release: v1.0.0 — changelog и документация после v0.20

Co-authored-by: Cursor <cursoragent@cursor.com>
feat: обновление с Git из админки (/admin/system)
2026-05-17 14:28:32 +03:00 · 2026-05-17 14:26:11 +03:00 · 2026-05-17 14:17:59 +03:00 · 2026-05-17 14:14:38 +03:00 · 2026-05-17 14:08:03 +03:00 · 2026-05-17 13:57:54 +03:00
45 changed files with 2324 additions and 120 deletions
@@ -1,5 +1,6 @@
-# Скопируйте: cp .env.docker.example .env
-# Используется docker compose (переменные подставляются в compose)
+# Docker: лучше запустить интерактивный установщик:
+#   bash scripts/install.sh
+# Или вручную: cp .env.docker.example .env

 POSTGRES_USER=shop
 POSTGRES_PASSWORD=shop
@@ -9,4 +10,7 @@ APP_PORT=3000
 SESSION_SECRET=change-me-to-a-long-random-string
 TRUST_PROXY=0

-# С профилем proxy (Caddy): TRUST_PROXY=1
+ADMIN_EMAIL=admin@site.com
+ADMIN_PASSWORD=admin
+ADMIN_NAME=Администратор
+SITE_URL=http://localhost:3000
@@ -26,6 +26,11 @@ SMTP_USER=
 SMTP_PASS=
 SMTP_FROM=shop@example.com

+# Обновление из админки (/admin/system)
+# SHOP_ROOT=/opt/shop
+# ADMIN_UPDATE_ENABLED=1
+# ADMIN_UPDATE_USE_SUDO=1
+
 # PostgreSQL 17 (одна строка или отдельные переменные)
 DATABASE_URL=postgresql://shop:shop@127.0.0.1:5432/shop
 # PGHOST=127.0.0.1
@@ -0,0 +1,42 @@
+## 1.0.0
+
+Стабильный релиз **1.0** — всё новое после **v0.20.0**.
+
+### Магазин
+
+- Промокоды (%, фикс. сумма), баллы лояльности, таймер акции в корзине
+- Акционная цена на товаре: старая цена зачёркнута, новая цена и % скидки
+- Подписка «сообщить о поступлении» + email при появлении на складе
+
+### Вход и админ
+
+- Passkey (WebAuthn) в профиле и на странице входа
+- Один админ — только `ADMIN_EMAIL` в `.env`
+- Админка: цены/скидки на товарах, промокоды, **обновление с Git** (`/admin/system`)
+- Иконки и улучшенное отображение цен
+
+### Сервер
+
+- `scripts/install.sh` — интерактивная установка
+- `SHOP_ROOT`, `server-update.sh`, `git-sync.sh`, systemd-скрипты
+- Wiki: Server-Operations, Troubleshooting
+
+### Обновление с 0.20
+
+```bash
+export SHOP_ROOT=/opt/shop/shop10   # ваш каталог
+git fetch origin && git checkout main && git pull
+bash "$SHOP_ROOT/scripts/server-update.sh"
+```
+
+Или после настройки sudo: **Админ → Обновление →** ввести `update`.
+
+### Новые переменные (.env)
+
+```env
+SHOP_ROOT=/opt/shop
+ADMIN_EMAIL=admin@site.com
+# Обновление из админки (опционально):
+ADMIN_UPDATE_ENABLED=1
+ADMIN_UPDATE_USE_SUDO=1
+```
@@ -1,5 +1,43 @@
 # Changelog

+## [1.0.0] — 2026-05-17
+
+Первый мажорный релиз после **v0.20.0**: безопасность, лояльность, акции на товары, удобная установка и обновление с сервера.
+
+### Безопасность и вход
+
+- **Passkey (WebAuthn):** привязка в профиле, вход без пароля
+- **Один администратор:** только email из `ADMIN_EMAIL`; остальные регистрируются как `customer`
+- Документация только под **PostgreSQL 17** (SQLite убран из описаний)
+
+### Магазин и маркетинг
+
+- **Промокоды:** процент или фиксированная скидка, мин. сумма, лимит использований, таймер до конца акции в корзине
+- **Баллы лояльности:** списание при оплате, начисление с заказа
+- **Цена со скидкой на товар:** `sale_price_cents`, дата окончания акции; в каталоге — зачёркнутая старая цена и бейдж
+- **Уведомление о поступлении:** подписка при нулевом остатке, email при пополнении склада
+
+### Админ-панель
+
+- Товары: цена, цена со скидкой, срок акции, остаток
+- Промокоды: создание и редактирование
+- **Обновление с Git:** `/admin/system` — `git pull`, `npm install`, перезапуск `shop` (с подтверждением)
+- Улучшенный UI: SVG-иконки, наглядные цены со скидкой
+
+### Установка и эксплуатация
+
+- Интерактивный **`scripts/install.sh`** (Docker или Ubuntu, админ, БД, SMTP)
+- **`SHOP_ROOT`**, **`git-sync.sh`**, **`server-update.sh`** — обновление без detached HEAD
+- **`install-shop-service.sh`**, **`wait-postgres.sh`**, освобождение порта 3000
+- Wiki: [Server-Operations](wiki/Server-Operations.md), универсальное развёртывание
+
+### Исправления
+
+- Пути `include` иконок в EJS (Internal Server Error после UI-обновления)
+- Быстрое развёртывание Ubuntu: PGDG PostgreSQL 17, корректный каталог репозитория
+
+[1.0.0]: https://git.evilfox.cc/test/shop10/releases/tag/v1.0.0
+
 ## [0.20.0] — 2026-05-17

 ### Роли и администрирование
@@ -1,10 +1,10 @@
 # Shop

-**v0.20.0** — интернет-магазин на **Node.js** и **PostgreSQL 17**.
+**v1.0.0** — интернет-магазин на **Node.js** и **PostgreSQL 17**.

 Два способа установки: [Docker Compose](#docker-compose-рекомендуется-для-теста) | [без Docker (Ubuntu)](#postgresql-17-без-docker)

-Подробности релиза: [CHANGELOG.md](CHANGELOG.md) · [docs/RELEASE-0.20.md](docs/RELEASE-0.20.md)
+Подробности релиза: [CHANGELOG.md](CHANGELOG.md) · [docs/RELEASE-1.0.md](docs/RELEASE-1.0.md) · [что нового после 0.20](docs/RELEASE-1.0.md#что-нового-после-020)

 **Сервер (установка, обновление, ошибки):** [wiki/Server-Operations.md](wiki/Server-Operations.md) · [wiki/Troubleshooting.md](wiki/Troubleshooting.md)

@@ -17,6 +17,7 @@
 - Роли: клиент (`customer`) и **один** администратор (`admin`) — аккаунт из `ADMIN_EMAIL` в `.env`
 - Согласие на cookies
 - Подписка «сообщить о поступлении», если товара нет в наличии
+- Лояльность (баллы), промокоды со скидкой и таймером до конца акции

 ## Требования

@@ -111,6 +112,19 @@ bash scripts/setup-postgres-ubuntu.sh

 ---

+## Интерактивный установщик
+
+Задаёт вопросы: **Docker или Ubuntu**, данные **администратора**, **PostgreSQL**, URL сайта, опционально SMTP.
+
+```bash
+cd /path/to/shop
+bash scripts/install.sh
+```
+
+Нативная установка на сервере — от root: `sudo bash scripts/install.sh`.
+
+---
+
 ## Быстрый развёртывание на Ubuntu

 Подставьте **URL своего репозитория** и каталог клона `SHOP_ROOT` (часто `/opt/shop`):
@@ -338,6 +352,7 @@ caddy/Caddyfile.docker.example
 deploy/shop.service
 scripts/
  setup-postgres-ubuntu.sh
+  install.sh
  install-postgresql-ubuntu.sh
  quick-deploy-ubuntu.sh
  fix-db-connection.sh
@@ -346,19 +361,22 @@ scripts/
 src/
 ```

-## Релиз 0.20.0
+## Релиз 1.0.0

 ```bash
 git clone <URL-вашего-репозитория> /opt/shop
 cd /opt/shop
-git checkout v0.20.0
+git checkout v1.0.0
 ```

 | Способ | Команда |
 |--------|---------|
+| Интерактивно | `bash scripts/install.sh` |
 | Docker | `docker compose up -d --build` |
 | Без Docker | `bash scripts/setup-postgres-ubuntu.sh` → `systemctl start shop` |

+Обновление с **0.20**: `bash "$SHOP_ROOT/scripts/server-update.sh"` или **Админ → Обновление**.
+
 ## Репозиторий

