phase 3 23 qr-scan-check

2026-03-10 12:11:38 +00:00
parent 887a718a65
commit 3bf4a2189f
8 changed files with 377 additions and 8 deletions
--- a/backend/api/routers/tickets.py
+++ b/backend/api/routers/tickets.py
@@ -1,4 +1,4 @@
-from fastapi import APIRouter, Depends
+from fastapi import APIRouter, Depends, HTTPException, status
 from sqlalchemy import select
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy.orm import selectinload
@@ -6,7 +6,7 @@ from sqlalchemy.orm import selectinload
 from api.deps import get_current_user
 from database.models import Seat, Ticket, TicketStatus, User
 from database.session import get_db
-from schemas.ticket import TicketResponse
+from schemas.ticket import TicketResponse, TicketScanRequest, TicketScanResponse

 router = APIRouter(prefix="/api/tickets", tags=["tickets"])

@@ -27,3 +27,59 @@ async def get_my_tickets(
        .order_by(Ticket.created_at.desc())
    )
    return list(result.scalars().all())
+
+
+@router.post("/scan", response_model=TicketScanResponse)
+async def scan_ticket(
+    body: TicketScanRequest,
+    current_user: User = Depends(get_current_user),
+    db: AsyncSession = Depends(get_db),
+) -> TicketScanResponse:
+    """
+    Сканирует билет по secret_token (QR-код).
+    Переводит статус PAID → SCANNED. Идемпотентно обрабатывает повторное сканирование.
+    """
+    result = await db.execute(
+        select(Ticket).where(Ticket.secret_token == body.token)
+    )
+    ticket: Ticket | None = result.scalar_one_or_none()
+
+    if ticket is None:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=TicketScanResponse(
+                success=False,
+                message="Билет не найден или подделка",
+                ticket_id=None,
+            ).model_dump(),
+        )
+
+    if ticket.status == TicketStatus.SCANNED:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=TicketScanResponse(
+                success=False,
+                message="Билет уже отсканирован!",
+                ticket_id=ticket.id,
+            ).model_dump(),
+        )
+
+    if ticket.status != TicketStatus.PAID:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=TicketScanResponse(
+                success=False,
+                message=f"Проход запрещен: статус билета '{ticket.status.value}'",
+                ticket_id=ticket.id,
+            ).model_dump(),
+        )
+
+    # PAID → SCANNED
+    ticket.status = TicketStatus.SCANNED
+    await db.commit()
+
+    return TicketScanResponse(
+        success=True,
+        message="Проход разрешен",
+        ticket_id=ticket.id,
+    )
--- a/backend/core/pdf_generator.py
+++ b/backend/core/pdf_generator.py
@@ -3,7 +3,6 @@
 Поддержка кириллицы: ищет системный TTF-шрифт; при неудаче — транслитерация.
 """
 import io
-import json
 import os

 import qrcode
@@ -85,6 +84,7 @@ def generate_qr_ticket(
    row: int,
    number: int,
    price: int,
+    secret_token: str,
 ) -> bytes:
    """
    Renders a landscape ticket (600×250 pt) and returns PDF bytes.
@@ -165,11 +165,7 @@ def generate_qr_ticket(
    c.drawCentredString(495, 30, _safe("Сканировать при входе"))

