From 01bd9f8968b99a818dd0d16acdcc61f7a8355bed Mon Sep 17 00:00:00 2001
From: Kirill <mpak8501@yandex.ru>
Date: Wed, 20 May 2026 10:26:45 +0500
Subject: [PATCH 01/19] docs: yandex+vk oauth design spec

---
 .../2026-05-20-yandex-vk-oauth-design.md      | 92 +++++++++++++++++++
 1 file changed, 92 insertions(+)
 create mode 100644 docs/superpowers/specs/2026-05-20-yandex-vk-oauth-design.md

diff --git a/docs/superpowers/specs/2026-05-20-yandex-vk-oauth-design.md b/docs/superpowers/specs/2026-05-20-yandex-vk-oauth-design.md
new file mode 100644
index 0000000..5217e5a
--- /dev/null
+++ b/docs/superpowers/specs/2026-05-20-yandex-vk-oauth-design.md
@@ -0,0 +1,92 @@
+# Yandex ID + VK ID OAuth — Design
+
+## Цель
+
+Подключить авторизацию через Яндекс ID и VK ID на клиенте (серверная часть OAuth уже реализована). Добавить поля профиля: имя, фамилия, пол, аватар. Админ продолжает входить только через email/код.
+
+## Объём
+
+### База данных
+
+- Переименовать `User.name` → `User.displayName`
+- Добавить поля: `firstName String?`, `lastName String?`, `gender String?`, `avatar String?`
+- Сбросить БД (`prisma migrate reset --force`), прода нет
+
+### Сервер
+
+1. **`server/prisma/schema.prisma`** — обновить модель User
+2. **`server/src/routes/oauth-social.js`** — обновить `findOrCreateUserFromOAuth()`:
+   - Яндекс: сохранять `firstName`, `lastName`, `gender` (`sex`), `avatar` (`https://avatars.yandex.net/get-yapic/{default_avatar_id}/islands-200`), `displayName` ← `real_name` или `display_name`
+   - VK: сохранять `firstName` (`first_name`), `lastName` (`last_name`), `gender` (`sex`: 1→female, 2→male), `avatar` (`photo_200`), `displayName` ← `first_name + ' ' + last_name`
+   - Gender: если провайдер не вернул — оставлять `null`
+3. **`server/src/routes/auth.js`** — обновить `mapUserForClient()`: добавить новые поля в ответ `/api/me`; переименовать `name` → `displayName`
+4. **`server/src/**/*.js`** — найти и заменить все использования `user.name` на `user.displayName`
+5. **`server/.env.example`** — документировать redirect URI для Яндекс и VK
+
+### Клиент
+
+1. **`client/src/shared/model/auth.ts`** — обновить тип `AuthUser`, добавить `displayName`, `firstName`, `lastName`, `gender`, `avatar`; убрать `name`
+2. **`client/src/features/auth-oauth/`** — новая FSD-фича:
+   - `lib/oauth-providers.ts` — конфигурация: `{ id, label, icon, color }` для yandex и vk
+   - `ui/OAuthButtons.tsx` — компонент с двумя кнопками (Stack + Button variant="outlined"), каждая редиректит на `/api/auth/oauth/{provider}`
+   - `index.ts` — barrel экспорт
+3. **`client/src/pages/auth/ui/AuthPage.tsx`** — добавить `<OAuthButtons />` после формы email-кода, разделив Divider'ом с текстом «или»
+4. **`client/src/**/*.tsx`** — найти и заменить все использования `user.name` → `user.displayName`
+
+### ENV
+
+Переменные в `server/.env` (из примера):
+
+```
+SERVER_PUBLIC_URL=http://127.0.0.1:3333
+CLIENT_PUBLIC_URL=http://127.0.0.1:5173
+YANDEX_CLIENT_ID=<значение>
+YANDEX_CLIENT_SECRET=<значение>
+VK_CLIENT_ID=<значение>
+VK_CLIENT_SECRET=<значение>
+```
+
+Redirect URI для настройки в кабинетах провайдеров:
+- Яндекс (локально): `http://127.0.0.1:3333/api/auth/oauth/yandex/callback`
+- VK (локально): `http://127.0.0.1:3333/api/auth/oauth/vk/callback`
+- Яндекс (прод): `https://любимыйкреатив.рф/api/auth/oauth/yandex/callback`
+- VK (прод): `https://любимыйкреатив.рф/api/auth/oauth/vk/callback`
+
+## Структура фичи `features/auth-oauth/`
+
+```
+features/auth-oauth/
+  index.ts              — barrel: export { OAuthButtons }
+  ui/
+    OAuthButtons.tsx    — Stack из 2 кнопок (Яндекс, VK)
+  lib/
+    oauth-providers.ts  — массив провайдеров: { id, label, icon, color }
+```
+
+## Data flow (OAuth)
+
+```
+Клиент: кнопка «Войти через Яндекс/VK»
+  → редирект на /api/auth/oauth/{yandex|vk}
+Сервер: формирует state JWT, редиректит на Яндекс/VK
+  → пользователь авторизуется у провайдера
+  → провайдер редиректит на /api/auth/oauth/{yandex|vk}/callback
+Сервер: обменивает code на токен → получает профиль → findOrCreateUserFromOAuth()
+  → генерирует JWT → редиректит на {CLIENT_PUBLIC_URL}/auth/callback?token=<jwt>
+Клиент: AuthCallbackPage читает token → сохраняет в localStorage → редирект на /
+```
+
+## Не входит в scope
+
+- Отображение аватара в хедере/UserMenu (будет отдельно)
+- Страница профиля с новыми полями (будет отдельно)
+- OAuth для админа (админ только email/код)
+
+## Примечания
+
+- `gender` — nullable, если провайдер не вернул пол
+- VK: `sex: 1` = female, `sex: 2` = male → нормализуем в `female` / `male`
+- Яндекс: avatar — конструируем URL из `default_avatar_id`, поле `is_avatar_empty` подскажет, загружен ли аватар
+- Яндекс scopes: `login:email login:info`
+- VK scopes: `email`
+- OAuth state — JWT с `expiresIn: 15m`

From d931545a2e1f1ee91d58fe5424e46ba41fc32d46 Mon Sep 17 00:00:00 2001
From: Kirill <mpak8501@yandex.ru>
Date: Wed, 20 May 2026 10:35:43 +0500
Subject: [PATCH 02/19] docs: yandex+vk oauth implementation plan

---
 .../plans/2026-05-20-yandex-vk-oauth.md       | 886 ++++++++++++++++++
 1 file changed, 886 insertions(+)
 create mode 100644 docs/superpowers/plans/2026-05-20-yandex-vk-oauth.md