 ```bash
@@ -23,6 +23,8 @@ services:
    build: .
    container_name: shop-app
    restart: unless-stopped
+    env_file:
+      - .env
    depends_on:
      postgres:
        condition: service_healthy
@@ -31,7 +33,6 @@ services:
      HOST: 0.0.0.0
      PORT: 3000
      TRUST_PROXY: ${TRUST_PROXY:-0}
-      SESSION_SECRET: ${SESSION_SECRET:-change-me-in-docker-compose-env}
      DATABASE_URL: postgresql://${POSTGRES_USER:-shop}:${POSTGRES_PASSWORD:-shop}@postgres:5432/${POSTGRES_DB:-shop}
    ports:
      - '${APP_PORT:-3000}:3000'
@@ -0,0 +1,51 @@
+# Релиз 1.0.0
+
+Мажорный релиз после **v0.20.0**. Кратко: passkey, лояльность и промокоды, акционные цены, уведомления о поступлении, обновление из админки, установщик `install.sh`.
+
+## Что нового после 0.20
+
+| Область | Изменения |
+|---------|-----------|
+| Вход | Passkey (WebAuthn), один админ (`ADMIN_EMAIL`) |
+| Цены | Скидка на товар, промокоды, баллы лояльности |
+| Склад | Подписка на email при поступлении товара |
+| Админка | Цены/скидки, промокоды, **/admin/system** — обновление с Git |
+| UI | Иконки, зачёркнутая старая цена, бейдж «−N%» |
+| Deploy | `install.sh`, `SHOP_ROOT`, `git-sync`, wiki Server-Operations |
+
+## Быстрый старт
+
+### Новая установка
+
+```bash
+git clone <URL-репозитория> /opt/shop
+cd /opt/shop
+git checkout v1.0.0
+bash scripts/install.sh
+```
+
+### Обновление с v0.20.0
+
+```bash
+export SHOP_ROOT=/opt/shop   # или /opt/shop/shop10
+cd "$SHOP_ROOT"
+git fetch origin && git checkout main && git pull origin main
+bash "$SHOP_ROOT/scripts/server-update.sh"
+```
+
+## Админ: обновление без SSH
+
+1. В `.env`: `SHOP_ROOT`, `ADMIN_UPDATE_ENABLED=1`
+2. Sudoers для `www-data` на `scripts/admin-web-update.sh` (см. `/admin/system`)
+3. Админ → **Обновление** → проверить Git → ввести `update`
+
+## Тег и Release в Gitea
+
+```bash
+git tag -a v1.0.0 -m "Release 1.0.0"
+git push origin v1.0.0
+export GITEA_TOKEN=...
+bash scripts/publish-gitea-release.sh 1.0.0
+```
+
+Полный список: [CHANGELOG.md](../CHANGELOG.md)
@@ -1,6 +1,6 @@
 {
  "name": "shop",
-  "version": "0.20.0",
+  "version": "1.0.0",
  "description": "Интернет-магазин на Node.js с PostgreSQL 17",
  "main": "src/server.js",
  "scripts": {
@@ -0,0 +1,28 @@
+-- Лояльность и промокоды
+ALTER TABLE users ADD COLUMN IF NOT EXISTS loyalty_points INTEGER NOT NULL DEFAULT 0
+  CHECK (loyalty_points >= 0);
+
+CREATE TABLE IF NOT EXISTS promo_codes (
+  id SERIAL PRIMARY KEY,
+  code TEXT NOT NULL UNIQUE,
+  description TEXT NOT NULL DEFAULT '',
+  discount_type TEXT NOT NULL CHECK (discount_type IN ('percent', 'fixed')),
+  discount_value INTEGER NOT NULL CHECK (discount_value > 0),
+  starts_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+  expires_at TIMESTAMPTZ NOT NULL,
+  min_order_cents INTEGER NOT NULL DEFAULT 0 CHECK (min_order_cents >= 0),
+  max_uses INTEGER CHECK (max_uses IS NULL OR max_uses > 0),
+  use_count INTEGER NOT NULL DEFAULT 0 CHECK (use_count >= 0),
+  active BOOLEAN NOT NULL DEFAULT true,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_promo_codes_active ON promo_codes (active, expires_at);
+
+ALTER TABLE orders ADD COLUMN IF NOT EXISTS subtotal_cents INTEGER;
+ALTER TABLE orders ADD COLUMN IF NOT EXISTS discount_cents INTEGER NOT NULL DEFAULT 0;
+ALTER TABLE orders ADD COLUMN IF NOT EXISTS promo_code_id INTEGER REFERENCES promo_codes(id);
+ALTER TABLE orders ADD COLUMN IF NOT EXISTS loyalty_points_used INTEGER NOT NULL DEFAULT 0;
+ALTER TABLE orders ADD COLUMN IF NOT EXISTS loyalty_points_earned INTEGER NOT NULL DEFAULT 0;
+
+UPDATE orders SET subtotal_cents = total_cents WHERE subtotal_cents IS NULL;
@@ -0,0 +1,4 @@
+-- Цена со скидкой на товар (акция)
+ALTER TABLE products ADD COLUMN IF NOT EXISTS sale_price_cents INTEGER
+  CHECK (sale_price_cents IS NULL OR sale_price_cents >= 0);
+ALTER TABLE products ADD COLUMN IF NOT EXISTS sale_ends_at TIMESTAMPTZ;
@@ -0,0 +1,69 @@
+#!/bin/bash
+# Обновление кода из админки (git pull + npm + перезапуск shop)
+# Запуск: bash scripts/admin-web-update.sh
+# С www-data часто нужен sudoers: NOPASSWD на этот скрипт (ADMIN_UPDATE_USE_SUDO=1)
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+# shellcheck source=shop-root.sh
+source "$SCRIPT_DIR/shop-root.sh"
+
+RUN_USER="${SHOP_RUN_USER:-www-data}"
+PORT="${PORT:-3000}"
+
+run_in_shop() {
+  local cmd="$1"
+  if [ "$(id -u)" -eq 0 ] && [ "$(whoami)" != "$RUN_USER" ]; then
+    sudo -u "$RUN_USER" env SHOP_ROOT="$SHOP_ROOT" bash -c "cd \"$SHOP_ROOT\" && $cmd"
+  else
+    bash -c "cd \"$SHOP_ROOT\" && $cmd"
+  fi
+}
+
+git config --global --add safe.directory "$SHOP_ROOT" 2>/dev/null || true
+
+echo "=== Обновление Shop (админка) ==="
+echo "Каталог: $SHOP_ROOT"
+echo "Пользователь для git/npm: $(id -un 2>/dev/null || echo ?)"
+
+if [ ! -d .git ]; then
+  echo "Ошибка: нет .git в $SHOP_ROOT"
+  exit 1
+fi
+
+echo ""
+echo "Текущая версия:"
+git log -1 --oneline || true
+
+echo ""
+echo "--- git sync ---"
+run_in_shop "bash scripts/git-sync.sh"
+
+echo ""
+echo "--- npm install ---"
+run_in_shop "npm install --omit=dev"
+
+echo ""
+echo "Новая версия:"
+git log -1 --oneline
+
+echo ""
+echo "--- перезапуск shop ---"
+if command -v systemctl >/dev/null 2>&1 && systemctl cat shop.service >/dev/null 2>&1; then
+  if systemctl restart shop; then
+    sleep 2
+    if curl -sf "http://127.0.0.1:${PORT}/health" >/dev/null; then
+      echo "OK: служба shop перезапущена, /health отвечает"
+    else
+      echo "WARN: shop перезапущен, но /health не ответил — journalctl -u shop -n 40"
+    fi
+  else
+    echo "WARN: systemctl restart shop не удался. Выполните от root: systemctl restart shop"
+    exit 1
+  fi
+else
+  echo "INFO: служба shop не найдена — перезапустите Node вручную (pm2/npm start)"
+fi
+
+echo ""
+echo "Готово."
@@ -0,0 +1,257 @@
+#!/bin/bash
+# Интерактивный установщик Shop
+#   bash scripts/install.sh
+#   sudo bash scripts/install.sh   (нативная установка на Ubuntu)
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+
+# --- ввод ---
+read_default() {
+  local prompt="$1"
+  local default="$2"
+  local value
+  if [ -n "$default" ]; then
+    read -rp "$prompt [$default]: " value
+    echo "${value:-$default}"
+  else
+    read -rp "$prompt: " value
+    echo "$value"
+  fi
+}
+
+read_secret() {
+  local prompt="$1"
+  local value
+  read -rsp "$prompt" value
+  echo ""
+  echo "$value"
+}
+
+read_secret_confirm() {
+  local prompt="$1"
+  local a b
+  while true; do
+    a=$(read_secret "$prompt")
+    b=$(read_secret "Повторите: ")
+    if [ "$a" = "$b" ]; then
+      echo "$a"
+      return
+    fi
+    echo "Пароли не совпадают. Попробуйте снова."
+  done
+}
+
+gen_secret() {
+  if command -v openssl >/dev/null; then
+    openssl rand -hex 32
+  else
+    head -c 32 /dev/urandom | od -An -tx1 | tr -d ' \n'
+  fi
+}
+
+# Безопасная запись значения в .env (одинарные кавычки)
+env_quote() {
+  printf "'%s'" "$(printf '%s' "$1" | sed "s/'/'\\\\''/g")"
+}
+
+email_ok() {
+  [[ "$1" =~ ^[^\s@]+@[^\s@]+\.[^\s@]+$ ]]
+}
+
+# --- главная ---
+clear 2>/dev/null || true
+echo "============================================"
+echo "  Shop — интерактивная установка"
+echo "============================================"
+echo ""
+
+# Каталог установки
+if [ -f "$REPO_ROOT/package.json" ]; then
+  INSTALL_DIR=$(read_default "Каталог установки" "$REPO_ROOT")
+else
+  INSTALL_DIR=$(read_default "Каталог установки" "/opt/shop")
+  if [ ! -f "$INSTALL_DIR/package.json" ]; then
+    GIT_URL=$(read_default "URL git-репозитория" "")
+    if [ -z "$GIT_URL" ]; then
+      echo "Ошибка: укажите URL репозитория или запустите установщик из клона."
+      exit 1
+    fi
+    echo "Клонирование $GIT_URL -> $INSTALL_DIR ..."
+    mkdir -p "$(dirname "$INSTALL_DIR")"
+    git clone "$GIT_URL" "$INSTALL_DIR"
+  fi
+fi
+
+cd "$INSTALL_DIR"
+export SHOP_ROOT="$INSTALL_DIR"
+
+# Режим
+echo ""
+echo "Способ установки:"
+echo "  1) Docker Compose (PostgreSQL + приложение в контейнерах)"
+echo "  2) Без Docker (Ubuntu: Node.js + PostgreSQL + systemd)"
+echo ""
+MODE=$(read_default "Выберите [1/2]" "1")
+
+# Администратор
+echo ""
+echo "--- Администратор магазина (единственный admin) ---"
+ADMIN_EMAIL=$(read_default "Email администратора" "admin@site.com")
+while ! email_ok "$ADMIN_EMAIL"; do
+  echo "Некорректный email."
+  ADMIN_EMAIL=$(read_default "Email администратора" "admin@site.com")
+done
+ADMIN_NAME=$(read_default "Имя администратора" "Администратор")
+ADMIN_PASSWORD=$(read_secret_confirm "Пароль администратора: ")
+
+# База данных
+echo ""
+echo "--- PostgreSQL ---"
+PG_USER=$(read_default "Пользователь БД" "shop")
+PG_PASS=$(read_secret_confirm "Пароль БД: ")
+PG_DB=$(read_default "Имя базы данных" "shop")
+
+if [ "$MODE" = "1" ]; then
+  PG_HOST="postgres"
+  PG_PORT="5432"
+  APP_PORT=$(read_default "Порт сайта на хосте" "3000")
+  TRUST_PROXY="0"
+  echo ""
+  read -rp "Включить Caddy (HTTPS, порты 80/443)? [y/N]: " USE_CADDY
+  if [[ "${USE_CADDY,,}" == "y" || "${USE_CADDY,,}" == "yes" ]]; then
+    TRUST_PROXY="1"
+    USE_CADDY=1
+  else
+    USE_CADDY=0
+  fi
+else
+  PG_HOST=$(read_default "Хост PostgreSQL" "127.0.0.1")
+  PG_PORT=$(read_default "Порт PostgreSQL" "5432")
+  APP_PORT="3000"
+  TRUST_PROXY=$(read_default "За reverse proxy (Caddy)? TRUST_PROXY [1/0]" "1")
+  USE_CADDY=0
+fi
+
+# Сайт и секрет
+echo ""
+echo "--- Прочие настройки ---"
+if [ "$MODE" = "1" ] && [ "$USE_CADDY" = "1" ]; then
+  SITE_DEFAULT="https://shop.example.com"
+else
+  SITE_DEFAULT="http://localhost:${APP_PORT}"
+fi
+SITE_URL=$(read_default "URL сайта (SITE_URL)" "$SITE_DEFAULT")
+SESSION_SECRET=$(read_default "SESSION_SECRET (Enter = сгенерировать)" "")
+SESSION_SECRET=${SESSION_SECRET:-$(gen_secret)}
+
+echo ""
+read -rp "Настроить SMTP для писем? [y/N]: " SET_SMTP
+SMTP_BLOCK=""
+if [[ "${SET_SMTP,,}" == "y" || "${SET_SMTP,,}" == "yes" ]]; then
+  SMTP_HOST=$(read_default "SMTP_HOST" "smtp.example.com")
+  SMTP_PORT=$(read_default "SMTP_PORT" "587")
+  SMTP_USER=$(read_default "SMTP_USER" "")
+  SMTP_PASS=$(read_secret "SMTP_PASS: ")
+  SMTP_FROM=$(read_default "SMTP_FROM" "shop@example.com")
+  SMTP_BLOCK="# SMTP
+SMTP_HOST=${SMTP_HOST}
+SMTP_PORT=${SMTP_PORT}
+SMTP_SECURE=false
+SMTP_USER=${SMTP_USER}
+SMTP_PASS=${SMTP_PASS}
+SMTP_FROM=${SMTP_FROM}
+"
+fi
+
+DATABASE_URL="postgresql://${PG_USER}:${PG_PASS}@${PG_HOST}:${PG_PORT}/${PG_DB}"
+
+# --- запись .env ---
+ENV_FILE="$INSTALL_DIR/.env"
+APP_HOST=$([ "$MODE" = "1" ] && echo "0.0.0.0" || echo "127.0.0.1")
+{
+  echo "# Создано scripts/install.sh $(date -Iseconds)"
+  echo ""
+  echo "PORT=${APP_PORT}"
+  echo "HOST=${APP_HOST}"
+  echo "NODE_ENV=production"
+  echo "TRUST_PROXY=${TRUST_PROXY}"
+  echo "SESSION_SECRET=$(env_quote "$SESSION_SECRET")"
+  echo ""
+  echo "ADMIN_EMAIL=$(env_quote "$ADMIN_EMAIL")"
+  echo "ADMIN_PASSWORD=$(env_quote "$ADMIN_PASSWORD")"
+  echo "ADMIN_NAME=$(env_quote "$ADMIN_NAME")"
+  echo ""
+  echo "SITE_URL=$(env_quote "$SITE_URL")"
+  echo ""
+  if [ -n "$SMTP_BLOCK" ]; then
+    echo "$SMTP_BLOCK"
+  fi
+  echo "# PostgreSQL"
+  echo "POSTGRES_USER=$(env_quote "$PG_USER")"
+  echo "POSTGRES_PASSWORD=$(env_quote "$PG_PASS")"
+  echo "POSTGRES_DB=$(env_quote "$PG_DB")"
+  echo "DATABASE_URL=$(env_quote "$DATABASE_URL")"
+  echo "PGHOST=$(env_quote "$PG_HOST")"
+  echo "PGPORT=${PG_PORT}"
+  echo "PGUSER=$(env_quote "$PG_USER")"
+  echo "PGPASSWORD=$(env_quote "$PG_PASS")"
+  echo "PGDATABASE=$(env_quote "$PG_DB")"
+} > "$ENV_FILE"
+chmod 600 "$ENV_FILE" 2>/dev/null || true
+echo ""
+echo "Сохранено: $ENV_FILE"
+
+# --- установка ---
+echo ""
+if [ "$MODE" = "1" ]; then
+  echo "=== Установка через Docker ==="
+  if ! command -v docker >/dev/null; then
+    echo "Ошибка: Docker не установлен. Установите Docker и повторите."
+    exit 1
+  fi
+  if ! docker compose version >/dev/null 2>&1; then
+    echo "Ошибка: нужен Docker Compose v2 (docker compose)."
+    exit 1
+  fi
+  COMPOSE_CMD=(docker compose)
+  if [ "$USE_CADDY" = "1" ]; then
+    echo "Запуск: postgres + app + caddy ..."
+    "${COMPOSE_CMD[@]}" --profile proxy up -d --build
+  else
+    echo "Запуск: postgres + app ..."
+    "${COMPOSE_CMD[@]}" up -d --build
+  fi
+  echo "Ожидание health..."
+  sleep 5
+  curl -sf "http://127.0.0.1:${APP_PORT}/health" && echo "" || echo "Проверьте: docker compose logs app"
+else
+  echo "=== Установка без Docker (Ubuntu) ==="
+  if [ "$(id -u)" -ne 0 ]; then
+    echo "Запустите с root: sudo bash scripts/install.sh"
+    exit 1
+  fi
+  bash "$SCRIPT_DIR/install-postgresql-ubuntu.sh"
+  export DB_USER="$PG_USER" DB_PASS="$PG_PASS" DB_NAME="$PG_DB"
+  bash "$SCRIPT_DIR/setup-postgres-ubuntu.sh"
+  npm install --omit=dev
+  bash "$SCRIPT_DIR/install-shop-service.sh"
+fi
+
+echo ""
+echo "============================================"
+echo "  Установка завершена"
+echo "============================================"
+echo "  Каталог:    $INSTALL_DIR"
+echo "  Сайт:       $SITE_URL"
+echo "  Админ:      $ADMIN_EMAIL"
+if [ "$MODE" = "1" ]; then
+  echo "  Порт:       $APP_PORT"
+  echo "  Логи:       docker compose -f $INSTALL_DIR/docker-compose.yml logs -f"
+else
+  echo "  Служба:     systemctl status shop"
+  echo "  Health:     curl http://127.0.0.1:3000/health"
+fi
+echo "  Обновление: bash $INSTALL_DIR/scripts/server-update.sh"
+echo "============================================"
@@ -1,4 +1,5 @@
 const { query } = require('./db');
+const { getEffectivePriceCents, isSaleActive } = require('./utils/productPrice');

 function getCart(req) {
  if (!req.session.cart) {
@@ -22,11 +23,17 @@ async function cartItems(cart) {
  );

  return products
-    .map((p) => ({
+    .map((p) => {
+      const effective = getEffectivePriceCents(p);
+      const qty = cart[p.id] || 0;
+      return {
        ...p,
-      quantity: cart[p.id] || 0,
-      line_total: (cart[p.id] || 0) * p.price_cents,
-    }))
+        quantity: qty,
+        effective_price_cents: effective,
+        on_sale: isSaleActive(p),
+        line_total: qty * effective,
+      };
+    })
    .filter((p) => p.quantity > 0);
 }

@@ -10,6 +10,8 @@
  --success: #00b894;
  --warn: #fdcb6e;
  --error: #ff7675;
+  --sale: #ff6b6b;
+  --sale-bg: rgba(255, 107, 107, 0.12);
  --radius: 12px;
  --shadow: 0 8px 32px rgba(0, 0, 0, 0.35);
  font-family: 'DM Sans', system-ui, sans-serif;
@@ -63,6 +65,9 @@ a:hover {
 }

 .logo {
+  display: inline-flex;
+  align-items: center;
+  gap: 0.45rem;
  font-size: 1.35rem;
  font-weight: 700;
  color: var(--text);
@@ -70,6 +75,10 @@ a:hover {
  letter-spacing: -0.02em;
 }

+.logo__icon {
+  color: var(--accent-hover);
+}
+
 .logo:hover {
  color: var(--accent-hover);
  text-decoration: none;
@@ -78,13 +87,24 @@ a:hover {
 .search {
  flex: 1;
  display: flex;
+  align-items: center;
  gap: 0.5rem;
  min-width: 200px;
  max-width: 420px;
+  position: relative;
+}
+
+.search__icon {
+  position: absolute;
+  left: 0.75rem;
+  color: var(--muted);
+  pointer-events: none;
+  display: flex;
 }

 .search input {
  flex: 1;
+  padding-left: 2.35rem;
 }

 .nav {
@@ -103,10 +123,25 @@ a:hover {
  color: var(--text);
 }

+.nav__link--icon {
+  display: inline-flex;
+  align-items: center;
+  gap: 0.35rem;
+  text-decoration: none;
+}
+
+.nav__link--icon:hover {
+  text-decoration: none;
+}
+
 .nav__cart {
  position: relative;
 }

+.nav__admin {
+  color: var(--warn);
+}
+
 .badge {
  display: inline-flex;
  align-items: center;
@@ -144,7 +179,8 @@ a:hover {
  letter-spacing: -0.03em;
 }

