code=503,
+            title="Błąd połączenia z bazą danych",
+            message="Nie udało się połączyć z bazą danych. Spróbuj ponownie później.",
+        ),
+        503,
+    )
+
+
 def hash_password(password):
     pepper = app.config["BCRYPT_PEPPER"]
     peppered = (password + pepper).encode("utf-8")
diff --git a/entrypoint.sh b/entrypoint.sh
index 505dc84..17a7fdb 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,3 +1,12 @@
 #!/bin/sh
+
+# Czekaj aż baza będzie gotowa
+echo "Czekam na MySQL..."
+until nc -z -v -w30 "$DB_HOST" "$DB_PORT"
+do
+  echo "Baza jeszcze nie odpowiada, czekam..."
+  sleep 2
+done
+
 flask db upgrade 2>/dev/null || flask db_info
 exec python app.py
-- 
2.43.0


From 79c8fa916bae2ad367d29653458d959cd398305f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Wed, 30 Jul 2025 09:55:45 +0200
Subject: [PATCH 12/23] brakujacy nc

---
 Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Dockerfile b/Dockerfile
index 6fb9036..faaa470 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,6 +12,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     libsm6 \
     libxrender1 \
     libxext6 \
+    nc \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
-- 
2.43.0


From 5dc6c947d1c5a8ba128811fec0bc389510b2208c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Wed, 30 Jul 2025 09:58:54 +0200
Subject: [PATCH 13/23] brakujacy nc zastapiony pythonem

---
 .env.example          | 12 ++++++------
 _tools/wait_for_db.py | 17 +++++++++++++++++
 entrypoint.sh         | 12 +++++-------
 3 files changed, 28 insertions(+), 13 deletions(-)
 create mode 100644 _tools/wait_for_db.py

diff --git a/.env.example b/.env.example
index fbdc3c8..6f2192c 100644
--- a/.env.example
+++ b/.env.example
@@ -41,6 +41,7 @@ AUTH_COOKIE_MAX_AGE=86400
 # AUTHORIZED_COOKIE_VALUE:
 # Wartość ciasteczka uprawniającego do dostępu (np. do zasobów zabezpieczonych)
 # Powinna być trudna do przewidzenia
+# Chodzi to o zabezpieczenie strony "hasłęm głównym czyli endpointem /system-auth"
 AUTHORIZED_COOKIE_VALUE=twoj_wlasny_hash
 
 # SESSION_COOKIE_SECURE:
@@ -50,6 +51,10 @@ AUTHORIZED_COOKIE_VALUE=twoj_wlasny_hash
 # Zalecane: 1 w produkcji (HTTPS), 0 w dev.
 SESSION_COOKIE_SECURE=0
 
+# BCRYPT_PEPPER:
+# Dodatkowy „sekretny klucz” (pepper) dodawany do hasła przed zahashowaniem
+# Zwiększa bezpieczeństwo przechowywanych haseł
+BCRYPT_PEPPER=sekretnyKluczbcrypt
 
 # HEALTHCHECK_TOKEN:
 # Token wykorzystywany do sprawdzania stanu aplikacji (np. w Docker Compose)
@@ -114,10 +119,8 @@ ENABLE_CSP=1
 # a przy przejściach między domenami tylko origin (np. https://example.com).
 # Zalecane ustawienie dla dobrej równowagi między prywatnością a funkcjonalnością.
 # Inne możliwe wartości: no-referrer, same-origin, origin, strict-origin, unsafe-url itd.
-
 REFERRER_POLICY="strict-origin-when-cross-origin"
 
-
 # DEBUG_MODE:
 # Czy uruchomić aplikację w trybie debugowania (z konsolą błędów i autoreloaderem)
 # Domyślnie: 1
@@ -128,7 +131,6 @@ DEBUG_MODE=1
 # Domyślnie: 0
 DISABLE_ROBOTS=0
 
-
 # ========================
 # Nagłówki cache
 # ========================
@@ -156,6 +158,4 @@ LIB_CSS_CACHE_CONTROL="public, max-age=604800"
 # UPLOADS_CACHE_CONTROL:
 # Nagłówki Cache-Control dla wgrywanych plików (/uploads/)
 # Domyślnie: "public, max-age=2592000, immutable"
-UPLOADS_CACHE_CONTROL="public, max-age=2592000, immutable"
-
-BCRYPT_PEPPER=sekretnyKluczbcrypt
\ No newline at end of file
+UPLOADS_CACHE_CONTROL="public, max-age=2592000, immutable"
\ No newline at end of file
diff --git a/_tools/wait_for_db.py b/_tools/wait_for_db.py
new file mode 100644
index 0000000..5c42386
--- /dev/null
+++ b/_tools/wait_for_db.py
@@ -0,0 +1,17 @@
+import os
+import socket
+import time
+
+host = os.environ.get("DB_HOST", "mysql")
+port = int(os.environ.get("DB_PORT", 3306))
+
+print(f"Czekam na bazę danych {host}:{port}...")
+
+while True:
+    try:
+        with socket.create_connection((host, port), timeout=5):
+            print("Baza danych jest dostępna.")
+            break
+    except OSError:
+        print("Baza jeszcze nie odpowiada, czekam...")
+        time.sleep(2)
diff --git a/entrypoint.sh b/entrypoint.sh
index 17a7fdb..4de71eb 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,12 +1,10 @@
 #!/bin/sh
 
-# Czekaj aż baza będzie gotowa
-echo "Czekam na MySQL..."
-until nc -z -v -w30 "$DB_HOST" "$DB_PORT"
-do
-  echo "Baza jeszcze nie odpowiada, czekam..."
-  sleep 2
-done
+# Czekaj na bazę w Pythonie
+python _tools/wait_for_db.py
 
+# Jak baza gotowa, to migruj li daj informacje
 flask db upgrade 2>/dev/null || flask db_info
+
+# Start aplikacji
 exec python app.py
-- 
2.43.0


From 4be1578568bce289f2b6227cdb15069190de77e9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Wed, 30 Jul 2025 10:00:22 +0200
Subject: [PATCH 14/23] brakujacy nc zastapiony pythonem

---
 Dockerfile | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index faaa470..6fb9036 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,7 +12,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     libsm6 \
     libxrender1 \
     libxext6 \
-    nc \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
-- 
2.43.0


From de0f82598888a15fa490c495acae9290b477ac0a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Wed, 30 Jul 2025 10:27:06 +0200
Subject: [PATCH 15/23] cookie session secure

---
 app.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app.py b/app.py
index 23a960f..f51b5ce 100644
--- a/app.py
+++ b/app.py
@@ -107,6 +107,7 @@ SESSION_COOKIE_SECURE = app.config.get("SESSION_COOKIE_SECURE")
 
 app.config["COMPRESS_ALGORITHM"] = ["zstd", "br", "gzip", "deflate"]
 app.config["PERMANENT_SESSION_LIFETIME"] = timedelta(minutes=SESSION_TIMEOUT_MINUTES)
+app.config["SESSION_COOKIE_SECURE"] = bool(app.config.get("SESSION_COOKIE_SECURE", False))
 
 app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1)
 DEBUG_MODE = app.config.get("DEBUG_MODE", False)
@@ -1125,7 +1126,7 @@ def system_auth():
                 "authorized",
                 AUTHORIZED_COOKIE_VALUE,
                 max_age=max_age,
-                secure=request.is_secure,
+                secure=app.config["SESSION_COOKIE_SECURE"],
             )
             return resp
         else:
-- 
2.43.0


From 0b277fef7bd088f789be15e4d74d447a02657767 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Wed, 30 Jul 2025 10:32:43 +0200
Subject: [PATCH 16/23] fixy z cookie

---
 config.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/config.py b/config.py
index 2419e97..0b3e32a 100644
--- a/config.py
+++ b/config.py
@@ -4,6 +4,10 @@ basedir = os.path.abspath(os.path.dirname(__file__))
 
 
 class Config:
+
+    SESSION_COOKIE_HTTPONLY = True
+    SESSION_COOKIE_SAMESITE = "Lax"  # działa w HTTP i HTTPS
+    
     SECRET_KEY = os.environ.get("SECRET_KEY", "D8pceNZ8q%YR7^7F&9wAC2")
 
     DB_ENGINE = os.environ.get("DB_ENGINE", "sqlite").lower()
-- 
2.43.0


From b75200b4878b9ef660aa2224db5cfe13c3ed0632 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Wed, 30 Jul 2025 10:36:20 +0200
Subject: [PATCH 17/23] fixy z cookie

---
 app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app.py b/app.py
index f51b5ce..d00d336 100644
--- a/app.py
+++ b/app.py
@@ -107,7 +107,7 @@ SESSION_COOKIE_SECURE = app.config.get("SESSION_COOKIE_SECURE")
 
 app.config["COMPRESS_ALGORITHM"] = ["zstd", "br", "gzip", "deflate"]
 app.config["PERMANENT_SESSION_LIFETIME"] = timedelta(minutes=SESSION_TIMEOUT_MINUTES)
-app.config["SESSION_COOKIE_SECURE"] = bool(app.config.get("SESSION_COOKIE_SECURE", False))
+#app.config["SESSION_COOKIE_SECURE"] = True if app.config.get("SESSION_COOKIE_SECURE") is True else False
 
 app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1)
 DEBUG_MODE = app.config.get("DEBUG_MODE", False)
-- 
2.43.0


From 437f7a26e34bec3ee9e02d25918fb2fbd25e11a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Wed, 30 Jul 2025 11:15:25 +0200
Subject: [PATCH 18/23] fixy z cookie

---
 app.py | 43 +++++++++++++++++++++++++------------------
 1 file changed, 25 insertions(+), 18 deletions(-)

diff --git a/app.py b/app.py
index d00d336..448340c 100644
--- a/app.py
+++ b/app.py
@@ -89,7 +89,9 @@ referrer_policy = app.config.get("REFERRER_POLICY")
 if referrer_policy:
     talisman_kwargs["referrer_policy"] = referrer_policy
 
-talisman = Talisman(app, **talisman_kwargs)
+talisman = Talisman(app, 
+                    session_cookie_secure=app.config["SESSION_COOKIE_SECURE"],
+                    **talisman_kwargs)
 
 register_heif_opener()  # pillow_heif dla HEIC
 SQLALCHEMY_ECHO = True
@@ -270,6 +272,23 @@ def check_password(stored_hash, password_input):
             return False
     return False
 
+def set_authorized_cookie(response):
+
+    secure_flag = app.config["SESSION_COOKIE_SECURE"]  # wartość z config.py
+    max_age = app.config.get("AUTH_COOKIE_MAX_AGE", 86400)
+    print("ENV SESSION_COOKIE_SECURE =", os.environ.get("SESSION_COOKIE_SECURE"))
+    print("CONFIG SESSION_COOKIE_SECURE =", app.config["SESSION_COOKIE_SECURE"])
+    response.set_cookie(
+        "authorized",
+        AUTHORIZED_COOKIE_VALUE,
+        max_age=max_age,
+        secure=secure_flag,
+        httponly=True,
+        samesite="Lax",
+        path="/"
+    )
+    return response
+
 
 if app.config["SQLALCHEMY_DATABASE_URI"].startswith("sqlite:///"):
     db_path = app.config["SQLALCHEMY_DATABASE_URI"].replace("sqlite:///", "", 1)
@@ -1111,34 +1130,22 @@ def system_auth():
     next_page = request.args.get("next") or url_for("main_page")
 
     if is_ip_blocked(ip):
-        flash(
-            "Przekroczono limit prób logowania. Dostęp zablokowany na 1 godzinę.",
-            "danger",
-        )
+        flash("Przekroczono limit prób logowania. Dostęp zablokowany na 1 godzinę.", "danger")
         return render_template("system_auth.html"), 403
 
     if request.method == "POST":
         if request.form["password"] == SYSTEM_PASSWORD:
             reset_failed_attempts(ip)
             resp = redirect(next_page)
-            max_age = app.config.get("AUTH_COOKIE_MAX_AGE", 86400)
-            resp.set_cookie(
-                "authorized",
-                AUTHORIZED_COOKIE_VALUE,
-                max_age=max_age,
-                secure=app.config["SESSION_COOKIE_SECURE"],
-            )
-            return resp
+            return set_authorized_cookie(resp)
         else:
             register_failed_attempt(ip)
             if is_ip_blocked(ip):
-                flash(
-                    "Przekroczono limit prób logowania. Dostęp zablokowany na 1 godzinę.",
-                    "danger",
-                )
+                flash("Przekroczono limit prób logowania. Dostęp zablokowany na 1 godzinę.", "danger")
                 return render_template("system_auth.html"), 403
             remaining = attempts_remaining(ip)
             flash(f"Nieprawidłowe hasło. Pozostało {remaining} prób.", "warning")
+
     return render_template("system_auth.html")
 
 
@@ -1295,7 +1302,7 @@ def login():
         if user and check_password(user.password_hash, request.form["password"]):
             session.permanent = True
             login_user(user)
-            # session["logged"] = True
+            session.modified = True
             flash("Zalogowano pomyślnie", "success")
             return redirect(url_for("main_page"))
         flash("Nieprawidłowy login lub hasło", "danger")
-- 
2.43.0


From 978bcbe051d8bfd635c8e63a30f315ac1afd9c84 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Wed, 30 Jul 2025 23:20:03 +0200
Subject: [PATCH 19/23] kategorie list i wykresy

---
 alters.txt                                   |  39 ++
 app.py                                       | 141 ++++--
 static/css/style.css                         |  15 +
 static/js/select.js                          |  12 +
 static/js/user_expense_category.js           |  23 +
 static/js/user_expenses.js                   |  17 +-
 static/lib/css/tom-select.bootstrap5.min.css |   2 +
 static/lib/js/tom-select.complete.min.js     | 444 +++++++++++++++++++
 templates/admin/edit_list.html               |  13 +
 templates/base.html                          |   9 +-
 templates/edit_my_list.html                  |  10 +
 templates/user_expenses.html                 |  18 +-
 12 files changed, 711 insertions(+), 32 deletions(-)
 create mode 100644 static/js/select.js
 create mode 100644 static/js/user_expense_category.js
 create mode 100644 static/lib/css/tom-select.bootstrap5.min.css
 create mode 100644 static/lib/js/tom-select.complete.min.js

diff --git a/alters.txt b/alters.txt
index 5b3870d..a869196 100644
--- a/alters.txt
+++ b/alters.txt
@@ -51,3 +51,42 @@ ALTER TABLE receipt ADD COLUMN filesize INTEGER;
 
 # unikanie identycznych plikow
 ALTER TABLE receipt ADD COLUMN file_hash TEXT
+
+########## kategorie
+-- 1. Nowa tabela kategorii
+CREATE TABLE category (
+    id SERIAL PRIMARY KEY, -- w SQLite: INTEGER PRIMARY KEY AUTOINCREMENT
+    name VARCHAR(100) NOT NULL UNIQUE
+);
+
+-- 2. Tabela łącząca elementy z kategoriami
+CREATE TABLE item_category (
+    item_id INTEGER NOT NULL,
+    category_id INTEGER NOT NULL,
+    PRIMARY KEY (item_id, category_id),
+    FOREIGN KEY (item_id) REFERENCES item(id) ON DELETE CASCADE,
+    FOREIGN KEY (category_id) REFERENCES category(id) ON DELETE CASCADE
+);
+
+-- 3. Wstawienie kategorii początkowych
+INSERT INTO category (name) VALUES
+('Spożywcze'),
+('Budowlane'),
+('Zabawki'),
+('Chemia'),
+('Inne'),
+('Elektronika'),
+('Odzież i obuwie'),
+('Artykuły biurowe'),
+('Kosmetyki i higiena'),
+('Motoryzacja'),
+('Ogród i rośliny'),
+('Zwierzęta'),
+('Sprzęt sportowy'),
+('Książki i prasa'),
+('Narzędzia i majsterkowanie'),
+('RTV / AGD'),
+('Apteka i suplementy'),
+('Artykuły dekoracyjne'),
+('Gry i hobby'),
+('Usługi');
diff --git a/app.py b/app.py
index 448340c..cae6097 100644
--- a/app.py
+++ b/app.py
@@ -163,6 +163,17 @@ class User(UserMixin, db.Model):
     is_admin = db.Column(db.Boolean, default=False)
 
 
+# Tabela pośrednia
+shopping_list_category = db.Table(
+    "shopping_list_category",
+    db.Column("shopping_list_id", db.Integer, db.ForeignKey("shopping_list.id"), primary_key=True),
+    db.Column("category_id", db.Integer, db.ForeignKey("category.id"), primary_key=True)
+)
+
+class Category(db.Model):
+    id = db.Column(db.Integer, primary_key=True)
+    name = db.Column(db.String(100), unique=True, nullable=False)
+
 class ShoppingList(db.Model):
     id = db.Column(db.Integer, primary_key=True)
     title = db.Column(db.String(150), nullable=False)
@@ -173,7 +184,6 @@ class ShoppingList(db.Model):
 
     is_temporary = db.Column(db.Boolean, default=False)
     share_token = db.Column(db.String(64), unique=True, nullable=True)
-    # expires_at = db.Column(db.DateTime, nullable=True)
     expires_at = db.Column(db.DateTime(timezone=True), nullable=True)
     owner = db.relationship("User", backref="lists", lazy=True)
     is_archived = db.Column(db.Boolean, default=False)
@@ -184,6 +194,12 @@ class ShoppingList(db.Model):
     receipts = db.relationship("Receipt", back_populates="shopping_list", lazy="select")
     expenses = db.relationship("Expense", back_populates="shopping_list", lazy="select")
 
+    # Nowa relacja wiele-do-wielu
+    categories = db.relationship(
+        "Category",
+        secondary=shopping_list_category,
+        backref=db.backref("shopping_lists", lazy="dynamic")
+    )
 
 class Item(db.Model):
     id = db.Column(db.Integer, primary_key=True)
@@ -301,28 +317,53 @@ if app.config["SQLALCHEMY_DATABASE_URI"].startswith("sqlite:///"):
 with app.app_context():
     db.create_all()
 
+    # --- Tworzenie admina ---
     admin_username = DEFAULT_ADMIN_USERNAME
     admin_password = DEFAULT_ADMIN_PASSWORD
     password_hash = hash_password(admin_password)
 
-    # Szukamy użytkownika o loginie "admin"
     admin = User.query.filter_by(username=admin_username).first()
-
     if admin:
         if not admin.is_admin:
-            admin.is_admin = True  # Ustaw admina jeśli był user ale nie admin
+            admin.is_admin = True
         if not check_password(admin.password_hash, admin_password):
             admin.password_hash = password_hash
             print(f"[INFO] Zmieniono hasło admina '{admin_username}' z konfiguracji.")
         db.session.commit()
     else:
-        # Tworzymy tylko jeśli NIE istnieje taki username!
-        admin = User(
-            username=admin_username, password_hash=password_hash, is_admin=True
-        )
-        db.session.add(admin)
+        db.session.add(User(
+            username=admin_username,
+            password_hash=password_hash,
+            is_admin=True
+        ))
         db.session.commit()
 
+    # --- Predefiniowane kategorie ---
+    default_categories = [
+        "Spożywcze", "Budowlane", "Zabawki", "Chemia", "Inne",
+        "Elektronika", "Odzież i obuwie", "Artykuły biurowe",
+        "Kosmetyki i higiena", "Motoryzacja", "Ogród i rośliny",
+        "Zwierzęta", "Sprzęt sportowy", "Książki i prasa",
+        "Narzędzia i majsterkowanie", "RTV / AGD", "Apteka i suplementy",
+        "Artykuły dekoracyjne", "Gry i hobby", "Usługi"
+    ]
+
+    # Pobierz istniejące nazwy z bazy, ignorując puste/niewłaściwe rekordy
+    existing_names = {
+        c.name for c in Category.query.filter(Category.name.isnot(None)).all()
+    }
+
+    # Znajdź brakujące
+    missing = [cat for cat in default_categories if cat not in existing_names]
+
+    # Dodaj tylko brakujące
+    if missing:
+        db.session.add_all(Category(name=cat) for cat in missing)
+        db.session.commit()
+        print(f"[INFO] Dodano brakujące kategorie: {', '.join(missing)}")
+    else:
+        print("[INFO] Wszystkie domyślne kategorie już istnieją")
+
 
 @static_bp.route("/static/js/<path:filename>")
 def serve_js(filename):
@@ -399,6 +440,14 @@ def get_total_expense_for_list(list_id, start_date=None, end_date=None):
     return query.scalar() or 0
 
 
+def update_list_categories_from_form(shopping_list, form):
+    category_ids = form.getlist("categories")
+    shopping_list.categories.clear()
+    if category_ids:
+        cats = Category.query.filter(Category.id.in_(category_ids)).all()
+        shopping_list.categories.extend(cats)
+
+
 def generate_share_token(length=8):
     return secrets.token_hex(length // 2)
 
@@ -588,10 +637,10 @@ def get_total_expenses_grouped_by_list_created_at(
     start_date=None,
     end_date=None,
     user_id=None,
+    category_id=None,
 ):
     lists_query = ShoppingList.query
 
-    # Uprawnienia
     if admin:
         pass
     elif show_all:
@@ -604,7 +653,12 @@ def get_total_expenses_grouped_by_list_created_at(
     else:
         lists_query = lists_query.filter(ShoppingList.owner_id == user_id)
 
-    # Filtr daty utworzenia listy
+    if category_id:
+        lists_query = lists_query.join(
+            shopping_list_category,
+            shopping_list_category.c.shopping_list_id == ShoppingList.id
+        ).filter(shopping_list_category.c.category_id == category_id)
+
     if start_date and end_date:
         try:
             dt_start = datetime.strptime(start_date, "%Y-%m-%d")
@@ -1190,6 +1244,9 @@ def edit_my_list(list_id):
     if l.owner_id != current_user.id:
         abort(403, description="Nie jesteś właścicielem tej listy.")
 
