Migrate web app from Python/FastAPI to Node.js/TypeScript

Replace the entire Python/FastAPI backend with a Node.js/TypeScript stack:
- Framework: Hono + @hono/node-server
- Templates: Nunjucks (.njk) replacing Jinja2 (.html)
- ORM: Drizzle ORM with mysql2 (same MariaDB schema, no migrations needed)
- Sessions: hono-sessions with CookieStore
- CSS: Pico CSS v2 replacing Bootstrap 5 (Bootstrap Icons CDN kept)
- Dev: tsx watch; Prod: tsc + node dist/index.js

Original Python app preserved in web-python/ as backup.
Updated Dockerfile.web and docker-compose.yml for Node.js deployment.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

web-python/auth.py

@@ -0,0 +1,23 @@
+from fastapi import Request, Depends
+from sqlalchemy.orm import Session
+from passlib.context import CryptContext
+
+from web.database import get_db
+from web.models import User
+
+pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+
+
+def hash_password(password: str) -> str:
+    return pwd_context.hash(password)
+
+
+def verify_password(plain: str, hashed: str) -> bool:
+    return pwd_context.verify(plain, hashed)
+
+
+def get_current_user(request: Request, db: Session = Depends(get_db)) -> User | None:
+    user_id = request.session.get("user_id")
+    if not user_id:
+        return None
+    return db.query(User).filter(User.id == user_id).first()

web-python/config.py

@@ -0,0 +1,34 @@
+from pydantic_settings import BaseSettings
+
+
+class Settings(BaseSettings):
+    DATABASE_URL: str = "mysql+pymysql://evosync:evosync@localhost:3306/evosync"
+    SECRET_KEY: str = "change-me-in-production"
+    BASE_URL: str = "http://localhost:8080"
+    PASSWORD_RESET_EXPIRE_MINUTES: int = 60
+
+    EVOTOR_APP_ID: str = ""
+    EVOTOR_WEBHOOK_SECRET: str = ""
+
+    JIVOSITE_WIDGET_ID: str = ""
+
+    HEALTH_CHECK_INTERVAL_SECONDS: int = 600
+    CATALOG_REFRESH_INTERVAL_SECONDS: int = 3600
+    SYNC_INTERVAL_SECONDS: int = 3600
+
+    VK_DEFAULT_PHOTO_PATH: str = "/app/default_product.png"
+
+    VK_CLIENT_ID: str = ""
+    VK_CLIENT_SECRET: str = ""
+    VK_API_VERSION: str = "5.131"
+
+    # Docker compose vars (ignored in app, kept for env compatibility)
+    DB_ROOT_PASSWORD: str = ""
+    DB_NAME: str = ""
+    DB_USER: str = ""
+    DB_PASSWORD: str = ""
+
+    model_config = {"env_file": ".env", "case_sensitive": False}
+
+
+settings = Settings()

web-python/database.py

@@ -0,0 +1,19 @@
+from sqlalchemy import create_engine
+from sqlalchemy.orm import sessionmaker, DeclarativeBase
+
+from web.config import settings
+
+engine = create_engine(settings.DATABASE_URL, pool_pre_ping=True)
+SessionLocal = sessionmaker(bind=engine, autocommit=False, autoflush=False)
+
+
+class Base(DeclarativeBase):
+    pass
+
+
+def get_db():
+    db = SessionLocal()
+    try:
+        yield db
+    finally:
+        db.close()

web-python/evotor_api.py

@@ -0,0 +1,119 @@
+from datetime import datetime
+
+import httpx
+from sqlalchemy.orm import Session
+
+EVOTOR_API_BASE = "https://api.evotor.ru"
+
+
+async def fetch_stores(access_token: str) -> list[dict]:
+    async with httpx.AsyncClient() as client:
+        resp = await client.get(
+            f"{EVOTOR_API_BASE}/stores",
+            headers={"Authorization": f"Bearer {access_token}"},
+            timeout=15,
+        )
+        resp.raise_for_status()
+        data = resp.json()
+        items = data.get("items", data) if isinstance(data, dict) else data
+        return [
+            {
+                "id": s.get("uuid") or s.get("id"),
+                "name": s.get("name"),
+                "address": s.get("address"),
+            }
+            for s in items
+        ]
+
+
+async def fetch_groups(access_token: str, store_id: str) -> list[dict]:
+    async with httpx.AsyncClient() as client:
+        resp = await client.get(
+            f"{EVOTOR_API_BASE}/stores/{store_id}/product-groups",
+            headers={"Authorization": f"Bearer {access_token}"},
+            timeout=15,
+        )
+        if resp.status_code == 402:
+            return []
+        resp.raise_for_status()
+        data = resp.json()
+        items = data.get("items", data) if isinstance(data, dict) else data
+        return [{"id": g.get("uuid") or g.get("id"), "name": g.get("name")} for g in items]
+
+
+async def fetch_products(access_token: str, store_id: str) -> list[dict]:
+    async with httpx.AsyncClient() as client:
+        resp = await client.get(
+            f"{EVOTOR_API_BASE}/stores/{store_id}/products",
+            headers={"Authorization": f"Bearer {access_token}"},
+            timeout=15,
+        )
+        if resp.status_code == 402:
+            return []
+        resp.raise_for_status()
+        data = resp.json()
+        items = data.get("items", data) if isinstance(data, dict) else data
+        return [
+            {
+                "id": p.get("uuid") or p.get("id"),
+                "name": p.get("name"),
+                "parent_id": p.get("parentUuid") or p.get("parent_id"),
+                "price": p.get("price"),
+                "quantity": p.get("quantity"),
+                "measure_name": p.get("measureName") or p.get("measure_name"),
+                "article_number": p.get("code") or p.get("article_number"),
+                "allow_to_sell": p.get("allowToSell") if p.get("allowToSell") is not None else p.get("allow_to_sell"),
+            }
+            for p in items
+        ]
+
+
+async def refresh_catalog_cache(user_id: int, access_token: str, db: Session) -> None:
+    from web.models import CachedStore, CachedGroup, CachedProduct
+
+    now = datetime.utcnow()
+
+    # Delete old cache for user
+    db.query(CachedProduct).filter(CachedProduct.user_id == user_id).delete()
+    db.query(CachedGroup).filter(CachedGroup.user_id == user_id).delete()
+    db.query(CachedStore).filter(CachedStore.user_id == user_id).delete()
+    db.commit()
+
+    stores = await fetch_stores(access_token)
+    for store in stores:
+        db.add(CachedStore(
+            user_id=user_id,
+            evotor_id=store["id"],
+            name=store["name"] or "",
+            address=store.get("address"),
+            fetched_at=now,
+        ))
+    db.commit()
+
+    for store in stores:
+        groups = await fetch_groups(access_token, store["id"])
+        for group in groups:
+            db.add(CachedGroup(
+                user_id=user_id,
+                evotor_id=group["id"],
+                store_evotor_id=store["id"],
+                name=group["name"] or "",
+                fetched_at=now,
+            ))
+
+        products = await fetch_products(access_token, store["id"])
+        for product in products:
+            db.add(CachedProduct(
+                user_id=user_id,
+                evotor_id=product["id"],
+                store_evotor_id=store["id"],
+                group_evotor_id=product.get("parent_id"),
+                name=product["name"] or "",
+                price=product.get("price"),
+                quantity=product.get("quantity"),
+                measure_name=product.get("measure_name"),
+                article_number=product.get("article_number"),
+                allow_to_sell=product.get("allow_to_sell"),
+                fetched_at=now,
+            ))
+    db.commit()

web-python/health_checker.py

@@ -0,0 +1,152 @@
+import asyncio
+import logging
+from datetime import datetime, timedelta
+
+import httpx
+
+from web.database import SessionLocal
+from web.models import EvotorConnection, VkConnection, CachedStore
+
+logger = logging.getLogger("uvicorn.error")
+
+EVOTOR_STORES_URL = "https://api.evotor.ru/stores"
+EVOTOR_TOKEN_URL = "https://oauth.evotor.ru/oauth/token"
+VK_GROUPS_GET_URL = "https://api.vk.com/method/groups.getById"
+VK_API_VERSION = "5.131"
+
+# Refresh Evotor token if it expires within this window
+REFRESH_BEFORE_EXPIRY = timedelta(hours=2)
+
+
+async def _refresh_evotor_token(conn: EvotorConnection) -> str | None:
+    """Attempt to refresh the Evotor access token. Returns new access token or None."""
+    from web.config import settings
+    if not conn.refresh_token:
+        return None
+    try:
+        async with httpx.AsyncClient() as client:
+            resp = await client.post(
+                EVOTOR_TOKEN_URL,
+                data={
+                    "grant_type": "refresh_token",
+                    "refresh_token": conn.refresh_token,
+                },
+                auth=(settings.EVOTOR_CLIENT_ID, settings.EVOTOR_CLIENT_SECRET),
+                timeout=15,
+            )
+            if resp.status_code != 200:
+                return None
+            data = resp.json()
+            return data if data.get("access_token") else None
+    except Exception:
+        return None
+
+
+async def check_evotor_connection(access_token: str) -> bool:
+    try:
+        async with httpx.AsyncClient() as client:
+            response = await client.get(
+                EVOTOR_STORES_URL,
+                headers={"Authorization": f"Bearer {access_token}"},
+                timeout=15,
+            )
+            return response.status_code == 200
+    except Exception:
+        return False
+
+
+async def check_vk_connection(access_token: str) -> bool:
+    try:
+        async with httpx.AsyncClient() as client:
+            resp = await client.get(
+                VK_GROUPS_GET_URL,
+                params={"access_token": access_token, "v": VK_API_VERSION},
+                timeout=10,
+            )
+            if resp.status_code != 200:
+                return False
+            data = resp.json()
+            return "error" not in data
+    except Exception:
+        return False
+
+
+async def run_health_checks() -> None:
+    db = SessionLocal()
+    try:
+        now = datetime.utcnow()
+
+        evotor_connections = db.query(EvotorConnection).all()
+        for conn in evotor_connections:
+            # Proactively refresh if token expires soon
+            needs_refresh = (
+                conn.refresh_token and
+                conn.token_expires_at and
+                conn.token_expires_at - now < REFRESH_BEFORE_EXPIRY
+            )
+            if needs_refresh:
+                token_data = await _refresh_evotor_token(conn)
+                if token_data:
+                    conn.access_token = token_data["access_token"]
+                    conn.refresh_token = token_data.get("refresh_token", conn.refresh_token)
+                    expires_in = token_data.get("expires_in")
+                    conn.token_expires_at = now + timedelta(seconds=expires_in) if expires_in else None
+                    logger.info("Refreshed Evotor token for user_id=%d", conn.user_id)
+
+            is_online = await check_evotor_connection(conn.access_token)
+
+            # If offline and not yet tried refresh, attempt it now
+            if not is_online and conn.refresh_token and not needs_refresh:
+                token_data = await _refresh_evotor_token(conn)
+                if token_data:
+                    conn.access_token = token_data["access_token"]
+                    conn.refresh_token = token_data.get("refresh_token", conn.refresh_token)
+                    expires_in = token_data.get("expires_in")
+                    conn.token_expires_at = now + timedelta(seconds=expires_in) if expires_in else None
+                    is_online = await check_evotor_connection(conn.access_token)
+                    if is_online:
+                        logger.info("Evotor token refreshed after failed check for user_id=%d", conn.user_id)
+
+            conn.is_online = is_online
+            conn.last_checked_at = now
+
+        vk_connections = db.query(VkConnection).all()
+        for conn in vk_connections:
+            conn.is_online = await check_vk_connection(conn.access_token)
+            conn.last_checked_at = now
+
+        db.commit()
+
+        # Refresh catalog cache for online Evotor connections
+        from web.config import settings
+        refreshed_catalog = 0
+        for conn in evotor_connections:
+            if not conn.is_online:
+                continue
+            cached = db.query(CachedStore).filter(CachedStore.user_id == conn.user_id).first()
+            cache_age = (now - cached.fetched_at).total_seconds() if cached else None
+            if cached is None or cache_age >= settings.CATALOG_REFRESH_INTERVAL_SECONDS:
+                try:
+                    from web.evotor_api import refresh_catalog_cache
+                    await refresh_catalog_cache(conn.user_id, conn.access_token, db)
+                    refreshed_catalog += 1
+                except Exception:
+                    logger.exception("Failed to refresh catalog cache for user_id=%d", conn.user_id)
+
+        logger.info(
+            "Health checks completed: %d Evotor, %d VK, %d catalogs refreshed",
+            len(evotor_connections),
+            len(vk_connections),
+            refreshed_catalog,
+        )
+    except Exception:
+        logger.exception("Error during health checks")
+        db.rollback()
+    finally:
+        db.close()
+
+
+async def health_check_loop(interval: int) -> None:
+    while True:
+        await run_health_checks()
+        await asyncio.sleep(interval)

web-python/main.py

@@ -0,0 +1,53 @@
+import asyncio
+from contextlib import asynccontextmanager
+
+from fastapi import FastAPI, Depends, Request
+from fastapi.responses import RedirectResponse
+from fastapi.staticfiles import StaticFiles
+from starlette.middleware.sessions import SessionMiddleware
+
+from web.auth import get_current_user
+from web.config import settings
+from web.health_checker import health_check_loop
+from web.sync_engine import sync_loop
+from web.models import User
+from web.routes import auth, profile, reset, evotor, vk, sync, catalog
+from web.routes import connections
+
+
+@asynccontextmanager
+async def lifespan(app: FastAPI):
+    tasks = [
+        asyncio.create_task(health_check_loop(settings.HEALTH_CHECK_INTERVAL_SECONDS)),
+        asyncio.create_task(sync_loop(settings.SYNC_INTERVAL_SECONDS)),
+    ]
+    yield
+    for t in tasks:
+        t.cancel()
+    for t in tasks:
+        try:
+            await t
+        except asyncio.CancelledError:
+            pass
+
+
+app = FastAPI(title="ЭВОСИНК — Личный кабинет", lifespan=lifespan)
+
+app.add_middleware(SessionMiddleware, secret_key=settings.SECRET_KEY)
+app.mount("/static", StaticFiles(directory="web/static"), name="static")
+
+app.include_router(auth.router)
+app.include_router(profile.router)
+app.include_router(reset.router)
+app.include_router(evotor.router)
+app.include_router(connections.router)
+app.include_router(vk.router)
+app.include_router(sync.router)
+app.include_router(catalog.router)
+
+
+@app.get("/")
+def home(request: Request, user: User | None = Depends(get_current_user)):
+    if user:
+        return RedirectResponse("/profile", 302)
+    return RedirectResponse("/login", 302)

web-python/migrations/README

@@ -0,0 +1 @@
+Generic single-database configuration.

web-python/migrations/env.py

@@ -0,0 +1,54 @@
+from logging.config import fileConfig
+
+from sqlalchemy import engine_from_config
+from sqlalchemy import pool
+
+from alembic import context
+
+from web.config import settings
+from web.database import Base
+from web.models import User, EvotorConnection  # noqa: F401 — register models with Base
+
+config = context.config
+
+if config.config_file_name is not None:
+    fileConfig(config.config_file_name)
+
+config.set_main_option("sqlalchemy.url", settings.DATABASE_URL)
+
+target_metadata = Base.metadata
+
+
+def run_migrations_offline() -> None:
+    url = config.get_main_option("sqlalchemy.url")
+    context.configure(
+        url=url,
+        target_metadata=target_metadata,
+        literal_binds=True,
+        dialect_opts={"paramstyle": "named"},
+    )
+
+    with context.begin_transaction():
+        context.run_migrations()
+
+
+def run_migrations_online() -> None:
+    connectable = engine_from_config(
+        config.get_section(config.config_ini_section, {}),
+        prefix="sqlalchemy.",
+        poolclass=pool.NullPool,
+    )
+
+    with connectable.connect() as connection:
+        context.configure(
+            connection=connection, target_metadata=target_metadata
+        )
+
+        with context.begin_transaction():
+            context.run_migrations()
+
+
+if context.is_offline_mode():
+    run_migrations_offline()
+else:
+    run_migrations_online()

web-python/migrations/script.py.mako

@@ -0,0 +1,26 @@
+"""${message}
+
+Revision ID: ${up_revision}
+Revises: ${down_revision | comma,n}
+Create Date: ${create_date}
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+${imports if imports else ""}
+
+# revision identifiers, used by Alembic.
+revision: str = ${repr(up_revision)}
+down_revision: Union[str, None] = ${repr(down_revision)}
+branch_labels: Union[str, Sequence[str], None] = ${repr(branch_labels)}
+depends_on: Union[str, Sequence[str], None] = ${repr(depends_on)}
+
+
+def upgrade() -> None:
+    ${upgrades if upgrades else "pass"}
+
+
+def downgrade() -> None:
+    ${downgrades if downgrades else "pass"}

web-python/migrations/versions/2c15000e752b_initial.py

@@ -0,0 +1,60 @@
+"""initial
+
+Revision ID: 2c15000e752b
+Revises: 
+Create Date: 2026-03-06 09:07:16.180639
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision: str = '2c15000e752b'
+down_revision: Union[str, None] = None
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    op.create_table(
+        "users",
+        sa.Column("id", sa.Integer(), autoincrement=True, nullable=False),
+        sa.Column("first_name", sa.String(length=100), nullable=False),
+        sa.Column("last_name", sa.String(length=100), nullable=False),
+        sa.Column("email", sa.String(length=255), nullable=False),
+        sa.Column("phone", sa.String(length=20), nullable=False),
+        sa.Column("password_hash", sa.String(length=255), nullable=False),
+        sa.Column("is_email_confirmed", sa.Boolean(), nullable=False),
+        sa.Column("email_confirm_token", sa.String(length=255), nullable=True),
+        sa.Column("password_reset_token", sa.String(length=255), nullable=True),
+        sa.Column("password_reset_expires", sa.DateTime(), nullable=True),
+        sa.Column("created_at", sa.DateTime(), server_default=sa.text("now()"), nullable=False),
+        sa.Column("updated_at", sa.DateTime(), server_default=sa.text("now()"), nullable=False),
+        sa.PrimaryKeyConstraint("id"),
+    )
+    op.create_index(op.f("ix_users_email"), "users", ["email"], unique=True)
+    op.create_index(op.f("ix_users_phone"), "users", ["phone"], unique=True)
+
+    op.create_table(
+        "evotor_connections",
+        sa.Column("id", sa.Integer(), autoincrement=True, nullable=False),
+        sa.Column("user_id", sa.Integer(), nullable=False),
+        sa.Column("access_token", sa.Text(), nullable=False),
+        sa.Column("store_id", sa.String(length=255), nullable=True),
+        sa.Column("store_name", sa.String(length=255), nullable=True),
+        sa.Column("connected_at", sa.DateTime(), server_default=sa.text("now()"), nullable=False),
+        sa.Column("updated_at", sa.DateTime(), server_default=sa.text("now()"), nullable=False),
+        sa.ForeignKeyConstraint(["user_id"], ["users.id"], ondelete="CASCADE"),
+        sa.PrimaryKeyConstraint("id"),
+        sa.UniqueConstraint("user_id"),
+    )
+
+
+def downgrade() -> None:
+    op.drop_table("evotor_connections")
+    op.drop_index(op.f("ix_users_phone"), table_name="users")
+    op.drop_index(op.f("ix_users_email"), table_name="users")
+    op.drop_table("users")

web-python/migrations/versions/a1b2c3d4e5f6_add_is_online_last_checked_at_to_evotor_connections.py

