init commit

2025-08-10 15:31:47 +09:00
commit 377edb22d8
25 changed files with 1922 additions and 0 deletions
--- a/.env
+++ b/.env
@@ -0,0 +1,52 @@
 # BASE URL и ТАЙМАУТЫ
 API_BASE_URL=http://localhost:8080  
 API_TIMEOUT=6.0
 # API ENDPOINTS
 API_AUTH_REGISTER_PATH=/auth/v1/register
 API_AUTH_TOKEN_PATH=/auth/v1/token
 API_AUTH_REFRESH_PATH=/auth/v1/refresh
 API_ME_PATH=/auth/v1/me
 API_USERS_LIST_PATH=/auth/v1/users
 API_USER_DETAIL_PATH=/auth/v1/users/{user_id}
 API_PROFILE_ME_PATH=/profiles/v1/profiles/me
 API_PROFILES_CREATE_PATH=/profiles/v1/profiles
 API_PAIRS_PATH=/match/v1/pairs
 API_PAIR_DETAIL_PATH=/match/v1/pairs/{pair_id}
 API_PAIR_ACCEPT_PATH=/match/v1/pairs/{pair_id}/accept
 API_PAIR_REJECT_PATH=/match/v1/pairs/{pair_id}/reject
 API_ROOMS_PATH=/chat/v1/rooms
 API_ROOM_DETAIL_PATH=/chat/v1/rooms/{room_id}
 API_ROOM_MESSAGES_PATH=/chat/v1/rooms/{room_id}/messages
 API_INVOICES_PATH=/payments/v1/invoices
 API_INVOICE_DETAIL_PATH=/payments/v1/invoices/{inv_id}
 API_INVOICE_MARK_PAID_PATH=/payments/v1/invoices/{inv_id}/mark-paid
 # DJANGO SETTINGS
 DJANGO_SECRET_KEY=dsfoHPIOUSDFHGJBN:KJ4395PU(ODISjfghb;'eoqrhj23945pgiSEYDU:Hfjlbg
 ALLOWED_HOSTS="*"
 DEBUG=True
 # CORS SETTINGS
 CORS_ORIGIN_ALLOW_ALL=True
 CORS_ALLOW_CREDENTIALS=True
 # CSRF SETTINGS
 CSRF_TRUSTED_ORIGINS="http://localhost:8000"  # или другой адрес фронтенда
 CSRF_COOKIE_SECURE=False
 CSRF_COOKIE_HTTPONLY=False
 CSRF_COOKIE_SAMESITE="Lax"
 # LOG SETTINGS
 API_DEBUG = 1                # подробные логи (по умолчанию ВКЛ)
 API_LOG_BODY_MAX = 2000  # сколько символов тела логировать
 API_LOG_HEADERS = 1     # логировать заголовки
 API_LOG_CURL = 1           # печатать cURL для запроса
 API_FALLBACK_OPENAPI_ON_404 = 1
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,10 @@
 .venv
 env.
 .history
 *.bak
 *.pyc
 __pycache__/
 *.pyo
 *.pyd
 .Python
 db.sqlite3
--- a/agency/init.py
+++ b/agency/init.py
--- a/agency/asgi.py
+++ b/agency/asgi.py
@@ -0,0 +1,5 @@
 import os
 from django.core.asgi import get_asgi_application
 os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'agency.settings')
 application = get_asgi_application()
--- a/agency/settings.py
+++ b/agency/settings.py
@@ -0,0 +1,93 @@
 import os
 from pathlib import Path
 BASE_DIR = Path(__file__).resolve().parent.parent
 SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY', 'dev-insecure-change-me')
 DEBUG = os.environ.get('DEBUG', '1') == '1'
 ALLOWED_HOSTS = os.environ.get('ALLOWED_HOSTS', '*').split(',')
 # API config (external backend we talk to)
 API_BASE_URL = os.environ.get('API_BASE_URL', 'http://localhost:8001')
 API_TIMEOUT = float(os.environ.get('API_TIMEOUT', '6.0'))
 API_KEY = os.environ.get('API_KEY', '')  # optional
 INSTALLED_APPS = [
    # Minimal stack, no admin/auth DB tables
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'ui',
 ]
 MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
 ]
 ROOT_URLCONF = 'agency.urls'
 TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [BASE_DIR / 'templates'],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.messages.context_processors.messages',
                'ui.context_processors.public_settings',
                'ui.context_processors.current_user',
            ],
        },
    },
 ]
 WSGI_APPLICATION = 'agency.wsgi.application'
 ASGI_APPLICATION = 'agency.asgi.application'
 # We do not use a database at all
 DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.dummy'
    }
 }
 # Cookie-based sessions to avoid DB entirely
 SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies'
 SESSION_COOKIE_HTTPONLY = True
 SESSION_COOKIE_SAMESITE = 'Lax'
 SESSION_COOKIE_SECURE = os.environ.get('SESSION_COOKIE_SECURE', '0') == '1'
 CSRF_COOKIE_HTTPONLY = True
 CSRF_TRUSTED_ORIGINS = os.environ.get('CSRF_TRUSTED_ORIGINS', '').split(',') if os.environ.get('CSRF_TRUSTED_ORIGINS') else []
 LANGUAGE_CODE = 'ru-ru'
 TIME_ZONE = 'UTC'
 USE_I18N = True
 USE_TZ = True
 STATIC_URL = 'static/'
 STATICFILES_DIRS = [BASE_DIR / 'static']
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
 # Logging of API calls (basic)
 LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'handlers': {
        'console': {'class': 'logging.StreamHandler'},
    },
    'loggers': {
        'ui.api': {
            'handlers': ['console'],
            'level': 'INFO' if DEBUG else 'WARNING',
        },
    },
 }
--- a/agency/urls.py
+++ b/agency/urls.py
@@ -0,0 +1,5 @@
 from django.urls import path, include
 urlpatterns = [
    path('', include('ui.urls')),
 ]
--- a/agency/wsgi.py
+++ b/agency/wsgi.py
@@ -0,0 +1,5 @@
 import os
 from django.core.wsgi import get_wsgi_application
 os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'agency.settings')
 application = get_wsgi_application()
--- a/manage.py
+++ b/manage.py
@@ -0,0 +1,16 @@
 #!/usr/bin/env python
 import os
 import sys
 def main():
    os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'agency.settings')
    try:
        from django.core.management import execute_from_command_line
    except ImportError as exc:
        raise ImportError(
            "Couldn't import Django. Are you sure it's installed and available on your PYTHONPATH?"
        ) from exc
    execute_from_command_line(sys.argv)
 if __name__ == '__main__':
    main()
--- a/requirements.txt
+++ b/requirements.txt
@@ -0,0 +1,2 @@
 Django>=4.2,<6
 requests>=2.31.0
--- a/static/style.css
+++ b/static/style.css
@@ -0,0 +1,10 @@
 /* Небольшой кастом поверх Tailwind */
 :root{
  --card: rgba(255,255,255,0.8);
 }
 .line-clamp-2 {
  display: -webkit-box;
  -webkit-line-clamp: 2;
  -webkit-box-orient: vertical;
  overflow: hidden;
 }
--- a/templates/base.html
+++ b/templates/base.html
@@ -0,0 +1,74 @@
 {% load static %}
 <!doctype html>
 <html lang="ru" class="h-full">
 <head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <title>{% block title %}Брачное агентство — MatchAgency{% endblock %}</title>
  <link rel="stylesheet" href="{% static 'style.css' %}">
  <script src="https://cdn.tailwindcss.com"></script>
  <script src="https://unpkg.com/htmx.org@1.9.12"></script>
  <script defer src="https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js"></script>
 </head>
 <body class="min-h-full bg-gradient-to-br from-sky-50 to-rose-50">
  <header class="bg-white/80 backdrop-blur border-b">
    <nav class="mx-auto max-w-7xl px-4 sm:px-6 lg:px-8 py-3 flex items-center justify-between">
      <a href="/" class="font-semibold text-xl tracking-tight">💍 MatchAgency</a>
      <div class="flex items-center gap-4">
        <a href="/profiles/" class="text-sm font-medium hover:underline">Профили</a>
        {% if api_user %}
          <span class="text-sm text-gray-600">Здравствуйте, {{ api_user.name|default:api_user.email }}</span>
          <form action="/logout/" method="post">
            {% csrf_token %}
            <button class="text-sm text-white bg-gray-800 hover:bg-black rounded-md px-3 py-1.5">Выйти</button>
          </form>
        {% else %}
          <a href="/login/" class="text-sm text-white bg-indigo-600 hover:bg-indigo-700 rounded-md px-3 py-1.5">Войти</a>
        {% endif %}
      </div>
    </nav>
  </header>
  <main class="mx-auto max-w-7xl px-4 sm:px-6 lg:px-8 py-6">
    {% if messages %}
      <div class="space-y-2 mb-4">
        {% for m in messages %}
          <div class="rounded-md border px-3 py-2 {% if m.tags == 'error' %}bg-rose-50 border-rose-200 text-rose-900{% elif m.tags == 'success' %}bg-emerald-50 border-emerald-200 text-emerald-900{% else %}bg-white/70{% endif %}">
            {{ m }}
          </div>
        {% endfor %}
      </div>
    {% endif %}
    {% block content %}{% endblock %}
  </main>
  <footer class="mx-auto max-w-7xl px-4 sm:px-6 lg:px-8 py-10 text-sm text-gray-500">
    <div class="border-t pt-6 flex items-center justify-between">
      <p>© {{ now|default:2025 }} MatchAgency. Все права защищены.</p>
      <p><a href="/profiles/" class="hover:underline">Каталог</a> · <a href="/login/" class="hover:underline">Войти</a></p>
    </div>
  </footer>
  <script>
    // CSRF для htmx через cookie
    function getCookie(name) {
      let cookieValue = null;
      if (document.cookie && document.cookie !== '') {
        const cookies = document.cookie.split(';');
        for (let i = 0; i < cookies.length; i++) {
          const cookie = cookies[i].trim();
          if (cookie.substring(0, name.length + 1) === (name + '=')) {
            cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
            break;
          }
        }