+    categories = Category.query.order_by(Category.name.asc()).all()
+    selected_categories_ids = {c.id for c in l.categories}
+
     if request.method == "POST":
         # Obsługa zmiany miesiąca utworzenia listy
         move_to_month = request.form.get("move_to_month")
@@ -1236,11 +1293,21 @@ def edit_my_list(list_id):
         else:
             l.expires_at = None
 
+        # Obsługa wyboru kategorii
+        update_list_categories_from_form(l, request.form)
+
         db.session.commit()
         flash("Zaktualizowano dane listy", "success")
         return redirect(url_for("main_page"))
 
-    return render_template("edit_my_list.html", list=l, receipts=receipts)
+    return render_template(
+        "edit_my_list.html",
+        list=l,
+        receipts=receipts,
+        categories=categories,
+        selected_categories=selected_categories_ids
+    )
+
 
 
 @app.route("/delete_user_list/<int:list_id>", methods=["POST"])
@@ -1381,7 +1448,10 @@ def view_list(list_id):
 def user_expenses():
     start_date_str = request.args.get("start_date")
     end_date_str = request.args.get("end_date")
-    show_all = request.args.get("show_all", "false").lower() == "true"
+    category_id = request.args.get("category_id", type=int)
+    show_all = request.args.get("show_all", "true").lower() == "true"
+
+    categories = Category.query.order_by(Category.name.asc()).all()
 
     start = None
     end = None
@@ -1389,19 +1459,25 @@ def user_expenses():
     expenses_query = Expense.query.options(
         joinedload(Expense.shopping_list).joinedload(ShoppingList.owner),
         joinedload(Expense.shopping_list).joinedload(ShoppingList.expenses),
+        joinedload(Expense.shopping_list).joinedload(ShoppingList.categories),
     ).join(ShoppingList, Expense.list_id == ShoppingList.id)
 
-    # Filtry dostępu
     if not show_all:
         expenses_query = expenses_query.filter(ShoppingList.owner_id == current_user.id)
     else:
         expenses_query = expenses_query.filter(
             or_(
-                ShoppingList.owner_id == current_user.id, ShoppingList.is_public == True
+                ShoppingList.owner_id == current_user.id,
+                ShoppingList.is_public == True
             )
         )
 
-    # Filtr daty
+    if category_id:
+        expenses_query = expenses_query.join(
+            shopping_list_category,
+            shopping_list_category.c.shopping_list_id == ShoppingList.id
+        ).filter(shopping_list_category.c.category_id == category_id)
+
     if start_date_str and end_date_str:
         try:
             start = datetime.strptime(start_date_str, "%Y-%m-%d")
@@ -1412,10 +1488,8 @@ def user_expenses():
         except ValueError:
             flash("Błędny zakres dat", "danger")
 
-    # Pobranie wszystkich wydatków z powiązanymi listami
     expenses = expenses_query.order_by(Expense.added_at.desc()).all()
 
-    # Zbiorcze sumowanie wydatków per lista w SQL
     list_ids = {e.list_id for e in expenses}
     totals_map = {}
     if list_ids:
@@ -1439,7 +1513,7 @@ def user_expenses():
         for e in expenses
     ]
 
-    # Lista z danymi i sumami
+    # Lista z danymi i kategoriami (dla JS)
     lists_data = [
         {
             "id": l.id,
@@ -1447,6 +1521,7 @@ def user_expenses():
             "created_at": l.created_at,
             "total_expense": totals_map.get(l.id, 0),
             "owner_username": l.owner.username if l.owner else "?",
+            "categories": [c.id for c in l.categories]
         }
         for l in {e.shopping_list for e in expenses if e.shopping_list}
     ]
@@ -1455,6 +1530,8 @@ def user_expenses():
         "user_expenses.html",
         expense_table=expense_table,
         lists_data=lists_data,
+        categories=categories,
+        selected_category=category_id,
         show_all=show_all,
     )
 
@@ -1465,7 +1542,8 @@ def user_expenses_data():
     range_type = request.args.get("range", "monthly")
     start_date = request.args.get("start_date")
     end_date = request.args.get("end_date")
-    show_all = request.args.get("show_all", "false").lower() == "true"
+    show_all = request.args.get("show_all", "true").lower() == "true"
+    category_id = request.args.get("category_id", type=int)
 
     result = get_total_expenses_grouped_by_list_created_at(
         user_only=True,
@@ -1475,7 +1553,9 @@ def user_expenses_data():
         start_date=start_date,
         end_date=end_date,
         user_id=current_user.id,
+        category_id=category_id 
     )
+
     if "error" in result:
         return jsonify({"error": result["error"]}), 400
     return jsonify(result)
@@ -2200,15 +2280,16 @@ def delete_selected_lists():
 @admin_required
 def edit_list(list_id):
     # Pobieramy listę z powiązanymi danymi jednym zapytaniem
-    l = (
-        db.session.query(ShoppingList)
-        .options(
+    l = db.session.get(
+        ShoppingList,
+        list_id,
+        options=[
             joinedload(ShoppingList.expenses),
             joinedload(ShoppingList.receipts),
             joinedload(ShoppingList.owner),
             joinedload(ShoppingList.items),
-        )
-        .get(list_id)
+            joinedload(ShoppingList.categories),
+        ]
     )
 
     if l is None:
@@ -2217,6 +2298,9 @@ def edit_list(list_id):
     # Suma wydatków z listy
     total_expense = get_total_expense_for_list(l.id)
 
+    categories = Category.query.order_by(Category.name.asc()).all()
+    selected_categories_ids = {c.id for c in l.categories}
+
     if request.method == "POST":
         action = request.form.get("action")
 
@@ -2285,11 +2369,14 @@ def edit_list(list_id):
                     )
                     return redirect(url_for("edit_list", list_id=list_id))
 
+            # aktualizacja kategorii
+            update_list_categories_from_form(l, request.form)
+
             db.session.add(l)
             db.session.commit()
             flash("Zapisano zmiany listy", "success")
             return redirect(url_for("edit_list", list_id=list_id))
-
+        
         elif action == "add_item":
             item_name = request.form.get("item_name", "").strip()
             quantity_str = request.form.get("quantity", "1")
@@ -2397,6 +2484,8 @@ def edit_list(list_id):
         users=users,
         items=items,
         receipts=receipts,
+        categories=categories,
+        selected_categories=selected_categories_ids
     )
 
 
diff --git a/static/css/style.css b/static/css/style.css
index 0174ec6..34329de 100644
--- a/static/css/style.css
+++ b/static/css/style.css
@@ -309,4 +309,19 @@ input.form-control {
   .only-mobile {
     display: none !important;
   }
+}
+
+.ts-control {
+  background-color: #212529 !important;
+  color: #fff !important;
+  border: 1px solid #495057 !important;
+}
+
+.ts-dropdown {
+  background-color: #212529 !important;
+  color: #fff !important;
+}
+
+.ts-dropdown .active {
+  background-color: #495057 !important;
 }
\ No newline at end of file
diff --git a/static/js/select.js b/static/js/select.js
new file mode 100644
index 0000000..546ccf1
--- /dev/null
+++ b/static/js/select.js
@@ -0,0 +1,12 @@
+document.addEventListener("DOMContentLoaded", function () {
+  new TomSelect("#categories", {
+    plugins: ['remove_button'],
+    maxItems: 3, // limit wyboru
+    placeholder: 'Wybierz kategorie...',
+    create: false,
+    sortField: {
+      field: "text",
+      direction: "asc"
+    }
+  });
+});
\ No newline at end of file
diff --git a/static/js/user_expense_category.js b/static/js/user_expense_category.js
new file mode 100644
index 0000000..a12e546
--- /dev/null
+++ b/static/js/user_expense_category.js
@@ -0,0 +1,23 @@
+document.addEventListener("DOMContentLoaded", function () {
+    const categoryButtons = document.querySelectorAll(".category-filter");
+    const rows = document.querySelectorAll("#listsTableBody tr");
+
+    categoryButtons.forEach(btn => {
+        btn.addEventListener("click", function () {
+            const selectedCat = this.dataset.category;
+
+            // Zmiana stylu przycisku aktywnego
+            categoryButtons.forEach(b => b.classList.remove("active"));
+            this.classList.add("active");
+
+            rows.forEach(row => {
+                const rowCats = row.dataset.categories ? row.dataset.categories.split(",") : [];
+                if (selectedCat === "all" || rowCats.includes(selectedCat)) {
+                    row.style.display = "";
+                } else {
+                    row.style.display = "none";
+                }
+            });
+        });
+    });
+});
diff --git a/static/js/user_expenses.js b/static/js/user_expenses.js
index 437dcfa..769b432 100644
--- a/static/js/user_expenses.js
+++ b/static/js/user_expenses.js
@@ -1,5 +1,6 @@
 document.addEventListener("DOMContentLoaded", function () {
     let expensesChart = null;
+    let selectedCategoryId = "";
     const rangeLabel = document.getElementById("chartRangeLabel");
 
     function loadExpenses(range = "monthly", startDate = null, endDate = null) {
@@ -11,6 +12,9 @@ document.addEventListener("DOMContentLoaded", function () {
         if (startDate && endDate) {
             url += `&start_date=${startDate}&end_date=${endDate}`;
         }
+        if (selectedCategoryId) {
+            url += `&category_id=${selectedCategoryId}`;
+        }
 
         fetch(url, { cache: "no-store" })
             .then(response => response.json())
@@ -57,7 +61,6 @@ document.addEventListener("DOMContentLoaded", function () {
             });
     }
 
-    // Inicjalizacja zakresu dat
     const startDateInput = document.getElementById("startDate");
     const endDateInput = document.getElementById("endDate");
     const today = new Date();
@@ -67,10 +70,8 @@ document.addEventListener("DOMContentLoaded", function () {
     startDateInput.value = formatDate(lastWeek);
     endDateInput.value = formatDate(today);
 
-    // Załaduj początkowy widok
     loadExpenses();
 
-    // Przycisk własnego zakresu
     document.getElementById('customRangeBtn').addEventListener('click', function () {
         const startDate = startDateInput.value;
         const endDate = endDateInput.value;
@@ -82,7 +83,6 @@ document.addEventListener("DOMContentLoaded", function () {
         }
     });
 
