UI Improvements:
- Add animated toast notification system
- Replace browser alert() with styled toast messages
- Support success, error, and info types
- Auto-dismiss after 4 seconds
- Smooth slide-in animation
- Mobile-responsive positioning (bottom on mobile)
User Experience:
- Success: "Bestellung erfolgreich gesendet! Wir melden uns bei dir."
- Error: "Fehler beim Senden der Bestellung. Bitte versuche es erneut."
- Non-blocking notifications (no modal interruption)
- Modern, polished look matching site design
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Indexes added:
- items.artikel - frequently searched/filtered
- items(artikel, groesse) - unique article/size lookup
- orders.done - order completion filter
- orders.canceled - order cancellation filter
- orders(done, canceled) - combined status filter for "open orders"
- ausbuchungen.item_id - foreign key for JOINs
All indexes use IF NOT EXISTS for idempotent execution.
This improves performance for:
- Article search/filtering in admin interface
- Order status filtering
- Stock movement queries
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Logging:
- Add structured logging with timestamps
- Log successful and failed login attempts
- Log new orders and order completions
- Log email sending success/failures
SMTP Error Handling:
- Add try/except block around SMTP operations
- Catch authentication errors, SMTP exceptions, and general errors
- Log all email failures with detailed error messages
- Ensure orders are saved even if email fails
This allows monitoring of critical operations and troubleshooting
email delivery issues through systemd journal.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Prevent server startup if SECRET_KEY is not set in production
- Raise RuntimeError with helpful message if using default value
- Allow debug mode for local development
This ensures the application never runs with an insecure session
secret in production environments.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add Flask-WTF dependency for CSRF protection
- Initialize CSRFProtect in app.py
- Add CSRF tokens to all POST forms in templates
- Exempt /order JSON API endpoint (uses API key instead)
This protects against Cross-Site Request Forgery attacks on all
admin and user management operations.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
