npm - nodebb-plugin-niki-loyalty - Versions diffs - 1.0.25 → 1.0.26 - Mend

nodebb-plugin-niki-loyalty 1.0.25 → 1.0.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/library.js +183 -506
package/package.json +1 -1
package/static/lib/client.js +104 -448
package/templates/niki-wallet.tpl +29 -164

package/library.js CHANGED Viewed

@@ -3,537 +3,214 @@
 const db = require.main.require('./src/database');
 const user = require.main.require('./src/user');
 const routeHelpers = require.main.require('./src/controllers/helpers');
-const nconf = require.main.require('nconf');
 const Plugin = {};
-// =========================
-// AYARLAR
-// =========================
+// --- AYARLAR: ÖDÜL SEVİYELERİ ---
+const REWARDS = [
+    { cost: 250, name: "Ücretsiz Kahve ☕" },       // En büyük ödül en üstte olmalı
+    { cost: 180, name: "%60 İndirimli Kahve" },
+    { cost: 120, name: "%30 İndirimli Kahve" },
+    { cost: 60,  name: "1 Kurabiye 🍪" }
+];
 const SETTINGS = {
-  pointsPerHeartbeat: 5,
-  dailyCap: 250,
-  barMax: 250,
-  rewards: [
-    { id: 'cookie', at: 60,  title: 'Ücretsiz Kurabiye', type: 'free_item', meta: { item: 'cookie' } },
-    { id: 'c35',    at: 120, title: '%35 İndirimli Kahve', type: 'discount',  meta: { product: 'coffee', percent: 35 } },
-    { id: 'c60',    at: 180, title: '%60 İndirimli Kahve', type: 'discount',  meta: { product: 'coffee', percent: 60 } },
-    { id: 'coffee', at: 250, title: 'Ücretsiz Kahve', type: 'free_item', meta: { item: 'coffee' } },
-  ],
-  couponTTLSeconds: 10 * 60, // 10 dk
+    pointsPerHeartbeat: 5,
+    dailyCap: 250
 };
-// ✅ TEST: sınırsız kullanım (puan kontrolünü kapatmak için true)
-const TEST_MODE_UNLIMITED = false;
-// =========================
-// JSON SAFE HELPERS
-// =========================
-function safeParseMaybeJson(x) {
-  if (x == null) return null;
-  if (typeof x === 'object') return x;
-  if (typeof x === 'string') {
+// --- LOG FONKSİYONLARI ---
+async function addUserLog(uid, type, amount, desc) {
     try {
-      return JSON.parse(x);
-    } catch (e) {
-      return null;
-    }
-  }
-  return null;
-}
-function safeStringify(obj) {
-  try {
-    return JSON.stringify(obj);
-  } catch (e) {
-    return null;
-  }
+        const logEntry = { ts: Date.now(), type: type, amt: amount, txt: desc };
+        await db.listAppend(`niki:activity:${uid}`, logEntry);
+        await db.listTrim(`niki:activity:${uid}`, -50, -1);
+    } catch (e) { console.error("UserLog Error:", e); }
 }
-function makeProfileUrl(userslug) {
-  const rp = nconf.get('relative_path') || '';
-  if (!userslug) return '';
-  return `${rp}/user/${userslug}`;
-}
-function makeToken() {
-  return Math.random().toString(36).substring(2) + Date.now().toString(36);
-}
-function getTodayKey() {
-  return new Date().toISOString().slice(0, 10).replace(/-/g, '');
-}
-function findRewardById(id) {
-  return SETTINGS.rewards.find(r => r.id === id) || null;
-}
-async function isStaff(uid) {
-  const [isAdmin, isMod] = await Promise.all([
-    user.isAdministrator(uid),
-    user.isGlobalModerator(uid),
-  ]);
-  return isAdmin || isMod;
-}
-// =========================
-// LOG FONKSİYONLARI
-// =========================
-async function addUserLog(uid, type, amount, desc, extra) {
-  const logEntry = {
-    ts: Date.now(),
-    type, // 'earn' | 'spend'
-    amt: amount,
-    txt: desc,
-    ...(extra ? { extra } : {}),
-  };
-  const payload = safeStringify(logEntry);
-  if (!payload) return;
-  await db.listAppend(`niki:activity:${uid}`, payload);
-  await db.listTrim(`niki:activity:${uid}`, -50, -1);
-}
-async function addKasaLog(staffUid, customerName, customerUid, amount, rewardId, rewardTitle) {
-  const logEntry = {
-    ts: Date.now(),
-    staff: staffUid,
-    cust: customerName,
-    cuid: customerUid,
-    amt: amount,
-    rewardId: rewardId || '',
-    rewardTitle: rewardTitle || '',
-  };
-  const payload = safeStringify(logEntry);
