Merge branch 'int' into dev

Merge pull request 'dev' (#7 ) from dev into int
Reviewed-on: #7
2026-02-23 18:55:58 +01:00 · 2026-02-12 15:26:38 +01:00 · 2026-02-10 19:05:40 +01:00 · 2026-02-09 18:43:43 +01:00 · 2026-02-05 15:30:04 +01:00
247 changed files with 3835 additions and 19587 deletions
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -1,11 +1,11 @@
-name: Build and Deploy
+name: Build, Test and Deploy
 on:
  push:
    branches: [main, int, dev]
 concurrency:
-  group: print-calculator-deploy-${{ gitea.ref }}
+  group: print-calculator-${{ gitea.ref }}
  cancel-in-progress: true
 jobs:
@@ -18,9 +18,8 @@ jobs:
      - name: Set up JDK 21
        uses: actions/setup-java@v4
        with:
-          java-version: "21"
+          java-version: '21'
-          distribution: "temurin"
+          distribution: 'temurin'
          cache: gradle
      - name: Run Tests with Gradle
        run: |
@@ -28,42 +27,8 @@ jobs:
          chmod +x gradlew
          ./gradlew test
  test-frontend:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Setup Node 22
        uses: actions/setup-node@v4
        with:
          node-version: "22"
          cache: "npm"
          cache-dependency-path: "frontend/package-lock.json"
      - name: Install Chromium
        shell: bash
        run: |
          apt-get update
          apt-get install -y --no-install-recommends chromium
      - name: Install frontend dependencies
        shell: bash
        run: |
          cd frontend
          npm ci --no-audit --no-fund
      - name: Run frontend tests (headless)
        shell: bash
        env:
          CHROME_BIN: /usr/bin/chromium
          CI: "true"
        run: |
          cd frontend
          npm run test -- --watch=false --browsers=ChromeHeadlessNoSandbox
  build-and-push:
-    needs: [test-backend, test-frontend]
+    needs: test-backend
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
@@ -141,15 +106,21 @@ jobs:
          mkdir -p ~/.ssh
          chmod 700 ~/.ssh
          # 1) Prende il secret base64 e rimuove spazi/newline/CR
          printf '%s' "${{ secrets.SSH_PRIVATE_KEY_B64 }}" | tr -d '\r\n\t ' > /tmp/key.b64
          # 2) (debug sicuro) stampa solo la lunghezza della base64
          echo "b64_len=$(wc -c < /tmp/key.b64)"
          # 3) Decodifica in chiave privata
          base64 -d /tmp/key.b64 > ~/.ssh/id_ed25519
          # 4) Rimuove eventuali CRLF dentro la chiave (se proviene da Windows)
          tr -d '\r' < ~/.ssh/id_ed25519 > ~/.ssh/id_ed25519.clean
          mv ~/.ssh/id_ed25519.clean ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
          # 5) Validazione: se fallisce qui, la chiave NON è valida/corrotta
          ssh-keygen -y -f ~/.ssh/id_ed25519 >/dev/null
          ssh-keyscan -H "${{ secrets.SERVER_HOST }}" >> ~/.ssh/known_hosts 2>/dev/null
@@ -157,6 +128,7 @@ jobs:
      - name: Write env and compose to server
        shell: bash
        run: |
          # 1. Recalculate TAG and OWNER_LOWER (jobs don't share ENV)
          if [[ "${{ gitea.ref }}" == "refs/heads/main" ]]; then
            DEPLOY_TAG="prod"
          elif [[ "${{ gitea.ref }}" == "refs/heads/int" ]]; then
@@ -166,8 +138,10 @@ jobs:
          fi
          DEPLOY_OWNER=$(echo '${{ gitea.repository_owner }}' | tr '[:upper:]' '[:lower:]')
          # 2. Start with the static env file content
          cat "deploy/envs/${{ env.ENV }}.env" > /tmp/full_env.env
          # 3. Determine DB credentials
          if [[ "${{ env.ENV }}" == "prod" ]]; then
            DB_URL="${{ secrets.DB_URL_PROD }}"
            DB_USER="${{ secrets.DB_USERNAME_PROD }}"
@@ -182,28 +156,32 @@ jobs:
            DB_PASS="${{ secrets.DB_PASSWORD_DEV }}"
          fi
          # 4. Append DB and Docker credentials (quoted)
          printf '\nDB_URL="%s"\nDB_USERNAME="%s"\nDB_PASSWORD="%s"\n' \
            "$DB_URL" "$DB_USER" "$DB_PASS" >> /tmp/full_env.env
-
+          
          printf 'REGISTRY_URL="%s"\nREPO_OWNER="%s"\nTAG="%s"\n' \
            "${{ secrets.REGISTRY_URL }}" "$DEPLOY_OWNER" "$DEPLOY_TAG" >> /tmp/full_env.env
-          ADMIN_TTL="${{ secrets.ADMIN_SESSION_TTL_MINUTES }}"
+          # 5. Debug: print content (for debug purposes)
          ADMIN_TTL="${ADMIN_TTL:-480}"
          printf 'ADMIN_PASSWORD="%s"\nADMIN_SESSION_SECRET="%s"\nADMIN_SESSION_TTL_MINUTES="%s"\n' \
            "${{ secrets.ADMIN_PASSWORD }}" "${{ secrets.ADMIN_SESSION_SECRET }}" "$ADMIN_TTL" >> /tmp/full_env.env
          echo "Preparing to send env file with variables:"
-          grep -Ev "PASSWORD|SECRET" /tmp/full_env.env || true
+          grep -v "PASSWORD" /tmp/full_env.env || true
          # 5. Send env to server
          ssh -i ~/.ssh/id_ed25519 -o BatchMode=yes "${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}" \
            "setenv ${{ env.ENV }}" < /tmp/full_env.env
          # 6. Send docker-compose.deploy.yml to server
          ssh -i ~/.ssh/id_ed25519 -o BatchMode=yes "${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}" \
            "setcompose ${{ env.ENV }}" < docker-compose.deploy.yml
      - name: Trigger deploy on Unraid (forced command key)
        shell: bash
        run: |
          set -euo pipefail
          # Aggiungiamo le opzioni di verbosità se dovesse fallire ancora, 
          # e assicuriamoci che l'input sia pulito
          ssh -i ~/.ssh/id_ed25519 -o BatchMode=yes "${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}" "deploy ${{ env.ENV }}"
--- a/.gitea/workflows/pr-checks.yaml
+++ b/.gitea/workflows/pr-checks.yaml
@@ -1,172 +0,0 @@
 name: PR Checks
 on:
  pull_request:
    branches: [main, int, dev]
 concurrency:
  group: print-calculator-pr-${{ gitea.ref }}
  cancel-in-progress: true
 jobs:
  prettier-autofix:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Setup Node 22
        uses: actions/setup-node@v4
        with:
          node-version: "22"
      - name: Apply formatting with Prettier
        shell: bash
        run: |
          npx --yes prettier@3.6.2 --write \
            "frontend/src/**/*.{ts,html,scss,css,json}" \
            ".gitea/workflows/*.{yml,yaml}"
      - name: Commit and push formatting changes
        shell: bash
        run: |
          if git diff --quiet; then
            echo "No formatting changes to commit."
            exit 0
          fi
          if ! command -v jq >/dev/null 2>&1; then
            apt-get update
            apt-get install -y --no-install-recommends jq
          fi
          EVENT_FILE="${GITHUB_EVENT_PATH:-}"
          if [[ -z "$EVENT_FILE" || ! -f "$EVENT_FILE" ]]; then
            echo "Event payload not found, skipping auto-push."
            exit 0
          fi
          HEAD_REPO="$(jq -r '.pull_request.head.repo.full_name // empty' "$EVENT_FILE")"
          BASE_REPO="$(jq -r '.repository.full_name // empty' "$EVENT_FILE")"
          PR_BRANCH="$(jq -r '.pull_request.head.ref // empty' "$EVENT_FILE")"
          if [[ -z "$PR_BRANCH" ]]; then
            echo "PR branch not found in event payload, skipping auto-push."
            exit 0
          fi
          if [[ -n "$HEAD_REPO" && -n "$BASE_REPO" && "$HEAD_REPO" != "$BASE_REPO" ]]; then
            echo "PR from fork ($HEAD_REPO), skipping auto-push."
            exit 0
          fi
          git config user.name "printcalc-ci"
          git config user.email "ci@printcalculator.local"
          git add frontend/src .gitea/workflows
          git commit -m "style: apply prettier formatting"
          git push origin "HEAD:${PR_BRANCH}"
  security-sast:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Install Python and Semgrep
        shell: bash
        run: |
          apt-get update
          apt-get install -y --no-install-recommends python3 python3-pip
          python3 -m pip install --upgrade pip
          python3 -m pip install semgrep
      - name: Run Semgrep (SAST)
        shell: bash
        run: |
          semgrep --version
          semgrep --config auto --error \
            --exclude frontend/node_modules \
            --exclude backend/build \
            backend/src frontend/src
      - name: Install Gitleaks
        shell: bash
        run: |
          set -euo pipefail
          VERSION="8.24.2"
          curl -sSL "https://github.com/gitleaks/gitleaks/releases/download/v${VERSION}/gitleaks_${VERSION}_linux_x64.tar.gz" \
            -o /tmp/gitleaks.tar.gz
          tar -xzf /tmp/gitleaks.tar.gz -C /tmp
          install -m 0755 /tmp/gitleaks /usr/local/bin/gitleaks
          gitleaks version
      - name: Run Gitleaks (secrets scan)
        shell: bash
        run: |
          set +e
          gitleaks detect --source . --no-git --redact --exit-code 1 \
            --report-format json --report-path /tmp/gitleaks-report.json
          rc=$?