      }
      return cookieValue;
    }
    document.body.addEventListener('htmx:configRequest', function (evt) {
      const token = getCookie('csrftoken');
      if (token) evt.detail.headers['X-CSRFToken'] = token;
    });
  </script>
 </body>
 </html>
--- a/templates/ui/cabinet.html
+++ b/templates/ui/cabinet.html
@@ -0,0 +1,192 @@
 {% load static %}
 <!DOCTYPE html>
 <html lang="ru">
 <head>
  <meta charset="utf-8">
  <title>Кабинет</title>
  <meta name="viewport" content="width=device-width,initial-scale=1">
  <link href="{% static 'style.css' %}" rel="stylesheet">
  <style>
    body { font-family: system-ui, -apple-system, Segoe UI, Roboto, Ubuntu, "Helvetica Neue", Arial, "Noto Sans", sans-serif; margin:0; background:#f7f7fb; color:#111; }
    .topbar { display:flex; gap:16px; align-items:center; padding:14px 18px; background:#111827; color:#fff; }
    .topbar a { color:#cfe3ff; text-decoration:none; }
    .container { max-width:1100px; margin:24px auto; padding:0 16px; }
    .heading { display:flex; align-items:flex-end; gap:12px; margin:8px 0 18px; }
    .heading h1 { margin:0; font-size:24px; }
    .muted { color:#6b7280; font-size:14px; }
    .card { background:#fff; border:1px solid #e5e7eb; border-radius:12px; padding:18px; box-shadow: 0 1px 2px rgba(0,0,0,.03); }
    .grid { display:grid; gap:16px; }
    .grid-2 { grid-template-columns: 1fr 1fr; }
    .form { display:grid; gap:14px; }
    .form label { font-weight:600; font-size:14px; }
    .form input[type="text"], .form select, .form textarea {
      width:100%; border:1px solid #d1d5db; border-radius:8px; padding:10px 12px; font:inherit; background:#fff;
    }
    .form small { color:#6b7280; }
    .btnrow { display:flex; gap:10px; margin-top:8px; }
    .btn { display:inline-block; padding:10px 14px; border-radius:10px; border:1px solid transparent; font-weight:600; cursor:pointer; }
    .btn-primary { background:#2563eb; color:#fff; }
    .btn-outline { background:#fff; color:#111; border-color:#d1d5db; }
    .messages { list-style:none; padding:0; margin:0 0 16px; }
    .messages li { padding:10px 12px; margin-bottom:8px; border-radius:10px; }
    .messages li.success { background:#ecfdf5; color:#065f46; border:1px solid #a7f3d0; }
    .messages li.error { background:#fef2f2; color:#991b1b; border:1px solid #fecaca; }
    .messages li.info { background:#eff6ff; color:#1e40af; border:1px solid #bfdbfe; }
    dl { display:grid; grid-template-columns: 200px 1fr; gap:8px 14px; margin: 0; }
    dt { font-weight:600; color:#374151; }
    dd { margin:0; color:#111827; }
    .pill { display:inline-block; padding:4px 10px; border-radius:999px; background:#eef2ff; color:#3730a3; font-size:12px; margin:2px 6px 2px 0; }
    details summary { cursor:pointer; }
    code, pre { background:#111827; color:#e5e7eb; padding:10px 12px; border-radius:10px; display:block; overflow:auto; }
  </style>
 </head>
 <body>
 <header class="topbar">
  <div style="flex:1 1 auto;">
    {% with header_name=header_name|default:request.session.user_full_name|default:request.session.user_email %}
      Здравствуйте, <strong>{{ header_name }}</strong>!
    {% endwith %}
  </div>
  <nav style="display:flex; gap:14px;">
    <a href="{% url 'index' %}">Главная</a>
    <a href="{% url 'cabinet' %}">Кабинет</a>
    <a href="{% url 'profiles' %}">Каталог</a>
    <a href="{% url 'logout' %}">Выход</a>
  </nav>
 </header>
 <main class="container">
  {% if messages %}
    <ul class="messages">
      {% for message in messages %}
        <li class="{{ message.tags }}">{{ message }}</li>
      {% endfor %}
    </ul>
  {% endif %}
  <div class="heading">
    <h1>Кабинет</h1>
    {% if has_profile %}
      <span class="muted">профиль создан</span>
    {% else %}
      <span class="muted">профиль ещё не создан</span>
    {% endif %}
  </div>
  <!-- Две колонки: Аккаунт + Профиль -->
  <div class="grid grid-2">
    <!-- ======= ДАННЫЕ АККАУНТА ======= -->
    <section class="card">
      <h2 class="muted" style="margin-top:0;">Данные аккаунта</h2>
      <dl>
        <dt>Имя</dt>
        <dd>{{ request.session.user_full_name|default:"—" }}</dd>
        <dt>Email</dt>
        <dd>{{ request.session.user_email|default:"—" }}</dd>
        <dt>Роль</dt>
        <dd><span class="pill">{{ request.session.user_role|default:"—" }}</span></dd>
        <dt>ID пользователя</dt>
        <dd><code>{{ request.session.user_id|default:"—" }}</code></dd>
      </dl>
    </section>
    <!-- ======= ДАННЫЕ ПРОФИЛЯ ======= -->
    <section class="card">
      <h2 class="muted" style="margin-top:0;">Данные профиля</h2>
      {% if has_profile and profile %}
        <dl>
          <dt>Пол</dt>
          <dd>{{ profile.gender|default:"—" }}</dd>
          <dt>Город</dt>
          <dd>{{ profile.city|default:"—" }}</dd>
          <dt>Языки</dt>
          <dd>
            {% if profile.languages %}
              {% for lang in profile.languages %}<span class="pill">{{ lang }}</span>{% endfor %}
            {% else %} — {% endif %}
          </dd>
          <dt>Интересы</dt>
          <dd>
            {% if profile.interests %}
              {% for it in profile.interests %}<span class="pill">{{ it }}</span>{% endfor %}
            {% else %} — {% endif %}
          </dd>
          <dt>ID профиля</dt>
          <dd><code>{{ profile.id }}</code></dd>
          <dt>ID пользователя (в профиле)</dt>
          <dd><code>{{ profile.user_id }}</code></dd>
        </dl>
        <details style="margin-top:12px;">
          <summary class="muted">Показать сырой JSON профиля</summary>
          <pre>{{ profile|safe }}</pre>
        </details>
      {% else %}
        <p class="muted">Профиль ещё не создан. Заполните форму ниже.</p>
      {% endif %}
    </section>
  </div>
  {% if not has_profile or not profile %}
    <!-- ======= ФОРМА СОЗДАНИЯ ПРОФИЛЯ ======= -->
    <section class="card" style="margin-top:16px;" aria-labelledby="section-create">
      <h2 id="section-create" class="muted" style="margin-top:0;">Создать профиль</h2>
      <form class="form" method="post" action="{% url 'cabinet' %}">
        {% csrf_token %}
        <div class="grid grid-2">
          <div>
            <label for="gender">Пол</label>
            <select id="gender" name="gender" required>
              <option value="">— выберите —</option>
              <option value="male"   {% if request.POST.gender == "male" %}selected{% endif %}>Мужской</option>
              <option value="female" {% if request.POST.gender == "female" %}selected{% endif %}>Женский</option>
              <option value="other"  {% if request.POST.gender == "other" %}selected{% endif %}>Другое</option>
            </select>
          </div>
          <div>
            <label for="city">Город</label>
            <input id="city" name="city" type="text" required
                   value="{{ request.POST.city|default_if_none:'' }}" placeholder="Москва">
          </div>
        </div>
        <div>
          <label for="languages">Языки</label>
          <input id="languages" name="languages" type="text"
                 value="{{ request.POST.languages|default_if_none:'' }}" placeholder="ru,en">
          <small>Несколько — через запятую: <code>ru,en</code></small>
        </div>
        <div>
          <label for="interests">Интересы</label>
          <input id="interests" name="interests" type="text"
                 value="{{ request.POST.interests|default_if_none:'' }}" placeholder="music,travel">
          <small>Несколько — через запятую: <code>music,travel</code></small>
        </div>
        <div class="btnrow">
          <button class="btn btn-primary" type="submit">Создать профиль</button>
          <a class="btn btn-outline" href="{% url 'cabinet' %}">Сбросить</a>
        </div>
      </form>
    </section>
  {% endif %}
 </main>
 </body>
 </html>
--- a/templates/ui/components/like_button.html
+++ b/templates/ui/components/like_button.html
@@ -0,0 +1,17 @@
 {# expects: profile_id, liked: bool #}
 <form method="post"
      hx-post="{% url 'like_profile' profile_id %}"
      hx-target="this"
      hx-swap="outerHTML"
      aria-label="Добавить в избранное">
  {% csrf_token %}
  {% if liked %}
    <button type="submit" class="inline-flex items-center gap-1 rounded-md border px-3 py-1.5 text-sm hover:bg-white">
      <span aria-hidden="true">❤️</span> В избранном
    </button>
  {% else %}
    <button type="submit" class="inline-flex items-center gap-1 rounded-md border px-3 py-1.5 text-sm hover:bg-white">
