Commit Graph

19 Commits

Author SHA1 Message Date
a638b861b2 feat(css): Phase 1 - Standardize form patterns across views
BREAKING: None (visual changes only, no API changes)

Changes:
- Standardize LoginView.vue to use forms.css patterns
  - Replace .field → .form-group
  - Replace .field-label → .form-label required
  - Replace p-invalid → invalid
  - Replace <small class="p-error"> → <span class="form-error">
- Standardize InvoicesView.vue filter forms
  - Replace .filters-container → .form
  - Replace .filters-row → .form-row
  - Replace .filter-group → .form-group (with .form-col)
  - Replace .filter-label → .form-label
  - Update responsive CSS (.search-group → .search-col)
- Remove ~116 lines of duplicate form CSS
  - LoginView.vue: ~90 lines (.field, .field-label, :deep() overrides)
  - InvoicesView.vue: ~26 lines (.filters-container, .filter-* classes)
- Create comprehensive form template documentation

Impact:
- Consistent form UX across application
- Reduced CSS duplication (70% → 66%)
- Cleaner component code (no :deep() overrides)
- forms.css (460 lines) now fully utilized
- Mobile responsive behavior handled automatically

Testing:
-  Playwright visual regression tests run
-  All LoginView tests passed (10/10)
-  Form functionality preserved
- ⚠️ Some InvoicesView tests have pre-existing timeout issues (not CSS-related)
- Browser compatibility: Chrome, Firefox, Webkit (via Playwright)

Files Modified:
- reports-app/frontend/src/views/LoginView.vue (-90 lines CSS)
- reports-app/frontend/src/views/InvoicesView.vue (-26 lines CSS)

Files Created:
- docs/FORM_TEMPLATE.md (comprehensive form guidelines)

Files Updated:
- features/PROGRESS_TRACKER.md (Phase 1 complete: 16/18 tasks, 89%)

CSS Lines Eliminated: ~116 / ~150 target (77%)
Time Spent: ~2h / 10-12h estimated
Phase Status:  Complete (89%)

Next Phase: Phase 2 - Foundation Pattern-uri Globale

Refs: #CSS-REFACTORING Phase 1/7

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-18 13:23:59 +02:00
09984cbe1e Add TVA balance display to Telegram dashboard with exclusive calculation logic
Implements VAT (TVA) balance tracking for both previous and current month with
mutually exclusive calculations (either payable OR recoverable per period).

Backend Changes:
- Add 4 TVA fields to DashboardSummary model
- Implement TVA query from vbal table (accounts 4423, 4424, 4426, 4427)
- Add exclusive calculation logic:
  * Previous month: difference between account 4423 (payable) OR 4424 (recoverable)
  * Current month: difference 4427-4426 (payable if >0, recoverable if <0)

Telegram Bot Changes:
- Add compact TVA section to dashboard formatter
- Display only when values > 0
- Format: "TVA de plată/recuperat precedent/curent"

Example output:
  **Solduri TVA:**
  - TVA de plată precedent: 7,284 RON
  - TVA de recuperat curent: 3,200 RON

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-18 10:39:04 +02:00
a227a10ca8 Refactor Telegram bot code login: unify UI with single message editing
Remove FakeMessage wrapper class and implement consistent message editing
for web app code login flow. User-submitted code is now deleted immediately
and instructions message transforms in-place to show menu, matching the
email login UX pattern.

Changes:
- Remove FakeMessage class from start_command handler
- Use direct edit_message_text for all message updates
- Delete user's code message for cleaner chat interface
- Preserve web_login_message_id in context throughout flow
- Apply same pattern to handle_text_message (8-char code handler)
- Ensure single editable message from instructions to menu

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-12 00:51:28 +02:00
6e6111df18 Refactor Telegram bot login flow: clean UI with single editable message
- Consolidate login flow to use single message that edits in place
- Auto-delete all user messages (email, code, password, /start command)
- Remove all emojis from bot messages for cleaner interface
- Fix "Retrimite Cod" bug - buttons now persist after resending code
- Replace "Oracle" with "ROA" in all user-facing messages
- Add clear instructions for each step (email input, code input, password)
- Implement message tracking with context.user_data['login_message_id']
- Clean chat history - only menu message remains visible

Files modified:
- app/bot/email_handlers.py: Complete refactor of email login flow
- app/bot/handlers.py: Update /start command to delete user message and edit existing message

