Examplebonus22

Sleeping

App Files Files Community

Kgshop commited on Jun 18

Commit

c712630

verified ·

1 Parent(s): c54f89a

Upload Soola.txt

Browse files

Files changed (1) hide show

Soola.txt +874 -0

Soola.txt ADDED Viewed

	@@ -0,0 +1,874 @@

+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+import os
+from flask import Flask, request, Response, render_template_string, jsonify
+import hmac
+import hashlib
+import json
+from urllib.parse import unquote, parse_qs
+import time
+from datetime import datetime
+import logging
+import threading
+from huggingface_hub import HfApi, hf_hub_download
+from huggingface_hub.utils import RepositoryNotFoundError
+import uuid
+BOT_TOKEN = os.getenv("BOT_TOKEN", "7531615056:AAFL7Lp1kc-sAshoiM0tfez5-7wea26GXYU")
+HOST = '0.0.0.0'
+PORT = 7860
+DATA_FILE = 'druzhba_data.json'
+REPO_ID = "flpolprojects/druzhbabase"
+HF_DATA_FILE_PATH = "druzhba_data.json"
+HF_TOKEN_WRITE = os.getenv("HF_TOKEN_WRITE")
+HF_TOKEN_READ = os.getenv("HF_TOKEN_READ")
+app = Flask(__name__)
+logging.basicConfig(level=logging.INFO)
+app.secret_key = os.urandom(24)
+_data_lock = threading.Lock()
+visitor_data_cache = {}
+def download_data_from_hf():
+    global visitor_data_cache
+    if not HF_TOKEN_READ:
+        logging.warning("HF_TOKEN_READ not set. Skipping Hugging Face download.")
+        return False
+    try:
+        logging.info(f"Attempting to download {HF_DATA_FILE_PATH} from {REPO_ID}...")
+        hf_hub_download(
+            repo_id=REPO_ID,
+            filename=HF_DATA_FILE_PATH,
+            repo_type="dataset",
+            token=HF_TOKEN_READ,
+            local_dir=".",
+            local_dir_use_symlinks=False,
+            force_download=True,
+            etag_timeout=10
+        )
+        logging.info("Data file successfully downloaded from Hugging Face.")
+        with _data_lock:
+            try:
+                with open(DATA_FILE, 'r', encoding='utf-8') as f:
+                    visitor_data_cache = json.load(f)
+                logging.info("Successfully loaded downloaded data into cache.")
+            except (FileNotFoundError, json.JSONDecodeError) as e:
+                 logging.error(f"Error reading downloaded data file: {e}. Starting with empty cache.")
+                 visitor_data_cache = {}
+        return True
+    except RepositoryNotFoundError:
+        logging.error(f"Hugging Face repository '{REPO_ID}' not found. Cannot download data.")
+    except Exception as e:
+        logging.error(f"Error downloading data from Hugging Face: {e}")
+    return False
+def load_visitor_data():
+    global visitor_data_cache
+    with _data_lock:
+        if not visitor_data_cache:
+            try:
+                with open(DATA_FILE, 'r', encoding='utf-8') as f:
+                    visitor_data_cache = json.load(f)
+                logging.info("Visitor data loaded from local JSON.")
+            except FileNotFoundError:
+                logging.warning(f"{DATA_FILE} not found locally. Starting with empty data.")
+                visitor_data_cache = {}
+            except json.JSONDecodeError:
+                logging.error(f"Error decoding {DATA_FILE}. Starting with empty data.")
+                visitor_data_cache = {}
+            except Exception as e:
+                logging.error(f"Unexpected error loading visitor data: {e}")
+                visitor_data_cache = {}
+        return visitor_data_cache
+def save_visitor_data(data):
+    with _data_lock:
+        try:
+            visitor_data_cache.update(data)
+            with open(DATA_FILE, 'w', encoding='utf-8') as f:
+                json.dump(visitor_data_cache, f, ensure_ascii=False, indent=4)
+            logging.info(f"Visitor data successfully saved to {DATA_FILE}.")
+            upload_data_to_hf_async()
+        except Exception as e:
+            logging.error(f"Error saving visitor data: {e}")
+def upload_data_to_hf():
+    if not HF_TOKEN_WRITE:
+        logging.warning("HF_TOKEN_WRITE not set. Skipping Hugging Face upload.")
+        return
+    if not os.path.exists(DATA_FILE):
+        logging.warning(f"{DATA_FILE} does not exist. Skipping upload.")
+        return
+    try:
+        api = HfApi()
+        with _data_lock:
+             if not os.path.getsize(DATA_FILE) > 0:
+                 logging.warning(f"{DATA_FILE} is empty. Skipping upload.")