-.hero p {
+.hero p,
+.hero__lead {
  margin: 0;
  color: var(--muted);
 }
@@ -185,7 +221,7 @@ a:hover {
  border: 1px solid var(--border);
  border-radius: var(--radius);
  overflow: hidden;
-  transition: transform 0.2s, box-shadow 0.2s;
+  transition: transform 0.2s, box-shadow 0.2s, border-color 0.2s;
 }

 .card:hover {
@@ -193,13 +229,40 @@ a:hover {
  box-shadow: var(--shadow);
 }

+.card--sale {
+  border-color: rgba(255, 107, 107, 0.35);
+  box-shadow: 0 0 0 1px rgba(255, 107, 107, 0.08);
+}
+
+.card--sale:hover {
+  border-color: rgba(255, 107, 107, 0.55);
+}
+
 .card__image-wrap {
  display: block;
+  position: relative;
  aspect-ratio: 1;
  overflow: hidden;
  background: var(--surface-2);
 }

+.card__sale-ribbon {
+  position: absolute;
+  top: 0.65rem;
+  left: 0.65rem;
+  z-index: 2;
+  display: inline-flex;
+  align-items: center;
+  gap: 0.3rem;
+  padding: 0.3rem 0.55rem;
+  font-size: 0.75rem;
+  font-weight: 700;
+  color: #fff;
+  background: linear-gradient(135deg, #ff6b6b, #ee5a5a);
+  border-radius: 6px;
+  box-shadow: 0 4px 12px rgba(255, 107, 107, 0.4);
+}
+
 .card__image {
  width: 100%;
  height: 100%;
@@ -240,10 +303,8 @@ a:hover {
  color: var(--accent-hover);
 }

-.card__price {
-  margin: 0 0 0.75rem;
-  font-size: 1.1rem;
-  font-weight: 700;
+.card .price-block {
+  margin-bottom: 0.75rem;
 }

 .card__form {
@@ -272,9 +333,16 @@ a:hover {
 }

 .product-detail__price {
-  font-size: 1.75rem;
-  font-weight: 700;
-  margin: 0.5rem 0;
+  margin: 0.75rem 0 1rem;
+  padding: 1rem 1.15rem;
+  background: var(--surface-2);
+  border: 1px solid var(--border);
+  border-radius: var(--radius);
+}
+
+.product-detail__price:has(.price-block--sale) {
+  border-color: rgba(255, 107, 107, 0.3);
+  background: var(--sale-bg);
 }

 .product-detail__desc {
@@ -323,15 +391,29 @@ a:hover {
 }

 .link-back {
-  display: inline-block;
+  display: inline-flex;
+  align-items: center;
+  gap: 0.35rem;
  margin-top: 1rem;
  color: var(--muted);
+  text-decoration: none;
+}
+
+.link-back:hover {
+  color: var(--text);
+  text-decoration: none;
+}
+
+.icon {
+  flex-shrink: 0;
+  vertical-align: middle;
 }

 .btn {
  display: inline-flex;
  align-items: center;
  justify-content: center;
+  gap: 0.45rem;
  padding: 0.55rem 1.1rem;
  border: none;
  border-radius: 8px;
@@ -547,6 +629,106 @@ a:hover {
  border-radius: 6px;
 }

+.cart-sidebar {
+  display: grid;
+  gap: 1rem;
+  margin-top: 1.25rem;
+  max-width: 420px;
+}
+
+@media (min-width: 900px) {
+  .cart-table-wrap {
+    display: grid;
+    grid-template-columns: 1fr minmax(280px, 360px);
+    gap: 1.5rem;
+    align-items: start;
+  }
+
+  .cart-sidebar {
+    margin-top: 0;
+  }
+}
+
+.promo-box__title {
+  margin: 0 0 0.75rem;
+  font-size: 1rem;
+}
+
+.promo-box__form {
+  display: flex;
+  gap: 0.5rem;
+  flex-wrap: wrap;
+}
+
+.promo-box__form .input {
+  flex: 1;
+  min-width: 120px;
+}
+
+.promo-box__applied {
+  margin: 0 0 0.5rem;
+}
+
+.promo-box__discount {
+  color: var(--success);
+  margin: 0 0 0.5rem;
+}
+
+.promo-countdown {
+  font-size: 0.9rem;
+  margin: 0.5rem 0;
+  padding: 0.5rem 0.75rem;
+  background: rgba(253, 203, 110, 0.12);
+  border-radius: 8px;
+  border: 1px solid rgba(253, 203, 110, 0.35);
+}
+
+.promo-countdown__timer {
+  font-weight: 600;
+  color: var(--warn);
+  font-variant-numeric: tabular-nums;
+}
+
+.promo-countdown__timer--ended {
+  color: var(--error);
+}
+
+.cart-summary__dl {
+  margin: 0 0 1rem;
+}
+
+.cart-summary__dl dt {
+  color: var(--muted);
+  font-size: 0.9rem;
+}
+
+.cart-summary__dl dd {
+  margin: 0 0 0.5rem;
+  text-align: right;
+}
+
+.cart-summary__dl dt,
+.cart-summary__dl dd {
+  display: inline-block;
+  width: 48%;
+  vertical-align: top;
+}
+
+.cart-summary__discount {
+  color: var(--success);
+}
+
+.cart-summary__total-label,
+.cart-summary__total {
+  font-size: 1.1rem;
+  font-weight: 600;
+}
+
+.checkout-promo {
+  font-size: 0.9rem;
+  margin: 0.75rem 0;
+}
+
 .cart-actions {
  display: flex;
  flex-wrap: wrap;
@@ -906,3 +1088,222 @@ a:hover {
 body:has(.cookie-banner) .main {
  padding-bottom: 7rem;
 }
+
+.price-block {
+  display: flex;
+  flex-direction: column;
+  align-items: flex-start;
+  gap: 0.35rem;
+}
+
+.price-block__meta {
+  display: flex;
+  align-items: center;
+  gap: 0.4rem;
+  flex-wrap: wrap;
+}
+
+.price-block__tag {
+  display: inline-flex;
+  align-items: center;
+  gap: 0.25rem;
+  font-size: 0.7rem;
+  font-weight: 600;
+  text-transform: uppercase;
+  letter-spacing: 0.04em;
+  color: var(--sale);
+}
+
+.price-block__badge {
+  font-size: 0.7rem;
+  font-weight: 700;
+  padding: 0.15rem 0.45rem;
+  border-radius: 4px;
+  background: var(--sale-bg);
+  color: var(--sale);
+}
+
+.price-block__prices {
+  display: flex;
+  flex-wrap: wrap;
+  align-items: baseline;
+  gap: 0.5rem 0.75rem;
+}
+
+.price-block__old {
+  position: relative;
+  color: var(--muted);
+  font-size: 0.95em;
+  font-weight: 500;
+  text-decoration: line-through;
+  text-decoration-thickness: 2px;
+  text-decoration-color: var(--sale);
+  opacity: 0.85;
+}
+
+.price-block__current {
+  font-weight: 700;
+  color: var(--text);
+  letter-spacing: -0.02em;
+}
+
+.price-block__current--solo {
+  font-size: 1.1rem;
+}
+
+.price-block--sale .price-block__current {
+  color: var(--sale);
+  font-weight: 800;
+}
+
+.price-block__savings {
+  font-size: 0.85rem;
+  color: var(--success);
+  font-weight: 500;
+}
+
+.price-block--md .price-block__current {
+  font-size: 1.2rem;
+}
+
+.price-block--md .price-block__old {
+  font-size: 0.95rem;
+}
+
+.price-block--lg .price-block__current {
+  font-size: clamp(1.75rem, 4vw, 2.25rem);
+}
+
+.price-block--lg .price-block__old {
+  font-size: 1.15rem;
+}
+
+.price-block--sm .price-block__meta {
+  display: none;
+}
+
+.price-block--sm .price-block__prices {
+  flex-direction: column;
+  align-items: flex-start;
+  gap: 0.15rem;
+}
+
+.price-block--sm .price-block__current {
+  font-size: 1rem;
+}
+
+.cart-table__price .price-block {
+  margin: 0;
+}
+
+.promo-countdown--product {
+  display: flex;
+  align-items: center;
+  gap: 0.4rem;
+  margin: 0.75rem 0 0;
+  padding: 0;
+  font-size: 0.9rem;
+  color: var(--muted);
+}
+
+.promo-countdown--product strong {
+  color: var(--warn);
+}
+
+.badge--sale {
+  background: var(--sale-bg);
+  color: var(--sale);
+  font-size: 0.75rem;
+  padding: 0.15rem 0.45rem;
+  border-radius: 4px;
+}
+
+.admin-pricing-form {
+  display: flex;
+  flex-wrap: wrap;
+  align-items: flex-end;
+  gap: 0.5rem;
+}
+
+.admin-pricing-form--ends {
+  flex-direction: column;
+  align-items: flex-start;
+}
+
+.label--inline {
+  display: flex;
+  flex-direction: column;
+  gap: 0.2rem;
+  font-size: 0.85rem;
+}
+
+.admin-hint {
+  margin-bottom: 1rem;
+}
+
+.admin-promo-form {
+  display: flex;
+  flex-wrap: wrap;
+  gap: 0.35rem;
+  align-items: center;
+}
+
+.form--grid {
+  display: grid;
+  gap: 0.75rem;
+}
+
+.promo-countdown--sm {
+  font-size: 0.85rem;
+  color: var(--muted);
+}
+
+.badge--warn {
+  background: rgba(253, 203, 110, 0.15);
+  color: var(--warn);
+}
+
+.admin-system__meta {
+  margin-bottom: 1rem;
+}
+
+.admin-system__path {
+  font-size: 0.85rem;
+  word-break: break-all;
+}
+
+.admin-system__actions {
+  margin-top: 1rem;
+}
+
+.admin-system__hr {
+  border: none;
+  border-top: 1px solid var(--border);
+  margin: 1.5rem 0;
+}
+
+.admin-system__form {
+  max-width: 360px;
+}
+
+.admin-system__pre {
+  margin: 0;
+  padding: 1rem;
+  background: var(--bg);
+  border: 1px solid var(--border);
+  border-radius: 8px;
+  font-size: 0.8rem;
+  line-height: 1.45;
+  overflow-x: auto;
+  white-space: pre-wrap;
+  word-break: break-word;
+}
+
+.admin-system__log {
+  margin-top: 1.25rem;
+}
+
+.admin-system__help {
+  margin-top: 1.25rem;
+  font-size: 0.9rem;
+}
@@ -0,0 +1,34 @@
+(function () {
+  function pad(n) {
+    return String(n).padStart(2, '0');
+  }
+
+  function formatRemaining(ms) {
+    if (ms <= 0) return 'акция завершена';
+    const s = Math.floor(ms / 1000);
+    const d = Math.floor(s / 86400);
+    const h = Math.floor((s % 86400) / 3600);
+    const m = Math.floor((s % 3600) / 60);
+    const sec = s % 60;
+    if (d > 0) return `${d} д ${pad(h)}:${pad(m)}:${pad(sec)}`;
+    return `${pad(h)}:${pad(m)}:${pad(sec)}`;
+  }
+
+  document.querySelectorAll('.promo-countdown[data-expires]').forEach((el) => {
+    const expires = new Date(el.dataset.expires).getTime();
+    const timer = el.querySelector('.promo-countdown__timer');
+    if (!timer || Number.isNaN(expires)) return;
+
+    function tick() {
+      const left = expires - Date.now();
+      timer.textContent = formatRemaining(left);
+      if (left <= 0) timer.classList.add('promo-countdown__timer--ended');
+    }
+
+    tick();
+    const id = setInterval(tick, 1000);
+    if (typeof window !== 'undefined') {
+      window.addEventListener('beforeunload', () => clearInterval(id));
+    }
+  });
+})();
@@ -22,7 +22,7 @@ router.use((req, res, next) => {

 async function loadAccountUser(userId) {
  const { rows } = await query(
-    'SELECT id, email, name, role, created_at, passkey_enabled FROM users WHERE id = $1',
+    'SELECT id, email, name, role, created_at, passkey_enabled, loyalty_points FROM users WHERE id = $1',
    [userId]
  );
  return rows[0];
@@ -4,6 +4,7 @@ const { requireAdmin } = require('../middleware/auth');
 const { asyncHandler } = require('../utils/asyncHandler');
 const { ROLE_LABELS } = require('../constants/roles');
 const { notifyIfBackInStock } = require('../services/stock-alerts');
+const gitDeploy = require('../services/git-deploy');

 const router = express.Router();

@@ -99,12 +100,20 @@ router.get(
       LEFT JOIN categories c ON c.id = p.category_id
       ORDER BY p.id`
    );
+    const productPrice = require('../utils/productPrice');
    res.render('admin/products', {
      title: 'Товары',
      products,
      formatPrice,
+      isSaleActive: productPrice.isSaleActive,
+      effectivePrice: productPrice.getEffectivePriceCents,
+      salePercent: productPrice.salePercent,
      stockUpdated: req.query.stock_updated === '1',
      notified: req.query.notified ? parseInt(req.query.notified, 10) : 0,
+      pricingUpdated: req.query.pricing_updated === '1',
+      pricingError: req.query.pricing_error
+        ? decodeURIComponent(String(req.query.pricing_error))
+        : null,
    });
  })
 );
@@ -135,6 +144,114 @@ router.post(
  })
 );