-    // Zakresy predefiniowane
     document.querySelectorAll('.range-btn').forEach(btn => {
         btn.addEventListener('click', function () {
             document.querySelectorAll('.range-btn').forEach(b => b.classList.remove('active'));
@@ -91,4 +91,13 @@ document.addEventListener("DOMContentLoaded", function () {
             loadExpenses(range);
         });
     });
+
+    document.querySelectorAll('.category-filter').forEach(btn => {
+        btn.addEventListener('click', function () {
+            document.querySelectorAll('.category-filter').forEach(b => b.classList.remove('active'));
+            this.classList.add('active');
+            selectedCategoryId = this.dataset.categoryId || "";
+            loadExpenses(); // odśwież wykres z nowym filtrem
+        });
+    });
 });
diff --git a/static/lib/css/tom-select.bootstrap5.min.css b/static/lib/css/tom-select.bootstrap5.min.css
new file mode 100644
index 0000000..cb2b905
--- /dev/null
+++ b/static/lib/css/tom-select.bootstrap5.min.css
@@ -0,0 +1,2 @@
+.ts-control{border:1px solid var(--bs-border-color);border-radius:var(--bs-border-radius);box-shadow:none;box-sizing:border-box;flex-wrap:wrap;overflow:hidden;padding:.375rem .75rem;position:relative;width:100%;z-index:1}.ts-wrapper.multi.has-items .ts-control{padding:calc(.375rem - 1px) .75rem calc(.375rem - 4px)}.full .ts-control{background-color:var(--bs-body-bg)}.disabled .ts-control,.disabled .ts-control *{cursor:default!important}.focus .ts-control{box-shadow:none}.ts-control>*{display:inline-block;vertical-align:initial}.ts-wrapper.multi .ts-control>div{background:#efefef;border:0 solid #dee2e6;color:#343a40;cursor:pointer;margin:0 3px 3px 0;padding:1px 5px}.ts-wrapper.multi .ts-control>div.active{background:#0d6efd;border:0 solid transparent;color:#fff}.ts-wrapper.multi.disabled .ts-control>div,.ts-wrapper.multi.disabled .ts-control>div.active{background:#fff;border:0 solid #fff;color:#878787}.ts-control>input{background:none!important;border:0!important;box-shadow:none!important;display:inline-block!important;flex:1 1 auto;line-height:inherit!important;margin:0!important;max-height:none!important;max-width:100%!important;min-height:0!important;min-width:7rem;padding:0!important;text-indent:0!important;-webkit-user-select:auto!important;-moz-user-select:auto!important;-ms-user-select:auto!important;user-select:auto!important}.ts-control>input::-ms-clear{display:none}.ts-control>input:focus{outline:none!important}.has-items .ts-control>input{margin:0 4px!important}.ts-control.rtl{text-align:right}.ts-control.rtl.single .ts-control:after{left:calc(.75rem + 5px);right:auto}.ts-control.rtl .ts-control>input{margin:0 4px 0 -2px!important}.disabled .ts-control{background-color:var(--bs-secondary-bg);opacity:.5}.input-hidden .ts-control>input{left:-10000px;opacity:0;position:absolute}.ts-dropdown{background:var(--bs-body-bg);border:1px solid #d0d0d0;border-radius:0 0 var(--bs-border-radius) var(--bs-border-radius);border-top:0;box-shadow:0 1px 3px rgba(0,0,0,.1);box-sizing:border-box;left:0;margin:.25rem 0 0;position:absolute;top:100%;width:100%;z-index:10}.ts-dropdown [data-selectable]{cursor:pointer;overflow:hidden}.ts-dropdown [data-selectable] .highlight{background:rgba(255,237,40,.4);border-radius:1px}.ts-dropdown .create,.ts-dropdown .no-results,.ts-dropdown .optgroup-header,.ts-dropdown .option{padding:3px .75rem}.ts-dropdown .option,.ts-dropdown [data-disabled],.ts-dropdown [data-disabled] [data-selectable].option{cursor:inherit;opacity:.5}.ts-dropdown [data-selectable].option{cursor:pointer;opacity:1}.ts-dropdown .optgroup:first-child .optgroup-header{border-top:0}.ts-dropdown .optgroup-header{background:var(--bs-body-bg);color:#6c757d;cursor:default}.ts-dropdown .active{background-color:var(--bs-tertiary-bg)}.ts-dropdown .active,.ts-dropdown .active.create{color:var(--bs-body-color)}.ts-dropdown .create{color:rgba(52,58,64,.5)}.ts-dropdown .spinner{display:inline-block;height:30px;margin:3px .75rem;width:30px}.ts-dropdown .spinner:after{animation:lds-dual-ring 1.2s linear infinite;border-color:#d0d0d0 transparent;border-radius:50%;border-style:solid;border-width:5px;content:" ";display:block;height:24px;margin:3px;width:24px}@keyframes lds-dual-ring{0%{transform:rotate(0deg)}to{transform:rotate(1turn)}}.ts-dropdown-content{max-height:200px;overflow:hidden auto;scroll-behavior:smooth}.ts-wrapper.plugin-drag_drop .ts-dragging{color:transparent!important}.ts-wrapper.plugin-drag_drop .ts-dragging>*{visibility:hidden!important}.plugin-checkbox_options:not(.rtl) .option input{margin-right:.5rem}.plugin-checkbox_options.rtl .option input{margin-left:.5rem}.plugin-clear_button{--ts-pr-clear-button:1em}.plugin-clear_button .clear-button{background:transparent!important;cursor:pointer;margin-right:0!important;opacity:0;position:absolute;right:calc(.75rem - 5px);top:50%;transform:translateY(-50%);transition:opacity .5s}.plugin-clear_button.form-select .clear-button,.plugin-clear_button.single .clear-button{right:max(var(--ts-pr-caret),.75rem)}.plugin-clear_button.focus.has-items .clear-button,.plugin-clear_button:not(.disabled):hover.has-items .clear-button{opacity:1}.ts-wrapper .dropdown-header{background:color-mix(var(--bs-body-bg),#d0d0d0,85%);border-bottom:1px solid #d0d0d0;border-radius:var(--bs-border-radius) var(--bs-border-radius) 0 0;padding:6px .75rem;position:relative}.ts-wrapper .dropdown-header-close{color:#343a40;font-size:20px!important;line-height:20px;margin-top:-12px;opacity:.4;position:absolute;right:.75rem;top:50%}.ts-wrapper .dropdown-header-close:hover{color:#000}.plugin-dropdown_input.focus.dropdown-active .ts-control{border:1px solid var(--bs-border-color);box-shadow:none;box-shadow:var(--bs-box-shadow-inset)}.plugin-dropdown_input .dropdown-input{background:transparent;border:solid #d0d0d0;border-width:0 0 1px;box-shadow:none;display:block;padding:.375rem .75rem;width:100%}.plugin-dropdown_input.focus .ts-dropdown .dropdown-input{border-color:#86b7fe;box-shadow:0 0 0 .25rem rgba(13,110,253,.25);outline:0}.plugin-dropdown_input .items-placeholder{border:0!important;box-shadow:none!important;width:100%}.plugin-dropdown_input.dropdown-active .items-placeholder,.plugin-dropdown_input.has-items .items-placeholder{display:none!important}.ts-wrapper.plugin-input_autogrow.has-items .ts-control>input{min-width:0}.ts-wrapper.plugin-input_autogrow.has-items.focus .ts-control>input{flex:none;min-width:4px}.ts-wrapper.plugin-input_autogrow.has-items.focus .ts-control>input::-ms-input-placeholder{color:transparent}.ts-wrapper.plugin-input_autogrow.has-items.focus .ts-control>input::placeholder{color:transparent}.ts-dropdown.plugin-optgroup_columns .ts-dropdown-content{display:flex}.ts-dropdown.plugin-optgroup_columns .optgroup{border-right:1px solid #f2f2f2;border-top:0;flex-basis:0;flex-grow:1;min-width:0}.ts-dropdown.plugin-optgroup_columns .optgroup:last-child{border-right:0}.ts-dropdown.plugin-optgroup_columns .optgroup:before{display:none}.ts-dropdown.plugin-optgroup_columns .optgroup-header{border-top:0}.ts-wrapper.plugin-remove_button .item{align-items:center;display:inline-flex}.ts-wrapper.plugin-remove_button .item .remove{border-radius:0 2px 2px 0;box-sizing:border-box;color:inherit;display:inline-block;padding:0 5px;text-decoration:none;vertical-align:middle}.ts-wrapper.plugin-remove_button .item .remove:hover{background:rgba(0,0,0,.05)}.ts-wrapper.plugin-remove_button.disabled .item .remove:hover{background:none}.ts-wrapper.plugin-remove_button .remove-single{font-size:23px;position:absolute;right:0;top:0}.ts-wrapper.plugin-remove_button:not(.rtl) .item{padding-right:0!important}.ts-wrapper.plugin-remove_button:not(.rtl) .item .remove{border-left:1px solid #dee2e6;margin-left:5px}.ts-wrapper.plugin-remove_button:not(.rtl) .item.active .remove{border-left-color:transparent}.ts-wrapper.plugin-remove_button:not(.rtl).disabled .item .remove{border-left-color:#fff}.ts-wrapper.plugin-remove_button.rtl .item{padding-left:0!important}.ts-wrapper.plugin-remove_button.rtl .item .remove{border-right:1px solid #dee2e6;margin-right:5px}.ts-wrapper.plugin-remove_button.rtl .item.active .remove{border-right-color:transparent}.ts-wrapper.plugin-remove_button.rtl.disabled .item .remove{border-right-color:#fff}:root{--ts-pr-clear-button:0px;--ts-pr-caret:0px;--ts-pr-min:.75rem}.ts-wrapper.single .ts-control,.ts-wrapper.single .ts-control input{cursor:pointer}.ts-control:not(.rtl){padding-right:max(var(--ts-pr-min),var(--ts-pr-clear-button) + var(--ts-pr-caret))!important}.ts-control.rtl{padding-left:max(var(--ts-pr-min),var(--ts-pr-clear-button) + var(--ts-pr-caret))!important}.ts-wrapper{position:relative}.ts-control,.ts-control input,.ts-dropdown{color:#343a40;font-family:inherit;font-size:inherit;line-height:1.5}.ts-control,.ts-wrapper.single.input-active .ts-control{background:var(--bs-body-bg);cursor:text}.ts-hidden-accessible{border:0!important;clip:rect(0 0 0 0)!important;-webkit-clip-path:inset(50%)!important;clip-path:inset(50%)!important;overflow:hidden!important;padding:0!important;position:absolute!important;white-space:nowrap!important;width:1px!important}.ts-dropdown,.ts-dropdown.form-control,.ts-dropdown.form-select{background:var(--bs-body-bg);border:1px solid var(--bs-border-color-translucent);border-radius:.375rem;box-shadow:0 6px 12px rgba(0,0,0,.175);height:auto;padding:0;z-index:1000}.ts-dropdown .optgroup-header{font-size:.875rem;line-height:1.5}.ts-dropdown .optgroup:first-child:before{display:none}.ts-dropdown .optgroup:before{border-top:1px solid var(--bs-border-color-translucent);content:" ";display:block;height:0;margin:.5rem -.75rem;overflow:hidden}.ts-dropdown .create{padding-left:.75rem}.ts-dropdown-content{padding:5px 0}.ts-control{align-items:center;display:flex;transition:border-color .15s ease-in-out,box-shadow .15s ease-in-out}@media (prefers-reduced-motion:reduce){.ts-control{transition:none}}.focus .ts-control{border-color:#86b7fe;box-shadow:0 0 0 .25rem rgba(13,110,253,.25);outline:0}.ts-control .item{align-items:center;display:flex}.ts-wrapper.is-invalid,.was-validated .invalid,.was-validated :invalid+.ts-wrapper{border-color:var(--bs-form-invalid-color)}.ts-wrapper.is-invalid:not(.single),.was-validated .invalid:not(.single),.was-validated :invalid+.ts-wrapper:not(.single){background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%23dc3545' viewBox='0 0 12 12'%3E%3Ccircle cx='6' cy='6' r='4.5'/%3E%3Cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3E%3Ccircle cx='6' cy='8.2' r='.6' fill='%23dc3545' stroke='none'/%3E%3C/svg%3E");background-position:right calc(.375em + .1875rem) center;background-repeat:no-repeat;background-size:calc(.75em + .375rem) calc(.75em + .375rem)}.ts-wrapper.is-invalid.single,.was-validated .invalid.single,.was-validated :invalid+.ts-wrapper.single{background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16'%3E%3Cpath fill='none' stroke='%23343a40' stroke-linecap='round' stroke-linejoin='round' stroke-width='2' d='m2 5 6 6 6-6'/%3E%3C/svg%3E"),url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' fill='none' stroke='%23dc3545' viewBox='0 0 12 12'%3E%3Ccircle cx='6' cy='6' r='4.5'/%3E%3Cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3E%3Ccircle cx='6' cy='8.2' r='.6' fill='%23dc3545' stroke='none'/%3E%3C/svg%3E");background-position:right .75rem center,center right 2.25rem;background-repeat:no-repeat;background-size:16px 12px,calc(.75em + .375rem) calc(.75em + .375rem)}.ts-wrapper.is-invalid.focus .ts-control,.was-validated .invalid.focus .ts-control,.was-validated :invalid+.ts-wrapper.focus .ts-control{border-color:var(--bs-form-invalid-color);box-shadow:0 0 0 .25rem rgba(var(--bs-form-invalid-color),.25)}.ts-wrapper.is-valid,.was-validated .valid,.was-validated :valid+.ts-wrapper{border-color:var(--bs-form-valid-color)}.ts-wrapper.is-valid:not(.single),.was-validated .valid:not(.single),.was-validated :valid+.ts-wrapper:not(.single){background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 8 8'%3E%3Cpath fill='%23198754' d='M2.3 6.73.6 4.53c-.4-1.04.46-1.4 1.1-.8l1.1 1.4 3.4-3.8c.6-.63 1.6-.27 1.2.7l-4 4.6c-.43.5-.8.4-1.1.1'/%3E%3C/svg%3E");background-position:right calc(.375em + .1875rem) center;background-repeat:no-repeat;background-size:calc(.75em + .375rem) calc(.75em + .375rem)}.ts-wrapper.is-valid.single,.was-validated .valid.single,.was-validated :valid+.ts-wrapper.single{background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16'%3E%3Cpath fill='none' stroke='%23343a40' stroke-linecap='round' stroke-linejoin='round' stroke-width='2' d='m2 5 6 6 6-6'/%3E%3C/svg%3E"),url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 8 8'%3E%3Cpath fill='%23198754' d='M2.3 6.73.6 4.53c-.4-1.04.46-1.4 1.1-.8l1.1 1.4 3.4-3.8c.6-.63 1.6-.27 1.2.7l-4 4.6c-.43.5-.8.4-1.1.1'/%3E%3C/svg%3E");background-position:right .75rem center,center right 2.25rem;background-repeat:no-repeat;background-size:16px 12px,calc(.75em + .375rem) calc(.75em + .375rem)}.ts-wrapper.is-valid.focus .ts-control,.was-validated .valid.focus .ts-control,.was-validated :valid+.ts-wrapper.focus .ts-control{border-color:var(--bs-form-valid-color);box-shadow:0 0 0 .25rem rgba(var(--bs-form-valid-color),.25)}.ts-wrapper{display:flex;min-height:calc(1.5em + .75rem + var(--bs-border-width)*2)}.input-group-sm>.ts-wrapper,.ts-wrapper.form-control-sm,.ts-wrapper.form-select-sm{min-height:calc(1.5em + .5rem + var(--bs-border-width)*2)}.input-group-sm>.ts-wrapper .ts-control,.ts-wrapper.form-control-sm .ts-control,.ts-wrapper.form-select-sm .ts-control{border-radius:var(--bs-border-radius-sm);font-size:.875rem}.input-group-sm>.ts-wrapper.has-items .ts-control,.ts-wrapper.form-control-sm.has-items .ts-control,.ts-wrapper.form-select-sm.has-items .ts-control{font-size:.875rem;padding-bottom:0}.input-group-sm>.ts-wrapper.multi.has-items .ts-control,.ts-wrapper.form-control-sm.multi.has-items .ts-control,.ts-wrapper.form-select-sm.multi.has-items .ts-control{padding-top:calc(.75em - .40625rem + var(--bs-border-width)*2/2 - (var(--bs-border-width) + 1px)*2/2)!important}.ts-wrapper.multi.has-items .ts-control{padding-left:calc(.75rem - 5px);--ts-pr-min:calc(0.75rem - 5px)}.ts-wrapper.multi .ts-control>div{border-radius:calc(var(--bs-border-radius) - 1px)}.input-group-lg>.ts-wrapper,.ts-wrapper.form-control-lg,.ts-wrapper.form-select-lg{min-height:calc(1.5em + 1rem + var(--bs-border-width)*2)}.input-group-lg>.ts-wrapper .ts-control,.ts-wrapper.form-control-lg .ts-control,.ts-wrapper.form-select-lg .ts-control{border-radius:var(--bs-border-radius-lg);font-size:1.25rem}.ts-wrapper:not(.form-control,.form-select){background:none;border:none;box-shadow:none;height:auto;padding:0}.ts-wrapper:not(.form-control,.form-select).single .ts-control{background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16'%3E%3Cpath fill='none' stroke='%23343a40' stroke-linecap='round' stroke-linejoin='round' stroke-width='2' d='m2 5 6 6 6-6'/%3E%3C/svg%3E");background-position:right .75rem center;background-repeat:no-repeat;background-size:16px 12px}.ts-wrapper.form-select,.ts-wrapper.single{--ts-pr-caret:2.25rem}.ts-wrapper.form-control,.ts-wrapper.form-select{box-shadow:none;display:flex;height:auto;padding:0!important}.ts-wrapper.form-control .ts-control,.ts-wrapper.form-control.single.input-active .ts-control,.ts-wrapper.form-select .ts-control,.ts-wrapper.form-select.single.input-active .ts-control{border:none!important}.ts-wrapper.form-control:not(.disabled) .ts-control,.ts-wrapper.form-control:not(.disabled).single.input-active .ts-control,.ts-wrapper.form-select:not(.disabled) .ts-control,.ts-wrapper.form-select:not(.disabled).single.input-active .ts-control{background:transparent!important}.input-group>.ts-wrapper{flex-grow:1;width:1%}.input-group>.ts-wrapper:not(:nth-child(2))>.ts-control{border-bottom-left-radius:0;border-top-left-radius:0}.input-group>.ts-wrapper:not(:last-child)>.ts-control{border-bottom-right-radius:0;border-top-right-radius:0}
+/*# sourceMappingURL=tom-select.bootstrap5.min.css.map */
\ No newline at end of file
diff --git a/static/lib/js/tom-select.complete.min.js b/static/lib/js/tom-select.complete.min.js
new file mode 100644
index 0000000..d0b9d30
--- /dev/null
+++ b/static/lib/js/tom-select.complete.min.js
@@ -0,0 +1,444 @@
+/**
+* Tom Select v2.4.3
+* Licensed under the Apache License, Version 2.0 (the "License");
+*/
+!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).TomSelect=t()}(this,(function(){"use strict"
+function e(e,t){e.split(/\s+/).forEach((e=>{t(e)}))}class t{constructor(){this._events={}}on(t,s){e(t,(e=>{const t=this._events[e]||[]
+t.push(s),this._events[e]=t}))}off(t,s){var i=arguments.length
+0!==i?e(t,(e=>{if(1===i)return void delete this._events[e]
+const t=this._events[e]
+void 0!==t&&(t.splice(t.indexOf(s),1),this._events[e]=t)})):this._events={}}trigger(t,...s){var i=this
+e(t,(e=>{const t=i._events[e]
+void 0!==t&&t.forEach((e=>{e.apply(i,s)}))}))}}const s=e=>(e=e.filter(Boolean)).length<2?e[0]||"":1==l(e)?"["+e.join("")+"]":"(?:"+e.join("|")+")",i=e=>{if(!o(e))return e.join("")
+let t="",s=0
+const i=()=>{s>1&&(t+="{"+s+"}")}
+return e.forEach(((n,o)=>{n!==e[o-1]?(i(),t+=n,s=1):s++})),i(),t},n=e=>{let t=Array.from(e)
+return s(t)},o=e=>new Set(e).size!==e.length,r=e=>(e+"").replace(/([\$\(\)\*\+\.\?\[\]\^\{\|\}\\])/gu,"\\$1"),l=e=>e.reduce(((e,t)=>Math.max(e,a(t))),0),a=e=>Array.from(e).length,c=e=>{if(1===e.length)return[[e]]
+let t=[]
+const s=e.substring(1)
+return c(s).forEach((function(s){let i=s.slice(0)
+i[0]=e.charAt(0)+i[0],t.push(i),i=s.slice(0),i.unshift(e.charAt(0)),t.push(i)})),t},d=[[0,65535]]
+let u,p
+const h={},g={"/":"⁄∕",0:"߀",a:"ⱥɐɑ",aa:"ꜳ",ae:"æǽǣ",ao:"ꜵ",au:"ꜷ",av:"ꜹꜻ",ay:"ꜽ",b:"ƀɓƃ",c:"ꜿƈȼↄ",d:"đɗɖᴅƌꮷԁɦ",e:"ɛǝᴇɇ",f:"ꝼƒ",g:"ǥɠꞡᵹꝿɢ",h:"ħⱨⱶɥ",i:"ɨı",j:"ɉȷ",k:"ƙⱪꝁꝃꝅꞣ",l:"łƚɫⱡꝉꝇꞁɭ",m:"ɱɯϻ",n:"ꞥƞɲꞑᴎлԉ",o:"øǿɔɵꝋꝍᴑ",oe:"œ",oi:"ƣ",oo:"ꝏ",ou:"ȣ",p:"ƥᵽꝑꝓꝕρ",q:"ꝗꝙɋ",r:"ɍɽꝛꞧꞃ",s:"ßȿꞩꞅʂ",t:"ŧƭʈⱦꞇ",th:"þ",tz:"ꜩ",u:"ʉ",v:"ʋꝟʌ",vy:"ꝡ",w:"ⱳ",y:"ƴɏỿ",z:"ƶȥɀⱬꝣ",hv:"ƕ"}
+for(let e in g){let t=g[e]||""
+for(let s=0;s<t.length;s++){let i=t.substring(s,s+1)
+h[i]=e}}const f=new RegExp(Object.keys(h).join("|")+"|[̀-ͯ·ʾʼ]","gu"),m=(e,t="NFKD")=>e.normalize(t),v=e=>Array.from(e).reduce(((e,t)=>e+y(t)),""),y=e=>(e=m(e).toLowerCase().replace(f,(e=>h[e]||"")),m(e,"NFC"))
+const O=e=>{const t={},s=(e,s)=>{const i=t[e]||new Set,o=new RegExp("^"+n(i)+"$","iu")
+s.match(o)||(i.add(r(s)),t[e]=i)}
+for(let t of function*(e){for(const[t,s]of e)for(let e=t;e<=s;e++){let t=String.fromCharCode(e),s=v(t)
+s!=t.toLowerCase()&&(s.length>3||0!=s.length&&(yield{folded:s,composed:t,code_point:e}))}}(e))s(t.folded,t.folded),s(t.folded,t.composed)
+return t},b=e=>{const t=O(e),i={}
+let o=[]
+for(let e in t){let s=t[e]
+s&&(i[e]=n(s)),e.length>1&&o.push(r(e))}o.sort(((e,t)=>t.length-e.length))
+const l=s(o)
+return p=new RegExp("^"+l,"u"),i},w=(e,t=1)=>(t=Math.max(t,e.length-1),s(c(e).map((e=>((e,t=1)=>{let s=0
+return e=e.map((e=>(u[e]&&(s+=e.length),u[e]||e))),s>=t?i(e):""})(e,t))))),_=(e,t=!0)=>{let n=e.length>1?1:0
+return s(e.map((e=>{let s=[]
+const o=t?e.length():e.length()-1
+for(let t=0;t<o;t++)s.push(w(e.substrs[t]||"",n))
+return i(s)})))},C=(e,t)=>{for(const s of t){if(s.start!=e.start||s.end!=e.end)continue
+if(s.substrs.join("")!==e.substrs.join(""))continue
+let t=e.parts
+const i=e=>{for(const s of t){if(s.start===e.start&&s.substr===e.substr)return!1
+if(1!=e.length&&1!=s.length){if(e.start<s.start&&e.end>s.start)return!0
+if(s.start<e.start&&s.end>e.start)return!0}}return!1}
+if(!(s.parts.filter(i).length>0))return!0}return!1}
+class S{parts
+substrs
+start
+end
+constructor(){this.parts=[],this.substrs=[],this.start=0,this.end=0}add(e){e&&(this.parts.push(e),this.substrs.push(e.substr),this.start=Math.min(e.start,this.start),this.end=Math.max(e.end,this.end))}last(){return this.parts[this.parts.length-1]}length(){return this.parts.length}clone(e,t){let s=new S,i=JSON.parse(JSON.stringify(this.parts)),n=i.pop()
+for(const e of i)s.add(e)
+let o=t.substr.substring(0,e-n.start),r=o.length
+return s.add({start:n.start,end:n.start+r,length:r,substr:o}),s}}const I=e=>{void 0===u&&(u=b(d)),e=v(e)
+let t="",s=[new S]
+for(let i=0;i<e.length;i++){let n=e.substring(i).match(p)
+const o=e.substring(i,i+1),r=n?n[0]:null
+let l=[],a=new Set
+for(const e of s){const t=e.last()
+if(!t||1==t.length||t.end<=i)if(r){const t=r.length
+e.add({start:i,end:i+t,length:t,substr:r}),a.add("1")}else e.add({start:i,end:i+1,length:1,substr:o}),a.add("2")
+else if(r){let s=e.clone(i,t)
+const n=r.length
+s.add({start:i,end:i+n,length:n,substr:r}),l.push(s)}else a.add("3")}if(l.length>0){l=l.sort(((e,t)=>e.length()-t.length()))
+for(let e of l)C(e,s)||s.push(e)}else if(i>0&&1==a.size&&!a.has("3")){t+=_(s,!1)
+let e=new S
+const i=s[0]
+i&&e.add(i.last()),s=[e]}}return t+=_(s,!0),t},A=(e,t)=>{if(e)return e[t]},k=(e,t)=>{if(e){for(var s,i=t.split(".");(s=i.shift())&&(e=e[s]););return e}},x=(e,t,s)=>{var i,n
+return e?(e+="",null==t.regex||-1===(n=e.search(t.regex))?0:(i=t.string.length/e.length,0===n&&(i+=.5),i*s)):0},F=(e,t)=>{var s=e[t]
+if("function"==typeof s)return s
+s&&!Array.isArray(s)&&(e[t]=[s])},L=(e,t)=>{if(Array.isArray(e))e.forEach(t)
+else for(var s in e)e.hasOwnProperty(s)&&t(e[s],s)},E=(e,t)=>"number"==typeof e&&"number"==typeof t?e>t?1:e<t?-1:0:(e=v(e+"").toLowerCase())>(t=v(t+"").toLowerCase())?1:t>e?-1:0
+class T{items
+settings
+constructor(e,t){this.items=e,this.settings=t||{diacritics:!0}}tokenize(e,t,s){if(!e||!e.length)return[]
+const i=[],n=e.split(/\s+/)
+var o
+return s&&(o=new RegExp("^("+Object.keys(s).map(r).join("|")+"):(.*)$")),n.forEach((e=>{let s,n=null,l=null
+o&&(s=e.match(o))&&(n=s[1],e=s[2]),e.length>0&&(l=this.settings.diacritics?I(e)||null:r(e),l&&t&&(l="\\b"+l)),i.push({string:e,regex:l?new RegExp(l,"iu"):null,field:n})})),i}getScoreFunction(e,t){var s=this.prepareSearch(e,t)
+return this._getScoreFunction(s)}_getScoreFunction(e){const t=e.tokens,s=t.length
+if(!s)return function(){return 0}
+const i=e.options.fields,n=e.weights,o=i.length,r=e.getAttrFn
+if(!o)return function(){return 1}
+const l=1===o?function(e,t){const s=i[0].field
+return x(r(t,s),e,n[s]||1)}:function(e,t){var s=0
+if(e.field){const i=r(t,e.field)
+!e.regex&&i?s+=1/o:s+=x(i,e,1)}else L(n,((i,n)=>{s+=x(r(t,n),e,i)}))
+return s/o}
+return 1===s?function(e){return l(t[0],e)}:"and"===e.options.conjunction?function(e){var i,n=0
+for(let s of t){if((i=l(s,e))<=0)return 0
+n+=i}return n/s}:function(e){var i=0
+return L(t,(t=>{i+=l(t,e)})),i/s}}getSortFunction(e,t){var s=this.prepareSearch(e,t)
+return this._getSortFunction(s)}_getSortFunction(e){var t,s=[]
+const i=this,n=e.options,o=!e.query&&n.sort_empty?n.sort_empty:n.sort
+if("function"==typeof o)return o.bind(this)
+const r=function(t,s){return"$score"===t?s.score:e.getAttrFn(i.items[s.id],t)}
+if(o)for(let t of o)(e.query||"$score"!==t.field)&&s.push(t)
+if(e.query){t=!0
+for(let e of s)if("$score"===e.field){t=!1
+break}t&&s.unshift({field:"$score",direction:"desc"})}else s=s.filter((e=>"$score"!==e.field))
+return s.length?function(e,t){var i,n
+for(let o of s){if(n=o.field,i=("desc"===o.direction?-1:1)*E(r(n,e),r(n,t)))return i}return 0}:null}prepareSearch(e,t){const s={}
+var i=Object.assign({},t)
+if(F(i,"sort"),F(i,"sort_empty"),i.fields){F(i,"fields")
+const e=[]
+i.fields.forEach((t=>{"string"==typeof t&&(t={field:t,weight:1}),e.push(t),s[t.field]="weight"in t?t.weight:1})),i.fields=e}return{options:i,query:e.toLowerCase().trim(),tokens:this.tokenize(e,i.respect_word_boundaries,s),total:0,items:[],weights:s,getAttrFn:i.nesting?k:A}}search(e,t){var s,i,n=this
+i=this.prepareSearch(e,t),t=i.options,e=i.query
+const o=t.score||n._getScoreFunction(i)
+e.length?L(n.items,((e,n)=>{s=o(e),(!1===t.filter||s>0)&&i.items.push({score:s,id:n})})):L(n.items,((e,t)=>{i.items.push({score:1,id:t})}))
+const r=n._getSortFunction(i)
+return r&&i.items.sort(r),i.total=i.items.length,"number"==typeof t.limit&&(i.items=i.items.slice(0,t.limit)),i}}const P=e=>null==e?null:N(e),N=e=>"boolean"==typeof e?e?"1":"0":e+"",j=e=>(e+"").replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;"),$=(e,t)=>{var s
+return function(i,n){var o=this
+s&&(o.loading=Math.max(o.loading-1,0),clearTimeout(s)),s=setTimeout((function(){s=null,o.loadedSearches[i]=!0,e.call(o,i,n)}),t)}},V=(e,t,s)=>{var i,n=e.trigger,o={}
+for(i of(e.trigger=function(){var s=arguments[0]
+if(-1===t.indexOf(s))return n.apply(e,arguments)
+o[s]=arguments},s.apply(e,[]),e.trigger=n,t))i in o&&n.apply(e,o[i])},q=(e,t=!1)=>{e&&(e.preventDefault(),t&&e.stopPropagation())},D=(e,t,s,i)=>{e.addEventListener(t,s,i)},H=(e,t)=>!!t&&(!!t[e]&&1===(t.altKey?1:0)+(t.ctrlKey?1:0)+(t.shiftKey?1:0)+(t.metaKey?1:0)),R=(e,t)=>{const s=e.getAttribute("id")
+return s||(e.setAttribute("id",t),t)},M=e=>e.replace(/[\\"']/g,"\\$&"),z=(e,t)=>{t&&e.append(t)},B=(e,t)=>{if(Array.isArray(e))e.forEach(t)
+else for(var s in e)e.hasOwnProperty(s)&&t(e[s],s)},K=e=>{if(e.jquery)return e[0]
+if(e instanceof HTMLElement)return e
+if(Q(e)){var t=document.createElement("template")
+return t.innerHTML=e.trim(),t.content.firstChild}return document.querySelector(e)},Q=e=>"string"==typeof e&&e.indexOf("<")>-1,G=(e,t)=>{var s=document.createEvent("HTMLEvents")
+s.initEvent(t,!0,!1),e.dispatchEvent(s)},U=(e,t)=>{Object.assign(e.style,t)},J=(e,...t)=>{var s=X(t);(e=Y(e)).map((e=>{s.map((t=>{e.classList.add(t)}))}))},W=(e,...t)=>{var s=X(t);(e=Y(e)).map((e=>{s.map((t=>{e.classList.remove(t)}))}))},X=e=>{var t=[]
+return B(e,(e=>{"string"==typeof e&&(e=e.trim().split(/[\t\n\f\r\s]/)),Array.isArray(e)&&(t=t.concat(e))})),t.filter(Boolean)},Y=e=>(Array.isArray(e)||(e=[e]),e),Z=(e,t,s)=>{if(!s||s.contains(e))for(;e&&e.matches;){if(e.matches(t))return e
+e=e.parentNode}},ee=(e,t=0)=>t>0?e[e.length-1]:e[0],te=(e,t)=>{if(!e)return-1
+t=t||e.nodeName
+for(var s=0;e=e.previousElementSibling;)e.matches(t)&&s++
+return s},se=(e,t)=>{B(t,((t,s)=>{null==t?e.removeAttribute(s):e.setAttribute(s,""+t)}))},ie=(e,t)=>{e.parentNode&&e.parentNode.replaceChild(t,e)},ne=(e,t)=>{if(null===t)return
+if("string"==typeof t){if(!t.length)return
+t=new RegExp(t,"i")}const s=e=>3===e.nodeType?(e=>{var s=e.data.match(t)
+if(s&&e.data.length>0){var i=document.createElement("span")
+i.className="highlight"
+var n=e.splitText(s.index)
+n.splitText(s[0].length)
+var o=n.cloneNode(!0)
+return i.appendChild(o),ie(n,i),1}return 0})(e):((e=>{1!==e.nodeType||!e.childNodes||/(script|style)/i.test(e.tagName)||"highlight"===e.className&&"SPAN"===e.tagName||Array.from(e.childNodes).forEach((e=>{s(e)}))})(e),0)
+s(e)},oe="undefined"!=typeof navigator&&/Mac/.test(navigator.userAgent)?"metaKey":"ctrlKey"
+var re={options:[],optgroups:[],plugins:[],delimiter:",",splitOn:null,persist:!0,diacritics:!0,create:null,createOnBlur:!1,createFilter:null,highlight:!0,openOnFocus:!0,shouldOpen:null,maxOptions:50,maxItems:null,hideSelected:null,duplicates:!1,addPrecedence:!1,selectOnTab:!1,preload:null,allowEmptyOption:!1,refreshThrottle:300,loadThrottle:300,loadingClass:"loading",dataAttr:null,optgroupField:"optgroup",valueField:"value",labelField:"text",disabledField:"disabled",optgroupLabelField:"label",optgroupValueField:"value",lockOptgroupOrder:!1,sortField:"$order",searchField:["text"],searchConjunction:"and",mode:null,wrapperClass:"ts-wrapper",controlClass:"ts-control",dropdownClass:"ts-dropdown",dropdownContentClass:"ts-dropdown-content",itemClass:"item",optionClass:"option",dropdownParent:null,controlInput:'<input type="text" autocomplete="off" size="1" />',copyClassesToDropdown:!1,placeholder:null,hidePlaceholder:null,shouldLoad:function(e){return e.length>0},render:{}}
+function le(e,t){var s=Object.assign({},re,t),i=s.dataAttr,n=s.labelField,o=s.valueField,r=s.disabledField,l=s.optgroupField,a=s.optgroupLabelField,c=s.optgroupValueField,d=e.tagName.toLowerCase(),u=e.getAttribute("placeholder")||e.getAttribute("data-placeholder")
+if(!u&&!s.allowEmptyOption){let t=e.querySelector('option[value=""]')
+t&&(u=t.textContent)}var p={placeholder:u,options:[],optgroups:[],items:[],maxItems:null}
+return"select"===d?(()=>{var t,d=p.options,u={},h=1
+let g=0
+var f=e=>{var t=Object.assign({},e.dataset),s=i&&t[i]
+return"string"==typeof s&&s.length&&(t=Object.assign(t,JSON.parse(s))),t},m=(e,t)=>{var i=P(e.value)
+if(null!=i&&(i||s.allowEmptyOption)){if(u.hasOwnProperty(i)){if(t){var a=u[i][l]
+a?Array.isArray(a)?a.push(t):u[i][l]=[a,t]:u[i][l]=t}}else{var c=f(e)
+c[n]=c[n]||e.textContent,c[o]=c[o]||i,c[r]=c[r]||e.disabled,c[l]=c[l]||t,c.$option=e,c.$order=c.$order||++g,u[i]=c,d.push(c)}e.selected&&p.items.push(i)}}
+p.maxItems=e.hasAttribute("multiple")?null:1,B(e.children,(e=>{var s,i,n
+"optgroup"===(t=e.tagName.toLowerCase())?((n=f(s=e))[a]=n[a]||s.getAttribute("label")||"",n[c]=n[c]||h++,n[r]=n[r]||s.disabled,n.$order=n.$order||++g,p.optgroups.push(n),i=n[c],B(s.children,(e=>{m(e,i)}))):"option"===t&&m(e)}))})():(()=>{const t=e.getAttribute(i)
+if(t)p.options=JSON.parse(t),B(p.options,(e=>{p.items.push(e[o])}))
+else{var r=e.value.trim()||""
+if(!s.allowEmptyOption&&!r.length)return
+const t=r.split(s.delimiter)
+B(t,(e=>{const t={}
+t[n]=e,t[o]=e,p.options.push(t)})),p.items=t}})(),Object.assign({},re,p,t)}var ae=0
+class ce extends(function(e){return e.plugins={},class extends e{constructor(...e){super(...e),this.plugins={names:[],settings:{},requested:{},loaded:{}}}static define(t,s){e.plugins[t]={name:t,fn:s}}initializePlugins(e){var t,s
+const i=this,n=[]
+if(Array.isArray(e))e.forEach((e=>{"string"==typeof e?n.push(e):(i.plugins.settings[e.name]=e.options,n.push(e.name))}))
+else if(e)for(t in e)e.hasOwnProperty(t)&&(i.plugins.settings[t]=e[t],n.push(t))
+for(;s=n.shift();)i.require(s)}loadPlugin(t){var s=this,i=s.plugins,n=e.plugins[t]
+if(!e.plugins.hasOwnProperty(t))throw new Error('Unable to find "'+t+'" plugin')
+i.requested[t]=!0,i.loaded[t]=n.fn.apply(s,[s.plugins.settings[t]||{}]),i.names.push(t)}require(e){var t=this,s=t.plugins
+if(!t.plugins.loaded.hasOwnProperty(e)){if(s.requested[e])throw new Error('Plugin has circular dependency ("'+e+'")')
+t.loadPlugin(e)}return s.loaded[e]}}}(t)){constructor(e,t){var s
+super(),this.order=0,this.isOpen=!1,this.isDisabled=!1,this.isReadOnly=!1,this.isInvalid=!1,this.isValid=!0,this.isLocked=!1,this.isFocused=!1,this.isInputHidden=!1,this.isSetup=!1,this.ignoreFocus=!1,this.ignoreHover=!1,this.hasOptions=!1,this.lastValue="",this.caretPos=0,this.loading=0,this.loadedSearches={},this.activeOption=null,this.activeItems=[],this.optgroups={},this.options={},this.userOptions={},this.items=[],this.refreshTimeout=null,ae++
+var i=K(e)
+if(i.tomselect)throw new Error("Tom Select already initialized on this element")
+i.tomselect=this,s=(window.getComputedStyle&&window.getComputedStyle(i,null)).getPropertyValue("direction")
+const n=le(i,t)
+this.settings=n,this.input=i,this.tabIndex=i.tabIndex||0,this.is_select_tag="select"===i.tagName.toLowerCase(),this.rtl=/rtl/i.test(s),this.inputId=R(i,"tomselect-"+ae),this.isRequired=i.required,this.sifter=new T(this.options,{diacritics:n.diacritics}),n.mode=n.mode||(1===n.maxItems?"single":"multi"),"boolean"!=typeof n.hideSelected&&(n.hideSelected="multi"===n.mode),"boolean"!=typeof n.hidePlaceholder&&(n.hidePlaceholder="multi"!==n.mode)
+var o=n.createFilter
+"function"!=typeof o&&("string"==typeof o&&(o=new RegExp(o)),o instanceof RegExp?n.createFilter=e=>o.test(e):n.createFilter=e=>this.settings.duplicates||!this.options[e]),this.initializePlugins(n.plugins),this.setupCallbacks(),this.setupTemplates()
+const r=K("<div>"),l=K("<div>"),a=this._render("dropdown"),c=K('<div role="listbox" tabindex="-1">'),d=this.input.getAttribute("class")||"",u=n.mode
+var p
+if(J(r,n.wrapperClass,d,u),J(l,n.controlClass),z(r,l),J(a,n.dropdownClass,u),n.copyClassesToDropdown&&J(a,d),J(c,n.dropdownContentClass),z(a,c),K(n.dropdownParent||r).appendChild(a),Q(n.controlInput)){p=K(n.controlInput)
+B(["autocorrect","autocapitalize","autocomplete","spellcheck"],(e=>{i.getAttribute(e)&&se(p,{[e]:i.getAttribute(e)})})),p.tabIndex=-1,l.appendChild(p),this.focus_node=p}else n.controlInput?(p=K(n.controlInput),this.focus_node=p):(p=K("<input/>"),this.focus_node=l)
+this.wrapper=r,this.dropdown=a,this.dropdown_content=c,this.control=l,this.control_input=p,this.setup()}setup(){const e=this,t=e.settings,s=e.control_input,i=e.dropdown,n=e.dropdown_content,o=e.wrapper,l=e.control,a=e.input,c=e.focus_node,d={passive:!0},u=e.inputId+"-ts-dropdown"
+se(n,{id:u}),se(c,{role:"combobox","aria-haspopup":"listbox","aria-expanded":"false","aria-controls":u})
+const p=R(c,e.inputId+"-ts-control"),h="label[for='"+(e=>e.replace(/['"\\]/g,"\\$&"))(e.inputId)+"']",g=document.querySelector(h),f=e.focus.bind(e)
+if(g){D(g,"click",f),se(g,{for:p})
+const t=R(g,e.inputId+"-ts-label")
+se(c,{"aria-labelledby":t}),se(n,{"aria-labelledby":t})}if(o.style.width=a.style.width,e.plugins.names.length){const t="plugin-"+e.plugins.names.join(" plugin-")
+J([o,i],t)}(null===t.maxItems||t.maxItems>1)&&e.is_select_tag&&se(a,{multiple:"multiple"}),t.placeholder&&se(s,{placeholder:t.placeholder}),!t.splitOn&&t.delimiter&&(t.splitOn=new RegExp("\\s*"+r(t.delimiter)+"+\\s*")),t.load&&t.loadThrottle&&(t.load=$(t.load,t.loadThrottle)),D(i,"mousemove",(()=>{e.ignoreHover=!1})),D(i,"mouseenter",(t=>{var s=Z(t.target,"[data-selectable]",i)
+s&&e.onOptionHover(t,s)}),{capture:!0}),D(i,"click",(t=>{const s=Z(t.target,"[data-selectable]")