    # ── QR code ──
-    qr_data = json.dumps(
-        {"id": ticket_id, "t": title, "s": sector, "r": row, "m": number},
-        ensure_ascii=False,
-        separators=(",", ":"),
-    )
+    qr_data = f"https://openticket.artifitial.ru/scanner?token={secret_token}"
    qr = qrcode.QRCode(box_size=5, border=1, error_correction=qrcode.constants.ERROR_CORRECT_M)
    qr.add_data(qr_data)
    qr.make(fit=True)
--- a/backend/database/models.py
+++ b/backend/database/models.py
@@ -1,4 +1,5 @@
 import enum
+import uuid
 from datetime import datetime, timezone
 from sqlalchemy import String, Integer, ForeignKey, DateTime, Enum, Boolean
 from sqlalchemy.orm import DeclarativeBase, Mapped, mapped_column, relationship
@@ -55,6 +56,11 @@ class Ticket(Base):
    )
    idempotency_key: Mapped[str] = mapped_column(String, unique=True, nullable=True)
    pdf_url: Mapped[str | None] = mapped_column(String, nullable=True)
+    # nullable=True — безопасно для существующих строк; новые билеты получают UUID автоматически
+    secret_token: Mapped[str | None] = mapped_column(
+        String, unique=True, index=True, nullable=True,
+        default=lambda: str(uuid.uuid4()),
+    )
    created_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), default=lambda: datetime.now(timezone.utc))
    updated_at: Mapped[datetime] = mapped_column(
        DateTime(timezone=True), 
--- a/backend/migrations/versions/b2e071ae215a_add_secret_token.py
+++ b/backend/migrations/versions/b2e071ae215a_add_secret_token.py
@@ -0,0 +1,34 @@
+"""add secret token
+
+Revision ID: b2e071ae215a
+Revises: d096f9d0b612
+Create Date: 2026-03-10 11:51:02.385582
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision: str = 'b2e071ae215a'
+down_revision: Union[str, Sequence[str], None] = 'd096f9d0b612'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Upgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.add_column('tickets', sa.Column('secret_token', sa.String(), nullable=True))
+    op.create_index(op.f('ix_tickets_secret_token'), 'tickets', ['secret_token'], unique=True)
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    """Downgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_index(op.f('ix_tickets_secret_token'), table_name='tickets')
+    op.drop_column('tickets', 'secret_token')
+    # ### end Alembic commands ###
--- a/backend/schemas/ticket.py
+++ b/backend/schemas/ticket.py
@@ -32,3 +32,13 @@ class TicketResponse(BaseModel):
    seat: SeatInfo

    model_config = ConfigDict(from_attributes=True)
+
+
+class TicketScanRequest(BaseModel):
+    token: str
+
+
+class TicketScanResponse(BaseModel):
+    success: bool
+    message: str
+    ticket_id: int | None
--- a/backend/worker.py
+++ b/backend/worker.py
@@ -71,6 +71,7 @@ async def _handle_ticket_paid(
        row=seat.row,
        number=seat.number,
        price=seat.price,
+        secret_token=str(ticket.secret_token),
    )

    object_name = f"tickets/ticket_{ticket_id}.pdf"
--- a/frontend-client/src/api/client.ts
+++ b/frontend-client/src/api/client.ts
@@ -122,6 +122,34 @@ export async function processPaymentWebhook(ticketId: number): Promise<void> {
  });
 }

+// ─── Ticket scanner ───────────────────────────────────────────────────────────
+
+export interface ScanResponse {
+  success: boolean;
+  message: string;
+  ticket_id?: number;
+}
+
+/**
+ * POST /api/tickets/scan
+ * Validates a ticket token and marks it as SCANNED.
+ * Always resolves (never throws) — 400/404 error bodies are returned as ScanResponse.
+ */
+export async function scanTicketApi(token: string): Promise<ScanResponse> {
+  try {
+    const response = await apiClient.post<ScanResponse>("/tickets/scan", { token });
+    return response.data;
+  } catch (err) {
+    const axiosErr = err as import("axios").AxiosError<{ detail: ScanResponse }>;
+    // Backend encodes ScanResponse inside HTTPException.detail
+    const detail = axiosErr.response?.data?.detail;
+    if (detail && typeof detail === "object" && "success" in detail) {
+      return detail as ScanResponse;
+    }
+    return { success: false, message: "Ошибка соединения с сервером" };
+  }
+}
+
 // ─── Tournament public seats ──────────────────────────────────────────────────