+router.post(
+  '/products/:id/pricing',
+  asyncHandler(async (req, res) => {
+    const productId = parseInt(req.params.id, 10);
+    const priceRub = parseFloat(String(req.body.price_rub || '').replace(',', '.'));
+    const saleRubRaw = String(req.body.sale_price_rub ?? '').trim();
+    const clearSale = req.body.clear_sale === '1';
+
+    if (clearSale) {
+      const price_cents = Number.isFinite(priceRub) ? Math.round(priceRub * 100) : null;
+      if (!Number.isFinite(productId) || price_cents == null || price_cents < 0) {
+        return res.redirect('/admin/products?pricing_error=' + encodeURIComponent('Некорректная цена'));
+      }
+      await query(
+        `UPDATE products SET price_cents = $1, sale_price_cents = NULL, sale_ends_at = NULL WHERE id = $2`,
+        [price_cents, productId]
+      );
+      return res.redirect('/admin/products?pricing_updated=1');
+    }
+
+    if (!Number.isFinite(productId) || !Number.isFinite(priceRub) || priceRub < 0) {
+      return res.redirect('/admin/products?pricing_error=' + encodeURIComponent('Некорректная цена'));
+    }
+
+    const { rows: existingRows } = await query(
+      'SELECT sale_price_cents, sale_ends_at FROM products WHERE id = $1',
+      [productId]
+    );
+    const existing = existingRows[0] || {};
+
+    const price_cents = Math.round(priceRub * 100);
+    let sale_price_cents = existing.sale_price_cents ?? null;
+    let sale_ends_at = existing.sale_ends_at ?? null;
+
+    if (saleRubRaw !== '') {
+      const saleRub = parseFloat(saleRubRaw.replace(',', '.'));
+      if (!Number.isFinite(saleRub) || saleRub < 0) {
+        return res.redirect(
+          '/admin/products?pricing_error=' + encodeURIComponent('Некорректная цена со скидкой')
+        );
+      }
+      sale_price_cents = Math.round(saleRub * 100);
+      if (sale_price_cents >= price_cents) {
+        return res.redirect(
+          '/admin/products?pricing_error=' +
+            encodeURIComponent('Цена со скидкой должна быть ниже обычной')
+        );
+      }
+    } else if (!('sale_ends_at' in req.body)) {
+      sale_price_cents = null;
+      sale_ends_at = null;
+    }
+
+    if ('sale_ends_at' in req.body) {
+      sale_ends_at = req.body.sale_ends_at
+        ? new Date(req.body.sale_ends_at).toISOString()
+        : null;
+    }
+
+    await query(
+      `UPDATE products SET price_cents = $1, sale_price_cents = $2, sale_ends_at = $3 WHERE id = $4`,
+      [price_cents, sale_price_cents, sale_ends_at, productId]
+    );
+
+    res.redirect('/admin/products?pricing_updated=1');
+  })
+);
+
+router.post(
+  '/promo-codes/:id/update',
+  asyncHandler(async (req, res) => {
+    const id = parseInt(req.params.id, 10);
+    const description = (req.body.description || '').trim();
+    const discount_type = req.body.discount_type === 'fixed' ? 'fixed' : 'percent';
+    const discount_value = parseInt(req.body.discount_value, 10);
+    const min_order_cents = Math.max(0, parseInt(req.body.min_order_rub, 10) || 0) * 100;
+    const max_uses =
+      req.body.max_uses === '' || req.body.max_uses == null
+        ? null
+        : parseInt(req.body.max_uses, 10);
+
+    const { rows: promoRows } = await query('SELECT expires_at FROM promo_codes WHERE id = $1', [
+      id,
+    ]);
+    let expires_at = promoRows[0]?.expires_at;
+    if (req.body.valid_days) {
+      const days = Math.max(1, parseInt(req.body.valid_days, 10) || 7);
+      const expires = new Date();
+      expires.setDate(expires.getDate() + days);
+      expires_at = expires.toISOString();
+    }
+
+    const value =
+      discount_type === 'percent'
+        ? Math.min(100, discount_value)
+        : discount_value * 100;
+
+    await query(
+      `UPDATE promo_codes SET
+         description = $1, discount_type = $2, discount_value = $3,
+         expires_at = $4, min_order_cents = $5, max_uses = $6
+       WHERE id = $7`,
+      [description, discount_type, value, expires_at, min_order_cents, max_uses, id]
+    );
+    res.redirect('/admin/promo-codes?updated=1');
+  })
+);
+
 router.get(
  '/reservations',
  asyncHandler(async (req, res) => {
@@ -173,4 +290,129 @@ router.post(
  })
 );

+router.get(
+  '/promo-codes',
+  asyncHandler(async (req, res) => {
+    const { rows: promos } = await query(
+      `SELECT * FROM promo_codes ORDER BY created_at DESC`
+    );
+    res.render('admin/promo-codes', {
+      title: 'Промокоды',
+      promos,
+      formatPrice,
+      created: req.query.created === '1',
+      updated: req.query.updated === '1',
+    });
+  })
+);
+
+router.post(
+  '/promo-codes',
+  asyncHandler(async (req, res) => {
+    const code = (req.body.code || '').trim().toUpperCase();
+    const description = (req.body.description || '').trim();
+    const discount_type = req.body.discount_type === 'fixed' ? 'fixed' : 'percent';
+    const discount_value = parseInt(req.body.discount_value, 10);
+    const days = Math.max(1, parseInt(req.body.valid_days, 10) || 30);
+    const min_order_cents = Math.max(0, parseInt(req.body.min_order_rub, 10) || 0) * 100;
+    const max_uses = req.body.max_uses ? parseInt(req.body.max_uses, 10) : null;
+
+    if (!code || !discount_value) {
+      return res.redirect('/admin/promo-codes?error=1');
+    }
+
+    const expires = new Date();
+    expires.setDate(expires.getDate() + days);
+
+    const value =
+      discount_type === 'percent'
+        ? Math.min(100, discount_value)
+        : discount_value * 100;
+
+    await query(
+      `INSERT INTO promo_codes (code, description, discount_type, discount_value, expires_at, min_order_cents, max_uses)
+       VALUES ($1, $2, $3, $4, $5, $6, $7)`,
+      [code, description, discount_type, value, expires.toISOString(), min_order_cents, max_uses]
+    );
+
+    res.redirect('/admin/promo-codes?created=1');
+  })
+);
+
+router.post(
+  '/promo-codes/:id/toggle',
+  asyncHandler(async (req, res) => {
+    await query(
+      `UPDATE promo_codes SET active = NOT active WHERE id = $1`,
+      [req.params.id]
+    );
+    res.redirect('/admin/promo-codes');
+  })
+);
+
+router.get(
+  '/system',
+  asyncHandler(async (req, res) => {
+    const fetchRemote =
+      req.query.checked === '1' || req.query.done === '1' || req.query.failed === '1';
+
+    let updateLog = null;
+    let updateOk = false;
+    let updateFail = false;
+    let updateCode = null;
+
+    if (req.query.done === '1' || req.query.failed === '1') {
+      updateLog = req.session.adminUpdateLog || null;
+      updateOk = req.session.adminUpdateOk === true;
+      updateFail = req.session.adminUpdateOk === false;
+      updateCode = req.session.adminUpdateCode ?? null;
+      delete req.session.adminUpdateLog;
+      delete req.session.adminUpdateOk;
+      delete req.session.adminUpdateCode;
+    }
+
+    const git = await gitDeploy.getGitInfo({ fetchRemote: !!fetchRemote });
+    res.render('admin/system', {
+      title: 'Обновление',
+      git,
+      updateLog,
+      updateOk,
+      updateFail,
+      updateCode,
+      confirmError: req.query.error === 'confirm',
+      disabledError: req.query.error === 'disabled',
+    });
+  })
+);
+
+router.post(
+  '/system/check',
+  asyncHandler(async (req, res) => {
+    res.redirect('/admin/system?checked=1');
+  })
+);
+
+router.post(
+  '/system/update',
+  asyncHandler(async (req, res) => {
+    if (!gitDeploy.isUpdateEnabled()) {
+      return res.redirect('/admin/system?error=disabled');
+    }
+    const confirm = (req.body.confirm || '').trim().toLowerCase();
+    if (confirm !== 'update') {
+      return res.redirect('/admin/system?error=confirm');
+    }
+
+    const result = await gitDeploy.runDeployUpdate();
+    req.session.adminUpdateLog = result.output;
+    req.session.adminUpdateOk = result.ok;
+    req.session.adminUpdateCode = result.code;
+
+    if (result.ok) {
+      return res.redirect('/admin/system?done=1');
+    }
+    return res.redirect('/admin/system?failed=1');
+  })
+);
+
 module.exports = router;
@@ -0,0 +1,86 @@
+const express = require('express');
+const { formatPrice } = require('../db');
+const { getCart, cartCount, cartItems } = require('../cart');
+const { requireCookieConsent } = require('../middleware/cookieConsent');
+const { asyncHandler } = require('../utils/asyncHandler');
+const promoService = require('../services/promo');
+const loyaltyService = require('../services/loyalty');
+const { buildCartPricing } = require('../services/pricing');
+
+const router = express.Router();
+
+router.use(requireCookieConsent);
+router.use((req, res, next) => {
+  res.locals.cartCount = cartCount(getCart(req));
+  res.locals.formatPrice = formatPrice;
+  next();
+});
+
+function cartRedirect(msg, type = 'error') {
+  const param = type === 'success' ? 'promo_ok' : 'promo_error';
+  return `/cart?${param}=${encodeURIComponent(msg)}`;
+}
+
+router.post(
+  '/cart/promo',
+  asyncHandler(async (req, res) => {
+    const cart = getCart(req);
+    const items = await cartItems(cart);
+    if (!items.length) {
+      return res.redirect(cartRedirect('Корзина пуста'));
+    }
+
+    const subtotal = items.reduce((s, i) => s + i.line_total, 0);
+    const promo = await promoService.findPromoByCode(req.body.code);
+    const check = promoService.validatePromo(promo, subtotal);
+    if (!check.ok) {
+      delete req.session.appliedPromoCode;
+      return res.redirect(cartRedirect(check.error));
+    }
+
+    req.session.appliedPromoCode = promo.code;
+    res.redirect(cartRedirect(`Промокод ${promo.code} применён`, 'success'));
+  })
+);
+
+router.post('/cart/promo/remove', (req, res) => {
+  delete req.session.appliedPromoCode;
+  res.redirect(cartRedirect('Промокод удалён', 'success'));
+});
+
+router.post(
+  '/cart/loyalty',
+  asyncHandler(async (req, res) => {
+    if (!req.session.userId) {
+      return res.redirect('/login?next=/cart');
+    }
+
+    const cart = getCart(req);
+    const items = await cartItems(cart);
+    if (!items.length) {
+      return res.redirect(cartRedirect('Корзина пуста'));
+    }
+
+    const pricing = await buildCartPricing(items, req.session, req.session.userId);
+    const maxPoints = loyaltyService.pointsForDiscount(
+      Math.max(0, pricing.subtotal - pricing.promoDiscount)
+    );
+    const balance = pricing.loyaltyBalance;
+
+    if (req.body.use_all === '1') {
+      req.session.loyaltyPointsToUse = Math.min(balance, maxPoints);
+    } else {
+      const pts = Math.max(0, parseInt(req.body.points, 10) || 0);
+      req.session.loyaltyPointsToUse = Math.min(pts, balance, maxPoints);
+    }
+
+    res.redirect(cartRedirect('Баллы лояльности применены', 'success'));
+  })
+);
+
+router.post('/cart/loyalty/remove', (req, res) => {
+  delete req.session.loyaltyPointsToUse;
+  res.redirect(cartRedirect('Списание баллов отменено', 'success'));
+});
+
+module.exports = router;
@@ -4,6 +4,10 @@ const { getCart, cartCount, cartItems, cartTotal } = require('../cart');
 const { requireAuth } = require('../middleware/auth');
 const { requireCookieConsent } = require('../middleware/cookieConsent');
 const { asyncHandler } = require('../utils/asyncHandler');
+const { buildCartPricing } = require('../services/pricing');
+const productPrice = require('../utils/productPrice');
+const promoService = require('../services/promo');
+const loyaltyService = require('../services/loyalty');

 const router = express.Router();

@@ -15,6 +19,9 @@ function enrichLocals(req, res) {

 router.use((req, res, next) => {
  enrichLocals(req, res);
+  res.locals.isSaleActive = productPrice.isSaleActive;
+  res.locals.effectivePrice = productPrice.getEffectivePriceCents;
+  res.locals.salePercent = productPrice.salePercent;
  next();
 });

@@ -128,14 +135,21 @@ router.get(
  asyncHandler(async (req, res) => {
    const cart = getCart(req);
    const items = await cartItems(cart);
-    const total = cartTotal(items);
+    const pricing = await buildCartPricing(items, req.session, req.session.userId);
    const errorMsg = req.query.error ? decodeURIComponent(String(req.query.error)) : null;
+    const promoOk = req.query.promo_ok ? decodeURIComponent(String(req.query.promo_ok)) : null;
+    const promoErr = req.query.promo_error
+      ? decodeURIComponent(String(req.query.promo_error))
+      : null;

    res.render('cart', {
      title: 'Корзина',
      items,
-      total,
+      pricing,
+      total: pricing.total,
      error: errorMsg,
+      promoOk,
+      promoErr,
    });
  })
 );
@@ -207,10 +221,13 @@ router.get(
      return res.redirect('/cart');
    }

+    const pricing = await buildCartPricing(items, req.session, req.session.userId);
+
    res.render('checkout', {
      title: 'Оформление заказа',
      items,
-      total: cartTotal(items),
+      pricing,
+      total: pricing.total,
      error: null,
    });
  })
@@ -227,17 +244,19 @@ router.post(
      return res.redirect('/cart');
    }

+    const pricing = await buildCartPricing(items, req.session, req.session.userId);
    const { name, email, phone, address } = req.body;
+
    if (!name?.trim() || !email?.trim() || !address?.trim()) {
      return res.status(400).render('checkout', {
        title: 'Оформление заказа',
        items,
-        total: cartTotal(items),
+        pricing,
+        total: pricing.total,
        error: 'Заполните имя, email и адрес доставки',
      });
    }

-    const total = cartTotal(items);
    const client = await pool.connect();

    try {
@@ -253,13 +272,40 @@ router.post(
        }
      }

+      let promoId = null;
+      if (pricing.promo) {
+        const promoRow = await promoService.findPromoByCode(pricing.promo.code);
+        const check = promoService.validatePromo(
+          promoRow,
+          pricing.subtotal
+        );
+        if (!check.ok) throw new Error(check.error);
+        promoId = promoRow.id;
+      }
+
+      if (pricing.loyaltyPointsUsed > 0) {
+        const bal = await loyaltyService.getBalance(req.session.userId);
+        if (bal < pricing.loyaltyPointsUsed) {
+          throw new Error('Недостаточно баллов лояльности');
+        }
+      }
+
      const orderResult = await client.query(
-        `INSERT INTO orders (user_id, status, total_cents, customer_name, customer_email, customer_phone, address)
-         VALUES ($1, 'pending', $2, $3, $4, $5, $6)
+        `INSERT INTO orders (
+           user_id, status, subtotal_cents, discount_cents, total_cents,
+           promo_code_id, loyalty_points_used, loyalty_points_earned,
+           customer_name, customer_email, customer_phone, address
+         )
+         VALUES ($1, 'pending', $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)
         RETURNING id`,
        [
          req.session.userId,
-          total,
+          pricing.subtotal,
+          pricing.promoDiscount + pricing.loyaltyDiscount,
+          pricing.total,
+          promoId,
+          pricing.loyaltyPointsUsed,
+          pricing.pointsEarned,
          name.trim(),
          email.trim(),
          (phone || '').trim(),
@@ -268,11 +314,24 @@ router.post(
      );
      const orderId = orderResult.rows[0].id;