+s&&(e.onOptionSelect(t,s),q(t,!0))})),D(l,"click",(t=>{var i=Z(t.target,"[data-ts-item]",l)
+i&&e.onItemSelect(t,i)?q(t,!0):""==s.value&&(e.onClick(),q(t,!0))})),D(c,"keydown",(t=>e.onKeyDown(t))),D(s,"keypress",(t=>e.onKeyPress(t))),D(s,"input",(t=>e.onInput(t))),D(c,"blur",(t=>e.onBlur(t))),D(c,"focus",(t=>e.onFocus(t))),D(s,"paste",(t=>e.onPaste(t)))
+const m=t=>{const n=t.composedPath()[0]
+if(!o.contains(n)&&!i.contains(n))return e.isFocused&&e.blur(),void e.inputState()
+n==s&&e.isOpen?t.stopPropagation():q(t,!0)},v=()=>{e.isOpen&&e.positionDropdown()}
+D(document,"mousedown",m),D(window,"scroll",v,d),D(window,"resize",v,d),this._destroy=()=>{document.removeEventListener("mousedown",m),window.removeEventListener("scroll",v),window.removeEventListener("resize",v),g&&g.removeEventListener("click",f)},this.revertSettings={innerHTML:a.innerHTML,tabIndex:a.tabIndex},a.tabIndex=-1,a.insertAdjacentElement("afterend",e.wrapper),e.sync(!1),t.items=[],delete t.optgroups,delete t.options,D(a,"invalid",(()=>{e.isValid&&(e.isValid=!1,e.isInvalid=!0,e.refreshState())})),e.updateOriginalInput(),e.refreshItems(),e.close(!1),e.inputState(),e.isSetup=!0,a.disabled?e.disable():a.readOnly?e.setReadOnly(!0):e.enable(),e.on("change",this.onChange),J(a,"tomselected","ts-hidden-accessible"),e.trigger("initialize"),!0===t.preload&&e.preload()}setupOptions(e=[],t=[]){this.addOptions(e),B(t,(e=>{this.registerOptionGroup(e)}))}setupTemplates(){var e=this,t=e.settings.labelField,s=e.settings.optgroupLabelField,i={optgroup:e=>{let t=document.createElement("div")
+return t.className="optgroup",t.appendChild(e.options),t},optgroup_header:(e,t)=>'<div class="optgroup-header">'+t(e[s])+"</div>",option:(e,s)=>"<div>"+s(e[t])+"</div>",item:(e,s)=>"<div>"+s(e[t])+"</div>",option_create:(e,t)=>'<div class="create">Add <strong>'+t(e.input)+"</strong>&hellip;</div>",no_results:()=>'<div class="no-results">No results found</div>',loading:()=>'<div class="spinner"></div>',not_loading:()=>{},dropdown:()=>"<div></div>"}
+e.settings.render=Object.assign({},i,e.settings.render)}setupCallbacks(){var e,t,s={initialize:"onInitialize",change:"onChange",item_add:"onItemAdd",item_remove:"onItemRemove",item_select:"onItemSelect",clear:"onClear",option_add:"onOptionAdd",option_remove:"onOptionRemove",option_clear:"onOptionClear",optgroup_add:"onOptionGroupAdd",optgroup_remove:"onOptionGroupRemove",optgroup_clear:"onOptionGroupClear",dropdown_open:"onDropdownOpen",dropdown_close:"onDropdownClose",type:"onType",load:"onLoad",focus:"onFocus",blur:"onBlur"}
+for(e in s)(t=this.settings[s[e]])&&this.on(e,t)}sync(e=!0){const t=this,s=e?le(t.input,{delimiter:t.settings.delimiter}):t.settings
+t.setupOptions(s.options,s.optgroups),t.setValue(s.items||[],!0),t.lastQuery=null}onClick(){var e=this
+if(e.activeItems.length>0)return e.clearActiveItems(),void e.focus()
+e.isFocused&&e.isOpen?e.blur():e.focus()}onMouseDown(){}onChange(){G(this.input,"input"),G(this.input,"change")}onPaste(e){var t=this
+t.isInputHidden||t.isLocked?q(e):t.settings.splitOn&&setTimeout((()=>{var e=t.inputValue()
+if(e.match(t.settings.splitOn)){var s=e.trim().split(t.settings.splitOn)
+B(s,(e=>{P(e)&&(this.options[e]?t.addItem(e):t.createItem(e))}))}}),0)}onKeyPress(e){var t=this
+if(!t.isLocked){var s=String.fromCharCode(e.keyCode||e.which)
+return t.settings.create&&"multi"===t.settings.mode&&s===t.settings.delimiter?(t.createItem(),void q(e)):void 0}q(e)}onKeyDown(e){var t=this
+if(t.ignoreHover=!0,t.isLocked)9!==e.keyCode&&q(e)
+else{switch(e.keyCode){case 65:if(H(oe,e)&&""==t.control_input.value)return q(e),void t.selectAll()
+break
+case 27:return t.isOpen&&(q(e,!0),t.close()),void t.clearActiveItems()
+case 40:if(!t.isOpen&&t.hasOptions)t.open()
+else if(t.activeOption){let e=t.getAdjacent(t.activeOption,1)
+e&&t.setActiveOption(e)}return void q(e)
+case 38:if(t.activeOption){let e=t.getAdjacent(t.activeOption,-1)
+e&&t.setActiveOption(e)}return void q(e)
+case 13:return void(t.canSelect(t.activeOption)?(t.onOptionSelect(e,t.activeOption),q(e)):(t.settings.create&&t.createItem()||document.activeElement==t.control_input&&t.isOpen)&&q(e))
+case 37:return void t.advanceSelection(-1,e)
+case 39:return void t.advanceSelection(1,e)
+case 9:return void(t.settings.selectOnTab&&(t.canSelect(t.activeOption)&&(t.onOptionSelect(e,t.activeOption),q(e)),t.settings.create&&t.createItem()&&q(e)))
+case 8:case 46:return void t.deleteSelection(e)}t.isInputHidden&&!H(oe,e)&&q(e)}}onInput(e){if(this.isLocked)return
+const t=this.inputValue()
+this.lastValue!==t&&(this.lastValue=t,""!=t?(this.refreshTimeout&&window.clearTimeout(this.refreshTimeout),this.refreshTimeout=((e,t)=>t>0?window.setTimeout(e,t):(e.call(null),null))((()=>{this.refreshTimeout=null,this._onInput()}),this.settings.refreshThrottle)):this._onInput())}_onInput(){const e=this.lastValue
+this.settings.shouldLoad.call(this,e)&&this.load(e),this.refreshOptions(),this.trigger("type",e)}onOptionHover(e,t){this.ignoreHover||this.setActiveOption(t,!1)}onFocus(e){var t=this,s=t.isFocused
+if(t.isDisabled||t.isReadOnly)return t.blur(),void q(e)
+t.ignoreFocus||(t.isFocused=!0,"focus"===t.settings.preload&&t.preload(),s||t.trigger("focus"),t.activeItems.length||(t.inputState(),t.refreshOptions(!!t.settings.openOnFocus)),t.refreshState())}onBlur(e){if(!1!==document.hasFocus()){var t=this
+if(t.isFocused){t.isFocused=!1,t.ignoreFocus=!1
+var s=()=>{t.close(),t.setActiveItem(),t.setCaret(t.items.length),t.trigger("blur")}
+t.settings.create&&t.settings.createOnBlur?t.createItem(null,s):s()}}}onOptionSelect(e,t){var s,i=this
+t.parentElement&&t.parentElement.matches("[data-disabled]")||(t.classList.contains("create")?i.createItem(null,(()=>{i.settings.closeAfterSelect&&i.close()})):void 0!==(s=t.dataset.value)&&(i.lastQuery=null,i.addItem(s),i.settings.closeAfterSelect&&i.close(),!i.settings.hideSelected&&e.type&&/click/.test(e.type)&&i.setActiveOption(t)))}canSelect(e){return!!(this.isOpen&&e&&this.dropdown_content.contains(e))}onItemSelect(e,t){var s=this
+return!s.isLocked&&"multi"===s.settings.mode&&(q(e),s.setActiveItem(t,e),!0)}canLoad(e){return!!this.settings.load&&!this.loadedSearches.hasOwnProperty(e)}load(e){const t=this
+if(!t.canLoad(e))return
+J(t.wrapper,t.settings.loadingClass),t.loading++
+const s=t.loadCallback.bind(t)
+t.settings.load.call(t,e,s)}loadCallback(e,t){const s=this
+s.loading=Math.max(s.loading-1,0),s.lastQuery=null,s.clearActiveOption(),s.setupOptions(e,t),s.refreshOptions(s.isFocused&&!s.isInputHidden),s.loading||W(s.wrapper,s.settings.loadingClass),s.trigger("load",e,t)}preload(){var e=this.wrapper.classList
+e.contains("preloaded")||(e.add("preloaded"),this.load(""))}setTextboxValue(e=""){var t=this.control_input
+t.value!==e&&(t.value=e,G(t,"update"),this.lastValue=e)}getValue(){return this.is_select_tag&&this.input.hasAttribute("multiple")?this.items:this.items.join(this.settings.delimiter)}setValue(e,t){V(this,t?[]:["change"],(()=>{this.clear(t),this.addItems(e,t)}))}setMaxItems(e){0===e&&(e=null),this.settings.maxItems=e,this.refreshState()}setActiveItem(e,t){var s,i,n,o,r,l,a=this
+if("single"!==a.settings.mode){if(!e)return a.clearActiveItems(),void(a.isFocused&&a.inputState())
+if("click"===(s=t&&t.type.toLowerCase())&&H("shiftKey",t)&&a.activeItems.length){for(l=a.getLastActive(),(n=Array.prototype.indexOf.call(a.control.children,l))>(o=Array.prototype.indexOf.call(a.control.children,e))&&(r=n,n=o,o=r),i=n;i<=o;i++)e=a.control.children[i],-1===a.activeItems.indexOf(e)&&a.setActiveItemClass(e)
+q(t)}else"click"===s&&H(oe,t)||"keydown"===s&&H("shiftKey",t)?e.classList.contains("active")?a.removeActiveItem(e):a.setActiveItemClass(e):(a.clearActiveItems(),a.setActiveItemClass(e))
+a.inputState(),a.isFocused||a.focus()}}setActiveItemClass(e){const t=this,s=t.control.querySelector(".last-active")
+s&&W(s,"last-active"),J(e,"active last-active"),t.trigger("item_select",e),-1==t.activeItems.indexOf(e)&&t.activeItems.push(e)}removeActiveItem(e){var t=this.activeItems.indexOf(e)
+this.activeItems.splice(t,1),W(e,"active")}clearActiveItems(){W(this.activeItems,"active"),this.activeItems=[]}setActiveOption(e,t=!0){e!==this.activeOption&&(this.clearActiveOption(),e&&(this.activeOption=e,se(this.focus_node,{"aria-activedescendant":e.getAttribute("id")}),se(e,{"aria-selected":"true"}),J(e,"active"),t&&this.scrollToOption(e)))}scrollToOption(e,t){if(!e)return
+const s=this.dropdown_content,i=s.clientHeight,n=s.scrollTop||0,o=e.offsetHeight,r=e.getBoundingClientRect().top-s.getBoundingClientRect().top+n
+r+o>i+n?this.scroll(r-i+o,t):r<n&&this.scroll(r,t)}scroll(e,t){const s=this.dropdown_content
+t&&(s.style.scrollBehavior=t),s.scrollTop=e,s.style.scrollBehavior=""}clearActiveOption(){this.activeOption&&(W(this.activeOption,"active"),se(this.activeOption,{"aria-selected":null})),this.activeOption=null,se(this.focus_node,{"aria-activedescendant":null})}selectAll(){const e=this
+if("single"===e.settings.mode)return
+const t=e.controlChildren()
+t.length&&(e.inputState(),e.close(),e.activeItems=t,B(t,(t=>{e.setActiveItemClass(t)})))}inputState(){var e=this
+e.control.contains(e.control_input)&&(se(e.control_input,{placeholder:e.settings.placeholder}),e.activeItems.length>0||!e.isFocused&&e.settings.hidePlaceholder&&e.items.length>0?(e.setTextboxValue(),e.isInputHidden=!0):(e.settings.hidePlaceholder&&e.items.length>0&&se(e.control_input,{placeholder:""}),e.isInputHidden=!1),e.wrapper.classList.toggle("input-hidden",e.isInputHidden))}inputValue(){return this.control_input.value.trim()}focus(){var e=this
+e.isDisabled||e.isReadOnly||(e.ignoreFocus=!0,e.control_input.offsetWidth?e.control_input.focus():e.focus_node.focus(),setTimeout((()=>{e.ignoreFocus=!1,e.onFocus()}),0))}blur(){this.focus_node.blur(),this.onBlur()}getScoreFunction(e){return this.sifter.getScoreFunction(e,this.getSearchOptions())}getSearchOptions(){var e=this.settings,t=e.sortField
+return"string"==typeof e.sortField&&(t=[{field:e.sortField}]),{fields:e.searchField,conjunction:e.searchConjunction,sort:t,nesting:e.nesting}}search(e){var t,s,i=this,n=this.getSearchOptions()
+if(i.settings.score&&"function"!=typeof(s=i.settings.score.call(i,e)))throw new Error('Tom Select "score" setting must be a function that returns a function')
+return e!==i.lastQuery?(i.lastQuery=e,t=i.sifter.search(e,Object.assign(n,{score:s})),i.currentResults=t):t=Object.assign({},i.currentResults),i.settings.hideSelected&&(t.items=t.items.filter((e=>{let t=P(e.id)
+return!(t&&-1!==i.items.indexOf(t))}))),t}refreshOptions(e=!0){var t,s,i,n,o,r,l,a,c,d
+const u={},p=[]
+var h=this,g=h.inputValue()
+const f=g===h.lastQuery||""==g&&null==h.lastQuery
+var m=h.search(g),v=null,y=h.settings.shouldOpen||!1,O=h.dropdown_content
+f&&(v=h.activeOption)&&(c=v.closest("[data-group]")),n=m.items.length,"number"==typeof h.settings.maxOptions&&(n=Math.min(n,h.settings.maxOptions)),n>0&&(y=!0)
+const b=(e,t)=>{let s=u[e]
+if(void 0!==s){let e=p[s]
+if(void 0!==e)return[s,e.fragment]}let i=document.createDocumentFragment()
+return s=p.length,p.push({fragment:i,order:t,optgroup:e}),[s,i]}
+for(t=0;t<n;t++){let e=m.items[t]
+if(!e)continue
+let n=e.id,l=h.options[n]
+if(void 0===l)continue
+let a=N(n),d=h.getOption(a,!0)
+for(h.settings.hideSelected||d.classList.toggle("selected",h.items.includes(a)),o=l[h.settings.optgroupField]||"",s=0,i=(r=Array.isArray(o)?o:[o])&&r.length;s<i;s++){o=r[s]
+let e=l.$order,t=h.optgroups[o]
+void 0===t?o="":e=t.$order
+const[i,a]=b(o,e)
+s>0&&(d=d.cloneNode(!0),se(d,{id:l.$id+"-clone-"+s,"aria-selected":null}),d.classList.add("ts-cloned"),W(d,"active"),h.activeOption&&h.activeOption.dataset.value==n&&c&&c.dataset.group===o.toString()&&(v=d)),a.appendChild(d),""!=o&&(u[o]=i)}}var w
+h.settings.lockOptgroupOrder&&p.sort(((e,t)=>e.order-t.order)),l=document.createDocumentFragment(),B(p,(e=>{let t=e.fragment,s=e.optgroup
+if(!t||!t.children.length)return
+let i=h.optgroups[s]
+if(void 0!==i){let e=document.createDocumentFragment(),s=h.render("optgroup_header",i)
+z(e,s),z(e,t)
+let n=h.render("optgroup",{group:i,options:e})
+z(l,n)}else z(l,t)})),O.innerHTML="",z(O,l),h.settings.highlight&&(w=O.querySelectorAll("span.highlight"),Array.prototype.forEach.call(w,(function(e){var t=e.parentNode
+t.replaceChild(e.firstChild,e),t.normalize()})),m.query.length&&m.tokens.length&&B(m.tokens,(e=>{ne(O,e.regex)})))
+var _=e=>{let t=h.render(e,{input:g})
+return t&&(y=!0,O.insertBefore(t,O.firstChild)),t}
+if(h.loading?_("loading"):h.settings.shouldLoad.call(h,g)?0===m.items.length&&_("no_results"):_("not_loading"),(a=h.canCreate(g))&&(d=_("option_create")),h.hasOptions=m.items.length>0||a,y){if(m.items.length>0){if(v||"single"!==h.settings.mode||null==h.items[0]||(v=h.getOption(h.items[0])),!O.contains(v)){let e=0
+d&&!h.settings.addPrecedence&&(e=1),v=h.selectable()[e]}}else d&&(v=d)
+e&&!h.isOpen&&(h.open(),h.scrollToOption(v,"auto")),h.setActiveOption(v)}else h.clearActiveOption(),e&&h.isOpen&&h.close(!1)}selectable(){return this.dropdown_content.querySelectorAll("[data-selectable]")}addOption(e,t=!1){const s=this
+if(Array.isArray(e))return s.addOptions(e,t),!1
+const i=P(e[s.settings.valueField])
+return null!==i&&!s.options.hasOwnProperty(i)&&(e.$order=e.$order||++s.order,e.$id=s.inputId+"-opt-"+e.$order,s.options[i]=e,s.lastQuery=null,t&&(s.userOptions[i]=t,s.trigger("option_add",i,e)),i)}addOptions(e,t=!1){B(e,(e=>{this.addOption(e,t)}))}registerOption(e){return this.addOption(e)}registerOptionGroup(e){var t=P(e[this.settings.optgroupValueField])
+return null!==t&&(e.$order=e.$order||++this.order,this.optgroups[t]=e,t)}addOptionGroup(e,t){var s
+t[this.settings.optgroupValueField]=e,(s=this.registerOptionGroup(t))&&this.trigger("optgroup_add",s,t)}removeOptionGroup(e){this.optgroups.hasOwnProperty(e)&&(delete this.optgroups[e],this.clearCache(),this.trigger("optgroup_remove",e))}clearOptionGroups(){this.optgroups={},this.clearCache(),this.trigger("optgroup_clear")}updateOption(e,t){const s=this
+var i,n
+const o=P(e),r=P(t[s.settings.valueField])
+if(null===o)return
+const l=s.options[o]
+if(null==l)return
+if("string"!=typeof r)throw new Error("Value must be set in option data")
+const a=s.getOption(o),c=s.getItem(o)
+if(t.$order=t.$order||l.$order,delete s.options[o],s.uncacheValue(r),s.options[r]=t,a){if(s.dropdown_content.contains(a)){const e=s._render("option",t)
+ie(a,e),s.activeOption===a&&s.setActiveOption(e)}a.remove()}c&&(-1!==(n=s.items.indexOf(o))&&s.items.splice(n,1,r),i=s._render("item",t),c.classList.contains("active")&&J(i,"active"),ie(c,i)),s.lastQuery=null}removeOption(e,t){const s=this
+e=N(e),s.uncacheValue(e),delete s.userOptions[e],delete s.options[e],s.lastQuery=null,s.trigger("option_remove",e),s.removeItem(e,t)}clearOptions(e){const t=(e||this.clearFilter).bind(this)
+this.loadedSearches={},this.userOptions={},this.clearCache()
+const s={}
+B(this.options,((e,i)=>{t(e,i)&&(s[i]=e)})),this.options=this.sifter.items=s,this.lastQuery=null,this.trigger("option_clear")}clearFilter(e,t){return this.items.indexOf(t)>=0}getOption(e,t=!1){const s=P(e)
+if(null===s)return null
+const i=this.options[s]
+if(null!=i){if(i.$div)return i.$div
+if(t)return this._render("option",i)}return null}getAdjacent(e,t,s="option"){var i
+if(!e)return null
+i="item"==s?this.controlChildren():this.dropdown_content.querySelectorAll("[data-selectable]")
+for(let s=0;s<i.length;s++)if(i[s]==e)return t>0?i[s+1]:i[s-1]
+return null}getItem(e){if("object"==typeof e)return e
+var t=P(e)
+return null!==t?this.control.querySelector(`[data-value="${M(t)}"]`):null}addItems(e,t){var s=this,i=Array.isArray(e)?e:[e]
+const n=(i=i.filter((e=>-1===s.items.indexOf(e))))[i.length-1]
+i.forEach((e=>{s.isPending=e!==n,s.addItem(e,t)}))}addItem(e,t){V(this,t?[]:["change","dropdown_close"],(()=>{var s,i
+const n=this,o=n.settings.mode,r=P(e)
+if((!r||-1===n.items.indexOf(r)||("single"===o&&n.close(),"single"!==o&&n.settings.duplicates))&&null!==r&&n.options.hasOwnProperty(r)&&("single"===o&&n.clear(t),"multi"!==o||!n.isFull())){if(s=n._render("item",n.options[r]),n.control.contains(s)&&(s=s.cloneNode(!0)),i=n.isFull(),n.items.splice(n.caretPos,0,r),n.insertAtCaret(s),n.isSetup){if(!n.isPending&&n.settings.hideSelected){let e=n.getOption(r),t=n.getAdjacent(e,1)
+t&&n.setActiveOption(t)}n.isPending||n.settings.closeAfterSelect||n.refreshOptions(n.isFocused&&"single"!==o),0!=n.settings.closeAfterSelect&&n.isFull()?n.close():n.isPending||n.positionDropdown(),n.trigger("item_add",r,s),n.isPending||n.updateOriginalInput({silent:t})}(!n.isPending||!i&&n.isFull())&&(n.inputState(),n.refreshState())}}))}removeItem(e=null,t){const s=this
+if(!(e=s.getItem(e)))return
+var i,n
+const o=e.dataset.value
+i=te(e),e.remove(),e.classList.contains("active")&&(n=s.activeItems.indexOf(e),s.activeItems.splice(n,1),W(e,"active")),s.items.splice(i,1),s.lastQuery=null,!s.settings.persist&&s.userOptions.hasOwnProperty(o)&&s.removeOption(o,t),i<s.caretPos&&s.setCaret(s.caretPos-1),s.updateOriginalInput({silent:t}),s.refreshState(),s.positionDropdown(),s.trigger("item_remove",o,e)}createItem(e=null,t=()=>{}){3===arguments.length&&(t=arguments[2]),"function"!=typeof t&&(t=()=>{})
+var s,i=this,n=i.caretPos
+if(e=e||i.inputValue(),!i.canCreate(e))return t(),!1
+i.lock()
+var o=!1,r=e=>{if(i.unlock(),!e||"object"!=typeof e)return t()
+var s=P(e[i.settings.valueField])
+if("string"!=typeof s)return t()
+i.setTextboxValue(),i.addOption(e,!0),i.setCaret(n),i.addItem(s),t(e),o=!0}
+return s="function"==typeof i.settings.create?i.settings.create.call(this,e,r):{[i.settings.labelField]:e,[i.settings.valueField]:e},o||r(s),!0}refreshItems(){var e=this
+e.lastQuery=null,e.isSetup&&e.addItems(e.items),e.updateOriginalInput(),e.refreshState()}refreshState(){const e=this
+e.refreshValidityState()
+const t=e.isFull(),s=e.isLocked
+e.wrapper.classList.toggle("rtl",e.rtl)
+const i=e.wrapper.classList
+var n
+i.toggle("focus",e.isFocused),i.toggle("disabled",e.isDisabled),i.toggle("readonly",e.isReadOnly),i.toggle("required",e.isRequired),i.toggle("invalid",!e.isValid),i.toggle("locked",s),i.toggle("full",t),i.toggle("input-active",e.isFocused&&!e.isInputHidden),i.toggle("dropdown-active",e.isOpen),i.toggle("has-options",(n=e.options,0===Object.keys(n).length)),i.toggle("has-items",e.items.length>0)}refreshValidityState(){var e=this
+e.input.validity&&(e.isValid=e.input.validity.valid,e.isInvalid=!e.isValid)}isFull(){return null!==this.settings.maxItems&&this.items.length>=this.settings.maxItems}updateOriginalInput(e={}){const t=this
+var s,i
+const n=t.input.querySelector('option[value=""]')
+if(t.is_select_tag){const o=[],r=t.input.querySelectorAll("option:checked").length
+function l(e,s,i){return e||(e=K('<option value="'+j(s)+'">'+j(i)+"</option>")),e!=n&&t.input.append(e),o.push(e),(e!=n||r>0)&&(e.selected=!0),e}t.input.querySelectorAll("option:checked").forEach((e=>{e.selected=!1})),0==t.items.length&&"single"==t.settings.mode?l(n,"",""):t.items.forEach((e=>{if(s=t.options[e],i=s[t.settings.labelField]||"",o.includes(s.$option)){l(t.input.querySelector(`option[value="${M(e)}"]:not(:checked)`),e,i)}else s.$option=l(s.$option,e,i)}))}else t.input.value=t.getValue()
+t.isSetup&&(e.silent||t.trigger("change",t.getValue()))}open(){var e=this
+e.isLocked||e.isOpen||"multi"===e.settings.mode&&e.isFull()||(e.isOpen=!0,se(e.focus_node,{"aria-expanded":"true"}),e.refreshState(),U(e.dropdown,{visibility:"hidden",display:"block"}),e.positionDropdown(),U(e.dropdown,{visibility:"visible",display:"block"}),e.focus(),e.trigger("dropdown_open",e.dropdown))}close(e=!0){var t=this,s=t.isOpen
+e&&(t.setTextboxValue(),"single"===t.settings.mode&&t.items.length&&t.inputState()),t.isOpen=!1,se(t.focus_node,{"aria-expanded":"false"}),U(t.dropdown,{display:"none"}),t.settings.hideSelected&&t.clearActiveOption(),t.refreshState(),s&&t.trigger("dropdown_close",t.dropdown)}positionDropdown(){if("body"===this.settings.dropdownParent){var e=this.control,t=e.getBoundingClientRect(),s=e.offsetHeight+t.top+window.scrollY,i=t.left+window.scrollX
+U(this.dropdown,{width:t.width+"px",top:s+"px",left:i+"px"})}}clear(e){var t=this
+if(t.items.length){var s=t.controlChildren()
+B(s,(e=>{t.removeItem(e,!0)})),t.inputState(),e||t.updateOriginalInput(),t.trigger("clear")}}insertAtCaret(e){const t=this,s=t.caretPos,i=t.control
+i.insertBefore(e,i.children[s]||null),t.setCaret(s+1)}deleteSelection(e){var t,s,i,n,o,r=this
+t=e&&8===e.keyCode?-1:1,s={start:(o=r.control_input).selectionStart||0,length:(o.selectionEnd||0)-(o.selectionStart||0)}
+const l=[]
+if(r.activeItems.length)n=ee(r.activeItems,t),i=te(n),t>0&&i++,B(r.activeItems,(e=>l.push(e)))
+else if((r.isFocused||"single"===r.settings.mode)&&r.items.length){const e=r.controlChildren()
+let i
+t<0&&0===s.start&&0===s.length?i=e[r.caretPos-1]:t>0&&s.start===r.inputValue().length&&(i=e[r.caretPos]),void 0!==i&&l.push(i)}if(!r.shouldDelete(l,e))return!1
+for(q(e,!0),void 0!==i&&r.setCaret(i);l.length;)r.removeItem(l.pop())
+return r.inputState(),r.positionDropdown(),r.refreshOptions(!1),!0}shouldDelete(e,t){const s=e.map((e=>e.dataset.value))
+return!(!s.length||"function"==typeof this.settings.onDelete&&!1===this.settings.onDelete(s,t))}advanceSelection(e,t){var s,i,n=this
+n.rtl&&(e*=-1),n.inputValue().length||(H(oe,t)||H("shiftKey",t)?(i=(s=n.getLastActive(e))?s.classList.contains("active")?n.getAdjacent(s,e,"item"):s:e>0?n.control_input.nextElementSibling:n.control_input.previousElementSibling)&&(i.classList.contains("active")&&n.removeActiveItem(s),n.setActiveItemClass(i)):n.moveCaret(e))}moveCaret(e){}getLastActive(e){let t=this.control.querySelector(".last-active")
+if(t)return t
+var s=this.control.querySelectorAll(".active")
+return s?ee(s,e):void 0}setCaret(e){this.caretPos=this.items.length}controlChildren(){return Array.from(this.control.querySelectorAll("[data-ts-item]"))}lock(){this.setLocked(!0)}unlock(){this.setLocked(!1)}setLocked(e=this.isReadOnly||this.isDisabled){this.isLocked=e,this.refreshState()}disable(){this.setDisabled(!0),this.close()}enable(){this.setDisabled(!1)}setDisabled(e){this.focus_node.tabIndex=e?-1:this.tabIndex,this.isDisabled=e,this.input.disabled=e,this.control_input.disabled=e,this.setLocked()}setReadOnly(e){this.isReadOnly=e,this.input.readOnly=e,this.control_input.readOnly=e,this.setLocked()}destroy(){var e=this,t=e.revertSettings
+e.trigger("destroy"),e.off(),e.wrapper.remove(),e.dropdown.remove(),e.input.innerHTML=t.innerHTML,e.input.tabIndex=t.tabIndex,W(e.input,"tomselected","ts-hidden-accessible"),e._destroy(),delete e.input.tomselect}render(e,t){var s,i
+const n=this
+if("function"!=typeof this.settings.render[e])return null
+if(!(i=n.settings.render[e].call(this,t,j)))return null
+if(i=K(i),"option"===e||"option_create"===e?t[n.settings.disabledField]?se(i,{"aria-disabled":"true"}):se(i,{"data-selectable":""}):"optgroup"===e&&(s=t.group[n.settings.optgroupValueField],se(i,{"data-group":s}),t.group[n.settings.disabledField]&&se(i,{"data-disabled":""})),"option"===e||"item"===e){const s=N(t[n.settings.valueField])
+se(i,{"data-value":s}),"item"===e?(J(i,n.settings.itemClass),se(i,{"data-ts-item":""})):(J(i,n.settings.optionClass),se(i,{role:"option",id:t.$id}),t.$div=i,n.options[s]=t)}return i}_render(e,t){const s=this.render(e,t)
+if(null==s)throw"HTMLElement expected"
+return s}clearCache(){B(this.options,(e=>{e.$div&&(e.$div.remove(),delete e.$div)}))}uncacheValue(e){const t=this.getOption(e)
+t&&t.remove()}canCreate(e){return this.settings.create&&e.length>0&&this.settings.createFilter.call(this,e)}hook(e,t,s){var i=this,n=i[t]
+i[t]=function(){var t,o
+return"after"===e&&(t=n.apply(i,arguments)),o=s.apply(i,arguments),"instead"===e?o:("before"===e&&(t=n.apply(i,arguments)),t)}}}return ce.define("change_listener",(function(){D(this.input,"change",(()=>{this.sync()}))})),ce.define("checkbox_options",(function(e){var t=this,s=t.onOptionSelect
+t.settings.hideSelected=!1
+const i=Object.assign({className:"tomselect-checkbox",checkedClassNames:void 0,uncheckedClassNames:void 0},e)
+var n=function(e,t){t?(e.checked=!0,i.uncheckedClassNames&&e.classList.remove(...i.uncheckedClassNames),i.checkedClassNames&&e.classList.add(...i.checkedClassNames)):(e.checked=!1,i.checkedClassNames&&e.classList.remove(...i.checkedClassNames),i.uncheckedClassNames&&e.classList.add(...i.uncheckedClassNames))},o=function(e){setTimeout((()=>{var t=e.querySelector("input."+i.className)
+t instanceof HTMLInputElement&&n(t,e.classList.contains("selected"))}),1)}
+t.hook("after","setupTemplates",(()=>{var e=t.settings.render.option
+t.settings.render.option=(s,o)=>{var r=K(e.call(t,s,o)),l=document.createElement("input")
+i.className&&l.classList.add(i.className),l.addEventListener("click",(function(e){q(e)})),l.type="checkbox"
+const a=P(s[t.settings.valueField])
+return n(l,!!(a&&t.items.indexOf(a)>-1)),r.prepend(l),r}})),t.on("item_remove",(e=>{var s=t.getOption(e)
+s&&(s.classList.remove("selected"),o(s))})),t.on("item_add",(e=>{var s=t.getOption(e)
+s&&o(s)})),t.hook("instead","onOptionSelect",((e,i)=>{if(i.classList.contains("selected"))return i.classList.remove("selected"),t.removeItem(i.dataset.value),t.refreshOptions(),void q(e,!0)
+s.call(t,e,i),o(i)}))})),ce.define("clear_button",(function(e){const t=this,s=Object.assign({className:"clear-button",title:"Clear All",html:e=>`<div class="${e.className}" title="${e.title}">&#10799;</div>`},e)
+t.on("initialize",(()=>{var e=K(s.html(s))
+e.addEventListener("click",(e=>{t.isLocked||(t.clear(),"single"===t.settings.mode&&t.settings.allowEmptyOption&&t.addItem(""),e.preventDefault(),e.stopPropagation())})),t.control.appendChild(e)}))})),ce.define("drag_drop",(function(){var e=this
+if("multi"!==e.settings.mode)return
+var t=e.lock,s=e.unlock
+let i,n=!0
+e.hook("after","setupTemplates",(()=>{var t=e.settings.render.item
+e.settings.render.item=(s,o)=>{const r=K(t.call(e,s,o))
+se(r,{draggable:"true"})
+const l=e=>{e.preventDefault(),r.classList.add("ts-drag-over"),a(r,i)},a=(e,t)=>{var s,i,n
+void 0!==t&&(((e,t)=>{do{var s
+if(e==(t=null==(s=t)?void 0:s.previousElementSibling))return!0}while(t&&t.previousElementSibling)
+return!1})(t,r)?(i=t,null==(n=(s=e).parentNode)||n.insertBefore(i,s.nextSibling)):((e,t)=>{var s
+null==(s=e.parentNode)||s.insertBefore(t,e)})(e,t))}
+return D(r,"mousedown",(e=>{n||q(e),e.stopPropagation()})),D(r,"dragstart",(e=>{i=r,setTimeout((()=>{r.classList.add("ts-dragging")}),0)})),D(r,"dragenter",l),D(r,"dragover",l),D(r,"dragleave",(()=>{r.classList.remove("ts-drag-over")})),D(r,"dragend",(()=>{var t
+document.querySelectorAll(".ts-drag-over").forEach((e=>e.classList.remove("ts-drag-over"))),null==(t=i)||t.classList.remove("ts-dragging"),i=void 0
+var s=[]
+e.control.querySelectorAll("[data-value]").forEach((e=>{if(e.dataset.value){let t=e.dataset.value
+t&&s.push(t)}})),e.setValue(s)})),r}})),e.hook("instead","lock",(()=>(n=!1,t.call(e)))),e.hook("instead","unlock",(()=>(n=!0,s.call(e))))})),ce.define("dropdown_header",(function(e){const t=this,s=Object.assign({title:"Untitled",headerClass:"dropdown-header",titleRowClass:"dropdown-header-title",labelClass:"dropdown-header-label",closeClass:"dropdown-header-close",html:e=>'<div class="'+e.headerClass+'"><div class="'+e.titleRowClass+'"><span class="'+e.labelClass+'">'+e.title+'</span><a class="'+e.closeClass+'">&times;</a></div></div>'},e)
+t.on("initialize",(()=>{var e=K(s.html(s)),i=e.querySelector("."+s.closeClass)
+i&&i.addEventListener("click",(e=>{q(e,!0),t.close()})),t.dropdown.insertBefore(e,t.dropdown.firstChild)}))})),ce.define("caret_position",(function(){var e=this
+e.hook("instead","setCaret",(t=>{"single"!==e.settings.mode&&e.control.contains(e.control_input)?(t=Math.max(0,Math.min(e.items.length,t)))==e.caretPos||e.isPending||e.controlChildren().forEach(((s,i)=>{i<t?e.control_input.insertAdjacentElement("beforebegin",s):e.control.appendChild(s)})):t=e.items.length,e.caretPos=t})),e.hook("instead","moveCaret",(t=>{if(!e.isFocused)return
+const s=e.getLastActive(t)
+if(s){const i=te(s)
+e.setCaret(t>0?i+1:i),e.setActiveItem(),W(s,"last-active")}else e.setCaret(e.caretPos+t)}))})),ce.define("dropdown_input",(function(){const e=this
+e.settings.shouldOpen=!0,e.hook("before","setup",(()=>{e.focus_node=e.control,J(e.control_input,"dropdown-input")
+const t=K('<div class="dropdown-input-wrap">')
+t.append(e.control_input),e.dropdown.insertBefore(t,e.dropdown.firstChild)
+const s=K('<input class="items-placeholder" tabindex="-1" />')
+s.placeholder=e.settings.placeholder||"",e.control.append(s)})),e.on("initialize",(()=>{e.control_input.addEventListener("keydown",(t=>{switch(t.keyCode){case 27:return e.isOpen&&(q(t,!0),e.close()),void e.clearActiveItems()
+case 9:e.focus_node.tabIndex=-1}return e.onKeyDown.call(e,t)})),e.on("blur",(()=>{e.focus_node.tabIndex=e.isDisabled?-1:e.tabIndex})),e.on("dropdown_open",(()=>{e.control_input.focus()}))
+const t=e.onBlur
+e.hook("instead","onBlur",(s=>{if(!s||s.relatedTarget!=e.control_input)return t.call(e)})),D(e.control_input,"blur",(()=>e.onBlur())),e.hook("before","close",(()=>{e.isOpen&&e.focus_node.focus({preventScroll:!0})}))}))})),ce.define("input_autogrow",(function(){var e=this
+e.on("initialize",(()=>{var t=document.createElement("span"),s=e.control_input
+t.style.cssText="position:absolute; top:-99999px; left:-99999px; width:auto; padding:0; white-space:pre; ",e.wrapper.appendChild(t)
+for(const e of["letterSpacing","fontSize","fontFamily","fontWeight","textTransform"])t.style[e]=s.style[e]
+var i=()=>{t.textContent=s.value,s.style.width=t.clientWidth+"px"}
+i(),e.on("update item_add item_remove",i),D(s,"input",i),D(s,"keyup",i),D(s,"blur",i),D(s,"update",i)}))})),ce.define("no_backspace_delete",(function(){var e=this,t=e.deleteSelection
+this.hook("instead","deleteSelection",(s=>!!e.activeItems.length&&t.call(e,s)))})),ce.define("no_active_items",(function(){this.hook("instead","setActiveItem",(()=>{})),this.hook("instead","selectAll",(()=>{}))})),ce.define("optgroup_columns",(function(){var e=this,t=e.onKeyDown
+e.hook("instead","onKeyDown",(s=>{var i,n,o,r
+if(!e.isOpen||37!==s.keyCode&&39!==s.keyCode)return t.call(e,s)
+e.ignoreHover=!0,r=Z(e.activeOption,"[data-group]"),i=te(e.activeOption,"[data-selectable]"),r&&(r=37===s.keyCode?r.previousSibling:r.nextSibling)&&(n=(o=r.querySelectorAll("[data-selectable]"))[Math.min(o.length-1,i)])&&e.setActiveOption(n)}))})),ce.define("remove_button",(function(e){const t=Object.assign({label:"&times;",title:"Remove",className:"remove",append:!0},e)
+var s=this
+if(t.append){var i='<a href="javascript:void(0)" class="'+t.className+'" tabindex="-1" title="'+j(t.title)+'">'+t.label+"</a>"
+s.hook("after","setupTemplates",(()=>{var e=s.settings.render.item
+s.settings.render.item=(t,n)=>{var o=K(e.call(s,t,n)),r=K(i)
+return o.appendChild(r),D(r,"mousedown",(e=>{q(e,!0)})),D(r,"click",(e=>{s.isLocked||(q(e,!0),s.isLocked||s.shouldDelete([o],e)&&(s.removeItem(o),s.refreshOptions(!1),s.inputState()))})),o}}))}})),ce.define("restore_on_backspace",(function(e){const t=this,s=Object.assign({text:e=>e[t.settings.labelField]},e)
+t.on("item_remove",(function(e){if(t.isFocused&&""===t.control_input.value.trim()){var i=t.options[e]
+i&&t.setTextboxValue(s.text.call(t,i))}}))})),ce.define("virtual_scroll",(function(){const e=this,t=e.canLoad,s=e.clearActiveOption,i=e.loadCallback
+var n,o,r={},l=!1,a=[]
+if(e.settings.shouldLoadMore||(e.settings.shouldLoadMore=()=>{if(n.clientHeight/(n.scrollHeight-n.scrollTop)>.9)return!0
+if(e.activeOption){var t=e.selectable()
+if(Array.from(t).indexOf(e.activeOption)>=t.length-2)return!0}return!1}),!e.settings.firstUrl)throw"virtual_scroll plugin requires a firstUrl() method"
+e.settings.sortField=[{field:"$order"},{field:"$score"}]
+const c=t=>!("number"==typeof e.settings.maxOptions&&n.children.length>=e.settings.maxOptions)&&!(!(t in r)||!r[t]),d=(t,s)=>e.items.indexOf(s)>=0||a.indexOf(s)>=0
+e.setNextUrl=(e,t)=>{r[e]=t},e.getUrl=t=>{if(t in r){const e=r[t]
+return r[t]=!1,e}return e.clearPagination(),e.settings.firstUrl.call(e,t)},e.clearPagination=()=>{r={}},e.hook("instead","clearActiveOption",(()=>{if(!l)return s.call(e)})),e.hook("instead","canLoad",(s=>s in r?c(s):t.call(e,s))),e.hook("instead","loadCallback",((t,s)=>{if(l){if(o){const s=t[0]
+void 0!==s&&(o.dataset.value=s[e.settings.valueField])}}else e.clearOptions(d)
+i.call(e,t,s),l=!1})),e.hook("after","refreshOptions",(()=>{const t=e.lastValue
+var s
+c(t)?(s=e.render("loading_more",{query:t}))&&(s.setAttribute("data-selectable",""),o=s):t in r&&!n.querySelector(".no-results")&&(s=e.render("no_more_results",{query:t})),s&&(J(s,e.settings.optionClass),n.append(s))})),e.on("initialize",(()=>{a=Object.keys(e.options),n=e.dropdown_content,e.settings.render=Object.assign({},{loading_more:()=>'<div class="loading-more-results">Loading more results ... </div>',no_more_results:()=>'<div class="no-more-results">No more results</div>'},e.settings.render),n.addEventListener("scroll",(()=>{e.settings.shouldLoadMore.call(e)&&c(e.lastValue)&&(l||(l=!0,e.load.call(e,e.lastValue)))}))}))})),ce}))
+var tomSelect=function(e,t){return new TomSelect(e,t)}
+//# sourceMappingURL=tom-select.complete.min.js.map
diff --git a/templates/admin/edit_list.html b/templates/admin/edit_list.html
index 5f78e19..56b8882 100644
--- a/templates/admin/edit_list.html
+++ b/templates/admin/edit_list.html
@@ -79,6 +79,16 @@
         </div>
       </div>
 