-  if (!payload) return;
-  await db.listAppend('niki:kasa:history', payload);
-  await db.listTrim('niki:kasa:history', -100, -1);
+async function addKasaLog(staffUid, customerName, customerUid, rewardName, amount) {
+    try {
+        const logEntry = {
+            ts: Date.now(),
+            staff: staffUid,
+            cust: customerName,
+            cuid: customerUid,
+            amt: amount,
+            reward: rewardName // Ödülün adını da kaydedelim
+        };
+        await db.listAppend('niki:kasa:history', logEntry);
+        await db.listTrim('niki:kasa:history', -100, -1);
+    } catch (e) { console.error("KasaLog Error:", e); }
 }
-// =========================
-// INIT
-// =========================
 Plugin.init = async function (params) {
-  const router = params.router;
-  const middleware = params.middleware;
-  // -------------------------
-  // 1) HEARTBEAT (puan kazanma)
-  // -------------------------
-  router.post('/api/niki-loyalty/heartbeat', middleware.ensureLoggedIn, async (req, res) => {
-    try {
-      const uid = req.uid;
-      const today = getTodayKey();
-      const dailyKey = `niki:daily:${uid}:${today}`;
-      const currentDailyScore = parseInt((await db.getObjectField(dailyKey, 'score')) || 0, 10);
-      if (!TEST_MODE_UNLIMITED && currentDailyScore >= SETTINGS.dailyCap) {
-        return res.json({ earned: false, reason: 'daily_cap' });
-      }
-      await user.incrementUserFieldBy(uid, 'niki_points', SETTINGS.pointsPerHeartbeat);
-      await db.incrObjectFieldBy(dailyKey, 'score', SETTINGS.pointsPerHeartbeat);
-      const newBalance = parseInt((await user.getUserField(uid, 'niki_points')) || 0, 10);
-      await addUserLog(uid, 'earn', SETTINGS.pointsPerHeartbeat, 'Aktiflik Puanı ⚡');
-      return res.json({ earned: true, points: SETTINGS.pointsPerHeartbeat, total: newBalance });
-    } catch (err) {
-      return res.status(500).json({ earned: false, reason: 'server_error' });
-    }
-  });
-  // -------------------------
-  // 2) WALLET DATA (cüzdan + geçmiş + rewards)
-  // -------------------------
-  router.get('/api/niki-loyalty/wallet-data', middleware.ensureLoggedIn, async (req, res) => {
-    try {
-      const uid = req.uid;
-      const today = getTodayKey();
-      const [userData, dailyData, historyRaw] = await Promise.all([
-        user.getUserFields(uid, ['niki_points']),
-        db.getObject(`niki:daily:${uid}:${today}`),
-        db.getListRange(`niki:activity:${uid}`, 0, -1),
-      ]);
-      const currentPoints = parseInt(userData?.niki_points || 0, 10);
-      const dailyScore = parseInt(dailyData?.score || 0, 10);
-      let dailyPercent = (dailyScore / SETTINGS.dailyCap) * 100;
-      if (dailyPercent > 100) dailyPercent = 100;
-      const barPercent = Math.min(100, (currentPoints / SETTINGS.barMax) * 100);
-      const history = (historyRaw || [])
-        .map(safeParseMaybeJson)
-        .filter(Boolean)
-        .reverse();
-      const rewards = SETTINGS.rewards.map(r => ({
-        id: r.id,
-        at: r.at,
-        title: r.title,
-        type: r.type,
-        meta: r.meta,
-        unlocked: currentPoints >= r.at,
-      }));
-      return res.json({
-        points: currentPoints,
-        dailyScore,
-        dailyCap: SETTINGS.dailyCap,
-        dailyPercent,
-        barMax: SETTINGS.barMax,
-        barPercent,
-        rewards,
-        history,
-      });
-    } catch (err) {
-      return res.status(500).json({
-        points: 0,
-        dailyScore: 0,
-        dailyCap: SETTINGS.dailyCap,
-        dailyPercent: 0,
-        barMax: SETTINGS.barMax,
-        barPercent: 0,
-        rewards: SETTINGS.rewards.map(r => ({ id: r.id, at: r.at, title: r.title, type: r.type, meta: r.meta, unlocked: false })),
-        history: [],
-      });
-    }
-  });
-  // -------------------------
-  // 3) CLAIM REWARD (Seçenek B: claim = puan düşer + kupon token üretir)
-  //    Client bu endpoint'i çağıracak.