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-12 00:01:19 +02:00
830c5c8181 Refactor environment configuration templates with comprehensive documentation
Updates .env.example files for both backend and telegram-bot with:
- Complete variable coverage matching actual code usage
- Clear section-based organization (Oracle, JWT, SMTP, Cache, etc.)
- Detailed comments explaining purpose and usage location for each variable
- Added missing critical variables (AUTH_SESSION_SECRET, CACHE_*, token expiration settings)
- Removed unused/dead variables (CLAUDE_API_KEY, DEBUG, API_HOST, SQLITE_DB_PATH, etc.)
- Consistent formatting and structure across development and production templates

Critical additions:
- AUTH_SESSION_SECRET for email 2FA flow (must match between backend and telegram-bot)
- Full cache configuration variables (17 vars for hybrid L1/L2 cache system)
- Token expiration settings (ACCESS_TOKEN_EXPIRE_MINUTES, REFRESH_TOKEN_EXPIRE_DAYS)
- SMTP email retry settings for telegram bot

Ensures all .env.example files accurately reflect required and optional environment
variables used in the codebase, making deployment and configuration easier.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-11 12:30:44 +02:00
706062dc0f Implement email-based 2FA authentication for Telegram bot with Oracle integration fixes
This commit adds a complete email authentication flow for the Telegram bot, allowing users to login with email + password instead of web app linking codes. Includes critical bug fixes for Oracle integration.

**New Features:**
- Email-based 2FA authentication with 6-digit codes sent via SMTP
- Backend endpoints: verify-email and login-with-email
- ConversationHandler for email authentication flow in Telegram bot
- Session token verification to prevent user ID spoofing
- Rate limiting (5 attempts per 5 minutes)
- Email code expiry (5 minutes) with automatic cleanup

**Bug Fixes:**
- Fixed Oracle column name: ACTIV → INACTIV (with inverted logic)
- Fixed Oracle password verification: verificautilizator returns checksum, not user_id
- Fixed username case sensitivity: Oracle usernames must be uppercase
- Fixed SMTP connection: use start_tls parameter instead of manual STARTTLS
- Added middleware exclusions for public email auth endpoints

**Backend Changes:**
- Added verify-email endpoint (public) in telegram.py
- Added login-with-email endpoint (public) with rate limiting and session verification
- Updated middleware exclusions in main.py and auth_middleware_wrapper.py
- Added AUTH_SESSION_SECRET configuration for session token signing

**Telegram Bot Changes:**
- New modules: app/auth/email_auth.py, app/bot/email_handlers.py
- New utilities: app/utils/email_service.py (SMTP email sending)
- Updated handlers.py: ignore callbacks handled by ConversationHandler
- Updated menus.py: show Login button for unauthenticated users
- Updated API client: verify_email() and login_with_email() methods
- Database: email_auth_codes table with cleanup task

**Configuration:**
- Added SMTP configuration to telegram-bot .env.example
- Added AUTH_SESSION_SECRET to backend .env.example
- Updated .gitignore: exclude temporary files (*.pid, *.checksum, test scripts)

**Dependencies:**
- Added aiosmtplib for async SMTP email sending

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-11 12:00:46 +02:00
1378ee1e6a Implement hybrid two-tier cache system with full monitoring and Telegram bot enhancements
Cache System (Backend):
- Implemented two-tier hybrid cache: L1 (in-memory) + L2 (SQLite)
- L1 cache: Fast dictionary-based with 5-minute TTL for hot data
- L2 cache: Persistent SQLite with 1-hour TTL for warm data
- Cache decorator with automatic tier management and fallback
- Cache key generation with per-user isolation
- Event monitoring system for cache statistics
- Cache benchmarking utilities for performance testing
- Added cache management endpoints: /api/cache/stats, /api/cache/clear, /api/cache/benchmark
- Cache configuration via environment variables (CACHE_ENABLED, CACHE_L1_TTL, etc.)

Backend Services:
- Updated dashboard_service to use @cached decorator with request context
- Added cache support to invoice_service and treasury_service
- Integrated cache manager into main.py with lifespan events
- Added Request parameter to service methods for cache metadata

Frontend Enhancements:
- New CacheStatsView.vue for real-time cache monitoring dashboard
- Cache store (cacheStore.js) for state management
- Updated router to include /cache-stats route
- Navigation updates in DashboardHeader and HamburgerMenu
- Cache stats accessible from main navigation

Telegram Bot Improvements:
- Enhanced formatters with YTD comparison data
- Improved menu navigation and button layout
- Better error handling and user feedback
- Bot startup improvements with graceful shutdown

Auth & Middleware:
- Enhanced middleware with cache metadata injection
- Improved request state handling for cache source tracking