@@ -0,0 +1,26 @@
+"""add is_online and last_checked_at to evotor_connections
+
+Revision ID: a1b2c3d4e5f6
+Revises: 2c15000e752b
+Create Date: 2026-03-06 00:00:00.000000
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+revision = 'a1b2c3d4e5f6'
+down_revision = '2c15000e752b'
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    op.add_column('evotor_connections',
+        sa.Column('is_online', sa.Boolean(), nullable=False, server_default='0'))
+    op.add_column('evotor_connections',
+        sa.Column('last_checked_at', sa.DateTime(), nullable=True))
+
+
+def downgrade() -> None:
+    op.drop_column('evotor_connections', 'last_checked_at')
+    op.drop_column('evotor_connections', 'is_online')

web-python/migrations/versions/a7b8c9d0e1f2_add_synced_at_to_cached_products.py

@@ -0,0 +1,26 @@
+"""add synced_at to cached_products
+
+Revision ID: a7b8c9d0e1f2
+Revises: f6a7b8c9d0e1
+Branch Labels: None
+Depends On: None
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+revision = "a7b8c9d0e1f2"
+down_revision = "f6a7b8c9d0e1"
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    op.add_column(
+        "cached_products",
+        sa.Column("synced_at", sa.DateTime(), nullable=True),
+    )
+
+
+def downgrade():
+    op.drop_column("cached_products", "synced_at")

web-python/migrations/versions/b2c3d4e5f6a7_add_vk_connections_table.py

@@ -0,0 +1,37 @@
+"""add vk_connections table
+
+Revision ID: b2c3d4e5f6a7
+Revises: a1b2c3d4e5f6
+Create Date: 2026-03-06 00:01:00.000000
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+revision = 'b2c3d4e5f6a7'
+down_revision = 'a1b2c3d4e5f6'
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    op.create_table(
+        'vk_connections',
+        sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
+        sa.Column('user_id', sa.Integer(), nullable=False),
+        sa.Column('access_token', sa.Text(), nullable=False),
+        sa.Column('vk_user_id', sa.String(50), nullable=True),
+        sa.Column('first_name', sa.String(255), nullable=True),
+        sa.Column('last_name', sa.String(255), nullable=True),
+        sa.Column('is_online', sa.Boolean(), nullable=False, server_default='0'),
+        sa.Column('last_checked_at', sa.DateTime(), nullable=True),
+        sa.Column('connected_at', sa.DateTime(), nullable=False, server_default=sa.func.now()),
+        sa.Column('updated_at', sa.DateTime(), nullable=False, server_default=sa.func.now(), onupdate=sa.func.now()),
+        sa.ForeignKeyConstraint(['user_id'], ['users.id'], ondelete='CASCADE'),
+        sa.PrimaryKeyConstraint('id'),
+        sa.UniqueConstraint('user_id'),
+    )
+
+
+def downgrade() -> None:
+    op.drop_table('vk_connections')

web-python/migrations/versions/c3d4e5f6a7b8_add_sync_configs_and_sync_filters.py

@@ -0,0 +1,48 @@
+"""add sync_configs and sync_filters tables
+
+Revision ID: c3d4e5f6a7b8
+Revises: b2c3d4e5f6a7
+Create Date: 2026-03-06 00:02:00.000000
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+revision = 'c3d4e5f6a7b8'
+down_revision = 'b2c3d4e5f6a7'
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    op.create_table(
+        'sync_configs',
+        sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
+        sa.Column('user_id', sa.Integer(), nullable=False),
+        sa.Column('is_enabled', sa.Boolean(), nullable=False, server_default='0'),
+        sa.Column('confirmed_at', sa.DateTime(), nullable=True),
+        sa.Column('created_at', sa.DateTime(), nullable=False, server_default=sa.func.now()),
+        sa.Column('updated_at', sa.DateTime(), nullable=False, server_default=sa.func.now()),
+        sa.ForeignKeyConstraint(['user_id'], ['users.id'], ondelete='CASCADE'),
+        sa.PrimaryKeyConstraint('id'),
+        sa.UniqueConstraint('user_id'),
+    )
+    op.create_table(
+        'sync_filters',
+        sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
+        sa.Column('sync_config_id', sa.Integer(), nullable=False),
+        sa.Column('entity_type', sa.String(20), nullable=False),
+        sa.Column('entity_id', sa.String(255), nullable=False),
+        sa.Column('entity_name', sa.String(255), nullable=True),
+        sa.Column('filter_mode', sa.String(10), nullable=False),
+        sa.Column('parent_entity_id', sa.String(255), nullable=True),
+        sa.Column('created_at', sa.DateTime(), nullable=False, server_default=sa.func.now()),
+        sa.ForeignKeyConstraint(['sync_config_id'], ['sync_configs.id'], ondelete='CASCADE'),
+        sa.PrimaryKeyConstraint('id'),
+        sa.UniqueConstraint('sync_config_id', 'entity_type', 'entity_id', name='uq_sync_filter'),
+    )
+
+
+def downgrade() -> None:
+    op.drop_table('sync_filters')
+    op.drop_table('sync_configs')

web-python/migrations/versions/d4e5f6a7b8c9_add_catalog_cache_tables.py

@@ -0,0 +1,70 @@
+"""add catalog cache tables
+
+Revision ID: d4e5f6a7b8c9
+Revises: c3d4e5f6a7b8
+Create Date: 2026-03-06 00:03:00.000000
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+revision = 'd4e5f6a7b8c9'
+down_revision = 'c3d4e5f6a7b8'
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    op.create_table(
+        'cached_stores',
+        sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
+        sa.Column('user_id', sa.Integer(), nullable=False),
+        sa.Column('evotor_id', sa.String(255), nullable=False),
+        sa.Column('name', sa.String(255), nullable=False),
+        sa.Column('address', sa.String(500), nullable=True),
+        sa.Column('fetched_at', sa.DateTime(), nullable=False),
+        sa.ForeignKeyConstraint(['user_id'], ['users.id'], ondelete='CASCADE'),
+        sa.PrimaryKeyConstraint('id'),
+        sa.UniqueConstraint('user_id', 'evotor_id', name='uq_cached_stores'),
+    )
+    op.create_index('ix_cached_stores_user_id', 'cached_stores', ['user_id'])
+
+    op.create_table(
+        'cached_groups',
+        sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
+        sa.Column('user_id', sa.Integer(), nullable=False),
+        sa.Column('evotor_id', sa.String(255), nullable=False),
+        sa.Column('store_evotor_id', sa.String(255), nullable=False),
+        sa.Column('name', sa.String(255), nullable=False),
+        sa.Column('fetched_at', sa.DateTime(), nullable=False),
+        sa.ForeignKeyConstraint(['user_id'], ['users.id'], ondelete='CASCADE'),
+        sa.PrimaryKeyConstraint('id'),
+        sa.UniqueConstraint('user_id', 'evotor_id', name='uq_cached_groups'),
+    )
+    op.create_index('ix_cached_groups_user_store', 'cached_groups', ['user_id', 'store_evotor_id'])
+
+    op.create_table(
+        'cached_products',
+        sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
+        sa.Column('user_id', sa.Integer(), nullable=False),
+        sa.Column('evotor_id', sa.String(255), nullable=False),
+        sa.Column('store_evotor_id', sa.String(255), nullable=False),
+        sa.Column('group_evotor_id', sa.String(255), nullable=True),
+        sa.Column('name', sa.String(255), nullable=False),
+        sa.Column('price', sa.Numeric(12, 2), nullable=True),
+        sa.Column('quantity', sa.Numeric(12, 3), nullable=True),
+        sa.Column('measure_name', sa.String(20), nullable=True),
+        sa.Column('article_number', sa.String(100), nullable=True),
+        sa.Column('allow_to_sell', sa.Boolean(), nullable=True),
+        sa.Column('fetched_at', sa.DateTime(), nullable=False),
+        sa.ForeignKeyConstraint(['user_id'], ['users.id'], ondelete='CASCADE'),
+        sa.PrimaryKeyConstraint('id'),
+        sa.UniqueConstraint('user_id', 'evotor_id', name='uq_cached_products'),
+    )
+    op.create_index('ix_cached_products_user_store_group', 'cached_products', ['user_id', 'store_evotor_id', 'group_evotor_id'])
+
+
+def downgrade() -> None:
+    op.drop_table('cached_products')
+    op.drop_table('cached_groups')
+    op.drop_table('cached_stores')

web-python/migrations/versions/e5f6a7b8c9d0_add_refresh_token_to_evotor_connections.py

@@ -0,0 +1,24 @@
+"""add refresh_token and token_expires_at to evotor_connections
+
+Revision ID: e5f6a7b8c9d0
+Revises: d4e5f6a7b8c9
+Create Date: 2026-03-06 00:04:00.000000
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+revision = 'e5f6a7b8c9d0'
+down_revision = 'd4e5f6a7b8c9'
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    op.add_column('evotor_connections', sa.Column('refresh_token', sa.Text(), nullable=True))
+    op.add_column('evotor_connections', sa.Column('token_expires_at', sa.DateTime(), nullable=True))
+
+
+def downgrade() -> None:
+    op.drop_column('evotor_connections', 'token_expires_at')
+    op.drop_column('evotor_connections', 'refresh_token')

web-python/migrations/versions/f6a7b8c9d0e1_evotor_webhook_token_flow.py

@@ -0,0 +1,53 @@
+"""evotor webhook token flow: add evotor_user_id, make user_id nullable
+
+Revision ID: f6a7b8c9d0e1
+Revises: e5f6a7b8c9d0
+Branch Labels: None
+Depends On: None
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+revision = 'f6a7b8c9d0e1'
+down_revision = 'e5f6a7b8c9d0'
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    conn = op.get_bind()
+
+    # Check existing columns
+    columns = [row[0] for row in conn.execute(sa.text(
+        "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS "
+        "WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = 'evotor_connections'"
+    ))]
+
+    if 'evotor_user_id' not in columns:
+        op.add_column('evotor_connections',
+            sa.Column('evotor_user_id', sa.String(255), nullable=True))
+
+    # Check existing indexes
+    indexes = [row[2] for row in conn.execute(sa.text(
+        "SHOW INDEX FROM evotor_connections"
+    ))]
+
+    if 'uq_evotor_connections_evotor_user_id' not in indexes:
+        op.create_unique_constraint('uq_evotor_connections_evotor_user_id',
+            'evotor_connections', ['evotor_user_id'])
+
+    if 'ix_evotor_connections_evotor_user_id' not in indexes:
+        op.create_index('ix_evotor_connections_evotor_user_id',
+            'evotor_connections', ['evotor_user_id'])
+
+    op.alter_column('evotor_connections', 'user_id',
+        existing_type=sa.Integer(), nullable=True)
+
+
+def downgrade() -> None:
+    op.alter_column('evotor_connections', 'user_id',
+        existing_type=sa.Integer(), nullable=False)
+    op.drop_index('ix_evotor_connections_evotor_user_id', 'evotor_connections')
+    op.drop_constraint('uq_evotor_connections_evotor_user_id', 'evotor_connections')
+    op.drop_column('evotor_connections', 'evotor_user_id')

web-python/models.py

@@ -0,0 +1,159 @@
+from sqlalchemy import Column, Integer, String, Boolean, DateTime, ForeignKey, Text, UniqueConstraint, Numeric, Index
+from sqlalchemy.orm import relationship
+from sqlalchemy.sql import func
+
+from web.database import Base
+
+
+class User(Base):
+    __tablename__ = "users"
+
+    id = Column(Integer, primary_key=True, autoincrement=True)
+    first_name = Column(String(100), nullable=False)
+    last_name = Column(String(100), nullable=False)
+    email = Column(String(255), unique=True, nullable=False, index=True)
+    phone = Column(String(20), unique=True, nullable=False, index=True)
+    password_hash = Column(String(255), nullable=False)
+    is_email_confirmed = Column(Boolean, default=False, nullable=False)
+    email_confirm_token = Column(String(255), nullable=True)
+    password_reset_token = Column(String(255), nullable=True)
+    password_reset_expires = Column(DateTime, nullable=True)
+    created_at = Column(DateTime, server_default=func.now(), nullable=False)
+    updated_at = Column(DateTime, server_default=func.now(), onupdate=func.now(), nullable=False)
+
+    evotor_connection = relationship("EvotorConnection", back_populates="user", uselist=False)
+    vk_connection = relationship("VkConnection", back_populates="user", uselist=False)
+    sync_config = relationship("SyncConfig", back_populates="user", uselist=False)
+    cached_stores = relationship("CachedStore", back_populates="user", cascade="all, delete-orphan")
+    cached_groups = relationship("CachedGroup", back_populates="user", cascade="all, delete-orphan")
+    cached_products = relationship("CachedProduct", back_populates="user", cascade="all, delete-orphan")
+
+
+class EvotorConnection(Base):
+    __tablename__ = "evotor_connections"
+
+    id = Column(Integer, primary_key=True, autoincrement=True)
+    user_id = Column(Integer, ForeignKey("users.id", ondelete="CASCADE"), unique=True, nullable=True)
+    evotor_user_id = Column(String(255), unique=True, nullable=True, index=True)
+    access_token = Column(Text, nullable=False)
+    store_id = Column(String(255), nullable=True)
+    store_name = Column(String(255), nullable=True)
+    refresh_token = Column(Text, nullable=True)
+    token_expires_at = Column(DateTime, nullable=True)
+    is_online = Column(Boolean, default=False, server_default="0", nullable=False)
+    last_checked_at = Column(DateTime, nullable=True)
+    connected_at = Column(DateTime, server_default=func.now(), nullable=False)
+    updated_at = Column(DateTime, server_default=func.now(), onupdate=func.now(), nullable=False)
+
+    user = relationship("User", back_populates="evotor_connection")
+
+
+class VkConnection(Base):
+    __tablename__ = "vk_connections"
+
+    id = Column(Integer, primary_key=True, autoincrement=True)
+    user_id = Column(Integer, ForeignKey("users.id", ondelete="CASCADE"), unique=True, nullable=False)
+    access_token = Column(Text, nullable=False)
+    vk_user_id = Column(String(50), nullable=True)
+    first_name = Column(String(255), nullable=True)
+    last_name = Column(String(255), nullable=True)
+    is_online = Column(Boolean, default=False, server_default="0", nullable=False)
+    last_checked_at = Column(DateTime, nullable=True)
+    connected_at = Column(DateTime, server_default=func.now(), nullable=False)
+    updated_at = Column(DateTime, server_default=func.now(), onupdate=func.now(), nullable=False)
+
+    user = relationship("User", back_populates="vk_connection")
+
+
+class SyncConfig(Base):
+    __tablename__ = "sync_configs"
+
+    id = Column(Integer, primary_key=True, autoincrement=True)
+    user_id = Column(Integer, ForeignKey("users.id", ondelete="CASCADE"), unique=True, nullable=False)
+    is_enabled = Column(Boolean, default=False, nullable=False)
+    confirmed_at = Column(DateTime, nullable=True)
+    created_at = Column(DateTime, server_default=func.now(), nullable=False)
+    updated_at = Column(DateTime, server_default=func.now(), onupdate=func.now(), nullable=False)
+
+    user = relationship("User", back_populates="sync_config")
+    filters = relationship("SyncFilter", back_populates="sync_config", cascade="all, delete-orphan")
+
+
+class SyncFilter(Base):
+    __tablename__ = "sync_filters"
+
+    id = Column(Integer, primary_key=True, autoincrement=True)
+    sync_config_id = Column(Integer, ForeignKey("sync_configs.id", ondelete="CASCADE"), nullable=False)
+    entity_type = Column(String(20), nullable=False)   # "store", "group", "product"
+    entity_id = Column(String(255), nullable=False)
+    entity_name = Column(String(255), nullable=True)
+    filter_mode = Column(String(10), nullable=False)   # "include", "exclude"
+    parent_entity_id = Column(String(255), nullable=True)
+    created_at = Column(DateTime, server_default=func.now(), nullable=False)
+
+    __table_args__ = (
+        UniqueConstraint("sync_config_id", "entity_type", "entity_id"),
+    )
+
+    sync_config = relationship("SyncConfig", back_populates="filters")
+
+
+class CachedStore(Base):
+    __tablename__ = "cached_stores"
+
+    id = Column(Integer, primary_key=True, autoincrement=True)
+    user_id = Column(Integer, ForeignKey("users.id", ondelete="CASCADE"), nullable=False)
+    evotor_id = Column(String(255), nullable=False)
+    name = Column(String(255), nullable=False)
+    address = Column(String(500), nullable=True)
+    fetched_at = Column(DateTime, nullable=False)
+
+    __table_args__ = (
+        UniqueConstraint("user_id", "evotor_id"),
+        Index("ix_cached_stores_user_id", "user_id"),
+    )
+
+    user = relationship("User", back_populates="cached_stores")
+
+
+class CachedGroup(Base):
+    __tablename__ = "cached_groups"
+
+    id = Column(Integer, primary_key=True, autoincrement=True)
+    user_id = Column(Integer, ForeignKey("users.id", ondelete="CASCADE"), nullable=False)
+    evotor_id = Column(String(255), nullable=False)
+    store_evotor_id = Column(String(255), nullable=False)
+    name = Column(String(255), nullable=False)
+    fetched_at = Column(DateTime, nullable=False)
+
+    __table_args__ = (
+        UniqueConstraint("user_id", "evotor_id"),
+        Index("ix_cached_groups_user_store", "user_id", "store_evotor_id"),
+    )
+
+    user = relationship("User", back_populates="cached_groups")
+
+
+class CachedProduct(Base):
+    __tablename__ = "cached_products"
+
+    id = Column(Integer, primary_key=True, autoincrement=True)
+    user_id = Column(Integer, ForeignKey("users.id", ondelete="CASCADE"), nullable=False)
+    evotor_id = Column(String(255), nullable=False)
+    store_evotor_id = Column(String(255), nullable=False)
+    group_evotor_id = Column(String(255), nullable=True)
+    name = Column(String(255), nullable=False)
+    price = Column(Numeric(12, 2), nullable=True)
+    quantity = Column(Numeric(12, 3), nullable=True)
+    measure_name = Column(String(20), nullable=True)
+    article_number = Column(String(100), nullable=True)
+    allow_to_sell = Column(Boolean, nullable=True)
+    fetched_at = Column(DateTime, nullable=False)
+    synced_at = Column(DateTime, nullable=True)
+
+    __table_args__ = (
+        UniqueConstraint("user_id", "evotor_id"),
+        Index("ix_cached_products_user_store_group", "user_id", "store_evotor_id", "group_evotor_id"),
+    )
+
+    user = relationship("User", back_populates="cached_products")