-  // -------------------------
-  router.post('/api/niki-loyalty/claim', middleware.ensureLoggedIn, async (req, res) => {
-  try {
-    const uid = req.uid;
-    const rewardId = (req.body && req.body.rewardId) ? String(req.body.rewardId) : '';
-    const reward = findRewardById(rewardId);
-    if (!reward) return res.json({ success: false, message: 'Geçersiz ödül' });
-    const points = parseInt((await user.getUserField(uid, 'niki_points')) || 0, 10);
-    if (!TEST_MODE_UNLIMITED && points < reward.at) {
-      return res.json({ success: false, message: 'Yetersiz puan' });
-    }
-    // ✅ Aynı ödülden aktif kupon varsa tekrar üretme (spam engeli)
-    const reserveKey = `niki:reserve:${uid}:${reward.id}`;
-    const existingToken = await db.get(reserveKey);
-    if (existingToken) {
-      return res.json({
-        success: true,
-        token: existingToken,
-        reward: { id: reward.id, at: reward.at, title: reward.title, type: reward.type, meta: reward.meta },
-        message: 'Zaten aktif bir kuponun var. Kasada okutabilirsin.',
-      });
-    }
-    // ✅ token oluştur
-    const token = makeToken();
-    const couponKey = `niki:coupon:${token}`;
-    const couponPayload = safeStringify({
-      token,
-      ts: Date.now(),
-      rewardId: reward.id,
-      cost: reward.at,              // ✅ puan düşülecek tutar
-      title: reward.title,
-      type: reward.type,
-      meta: reward.meta,
-      ownerUid: uid,
+    const router = params.router;
+    const middleware = params.middleware;
+    // 1. HEARTBEAT (Puan Kazanma)
+    router.post('/api/niki-loyalty/heartbeat', middleware.ensureLoggedIn, async (req, res) => {
+        try {
+            const uid = req.uid;
+            const today = new Date().toISOString().slice(0, 10).replace(/-/g, '');
+            const dailyKey = `niki:daily:${uid}:${today}`;
+            const currentDailyScore = await db.getObjectField(dailyKey, 'score') || 0;
+            if (parseInt(currentDailyScore) >= SETTINGS.dailyCap) {
+                return res.json({ earned: false, reason: 'daily_cap' });
+            }
+            await user.incrementUserFieldBy(uid, 'niki_points', SETTINGS.pointsPerHeartbeat);
+            await db.incrObjectFieldBy(dailyKey, 'score', SETTINGS.pointsPerHeartbeat);
+            const newBalance = await user.getUserField(uid, 'niki_points');
+            return res.json({ earned: true, points: SETTINGS.pointsPerHeartbeat, total: newBalance });
+        } catch (e) { return res.json({ earned: false }); }
     });
-    await db.set(couponKey, couponPayload);
-    await db.expire(couponKey, SETTINGS.couponTTLSeconds);
-    // ✅ rezervasyonu da tut
-    await db.set(reserveKey, token);
-    await db.expire(reserveKey, SETTINGS.couponTTLSeconds);
-    // user log (claim logu - puan düşmeden)
-    await addUserLog(uid, 'spend', 0, `Kupon oluşturuldu: ${reward.title}`, { rewardId: reward.id, token });
-    return res.json({
-      success: true,
-      token,
-      reward: { id: reward.id, at: reward.at, title: reward.title, type: reward.type, meta: reward.meta },
-      message: 'Kupon hazır! Kasada okutunca puanın düşer.',
+    // 2. WALLET DATA
+    router.get('/api/niki-loyalty/wallet-data', middleware.ensureLoggedIn, async (req, res) => {
+        try {
+            const uid = req.uid;
+            const today = new Date().toISOString().slice(0, 10).replace(/-/g, '');
+            const [userData, dailyData, rawHistory] = await Promise.all([
+                user.getUserFields(uid, ['niki_points']),
+                db.getObject(`niki:daily:${uid}:${today}`),
+                db.getListRange(`niki:activity:${uid}`, 0, -1)
+            ]);
+            const history = (rawHistory || []).map(item => {
+                if (typeof item === 'string') { try { return JSON.parse(item); } catch { return null; } }
+                return item;