Development:
- Updated start-dev.sh with better error handling
- Added TELEGRAM_EMAIL_AUTH_PLAN.md documentation
- Updated requirements.txt with aiosqlite for async SQLite

Performance:
- L1 cache provides <1ms response for hot data
- L2 cache provides ~5ms response for warm data
- Database queries only for cold data or cache misses
- Cache hit rates tracked and displayed in real-time

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-07 22:42:00 +02:00
2a37959d80 Add cache source tracking (L1/L2) for Telegram bot responses
Implements cache tier identification in Telegram bot to display data source:
- "db" for database queries
- "cached L1" for in-memory cache hits
- "cached L2" for SQLite cache hits

Backend changes:
- Added cache metadata fields to TrendsResponse and DashboardSummary models
  (cache_hit, response_time_ms, cache_source)
- Updated /api/dashboard/summary and /api/dashboard/trends endpoints to
  include cache metadata when X-Include-Cache-Metadata header is present
- Cache metadata is extracted from request.state (set by @cached decorator)

Telegram bot changes:
- Updated API client to send X-Include-Cache-Metadata header
- Modified helpers to extract cache_source from backend responses
- Updated handlers to pass cache metadata to formatters
- Performance footer now displays specific cache tier (L1 vs L2)

Fixed Pydantic serialization issue:
- Changed field names from _cache_hit to cache_hit (without underscore)
- Pydantic excludes underscore-prefixed fields from JSON by default

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-07 22:39:09 +02:00
87bd04e3ff Enhance Telegram bot UI with YTD comparison, 12-month evolution, and improved navigation
- Add YTD year-over-year comparison table for cash flow evolution
- Extend monthly evolution from 6 to 12 months with dynamic year extraction
- Simplify monthly view to show only Net values aligned with YTD table
- Upgrade client/supplier display from Top 5 to Top 10 with alphabetical sorting
- Remove Refresh and Export buttons from dashboard and evolution views
- Add get_trends() API method for 12-month historical data from backend
- Fix default years to 2025/2024 for accurate YTD calculations

Changes:
- client.py: New get_trends() method calls /api/dashboard/trends endpoint
- helpers.py: Rewrite get_cashflow_evolution_data() to use trends and calculate YTD
- formatters.py: Complete redesign with YTD table and simplified 12-month Net view
- menus.py: Alphabetical sorting for clients/suppliers, removed refresh buttons
- handlers.py: Disabled refresh/export buttons on dashboard and evolution views

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-07 02:30:28 +02:00
a4ee394091 Implement unified Telegram bot interface with Login/Logout and fix callback_data limits
**Interface improvements:**
- Add persistent Login/Logout buttons to main menu
- Help button now updates text above menu (not separate message)
- Expired token automatically transforms menu to Login state
- Consolidate linking success messages (single welcome + menu)

**Fix callback_data length limits (Telegram 64-byte limit):**
- Truncate client/supplier names to 40 chars in callback_data
- Use full names for API calls but truncated for buttons
- Fix pagination buttons for long partner names (30 chars limit)
- Search entities by prefix match to handle truncated names

**Treasury improvements:**
- Show ALL bank/cash accounts (removed 5-item limit)
- Remove unnecessary Refresh/Export buttons from treasury views
- Handle "Message is not modified" error gracefully

**Bug fixes:**
- Fix Markdown parsing errors (replace <cod> with `CODUL_TAU`)
- Fix silent errors when token expires (show user-friendly message)
- Fix Button_data_invalid errors on pagination and details

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-07 01:02:03 +02:00
20f6c52785 Load .env before app imports to ensure environment variables are available
Move load_dotenv() call before all app.* imports in main.py to fix the
import-time environment variable loading issue.

Problem:
- Previously, load_dotenv() was called AFTER importing app.* modules
- When app.api.client was imported, it read BACKEND_URL at import time
- At that moment, .env was not yet loaded, so it used the hardcoded default
- This caused the bot to connect to wrong backend port even when .env was
  correctly configured

Solution:
- Move load_dotenv() to line 20-21, immediately after standard library imports
- This ensures .env is loaded BEFORE any app.* modules are imported
- Now all modules see the correct environment variables from .env file
- Also updated BACKEND_URL default from 8001 to 8000 for consistency

Flow now:
1. Import standard libraries (os, Path, dotenv, etc.)
2. Load .env file (line 20-21) 
3. Import app.* modules (which can now read env vars correctly) 
4. Import telegram-python-bot and other dependencies
5. Start application

This follows Python best practices for environment variable loading and
ensures reliable configuration loading in Windows Service deployments.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-27 00:43:57 +02:00
10d6ddead9 Fix default BACKEND_URL port from 8001 to 8000 for production
Change hardcoded default backend URL from development port (8001) to
production port (8000) in Telegram bot API client.