web-python/routes/auth.py

@@ -0,0 +1,122 @@
+import uuid
+
+from fastapi import APIRouter, Request, Depends
+from fastapi.responses import RedirectResponse
+from web.templates_env import templates
+from sqlalchemy.orm import Session
+
+from web.auth import hash_password, verify_password, get_current_user
+from web.config import settings
+from web.database import get_db
+from web.models import User
+from web.schemas import validate_registration, validate_login
+
+router = APIRouter()
+
+
+@router.get("/register")
+def register_form(request: Request, user: User | None = Depends(get_current_user)):
+    if user:
+        return RedirectResponse("/profile", 303)
+    return templates.TemplateResponse("register.html", {"request": request, "user": None})
+
+
+@router.post("/register")
+async def register_submit(request: Request, db: Session = Depends(get_db)):
+    form = await request.form()
+    data = dict(form)
+
+    errors = validate_registration(data)
+
+    if not errors:
+        existing = db.query(User).filter(
+            (User.email == data["email"].strip()) | (User.phone == data["phone"].strip())
+        ).first()
+        if existing:
+            if existing.email == data["email"].strip():
+                errors.append("Пользователь с таким email уже существует")
+            else:
+                errors.append("Пользователь с таким телефоном уже существует")
+
+    if errors:
+        return templates.TemplateResponse("register.html", {
+            "request": request, "user": None, "errors": errors, "form": data,
+        })
+
+    token = uuid.uuid4().hex
+    user = User(
+        first_name=data["first_name"].strip(),
+        last_name=data["last_name"].strip(),
+        email=data["email"].strip(),
+        phone=data["phone"].strip(),
+        password_hash=hash_password(data["password"]),
+        email_confirm_token=token,
+    )
+    db.add(user)
+    db.commit()
+
+    confirm_url = f"{settings.BASE_URL}/confirm-email?token={token}"
+    print("=" * 40)
+    print("ПОДТВЕРЖДЕНИЕ EMAIL")
+    print(f"Пользователь: {user.email}")
+    print(f"Ссылка: {confirm_url}")
+    print("=" * 40)
+
+    return templates.TemplateResponse("confirm_email.html", {"request": request, "user": None})
+
+
+@router.get("/confirm-email")
+def confirm_email(request: Request, token: str, db: Session = Depends(get_db)):
+    user = db.query(User).filter(User.email_confirm_token == token).first()
+    if not user:
+        return templates.TemplateResponse("message.html", {
+            "request": request, "user": None,
+            "title": "Ошибка", "message": "Неверная или устаревшая ссылка.",
+        })
+
+    user.is_email_confirmed = True
+    user.email_confirm_token = None
+    db.commit()
+
+    return templates.TemplateResponse("email_confirmed.html", {"request": request, "user": None})
+
+
+@router.get("/login")
+def login_form(request: Request, user: User | None = Depends(get_current_user)):
+    if user:
+        return RedirectResponse("/profile", 303)
+    return templates.TemplateResponse("login.html", {"request": request, "user": None})
+
+
+@router.post("/login")
+async def login_submit(request: Request, db: Session = Depends(get_db)):
+    form = await request.form()
+    data = dict(form)
+
+    errors = validate_login(data)
+    if errors:
+        return templates.TemplateResponse("login.html", {
+            "request": request, "user": None, "errors": errors, "form": data,
+        })
+
+    user = db.query(User).filter(User.email == data["email"].strip()).first()
+    if not user or not verify_password(data["password"], user.password_hash):
+        return templates.TemplateResponse("login.html", {
+            "request": request, "user": None,
+            "errors": ["Неверный email или пароль"], "form": data,
+        })
+
+    if not user.is_email_confirmed:
+        return templates.TemplateResponse("login.html", {
+            "request": request, "user": None,
+            "errors": ["Пожалуйста, подтвердите ваш email"], "form": data,
+        })
+
+    request.session["user_id"] = user.id
+    return RedirectResponse("/profile", 303)
+
+
+@router.get("/logout")
+def logout(request: Request):
+    request.session.clear()
+    return RedirectResponse("/login", 303)

web-python/routes/catalog.py

@@ -0,0 +1,308 @@
+import csv
+import io
+
+from fastapi import APIRouter, Request, Depends
+from fastapi.responses import RedirectResponse, StreamingResponse
+from web.templates_env import templates
+from sqlalchemy.orm import Session
+
+from web.auth import get_current_user
+from web.database import get_db
+from web.evotor_api import refresh_catalog_cache
+from web.models import User, EvotorConnection, SyncConfig, SyncFilter, CachedStore, CachedGroup, CachedProduct
+
+router = APIRouter(prefix="/catalog")
+
+
+def _get_or_create_sync_config(db: Session, user_id: int) -> SyncConfig:
+    config = db.query(SyncConfig).filter(SyncConfig.user_id == user_id).first()
+    if not config:
+        config = SyncConfig(user_id=user_id, is_enabled=False)
+        db.add(config)
+        db.commit()
+        db.refresh(config)
+    return config
+
+
+def _filter_map(config: SyncConfig) -> dict:
+    """Returns {entity_id: filter_mode} for quick lookup."""
+    return {f.entity_id: f.filter_mode for f in config.filters}
+
+
+def _filter_label(mode: str | None) -> str:
+    if mode == "include":
+        return "include"
+    if mode == "exclude":
+        return "exclude"
+    return "none"
+
+
+@router.get("")
+async def catalog_stores(
+    request: Request,
+    db: Session = Depends(get_db),
+    user: User | None = Depends(get_current_user),
+):
+    if not user:
+        return RedirectResponse("/login", 303)
+
+    evotor = db.query(EvotorConnection).filter(EvotorConnection.user_id == user.id).first()
+    if not evotor:
+        return templates.TemplateResponse("catalog_stores.html", {
+            "request": request, "user": user,
+            "evotor": None, "stores": [], "filter_map": {}, "fetched_at": None,
+        })
+
+    stores = db.query(CachedStore).filter(CachedStore.user_id == user.id).order_by(CachedStore.name).all()
+
+    # Auto-refresh if cache is empty
+    if not stores:
+        await refresh_catalog_cache(user.id, evotor.access_token, db)
+        stores = db.query(CachedStore).filter(CachedStore.user_id == user.id).order_by(CachedStore.name).all()
+
+    config = _get_or_create_sync_config(db, user.id)
+    fmap = _filter_map(config)
+    fetched_at = stores[0].fetched_at if stores else None
+
+    return templates.TemplateResponse("catalog_stores.html", {
+        "request": request,
+        "user": user,
+        "evotor": evotor,
+        "stores": stores,
+        "filter_map": fmap,
+        "fetched_at": fetched_at,
+    })
+
+
+@router.get("/groups")
+def catalog_groups(
+    request: Request,
+    store_id: str,
+    db: Session = Depends(get_db),
+    user: User | None = Depends(get_current_user),
+):
+    if not user:
+        return RedirectResponse("/login", 303)
+
+    store = db.query(CachedStore).filter(
+        CachedStore.user_id == user.id,
+        CachedStore.evotor_id == store_id,
+    ).first()
+    if not store:
+        return RedirectResponse("/catalog", 303)
+
+    groups = db.query(CachedGroup).filter(
+        CachedGroup.user_id == user.id,
+        CachedGroup.store_evotor_id == store_id,
+    ).order_by(CachedGroup.name).all()
+
+    # Count products per group
+    product_counts = {}
+    for g in groups:
+        product_counts[g.evotor_id] = db.query(CachedProduct).filter(
+            CachedProduct.user_id == user.id,
+            CachedProduct.group_evotor_id == g.evotor_id,
+        ).count()
+
+    config = _get_or_create_sync_config(db, user.id)
+    fmap = _filter_map(config)
+
+    return templates.TemplateResponse("catalog_groups.html", {
+        "request": request,
+        "user": user,
+        "store": store,
+        "groups": groups,
+        "product_counts": product_counts,
+        "filter_map": fmap,
+    })
+
+
+@router.get("/products")
+def catalog_products(
+    request: Request,
+    store_id: str,
+    group_id: str | None = None,
+    db: Session = Depends(get_db),
+    user: User | None = Depends(get_current_user),
+):
+    if not user:
+        return RedirectResponse("/login", 303)
+
+    store = db.query(CachedStore).filter(
+        CachedStore.user_id == user.id,
+        CachedStore.evotor_id == store_id,
+    ).first()
+    if not store:
+        return RedirectResponse("/catalog", 303)
+
+    group = None
+    query = db.query(CachedProduct).filter(
+        CachedProduct.user_id == user.id,
+        CachedProduct.store_evotor_id == store_id,
+    )
+    if group_id:
+        group = db.query(CachedGroup).filter(
+            CachedGroup.user_id == user.id,
+            CachedGroup.evotor_id == group_id,
+        ).first()
+        query = query.filter(CachedProduct.group_evotor_id == group_id)
+
+    products = query.order_by(CachedProduct.name).all()
+
+    config = _get_or_create_sync_config(db, user.id)
+    fmap = _filter_map(config)
+
+    return templates.TemplateResponse("catalog_products.html", {
+        "request": request,
+        "user": user,
+        "store": store,
+        "group": group,
+        "products": products,
+        "filter_map": fmap,
+    })
+
+
+@router.post("/filter")
+async def catalog_filter(
+    request: Request,
+    db: Session = Depends(get_db),
+    user: User | None = Depends(get_current_user),
+):
+    if not user:
+        return RedirectResponse("/login", 303)
+
+    form = await request.form()
+    entity_type = form.get("entity_type")
+    entity_id = form.get("entity_id")
+    entity_name = form.get("entity_name")
+    filter_mode = form.get("filter_mode")  # "include", "exclude", "none"
+    parent_entity_id = form.get("parent_entity_id") or None
+    redirect_to = form.get("redirect_to", "/catalog")
+
+    config = _get_or_create_sync_config(db, user.id)
+
+    existing = db.query(SyncFilter).filter(
+        SyncFilter.sync_config_id == config.id,
+        SyncFilter.entity_type == entity_type,
+        SyncFilter.entity_id == entity_id,
+    ).first()
+
+    if filter_mode == "none":
+        if existing:
+            db.delete(existing)
+    elif existing:
+        existing.filter_mode = filter_mode
+        existing.entity_name = entity_name
+    else:
+        db.add(SyncFilter(
+            sync_config_id=config.id,
+            entity_type=entity_type,
+            entity_id=entity_id,
+            entity_name=entity_name,
+            filter_mode=filter_mode,
+            parent_entity_id=parent_entity_id,
+        ))
+    db.commit()
+
+    return RedirectResponse(redirect_to, 303)
+
+
+@router.post("/refresh")
+async def catalog_refresh(
+    request: Request,
+    db: Session = Depends(get_db),
+    user: User | None = Depends(get_current_user),
+):
+    if not user:
+        return RedirectResponse("/login", 303)
+
+    evotor = db.query(EvotorConnection).filter(EvotorConnection.user_id == user.id).first()
+    if evotor:
+        await refresh_catalog_cache(user.id, evotor.access_token, db)
+
+    return RedirectResponse("/catalog", 303)
+
+
+@router.get("/export")
+def catalog_export(
+    request: Request,
+    type: str,
+    store_id: str | None = None,
+    group_id: str | None = None,
+    db: Session = Depends(get_db),
+    user: User | None = Depends(get_current_user),
+):
+    if not user:
+        return RedirectResponse("/login", 303)
+
+    config = _get_or_create_sync_config(db, user.id)
+    fmap = _filter_map(config)
+
+    def filter_label(eid):
+        m = fmap.get(eid)
+        if m == "include":
+            return "Включено"
+        if m == "exclude":
+            return "Исключено"
+        return "Нет правила"
+
+    output = io.StringIO()
+    output.write("\ufeff")  # UTF-8 BOM for Excel
+    writer = csv.writer(output)
+
+    from datetime import date
+    today = date.today().strftime("%Y%m%d")
+
+    if type == "stores":
+        writer.writerow(["Название", "Адрес", "ID", "Фильтр"])
+        stores = db.query(CachedStore).filter(CachedStore.user_id == user.id).order_by(CachedStore.name).all()
+        for s in stores:
+            writer.writerow([s.name, s.address or "", s.evotor_id, filter_label(s.evotor_id)])
+        filename = f"stores_{today}.csv"
+
+    elif type == "groups":
+        writer.writerow(["Магазин", "Название", "ID", "Фильтр"])
+        q = db.query(CachedGroup, CachedStore).join(
+            CachedStore,
+            (CachedStore.evotor_id == CachedGroup.store_evotor_id) & (CachedStore.user_id == user.id)
+        ).filter(CachedGroup.user_id == user.id)
+        if store_id:
+            q = q.filter(CachedGroup.store_evotor_id == store_id)
+        for g, s in q.order_by(CachedGroup.name).all():
+            writer.writerow([s.name, g.name, g.evotor_id, filter_label(g.evotor_id)])
+        filename = f"groups_{today}.csv"
+
+    else:  # products
+        writer.writerow(["Магазин", "Группа", "Название", "Артикул", "Цена", "Количество", "Ед. измерения", "В продаже", "ID", "Фильтр"])
+        q = db.query(CachedProduct, CachedStore, CachedGroup).join(
+            CachedStore,
+            (CachedStore.evotor_id == CachedProduct.store_evotor_id) & (CachedStore.user_id == user.id)
+        ).outerjoin(
+            CachedGroup,
+            (CachedGroup.evotor_id == CachedProduct.group_evotor_id) & (CachedGroup.user_id == user.id)
+        ).filter(CachedProduct.user_id == user.id)
+        if store_id:
+            q = q.filter(CachedProduct.store_evotor_id == store_id)
+        if group_id:
+            q = q.filter(CachedProduct.group_evotor_id == group_id)
+        for p, s, g in q.order_by(CachedProduct.name).all():
+            writer.writerow([
+                s.name,
+                g.name if g else "",
+                p.name,
+                p.article_number or "",
+                p.price or "",
+                p.quantity or "",
+                p.measure_name or "",
+                "Да" if p.allow_to_sell else ("Нет" if p.allow_to_sell is not None else ""),
+                p.evotor_id,
+                filter_label(p.evotor_id),
+            ])
+        filename = f"products_{today}.csv"
+
+    output.seek(0)
+    return StreamingResponse(
+        iter([output.getvalue()]),
+        media_type="text/csv; charset=utf-8",
+        headers={"Content-Disposition": f"attachment; filename={filename}"},
+    )

web-python/routes/connections.py

@@ -0,0 +1,125 @@
+from fastapi import APIRouter, Request, Depends
+from fastapi.responses import RedirectResponse
+from web.templates_env import templates
+from sqlalchemy.orm import Session
+
+from web.auth import get_current_user
+from web.database import get_db
+from web.models import User, EvotorConnection, VkConnection
+
+router = APIRouter()
+
+SERVICE_TYPES = [
+    {
+        "type": "evotor",
+        "name": "Эвотор",
+        "icon": "bi-shop",
+        "description": "Подключите кассу Эвотор для синхронизации каталога товаров.",
+        "configure_url": "/evotor",
+        "connect_url": "/evotor",
+    },
+    {
+        "type": "vk",
+        "name": "ВКонтакте",
+        "icon": "bi-bag",
+        "description": "Подключите аккаунт ВКонтакте для публикации товаров в вашу группу.",
+        "configure_url": "/vk",
+        "connect_url": "/vk",
+    },
+]
+
+
+def _get_connection(svc_type: str, evotor, vk):
+    if svc_type == "evotor":
+        return evotor
+    if svc_type == "vk":
+        return vk
+    return None
+
+
+def _get_details(svc_type: str, conn):
+    if conn is None:
+        return None
+    if svc_type == "evotor":
+        return conn.store_name
+    if svc_type == "vk":
+        return f"{conn.first_name} {conn.last_name}".strip() if conn.first_name else None
+    return None
+
+
+@router.get("/connections")
+def connections_page(
+    request: Request,
+    db: Session = Depends(get_db),
+    user: User | None = Depends(get_current_user),
+):
+    if not user:
+        return RedirectResponse("/login", 303)
+
+    evotor = db.query(EvotorConnection).filter(EvotorConnection.user_id == user.id).first()
+    vk = db.query(VkConnection).filter(VkConnection.user_id == user.id).first()
+
+    connected = []
+    for svc in SERVICE_TYPES:
+        conn = _get_connection(svc["type"], evotor, vk)
+        if conn is not None:
+            connected.append({
+                **svc,
+                "is_online": conn.is_online,
+                "last_checked_at": conn.last_checked_at,
+                "details": _get_details(svc["type"], conn),
+            })
+
+    return templates.TemplateResponse("connections.html", {
+        "request": request,
+        "user": user,
+        "connections": connected,
+    })
+
+
+@router.get("/connections/add")
+def connections_add_page(
+    request: Request,
+    db: Session = Depends(get_db),
+    user: User | None = Depends(get_current_user),
+):
+    if not user:
+        return RedirectResponse("/login", 303)
+
+    evotor = db.query(EvotorConnection).filter(EvotorConnection.user_id == user.id).first()
+    vk = db.query(VkConnection).filter(VkConnection.user_id == user.id).first()
+
+    available = [
+        svc for svc in SERVICE_TYPES
+        if _get_connection(svc["type"], evotor, vk) is None
+    ]
+
+    return templates.TemplateResponse("connections_add.html", {
+        "request": request,
+        "user": user,
+        "available": available,
+    })
+
+
+@router.post("/connections/delete")
+async def connections_delete(
+    request: Request,
+    db: Session = Depends(get_db),
+    user: User | None = Depends(get_current_user),
+):
+    if not user:
+        return RedirectResponse("/login", 303)
+
+    svc_type = request.query_params.get("type")
+    if svc_type == "evotor":
+        conn = db.query(EvotorConnection).filter(EvotorConnection.user_id == user.id).first()
+    elif svc_type == "vk":
+        conn = db.query(VkConnection).filter(VkConnection.user_id == user.id).first()
+    else:
+        conn = None
+
+    if conn:
+        db.delete(conn)
+        db.commit()
+
+    return RedirectResponse("/connections", 303)