          if [[ $rc -ne 0 ]]; then
            echo "Gitleaks findings:"
            cat /tmp/gitleaks-report.json
          fi
          exit $rc
  test-backend:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Set up JDK 21
        uses: actions/setup-java@v4
        with:
          java-version: "21"
          distribution: "temurin"
          cache: gradle
      - name: Run Tests with Gradle
        run: |
          cd backend
          chmod +x gradlew
          ./gradlew test
  test-frontend:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Setup Node 22
        uses: actions/setup-node@v4
        with:
          node-version: "22"
          cache: "npm"
          cache-dependency-path: "frontend/package-lock.json"
      - name: Install Chromium
        shell: bash
        run: |
          apt-get update
          apt-get install -y --no-install-recommends chromium
      - name: Install frontend dependencies
        shell: bash
        run: |
          cd frontend
          npm ci --no-audit --no-fund
      - name: Run frontend tests (headless)
        shell: bash
        env:
          CHROME_BIN: /usr/bin/chromium
          CI: "true"
        run: |
          cd frontend
          npm run test -- --watch=false --browsers=ChromeHeadlessNoSandbox
--- a/.gitignore
+++ b/.gitignore
@@ -41,11 +41,3 @@ target/
 build/
 .gradle/
 .mvn/
 ./storage_orders
 ./storage_quotes
 storage_orders
 storage_quotes
 # Qodana local reports/artifacts
 backend/.qodana/
--- a/backend/build.gradle
+++ b/backend/build.gradle
@@ -24,15 +24,11 @@ repositories {
 dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-web'
 	implementation 'org.springframework.boot:spring-boot-starter-security'
 	implementation 'org.springframework.boot:spring-boot-starter-validation'
 	implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
 	implementation 'xyz.capybara:clamav-client:2.1.2'
-    implementation 'org.springframework.boot:spring-boot-starter-actuator'
+	runtimeOnly 'org.postgresql:postgresql'
    runtimeOnly 'org.postgresql:postgresql'
 	developmentOnly 'org.springframework.boot:spring-boot-devtools'
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 	testImplementation 'org.springframework.security:spring-security-test'
 	testRuntimeOnly 'com.h2database:h2'
 	testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
 	compileOnly 'org.projectlombok:lombok'
--- a/backend/entrypoint.sh
+++ b/backend/entrypoint.sh
@@ -5,6 +5,8 @@ echo "DB_URL: $DB_URL"
 echo "DB_USERNAME: $DB_USERNAME"
 echo "SPRING_DATASOURCE_URL: $SPRING_DATASOURCE_URL"
 echo "SLICER_PATH: $SLICER_PATH"
 echo "--- ALL ENV VARS ---"
 env
 echo "----------------------------------------------------------------"
 # Determine which environment variables to use for database connection
--- a/backend/qodana.yaml
+++ b/backend/qodana.yaml
@@ -1,48 +0,0 @@
 #-------------------------------------------------------------------------------#
 #               Qodana analysis is configured by qodana.yaml file               #
 #             https://www.jetbrains.com/help/qodana/qodana-yaml.html            #
 #-------------------------------------------------------------------------------#
 #################################################################################
 #              WARNING: Do not store sensitive information in this file,        #
 #               as its contents will be included in the Qodana report.          #
 #################################################################################
 version: "1.0"
 #Specify inspection profile for code analysis
 profile:
  name: qodana.starter
 #Enable inspections
 #include:
 #  - name: <SomeEnabledInspectionId>
 #Disable inspections
 #exclude:
 #  - name: <SomeDisabledInspectionId>
 #    paths:
 #      - <path/where/not/run/inspection>
 projectJDK: "21" #(Applied in CI/CD pipeline)
 #Execute shell command before Qodana execution (Applied in CI/CD pipeline)
 #bootstrap: sh ./prepare-qodana.sh
 #Install IDE plugins before Qodana execution (Applied in CI/CD pipeline)
 #plugins:
 #  - id: <plugin.id> #(plugin id can be found at https://plugins.jetbrains.com)
 # Quality gate. Will fail the CI/CD pipeline if any condition is not met
 # severityThresholds - configures maximum thresholds for different problem severities
 # testCoverageThresholds - configures minimum code coverage on a whole project and newly added code
 # Code Coverage is available in Ultimate and Ultimate Plus plans
 #failureConditions:
 #  severityThresholds:
 #    any: 15
 #    critical: 5
 #  testCoverageThresholds:
 #    fresh: 70
 #    total: 50
 #Specify Qodana linter for analysis (Applied in CI/CD pipeline)
 linter: jetbrains/qodana-jvm:2025.3
--- a/backend/src/main/java/com/printcalculator/BackendApplication.java
+++ b/backend/src/main/java/com/printcalculator/BackendApplication.java
@@ -2,12 +2,12 @@ package com.printcalculator;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration;
 import org.springframework.scheduling.annotation.EnableScheduling;
 import org.springframework.scheduling.annotation.EnableAsync;
 import org.springframework.scheduling.annotation.EnableScheduling;
 import org.springframework.transaction.annotation.EnableTransactionManagement;
-@SpringBootApplication(exclude = {UserDetailsServiceAutoConfiguration.class})
+@SpringBootApplication
@EnableTransactionManagement
@EnableScheduling
@EnableAsync
--- a/backend/src/main/java/com/printcalculator/config/SecurityConfig.java
+++ b/backend/src/main/java/com/printcalculator/config/SecurityConfig.java
@@ -1,47 +0,0 @@
 package com.printcalculator.config;
 import com.printcalculator.security.AdminSessionAuthenticationFilter;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.MediaType;
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@Configuration
 public class SecurityConfig {
    @Bean
    public SecurityFilterChain securityFilterChain(
            HttpSecurity http,
            AdminSessionAuthenticationFilter adminSessionAuthenticationFilter
    ) throws Exception {
        http
                .csrf(AbstractHttpConfigurer::disable)
                .cors(Customizer.withDefaults())
                .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .httpBasic(AbstractHttpConfigurer::disable)
                .formLogin(AbstractHttpConfigurer::disable)
                .logout(AbstractHttpConfigurer::disable)
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                        .requestMatchers("/actuator/health", "/actuator/health/**").permitAll()
                        .requestMatchers("/actuator/**").denyAll()
                        .requestMatchers("/api/admin/auth/login").permitAll()
                        .requestMatchers("/api/admin/**").authenticated()
                        .anyRequest().permitAll()
                )
                .exceptionHandling(ex -> ex.authenticationEntryPoint((request, response, authException) -> {
                    response.setStatus(401);
                    response.setContentType(MediaType.APPLICATION_JSON_VALUE);
                    response.getWriter().write("{\"error\":\"UNAUTHORIZED\"}");
                }))
                .addFilterBefore(adminSessionAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
        return http.build();
    }
 }
--- a/backend/src/main/java/com/printcalculator/controller/CustomQuoteRequestController.java
+++ b/backend/src/main/java/com/printcalculator/controller/CustomQuoteRequestController.java
@@ -1,102 +1,50 @@
 package com.printcalculator.controller;
 import com.printcalculator.dto.QuoteRequestDto;
 import com.printcalculator.entity.CustomQuoteRequest;
 import com.printcalculator.entity.CustomQuoteRequestAttachment;
 import com.printcalculator.repository.CustomQuoteRequestAttachmentRepository;
 import com.printcalculator.repository.CustomQuoteRequestRepository;
 import com.printcalculator.service.ClamAVService;
 import com.printcalculator.service.email.EmailNotificationService;
 import jakarta.validation.Valid;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.server.ResponseStatusException;
 import org.springframework.web.multipart.MultipartFile;
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.file.Files;
 import java.nio.file.InvalidPathException;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.nio.file.StandardCopyOption;
 import java.time.OffsetDateTime;
-import java.time.Year;
+import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 import java.util.UUID;
 import java.util.regex.Pattern;
@RestController
@RequestMapping("/api/custom-quote-requests")
 public class CustomQuoteRequestController {
    private static final Logger logger = LoggerFactory.getLogger(CustomQuoteRequestController.class);
    private final CustomQuoteRequestRepository requestRepo;
    private final CustomQuoteRequestAttachmentRepository attachmentRepo;
-    private final ClamAVService clamAVService;
+    private final com.printcalculator.service.ClamAVService clamAVService;
-    private final EmailNotificationService emailNotificationService;
+    
    @Value("${app.mail.contact-request.admin.enabled:true}")
    private boolean contactRequestAdminMailEnabled;
    @Value("${app.mail.contact-request.admin.address:infog@3d-fab.ch}")
    private String contactRequestAdminMailAddress;
    // TODO: Inject Storage Service
-    private static final Path STORAGE_ROOT = Paths.get("storage_requests").toAbsolutePath().normalize();
+    private static final String STORAGE_ROOT = "storage_requests";
    private static final Pattern SAFE_EXTENSION_PATTERN = Pattern.compile("^[a-z0-9]{1,10}$");
    private static final Set<String> FORBIDDEN_COMPRESSED_EXTENSIONS = Set.of(
            "zip", "rar", "7z", "tar", "gz", "tgz", "bz2", "tbz2", "xz", "txz", "zst"
    );
    private static final Set<String> FORBIDDEN_COMPRESSED_MIME_TYPES = Set.of(
            "application/zip",
            "application/x-zip-compressed",
            "application/x-rar-compressed",
            "application/vnd.rar",
            "application/x-7z-compressed",
            "application/gzip",
            "application/x-gzip",
            "application/x-tar",
            "application/x-bzip2",
            "application/x-xz",
            "application/zstd",
            "application/x-zstd"
    );
    public CustomQuoteRequestController(CustomQuoteRequestRepository requestRepo,
                                        CustomQuoteRequestAttachmentRepository attachmentRepo,
-                                        ClamAVService clamAVService,
+                                        com.printcalculator.service.ClamAVService clamAVService) {
                                        EmailNotificationService emailNotificationService) {
        this.requestRepo = requestRepo;
        this.attachmentRepo = attachmentRepo;
        this.clamAVService = clamAVService;
        this.emailNotificationService = emailNotificationService;
    }
    // 1. Create Custom Quote Request
    @PostMapping(consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
    @Transactional
    public ResponseEntity<CustomQuoteRequest> createCustomQuoteRequest(
-            @Valid @RequestPart("request") QuoteRequestDto requestDto,
+            @RequestPart("request") com.printcalculator.dto.QuoteRequestDto requestDto,
            @RequestPart(value = "files", required = false) List<MultipartFile> files
    ) throws IOException {
        if (!requestDto.isAcceptTerms() || !requestDto.isAcceptPrivacy()) {
            throw new ResponseStatusException(
                    HttpStatus.BAD_REQUEST,
                    "Accettazione Termini e Privacy obbligatoria."
            );
        }
        // 1. Create Request
        CustomQuoteRequest request = new CustomQuoteRequest();
@@ -115,7 +63,6 @@ public class CustomQuoteRequestController {
        request = requestRepo.save(request);
        // 2. Handle Attachments
        int attachmentsCount = 0;
        if (files != null && !files.isEmpty()) {
            if (files.size() > 15) {
                throw new IOException("Too many files. Max 15 allowed.");
@@ -123,13 +70,6 @@ public class CustomQuoteRequestController {
            for (MultipartFile file : files) {
                if (file.isEmpty()) continue;
                if (isCompressedFile(file)) {
                    throw new ResponseStatusException(
                            HttpStatus.BAD_REQUEST,
                            "Compressed files are not allowed."
                    );
                }
                // Scan for virus
                clamAVService.scan(file.getInputStream());
@@ -143,7 +83,8 @@ public class CustomQuoteRequestController {
                // Generate path
                UUID fileUuid = UUID.randomUUID();
-                String storedFilename = fileUuid + ".upload";
+                String ext = getExtension(file.getOriginalFilename());
                String storedFilename = fileUuid.toString() + "." + ext;
                // Note: We don't have attachment ID yet.
                // We'll save attachment first to get ID.