+                 return
+             logging.info(f"Attempting to upload {DATA_FILE} to {REPO_ID}/{HF_DATA_FILE_PATH}...")
+             api.upload_file(
+                 path_or_fileobj=DATA_FILE,
+                 path_in_repo=HF_DATA_FILE_PATH,
+                 repo_id=REPO_ID,
+                 repo_type="dataset",
+                 token=HF_TOKEN_WRITE,
+                 commit_message=f"Update bonus data {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}"
+             )
+        logging.info("Bonus data successfully uploaded to Hugging Face.")
+    except Exception as e:
+        logging.error(f"Error uploading data to Hugging Face: {e}")
+def upload_data_to_hf_async():
+     upload_thread = threading.Thread(target=upload_data_to_hf, daemon=True)
+     upload_thread.start()
+def periodic_backup():
+     if not HF_TOKEN_WRITE:
+         logging.info("Periodic backup disabled: HF_TOKEN_WRITE not set.")
+         return
+     while True:
+         time.sleep(3600)
+         logging.info("Initiating periodic backup...")
+         upload_data_to_hf()
+def verify_telegram_data(init_data_str):
+    try:
+        parsed_data = parse_qs(init_data_str)
+        received_hash = parsed_data.pop('hash', [None])[0]
+        if not received_hash:
+            return None, False
+        data_check_list = []
+        for key, value in sorted(parsed_data.items()):
+            data_check_list.append(f"{key}={value[0]}")
+        data_check_string = "\n".join(data_check_list)
+        secret_key = hmac.new("WebAppData".encode(), BOT_TOKEN.encode(), hashlib.sha256).digest()
+        calculated_hash = hmac.new(secret_key, data_check_string.encode(), hashlib.sha256).hexdigest()
+        if calculated_hash == received_hash:
+            return parsed_data, True
+        else:
+            logging.warning(f"Data verification failed. Calculated: {calculated_hash}, Received: {received_hash}")
+            return parsed_data, False
+    except Exception as e:
+        logging.error(f"Error verifying Telegram data: {e}")
+        return None, False
+USER_TEMPLATE = """
+<!DOCTYPE html>
+<html lang="ru">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no, user-scalable=no, viewport-fit=cover">
+    <title>Druzhba Bonus</title>
+    <script src="https://telegram.org/js/telegram-web-app.js"></script>
+    <link rel="preconnect" href="https://fonts.googleapis.com">
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+    <link href="https://fonts.googleapis.com/css2?family=Manrope:wght@400;500;600;700;800&display=swap" rel="stylesheet">
+    <style>
+        :root {
+            --druzhba-yellow: {{ theme.button_color | default('#ffc700') }};
+            --druzhba-black: {{ theme.bg_color | default('#121212') }};
+            --druzhba-text: {{ theme.text_color | default('#ffffff') }};
+            --druzhba-text-secondary: {{ theme.hint_color | default('#8a8a8e') }};
+            --druzhba-card-bg: {{ theme.secondary_bg_color | default('#1c1c1e') }};
+            --border-radius: 16px;
+            --padding-m: 16px;
+            --padding-l: 24px;
+        }
+        * { box-sizing: border-box; margin: 0; padding: 0; }
+        body {
+            font-family: 'Manrope', -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif;
+            background-color: var(--druzhba-black);
+            color: var(--druzhba-text);
+            padding: var(--padding-m);
+            -webkit-font-smoothing: antialiased;
+            -moz-osx-font-smoothing: grayscale;
+            visibility: hidden;
+            min-height: 100vh;
+        }
+        .container {
+            max-width: 600px;
+            margin: 0 auto;
+            display: flex;
+            flex-direction: column;
+            gap: var(--padding-l);
+        }
+        .header {
+            text-align: center;
+            padding: var(--padding-m) 0;
+        }
+        .logo {
+            font-size: 2em;
+            font-weight: 800;
+            color: var(--druzhba-yellow);
+        }
+        .user-greeting {
+            margin-top: 8px;
+            font-size: 1.1em;
+            font-weight: 500;
+            color: var(--druzhba-text-secondary);
+        }
+        .balance-card {
+            background: linear-gradient(135deg, var(--druzhba-card-bg), #2c2c2e);
+            border-radius: var(--border-radius);
+            padding: var(--padding-l);
+            text-align: center;
+            box-shadow: 0 8px 32px rgba(0, 0, 0, 0.3);
+            border: 1px solid rgba(255, 255, 255, 0.1);
+        }
+        .balance-title {
+            font-size: 1.1em;
+            font-weight: 500;
+            color: var(--druzhba-text-secondary);
+            margin-bottom: 8px;
+        }
+        .balance-amount {
+            font-size: 3em;
+            font-weight: 800;
+            color: var(--druzhba-yellow);
+            line-height: 1.2;
+        }
+        .loader {
+            font-size: 1.5em;
+            font-weight: 600;
+            color: var(--druzhba-text-secondary);