+      <div class="mb-4">
+        <label class="form-label">Kategorie</label>
+        <select id="categories" name="categories" multiple>
+          {% for cat in categories %}
+          <option value="{{ cat.id }}" {% if cat.id in selected_categories %}selected{% endif %}>
+            {{ cat.name }}
+          </option>
+          {% endfor %}
+        </select>
+      </div>
 
       <div class="mb-4">
         <label class="form-label">Link do udostępnienia</label>
@@ -267,4 +277,7 @@
 </div>
 
 
+{% endblock %}
+{% block scripts %}
+<script src="{{ url_for('static_bp.serve_js', filename='select.js') }}"></script>
 {% endblock %}
\ No newline at end of file
diff --git a/templates/base.html b/templates/base.html
index 34f77a0..fd89dbd 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -12,9 +12,13 @@
   <link href="{{ url_for('static_bp.serve_css_lib', filename='sort_table.min.css') }}" rel="stylesheet">
   {% endif %}
   <link href="{{ url_for('static_bp.serve_css_lib', filename='bootstrap.min.css') }}" rel="stylesheet">
-  {% if '/admin/' in request.path %}
+  {% if '/admin/receipts' in request.path or '/edit_my_list' in request.path %}
   <link href="{{ url_for('static_bp.serve_css_lib', filename='cropper.min.css') }}" rel="stylesheet">
   {% endif %}
+  {% if '/edit_my_list' or '/admin/edit_list' in request.path %}
+  <link href="{{ url_for('static_bp.serve_css_lib', filename='tom-select.bootstrap5.min.css') }}" rel="stylesheet">
+  {% endif %}
+
 </head>
 