      <span aria-hidden="true">🤍</span> В избранное
    </button>
  {% endif %}
 </form>
--- a/templates/ui/components/like_button_login_required.html
+++ b/templates/ui/components/like_button_login_required.html
@@ -0,0 +1,3 @@
 <a href="/login/?next={{ request.path }}" class="inline-flex items-center gap-1 rounded-md bg-indigo-600 text-white px-3 py-1.5 text-sm hover:bg-indigo-700">
  Войти, чтобы добавить
 </a>
--- a/templates/ui/components/profile_card.html
+++ b/templates/ui/components/profile_card.html
@@ -0,0 +1,27 @@
 {# expects: profile, liked_ids (optional) #}
 {% with liked = (profile.liked|default_if_none:False) or (liked_ids and profile.id in liked_ids) %}
 <article class="rounded-xl bg-white/80 backdrop-blur border shadow-sm hover:shadow transition overflow-hidden flex flex-col">
  <img src="{{ profile.photo }}" alt="Фото {{ profile.name }}" class="w-full h-56 object-cover">
  <div class="p-4 flex-1 flex flex-col">
    <div class="flex items-center justify-between gap-2">
      <h3 class="text-lg font-semibold">{{ profile.name }}, {{ profile.age }}</h3>
      {% if profile.verified %}
        <span class="inline-flex items-center text-[10px] rounded-full bg-emerald-100 text-emerald-800 px-2 py-0.5">проверено</span>
      {% endif %}
    </div>
    {% if profile.city %}<p class="text-sm text-gray-600 mt-1">{{ profile.city }}</p>{% endif %}
    {% if profile.about %}<p class="text-sm mt-3 line-clamp-2">{{ profile.about }}</p>{% endif %}
    {% if profile.interests %}
    <div class="mt-3 flex flex-wrap gap-2">
      {% for tag in profile.interests %}
        <span class="inline-flex items-center text-xs rounded-full bg-gray-100 px-2 py-1">{{ tag }}</span>
      {% endfor %}
    </div>
    {% endif %}
    <div class="mt-4 flex items-center justify-between">
      <a class="text-sm font-medium text-indigo-700 hover:underline" href="/profiles/{{ profile.id }}/">Подробнее</a>
      {% include 'ui/components/like_button.html' with profile_id=profile.id liked=liked %}
    </div>
  </div>
 </article>
 {% endwith %}
--- a/templates/ui/index.html
+++ b/templates/ui/index.html
@@ -0,0 +1,31 @@
 {% extends 'base.html' %}
 {% block title %}Главная — MatchAgency{% endblock %}
 {% block content %}
 <section class="grid md:grid-cols-2 gap-8 items-center">
  <div>
    <h1 class="text-3xl md:text-5xl font-semibold leading-tight">Подбор идеальных пар под ключ</h1>
    <p class="mt-4 text-gray-600 text-lg">Фронтенд полностью на API: ни одной локальной таблицы.</p>
    <div class="mt-6 flex gap-3">
      <a href="/profiles/" class="inline-flex items-center rounded-md bg-rose-600 px-4 py-2 text-white font-medium hover:bg-rose-700">Смотреть анкеты</a>
      {% if not api_user %}
        <a href="/login/" class="inline-flex items-center rounded-md border px-4 py-2 font-medium hover:bg-white">Войти</a>
      {% endif %}
    </div>
  </div>
  <div class="rounded-xl bg-white/70 backdrop-blur p-4 md:p-6 shadow">
    <form action="/profiles/" method="get" class="grid sm:grid-cols-2 gap-4">
      <input name="q" placeholder="Ключевые слова (хобби, имя, город)"
             class="w-full rounded-md border px-3 py-2" />
      <select name="gender" class="w-full rounded-md border px-3 py-2">
        <option value="">Пол (любой)</option>
        <option value="female">Женщины</option>
        <option value="male">Мужчины</option>
      </select>
      <input name="age_min" type="number" min="18" max="100" placeholder="От, лет" class="w-full rounded-md border px-3 py-2"/>
      <input name="age_max" type="number" min="18" max="100" placeholder="До, лет" class="w-full rounded-md border px-3 py-2"/>
      <input name="city" placeholder="Город" class="w-full rounded-md border px-3 py-2"/>
      <button class="sm:col-span-2 rounded-md bg-indigo-600 text-white px-4 py-2 hover:bg-indigo-700">Найти</button>
    </form>
  </div>
 </section>
 {% endblock %}
--- a/templates/ui/login.html
+++ b/templates/ui/login.html
@@ -0,0 +1,27 @@
 {% extends 'base.html' %}
 {% block title %}Вход — MatchAgency{% endblock %}
 {% block content %}
 <div class="max-w-md mx-auto rounded-xl bg-white/80 backdrop-blur border shadow p-6">
  <h1 class="text-xl font-semibold mb-4">Вход</h1>
  <form action="" method="post" class="space-y-3">
    {% csrf_token %}
    <div>
      <label class="block text-sm mb-1">Email</label>
      <input type="email" name="email" required class="w-full rounded-md border px-3 py-2"/>
    </div>
    <div>
      <label class="block text-sm mb-1">Пароль</label>
      <input type="password" name="password" required class="w-full rounded-md border px-3 py-2"/>
    </div>
    <div class="flex items-center justify-between">
      <label class="block text-sm mb-1">Запомнить меня</label>
      <input type="checkbox" name="remember_me" class="rounded border px-2 py-1"/>
    </div>
    {% if error_message %}
      <p class="text-red-500 text-sm">{{ error_message }}</p>
    {% endif %}
    <p class="text-sm">Нет аккаунта? <a class="text-indigo-700 hover:underline" href="{% url 'register' %}">Зарегистрироваться</a></p>
    <button class="w-full rounded-md bg-indigo-600 text-white px-4 py-2 hover:bg-indigo-700">Войти</button>
  </form>
 </div>
 {% endblock %}
--- a/templates/ui/profile_detail.html
+++ b/templates/ui/profile_detail.html
@@ -0,0 +1,84 @@
 {% load static %}
 <!DOCTYPE html>
 <html lang="ru">
 <head>
  <meta charset="utf-8">
  <title>Анкета пользователя</title>
  <meta name="viewport" content="width=device-width,initial-scale=1">
  <link href="{% static 'style.css' %}" rel="stylesheet">
  <style>
    body { font-family: system-ui, -apple-system, Segoe UI, Roboto, Ubuntu, "Helvetica Neue", Arial, "Noto Sans", sans-serif; margin:0; background:#f7f7fb; color:#111; }
    .topbar { display:flex; gap:16px; align-items:center; padding:14px 18px; background:#111827; color:#fff; }
    .topbar a { color:#cfe3ff; text-decoration:none; }
    .container { max-width:900px; margin:24px auto; padding:0 16px; }
    .card { background:#fff; border:1px solid #e5e7eb; border-radius:12px; padding:18px; }
    .row { display:flex; gap:18px; align-items:center; }
    .grow { flex:1 1 auto; }
    .muted { color:#6b7280; font-size:14px; }
    .pill { display:inline-block; padding:4px 10px; border-radius:999px; background:#eef2ff; color:#3730a3; font-size:12px; margin:2px 6px 2px 0; }
    .avatar { width:96px; height:96px; border-radius:50%; display:flex; align-items:center; justify-content:center; font-weight:700; font-size:32px; background:#e5e7eb; color:#374151; }
    .avatar img { width:96px; height:96px; object-fit:cover; border-radius:50%; display:block; }
    dl { display:grid; grid-template-columns: 220px 1fr; gap:8px 14px; margin:0; }
    dt { font-weight:600; color:#374151; }
    dd { margin:0; color:#111827; }
    .btn { display:inline-block; padding:9px 12px; border-radius:10px; border:1px solid #d1d5db; background:#fff; cursor:pointer; font-weight:600; text-decoration:none; color:#111; }
  </style>
 </head>
 <body>
 <header class="topbar">
  <div style="flex:1 1 auto;">Карточка пользователя (ADMIN)</div>
  <nav style="display:flex; gap:14px;">
    <a href="{% url 'profiles' %}">← Каталог</a>
    <a href="{% url 'cabinet' %}">Кабинет</a>
    <a href="{% url 'logout' %}">Выход</a>
  </nav>
 </header>
 <main class="container">
  <div class="card">
    <div class="row">
      <div class="avatar">
        {% if profile.photo %}
          <img src="{{ profile.photo }}" alt="">
        {% else %}
          {{ profile.name|first|upper }}
        {% endif %}
      </div>
      <div class="grow">
        <div style="font-weight:700; font-size:20px;">{{ profile.name }}</div>
      </div>
      <div>
        <form method="post" action="{% url 'like_profile' profile.id %}">
          {% csrf_token %}
          {% include "ui/components/like_button.html" with profile_id=profile.id liked=liked %}
        </form>
      </div>
    </div>
  </div>
  <div class="card" style="margin-top:16px;">
    <h2 class="muted" style="margin-top:0;">Профиль</h2>
    <dl>
      <dt>Пол</dt><dd>{{ profile.gender|default:"—" }}</dd>
      <dt>Город</dt><dd>{{ profile.city|default:"—" }}</dd>
      <dt>Языки</dt>
      <dd>
        {% if profile.languages %}
          {% for lang in profile.languages %}<span class="pill">{{ lang }}</span>{% endfor %}
        {% else %} — {% endif %}
      </dd>
      <dt>Интересы</dt>
      <dd>
        {% if profile.interests %}
          {% for it in profile.interests %}<span class="pill">{{ it }}</span>{% endfor %}