+            animation: pulse 1.5s infinite ease-in-out;
+        }
+        @keyframes pulse {
+            0% { opacity: 1; }
+            50% { opacity: 0.5; }
+            100% { opacity: 1; }
+        }
+        .history-section {
+            background-color: var(--druzhba-card-bg);
+            border-radius: var(--border-radius);
+            padding: var(--padding-l);
+        }
+        .history-title {
+            font-size: 1.5em;
+            font-weight: 700;
+            margin-bottom: var(--padding-m);
+        }
+        .transaction-list {
+            list-style: none;
+            padding: 0;
+            display: flex;
+            flex-direction: column;
+            gap: var(--padding-m);
+        }
+        .transaction-item {
+            display: flex;
+            justify-content: space-between;
+            align-items: center;
+            padding-bottom: var(--padding-m);
+            border-bottom: 1px solid rgba(255, 255, 255, 0.08);
+        }
+        .transaction-item:last-child {
+            border-bottom: none;
+            padding-bottom: 0;
+        }
+        .transaction-details {
+            display: flex;
+            flex-direction: column;
+            gap: 4px;
+        }
+        .transaction-description {
+            font-weight: 600;
+            font-size: 1em;
+        }
+        .transaction-date {
+            font-size: 0.85em;
+            color: var(--druzhba-text-secondary);
+        }
+        .transaction-amount {
+            font-weight: 700;
+            font-size: 1.2em;
+        }
+        .transaction-amount.accrual { color: #34c759; }
+        .transaction-amount.deduction { color: #ff3b30; }
+        .no-history {
+            text-align: center;
+            padding: 32px 0;
+            color: var(--druzhba-text-secondary);
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <header class="header">
+            <div class="logo">DRUZHBA</div>
+            <div id="user-greeting" class="user-greeting">Загрузка...</div>
+        </header>
+        <section class="balance-card">
+            <div class="balance-title">Ваш бонусный баланс</div>
+            <div id="balance-amount" class="balance-amount loader">...</div>
+        </section>
+        <section class="history-section">
+            <h2 class="history-title">История операций</h2>
+            <ul id="transaction-list" class="transaction-list">
+                <li class="no-history">История операций пуста</li>
+            </ul>
+        </section>
+    </div>
+    <script>
+        const tg = window.Telegram.WebApp;
+        function applyTheme(themeParams) {
+            const root = document.documentElement;
+            root.style.setProperty('--druzhba-yellow', themeParams.button_color || '#ffc700');
+            root.style.setProperty('--druzhba-black', themeParams.bg_color || '#121212');
+            root.style.setProperty('--druzhba-text', themeParams.text_color || '#ffffff');
+            root.style.setProperty('--druzhba-text-secondary', themeParams.hint_color || '#8a8a8e');
+            root.style.setProperty('--druzhba-card-bg', themeParams.secondary_bg_color || '#1c1c1e');
+        }
+        function formatBonus(amount) {
+            return parseFloat(amount).toLocaleString('ru-RU', { minimumFractionDigits: 2, maximumFractionDigits: 2 });
+        }
+        function updateUI(userData) {
+            const greetingEl = document.getElementById('user-greeting');
+            const balanceEl = document.getElementById('balance-amount');
+            const transactionListEl = document.getElementById('transaction-list');
+            const name = userData.first_name || userData.username || 'Гость';
+            greetingEl.textContent = `Добро пожаловать, ${name}!`;
+            balanceEl.classList.remove('loader');
+            balanceEl.textContent = formatBonus(userData.balance || 0);
+            transactionListEl.innerHTML = '';
+            if (userData.transactions && userData.transactions.length > 0) {
+                const sortedTransactions = userData.transactions.sort((a, b) => b.timestamp - a.timestamp);
+                sortedTransactions.forEach(tx => {
+                    const item = document.createElement('li');
+                    item.className = 'transaction-item';
+                    const date = new Date(tx.timestamp * 1000);
+                    const formattedDate = date.toLocaleString('ru-RU', { day: '2-digit', month: 'long', year: 'numeric', hour: '2-digit', minute: '2-digit' });
+                    const sign = tx.type === 'accrual' ? '+' : '-';
+                    const amountClass = tx.type === 'accrual' ? 'accrual' : 'deduction';
+                    item.innerHTML = `
+                        <div class="transaction-details">
+                            <span class="transaction-description">${tx.description}</span>
+                            <span class="transaction-date">${formattedDate}</span>
+                        </div>