 <body class="bg-dark text-white">
@@ -102,6 +106,9 @@
   {% if '/admin/receipts' in request.path or '/edit_my_list' in request.path %}
   <script src="{{ url_for('static_bp.serve_js_lib', filename='cropper.min.js') }}"></script>
   {% endif %}
+  {% if '/edit_my_list' or '/admin/edit_list' in request.path %}
+  <script src="{{ url_for('static_bp.serve_js_lib', filename='tom-select.complete.min.js') }}"></script>
+  {% endif %}
 
   {% endif %}
 
diff --git a/templates/edit_my_list.html b/templates/edit_my_list.html
index 8444f9f..b33ffae 100644
--- a/templates/edit_my_list.html
+++ b/templates/edit_my_list.html
@@ -58,6 +58,15 @@
         <label class="form-check-label" for="is_archived">Zarchiwizowana</label>
       </div>
 
+      <label for="title" class="form-label">Kategorie</label>
+      <select id="categories" name="categories[]" multiple>
+        {% for cat in categories %}
+        <option value="{{ cat.id }}" {% if cat.id in selected_categories %}selected{% endif %}>
+          {{ cat.name }}
+        </option>
+        {% endfor %}
+      </select>
+
       <div class="btn-group mt-4" role="group">
         <button type="submit" class="btn btn-outline-success">Zapisz</button>
         <a href="{{ url_for('main_page') }}" class="btn btn-outline-light">Anuluj</a>
@@ -167,4 +176,5 @@
 <script src="{{ url_for('static_bp.serve_js', filename='confirm_delete.js') }}"></script>
 <script src="{{ url_for('static_bp.serve_js', filename='user_receipt_crop.js') }}"></script>
 <script src="{{ url_for('static_bp.serve_js', filename='receipt_crop_logic.js') }}"></script>
+<script src="{{ url_for('static_bp.serve_js', filename='select.js') }}"></script>
 {% endblock %}
\ No newline at end of file
diff --git a/templates/user_expenses.html b/templates/user_expenses.html
index e693a96..6e1b640 100644
--- a/templates/user_expenses.html
+++ b/templates/user_expenses.html
@@ -11,6 +11,18 @@
   <label class="form-check-label ms-2 text-white" for="showAllLists">Pokaż wszystkie publiczne listy
     innych</label>
 </div>
+
+<div class="d-flex flex-wrap gap-2 mb-3">
+  <a href="{{ url_for('user_expenses', show_all='true') }}"
+    class="btn btn-sm {% if not selected_category %}btn-success{% else %}btn-outline-light{% endif %}">🌐 Wszystkie</a>
+  {% for cat in categories %}
+  <a href="{{ url_for('user_expenses', category_id=cat.id) }}"
+    class="btn btn-sm {% if selected_category == cat.id %}btn-success{% else %}btn-outline-light{% endif %}">
+    {{ cat.name }}
+  </a>
+  {% endfor %}
+</div>
+
 <div class="card bg-dark text-white mb-5">
   <div class="card-body">
     <ul class="nav nav-tabs mb-3" id="expenseTabs" role="tablist">
@@ -79,7 +91,10 @@
                   {% for list in lists_data %}
                   <tr data-date="{{ list.created_at.strftime('%Y-%m-%d') }}"
                     data-week="{{ list.created_at.isocalendar()[0] }}-{{ '%02d' % list.created_at.isocalendar()[1] }}"
-                    data-month="{{ list.created_at.strftime('%Y-%m') }}" data-year="{{ list.created_at.year }}">
+                    data-month="{{ list.created_at.strftime('%Y-%m') }}" data-year="{{ list.created_at.year }}"
+                    data-categories="{{ ','.join(list.categories | map('string')) }}">
+
+
                     <td>
                       <input type="checkbox" class="form-check-input list-checkbox"
                         data-amount="{{ '%.2f'|format(list.total_expense) }}">
@@ -142,4 +157,5 @@
 <script src="{{ url_for('static_bp.serve_js_lib', filename='chart.js') }}"></script>
 <script src="{{ url_for('static_bp.serve_js', filename='user_expenses.js') }}"></script>
 <script src="{{ url_for('static_bp.serve_js', filename='user_expense_lists.js') }}"></script>
+<script src="{{ url_for('static_bp.serve_js', filename='user_expense_category.js') }}"></script>
 {% endblock %}
\ No newline at end of file
-- 
2.43.0


From f4523d0c956c9f88e6ba70abeb5167c3d5d27573 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Wed, 30 Jul 2025 23:24:55 +0200
Subject: [PATCH 20/23] kategorie list i wykresy

---
 templates/edit_my_list.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/edit_my_list.html b/templates/edit_my_list.html
index b33ffae..99960f9 100644
--- a/templates/edit_my_list.html
+++ b/templates/edit_my_list.html
@@ -59,7 +59,7 @@
       </div>
 
       <label for="title" class="form-label">Kategorie</label>
-      <select id="categories" name="categories[]" multiple>
+      <select id="categories" name="categories" multiple>
         {% for cat in categories %}
         <option value="{{ cat.id }}" {% if cat.id in selected_categories %}selected{% endif %}>
           {{ cat.name }}
-- 
2.43.0


From 50de359838b8060e9a6c251c3d00b6260523ebf4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Wed, 30 Jul 2025 23:57:22 +0200
Subject: [PATCH 21/23] masowa edycja kategorii, crop dla usera i poprawki w
 zapytaniach

---
 app.py                                    | 31 +++++++++--
 static/js/admin_mass_categories.js        | 11 ++++
 templates/admin/admin_panel.html          | 12 ++--
 templates/admin/mass_edit_categories.html | 67 +++++++++++++++++++++++
 templates/base.html                       |  4 +-
 templates/edit_my_list.html               |  2 +-
 6 files changed, 116 insertions(+), 11 deletions(-)
 create mode 100644 static/js/admin_mass_categories.js
 create mode 100644 templates/admin/mass_edit_categories.html

diff --git a/app.py b/app.py
index cae6097..f419a96 100644
--- a/app.py
+++ b/app.py
@@ -1143,7 +1143,8 @@ def main_page():
         # ostatnia kwota (w tym przypadku max = suma z ostatniego zapisu)
         latest_expenses_map = dict(
             db.session.query(
-                Expense.list_id, func.coalesce(func.max(Expense.amount), 0)
+                Expense.list_id,
+                func.coalesce(func.sum(Expense.amount), 0)
             )
             .filter(Expense.list_id.in_(all_ids))
             .group_by(Expense.list_id)
@@ -1907,21 +1908,21 @@ def admin_panel():
             .group_by(Item.list_id)
             .all()
         )
-
         stats_map = {
             s.list_id: (s.total_count or 0, s.purchased_count or 0) for s in stats
         }
 
-        # Pobranie ostatnich kwot dla wszystkich list w jednym zapytaniu
         latest_expenses_map = dict(
             db.session.query(
-                Expense.list_id, func.coalesce(func.max(Expense.amount), 0)
+                Expense.list_id,
+                func.coalesce(func.sum(Expense.amount), 0)
             )
             .filter(Expense.list_id.in_(all_ids))
             .group_by(Expense.list_id)
             .all()
         )
 
+
     enriched_lists = []
     for l in all_lists:
         total_count, purchased_count = stats_map.get(l.id, (0, 0))
@@ -2024,6 +2025,7 @@ def admin_panel():
     )
 
 
+
 @app.route("/admin/delete_list/<int:list_id>")
 @login_required
 @admin_required
@@ -2634,6 +2636,27 @@ def recalculate_filesizes_all():
     return redirect(url_for("admin_receipts", id="all"))
 
 
+@app.route("/admin/mass_edit_categories", methods=["GET", "POST"])
+@login_required
+@admin_required
+def admin_mass_edit_categories():
+    lists = ShoppingList.query.options(joinedload(ShoppingList.categories)).order_by(ShoppingList.created_at.desc()).all()
+    categories = Category.query.order_by(Category.name.asc()).all()
+
+    if request.method == "POST":
+        for lst in lists:
+            selected_ids = request.form.getlist(f"categories_{lst.id}")
+            lst.categories.clear()
+            if selected_ids:
+                cats = Category.query.filter(Category.id.in_(selected_ids)).all()
+                lst.categories.extend(cats)
+        db.session.commit()
+        flash("Zaktualizowano kategorie dla wybranych list", "success")
+        return redirect(url_for("admin_mass_edit_categories"))
+
+    return render_template("admin/mass_edit_categories.html", lists=lists, categories=categories)
+
+
 @app.route("/healthcheck")
 def healthcheck():
     header_token = request.headers.get("X-Internal-Check")
diff --git a/static/js/admin_mass_categories.js b/static/js/admin_mass_categories.js
new file mode 100644
index 0000000..7e1f2fd
--- /dev/null
+++ b/static/js/admin_mass_categories.js
@@ -0,0 +1,11 @@
+document.addEventListener("DOMContentLoaded", function () {
+    document.querySelectorAll('select[multiple]').forEach(function (el) {
+        new TomSelect(el, {
+            plugins: ['remove_button'],
+            placeholder: 'Wybierz kategorie...',
+            create: false,
+            sortField: { field: "text", direction: "asc" },
+            dropdownParent: 'body'
+        });
+    });
+});
\ No newline at end of file
diff --git a/templates/admin/admin_panel.html b/templates/admin/admin_panel.html
index c8fdce5..0d777be 100644
--- a/templates/admin/admin_panel.html
+++ b/templates/admin/admin_panel.html
@@ -18,14 +18,18 @@
     <div class="collapse navbar-collapse" id="adminNavbar">
       <ul class="navbar-nav me-auto mb-2 mb-lg-0">
         <li class="nav-item">
-          <a class="nav-link" href="/admin/users">👥 Zarządzanie użytkownikami</a>
+          <a class="nav-link" href="{{ url_for('list_users') }}">👥 Zarządzanie użytkownikami</a>
         </li>
         <li class="nav-item">
-          <a class="nav-link" href="/admin/receipts/all">📸 Wszystkie paragony</a>
+          <a class="nav-link" href="{{ url_for('admin_receipts', id='all') }}">📸 Wszystkie paragony</a>
         </li>
         <li class="nav-item">
-          <a class="nav-link" href="/admin/products">🛍️ Produkty i sugestie</a>
+          <a class="nav-link" href="{{ url_for('list_products') }}">🛍️ Produkty i sugestie</a>
         </li>
+        <li class="nav-item">
+          <a class="nav-link" href="{{ url_for('admin_mass_edit_categories') }}">🗂 Masowa edycja kategorii</a>
+        </li>
+
       </ul>
     </div>
   </div>
@@ -195,7 +199,7 @@
     });
   </script>
   <script src="{{ url_for('static_bp.serve_js', filename='expenses.js') }}"></script>
-  
+
   {% endblock %}
 
   <div class="info-bar-fixed">
diff --git a/templates/admin/mass_edit_categories.html b/templates/admin/mass_edit_categories.html
new file mode 100644
index 0000000..ffbca7f
--- /dev/null
+++ b/templates/admin/mass_edit_categories.html
@@ -0,0 +1,67 @@
+{% extends 'base.html' %}
+{% block title %}Masowa edycja kategorii{% endblock %}
+{% block content %}
+
+<div class="d-flex justify-content-between align-items-center flex-wrap mb-4">
+    <h2 class="mb-2">🗂 Masowa edycja kategorii list</h2>
+    <div>
+        <a href="{{ url_for('admin_panel') }}" class="btn btn-outline-secondary">← Powrót do panelu</a>
+    </div>
+</div>
+
+<form method="post">
+    <div class="card bg-dark text-white mb-5">
+        <div class="card-body p-0">
+            <div class="table-responsive">
+                <table class="table table-dark table-striped table-hover align-middle mb-0">
+                    <thead>
+                        <tr>
+                            <th scope="col">ID</th>
+                            <th scope="col">Nazwa listy</th>
+                            <th scope="col">Właściciel</th>
+                            <th scope="col">Data utworzenia</th>
+                            <th scope="col">Kategorie</th>
+                        </tr>
+                    </thead>
+                    <tbody>
+                        {% for lst in lists %}
+                        <tr>
+                            <td>{{ lst.id }}</td>
+                            <td>{{ lst.title }}</td>
+                            <td>{{ lst.owner.username if lst.owner else "?" }}</td>
+                            <td>{{ lst.created_at.strftime('%Y-%m-%d') }}</td>
+                            <td style="min-width: 220px;">
+                                <select name="categories_{{ lst.id }}" multiple
+                                    class="form-select bg-dark text-white border-secondary">
+                                    {% for cat in categories %}
+                                    <option value="{{ cat.id }}" {% if cat in lst.categories %}selected{% endif %}>
+                                        {{ cat.name }}
+                                    </option>
+                                    {% endfor %}
+                                </select>
+                            </td>
+                        </tr>
+                        {% endfor %}
+                    </tbody>
+                </table>
+            </div>
+        </div>
+    </div>
+
+    <div class="mt-3">
+        <button type="submit" class="btn btn-success">💾 Zapisz zmiany</button>
+    </div>
+</form>
+
+{% endblock %}
+{% block scripts %}
+<script src="https://cdn.jsdelivr.net/npm/tom-select/dist/js/tom-select.complete.min.js"></script>
+<script src="{{ url_for('static_bp.serve_js', filename='admin_mass_categories.js') }}"></script>
+
+<style>
+    .ts-dropdown {
+        z-index: 9999 !important;
+        /* 🔹 dropdown zawsze na wierzchu */
+    }
+</style>
+{% endblock %}
\ No newline at end of file
diff --git a/templates/base.html b/templates/base.html
index fd89dbd..51f1c50 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -15,7 +15,7 @@
   {% if '/admin/receipts' in request.path or '/edit_my_list' in request.path %}
   <link href="{{ url_for('static_bp.serve_css_lib', filename='cropper.min.css') }}" rel="stylesheet">
   {% endif %}
-  {% if '/edit_my_list' or '/admin/edit_list' in request.path %}
+  {% if '/edit_my_list' or '/admin/edit_list' in request.path or '/admin/mass_edit_categories' %}
   <link href="{{ url_for('static_bp.serve_css_lib', filename='tom-select.bootstrap5.min.css') }}" rel="stylesheet">
   {% endif %}
 
@@ -106,7 +106,7 @@
   {% if '/admin/receipts' in request.path or '/edit_my_list' in request.path %}
   <script src="{{ url_for('static_bp.serve_js_lib', filename='cropper.min.js') }}"></script>
   {% endif %}
-  {% if '/edit_my_list' or '/admin/edit_list' in request.path %}
+  {% if '/edit_my_list' or '/admin/edit_list' or '/admin/mass_edit_categories' in request.path %}
   <script src="{{ url_for('static_bp.serve_js_lib', filename='tom-select.complete.min.js') }}"></script>
   {% endif %}
 
diff --git a/templates/edit_my_list.html b/templates/edit_my_list.html
index 99960f9..55c3471 100644
--- a/templates/edit_my_list.html
+++ b/templates/edit_my_list.html
@@ -100,7 +100,7 @@
             <a href="{{ url_for('rotate_receipt_user', receipt_id=r.id) }}"
               class="btn btn-sm btn-outline-warning w-100 mb-2">🔄 Obróć o 90°</a>
 
-            <a href="#" class="btn btn-sm btn-outline-secondary w-100 mb-2 disabled" data-bs-toggle="modal"
+            <a href="#" class="btn btn-sm btn-outline-secondary w-100 mb-2" data-bs-toggle="modal"
               data-bs-target="#userCropModal" data-img-src="{{ url_for('uploaded_file', filename=r.filename) }}"
               data-receipt-id="{{ r.id }}" data-crop-endpoint="{{ url_for('crop_receipt_user') }}">
               ✂️ Przytnij
-- 
2.43.0


From 29ccd252b85eb71000babfdfbee7e3fb8b65d7a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Wed, 30 Jul 2025 23:58:33 +0200
Subject: [PATCH 22/23] kategoria pieczywo

---
 app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app.py b/app.py
index f419a96..f5c616f 100644
--- a/app.py
+++ b/app.py
@@ -345,7 +345,7 @@ with app.app_context():
         "Kosmetyki i higiena", "Motoryzacja", "Ogród i rośliny",
         "Zwierzęta", "Sprzęt sportowy", "Książki i prasa",
         "Narzędzia i majsterkowanie", "RTV / AGD", "Apteka i suplementy",
-        "Artykuły dekoracyjne", "Gry i hobby", "Usługi"
+        "Artykuły dekoracyjne", "Gry i hobby", "Usługi", "Pieczywo"
     ]
 
     # Pobierz istniejące nazwy z bazy, ignorując puste/niewłaściwe rekordy
-- 
2.43.0


From 0a44753eb2b7b2a5f37449344742bceee4484ed0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Thu, 31 Jul 2025 10:37:44 +0200
Subject: [PATCH 23/23] poprawki w panelu, kategorie na wykresach i inne

---
 .env.example                     |  12 +-
 app.py                           | 356 +++++++++++++++++++++-------
 config.py                        |  10 +
 static/js/user_expenses.js       |  75 ++++--
 templates/admin/admin_panel.html | 383 ++++++++++++++++++-------------
 templates/user_expenses.html     |  77 ++++---
 6 files changed, 621 insertions(+), 292 deletions(-)

diff --git a/.env.example b/.env.example
index 6f2192c..fe92534 100644
--- a/.env.example
+++ b/.env.example
@@ -158,4 +158,14 @@ LIB_CSS_CACHE_CONTROL="public, max-age=604800"
 # UPLOADS_CACHE_CONTROL:
 # Nagłówki Cache-Control dla wgrywanych plików (/uploads/)
 # Domyślnie: "public, max-age=2592000, immutable"
-UPLOADS_CACHE_CONTROL="public, max-age=2592000, immutable"
\ No newline at end of file
+UPLOADS_CACHE_CONTROL="public, max-age=2592000, immutable"
+
+# DEFAULT_CATEGORIES:
+# Lista domyślnych kategorii tworzonych automatycznie przy starcie aplikacji,
+# jeśli nie istnieją w bazie danych.
+# Podaj w formacie CSV (oddzielone przecinkami) – kolejność zostanie zachowana.
+# Możesz dodać własne kategorie
+# UWAGA: Wielkość liter w nazwach jest zachowywana, ale porównywanie odbywa się
+# bez rozróżniania wielkości liter (case-insensitive).
+# Domyślnie: poniższa lista
+DEFAULT_CATEGORIES="Spożywcze,Budowlane,Zabawki,Chemia,Inne,Elektronika,Odzież i obuwie,Artykuły biurowe,Kosmetyki i higiena,Motoryzacja,Ogród i rośliny,Zwierzęta,Sprzęt sportowy,Książki i prasa,Narzędzia i majsterkowanie,RTV / AGD,Apteka i suplementy,Artykuły dekoracyjne,Gry i hobby,Usługi,Pieczywo"
diff --git a/app.py b/app.py
index f5c616f..21bb029 100644
--- a/app.py
+++ b/app.py
@@ -89,9 +89,9 @@ referrer_policy = app.config.get("REFERRER_POLICY")
 if referrer_policy:
     talisman_kwargs["referrer_policy"] = referrer_policy
 
-talisman = Talisman(app, 
-                    session_cookie_secure=app.config["SESSION_COOKIE_SECURE"],
-                    **talisman_kwargs)
+talisman = Talisman(
+    app, session_cookie_secure=app.config["SESSION_COOKIE_SECURE"], **talisman_kwargs
+)
 
 register_heif_opener()  # pillow_heif dla HEIC
 SQLALCHEMY_ECHO = True
@@ -109,7 +109,7 @@ SESSION_COOKIE_SECURE = app.config.get("SESSION_COOKIE_SECURE")
 
 app.config["COMPRESS_ALGORITHM"] = ["zstd", "br", "gzip", "deflate"]
 app.config["PERMANENT_SESSION_LIFETIME"] = timedelta(minutes=SESSION_TIMEOUT_MINUTES)
-#app.config["SESSION_COOKIE_SECURE"] = True if app.config.get("SESSION_COOKIE_SECURE") is True else False
+# app.config["SESSION_COOKIE_SECURE"] = True if app.config.get("SESSION_COOKIE_SECURE") is True else False
 
 app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1)
 DEBUG_MODE = app.config.get("DEBUG_MODE", False)
@@ -166,14 +166,23 @@ class User(UserMixin, db.Model):
 # Tabela pośrednia
 shopping_list_category = db.Table(
     "shopping_list_category",
-    db.Column("shopping_list_id", db.Integer, db.ForeignKey("shopping_list.id"), primary_key=True),
-    db.Column("category_id", db.Integer, db.ForeignKey("category.id"), primary_key=True)
+    db.Column(
+        "shopping_list_id",
+        db.Integer,
+        db.ForeignKey("shopping_list.id"),
+        primary_key=True,
+    ),
+    db.Column(
+        "category_id", db.Integer, db.ForeignKey("category.id"), primary_key=True
+    ),
 )
 
+
 class Category(db.Model):
     id = db.Column(db.Integer, primary_key=True)
     name = db.Column(db.String(100), unique=True, nullable=False)
 
+
 class ShoppingList(db.Model):
     id = db.Column(db.Integer, primary_key=True)
     title = db.Column(db.String(150), nullable=False)
@@ -198,9 +207,10 @@ class ShoppingList(db.Model):
     categories = db.relationship(
         "Category",
         secondary=shopping_list_category,
-        backref=db.backref("shopping_lists", lazy="dynamic")
+        backref=db.backref("shopping_lists", lazy="dynamic"),
     )
 
+
 class Item(db.Model):
     id = db.Column(db.Integer, primary_key=True)
     list_id = db.Column(db.Integer, db.ForeignKey("shopping_list.id"))
@@ -255,9 +265,14 @@ def handle_db_error(e):
     app.logger.error(f"[Błąd DB] {e}")
 
     if request.accept_mimetypes.best == "application/json":
-        return jsonify({
-            "error": "Baza danych jest obecnie niedostępna. Spróbuj ponownie później."
-        }), 503
+        return (
+            jsonify(
+                {
+                    "error": "Baza danych jest obecnie niedostępna. Spróbuj ponownie później."
+                }
+            ),
+            503,
+        )
 
     return (
         render_template(
@@ -288,6 +303,7 @@ def check_password(stored_hash, password_input):
             return False
     return False
 
+
 def set_authorized_cookie(response):
 
     secure_flag = app.config["SESSION_COOKIE_SECURE"]  # wartość z config.py
@@ -301,7 +317,7 @@ def set_authorized_cookie(response):
         secure=secure_flag,
         httponly=True,
         samesite="Lax",
-        path="/"
+        path="/",
     )
     return response
 
@@ -331,32 +347,25 @@ with app.app_context():
             print(f"[INFO] Zmieniono hasło admina '{admin_username}' z konfiguracji.")
         db.session.commit()
     else:
-        db.session.add(User(
-            username=admin_username,
-            password_hash=password_hash,
-            is_admin=True
-        ))
+        db.session.add(
+            User(username=admin_username, password_hash=password_hash, is_admin=True)
+        )
         db.session.commit()
 
     # --- Predefiniowane kategorie ---
-    default_categories = [
-        "Spożywcze", "Budowlane", "Zabawki", "Chemia", "Inne",
-        "Elektronika", "Odzież i obuwie", "Artykuły biurowe",
-        "Kosmetyki i higiena", "Motoryzacja", "Ogród i rośliny",
-        "Zwierzęta", "Sprzęt sportowy", "Książki i prasa",
-        "Narzędzia i majsterkowanie", "RTV / AGD", "Apteka i suplementy",
-        "Artykuły dekoracyjne", "Gry i hobby", "Usługi", "Pieczywo"
-    ]
+    default_categories = app.config["DEFAULT_CATEGORIES"]
 