+            }).filter(item => item !== null).reverse();
+            const currentPoints = parseInt(userData.niki_points) || 0;
+            const dailyScore = parseInt(dailyData ? dailyData.score : 0) || 0;
+            // Yüzdeyi en büyük hedefe (250) göre hesapla
+            let dailyPercent = (dailyScore / SETTINGS.dailyCap) * 100;
+            if (dailyPercent > 100) dailyPercent = 100;
+            res.json({
+                points: currentPoints,
+                dailyScore: dailyScore,
+                dailyCap: SETTINGS.dailyCap,
+                dailyPercent: dailyPercent,
+                history: history,
+                rewards: REWARDS // Frontend'e ödül listesini gönder
+            });
+        } catch (e) {
+            res.json({ points: 0, dailyScore: 0, dailyCap: 250, dailyPercent: 0, history: [] });
+        }
     });
-  } catch (err) {
-    return res.status(500).json({ success: false, message: 'Sunucu hatası' });
-  }
-});
+    // 3. KASA GEÇMİŞİ
+    router.get('/api/niki-loyalty/kasa-history', middleware.ensureLoggedIn, async (req, res) => {
+        try {
+            const isAdmin = await user.isAdministrator(req.uid);
+            const isMod = await user.isGlobalModerator(req.uid);
+            if (!isAdmin && !isMod) return res.status(403).json([]);
+            const rawHistory = await db.getListRange('niki:kasa:history', 0, -1);
+            const enrichedHistory = await Promise.all((rawHistory || []).reverse().map(async (item) => {
+                try {
+                    if (typeof item === 'string') { try { item = JSON.parse(item); } catch (e) { return null; } }
+                    if (!item || !item.cuid) return null;
+                    const uData = await user.getUserFields(item.cuid, ['picture']);
+                    item.picture = uData ? uData.picture : null;
+                    return item;
+                } catch (err) { return null; }
+            }));
+            res.json(enrichedHistory.filter(i => i !== null));
+        } catch (e) { res.json([]); }
+    });
-  // -------------------------
-  // 4) KASA HISTORY (admin/mod)
-  // -------------------------
-  router.get('/api/niki-loyalty/kasa-history', middleware.ensureLoggedIn, async (req, res) => {
-    try {
-      const staffOk = await isStaff(req.uid);
-      if (!staffOk) return res.status(403).json([]);
-      const raw = await db.getListRange('niki:kasa:history', 0, -1);
-      const rows = (raw || [])
-        .map((x) => {
-          if (!x) return null;
-          if (typeof x === 'object') return x;
-          if (typeof x === 'string') {
-            try { return JSON.parse(x); } catch (e) { return null; }
-          }
-          return null;
-        })
-        .filter(Boolean)
-        .reverse();
-      const uids = rows
-        .map(r => parseInt(r.cuid, 10))
-        .filter(n => Number.isFinite(n) && n > 0);
-      const users = await user.getUsersFields(uids, [
-        'uid', 'username', 'userslug', 'picture', 'icon:bgColor',
-      ]);
-      const userMap = {};
-      (users || []).forEach(u => { userMap[u.uid] = u; });
-      const rp = nconf.get('relative_path') || '';
-      const enriched = rows.map(r => {
-        const uid = parseInt(r.cuid, 10);
-        const u = userMap[uid];
-        if (!u) return r;
-        return {
-          ...r,
-          cust: u.username || r.cust || 'Bilinmeyen',
-          userslug: u.userslug || r.userslug || '',
-          picture: u.picture || r.picture || '',
-          iconBg: u['icon:bgColor'] || r.iconBg || '#4b5563',
-          profileUrl: (u.userslug ? `${rp}/user/${u.userslug}` : ''),
-        };
-      });
-      return res.json(enriched);
-    } catch (err) {
-      return res.status(500).json([]);
-    }
-  });
-  // -------------------------
-  // 5) KASA: COUPON SCAN (admin/mod)  ✅ yeni akış
-  //    Claim ile üretilen token kasada okutulur.