diff --git a/docs/superpowers/plans/2026-05-20-yandex-vk-oauth.md b/docs/superpowers/plans/2026-05-20-yandex-vk-oauth.md
new file mode 100644
index 0000000..1cbcd6f
--- /dev/null
+++ b/docs/superpowers/plans/2026-05-20-yandex-vk-oauth.md
@@ -0,0 +1,886 @@
+# Yandex ID + VK ID OAuth — Implementation Plan
+
+> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking.
+
+**Goal:** Add Yandex and VK OAuth login buttons to the client, enrich user profiles with firstName/lastName/gender/avatar from OAuth providers, and rename `name` → `displayName` across the project.
+
+**Architecture:** Server OAuth flow already exists (`oauth-social.js`). We update the User model (rename `name`→`displayName`, add 4 fields), enrich `findOrCreateUserFromOAuth()` to save profile data, then add an FSD feature `features/auth-oauth/` with Yandex/VK login buttons on the AuthPage.
+
+**Tech Stack:** Prisma (SQLite), Fastify, React + MUI + Effector + TypeScript
+
+---
+
+### Task 1: Update Prisma User model
+
+**Files:**
+- Modify: `server/prisma/schema.prisma:80`
+
+- [ ] **Step 1: Rename `name` → `displayName` and add new fields**
+
+```diff
+ model User {
+   id           String   @id @default(cuid())
+   email        String   @unique
+-  name         String?
++  displayName  String?
++  firstName    String?
++  lastName     String?
++  gender       String?
++  avatar       String?
+   phone        String?
+   passwordHash String?
+   createdAt    DateTime @default(now())
+   updatedAt    DateTime @updatedAt
+
+   codes AuthCode[]
+   addresses ShippingAddress[]
+   cartItems CartItem[]
+   orders Order[]
+   reviews Review[]
+   orderMessageReadStates UserOrderMessageReadState[]
+   oauthAccounts OAuthAccount[]
+   notificationPreference NotificationPreference?
+   notificationLogs NotificationLog[]
+ }
+```
+
+- [ ] **Step 2: Reset DB to apply schema change**
+
+```bash
+cd server && npm run db:reset:test
+```
+
+Expected: "Your database has been reset" or similar. Migration runs and seed applies.
+
+- [ ] **Step 3: Commit**
+
+```bash
+git add server/prisma/schema.prisma
+git commit -m "feat: rename User.name→displayName, add firstName/lastName/gender/avatar"
+```
+
+---
+
+### Task 2: Update server `mapUserForClient` and profile handler in auth.js
+
+**Files:**
+- Modify: `server/src/routes/auth.js:5-15`
+- Modify: `server/src/routes/auth.js:116-138`
+
+- [ ] **Step 1: Update `mapUserForClient` to use `displayName` and add new fields**
+
+Replace lines 5-15 with:
+
+```js
+function mapUserForClient(user) {
+  const adminEmail = normalizeEmail(process.env.ADMIN_EMAIL)
+  const userEmail = normalizeEmail(user.email)
+  return {
+    id: user.id,
+    email: user.email,
+    displayName: user.displayName,
+    firstName: user.firstName,
+    lastName: user.lastName,
+    gender: user.gender,
+    avatar: user.avatar,
+    phone: user.phone,
+    isAdmin: Boolean(adminEmail) && userEmail === adminEmail,
+  }
+}
+```
+
+- [ ] **Step 2: Update `PATCH /api/me/profile` to use `displayName`**
+
+Replace lines 114-138 with:
+
+```js
+  fastify.patch('/api/me/profile', { preHandler: [fastify.authenticate] }, async (request, reply) => {
+    const userId = request.user.sub
+    const nameRaw = request.body?.displayName
+    const displayName = nameRaw === null || nameRaw === undefined ? null : String(nameRaw).trim()
+    const phoneRaw = request.body?.phone
+    const phone = phoneRaw === null || phoneRaw === undefined ? null : String(phoneRaw).trim()
+
+    if (displayName !== null && displayName.length > 40) return reply.code(400).send({ error: 'Имя/ник максимум 40 символов' })
+    if (phone !== null) {
+      const compact = phone.replace(/[\s()-]/g, '')
+      if (compact.length > 20) return reply.code(400).send({ error: 'Телефон слишком длинный' })
+      if (compact.length && !/^\+?\d{7,20}$/.test(compact)) {
+        return reply.code(400).send({ error: 'Некорректный телефон' })
+      }
+    }
+
+    const updated = await prisma.user.update({
+      where: { id: userId },
+      data: {
+        displayName: displayName && displayName.length ? displayName : null,
+        phone: phone && phone.length ? phone : null,
+      },
+    })
+    return { user: mapUserForClient(updated) }
+  })
+```
+
+- [ ] **Step 3: Commit**
+
+```bash
+git add server/src/routes/auth.js
+git commit -m "feat: use displayName in mapUserForClient and profile update"
+```
+
+---
+
+### Task 3: Update admin-users.js — rename `name` → `displayName`
+
+**Files:**
+- Modify: `server/src/routes/api/admin-users.js`
+
+- [ ] **Step 1: Replace all `name` → `displayName` throughout**
+
+Replace line 24 (`OR` clause):
+```
+          OR: [{ email: { contains: q } }, { displayName: { contains: q } }],
+```
+
+Replace line 35 (select):
+```
+        displayName: true,
+```
+
+Replace line 46 (map):
+```
+      displayName: u.displayName,
+```
+
+Replace lines 63-64 (create — body field and validation):
+```
+    const nameRaw = body.displayName
+    const displayName = nameRaw === null || nameRaw === undefined ? null : String(nameRaw).trim()
+    if (displayName !== null && displayName.length > 40) {
+```
+
+Replace line 79 (create data):
+```
+        displayName: displayName && displayName.length ? displayName : null,
+```
+
+Replace line 86 (create response):
+```
+      displayName: user.displayName,
+```
+
+Replace lines 120-127 (update):
+```
+    if (body.displayName !== undefined) {
+      const nameRaw = body.displayName
+      const name = nameRaw === null || nameRaw === undefined ? null : String(nameRaw).trim()
+      if (name !== null && name.length > 40) {
+        reply.code(400).send({ error: 'Имя/ник максимум 40 символов' })
+        return
+      }
+      data.displayName = name && name.length ? name : null
+    }
+```
+
+Replace line 134 (update response):
+```
+      displayName: user.displayName,
+```
+
+- [ ] **Step 2: Commit**
+
+```bash
+git add server/src/routes/api/admin-users.js
+git commit -m "refactor: rename name→displayName in admin-users"
+```
+
+---
+
+### Task 4: Update admin-reviews.js and review-display.js — rename `name` → `displayName`
+
+**Files:**
+- Modify: `server/src/routes/api/admin-reviews.js:59`
+- Modify: `server/src/lib/review-display.js:4`
+
+- [ ] **Step 1: Update admin-reviews.js line 59**
+
+Replace:
+```
+      userName: existing.user?.name || existing.user?.email || '',
+```
+With:
+```
+      userName: existing.user?.displayName || existing.user?.email || '',
+```
+
+- [ ] **Step 2: Update review-display.js line 4**
+
+Replace:
+```
+  const name = typeof user.name === 'string' ? user.name.trim() : ''
+```
+With:
+```
+  const name = typeof user.displayName === 'string' ? user.displayName.trim() : ''
+```
+
+- [ ] **Step 3: Commit**
+
+```bash
+git add server/src/routes/api/admin-reviews.js server/src/lib/review-display.js
+git commit -m "refactor: rename name→displayName in review files"
+```
+
+---
+
+### Task 5: Enrich VK OAuth — save firstName, lastName, gender, avatar
+
+**Files:**
+- Modify: `server/src/routes/oauth-social.js:119-152`
+
+- [ ] **Step 1: Update VK to fetch `photo_200` instead of `photo_50`, extract sex, and save all new fields**
+
+Replace lines 119-152 with:
+
+```js
+    let firstName = null
+    let lastName = null
+    let gender = null
+    let avatar = null
+    try {
+      if (accessTokenVk && vkUserId) {
+        const u = new URL('https://api.vk.com/method/users.get')
+        u.searchParams.set('access_token', accessTokenVk)
+        u.searchParams.set('users_ids', String(vkUserId))
+        u.searchParams.set('fields', 'photo_200,sex')
+        u.searchParams.set('v', '5.199')
+        const profRes = await fetch(u.toString())
+        const prof = await profRes.json()
+        const u0 = prof?.response?.[0]
+        if (u0) {
+          firstName = u0.first_name ?? null
+          lastName = u0.last_name ?? null
+          avatar = u0.photo_200 ?? null
+          if (u0.sex === 1) gender = 'female'
+          else if (u0.sex === 2) gender = 'male'
+        }
+      }
+    } catch {
+      // ignore profile extras
+    }
+
+    const user = await findOrCreateUserFromOAuth({
+      provider: 'vk',
+      providerUserId: String(vkUserId),
+      accessToken: accessTokenVk ?? null,
+      suggestedEmail: emailSuggestion,
+    })
+
+    const displayName = [firstName, lastName].filter(Boolean).join(' ').trim()
+    const updateData = {}
+    if (displayName && !user.displayName) updateData.displayName = displayName
+    if (firstName) updateData.firstName = firstName
+    if (lastName) updateData.lastName = lastName
+    if (gender) updateData.gender = gender
+    if (avatar) updateData.avatar = avatar
+    if (Object.keys(updateData).length > 0) {
+      await prisma.user.update({ where: { id: user.id }, data: updateData })
+    }
+```
+
+- [ ] **Step 2: Commit**
+
+```bash
+git add server/src/routes/oauth-social.js
+git commit -m "feat: enrich VK OAuth with firstName/lastName/gender/avatar"
+```
+
+---
+
+### Task 6: Enrich Yandex OAuth — save firstName, lastName, gender, avatar
+
+**Files:**
+- Modify: `server/src/routes/oauth-social.js:229-243`
+
+- [ ] **Step 1: Update Yandex to extract and save all new fields**
+
+Replace lines 229-243 (from `const user = await findOrCreateUserFromOAuth(...)` to the end of the Yandex callback) with:
+
+```js
+    const user = await findOrCreateUserFromOAuth({
+      provider: 'yandex',
+      providerUserId: yaUserId,
+      accessToken: yaToken,
+      suggestedEmail: emailGuess || null,
+    })
+
+    const updateData = {}
+    const displayName = [info.first_name, info.last_name].filter(Boolean).join(' ').trim() || info.display_name || info.real_name
+    if (displayName && !user.displayName) updateData.displayName = displayName
+    if (info.first_name) updateData.firstName = info.first_name
+    if (info.last_name) updateData.lastName = info.last_name
+    if (info.sex === 'male' || info.sex === 'female') updateData.gender = info.sex
+    if (info.default_avatar_id && !info.is_avatar_empty) {
+      updateData.avatar = `https://avatars.yandex.net/get-yapic/${info.default_avatar_id}/islands-200`
+    }
+    if (Object.keys(updateData).length > 0) {
+      await prisma.user.update({ where: { id: user.id }, data: updateData })
+    }
+```
+
+- [ ] **Step 2: Commit**
+
+```bash
+git add server/src/routes/oauth-social.js
+git commit -m "feat: enrich Yandex OAuth with firstName/lastName/gender/avatar"
+```
+
+---
+
+### Task 7: Update client `AuthUser` type and `UpdateProfileParams`
+
+**Files:**
+- Modify: `client/src/shared/model/auth.ts:6`
+- Modify: `client/src/shared/model/auth.ts:61`
+
+- [ ] **Step 1: Update `AuthUser` type**
+
+Replace line 6:
+```
+export type AuthUser = { id: string; email: string; name?: string | null; phone?: string | null; isAdmin?: boolean }
+```
+With:
+```ts
+export type AuthUser = {
+  id: string
+  email: string
+  displayName?: string | null
+  firstName?: string | null
+  lastName?: string | null
+  gender?: string | null
+  avatar?: string | null
+  phone?: string | null
+  isAdmin?: boolean
+}
+```
+
+- [ ] **Step 2: Update `UpdateProfileParams`**
+
+Replace line 61:
+```
+export type UpdateProfileParams = { name: string | null; phone?: string | null }
+```
+With:
+```ts
+export type UpdateProfileParams = { displayName: string | null; phone?: string | null }
+```
+
+- [ ] **Step 3: Commit**
+
+```bash
+git add client/src/shared/model/auth.ts
+git commit -m "refactor: rename name→displayName in AuthUser type"
+```
+
+---
+
+### Task 8: Update client files — rename `name` → `displayName`
+
+**Files:**
+- Modify: `client/src/pages/auth/ui/AuthPage.tsx:15`
+- Modify: `client/src/pages/me/ui/MeLayoutPage.tsx:84`
+- Modify: `client/src/features/user/user-menu/ui/UserMenu.tsx:57`
+- Modify: `client/src/pages/me/ui/MePage.tsx:41-91`
+- Modify: `client/src/pages/me/ui/sections/SettingsPage.tsx:41-98`
+- Modify: `client/src/entities/order/api/admin-order-api.ts:40`
+- Modify: `client/src/entities/review/api/admin-review-api.ts:10`
+
+- [ ] **Step 1: Update AuthPage inline type**
+
+Replace `client/src/pages/auth/ui/AuthPage.tsx` line 15:
+```
+type AuthResponse = { token: string; user: { id: string; email: string; name?: string | null; phone?: string | null } }
+```
+With:
+```ts
+type AuthResponse = { token: string; user: { id: string; email: string; displayName?: string | null; phone?: string | null } }
+```
+
+- [ ] **Step 2: Update MeLayoutPage**
+
+Replace `client/src/pages/me/ui/MeLayoutPage.tsx` line 84:
+```
+          {user.name?.trim() || user.email}
+```
+With:
+```
+          {user.displayName?.trim() || user.email}
+```
+
+- [ ] **Step 3: Update UserMenu**
+
+Replace `client/src/features/user/user-menu/ui/UserMenu.tsx` line 57:
+```
+              <ListItemText primary={(user.name && user.name.trim()) || user.email} secondary="Профиль" />
+```
+With:
+```
+              <ListItemText primary={(user.displayName && user.displayName.trim()) || user.email} secondary="Профиль" />
+```
+
+- [ ] **Step 4: Update MePage (profile page)**
+
+Replace `client/src/pages/me/ui/MePage.tsx` — the form field name and all related code:
+
+Line 41 — form type:
+```
+  const profileForm = useForm<{ displayName: string }>({
+```
+
+Line 42 — defaultValues:
+```
+    defaultValues: { displayName: user?.displayName ? String(user.displayName) : '' },
+```
+
+Line 79-83 — TextField:
+```
+            <TextField
+              label="Имя или ник"
+              helperText="До 40 символов"
+              slotProps={{ htmlInput: { maxLength: 40 } }}
+              {...profileForm.register('displayName')}
+            />
+```
+
+Lines 88-91 — onClick:
+```
+              onClick={() => {
+                const raw = profileForm.getValues('displayName')
+                const name = raw.trim()
+                updateProfileFx({ displayName: name.length ? name : null })
+              }}
+```
+
+- [ ] **Step 5: Update SettingsPage**
+
+Replace `client/src/pages/me/ui/sections/SettingsPage.tsx` — same pattern as MePage:
+
+Line 41 — form type:
+```
+  const profileForm = useForm<{ displayName: string; phone: string }>({
+```
+
+Line 42 — defaultValues:
+```
+    defaultValues: { displayName: user?.displayName ? String(user.displayName) : '', phone: user?.phone ? String(user.phone) : '' },
+```
+
+Lines 79-83 — TextField:
+```
+            <TextField
+              label="Имя или ник"
+              helperText="До 40 символов"
+              slotProps={{ htmlInput: { maxLength: 40 } }}
+              {...profileForm.register('displayName')}
+            />
+```
+
+Lines 93-98 — onClick:
+```
+              onClick={() => {
+                const raw = profileForm.getValues('displayName')
+                const name = raw.trim()
+                const phoneRaw = profileForm.getValues('phone')
+                const phone = phoneRaw.trim()
+                updateProfileFx({ displayName: name.length ? name : null, phone: phone.length ? phone : null })
+              }}
+```
+
+- [ ] **Step 6: Update admin-order-api.ts type**
+
+Replace `client/src/entities/order/api/admin-order-api.ts` line 40:
+```
+    user: { id: string; email: string; name: string | null; phone: string | null }
+```
+With:
+```ts
+    user: { id: string; email: string; displayName: string | null; phone: string | null }
+```
+
+- [ ] **Step 7: Update admin-review-api.ts type**
+
+Replace `client/src/entities/review/api/admin-review-api.ts` line 10:
+```
+  user: { id: string; email: string; name: string | null }
+```
+With:
+```ts
+  user: { id: string; email: string; displayName: string | null }
+```
+
+- [ ] **Step 8: Run client lint to verify**
+
+```bash
+cd client && npm run lint
+```
+
+Expected: no errors (or fix any found).
+
+- [ ] **Step 9: Commit**
+
+```bash
+git add client/src/pages/auth/ui/AuthPage.tsx client/src/pages/me/ui/MeLayoutPage.tsx client/src/features/user/user-menu/ui/UserMenu.tsx client/src/pages/me/ui/MePage.tsx client/src/pages/me/ui/sections/SettingsPage.tsx client/src/entities/order/api/admin-order-api.ts client/src/entities/review/api/admin-review-api.ts
+git commit -m "refactor: rename name→displayName across client"
+```
+
+---
+
+### Task 9: Create OAuth providers config
+
+**Files:**
+- Create: `client/src/features/auth-oauth/lib/oauth-providers.ts`
+
+- [ ] **Step 1: Create the providers config**
+
+```ts
+import { oauthAuthorizeUrl } from '@/shared/lib/oauth-authorize-url'
+
+export type OAuthProvider = {
+  id: 'yandex' | 'vk'
+  label: string
+  color: string
+}
+
+export const oauthProviders: OAuthProvider[] = [
+  {
+    id: 'yandex',
+    label: 'Яндекс ID',
+    color: '#FC3F1D',
+  },
+  {
+    id: 'vk',
+    label: 'VK ID',
+    color: '#0077FF',
+  },
+]
+
+export function getOAuthUrl(provider: 'yandex' | 'vk'): string {
+  return oauthAuthorizeUrl(provider)
+}
+```
+
+- [ ] **Step 2: Commit**
+
+```bash
+git add client/src/features/auth-oauth/lib/oauth-providers.ts
+git commit -m "feat: add oauth providers config"
+```
+
+---
+
+### Task 10: Create OAuthButtons component
+
+**Files:**
+- Create: `client/src/features/auth-oauth/ui/OAuthButtons.tsx`
+
+- [ ] **Step 1: Create the OAuthButtons component**
+
+```tsx
+import Stack from '@mui/material/Stack'
+import Button from '@mui/material/Button'
+import { getOAuthUrl, oauthProviders } from '../lib/oauth-providers'
+
+export function OAuthButtons() {
+  return (
+    <Stack direction="row" spacing={1} justifyContent="center">
+      {oauthProviders.map((p) => (
+        <Button
+          key={p.id}
+          variant="outlined"
+          href={getOAuthUrl(p.id)}
+          sx={{
+            borderColor: p.color,
+            color: p.color,
+            '&:hover': {
+              borderColor: p.color,
+              bgcolor: `${p.color}14`,
+            },
+          }}
+        >
+          Войти через {p.label}
+        </Button>
+      ))}
+    </Stack>
+  )
+}
+```
+
+- [ ] **Step 2: Create barrel export**
+
+Create `client/src/features/auth-oauth/index.ts`:
+
+```ts
+export { OAuthButtons } from './ui/OAuthButtons'
+```
+
+- [ ] **Step 3: Commit**
+
+```bash
+git add client/src/features/auth-oauth/
+git commit -m "feat: add OAuthButtons component"
+```
+
+---
+
+### Task 11: Integrate OAuthButtons into AuthPage
+
+**Files:**
+- Modify: `client/src/pages/auth/ui/AuthPage.tsx`
+
+- [ ] **Step 1: Add import and component after the email-code form**
+
+Add import at top (after existing imports):
+```ts
+import { OAuthButtons } from '@/features/auth-oauth'
+```
+
+Add MUI Divider import (add to existing MUI imports):
+```
+import Divider from '@mui/material/Divider'
+```
+
+After the closing `</Stack>` on line 110, before the closing `</Box>` on line 111, add:
+
+```tsx
+        <Divider sx={{ my: 2 }}>или</Divider>
+
+        <OAuthButtons />
+```
+
+So the structure becomes:
+
+```tsx
+      <Stack spacing={2} sx={{ maxWidth: 520 }}>
+        {/* ... existing email/code form ... */}
+        <Stack direction={{ xs: 'column', sm: 'row' }} spacing={2}>
+          {/* ... buttons ... */}
+        </Stack>
+      </Stack>
+
+      <Stack sx={{ maxWidth: 520 }}>
+        <Divider sx={{ my: 2 }}>или</Divider>
+
+        <OAuthButtons />
+      </Stack>
+```
+
+- [ ] **Step 2: Run client lint**
+
+```bash
+cd client && npm run lint
+```
+
+- [ ] **Step 3: Commit**
+
+```bash
+git add client/src/pages/auth/ui/AuthPage.tsx
+git commit -m "feat: add OAuth buttons to AuthPage"
+```
+
+---
+
+### Task 12: Update server .env.example
+
+**Files:**
+- Modify: `server/.env.example:28-30`
+
+- [ ] **Step 1: Add scope documentation**
+
+Replace lines 28-30:
+```
+# Yandex OAuth: redirect URI = SERVER_PUBLIC_URL + /api/auth/oauth/yandex/callback
+YANDEX_CLIENT_ID=
+YANDEX_CLIENT_SECRET=
+```
+With:
+```env
+# Yandex OAuth: redirect URI = SERVER_PUBLIC_URL + /api/auth/oauth/yandex/callback
+# Scopes: login:email login:info
+YANDEX_CLIENT_ID=
+YANDEX_CLIENT_SECRET=
+```
+
+- [ ] **Step 2: Commit**
+
+```bash
+git add server/.env.example
+git commit -m "docs: add Yandex OAuth scopes to .env.example"
+```
+
+---
+
+### Task 13: Write server tests for OAuth profile enrichment
+
+**Files:**
+- Create: `server/src/routes/__tests__/oauth-social.test.js`
+
+- [ ] **Step 1: Create test file**
+
+```js
+import { describe, it, expect, beforeAll, afterAll } from 'vitest'
+import { prisma } from '../../lib/prisma.js'
+
+describe('OAuth — findOrCreateUserFromOAuth (indirect via DB checks)', () => {
+  it('stores displayName, firstName, lastName, gender, avatar fields on User model', async () => {
+    // Verify new fields exist on the schema by creating a user with them
+    const user = await prisma.user.create({
+      data: {
+        email: 'test-oauth@example.com',
+        displayName: 'Test User',
+        firstName: 'Test',
+        lastName: 'User',
+        gender: 'male',
+        avatar: 'https://example.com/avatar.jpg',
+      },
+    })
+
+    expect(user.displayName).toBe('Test User')
+    expect(user.firstName).toBe('Test')
+    expect(user.lastName).toBe('User')
+    expect(user.gender).toBe('male')
+    expect(user.avatar).toBe('https://example.com/avatar.jpg')
+
+    // Cleanup
+    await prisma.user.delete({ where: { id: user.id } })
+  })
+
+  it('allows nullable fields', async () => {
+    const user = await prisma.user.create({
+      data: {
+        email: 'test-oauth-null@example.com',
+      },
+    })
+
+    expect(user.displayName).toBeNull()
+    expect(user.firstName).toBeNull()
+    expect(user.lastName).toBeNull()
+    expect(user.gender).toBeNull()
+    expect(user.avatar).toBeNull()
+
+    await prisma.user.delete({ where: { id: user.id } })
+  })
+})
+```
+
+- [ ] **Step 2: Run server tests**
+
+```bash
+cd server && npm test
+```
+
+Expected: 2 passing tests.
+
+- [ ] **Step 3: Commit**
+
+```bash
+git add server/src/routes/__tests__/oauth-social.test.js
+git commit -m "test: OAuth user model fields"
+```
+
+---
+
+### Task 14: Write client test for OAuthButtons
+
+**Files:**
+- Create: `client/src/features/auth-oauth/__tests__/OAuthButtons.test.tsx`
+
+- [ ] **Step 1: Create test file**
+
+```tsx
+import { describe, it, expect } from 'vitest'
+import { render, screen } from '@testing-library/react'
+import { OAuthButtons } from '../ui/OAuthButtons'
+
+describe('OAuthButtons', () => {
+  it('renders Yandex and VK buttons', () => {
+    render(<OAuthButtons />)
+    expect(screen.getByText('Войти через Яндекс ID')).toBeDefined()
+    expect(screen.getByText('Войти через VK ID')).toBeDefined()
+  })
+
+  it('buttons have correct href', () => {
+    render(<OAuthButtons />)
+    const yaBtn = screen.getByText('Войти через Яндекс ID').closest('a')
+    const vkBtn = screen.getByText('Войти через VK ID').closest('a')
+    expect(yaBtn?.getAttribute('href')).toContain('/auth/oauth/yandex')
+    expect(vkBtn?.getAttribute('href')).toContain('/auth/oauth/vk')
+  })
+})
+```
+
+- [ ] **Step 2: Run client tests**
+
+```bash
+cd client && npm test
+```
+
+Expected: 2 passing tests.
+
+- [ ] **Step 3: Commit**
+
+```bash
+git add client/src/features/auth-oauth/__tests__/OAuthButtons.test.tsx
+git commit -m "test: OAuthButtons component"
+```
+
+---
+
+### Task 15: Final verification — full build and lint
+
+**Files:** none (verification only)
+
+- [ ] **Step 1: Run server lint**
+
+```bash
+cd server && npm run lint
+```
+
+Expected: no errors.
+
+- [ ] **Step 2: Run server tests**
+
+```bash
+cd server && npm test
+```
+
+Expected: all tests pass.
+
+- [ ] **Step 3: Run client lint + format check**
+
+```bash
+cd client && npm run lint && npm run format:check
+```
+
+Expected: no errors.
+
+- [ ] **Step 4: Run client tests**
+
+```bash
+cd client && npm test
+```
+
+Expected: all tests pass.
+
+- [ ] **Step 5: Run client build (full typecheck)**
+
+```bash
+cd client && npm run build
+```
+
+Expected: build succeeds with no TypeScript errors.
+
+- [ ] **Step 6: Final commit (if any fixups were needed)**
+
+```bash
+git add -A && git commit -m "chore: final verification fixes" || echo "No fixups needed"
+```