        {% else %} — {% endif %}
      </dd>
    </dl>
  </div>
 </main>
 </body>
 </html>
--- a/templates/ui/profiles_list.html
+++ b/templates/ui/profiles_list.html
@@ -0,0 +1,195 @@
 {% load static %}
 <!DOCTYPE html>
 <html lang="ru">
 <head>
  <meta charset="utf-8">
  <title>Каталог анкет</title>
  <meta name="viewport" content="width=device-width,initial-scale=1">
  <link href="{% static 'style.css' %}" rel="stylesheet">
  <style>
    body { font-family: system-ui, -apple-system, Segoe UI, Roboto, Ubuntu, "Helvetica Neue", Arial, "Noto Sans", sans-serif; margin:0; background:#f7f7fb; color:#111; }
    .topbar { display:flex; gap:16px; align-items:center; padding:14px 18px; background:#111827; color:#fff; }
    .topbar a { color:#cfe3ff; text-decoration:none; }
    .container { max-width:1100px; margin:24px auto; padding:0 16px; }
    .messages { list-style:none; padding:0; margin:0 0 16px; }
    .messages li { padding:10px 12px; margin-bottom:8px; border-radius:10px; }
    .messages li.success { background:#ecfdf5; color:#065f46; border:1px solid #a7f3d0; }
    .messages li.error { background:#fef2f2; color:#991b1b; border:1px solid #fecaca; }
    .messages li.info { background:#eff6ff; color:#1e40af; border:1px solid #bfdbfe; }
    .filters { display:grid; grid-template-columns: repeat(8, 1fr); gap:10px; background:#fff; border:1px solid #e5e7eb; border-radius:12px; padding:14px; }
    .filters .full { grid-column: 1 / -1; }
    .filters input[type="text"], .filters select {
      width:100%; border:1px solid #d1d5db; border-radius:8px; padding:8px 10px; font:inherit; background:#fff;
    }
    .btn { display:inline-block; padding:9px 12px; border-radius:10px; border:1px solid #d1d5db; background:#fff; cursor:pointer; font-weight:600; }
    .btn-primary { background:#2563eb; color:#fff; border-color:#2563eb; }
    .list { margin-top:16px; display:grid; grid-template-columns: repeat(2, minmax(0, 1fr)); gap:14px; }
    .card { background:#fff; border:1px solid #e5e7eb; border-radius:12px; padding:14px; }
    .row { display:flex; align-items:center; gap:12px; }
    .grow { flex:1 1 auto; }
    .muted { color:#6b7280; font-size:14px; }
    .pill { display:inline-block; padding:4px 10px; border-radius:999px; background:#eef2ff; color:#3730a3; font-size:12px; margin:2px 6px 2px 0; }
    .meta { margin-top:8px; display:flex; flex-wrap:wrap; gap:10px 18px; }
    .meta .k { color:#6b7280; }
    .meta .v { color:#111827; font-weight:600; }
    .pagination { display:flex; gap:10px; margin:16px 0; align-items:center; }
    .pagination a, .pagination span {
      padding:8px 12px; border-radius:10px; border:1px solid #d1d5db; text-decoration:none; color:#111;
      background:#fff;
    }
    .pagination .disabled { opacity:.5; pointer-events:none; }
  </style>
 </head>
 <body>
 <header class="topbar">
  <div style="flex:1 1 auto;">
    Каталог анкет (ADMIN)
  </div>
  <nav style="display:flex; gap:14px;">
    <a href="{% url 'index' %}">Главная</a>
    <a href="{% url 'cabinet' %}">Кабинет</a>
    <a href="{% url 'profiles' %}">Каталог</a>
    <a href="{% url 'logout' %}">Выход</a>
  </nav>
 </header>
 <main class="container">
  {% if messages %}
    <ul class="messages">
      {% for message in messages %}
        <li class="{{ message.tags }}">{{ message }}</li>
      {% endfor %}
    </ul>
  {% endif %}
  <form class="filters" method="get" action="{% url 'profiles' %}">
    <div>
      <label class="muted">Поиск</label>
      <input type="text" name="q" value="{{ filters.q }}" placeholder="имя или email">
    </div>
    <div>
      <label class="muted">Роль</label>
      <select name="role">
        <option value="">Любая</option>
        <option value="CLIENT" {% if filters.role == "CLIENT" %}selected{% endif %}>CLIENT</option>
        <option value="ADMIN"  {% if filters.role == "ADMIN" %}selected{% endif %}>ADMIN</option>
      </select>
    </div>
    <div>
      <label class="muted">Активность</label>
      <select name="active">
        <option value="">Любая</option>
        <option value="1" {% if filters.active == "1" %}selected{% endif %}>Активные</option>
        <option value="0" {% if filters.active == "0" %}selected{% endif %}>Неактивные</option>
      </select>
    </div>
    <div>
      <label class="muted">Домен</label>
      <input type="text" name="domain" value="{{ filters.domain }}" placeholder="example.com">
    </div>
    <div>
      <label class="muted">Сортировка</label>
      <select name="sort">
        <option value="name"       {% if filters.sort == "name" %}selected{% endif %}>Имя ↑</option>
        <option value="name_desc"  {% if filters.sort == "name_desc" %}selected{% endif %}>Имя ↓</option>
        <option value="email"      {% if filters.sort == "email" %}selected{% endif %}>Email ↑</option>
        <option value="email_desc" {% if filters.sort == "email_desc" %}selected{% endif %}>Email ↓</option>
      </select>
    </div>
    <div>
      <label class="muted">На странице</label>
      <select name="limit">
        {% for n in page_sizes %}
          <option value="{{ n }}"{% if filters.limit == n %} selected{% endif %}>{{ n }}</option>
        {% endfor %}
      </select>
    </div>
    <div>
      <label class="muted">Страница</label>
      <input type="text" name="page" value="{{ filters.page }}" style="width:90px;">
    </div>
    <div style="display:flex; align-items:flex-end;">
      <button class="btn btn-primary" type="submit">Применить</button>
    </div>
  </form>
  <div class="pagination">
    {% with q=filters.q role=filters.role active=filters.active domain=filters.domain sort=filters.sort limit=filters.limit %}
      {% if page.has_prev %}
        <a href="?q={{ q }}&role={{ role }}&active={{ active }}&domain={{ domain }}&sort={{ sort }}&limit={{ limit }}&page={{ page.page|add:"-1" }}">« Предыдущая</a>
      {% else %}
        <span class="disabled">« Предыдущая</span>
      {% endif %}
      <span>Стр. {{ page.page }}</span>
      {% if page.has_next %}
        <a href="?q={{ q }}&role={{ role }}&active={{ active }}&domain={{ domain }}&sort={{ sort }}&limit={{ limit }}&page={{ page.page|add:"1" }}">Следующая »</a>
      {% else %}
        <span class="disabled">Следующая »</span>
      {% endif %}
    {% endwith %}
  </div>
  {% if error %}
    <div class="messages"><li class="error">{{ error }}</li></div>
  {% endif %}
  <div class="list">
    {% for p in profiles %}
      <div class="card">
        <div class="row">
          <div class="grow">
            <div style="font-weight:700; font-size:16px;">{{ p.name }}</div>
          </div>
          <div>
            <form method="post" action="{% url 'like_profile' p.id %}">
              {% csrf_token %}
              {% include "ui/components/like_button.html" with profile_id=p.id liked=p.liked %}
            </form>
          </div>
        </div>
        <div class="meta">
          <div><span class="pill">{{ p.verified|yesno:"ACTIVE,INACTIVE" }}</span></div>
          <div class="pill">{{ p.role|default:"USER" }}</div>
        </div>
        <div class="row" style="margin-top:10px;">
          <div class="grow"></div>
          <a class="btn" href="{% url 'profile_detail' p.id %}">Открыть</a>
        </div>
      </div>
    {% empty %}
      <div class="card">
        <div class="muted">Ничего не найдено. Попробуйте изменить фильтры.</div>
      </div>
    {% endfor %}
  </div>
  <div class="pagination">
    {% with q=filters.q role=filters.role active=filters.active domain=filters.domain sort=filters.sort limit=filters.limit %}
      {% if page.has_prev %}
        <a href="?q={{ q }}&role={{ role }}&active={{ active }}&domain={{ domain }}&sort={{ sort }}&limit={{ limit }}&page={{ page.page|add:"-1" }}">« Предыдущая</a>
      {% else %}
        <span class="disabled">« Предыдущая</span>
      {% endif %}
      <span>Стр. {{ page.page }}</span>
      {% if page.has_next %}
        <a href="?q={{ q }}&role={{ role }}&active={{ active }}&domain={{ domain }}&sort={{ sort }}&limit={{ limit }}&page={{ page.page|add:"1" }}">Следующая »</a>
      {% else %}
        <span class="disabled">Следующая »</span>
      {% endif %}
    {% endwith %}
  </div>
 </main>
 </body>
 </html>
--- a/templates/ui/register.html
+++ b/templates/ui/register.html
@@ -0,0 +1,24 @@
 {% extends 'base.html' %}
 {% block title %}Регистрация — MatchAgency{% endblock %}
 {% block content %}
 <div class="max-w-md mx-auto rounded-xl bg-white/80 backdrop-blur border shadow p-6">