@@ -152,28 +93,17 @@ public class CustomQuoteRequestController {
                attachment = attachmentRepo.save(attachment);
-                Path relativePath = Path.of(
+                String relativePath = "quote-requests/" + request.getId() + "/attachments/" + attachment.getId() + "/" + storedFilename;
-                        "quote-requests",
+                attachment.setStoredRelativePath(relativePath);
                        request.getId().toString(),
                        "attachments",
                        attachment.getId().toString(),
                        storedFilename
                );
                attachment.setStoredRelativePath(relativePath.toString());
                attachmentRepo.save(attachment);
                // Save file to disk
-                Path absolutePath = resolveWithinStorageRoot(relativePath);
+                Path absolutePath = Paths.get(STORAGE_ROOT, relativePath);
                Files.createDirectories(absolutePath.getParent());
-                try (InputStream inputStream = file.getInputStream()) {
+                Files.copy(file.getInputStream(), absolutePath);
                    Files.copy(inputStream, absolutePath, StandardCopyOption.REPLACE_EXISTING);
                }
                attachmentsCount++;
            }
        }
-
+        
        sendAdminContactRequestNotification(request, attachmentsCount);
        return ResponseEntity.ok(request);
    }
@@ -188,80 +118,10 @@ public class CustomQuoteRequestController {
    // Helper
    private String getExtension(String filename) {
        if (filename == null) return "dat";
-        String cleaned = StringUtils.cleanPath(filename);
+        int i = filename.lastIndexOf('.');
-        if (cleaned.contains("..")) {
+        if (i > 0) {
-            return "dat";
+            return filename.substring(i + 1);
        }
        int i = cleaned.lastIndexOf('.');
        if (i > 0 && i < cleaned.length() - 1) {
            String ext = cleaned.substring(i + 1).toLowerCase(Locale.ROOT);
            if (SAFE_EXTENSION_PATTERN.matcher(ext).matches()) {
                return ext;
            }
        }
        return "dat";
    }
    private boolean isCompressedFile(MultipartFile file) {
        String ext = getExtension(file.getOriginalFilename());
        if (FORBIDDEN_COMPRESSED_EXTENSIONS.contains(ext)) {
            return true;
        }
        String mime = file.getContentType();
        return mime != null && FORBIDDEN_COMPRESSED_MIME_TYPES.contains(mime.toLowerCase());
    }
    private Path resolveWithinStorageRoot(Path relativePath) {
        try {
            Path normalizedRelative = relativePath.normalize();
            if (normalizedRelative.isAbsolute()) {
                throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Invalid attachment path");
            }
            Path absolutePath = STORAGE_ROOT.resolve(normalizedRelative).normalize();
            if (!absolutePath.startsWith(STORAGE_ROOT)) {
                throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Invalid attachment path");
            }
            return absolutePath;
        } catch (InvalidPathException e) {
            throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Invalid attachment path");
        }
    }
    private void sendAdminContactRequestNotification(CustomQuoteRequest request, int attachmentsCount) {
        if (!contactRequestAdminMailEnabled) {
            return;
        }
        if (contactRequestAdminMailAddress == null || contactRequestAdminMailAddress.isBlank()) {
            logger.warn("Contact request admin notification enabled but no admin address configured.");
            return;
        }
        Map<String, Object> templateData = new HashMap<>();
        templateData.put("requestId", request.getId());
        templateData.put("createdAt", request.getCreatedAt());
        templateData.put("requestType", safeValue(request.getRequestType()));
        templateData.put("customerType", safeValue(request.getCustomerType()));
        templateData.put("name", safeValue(request.getName()));
        templateData.put("companyName", safeValue(request.getCompanyName()));
        templateData.put("contactPerson", safeValue(request.getContactPerson()));
        templateData.put("email", safeValue(request.getEmail()));
        templateData.put("phone", safeValue(request.getPhone()));
        templateData.put("message", safeValue(request.getMessage()));
        templateData.put("attachmentsCount", attachmentsCount);
        templateData.put("currentYear", Year.now().getValue());
        emailNotificationService.sendEmail(
                contactRequestAdminMailAddress,
                "Nuova richiesta di contatto #" + request.getId(),
                "contact-request-admin",
                templateData
        );
    }
    private String safeValue(String value) {
        if (value == null || value.isBlank()) {
            return "-";
        }
        return value;
    }
 }
--- a/backend/src/main/java/com/printcalculator/controller/DevEmailTestController.java
+++ b/backend/src/main/java/com/printcalculator/controller/DevEmailTestController.java
@@ -0,0 +1,47 @@
 package com.printcalculator.controller;
 import org.springframework.context.annotation.Profile;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.thymeleaf.TemplateEngine;
 import org.thymeleaf.context.Context;
 import java.time.OffsetDateTime;
 import java.time.format.DateTimeFormatter;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.UUID;
@RestController
@RequestMapping("/api/dev/email")
@Profile("local")
 public class DevEmailTestController {
    private final TemplateEngine templateEngine;
    public DevEmailTestController(TemplateEngine templateEngine) {
        this.templateEngine = templateEngine;
    }
    @GetMapping("/test-template")
    public ResponseEntity<String> testTemplate() {
        Context context = new Context();
        Map<String, Object> templateData = new HashMap<>();
        UUID orderId = UUID.randomUUID();
        templateData.put("customerName", "Mario Rossi");
        templateData.put("orderId", orderId);
        templateData.put("orderNumber", orderId.toString().split("-")[0]);
        templateData.put("orderDetailsUrl", "https://tuosito.it/ordine/" + orderId);
        templateData.put("orderDate", OffsetDateTime.now().format(DateTimeFormatter.ofPattern("dd/MM/yyyy HH:mm")));
        templateData.put("totalCost", "45.50");
        context.setVariables(templateData);
        String html = templateEngine.process("email/order-confirmation", context);
        return ResponseEntity.ok()
                .header("Content-Type", "text/html; charset=utf-8")
                .body(html);
    }
 }
--- a/backend/src/main/java/com/printcalculator/controller/OptionsController.java
+++ b/backend/src/main/java/com/printcalculator/controller/OptionsController.java
@@ -3,28 +3,18 @@ package com.printcalculator.controller;
 import com.printcalculator.dto.OptionsResponse;
 import com.printcalculator.entity.FilamentMaterialType;
 import com.printcalculator.entity.FilamentVariant;
-import com.printcalculator.entity.LayerHeightOption;
+import com.printcalculator.entity.*; // This line replaces specific entity imports
 import com.printcalculator.entity.MaterialOrcaProfileMap;
 import com.printcalculator.entity.NozzleOption;
 import com.printcalculator.entity.PrinterMachine;
 import com.printcalculator.entity.PrinterMachineProfile;
 import com.printcalculator.repository.FilamentMaterialTypeRepository;
 import com.printcalculator.repository.FilamentVariantRepository;
 import com.printcalculator.repository.LayerHeightOptionRepository;
 import com.printcalculator.repository.MaterialOrcaProfileMapRepository;
 import com.printcalculator.repository.NozzleOptionRepository;
 import com.printcalculator.repository.PrinterMachineRepository;
 import com.printcalculator.service.OrcaProfileResolver;
 import org.springframework.http.ResponseEntity;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
-import java.math.BigDecimal;
+import java.util.ArrayList;
 import java.util.Comparator;
 import java.util.List;
 import java.util.Set;
 import java.util.stream.Collectors;
@RestController
@@ -34,177 +24,89 @@ public class OptionsController {
    private final FilamentVariantRepository variantRepo;
    private final LayerHeightOptionRepository layerHeightRepo;
    private final NozzleOptionRepository nozzleRepo;
    private final PrinterMachineRepository printerMachineRepo;
    private final MaterialOrcaProfileMapRepository materialOrcaMapRepo;
    private final OrcaProfileResolver orcaProfileResolver;
    public OptionsController(FilamentMaterialTypeRepository materialRepo,
                             FilamentVariantRepository variantRepo,
                             LayerHeightOptionRepository layerHeightRepo,
-                             NozzleOptionRepository nozzleRepo,
+                             NozzleOptionRepository nozzleRepo) {
                             PrinterMachineRepository printerMachineRepo,
                             MaterialOrcaProfileMapRepository materialOrcaMapRepo,
                             OrcaProfileResolver orcaProfileResolver) {
        this.materialRepo = materialRepo;
        this.variantRepo = variantRepo;
        this.layerHeightRepo = layerHeightRepo;
        this.nozzleRepo = nozzleRepo;
        this.printerMachineRepo = printerMachineRepo;
        this.materialOrcaMapRepo = materialOrcaMapRepo;
        this.orcaProfileResolver = orcaProfileResolver;
    }
    @GetMapping("/api/calculator/options")
-    @Transactional(readOnly = true)
+    public ResponseEntity<OptionsResponse> getOptions() {
-    public ResponseEntity<OptionsResponse> getOptions(
+        // 1. Materials & Variants
            @RequestParam(value = "printerMachineId", required = false) Long printerMachineId,
            @RequestParam(value = "nozzleDiameter", required = false) Double nozzleDiameter
    ) {
        List<FilamentMaterialType> types = materialRepo.findAll();
-        List<FilamentVariant> allVariants = variantRepo.findByIsActiveTrue().stream()
+        List<FilamentVariant> allVariants = variantRepo.findAll();
                .sorted(Comparator
                        .comparing((FilamentVariant v) -> safeMaterialCode(v.getFilamentMaterialType()), String.CASE_INSENSITIVE_ORDER)
                        .thenComparing(v -> safeString(v.getVariantDisplayName()), String.CASE_INSENSITIVE_ORDER))
                .toList();
        Set<Long> compatibleMaterialTypeIds = resolveCompatibleMaterialTypeIds(printerMachineId, nozzleDiameter);
        List<OptionsResponse.MaterialOption> materialOptions = types.stream()
                .sorted(Comparator.comparing(t -> safeString(t.getMaterialCode()), String.CASE_INSENSITIVE_ORDER))
                .map(type -> {
                    if (!compatibleMaterialTypeIds.isEmpty() && !compatibleMaterialTypeIds.contains(type.getId())) {
                        return null;
                    }
                    List<OptionsResponse.VariantOption> variants = allVariants.stream()
-                            .filter(v -> v.getFilamentMaterialType() != null
+                            .filter(v -> v.getFilamentMaterialType().getId().equals(type.getId()) && v.getIsActive())
                                    && v.getFilamentMaterialType().getId().equals(type.getId()))
                            .map(v -> new OptionsResponse.VariantOption(
                                    v.getId(),
                                    v.getVariantDisplayName(),
                                    v.getColorName(),
-                                    resolveHexColor(v),
+                                    getColorHex(v.getColorName()), // Need helper or store hex in DB
-                                    v.getFinishType() != null ? v.getFinishType() : "GLOSSY",
+                                    v.getStockSpools().doubleValue() <= 0
                                    v.getStockSpools() != null ? v.getStockSpools().doubleValue() : 0d,
                                    toStockFilamentGrams(v),
                                    v.getStockSpools() == null || v.getStockSpools().doubleValue() <= 0
                            ))
                            .collect(Collectors.toList());
-                    if (variants.isEmpty()) {
+                    // Only include material if it has active variants
-                        return null;
+                    if (variants.isEmpty()) return null;
                    }
                    return new OptionsResponse.MaterialOption(
                            type.getMaterialCode(),
-                            type.getMaterialCode() + (Boolean.TRUE.equals(type.getIsFlexible()) ? " (Flexible)" : " (Standard)"),