web-python/routes/evotor.py

@@ -0,0 +1,193 @@
+import logging
+import httpx
+
+from datetime import datetime
+from fastapi import APIRouter, Request, Depends, HTTPException
+from fastapi.responses import RedirectResponse, JSONResponse
+from web.templates_env import templates
+from pydantic import BaseModel
+from sqlalchemy.orm import Session
+
+from web.auth import get_current_user
+from web.config import settings
+from web.database import get_db
+from web.models import User, EvotorConnection
+
+logger = logging.getLogger(__name__)
+
+router = APIRouter(prefix="/evotor")
+
+EVOTOR_APP_URL = "https://market.evotor.ru/store/apps/{app_id}"
+EVOTOR_STORES_URL = "https://api.evotor.ru/stores"
+
+
+@router.get("")
+def evotor_page(
+    request: Request,
+    db: Session = Depends(get_db),
+    user: User | None = Depends(get_current_user),
+):
+    if not user:
+        return RedirectResponse("/login", 303)
+
+    connection = db.query(EvotorConnection).filter(EvotorConnection.user_id == user.id).first()
+    error = request.query_params.get("error")
+    app_url = EVOTOR_APP_URL.format(app_id=settings.EVOTOR_APP_ID) if settings.EVOTOR_APP_ID else None
+    return templates.TemplateResponse("evotor.html", {
+        "request": request,
+        "user": user,
+        "connection": connection,
+        "error": error,
+        "app_url": app_url,
+    })
+
+
+class EvotorTokenPayload(BaseModel):
+    userId: str
+    token: str
+
+
+@router.post("/callback")
+async def evotor_callback(
+    request: Request,
+    payload: EvotorTokenPayload,
+    db: Session = Depends(get_db),
+):
+    """
+    Webhook endpoint: Evotor POSTs {"userId": "...", "token": "..."} here
+    after the user authorizes the app in their Evotor account.
+    """
+    # Verify the Authorization header matches our configured webhook secret
+    if settings.EVOTOR_WEBHOOK_SECRET:
+        auth_header = request.headers.get("Authorization", "")
+        expected = f"Bearer {settings.EVOTOR_WEBHOOK_SECRET}"
+        if auth_header != expected:
+            logger.warning("Evotor webhook: invalid Authorization header")
+            raise HTTPException(status_code=401, detail="Unauthorized")
+
+    now = datetime.utcnow()
+
+    # Fetch store info using the received token
+    store_id = None
+    store_name = None
+    try:
+        async with httpx.AsyncClient() as client:
+            stores_response = await client.get(
+                EVOTOR_STORES_URL,
+                headers={"Authorization": f"Bearer {payload.token}"},
+                timeout=15,
+            )
+            if stores_response.status_code == 200:
+                stores = stores_response.json()
+                items = stores.get("items", stores) if isinstance(stores, dict) else stores
+                if items:
+                    store_id = items[0].get("uuid") or items[0].get("id")
+                    store_name = items[0].get("name")
+    except Exception:
+        pass  # Store info is optional
+
+    # Upsert by evotor_user_id (user_id stays NULL until /evotor/link is called)
+    connection = db.query(EvotorConnection).filter(
+        EvotorConnection.evotor_user_id == payload.userId
+    ).first()
+
+    if connection:
+        connection.access_token = payload.token
+        connection.store_id = store_id
+        connection.store_name = store_name
+        connection.is_online = True
+        connection.last_checked_at = now
+        connection.updated_at = now
+    else:
+        connection = EvotorConnection(
+            evotor_user_id=payload.userId,
+            access_token=payload.token,
+            store_id=store_id,
+            store_name=store_name,
+            is_online=True,
+            last_checked_at=now,
+        )
+        db.add(connection)
+
+    db.commit()
+    logger.info("Evotor webhook: saved token for evotor_user_id=%s", payload.userId)
+
+    return JSONResponse({"status": "ok"})
+
+
+@router.post("/token")
+async def evotor_token_manual(
+    request: Request,
+    db: Session = Depends(get_db),
+    user: User | None = Depends(get_current_user),
+):
+    """Allow user to manually paste their Evotor token."""
+    if not user:
+        return RedirectResponse("/login", 303)
+
+    form = await request.form()
+    token = (form.get("token") or "").strip()
+    if not token:
+        return RedirectResponse("/evotor?error=empty_token", 303)
+
+    now = datetime.utcnow()
+
+    # Fetch store info
+    store_id = None
+    store_name = None
+    try:
+        async with httpx.AsyncClient() as client:
+            stores_response = await client.get(
+                EVOTOR_STORES_URL,
+                headers={"Authorization": f"Bearer {token}"},
+                timeout=15,
+            )
+            if stores_response.status_code == 200:
+                stores = stores_response.json()
+                items = stores.get("items", stores) if isinstance(stores, dict) else stores
+                if items:
+                    store_id = items[0].get("uuid") or items[0].get("id")
+                    store_name = items[0].get("name")
+            elif stores_response.status_code == 401:
+                return RedirectResponse("/evotor?error=invalid_token", 303)
+    except Exception:
+        pass
+
+    connection = db.query(EvotorConnection).filter(EvotorConnection.user_id == user.id).first()
+    if connection:
+        connection.access_token = token
+        connection.store_id = store_id
+        connection.store_name = store_name
+        connection.is_online = True
+        connection.last_checked_at = now
+        connection.updated_at = now
+    else:
+        connection = EvotorConnection(
+            user_id=user.id,
+            access_token=token,
+            store_id=store_id,
+            store_name=store_name,
+            is_online=True,
+            last_checked_at=now,
+        )
+        db.add(connection)
+    db.commit()
+
+    return RedirectResponse("/connections", 303)
+
+
+@router.post("/disconnect")
+async def evotor_disconnect(
+    request: Request,
+    db: Session = Depends(get_db),
+    user: User | None = Depends(get_current_user),
+):
+    if not user:
+        return RedirectResponse("/login", 303)
+
+    connection = db.query(EvotorConnection).filter(EvotorConnection.user_id == user.id).first()
+    if connection:
+        db.delete(connection)
+        db.commit()
+
+    return RedirectResponse("/connections", 303)

web-python/routes/profile.py

@@ -0,0 +1,144 @@
+from fastapi import APIRouter, Request, Depends
+from fastapi.responses import RedirectResponse
+from web.templates_env import templates
+from sqlalchemy.orm import Session
+
+from web.auth import get_current_user, verify_password, hash_password
+from web.database import get_db
+from web.models import User
+from web.schemas import validate_profile, validate_reset_password
+
+router = APIRouter()
+
+
+# VIEW PROFILE
+@router.get("/profile")
+def profile_view(request: Request, user: User | None = Depends(get_current_user)):
+    if not user:
+        return RedirectResponse("/login", 303)
+    return templates.TemplateResponse("profile_view.html", {"request": request, "user": user})
+
+
+# EDIT PROFILE
+@router.get("/profile/edit")
+def profile_edit_form(request: Request, user: User | None = Depends(get_current_user)):
+    if not user:
+        return RedirectResponse("/login", 303)
+    return templates.TemplateResponse("profile_edit.html", {"request": request, "user": user})
+
+
+@router.post("/profile/edit")
+async def profile_edit_submit(
+    request: Request,
+    db: Session = Depends(get_db),
+    user: User | None = Depends(get_current_user),
+):
+    if not user:
+        return RedirectResponse("/login", 303)
+
+    form = await request.form()
+    data = dict(form)
+
+    errors = validate_profile(data)
+
+    if not errors:
+        existing = db.query(User).filter(
+            User.phone == data["phone"].strip(), User.id != user.id
+        ).first()
+        if existing:
+            errors.append("Пользователь с таким телефоном уже существует")
+
+    if errors:
+        return templates.TemplateResponse("profile_edit.html", {
+            "request": request, "user": user, "errors": errors, "form": data,
+        })
+
+    user.first_name = data["first_name"].strip()
+    user.last_name = data["last_name"].strip()
+    user.phone = data["phone"].strip()
+    db.commit()
+
+    return templates.TemplateResponse("profile_edit.html", {
+        "request": request, "user": user, "success": "Профиль обновлен",
+    })
+
+
+# CHANGE PASSWORD
+@router.get("/profile/change-password")
+def change_password_form(request: Request, user: User | None = Depends(get_current_user)):
+    if not user:
+        return RedirectResponse("/login", 303)
+    return templates.TemplateResponse("profile_change_password.html", {"request": request, "user": user})
+
+
+@router.post("/profile/change-password")
+async def change_password_submit(
+    request: Request,
+    db: Session = Depends(get_db),
+    user: User | None = Depends(get_current_user),
+):
+    if not user:
+        return RedirectResponse("/login", 303)
+
+    form = await request.form()
+    data = dict(form)
+
+    errors = []
+    current_password = data.get("current_password", "")
+    if not current_password:
+        errors.append("Введите текущий пароль")
+    elif not verify_password(current_password, user.password_hash):
+        errors.append("Неверный текущий пароль")
+
+    password_errors = validate_reset_password(data)
+    errors.extend(password_errors)
+
+    if errors:
+        return templates.TemplateResponse("profile_change_password.html", {
+            "request": request, "user": user, "errors": errors,
+        })
+
+    user.password_hash = hash_password(data["password"])
+    db.commit()
+
+    return templates.TemplateResponse("profile_change_password.html", {
+        "request": request, "user": user, "success": "Пароль изменен",
+    })
+
+
+# DELETE ACCOUNT
+@router.get("/profile/delete")
+def delete_account_form(request: Request, user: User | None = Depends(get_current_user)):
+    if not user:
+        return RedirectResponse("/login", 303)
+    return templates.TemplateResponse("profile_delete.html", {"request": request, "user": user})
+
+
+@router.post("/profile/delete")
+async def delete_account_submit(
+    request: Request,
+    db: Session = Depends(get_db),
+    user: User | None = Depends(get_current_user),
+):
+    if not user:
+        return RedirectResponse("/login", 303)
+
+    form = await request.form()
+    data = dict(form)
+
+    password = data.get("password", "")
+    if not password:
+        return templates.TemplateResponse("profile_delete.html", {
+            "request": request, "user": user, "errors": ["Введите пароль для подтверждения"],
+        })
+
+    if not verify_password(password, user.password_hash):
+        return templates.TemplateResponse("profile_delete.html", {
+            "request": request, "user": user, "errors": ["Неверный пароль"],
+        })
+
+    db.delete(user)
+    db.commit()
+    request.session.clear()
+
+    return RedirectResponse("/", 303)

web-python/routes/reset.py

@@ -0,0 +1,107 @@
+import uuid
+from datetime import datetime, timedelta, timezone
+
+from fastapi import APIRouter, Request, Depends
+from fastapi.responses import RedirectResponse
+from web.templates_env import templates
+from sqlalchemy.orm import Session
+
+from web.auth import hash_password
+from web.config import settings
+from web.database import get_db
+from web.models import User
+from web.schemas import validate_reset_password
+
+router = APIRouter()
+
+
+@router.get("/forgot-password")
+def forgot_form(request: Request):
+    return templates.TemplateResponse("forgot_password.html", {"request": request, "user": None})
+
+
+@router.post("/forgot-password")
+async def forgot_submit(request: Request, db: Session = Depends(get_db)):
+    form = await request.form()
+    email = form.get("email", "").strip()
+
+    if email:
+        user = db.query(User).filter(User.email == email).first()
+        if user:
+            token = uuid.uuid4().hex
+            user.password_reset_token = token
+            user.password_reset_expires = datetime.now(timezone.utc) + timedelta(
+                minutes=settings.PASSWORD_RESET_EXPIRE_MINUTES
+            )
+            db.commit()
+
+            reset_url = f"{settings.BASE_URL}/reset-password?token={token}"
+            print("=" * 40)
+            print("СБРОС ПАРОЛЯ")
+            print(f"Пользователь: {user.email}")
+            print(f"Ссылка: {reset_url}")
+            print(f"Действительна: {settings.PASSWORD_RESET_EXPIRE_MINUTES} мин.")
+            print("=" * 40)
+
+    return templates.TemplateResponse("message.html", {
+        "request": request, "user": None,
+        "title": "Сброс пароля",
+        "message": "Если аккаунт с таким email существует, мы отправили письмо со ссылкой для сброса пароля.",
+    })
+
+
+@router.get("/reset-password")
+def reset_form(request: Request, token: str, db: Session = Depends(get_db)):
+    user = db.query(User).filter(User.password_reset_token == token).first()
+    if not user or not user.password_reset_expires:
+        return templates.TemplateResponse("message.html", {
+            "request": request, "user": None,
+            "title": "Ошибка", "message": "Неверная или устаревшая ссылка.",
+        })
+
+    if datetime.now(timezone.utc) > user.password_reset_expires.replace(tzinfo=timezone.utc):
+        return templates.TemplateResponse("message.html", {
+            "request": request, "user": None,
+            "title": "Ошибка", "message": "Срок действия ссылки истек.",
+        })
+
+    return templates.TemplateResponse("reset_password.html", {
+        "request": request, "user": None, "token": token,
+    })
+
+
+@router.post("/reset-password")
+async def reset_submit(request: Request, token: str, db: Session = Depends(get_db)):
+    user = db.query(User).filter(User.password_reset_token == token).first()
+    if not user or not user.password_reset_expires:
+        return templates.TemplateResponse("message.html", {
+            "request": request, "user": None,
+            "title": "Ошибка", "message": "Неверная или устаревшая ссылка.",
+        })
+
+    if datetime.now(timezone.utc) > user.password_reset_expires.replace(tzinfo=timezone.utc):
+        return templates.TemplateResponse("message.html", {
+            "request": request, "user": None,
+            "title": "Ошибка", "message": "Срок действия ссылки истек.",
+        })
+
+    form = await request.form()
+    data = dict(form)
+    errors = validate_reset_password(data)
+
+    if errors:
+        return templates.TemplateResponse("reset_password.html", {
+            "request": request, "user": None, "token": token, "errors": errors,
+        })
+
+    user.password_hash = hash_password(data["password"])
+    user.password_reset_token = None
+    user.password_reset_expires = None
+    db.commit()
+
+    return templates.TemplateResponse("message.html", {
+        "request": request, "user": None,
+        "title": "Пароль изменен",
+        "message": "Ваш пароль успешно изменен. Теперь вы можете войти.",
+        "link": "/login", "link_text": "Войти",
+    })

web-python/routes/sync.py

@@ -0,0 +1,101 @@
+from datetime import datetime
+
+from fastapi import APIRouter, Request, Depends
+from fastapi.responses import RedirectResponse
+from web.templates_env import templates
+from sqlalchemy.orm import Session
+
+from web.auth import get_current_user
+from web.database import get_db
+from web.models import User, EvotorConnection, VkConnection, SyncConfig, SyncFilter
+
+router = APIRouter(prefix="/sync")
+
+
+def _get_or_create_sync_config(db: Session, user_id: int) -> SyncConfig:
+    config = db.query(SyncConfig).filter(SyncConfig.user_id == user_id).first()
+    if not config:
+        config = SyncConfig(user_id=user_id, is_enabled=False)
+        db.add(config)
+        db.commit()
+        db.refresh(config)
+    return config
+
+
+def _filter_summary(config: SyncConfig) -> dict:
+    stores = [f for f in config.filters if f.entity_type == "store"]
+    groups = [f for f in config.filters if f.entity_type == "group"]
+    products = [f for f in config.filters if f.entity_type == "product"]
+    return {
+        "stores": len(stores),
+        "groups": len(groups),
+        "products": len(products),
+        "total": len(config.filters),
+    }
+
+
+@router.get("")
+def sync_page(
+    request: Request,
+    db: Session = Depends(get_db),
+    user: User | None = Depends(get_current_user),
+):
+    if not user:
+        return RedirectResponse("/login", 303)
+
+    evotor = db.query(EvotorConnection).filter(EvotorConnection.user_id == user.id).first()
+    vk = db.query(VkConnection).filter(VkConnection.user_id == user.id).first()
+    config = _get_or_create_sync_config(db, user.id)
+    summary = _filter_summary(config)
+
+    if config.confirmed_at and config.is_enabled:
+        status = "active"
+    elif config.confirmed_at and not config.is_enabled:
+        status = "paused"
+    elif summary["total"] > 0:
+        status = "pending"
+    else:
+        status = "unconfigured"
+
+    return templates.TemplateResponse("sync.html", {
+        "request": request,
+        "user": user,
+        "evotor": evotor,
+        "vk": vk,
+        "config": config,
+        "summary": summary,
+        "status": status,
+    })
+
+
+@router.post("/toggle")
+def sync_toggle(
+    request: Request,
+    db: Session = Depends(get_db),
+    user: User | None = Depends(get_current_user),
+):
+    if not user:
+        return RedirectResponse("/login", 303)
+
+    config = _get_or_create_sync_config(db, user.id)
+    config.is_enabled = not config.is_enabled
+    db.commit()
+
+    return RedirectResponse("/sync", 303)
+
+
+@router.post("/confirm")
+def sync_confirm(
+    request: Request,
+    db: Session = Depends(get_db),
+    user: User | None = Depends(get_current_user),
+):
+    if not user:
+        return RedirectResponse("/login", 303)
+
+    config = _get_or_create_sync_config(db, user.id)
+    if config.is_enabled and len(config.filters) > 0:
+        config.confirmed_at = datetime.utcnow()
+        db.commit()
+
+    return RedirectResponse("/sync", 303)

web-python/routes/vk.py

@@ -0,0 +1,168 @@
+from datetime import datetime
+from urllib.parse import urlencode
+
+import httpx
+
+from fastapi import APIRouter, Request, Depends
+from fastapi.responses import RedirectResponse
+from web.templates_env import templates
+from sqlalchemy.orm import Session
+
+from web.auth import get_current_user
+from web.config import settings
+from web.database import get_db
+from web.models import User, VkConnection
+
+router = APIRouter(prefix="/vk")
+
+VK_API_URL = "https://api.vk.com/method"
+VK_OAUTH_URL = "https://oauth.vk.com/authorize"
+
+
+async def _fetch_group_info(token: str) -> tuple[str | None, str | None]:
+    """Returns (group_id, group_name) for the first admin group, or (None, None)."""
+    try:
+        async with httpx.AsyncClient() as client:
+            resp = await client.get(
+                f"{VK_API_URL}/groups.get",
+                params={
+                    "access_token": token,
+                    "v": settings.VK_API_VERSION,
+                    "filter": "admin",
+                    "extended": 1,
+                    "count": 1,
+                },
+                timeout=15,
+            )
+            if resp.status_code == 200:
+                data = resp.json()
+                if "error" not in data:
+                    items = data.get("response", {}).get("items", [])
+                    if items:
+                        return str(items[0].get("id", "")), items[0].get("name")
+    except Exception:
+        pass
+    return None, None
+
+
+def _save_connection(db: Session, user_id: int, token: str,
+                     group_id: str | None, group_name: str | None) -> None:
+    now = datetime.utcnow()
+    connection = db.query(VkConnection).filter(VkConnection.user_id == user_id).first()
+    if connection:
+        connection.access_token = token
+        connection.vk_user_id = group_id
+        connection.first_name = group_name
+        connection.last_name = None
+        connection.is_online = True
+        connection.last_checked_at = now
+    else:
+        db.add(VkConnection(
+            user_id=user_id,
+            access_token=token,
+            vk_user_id=group_id,
+            first_name=group_name,
+            last_name=None,
+            is_online=True,
+            last_checked_at=now,
+        ))
+    db.commit()
+
+
+@router.get("")
+def vk_page(
+    request: Request,
+    db: Session = Depends(get_db),
+    user: User | None = Depends(get_current_user),
+):
+    if not user:
+        return RedirectResponse("/login", 303)
+
+    connection = db.query(VkConnection).filter(VkConnection.user_id == user.id).first()
+    error = request.query_params.get("error")
+    return templates.TemplateResponse("vk.html", {
+        "request": request,
+        "user": user,
+        "connection": connection,
+        "error": error,
+        "vk_client_id": settings.VK_CLIENT_ID,
+        "callback_url": f"{settings.BASE_URL}/vk/callback",
+    })
+
+
+@router.get("/connect")
+def vk_connect(
+    request: Request,
+    user: User | None = Depends(get_current_user),
+):
+    """Redirect to VK OAuth authorization page."""
+    if not user:
+        return RedirectResponse("/login", 303)
+
+    if not settings.VK_CLIENT_ID:
+        return RedirectResponse("/vk?error=no_client_id", 303)
+
+    params = urlencode({
+        "client_id": settings.VK_CLIENT_ID,
+        "scope": "market,groups",
+        "redirect_uri": f"{settings.BASE_URL}/vk/callback",
+        "display": "page",
+        "response_type": "token",
+        "v": settings.VK_API_VERSION,
+    })
+    return RedirectResponse(f"{VK_OAUTH_URL}?{params}", 302)
+
+
+@router.get("/callback")
+def vk_callback(
+    request: Request,
+    user: User | None = Depends(get_current_user),
+):
+    """Landing page after VK OAuth. JS reads the token from the URL fragment and POSTs it."""
+    if not user:
+        return RedirectResponse("/login", 303)
+
+    return templates.TemplateResponse("vk_callback.html", {
+        "request": request,
+        "user": user,
+    })
+
+
+@router.post("/token")
+async def vk_token(
+    request: Request,
+    db: Session = Depends(get_db),
+    user: User | None = Depends(get_current_user),
+):
+    """Save a VK user access token (from manual entry or OAuth callback)."""
+    if not user:
+        return RedirectResponse("/login", 303)
+
+    form = await request.form()
+    token = (form.get("token") or "").strip()
+    if not token:
+        return RedirectResponse("/vk?error=empty_token", 303)
+
+    group_id, group_name = await _fetch_group_info(token)
+    if not group_id:
+        return RedirectResponse("/vk?error=invalid_token", 303)
+
+    _save_connection(db, user.id, token, group_id, group_name)
+    return RedirectResponse("/connections", 303)
+
+
+@router.post("/disconnect")
+async def vk_disconnect(
+    request: Request,
+    db: Session = Depends(get_db),
+    user: User | None = Depends(get_current_user),
+):
+    if not user:
+        return RedirectResponse("/login", 303)
+
+    connection = db.query(VkConnection).filter(VkConnection.user_id == user.id).first()
+    if connection:
+        db.delete(connection)
+        db.commit()
+
+    return RedirectResponse("/connections", 303)