  <h1 class="text-xl font-semibold mb-4">Регистрация</h1>
  <form action="" method="post" class="space-y-3">
    {% csrf_token %}
    <div>
      <label class="block text-sm mb-1">Email</label>
      <input type="email" name="email" required class="w-full rounded-md border px-3 py-2"/>
    </div>
    <div>
      <label class="block text-sm mb-1">Пароль</label>
      <input type="password" name="password" required class="w-full rounded-md border px-3 py-2"/>
    </div>
    <div>
      <label class="block text-sm mb-1">Полное имя (необязательно)</label>
      <input type="text" name="full_name" class="w-full rounded-md border px-3 py-2"/>
    </div>
    <button class="w-full rounded-md bg-indigo-600 text-white px-4 py-2 hover:bg-indigo-700">Зарегистрироваться</button>
  </form>
  <p class="mt-3 text-sm">Уже есть аккаунт? <a class="text-indigo-700 hover:underline" href="{% url 'login' %}">Войти</a></p>
 </div>
 {% endblock %}
--- a/ui/init.py
+++ b/ui/init.py
--- a/ui/api.py
+++ b/ui/api.py
@@ -0,0 +1,527 @@
 import logging
 import os
 import os.path
 import json
 import time
 import uuid
 from typing import Any, Dict, Optional, Tuple, List, Union
 import requests
 from django.conf import settings
 from django.core.exceptions import PermissionDenied
 logger = logging.getLogger(__name__)
 # ===== Логирование / флаги =====
 API_DEBUG = os.environ.get('API_DEBUG', '1') == '1'
 API_LOG_BODY_MAX = int(os.environ.get('API_LOG_BODY_MAX', '2000'))
 API_LOG_HEADERS = os.environ.get('API_LOG_HEADERS', '1') == '1'
 API_LOG_CURL = os.environ.get('API_LOG_CURL', '0') == '1'
 # Переключение базы при 404: сначала servers[0].url из openapi.json, потом жёстко http://localhost:8080
 API_FALLBACK_OPENAPI_ON_404 = os.environ.get('API_FALLBACK_OPENAPI_ON_404', '1') == '1'
 SENSITIVE_KEYS = {'password', 'refresh_token', 'access_token', 'authorization', 'token', 'api_key'}
 def _sanitize(obj: Any) -> Any:
    try:
        if isinstance(obj, dict):
            return {k: ('***' if isinstance(k, str) and k.lower() in SENSITIVE_KEYS else _sanitize(v))
                    for k, v in obj.items()}
        if isinstance(obj, list):
            return [_sanitize(x) for x in obj]
        return obj
    except Exception:
        return obj
 def _shorten(s: str, limit: int) -> str:
    if s is None:
        return ''
    return s if len(s) <= limit else (s[:limit] + f'... <truncated {len(s)-limit} chars>')
 def _build_curl(method: str, url: str, headers: Dict[str, str],
                params: Optional[dict], json_body: Optional[dict], data: Optional[dict]) -> str:
    parts = [f"curl -X '{method.upper()}' \\\n  '{url}'"]
    for k, v in headers.items():
        if k.lower() == 'authorization':
            v = 'Bearer ***'
        parts.append(f"  -H '{k}: {v}'")
    if json_body is not None:
        parts.append("  -H 'Content-Type: application/json'")
        try:
            body_str = json.dumps(_sanitize(json_body), ensure_ascii=False)
        except Exception:
            body_str = str(_sanitize(json_body))
        parts.append(f"  -d '{body_str}'")
    elif data is not None:
        try:
            body_str = json.dumps(_sanitize(data), ensure_ascii=False)
        except Exception:
            body_str = str(_sanitize(data))
        parts.append(f"  --data-raw '{body_str}'")
    return " \\\n".join(parts)
 # ===== Пути эндпоинтов (как в swagger) =====
 EP_DEFAULTS: Dict[str, str] = {
    # Auth
    'AUTH_REGISTER_PATH': '/auth/v1/register',
    'AUTH_TOKEN_PATH': '/auth/v1/token',
    'AUTH_REFRESH_PATH': '/auth/v1/refresh',
    'ME_PATH': '/auth/v1/me',
    'USERS_LIST_PATH': '/auth/v1/users',
    'USER_DETAIL_PATH': '/auth/v1/users/{user_id}',
    # Profiles
    'PROFILE_ME_PATH': '/profiles/v1/profiles/me',
    'PROFILES_CREATE_PATH': '/profiles/v1/profiles',
    'PROFILE_PHOTO_UPLOAD_PATH': '/profiles/v1/profiles/me/photo',
    'PROFILE_PHOTO_DELETE_PATH': '/profiles/v1/profiles/me/photo',
    # Pairs
    'PAIRS_PATH': '/match/v1/pairs',
    'PAIR_DETAIL_PATH': '/match/v1/pairs/{pair_id}',
    'PAIR_ACCEPT_PATH': '/match/v1/pairs/{pair_id}/accept',
    'PAIR_REJECT_PATH': '/match/v1/pairs/{pair_id}/reject',
    # Chat
    'ROOMS_PATH': '/chat/v1/rooms',
    'ROOM_DETAIL_PATH': '/chat/v1/rooms/{room_id}',
    'ROOM_MESSAGES_PATH': '/chat/v1/rooms/{room_id}/messages',
    # Payments
    'INVOICES_PATH': '/payments/v1/invoices',
    'INVOICE_DETAIL_PATH': '/payments/v1/invoices/{inv_id}',
    'INVOICE_MARK_PAID_PATH': '/payments/v1/invoices/{inv_id}/mark-paid',
 }
 def EP(key: str) -> str:
    return os.environ.get(f'API_{key}', EP_DEFAULTS[key])
 # ===== База API с авто‑детектом =====
 _API_BASE_CACHE: Optional[str] = None
 _API_LAST_SELECT_SRC = 'DEFAULT'  # для логов
 def _detect_api_base_from_openapi() -> Optional[str]:
    """
    Берём servers[0].url из openapi.json (по схеме — http://localhost:8080).
    """
    candidates = [
        os.environ.get('API_SPEC_PATH'),
        getattr(settings, 'API_SPEC_PATH', None),
        os.path.join(getattr(settings, 'BASE_DIR', ''), 'openapi.json') if getattr(settings, 'BASE_DIR', None) else None,
        os.path.join(getattr(settings, 'BASE_DIR', ''), 'agency', 'openapi.json') if getattr(settings, 'BASE_DIR', None) else None,
        '/mnt/data/openapi.json',
    ]
    for p in candidates:
        if p and os.path.isfile(p):
            try:
                with open(p, 'r', encoding='utf-8') as f:
                    spec = json.load(f)
                servers = spec.get('servers') or []
                if servers and isinstance(servers[0], dict):
                    url = servers[0].get('url')
                    if url:
                        return url
            except Exception as e:
                if API_DEBUG:
                    logger.debug('API: cannot read OpenAPI from %s: %s', p, e)
    return None
 def _get_api_base_url() -> str:
    """
    Источники (по приоритету):
    1) ENV/Settings: API_BASE_URL, затем BASE_URL
    2) servers[0].url из openapi.json
    3) 'http://localhost:8080'
    """
    global _API_BASE_CACHE, _API_LAST_SELECT_SRC
    if _API_BASE_CACHE:
        return _API_BASE_CACHE
    base = (os.environ.get('API_BASE_URL') or getattr(settings, 'API_BASE_URL', '')
            or os.environ.get('BASE_URL') or getattr(settings, 'BASE_URL', ''))
    if base:
        _API_BASE_CACHE = base.rstrip('/')
        _API_LAST_SELECT_SRC = 'ENV/SETTINGS'
    else:
        detected = _detect_api_base_from_openapi()
        if detected:
            _API_BASE_CACHE = detected.rstrip('/')
            _API_LAST_SELECT_SRC = 'OPENAPI'
        else:
            _API_BASE_CACHE = 'http://localhost:8080'
            _API_LAST_SELECT_SRC = 'HARDCODED'
    if API_DEBUG:
        logger.info("API base selected [%s]: %s", _API_LAST_SELECT_SRC, _API_BASE_CACHE)
    return _API_BASE_CACHE
 class ApiError(Exception):
    def __init__(self, status: int, message: str = 'API error', payload: Optional[dict] = None, req_id: Optional[str] = None):
        if req_id and message and 'req_id=' not in message:
            message = f"{message} (req_id={req_id})"
        super().__init__(message)
        self.status = status
        self.payload = payload or {}
        self.req_id = req_id
 def _base_headers(request, extra: Optional[Dict[str, str]] = None) -> Dict[str, str]:
    """
    Достаём токен сначала из сессии, затем из куки — чтобы «куки‑режим» работал без доп. настроек.
    """
    headers: Dict[str, str] = {'Accept': 'application/json'}
    token = request.session.get('access_token') or request.COOKIES.get('access_token')
    if token:
        headers['Authorization'] = f'Bearer {token}'
    api_key = getattr(settings, 'API_KEY', '') or os.environ.get('API_KEY', '')
    if api_key:
        headers['X-API-Key'] = api_key
    if extra:
        headers.update(extra)
    return headers
 def _url(path: str) -> str:
    base = _get_api_base_url()
    path = path if path.startswith('/') else '/' + path
    return base + path
 def request_api(
    request,
    method: str,
    path: str,
    *,
    params: Optional[dict] = None,
    json: Optional[dict] = None,
    files: Optional[dict] = None,
    data: Optional[dict] = None,
 ) -> Tuple[int, Any]:
    """
    Универсальный HTTP-вызов (упрощённая версия):
    - токен/ключ в заголовках (токен берём из сессии или куки),
    - auto-refresh при 401 (refresh берём тоже из сессии или куки),
    - 404 → переключаем базу: servers[0].url из openapi.json → 'http://localhost:8080',
    - подробные логи; БЕЗ «retry со слэшем».