-  // -------------------------
-router.post('/api/niki-loyalty/scan-coupon', middleware.ensureLoggedIn, async (req, res) => {
-  try {
-    const token = (req.body && req.body.token) ? String(req.body.token) : '';
-    const staffOk = await isStaff(req.uid);
-    if (!staffOk) return res.status(403).json({ success: false, message: 'Yetkisiz' });
-    const raw = await db.get(`niki:coupon:${token}`);
-    if (!raw) return res.json({ success: false, message: 'Geçersiz / Süresi dolmuş kupon' });
-    const coupon = safeParseMaybeJson(raw);
-    if (!coupon || !coupon.ownerUid || !coupon.rewardId) {
-      await db.delete(`niki:coupon:${token}`);
-      return res.json({ success: false, message: 'Kupon bozuk' });
-    }
-    const customerUid = parseInt(coupon.ownerUid, 10);
-    const cost = parseInt(coupon.cost || 0, 10);
-    // ✅ puan yeter mi? (scan anında kontrol)
-    const pts = parseInt((await user.getUserField(customerUid, 'niki_points')) || 0, 10);
-    if (!TEST_MODE_UNLIMITED && pts < cost) {
-      return res.json({ success: false, message: 'Yetersiz bakiye (puan değişmiş olabilir)' });
-    }
-    // ✅ puan düş (asıl düşüş burada)
-    if (!TEST_MODE_UNLIMITED && cost > 0) {
-      await user.decrementUserFieldBy(customerUid, 'niki_points', cost);
-    }
-    // ✅ tek kullanımlık: kuponu sil
-    await db.delete(`niki:coupon:${token}`);
-    // ✅ rezervasyonu da sil
-    await db.delete(`niki:reserve:${customerUid}:${coupon.rewardId}`);
-    const customerData = await user.getUserFields(customerUid, ['username', 'picture', 'userslug']);
-    // user log (gerçek spend burada)
-    await addUserLog(customerUid, 'spend', cost, `Kullanıldı: ${coupon.title}`, { rewardId: coupon.rewardId });
-    // kasa log
-    await addKasaLog(req.uid, customerData?.username || 'Bilinmeyen', customerUid, cost, coupon.rewardId, coupon.title);
-    return res.json({
-      success: true,
-      customer: customerData,
-      coupon: {
-        rewardId: coupon.rewardId,
-        title: coupon.title,
-        type: coupon.type,
-        meta: coupon.meta,
-        cost,
-      },
-      message: 'Kupon onaylandı!',
+    // 4. QR OLUŞTUR (En düşük ödül seviyesi kadar puanı var mı?)
+    router.post('/api/niki-loyalty/generate-qr', middleware.ensureLoggedIn, async (req, res) => {
+        try {
+            const uid = req.uid;
+            const points = parseInt(await user.getUserField(uid, 'niki_points')) || 0;
+            // En ucuz ödül (60 puan) kadar bile puanı yoksa izin verme
+            const minCost = REWARDS[REWARDS.length - 1].cost;
+            if (points < minCost) return res.json({ success: false, message: `En az ${minCost} puan gerekli.` });
+            const token = Math.random().toString(36).substring(2) + Date.now().toString(36);
+            await db.set(`niki:qr:${token}`, uid);
+            await db.expire(`niki:qr:${token}`, 120);
+            return res.json({ success: true, token: token });
+        } catch (e) { return res.json({ success: false, message: "Hata" }); }
     });
-  } catch (err) {
-    return res.status(500).json({ success: false, message: 'Sunucu hatası' });
-  }
-});
-  // -------------------------
-  // 6) (ESKİ) QR OLUŞTUR / OKUT — opsiyonel uyumluluk
-  //    İstersen tamamen kaldırırız. Şimdilik 250 "Ücretsiz Kahve" gibi düşünebilirsin.
