Indexes added:
- items.artikel - frequently searched/filtered
- items(artikel, groesse) - unique article/size lookup
- orders.done - order completion filter
- orders.canceled - order cancellation filter
- orders(done, canceled) - combined status filter for "open orders"
- ausbuchungen.item_id - foreign key for JOINs
All indexes use IF NOT EXISTS for idempotent execution.
This improves performance for:
- Article search/filtering in admin interface
- Order status filtering
- Stock movement queries
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Logging:
- Add structured logging with timestamps
- Log successful and failed login attempts
- Log new orders and order completions
- Log email sending success/failures
SMTP Error Handling:
- Add try/except block around SMTP operations
- Catch authentication errors, SMTP exceptions, and general errors
- Log all email failures with detailed error messages
- Ensure orders are saved even if email fails
This allows monitoring of critical operations and troubleshooting
email delivery issues through systemd journal.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Prevent server startup if SECRET_KEY is not set in production
- Raise RuntimeError with helpful message if using default value
- Allow debug mode for local development
This ensures the application never runs with an insecure session
secret in production environments.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add Flask-WTF dependency for CSRF protection
- Initialize CSRFProtect in app.py
- Add CSRF tokens to all POST forms in templates
- Exempt /order JSON API endpoint (uses API key instead)
This protects against Cross-Site Request Forgery attacks on all
admin and user management operations.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