+      if (promoId) {
+        await promoService.incrementPromoUse(promoId, client);
+      }
+
+      if (pricing.loyaltyPointsUsed > 0 || pricing.pointsEarned > 0) {
+        await loyaltyService.applyLoyaltyOnOrder(
+          client,
+          req.session.userId,
+          pricing.loyaltyPointsUsed,
+          pricing.pointsEarned
+        );
+      }
+
      for (const item of items) {
        await client.query(
          `INSERT INTO order_items (order_id, product_id, quantity, price_cents)
           VALUES ($1, $2, $3, $4)`,
-          [orderId, item.id, item.quantity, item.price_cents]
+          [orderId, item.id, item.quantity, item.effective_price_cents ?? item.price_cents]
        );
        await client.query('UPDATE products SET stock = stock - $1 WHERE id = $2', [
          item.quantity,
@@ -282,6 +341,8 @@ router.post(

      await client.query('COMMIT');
      req.session.cart = {};
+      delete req.session.appliedPromoCode;
+      delete req.session.loyaltyPointsToUse;
      res.redirect(`/orders/${orderId}?success=1`);
    } catch (err) {
      await client.query('ROLLBACK');
@@ -0,0 +1,20 @@
+const { query } = require('./db');
+
+async function seedPromoCodes() {
+  const { rows } = await query('SELECT COUNT(*)::int AS n FROM promo_codes');
+  if (rows[0].n > 0) return;
+
+  const expires = new Date();
+  expires.setDate(expires.getDate() + 30);
+
+  await query(
+    `INSERT INTO promo_codes (code, description, discount_type, discount_value, expires_at, min_order_cents)
+     VALUES
+       ('WELCOME10', 'Скидка 10% новым покупателям', 'percent', 10, $1, 0),
+       ('SALE500', 'Скидка 500 ₽ от 3000 ₽', 'fixed', 50000, $1, 300000)`,
+    [expires.toISOString()]
+  );
+  console.log('Демо-промокоды: WELCOME10, SALE500');
+}
+
+module.exports = { seedPromoCodes };
@@ -7,6 +7,7 @@ const pgSession = require('connect-pg-simple')(session);
 const { pool, initSchema, checkConnection } = require('./db');
 const { runSeed } = require('./seed');
 const { seedAdmin } = require('./seed-admin');
+const { seedPromoCodes } = require('./seed-promo');
 const { loadUser } = require('./middleware/auth');
 const { loadCookieConsent } = require('./middleware/cookieConsent');
 const healthRoutes = require('./routes/health');
@@ -19,6 +20,7 @@ const passwordResetRoutes = require('./routes/password-reset');
 const reservationsRoutes = require('./routes/reservations');
 const passkeyRoutes = require('./routes/passkey');
 const stockAlertsRoutes = require('./routes/stock-alerts');
+const promoRoutes = require('./routes/promo');

 const PORT = process.env.PORT || 3000;
 const HOST = process.env.HOST || '0.0.0.0';
@@ -29,6 +31,7 @@ async function start() {
  await initSchema();
  await runSeed();
  await seedAdmin();
+  await seedPromoCodes();

  const app = express();

@@ -70,6 +73,7 @@ async function start() {
  app.use('/', passwordResetRoutes);
  app.use('/reservations', reservationsRoutes);
  app.use('/', stockAlertsRoutes);
+  app.use('/', promoRoutes);
  app.use('/', shopRoutes);
  app.use('/', authRoutes);
  app.use('/webauthn', passkeyRoutes);
@@ -0,0 +1,151 @@
+const { execFile, spawn } = require('child_process');
+const fs = require('fs');
+const path = require('path');
+const { promisify } = require('util');
+
+const execFileAsync = promisify(execFile);
+
+function resolveShopRoot() {
+  const candidates = [
+    process.env.SHOP_ROOT,
+    path.resolve(__dirname, '../..'),
+    '/opt/shop',
+  ].filter(Boolean);
+
+  for (const dir of candidates) {
+    const resolved = path.resolve(dir);
+    if (fs.existsSync(path.join(resolved, 'package.json'))) {
+      return resolved;
+    }
+  }
+  return null;
+}
+
+function isUpdateEnabled() {
+  if (process.env.ADMIN_UPDATE_ENABLED === '0') return false;
+  const root = resolveShopRoot();
+  if (!root) return false;
+  if (!fs.existsSync(path.join(root, '.git'))) return false;
+  if (process.platform === 'win32') return false;
+  return fs.existsSync(path.join(root, 'scripts', 'admin-web-update.sh'));
+}
+
+async function gitCmd(args, cwd) {
+  const { stdout, stderr } = await execFileAsync('git', args, {
+    cwd,
+    maxBuffer: 1024 * 1024,
+    timeout: 90000,
+    env: { ...process.env, GIT_TERMINAL_PROMPT: '0' },
+  });
+  return `${stdout}${stderr}`.trim();
+}
+
+async function getGitInfo({ fetchRemote = false } = {}) {
+  const root = resolveShopRoot();
+  const pkg = root ? JSON.parse(fs.readFileSync(path.join(root, 'package.json'), 'utf8')) : null;
+
+  if (!root || !fs.existsSync(path.join(root, '.git'))) {
+    return {
+      available: false,
+      packageVersion: pkg?.version || null,
+      shopRoot: root,
+      reason: 'Каталог не является git-репозиторием. Задайте SHOP_ROOT в .env.',
+    };
+  }
+
+  const info = {
+    available: true,
+    shopRoot: root,
+    packageVersion: pkg?.version || null,
+    branch: null,
+    commit: null,
+    commitShort: null,
+    commitSubject: null,
+    commitDate: null,
+    dirty: false,
+    behind: null,
+    updateEnabled: isUpdateEnabled(),
+    platform: process.platform,
+  };
+
+  try {
+    info.branch = await gitCmd(['branch', '--show-current'], root);
+    if (!info.branch) {
+      info.branch = '(detached)';
+      info.commitShort = await gitCmd(['rev-parse', '--short', 'HEAD'], root);
+    }
+    info.commit = await gitCmd(['rev-parse', 'HEAD'], root);
+    info.commitShort = info.commitShort || (await gitCmd(['rev-parse', '--short', 'HEAD'], root));
+    info.commitSubject = await gitCmd(['log', '-1', '--pretty=%s'], root);
+    info.commitDate = await gitCmd(['log', '-1', '--pretty=%ci'], root);
+    const status = await gitCmd(['status', '--porcelain'], root);
+    info.dirty = status.length > 0;
+  } catch (err) {
+    info.available = false;
+    info.reason = err.message;
+    return info;
+  }
+
+  if (fetchRemote) {
+    try {
+      await gitCmd(['fetch', 'origin'], root);
+      const behind = await gitCmd(
+        ['rev-list', '--count', 'HEAD..origin/main'],
+        root
+      );
+      info.behind = parseInt(behind, 10) || 0;
+    } catch (err) {
+      info.fetchError = err.message;
+    }
+  }
+
+  return info;
+}
+
+function runDeployUpdate() {
+  const root = resolveShopRoot();
+  const scriptPath = path.join(root, 'scripts', 'admin-web-update.sh');
+
+  return new Promise((resolve) => {
+    const useSudo = process.env.ADMIN_UPDATE_USE_SUDO === '1';
+    const cmd = useSudo ? 'sudo' : 'bash';
+    const args = useSudo ? ['-n', scriptPath] : [scriptPath];
+
+    const child = spawn(cmd, args, {
+      cwd: root,
+      env: { ...process.env, SHOP_ROOT: root },
+      timeout: 300000,
+    });
+
+    let output = '';
+    child.stdout.on('data', (chunk) => {
+      output += chunk.toString();
+    });
+    child.stderr.on('data', (chunk) => {
+      output += chunk.toString();
+    });
+
+    child.on('error', (err) => {
+      resolve({
+        ok: false,
+        code: -1,
+        output: `${output}\n${err.message}`.trim(),
+      });
+    });
+
+    child.on('close', (code) => {
+      resolve({
+        ok: code === 0,
+        code: code ?? 1,
+        output: output.trim() || '(нет вывода)',
+      });
+    });
+  });
+}
+
+module.exports = {
+  resolveShopRoot,
+  isUpdateEnabled,
+  getGitInfo,
+  runDeployUpdate,
+};
@@ -0,0 +1,48 @@
+const { query } = require('../db');
+
+/** Баллов за каждые 100 ₽ subtotal после скидок */
+const EARN_PER_100_RUB = 10;
+/** 1 балл = 1 копейка скидки */
+const POINT_VALUE_CENTS = 1;
+
+async function getBalance(userId) {
+  const { rows } = await query('SELECT loyalty_points FROM users WHERE id = $1', [
+    userId,
+  ]);
+  return rows[0]?.loyalty_points ?? 0;
+}
+
+function calcEarnedPoints(payableCents) {
+  if (payableCents <= 0) return 0;
+  return Math.floor((payableCents / 10000) * EARN_PER_100_RUB);
+}
+
+function calcLoyaltyDiscountCents(pointsToUse, balance, maxCents) {
+  const use = Math.min(
+    Math.max(0, parseInt(pointsToUse, 10) || 0),
+    balance,
+    maxCents
+  );
+  return use * POINT_VALUE_CENTS;
+}
+
+function pointsForDiscount(discountCents) {
+  return Math.floor(discountCents / POINT_VALUE_CENTS);
+}
+
+async function applyLoyaltyOnOrder(client, userId, pointsUsed, pointsEarned) {
+  await client.query(
+    `UPDATE users SET loyalty_points = loyalty_points - $1 + $2 WHERE id = $3`,
+    [pointsUsed, pointsEarned, userId]
+  );
+}
+
+module.exports = {
+  EARN_PER_100_RUB,
+  POINT_VALUE_CENTS,
+  getBalance,
+  calcEarnedPoints,
+  calcLoyaltyDiscountCents,
+  pointsForDiscount,
+  applyLoyaltyOnOrder,
+};
@@ -0,0 +1,66 @@
+const promoService = require('./promo');
+const loyaltyService = require('./loyalty');
+
+async function buildCartPricing(items, session, userId) {
+  const subtotal = items.reduce((s, i) => s + i.line_total, 0);
+
+  let promo = null;
+  let promoDiscount = 0;
+  let promoError = null;
+
+  if (session.appliedPromoCode) {
+    promo = await promoService.findPromoByCode(session.appliedPromoCode);
+    const check = promoService.validatePromo(promo, subtotal);
+    if (!check.ok) {
+      promoError = check.error;
+      promo = null;
+      delete session.appliedPromoCode;
+    } else {
+      promoDiscount = promoService.calcPromoDiscountCents(promo, subtotal);
+    }
+  }
+
+  const afterPromo = Math.max(0, subtotal - promoDiscount);
+
+  let loyaltyBalance = 0;
+  let loyaltyDiscount = 0;
+  let loyaltyPointsUsed = 0;
+
+  if (userId) {
+    loyaltyBalance = await loyaltyService.getBalance(userId);
+    const requested = session.loyaltyPointsToUse ?? 0;
+    loyaltyDiscount = loyaltyService.calcLoyaltyDiscountCents(
+      requested,
+      loyaltyBalance,
+      afterPromo
+    );
+    loyaltyPointsUsed = loyaltyService.pointsForDiscount(loyaltyDiscount);
+  }
+
+  const total = Math.max(0, afterPromo - loyaltyDiscount);
+  const pointsEarned =
+    userId && total > 0 ? loyaltyService.calcEarnedPoints(total) : 0;
+
+  return {
+    subtotal,
+    promoDiscount,
+    loyaltyDiscount,
+    loyaltyPointsUsed,
+    loyaltyPointsUsedDisplay: loyaltyPointsUsed,
+    loyaltyBalance,
+    pointsEarned,
+    total,
+    promo: promo
+      ? {
+          code: promo.code,
+          description: promo.description,
+          discount_type: promo.discount_type,
+          discount_value: promo.discount_value,
+          expires_at: promo.expires_at,
+        }
+      : null,
+    promoError,
+  };
+}
+
+module.exports = { buildCartPricing };
@@ -0,0 +1,62 @@
+const { query } = require('../db');
+
+function normalizeCode(code) {
+  return String(code || '')
+    .trim()
+    .toUpperCase()
+    .replace(/\s+/g, '');
+}
+
+async function findPromoByCode(code) {
+  const normalized = normalizeCode(code);
+  if (!normalized) return null;
+
+  const { rows } = await query(
+    `SELECT * FROM promo_codes WHERE UPPER(code) = $1 AND active = true`,
+    [normalized]
+  );
+  return rows[0] || null;
+}
+
+function validatePromo(promo, subtotalCents) {
+  if (!promo) return { ok: false, error: 'Промокод не найден' };
+
+  const now = new Date();
+  if (new Date(promo.starts_at) > now) {
+    return { ok: false, error: 'Промокод ещё не действует' };
+  }
+  if (new Date(promo.expires_at) <= now) {
+    return { ok: false, error: 'Срок действия промокода истёк' };
+  }
+  if (promo.max_uses != null && promo.use_count >= promo.max_uses) {
+    return { ok: false, error: 'Лимит использований промокода исчерпан' };
+  }
+  if (subtotalCents < promo.min_order_cents) {
+    const min = (promo.min_order_cents / 100).toFixed(0);
+    return { ok: false, error: `Минимальная сумма заказа ${min} ₽` };
+  }
+
+  return { ok: true };
+}
+
+function calcPromoDiscountCents(promo, subtotalCents) {
+  if (!promo) return 0;
+  if (promo.discount_type === 'percent') {
+    const pct = Math.min(100, Math.max(1, promo.discount_value));
+    return Math.floor((subtotalCents * pct) / 100);
+  }
+  return Math.min(subtotalCents, promo.discount_value);
+}
+
+async function incrementPromoUse(promoId, client) {
+  const q = client ? client.query.bind(client) : query;
+  await q('UPDATE promo_codes SET use_count = use_count + 1 WHERE id = $1', [promoId]);
+}
+
+module.exports = {
+  normalizeCode,
+  findPromoByCode,
+  validatePromo,
+  calcPromoDiscountCents,
+  incrementPromoUse,
+};
@@ -0,0 +1,19 @@
+function isSaleActive(product) {
+  if (product.sale_price_cents == null) return false;
+  if (product.sale_price_cents >= product.price_cents) return false;
+  if (product.sale_ends_at && new Date(product.sale_ends_at) <= new Date()) return false;
+  return true;
+}
+
+function getEffectivePriceCents(product) {
+  return isSaleActive(product) ? product.sale_price_cents : product.price_cents;
+}
+
+function salePercent(product) {
+  if (!isSaleActive(product) || !product.price_cents) return 0;
+  return Math.round(
+    ((product.price_cents - product.sale_price_cents) / product.price_cents) * 100
+  );
+}
+
+module.exports = { isSaleActive, getEffectivePriceCents, salePercent };
@@ -29,6 +29,8 @@
          <dd><%= new Date(user.created_at).toLocaleString('ru-RU') %></dd>
          <dt>Заказов</dt>
          <dd><%= orderCount %></dd>
+          <dt>Баллы лояльности</dt>
+          <dd><strong><%= user.loyalty_points || 0 %></strong> <span class="muted">(1 балл = 1 коп. скидки)</span></dd>
        </dl>
        <div class="account-actions">
          <a href="/orders" class="btn btn--primary">Мои заказы</a>
@@ -2,16 +2,15 @@