-  // -------------------------
-  router.post('/api/niki-loyalty/generate-qr', middleware.ensureLoggedIn, async (req, res) => {
-    try {
-      const uid = req.uid;
-      const points = parseInt((await user.getUserField(uid, 'niki_points')) || 0, 10);
-      if (!TEST_MODE_UNLIMITED && points < SETTINGS.coffeeCost) {
-        return res.json({ success: false, message: 'Yetersiz Puan' });
-      }
-      const token = makeToken();
-      await db.set(`niki:qr:${token}`, uid);
-      await db.expire(`niki:qr:${token}`, 120);
-      return res.json({ success: true, token });
-    } catch (err) {
-      return res.status(500).json({ success: false, message: 'Sunucu hatası' });
-    }
-  });
-const TIERS = [60, 120, 180, 250];
-function pickTier(points) {
-  // en büyük uygun tier
-  let chosen = 0;
-  for (const t of TIERS) if (points >= t) chosen = t;
-  return chosen; // 0 ise yetersiz
-}
-router.post('/api/niki-loyalty/claim-auto', middleware.ensureLoggedIn, async (req, res) => {
-  try {
-    const uid = req.uid;
-    const points = parseInt((await user.getUserField(uid, 'niki_points')) || 0, 10);
-    if (TEST_MODE_UNLIMITED) {
-      // testte 250 gibi davran
-      const token = makeToken();
-      await db.set(`niki:coupon:${token}`, safeStringify({ token, ts: Date.now(), ownerUid: uid, cost: 250 }));
-      await db.expire(`niki:coupon:${token}`, 120);
-      return res.json({ success: true, token, cost: 250 });
-    }
-    const cost = pickTier(points);
-    if (!cost) return res.json({ success: false, message: 'En az 60 puan gerekli.' });
-    const token = makeToken();
-    await db.set(`niki:coupon:${token}`, safeStringify({
-      token,
-      ts: Date.now(),
-      ownerUid: uid,
-      cost, // ✅ kasada düşülecek miktar
-    }));
-    await db.expire(`niki:coupon:${token}`, 120); // ✅ 2 dk
-    return res.json({ success: true, token, cost });
-  } catch (e) {
-    return res.status(500).json({ success: false, message: 'Sunucu hatası' });
-  }
-});
-  router.post('/api/niki-loyalty/scan-qr', middleware.ensureLoggedIn, async (req, res) => {
-    try {
-      const token = (req.body && req.body.token) ? String(req.body.token) : '';
-      const staffOk = await isStaff(req.uid);
-      if (!staffOk) return res.status(403).json({ success: false, message: 'Yetkisiz' });
-      const customerUid = await db.get(`niki:qr:${token}`);
-      if (!customerUid) return res.json({ success: false, message: 'Geçersiz Kod' });
-      const pts = parseInt((await user.getUserField(customerUid, 'niki_points')) || 0, 10);
-      if (!TEST_MODE_UNLIMITED && pts < SETTINGS.coffeeCost) {
-        return res.json({ success: false, message: 'Yetersiz Bakiye' });
-      }
-      if (!TEST_MODE_UNLIMITED) {
-        await user.decrementUserFieldBy(customerUid, 'niki_points', SETTINGS.coffeeCost);
-      }
-      await db.delete(`niki:qr:${token}`);
-      const customerData = await user.getUserFields(customerUid, ['username', 'picture', 'userslug']);
-      await addUserLog(customerUid, 'spend', SETTINGS.coffeeCost, 'Kahve Keyfi ☕');
-      await addKasaLog(req.uid, customerData?.username || 'Bilinmeyen', customerUid, SETTINGS.coffeeCost, 'coffee', 'Ücretsiz Kahve (QR)');
-      return res.json({
-        success: true,
-        customer: customerData,
-        message: 'Onaylandı!',
-      });
-    } catch (err) {
-      return res.status(500).json({ success: false, message: 'Sunucu hatası' });
-    }
-  });
-  // -------------------------
-  // 7) SAYFA ROTASI (kasa sayfası)
-  // -------------------------
-  routeHelpers.setupPageRoute(router, '/niki-kasa', middleware, [], async (req, res) => {