web-python/schemas.py

@@ -0,0 +1,52 @@
+import re
+
+
+def validate_registration(data: dict) -> list[str]:
+    errors = []
+    if not data.get("first_name", "").strip():
+        errors.append("Введите имя")
+    if not data.get("last_name", "").strip():
+        errors.append("Введите фамилию")
+    email = data.get("email", "").strip()
+    if not email or not re.match(r"^[^@]+@[^@]+\.[^@]+$", email):
+        errors.append("Введите корректный email")
+    phone = data.get("phone", "").strip()
+    if not phone or not re.match(r"^\+7 \(\d{3}\) \d{3}-\d{2}-\d{2}$", phone):
+        errors.append("Введите телефон в формате +7 (XXX) XXX-XX-XX")
+    password = data.get("password", "")
+    if len(password) < 8:
+        errors.append("Пароль должен быть не менее 8 символов")
+    if password != data.get("password_confirm", ""):
+        errors.append("Пароли не совпадают")
+    return errors
+
+
+def validate_login(data: dict) -> list[str]:
+    errors = []
+    if not data.get("email", "").strip():
+        errors.append("Введите email")
+    if not data.get("password", ""):
+        errors.append("Введите пароль")
+    return errors
+
+
+def validate_reset_password(data: dict) -> list[str]:
+    errors = []
+    password = data.get("password", "")
+    if len(password) < 8:
+        errors.append("Пароль должен быть не менее 8 символов")
+    if password != data.get("password_confirm", ""):
+        errors.append("Пароли не совпадают")
+    return errors
+
+
+def validate_profile(data: dict) -> list[str]:
+    errors = []
+    if not data.get("first_name", "").strip():
+        errors.append("Введите имя")
+    if not data.get("last_name", "").strip():
+        errors.append("Введите фамилию")
+    phone = data.get("phone", "").strip()
+    if not phone or not re.match(r"^\+7 \(\d{3}\) \d{3}-\d{2}-\d{2}$", phone):
+        errors.append("Введите телефон в формате +7 (XXX) XXX-XX-XX")
+    return errors

web-python/static/style.css

@@ -0,0 +1,39 @@
+/* Brand overrides */
+:root {
+    --bs-primary: #F05023;
+    --bs-primary-rgb: 240, 80, 35;
+    --bs-link-color: #0986E2;
+    --bs-link-hover-color: #0670c0;
+}
+
+.brand-logo {
+    font-size: 22px;
+    font-weight: 700;
+    color: #F05023 !important;
+}
+
+.brand-border {
+    border-color: #F05023 !important;
+}
+
+.btn-primary {
+    --bs-btn-bg: #F05023;
+    --bs-btn-border-color: #F05023;
+    --bs-btn-hover-bg: #d44420;
+    --bs-btn-hover-border-color: #d44420;
+    --bs-btn-active-bg: #c03d1c;
+    --bs-btn-active-border-color: #c03d1c;
+}
+
+.btn-secondary {
+    --bs-btn-bg: #0986E2;
+    --bs-btn-border-color: #0986E2;
+    --bs-btn-hover-bg: #0770c0;
+    --bs-btn-hover-border-color: #0770c0;
+    --bs-btn-active-bg: #065fa3;
+    --bs-btn-active-border-color: #065fa3;
+}
+
+.nav-link:hover {
+    color: #F05023 !important;
+}

web-python/sync_engine.py

@@ -0,0 +1,485 @@
+"""
+Sync engine: syncs Evotor products to VK market for all enabled users.
+Runs as a background asyncio loop inside the web app.
+"""
+
+import asyncio
+import logging
+from datetime import datetime
+
+import httpx
+from sqlalchemy.orm import Session
+
+from web.database import SessionLocal
+from web.models import CachedProduct, EvotorConnection, VkConnection, SyncConfig, SyncFilter
+
+logger = logging.getLogger("uvicorn.error")
+
+VK_API_HOST = "https://api.vk.ru/method"
+VK_API_VERSION = "5.199"
+EVOTOR_API_BASE = "https://api.evotor.ru"
+VK_CATEGORY_ID = 40932
+VK_STOCK_AMOUNT = 1000
+WEIGHT_PRICE_MULTIPLIER = 10
+WEIGHT_MEASURES = {"г", "г.", "грамм", "граммов", "гр", "гр."}
+
+
+def _is_weight_measure(measure: str | None) -> bool:
+    if not measure:
+        return False
+    return measure.strip().lower() in WEIGHT_MEASURES
+
+
+def _normalize_name(name: str) -> str:
+    return name.strip().replace(";", ",")
+
+
+def _calc_price(price_kopecks, measure: str | None) -> tuple[int, str]:
+    """Returns (price_in_kopecks_for_vk, price_info_label)."""
+    base = int(price_kopecks or 0)
+    if _is_weight_measure(measure):
+        return base * WEIGHT_PRICE_MULTIPLIER, f"{WEIGHT_PRICE_MULTIPLIER}{measure}"
+    return base, measure or ""
+
+
+def _build_description(name: str, price_info: str, extra_desc: str | None) -> str:
+    desc = f"{name} (цена за {price_info}.)\n\n"
+    if extra_desc:
+        desc += extra_desc
+    return desc
+
+
+def _get_included_store_ids(filters: list) -> list[str]:
+    return [f.entity_id for f in filters if f.entity_type == "store" and f.filter_mode == "include"]
+
+
+def _is_group_included(group_id: str | None, filters: list) -> bool:
+    """Returns True if the group should be synced based on filters."""
+    group_filters = {f.entity_id: f.filter_mode for f in filters if f.entity_type == "group"}
+    if not group_filters:
+        return True  # no group filters → include all
+    mode = group_filters.get(group_id)
+    if mode == "exclude":
+        return False
+    if mode == "include":
+        return True
+    # Not mentioned — include if there are only excludes, exclude if there are only includes
+    has_includes = any(v == "include" for v in group_filters.values())
+    return not has_includes
+
+
+def _is_product_included(product_id: str, filters: list) -> bool:
+    product_filters = {f.entity_id: f.filter_mode for f in filters if f.entity_type == "product"}
+    if not product_filters:
+        return True
+    mode = product_filters.get(product_id)
+    if mode == "exclude":
+        return False
+    if mode == "include":
+        return True
+    has_includes = any(v == "include" for v in product_filters.values())
+    return not has_includes
+
+
+# ---------------------------------------------------------------------------
+# Evotor API helpers
+# ---------------------------------------------------------------------------
+
+async def _evo_fetch_products(token: str, store_id: str) -> list[dict]:
+    async with httpx.AsyncClient() as client:
+        resp = await client.get(
+            f"{EVOTOR_API_BASE}/stores/{store_id}/products",
+            headers={"Authorization": f"Bearer {token}"},
+            timeout=30,
+        )
+        if resp.status_code in (402, 404):
+            return []
+        resp.raise_for_status()
+        data = resp.json()
+        return data.get("items", data) if isinstance(data, dict) else data
+
+
+async def _evo_fetch_groups(token: str, store_id: str) -> list[dict]:
+    async with httpx.AsyncClient() as client:
+        resp = await client.get(
+            f"{EVOTOR_API_BASE}/stores/{store_id}/product-groups",
+            headers={"Authorization": f"Bearer {token}"},
+            timeout=30,
+        )
+        if resp.status_code in (402, 404):
+            return []
+        resp.raise_for_status()
+        data = resp.json()
+        return data.get("items", data) if isinstance(data, dict) else data
+
+
+# ---------------------------------------------------------------------------
+# VK API helpers
+# ---------------------------------------------------------------------------
+
+def _vk_params(token: str, **extra) -> dict:
+    return {"access_token": token, "v": VK_API_VERSION, **extra}
+
+
+async def _vk_get_albums(token: str, owner_id: str) -> list[dict]:
+    async with httpx.AsyncClient() as client:
+        resp = await client.get(
+            f"{VK_API_HOST}/market.getAlbums",
+            params=_vk_params(token, owner_id=owner_id, count=200),
+            timeout=30,
+        )
+        resp.raise_for_status()
+        data = resp.json()
+        return data.get("response", {}).get("items", [])
+
+
+async def _vk_create_album(token: str, owner_id: str, title: str) -> int | None:
+    async with httpx.AsyncClient() as client:
+        resp = await client.post(
+            f"{VK_API_HOST}/market.addAlbum",
+            data=_vk_params(token, owner_id=owner_id, title=title),
+            timeout=30,
+        )
+        resp.raise_for_status()
+        data = resp.json()
+        if "error" in data:
+            logger.error("VK create album error: %s", data["error"])
+            return None
+        return data.get("response", {}).get("market_album_id")
+
+
+async def _vk_get_products(token: str, owner_id: str) -> list[dict]:
+    """Fetch all VK market items (handles pagination)."""
+    items = []
+    offset = 0
+    count = 200
+    async with httpx.AsyncClient() as client:
+        while True:
+            resp = await client.get(
+                f"{VK_API_HOST}/market.get",
+                params=_vk_params(token, owner_id=owner_id, extended=1,
+                                  with_disabled=1, count=count, offset=offset),
+                timeout=30,
+            )
+            resp.raise_for_status()
+            data = resp.json()
+            batch = data.get("response", {}).get("items", [])
+            items.extend(batch)
+            if len(batch) < count:
+                break
+            offset += count
+    return items
+
+
+async def _vk_upload_photo(token: str, group_id: str, photo_path: str) -> str | None:
+    """Upload a photo and return photo_id."""
+    async with httpx.AsyncClient() as client:
+        # Get upload URL
+        resp = await client.get(
+            f"{VK_API_HOST}/market.getProductPhotoUploadServer",
+            params=_vk_params(token, group_id=group_id),
+            timeout=30,
+        )
+        resp.raise_for_status()
+        data = resp.json()
+        if "error" in data:
+            logger.error("VK get upload URL error: %s", data["error"])
+            return None
+        upload_url = data.get("response", {}).get("upload_url")
+        if not upload_url:
+            return None
+
+        # Upload photo
+        with open(photo_path, "rb") as f:
+            upload_resp = await client.post(upload_url, files={"file": f}, timeout=60)
+        upload_resp.raise_for_status()
+        upload_obj = upload_resp.json()
+
+        # Save photo
+        save_resp = await client.post(
+            f"{VK_API_HOST}/market.saveProductPhoto",
+            data=_vk_params(token, upload_response=upload_resp.text),
+            timeout=30,
+        )
+        save_resp.raise_for_status()
+        save_data = save_resp.json()
+        if "error" in save_data:
+            logger.error("VK save photo error: %s", save_data["error"])
+            return None
+        return save_data.get("response", {}).get("photo_id")
+
+
+async def _vk_create_product(
+    token: str, owner_id: str, name: str, description: str,
+    price: int, stock_amount: int, photo_id: str, album_id: int | None,
+) -> int | None:
+    params = _vk_params(
+        token,
+        owner_id=owner_id,
+        name=name,
+        description=description,
+        category_id=VK_CATEGORY_ID,
+        price=price,
+        main_photo_id=photo_id,
+        stock_amount=stock_amount,
+    )
+    async with httpx.AsyncClient() as client:
+        resp = await client.post(f"{VK_API_HOST}/market.add", data=params, timeout=30)
+        resp.raise_for_status()
+        data = resp.json()
+        if "error" in data:
+            logger.error("VK create product error: %s", data["error"])
+            return None
+        product_id = data.get("response", {}).get("market_item_id")
+        if product_id and album_id:
+            await client.get(
+                f"{VK_API_HOST}/market.addToAlbum",
+                params=_vk_params(token, owner_id=owner_id,
+                                  item_ids=product_id, album_ids=album_id),
+                timeout=30,
+            )
+        return product_id
+
+
+async def _vk_edit_product(
+    token: str, owner_id: str, item_id: int, name: str,
+    description: str, price: int, stock_amount: int,
+) -> None:
+    params = _vk_params(
+        token,
+        owner_id=owner_id,
+        item_id=item_id,
+        name=name,
+        description=description,
+        category_id=VK_CATEGORY_ID,
+        price=price,
+        stock_amount=stock_amount,
+    )
+    async with httpx.AsyncClient() as client:
+        resp = await client.post(f"{VK_API_HOST}/market.edit", data=params, timeout=30)
+        resp.raise_for_status()
+        data = resp.json()
+        if "error" in data:
+            logger.error("VK edit product error: %s", data["error"])
+
+
+async def _vk_delete_product(token: str, owner_id: str, item_id: int) -> None:
+    async with httpx.AsyncClient() as client:
+        resp = await client.post(
+            f"{VK_API_HOST}/market.delete",
+            data=_vk_params(token, owner_id=owner_id, item_id=item_id),
+            timeout=30,
+        )
+        resp.raise_for_status()
+
+
+# ---------------------------------------------------------------------------
+# Main sync logic per user
+# ---------------------------------------------------------------------------
+
+def _stamp_synced(db: Session, user_id: int, evo_id: str, now: datetime) -> None:
+    db.query(CachedProduct).filter(
+        CachedProduct.user_id == user_id,
+        CachedProduct.evotor_id == evo_id,
+    ).update({"synced_at": now})
+    db.commit()
+
+
+async def sync_user(
+    user_id: int,
+    evo_token: str,
+    vk_token: str,
+    vk_group_id: str,
+    filters: list,
+    photo_path: str,
+    db: Session,
+) -> None:
+    owner_id = f"-{vk_group_id}"
+    now = datetime.utcnow()
+    logger.info("Sync start: user_id=%d vk_group=%s", user_id, vk_group_id)
+
+    store_ids = _get_included_store_ids(filters)
+    if not store_ids:
+        logger.info("Sync skip: user_id=%d — no stores included in filters", user_id)
+        return
+
+    # Collect all Evotor products and groups across included stores
+    evo_products: list[dict] = []
+    groups_by_id: dict[str, dict] = {}
+
+    for store_id in store_ids:
+        raw_groups = await _evo_fetch_groups(evo_token, store_id)
+        for g in raw_groups:
+            gid = g.get("uuid") or g.get("id")
+            if gid:
+                groups_by_id[gid] = g
+
+        raw_products = await _evo_fetch_products(evo_token, store_id)
+        for p in raw_products:
+            pid = p.get("uuid") or p.get("id")
+            gid = p.get("parentUuid") or p.get("parent_id")
+            if not _is_group_included(gid, filters):
+                continue
+            if not _is_product_included(pid, filters):
+                continue
+            evo_products.append(p)
+
+    # Build evo product lookup by normalized name
+    # {normalized_name: product_dict}
+    evo_by_name: dict[str, dict] = {}
+    for p in evo_products:
+        raw_name = (p.get("name") or "").strip()
+        norm = _normalize_name(raw_name)
+        evo_by_name[norm] = p
+
+    # Fetch VK state
+    vk_products = await _vk_get_products(vk_token, owner_id)
+    vk_albums = await _vk_get_albums(vk_token, owner_id)
+    vk_album_by_title: dict[str, dict] = {a["title"]: a for a in vk_albums}
+
+    # Ensure albums exist for all included groups
+    for gid, group in groups_by_id.items():
+        if not _is_group_included(gid, filters):
+            continue
+        title = group.get("name", "")
+        if title and title not in vk_album_by_title:
+            new_album_id = await _vk_create_album(vk_token, owner_id, title)
+            if new_album_id:
+                vk_album_by_title[title] = {"id": new_album_id, "title": title}
+                logger.info("Created VK album '%s' for user_id=%d", title, user_id)
+
+    # Build VK product lookup by normalized name
+    # {normalized_name: [vk_item, ...]}
+    vk_by_name: dict[str, list[dict]] = {}
+    for item in vk_products:
+        norm = _normalize_name(item.get("title", ""))
+        vk_by_name.setdefault(norm, []).append(item)
+
+    # --- UPDATE / CREATE ---
+    for norm_name, evo_p in evo_by_name.items():
+        evo_id = evo_p.get("uuid") or evo_p.get("id")
+        raw_name = (evo_p.get("name") or "").strip()
+        name_for_vk = _normalize_name(raw_name)
+        measure = evo_p.get("measureName") or evo_p.get("measure_name")
+        raw_price = evo_p.get("price") or 0
+        price, price_info = _calc_price(raw_price, measure)
+        allow_to_sell = evo_p.get("allowToSell") if evo_p.get("allowToSell") is not None else evo_p.get("allow_to_sell")
+        stock_amount = VK_STOCK_AMOUNT if allow_to_sell else 0
+        extra_desc = evo_p.get("description") or ""
+        description = _build_description(raw_name, price_info, extra_desc).strip()
+
+        gid = evo_p.get("parentUuid") or evo_p.get("parent_id")
+        group_name = groups_by_id.get(gid, {}).get("name") if gid else None
+        album = vk_album_by_title.get(group_name) if group_name else None
+        album_id = album["id"] if album else None
+
+        if norm_name in vk_by_name:
+            # Update existing (use first match)
+            vk_item = vk_by_name[norm_name][0]
+            vk_id = vk_item["id"]
+            orig_price = vk_item.get("price", {}).get("amount", 0)
+            orig_price_int = int(orig_price) if orig_price else 0
+            orig_desc = (vk_item.get("description") or "").strip()
+            orig_stock = vk_item.get("stock_amount", 0)
+
+            price_changed = price != orig_price_int
+            desc_changed = description != orig_desc
+            stock_changed = stock_amount != orig_stock
+
+            if price_changed or desc_changed or stock_changed:
+                logger.info(
+                    "Updating VK product '%s' user_id=%d (price=%s desc=%s stock=%s)",
+                    name_for_vk, user_id, price_changed, desc_changed, stock_changed,
+                )
+                await _vk_edit_product(
+                    vk_token, owner_id, vk_id, name_for_vk, description, price, stock_amount,
+                )
+            _stamp_synced(db, user_id, evo_id, now)
+        else:
+            # Create new (only if allow_to_sell)
+            if not allow_to_sell:
+                continue
+            photo_id = await _vk_upload_photo(vk_token, vk_group_id, photo_path)
+            if not photo_id:
+                logger.error("Skipping product '%s' — photo upload failed", name_for_vk)
+                continue
+            logger.info("Creating VK product '%s' user_id=%d", name_for_vk, user_id)
+            created = await _vk_create_product(
+                vk_token, owner_id, name_for_vk, description,
+                price, stock_amount, photo_id, album_id,
+            )
+            if created:
+                _stamp_synced(db, user_id, evo_id, now)
+
+    # --- DELETE products in VK that are no longer in Evo ---
+    for norm_name, vk_items in vk_by_name.items():
+        if norm_name in evo_by_name:
+            # Delete duplicates (keep first)
+            for dup in vk_items[1:]:
+                logger.info("Deleting duplicate VK product '%s' id=%d user_id=%d",
+                            norm_name, dup["id"], user_id)
+                await _vk_delete_product(vk_token, owner_id, dup["id"])
+        else:
+            # Delete all — product removed from Evo
+            for item in vk_items:
+                logger.info("Deleting removed product '%s' id=%d user_id=%d",
+                            norm_name, item["id"], user_id)
+                await _vk_delete_product(vk_token, owner_id, item["id"])
+
+    logger.info("Sync complete: user_id=%d", user_id)
+
+
+# ---------------------------------------------------------------------------
+# Background loop
+# ---------------------------------------------------------------------------
+
+async def run_sync() -> None:
+    from web.config import settings
+
+    db = SessionLocal()
+    try:
+        configs = db.query(SyncConfig).filter(
+            SyncConfig.is_enabled == True,
+            SyncConfig.confirmed_at != None,
+        ).all()
+
+        for config in configs:
+            user_id = config.user_id
+            evo = db.query(EvotorConnection).filter(
+                EvotorConnection.user_id == user_id
+            ).first()
+            vk = db.query(VkConnection).filter(
+                VkConnection.user_id == user_id
+            ).first()
+
+            if not evo or not vk:
+                continue
+            if not evo.access_token or not vk.access_token:
+                continue
+            if not vk.vk_user_id:
+                continue
+
+            try:
+                await sync_user(
+                    user_id=user_id,
+                    evo_token=evo.access_token,
+                    vk_token=vk.access_token,
+                    vk_group_id=vk.vk_user_id,
+                    filters=config.filters,
+                    photo_path=settings.VK_DEFAULT_PHOTO_PATH,
+                    db=db,
+                )
+            except Exception:
+                logger.exception("Sync failed for user_id=%d", user_id)
+
+    except Exception:
+        logger.exception("Error in sync runner")
+        db.rollback()
+    finally:
+        db.close()
+
+
+async def sync_loop(interval: int) -> None:
+    while True:
+        await run_sync()
+        await asyncio.sleep(interval)