-    # Pobierz istniejące nazwy z bazy, ignorując puste/niewłaściwe rekordy
     existing_names = {
         c.name for c in Category.query.filter(Category.name.isnot(None)).all()
     }
 
-    # Znajdź brakujące
-    missing = [cat for cat in default_categories if cat not in existing_names]
+    # ignorujemy wielkość liter przy porównaniu
+    existing_names_lower = {name.lower() for name in existing_names}
+
+    missing = [
+        cat for cat in default_categories if cat.lower() not in existing_names_lower
+    ]
 
-    # Dodaj tylko brakujące
     if missing:
         db.session.add_all(Category(name=cat) for cat in missing)
         db.session.commit()
@@ -656,7 +665,7 @@ def get_total_expenses_grouped_by_list_created_at(
     if category_id:
         lists_query = lists_query.join(
             shopping_list_category,
-            shopping_list_category.c.shopping_list_id == ShoppingList.id
+            shopping_list_category.c.shopping_list_id == ShoppingList.id,
         ).filter(shopping_list_category.c.category_id == category_id)
 
     if start_date and end_date:
@@ -737,6 +746,158 @@ def recalculate_filesizes(receipt_id: int = None):
     return updated, unchanged, not_found
 
 
+def get_admin_expense_summary():
+    now = datetime.now(timezone.utc)
+    current_year = now.year
+    current_month = now.month
+
+    def calc_sum(base_query):
+        total = base_query.scalar() or 0
+        year_total = (
+            base_query.filter(
+                extract("year", Expense.added_at) == current_year
+            ).scalar()
+            or 0
+        )
+        month_total = (
+            base_query.filter(extract("year", Expense.added_at) == current_year)
+            .filter(extract("month", Expense.added_at) == current_month)
+            .scalar()
+            or 0
+        )
+        return {"total": total, "year": year_total, "month": month_total}
+
+    # baza wspólna
+    base = db.session.query(func.sum(Expense.amount)).join(
+        ShoppingList, ShoppingList.id == Expense.list_id
+    )
+
+    # wszystkie listy
+    all_lists = calc_sum(base)
+
+    # aktywne listy
+    active_lists = calc_sum(
+        base.filter(
+            ShoppingList.is_archived == False,
+            or_(ShoppingList.expires_at == None, ShoppingList.expires_at > now),
+        )
+    )
+
+    # archiwalne
+    archived_lists = calc_sum(base.filter(ShoppingList.is_archived == True))
+
+    # wygasłe
+    expired_lists = calc_sum(
+        base.filter(
+            ShoppingList.is_archived == False,
+            ShoppingList.expires_at != None,
+            ShoppingList.expires_at <= now,
+        )
+    )
+
+    return {
+        "all": all_lists,
+        "active": active_lists,
+        "archived": archived_lists,
+        "expired": expired_lists,
+    }
+
+
+def category_to_color(name):
+    """Generuje powtarzalny pastelowy kolor HEX na podstawie nazwy kategorii."""
+    hash_val = int(hashlib.md5(name.encode("utf-8")).hexdigest(), 16)
+    r = (hash_val & 0xFF0000) >> 16
+    g = (hash_val & 0x00FF00) >> 8
+    b = hash_val & 0x0000FF
+    # Rozjaśnienie (pastel)
+    r = (r + 255) // 2
+    g = (g + 255) // 2
+    b = (b + 255) // 2
+    return f"#{r:02x}{g:02x}{b:02x}"
+
+
+def get_total_expenses_grouped_by_category(
+    show_all, range_type, start_date, end_date, user_id
+):
+    lists_query = ShoppingList.query
+
+    if show_all:
+        lists_query = lists_query.filter(
+            or_(ShoppingList.owner_id == user_id, ShoppingList.is_public == True)
+        )
+    else:
+        lists_query = lists_query.filter(ShoppingList.owner_id == user_id)
+
+    if start_date and end_date:
+        try:
+            dt_start = datetime.strptime(start_date, "%Y-%m-%d")
+            dt_end = datetime.strptime(end_date, "%Y-%m-%d") + timedelta(days=1)
+        except Exception:
+            return {"error": "Błędne daty"}
+        lists_query = lists_query.filter(
+            ShoppingList.created_at >= dt_start, ShoppingList.created_at < dt_end
+        )
+
+    lists = lists_query.options(joinedload(ShoppingList.categories)).all()
+    if not lists:
+        return {"labels": [], "datasets": []}
+
+    data_map = defaultdict(lambda: defaultdict(float))
+    all_labels = set()
+
+    for l in lists:
+        total_expense = (
+            db.session.query(func.sum(Expense.amount))
+            .filter(Expense.list_id == l.id)
+            .scalar()
+        ) or 0
+
+        if total_expense <= 0:
+            continue
+
+        if range_type == "monthly":
+            key = l.created_at.strftime("%Y-%m")
+        elif range_type == "quarterly":
+            key = f"{l.created_at.year}-Q{((l.created_at.month - 1) // 3 + 1)}"
+        elif range_type == "halfyearly":
+            key = f"{l.created_at.year}-H{1 if l.created_at.month <= 6 else 2}"
+        elif range_type == "yearly":
+            key = str(l.created_at.year)
+        else:
+            key = l.created_at.strftime("%Y-%m-%d")
+
+        all_labels.add(key)
+
+        if not l.categories:
+            data_map[key]["Inne"] += total_expense
+        else:
+            for c in l.categories:
+                data_map[key][c.name] += total_expense
+
+    labels = sorted(all_labels)
+
+    categories_with_expenses = sorted(
+        {
+            cat
+            for cat_data in data_map.values()
+            for cat, value in cat_data.items()
+            if value > 0
+        }
+    )
+
+    datasets = []
+    for cat in categories_with_expenses:
+        datasets.append(
+            {
+                "label": cat,
+                "data": [round(data_map[label].get(cat, 0), 2) for label in labels],
+                "backgroundColor": category_to_color(cat),
+            }
+        )
+
+    return {"labels": labels, "datasets": datasets}
+
+
 ############# OCR ###########################
 
 
@@ -1143,8 +1304,7 @@ def main_page():
         # ostatnia kwota (w tym przypadku max = suma z ostatniego zapisu)
         latest_expenses_map = dict(
             db.session.query(
-                Expense.list_id,
-                func.coalesce(func.sum(Expense.amount), 0)
+                Expense.list_id, func.coalesce(func.sum(Expense.amount), 0)
             )
             .filter(Expense.list_id.in_(all_ids))
             .group_by(Expense.list_id)
@@ -1185,7 +1345,10 @@ def system_auth():
     next_page = request.args.get("next") or url_for("main_page")
 
     if is_ip_blocked(ip):
-        flash("Przekroczono limit prób logowania. Dostęp zablokowany na 1 godzinę.", "danger")
+        flash(
+            "Przekroczono limit prób logowania. Dostęp zablokowany na 1 godzinę.",
+            "danger",
+        )
         return render_template("system_auth.html"), 403
 
     if request.method == "POST":
@@ -1196,7 +1359,10 @@ def system_auth():
         else:
             register_failed_attempt(ip)
             if is_ip_blocked(ip):
-                flash("Przekroczono limit prób logowania. Dostęp zablokowany na 1 godzinę.", "danger")
+                flash(
+                    "Przekroczono limit prób logowania. Dostęp zablokowany na 1 godzinę.",
+                    "danger",
+                )
                 return render_template("system_auth.html"), 403
             remaining = attempts_remaining(ip)
             flash(f"Nieprawidłowe hasło. Pozostało {remaining} prób.", "warning")
@@ -1306,11 +1472,10 @@ def edit_my_list(list_id):
         list=l,
         receipts=receipts,
         categories=categories,
-        selected_categories=selected_categories_ids
+        selected_categories=selected_categories_ids,
     )
 
 
-
 @app.route("/delete_user_list/<int:list_id>", methods=["POST"])
 @login_required
 def delete_user_list(list_id):
@@ -1452,7 +1617,28 @@ def user_expenses():
     category_id = request.args.get("category_id", type=int)
     show_all = request.args.get("show_all", "true").lower() == "true"
 
-    categories = Category.query.order_by(Category.name.asc()).all()
+    categories = (
+        Category.query.join(
+            shopping_list_category, shopping_list_category.c.category_id == Category.id
+        )
+        .join(
+            ShoppingList, ShoppingList.id == shopping_list_category.c.shopping_list_id
+        )
+        .join(Expense, Expense.list_id == ShoppingList.id)
+        .filter(
+            or_(
+                ShoppingList.owner_id == current_user.id,
+                (
+                    ShoppingList.is_public == True
+                    if show_all
+                    else ShoppingList.owner_id == current_user.id
+                ),
+            )
+        )
+        .distinct()
+        .order_by(Category.name.asc())
+        .all()
+    )
 
     start = None
     end = None
@@ -1468,15 +1654,14 @@ def user_expenses():
     else:
         expenses_query = expenses_query.filter(
             or_(
-                ShoppingList.owner_id == current_user.id,
-                ShoppingList.is_public == True
+                ShoppingList.owner_id == current_user.id, ShoppingList.is_public == True
             )
         )
 
     if category_id:
         expenses_query = expenses_query.join(
             shopping_list_category,
-            shopping_list_category.c.shopping_list_id == ShoppingList.id
+            shopping_list_category.c.shopping_list_id == ShoppingList.id,
         ).filter(shopping_list_category.c.category_id == category_id)
 
     if start_date_str and end_date_str:
@@ -1522,7 +1707,7 @@ def user_expenses():
             "created_at": l.created_at,
             "total_expense": totals_map.get(l.id, 0),
             "owner_username": l.owner.username if l.owner else "?",
-            "categories": [c.id for c in l.categories]
+            "categories": [c.id for c in l.categories],
         }
         for l in {e.shopping_list for e in expenses if e.shopping_list}
     ]
@@ -1545,17 +1730,27 @@ def user_expenses_data():
     end_date = request.args.get("end_date")
     show_all = request.args.get("show_all", "true").lower() == "true"
     category_id = request.args.get("category_id", type=int)
+    by_category = request.args.get("by_category", "false").lower() == "true"
 
-    result = get_total_expenses_grouped_by_list_created_at(
-        user_only=True,
-        admin=False,
-        show_all=show_all,
-        range_type=range_type,
-        start_date=start_date,
-        end_date=end_date,
-        user_id=current_user.id,
-        category_id=category_id 
-    )
+    if by_category:
+        result = get_total_expenses_grouped_by_category(
+            show_all=show_all,
+            range_type=range_type,
+            start_date=start_date,
+            end_date=end_date,
+            user_id=current_user.id,
+        )
+    else:
+        result = get_total_expenses_grouped_by_list_created_at(
+            user_only=True,
+            admin=False,
+            show_all=show_all,
+            range_type=range_type,
+            start_date=start_date,
+            end_date=end_date,
+            user_id=current_user.id,
+            category_id=category_id,
+        )
 
     if "error" in result:
         return jsonify({"error": result["error"]}), 400
@@ -1640,12 +1835,14 @@ def all_products():
         )
 
     top_products = (
-        top_products_query.order_by(
-            SuggestedProduct.name.asc(),  # musi być pierwsze
-            SuggestedProduct.usage_count.desc(),
+        db.session.query(
+            func.lower(Item.name).label("name"), func.sum(Item.quantity).label("count")
         )
-        .distinct(SuggestedProduct.name)
-        .limit(20)
+        .join(ShoppingList, ShoppingList.id == Item.list_id)
+        .filter(Item.purchased.is_(True))
+        .group_by(func.lower(Item.name))
+        .order_by(func.sum(Item.quantity).desc())
+        .limit(5)
         .all()
     )
 
@@ -1887,6 +2084,7 @@ def admin_panel():
         joinedload(ShoppingList.items),
         joinedload(ShoppingList.receipts),
         joinedload(ShoppingList.expenses),
+        joinedload(ShoppingList.categories),
     ).all()
 
     all_ids = [l.id for l in all_lists]
@@ -1914,15 +2112,13 @@ def admin_panel():
 
         latest_expenses_map = dict(
             db.session.query(
-                Expense.list_id,
-                func.coalesce(func.sum(Expense.amount), 0)
+                Expense.list_id, func.coalesce(func.sum(Expense.amount), 0)
             )
             .filter(Expense.list_id.in_(all_ids))
             .group_by(Expense.list_id)
             .all()
         )
 
-
     enriched_lists = []
     for l in all_lists:
         total_count, purchased_count = stats_map.get(l.id, (0, 0))
@@ -1949,6 +2145,7 @@ def admin_panel():
                 "receipts_count": receipts_count,
                 "total_expense": total_expense,
                 "expired": is_expired,
+                "categories": l.categories,
             }
         )
 
@@ -1964,24 +2161,8 @@ def admin_panel():
 
     purchased_items_count = Item.query.filter_by(purchased=True).count()
 
-    # Podsumowania wydatków globalnych
-    total_expense_sum = db.session.query(func.sum(Expense.amount)).scalar() or 0
-    current_time = datetime.now(timezone.utc)
-    current_year = current_time.year
-    current_month = current_time.month
-
-    year_expense_sum = (
-        db.session.query(func.sum(Expense.amount))
-        .filter(extract("year", Expense.added_at) == current_year)
-        .scalar()
-    ) or 0
-
-    month_expense_sum = (
-        db.session.query(func.sum(Expense.amount))
-        .filter(extract("year", Expense.added_at) == current_year)
-        .filter(extract("month", Expense.added_at) == current_month)
-        .scalar()
-    ) or 0
+    # Nowe podsumowanie wydatków
+    expense_summary = get_admin_expense_summary()
 
     # Statystyki systemowe
     process = psutil.Process(os.getpid())
@@ -1996,9 +2177,7 @@ def admin_panel():
 
     inspector = inspect(db_engine)
     table_count = len(inspector.get_table_names())
-
     record_total = get_total_records()
-
     uptime_minutes = int(
         (datetime.now(timezone.utc) - app_start_time).total_seconds() // 60
     )
@@ -2011,9 +2190,7 @@ def admin_panel():
         purchased_items_count=purchased_items_count,
         enriched_lists=enriched_lists,
         top_products=top_products,
-        total_expense_sum=total_expense_sum,
-        year_expense_sum=year_expense_sum,
-        month_expense_sum=month_expense_sum,
+        expense_summary=expense_summary,
         now=now,
         python_version=sys.version,
         system_info=platform.platform(),
@@ -2025,7 +2202,6 @@ def admin_panel():
     )
 
 
-
 @app.route("/admin/delete_list/<int:list_id>")
 @login_required
 @admin_required
@@ -2291,7 +2467,7 @@ def edit_list(list_id):
             joinedload(ShoppingList.owner),
             joinedload(ShoppingList.items),
             joinedload(ShoppingList.categories),
-        ]
+        ],
     )
 
     if l is None:
@@ -2378,7 +2554,7 @@ def edit_list(list_id):
             db.session.commit()
             flash("Zapisano zmiany listy", "success")
             return redirect(url_for("edit_list", list_id=list_id))
-        
+
         elif action == "add_item":
             item_name = request.form.get("item_name", "").strip()
             quantity_str = request.form.get("quantity", "1")
@@ -2487,7 +2663,7 @@ def edit_list(list_id):
         items=items,
         receipts=receipts,
         categories=categories,
-        selected_categories=selected_categories_ids
+        selected_categories=selected_categories_ids,
     )
 
 
@@ -2640,7 +2816,11 @@ def recalculate_filesizes_all():
 @login_required
 @admin_required
 def admin_mass_edit_categories():
-    lists = ShoppingList.query.options(joinedload(ShoppingList.categories)).order_by(ShoppingList.created_at.desc()).all()
+    lists = (
+        ShoppingList.query.options(joinedload(ShoppingList.categories))
+        .order_by(ShoppingList.created_at.desc())
+        .all()
+    )
     categories = Category.query.order_by(Category.name.asc()).all()
 
     if request.method == "POST":
@@ -2654,7 +2834,9 @@ def admin_mass_edit_categories():
         flash("Zaktualizowano kategorie dla wybranych list", "success")
         return redirect(url_for("admin_mass_edit_categories"))
 
-    return render_template("admin/mass_edit_categories.html", lists=lists, categories=categories)
+    return render_template(
+        "admin/mass_edit_categories.html", lists=lists, categories=categories
+    )
 
 
 @app.route("/healthcheck")
diff --git a/config.py b/config.py
index 0b3e32a..eaeafe7 100644
--- a/config.py
+++ b/config.py
@@ -71,3 +71,13 @@ class Config:
     UPLOADS_CACHE_CONTROL = os.environ.get(
         "UPLOADS_CACHE_CONTROL", "public, max-age=2592000, immutable"
     )
+
+    DEFAULT_CATEGORIES = [
+        c.strip() for c in os.environ.get(
+            "DEFAULT_CATEGORIES",
+            "Spożywcze,Budowlane,Zabawki,Chemia,Inne,Elektronika,Odzież i obuwie,"
+            "Artykuły biurowe,Kosmetyki i higiena,Motoryzacja,Ogród i rośliny,"
+            "Zwierzęta,Sprzęt sportowy,Książki i prasa,Narzędzia i majsterkowanie,"
+            "RTV / AGD,Apteka i suplementy,Artykuły dekoracyjne,Gry i hobby,Usługi,Pieczywo"
+        ).split(",") if c.strip()
+    ]
\ No newline at end of file
diff --git a/static/js/user_expenses.js b/static/js/user_expenses.js
index 769b432..9519554 100644
--- a/static/js/user_expenses.js
+++ b/static/js/user_expenses.js
@@ -1,6 +1,7 @@
 document.addEventListener("DOMContentLoaded", function () {
     let expensesChart = null;
     let selectedCategoryId = "";
+    let categorySplit = false; // <-- nowy tryb
     const rangeLabel = document.getElementById("chartRangeLabel");
 
     function loadExpenses(range = "monthly", startDate = null, endDate = null) {
@@ -15,6 +16,9 @@ document.addEventListener("DOMContentLoaded", function () {
         if (selectedCategoryId) {
             url += `&category_id=${selectedCategoryId}`;
         }
+        if (categorySplit) {
+            url += '&by_category=true';
+        }
 
         fetch(url, { cache: "no-store" })
             .then(response => response.json())
@@ -25,24 +29,44 @@ document.addEventListener("DOMContentLoaded", function () {
                     expensesChart.destroy();
                 }
 
-                expensesChart = new Chart(ctx, {
-                    type: 'bar',
-                    data: {
-                        labels: data.labels,
-                        datasets: [{
-                            label: 'Suma wydatków [PLN]',
-                            data: data.expenses,
-                            backgroundColor: '#0d6efd'
-                        }]
-                    },
-                    options: {
-                        scales: {
-                            y: {
-                                beginAtZero: true
+                if (categorySplit) {
+                    // Tryb z podziałem na kategorie
+                    expensesChart = new Chart(ctx, {
+                        type: 'bar',
+                        data: {
+                            labels: data.labels,
+                            datasets: data.datasets // <-- gotowe z backendu
+                        },
+                        options: {
+                            responsive: true,
+                            plugins: {
+                                tooltip: { mode: 'index', intersect: false },
+                                legend: { position: 'top' }
+                            },
+                            scales: {
+                                x: { stacked: true },
+                                y: { stacked: true, beginAtZero: true }
                             }
                         }
-                    }
-                });
+                    });
+                } else {
+                    // Tryb zwykły
+                    expensesChart = new Chart(ctx, {
+                        type: 'bar',
+                        data: {
+                            labels: data.labels,
+                            datasets: [{
+                                label: 'Suma wydatków [PLN]',
+                                data: data.expenses,
+                                backgroundColor: '#0d6efd'
+                            }]
+                        },
+                        options: {
+                            responsive: true,
+                            scales: { y: { beginAtZero: true } }
+                        }
+                    });
+                }
 
                 if (startDate && endDate) {
                     rangeLabel.textContent = `Widok: własny zakres (${startDate} → ${endDate})`;
@@ -54,13 +78,28 @@ document.addEventListener("DOMContentLoaded", function () {
                     else if (range === "yearly") labelText = "Widok: roczne";
                     rangeLabel.textContent = labelText;
                 }
-
             })
             .catch(error => {
                 console.error("Błąd pobierania danych:", error);
             });
     }
 
+    // Obsługa przycisku przełączania trybu
+    document.getElementById("toggleCategorySplit").addEventListener("click", function () {
+        categorySplit = !categorySplit;
+        if (categorySplit) {
+            this.textContent = "🔵 Pokaż całościowo";
+            this.classList.remove("btn-outline-warning");
+            this.classList.add("btn-outline-info");
+        } else {
+            this.textContent = "🎨 Pokaż podział na kategorie";
+            this.classList.remove("btn-outline-info");
+            this.classList.add("btn-outline-warning");
+        }
+        loadExpenses(); // przeładuj wykres
+    });
+
+    // Reszta Twojego kodu bez zmian...
     const startDateInput = document.getElementById("startDate");
     const endDateInput = document.getElementById("endDate");
     const today = new Date();
@@ -97,7 +136,7 @@ document.addEventListener("DOMContentLoaded", function () {
             document.querySelectorAll('.category-filter').forEach(b => b.classList.remove('active'));
             this.classList.add('active');
             selectedCategoryId = this.dataset.categoryId || "";
-            loadExpenses(); // odśwież wykres z nowym filtrem
+            loadExpenses();
         });
     });
 });
diff --git a/templates/admin/admin_panel.html b/templates/admin/admin_panel.html
index 0d777be..fd839e2 100644
--- a/templates/admin/admin_panel.html
+++ b/templates/admin/admin_panel.html
@@ -7,70 +7,117 @@
   <a href="/" class="btn btn-outline-secondary">← Powrót do strony głównej</a>
 </div>
 
-<nav class="navbar navbar-expand-lg navbar-dark bg-dark rounded mb-4">
-  <div class="container-fluid p-0">
-    <a class="navbar-brand" href="#">Funkcje:</a>
-    <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#adminNavbar"
-      aria-controls="adminNavbar" aria-expanded="false" aria-label="Przełącz nawigację">
-      <span class="navbar-toggler-icon"></span>
-    </button>
-
-    <div class="collapse navbar-collapse" id="adminNavbar">
-      <ul class="navbar-nav me-auto mb-2 mb-lg-0">
-        <li class="nav-item">
-          <a class="nav-link" href="{{ url_for('list_users') }}">👥 Zarządzanie użytkownikami</a>
-        </li>
-        <li class="nav-item">
-          <a class="nav-link" href="{{ url_for('admin_receipts', id='all') }}">📸 Wszystkie paragony</a>
-        </li>
-        <li class="nav-item">
-          <a class="nav-link" href="{{ url_for('list_products') }}">🛍️ Produkty i sugestie</a>
-        </li>
-        <li class="nav-item">
-          <a class="nav-link" href="{{ url_for('admin_mass_edit_categories') }}">🗂 Masowa edycja kategorii</a>
-        </li>
-
-      </ul>
+<div class="card bg-dark text-white mb-4">
+  <div class="card-body p-2">
+    <div class="d-flex flex-wrap gap-2">
+      <a href="{{ url_for('list_users') }}" class="btn btn-outline-light btn-sm">👥 Użytkownicy</a>
+      <a href="{{ url_for('admin_receipts', id='all') }}" class="btn btn-outline-light btn-sm">📸 Paragony</a>
+      <a href="{{ url_for('list_products') }}" class="btn btn-outline-light btn-sm">🛍️ Produkty</a>
+      <a href="{{ url_for('admin_mass_edit_categories') }}" class="btn btn-outline-light btn-sm">🗂 Kategorie</a>
     </div>
   </div>
-</nav>
+</div>
 