From 36880c298c5c0a936b636471fb09f2d9aa7451c2 Mon Sep 17 00:00:00 2001
From: Kirill <mpak8501@yandex.ru>
Date: Wed, 20 May 2026 10:39:01 +0500
Subject: [PATCH 03/19] =?UTF-8?q?feat:=20rename=20User.name=E2=86=92displa?=
 =?UTF-8?q?yName,=20add=20firstName/lastName/gender/avatar?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../migration.sql                             | 28 +++++++++++++++++++
 server/prisma/schema.prisma                   |  6 +++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 server/prisma/migrations/20260520053830_rename_user_name_to_display_name_add_fields/migration.sql

diff --git a/server/prisma/migrations/20260520053830_rename_user_name_to_display_name_add_fields/migration.sql b/server/prisma/migrations/20260520053830_rename_user_name_to_display_name_add_fields/migration.sql
new file mode 100644
index 0000000..23ac31e
--- /dev/null
+++ b/server/prisma/migrations/20260520053830_rename_user_name_to_display_name_add_fields/migration.sql
@@ -0,0 +1,28 @@
+/*
+  Warnings:
+
+  - You are about to drop the column `name` on the `User` table. All the data in the column will be lost.
+
+*/
+-- RedefineTables
+PRAGMA defer_foreign_keys=ON;
+PRAGMA foreign_keys=OFF;
+CREATE TABLE "new_User" (
+    "id" TEXT NOT NULL PRIMARY KEY,
+    "email" TEXT NOT NULL,
+    "displayName" TEXT,
+    "firstName" TEXT,
+    "lastName" TEXT,
+    "gender" TEXT,
+    "avatar" TEXT,
+    "phone" TEXT,
+    "passwordHash" TEXT,
+    "createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" DATETIME NOT NULL
+);
+INSERT INTO "new_User" ("createdAt", "email", "id", "passwordHash", "phone", "updatedAt") SELECT "createdAt", "email", "id", "passwordHash", "phone", "updatedAt" FROM "User";
+DROP TABLE "User";
+ALTER TABLE "new_User" RENAME TO "User";
+CREATE UNIQUE INDEX "User_email_key" ON "User"("email");
+PRAGMA foreign_keys=ON;
+PRAGMA defer_foreign_keys=OFF;
diff --git a/server/prisma/schema.prisma b/server/prisma/schema.prisma
index c2c6a83..5403c8c 100644
--- a/server/prisma/schema.prisma
+++ b/server/prisma/schema.prisma
@@ -77,7 +77,11 @@ model CatalogSliderSlide {
 model User {
   id           String   @id @default(cuid())
   email        String   @unique
-  name         String?
+  displayName  String?
+  firstName    String?
+  lastName     String?
+  gender       String?
+  avatar       String?
   phone        String?
   passwordHash String?
   createdAt    DateTime @default(now())