 <div class="admin-header">
  <h1>Админ-панель</h1>
-  <nav class="admin-nav">
-    <a href="/admin" class="admin-nav__link admin-nav__link--active">Обзор</a>
-    <a href="/admin/orders" class="admin-nav__link">Заказы</a>
-    <a href="/admin/users" class="admin-nav__link">Пользователи</a>
-    <a href="/admin/products" class="admin-nav__link">Товары</a>
-    <a href="/admin/reservations" class="admin-nav__link">Бронирования</a>
-    <a href="/" class="admin-nav__link">В магазин</a>
-  </nav>
+  <%- include('../partials/admin-nav', { adminNav: 'dashboard' }) %>
 </div>

+<section class="card" style="margin-bottom:1.5rem">
+  <h2 style="margin-top:0">Обновление с Git</h2>
+  <p class="muted">Подтянуть новую версию и перезапустить магазин без SSH.</p>
+  <a href="/admin/system" class="btn btn--primary">Перейти к обновлению →</a>
+</section>
+
 <div class="stats-grid">
  <div class="stat-card">
    <span class="stat-card__label">Пользователи</span>
@@ -2,14 +2,7 @@

 <div class="admin-header">
  <h1>Заказы</h1>
-  <nav class="admin-nav">
-    <a href="/admin" class="admin-nav__link">Обзор</a>
-    <a href="/admin/orders" class="admin-nav__link admin-nav__link--active">Заказы</a>
-    <a href="/admin/users" class="admin-nav__link">Пользователи</a>
-    <a href="/admin/products" class="admin-nav__link">Товары</a>
-    <a href="/admin/reservations" class="admin-nav__link">Бронирования</a>
-    <a href="/" class="admin-nav__link">В магазин</a>
-  </nav>
+  <%- include('../partials/admin-nav', { adminNav: 'orders' }) %>
 </div>

 <% const statusLabels = { pending: 'Ожидает', paid: 'Оплачен', shipped: 'Отправлен', cancelled: 'Отменён' }; %>
@@ -1,59 +1,89 @@
 <%- include('../partials/layout-start') %>

 <div class="admin-header">
-  <h1>Товары</h1>
-  <nav class="admin-nav">
-    <a href="/admin" class="admin-nav__link">Обзор</a>
-    <a href="/admin/orders" class="admin-nav__link">Заказы</a>
-    <a href="/admin/users" class="admin-nav__link">Пользователи</a>
-    <a href="/admin/products" class="admin-nav__link admin-nav__link--active">Товары</a>
-    <a href="/admin/reservations" class="admin-nav__link">Бронирования</a>
-    <a href="/" class="admin-nav__link">В магазин</a>
-  </nav>
+  <h1>Товары — цены и скидки</h1>
+  <%- include('../partials/admin-nav', { adminNav: 'products' }) %>
 </div>

 <% if (stockUpdated) { %>
  <p class="alert alert--success">
-    Остаток обновлён.<% if (notified > 0) { %> Отправлено уведомлений подписчикам: <%= notified %>.<% } %>
+    Остаток обновлён.<% if (notified > 0) { %> Уведомления о поступлении: <%= notified %>.<% } %>
  </p>
 <% } %>
+<% if (pricingUpdated) { %><p class="alert alert--success">Цены обновлены</p><% } %>
+<% if (pricingError) { %><p class="alert alert--error"><%= pricingError %></p><% } %>

-<table class="cart-table">
+<p class="muted admin-hint">Укажите обычную цену и цену со скидкой (₽). Пустая скидка или «Сбросить» — без акции. Для акции можно задать дату окончания.</p>
+
+<table class="cart-table admin-products-table">
  <thead>
    <tr>
-      <th>ID</th>
-      <th>Название</th>
-      <th>Категория</th>
-      <th>Цена</th>
+      <th>Товар</th>
+      <th>Цена / скидка (₽)</th>
+      <th>Акция до</th>
      <th>Остаток</th>
-      <th>Подписки</th>
      <th></th>
    </tr>
  </thead>
  <tbody>
    <% products.forEach(p => { %>
+      <% const onSale = isSaleActive(p); %>
+      <% const eff = effectivePrice(p); %>
      <tr>
-        <td><%= p.id %></td>
-        <td><%= p.name %></td>
-        <td><%= p.category_name || '—' %></td>
-        <td><%= formatPrice(p.price_cents) %></td>
        <td>
-          <form action="/admin/products/<%= p.id %>/stock" method="post" class="inline-form admin-stock-form">
-            <input type="number" name="stock" class="input input--sm" min="0" value="<%= p.stock %>" aria-label="Остаток">
-            <button type="submit" class="btn btn--ghost btn--sm">OK</button>
-          </form>
+          <strong><%= p.name %></strong><br>
+          <span class="muted"><%= p.category_name || '—' %></span>
+          <% if (onSale) { %>
+            <br><span class="badge badge--sale">−<%= salePercent(p) %>% на сайте</span>
+          <% } %>
        </td>
        <td>
-          <% if (p.alert_count > 0) { %>
-            <span class="badge" title="Ждут уведомления"><%= p.alert_count %></span>
-          <% } else { %>
-            —
+          <form action="/admin/products/<%= p.id %>/pricing" method="post" class="admin-pricing-form">
+            <label class="label label--inline">
+              Цена
+              <input type="number" name="price_rub" class="input input--sm" min="0" step="0.01" required
+                value="<%= (p.price_cents / 100).toFixed(2) %>">
+            </label>
+            <label class="label label--inline">
+              Со скидкой
+              <input type="number" name="sale_price_rub" class="input input--sm" min="0" step="0.01" placeholder="—"
+                value="<%= p.sale_price_cents != null ? (p.sale_price_cents / 100).toFixed(2) : '' %>">
+            </label>
+            <button type="submit" class="btn btn--primary btn--sm">Сохранить</button>
+          </form>
+          <% if (onSale) { %>
+            <p class="muted" style="margin:0.35rem 0 0">На сайте: <strong><%= formatPrice(eff) %></strong> вместо <%= formatPrice(p.price_cents) %></p>
          <% } %>
        </td>
+        <td>
+          <form action="/admin/products/<%= p.id %>/pricing" method="post" class="admin-pricing-form admin-pricing-form--ends">
+            <input type="hidden" name="price_rub" value="<%= (p.price_cents / 100).toFixed(2) %>">
+            <input type="hidden" name="sale_price_rub" value="<%= p.sale_price_cents != null ? (p.sale_price_cents / 100).toFixed(2) : '' %>">
+            <input type="datetime-local" name="sale_ends_at" class="input input--sm"
+              value="<%= p.sale_ends_at ? new Date(p.sale_ends_at).toISOString().slice(0, 16) : '' %>">
+            <button type="submit" class="btn btn--ghost btn--sm">OK</button>
+            <% if (p.sale_price_cents != null) { %>
+              <button type="submit" formaction="/admin/products/<%= p.id %>/pricing" name="clear_sale" value="1" class="btn btn--ghost btn--sm">Сбросить скидку</button>
+            <% } %>
+          </form>
+          <% if (onSale && p.sale_ends_at) { %>
+            <div class="promo-countdown" data-expires="<%= p.sale_ends_at %>" style="margin-top:0.35rem">
+              <span class="promo-countdown__timer">—</span>
+            </div>
+          <% } %>
+        </td>
+        <td>
+          <form action="/admin/products/<%= p.id %>/stock" method="post" class="inline-form admin-stock-form">
+            <input type="number" name="stock" class="input input--sm" min="0" value="<%= p.stock %>">
+            <button type="submit" class="btn btn--ghost btn--sm">OK</button>
+          </form>
+        </td>
        <td><a href="/product/<%= p.slug %>">На сайте</a></td>
      </tr>
    <% }) %>
  </tbody>
 </table>

+<script src="/js/promo-countdown.js"></script>
+
 <%- include('../partials/layout-end') %>
@@ -0,0 +1,107 @@
+<%- include('../partials/layout-start') %>
+
+<div class="admin-header">
+  <h1>Промокоды и скидки</h1>
+  <%- include('../partials/admin-nav', { adminNav: 'promo' }) %>
+</div>
+
+<% if (created) { %><p class="alert alert--success">Промокод создан</p><% } %>
+<% if (updated) { %><p class="alert alert--success">Промокод обновлён</p><% } %>
+
+<section class="card account-section--narrow" style="margin-bottom:1.5rem">
+  <h2>Новый промокод</h2>
+  <form action="/admin/promo-codes" method="post" class="form form--grid">
+    <label class="label">Код <input type="text" name="code" class="input" required placeholder="SUMMER20"></label>
+    <label class="label">Описание <input type="text" name="description" class="input" placeholder="Летняя скидка"></label>
+    <label class="label">Тип скидки
+      <select name="discount_type" class="input" id="promo-type-new">
+        <option value="percent">Процент (%)</option>
+        <option value="fixed">Фиксированная сумма (₽)</option>
+      </select>
+    </label>
+    <label class="label">
+      <span id="promo-value-label-new">Размер скидки (%)</span>
+      <input type="number" name="discount_value" class="input" min="1" required placeholder="10">
+    </label>
+    <label class="label">Действует (дней с сегодня) <input type="number" name="valid_days" class="input" value="30" min="1"></label>
+    <label class="label">Мин. сумма заказа (₽) <input type="number" name="min_order_rub" class="input" value="0" min="0" step="1"></label>
+    <label class="label">Лимит использований <input type="number" name="max_uses" class="input" min="1" placeholder="без лимита"></label>
+    <button type="submit" class="btn btn--primary">Создать</button>
+  </form>
+</section>
+
+<table class="cart-table">
+  <thead>
+    <tr>
+      <th>Код</th>
+      <th>Настройки скидки</th>
+      <th>Срок / лимит</th>
+      <th>Использовано</th>
+      <th></th>
+    </tr>
+  </thead>
+  <tbody>
+    <% promos.forEach(p => { %>
+      <tr>
+        <td><strong><%= p.code %></strong></td>
+        <td>
+          <form action="/admin/promo-codes/<%= p.id %>/update" method="post" class="admin-promo-form">
+            <input type="text" name="description" class="input input--sm" value="<%= p.description || '' %>" placeholder="Описание">
+            <select name="discount_type" class="input input--sm promo-type-select">
+              <option value="percent"<%= p.discount_type === 'percent' ? ' selected' : '' %>>%</option>
+              <option value="fixed"<%= p.discount_type === 'fixed' ? ' selected' : '' %>>₽</option>
+            </select>
+            <input type="number" name="discount_value" class="input input--sm" min="1" required
+              value="<%= p.discount_type === 'percent' ? p.discount_value : (p.discount_value / 100) %>"
+              title="<%= p.discount_type === 'percent' ? 'Процент' : 'Рубли' %>">
+            <label class="label label--inline muted">мин. заказ ₽
+              <input type="number" name="min_order_rub" class="input input--sm" min="0"
+                value="<%= Math.round(p.min_order_cents / 100) %>">
+            </label>
+            <button type="submit" class="btn btn--ghost btn--sm">Сохранить</button>
+          </form>
+        </td>
+        <td>
+          <form action="/admin/promo-codes/<%= p.id %>/update" method="post" class="admin-promo-form">
+            <input type="hidden" name="description" value="<%= p.description || '' %>">
+            <input type="hidden" name="discount_type" value="<%= p.discount_type %>">
+            <input type="hidden" name="discount_value" value="<%= p.discount_type === 'percent' ? p.discount_value : (p.discount_value / 100) %>">
+            <input type="hidden" name="min_order_rub" value="<%= Math.round(p.min_order_cents / 100) %>">
+            <label class="label label--inline">ещё дней
+              <input type="number" name="valid_days" class="input input--sm" value="7" min="1">
+            </label>
+            <label class="label label--inline">лимит
+              <input type="number" name="max_uses" class="input input--sm" min="1"
+                value="<%= p.max_uses || '' %>" placeholder="∞">
+            </label>
+            <button type="submit" class="btn btn--ghost btn--sm">Продлить</button>
+            <p class="muted" style="margin:0.25rem 0 0;font-size:0.85rem">до <%= new Date(p.expires_at).toLocaleString('ru-RU') %></p>
+          </form>
+        </td>
+        <td><%= p.use_count %><% if (p.max_uses) { %> / <%= p.max_uses %><% } %></td>
+        <td>
+          <span class="badge<%= p.active ? '' : ' badge--muted' %>"><%= p.active ? 'Активен' : 'Выкл.' %></span>
+          <form action="/admin/promo-codes/<%= p.id %>/toggle" method="post" style="margin-top:0.35rem">
+            <button type="submit" class="btn btn--ghost btn--sm"><%= p.active ? 'Выключить' : 'Включить' %></button>
+          </form>
+        </td>
+      </tr>
+    <% }) %>
+  </tbody>
+</table>
+
+<script>
+  function bindPromoType(selectId, labelId) {
+    const sel = document.getElementById(selectId);
+    const lab = document.getElementById(labelId);
+    if (!sel || !lab) return;
+    const sync = () => {
+      lab.textContent = sel.value === 'fixed' ? 'Скидка (₽)' : 'Размер скидки (%)';
+    };
+    sel.addEventListener('change', sync);
+    sync();
+  }
+  bindPromoType('promo-type-new', 'promo-value-label-new');
+</script>
+
+<%- include('../partials/layout-end') %>
@@ -2,14 +2,7 @@

 <div class="admin-header">
  <h1>Бронирования</h1>
-  <nav class="admin-nav">
-    <a href="/admin" class="admin-nav__link">Обзор</a>
-    <a href="/admin/orders" class="admin-nav__link">Заказы</a>
-    <a href="/admin/users" class="admin-nav__link">Пользователи</a>
-    <a href="/admin/products" class="admin-nav__link">Товары</a>
-    <a href="/admin/reservations" class="admin-nav__link admin-nav__link--active">Бронирования</a>
-    <a href="/" class="admin-nav__link">В магазин</a>
-  </nav>
+  <%- include('../partials/admin-nav', { adminNav: 'reservations' }) %>
 </div>