+                            type.getMaterialCode() + (type.getIsFlexible() ? " (Flexible)" : " (Standard)"),
                            variants
                    );
                })
                .filter(m -> m != null)
-                .toList();
+                .collect(Collectors.toList());
        // 2. Qualities (Static as per user request)
        List<OptionsResponse.QualityOption> qualities = List.of(
                new OptionsResponse.QualityOption("draft", "Draft"),
                new OptionsResponse.QualityOption("standard", "Standard"),
                new OptionsResponse.QualityOption("extra_fine", "High Definition")
        );
        // 3. Infill Patterns (Static as per user request)
        List<OptionsResponse.InfillPatternOption> patterns = List.of(
                new OptionsResponse.InfillPatternOption("grid", "Grid"),
                new OptionsResponse.InfillPatternOption("gyroid", "Gyroid"),
                new OptionsResponse.InfillPatternOption("cubic", "Cubic")
        );
        // 4. Layer Heights
        List<OptionsResponse.LayerHeightOptionDTO> layers = layerHeightRepo.findAll().stream()
-                .filter(l -> Boolean.TRUE.equals(l.getIsActive()))
+                .filter(l -> l.getIsActive())
                .sorted(Comparator.comparing(LayerHeightOption::getLayerHeightMm))
                .map(l -> new OptionsResponse.LayerHeightOptionDTO(
                        l.getLayerHeightMm().doubleValue(),
                        String.format("%.2f mm", l.getLayerHeightMm())
                ))
-                .toList();
+                .collect(Collectors.toList());
        // 5. Nozzles
        List<OptionsResponse.NozzleOptionDTO> nozzles = nozzleRepo.findAll().stream()
-                .filter(n -> Boolean.TRUE.equals(n.getIsActive()))
+                .filter(n -> n.getIsActive())
                .sorted(Comparator.comparing(NozzleOption::getNozzleDiameterMm))
                .map(n -> new OptionsResponse.NozzleOptionDTO(
                        n.getNozzleDiameterMm().doubleValue(),
                        String.format("%.1f mm%s", n.getNozzleDiameterMm(),
-                                n.getExtraNozzleChangeFeeChf().doubleValue() > 0
+                                n.getExtraNozzleChangeFeeChf().doubleValue() > 0 
-                                        ? String.format(" (+ %.2f CHF)", n.getExtraNozzleChangeFeeChf())
+                                ? String.format(" (+ %.2f CHF)", n.getExtraNozzleChangeFeeChf()) 
-                                        : " (Standard)")
+                                : " (Standard)")
                ))
-                .toList();
+                .collect(Collectors.toList());
        return ResponseEntity.ok(new OptionsResponse(materialOptions, qualities, patterns, layers, nozzles));
    }
-    private Set<Long> resolveCompatibleMaterialTypeIds(Long printerMachineId, Double nozzleDiameter) {
+    // Temporary helper until we add hex to DB
        PrinterMachine machine = null;
        if (printerMachineId != null) {
            machine = printerMachineRepo.findById(printerMachineId).orElse(null);
        }
        if (machine == null) {
            machine = printerMachineRepo.findFirstByIsActiveTrue().orElse(null);
        }
        if (machine == null) {
            return Set.of();
        }
        BigDecimal nozzle = nozzleDiameter != null
                ? BigDecimal.valueOf(nozzleDiameter)
                : BigDecimal.valueOf(0.40);
        PrinterMachineProfile machineProfile = orcaProfileResolver
                .resolveMachineProfile(machine, nozzle)
                .orElse(null);
        if (machineProfile == null) {
            return Set.of();
        }
        List<MaterialOrcaProfileMap> maps = materialOrcaMapRepo.findByPrinterMachineProfileAndIsActiveTrue(machineProfile);
        return maps.stream()
                .map(MaterialOrcaProfileMap::getFilamentMaterialType)
                .filter(m -> m != null && m.getId() != null)
                .map(FilamentMaterialType::getId)
                .collect(Collectors.toSet());
    }
    private String resolveHexColor(FilamentVariant variant) {
        if (variant.getColorHex() != null && !variant.getColorHex().isBlank()) {
            return variant.getColorHex();
        }
        return getColorHex(variant.getColorName());
    }
    private double toStockFilamentGrams(FilamentVariant variant) {
        if (variant.getStockSpools() == null || variant.getSpoolNetKg() == null) {
            return 0d;
        }
        return variant.getStockSpools()
                .multiply(variant.getSpoolNetKg())
                .multiply(BigDecimal.valueOf(1000))
                .doubleValue();
    }
    private String safeMaterialCode(FilamentMaterialType type) {
        if (type == null || type.getMaterialCode() == null) {
            return "";
        }
        return type.getMaterialCode();
    }
    private String safeString(String value) {
        return value == null ? "" : value;
    }
    // Temporary helper for legacy values where color hex is not yet set in DB
    private String getColorHex(String colorName) {
        if (colorName == null) {
            return "#9e9e9e";
        }
        String lower = colorName.toLowerCase();
        if (lower.contains("black") || lower.contains("nero")) return "#1a1a1a";
        if (lower.contains("white") || lower.contains("bianco")) return "#f5f5f5";
@@ -218,6 +120,6 @@ public class OptionsController {
        }
        if (lower.contains("purple") || lower.contains("viola")) return "#7b1fa2";
        if (lower.contains("yellow") || lower.contains("giallo")) return "#fbc02d";
-        return "#9e9e9e";
+        return "#9e9e9e"; // Default grey
    }
 }
--- a/backend/src/main/java/com/printcalculator/controller/OrderController.java
+++ b/backend/src/main/java/com/printcalculator/controller/OrderController.java
@@ -5,23 +5,22 @@ import com.printcalculator.entity.*;
 import com.printcalculator.repository.*;
 import com.printcalculator.service.InvoicePdfRenderingService;
 import com.printcalculator.service.OrderService;
 import com.printcalculator.service.PaymentService;
 import com.printcalculator.service.QrBillService;
 import com.printcalculator.service.StorageService;
 import com.printcalculator.service.TwintPaymentService;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.util.StringUtils;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 import jakarta.validation.Valid;
 import java.io.IOException;
-
+import java.math.BigDecimal;
-import java.nio.file.InvalidPathException;
+import java.nio.file.Files;
 import java.nio.file.Path;
-
+import java.nio.file.Paths;
 import java.time.OffsetDateTime;
 import java.time.format.DateTimeFormatter;
 import java.util.List;
 import java.util.UUID;
 import java.util.Map;
@@ -29,13 +28,10 @@ import java.util.HashMap;
 import java.util.Base64;
 import java.util.stream.Collectors;
 import java.net.URI;
 import java.util.Locale;
 import java.util.regex.Pattern;
@RestController
@RequestMapping("/api/orders")
 public class OrderController {
    private static final Pattern SAFE_EXTENSION_PATTERN = Pattern.compile("^[a-z0-9]{1,10}$");
    private final OrderService orderService;
    private final OrderRepository orderRepo;
@@ -47,8 +43,6 @@ public class OrderController {
    private final InvoicePdfRenderingService invoiceService;
    private final QrBillService qrBillService;
    private final TwintPaymentService twintPaymentService;
    private final PaymentService paymentService;
    private final PaymentRepository paymentRepo;
    public OrderController(OrderService orderService,
@@ -60,9 +54,7 @@ public class OrderController {
                           StorageService storageService,
                           InvoicePdfRenderingService invoiceService,
                           QrBillService qrBillService,
-                           TwintPaymentService twintPaymentService,
+                           TwintPaymentService twintPaymentService) {
                           PaymentService paymentService,
                           PaymentRepository paymentRepo) {
        this.orderService = orderService;
        this.orderRepo = orderRepo;
        this.orderItemRepo = orderItemRepo;
@@ -73,8 +65,6 @@ public class OrderController {
        this.invoiceService = invoiceService;
        this.qrBillService = qrBillService;
        this.twintPaymentService = twintPaymentService;
        this.paymentService = paymentService;
        this.paymentRepo = paymentRepo;
    }
@@ -83,7 +73,7 @@ public class OrderController {
    @Transactional
    public ResponseEntity<OrderDto> createOrderFromQuote(
            @PathVariable UUID quoteSessionId,
-            @Valid @RequestBody com.printcalculator.dto.CreateOrderRequest request
+            @RequestBody com.printcalculator.dto.CreateOrderRequest request
    ) {
        Order order = orderService.createOrderFromQuote(quoteSessionId, request);
        List<OrderItem> items = orderItemRepo.findByOrder_Id(order.getId());
@@ -106,21 +96,15 @@ public class OrderController {
        }
        String relativePath = item.getStoredRelativePath();
        Path destinationRelativePath;
        if (relativePath == null || relativePath.equals("PENDING")) {
             String ext = getExtension(file.getOriginalFilename());
-             String storedFilename = UUID.randomUUID() + "." + ext;
+             String storedFilename = UUID.randomUUID().toString() + "." + ext;
-             destinationRelativePath = Path.of("orders", orderId.toString(), "3d-files", orderItemId.toString(), storedFilename);
+             relativePath = "orders/" + orderId + "/3d-files/" + orderItemId + "/" + storedFilename;
-             item.setStoredRelativePath(destinationRelativePath.toString());
+             item.setStoredRelativePath(relativePath);
             item.setStoredFilename(storedFilename);
        } else {
            destinationRelativePath = resolveOrderItemRelativePath(relativePath, orderId, orderItemId);
            if (destinationRelativePath == null) {
                return ResponseEntity.badRequest().build();
            }
        }
-
+        
-        storageService.store(file, destinationRelativePath);
+        storageService.store(file, Paths.get(relativePath));
        item.setFileSizeBytes(file.getSize());
        item.setMimeType(file.getContentType());
        orderItemRepo.save(item);
@@ -138,79 +122,87 @@ public class OrderController {
                .orElse(ResponseEntity.notFound().build());
    }
    @PostMapping("/{orderId}/payments/report")
    @Transactional
    public ResponseEntity<OrderDto> reportPayment(
            @PathVariable UUID orderId,
            @RequestBody Map<String, String> payload
    ) {
        String method = payload.get("method");
        paymentService.reportPayment(orderId, method);
        return getOrder(orderId);
    }
    @GetMapping("/{orderId}/confirmation")
    public ResponseEntity<byte[]> getConfirmation(@PathVariable UUID orderId) {
        return generateDocument(orderId, true);
    }
    @GetMapping("/{orderId}/invoice")
    public ResponseEntity<byte[]> getInvoice(@PathVariable UUID orderId) {
        // Paid invoices are sent by email after back-office payment confirmation.
        // The public endpoint must not expose a "paid" invoice download.
        return ResponseEntity.notFound().build();
    }
    private ResponseEntity<byte[]> generateDocument(UUID orderId, boolean isConfirmation) {
        Order order = orderRepo.findById(orderId)
                .orElseThrow(() -> new RuntimeException("Order not found"));
-        if (isConfirmation) {
+        List<OrderItem> items = orderItemRepo.findByOrder_Id(orderId);
-            Path relativePath = buildConfirmationPdfRelativePath(order);
+
-            try {
+        Map<String, Object> vars = new HashMap<>();
-                byte[] existingPdf = storageService.loadAsResource(relativePath).getInputStream().readAllBytes();
+        vars.put("sellerDisplayName", "3D Fab Switzerland");
-                return ResponseEntity.ok()
+        vars.put("sellerAddressLine1", "Sede Ticino, Svizzera");
-                        .header("Content-Disposition", "attachment; filename=\"confirmation-" + getDisplayOrderNumber(order) + ".pdf\"")
+        vars.put("sellerAddressLine2", "Sede Bienne, Svizzera");
-                        .contentType(MediaType.APPLICATION_PDF)
+        vars.put("sellerEmail", "info@3dfab.ch");
-                        .body(existingPdf);
+
-            } catch (Exception ignored) {
+        vars.put("invoiceNumber", "INV-" + getDisplayOrderNumber(order).toUpperCase());
-                // Fallback to on-the-fly generation if the stored file is missing or unreadable.