    """
    global _API_BASE_CACHE, _API_LAST_SELECT_SRC
    req_id = uuid.uuid4().hex[:8]
    base_before = _get_api_base_url()
    url = _url(path)
    def _do(_url: str):
        headers = _base_headers(request)
        if json is not None and files is None and data is None:
            headers['Content-Type'] = 'application/json'
        if API_DEBUG:
            log_headers = _sanitize(headers) if API_LOG_HEADERS else {}
            log_body = _sanitize(json if json is not None else data)
            if API_LOG_CURL:
                try:
                    curl = _build_curl(method, _url, headers, params, json, data)
                    logger.debug("API[req_id=%s] cURL:\n%s", req_id, curl)
                except Exception:
                    pass
            logger.info(
                "API[req_id=%s] REQUEST %s %s params=%s headers=%s body=%s",
                req_id, method.upper(), _url, _sanitize(params), log_headers, log_body
            )
        t0 = time.time()
        resp = requests.request(
            method=method.upper(),
            url=_url,
            headers=headers,
            params=params,
            json=json,
            data=data,
            files=files,
            timeout=float(getattr(settings, 'API_TIMEOUT', 8.0)),
        )
        dt = int((time.time() - t0) * 1000)
        content_type = resp.headers.get('Content-Type', '')
        try:
            payload = resp.json() if 'application/json' in content_type else {}
        except ValueError:
            payload = {}
        if API_DEBUG:
            body_str = ""
            try:
                body_str = json.dumps(_sanitize(payload), ensure_ascii=False)
            except Exception:
                body_str = str(_sanitize(payload))
            headers_out = _sanitize(dict(resp.headers)) if API_LOG_HEADERS else {}
            logger.info(
                "API[req_id=%s] RESPONSE %s %sms ct=%s headers=%s body=%s",
                req_id, resp.status_code, dt, content_type, headers_out, _shorten(body_str, API_LOG_BODY_MAX)
            )
        return resp, payload
    # 1) Первый запрос
    try:
        resp, payload = _do(url)
    except requests.RequestException as e:
        logger.exception('API[req_id=%s] network error: %s', req_id, e)
        raise ApiError(0, f'Network unavailable or timeout when accessing API ({e})', req_id=req_id)
    # 2) 404 → переключаем базу (openapi → 8080) и повторяем
    if resp.status_code == 404:
        candidates: List[tuple[str, str]] = []
        if API_FALLBACK_OPENAPI_ON_404:
            detected = _detect_api_base_from_openapi()
            if detected:
                candidates.append((detected.rstrip('/'), 'OPENAPI(FAILOVER)'))
        candidates.append(('http://localhost:8080', 'DEFAULT(FAILOVER)'))
        for cand_base, label in candidates:
            if not cand_base or cand_base == _API_BASE_CACHE:
                continue
            if API_DEBUG:
                logger.warning("API[req_id=%s] 404 on base %s → switch API base to %s and retry",
                               req_id, _API_BASE_CACHE, cand_base)
            _API_BASE_CACHE = cand_base
            _API_LAST_SELECT_SRC = label
            try:
                resp, payload = _do(_url(path))
                if resp.status_code != 404:
                    break
            except requests.RequestException:
                continue
    # 3) 401 → refresh и повтор
    refresh_token = request.session.get('refresh_token') or request.COOKIES.get('refresh_token')
    if resp.status_code == 401 and refresh_token:
        if API_DEBUG:
            logger.info("API[req_id=%s] 401 → try refresh token", req_id)
        try:
            refresh_url = _url(EP('AUTH_REFRESH_PATH'))
            refresh_body = {'refresh_token': refresh_token}
            logger.info("API[req_id=%s] REFRESH POST %s body=%s", req_id, refresh_url, _sanitize(refresh_body))
            refresh_resp = requests.post(refresh_url, json=refresh_body, timeout=float(getattr(settings, 'API_TIMEOUT', 8.0)))
            if refresh_resp.status_code == 200:
                try:
                    rj = refresh_resp.json()
                except ValueError:
                    rj = {}
                if rj.get('access_token'):
                    request.session['access_token'] = rj['access_token']
                if rj.get('refresh_token'):
                    request.session['refresh_token'] = rj['refresh_token']
                request.session.modified = True
                if API_DEBUG:
                    logger.info("API[req_id=%s] REFRESH OK → retry original request", req_id)
                resp, payload = _do(_url(path))
            else:
                logger.warning("API[req_id=%s] REFRESH failed: %s", req_id, refresh_resp.status_code)
        except requests.RequestException as e:
            logger.exception('API[req_id=%s] Refresh token network error: %s', req_id, e)
            raise ApiError(401, f'Token refresh failed ({e})', req_id=req_id)
    # 4) Ошибки
    if not (200 <= resp.status_code < 300):
        msg = None
        if isinstance(payload, dict):
            msg = payload.get('detail') or payload.get('message')
        msg = msg or f'API error: {resp.status_code}'
        if resp.status_code in (401, 403):
            # PermissionDenied обрабатываем во view (не всегда это «выйти и войти заново»)
            raise PermissionDenied(f"{msg} (req_id={req_id})")
        raise ApiError(resp.status_code, msg, payload if isinstance(payload, dict) else {}, req_id=req_id)
    # 5) База сменилась — отметим
    base_after = _get_api_base_url()
    if API_DEBUG and base_before != base_after:
        logger.warning("API[req_id=%s] BASE SWITCHED: %s → %s", req_id, base_before, base_after)
    return resp.status_code, payload
 # ==========================
 #           AUTH
 # ==========================
 def register_user(request, email: str, password: str, full_name: Optional[str] = None, role: str = 'CLIENT') -> Dict[str, Any]:
    body = {'email': email, 'password': password, 'full_name': full_name, 'role': role}
    _, data = request_api(request, 'POST', EP('AUTH_REGISTER_PATH'), json=body)
    return data  # UserRead
 def login(request, email: str, password: str) -> Dict[str, Any]:
    body = {'email': email, 'password': password}
    _, data = request_api(request, 'POST', EP('AUTH_TOKEN_PATH'), json=body)
    return data  # TokenPair
 def get_current_user(request) -> Dict[str, Any]:
    _, data = request_api(request, 'GET', EP('ME_PATH'))
    return data  # UserRead
 def list_users(request, offset: int = 0, limit: int = 50) -> Union[List[Dict[str, Any]], Dict[str, Any]]:
    params = {'offset': offset, 'limit': limit}
    _, data = request_api(request, 'GET', EP('USERS_LIST_PATH'), params=params)
    return data
 def get_user(request, user_id: str) -> Dict[str, Any]:
    path = EP('USER_DETAIL_PATH').format(user_id=user_id)
    _, data = request_api(request, 'GET', path)
    return data
 def update_user(request, user_id: str, **fields) -> Dict[str, Any]:
    path = EP('USER_DETAIL_PATH').format(user_id=user_id)
    _, data = request_api(request, 'PATCH', path, json=fields)
    return data
 def delete_user(request, user_id: str) -> None:
    path = EP('USER_DETAIL_PATH').format(user_id=user_id)
    request_api(request, 'DELETE', path)
 # ==========================
 #         PROFILES
 # ==========================
 def get_my_profile(request) -> Dict[str, Any]:
    _, data = request_api(request, 'GET', EP('PROFILE_ME_PATH'))
    return data  # ProfileOut
 def create_my_profile(request, gender: str, city: str, languages: List[str], interests: List[str]) -> Dict[str, Any]:
    body = {'gender': gender, 'city': city, 'languages': languages, 'interests': interests}
    _, data = request_api(request, 'POST', EP('PROFILES_CREATE_PATH'), json=body)
    return data  # ProfileOut
 # ==========================
 #          PAIRS
 # ==========================
 def create_pair(request, user_id_a: str, user_id_b: str, score: Optional[float] = None, notes: Optional[str] = None) -> Dict[str, Any]:
    body = {'user_id_a': user_id_a, 'user_id_b': user_id_b, 'score': score, 'notes': notes}
    _, data = request_api(request, 'POST', EP('PAIRS_PATH'), json=body)
    return data  # PairRead
 def list_pairs(request, for_user_id: Optional[str] = None, status: Optional[str] = None, offset: int = 0, limit: int = 50) -> Union[List[Dict[str, Any]], Dict[str, Any]]:
    params = {'for_user_id': for_user_id, 'status': status, 'offset': offset, 'limit': limit}
    params = {k: v for k, v in params.items() if v is not None}
    _, data = request_api(request, 'GET', EP('PAIRS_PATH'), params=params)
    return data
 def get_pair(request, pair_id: str) -> Dict[str, Any]:
    path = EP('PAIR_DETAIL_PATH').format(pair_id=pair_id)
    _, data = request_api(request, 'GET', path)
    return data
 def update_pair(request, pair_id: str, **fields) -> Dict[str, Any]:
    path = EP('PAIR_DETAIL_PATH').format(pair_id=pair_id)
    _, data = request_api(request, 'PATCH', path, json=fields)
    return data
 def delete_pair(request, pair_id: str) -> None:
    path = EP('PAIR_DETAIL_PATH').format(pair_id=pair_id)
    request_api(request, 'DELETE', path)
 def accept_pair(request, pair_id: str) -> Dict[str, Any]:
    path = EP('PAIR_ACCEPT_PATH').format(pair_id=pair_id)
    _, data = request_api(request, 'POST', path)
    return data
 def reject_pair(request, pair_id: str) -> Dict[str, Any]:
    path = EP('PAIR_REJECT_PATH').format(pair_id=pair_id)
    _, data = request_api(request, 'POST', path)
    return data
 # ==========================
 #           CHAT
 # ==========================
 def my_rooms(request) -> Union[List[Dict[str, Any]], Dict[str, Any]]:
    _, data = request_api(request, 'GET', EP('ROOMS_PATH'))
    return data
 def get_room(request, room_id: str) -> Dict[str, Any]:
    path = EP('ROOM_DETAIL_PATH').format(room_id=room_id)
    _, data = request_api(request, 'GET', path)
    return data
 def create_room(request, title: Optional[str] = None, participants: List[str] = []) -> Dict[str, Any]:
    body = {'title': title, 'participants': participants}
    _, data = request_api(request, 'POST', EP('ROOMS_PATH'), json=body)
    return data
 def send_message(request, room_id: str, content: str) -> Dict[str, Any]:
    body = {'content': content}
    path = EP('ROOM_MESSAGES_PATH').format(room_id=room_id)
    _, data = request_api(request, 'POST', path, json=body)
    return data
 def list_messages(request, room_id: str, offset: int = 0, limit: int = 100) -> Union[List[Dict[str, Any]], Dict[str, Any]]:
    params = {'offset': offset, 'limit': limit}
    path = EP('ROOM_MESSAGES_PATH').format(room_id=room_id)
    _, data = request_api(request, 'GET', path, params=params)
    return data
 # ==========================
 #         PAYMENTS
 # ==========================
 def create_invoice(request, client_id: str, amount: float, currency: str, description: Optional[str] = None) -> Dict[str, Any]:
    body = {'client_id': client_id, 'amount': amount, 'currency': currency, 'description': description}
    _, data = request_api(request, 'POST', EP('INVOICES_PATH'), json=body)
    return data
 def list_invoices(request, client_id: Optional[str] = None, status: Optional[str] = None, offset: int = 0, limit: int = 50) -> Union[List[Dict[str, Any]], Dict[str, Any]]:
    params = {'client_id': client_id, 'status': status, 'offset': offset, 'limit': limit}
    params = {k: v for k, v in params.items() if v is not None}
    _, data = request_api(request, 'GET', EP('INVOICES_PATH'), params=params)
    return data
 def get_invoice(request, inv_id: str) -> Dict[str, Any]:
    path = EP('INVOICE_DETAIL_PATH').format(inv_id=inv_id)
    _, data = request_api(request, 'GET', path)
    return data
 def update_invoice(request, inv_id: str, **fields) -> Dict[str, Any]:
    path = EP('INVOICE_DETAIL_PATH').format(inv_id=inv_id)
    _, data = request_api(request, 'PATCH', path, json=fields)
    return data
 def delete_invoice(request, inv_id: str) -> None:
    path = EP('INVOICE_DETAIL_PATH').format(inv_id=inv_id)
    request_api(request, 'DELETE', path)
 def mark_invoice_paid(request, inv_id: str) -> Dict[str, Any]:
    path = EP('INVOICE_MARK_PAID_PATH').format(inv_id=inv_id)
    _, data = request_api(request, 'POST', path)
    return data
 def upload_my_photo(request, file_obj) -> Dict[str, Any]:
    """
    Отправляет multipart/form-data на бекенд для загрузки фото профиля.