+                        <span class="transaction-amount ${amountClass}">
+                            ${sign} ${formatBonus(tx.amount)}
+                        </span>
+                    `;
+                    transactionListEl.appendChild(item);
+                });
+            } else {
+                transactionListEl.innerHTML = '<li class="no-history">История операций пуста</li>';
+            }
+        }
+        function setupTelegram() {
+             if (!tg || !tg.initData) {
+                 console.error("Telegram WebApp script not loaded or initData is missing.");
+                 document.getElementById('user-greeting').textContent = 'Ошибка загрузки.';
+                 document.body.style.visibility = 'visible';
+                 return;
+             }
+            tg.ready();
+            tg.expand();
+            applyTheme(tg.themeParams);
+            tg.onEvent('themeChanged', () => applyTheme(tg.themeParams));
+             fetch('/verify', {
+                 method: 'POST',
+                 headers: { 'Content-Type': 'application/json' },
+                 body: JSON.stringify({ initData: tg.initData }),
+             })
+             .then(response => response.json())
+             .then(data => {
+                 if (data.status === 'ok' && data.verified) {
+                     updateUI(data.user);
+                 } else {
+                     throw new Error(data.message || 'Verification failed');
+                 }
+             })
+             .catch(error => {
+                 console.error('Error fetching user data:', error);
+                 document.getElementById('user-greeting').textContent = 'Не удалось загрузить данные.';
+             });
+             document.body.style.visibility = 'visible';
+        }
+        window.addEventListener('load', setupTelegram);
+    </script>
+</body>
+</html>
+"""
+ADMIN_TEMPLATE = """
+<!DOCTYPE html>
+<html lang="ru">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Druzhba Admin</title>
+    <link rel="preconnect" href="https://fonts.googleapis.com">
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet">
+    <style>
+        :root {
+            --admin-bg: #f0f2f5; --admin-text: #333; --admin-card-bg: #fff; --admin-border: #e0e0e0;
+            --admin-shadow: rgba(0, 0, 0, 0.08); --admin-primary: #1877f2; --admin-secondary: #65676b;
+            --admin-success: #31a24c; --admin-danger: #e02c4b; --admin-yellow: #ffc700;
+            --border-radius: 12px; --padding: 1.5rem; --font-family: 'Inter', sans-serif;
+        }
+        body { font-family: var(--font-family); background-color: var(--admin-bg); margin: 0; padding: var(--padding); }
+        .container { max-width: 1200px; margin: 0 auto; }
+        h1 { text-align: center; color: var(--admin-secondary); margin-bottom: 1rem; }
+        .controls-container {
+            display: flex; flex-wrap: wrap; gap: 1rem; justify-content: space-between; align-items: center;
+            background: var(--admin-card-bg); padding: 1rem; border-radius: var(--border-radius);
+            box-shadow: 0 2px 8px var(--admin-shadow); margin-bottom: 2rem;
+        }
+        .search-box { flex-grow: 1; max-width: 400px; }
+        .search-box input {
+            width: 100%; padding: 12px 16px; font-size: 1em; border-radius: 8px;
+            border: 1px solid var(--admin-border); transition: border-color 0.2s;
+        }
+        .search-box input:focus { border-color: var(--admin-primary); outline: none; }
+        .user-grid {
+            display: grid; grid-template-columns: repeat(auto-fill, minmax(300px, 1fr)); gap: 1.5rem;
+        }
+        .user-card {
+            background-color: var(--admin-card-bg); border-radius: var(--border-radius); padding: 1.5rem;
+            box-shadow: 0 4px 12px var(--admin-shadow); border: 1px solid var(--admin-border);
+            display: flex; flex-direction: column; transition: transform 0.2s, box-shadow 0.2s;
+        }
+        .user-card:hover { transform: translateY(-4px); box-shadow: 0 8px 20px rgba(0, 0, 0, 0.1); }
+        .user-info { display: flex; align-items: center; gap: 1rem; margin-bottom: 1rem; }
+        .user-info img { width: 60px; height: 60px; border-radius: 50%; object-fit: cover; }
+        .user-name-details { flex-grow: 1; }
+        .user-name { font-weight: 600; font-size: 1.15em; margin-bottom: 0.2rem; }
+        .user-username { color: var(--admin-secondary); font-size: 0.95em; }
+        .user-balance {
+            margin-top: 1rem; padding: 0.8rem; background-color: #f7f7f7; border-radius: 8px;
+            text-align: center; border: 1px solid #eee;
+        }
+        .user-balance-label { font-size: 0.8em; color: var(--admin-secondary); text-transform: uppercase; letter-spacing: 0.5px; }
+        .user-balance-amount { font-size: 1.5em; font-weight: 700; color: var(--admin-primary); }
+        .user-card-actions { margin-top: 1.5rem; }
+        .btn {