From ce49f75100cdcd689ca6180a1d9aa1007ac31a4a Mon Sep 17 00:00:00 2001
From: Kirill <mpak8501@yandex.ru>
Date: Wed, 20 May 2026 10:46:31 +0500
Subject: [PATCH 04/19] feat: use displayName in mapUserForClient and profile
 update

---
 server/src/routes/auth.js | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/server/src/routes/auth.js b/server/src/routes/auth.js
index 74b18d5..db286d7 100644
--- a/server/src/routes/auth.js
+++ b/server/src/routes/auth.js
@@ -8,7 +8,11 @@ function mapUserForClient(user) {
   return {
     id: user.id,
     email: user.email,
-    name: user.name,
+    displayName: user.displayName,
+    firstName: user.firstName,
+    lastName: user.lastName,
+    gender: user.gender,
+    avatar: user.avatar,
     phone: user.phone,
     isAdmin: Boolean(adminEmail) && userEmail === adminEmail,
   }
@@ -113,12 +117,12 @@ export async function registerAuthRoutes(fastify) {
 
   fastify.patch('/api/me/profile', { preHandler: [fastify.authenticate] }, async (request, reply) => {
     const userId = request.user.sub
-    const nameRaw = request.body?.name
-    const name = nameRaw === null || nameRaw === undefined ? null : String(nameRaw).trim()
+    const nameRaw = request.body?.displayName
+    const displayName = nameRaw === null || nameRaw === undefined ? null : String(nameRaw).trim()
     const phoneRaw = request.body?.phone
     const phone = phoneRaw === null || phoneRaw === undefined ? null : String(phoneRaw).trim()
 
-    if (name !== null && name.length > 40) return reply.code(400).send({ error: 'Имя/ник максимум 40 символов' })
+    if (displayName !== null && displayName.length > 40) return reply.code(400).send({ error: 'Имя/ник максимум 40 символов' })
     if (phone !== null) {
       const compact = phone.replace(/[\s()-]/g, '')
       if (compact.length > 20) return reply.code(400).send({ error: 'Телефон слишком длинный' })
@@ -130,7 +134,7 @@ export async function registerAuthRoutes(fastify) {
     const updated = await prisma.user.update({
       where: { id: userId },
       data: {
-        name: name && name.length ? name : null,
+        displayName: displayName && displayName.length ? displayName : null,
         phone: phone && phone.length ? phone : null,
       },
     })

From cc7e46b4476bd8d08caf8e44e8ffa51c98ff6364 Mon Sep 17 00:00:00 2001
From: Kirill <mpak8501@yandex.ru>
Date: Wed, 20 May 2026 10:50:38 +0500
Subject: [PATCH 05/19] =?UTF-8?q?refactor:=20rename=20name=E2=86=92display?=
 =?UTF-8?q?Name=20in=20admin-users?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/src/routes/api/admin-users.js | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/server/src/routes/api/admin-users.js b/server/src/routes/api/admin-users.js
index 38f50c0..f6b3f6d 100644
--- a/server/src/routes/api/admin-users.js
+++ b/server/src/routes/api/admin-users.js
@@ -21,7 +21,7 @@ export async function registerAdminUserRoutes(fastify) {
 
     const where = q
       ? {
-          OR: [{ email: { contains: q } }, { name: { contains: q } }],
+          OR: [{ email: { contains: q } }, { displayName: { contains: q } }],
         }
       : undefined
 
@@ -32,7 +32,7 @@ export async function registerAdminUserRoutes(fastify) {
       select: {
         id: true,
         email: true,
-        name: true,
+        displayName: true,
         createdAt: true,
         updatedAt: true,
       },
@@ -43,7 +43,7 @@ export async function registerAdminUserRoutes(fastify) {
     const items = users.map((u) => ({
       id: u.id,
       email: u.email,
-      name: u.name,
+      displayName: u.displayName,
       createdAt: u.createdAt,
       updatedAt: u.updatedAt,
     }))
@@ -60,9 +60,9 @@ export async function registerAdminUserRoutes(fastify) {
       return
     }
 
-    const nameRaw = body.name
-    const name = nameRaw === null || nameRaw === undefined ? null : String(nameRaw).trim()
-    if (name !== null && name.length > 40) {
+    const nameRaw = body.displayName
+    const displayName = nameRaw === null || nameRaw === undefined ? null : String(nameRaw).trim()
+    if (displayName !== null && displayName.length > 40) {
       reply.code(400).send({ error: 'Имя/ник максимум 40 символов' })
       return
     }
@@ -76,14 +76,14 @@ export async function registerAdminUserRoutes(fastify) {
     const user = await prisma.user.create({
       data: {
         email,
-        name: name && name.length ? name : null,
+        displayName: displayName && displayName.length ? displayName : null,
       },
     })
 
     reply.code(201).send({
       id: user.id,
       email: user.email,
-      name: user.name,
+      displayName: user.displayName,
       createdAt: user.createdAt,
       updatedAt: user.updatedAt,
     })
@@ -117,21 +117,21 @@ export async function registerAdminUserRoutes(fastify) {
       }
     }
 
-    if (body.name !== undefined) {
-      const nameRaw = body.name
+    if (body.displayName !== undefined) {
+      const nameRaw = body.displayName
       const name = nameRaw === null || nameRaw === undefined ? null : String(nameRaw).trim()
       if (name !== null && name.length > 40) {
         reply.code(400).send({ error: 'Имя/ник максимум 40 символов' })
         return
       }
-      data.name = name && name.length ? name : null
+      data.displayName = name && name.length ? name : null
     }
 
     const user = await prisma.user.update({ where: { id }, data })
     return {
       id: user.id,
       email: user.email,
-      name: user.name,
+      displayName: user.displayName,
       createdAt: user.createdAt,
       updatedAt: user.updatedAt,
     }

From 32a4406cb8c7dd20e69ad174c01a50481cded393 Mon Sep 17 00:00:00 2001
From: Kirill <mpak8501@yandex.ru>
Date: Wed, 20 May 2026 10:51:48 +0500
Subject: [PATCH 06/19] =?UTF-8?q?refactor:=20rename=20name=E2=86=92display?=
 =?UTF-8?q?Name=20in=20review=20files?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/src/lib/review-display.js       | 2 +-
 server/src/routes/api/admin-reviews.js | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/src/lib/review-display.js b/server/src/lib/review-display.js
index 25e059e..ddcc05c 100644
--- a/server/src/lib/review-display.js
+++ b/server/src/lib/review-display.js
@@ -1,7 +1,7 @@
 /** Публичное отображение автора отзыва (без «голого» email). */
 export function publicReviewAuthorDisplay(user) {
   if (!user || typeof user !== 'object') return 'Покупатель'
-  const name = typeof user.name === 'string' ? user.name.trim() : ''
+  const name = typeof user.displayName === 'string' ? user.displayName.trim() : ''
   if (name) return name
   const email = typeof user.email === 'string' ? user.email.trim() : ''
   const at = email.indexOf('@')
diff --git a/server/src/routes/api/admin-reviews.js b/server/src/routes/api/admin-reviews.js
index aedbe98..f6f6e24 100644
--- a/server/src/routes/api/admin-reviews.js
+++ b/server/src/routes/api/admin-reviews.js
@@ -56,7 +56,7 @@ export async function registerAdminReviewRoutes(fastify) {
       rating: updated.rating,
       text: updated.text || '',
       productTitle: existing.product?.title || '',
-      userName: existing.user?.name || existing.user?.email || '',
+      userName: existing.user?.displayName || existing.user?.email || '',
       reviewId: updated.id,
     })
 

From d2d2f721cdfd740f526c737e09467b458aa5bd54 Mon Sep 17 00:00:00 2001
From: Kirill <mpak8501@yandex.ru>
Date: Wed, 20 May 2026 10:53:58 +0500
Subject: [PATCH 07/19] feat: enrich VK OAuth with
 firstName/lastName/gender/avatar

---
 server/src/routes/oauth-social.js | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/server/src/routes/oauth-social.js b/server/src/routes/oauth-social.js
index 2f85a59..82dfb57 100644
--- a/server/src/routes/oauth-social.js
+++ b/server/src/routes/oauth-social.js
@@ -118,12 +118,14 @@ export async function registerOAuthSocialRoutes(fastify) {
 
     let firstName = null
     let lastName = null
+    let gender = null
+    let avatar = null
     try {
       if (accessTokenVk && vkUserId) {
         const u = new URL('https://api.vk.com/method/users.get')
         u.searchParams.set('access_token', accessTokenVk)
         u.searchParams.set('users_ids', String(vkUserId))
-        u.searchParams.set('fields', 'photo_50')
+        u.searchParams.set('fields', 'photo_200,sex')
         u.searchParams.set('v', '5.199')
         const profRes = await fetch(u.toString())
         const prof = await profRes.json()
@@ -131,6 +133,9 @@ export async function registerOAuthSocialRoutes(fastify) {
         if (u0) {
           firstName = u0.first_name ?? null
           lastName = u0.last_name ?? null
+          avatar = u0.photo_200 ?? null
+          if (u0.sex === 1) gender = 'female'
+          else if (u0.sex === 2) gender = 'male'
         }
       }
     } catch {
@@ -144,11 +149,15 @@ export async function registerOAuthSocialRoutes(fastify) {
       suggestedEmail: emailSuggestion,
     })
 
-    if (firstName || lastName) {
-      const name = [firstName, lastName].filter(Boolean).join(' ').trim()
-      if (name && !user.name) {
-        await prisma.user.update({ where: { id: user.id }, data: { name } })
-      }
+    const displayName = [firstName, lastName].filter(Boolean).join(' ').trim()
+    const updateData = {}
+    if (displayName && !user.displayName) updateData.displayName = displayName
+    if (firstName) updateData.firstName = firstName
+    if (lastName) updateData.lastName = lastName
+    if (gender) updateData.gender = gender
+    if (avatar) updateData.avatar = avatar
+    if (Object.keys(updateData).length > 0) {
+      await prisma.user.update({ where: { id: user.id }, data: updateData })
     }
 
     const token = await issueUserJwt(fastify, user.id, user.email)

From 6fde248dc5f9b0adc7ddd7a96b21c4e2f6680b00 Mon Sep 17 00:00:00 2001
From: Kirill <mpak8501@yandex.ru>
Date: Wed, 20 May 2026 10:55:37 +0500
Subject: [PATCH 08/19] feat: enrich Yandex OAuth with
 firstName/lastName/gender/avatar

---
 server/src/routes/oauth-social.js | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/server/src/routes/oauth-social.js b/server/src/routes/oauth-social.js
index 82dfb57..c0f72b1 100644
--- a/server/src/routes/oauth-social.js
+++ b/server/src/routes/oauth-social.js
@@ -242,9 +242,18 @@ export async function registerOAuthSocialRoutes(fastify) {
       suggestedEmail: emailGuess || null,
     })
 
-    const dn = `${info.first_name ?? ''} ${info.last_name ?? ''}`.trim()
-    if (dn && !user.name) {
-      await prisma.user.update({ where: { id: user.id }, data: { name: dn } })
+    const updateData = {}
+    const displayName =
+      [info.first_name, info.last_name].filter(Boolean).join(' ').trim() || info.display_name || info.real_name
+    if (displayName && !user.displayName) updateData.displayName = displayName
+    if (info.first_name) updateData.firstName = info.first_name
+    if (info.last_name) updateData.lastName = info.last_name
+    if (info.sex === 'male' || info.sex === 'female') updateData.gender = info.sex
+    if (info.default_avatar_id && !info.is_avatar_empty) {
+      updateData.avatar = `https://avatars.yandex.net/get-yapic/${info.default_avatar_id}/islands-200`
+    }
+    if (Object.keys(updateData).length > 0) {
+      await prisma.user.update({ where: { id: user.id }, data: updateData })
     }
 
     const token = await issueUserJwt(fastify, user.id, user.email)