 <div class="row g-3 mb-4">
+  <!-- Statystyki liczbowe -->
   <div class="col-md-4">
     <div class="card bg-dark text-white h-100">
       <div class="card-body">
-        <p><strong>👤 Liczba użytkowników:</strong> {{ user_count }}</p>
-        <p><strong>📝 Liczba list zakupowych:</strong> {{ list_count }}</p>
-        <p><strong>🛒 Liczba produktów:</strong> {{ item_count }}</p>
-        <p><strong>✅ Zakupionych produktów:</strong> {{ purchased_items_count }}</p>
+        <h5 class="mb-3">📊 Statystyki ogólne</h5>
+        <table class="table table-dark table-sm mb-0">
+          <tbody>
+            <tr>
+              <td>👤 Użytkownicy</td>
+              <td class="text-end fw-bold">{{ user_count }}</td>
+            </tr>
+            <tr>
+              <td>📝 Listy zakupowe</td>
+              <td class="text-end fw-bold">{{ list_count }}</td>
+            </tr>
+            <tr>
+              <td>🛒 Produkty</td>
+              <td class="text-end fw-bold">{{ item_count }}</td>
+            </tr>
+            <tr>
+              <td>✅ Zakupione</td>
+              <td class="text-end fw-bold">{{ purchased_items_count }}</td>
+            </tr>
+          </tbody>
+        </table>
       </div>
     </div>
   </div>
 
-  {% if top_products %}
+  <!-- Najczęściej kupowane -->
   <div class="col-md-4">
     <div class="card bg-dark text-white h-100">
       <div class="card-body">
-        <h5>🔥 Najczęściej kupowane produkty:</h5>
-        <ul class="mb-0">
-          {% for name, count in top_products %}
-          <li>{{ name }} — {{ count }}×</li>
-          {% endfor %}
-        </ul>
+        <h5 class="mb-3">🔥 Najczęściej kupowane produkty</h5>
+        {% if top_products %}
+        {% set max_count = top_products[0][1] %}
+        {% for name, count in top_products %}
+        <div class="mb-2">
+          <div class="d-flex justify-content-between">
+            <span>{{ name }}</span>
+            <span class="text-muted">{{ count }}×</span>
+          </div>
+          <div class="progress" style="height: 6px;">
+            <div class="progress-bar bg-success" role="progressbar" style="width: {{ (count / max_count) * 100 }}%"
+              aria-valuenow="{{ count }}" aria-valuemin="0" aria-valuemax="{{ max_count }}">
+            </div>
+          </div>
+        </div>
+        {% endfor %}
+        {% else %}
+        <p class="text-muted mb-0">Brak danych</p>
+        {% endif %}
       </div>
     </div>
   </div>
-  {% endif %}
 
+  <!-- Podsumowanie wydatków -->
   <div class="col-md-4">
     <div class="card bg-dark text-white h-100">
       <div class="card-body">
         <h5>💸 Podsumowanie wydatków:</h5>
-        <ul class="mb-3">
-          <li><strong>Obecny miesiąc:</strong> {{ '%.2f'|format(month_expense_sum) }} PLN</li>
-          <li><strong>Obecny rok:</strong> {{ '%.2f'|format(year_expense_sum) }} PLN</li>
-          <li><strong>Całkowite:</strong> {{ '%.2f'|format(total_expense_sum) }} PLN</li>
-        </ul>
+
+        <table class="table table-dark table-sm mb-3">
+          <thead>
+            <tr>
+              <th>Typ listy</th>
+              <th>Miesiąc</th>
+              <th>Rok</th>
+              <th>Całkowite</th>
+            </tr>
+          </thead>
+          <tbody>
+            <tr>
+              <td>Wszystkie</td>
+              <td>{{ '%.2f'|format(expense_summary.all.month) }} PLN</td>
+              <td>{{ '%.2f'|format(expense_summary.all.year) }} PLN</td>
+              <td>{{ '%.2f'|format(expense_summary.all.total) }} PLN</td>
+            </tr>
+            <tr>
+              <td>Aktywne</td>
+              <td>{{ '%.2f'|format(expense_summary.active.month) }} PLN</td>
+              <td>{{ '%.2f'|format(expense_summary.active.year) }} PLN</td>
+              <td>{{ '%.2f'|format(expense_summary.active.total) }} PLN</td>
+            </tr>
+            <tr>
+              <td>Archiwalne</td>
+              <td>{{ '%.2f'|format(expense_summary.archived.month) }} PLN</td>
+              <td>{{ '%.2f'|format(expense_summary.archived.year) }} PLN</td>
+              <td>{{ '%.2f'|format(expense_summary.archived.total) }} PLN</td>
+            </tr>
+            <tr>
+              <td>Wygasłe</td>
+              <td>{{ '%.2f'|format(expense_summary.expired.month) }} PLN</td>
+              <td>{{ '%.2f'|format(expense_summary.expired.year) }} PLN</td>
+              <td>{{ '%.2f'|format(expense_summary.expired.total) }} PLN</td>
+            </tr>
+          </tbody>
+        </table>
+
         <button type="button" class="btn btn-outline-primary w-100 mt-3" data-bs-toggle="modal"
           data-bs-target="#expensesChartModal" id="loadExpensesBtn">
           📊 Pokaż wykres wydatków
@@ -78,134 +125,152 @@
       </div>
     </div>
   </div>
+</div>
 
-  <div class="card bg-dark text-white mb-5">
-    <div class="card-body">
-      <h3 class="mt-4">📄 Wszystkie listy zakupowe</h3>
-      <form method="post" action="{{ url_for('delete_selected_lists') }}">
-        <div class="table-responsive">
-          <table class="table table-dark table-striped align-middle sortable">
-            <thead>
-              <tr>
-                <th><input type="checkbox" id="select-all"></th>
-                <th>ID</th>
-                <th>Tytuł</th>
-                <th>Status</th>
-                <th>Utworzono</th>
-                <th>Właściciel</th>
-                <th>Produkty</th>
-                <th>Wypełnienie</th>
-                <th>Komentarze</th>
-                <th>Paragony</th>
-                <th>Wydatki</th>
-                <th>Akcje</th>
-              </tr>
-            </thead>
-            <tbody>
-              {% for e in enriched_lists %}
-              {% set l = e.list %}
-              <tr>
-                <td><input type="checkbox" name="list_ids" value="{{ l.id }}"></td>
-                <td>{{ l.id }}</td>
-                <td class="fw-bold">
-                  <a href="{{ url_for('view_list', list_id=l.id) }}" class="text-white">{{ l.title }}</a>
-                </td>
-                <td>
-                  {% if l.is_archived %}
-                  <span class="badge bg-secondary">Archiwalna</span>
-                  {% elif e.expired %}
-                  <span class="badge bg-warning text-dark">Wygasła</span>
-                  {% else %}
-                  <span class="badge bg-success">Aktywna</span>
-                  {% endif %}
-                </td>
-                <td>{{ l.created_at.strftime('%Y-%m-%d %H:%M') if l.created_at else '-' }}</td>
-                <td>
-                  {% if l.owner_id %}
-                  {{ l.owner_id }} / {{ l.owner.username if l.owner else 'Brak użytkownika' }}
-                  {% else %}
-                  -
-                  {% endif %}
-                </td>
-                <td>{{ e.total_count }}</td>
-                <td>{{ e.purchased_count }}/{{ e.total_count }} ({{ e.percent }}%)</td>
-                <td>{{ e.comments_count }}</td>
-                <td>{{ e.receipts_count }}</td>
-                <td>
-                  {% if e.total_expense > 0 %}
-                  {{ '%.2f'|format(e.total_expense) }} PLN
-                  {% else %}
-                  -
-                  {% endif %}
-                </td>
-                <td class="d-flex flex-wrap gap-1">
-                  <a href="{{ url_for('edit_list', list_id=l.id) }}" class="btn btn-sm btn-outline-primary">✏️
-                    Edytuj</a>
-                  <a href="{{ url_for('delete_list', list_id=l.id) }}" class="btn btn-sm btn-outline-danger">🗑️
-                    Usuń</a>
-                </td>
-              </tr>
-              {% endfor %}
-            </tbody>
+<div class="card bg-dark text-white mb-5">
+  <div class="card-body">
+    <h3 class="mt-4">📄 Wszystkie listy zakupowe</h3>
+    <form method="post" action="{{ url_for('delete_selected_lists') }}">
+      <div class="table-responsive">
+        <table class="table table-dark table-striped align-middle sortable">
+          <thead>
+            <tr>
+              <th><input type="checkbox" id="select-all"></th>
+              <th>ID</th>
+              <th>Tytuł</th>
+              <th>Status</th>
+              <th>Utworzono</th>
+              <th>Właściciel</th>
+              <th>Produkty</th>
+              <th>Wypełnienie</th>
+              <th>Komentarze</th>
+              <th>Paragony</th>
+              <th>Wydatki</th>
+              <th>Akcje</th>
+            </tr>
+          </thead>
+          <tbody>
+            {% for e in enriched_lists %}
+            {% set l = e.list %}
+            <tr>
+              <td><input type="checkbox" name="list_ids" value="{{ l.id }}"></td>
+              <td>{{ l.id }}</td>
+              <td class="fw-bold align-middle">
+                <a href="{{ url_for('view_list', list_id=l.id) }}" class="text-white">{{ l.title }}</a>
+                {% if l.categories %}
+                <span class="ms-1 text-info" data-bs-toggle="tooltip"
+                  title="{{ l.categories | map(attribute='name') | join(', ') }}">
+                  🏷
+                </span>
+                {% endif %}
+              </td>
 
-          </table>
-        </div>
-        <button type="submit" class="btn btn-danger mt-2">🗑️ Usuń zaznaczone listy</button>
-      </form>
-    </div>
+              <td>
+                {% if l.is_archived %}
+                <span class="badge bg-secondary">Archiwalna</span>
+                {% elif e.expired %}
+                <span class="badge bg-warning text-dark">Wygasła</span>
+                {% else %}
+                <span class="badge bg-success">Aktywna</span>
+                {% endif %}
+              </td>
+              <td>{{ l.created_at.strftime('%Y-%m-%d %H:%M') if l.created_at else '-' }}</td>
+              <td>
+                {% if l.owner %}
+                👤 {{ l.owner.username }} ({{ l.owner.id }})
+                {% else %}
+                -
+                {% endif %}
+              </td>
+              <td>{{ e.total_count }}</td>
+              <td>
+                <div class="progress" style="height: 14px;">
+                  <div class="progress-bar 
+                      {% if e.percent >= 80 %}bg-success
+                      {% elif e.percent >= 40 %}bg-warning
+                      {% else %}bg-danger{% endif %}" role="progressbar" style="width: {{ e.percent }}%">
+                    {{ e.purchased_count }}/{{ e.total_count }}
+                  </div>
+                </div>
+              </td>
+              <td><span class="badge bg-primary">{{ e.comments_count }}</span></td>
+              <td><span class="badge bg-secondary">{{ e.receipts_count }}</span></td>
+              <td class="fw-bold 
+                  {% if e.total_expense >= 500 %}text-danger
+                  {% elif e.total_expense > 0 %}text-success{% endif %}">
+                {% if e.total_expense > 0 %}
+                {{ '%.2f'|format(e.total_expense) }} PLN
+                {% else %}
+                -
+                {% endif %}
+              </td>
+              <td class="d-flex flex-wrap gap-1">
+                <a href="{{ url_for('edit_list', list_id=l.id) }}" class="btn btn-sm btn-outline-primary">✏️ Edytuj</a>
+                <a href="{{ url_for('delete_list', list_id=l.id) }}" class="btn btn-sm btn-outline-danger"
+                  onclick="return confirm('Na pewno usunąć tę listę?')">🗑️ Usuń</a>
+              </td>
+            </tr>
+            {% endfor %}
+          </tbody>
+        </table>
+      </div>
+      <button type="submit" class="btn btn-danger mt-2">🗑️ Usuń zaznaczone listy</button>
+    </form>
   </div>
+</div>
 
-  <div class="modal fade" id="expensesChartModal" tabindex="-1" aria-labelledby="expensesChartModalLabel"
-    aria-hidden="true">
-    <div class="modal-dialog modal-xl modal-dialog-centered">
-      <div class="modal-content bg-dark text-white rounded">
-        <div class="modal-header border-0">
-          <div>
-            <h5 class="modal-title m-0" id="expensesChartModalLabel">📊 Wydatki</h5>
-            <small id="chartRangeLabel" class="text-muted">Widok: miesięczne</small>
-          </div>
-          <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal" aria-label="Zamknij"></button>
+
+<div class="modal fade" id="expensesChartModal" tabindex="-1" aria-labelledby="expensesChartModalLabel"
+  aria-hidden="true">
+  <div class="modal-dialog modal-xl modal-dialog-centered">
+    <div class="modal-content bg-dark text-white rounded">
+      <div class="modal-header border-0">
+        <div>
+          <h5 class="modal-title m-0" id="expensesChartModalLabel">📊 Wydatki</h5>
+          <small id="chartRangeLabel" class="text-muted">Widok: miesięczne</small>
+        </div>
+        <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal" aria-label="Zamknij"></button>
+      </div>
+      <div class="modal-body pt-0">
+        <div class="d-flex flex-wrap gap-2 mb-3">
+          <button class="btn btn-outline-light btn-sm range-btn active" data-range="monthly">📅 Miesięczne</button>
+          <button class="btn btn-outline-light btn-sm range-btn" data-range="quarterly">📊 Kwartalne</button>
+          <button class="btn btn-outline-light btn-sm range-btn" data-range="halfyearly">🗓️ Półroczne</button>
+          <button class="btn btn-outline-light btn-sm range-btn" data-range="yearly">📆 Roczne</button>
         </div>
-        <div class="modal-body pt-0">
-          <div class="d-flex flex-wrap gap-2 mb-3">
-            <button class="btn btn-outline-light btn-sm range-btn active" data-range="monthly">📅 Miesięczne</button>
-            <button class="btn btn-outline-light btn-sm range-btn" data-range="quarterly">📊 Kwartalne</button>
-            <button class="btn btn-outline-light btn-sm range-btn" data-range="halfyearly">🗓️ Półroczne</button>
-            <button class="btn btn-outline-light btn-sm range-btn" data-range="yearly">📆 Roczne</button>
-          </div>
 
-          <div class="input-group input-group-sm mb-3 w-100" style="max-width: 570px;">
-            <span class="input-group-text bg-secondary text-white border-secondary">Od</span>
-            <input type="date" class="form-control bg-dark text-white border-secondary flex-grow-1" id="startDate">
-            <span class="input-group-text bg-secondary text-white border-secondary">Do</span>
-            <input type="date" class="form-control bg-dark text-white border-secondary flex-grow-1" id="endDate">
-            <button class="btn btn-outline-success" id="customRangeBtn">Pokaż dane z zakresu 📅</button>
-          </div>
+        <div class="input-group input-group-sm mb-3 w-100" style="max-width: 570px;">
+          <span class="input-group-text bg-secondary text-white border-secondary">Od</span>
+          <input type="date" class="form-control bg-dark text-white border-secondary flex-grow-1" id="startDate">
+          <span class="input-group-text bg-secondary text-white border-secondary">Do</span>
+          <input type="date" class="form-control bg-dark text-white border-secondary flex-grow-1" id="endDate">
+          <button class="btn btn-outline-success" id="customRangeBtn">Pokaż dane z zakresu 📅</button>
+        </div>
 
-          <div class="bg-dark rounded p-2">
-            <canvas id="expensesChart" height="100"></canvas>
-          </div>
+        <div class="bg-dark rounded p-2">
+          <canvas id="expensesChart" height="100"></canvas>
         </div>
       </div>
     </div>
   </div>
+</div>
 
-  {% block scripts %}
-  <script src="{{ url_for('static_bp.serve_js_lib', filename='chart.js') }}"></script>
-  <script>
-    document.getElementById('select-all').addEventListener('click', function () {
-      const checkboxes = document.querySelectorAll('input[name="list_ids"]');
-      checkboxes.forEach(cb => cb.checked = this.checked);
-    });
-  </script>
-  <script src="{{ url_for('static_bp.serve_js', filename='expenses.js') }}"></script>
+{% block scripts %}
+<script src="{{ url_for('static_bp.serve_js_lib', filename='chart.js') }}"></script>
+<script>
+  document.getElementById('select-all').addEventListener('click', function () {
+    const checkboxes = document.querySelectorAll('input[name="list_ids"]');
+    checkboxes.forEach(cb => cb.checked = this.checked);
+  });
+</script>
+<script src="{{ url_for('static_bp.serve_js', filename='expenses.js') }}"></script>
 
-  {% endblock %}
+{% endblock %}
 
-  <div class="info-bar-fixed">
-    Python: {{ python_version.split()[0] }} | {{ system_info }} | RAM app: {{ app_memory }} |
-    DB: {{ db_info.engine|upper }}{% if db_info.version %} v{{ db_info.version[0] }}{% endif %} |
-    Tabele: {{ table_count }} | Rekordy: {{ record_total }} |
-    Uptime: {{ uptime_minutes }} min
-  </div>
-  {% endblock %}
\ No newline at end of file
+<div class="info-bar-fixed">
+  Python: {{ python_version.split()[0] }} | {{ system_info }} | RAM app: {{ app_memory }} |
+  DB: {{ db_info.engine|upper }}{% if db_info.version %} v{{ db_info.version[0] }}{% endif %} |
+  Tabele: {{ table_count }} | Rekordy: {{ record_total }} |
+  Uptime: {{ uptime_minutes }} min
+</div>
+{% endblock %}
\ No newline at end of file
diff --git a/templates/user_expenses.html b/templates/user_expenses.html
index 6e1b640..db48d63 100644
--- a/templates/user_expenses.html
+++ b/templates/user_expenses.html
@@ -6,15 +6,22 @@
   <h2 class="mb-2">Statystyki wydatków</h2>
   <a href="{{ url_for('main_page') }}" class="btn btn-outline-secondary">← Powrót</a>
 </div>
-<div class="form-check form-switch mb-3">
-  <input class="form-check-input" type="checkbox" id="showAllLists" {% if show_all %}checked{% endif %}>
-  <label class="form-check-label ms-2 text-white" for="showAllLists">Pokaż wszystkie publiczne listy
-    innych</label>
+
+
+<div class="d-flex justify-content-center mb-3">
+  <div class="form-check form-switch">
+    <input class="form-check-input" type="checkbox" id="showAllLists" {% if show_all %}checked{% endif %}>
+    <label class="form-check-label ms-2 text-white" for="showAllLists">
+      Pokaż wszystkie publiczne listy innych
+    </label>
+  </div>
 </div>
 
-<div class="d-flex flex-wrap gap-2 mb-3">
-  <a href="{{ url_for('user_expenses', show_all='true') }}"
-    class="btn btn-sm {% if not selected_category %}btn-success{% else %}btn-outline-light{% endif %}">🌐 Wszystkie</a>
+<div class="d-flex flex-wrap gap-2 mb-3 justify-content-center">
+  <a href="{{ url_for('user_expenses') }}"
+    class="btn btn-sm {% if not selected_category %}btn-success{% else %}btn-outline-light{% endif %}">
+    🌐 Wszystkie
+  </a>
   {% for cat in categories %}
   <a href="{{ url_for('user_expenses', category_id=cat.id) }}"
     class="btn btn-sm {% if selected_category == cat.id %}btn-success{% else %}btn-outline-light{% endif %}">
@@ -23,6 +30,7 @@
   {% endfor %}
 </div>
 
+
 <div class="card bg-dark text-white mb-5">
   <div class="card-body">
     <ul class="nav nav-tabs mb-3" id="expenseTabs" role="tablist">
@@ -49,7 +57,7 @@
         <div class="card bg-dark text-white mb-4">
           <div class="card-body">
 
-            <div class="d-flex flex-wrap gap-2 mb-3">
+            <div class="d-flex flex-wrap gap-2 mb-3 justify-content-center">
               <button class="btn btn-outline-light btn-sm range-btn" data-range="day">🗓️ Dzień</button>
               <button class="btn btn-outline-light btn-sm range-btn" data-range="week">📆 Tydzień</button>
               <button class="btn btn-outline-light btn-sm range-btn active" data-range="month">📅 Miesiąc</button>
@@ -57,19 +65,25 @@
               <button class="btn btn-outline-light btn-sm range-btn" data-range="all">🌐 Wszystko</button>
             </div>
 
-            <div class="form-check form-switch mb-3">
-              <input class="form-check-input" type="checkbox" id="onlyWithExpenses">
-              <label class="form-check-label ms-2 text-white" for="onlyWithExpenses">Pokaż tylko listy z
-                wydatkami</label>
+
+
+            <div class="d-flex justify-content-center mb-3">
+              <div class="input-group input-group-sm w-100" style="max-width: 570px;">
+                <span class="input-group-text bg-secondary text-white border-secondary">Od</span>
+                <input type="date" class="form-control bg-dark text-white border-secondary flex-grow-1"
+                  id="customStart">
+                <span class="input-group-text bg-secondary text-white border-secondary">Do</span>
+                <input type="date" class="form-control bg-dark text-white border-secondary flex-grow-1" id="customEnd">
+                <button class="btn btn-outline-success" id="applyCustomRange">📊 Zastosuj zakres</button>
+              </div>
             </div>
-
-
-            <div class="input-group input-group-sm mb-3 w-100" style="max-width: 570px;">
-              <span class="input-group-text bg-secondary text-white border-secondary">Od</span>
-              <input type="date" class="form-control bg-dark text-white border-secondary flex-grow-1" id="customStart">
-              <span class="input-group-text bg-secondary text-white border-secondary">Do</span>
-              <input type="date" class="form-control bg-dark text-white border-secondary flex-grow-1" id="customEnd">
-              <button class="btn btn-outline-success" id="applyCustomRange">📊 Zastosuj zakres</button>
+            <div class="d-flex justify-content-center mb-3">
+              <div class="form-check form-switch">
+                <input class="form-check-input" type="checkbox" id="onlyWithExpenses">
+                <label class="form-check-label ms-2 text-white" for="onlyWithExpenses">
+                  Pokaż tylko listy z wydatkami
+                </label>
+              </div>
             </div>
 
             <div class="d-flex justify-content-end mb-2">
@@ -123,13 +137,19 @@
       <div class="tab-pane fade" id="chartTab" role="tabpanel">
         <div class="card bg-dark text-white mb-4">
           <div class="card-body">
+
+            <button class="btn btn-outline-light w-100 py-2 mb-2 d-flex align-items-center justify-content-center gap-2"
+              id="toggleCategorySplit">
+              🎨 Pokaż podział na kategorie
+            </button>
+
             <p id="chartRangeLabel" class="fw-bold mb-3">Widok: miesięczne</p>
             <canvas id="expensesChart" height="120"></canvas>
           </div>
         </div>
 
 
-        <div class="d-flex flex-wrap gap-2 mb-3">
+        <div class="d-flex flex-wrap gap-2 mb-3 justify-content-center">
           <button class="btn btn-outline-light btn-sm range-btn active" data-range="monthly">📅 Miesięczne</button>
           <button class="btn btn-outline-light btn-sm range-btn" data-range="quarterly">📊 Kwartalne</button>
           <button class="btn btn-outline-light btn-sm range-btn" data-range="halfyearly">🗓️ Półroczne</button>
@@ -137,14 +157,17 @@
         </div>
 
         <!-- Picker daty w formie input-group -->
-        <div class="input-group input-group-sm mb-4 w-100" style="max-width: 570px;">
-          <span class="input-group-text bg-secondary text-white border-secondary">Od</span>
-          <input type="date" class="form-control bg-dark text-white border-secondary flex-grow-1" id="startDate">
-          <span class="input-group-text bg-secondary text-white border-secondary">Do</span>
-          <input type="date" class="form-control bg-dark text-white border-secondary flex-grow-1" id="endDate">
-          <button class="btn btn-outline-success" id="customRangeBtn">📊 Pokaż dane z zakresu</button>
+        <div class="d-flex justify-content-center mb-4">
+          <div class="input-group input-group-sm w-100" style="max-width: 570px;">
+            <span class="input-group-text bg-secondary text-white border-secondary">Od</span>
+            <input type="date" class="form-control bg-dark text-white border-secondary flex-grow-1" id="startDate">
+            <span class="input-group-text bg-secondary text-white border-secondary">Do</span>
+            <input type="date" class="form-control bg-dark text-white border-secondary flex-grow-1" id="endDate">
+            <button class="btn btn-outline-success" id="customRangeBtn">📊 Pokaż dane z zakresu</button>
+          </div>
         </div>
 
+
       </div>
     </div>
 
-- 
2.43.0