+            display: inline-block; width: 100%; text-align: center; padding: 12px; font-size: 1em; font-weight: 600;
+            border: none; border-radius: 8px; cursor: pointer; transition: background-color 0.2s;
+        }
+        .btn-manage { background-color: var(--admin-primary); color: #fff; }
+        .btn-manage:hover { background-color: #166fe5; }
+        .modal {
+            display: none; position: fixed; z-index: 1001; left: 0; top: 0; width: 100%; height: 100%;
+            overflow: auto; background-color: rgba(0,0,0,0.6); backdrop-filter: blur(5px);
+        }
+        .modal-content {
+            background-color: var(--admin-card-bg); margin: 5% auto; padding: 2rem;
+            border-radius: var(--border-radius); width: 90%; max-width: 600px;
+            box-shadow: 0 10px 40px rgba(0,0,0,0.2); position: relative;
+        }
+        .modal-close {
+            color: #aaa; position: absolute; top: 1rem; right: 1.5rem; font-size: 32px;
+            font-weight: bold; cursor: pointer; line-height: 1;
+        }
+        .modal-header { margin-bottom: 1.5rem; }
+        .modal-title { font-size: 1.5em; font-weight: 700; }
+        .modal-subtitle { color: var(--admin-secondary); }
+        .modal-body { display: flex; flex-direction: column; gap: 2rem; }
+        .form-section { padding: 1.5rem; border: 1px solid var(--admin-border); border-radius: 8px; }
+        .form-section h3 { margin-top: 0; margin-bottom: 1rem; font-weight: 600; }
+        .form-group { margin-bottom: 1rem; }
+        .form-group label { display: block; font-weight: 500; margin-bottom: 0.5rem; }
+        .form-group input { width: 100%; padding: 12px; font-size: 1em; border: 1px solid #ccc; border-radius: 8px; }
+        .form-actions { text-align: right; }
+        .btn-submit { background-color: var(--admin-success); color: #fff; padding: 12px 24px; }
+        .history-list { list-style: none; padding: 0; max-height: 300px; overflow-y: auto; }
+        .history-item { display: flex; justify-content: space-between; padding: 0.8rem 0; border-bottom: 1px solid #f0f0f0; }
+        .history-item:last-child { border: none; }
+        .history-desc { font-size: 0.95em; }
+        .history-date { font-size: 0.8em; color: #888; }
+        .history-amount { font-weight: 600; }
+        .history-amount.accrual { color: var(--admin-success); }
+        .history-amount.deduction { color: var(--admin-danger); }
+        .status-message { margin-top: 1rem; padding: 1rem; border-radius: 8px; text-align: center; display: none; }
+        .status-message.success { background-color: #eaf6ec; color: var(--admin-success); }
+        .status-message.error { background-color: #fcebec; color: var(--admin-danger); }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <h1>Панель администратора Druzhba</h1>
+        <div class="controls-container">
+            <div class="search-box">
+                <input type="text" id="searchInput" placeholder="Поиск по имени, username или ID...">
+            </div>
+        </div>
+        <div class="user-grid" id="userGrid">
+            {% for user in users|sort(attribute='visited_at', reverse=true) %}
+                <div class="user-card" data-search-term="{{ user.first_name or '' }} {{ user.last_name or '' }} @{{ user.username or '' }} {{ user.id }}">
+                    <div class="user-info">
+                        <img src="{{ user.photo_url or 'data:image/svg+xml;charset=UTF-8,%3csvg xmlns=%27http://www.w3.org/2000/svg%27 viewBox=%270 0 100 100%27%3e%3crect width=%27100%27 height=%27100%27 fill=%27%23e9ecef%27/%3e%3ctext x=%2750%25%27 y=%2755%25%27 dominant-baseline=%27middle%27 text-anchor=%27middle%27 font-size=%2745%27 font-family=%27sans-serif%27 fill=%27%23adb5bd%27%3e?%3c/text%3e%3c/svg%3e' }}" alt="Avatar">
+                        <div class="user-name-details">
+                            <div class="user-name">{{ user.first_name or '' }} {{ user.last_name or '' }}</div>
+                            {% if user.username %}<div class="user-username">@{{ user.username }}</div>{% endif %}
+                        </div>
+                    </div>
+                    <div class="user-balance">
+                        <div class="user-balance-label">Бонусный баланс</div>
+                        <div class="user-balance-amount" id="balance-{{ user.id }}">{{ "%.2f"|format(user.balance|float) }}</div>
+                    </div>
+                    <div class="user-card-actions">
+                        <button class="btn btn-manage"
+                            data-user-id="{{ user.id }}"
+                            data-user-name="{{ user.first_name or '' }} {{ user.last_name or '' }}"
+                            data-user-balance="{{ user.balance|float }}"
+                            data-user-transactions='{{ user.transactions|tojson|safe }}'>
+                            Управление бонусами
+                        </button>
+                    </div>
+                </div>
+            {% endfor %}
+        </div>
+    </div>