This fixes the issue where Telegram bot would try to connect to wrong port
when BACKEND_URL environment variable is not properly loaded from .env file,
causing "Cannot connect to backend" errors during account linking.

Root cause: When .env file is not loaded correctly by Windows Service,
the code falls back to the hardcoded default value which was incorrectly
set to the development port 8001 instead of production port 8000.

Changes:
- reports-app/telegram-bot/app/api/client.py: Change default from 8001 to 8000
- Add comment explaining this is for production deployment

This ensures the bot connects to the correct backend port even if .env
configuration has issues during service startup on Windows Server.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-27 00:34:30 +02:00
87bda52524 Fix ConnectError handling in Telegram bot API client
Fix AttributeError crash when backend is unreachable during account linking.
Previously, when telegram bot couldn't connect to backend, the error handler
tried to access e.response.status_code on a ConnectError exception which
doesn't have a response attribute.

Changes to reports-app/telegram-bot/app/api/client.py:
- Import ConnectError from httpx
- Add separate exception handler for ConnectError before HTTPError handler
- Log clear error message indicating backend connectivity issue
- Return None gracefully instead of crashing with AttributeError

Changes to deployment/windows/docs/TELEGRAM_BOT_TROUBLESHOOTING.md:
- Add new section "Problem: Cannot connect to backend / Connection Errors"
- Add diagnostic steps for backend service verification
- Add checklist for BACKEND_URL configuration (http://localhost:8000)
- Add Issue 5: Backend Service Not Running
- Add Issue 6: Wrong Backend URL in Telegram Bot
- Include PowerShell commands for Windows Server troubleshooting

This fix ensures the Telegram bot provides clear error messages when backend
is unavailable instead of crashing, making debugging easier for production
deployments.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-27 00:12:57 +02:00
68459b5c7e Add Telegram Bot internal API configuration for Windows deployment
Fix issue where backend cannot communicate with Telegram bot service to save
authentication codes during account linking flow. This caused "link invalid or
expired" errors when users tried to link Telegram accounts.

Changes:
- Add TELEGRAM_BOT_INTERNAL_API environment variable to backend .env.example
  (defaults to http://localhost:8002 for local/Windows deployments)
- Update CLAUDE.md with Telegram Bot integration requirements for Windows
- Add comprehensive troubleshooting guide for Windows deployment at
  deployment/windows/docs/TELEGRAM_BOT_TROUBLESHOOTING.md

The troubleshooting guide includes:
- Diagnostic steps to verify service health and connectivity
- Common issues and solutions (port conflicts, firewall, wrong bot token)
- PowerShell commands for Windows Server administration
- Verification steps for end-to-end testing

This ensures proper backend-to-telegram-bot communication for the auth code
linking workflow in production Windows deployments.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-27 00:09:37 +02:00
e82b839766 Remove duplicate and outdated documentation files
Cleaned up repository by removing files that were duplicates or
outdated:

Removed documentation (duplicates moved to root docs/):
- docs/DEVELOPMENT_BLUEPRINT.md (outdated)
- docs/PRODUCTION_CHECKLIST.md (outdated)

Removed telegram-bot documentation (superseded by main docs):
- FAZA1_IMPLEMENTATION_SUMMARY.md (implementation completed)
- TELEGRAM_COMMANDS.md (now in main README)
- TELEGRAM_UI_REFACTOR_PLAN.md (refactor completed)

Removed root test files (moved to tests/ directory):
- test_claude_integration.py → tests/test_claude_integration.py
- test_claude_response.py → tests/test_claude_response.py
- test_db.py → tests/test_db.py

All content is preserved in proper locations.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-25 15:27:15 +03:00
0c782fc1e7 Add configuration template files (.env.example, .dockerignore)
Added essential configuration templates that were missing from the
repository due to overly restrictive .gitignore patterns.

Changes to .gitignore:
- Added negation patterns for .env.example files
- Added negation patterns for .dockerignore files
- These are safe template files with placeholder values

Files added:
- .env.example (root): Main environment configuration template
- reports-app/backend/.env.example: Backend configuration template
- reports-app/frontend/.env.example: Frontend configuration template
- reports-app/telegram-bot/.env.example: Telegram bot config template
- reports-app/telegram-bot/.dockerignore: Docker build exclusions

These template files help developers quickly set up their local
development environment by copying and customizing them.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-25 15:26:47 +03:00
a7a1bef375 Add missing test files and update .gitignore to allow test files
This commit addresses the overly restrictive .gitignore pattern that
was excluding all test files (test_*.py), including legitimate pytest
and unittest test suites essential for code quality and CI/CD.