    Ожидаем, что сервер примет поле 'file' и вернёт обновлённый профиль или {photo_url: "..."}.
    """
    path = EP('PROFILE_PHOTO_UPLOAD_PATH')
    filename = getattr(file_obj, 'name', 'photo.jpg')
    content_type = getattr(file_obj, 'content_type', 'application/octet-stream')
    files = {'file': (filename, file_obj, content_type)}
    _, data = request_api(request, 'POST', path, files=files)
    return data
 def delete_my_photo(request) -> Dict[str, Any]:
    """
    Удаляет фото профиля (если сервер поддерживает DELETE на том же пути).
    """
    path = EP('PROFILE_PHOTO_DELETE_PATH')
    _, data = request_api(request, 'DELETE', path)
    return data
--- a/ui/context_processors.py
+++ b/ui/context_processors.py
@@ -0,0 +1,11 @@
 from django.conf import settings
 def public_settings(request):
    return {
        'DEBUG': settings.DEBUG,
    }
 def current_user(request):
    # Very lightweight 'user' from API token in session
    auth = request.session.get('auth', {})
    return {'api_user': auth.get('user')}
--- a/ui/urls.py
+++ b/ui/urls.py
@@ -0,0 +1,20 @@
 from django.urls import path
 from . import views
 urlpatterns = [
    path('', views.index, name='index'),
    # Кабинет
    path("cabinet/", views.cabinet_view, name="cabinet"),
    path("cabinet/photo/upload/", views.cabinet_upload_photo, name="cabinet_upload_photo"),
    path("cabinet/photo/delete/", views.cabinet_delete_photo, name="cabinet_delete_photo"),
    # Каталог
    path("profiles/", views.profile_list, name="profiles"),
    path("profiles/<uuid:pk>/", views.profile_detail, name="profile_detail"),
    path("profiles/<uuid:pk>/like/", views.like_profile, name="like_profile"),
    # Регистрация и авторизация
    path('register/', views.register_view, name='register'),
    path('login/', views.login_view, name='login'),
    path('logout/', views.logout_view, name='logout'),
 ]
--- a/ui/views.py
+++ b/ui/views.py
@@ -0,0 +1,492 @@
 import base64
 import json
 import time
 from typing import List, Dict, Any, Optional
 from django.http import Http404, HttpResponse
 from django.shortcuts import render, redirect
 from django.views.decorators.http import require_http_methods, require_POST
 from django.contrib import messages
 from django.core.exceptions import PermissionDenied
 from django.conf import settings
 from django.views.decorators.csrf import csrf_exempt
 from . import api
 from .api import ApiError
 # -------- helpers (cookies/JWT) --------
 def _cookie_secure() -> bool:
    # в dev можно False, в prod обязательно True
    return not getattr(settings, "DEBUG", True)
 def _jwt_exp_seconds(token: Optional[str], default_sec: int = 12 * 3600) -> int:
    """
    Пытаемся вытащить exp из JWT и посчитать max_age для куки.
    Если не получилось — даём дефолт (12 часов).
    """
    if not token or token.count(".") != 2:
        return default_sec
    try:
        payload_b64 = token.split(".")[1]
        payload_b64 += "=" * (-len(payload_b64) % 4)
        payload = json.loads(base64.urlsafe_b64decode(payload_b64.encode()).decode("utf-8"))
        exp = int(payload.get("exp", 0))
        now = int(time.time())
        if exp > now:
            # добавим небольшой «запас» (минус 60 сек)
            return max(60, exp - now - 60)
        return default_sec
    except Exception:
        return default_sec
 def _set_auth_cookies(resp: HttpResponse, access_token: Optional[str], refresh_token: Optional[str]) -> None:
    """
    Кладём токены в HttpOnly cookies с корректным сроком жизни.
    """
    if access_token:
        resp.set_cookie(
            "access_token",
            access_token,
            max_age=_jwt_exp_seconds(access_token),
            httponly=True,
            samesite="Lax",
            secure=_cookie_secure(),
            path="/",
        )
    if refresh_token:
        resp.set_cookie(
            "refresh_token",
            refresh_token,
            max_age=_jwt_exp_seconds(refresh_token, default_sec=7 * 24 * 3600),
            httponly=True,
            samesite="Lax",
            secure=_cookie_secure(),
            path="/",
        )
 def _clear_auth_cookies(resp: HttpResponse) -> None:
    resp.delete_cookie("access_token", path="/")
    resp.delete_cookie("refresh_token", path="/")
 # -------- UI helpers --------
 def index(request):
    return render(request, "ui/index.html", {})
 def _auth_required_partial(request) -> HttpResponse:
    # Мини‑partial под HTMX для кнопки "в избранное", если нет логина
    return render(request, "ui/components/like_button_login_required.html", {})
 def _is_admin(request) -> bool:
    return (request.session.get("user_role") or "").upper() == "ADMIN"
 def _user_to_profile_stub(u: Dict[str, Any]) -> Dict[str, Any]:
    name = u.get("full_name") or u.get("email") or "Без имени"
    return {
        "id": u.get("id"),
        "name": name,
        "email": u.get("email") or "",
        "role": (u.get("role") or "").upper() or "CLIENT",
        "verified": u.get("is_active", False),
        # ↓ ключевые правки — чтобы шаблон не генерил src="None"
        "age": None,
        "city": None,
        "about": "",
        "photo": "",          # было: None
        "interests": [],
        "liked": False,
    }
 def _format_validation(payload: Optional[dict]) -> Optional[str]:
    """Сборка сообщений 422 ValidationError в одну строку."""
    if not payload:
        return None
    det = payload.get("detail")
    if isinstance(det, list):
        msgs = []
        for item in det:
            msg = item.get("msg")
            loc = item.get("loc")
            if isinstance(loc, list) and loc:
                field = ".".join(str(x) for x in loc if isinstance(x, (str, int)))
                if field and field not in ("body",):
                    msgs.append(f"{field}: {msg}")
                else:
                    msgs.append(msg)
            elif msg:
                msgs.append(msg)
        return "; ".join(m for m in msgs if m)
    return payload.get("message") or payload.get("detail")
 # ---------------- Auth ----------------
@require_http_methods(["GET", "POST"])
 def login_view(request):
    if request.method == "POST":
        email = (request.POST.get("email") or "").strip()
        password = (request.POST.get("password") or "").strip()
        if not email or not password:
            messages.error(request, "Укажите email и пароль")
        else:
            try:
                token_pair = api.login(request, email, password)  # POST /auth/v1/token
                access = token_pair.get("access_token")
                refresh = token_pair.get("refresh_token") or token_pair.get("refresh")
                if not access:
                    raise ApiError(0, "API не вернул access_token")
                # Пока храним и в сессии, и в куки (куки — для твоей задачи; сессия — на случай refresh внутри запроса)
                request.session["access_token"] = access
                if refresh:
                    request.session["refresh_token"] = refresh
                me = api.get_current_user(request)  # GET /auth/v1/me
                request.session["user_id"] = me.get("id") or me.get("user_id")
                request.session["user_email"] = me.get("email")
                request.session["user_full_name"] = me.get("full_name") or me.get("email")
                request.session["user_role"] = me.get("role") or "CLIENT"
                request.session.modified = True
                user_label = request.session.get("user_full_name") or request.session.get("user_email") or "пользователь"
                messages.success(request, f"Здравствуйте, {user_label}!")
                next_url = request.GET.get("next")
                if not next_url:
                    next_url = "profiles" if _is_admin(request) else "cabinet"
                resp = redirect(next_url)
                _set_auth_cookies(resp, access, refresh)
                return resp
            except PermissionDenied:
                messages.error(request, "Неверные учётные данные")
            except ApiError as e:
                messages.error(request, f"Ошибка входа: {e}")
    return render(request, "ui/login.html", {})
@require_http_methods(["GET", "POST"])
 def register_view(request):
    """
    Регистрация → авто‑логин → установка токенов в cookies → редирект.
    """
    if request.method == "POST":
        email = (request.POST.get("email") or "").strip()
        password = (request.POST.get("password") or "").strip()
        full_name = (request.POST.get("full_name") or "").strip() or None
        if not email or not password:
            messages.error(request, "Укажите email и пароль")
        else:
            try:
                api.register_user(request, email=email, password=password, full_name=full_name, role='CLIENT')
                token_pair = api.login(request, email=email, password=password)
                access = token_pair.get("access_token")
                refresh = token_pair.get("refresh_token") or token_pair.get("refresh")
                if not access:
                    raise ApiError(0, "API не вернул access_token после регистрации")
                request.session["access_token"] = access
                if refresh:
                    request.session["refresh_token"] = refresh
                me = api.get_current_user(request)
                request.session["user_id"] = me.get("id") or me.get("user_id")
                request.session["user_email"] = me.get("email")
                request.session["user_full_name"] = me.get("full_name") or me.get("email")
                request.session["user_role"] = me.get("role") or "CLIENT"
                request.session.modified = True
                messages.success(request, "Регистрация успешна! Вы вошли в систему.")
                next_url = request.GET.get("next")
                if not next_url:
                    next_url = "profiles" if _is_admin(request) else "cabinet"
                resp = redirect(next_url)
                _set_auth_cookies(resp, access, refresh)
                return resp
            except ApiError as e:
                payload = getattr(e, "payload", None)
                if payload and isinstance(payload, dict):
                    nice = _format_validation(payload)
                    messages.error(request, nice or f"Ошибка регистрации: {e}")
                else:
                    messages.error(request, f"Ошибка регистрации: {e}")
            except PermissionDenied:
                messages.info(request, "Регистрация прошла, войдите под своим email/паролем")
                return redirect("login")
    return render(request, "ui/register.html", {})
@require_http_methods(["POST", "GET"])
 def logout_view(request):
    for key in ("access_token", "refresh_token", "user_id", "user_email", "user_full_name", "user_role", "likes"):
        request.session.pop(key, None)
    request.session.modified = True
    messages.info(request, "Вы вышли из аккаунта")
    resp = redirect("index")
    _clear_auth_cookies(resp)
    return resp
 # ---------------- Catalog (Admin‑only) ----------------
@require_http_methods(["GET"])
 def profile_list(request):
    """
    Каталог анкет (по сути — пользователей) с фильтрами и пагинацией.