+    <div id="manageModal" class="modal">
+        <div class="modal-content">
+            <span class="modal-close" id="modal-close-btn">×</span>
+            <div class="modal-header">
+                <h2 id="modal-title" class="modal-title">Управление бонусами</h2>
+                <div id="modal-subtitle" class="modal-subtitle"></div>
+            </div>
+            <div class="modal-body">
+                <section class="form-section">
+                    <h3>Новая операция</h3>
+                    <form id="transactionForm">
+                        <input type="hidden" id="modal-user-id">
+                        <div class="form-group">
+                            <label for="purchase_amount">Сумма покупки (для начисления 2%)</label>
+                            <input type="number" id="purchase_amount" name="purchase_amount" placeholder="Например: 5000" min="0" step="any">
+                        </div>
+                        <div class="form-group">
+                            <label for="spend_amount">Списать бонусов (текущий баланс: <span id="modal-current-balance">0.00</span>)</label>
+                            <input type="number" id="spend_amount" name="spend_amount" placeholder="Например: 150.50" min="0" step="any">
+                        </div>
+                        <div class="form-actions">
+                            <button type="submit" class="btn btn-submit">Провести операцию</button>
+                        </div>
+                    </form>
+                     <div id="statusMessage" class="status-message"></div>
+                </section>
+                <section>
+                    <h3>История операций</h3>
+                    <ul id="modal-history-list" class="history-list">
+                        <li>Нет данных</li>
+                    </ul>
+                </section>
+            </div>
+        </div>
+    </div>
+    <script>
+        document.addEventListener('DOMContentLoaded', () => {
+            const searchInput = document.getElementById('searchInput');
+            const userGrid = document.getElementById('userGrid');
+            const userCards = userGrid.querySelectorAll('.user-card');
+            searchInput.addEventListener('input', (e) => {
+                const searchTerm = e.target.value.toLowerCase();
+                userCards.forEach(card => {
+                    const cardSearchTerm = card.dataset.searchTerm.toLowerCase();
+                    if (cardSearchTerm.includes(searchTerm)) {
+                        card.style.display = '';
+                    } else {
+                        card.style.display = 'none';
+                    }
+                });
+            });
+            const modal = document.getElementById('manageModal');
+            const closeBtn = document.getElementById('modal-close-btn');
+            const transactionForm = document.getElementById('transactionForm');
+            const statusMessage = document.getElementById('statusMessage');
+            document.querySelectorAll('.btn-manage').forEach(button => {
+                button.addEventListener('click', (e) => {
+                    const userData = e.currentTarget.dataset;
+                    openModal(userData);
+                });
+            });
+            function openModal(userData) {
+                document.getElementById('modal-title').textContent = `Бонусы: ${userData.userName}`;
+                document.getElementById('modal-subtitle').textContent = `ID: ${userData.userId}`;
+                document.getElementById('modal-user-id').value = userData.userId;
+                document.getElementById('modal-current-balance').textContent = parseFloat(userData.userBalance).toFixed(2);
+                transactionForm.reset();
+                statusMessage.style.display = 'none';
+                const transactions = JSON.parse(userData.userTransactions);
+                updateHistoryList(transactions);
+                modal.style.display = 'block';
+            }
+            function updateHistoryList(transactions) {
+                 const historyList = document.getElementById('modal-history-list');
+                 historyList.innerHTML = '';
+                 if (transactions && transactions.length > 0) {
+                    transactions.sort((a,b) => b.timestamp - a.timestamp).forEach(tx => {
+                        const item = document.createElement('li');
+                        item.className = 'history-item';
+                        const date = new Date(tx.timestamp * 1000).toLocaleString('ru-RU');
+                        const sign = tx.type === 'accrual' ? '+' : '-';
+                        item.innerHTML = `
+                            <div>
+                                <div class="history-desc">${tx.description}</div>
+                                <div class="history-date">${date}</div>
+                            </div>
+                            <div class="history-amount ${tx.type}">${sign} ${parseFloat(tx.amount).toFixed(2)}</div>
