feat(signup+admin): aliniere formular signup la landing + plan cerut, GDPR, control tier/trial in panou

Signup:
- /signup aliniat ca format la formularul din landing (campuri, etichete,
  placeholder-uri, select plan, checkbox GDPR, buton). Eticheta `name` = "Companie"
  (corecta: backendul salveaza nume de firma), uniform si in landing.
- Consimtamant GDPR validat server-side (functional, nu doar client-side) + salvat
  cu marca temporala (accounts.consent_at).
- Plan ales la signup salvat in accounts.requested_plan (intentie, NU drept): tier
  ramane sursa de adevar pentru gate-ul API; coloana pregateste integrarea platilor.
- landing: valorile `plan` = coduri tier (free/standard/pro/premium), data-plan
  sincronizat pe butoanele de pret; checkbox consimtamant primeste name.

Schema/DB:
- accounts: coloane noi requested_plan + consent_at (cu migrare aditiva in db.py).

Panou admin:
- Coloane noi: Plan curent (plan EFECTIV acum + zile trial ramase) si Plan cerut.
- Buton "Aplica" (POST /admin/set-tier): aloca plan real si INCHEIE trial-ul
  (efect imediat; altfel trial-ul Pro universal de 30z masca alegerea).
- Control "Trial Pro N zile" (POST /admin/set-trial via accounts.set_trial):
  acorda/prelungeste trial fara a schimba tier-ul de baza.

Teste: signup (consent obligatoriu, requested_plan persistat, tier ramane free),
panou admin (set-tier incheie trial, free opreste Pro imediat, set-trial, validari
+ CSRF). Call-site-urile existente POST /signup actualizate cu consent.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Claude Agent
2026-06-29 16:02:37 +00:00
parent a29896a790
commit 851f76ca16
14 changed files with 528 additions and 42 deletions