 /**
--- a/frontend-client/src/app/scanner/page.tsx
+++ b/frontend-client/src/app/scanner/page.tsx
@@ -0,0 +1,238 @@
+"use client";
+
+import { Suspense, useEffect, useRef, useState } from "react";
+import { useRouter, useSearchParams } from "next/navigation";
+import { CheckCircle2, XCircle, Loader2, ScanLine, LogIn } from "lucide-react";
+import { scanTicketApi, type ScanResponse } from "@/api/client";
+import { useAuthStore } from "@/store/authStore";
+
+// ─── Types ────────────────────────────────────────────────────────────────────
+
+type ScanStatus = "idle" | "loading" | "success" | "error";
+
+// ─── Result screen ────────────────────────────────────────────────────────────
+
+function ResultScreen({
+  scanStatus,
+  message,
+  ticketId,
+  onReset,
+}: {
+  scanStatus: "success" | "error";
+  message: string;
+  ticketId?: number;
+  onReset: () => void;
+}) {
+  const isSuccess = scanStatus === "success";
+
+  return (
+    <div
+      className={`flex flex-col items-center justify-center min-h-screen w-full px-6 transition-colors duration-300 ${
+        isSuccess ? "bg-green-500" : "bg-red-500"
+      }`}
+    >
+      {isSuccess ? (
+        <CheckCircle2 className="text-white mb-6" size={120} strokeWidth={1.5} />
+      ) : (
+        <XCircle className="text-white mb-6" size={120} strokeWidth={1.5} />
+      )}
+
+      <p className="text-white text-[32px] font-black tracking-tight text-center uppercase leading-tight">
+        {isSuccess ? "ПРОХОД РАЗРЕШЕН" : "ПРОХОД ЗАПРЕЩЕН"}
+      </p>
+
+      {ticketId && (
+        <p className="text-white/70 text-[14px] font-medium mt-2">
+          Билет #{ticketId}
+        </p>
+      )}
+
+      <p className="text-white/90 text-[18px] font-semibold mt-4 text-center max-w-[300px] leading-snug">
+        {message}
+      </p>
+
+      <button
+        onClick={onReset}
+        className="mt-12 px-8 py-3.5 bg-white/20 hover:bg-white/30 active:scale-95 transition-all rounded-2xl text-white text-[15px] font-semibold"
+      >
+        Сканировать следующий
+      </button>
+    </div>
+  );
+}
+
+// ─── Loading screen ───────────────────────────────────────────────────────────
+
+function LoadingScreen() {
+  return (
+    <div className="flex flex-col items-center justify-center min-h-screen bg-[#121212]">
+      <Loader2 size={64} className="text-[#E32636] animate-spin mb-6" strokeWidth={1.5} />
+      <p className="text-white text-[20px] font-bold">Проверка билета…</p>
+      <p className="text-[#8E8E93] text-[13px] mt-2">Запрос к серверу</p>
+    </div>
+  );
+}
+
+// ─── Manual input form ────────────────────────────────────────────────────────
+
+function ManualInput({
+  onScan,
+  loading,
+}: {
+  onScan: (token: string) => void;
+  loading: boolean;
+}) {
+  const [value, setValue] = useState("");
+  const inputRef = useRef<HTMLInputElement>(null);
+
+  // Auto-focus for USB barcode scanners (act as keyboard)
+  useEffect(() => {
+    inputRef.current?.focus();
+  }, []);
+
+  function handleSubmit(e: React.FormEvent) {
+    e.preventDefault();
+    const token = value.trim();
+    if (token) onScan(token);
+  }
+
+  return (
+    <form onSubmit={handleSubmit} className="w-full max-w-[340px] flex flex-col gap-3">
+      <input
+        ref={inputRef}
+        type="text"
+        value={value}
+        onChange={(e) => setValue(e.target.value)}
+        placeholder="Введите или отсканируйте токен…"
+        autoComplete="off"
+        autoCorrect="off"
+        spellCheck={false}
+        className="w-full bg-[#2C2C2E] border border-[#3A3A3C] focus:border-[#E32636] rounded-2xl px-5 py-4 text-[15px] text-white placeholder-[#4B5563] outline-none transition-colors text-center tracking-wide"
+      />
+      <button
+        type="submit"
+        disabled={loading || !value.trim()}