+        vars.put("invoiceDate", order.getCreatedAt().format(DateTimeFormatter.ISO_LOCAL_DATE));
        vars.put("dueDate", order.getCreatedAt().plusDays(7).format(DateTimeFormatter.ISO_LOCAL_DATE));
        String buyerName = order.getBillingCustomerType().equals("BUSINESS") 
            ? order.getBillingCompanyName() 
            : order.getBillingFirstName() + " " + order.getBillingLastName();
        vars.put("buyerDisplayName", buyerName);
        vars.put("buyerAddressLine1", order.getBillingAddressLine1());
        vars.put("buyerAddressLine2", order.getBillingZip() + " " + order.getBillingCity() + ", " + order.getBillingCountryCode());
        List<Map<String, Object>> invoiceLineItems = items.stream().map(i -> {
            Map<String, Object> line = new HashMap<>();
            line.put("description", "Stampa 3D: " + i.getOriginalFilename());
            line.put("quantity", i.getQuantity());
            line.put("unitPriceFormatted", String.format("CHF %.2f", i.getUnitPriceChf()));
            line.put("lineTotalFormatted", String.format("CHF %.2f", i.getLineTotalChf()));
            return line;
        }).collect(Collectors.toList());
        Map<String, Object> setupLine = new HashMap<>();
        setupLine.put("description", "Costo Setup");
        setupLine.put("quantity", 1);
        setupLine.put("unitPriceFormatted", String.format("CHF %.2f", order.getSetupCostChf()));
        setupLine.put("lineTotalFormatted", String.format("CHF %.2f", order.getSetupCostChf()));
        invoiceLineItems.add(setupLine);
        Map<String, Object> shippingLine = new HashMap<>();
        shippingLine.put("description", "Spedizione");
        shippingLine.put("quantity", 1);
        shippingLine.put("unitPriceFormatted", String.format("CHF %.2f", order.getShippingCostChf()));
        shippingLine.put("lineTotalFormatted", String.format("CHF %.2f", order.getShippingCostChf()));
        invoiceLineItems.add(shippingLine);
        vars.put("invoiceLineItems", invoiceLineItems);
        vars.put("subtotalFormatted", String.format("CHF %.2f", order.getSubtotalChf()));
        vars.put("grandTotalFormatted", String.format("CHF %.2f", order.getTotalChf()));
        vars.put("paymentTermsText", "Pagamento entro 7 giorni via Bonifico o TWINT. Grazie.");
        String qrBillSvg = new String(qrBillService.generateQrBillSvg(order), java.nio.charset.StandardCharsets.UTF_8);
        // Strip XML declaration and DOCTYPE if present, as they validity break the embedding HTML page
        if (qrBillSvg.contains("<?xml")) {
            int svgStartIndex = qrBillSvg.indexOf("<svg");
            if (svgStartIndex != -1) {
                qrBillSvg = qrBillSvg.substring(svgStartIndex);
            }
        }
        byte[] pdf = invoiceService.generateInvoicePdfBytesFromTemplate(vars, qrBillSvg);
        List<OrderItem> items = orderItemRepo.findByOrder_Id(orderId);
        Payment payment = paymentRepo.findByOrder_Id(orderId).orElse(null);
        byte[] pdf = invoiceService.generateDocumentPdf(order, items, isConfirmation, qrBillService, payment);
        String typePrefix = isConfirmation ? "confirmation-" : "invoice-";
        String truncatedUuid = order.getId().toString().substring(0, 8);
        return ResponseEntity.ok()
-                .header("Content-Disposition", "attachment; filename=\"" + typePrefix + truncatedUuid + ".pdf\"")
+                .header("Content-Disposition", "attachment; filename=\"invoice-" + getDisplayOrderNumber(order) + ".pdf\"")
                .contentType(MediaType.APPLICATION_PDF)
                .body(pdf);
    }
    private Path buildConfirmationPdfRelativePath(Order order) {
        return Path.of(
                "orders",
                order.getId().toString(),
                "documents",
                "confirmation-" + getDisplayOrderNumber(order) + ".pdf"
        );
    }
    @GetMapping("/{orderId}/twint")
    public ResponseEntity<Map<String, String>> getTwintPayment(@PathVariable UUID orderId) {
-        Order order = orderRepo.findById(orderId).orElse(null);
+        if (!orderRepo.existsById(orderId)) {
        if (order == null) {
            return ResponseEntity.notFound().build();
        }
-        byte[] qrPng = twintPaymentService.generateQrPng(order, 360);
+        byte[] qrPng = twintPaymentService.generateQrPng(360);
        String qrDataUri = "data:image/png;base64," + Base64.getEncoder().encodeToString(qrPng);
        Map<String, String> data = new HashMap<>();
-        data.put("paymentUrl", twintPaymentService.getTwintPaymentUrl(order));
+        data.put("paymentUrl", twintPaymentService.getTwintPaymentUrl());
        data.put("openUrl", "/api/orders/" + orderId + "/twint/open");
        data.put("qrImageUrl", "/api/orders/" + orderId + "/twint/qr");
        data.put("qrImageDataUri", qrDataUri);
@@ -219,13 +211,12 @@ public class OrderController {
    @GetMapping("/{orderId}/twint/open")
    public ResponseEntity<Void> openTwintPayment(@PathVariable UUID orderId) {
-        Order order = orderRepo.findById(orderId).orElse(null);
+        if (!orderRepo.existsById(orderId)) {
        if (order == null) {
            return ResponseEntity.notFound().build();
        }
        return ResponseEntity.status(302)
-                .location(URI.create(twintPaymentService.getTwintPaymentUrl(order)))
+                .location(URI.create(twintPaymentService.getTwintPaymentUrl()))
                .build();
    }
@@ -234,13 +225,12 @@ public class OrderController {
            @PathVariable UUID orderId,
            @RequestParam(defaultValue = "320") int size
    ) {
-        Order order = orderRepo.findById(orderId).orElse(null);
+        if (!orderRepo.existsById(orderId)) {
        if (order == null) {
            return ResponseEntity.notFound().build();
        }
        int normalizedSize = Math.max(200, Math.min(size, 600));
-        byte[] png = twintPaymentService.generateQrPng(order, normalizedSize);
+        byte[] png = twintPaymentService.generateQrPng(normalizedSize);
        return ResponseEntity.ok()
                .contentType(MediaType.IMAGE_PNG)
@@ -249,52 +239,20 @@ public class OrderController {
    private String getExtension(String filename) {
        if (filename == null) return "stl";
-        String cleaned = StringUtils.cleanPath(filename);
+        int i = filename.lastIndexOf('.');
-        if (cleaned.contains("..")) {
+        if (i > 0) {
-            return "stl";
+            return filename.substring(i + 1);
        }
        int i = cleaned.lastIndexOf('.');
        if (i > 0 && i < cleaned.length() - 1) {
            String ext = cleaned.substring(i + 1).toLowerCase(Locale.ROOT);
            if (SAFE_EXTENSION_PATTERN.matcher(ext).matches()) {
                return ext;
            }
        }
        return "stl";
    }
    private Path resolveOrderItemRelativePath(String storedRelativePath, UUID orderId, UUID orderItemId) {
        try {
            Path candidate = Path.of(storedRelativePath).normalize();
            if (candidate.isAbsolute()) {
                return null;
            }
            Path expectedPrefix = Path.of("orders", orderId.toString(), "3d-files", orderItemId.toString());
            if (!candidate.startsWith(expectedPrefix)) {
                return null;
            }
            return candidate;
        } catch (InvalidPathException e) {
            return null;
        }
    }
    private OrderDto convertToDto(Order order, List<OrderItem> items) {
        OrderDto dto = new OrderDto();
        dto.setId(order.getId());
        dto.setOrderNumber(getDisplayOrderNumber(order));
        dto.setStatus(order.getStatus());
        paymentRepo.findByOrder_Id(order.getId()).ifPresent(p -> {
            dto.setPaymentStatus(p.getStatus());
            dto.setPaymentMethod(p.getMethod());
        });
        dto.setCustomerEmail(order.getCustomerEmail());
        dto.setCustomerPhone(order.getCustomerPhone());
        dto.setPreferredLanguage(order.getPreferredLanguage());
        dto.setBillingCustomerType(order.getBillingCustomerType());
        dto.setCurrency(order.getCurrency());
        dto.setSetupCostChf(order.getSetupCostChf());
--- a/backend/src/main/java/com/printcalculator/controller/QuoteSessionController.java
+++ b/backend/src/main/java/com/printcalculator/controller/QuoteSessionController.java
@@ -1,45 +1,31 @@
 package com.printcalculator.controller;
 import com.printcalculator.entity.FilamentMaterialType;
 import com.printcalculator.entity.FilamentVariant;
 import com.printcalculator.entity.PrinterMachine;
 import com.printcalculator.entity.QuoteLineItem;
 import com.printcalculator.entity.QuoteSession;
 import com.printcalculator.model.ModelDimensions;
 import com.printcalculator.model.PrintStats;
 import com.printcalculator.model.QuoteResult;
 import com.printcalculator.repository.FilamentMaterialTypeRepository;
 import com.printcalculator.repository.FilamentVariantRepository;
 import com.printcalculator.repository.PrinterMachineRepository;
 import com.printcalculator.repository.QuoteLineItemRepository;
 import com.printcalculator.repository.QuoteSessionRepository;
 import com.printcalculator.service.OrcaProfileResolver;
 import com.printcalculator.service.QuoteCalculator;
 import com.printcalculator.service.SlicerService;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 import java.io.IOException;
 import java.io.InputStream;
 import java.math.BigDecimal;
 import java.math.RoundingMode;
 import java.nio.file.Files;
 import java.nio.file.InvalidPathException;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.nio.file.StandardCopyOption;
 import java.time.OffsetDateTime;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.UUID;
 import java.util.Optional;
 import java.util.Locale;
 import org.springframework.core.io.Resource;
 import org.springframework.core.io.UrlResource;
@@ -47,27 +33,24 @@ import org.springframework.core.io.UrlResource;
@RequestMapping("/api/quote-sessions")
 public class QuoteSessionController {
    private static final Path QUOTE_STORAGE_ROOT = Paths.get("storage_quotes").toAbsolutePath().normalize();
    private final QuoteSessionRepository sessionRepo;
    private final QuoteLineItemRepository lineItemRepo;
    private final SlicerService slicerService;
    private final QuoteCalculator quoteCalculator;
    private final PrinterMachineRepository machineRepo;
    private final FilamentMaterialTypeRepository materialRepo;
    private final FilamentVariantRepository variantRepo;
    private final OrcaProfileResolver orcaProfileResolver;
    private final com.printcalculator.repository.PricingPolicyRepository pricingRepo;
    private final com.printcalculator.service.ClamAVService clamAVService;
    // Defaults
    private static final String DEFAULT_FILAMENT = "pla_basic";
    private static final String DEFAULT_PROCESS = "standard";
    public QuoteSessionController(QuoteSessionRepository sessionRepo,
                                  QuoteLineItemRepository lineItemRepo,
                                  SlicerService slicerService,
                                  QuoteCalculator quoteCalculator,
                                  PrinterMachineRepository machineRepo,
                                  FilamentMaterialTypeRepository materialRepo,
                                  FilamentVariantRepository variantRepo,
                                  OrcaProfileResolver orcaProfileResolver,
                                  com.printcalculator.repository.PricingPolicyRepository pricingRepo,
                                  com.printcalculator.service.ClamAVService clamAVService) {
        this.sessionRepo = sessionRepo;
@@ -75,9 +58,6 @@ public class QuoteSessionController {
        this.slicerService = slicerService;
        this.quoteCalculator = quoteCalculator;
        this.machineRepo = machineRepo;
        this.materialRepo = materialRepo;
        this.variantRepo = variantRepo;
        this.orcaProfileResolver = orcaProfileResolver;
        this.pricingRepo = pricingRepo;
        this.clamAVService = clamAVService;
    }
@@ -91,13 +71,13 @@ public class QuoteSessionController {
        session.setPricingVersion("v1");
        // Default material/settings will be set when items are added or updated?
        // For now set safe defaults
-        session.setMaterialCode("PLA"); 
+        session.setMaterialCode("pla_basic"); 
        session.setSupportsEnabled(false);
        session.setCreatedAt(OffsetDateTime.now());
        session.setExpiresAt(OffsetDateTime.now().plusDays(30)); 
        var policy = pricingRepo.findFirstByIsActiveTrueOrderByValidFromDesc();
-        session.setSetupCostChf(quoteCalculator.calculateSessionSetupFee(policy));
+        session.setSetupCostChf(policy != null ? policy.getFixedJobFeeChf() : BigDecimal.ZERO);
        session = sessionRepo.save(session);
        return ResponseEntity.ok(session);
@@ -127,54 +107,54 @@ public class QuoteSessionController {
        // 1. Define Persistent Storage Path
        // Structure: storage_quotes/{sessionId}/{uuid}.{ext}
-        Path sessionStorageDir = QUOTE_STORAGE_ROOT.resolve(session.getId().toString()).normalize();
+        String storageDir = "storage_quotes/" + session.getId();
-        if (!sessionStorageDir.startsWith(QUOTE_STORAGE_ROOT)) {
+        Files.createDirectories(Paths.get(storageDir));
-            throw new IOException("Invalid quote session storage path");
+        
        }
        Files.createDirectories(sessionStorageDir);
        String originalFilename = file.getOriginalFilename();
-        String ext = getSafeExtension(originalFilename, "stl");
+        String ext = originalFilename != null && originalFilename.contains(".") 
-        String storedFilename = UUID.randomUUID() + "." + ext;
+                     ? originalFilename.substring(originalFilename.lastIndexOf(".")) 
-        Path persistentPath = sessionStorageDir.resolve(storedFilename).normalize();
+                     : ".stl";
-        if (!persistentPath.startsWith(sessionStorageDir)) {
+        
-            throw new IOException("Invalid quote line-item storage path");
+        String storedFilename = UUID.randomUUID() + ext;
-        }
+        Path persistentPath = Paths.get(storageDir, storedFilename);
-
+        
        // Save file
-        try (InputStream inputStream = file.getInputStream()) {
+        Files.copy(file.getInputStream(), persistentPath);
            Files.copy(inputStream, persistentPath, StandardCopyOption.REPLACE_EXISTING);
        }
        try {
            // Apply Basic/Advanced Logic
            applyPrintSettings(settings);
-            BigDecimal nozzleDiameter = BigDecimal.valueOf(settings.getNozzleDiameter() != null ? settings.getNozzleDiameter() : 0.4);
+            // REAL SLICING
            // 1. Pick Machine (default to first active or specific)
            PrinterMachine machine = machineRepo.findFirstByIsActiveTrue()
                    .orElseThrow(() -> new RuntimeException("No active printer found"));
            // 2. Pick Profiles
            String machineProfile = machine.getPrinterDisplayName(); // e.g. "Bambu Lab A1 0.4 nozzle"
            // If the display name doesn't match the json profile name, we might need a mapping key in DB.
            // For now assuming display name works or we use a tough default
             machineProfile = "Bambu Lab A1 0.4 nozzle"; // Force known good for now? Or use DB field if exists. 