web-python/templates/base.html

@@ -0,0 +1,97 @@
+<!DOCTYPE html>
+<html lang="ru">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>{% block title %}ЭВОСИНК{% endblock %}</title>
+    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css">
+    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css">
+    <link rel="stylesheet" href="/static/style.css">
+</head>
+<body>
+    <nav class="navbar navbar-expand-lg bg-white border-bottom border-2 brand-border">
+        <div class="container">
+            <a href="/" class="navbar-brand brand-logo">ЭВОСИНК</a>
+            <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNav">
+                <span class="navbar-toggler-icon"></span>
+            </button>
+            <div class="collapse navbar-collapse" id="navbarNav">
+                <ul class="navbar-nav ms-auto">
+                    {% if user %}
+                        <li class="nav-item">
+                            <a href="/connections" class="nav-link">Подключения</a>
+                        </li>
+                        <li class="nav-item">
+                            <a href="/catalog" class="nav-link">Каталог</a>
+                        </li>
+                        <li class="nav-item">
+                            <a href="/sync" class="nav-link">Синхронизация</a>
+                        </li>
+                        <li class="nav-item">
+                            <a href="/profile" class="nav-link"><i class="bi bi-person-circle me-1"></i>Личный кабинет</a>
+                        </li>
+                        <li class="nav-item">
+                            <a href="/logout" class="nav-link text-muted">Выход</a>
+                        </li>
+                    {% else %}
+                        <li class="nav-item">
+                            <a href="/login" class="nav-link">Вход</a>
+                        </li>
+                        <li class="nav-item">
+                            <a href="/register" class="nav-link">Регистрация</a>
+                        </li>
+                    {% endif %}
+                </ul>
+            </div>
+        </div>
+    </nav>
+
+    <main class="container py-4">
+        {% if errors %}
+        <div class="alert alert-danger">
+            {% for error in errors %}
+                <p class="mb-1">{{ error }}</p>
+            {% endfor %}
+        </div>
+        {% endif %}
+
+        {% if success %}
+        <div class="alert alert-success">
+            <p class="mb-0">{{ success }}</p>
+        </div>
+        {% endif %}
+
+        {% block content %}{% endblock %}
+    </main>
+
+    {% if jivosite_widget_id %}
+    <script src="//code.jivosite.com/widget/{{ jivosite_widget_id }}" async></script>
+    {% endif %}
+    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
+    <script src="https://cdn.jsdelivr.net/npm/inputmask@5.0.9/dist/inputmask.min.js"></script>
+    <script>
+        document.addEventListener('DOMContentLoaded', function() {
+            var phoneInputs = document.querySelectorAll('input[name="phone"]');
+            if (phoneInputs.length) {
+                Inputmask('+7 (999) 999-99-99', {
+                    placeholder: '_',
+                    showMaskOnHover: false,
+                    clearMaskOnLostFocus: false
+                }).mask(phoneInputs);
+            }
+        });
+    </script>
+    <script>
+        document.addEventListener('invalid', function(e) {
+            if (e.target.validity.valueMissing) {
+                e.target.setCustomValidity('Пожалуйста, заполните это поле');
+            } else if (e.target.validity.typeMismatch) {
+                e.target.setCustomValidity('Пожалуйста, введите корректное значение');
+            }
+        }, true);
+        document.addEventListener('input', function(e) {
+            if (e.target.required) e.target.setCustomValidity('');
+        }, true);
+    </script>
+</body>
+</html>

web-python/templates/catalog_groups.html

@@ -0,0 +1,108 @@
+{% extends "base.html" %}
+{% block title %}Группы — {{ store.name }} — ЭВОСИНК{% endblock %}
+
+{% block content %}
+<nav aria-label="breadcrumb" class="mb-3">
+    <ol class="breadcrumb">
+        <li class="breadcrumb-item"><a href="/catalog">Каталог</a></li>
+        <li class="breadcrumb-item active">{{ store.name }}</li>
+    </ol>
+</nav>
+
+<div class="d-flex align-items-center justify-content-between mb-3">
+    <h1 class="h4 mb-0">Группы товаров</h1>
+    <a href="/catalog/export?type=groups&store_id={{ store.evotor_id }}" class="btn btn-outline-secondary btn-sm">
+        <i class="bi bi-download me-1"></i>Экспорт CSV
+    </a>
+</div>
+
+{% if not groups %}
+<div class="text-center py-5 text-muted">
+    <i class="bi bi-folder fs-1 mb-3 d-block"></i>
+    <p>Группы не найдены в этом магазине.</p>
+    <a href="/catalog/products?store_id={{ store.evotor_id }}" class="btn btn-outline-primary btn-sm">
+        Посмотреть все товары магазина
+    </a>
+</div>
+{% else %}
+<div class="table-responsive">
+    <table class="table table-striped table-hover align-middle">
+        <thead class="table-light">
+            <tr>
+                <th>Название</th>
+                <th>Кол-во товаров</th>
+                <th>Фильтр</th>
+                <th></th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for group in groups %}
+            {% set mode = filter_map.get(group.evotor_id) %}
+            <tr>
+                <td>{{ group.name }}</td>
+                <td class="text-muted">{{ product_counts.get(group.evotor_id, 0) }}</td>
+                <td>
+                    {% if mode == "include" %}
+                        <span class="badge bg-success">✓ Включено</span>
+                    {% elif mode == "exclude" %}
+                        <span class="badge bg-danger">✗ Исключено</span>
+                    {% else %}
+                        <span class="badge bg-light text-muted border">— Нет правила</span>
+                    {% endif %}
+                </td>
+                <td class="text-end">
+                    <div class="d-flex gap-1 justify-content-end">
+                        <a href="/catalog/products?store_id={{ store.evotor_id }}&group_id={{ group.evotor_id }}"
+                           class="btn btn-outline-secondary btn-sm" title="Товары">
+                            <i class="bi bi-arrow-right"></i>
+                        </a>
+                        <div class="dropdown">
+                            <button class="btn btn-outline-secondary btn-sm dropdown-toggle" data-bs-toggle="dropdown">
+                                <i class="bi bi-funnel"></i>
+                            </button>
+                            <ul class="dropdown-menu dropdown-menu-end">
+                                <li>
+                                    <form method="post" action="/catalog/filter">
+                                        <input type="hidden" name="entity_type" value="group">
+                                        <input type="hidden" name="entity_id" value="{{ group.evotor_id }}">
+                                        <input type="hidden" name="entity_name" value="{{ group.name }}">
+                                        <input type="hidden" name="filter_mode" value="include">
+                                        <input type="hidden" name="parent_entity_id" value="{{ store.evotor_id }}">
+                                        <input type="hidden" name="redirect_to" value="/catalog/groups?store_id={{ store.evotor_id }}">
+                                        <button type="submit" class="dropdown-item">✓ Включить в синхронизацию</button>
+                                    </form>
+                                </li>
+                                <li>
+                                    <form method="post" action="/catalog/filter">
+                                        <input type="hidden" name="entity_type" value="group">
+                                        <input type="hidden" name="entity_id" value="{{ group.evotor_id }}">
+                                        <input type="hidden" name="entity_name" value="{{ group.name }}">
+                                        <input type="hidden" name="filter_mode" value="exclude">
+                                        <input type="hidden" name="parent_entity_id" value="{{ store.evotor_id }}">
+                                        <input type="hidden" name="redirect_to" value="/catalog/groups?store_id={{ store.evotor_id }}">
+                                        <button type="submit" class="dropdown-item">✗ Исключить из синхронизации</button>
+                                    </form>
+                                </li>
+                                <li><hr class="dropdown-divider"></li>
+                                <li>
+                                    <form method="post" action="/catalog/filter">
+                                        <input type="hidden" name="entity_type" value="group">
+                                        <input type="hidden" name="entity_id" value="{{ group.evotor_id }}">
+                                        <input type="hidden" name="entity_name" value="{{ group.name }}">
+                                        <input type="hidden" name="filter_mode" value="none">
+                                        <input type="hidden" name="parent_entity_id" value="{{ store.evotor_id }}">
+                                        <input type="hidden" name="redirect_to" value="/catalog/groups?store_id={{ store.evotor_id }}">
+                                        <button type="submit" class="dropdown-item text-muted">— Убрать правило</button>
+                                    </form>
+                                </li>
+                            </ul>
+                        </div>
+                    </div>
+                </td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
+</div>
+{% endif %}
+{% endblock %}

web-python/templates/catalog_products.html

@@ -0,0 +1,133 @@
+{% extends "base.html" %}
+{% block title %}Товары — ЭВОСИНК{% endblock %}
+
+{% block content %}
+<nav aria-label="breadcrumb" class="mb-3">
+    <ol class="breadcrumb">
+        <li class="breadcrumb-item"><a href="/catalog">Каталог</a></li>
+        <li class="breadcrumb-item"><a href="/catalog/groups?store_id={{ store.evotor_id }}">{{ store.name }}</a></li>
+        {% if group %}
+        <li class="breadcrumb-item active">{{ group.name }}</li>
+        {% else %}
+        <li class="breadcrumb-item active">Все товары</li>
+        {% endif %}
+    </ol>
+</nav>
+
+<div class="d-flex align-items-center justify-content-between mb-3">
+    <h1 class="h4 mb-0">Товары{% if group %}: {{ group.name }}{% endif %}</h1>
+    <a href="/catalog/export?type=products&store_id={{ store.evotor_id }}{% if group %}&group_id={{ group.evotor_id }}{% endif %}"
+       class="btn btn-outline-secondary btn-sm">
+        <i class="bi bi-download me-1"></i>Экспорт CSV
+    </a>
+</div>
+
+{% set redirect_back %}/catalog/products?store_id={{ store.evotor_id }}{% if group %}&group_id={{ group.evotor_id }}{% endif %}{% endset %}
+
+{% if not products %}
+<div class="text-center py-5 text-muted">
+    <i class="bi bi-box fs-1 mb-3 d-block"></i>
+    <p>Товары не найдены.</p>
+</div>
+{% else %}
+<div class="table-responsive" style="overflow: visible;">
+    <table class="table table-striped table-hover align-middle small">
+        <thead class="table-light">
+            <tr>
+                <th>Название</th>
+                <th>Артикул</th>
+                <th>Цена</th>
+                <th>Кол-во</th>
+                <th>Ед. изм.</th>
+                <th>В продаже</th>
+                <th>Синхронизирован</th>
+                <th>Фильтр</th>
+                <th></th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for product in products %}
+            {% set mode = filter_map.get(product.evotor_id) %}
+            <tr>
+                <td>{{ product.name }}</td>
+                <td class="text-muted font-monospace">{{ product.article_number or "—" }}</td>
+                <td>{% if product.price %}{{ "%.2f"|format(product.price) }} ₽{% else %}—{% endif %}</td>
+                <td>{% if product.quantity is not none %}{{ product.quantity }}{% else %}—{% endif %}</td>
+                <td class="text-muted">{{ product.measure_name or "—" }}</td>
+                <td>
+                    {% if product.allow_to_sell is none %}
+                        <span class="text-muted">—</span>
+                    {% elif product.allow_to_sell %}
+                        <i class="bi bi-check-circle-fill text-success"></i>
+                    {% else %}
+                        <i class="bi bi-x-circle-fill text-danger"></i>
+                    {% endif %}
+                </td>
+                <td>
+                    {% if product.synced_at %}
+                        <span title="{{ product.synced_at.strftime('%d.%m.%Y %H:%M') }}">
+                            <i class="bi bi-check-circle-fill text-success"></i>
+                        </span>
+                    {% else %}
+                        <span class="text-muted">—</span>
+                    {% endif %}
+                </td>
+                <td>
+                    {% if mode == "include" %}
+                        <span class="badge bg-success">✓ Включено</span>
+                    {% elif mode == "exclude" %}
+                        <span class="badge bg-danger">✗ Исключено</span>
+                    {% else %}
+                        <span class="badge bg-light text-muted border">— Нет правила</span>
+                    {% endif %}
+                </td>
+                <td>
+                    <div class="dropdown">
+                        <button class="btn btn-outline-secondary btn-sm dropdown-toggle" data-bs-toggle="dropdown" data-bs-strategy="fixed">
+                            <i class="bi bi-funnel"></i>
+                        </button>
+                        <ul class="dropdown-menu dropdown-menu-end">
+                            <li>
+                                <form method="post" action="/catalog/filter">
+                                    <input type="hidden" name="entity_type" value="product">
+                                    <input type="hidden" name="entity_id" value="{{ product.evotor_id }}">
+                                    <input type="hidden" name="entity_name" value="{{ product.name }}">
+                                    <input type="hidden" name="filter_mode" value="include">
+                                    <input type="hidden" name="parent_entity_id" value="{{ product.group_evotor_id or '' }}">
+                                    <input type="hidden" name="redirect_to" value="{{ redirect_back }}">
+                                    <button type="submit" class="dropdown-item">✓ Включить в синхронизацию</button>
+                                </form>
+                            </li>
+                            <li>
+                                <form method="post" action="/catalog/filter">
+                                    <input type="hidden" name="entity_type" value="product">
+                                    <input type="hidden" name="entity_id" value="{{ product.evotor_id }}">
+                                    <input type="hidden" name="entity_name" value="{{ product.name }}">
+                                    <input type="hidden" name="filter_mode" value="exclude">
+                                    <input type="hidden" name="parent_entity_id" value="{{ product.group_evotor_id or '' }}">
+                                    <input type="hidden" name="redirect_to" value="{{ redirect_back }}">
+                                    <button type="submit" class="dropdown-item">✗ Исключить из синхронизации</button>
+                                </form>
+                            </li>
+                            <li><hr class="dropdown-divider"></li>
+                            <li>
+                                <form method="post" action="/catalog/filter">
+                                    <input type="hidden" name="entity_type" value="product">
+                                    <input type="hidden" name="entity_id" value="{{ product.evotor_id }}">
+                                    <input type="hidden" name="entity_name" value="{{ product.name }}">
+                                    <input type="hidden" name="filter_mode" value="none">
+                                    <input type="hidden" name="parent_entity_id" value="{{ product.group_evotor_id or '' }}">
+                                    <input type="hidden" name="redirect_to" value="{{ redirect_back }}">
+                                    <button type="submit" class="dropdown-item text-muted">— Убрать правило</button>
+                                </form>
+                            </li>
+                        </ul>
+                    </div>
+                </td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
+</div>
+{% endif %}
+{% endblock %}