 <% const resStatus = { active: 'Активна', fulfilled: 'Выполнена', cancelled: 'Отменена', expired: 'Истекла' }; %>
@@ -0,0 +1,109 @@
+<%- include('../partials/layout-start') %>
+
+<div class="admin-header">
+  <h1>Обновление с Git</h1>
+  <%- include('../partials/admin-nav', { adminNav: 'system' }) %>
+</div>
+
+<% if (updateOk) { %>
+  <p class="alert alert--success">Обновление выполнено успешно. Если сайт не открывается — подождите 10–20 сек и обновите страницу.</p>
+<% } %>
+<% if (updateFail) { %>
+  <p class="alert alert--error">Обновление завершилось с ошибкой (код <%= updateCode %>).</p>
+<% } %>
+<% if (confirmError) { %>
+  <p class="alert alert--error">Введите <strong>update</strong> для подтверждения.</p>
+<% } %>
+<% if (disabledError) { %>
+  <p class="alert alert--warn">Обновление из админки отключено на этом сервере.</p>
+<% } %>
+
+<section class="card admin-system">
+  <h2>Текущая версия</h2>
+  <% if (!git.available) { %>
+    <p class="alert alert--warn"><%= git.reason || 'Git недоступен' %></p>
+  <% } else { %>
+    <dl class="profile-dl admin-system__meta">
+      <dt>Версия приложения</dt>
+      <dd><strong>v<%= git.packageVersion || '?' %></strong></dd>
+      <dt>Каталог</dt>
+      <dd><code class="admin-system__path"><%= git.shopRoot %></code></dd>
+      <dt>Ветка</dt>
+      <dd><%= git.branch %></dd>
+      <dt>Коммит</dt>
+      <dd>
+        <code><%= git.commitShort %></code>
+        — <%= git.commitSubject %>
+        <span class="muted">(<%= git.commitDate %>)</span>
+      </dd>
+      <% if (git.dirty) { %>
+        <dt>Состояние</dt>
+        <dd><span class="badge badge--warn">Есть незакоммиченные изменения</span></dd>
+      <% } %>
+      <% if (git.behind != null) { %>
+        <dt>На origin/main</dt>
+        <dd>
+          <% if (git.behind > 0) { %>
+            <span class="badge badge--sale">Доступно обновлений: <%= git.behind %></span>
+          <% } else { %>
+            <span class="badge">Актуально</span>
+          <% } %>
+        </dd>
+      <% } %>
+      <% if (git.fetchError) { %>
+        <dt>origin</dt>
+        <dd class="muted">Не удалось проверить: <%= git.fetchError %></dd>
+      <% } %>
+    </dl>
+  <% } %>
+
+  <div class="admin-system__actions">
+    <form action="/admin/system/check" method="post" class="inline-form">
+      <button type="submit" class="btn btn--ghost">
+        <%- include('../partials/icon', { name: 'refresh', iconSize: 18 }) %>
+        Проверить на Git
+      </button>
+    </form>
+  </div>
+
+  <% if (git.updateEnabled) { %>
+    <hr class="admin-system__hr">
+    <h2>Обновить сейчас</h2>
+    <p class="muted admin-hint">
+      Выполняется <code>git pull</code>, <code>npm install</code> и перезапуск службы <code>shop</code>.
+      Страница может оборваться на несколько секунд — это нормально.
+    </p>
+    <form action="/admin/system/update" method="post" class="form admin-system__form" onsubmit="return confirm('Обновить код с Git и перезапустить магазин?');">
+      <label class="label">
+        Подтверждение: введите <strong>update</strong>
+        <input type="text" name="confirm" class="input" required autocomplete="off" placeholder="update">
+      </label>
+      <button type="submit" class="btn btn--primary btn--lg">
+        <%- include('../partials/icon', { name: 'download', iconSize: 20 }) %>
+        Обновить с Git
+      </button>
+    </form>
+  <% } else if (git.available) { %>
+    <p class="alert alert--warn">
+      Обновление из админки отключено (Windows, нет .git или <code>ADMIN_UPDATE_ENABLED=0</code>).
+      На сервере: <code>bash "$SHOP_ROOT/scripts/server-update.sh"</code>
+    </p>
+  <% } %>
+</section>
+
+<% if (updateLog) { %>
+  <section class="card admin-system__log">
+    <h2>Журнал обновления</h2>
+    <pre class="admin-system__pre"><%= updateLog %></pre>
+  </section>
+<% } %>
+
+<section class="card admin-system__help muted">
+  <h2>Настройка сервера</h2>
+  <p>В <code>.env</code>: <code>SHOP_ROOT=/opt/shop</code>, <code>ADMIN_UPDATE_ENABLED=1</code>.</p>
+  <p>Если служба работает от <code>www-data</code>, добавьте в sudoers (от root):</p>
+  <pre class="admin-system__pre">www-data ALL=(root) NOPASSWD: <%= git.shopRoot || '/opt/shop' %>/scripts/admin-web-update.sh</pre>
+  <p>И в .env: <code>ADMIN_UPDATE_USE_SUDO=1</code></p>
+</section>
+
+<%- include('../partials/layout-end') %>
@@ -2,14 +2,7 @@

 <div class="admin-header">
  <h1>Пользователи</h1>
-  <nav class="admin-nav">
-    <a href="/admin" class="admin-nav__link">Обзор</a>
-    <a href="/admin/orders" class="admin-nav__link">Заказы</a>
-    <a href="/admin/users" class="admin-nav__link admin-nav__link--active">Пользователи</a>
-    <a href="/admin/products" class="admin-nav__link">Товары</a>
-    <a href="/admin/reservations" class="admin-nav__link">Бронирования</a>
-    <a href="/" class="admin-nav__link">В магазин</a>
-  </nav>
+  <%- include('../partials/admin-nav', { adminNav: 'users' }) %>
 </div>

 <p class="muted admin-hint">
@@ -3,6 +3,8 @@
 <h1>Корзина</h1>

 <% if (error) { %><p class="alert alert--error"><%= error %></p><% } %>
+<% if (promoOk) { %><p class="alert alert--success"><%= promoOk %></p><% } %>
+<% if (promoErr) { %><p class="alert alert--error"><%= promoErr %></p><% } %>

 <% if (!items.length) { %>
  <p class="empty">Корзина пуста. <a href="/">Перейти в каталог</a></p>
@@ -27,28 +29,97 @@
              <% } %>
              <a href="/product/<%= item.slug %>"><%= item.name %></a>
            </td>
-            <td><%= formatPrice(item.price_cents) %></td>
+            <td class="cart-table__price">
+              <%- include('partials/product-price', {
+                product: item,
+                forceOnSale: item.on_sale,
+                forceEffective: item.effective_price_cents,
+                priceSize: 'sm'
+              }) %>
+            </td>
            <td>
              <input type="number" name="items[<%= item.id %>]" value="<%= item.quantity %>" min="0" max="<%= item.stock %>" class="input input--qty">
            </td>
            <td><%= formatPrice(item.line_total) %></td>
            <td>
-              <button type="submit" formaction="/cart/remove/<%= item.id %>" formmethod="post" class="btn btn--ghost btn--sm" title="Удалить">×</button>
+              <button type="submit" formaction="/cart/remove/<%= item.id %>" formmethod="post" class="btn btn--ghost btn--sm btn--icon" title="Удалить" aria-label="Удалить">
+                <%- include('partials/icon', { name: 'trash', iconSize: 16 }) %>
+              </button>
            </td>
          </tr>
        <% }) %>
      </tbody>
    </table>
-    <div class="cart-actions">
-      <button type="submit" class="btn btn--ghost">Обновить</button>
-      <p class="cart-total">Итого: <strong><%= formatPrice(total) %></strong></p>
+
+    <div class="cart-sidebar">
+      <section class="card promo-box">
+        <h2 class="promo-box__title">Промокод</h2>
+        <% if (pricing.promo) { %>
+          <p class="promo-box__applied">
+            <strong><%= pricing.promo.code %></strong>
+            <% if (pricing.promo.description) { %> — <%= pricing.promo.description %><% } %>
+          </p>
+          <p class="promo-box__discount">Скидка: −<%= formatPrice(pricing.promoDiscount) %></p>
+          <div class="promo-countdown" data-expires="<%= pricing.promo.expires_at %>">
+            <span class="promo-countdown__label">До конца акции:</span>
+            <span class="promo-countdown__timer">—</span>
+          </div>
+          <form action="/cart/promo/remove" method="post" class="inline-form">
+            <button type="submit" class="btn btn--ghost btn--sm">Убрать промокод</button>
+          </form>
+        <% } else { %>
+          <form action="/cart/promo" method="post" class="promo-box__form">
+            <input type="text" name="code" class="input" placeholder="WELCOME10" required autocomplete="off">
+            <button type="submit" class="btn btn--primary">Применить</button>
+          </form>
+        <% } %>
+      </section>
+
      <% if (user) { %>
-        <a href="/checkout" class="btn btn--primary btn--lg">Оформить заказ</a>
+        <section class="card promo-box">
+          <h2 class="promo-box__title">Баллы лояльности</h2>
+          <p class="muted">На счёте: <strong><%= pricing.loyaltyBalance %></strong> баллов (1 балл = 1 коп.)</p>
+          <% if (pricing.pointsEarned > 0) { %>
+            <p class="muted">За этот заказ начислим: +<%= pricing.pointsEarned %> баллов</p>
+          <% } %>
+          <% if (pricing.loyaltyDiscount > 0) { %>
+            <p class="promo-box__discount">Списано: −<%= formatPrice(pricing.loyaltyDiscount) %> (<%= pricing.loyaltyPointsUsed %> баллов)</p>
+            <form action="/cart/loyalty/remove" method="post">
+              <button type="submit" class="btn btn--ghost btn--sm">Отменить списание</button>
+            </form>
+          <% } else if (pricing.loyaltyBalance > 0) { %>
+            <form action="/cart/loyalty" method="post" class="promo-box__form">
+              <button type="submit" name="use_all" value="1" class="btn btn--ghost">Списать все доступные</button>
+            </form>
+          <% } %>
+        </section>
+      <% } %>
+
+      <section class="card cart-summary">
+        <dl class="cart-summary__dl">
+          <dt>Товары</dt>
+          <dd><%= formatPrice(pricing.subtotal) %></dd>
+          <% if (pricing.promoDiscount > 0) { %>
+            <dt>Промокод</dt>
+            <dd class="cart-summary__discount">−<%= formatPrice(pricing.promoDiscount) %></dd>
+          <% } %>
+          <% if (pricing.loyaltyDiscount > 0) { %>
+            <dt>Лояльность</dt>
+            <dd class="cart-summary__discount">−<%= formatPrice(pricing.loyaltyDiscount) %></dd>
+          <% } %>
+          <dt class="cart-summary__total-label">К оплате</dt>
+          <dd class="cart-summary__total"><%= formatPrice(pricing.total) %></dd>
+        </dl>
+        <% if (user) { %>
+          <a href="/checkout" class="btn btn--primary btn--lg btn--block">Оформить заказ</a>
        <% } else { %>
          <p class="hint"><a href="/login?next=/checkout">Войдите</a>, чтобы оформить заказ.</p>
        <% } %>
+      </section>
    </div>
  </form>
 <% } %>

+<script src="/js/promo-countdown.js"></script>
+
 <%- include('partials/layout-end') %>
@@ -36,8 +36,36 @@
        </li>
      <% }) %>
    </ul>
-    <p class="checkout-total">Итого: <strong><%= formatPrice(total) %></strong></p>
+    <% if (pricing.promo) { %>
+      <p class="checkout-promo">
+        Промокод <strong><%= pricing.promo.code %></strong>
+        <span class="promo-countdown" data-expires="<%= pricing.promo.expires_at %>">
+          (<span class="promo-countdown__timer">—</span>)
+        </span>
+      </p>
+    <% } %>
+    <dl class="cart-summary__dl">
+      <dt>Товары</dt>
+      <dd><%= formatPrice(pricing.subtotal) %></dd>
+      <% if (pricing.promoDiscount > 0) { %>
+        <dt>Скидка по промокоду</dt>
+        <dd class="cart-summary__discount">−<%= formatPrice(pricing.promoDiscount) %></dd>
+      <% } %>
+      <% if (pricing.loyaltyDiscount > 0) { %>
+        <dt>Баллы лояльности</dt>
+        <dd class="cart-summary__discount">−<%= formatPrice(pricing.loyaltyDiscount) %></dd>
+      <% } %>
+      <% if (pricing.pointsEarned > 0) { %>
+        <dt>Начислим баллов</dt>
+        <dd>+<%= pricing.pointsEarned %></dd>
+      <% } %>
+      <dt class="cart-summary__total-label">К оплате</dt>
+      <dd class="cart-summary__total"><%= formatPrice(pricing.total) %></dd>
+    </dl>
+    <p class="muted"><a href="/cart">Изменить корзину или промокод</a></p>
  </aside>
 </div>

+<script src="/js/promo-countdown.js"></script>
+
 <%- include('partials/layout-end') %>
@@ -2,7 +2,7 @@

 <section class="hero">
  <h1>Каталог товаров</h1>
-  <p>Доставка по России. Оплата при получении.</p>
+  <p class="hero__lead">Доставка по России · Оплата при получении · Акции со скидкой в каталоге</p>
 </section>

 <% if (categories.length) { %>
@@ -19,8 +19,15 @@
 <% } else { %>
  <div class="grid">
    <% products.forEach(p => { %>
-      <article class="card">
+      <% const onSale = isSaleActive(p); %>
+      <article class="card<%= onSale ? ' card--sale' : '' %>">
        <a href="/product/<%= p.slug %>" class="card__image-wrap">
+          <% if (onSale) { %>
+            <span class="card__sale-ribbon" aria-hidden="true">
+              <%- include('partials/icon', { name: 'tag', iconSize: 14 }) %>
+              −<%= salePercent(p) %>%
+            </span>
+          <% } %>
          <% if (p.image_url) { %>
            <img src="<%= p.image_url %>" alt="<%= p.name %>" class="card__image" loading="lazy">
          <% } else { %>
@@ -32,11 +39,14 @@
            <span class="card__category"><%= p.category_name %></span>
          <% } %>
          <h2 class="card__title"><a href="/product/<%= p.slug %>"><%= p.name %></a></h2>
-          <p class="card__price"><%= formatPrice(p.price_cents) %></p>
+          <%- include('partials/product-price', { product: p, priceSize: 'md' }) %>
          <form action="/cart/add" method="post" class="card__form">
            <input type="hidden" name="product_id" value="<%= p.id %>">
            <input type="hidden" name="redirect" value="/cart">
-            <button type="submit" class="btn btn--primary btn--block">В корзину</button>
+            <button type="submit" class="btn btn--primary btn--block">
+              <%- include('partials/icon', { name: 'cart', iconSize: 18 }) %>
+              В корзину
+            </button>
          </form>
        </div>
      </article>
@@ -22,7 +22,19 @@
      </li>
    <% }) %>
  </ul>
-  <p class="checkout-total">Итого: <strong><%= formatPrice(order.total_cents) %></strong></p>
+  <% const subtotal = order.subtotal_cents != null ? order.subtotal_cents : order.total_cents; %>
+  <% if (order.discount_cents > 0) { %>
+    <dl class="cart-summary__dl">
+      <dt>Товары</dt>
+      <dd><%= formatPrice(subtotal) %></dd>
+      <dt>Скидка</dt>
+      <dd class="cart-summary__discount">−<%= formatPrice(order.discount_cents) %></dd>
+    </dl>
+  <% } %>
+  <% if (order.loyalty_points_earned > 0) { %>
+    <p class="muted">Начислено баллов лояльности: +<%= order.loyalty_points_earned %></p>
+  <% } %>
+  <p class="checkout-total">К оплате: <strong><%= formatPrice(order.total_cents) %></strong></p>
 </div>