+                        `;
+                        historyList.appendChild(item);
+                    });
+                 } else {
+                     historyList.innerHTML = '<li>История пуста</li>';
+                 }
+            }
+            closeBtn.onclick = () => { modal.style.display = 'none'; };
+            window.onclick = (event) => { if (event.target == modal) { modal.style.display = 'none'; } };
+            transactionForm.addEventListener('submit', async (e) => {
+                e.preventDefault();
+                statusMessage.style.display = 'none';
+                const userId = document.getElementById('modal-user-id').value;
+                const purchaseAmount = document.getElementById('purchase_amount').value;
+                const spendAmount = document.getElementById('spend_amount').value;
+                try {
+                    const response = await fetch('/admin/transaction', {
+                        method: 'POST',
+                        headers: { 'Content-Type': 'application/json' },
+                        body: JSON.stringify({
+                            user_id: userId,
+                            purchase_amount: purchaseAmount || 0,
+                            spend_amount: spendAmount || 0
+                        })
+                    });
+                    const data = await response.json();
+                    if (response.ok) {
+                        statusMessage.textContent = data.message || 'Успешно!';
+                        statusMessage.className = 'status-message success';
+                        const updatedUser = data.user;
+                        document.getElementById(`balance-${userId}`).textContent = parseFloat(updatedUser.balance).toFixed(2);
+                        document.getElementById('modal-current-balance').textContent = parseFloat(updatedUser.balance).toFixed(2);
+                        const manageButton = document.querySelector(`.btn-manage[data-user-id='${userId}']`);
+                        manageButton.dataset.userBalance = updatedUser.balance;
+                        manageButton.dataset.userTransactions = JSON.stringify(updatedUser.transactions);
+                        updateHistoryList(updatedUser.transactions);
+                        transactionForm.reset();
+                    } else {
+                        throw new Error(data.message || 'Произошла ошибка');
+                    }
+                } catch (error) {
+                    statusMessage.textContent = error.message;
+                    statusMessage.className = 'status-message error';
+                }
+                statusMessage.style.display = 'block';
+            });
+        });
+    </script>
+</body>
+</html>
+"""
+@app.route('/')
+def index():
+    theme_params = {}
+    return render_template_string(USER_TEMPLATE, theme=theme_params)
+@app.route('/verify', methods=['POST'])
+def verify_data():
+    try:
+        req_data = request.get_json()
+        init_data_str = req_data.get('initData')
+        if not init_data_str:
+            return jsonify({"status": "error", "message": "Missing initData"}), 400
+        user_data_parsed, is_valid = verify_telegram_data(init_data_str)
+        user_info_dict = {}
+        if user_data_parsed and 'user' in user_data_parsed:
+            try:
+                user_json_str = unquote(user_data_parsed['user'][0])
+                user_info_dict = json.loads(user_json_str)
+            except Exception as e:
+                logging.error(f"Could not parse user JSON: {e}")
+                user_info_dict = {}
+        if is_valid:
+            user_id = str(user_info_dict.get('id'))
+            if user_id:
+                with _data_lock:
+                    all_data = load_visitor_data()
+                    now = time.time()
+                    if user_id not in all_data:
+                        user_entry = {
+                            'id': user_info_dict.get('id'),
+                            'first_name': user_info_dict.get('first_name'),
+                            'last_name': user_info_dict.get('last_name'),
+                            'username': user_info_dict.get('username'),
+                            'photo_url': user_info_dict.get('photo_url'),
+                            'language_code': user_info_dict.get('language_code'),
+                            'is_premium': user_info_dict.get('is_premium', False),
+                            'visited_at': now,
+                            'visited_at_str': datetime.fromtimestamp(now).strftime('%Y-%m-%d %H:%M:%S'),
+                            'balance': 0.0,
+                            'transactions': []
+                        }
+                        all_data[user_id] = user_entry
+                    else:
+                        all_data[user_id]['visited_at'] = now
+                        all_data[user_id]['visited_at_str'] = datetime.fromtimestamp(now).strftime('%Y-%m-%d %H:%M:%S')
