Added optional info text field to articles that can be managed in the backend and is displayed in the shop only when filled. The info appears in both card view and detail modal with an informative style.
- Added info column to items table with migration
- Updated backend edit form with textarea for info text
- Modified API to include info field in bestand response
- Enhanced shop frontend to display info badge when available
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fixed remaining merge conflict markers in INSERT and SELECT statements for orders table to include email field.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Added /api/orders endpoint to retrieve all orders via API with optional filters for status (open/completed/canceled) and payment status (paid/unpaid).
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add customer email field and PayPal payment reminder emails with order reference (HEL-YEAR-ID format)
- Display stock availability with color-coded badges (available/low/unavailable)
- Add sale/clearance flag with animated red badge overlay
- Implement automatic fallback placeholder for missing/broken product images
- Add email column to order management view
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add payment method selection (PayPal/Bar) to order form
- Store payment_method and payment_status in database
- Add payment status badges in admin orders view
- Add "mark as paid" functionality for admins
- PayPal account configurable via PAYPAL_ACCOUNT env variable
- Frontend loads PayPal account dynamically from /wawi/config endpoint
- Update email notifications to include payment method
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add payment method selection (PayPal/Bar) to order form
- Store payment_method and payment_status in database
- Add payment status badges in admin orders view
- Add "mark as paid" functionality for admins
- PayPal account configurable via PAYPAL_ACCOUNT env variable
- Frontend loads PayPal account dynamically from /wawi/config endpoint
- Update email notifications to include payment method
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
UI Improvements:
- Add animated toast notification system
- Replace browser alert() with styled toast messages
- Support success, error, and info types
- Auto-dismiss after 4 seconds
- Smooth slide-in animation
- Mobile-responsive positioning (bottom on mobile)
User Experience:
- Success: "Bestellung erfolgreich gesendet! Wir melden uns bei dir."
- Error: "Fehler beim Senden der Bestellung. Bitte versuche es erneut."
- Non-blocking notifications (no modal interruption)
- Modern, polished look matching site design
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Indexes added:
- items.artikel - frequently searched/filtered
- items(artikel, groesse) - unique article/size lookup
- orders.done - order completion filter
- orders.canceled - order cancellation filter
- orders(done, canceled) - combined status filter for "open orders"
- ausbuchungen.item_id - foreign key for JOINs
All indexes use IF NOT EXISTS for idempotent execution.
This improves performance for:
- Article search/filtering in admin interface
- Order status filtering
- Stock movement queries
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Logging:
- Add structured logging with timestamps
- Log successful and failed login attempts
- Log new orders and order completions
- Log email sending success/failures
SMTP Error Handling:
- Add try/except block around SMTP operations
- Catch authentication errors, SMTP exceptions, and general errors
- Log all email failures with detailed error messages
- Ensure orders are saved even if email fails
This allows monitoring of critical operations and troubleshooting
email delivery issues through systemd journal.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Prevent server startup if SECRET_KEY is not set in production
- Raise RuntimeError with helpful message if using default value
- Allow debug mode for local development
This ensures the application never runs with an insecure session
secret in production environments.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add Flask-WTF dependency for CSRF protection
- Initialize CSRFProtect in app.py
- Add CSRF tokens to all POST forms in templates
- Exempt /order JSON API endpoint (uses API key instead)
This protects against Cross-Site Request Forgery attacks on all
admin and user management operations.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