             // Ideally: machine.getSlicerProfileName();
            String filamentProfile = "Generic " + (settings.getMaterial() != null ? settings.getMaterial().toUpperCase() : "PLA");
            // Mapping: "pla_basic" -> "Generic PLA", "petg_basic" -> "Generic PETG"
            if (settings.getMaterial() != null) {
                if (settings.getMaterial().toLowerCase().contains("pla")) filamentProfile = "Generic PLA";
                else if (settings.getMaterial().toLowerCase().contains("petg")) filamentProfile = "Generic PETG";
                else if (settings.getMaterial().toLowerCase().contains("tpu")) filamentProfile = "Generic TPU";
                else if (settings.getMaterial().toLowerCase().contains("abs")) filamentProfile = "Generic ABS";
            }
-            // Pick machine (selected machine if provided, otherwise first active)
+            String processProfile = "0.20mm Standard @BBL A1"; 
-            PrinterMachine machine = resolvePrinterMachine(settings.getPrinterMachineId());
+            // Mapping quality to process
-
+            // "standard" -> "0.20mm Standard @BBL A1"
-            // Resolve selected filament variant
+            // "draft" -> "0.28mm Extra Draft @BBL A1"
-            FilamentVariant selectedVariant = resolveFilamentVariant(settings);
+            // "high" -> "0.12mm Fine @BBL A1" (approx names, need to be exact for Orca)
-
+            // Let's use robust defaults or simple overrides
            // Update session global settings from the most recent item added
            session.setMaterialCode(selectedVariant.getFilamentMaterialType().getMaterialCode());
            session.setNozzleDiameterMm(nozzleDiameter);
            session.setLayerHeightMm(BigDecimal.valueOf(settings.getLayerHeight() != null ? settings.getLayerHeight() : 0.2));
            session.setInfillPattern(settings.getInfillPattern());
            session.setInfillPercent(settings.getInfillDensity() != null ? settings.getInfillDensity().intValue() : 20);
            session.setSupportsEnabled(settings.getSupportsEnabled() != null ? settings.getSupportsEnabled() : false);
            sessionRepo.save(session);
            OrcaProfileResolver.ResolvedProfiles profiles = orcaProfileResolver.resolve(machine, nozzleDiameter, selectedVariant);
            String machineProfile = profiles.machineProfileName();
            String filamentProfile = profiles.filamentProfileName();
            String processProfile = "standard";
            if (settings.getLayerHeight() != null) {
-                 if (settings.getLayerHeight() >= 0.28) processProfile = "draft";
+                 if (settings.getLayerHeight() >= 0.28) processProfile = "0.28mm Extra Draft @BBL A1";
-                 else if (settings.getLayerHeight() <= 0.12) processProfile = "extra_fine";
+                 else if (settings.getLayerHeight() <= 0.12) processProfile = "0.12mm Fine @BBL A1";
            }
            // Build overrides map from settings
@@ -192,20 +172,17 @@ public class QuoteSessionController {
                null, // machine overrides
                processOverrides
            );
            Optional<ModelDimensions> modelDimensions = slicerService.inspectModelDimensions(persistentPath.toFile());
            // 4. Calculate Quote
-            QuoteResult result = quoteCalculator.calculate(stats, machine.getPrinterDisplayName(), selectedVariant);
+            QuoteResult result = quoteCalculator.calculate(stats, machine.getPrinterDisplayName(), filamentProfile);
            // 5. Create Line Item
            QuoteLineItem item = new QuoteLineItem();
            item.setQuoteSession(session);
            item.setOriginalFilename(file.getOriginalFilename());
-            item.setStoredPath(QUOTE_STORAGE_ROOT.relativize(persistentPath).toString()); // SAVE PATH (relative to root)
+            item.setStoredPath(persistentPath.toString()); // SAVE PATH
            item.setQuantity(1);
-            item.setColorCode(selectedVariant.getColorName());
+            item.setColorCode(settings.getColor() != null ? settings.getColor() : "#FFFFFF");
            item.setFilamentVariant(selectedVariant);
            item.setStatus("READY"); // or CALCULATED
            item.setPrintTimeSeconds((int) stats.printTimeSeconds());
@@ -214,20 +191,19 @@ public class QuoteSessionController {
            // Store breakdown
            Map<String, Object> breakdown = new HashMap<>();
-            breakdown.put("machine_cost", result.getTotalPrice()); // Excludes setup fee which is at session level
+            breakdown.put("machine_cost", result.getTotalPrice() - result.getSetupCost()); // Approximation? 
-            breakdown.put("setup_fee", 0);
+            // Better: QuoteResult could expose detailed breakdown. For now just storing what we have.
            breakdown.put("setup_fee", result.getSetupCost());
            item.setPricingBreakdown(breakdown);
-            // Dimensions for shipping/package checks are computed server-side from the uploaded model.
+            // Dimensions
-            item.setBoundingBoxXMm(modelDimensions
+            // Cannot get bb from GCodeParser yet? 
-                    .map(dim -> BigDecimal.valueOf(dim.xMm()))
+            // If GCodeParser doesn't return size, we might defaults or 0.
-                    .orElseGet(() -> settings.getBoundingBoxX() != null ? BigDecimal.valueOf(settings.getBoundingBoxX()) : BigDecimal.ZERO));
+            // Stats has filament used. 
-            item.setBoundingBoxYMm(modelDimensions
+            // Let's set dummy for now or upgrade parser later.
-                    .map(dim -> BigDecimal.valueOf(dim.yMm()))
+            item.setBoundingBoxXMm(BigDecimal.ZERO);
-                    .orElseGet(() -> settings.getBoundingBoxY() != null ? BigDecimal.valueOf(settings.getBoundingBoxY()) : BigDecimal.ZERO));
+            item.setBoundingBoxYMm(BigDecimal.ZERO);
-            item.setBoundingBoxZMm(modelDimensions
+            item.setBoundingBoxZMm(BigDecimal.ZERO);
                    .map(dim -> BigDecimal.valueOf(dim.zMm()))
                    .orElseGet(() -> settings.getBoundingBoxZ() != null ? BigDecimal.valueOf(settings.getBoundingBoxZ()) : BigDecimal.ZERO));
            item.setCreatedAt(OffsetDateTime.now());
            item.setUpdatedAt(OffsetDateTime.now());
@@ -260,7 +236,7 @@ public class QuoteSessionController {
                case "standard":
                default:
                    settings.setLayerHeight(0.20);
-                    settings.setInfillDensity(15.0);
+                    settings.setInfillDensity(20.0);
                    settings.setInfillPattern("grid");
                    break;
            }
@@ -272,60 +248,6 @@ public class QuoteSessionController {
        }
    }
    private PrinterMachine resolvePrinterMachine(Long printerMachineId) {
        if (printerMachineId != null) {
            PrinterMachine selected = machineRepo.findById(printerMachineId)
                    .orElseThrow(() -> new RuntimeException("Printer machine not found: " + printerMachineId));
            if (!Boolean.TRUE.equals(selected.getIsActive())) {
                throw new RuntimeException("Selected printer machine is not active");
            }
            return selected;
        }
        return machineRepo.findFirstByIsActiveTrue()
                .orElseThrow(() -> new RuntimeException("No active printer found"));
    }
    private FilamentVariant resolveFilamentVariant(com.printcalculator.dto.PrintSettingsDto settings) {
        if (settings.getFilamentVariantId() != null) {
            FilamentVariant variant = variantRepo.findById(settings.getFilamentVariantId())
                    .orElseThrow(() -> new RuntimeException("Filament variant not found: " + settings.getFilamentVariantId()));
            if (!Boolean.TRUE.equals(variant.getIsActive())) {
                throw new RuntimeException("Selected filament variant is not active");
            }
            return variant;
        }
        String requestedMaterialCode = normalizeRequestedMaterialCode(settings.getMaterial());
        FilamentMaterialType materialType = materialRepo.findByMaterialCode(requestedMaterialCode)
                .orElseGet(() -> materialRepo.findByMaterialCode("PLA")
                        .orElseThrow(() -> new RuntimeException("Fallback material PLA not configured")));
        String requestedColor = settings.getColor() != null ? settings.getColor().trim() : null;
        if (requestedColor != null && !requestedColor.isBlank()) {
            Optional<FilamentVariant> byColor = variantRepo.findByFilamentMaterialTypeAndColorName(materialType, requestedColor);
            if (byColor.isPresent() && Boolean.TRUE.equals(byColor.get().getIsActive())) {
                return byColor.get();
            }
        }
        return variantRepo.findFirstByFilamentMaterialTypeAndIsActiveTrue(materialType)
                .orElseThrow(() -> new RuntimeException("No active variant for material: " + requestedMaterialCode));
    }
    private String normalizeRequestedMaterialCode(String value) {
        if (value == null || value.isBlank()) {
            return "PLA";
        }
        return value.trim()
                .toUpperCase(Locale.ROOT)
                .replace('_', ' ')
                .replace('-', ' ')
                .replaceAll("\\s+", " ");
    }
    // 3. Update Line Item
    @PatchMapping("/line-items/{lineItemId}")
    @Transactional
@@ -377,88 +299,20 @@ public class QuoteSessionController {
        List<QuoteLineItem> items = lineItemRepo.findByQuoteSessionId(id);
-        // Calculate Totals and global session hours
+        // Calculate Totals
        BigDecimal itemsTotal = BigDecimal.ZERO;
        BigDecimal totalSeconds = BigDecimal.ZERO;
        for (QuoteLineItem item : items) {
            BigDecimal lineTotal = item.getUnitPriceChf().multiply(BigDecimal.valueOf(item.getQuantity()));
            itemsTotal = itemsTotal.add(lineTotal);
            if (item.getPrintTimeSeconds() != null) {
                totalSeconds = totalSeconds.add(BigDecimal.valueOf(item.getPrintTimeSeconds()).multiply(BigDecimal.valueOf(item.getQuantity())));
            }
        }
        BigDecimal totalHours = totalSeconds.divide(BigDecimal.valueOf(3600), 4, RoundingMode.HALF_UP);
        com.printcalculator.entity.PricingPolicy policy = pricingRepo.findFirstByIsActiveTrueOrderByValidFromDesc();
        BigDecimal globalMachineCost = quoteCalculator.calculateSessionMachineCost(policy, totalHours);
        itemsTotal = itemsTotal.add(globalMachineCost);
        // Map items to DTO to embed distributed machine cost
        List<Map<String, Object>> itemsDto = new ArrayList<>();
        for (QuoteLineItem item : items) {
            Map<String, Object> dto = new HashMap<>();
            dto.put("id", item.getId());
            dto.put("originalFilename", item.getOriginalFilename());
            dto.put("quantity", item.getQuantity());
            dto.put("printTimeSeconds", item.getPrintTimeSeconds());
            dto.put("materialGrams", item.getMaterialGrams());
            dto.put("colorCode", item.getColorCode());
            dto.put("filamentVariantId", item.getFilamentVariant() != null ? item.getFilamentVariant().getId() : null);
            dto.put("status", item.getStatus());
            BigDecimal unitPrice = item.getUnitPriceChf();
            if (totalSeconds.compareTo(BigDecimal.ZERO) > 0 && item.getPrintTimeSeconds() != null) {
                BigDecimal itemSeconds = BigDecimal.valueOf(item.getPrintTimeSeconds()).multiply(BigDecimal.valueOf(item.getQuantity()));
                BigDecimal share = itemSeconds.divide(totalSeconds, 8, RoundingMode.HALF_UP);
                BigDecimal itemMachineCost = globalMachineCost.multiply(share);
                BigDecimal unitMachineCost = itemMachineCost.divide(BigDecimal.valueOf(item.getQuantity()), 2, RoundingMode.HALF_UP);
                unitPrice = unitPrice.add(unitMachineCost);
            }
            dto.put("unitPriceChf", unitPrice);
            itemsDto.add(dto);
        }
        BigDecimal setupFee = session.getSetupCostChf() != null ? session.getSetupCostChf() : BigDecimal.ZERO;
-        
+        BigDecimal grandTotal = itemsTotal.add(setupFee);
        // Calculate shipping cost based on dimensions
        boolean exceedsBaseSize = false;
        for (QuoteLineItem item : items) {
            BigDecimal x = item.getBoundingBoxXMm() != null ? item.getBoundingBoxXMm() : BigDecimal.ZERO;