    Доступно только ADMIN (по API /auth/v1/users; у клиента прав нет).
    Фильтры клиентские: q (имя/email), role, active, email_domain; сортировка; page/limit.
    """
    if not (request.session.get("access_token") or request.COOKIES.get("access_token")):
        messages.info(request, "Войдите, чтобы открыть каталог")
        return redirect("login")
    if not _is_admin(request):
        messages.info(request, "Каталог доступен только администраторам. Перенаправляем в Кабинет.")
        return redirect("cabinet")
    # --- читаем query-параметры ---
    q = (request.GET.get("q") or "").strip().lower()
    role = (request.GET.get("role") or "").strip().upper()  # CLIENT|ADMIN|"" (любой)
    active = request.GET.get("active")  # "1"|"0"|None
    email_domain = (request.GET.get("domain") or "").strip().lower().lstrip("@")
    # сортировка: name, name_desc, email, email_desc (по умолчанию name)
    sort = (request.GET.get("sort") or "name").strip().lower()
    page = max(1, int(request.GET.get("page") or 1))
    limit = min(max(1, int(request.GET.get("limit") or 20)), 200)  # API максимум 200, см. спеки :contentReference[oaicite:1]{index=1}
    offset = (page - 1) * limit
    error: Optional[str] = None
    profiles: List[Dict[str, Any]] = []
    page_info = {"page": page, "limit": limit, "has_prev": page > 1, "has_next": False}
    try:
        # Серверная пагинация есть, фильтров — нет (кроме offset/limit) → забираем страницу
        data = api.list_users(request, offset=offset, limit=limit)  # GET /auth/v1/users :contentReference[oaicite:2]{index=2}
        users: List[Dict[str, Any]] = (data.get("items") if isinstance(data, dict) else data) or []
        # --- клиентская фильтрация ---
        def keep(u: Dict[str, Any]) -> bool:
            if q:
                fn = (u.get("full_name") or "").lower()
                em = (u.get("email") or "").lower()
                if q not in fn and q not in em:
                    return False
            if role and (u.get("role") or "").upper() != role:
                return False
            if active in ("1", "0"):
                is_act = bool(u.get("is_active"))
                if (active == "1" and not is_act) or (active == "0" and is_act):
                    return False
            if email_domain:
                em = (u.get("email") or "").lower()
                dom = em.split("@")[-1] if "@" in em else ""
                if dom != email_domain:
                    return False
            return True
        users = [u for u in users if keep(u)]
        # --- сортировка ---
        def key_name(u):  return (u.get("full_name") or u.get("email") or "").lower()
        def key_email(u): return (u.get("email") or "").lower()
        if sort == "name":
            users.sort(key=key_name)
        elif sort == "name_desc":
            users.sort(key=key_name, reverse=True)
        elif sort == "email":
            users.sort(key=key_email)
        elif sort == "email_desc":
            users.sort(key=key_email, reverse=True)
        # Преобразуем в «анкеты»
        profiles = [_user_to_profile_stub(u) for u in users]
        # отметка лайков (локальная сессия)
        liked_ids = set(request.session.get("likes", []))
        for p in profiles:
            p["liked"] = p.get("id") in liked_ids
        # has_next — на глаз: если сервер отдал ровно limit без наших фильтров,
        # считаем, что следующая страница потенциально есть
        page_info["has_next"] = (len(users) == limit and not (q or role or active in ("1","0") or email_domain))
        # (если включены клиентские фильтры — не знаем полный объём; оставим conservative False)
    except PermissionDenied as e:
        messages.error(request, f"Нет доступа к каталогу: {e}")
        return redirect("cabinet")
    except ApiError as e:
        error = str(e)
    ctx = {
        "profiles": profiles,
        "filters": {
            "q": (request.GET.get("q") or "").strip(),
            "role": role,
            "active": (active or ""),
            "domain": (request.GET.get("domain") or "").strip(),
            "sort": sort,
            "page": page,
            "limit": limit,
        },
        "count": len(profiles),
        "page": page_info,
        "error": error,
        "page_sizes": [10, 20, 50, 100, 200],
    }
    return render(request, "ui/profiles_list.html", ctx)
@require_http_methods(["GET"])
 def profile_detail(request, pk: str):
    """
    Детальная карточка пользователя — тоже ADMIN‑only.
    """
    if not (request.session.get("access_token") or request.COOKIES.get("access_token")):
        return redirect("login")
    if not _is_admin(request):
        messages.info(request, "Детали пользователей доступны только администраторам.")
        return redirect("cabinet")
    try:
        user = api.get_user(request, user_id=str(pk))
    except PermissionDenied as e:
        messages.error(request, f"Нет доступа: {e}")
        return redirect("cabinet")
    except ApiError as e:
        if e.status == 404:
            raise Http404("Пользователь не найден")
        messages.error(request, str(e))
        return redirect("profiles")
    profile = _user_to_profile_stub(user)
    liked_ids = set(request.session.get("likes", []))
    liked = profile.get("id") in liked_ids
    return render(request, "ui/profile_detail.html", {"profile": profile, "liked": liked})
@require_POST
 def like_profile(request, pk: str):
    """
    Локальный «лайк» (для демо). Не требует API.
    """
    if not (request.session.get("access_token") or request.COOKIES.get("access_token")):
        return _auth_required_partial(request)
    likes = set(request.session.get("likes", []))
    if str(pk) in likes:
        likes.remove(str(pk))
        liked = False
    else:
        likes.add(str(pk))
        liked = True
    request.session["likes"] = list(likes)
    request.session.modified = True
    return render(request, "ui/components/like_button.html", {"profile_id": pk, "liked": liked})
 # ---------------- Кабинет: мой профиль ----------------
@require_http_methods(["GET", "POST"])
 def cabinet_view(request):
    """
    Мой профиль:
    - GET: /profiles/v1/profiles/me; если 404 — пустая форма создания
    - POST: /profiles/v1/profiles (создать/заполнить свой профиль)
    """
    if not (request.session.get("access_token") or request.COOKIES.get("access_token")):
        messages.info(request, "Для доступа к кабинету войдите в систему")
        return redirect("login")
    if request.method == "POST":
        gender = (request.POST.get("gender") or "").strip()
        city = (request.POST.get("city") or "").strip()
        languages = [s.strip() for s in (request.POST.get("languages") or "").split(",") if s.strip()]
        interests = [s.strip() for s in (request.POST.get("interests") or "").split(",") if s.strip()]
        if not gender or not city:
            messages.error(request, "Укажите пол и город")
        else:
            try:
                profile = api.create_my_profile(request, gender=gender, city=city, languages=languages, interests=interests)
                messages.success(request, "Профиль создан")
                return render(request, "ui/cabinet.html", {"profile": profile, "has_profile": True})
            except PermissionDenied:
                messages.error(request, "Сессия истекла, войдите снова")
                return redirect("login")
            except ApiError as e:
                payload = getattr(e, "payload", None)
                nice = _format_validation(payload) if isinstance(payload, dict) else None
                messages.error(request, nice or f"Ошибка сохранения профиля: {e}")
    # GET
    try:
        profile = api.get_my_profile(request)
        # шапка кабинета — имя из сессии (или email)
        header_name = request.session.get("user_full_name") or request.session.get("user_email") or ""
        return render(request, "ui/cabinet.html", {"profile": profile, "has_profile": True, "header_name": header_name})
    except ApiError as e:
        if e.status == 404:
            header_name = request.session.get("user_full_name") or request.session.get("user_email") or ""
            return render(request, "ui/cabinet.html", {"profile": None, "has_profile": False, "header_name": header_name})
        messages.error(request, f"Ошибка загрузки профиля: {e}")
        return render(request, "ui/cabinet.html", {"profile": None, "has_profile": False})
    except PermissionDenied:
        messages.error(request, "Сессия истекла, войдите снова")
        return redirect("login")
@require_POST
 def cabinet_upload_photo(request):
    # Требуется логин
    if not (request.session.get("access_token") or request.COOKIES.get("access_token")):
        messages.info(request, "Войдите, чтобы загрузить фото")
        return redirect("login")
    f = request.FILES.get("photo")
    if not f:
        messages.error(request, "Файл не выбран")
        return redirect("cabinet")
    if f.size and f.size > 5 * 1024 * 1024:
        messages.error(request, "Файл слишком большой (макс. 5 МБ)")
        return redirect("cabinet")
    try:
        api.upload_my_photo(request, f)
        messages.success(request, "Фото обновлено")
    except PermissionDenied:
        messages.error(request, "Сессия истекла, войдите снова")
        return redirect("login")
    except ApiError as e:
        if e.status in (404, 405):
            messages.error(request, "Бэкенд пока не поддерживает загрузку фото (нет эндпоинта).")
        else:
            messages.error(request, f"Ошибка загрузки: {e}")
    return redirect("cabinet")
@require_POST
 def cabinet_delete_photo(request):
    if not (request.session.get("access_token") or request.COOKIES.get("access_token")):
        messages.info(request, "Войдите, чтобы удалить фото")
        return redirect("login")
    try:
        api.delete_my_photo(request)
        messages.success(request, "Фото удалено")
    except PermissionDenied:
        messages.error(request, "Сессия истекла, войдите снова")
        return redirect("login")
    except ApiError as e:
        if e.status in (404, 405):
            messages.error(request, "Удаление фото не поддерживается бэкендом.")
        else:
            messages.error(request, f"Ошибка удаления: {e}")
    return redirect("cabinet")