web-python/templates/catalog_stores.html

@@ -0,0 +1,113 @@
+{% extends "base.html" %}
+{% block title %}Каталог — ЭВОСИНК{% endblock %}
+
+{% block content %}
+<div class="d-flex align-items-center justify-content-between mb-3">
+    <h1 class="h4 mb-0">Каталог</h1>
+    <div class="d-flex gap-2">
+        {% if evotor %}
+        <form method="post" action="/catalog/refresh">
+            <button type="submit" class="btn btn-outline-secondary btn-sm">
+                <i class="bi bi-arrow-clockwise me-1"></i>Обновить
+            </button>
+        </form>
+        <a href="/catalog/export?type=stores" class="btn btn-outline-secondary btn-sm">
+            <i class="bi bi-download me-1"></i>Экспорт CSV
+        </a>
+        {% endif %}
+    </div>
+</div>
+
+{% if not evotor %}
+<div class="alert alert-warning d-flex align-items-center gap-2">
+    <i class="bi bi-exclamation-triangle-fill"></i>
+    <span>Эвотор не подключён. <a href="/evotor">Подключить Эвотор</a></span>
+</div>
+{% elif not stores %}
+<div class="text-center py-5 text-muted">
+    <i class="bi bi-shop fs-1 mb-3 d-block"></i>
+    <p>Магазины не найдены в вашем аккаунте Эвотор.</p>
+</div>
+{% else %}
+{% if fetched_at %}
+<p class="text-muted small mb-3">Последнее обновление: {{ fetched_at.strftime("%d.%m.%Y %H:%M") }}</p>
+{% endif %}
+
+<div class="table-responsive">
+    <table class="table table-striped table-hover align-middle">
+        <thead class="table-light">
+            <tr>
+                <th>Название</th>
+                <th>Адрес</th>
+                <th>Фильтр</th>
+                <th></th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for store in stores %}
+            {% set mode = filter_map.get(store.evotor_id) %}
+            <tr>
+                <td>{{ store.name }}</td>
+                <td class="text-muted small">{{ store.address or "—" }}</td>
+                <td>
+                    {% if mode == "include" %}
+                        <span class="badge bg-success">✓ Включено</span>
+                    {% elif mode == "exclude" %}
+                        <span class="badge bg-danger">✗ Исключено</span>
+                    {% else %}
+                        <span class="badge bg-light text-muted border">— Нет правила</span>
+                    {% endif %}
+                </td>
+                <td class="text-end">
+                    <div class="d-flex gap-1 justify-content-end">
+                        <a href="/catalog/groups?store_id={{ store.evotor_id }}"
+                           class="btn btn-outline-secondary btn-sm" title="Группы">
+                            <i class="bi bi-arrow-right"></i>
+                        </a>
+                        <div class="dropdown">
+                            <button class="btn btn-outline-secondary btn-sm dropdown-toggle" data-bs-toggle="dropdown">
+                                <i class="bi bi-funnel"></i>
+                            </button>
+                            <ul class="dropdown-menu dropdown-menu-end">
+                                <li>
+                                    <form method="post" action="/catalog/filter">
+                                        <input type="hidden" name="entity_type" value="store">
+                                        <input type="hidden" name="entity_id" value="{{ store.evotor_id }}">
+                                        <input type="hidden" name="entity_name" value="{{ store.name }}">
+                                        <input type="hidden" name="filter_mode" value="include">
+                                        <input type="hidden" name="redirect_to" value="/catalog">
+                                        <button type="submit" class="dropdown-item">✓ Включить в синхронизацию</button>
+                                    </form>
+                                </li>
+                                <li>
+                                    <form method="post" action="/catalog/filter">
+                                        <input type="hidden" name="entity_type" value="store">
+                                        <input type="hidden" name="entity_id" value="{{ store.evotor_id }}">
+                                        <input type="hidden" name="entity_name" value="{{ store.name }}">
+                                        <input type="hidden" name="filter_mode" value="exclude">
+                                        <input type="hidden" name="redirect_to" value="/catalog">
+                                        <button type="submit" class="dropdown-item">✗ Исключить из синхронизации</button>
+                                    </form>
+                                </li>
+                                <li><hr class="dropdown-divider"></li>
+                                <li>
+                                    <form method="post" action="/catalog/filter">
+                                        <input type="hidden" name="entity_type" value="store">
+                                        <input type="hidden" name="entity_id" value="{{ store.evotor_id }}">
+                                        <input type="hidden" name="entity_name" value="{{ store.name }}">
+                                        <input type="hidden" name="filter_mode" value="none">
+                                        <input type="hidden" name="redirect_to" value="/catalog">
+                                        <button type="submit" class="dropdown-item text-muted">— Убрать правило</button>
+                                    </form>
+                                </li>
+                            </ul>
+                        </div>
+                    </div>
+                </td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
+</div>
+{% endif %}
+{% endblock %}

web-python/templates/confirm_email.html

@@ -0,0 +1,16 @@
+{% extends "base.html" %}
+{% block title %}Подтверждение email — ЭВОСИНК{% endblock %}
+
+{% block content %}
+<div class="row justify-content-center">
+    <div class="col-sm-10 col-md-6 col-lg-5">
+        <div class="card shadow-sm mt-5 text-center">
+            <div class="card-body p-5">
+                <i class="bi bi-envelope-check display-4 text-primary mb-3"></i>
+                <h1 class="h4 mb-3">Подтвердите ваш email</h1>
+                <p class="text-muted">Проверьте почту и нажмите на ссылку для подтверждения.</p>
+            </div>
+        </div>
+    </div>
+</div>
+{% endblock %}

web-python/templates/connections.html

@@ -0,0 +1,67 @@
+{% extends "base.html" %}
+{% block title %}Подключения — ЭВОСИНК{% endblock %}
+
+{% block content %}
+<div class="d-flex align-items-center justify-content-between mb-4">
+    <h1 class="h4 mb-0">Подключения</h1>
+    <a href="/connections/add" class="btn btn-primary btn-sm">
+        <i class="bi bi-plus-lg me-1"></i>Добавить
+    </a>
+</div>
+
+{% if connections %}
+<div class="row g-3">
+    {% for conn in connections %}
+    <div class="col-sm-6 col-lg-4">
+        <div class="card shadow-sm h-100">
+            <div class="card-body">
+                <div class="d-flex align-items-center mb-3">
+                    <i class="bi {{ conn.icon }} fs-2 me-3 text-secondary"></i>
+                    <div>
+                        <h5 class="mb-0">{{ conn.name }}</h5>
+                        {% if conn.details %}
+                        <small class="text-muted">{{ conn.details }}</small>
+                        {% endif %}
+                    </div>
+                    <div class="ms-auto">
+                        {% if conn.is_online %}
+                            <i class="bi bi-circle-fill text-success fs-5" title="Онлайн"></i>
+                        {% else %}
+                            <i class="bi bi-circle-fill text-danger fs-5" title="Офлайн"></i>
+                        {% endif %}
+                    </div>
+                </div>
+
+                <div class="d-flex gap-2">
+                    <a href="{{ conn.configure_url }}" class="btn btn-outline-primary btn-sm flex-fill">Настроить</a>
+                    <form method="post" action="/connections/delete?type={{ conn.type }}">
+                        <button type="submit"
+                            class="btn btn-outline-danger btn-sm"
+                            onclick="return confirm('Вы уверены, что хотите отключить {{ conn.name }}?')">
+                            Отключить
+                        </button>
+                    </form>
+                </div>
+            </div>
+            <div class="card-footer text-muted small">
+                {% if conn.last_checked_at %}
+                    Проверено: {{ conn.last_checked_at.strftime("%d.%m.%Y %H:%M") }}
+                {% else %}
+                    Статус ещё не проверялся
+                {% endif %}
+            </div>
+        </div>
+    </div>
+    {% endfor %}
+</div>
+
+{% else %}
+<div class="text-center py-5 text-muted">
+    <i class="bi bi-plug fs-1 mb-3 d-block"></i>
+    <p class="mb-3">Нет подключённых сервисов</p>
+    <a href="/connections/add" class="btn btn-primary">
+        <i class="bi bi-plus-lg me-1"></i>Добавить подключение
+    </a>
+</div>
+{% endif %}
+{% endblock %}

web-python/templates/connections_add.html

@@ -0,0 +1,39 @@
+{% extends "base.html" %}
+{% block title %}Добавить подключение — ЭВОСИНК{% endblock %}
+
+{% block content %}
+<div class="d-flex align-items-center mb-4">
+    <a href="/connections" class="text-muted me-3"><i class="bi bi-arrow-left fs-5"></i></a>
+    <h1 class="h4 mb-0">Добавить подключение</h1>
+</div>
+
+{% if available %}
+<div class="row g-3">
+    {% for svc in available %}
+    <div class="col-sm-6 col-lg-4">
+        <div class="card shadow-sm h-100">
+            <div class="card-body d-flex flex-column">
+                <div class="d-flex align-items-center mb-3">
+                    <i class="bi {{ svc.icon }} fs-2 me-3 text-secondary"></i>
+                    <h5 class="mb-0">{{ svc.name }}</h5>
+                </div>
+                <p class="text-muted small flex-grow-1">{{ svc.description }}</p>
+                <a href="{{ svc.connect_url }}" class="btn btn-primary btn-sm mt-auto">
+                    Подключить <i class="bi bi-arrow-right ms-1"></i>
+                </a>
+            </div>
+        </div>
+    </div>
+    {% endfor %}
+</div>
+
+{% else %}
+<div class="text-center py-5 text-muted">
+    <i class="bi bi-check-circle fs-1 mb-3 d-block text-success"></i>
+    <p class="mb-3">Все доступные сервисы подключены</p>
+    <a href="/connections" class="btn btn-outline-secondary btn-sm">
+        <i class="bi bi-arrow-left me-1"></i>Вернуться к подключениям
+    </a>
+</div>
+{% endif %}
+{% endblock %}

web-python/templates/email_confirmed.html

@@ -0,0 +1,17 @@
+{% extends "base.html" %}
+{% block title %}Email подтвержден — ЭВОСИНК{% endblock %}
+
+{% block content %}
+<div class="row justify-content-center">
+    <div class="col-sm-10 col-md-6 col-lg-5">
+        <div class="card shadow-sm mt-5 text-center">
+            <div class="card-body p-5">
+                <i class="bi bi-check-circle display-4 text-success mb-3"></i>
+                <h1 class="h4 mb-3">Email подтвержден!</h1>
+                <p class="text-muted">Ваш email успешно подтвержден. Теперь вы можете войти в систему.</p>
+                <a href="/login" class="btn btn-primary mt-2">Войти</a>
+            </div>
+        </div>
+    </div>
+</div>
+{% endblock %}

web-python/templates/evotor.html

@@ -0,0 +1,104 @@
+{% extends "base.html" %}
+{% block title %}Подключение Эвотор — ЭВОСИНК{% endblock %}
+
+{% block content %}
+<div class="row justify-content-center">
+    <div class="col-sm-10 col-md-7 col-lg-6">
+
+        {% if error %}
+        <div class="alert alert-danger mt-4">
+            {% if error == "invalid_token" %}
+                <i class="bi bi-exclamation-triangle me-2"></i>Токен недействителен. Проверьте правильность и попробуйте снова.
+            {% elif error == "empty_token" %}
+                <i class="bi bi-exclamation-triangle me-2"></i>Введите токен.
+            {% else %}
+                <i class="bi bi-exclamation-triangle me-2"></i>Произошла ошибка при подключении: {{ error }}
+            {% endif %}
+        </div>
+        {% endif %}
+
+        <div class="card shadow-sm mt-4">
+            <div class="card-header">
+                <h1 class="h5 mb-0">Подключение Эвотор</h1>
+            </div>
+
+            {% if connection %}
+            {# ── CONNECTED STATE ── #}
+            <ul class="list-group list-group-flush">
+                <li class="list-group-item d-flex justify-content-between align-items-center">
+                    <span class="text-muted small">Статус</span>
+                    <span class="badge bg-success"><i class="bi bi-check-circle me-1"></i>Подключено</span>
+                </li>
+                {% if connection.store_name %}
+                <li class="list-group-item d-flex justify-content-between align-items-center">
+                    <span class="text-muted small">Магазин</span>
+                    <span>{{ connection.store_name }}</span>
+                </li>
+                {% endif %}
+                {% if connection.store_id %}
+                <li class="list-group-item d-flex justify-content-between align-items-center">
+                    <span class="text-muted small">ID магазина</span>
+                    <span class="font-monospace small text-muted">{{ connection.store_id }}</span>
+                </li>
+                {% endif %}
+                <li class="list-group-item d-flex justify-content-between align-items-center">
+                    <span class="text-muted small">Подключено</span>
+                    <span class="small">{{ connection.connected_at.strftime("%d.%m.%Y %H:%M") }}</span>
+                </li>
+            </ul>
+            <div class="card-footer">
+                <p class="text-muted small mb-2">Обновить токен (Личный кабинет Эвотор → <strong>Приложения → ЭвоСинк → Настройки</strong>):</p>
+                <form method="post" action="/evotor/token">
+                    <div class="input-group input-group-sm">
+                        <input type="text" name="token" class="form-control font-monospace" placeholder="Новый токен" required>
+                        <button type="submit" class="btn btn-outline-secondary">Обновить</button>
+                    </div>
+                </form>
+            </div>
+            <div class="card-body d-grid">
+                <form method="post" action="/evotor/disconnect">
+                    <button type="submit" class="btn btn-outline-danger w-100">Отключить аккаунт Эвотор</button>
+                </form>
+            </div>
+
+            {% else %}
+            {# ── NOT CONNECTED STATE ── #}
+            <div class="card-body">
+                <p class="text-muted mb-3">
+                    Для подключения вам нужно установить приложение <strong>ЭвоСинк</strong> в личном кабинете Эвотор
+                    и скопировать токен доступа из его настроек.
+                </p>
+
+                <ol class="text-muted small mb-4">
+                    {% if app_url %}
+                    <li class="mb-1">Откройте <a href="{{ app_url }}" target="_blank" rel="noopener">приложение ЭвоСинк в магазине Эвотор <i class="bi bi-box-arrow-up-right small"></i></a> и установите его.</li>
+                    {% else %}
+                    <li class="mb-1">Найдите приложение <strong>ЭвоСинк</strong> в магазине Эвотор и установите его.</li>
+                    {% endif %}
+                    <li class="mb-1">Перейдите в раздел <strong>Приложения → ЭвоСинк → Настройки</strong>.</li>
+                    <li class="mb-1">Скопируйте токен доступа и вставьте его в поле ниже.</li>
+                </ol>
+
+                <form method="post" action="/evotor/token">
+                    <div class="mb-3">
+                        <label class="form-label small text-muted">Токен доступа</label>
+                        <input type="text" name="token" class="form-control font-monospace" placeholder="Вставьте токен Эвотор" required autofocus>
+                    </div>
+                    <div class="d-grid">
+                        <button type="submit" class="btn btn-primary">Подключить</button>
+                    </div>
+                </form>
+            </div>
+            {% endif %}
+
+        </div>
+
+        <div class="mt-3 text-center">
+            <a href="/connections" class="text-muted small">
+                <i class="bi bi-arrow-left me-1"></i>Вернуться к подключениям
+            </a>
+        </div>
+
+    </div>
+</div>
+{% endblock %}

web-python/templates/forgot_password.html

@@ -0,0 +1,27 @@
+{% extends "base.html" %}
+{% block title %}Забыли пароль — ЭВОСИНК{% endblock %}
+
+{% block content %}
+<div class="row justify-content-center">
+    <div class="col-sm-10 col-md-6 col-lg-5">
+        <div class="card shadow-sm mt-4">
+            <div class="card-body p-4">
+                <h1 class="card-title h4 mb-2">Забыли пароль?</h1>
+                <p class="text-muted small mb-4">Введите email, указанный при регистрации.</p>
+                <form method="post" action="/forgot-password">
+                    <div class="mb-3">
+                        <label for="email" class="form-label">Email</label>
+                        <input type="email" id="email" name="email" class="form-control" required>
+                    </div>
+                    <div class="d-grid">
+                        <button type="submit" class="btn btn-primary">Отправить ссылку для сброса</button>
+                    </div>
+                </form>
+                <div class="mt-3 text-center small">
+                    <a href="/login">Вернуться ко входу</a>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+{% endblock %}

web-python/templates/login.html

@@ -0,0 +1,32 @@
+{% extends "base.html" %}
+{% block title %}Вход — ЭВОСИНК{% endblock %}
+
+{% block content %}
+<div class="row justify-content-center">
+    <div class="col-sm-10 col-md-6 col-lg-5">
+        <div class="card shadow-sm mt-4">
+            <div class="card-body p-4">
+                <h1 class="card-title h4 mb-4">Вход</h1>
+                <form method="post" action="/login">
+                    <div class="mb-3">
+                        <label for="email" class="form-label">Email</label>
+                        <input type="email" id="email" name="email" class="form-control"
+                               value="{{ form.email if form else '' }}" required>
+                    </div>
+                    <div class="mb-3">
+                        <label for="password" class="form-label">Пароль</label>
+                        <input type="password" id="password" name="password" class="form-control" required>
+                    </div>
+                    <div class="d-grid">
+                        <button type="submit" class="btn btn-primary">Войти</button>
+                    </div>
+                </form>
+                <div class="mt-3 text-center small">
+                    <a href="/forgot-password">Забыли пароль?</a><br>
+                    <a href="/register">Зарегистрироваться</a>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+{% endblock %}

web-python/templates/message.html

@@ -0,0 +1,18 @@
+{% extends "base.html" %}
+{% block title %}{{ title }} — ЭВОСИНК{% endblock %}
+
+{% block content %}
+<div class="row justify-content-center">
+    <div class="col-sm-10 col-md-6 col-lg-5">
+        <div class="card shadow-sm mt-5 text-center">
+            <div class="card-body p-5">
+                <h1 class="h4 mb-3">{{ title }}</h1>
+                <p class="text-muted">{{ message }}</p>
+                {% if link %}
+                    <a href="{{ link }}" class="btn btn-primary mt-2">{{ link_text }}</a>
+                {% endif %}
+            </div>
+        </div>
+    </div>
+</div>
+{% endblock %}

web-python/templates/profile_change_password.html

@@ -0,0 +1,46 @@
+{% extends "base.html" %}
+{% block title %}Изменить пароль — ЭВОСИНК{% endblock %}
+
+{% block content %}
+<div class="row justify-content-center">
+    <div class="col-sm-10 col-md-6 col-lg-5">
+        <div class="card shadow-sm mt-4">
+            <div class="card-header">
+                <h1 class="h5 mb-0"><i class="bi bi-key me-2"></i>Изменить пароль</h1>
+            </div>
+            <div class="card-body p-4">
+                {% if success %}
+                <div class="alert alert-success">{{ success }}</div>
+                {% endif %}
+
+                {% if errors %}
+                <div class="alert alert-danger">
+                    {% for error in errors %}
+                    <div>{{ error }}</div>
+                    {% endfor %}
+                </div>
+                {% endif %}
+
+                <form method="post" action="/profile/change-password">
+                    <div class="mb-3">
+                        <label for="current_password" class="form-label">Текущий пароль</label>
+                        <input type="password" id="current_password" name="current_password" class="form-control" required>
+                    </div>
+                    <div class="mb-3">
+                        <label for="password" class="form-label">Новый пароль</label>
+                        <input type="password" id="password" name="password" class="form-control" required>
+                    </div>
+                    <div class="mb-4">
+                        <label for="password_confirm" class="form-label">Подтвердить пароль</label>
+                        <input type="password" id="password_confirm" name="password_confirm" class="form-control" required>
+                    </div>
+                    <div class="d-flex gap-2">
+                        <button type="submit" class="btn btn-primary">Изменить пароль</button>
+                        <a href="/profile" class="btn btn-outline-secondary">Отмена</a>
+                    </div>
+                </form>
+            </div>
+        </div>
+    </div>
+</div>
+{% endblock %}

web-python/templates/profile_delete.html

@@ -0,0 +1,41 @@
+{% extends "base.html" %}
+{% block title %}Удалить аккаунт — ЭВОСИНК{% endblock %}
+
+{% block content %}
+<div class="row justify-content-center">
+    <div class="col-sm-10 col-md-6 col-lg-5">
+        <div class="card shadow-sm mt-4 border-danger">
+            <div class="card-header bg-danger text-white">
+                <h1 class="h5 mb-0"><i class="bi bi-trash me-2"></i>Удалить аккаунт</h1>
+            </div>
+            <div class="card-body p-4">
+                <div class="alert alert-warning">
+                    <i class="bi bi-exclamation-triangle me-1"></i>
+                    <strong>Внимание!</strong> Это действие необратимо. Все ваши данные будут удалены.
+                </div>
+
+                {% if errors %}
+                <div class="alert alert-danger">
+                    {% for error in errors %}
+                    <div>{{ error }}</div>
+                    {% endfor %}
+                </div>
+                {% endif %}
+
+                <form method="post" action="/profile/delete">
+                    <div class="mb-4">
+                        <label for="password" class="form-label">Введите пароль для подтверждения</label>
+                        <input type="password" id="password" name="password" class="form-control" required>
+                    </div>
+                    <div class="d-flex gap-2">
+                        <button type="submit" class="btn btn-danger">
+                            <i class="bi bi-trash me-1"></i>Удалить мой аккаунт
+                        </button>
+                        <a href="/profile" class="btn btn-outline-secondary">Отмена</a>
+                    </div>
+                </form>
+            </div>
+        </div>
+    </div>
+</div>
+{% endblock %}