            BigDecimal y = item.getBoundingBoxYMm() != null ? item.getBoundingBoxYMm() : BigDecimal.ZERO;
            BigDecimal z = item.getBoundingBoxZMm() != null ? item.getBoundingBoxZMm() : BigDecimal.ZERO;
            BigDecimal[] dims = {x, y, z};
            java.util.Arrays.sort(dims);
            if (dims[2].compareTo(BigDecimal.valueOf(250.0)) > 0 ||
                dims[1].compareTo(BigDecimal.valueOf(176.0)) > 0 ||
                dims[0].compareTo(BigDecimal.valueOf(20.0)) > 0) {
                exceedsBaseSize = true;
                break;
            }
        }
        int totalQuantity = items.stream()
                .mapToInt(i -> i.getQuantity() != null ? i.getQuantity() : 1)
                .sum();
        BigDecimal shippingCostChf;
        if (exceedsBaseSize) {
            shippingCostChf = totalQuantity > 5 ? BigDecimal.valueOf(9.00) : BigDecimal.valueOf(4.00);
        } else {
            shippingCostChf = BigDecimal.valueOf(2.00);
        }
        BigDecimal grandTotal = itemsTotal.add(setupFee).add(shippingCostChf);
        Map<String, Object> response = new HashMap<>();
        response.put("session", session);
-        response.put("items", itemsDto);
+        response.put("items", items);
-        response.put("itemsTotalChf", itemsTotal); // Includes the base cost of all items + the global tiered machine cost
+        response.put("itemsTotalChf", itemsTotal);
        response.put("shippingCostChf", shippingCostChf);
        response.put("globalMachineCostChf", globalMachineCost); // Provide it so frontend knows how much it was (optional now)
        response.put("grandTotalChf", grandTotal);
        return ResponseEntity.ok(response);
@@ -481,54 +335,16 @@ public class QuoteSessionController {
            return ResponseEntity.notFound().build();
        }
-        Path path = resolveStoredQuotePath(item.getStoredPath(), sessionId);
+        Path path = Paths.get(item.getStoredPath());
-        if (path == null || !Files.exists(path)) {
+        if (!Files.exists(path)) {
            return ResponseEntity.notFound().build();
        }
-        org.springframework.core.io.Resource resource = new UrlResource(path.toUri());
+        org.springframework.core.io.Resource resource = new org.springframework.core.io.UrlResource(path.toUri());
        return ResponseEntity.ok()
                .contentType(MediaType.APPLICATION_OCTET_STREAM)
                .header(org.springframework.http.HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=\"" + item.getOriginalFilename() + "\"")
                .body(resource);
    }
    private String getSafeExtension(String filename, String fallback) {
        if (filename == null) {
            return fallback;
        }
        String cleaned = StringUtils.cleanPath(filename);
        if (cleaned.contains("..")) {
            return fallback;
        }
        int index = cleaned.lastIndexOf('.');
        if (index <= 0 || index >= cleaned.length() - 1) {
            return fallback;
        }
        String ext = cleaned.substring(index + 1).toLowerCase(Locale.ROOT);
        return switch (ext) {
            case "stl" -> "stl";
            case "3mf" -> "3mf";
            case "step", "stp" -> "step";
            default -> fallback;
        };
    }
    private Path resolveStoredQuotePath(String storedPath, UUID expectedSessionId) {
        if (storedPath == null || storedPath.isBlank()) {
            return null;
        }
        try {
            Path raw = Path.of(storedPath).normalize();
            Path resolved = raw.isAbsolute() ? raw : QUOTE_STORAGE_ROOT.resolve(raw).normalize();
            Path expectedSessionRoot = QUOTE_STORAGE_ROOT.resolve(expectedSessionId.toString()).normalize();
            if (!resolved.startsWith(expectedSessionRoot)) {
                return null;
            }
            return resolved;
        } catch (InvalidPathException e) {
            return null;
        }
    }
 }
--- a/backend/src/main/java/com/printcalculator/controller/admin/AdminAuthController.java
+++ b/backend/src/main/java/com/printcalculator/controller/admin/AdminAuthController.java
@@ -1,83 +0,0 @@
 package com.printcalculator.controller.admin;
 import com.printcalculator.dto.AdminLoginRequest;
 import com.printcalculator.security.AdminLoginThrottleService;
 import com.printcalculator.security.AdminSessionService;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import jakarta.validation.Valid;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import java.util.Map;
 import java.util.OptionalLong;
@RestController
@RequestMapping("/api/admin/auth")
 public class AdminAuthController {
    private final AdminSessionService adminSessionService;
    private final AdminLoginThrottleService adminLoginThrottleService;
    public AdminAuthController(
            AdminSessionService adminSessionService,
            AdminLoginThrottleService adminLoginThrottleService
    ) {
        this.adminSessionService = adminSessionService;
        this.adminLoginThrottleService = adminLoginThrottleService;
    }
    @PostMapping("/login")
    public ResponseEntity<Map<String, Object>> login(
            @Valid @RequestBody AdminLoginRequest request,
            HttpServletRequest httpRequest,
            HttpServletResponse response
    ) {
        String clientKey = adminLoginThrottleService.resolveClientKey(httpRequest);
        OptionalLong remainingLock = adminLoginThrottleService.getRemainingLockSeconds(clientKey);
        if (remainingLock.isPresent()) {
            long retryAfter = remainingLock.getAsLong();
            return ResponseEntity.status(429)
                    .header(HttpHeaders.RETRY_AFTER, String.valueOf(retryAfter))
                    .body(Map.of(
                            "authenticated", false,
                            "retryAfterSeconds", retryAfter
                    ));
        }
        if (!adminSessionService.isPasswordValid(request.getPassword())) {
            long retryAfter = adminLoginThrottleService.registerFailure(clientKey);
            return ResponseEntity.status(401)
                    .header(HttpHeaders.RETRY_AFTER, String.valueOf(retryAfter))
                    .body(Map.of(
                            "authenticated", false,
                            "retryAfterSeconds", retryAfter
                    ));
        }
        adminLoginThrottleService.reset(clientKey);
        String token = adminSessionService.createSessionToken();
        response.addHeader(HttpHeaders.SET_COOKIE, adminSessionService.buildLoginCookie(token).toString());
        return ResponseEntity.ok(Map.of(
                "authenticated", true,
                "expiresInMinutes", adminSessionService.getSessionTtlMinutes()
        ));
    }
    @PostMapping("/logout")
    public ResponseEntity<Map<String, Object>> logout(HttpServletResponse response) {
        response.addHeader(HttpHeaders.SET_COOKIE, adminSessionService.buildLogoutCookie().toString());
        return ResponseEntity.ok(Map.of("authenticated", false));
    }
    @GetMapping("/me")
    public ResponseEntity<Map<String, Object>> me() {
        return ResponseEntity.ok(Map.of("authenticated", true));
    }
 }
--- a/backend/src/main/java/com/printcalculator/controller/admin/AdminFilamentController.java
+++ b/backend/src/main/java/com/printcalculator/controller/admin/AdminFilamentController.java
@@ -1,355 +0,0 @@
 package com.printcalculator.controller.admin;
 import com.printcalculator.dto.AdminFilamentMaterialTypeDto;
 import com.printcalculator.dto.AdminFilamentVariantDto;
 import com.printcalculator.dto.AdminUpsertFilamentMaterialTypeRequest;
 import com.printcalculator.dto.AdminUpsertFilamentVariantRequest;
 import com.printcalculator.entity.FilamentMaterialType;
 import com.printcalculator.entity.FilamentVariant;
 import com.printcalculator.repository.FilamentMaterialTypeRepository;
 import com.printcalculator.repository.FilamentVariantRepository;
 import com.printcalculator.repository.OrderItemRepository;
 import com.printcalculator.repository.QuoteLineItemRepository;
 import org.springframework.http.ResponseEntity;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.server.ResponseStatusException;
 import java.math.BigDecimal;
 import java.time.OffsetDateTime;
 import java.util.Comparator;
 import java.util.List;
 import java.util.Locale;
 import java.util.Set;
 import java.util.regex.Pattern;
 import static org.springframework.http.HttpStatus.BAD_REQUEST;
 import static org.springframework.http.HttpStatus.CONFLICT;
 import static org.springframework.http.HttpStatus.NOT_FOUND;
@RestController
@RequestMapping("/api/admin/filaments")
@Transactional(readOnly = true)
 public class AdminFilamentController {
    private static final BigDecimal MAX_NUMERIC_6_3 = new BigDecimal("999.999");
    private static final Pattern HEX_COLOR_PATTERN = Pattern.compile("^#[0-9A-Fa-f]{6}$");
    private static final Set<String> ALLOWED_FINISH_TYPES = Set.of(
            "GLOSSY", "MATTE", "MARBLE", "SILK", "TRANSLUCENT", "SPECIAL"
    );
    private final FilamentMaterialTypeRepository materialRepo;
    private final FilamentVariantRepository variantRepo;
    private final QuoteLineItemRepository quoteLineItemRepo;
    private final OrderItemRepository orderItemRepo;
    public AdminFilamentController(
            FilamentMaterialTypeRepository materialRepo,
            FilamentVariantRepository variantRepo,
            QuoteLineItemRepository quoteLineItemRepo,
            OrderItemRepository orderItemRepo
    ) {
        this.materialRepo = materialRepo;
        this.variantRepo = variantRepo;
        this.quoteLineItemRepo = quoteLineItemRepo;
        this.orderItemRepo = orderItemRepo;
    }
    @GetMapping("/materials")
    public ResponseEntity<List<AdminFilamentMaterialTypeDto>> getMaterials() {
        List<AdminFilamentMaterialTypeDto> response = materialRepo.findAll().stream()
                .sorted(Comparator.comparing(FilamentMaterialType::getMaterialCode, String.CASE_INSENSITIVE_ORDER))
                .map(this::toMaterialDto)
                .toList();
        return ResponseEntity.ok(response);
    }
    @GetMapping("/variants")
    public ResponseEntity<List<AdminFilamentVariantDto>> getVariants() {
        List<AdminFilamentVariantDto> response = variantRepo.findAll().stream()
                .sorted(Comparator
                        .comparing((FilamentVariant v) -> {
                            FilamentMaterialType type = v.getFilamentMaterialType();
                            return type != null && type.getMaterialCode() != null ? type.getMaterialCode() : "";
                        }, String.CASE_INSENSITIVE_ORDER)
                        .thenComparing(v -> v.getVariantDisplayName() != null ? v.getVariantDisplayName() : "", String.CASE_INSENSITIVE_ORDER))
                .map(this::toVariantDto)
                .toList();
        return ResponseEntity.ok(response);
    }
    @PostMapping("/materials")
    @Transactional
    public ResponseEntity<AdminFilamentMaterialTypeDto> createMaterial(
            @RequestBody AdminUpsertFilamentMaterialTypeRequest payload
    ) {
        String materialCode = normalizeAndValidateMaterialCode(payload);
        ensureMaterialCodeAvailable(materialCode, null);
        FilamentMaterialType material = new FilamentMaterialType();
        applyMaterialPayload(material, payload, materialCode);
        FilamentMaterialType saved = materialRepo.save(material);
        return ResponseEntity.ok(toMaterialDto(saved));
    }
    @PutMapping("/materials/{materialTypeId}")
    @Transactional
    public ResponseEntity<AdminFilamentMaterialTypeDto> updateMaterial(
            @PathVariable Long materialTypeId,
            @RequestBody AdminUpsertFilamentMaterialTypeRequest payload
    ) {
        FilamentMaterialType material = materialRepo.findById(materialTypeId)
                .orElseThrow(() -> new ResponseStatusException(NOT_FOUND, "Filament material not found"));
        String materialCode = normalizeAndValidateMaterialCode(payload);
        ensureMaterialCodeAvailable(materialCode, materialTypeId);
        applyMaterialPayload(material, payload, materialCode);
        FilamentMaterialType saved = materialRepo.save(material);
        return ResponseEntity.ok(toMaterialDto(saved));
    }
    @PostMapping("/variants")
    @Transactional
    public ResponseEntity<AdminFilamentVariantDto> createVariant(
            @RequestBody AdminUpsertFilamentVariantRequest payload
    ) {
        FilamentMaterialType material = validateAndResolveMaterial(payload);