View File

@@ -8,6 +8,7 @@ Rute:
from __future__ import annotations
from datetime import datetime, timedelta, timezone
from pathlib import Path
from fastapi import APIRouter, Form, Request
@@ -15,12 +16,42 @@ from fastapi.responses import HTMLResponse, RedirectResponse
from fastapi.templating import Jinja2Templates
from .. import __version__
from ..accounts import account_is_complete, list_accounts, set_active, set_status, delete_account
from ..accounts import account_is_complete, list_accounts, set_active, set_status, set_tier, set_trial, delete_account
from ..config import get_settings
from ..db import get_connection
from ..plans import PLANS, effective_tier
from ..web.csrf import get_csrf_token, verify_csrf
from ..web.session import require_admin
def _plan_label(code: str | None) -> str:
"""Eticheta RO a unui cod de plan (din PLANS). None/necunoscut -> ''."""
if not code:
return ""
plan = PLANS.get(code)
return plan["label"] if plan else code
def _trial_zile_ramase(trial_until_str: str | None, now: datetime) -> int | None:
"""Zile ramase din trial (rotunjit in sus), sau None daca nu e trial activ/malformat.
Acelasi parsing tolerant ca plans.effective_tier (UTC implicit pe valori naive).
"""
if not trial_until_str:
return None
try:
tu = datetime.fromisoformat(trial_until_str.strip().replace(" ", "T"))
if tu.tzinfo is None:
tu = tu.replace(tzinfo=timezone.utc)
now_cmp = now if now.tzinfo else now.replace(tzinfo=timezone.utc)
secunde = (tu - now_cmp).total_seconds()
if secunde <= 0:
return None
# Rotunjire in sus la zile (o fractie de zi ramasa = inca 1 zi afisata).
return int(secunde // 86400) + (1 if secunde % 86400 else 0)
except (ValueError, AttributeError, TypeError):
return None
router = APIRouter()
_TMPL = Jinja2Templates(directory=str(Path(__file__).resolve().parent / "templates"))
@@ -47,10 +78,19 @@ def _render_admin(request: Request, conn, *, error: str | None = None, status_co
"""Randeaza pagina admin.html cu lista de conturi si optional un mesaj de eroare."""
accounts = list_accounts(conn)
emails = _emails_by_account(conn)
now = datetime.now(timezone.utc)
for acct in accounts:
# Computa is_complete INAINTE de a suprascrie accounts.email cu emailul de login al userului
acct["is_complete"] = account_is_complete(acct)
acct["email"] = emails.get(acct["id"])
# Plan EFECTIV (ce are contul acum): trial Pro activ ridica `free` la `pro`.
# `tier` ramane sursa de adevar pentru drepturi; `requested_plan` e doar intentia de la signup.
eff = effective_tier(acct, now)
acct["tier_label"] = _plan_label(acct.get("tier")) # tier de baza (post-trial)
acct["tier_efectiv_label"] = _plan_label(eff) # plan efectiv ACUM
acct["trial_activ"] = eff != (acct.get("tier") or "free")
acct["trial_zile"] = _trial_zile_ramase(acct.get("trial_until"), now)
acct["requested_plan_label"] = _plan_label(acct.get("requested_plan"))
# Grupare pe STARE, nu pe `active`: altfel conturile arhivate/blocate (active=0)
# ar cadea gresit sub "in asteptare". 'deleted' e deja exclus din list_accounts.
pending = [a for a in accounts if a["status"] == "pending" and a["id"] != 1]
@@ -146,6 +186,73 @@ async def admin_delete(request: Request, account_id: list[int] = Form(...),
return _lifecycle_route(request, account_id, csrf_token, "delete")
@router.post("/admin/set-tier", response_class=HTMLResponse)
async def admin_set_tier(
request: Request,
account_id: int = Form(...),
tier: str = Form(...),
csrf_token: str = Form(default=""),
):
"""Schimba planul (tier) unui cont din panou. require_admin + CSRF, PRG 303.
Reuseaza accounts.set_tier (valideaza tier-ul, protejeaza id=1, logheaza schimbarea).
INCHEIE trial-ul (trial_until=NULL): alocarea manuala = plan real de-acum, cu efect
imediat — altfel trial-ul Pro universal (30z la signup) ar masca alegerea pana la
expirare (decizie user 2026-06-29). Tier invalid / cont protejat -> re-randare cu eroare.
"""
require_admin(request)
verify_csrf(request, csrf_token)
conn = get_connection()
try:
try:
# trial_until=None: alocarea manuala incheie trial-ul si aplica tier-ul ales acum.
set_tier(conn, account_id, tier, trial_until=None)
conn.commit()
except ValueError as exc:
return _render_admin(request, conn, error=str(exc), status_code=422)
finally:
conn.close()
return RedirectResponse("/admin", status_code=303)
@router.post("/admin/set-trial", response_class=HTMLResponse)
async def admin_set_trial(
request: Request,
account_id: int = Form(...),
trial_days: int = Form(...),
csrf_token: str = Form(default=""),
):
"""Acorda/prelungeste un trial Pro de N zile (de la acum), fara a schimba tier-ul de baza.
require_admin + CSRF, PRG 303. Reuseaza accounts.set_trial (protejeaza id=1, logheaza).
trial_days <= 0 sau peste plafon -> re-randare panou cu eroare (422). Plafon defensiv 3650z.
"""
require_admin(request)
verify_csrf(request, csrf_token)
conn = get_connection()
try:
if trial_days <= 0 or trial_days > 3650:
return _render_admin(
request, conn,
error="Numarul de zile pentru trial trebuie sa fie intre 1 si 3650.",
status_code=422,
)
try:
now = datetime.now(timezone.utc)
trial_until = (now + timedelta(days=trial_days)).strftime("%Y-%m-%d %H:%M:%S")
set_trial(conn, account_id, trial_until)
conn.commit()
except ValueError as exc:
return _render_admin(request, conn, error=str(exc), status_code=422)
finally:
conn.close()
return RedirectResponse("/admin", status_code=303)
@router.post("/admin/deactivate", response_class=HTMLResponse)
async def admin_deactivate(
request: Request,