From 8d9c250eb71c2152df9ec51304cb93ed361ab507 Mon Sep 17 00:00:00 2001
From: Kirill <mpak8501@yandex.ru>
Date: Wed, 20 May 2026 10:57:11 +0500
Subject: [PATCH 09/19] =?UTF-8?q?refactor:=20rename=20name=E2=86=92display?=
 =?UTF-8?q?Name=20in=20AuthUser=20type?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 client/src/shared/model/auth.ts | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/client/src/shared/model/auth.ts b/client/src/shared/model/auth.ts
index be9b4fe..3c4540f 100644
--- a/client/src/shared/model/auth.ts
+++ b/client/src/shared/model/auth.ts
@@ -3,7 +3,17 @@ import { apiClient } from '@/shared/api/client'
 import { createErrorStore } from '@/shared/lib/create-error-store'
 import { persistToken } from '@/shared/lib/persist-token'
 
-export type AuthUser = { id: string; email: string; name?: string | null; phone?: string | null; isAdmin?: boolean }
+export type AuthUser = {
+  id: string
+  email: string
+  displayName?: string | null
+  firstName?: string | null
+  lastName?: string | null
+  gender?: string | null
+  avatar?: string | null
+  phone?: string | null
+  isAdmin?: boolean
+}
 
 export const tokenSet = createEvent<string | null>()
 export const logout = createEvent()
@@ -58,7 +68,7 @@ export const verifyEmailChangeFx = createEffect(async (params: { newEmail: strin
 
 // ----- Profile update -----
 
-export type UpdateProfileParams = { name: string | null; phone?: string | null }
+export type UpdateProfileParams = { displayName: string | null; phone?: string | null }
 
 export const updateProfileFx = createEffect(async (params: UpdateProfileParams) => {
   const { data } = await apiClient.patch<{ user: AuthUser }>('me/profile', params)

From 00b74e56d7f93aafad6ff225bffc3bce6c6eee49 Mon Sep 17 00:00:00 2001
From: Kirill <mpak8501@yandex.ru>
Date: Wed, 20 May 2026 11:00:28 +0500
Subject: [PATCH 10/19] =?UTF-8?q?refactor:=20rename=20name=E2=86=92display?=
 =?UTF-8?q?Name=20across=20client?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 client/src/entities/order/api/admin-order-api.ts   |  2 +-
 client/src/entities/review/api/admin-review-api.ts |  2 +-
 client/src/features/user/user-menu/ui/UserMenu.tsx |  2 +-
 client/src/pages/auth/ui/AuthPage.tsx              |  5 ++++-
 client/src/pages/me/ui/MeLayoutPage.tsx            |  2 +-
 client/src/pages/me/ui/MePage.tsx                  | 10 +++++-----
 client/src/pages/me/ui/sections/SettingsPage.tsx   | 13 ++++++++-----
 7 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/client/src/entities/order/api/admin-order-api.ts b/client/src/entities/order/api/admin-order-api.ts
index 2d5b2f6..43df1d6 100644
--- a/client/src/entities/order/api/admin-order-api.ts
+++ b/client/src/entities/order/api/admin-order-api.ts
@@ -37,7 +37,7 @@ export type AdminOrderDetailResponse = {
     comment: string | null
     createdAt: string
     updatedAt: string
-    user: { id: string; email: string; name: string | null; phone: string | null }
+    user: { id: string; email: string; displayName: string | null; phone: string | null }
     items: Array<{
       id: string
       productId: string
diff --git a/client/src/entities/review/api/admin-review-api.ts b/client/src/entities/review/api/admin-review-api.ts
index fdad3b6..b41c1ed 100644
--- a/client/src/entities/review/api/admin-review-api.ts
+++ b/client/src/entities/review/api/admin-review-api.ts
@@ -7,7 +7,7 @@ export type AdminReview = {
   status: string
   createdAt: string
   moderatedAt: string | null
-  user: { id: string; email: string; name: string | null }
+  user: { id: string; email: string; displayName: string | null }
   product: { id: string; title: string }
 }
 
diff --git a/client/src/features/user/user-menu/ui/UserMenu.tsx b/client/src/features/user/user-menu/ui/UserMenu.tsx
index 65607dd..ed93c19 100644
--- a/client/src/features/user/user-menu/ui/UserMenu.tsx
+++ b/client/src/features/user/user-menu/ui/UserMenu.tsx
@@ -54,7 +54,7 @@ export function UserMenu({ user, onNavigate, onLogout }: Props) {
         {user ? (
           <>
             <MenuItem onClick={() => go('/me')}>
-              <ListItemText primary={(user.name && user.name.trim()) || user.email} secondary="Профиль" />
+              <ListItemText primary={(user.displayName && user.displayName.trim()) || user.email} secondary="Профиль" />
             </MenuItem>
             <MenuItem onClick={handleLogout}>Выход</MenuItem>
           </>
diff --git a/client/src/pages/auth/ui/AuthPage.tsx b/client/src/pages/auth/ui/AuthPage.tsx
index 11687da..2ada1ab 100644
--- a/client/src/pages/auth/ui/AuthPage.tsx
+++ b/client/src/pages/auth/ui/AuthPage.tsx
@@ -12,7 +12,10 @@ import { useNavigate, useSearchParams } from 'react-router-dom'
 import { apiClient } from '@/shared/api/client'
 import { $user, tokenSet } from '@/shared/model/auth'
 
-type AuthResponse = { token: string; user: { id: string; email: string; name?: string | null; phone?: string | null } }
+type AuthResponse = {
+  token: string
+  user: { id: string; email: string; displayName?: string | null; phone?: string | null }
+}
 
 function getApiErrorMessage(err: unknown): string | null {
   if (!err || typeof err !== 'object') return null
diff --git a/client/src/pages/me/ui/MeLayoutPage.tsx b/client/src/pages/me/ui/MeLayoutPage.tsx
index 5998257..0c24ad1 100644
--- a/client/src/pages/me/ui/MeLayoutPage.tsx
+++ b/client/src/pages/me/ui/MeLayoutPage.tsx
@@ -81,7 +81,7 @@ export function MeLayoutPage() {
           Кабинет
         </Typography>
         <Typography variant="body2" color="text.secondary">
-          {user.name?.trim() || user.email}
+          {user.displayName?.trim() || user.email}
         </Typography>
       </Box>
       <Divider sx={{ my: 1 }} />
diff --git a/client/src/pages/me/ui/MePage.tsx b/client/src/pages/me/ui/MePage.tsx
index 3a40bb2..107da67 100644
--- a/client/src/pages/me/ui/MePage.tsx
+++ b/client/src/pages/me/ui/MePage.tsx
@@ -38,8 +38,8 @@ export function MePage() {
     mode: 'onChange',
   })
 
-  const profileForm = useForm<{ name: string }>({
-    defaultValues: { name: user?.name ? String(user.name) : '' },
+  const profileForm = useForm<{ displayName: string }>({
+    defaultValues: { displayName: user?.displayName ? String(user.displayName) : '' },
     mode: 'onChange',
   })
 
@@ -80,15 +80,15 @@ export function MePage() {
               label="Имя или ник"
               helperText="До 40 символов"
               slotProps={{ htmlInput: { maxLength: 40 } }}
-              {...profileForm.register('name')}
+              {...profileForm.register('displayName')}
             />
             <Button
               variant="contained"
               disabled={pendingProfile}
               onClick={() => {
-                const raw = profileForm.getValues('name')
+                const raw = profileForm.getValues('displayName')
                 const name = raw.trim()
-                updateProfileFx({ name: name.length ? name : null })
+                updateProfileFx({ displayName: name.length ? name : null })
               }}
             >
               Сохранить имя
diff --git a/client/src/pages/me/ui/sections/SettingsPage.tsx b/client/src/pages/me/ui/sections/SettingsPage.tsx
index 003f11c..338ba1f 100644
--- a/client/src/pages/me/ui/sections/SettingsPage.tsx
+++ b/client/src/pages/me/ui/sections/SettingsPage.tsx
@@ -38,8 +38,11 @@ export function SettingsPage() {
     mode: 'onChange',
   })
 
-  const profileForm = useForm<{ name: string; phone: string }>({
-    defaultValues: { name: user?.name ? String(user.name) : '', phone: user?.phone ? String(user.phone) : '' },
+  const profileForm = useForm<{ displayName: string; phone: string }>({
+    defaultValues: {
+      displayName: user?.displayName ? String(user.displayName) : '',
+      phone: user?.phone ? String(user.phone) : '',
+    },
     mode: 'onChange',
   })
 
@@ -80,7 +83,7 @@ export function SettingsPage() {
               label="Имя или ник"
               helperText="До 40 символов"
               slotProps={{ htmlInput: { maxLength: 40 } }}
-              {...profileForm.register('name')}
+              {...profileForm.register('displayName')}
             />
             <TextField
               label="Телефон"
@@ -91,11 +94,11 @@ export function SettingsPage() {
               variant="contained"
               disabled={pendingProfile}
               onClick={() => {
-                const raw = profileForm.getValues('name')
+                const raw = profileForm.getValues('displayName')
                 const name = raw.trim()
                 const phoneRaw = profileForm.getValues('phone')
                 const phone = phoneRaw.trim()
-                updateProfileFx({ name: name.length ? name : null, phone: phone.length ? phone : null })
+                updateProfileFx({ displayName: name.length ? name : null, phone: phone.length ? phone : null })
               }}
             >
               Сохранить

From 54f5ec78c304305510e3ac3a106048aa857a13a2 Mon Sep 17 00:00:00 2001
From: Kirill <mpak8501@yandex.ru>
Date: Wed, 20 May 2026 11:02:07 +0500
Subject: [PATCH 11/19] feat: add oauth providers config

---
 .../auth-oauth/lib/oauth-providers.ts         | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 client/src/features/auth-oauth/lib/oauth-providers.ts

diff --git a/client/src/features/auth-oauth/lib/oauth-providers.ts b/client/src/features/auth-oauth/lib/oauth-providers.ts
new file mode 100644
index 0000000..2d1a510
--- /dev/null
+++ b/client/src/features/auth-oauth/lib/oauth-providers.ts
@@ -0,0 +1,24 @@
+import { oauthAuthorizeUrl } from '@/shared/lib/oauth-authorize-url'
+
+export type OAuthProvider = {
+  id: 'yandex' | 'vk'
+  label: string
+  color: string
+}
+
+export const oauthProviders: OAuthProvider[] = [
+  {
+    id: 'yandex',
+    label: 'Яндекс ID',
+    color: '#FC3F1D',
+  },
+  {
+    id: 'vk',
+    label: 'VK ID',
+    color: '#0077FF',
+  },
+]
+
+export function getOAuthUrl(provider: 'yandex' | 'vk'): string {
+  return oauthAuthorizeUrl(provider)
+}

From ec2c70e3ae22b79081ac62f4c71e41199239ae46 Mon Sep 17 00:00:00 2001
From: Kirill <mpak8501@yandex.ru>
Date: Wed, 20 May 2026 11:04:25 +0500
Subject: [PATCH 12/19] feat: add OAuthButtons component

---
 client/src/features/auth-oauth/index.ts       |  1 +
 .../features/auth-oauth/ui/OAuthButtons.tsx   | 27 +++++++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 client/src/features/auth-oauth/index.ts
 create mode 100644 client/src/features/auth-oauth/ui/OAuthButtons.tsx

diff --git a/client/src/features/auth-oauth/index.ts b/client/src/features/auth-oauth/index.ts
new file mode 100644
index 0000000..bbe2712
--- /dev/null
+++ b/client/src/features/auth-oauth/index.ts
@@ -0,0 +1 @@
+export { OAuthButtons } from './ui/OAuthButtons'
diff --git a/client/src/features/auth-oauth/ui/OAuthButtons.tsx b/client/src/features/auth-oauth/ui/OAuthButtons.tsx
new file mode 100644
index 0000000..0ba4be5
--- /dev/null
+++ b/client/src/features/auth-oauth/ui/OAuthButtons.tsx
@@ -0,0 +1,27 @@
+import Button from '@mui/material/Button'
+import Stack from '@mui/material/Stack'
+import { getOAuthUrl, oauthProviders } from '../lib/oauth-providers'
+
+export function OAuthButtons() {
+  return (
+    <Stack direction="row" spacing={1} justifyContent="center">
+      {oauthProviders.map((p) => (
+        <Button
+          key={p.id}
+          variant="outlined"
+          href={getOAuthUrl(p.id)}
+          sx={{
+            borderColor: p.color,
+            color: p.color,
+            '&:hover': {
+              borderColor: p.color,
+              bgcolor: `${p.color}14`,
+            },
+          }}
+        >
+          Войти через {p.label}
+        </Button>
+      ))}
+    </Stack>
+  )
+}