-    const staffOk = await isStaff(req.uid);
-    if (!staffOk) return res.render('403', {});
-    return res.render('niki-kasa', { title: 'Niki Kasa' });
-  });
-};
+    // 5. QR OKUT (OTOMATİK ÖDÜL SEÇİMİ)
+    router.post('/api/niki-loyalty/scan-qr', middleware.ensureLoggedIn, async (req, res) => {
+        try {
+            const { token } = req.body;
+            const isAdmin = await user.isAdministrator(req.uid);
+            const isMod = await user.isGlobalModerator(req.uid);
+            if (!isAdmin && !isMod) return res.status(403).json({ success: false, message: 'Yetkisiz' });
+            const customerUid = await db.get(`niki:qr:${token}`);
+            if (!customerUid) return res.json({ success: false, message: 'Geçersiz Kod' });
+            const pts = parseInt(await user.getUserField(customerUid, 'niki_points')) || 0;
+            // --- HANGİ ÖDÜLÜ ALABİLİR? ---
+            let selectedReward = null;
+            // Ödülleri pahalıdan ucuza tara, ilk yeteni seç
+            for (const reward of REWARDS) {
+                if (pts >= reward.cost) {
+                    selectedReward = reward;
+                    break; // En büyüğü bulduk, döngüden çık
+                }
+            }
+            if (!selectedReward) {
+                return res.json({ success: false, message: 'Puan Yetersiz (Min: 60)' });
+            }
+            // İŞLEM
+            await user.decrementUserFieldBy(customerUid, 'niki_points', selectedReward.cost);
+            await db.delete(`niki:qr:${token}`);
+            // LOGLAR
+            const customerData = await user.getUserFields(customerUid, ['username', 'picture']);
+            await addUserLog(customerUid, 'spend', selectedReward.cost, selectedReward.name);
+            await addKasaLog(req.uid, customerData.username, customerUid, selectedReward.name, selectedReward.cost);
+            // Frontend'e hangi ödülün verildiğini söyle
+            return res.json({
+                success: true,
+                customer: customerData,
+                rewardName: selectedReward.name,
+                cost: selectedReward.cost
+            });
+        } catch (e) {
+            return res.json({ success: false, message: "İşlem Hatası" });
+        }
+    });
-// -------------------------
-// ✅ plugin.json'da action:topic.get -> checkTopicVisit vardı.
-// Method yoksa NodeBB şikayet eder. Şimdilik NO-OP koydum.
-// Sonra istersen gerçekten "topic view" ile puan ekleriz.
-// -------------------------
-Plugin.checkTopicVisit = async function () {
-  return;
+    routeHelpers.setupPageRoute(router, '/niki-kasa', middleware, [], async (req, res) => {
+        const isAdmin = await user.isAdministrator(req.uid);
+        const isMod = await user.isGlobalModerator(req.uid);
+        if (!isAdmin && !isMod) return res.render('403', {});
+        res.render('niki-kasa', { title: 'Niki Kasa' });
+    });
 };
-// client.js inject
 Plugin.addScripts = async function (scripts) {
-  scripts.push('plugins/nodebb-plugin-niki-loyalty/static/lib/client.js');
-  return scripts;
+    scripts.push('plugins/nodebb-plugin-niki-loyalty/static/lib/client.js');
+    return scripts;
 };
-// navigation
 Plugin.addNavigation = async function (nav) {
-  nav.push({
-    route: '/niki-wallet',
-    title: 'Niki Cüzdan',
-    enabled: true,
-    iconClass: 'fa-coffee',
-    text: 'Niki Cüzdan',
-  });
-  return nav;
+    nav.push({ route: "/niki-wallet", title: "Niki Cüzdan", enabled: true, iconClass: "fa-coffee", text: "Niki Cüzdan" });
+    return nav;
 };
-module.exports = Plugin;
+module.exports = Plugin;