+        className="w-full flex items-center justify-center gap-2 bg-[#E32636] hover:bg-[#C41E2A] disabled:opacity-50 disabled:cursor-not-allowed active:scale-95 transition-all text-white text-[16px] font-bold py-4 rounded-2xl"
+      >
+        {loading ? (
+          <><Loader2 size={18} className="animate-spin" /> Проверка…</>
+        ) : (
+          <><ScanLine size={18} /> Проверить билет</>
+        )}
+      </button>
+    </form>
+  );
+}
+
+// ─── Core scanner logic (needs Suspense because of useSearchParams) ───────────
+
+function ScannerCore() {
+  const router = useRouter();
+  const searchParams = useSearchParams();
+  const token = useAuthStore((s) => s.token);
+
+  const [scanStatus, setScanStatus]   = useState<ScanStatus>("idle");
+  const [message, setMessage]         = useState("");
+  const [ticketId, setTicketId]       = useState<number | undefined>();
+  const scanCalledRef                  = useRef(false);
+
+  // Auth guard
+  useEffect(() => {
+    if (!token) router.push("/login");
+  }, [token, router]);
+
+  // Auto-scan when ?token= is present in the URL
+  useEffect(() => {
+    const urlToken = searchParams.get("token");
+    if (!urlToken || scanCalledRef.current) return;
+    scanCalledRef.current = true;
+    void runScan(urlToken);
+  // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [searchParams]);
+
+  async function runScan(rawToken: string) {
+    setScanStatus("loading");
+    setMessage("");
+    setTicketId(undefined);
+
+    const result: ScanResponse = await scanTicketApi(rawToken);
+
+    setMessage(result.message);
+    setTicketId(result.ticket_id);
+    setScanStatus(result.success ? "success" : "error");
+  }
+
+  function handleReset() {
+    setScanStatus("idle");
+    setMessage("");
+    setTicketId(undefined);
+    scanCalledRef.current = false;
+    // Clear the URL token so a fresh scan can be started
+    router.replace("/scanner");
+  }
+
+  if (!token) return null;
+
+  if (scanStatus === "loading") return <LoadingScreen />;
+
+  if (scanStatus === "success" || scanStatus === "error") {
+    return (
+      <ResultScreen
+        scanStatus={scanStatus}
+        message={message}
+        ticketId={ticketId}
+        onReset={handleReset}
+      />
+    );
+  }
+
+  // ── Idle: manual input UI ──
+  return (
+    <div className="flex justify-center min-h-screen bg-[#121212]">
+      <div className="w-full max-w-[390px] flex flex-col items-center px-5 pt-16 pb-10">
+
+        {/* Brand / header */}
+        <div className="w-16 h-16 rounded-2xl bg-[#E32636] flex items-center justify-center mb-6">
+          <ScanLine size={32} className="text-white" strokeWidth={2} />
+        </div>
+        <h1 className="text-[26px] font-black text-white tracking-tight mb-1">
+          Сканер билетов
+        </h1>
+        <p className="text-[13px] text-[#8E8E93] mb-10 text-center">
+          Наведите QR-код или введите токен вручную
+        </p>
+
+        <ManualInput onScan={runScan} loading={false} />
+
+        {/* Hint for USB scanners */}
+        <p className="text-[11px] text-[#4B5563] mt-8 text-center leading-relaxed max-w-[260px]">
+          USB-сканер работает как клавиатура —{"\n"}поле захватит фокус автоматически
+        </p>
+
+        <button
+          onClick={() => router.push("/")}
+          className="mt-auto pt-10 flex items-center gap-1.5 text-[12px] text-[#8E8E93] hover:text-white transition-colors"
+        >
+          <LogIn size={13} />
+          На главную
+        </button>
+      </div>
+    </div>
+  );
+}
+
+// ─── Page export (wraps in Suspense for useSearchParams) ─────────────────────
+
+export default function ScannerPage() {
+  return (
+    <Suspense
+      fallback={
+        <div className="flex items-center justify-center min-h-screen bg-[#121212]">
+          <Loader2 size={40} className="text-[#E32636] animate-spin" />
+        </div>
+      }
+    >
+      <ScannerCore />
+    </Suspense>
+  );
+}