From e8f5bba9bfba8218dfab989e5a69727a03ebe317 Mon Sep 17 00:00:00 2001
From: Kirill <mpak8501@yandex.ru>
Date: Wed, 20 May 2026 11:07:18 +0500
Subject: [PATCH 13/19] feat: add OAuth buttons to AuthPage

---
 client/src/pages/auth/ui/AuthPage.tsx | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/client/src/pages/auth/ui/AuthPage.tsx b/client/src/pages/auth/ui/AuthPage.tsx
index 2ada1ab..49edb29 100644
--- a/client/src/pages/auth/ui/AuthPage.tsx
+++ b/client/src/pages/auth/ui/AuthPage.tsx
@@ -2,6 +2,7 @@ import { useEffect, useState } from 'react'
 import Alert from '@mui/material/Alert'
 import Box from '@mui/material/Box'
 import Button from '@mui/material/Button'
+import Divider from '@mui/material/Divider'
 import Stack from '@mui/material/Stack'
 import TextField from '@mui/material/TextField'
 import Typography from '@mui/material/Typography'
@@ -9,6 +10,7 @@ import { useMutation } from '@tanstack/react-query'
 import { useUnit } from 'effector-react'
 import { useForm } from 'react-hook-form'
 import { useNavigate, useSearchParams } from 'react-router-dom'
+import { OAuthButtons } from '@/features/auth-oauth'
 import { apiClient } from '@/shared/api/client'
 import { $user, tokenSet } from '@/shared/model/auth'
 
@@ -111,6 +113,12 @@ export function AuthPage() {
           </Button>
         </Stack>
       </Stack>
+
+      <Stack sx={{ maxWidth: 520 }}>
+        <Divider sx={{ my: 2 }}>или</Divider>
+
+        <OAuthButtons />
+      </Stack>
     </Box>
   )
 }

From 76d215e4dc79c07be1e34e5f5d3c45535a409517 Mon Sep 17 00:00:00 2001
From: Kirill <mpak8501@yandex.ru>
Date: Wed, 20 May 2026 11:08:18 +0500
Subject: [PATCH 14/19] docs: add Yandex OAuth scopes to .env.example

---
 server/.env.example | 1 +
 1 file changed, 1 insertion(+)

diff --git a/server/.env.example b/server/.env.example
index 81fea73..c1c4c99 100644
--- a/server/.env.example
+++ b/server/.env.example
@@ -26,6 +26,7 @@ VK_CLIENT_ID=
 VK_CLIENT_SECRET=
 
 # Yandex OAuth: redirect URI = SERVER_PUBLIC_URL + /api/auth/oauth/yandex/callback
+# Scopes: login:email login:info
 YANDEX_CLIENT_ID=
 YANDEX_CLIENT_SECRET=
 

From bf22aaf9174e253568d5c5c2f52fbc2a33a23741 Mon Sep 17 00:00:00 2001
From: Kirill <mpak8501@yandex.ru>
Date: Wed, 20 May 2026 11:10:18 +0500
Subject: [PATCH 15/19] test: OAuth user model fields

---
 .../src/routes/__tests__/oauth-social.test.js | 41 +++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 server/src/routes/__tests__/oauth-social.test.js

diff --git a/server/src/routes/__tests__/oauth-social.test.js b/server/src/routes/__tests__/oauth-social.test.js
new file mode 100644
index 0000000..9e60924
--- /dev/null
+++ b/server/src/routes/__tests__/oauth-social.test.js
@@ -0,0 +1,41 @@
+import { describe, it, expect } from 'vitest'
+import { prisma } from '../../lib/prisma.js'
+
+describe('OAuth — User model fields', () => {
+  it('stores displayName, firstName, lastName, gender, avatar fields on User model', async () => {
+    const user = await prisma.user.create({
+      data: {
+        email: 'test-oauth@example.com',
+        displayName: 'Test User',
+        firstName: 'Test',
+        lastName: 'User',
+        gender: 'male',
+        avatar: 'https://example.com/avatar.jpg',
+      },
+    })
+
+    expect(user.displayName).toBe('Test User')
+    expect(user.firstName).toBe('Test')
+    expect(user.lastName).toBe('User')
+    expect(user.gender).toBe('male')
+    expect(user.avatar).toBe('https://example.com/avatar.jpg')
+
+    await prisma.user.delete({ where: { id: user.id } })
+  })
+
+  it('allows nullable fields', async () => {
+    const user = await prisma.user.create({
+      data: {
+        email: 'test-oauth-null@example.com',
+      },
+    })
+
+    expect(user.displayName).toBeNull()
+    expect(user.firstName).toBeNull()
+    expect(user.lastName).toBeNull()
+    expect(user.gender).toBeNull()
+    expect(user.avatar).toBeNull()
+
+    await prisma.user.delete({ where: { id: user.id } })
+  })
+})

From 1873681fa6b77cf2d7cbff93a397052c49b78ef1 Mon Sep 17 00:00:00 2001
From: Kirill <mpak8501@yandex.ru>
Date: Wed, 20 May 2026 11:12:13 +0500
Subject: [PATCH 16/19] test: OAuthButtons component

---
 .../__tests__/OAuthButtons.test.tsx           | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 client/src/features/auth-oauth/__tests__/OAuthButtons.test.tsx

diff --git a/client/src/features/auth-oauth/__tests__/OAuthButtons.test.tsx b/client/src/features/auth-oauth/__tests__/OAuthButtons.test.tsx
new file mode 100644
index 0000000..3ebb11f
--- /dev/null
+++ b/client/src/features/auth-oauth/__tests__/OAuthButtons.test.tsx
@@ -0,0 +1,19 @@
+import { describe, it, expect } from 'vitest'
+import { render, screen } from '@testing-library/react'
+import { OAuthButtons } from '../ui/OAuthButtons'
+
+describe('OAuthButtons', () => {
+  it('renders Yandex and VK buttons', () => {
+    render(<OAuthButtons />)
+    expect(screen.getByText('Войти через Яндекс ID')).toBeDefined()
+    expect(screen.getByText('Войти через VK ID')).toBeDefined()
+  })
+
+  it('buttons have correct href', () => {
+    render(<OAuthButtons />)
+    const yaBtn = screen.getByText('Войти через Яндекс ID').closest('a')
+    const vkBtn = screen.getByText('Войти через VK ID').closest('a')
+    expect(yaBtn?.getAttribute('href')).toContain('/auth/oauth/yandex')
+    expect(vkBtn?.getAttribute('href')).toContain('/auth/oauth/vk')
+  })
+})

From c32d5e6afff6d1c354d6200f337021d13e8f3f7d Mon Sep 17 00:00:00 2001
From: Kirill <mpak8501@yandex.ru>
Date: Wed, 20 May 2026 11:14:36 +0500
Subject: [PATCH 17/19] fix: use sx for justifyContent in OAuthButtons, fix
 import order in test

---
 .../__tests__/OAuthButtons.test.tsx           |   2 +-
 .../features/auth-oauth/ui/OAuthButtons.tsx   |   2 +-
 server/prisma/prisma/dev.db                   | Bin 311296 -> 311296 bytes
 server/src/routes/auth.js                     |   3 ++-
 4 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/client/src/features/auth-oauth/__tests__/OAuthButtons.test.tsx b/client/src/features/auth-oauth/__tests__/OAuthButtons.test.tsx
index 3ebb11f..d095761 100644
--- a/client/src/features/auth-oauth/__tests__/OAuthButtons.test.tsx
+++ b/client/src/features/auth-oauth/__tests__/OAuthButtons.test.tsx
@@ -1,5 +1,5 @@
-import { describe, it, expect } from 'vitest'
 import { render, screen } from '@testing-library/react'
+import { describe, it, expect } from 'vitest'
 import { OAuthButtons } from '../ui/OAuthButtons'
 
 describe('OAuthButtons', () => {
diff --git a/client/src/features/auth-oauth/ui/OAuthButtons.tsx b/client/src/features/auth-oauth/ui/OAuthButtons.tsx
index 0ba4be5..18ccc53 100644
--- a/client/src/features/auth-oauth/ui/OAuthButtons.tsx
+++ b/client/src/features/auth-oauth/ui/OAuthButtons.tsx
@@ -4,7 +4,7 @@ import { getOAuthUrl, oauthProviders } from '../lib/oauth-providers'
 