 <p><a href="/orders" class="link-back">← Все заказы</a></p>
@@ -0,0 +1,16 @@
+<%
+  const nav = typeof adminNav !== 'undefined' ? adminNav : '';
+  function navClass(id) {
+    return 'admin-nav__link' + (nav === id ? ' admin-nav__link--active' : '');
+  }
+%>
+<nav class="admin-nav">
+  <a href="/admin" class="<%= navClass('dashboard') %>">Обзор</a>
+  <a href="/admin/orders" class="<%= navClass('orders') %>">Заказы</a>
+  <a href="/admin/users" class="<%= navClass('users') %>">Пользователи</a>
+  <a href="/admin/products" class="<%= navClass('products') %>">Товары</a>
+  <a href="/admin/promo-codes" class="<%= navClass('promo') %>">Промокоды</a>
+  <a href="/admin/reservations" class="<%= navClass('reservations') %>">Бронирования</a>
+  <a href="/admin/system" class="<%= navClass('system') %>">Обновление</a>
+  <a href="/" class="admin-nav__link">В магазин</a>
+</nav>
@@ -0,0 +1,29 @@
+<%
+  const sz = typeof iconSize !== 'undefined' ? iconSize : 20;
+  const cls = 'icon' + (typeof iconClass !== 'undefined' ? ' ' + iconClass : '');
+%>
+<% if (name === 'cart') { %>
+<svg class="<%= cls %>" width="<%= sz %>" height="<%= sz %>" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><circle cx="9" cy="21" r="1"/><circle cx="20" cy="21" r="1"/><path d="M1 1h4l2.68 13.39a2 2 0 0 0 2 1.61h9.72a2 2 0 0 0 2-1.61L23 6H6"/></svg>
+<% } else if (name === 'search') { %>
+<svg class="<%= cls %>" width="<%= sz %>" height="<%= sz %>" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><circle cx="11" cy="11" r="8"/><path d="m21 21-4.3-4.3"/></svg>
+<% } else if (name === 'tag') { %>
+<svg class="<%= cls %>" width="<%= sz %>" height="<%= sz %>" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="M20.59 13.41l-7.17 7.17a2 2 0 0 1-2.83 0L2 12V2h10l8.59 8.59a2 2 0 0 1 0 2.82z"/><line x1="7" y1="7" x2="7.01" y2="7"/></svg>
+<% } else if (name === 'user') { %>
+<svg class="<%= cls %>" width="<%= sz %>" height="<%= sz %>" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2"/><circle cx="12" cy="7" r="4"/></svg>
+<% } else if (name === 'shield') { %>
+<svg class="<%= cls %>" width="<%= sz %>" height="<%= sz %>" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/></svg>
+<% } else if (name === 'plus') { %>
+<svg class="<%= cls %>" width="<%= sz %>" height="<%= sz %>" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="M12 5v14M5 12h14"/></svg>
+<% } else if (name === 'trash') { %>
+<svg class="<%= cls %>" width="<%= sz %>" height="<%= sz %>" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="M3 6h18M19 6v14a2 2 0 0 1-2 2H7a2 2 0 0 1-2-2V6m3 0V4a2 2 0 0 1 2-2h4a2 2 0 0 1 2 2v2"/></svg>
+<% } else if (name === 'clock') { %>
+<svg class="<%= cls %>" width="<%= sz %>" height="<%= sz %>" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><circle cx="12" cy="12" r="10"/><polyline points="12 6 12 12 16 14"/></svg>
+<% } else if (name === 'arrow-left') { %>
+<svg class="<%= cls %>" width="<%= sz %>" height="<%= sz %>" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="m12 19-7-7 7-7M19 12H5"/></svg>
+<% } else if (name === 'refresh') { %>
+<svg class="<%= cls %>" width="<%= sz %>" height="<%= sz %>" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="M21 12a9 9 0 1 1-2.64-6.36"/><path d="M21 3v6h-6"/></svg>
+<% } else if (name === 'download') { %>
+<svg class="<%= cls %>" width="<%= sz %>" height="<%= sz %>" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4"/><polyline points="7 10 12 15 17 10"/><line x1="12" y1="15" x2="12" y2="3"/></svg>
+<% } else if (name === 'package') { %>
+<svg class="<%= cls %>" width="<%= sz %>" height="<%= sz %>" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="M16.5 9.4 7.55 4.24M21 16V8a2 2 0 0 0-1-1.73l-7-4a2 2 0 0 0-2 0l-7 4A2 2 0 0 0 3 8v8a2 2 0 0 0 1 1.73l7 4a2 2 0 0 0 2 0l7-4A2 2 0 0 0 21 16z"/><polyline points="3.27 6.96 12 12.01 20.73 6.96"/><line x1="12" y1="22.08" x2="12" y2="12"/></svg>
+<% } %>
@@ -12,26 +12,40 @@
 <body>
  <header class="header">
    <div class="container header__inner">
-      <a href="/" class="logo">Shop</a>
+      <a href="/" class="logo">
+        <%- include('icon', { name: 'package', iconSize: 22, iconClass: 'logo__icon' }) %>
+        Shop
+      </a>
      <form class="search" action="/" method="get">
+        <span class="search__icon" aria-hidden="true"><%- include('icon', { name: 'search', iconSize: 18 }) %></span>
        <input type="search" name="q" placeholder="Поиск товаров…" value="<%= typeof searchQuery !== 'undefined' ? searchQuery : '' %>" aria-label="Поиск">
-        <button type="submit" class="btn btn--ghost">Найти</button>
+        <button type="submit" class="btn btn--ghost btn--icon-text">Найти</button>
      </form>
      <nav class="nav">
-        <a href="/cart" class="nav__link nav__cart">
-          Корзина
+        <a href="/cart" class="nav__link nav__cart nav__link--icon">
+          <%- include('icon', { name: 'cart', iconSize: 18 }) %>
+          <span>Корзина</span>
          <% if (cartCount > 0) { %><span class="badge"><%= cartCount %></span><% } %>
        </a>
        <% if (user) { %>
          <% if (typeof isAdmin !== 'undefined' && isAdmin) { %>
-            <a href="/admin" class="nav__link nav__admin">Админ</a>
+            <a href="/admin" class="nav__link nav__link--icon nav__admin">
+              <%- include('icon', { name: 'shield', iconSize: 18 }) %>
+              <span>Админ</span>
+            </a>
          <% } %>
-          <a href="/account" class="nav__link"><%= user.name %></a>
+          <a href="/account" class="nav__link nav__link--icon">
+            <%- include('icon', { name: 'user', iconSize: 18 }) %>
+            <span><%= user.name %></span>
+          </a>
          <form action="/logout" method="post" class="inline-form">
            <button type="submit" class="btn btn--ghost btn--sm">Выйти</button>
          </form>
        <% } else if (cookieConsent) { %>
-          <a href="/login" class="nav__link">Вход</a>
+          <a href="/login" class="nav__link nav__link--icon">
+            <%- include('icon', { name: 'user', iconSize: 18 }) %>
+            <span>Вход</span>
+          </a>
          <a href="/register" class="btn btn--primary btn--sm">Регистрация</a>
        <% } else { %>
          <span class="nav__link nav__link--disabled" title="Примите cookies">Вход</span>
@@ -0,0 +1,33 @@
+<%
+  const onSale = typeof forceOnSale !== 'undefined'
+    ? forceOnSale
+    : (typeof isSaleActive === 'function' && isSaleActive(product));
+  const eff = typeof forceEffective !== 'undefined'
+    ? forceEffective
+    : (typeof effectivePrice === 'function' ? effectivePrice(product) : product.price_cents);
+  const oldCents = product.price_cents;
+  const pct = onSale && typeof salePercent === 'function'
+    ? salePercent(product)
+    : (onSale && oldCents ? Math.round(((oldCents - eff) / oldCents) * 100) : 0);
+  const sizeMod = typeof priceSize !== 'undefined' ? ' price-block--' + priceSize : '';
+%>
+<div class="price-block<%= sizeMod %><%= onSale ? ' price-block--sale' : '' %>" role="group" aria-label="<%= onSale ? 'Цена со скидкой' : 'Цена' %>">
+  <% if (onSale) { %>
+    <div class="price-block__meta">
+      <span class="price-block__tag">
+        <%- include('icon', { name: 'tag', iconSize: 12 }) %>
+        Акция
+      </span>
+      <span class="price-block__badge">−<%= pct %>%</span>
+    </div>
+    <div class="price-block__prices">
+      <span class="price-block__old" aria-label="Старая цена"><%= formatPrice(oldCents) %></span>
+      <span class="price-block__current" aria-label="Цена со скидкой"><%= formatPrice(eff) %></span>
+    </div>
+    <% if (typeof showSavings !== 'undefined' && showSavings) { %>
+      <span class="price-block__savings">Экономия <%= formatPrice(oldCents - eff) %></span>
+    <% } %>
+  <% } else { %>
+    <span class="price-block__current price-block__current--solo"><%= formatPrice(oldCents) %></span>
+  <% } %>
+</div>
@@ -13,7 +13,15 @@
      <a href="/?category=<%= product.category_slug %>" class="card__category"><%= product.category_name %></a>
    <% } %>
    <h1><%= product.name %></h1>
-    <p class="product-detail__price"><%= formatPrice(product.price_cents) %></p>
+    <div class="product-detail__price">
+      <%- include('partials/product-price', { product, priceSize: 'lg', showSavings: true }) %>
+      <% if (isSaleActive(product) && product.sale_ends_at) { %>
+        <p class="promo-countdown promo-countdown--product" data-expires="<%= product.sale_ends_at %>">
+          <%- include('partials/icon', { name: 'clock', iconSize: 16 }) %>
+          <span>Акция заканчивается: <strong class="promo-countdown__timer">—</strong></span>
+        </p>
+      <% } %>
+    </div>
    <p class="product-detail__desc"><%= product.description %></p>
    <p class="product-detail__stock">В наличии: <strong><%= product.stock %></strong> шт.</p>

@@ -36,7 +44,10 @@
          <input type="number" name="quantity" value="1" min="1" max="<%= product.stock %>" class="input input--qty">
        </label>
        <input type="hidden" name="redirect" value="/cart">
-        <button type="submit" class="btn btn--primary btn--lg">Добавить в корзину</button>
+        <button type="submit" class="btn btn--primary btn--lg">
+          <%- include('partials/icon', { name: 'cart', iconSize: 20 }) %>
+          Добавить в корзину
+        </button>
      </form>

      <% if (user && !userReservation) { %>
@@ -80,8 +91,15 @@
        </section>
      <% } %>
    <% } %>
-    <a href="/" class="link-back">← Назад в каталог</a>
+    <a href="/" class="link-back">
+      <%- include('partials/icon', { name: 'arrow-left', iconSize: 16 }) %>
+      Назад в каталог
+    </a>
  </div>
 </article>

+<% if (isSaleActive(product) && product.sale_ends_at) { %>
+<script src="/js/promo-countdown.js"></script>
+<% } %>
+
 <%- include('partials/layout-end') %>
@@ -1,6 +1,6 @@
 # Shop — документация

-Интернет-магазин на **Node.js** и **PostgreSQL 17**.
+Интернет-магазин на **Node.js** и **PostgreSQL 17**. Текущий релиз: **v1.0.0** (см. [CHANGELOG](../CHANGELOG.md), [RELEASE-1.0](../docs/RELEASE-1.0.md)).

 ## Способы установки

@@ -25,6 +25,14 @@

 Админ-панель доступна только этому аккаунту.

+## Установщик
+
+Интерактивно: админ, PostgreSQL, Docker или Ubuntu:
+
+```bash
+bash scripts/install.sh
+```
+
 ## Быстрый старт

 ### Docker
@@ -17,6 +17,26 @@ test -f "$SHOP_ROOT/package.json" && echo OK || echo "Неверный SHOP_ROOT

 ---

+## Интерактивный установщик (рекомендуется)
+
+```bash
+cd "$SHOP_ROOT"
+bash scripts/install.sh
+```
+
+Скрипт спросит:
+
+1. **Docker** или **Ubuntu без Docker**
+2. Email, имя и пароль **администратора**
+3. Пользователь, пароль и имя базы **PostgreSQL**
+4. **URL сайта**, секрет сессий (можно сгенерировать)
+5. Опционально **SMTP**
+6. Для Docker — порт и включить ли **Caddy**
+
+Создаётся файл `.env`, затем запускается `docker compose` или `systemd`.
+
+---
+
 ## Первая установка (Ubuntu, без Docker)

 ```bash
@@ -73,7 +93,8 @@ bash scripts/server-update.sh

 | Скрипт | Назначение |
 |--------|------------|
-| `quick-deploy-ubuntu.sh` | Первая установка / полный цикл |
+| `install.sh` | **Интерактивная установка** (Docker или Ubuntu) |
+| `quick-deploy-ubuntu.sh` | Первая установка / полный цикл (без вопросов) |
 | `server-update.sh` | `git pull`, `npm install`, перезапуск shop |
 | `git-sync.sh` | Исправить detached HEAD, синхронизация с `main` |
 | `install-postgresql-ubuntu.sh` | PostgreSQL 17 через PGDG |
Author	SHA1	Message	Date
shop	af2901152d	release: v1.0.0 — changelog и документация после v0.20 Co-authored-by: Cursor <cursoragent@cursor.com>	2026-05-17 14:28:32 +03:00
shop	69dfd2a93a	feat: обновление с Git из админки (/admin/system) Co-authored-by: Cursor <cursoragent@cursor.com>	2026-05-17 14:26:11 +03:00
shop	d4dd1fb587	fix: пути include иконок в EJS (Internal Server Error) Co-authored-by: Cursor <cursoragent@cursor.com>	2026-05-17 14:17:59 +03:00
shop	0c2cee410f	ui: иконки и наглядное отображение цен со скидкой SVG-иконки в шапке и кнопках, зачёркнутая старая цена и акцент на цене со скидкой в каталоге, корзине и на карточке товара. Co-authored-by: Cursor <cursoragent@cursor.com>	2026-05-17 14:14:38 +03:00
shop	9b688b2af4	feat: скидки на товары и редактирование промокодов в админке Цена со скидкой и срок акции на товаре; отображение в каталоге и корзине. Улучшенный UI промокодов с редактированием. Co-authored-by: Cursor <cursoragent@cursor.com>	2026-05-17 14:08:03 +03:00
shop	db4bc9bfe1	feat: интерактивный установщик install.sh (Docker / Ubuntu, админ, БД) Co-authored-by: Cursor <cursoragent@cursor.com>	2026-05-17 13:57:54 +03:00