+                        all_data[user_id]['first_name'] = user_info_dict.get('first_name')
+                        all_data[user_id]['last_name'] = user_info_dict.get('last_name')
+                        all_data[user_id]['username'] = user_info_dict.get('username')
+                        all_data[user_id]['photo_url'] = user_info_dict.get('photo_url')
+                    save_visitor_data({user_id: all_data[user_id]})
+                    current_user_data = all_data[user_id]
+                return jsonify({"status": "ok", "verified": True, "user": current_user_data}), 200
+        else:
+            logging.warning(f"Verification failed for user: {user_info_dict.get('id')}")
+            return jsonify({"status": "error", "verified": False, "message": "Invalid data"}), 403
+    except Exception as e:
+        logging.exception("Error in /verify endpoint")
+        return jsonify({"status": "error", "message": "Internal server error"}), 500
+@app.route('/admin')
+def admin_panel():
+    current_data = load_visitor_data()
+    users_list = list(current_data.values())
+    return render_template_string(ADMIN_TEMPLATE, users=users_list)
+@app.route('/admin/transaction', methods=['POST'])
+def admin_transaction():
+    data = request.get_json()
+    user_id = str(data.get('user_id'))
+    try:
+        purchase_amount = float(data.get('purchase_amount', 0)) if data.get('purchase_amount') else 0
+        spend_amount = float(data.get('spend_amount', 0)) if data.get('spend_amount') else 0
+    except (ValueError, TypeError):
+        return jsonify({"status": "error", "message": "Неверный формат суммы."}), 400
+    if not user_id or (purchase_amount <= 0 and spend_amount <= 0):
+        return jsonify({"status": "error", "message": "Необходимо указать сумму покупки или сумму списания."}), 400
+    with _data_lock:
+        all_data = load_visitor_data()
+        user = all_data.get(user_id)
+        if not user:
+            return jsonify({"status": "error", "message": "Пользователь не найден."}), 404
+        if spend_amount > 0:
+            if user.get('balance', 0) < spend_amount:
+                return jsonify({"status": "error", "message": f"Недостаточно бонусов. Доступно: {user.get('balance', 0):.2f}"}), 400
+            user['balance'] -= spend_amount
+            spend_transaction = {
+                "id": str(uuid.uuid4()),
+                "timestamp": time.time(),
+                "type": "deduction",
+                "amount": spend_amount,
+                "description": "Списание бонусов"
+            }
+            user.setdefault('transactions', []).append(spend_transaction)
+        if purchase_amount > 0:
+            accrual_amount = round(purchase_amount * 0.02, 2)
+            user.setdefault('balance', 0.0)
+            user['balance'] += accrual_amount
+            accrual_transaction = {
+                "id": str(uuid.uuid4()),
+                "timestamp": time.time(),
+                "type": "accrual",
+                "amount": accrual_amount,
+                "description": f"Бонусы за покупку на {purchase_amount:.2f}"
+            }
+            user.setdefault('transactions', []).append(accrual_transaction)
+        save_visitor_data({user_id: user})
+        updated_user = all_data[user_id]
+    return jsonify({"status": "ok", "message": "Операция успешно проведена.", "user": updated_user})
+@app.route('/admin/download_data', methods=['POST'])
+def admin_trigger_download():
+    success = download_data_from_hf()
+    if success:
+         return jsonify({"status": "ok", "message": "Скачивание данных с Hugging Face завершено."})
+    else:
+         return jsonify({"status": "error", "message": "Ошибка скачивания данных с Hugging Face."}), 500
+@app.route('/admin/upload_data', methods=['POST'])
+def admin_trigger_upload():
+    if not HF_TOKEN_WRITE:
+        return jsonify({"status": "error", "message": "HF_TOKEN_WRITE не настроен на сервере."}), 400
+    upload_data_to_hf_async()
+    return jsonify({"status": "ok", "message": "Загрузка данных на Hugging Face запущена."})
+if __name__ == '__main__':
+    print("--- DRUZHBA BONUS APP SERVER ---")
+    print(f"Server starting on http://{HOST}:{PORT}")
+    print(f"Data file: {DATA_FILE}")
+    print(f"Hugging Face Repo: {REPO_ID}")
+    if not HF_TOKEN_READ or not HF_TOKEN_WRITE:
+         print("WARNING: Hugging Face token(s) not set. Backup/restore functionality will be limited.")
+    else:
+         print("Hugging Face tokens found. Attempting initial data download...")
+         download_data_from_hf()
+    load_visitor_data()
+    print("WARNING: The /admin route is NOT protected by authentication.")
+    if HF_TOKEN_WRITE:
+        backup_thread = threading.Thread(target=periodic_backup, daemon=True)
+        backup_thread.start()
+        print("Periodic backup thread started (every hour).")
+    else:
+        print("Periodic backup disabled (HF_TOKEN_WRITE missing).")
+    print("--- Server Ready ---")
+    app.run(host=HOST, port=PORT, debug=False)