 export function OAuthButtons() {
   return (
-    <Stack direction="row" spacing={1} justifyContent="center">
+    <Stack direction="row" spacing={1} sx={{ justifyContent: 'center' }}>
       {oauthProviders.map((p) => (
         <Button
           key={p.id}
diff --git a/server/prisma/prisma/dev.db b/server/prisma/prisma/dev.db
index e72aaa953026346fe3580096297f2556a80b59ec..0e2e2b2e9a25f6707069c36faa50e4c7e5f63cf6 100644
GIT binary patch
delta 5792
zcmeI0UyNK;9mnVH%>J33nVtR9*=e`iow2lOw{Z0Qz4xB*r@%tQh@}b*t%}3Bf6jL3
zc6aG)vE7>NUI{*#2wX(PgcO7*iDKy@OCPjNh*1-G(3cV)NHmCs7~+GFSU~)pGp$hC
z$~^hh+1$Hx@BGf^{?6~5`~98YSzaDlULJXHY}o0^WHPtH@mV->a7;gR7433*p1b>K
zd7vAvo$|YI&Rko5Hys$fVN>Lbzz>v%{3w)&(}*J_Lk|U<6CdN4(om+Y!5ec^uX|Uf
zCk8hQ_%e}fT-(1ZDRtkK$#my6<=XQji3s)s#08E3fnCH{KxoJ%54cW8hAd(%-7~Ze
z5bg&_y=oDA48qkcB*az7b$yO_pegcQp-~u9XpNbq)JtEq2=`3-@1d;*@m5kF{SXm*
znkuS&<Z@3V?h_xpU<|ob3F;D`dz7YM88%+HZ>CQSZ{_girKDQ12#8j9p0Jo`6?=$D
zZermn69$DiqkibcGLED4{o$$I(C{S1)Ww2$gfhuULq$=e*=ih!Tg}Bdavlehr;_@b
z58b0!M???-oeK!!GIEi`65<Tp(B~pjilpBkvF;sBUmLMKTu$mEA3-P*XwC@oA_{S4
zIzZBOLlhA=a04C0OsMqgH5T!WG+AR2w<l!SB953I`mvM&3<uKK2Uj9Ykne#%GKxd4
zaTsV!(%0IE9qFcuG;!XN)P^kLPK!{k(oDukOF^MGFl!_c9*QW%0>_L7I!Yg|ST8=6
zzFOI05W~sXphbMaAcQLe87Phj31O%LSE4{@hI~!kFn~~SB2qqT5v6o-bR!_dnPhX>
zB0_`kVxgo8IdUVHK}VthDG>_fN-tueV#@P^^!FAa-cGAkWDsv88wM=mc7wnKN0JZ)
zGhf7rW91@03^4MTQhpc(RBN6dt{N}IpVE_6GxNnS6H>AW8_qcNRpc{_+&G4gU<Kjy
znMBOj+9e?kL*}LH)>_1iX=AMkr+6%xELy}q;{}nDdm`W{U;)fDUn?YI#ZW+eUx-*p
z0+a5QHsZVK$U0&W`;vOWBJ9h<LkZIp+!rvn5GOHs5ycb<>`VB`)2>U>!|SXUIz740
z%nLD<jP+ZD9T6;v4uzJ8Dh#pUFgDT$QHV9XHJ%$`9faxlm_=Nd24i+aYRP!sBED!k
zq5{r58ZyK@A0~JJy$PrnB8-IyG4TYIaeAVS7)w7G+XP<lmy`8<7IB+FaL=P23n+4h
z6%ysc#H1Mc0WlEe!gNn}uQy)s-=vSPzrrA%O-6bxV!J`GFk+wrF47#rz&ZAj4-*zq
z7MYRp1I+yNoi^f`^qTSY2JwUBiXMw-7=#pz5sWD!VdO(N8O)17VI&o_<{|Sj#NylI
z){95dKa5{#5C@ZLw?$YXkxXb`DG)J2Ae>r85DON8Kys{oEENmGly0zy`Sj3+nnB!^
zOy(@Y&I?6+4T|g`kRF)eB!qbpnQ(#_NdX;`@TR`pM(j?9C(OLyG8xTU#LcE75U@~b
zO;8YfAZH-~FGA=D4oHY;#3+XmIW%FtVCk<WCJbUzQtGk@W)Pl?UF<?mAlk%2dofak
z!@Cy3fX1;OYeCbY+KoG)Wz9+=r#=B;<h-E{F6=cz$lgy%&WA`AL_)!|L@xG?en6mo
z2};Yg(w>UB2d{7XMD4~s(DGmBkf5|KrH$rnbHRb+<*w_8^H||@ru5Rlbn&TyO7WHA
zJLOjg{ycDE;JVVi#V-|3mw#S*taMAMR_5hG`L2Nn%ik(yibqO+FHWx9Q2$}!;j3~>
zt`=TwL|BU$8~`mxph_4;8Y1UY&ZAI|ZO!g-I!Ti2jA19KaIG;k32*6>GG5hKc9Pdd
zjbR7bE2tR5bE#;_yrq}QMQf~O2N`F?7<Q6ZhOOa8vd7Y;(#Mdo>?BDH8pBRfLD?97
zT=17JruYNKvJ+h|8N*K0yJ!qArqN3u7wLlavI8mZH-?=EZr(oo60*AVQC;mbmYt|)
zuQBXIBYUjj|4_oEb5huCEISdroH6V~*0RR%lf(<Mo1k4=vb*w~Xwvaxx%!WCJL@aC
zW4(hbh2^))kDhY!&RZ)(J5QHu6WOW!Lfl$Fb0B*|*~z?$_BUs*H@7|=&h0<G(=<M2
z8oyUNes^wgH8<$IzkM>lDO2uxGBa>R>9x}4;y;Vu$^SHer0*wvSNHs^XQBJ`?ETrB
zx}G$DtJ`)uXZmu5ICJOf);-R(U9ik|wq0HM-VML#8XszqU9I>)0d6_fO2xUqk)F)`
zZFTvp&ONQsXb#Vl1&p!UyLaDgOU_7G=ZPne)r}jbL&h)j|HrwzyZ({p20wqfCb(P^
zT&@W&*909TqRTbG<(lCCSQBiyR83&Yj6as3CddqCGUbyiLwK>gwCEJK%UY#U`5cro
z-QoUuNQHBUzYeJo>xF3Ajote&J2ZVZZQlykQ-%Pa?(J|f+5Z0Drt>t0mXXP#>>fTp
z-NK9KCwb@bo3dx#XrG}zS<Rku{#v&A_rjKDL9m)TntiX<Z`^juw`9t<fZNxVml82n
zFnenWR61s7?2~I0s8gBmdZCU<06S8iCY&)EDuG4pyHdo`lV*zu%D|8dUk9!Sdvny&
z($m=E!c=Jw>}c<3Q3(Y*gFOw{%bHdD<HkW)Sv2gog}Fx5Y|YQ8!|iLc=cSwROw_Uf
zc6LqibS_u#vE%T&m7(iTmObGVw&(NJJbca#!#rIyqhMkw*n!!W4?6^u8BZXD@3qe_
zoO0eg8@>yS;ZYCm?5$)WbP|pMIAHaYF;$@p3$oYCFU;qDUB1SyeN5xfJV_ql!Qu>T
z6WN(?kwuYx?&<cqf5kcWLG96_x!ia$`+TN!u(Ywz+yC3Xzw}LY&-5S3pUxHX&t{*8
zTJn)>eOI%mI$3d!G-spukXec~;{B>Q)7TduHdp=Wb3NYLZ+>mM*R0MSs4b{qCN@8q
z!%JVueR=6@V0S>oH`edCdG{Sx_1EFEQ8y2?7B09uqb_oDI)<koIIp$3Pc5kPZ_V$W
zn?3&#^QzTKuk4<4CRb;k&Q0XDZK>WSokZHs?3i0<>Sm}uv$v-@wZX~Qo2`3iw!rn-
X)n{*e_35vkekM0E+Foy75cB^4{$n2W

delta 3703
zcma);Yiv}<702&-cWtkC*LQ7W8ykZiYzIg>WoGW&xp$hR4kT4u^?@lu1SOF@_hlSx
zL$G-n3HyqsUz)a%kwVo+L{KXwQc)8Sb*YqCsA|cF5;^(Mq+e)N5-CEJszwP?sy6AF
zSr8~Zx*z7smd^a<Kj)nJpPip?o1bqx+TCg$wk+$Lu)Yeb9#(kl3$)HU{Oafl`}yJQ
zrU6U|b_0%4;JY4TiRU1ZFb~l%lEO=fkl0nzm5sTf3-?NOt}^JtA6wGZ%bT{Q<@}SD
zl`n(@a~dWT`2iJ(h1f-c`w1dm;9?((m`9FkYcYsTYJ1Cl8o|=OPJ`I45rR<%J8^<A
z76~9^fc!XS$mLl2ByuB(x%zDtv0i=JvQ{Hjr+pnaA>4p?5sy$D3XGWaBoeWdh&qDu
zfCiDEk$Sw<s9339Y+cKSE(~5xJKGHc(vvR)-0_)A1o9byT##5G=?jVi5<@mf6uF7|
zZ|ftE!Nz}4OgVOmM}Y5;5gA1z<I^L1;_30(ILf>LA%9N$mfesSCT<*i!bgI}!1lZt
ziAWHXIK=Z3Ck`<U)Q{V=yur8Cr8a%T!P9A9+YJPdXyi+sXG|Q#gzF$FrHg_j<^iJ-
z!!lM6EHj8xDqUs}M^n;j5Qp>)UBamdF{GGCiWnDADolOkMAVT!4vAn=U8*9!uLjzM
zRxy_Lwiv`Vjld)hV$L}VU=v~vWeCa~B244Z32_+tZm6DXH!4E)Zu=UI*qU}%4B}g+
z+DYtrF5}2`h;En|?%*X7G3;W;brN3^s#u3XY*w=!t2JUM9kdN1G#3#uNhItM+#`tj
z&~Co;BE*=C85E5<(ot_!5nocBok$~4y0Y0IwrB*GEC_=DI*mr4!k3UvA_NkFD@g2d
z0hLt;JB^C9YOzyy{$L>`WrHy3q=YB24^IY~!-dC_I4B5Zf~4z(iO)TUajLqO8$?cx
zEZ6BAxRS0b8N^Pl!smX>DUFa!+yLae0tL(u5Dh{<k~EHpbk#+J7<gZ`brFp?pY|0E
z!aN?%;SEPIML1-T#5jqNPgo3H9QlcaipLIC2fMV2f!EYxm+p&!pQYVR24N}^!fA}*
z7|Bq#76*<mKt&ireZ7c=QU<E0+aQjspj%gDU^eY37{q2%)JS@PfQDjG!lA*r3uy=_
za^Xpf(3h^`1nOKBu}^*0J)jZm(-n;du}LEs4;c;|iLmFv6ZS!mpo}6aT*fE};v!a$
ztuQL?S1+vS*NA0lTZ2IiX@m>U3|?@6+(3qixj_gOaTsz)oVW>=ZjwamY86pY5B99k
zh-}(lZxACIK|wE%B}TCajme@2TAknk#hj2NbTROydbUTa=>Jr`-E%)6`Y)%Qd4n)U
zl5j>iSO(Y-VbB+@5B3@`Btj{K2Z<8WQ*@<4{8b%T*{cy3({(w6Fns|9k&*`qiXsfp
zEOIe4IKjyCsPuiFaGz53rz+wN)w)XeMgOU^BWn;}F}aXD@q!4Bbs``9f`Oe;pCIac
zk;?-tC|LV}RYt{2>h)EtG~%aexy~RQjSx6;TpvSs1{iJw<3Pha@K_S@B$S~ahN`7^
z<F{ewabt;4Cj!RE*ofRavqKwU|ADlexq<Y-AKU<3KH(nZM#9LD`d=ovE?2-}!qtnt
z8@IvEnd?Y!T6iQQ<5S}^2KjgsjIyqhWtG2Hvg~5{AI;~=z2%?S-)sJR^OwuNFI{bJ
zx8JpYUHVSxQ1j99)1_b7PnOm-kCiUk>`V*(V{vY6c59}V(buH|YZ-9Mbzm)HtWyWh
zi5jL=hmNdaCI#(AWDNsmnGV!rWbXgXkv1J!%d}|Kfwjzp79A+AIse?<tiNK;uEF4K
z9axKvH|xNg&3f)mZe7-qwRm#LoLz(S7Iom~{dMkk2HT_~MGZDu(1Ep>Wup$foh8nF
z-V+;iWG&8DuLEoGx4aI#lZ(yWY-2g2vIeut>cCnoscubnYvFE2(|X-$%HSgz`@ChJ
z2VYpQzy44rKjhp~7f$XDckE8~?#CEY_>HsQ9h;&7oqcNQ=Sye%-a4}MyQNo_7GS-$
z^!ikc_U@Fka%$HaTia5`zHHf-0rwYsWlwgfa7WhZ;ap#R#{ST<KZNKH?B;Uzp27{<
z$@$82qd5pzwCqI)IBS1nDAPDZtb87R#$OXS2?DVe$fx$~+vn{ao7^pT`Yt99k4?()
zi7$q`CbePy;BfVOH+{FDPGh6*ie+Dc<Ns!Nwr5G<R({i&4F0V5^k}iNP^@IG4y}V6
zwAP)pn)}O_%7dkkN<S+8uoxG9RX9`_Xnd*hf%;SRGx_(jN3xGD+&7&0ccVI1zir{r
z_RN(`-I}K3ue_YQw^&RM7aBU-+cQT-)MD;~h508kPfd3~MV#4jxUZa^aq-yxoz9N2
zU3*UAzLTSUaD3mHBL4WAj?ubL{&^;c|Fiz&!<DMC6WNb@8};?Aie)X7M(aMZj}7Ol
zJ1b|4xlei_({Eb#n{d@ddxM)P4i&KeG+Kp1p)sGop7CiAKy=1wI5ROeIXz)A``zmI
zZuz}sBPc&M+|Ulyv>t*bVEM2-SR7QmXa8n*?hp2Z=Gs$mYN)SGf_=Ni!Tmv1&TaCc
zg>0U#eygQ<{zNXfypW%;%6rSJiw#Y0G``>XNPeQ}P~n}zg)<xa9?h4Y8I2mAc_M1)
x+^`|DF!9UWs$6FHc=M~-2P<3R`p&Tp8EbqhiVsXbJ+bi4%el6WYAtRN^*;$W<&gjY

diff --git a/server/src/routes/auth.js b/server/src/routes/auth.js
index db286d7..385371f 100644
--- a/server/src/routes/auth.js
+++ b/server/src/routes/auth.js
@@ -122,7 +122,8 @@ export async function registerAuthRoutes(fastify) {
     const phoneRaw = request.body?.phone
     const phone = phoneRaw === null || phoneRaw === undefined ? null : String(phoneRaw).trim()
 
-    if (displayName !== null && displayName.length > 40) return reply.code(400).send({ error: 'Имя/ник максимум 40 символов' })
+    if (displayName !== null && displayName.length > 40)
+      return reply.code(400).send({ error: 'Имя/ник максимум 40 символов' })
     if (phone !== null) {
       const compact = phone.replace(/[\s()-]/g, '')
       if (compact.length > 20) return reply.code(400).send({ error: 'Телефон слишком длинный' })