Changes to .gitignore:
- Added negation patterns !**/tests/test_*.py and !**/test_*.py
  to allow proper test files while still blocking temporary scripts
- This enables pytest test suites to be tracked by git

Added test files (17 files):

Telegram Bot Tests (15 files):
- reports-app/telegram-bot/tests/test_auth.py
  Tests for authentication and account linking flow
- reports-app/telegram-bot/tests/test_callbacks.py
  Tests for callback query handlers
- reports-app/telegram-bot/tests/test_formatters.py
  Tests for message formatting utilities
- reports-app/telegram-bot/tests/test_formatters_extended.py
  Extended formatter tests
- reports-app/telegram-bot/tests/test_handlers_menu.py
  Tests for menu handlers
- reports-app/telegram-bot/tests/test_helpers.py
  Tests for helper functions
- reports-app/telegram-bot/tests/test_helpers_extended.py
  Extended helper tests
- reports-app/telegram-bot/tests/test_helpers_real.py
  Real integration tests for helpers
- reports-app/telegram-bot/tests/test_helpers_real_simple.py
  Simplified integration tests
- reports-app/telegram-bot/tests/test_login_flow.py
  Complete login flow integration tests
- reports-app/telegram-bot/tests/test_menus.py
  Menu system tests
- reports-app/telegram-bot/tests/test_session_company.py
  Session and company management tests
- reports-app/telegram-bot/test_claude_integration.py
  Manual integration test (Claude AI)
- reports-app/telegram-bot/test_claude_response.py
  Response formatting test
- reports-app/telegram-bot/test_db.py
  Database operations manual test

Shared Module Tests (2 files):
- shared/auth/test_auth.py
  Authentication system tests
- shared/database/test_pool.py
  Oracle connection pool tests

Security verification:
 All test files use mock objects, fixtures, and environment variables
 No hardcoded credentials or secrets found
 Safe for version control

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-25 15:09:43 +03:00
f42eff71a6 Fix .gitignore and add missing authentication source files
This commit fixes overly broad .gitignore patterns that were excluding
important source code files from version control. Previously, wildcard
patterns like *auth*, *token*, *secret*, *connection*, and *credential*
were excluding ALL files containing these words, including critical
application code.

Changes:
- Updated .gitignore with specific patterns for sensitive config files
  (*.json, *.txt, *.yml, *.yaml extensions only)
- Removed broad wildcards that excluded source code files

Added missing source files:
- shared/auth/ (9 files): Complete authentication system
  - JWT handler, middleware, auth service, models, routes
- reports-app/backend/app/routers/auth.py: Authentication API router
- reports-app/backend/app/auth_middleware_wrapper.py: Middleware wrapper
- reports-app/frontend/src/stores/auth.js: Vue.js auth store
- reports-app/frontend/tests/: E2E tests and fixtures for auth
- reports-app/telegram-bot/app/auth/: Telegram auth linking module
- deployment/windows/scripts/Setup-ClaudeAuth.ps1: Windows deployment script
- security/secrets_scanner.py: Security scanning utility

These files are essential for the application to function and should
have been included in the initial commit.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-25 15:02:28 +03:00
6b13ffa183 Initial commit: ROA2WEB - FastAPI + Vue.js + Telegram Bot
Modern ERP Reports Application with microservices architecture

Tech Stack:
- Backend: FastAPI + python-oracledb (Oracle DB integration)
- Frontend: Vue.js 3 + PrimeVue + Vite
- Telegram Bot: python-telegram-bot + SQLite
- Infrastructure: Shared database pool, JWT authentication, SSH tunnel

Features:
- FastAPI backend with async Oracle connection pool
- Vue.js 3 responsive frontend with PrimeVue components
- Telegram bot alternative interface
- Microservices architecture with shared components
- Complete deployment support (Linux Docker + Windows IIS)
- Comprehensive testing (Playwright E2E + pytest)

Repository Structure:
- reports-app/ - Main application (backend, frontend, telegram-bot)
- shared/ - Shared components (database pool, auth, utils)
- deployment/ - Deployment scripts (Linux & Windows)
- docs/ - Project documentation
- security/ - Security scanning and git hooks
2025-10-25 14:55:08 +03:00