web-python/templates/profile_edit.html

@@ -0,0 +1,55 @@
+{% extends "base.html" %}
+{% block title %}Редактировать профиль — ЭВОСИНК{% endblock %}
+
+{% block content %}
+<div class="row justify-content-center">
+    <div class="col-sm-10 col-md-7 col-lg-6">
+        <div class="card shadow-sm mt-4">
+            <div class="card-header">
+                <h1 class="h5 mb-0"><i class="bi bi-pencil me-2"></i>Редактировать профиль</h1>
+            </div>
+            <div class="card-body p-4">
+                {% if success %}
+                <div class="alert alert-success">{{ success }}</div>
+                {% endif %}
+
+                {% if errors %}
+                <div class="alert alert-danger">
+                    {% for error in errors %}
+                    <div>{{ error }}</div>
+                    {% endfor %}
+                </div>
+                {% endif %}
+
+                <form method="post" action="/profile/edit">
+                    <div class="row g-3 mb-3">
+                        <div class="col-sm-6">
+                            <label for="first_name" class="form-label">Имя</label>
+                            <input type="text" id="first_name" name="first_name" class="form-control"
+                                   value="{{ form.first_name if form else user.first_name }}" required>
+                        </div>
+                        <div class="col-sm-6">
+                            <label for="last_name" class="form-label">Фамилия</label>
+                            <input type="text" id="last_name" name="last_name" class="form-control"
+                                   value="{{ form.last_name if form else user.last_name }}" required>
+                        </div>
+                    </div>
+                    <div class="mb-3">
+                        <label class="form-label text-muted">Email</label>
+                        <input type="email" class="form-control" value="{{ user.email }}" disabled>
+                    </div>
+                    <div class="mb-4">
+                        <label for="phone" class="form-label">Телефон</label>
+                        <input type="tel" id="phone" name="phone" class="form-control"
+                               value="{{ form.phone if form else user.phone }}" required>
+                    </div>
+                    <div class="d-flex gap-2">
+                        <button type="submit" class="btn btn-primary">Сохранить</button>
+                        <a href="/profile" class="btn btn-outline-secondary">Отмена</a>
+                    </div>
+                </form>
+            </div>
+        </div>
+    </div>
+</div>
+{% endblock %}

web-python/templates/profile_view.html

@@ -0,0 +1,46 @@
+{% extends "base.html" %}
+{% block title %}Личный кабинет — ЭВОСИНК{% endblock %}
+
+{% block content %}
+<div class="row justify-content-center">
+    <div class="col-sm-10 col-md-7 col-lg-6">
+        <div class="card shadow-sm mt-4">
+            <div class="card-header">
+                <h1 class="h5 mb-0"><i class="bi bi-person-circle me-2"></i>Личный кабинет</h1>
+            </div>
+            <ul class="list-group list-group-flush">
+                <li class="list-group-item d-flex justify-content-between">
+                    <span class="text-muted small">Имя</span>
+                    <span>{{ user.first_name }}</span>
+                </li>
+                <li class="list-group-item d-flex justify-content-between">
+                    <span class="text-muted small">Фамилия</span>
+                    <span>{{ user.last_name }}</span>
+                </li>
+                <li class="list-group-item d-flex justify-content-between">
+                    <span class="text-muted small">Email</span>
+                    <span>{{ user.email }}</span>
+                </li>
+                <li class="list-group-item d-flex justify-content-between">
+                    <span class="text-muted small">Телефон</span>
+                    <span>{{ user.phone }}</span>
+                </li>
+            </ul>
+            <div class="card-body d-grid gap-2">
+                <a href="/profile/edit" class="btn btn-primary">
+                    <i class="bi bi-pencil me-1"></i>Редактировать профиль
+                </a>
+                <a href="/profile/change-password" class="btn btn-secondary">
+                    <i class="bi bi-key me-1"></i>Изменить пароль
+                </a>
+                <a href="/logout" class="btn btn-outline-secondary">
+                    <i class="bi bi-box-arrow-right me-1"></i>Выход
+                </a>
+                <a href="/profile/delete" class="btn btn-outline-danger btn-sm mt-2">
+                    <i class="bi bi-trash me-1"></i>Удалить аккаунт
+                </a>
+            </div>
+        </div>
+    </div>
+</div>
+{% endblock %}

web-python/templates/register.html

@@ -0,0 +1,52 @@
+{% extends "base.html" %}
+{% block title %}Регистрация — ЭВОСИНК{% endblock %}
+
+{% block content %}
+<div class="row justify-content-center">
+    <div class="col-sm-10 col-md-7 col-lg-6">
+        <div class="card shadow-sm mt-4">
+            <div class="card-body p-4">
+                <h1 class="card-title h4 mb-4">Регистрация</h1>
+                <form method="post" action="/register">
+                    <div class="row g-3 mb-3">
+                        <div class="col-sm-6">
+                            <label for="first_name" class="form-label">Имя</label>
+                            <input type="text" id="first_name" name="first_name" class="form-control"
+                                   value="{{ form.first_name if form else '' }}">
+                        </div>
+                        <div class="col-sm-6">
+                            <label for="last_name" class="form-label">Фамилия</label>
+                            <input type="text" id="last_name" name="last_name" class="form-control"
+                                   value="{{ form.last_name if form else '' }}">
+                        </div>
+                    </div>
+                    <div class="mb-3">
+                        <label for="email" class="form-label">Email <span class="text-danger">*</span></label>
+                        <input type="email" id="email" name="email" class="form-control"
+                               value="{{ form.email if form else '' }}" required>
+                    </div>
+                    <div class="mb-3">
+                        <label for="phone" class="form-label">Телефон <span class="text-danger">*</span></label>
+                        <input type="tel" id="phone" name="phone" class="form-control"
+                               value="{{ form.phone if form else '' }}" required>
+                    </div>
+                    <div class="mb-3">
+                        <label for="password" class="form-label">Пароль <span class="text-danger">*</span></label>
+                        <input type="password" id="password" name="password" class="form-control" required>
+                    </div>
+                    <div class="mb-4">
+                        <label for="password_confirm" class="form-label">Подтверждение пароля <span class="text-danger">*</span></label>
+                        <input type="password" id="password_confirm" name="password_confirm" class="form-control" required>
+                    </div>
+                    <div class="d-grid">
+                        <button type="submit" class="btn btn-primary">Зарегистрироваться</button>
+                    </div>
+                </form>
+                <div class="mt-3 text-center small">
+                    <a href="/login">Уже есть аккаунт? Войти</a>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+{% endblock %}

web-python/templates/reset_password.html

@@ -0,0 +1,27 @@
+{% extends "base.html" %}
+{% block title %}Новый пароль — ЭВОСИНК{% endblock %}
+
+{% block content %}
+<div class="row justify-content-center">
+    <div class="col-sm-10 col-md-6 col-lg-5">
+        <div class="card shadow-sm mt-4">
+            <div class="card-body p-4">
+                <h1 class="card-title h4 mb-4">Новый пароль</h1>
+                <form method="post" action="/reset-password?token={{ token }}">
+                    <div class="mb-3">
+                        <label for="password" class="form-label">Новый пароль</label>
+                        <input type="password" id="password" name="password" class="form-control" required>
+                    </div>
+                    <div class="mb-4">
+                        <label for="password_confirm" class="form-label">Подтверждение пароля</label>
+                        <input type="password" id="password_confirm" name="password_confirm" class="form-control" required>
+                    </div>
+                    <div class="d-grid">
+                        <button type="submit" class="btn btn-primary">Сменить пароль</button>
+                    </div>
+                </form>
+            </div>
+        </div>
+    </div>
+</div>
+{% endblock %}

web-python/templates/sync.html

@@ -0,0 +1,110 @@
+{% extends "base.html" %}
+{% block title %}Синхронизация — ЭВОСИНК{% endblock %}
+
+{% block content %}
+<h1 class="h4 mb-4">Синхронизация</h1>
+
+{% if not evotor %}
+<div class="alert alert-warning d-flex align-items-center gap-2">
+    <i class="bi bi-exclamation-triangle-fill"></i>
+    <span>Эвотор не подключён. <a href="/evotor">Подключить Эвотор</a></span>
+</div>
+{% endif %}
+
+{% if not vk %}
+<div class="alert alert-warning d-flex align-items-center gap-2">
+    <i class="bi bi-exclamation-triangle-fill"></i>
+    <span>ВКонтакте не подключён. <a href="/vk">Подключить ВКонтакте</a></span>
+</div>
+{% endif %}
+
+<div class="row g-3">
+
+    {# ── Status card ── #}
+    <div class="col-12 col-md-6">
+        <div class="card shadow-sm h-100">
+            <div class="card-body">
+                <h5 class="card-title mb-3">Статус</h5>
+
+                <div class="mb-3">
+                    {% if status == "active" %}
+                        <span class="badge bg-success fs-6"><i class="bi bi-play-fill me-1"></i>Активна</span>
+                    {% elif status == "paused" %}
+                        <span class="badge bg-secondary fs-6"><i class="bi bi-pause-fill me-1"></i>Приостановлена</span>
+                    {% elif status == "pending" %}
+                        <span class="badge bg-warning text-dark fs-6"><i class="bi bi-clock me-1"></i>Ожидает подтверждения</span>
+                    {% else %}
+                        <span class="badge bg-light text-dark border fs-6"><i class="bi bi-gear me-1"></i>Не настроено</span>
+                    {% endif %}
+                </div>
+
+                {% if config.confirmed_at %}
+                <p class="text-muted small mb-3">
+                    Запущена: {{ config.confirmed_at.strftime("%d.%m.%Y %H:%M") }}
+                </p>
+                {% endif %}
+
+                <div class="d-flex gap-2 flex-wrap">
+                    {# Toggle enable/disable #}
+                    <form method="post" action="/sync/toggle">
+                        {% if config.is_enabled %}
+                            <button type="submit" class="btn btn-outline-secondary btn-sm">
+                                <i class="bi bi-pause-fill me-1"></i>Приостановить
+                            </button>
+                        {% else %}
+                            <button type="submit" class="btn btn-outline-primary btn-sm" {% if not evotor or not vk %}disabled{% endif %}>
+                                <i class="bi bi-play-fill me-1"></i>Включить
+                            </button>
+                        {% endif %}
+                    </form>
+
+                    {# Confirm button #}
+                    {% if config.is_enabled and summary.total > 0 %}
+                    <form method="post" action="/sync/confirm">
+                        <button type="submit" class="btn btn-success btn-sm">
+                            <i class="bi bi-check-lg me-1"></i>Подтвердить и запустить
+                        </button>
+                    </form>
+                    {% endif %}
+                </div>
+
+                {% if config.is_enabled and summary.total == 0 %}
+                <p class="text-muted small mt-2 mb-0">
+                    <i class="bi bi-info-circle me-1"></i>Настройте фильтры, чтобы подтвердить запуск.
+                </p>
+                {% endif %}
+            </div>
+        </div>
+    </div>
+
+    {# ── Filters card ── #}
+    <div class="col-12 col-md-6">
+        <div class="card shadow-sm h-100">
+            <div class="card-body">
+                <h5 class="card-title mb-3">Фильтры</h5>
+
+                {% if summary.total > 0 %}
+                <ul class="list-unstyled mb-3">
+                    {% if summary.stores > 0 %}
+                    <li class="text-muted small"><i class="bi bi-shop me-1"></i>Магазины: {{ summary.stores }} правил</li>
+                    {% endif %}
+                    {% if summary.groups > 0 %}
+                    <li class="text-muted small"><i class="bi bi-folder me-1"></i>Группы: {{ summary.groups }} правил</li>
+                    {% endif %}
+                    {% if summary.products > 0 %}
+                    <li class="text-muted small"><i class="bi bi-box me-1"></i>Товары: {{ summary.products }} правил</li>
+                    {% endif %}
+                </ul>
+                {% else %}
+                <p class="text-muted small mb-3">Фильтры не настроены — будут синхронизированы все товары.</p>
+                {% endif %}
+
+                <a href="/catalog" class="btn btn-outline-primary btn-sm" {% if not evotor %}disabled{% endif %}>
+                    <i class="bi bi-sliders me-1"></i>Настроить фильтры
+                </a>
+            </div>
+        </div>
+    </div>
+
+</div>
+{% endblock %}

web-python/templates/vk.html

@@ -0,0 +1,109 @@
+{% extends "base.html" %}
+{% block title %}Подключение ВКонтакте — ЭВОСИНК{% endblock %}
+
+{% block content %}
+<div class="row justify-content-center">
+    <div class="col-sm-10 col-md-7 col-lg-6">
+
+        {% if error %}
+        <div class="alert alert-danger mt-4">
+            {% if error == "invalid_token" %}
+                <i class="bi bi-exclamation-triangle me-2"></i>Токен недействителен или у него нет прав администратора сообщества.
+            {% elif error == "empty_token" %}
+                <i class="bi bi-exclamation-triangle me-2"></i>Введите токен.
+            {% elif error == "no_client_id" %}
+                <i class="bi bi-exclamation-triangle me-2"></i>Автоматическое подключение не настроено. Введите токен вручную.
+            {% else %}
+                <i class="bi bi-exclamation-triangle me-2"></i>Произошла ошибка при подключении: {{ error }}
+            {% endif %}
+        </div>
+        {% endif %}
+
+        <div class="card shadow-sm mt-4">
+            <div class="card-header">
+                <h1 class="h5 mb-0">Подключение ВКонтакте</h1>
+            </div>
+
+            {% if connection %}
+            {# ── CONNECTED STATE ── #}
+            <ul class="list-group list-group-flush">
+                <li class="list-group-item d-flex justify-content-between align-items-center">
+                    <span class="text-muted small">Статус</span>
+                    <span class="badge bg-success"><i class="bi bi-check-circle me-1"></i>Подключено</span>
+                </li>
+                {% if connection.first_name %}
+                <li class="list-group-item d-flex justify-content-between align-items-center">
+                    <span class="text-muted small">Сообщество</span>
+                    <span>{{ connection.first_name }}</span>
+                </li>
+                {% endif %}
+                {% if connection.vk_user_id %}
+                <li class="list-group-item d-flex justify-content-between align-items-center">
+                    <span class="text-muted small">ID сообщества</span>
+                    <span class="font-monospace small text-muted">{{ connection.vk_user_id }}</span>
+                </li>
+                {% endif %}
+                <li class="list-group-item d-flex justify-content-between align-items-center">
+                    <span class="text-muted small">Подключено</span>
+                    <span class="small">{{ connection.connected_at.strftime("%d.%m.%Y %H:%M") }}</span>
+                </li>
+            </ul>
+            <div class="card-footer">
+                <p class="text-muted small mb-2">Обновить токен пользователя:</p>
+                <form method="post" action="/vk/token">
+                    <div class="input-group input-group-sm">
+                        <input type="text" name="token" class="form-control font-monospace" placeholder="Новый токен пользователя" required>
+                        <button type="submit" class="btn btn-outline-secondary">Обновить</button>
+                    </div>
+                </form>
+            </div>
+            <div class="card-body d-grid">
+                <form method="post" action="/vk/disconnect">
+                    <button type="submit" class="btn btn-outline-danger w-100">Отключить ВКонтакте</button>
+                </form>
+            </div>
+
+            {% else %}
+            {# ── NOT CONNECTED STATE ── #}
+            <div class="card-body">
+                {% if vk_client_id %}
+                <p class="text-muted mb-4">
+                    Нажмите кнопку ниже, чтобы авторизоваться через ВКонтакте и выдать доступ к управлению товарами вашего сообщества.
+                </p>
+                <div class="d-grid mb-3">
+                    <a href="/vk/connect" class="btn btn-primary btn-lg">
+                        <i class="bi bi-box-arrow-in-right me-2"></i>Подключить ВКонтакте
+                    </a>
+                </div>
+                <hr class="my-4">
+                <p class="text-muted small mb-2">Или введите токен вручную:</p>
+                {% else %}
+                <p class="text-muted mb-3">
+                    Для синхронизации товаров необходим <strong>токен пользователя</strong> ВКонтакте
+                    с правами на управление товарами сообщества.
+                </p>
+                {% endif %}
+
+                <form method="post" action="/vk/token">
+                    <div class="mb-3">
+                        <label class="form-label small text-muted">Токен пользователя ВКонтакте</label>
+                        <input type="text" name="token" class="form-control font-monospace" placeholder="Вставьте токен пользователя" required {% if vk_client_id %}{% else %}autofocus{% endif %}>
+                    </div>
+                    <div class="d-grid">
+                        <button type="submit" class="btn {% if vk_client_id %}btn-outline-secondary{% else %}btn-primary{% endif %}">Подключить</button>
+                    </div>
+                </form>
+            </div>
+            {% endif %}
+
+        </div>
+
+        <div class="mt-3 text-center">
+            <a href="/connections" class="text-muted small">
+                <i class="bi bi-arrow-left me-1"></i>Вернуться к подключениям
+            </a>
+        </div>
+
+    </div>
+</div>
+{% endblock %}

web-python/templates/vk_callback.html

@@ -0,0 +1,47 @@
+{% extends "base.html" %}
+{% block title %}Подключение ВКонтакте — ЭВОСИНК{% endblock %}
+
+{% block content %}
+<div class="row justify-content-center">
+    <div class="col-sm-10 col-md-7 col-lg-6">
+        <div class="card shadow-sm mt-4 text-center">
+            <div class="card-body py-5">
+                <div id="state-loading">
+                    <div class="spinner-border text-primary mb-3" role="status"></div>
+                    <p class="text-muted mb-0">Подключение ВКонтакте…</p>
+                </div>
+                <div id="state-error" class="d-none">
+                    <i class="bi bi-exclamation-triangle-fill text-danger fs-1 mb-3 d-block"></i>
+                    <p class="text-muted mb-3" id="error-message">Не удалось получить токен от ВКонтакте.</p>
+                    <a href="/vk" class="btn btn-outline-secondary">Попробовать снова</a>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+
+<form id="token-form" method="post" action="/vk/token" class="d-none">
+    <input type="hidden" name="token" id="token-input">
+</form>
+
+<script>
+(function () {
+    var hash = window.location.hash.slice(1);
+    var params = {};
+    hash.split("&").forEach(function (part) {
+        var kv = part.split("=");
+        params[decodeURIComponent(kv[0])] = decodeURIComponent(kv[1] || "");
+    });
+
+    if (params.access_token) {
+        document.getElementById("token-input").value = params.access_token;
+        document.getElementById("token-form").submit();
+    } else {
+        var msg = params.error_description || params.error || "Авторизация отклонена.";
+        document.getElementById("error-message").textContent = msg;
+        document.getElementById("state-loading").classList.add("d-none");
+        document.getElementById("state-error").classList.remove("d-none");
+    }
+})();
+</script>
+{% endblock %}

web-python/templates_env.py

@@ -0,0 +1,6 @@
+from fastapi.templating import Jinja2Templates
+
+from web.config import settings
+
+templates = Jinja2Templates(directory="web/templates")
+templates.env.globals["jivosite_widget_id"] = settings.JIVOSITE_WIDGET_ID