From af5376d0e1e25b3aea90dc04117c763e4b881e61 Mon Sep 17 00:00:00 2001
From: Kirill <mpak8501@yandex.ru>
Date: Wed, 20 May 2026 11:31:24 +0500
Subject: [PATCH 18/19] =?UTF-8?q?fix:=20rename=20name=E2=86=92displayName?=
 =?UTF-8?q?=20in=20remaining=20Prisma=20select=20clauses?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/prisma/prisma/dev.db             | Bin 311296 -> 311296 bytes
 server/src/routes/api/admin-orders.js   |   2 +-
 server/src/routes/api/admin-reviews.js  |   4 ++--
 server/src/routes/api/public-reviews.js |   4 ++--
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/server/prisma/prisma/dev.db b/server/prisma/prisma/dev.db
index 0e2e2b2e9a25f6707069c36faa50e4c7e5f63cf6..856dae3ffee79791f07920ffb11e022ae74b5c4c 100644
GIT binary patch
delta 731
zcmZo@5N>D?o*>PrK2gS*QGH{=5`8vC{(}ts2R92EZ0Gm1Wn{HCR%A-fEl9~v%qcK2
zFfcGmPqfIZ$S^m{%P}&%F!#b%g^SG>c3s$TVLK4-y|6DYRkt)du_`eyU!9+efq{XM
z|1ksqW1w+2`DJC8?KyFpwJCr_0ciOr2L4Y#)i3z@c$pPB5vFZw;1XcsKLwQ9$FCyK
z?95n_T3n)=pIBOwp_^BlljD$Dk(gVMld6}TpUWi5Y{=RCZvOUn^BMo?i{uq0=L21y
zSe2Dol4Vw4X=YxPv&cYUQG&vz1a5`R+y-CefeeA|+zCwo|1<ID0_`y7udia_vA2{L
z6&3YlU|?khJ3Ft)G8<@+L3veLT7J1fUU^PI3Dg-rK-JDb?}7kAbvaP6AxO1hUbbOo
zzBx=aHb*nga}i0s0wJ9ldHn3{8F}nAAtoY>OtAnOnF8`jd0JMUc}YQTVoGjio&(4k
zAg_b;r};uiQ1CMdFaU#}|0vK;JNd0;ne7>2KEZGs6FhqIiZHF&6u_;poqGZEg??3_
zbTQBsX&_fv78aYERT(B38X23If~`$}klPM0zTpQ3J*HA%&`%6t-_D-EazNe+7&oOr
qvywq(CFiD;SZ0}3LS2X%X<(D>ASBmjMuY$I+ZM3Akq1REh9LlrlJHaj

delta 452
zcmZo@5N>D?o*>Q0Hc`fzk!@qb68+6A8~*5TN?;KHGS~$+b2t3w-z*q#ou5~Z*_pE>
zwYWq#Ke4o=`Q7~O@8&c9(-$!)Ff1`JFi6bE$j&Ra%&|-}NH$%xK>=jKVwL~}xN+?)
z2~5*j5}4UG3mR1M*H<y}*jvhrii&zNFtD;F=N6>o8{}7(15GkWD@jQ=OEoJqFs?|4
zTId5*?aTlHtoA^TCX55sT40n4)R_WugmIQhL3*)4RbonRW}XAc0KMe=T*i4W%)g#N
zNG=A3?aT)lU-APTkEw4{0E@zQmIch$`&EI`RUij}j5Reb$}6@=HZU|YHZcX8^9Mq1
zJHYq`Y!Zf2U@%M!VBgN3z;Zy|3K&ix1<4?@EQ?H%s&W!dA>PIkfMAoaLrAX8j2r&T
PZ(G3fMjjN{7={1<dsUSB

diff --git a/server/src/routes/api/admin-orders.js b/server/src/routes/api/admin-orders.js
index 0e01e5e..8db819f 100644
--- a/server/src/routes/api/admin-orders.js
+++ b/server/src/routes/api/admin-orders.js
@@ -73,7 +73,7 @@ export async function registerAdminOrderRoutes(fastify) {
     const order = await prisma.order.findUnique({
       where: { id },
       include: {
-        user: { select: { id: true, email: true, name: true, phone: true } },
+        user: { select: { id: true, email: true, displayName: true, phone: true } },
         items: true,
         messages: { orderBy: { createdAt: 'asc' } },
       },
diff --git a/server/src/routes/api/admin-reviews.js b/server/src/routes/api/admin-reviews.js
index f6f6e24..7cb840b 100644
--- a/server/src/routes/api/admin-reviews.js
+++ b/server/src/routes/api/admin-reviews.js
@@ -18,7 +18,7 @@ export async function registerAdminReviewRoutes(fastify) {
     const items = await prisma.review.findMany({
       where,
       include: {
-        user: { select: { id: true, email: true, name: true } },
+        user: { select: { id: true, email: true, displayName: true } },
         product: { select: { id: true, title: true } },
       },
       orderBy: { createdAt: 'desc' },
@@ -40,7 +40,7 @@ export async function registerAdminReviewRoutes(fastify) {
       where: { id },
       include: {
         product: { select: { title: true } },
-        user: { select: { name: true, email: true } },
+        user: { select: { displayName: true, email: true } },
       },
     })
     if (!existing) return reply.code(404).send({ error: 'Отзыв не найден' })
diff --git a/server/src/routes/api/public-reviews.js b/server/src/routes/api/public-reviews.js
index 1019ebe..ef535b2 100644
--- a/server/src/routes/api/public-reviews.js
+++ b/server/src/routes/api/public-reviews.js
@@ -40,7 +40,7 @@ export async function registerPublicReviewRoutes(fastify) {
     const rows = await prisma.review.findMany({
       where: { status: 'approved', product: { published: true } },
       include: {
-        user: { select: { email: true, name: true } },
+        user: { select: { email: true, displayName: true } },
         product: { select: { id: true, title: true } },
       },
       orderBy: { createdAt: 'desc' },
@@ -80,7 +80,7 @@ export async function registerPublicReviewRoutes(fastify) {
     const total = await prisma.review.count({ where })
     const rawItems = await prisma.review.findMany({
       where,
-      include: { user: { select: { email: true, name: true } } },
+      include: { user: { select: { email: true, displayName: true } } },
       orderBy: { createdAt: 'desc' },
       skip: (page - 1) * pageSize,
       take: pageSize,

From b06ba6436562dc7f3e1c0e3535e180c6054b5402 Mon Sep 17 00:00:00 2001
From: Kirill <mpak8501@yandex.ru>
Date: Wed, 20 May 2026 12:07:22 +0500
Subject: [PATCH 19/19] test commit

---
 server/prisma/prisma/dev.db       | Bin 311296 -> 311296 bytes
 server/src/routes/oauth-social.js |   8 ++++----
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/server/prisma/prisma/dev.db b/server/prisma/prisma/dev.db
index 856dae3ffee79791f07920ffb11e022ae74b5c4c..224aa1496ec6b39548c9551ade5ef603ce38d3ee 100644
GIT binary patch
delta 907
zcmZo@5N>D?o*>N_Fj2;tF<@iDl70>*{>u#fulO%-7IfIhZzj*|%vd7DY{@9bY{-~f
zkeF>@YGCM4nV6T7TA^1|$|TBc$O#ut&rQtC(M!(H-4wv0u$g7UANx%SECSnE1Q?(1
z7cD4A&Mq@BFi5m0tt>Lk%E_!WE=*svK>?&>F-rhgy*`MuoF##20vjWL0Rw-*W<i5A
z{`y8<MoxQ4`DzAMR{P}Kf|P<1Q%iH8Q6`nS7M7-ECY8zN#zqh~85>y`m>8N^m{l6Y
z$Csx&xq6y;mK2mbxd$YL`ewRh<P^AgyIJ^FcsYlL<@-hWWM-OYhew1O>4s-SRRu+4
zGtP4{ymJRgnws^(tP(T<+GPZ?%PhChEI&1+Xp_Thele`B;M&Z%ff?u*hv)qAAO#p&
zxfmE282R5Y@W0tC81RT+M3_ZVo)gXO+X9$b1b`7?%fP>z-xe4KhWzz4Og#36&Z?TC
zK>e(&FsES{5049Y6kV8gVaLUW3p+0CzOY*X$k}&c&xH*@fqfS?Axojk<R<2%f`j4)
zI4CAL2QUJy2U-mRQ0t3}vonAJV^ES_Ra$6~kyT+}Yz(&^o)kc)%vlH_L4IfAKgz)W
znExm+dF|x4mSwhQ#OW6%8D@J<uq-yKKxu3_%L3*GU{X29z<&;C;C_B{Q$}ukP6H6Z
z!NAGM$$@Zd9?+?VAh%{4loeDJnx=!@v>ZZ$B2=^hXbpxcU<#cWz`mV5fn~qEH82h5
tfV`XxO2d_A$>pg<$(3LiVoTgWqxChuKuA!!_%FY00n2N7P)@)!1pqA1Fj@cr

delta 664
zcmZo@5N>D?o*>PrK2gS*QGH{=l70>b0R{&Ccl@U|3p(uMH<M>}W-Li9F44_TEG@~<
z%`45xaY(I5%q_@C)l1ILWfEmJ<P>Dq<V;M-&CGKEsRRjc3Sd##%(CH+{iXyKf$b~;
zjL-Lr=I0e9=NlLpBvxf*mSmX~Seltv<t*Bu08+A;B>=2mAH-SClE5?pq}zYd0f9*g
zEX!E}m<1rt+RvZ6S<t|kzrKoz$KFz2R8-WHfq|7ZIkzAMXuM@M(0GILs<gEHa)Z3`
zoPrXl%YA^Vof#kip}HKX*bt=JFfZFMGv6Gh8k;{E=edZaUV)I#j68n!_KZCCn&?KR
zSOASo0r{^yEi2Ewq#zeHSU~#Id?6$kNHZv?AM+mt2K7#UYguM{Mwm}9+{PrsY|jam
z#k2+#-pg4QFgLJ)jXVi7a6iAfDI>Q%C#N_k5Wsz%QVeur8pw&3g~jG(Rfb81M#d(l
zU^gW|$ZZE0U-N^a3sWsHx+Vs&Z)Z<n*)MMmiqKM^X~`hdl5<l^EVIlip-xQ3h-t9d
Xb`X+lGvkK;^4k`$yp{(i3k*{L=ycJ@

diff --git a/server/src/routes/oauth-social.js b/server/src/routes/oauth-social.js
index c0f72b1..dba2db1 100644
--- a/server/src/routes/oauth-social.js
+++ b/server/src/routes/oauth-social.js
@@ -18,13 +18,13 @@ async function issueUserJwt(fastify, userId, email) {
 }
 
 async function findOrCreateUserFromOAuth({ provider, providerUserId, accessToken, suggestedEmail }) {
-  const existingLink = await prisma.oauthAccount.findUnique({
+  const existingLink = await prisma.oAuthAccount.findUnique({
     where: { provider_providerUserId: { provider, providerUserId } },
     include: { user: true },
   })
   if (existingLink?.user) {
     if (accessToken !== undefined) {
-      await prisma.oauthAccount.update({
+      await prisma.oAuthAccount.update({
         where: { provider_providerUserId: { provider, providerUserId } },
         data: { accessToken },
       })
@@ -36,7 +36,7 @@ async function findOrCreateUserFromOAuth({ provider, providerUserId, accessToken
   const norm = trimmed ? normalizeEmail(trimmed) : null
   let user = norm ? await prisma.user.findUnique({ where: { email: norm } }) : null
   if (user) {
-    await prisma.oauthAccount.create({
+    await prisma.oAuthAccount.create({
       data: { provider, providerUserId: String(providerUserId), userId: user.id, accessToken },
     })
     return user
@@ -49,7 +49,7 @@ async function findOrCreateUserFromOAuth({ provider, providerUserId, accessToken
     email = `${provider}_${providerUserId}_${n}@oauth.craftshop.local`
   }
   user = await prisma.user.create({ data: { email } })
-  await prisma.oauthAccount.create({
+  await prisma.oAuthAccount.create({
     data: { provider, providerUserId: String(providerUserId), userId: user.id, accessToken },
   })
   return user