        String normalizedDisplayName = normalizeAndValidateVariantDisplayName(payload.getVariantDisplayName());
        String normalizedColorName = normalizeAndValidateColorName(payload.getColorName());
        validateNumericPayload(payload);
        ensureVariantDisplayNameAvailable(material, normalizedDisplayName, null);
        FilamentVariant variant = new FilamentVariant();
        variant.setCreatedAt(OffsetDateTime.now());
        applyVariantPayload(variant, payload, material, normalizedDisplayName, normalizedColorName);
        FilamentVariant saved = variantRepo.save(variant);
        return ResponseEntity.ok(toVariantDto(saved));
    }
    @PutMapping("/variants/{variantId}")
    @Transactional
    public ResponseEntity<AdminFilamentVariantDto> updateVariant(
            @PathVariable Long variantId,
            @RequestBody AdminUpsertFilamentVariantRequest payload
    ) {
        FilamentVariant variant = variantRepo.findById(variantId)
                .orElseThrow(() -> new ResponseStatusException(NOT_FOUND, "Filament variant not found"));
        FilamentMaterialType material = validateAndResolveMaterial(payload);
        String normalizedDisplayName = normalizeAndValidateVariantDisplayName(payload.getVariantDisplayName());
        String normalizedColorName = normalizeAndValidateColorName(payload.getColorName());
        validateNumericPayload(payload);
        ensureVariantDisplayNameAvailable(material, normalizedDisplayName, variantId);
        applyVariantPayload(variant, payload, material, normalizedDisplayName, normalizedColorName);
        FilamentVariant saved = variantRepo.save(variant);
        return ResponseEntity.ok(toVariantDto(saved));
    }
    @DeleteMapping("/variants/{variantId}")
    @Transactional
    public ResponseEntity<Void> deleteVariant(@PathVariable Long variantId) {
        FilamentVariant variant = variantRepo.findById(variantId)
                .orElseThrow(() -> new ResponseStatusException(NOT_FOUND, "Filament variant not found"));
        if (quoteLineItemRepo.existsByFilamentVariant_Id(variantId) || orderItemRepo.existsByFilamentVariant_Id(variantId)) {
            throw new ResponseStatusException(CONFLICT, "Variant is already used in quotes/orders and cannot be deleted");
        }
        variantRepo.delete(variant);
        return ResponseEntity.noContent().build();
    }
    private void applyMaterialPayload(
            FilamentMaterialType material,
            AdminUpsertFilamentMaterialTypeRequest payload,
            String normalizedMaterialCode
    ) {
        boolean isFlexible = payload != null && Boolean.TRUE.equals(payload.getIsFlexible());
        boolean isTechnical = payload != null && Boolean.TRUE.equals(payload.getIsTechnical());
        String technicalTypeLabel = payload != null && payload.getTechnicalTypeLabel() != null
                ? payload.getTechnicalTypeLabel().trim()
                : null;
        material.setMaterialCode(normalizedMaterialCode);
        material.setIsFlexible(isFlexible);
        material.setIsTechnical(isTechnical);
        material.setTechnicalTypeLabel(isTechnical && technicalTypeLabel != null && !technicalTypeLabel.isBlank()
                ? technicalTypeLabel
                : null);
    }
    private void applyVariantPayload(
            FilamentVariant variant,
            AdminUpsertFilamentVariantRequest payload,
            FilamentMaterialType material,
            String normalizedDisplayName,
            String normalizedColorName
    ) {
        String normalizedColorHex = normalizeAndValidateColorHex(payload.getColorHex());
        String normalizedFinishType = normalizeAndValidateFinishType(payload.getFinishType(), payload.getIsMatte());
        String normalizedBrand = normalizeOptional(payload.getBrand());
        variant.setFilamentMaterialType(material);
        variant.setVariantDisplayName(normalizedDisplayName);
        variant.setColorName(normalizedColorName);
        variant.setColorHex(normalizedColorHex);
        variant.setFinishType(normalizedFinishType);
        variant.setBrand(normalizedBrand);
        variant.setIsMatte(Boolean.TRUE.equals(payload.getIsMatte()) || "MATTE".equals(normalizedFinishType));
        variant.setIsSpecial(Boolean.TRUE.equals(payload.getIsSpecial()));
        variant.setCostChfPerKg(payload.getCostChfPerKg());
        variant.setStockSpools(payload.getStockSpools());
        variant.setSpoolNetKg(payload.getSpoolNetKg());
        variant.setIsActive(payload.getIsActive() == null || payload.getIsActive());
    }
    private String normalizeAndValidateMaterialCode(AdminUpsertFilamentMaterialTypeRequest payload) {
        if (payload == null || payload.getMaterialCode() == null || payload.getMaterialCode().isBlank()) {
            throw new ResponseStatusException(BAD_REQUEST, "Material code is required");
        }
        return payload.getMaterialCode().trim().toUpperCase();
    }
    private String normalizeAndValidateVariantDisplayName(String value) {
        if (value == null || value.isBlank()) {
            throw new ResponseStatusException(BAD_REQUEST, "Variant display name is required");
        }
        return value.trim();
    }
    private String normalizeAndValidateColorName(String value) {
        if (value == null || value.isBlank()) {
            throw new ResponseStatusException(BAD_REQUEST, "Color name is required");
        }
        return value.trim();
    }
    private String normalizeAndValidateColorHex(String value) {
        if (value == null || value.isBlank()) {
            return null;
        }
        String normalized = value.trim();
        if (!HEX_COLOR_PATTERN.matcher(normalized).matches()) {
            throw new ResponseStatusException(BAD_REQUEST, "Color hex must be in format #RRGGBB");
        }
        return normalized.toUpperCase(Locale.ROOT);
    }
    private String normalizeAndValidateFinishType(String finishType, Boolean isMatte) {
        String normalized = finishType == null || finishType.isBlank()
                ? (Boolean.TRUE.equals(isMatte) ? "MATTE" : "GLOSSY")
                : finishType.trim().toUpperCase(Locale.ROOT);
        if (!ALLOWED_FINISH_TYPES.contains(normalized)) {
            throw new ResponseStatusException(BAD_REQUEST, "Invalid finish type");
        }
        return normalized;
    }
    private String normalizeOptional(String value) {
        if (value == null) {
            return null;
        }
        String normalized = value.trim();
        return normalized.isBlank() ? null : normalized;
    }
    private FilamentMaterialType validateAndResolveMaterial(AdminUpsertFilamentVariantRequest payload) {
        if (payload == null || payload.getMaterialTypeId() == null) {
            throw new ResponseStatusException(BAD_REQUEST, "Material type id is required");
        }
        return materialRepo.findById(payload.getMaterialTypeId())
                .orElseThrow(() -> new ResponseStatusException(BAD_REQUEST, "Material type not found"));
    }
    private void validateNumericPayload(AdminUpsertFilamentVariantRequest payload) {
        if (payload.getCostChfPerKg() == null || payload.getCostChfPerKg().compareTo(BigDecimal.ZERO) < 0) {
            throw new ResponseStatusException(BAD_REQUEST, "Cost CHF/kg must be >= 0");
        }
        validateNumeric63(payload.getStockSpools(), "Stock spools", true);
        validateNumeric63(payload.getSpoolNetKg(), "Spool net kg", false);
    }
    private void validateNumeric63(BigDecimal value, String fieldName, boolean allowZero) {
        if (value == null) {
            throw new ResponseStatusException(BAD_REQUEST, fieldName + " is required");
        }
        if (allowZero) {
            if (value.compareTo(BigDecimal.ZERO) < 0) {
                throw new ResponseStatusException(BAD_REQUEST, fieldName + " must be >= 0");
            }
        } else if (value.compareTo(BigDecimal.ZERO) <= 0) {
            throw new ResponseStatusException(BAD_REQUEST, fieldName + " must be > 0");
        }
        if (value.scale() > 3) {
            throw new ResponseStatusException(BAD_REQUEST, fieldName + " must have at most 3 decimal places");
        }
        if (value.compareTo(MAX_NUMERIC_6_3) > 0) {
            throw new ResponseStatusException(BAD_REQUEST, fieldName + " must be <= 999.999");
        }
    }
    private void ensureMaterialCodeAvailable(String materialCode, Long currentMaterialId) {
        materialRepo.findByMaterialCode(materialCode).ifPresent(existing -> {
            if (currentMaterialId == null || !existing.getId().equals(currentMaterialId)) {
                throw new ResponseStatusException(BAD_REQUEST, "Material code already exists");
            }
        });
    }
    private void ensureVariantDisplayNameAvailable(FilamentMaterialType material, String displayName, Long currentVariantId) {
        variantRepo.findByFilamentMaterialTypeAndVariantDisplayName(material, displayName).ifPresent(existing -> {
            if (currentVariantId == null || !existing.getId().equals(currentVariantId)) {
                throw new ResponseStatusException(BAD_REQUEST, "Variant display name already exists for this material");
            }
        });
    }
    private AdminFilamentMaterialTypeDto toMaterialDto(FilamentMaterialType material) {
        AdminFilamentMaterialTypeDto dto = new AdminFilamentMaterialTypeDto();
        dto.setId(material.getId());
        dto.setMaterialCode(material.getMaterialCode());
        dto.setIsFlexible(material.getIsFlexible());
        dto.setIsTechnical(material.getIsTechnical());
        dto.setTechnicalTypeLabel(material.getTechnicalTypeLabel());
        return dto;
    }
    private AdminFilamentVariantDto toVariantDto(FilamentVariant variant) {
        AdminFilamentVariantDto dto = new AdminFilamentVariantDto();
        dto.setId(variant.getId());
        FilamentMaterialType material = variant.getFilamentMaterialType();
        if (material != null) {
            dto.setMaterialTypeId(material.getId());
            dto.setMaterialCode(material.getMaterialCode());
            dto.setMaterialIsFlexible(material.getIsFlexible());
            dto.setMaterialIsTechnical(material.getIsTechnical());
            dto.setMaterialTechnicalTypeLabel(material.getTechnicalTypeLabel());
        }
        dto.setVariantDisplayName(variant.getVariantDisplayName());
        dto.setColorName(variant.getColorName());
        dto.setColorHex(variant.getColorHex());
        dto.setFinishType(variant.getFinishType());
        dto.setBrand(variant.getBrand());
        dto.setIsMatte(variant.getIsMatte());
        dto.setIsSpecial(variant.getIsSpecial());
        dto.setCostChfPerKg(variant.getCostChfPerKg());
        dto.setStockSpools(variant.getStockSpools());
        dto.setSpoolNetKg(variant.getSpoolNetKg());
        BigDecimal stockKg = BigDecimal.ZERO;
        if (variant.getStockSpools() != null && variant.getSpoolNetKg() != null) {
            stockKg = variant.getStockSpools().multiply(variant.getSpoolNetKg());
        }
        dto.setStockKg(stockKg);
        dto.setStockFilamentGrams(stockKg.multiply(BigDecimal.valueOf(1000)));
        dto.setIsActive(variant.getIsActive());
        dto.setCreatedAt(variant.getCreatedAt());
        return dto;
    }
 }
--- a/backend/src/main/java/com/printcalculator/controller/admin/AdminOperationsController.java
+++ b/backend/src/main/java/com/printcalculator/controller/admin/AdminOperationsController.java
@@ -1,372 +0,0 @@
 package com.printcalculator.controller.admin;
 import com.printcalculator.dto.AdminContactRequestDto;
 import com.printcalculator.dto.AdminContactRequestAttachmentDto;
 import com.printcalculator.dto.AdminContactRequestDetailDto;
 import com.printcalculator.dto.AdminFilamentStockDto;
 import com.printcalculator.dto.AdminQuoteSessionDto;
 import com.printcalculator.dto.AdminUpdateContactRequestStatusRequest;
 import com.printcalculator.entity.CustomQuoteRequest;
 import com.printcalculator.entity.CustomQuoteRequestAttachment;
 import com.printcalculator.entity.FilamentVariant;
 import com.printcalculator.entity.FilamentVariantStockKg;
 import com.printcalculator.entity.QuoteSession;
 import com.printcalculator.repository.CustomQuoteRequestAttachmentRepository;
 import com.printcalculator.repository.CustomQuoteRequestRepository;
 import com.printcalculator.repository.FilamentVariantRepository;
 import com.printcalculator.repository.FilamentVariantStockKgRepository;
 import com.printcalculator.repository.OrderRepository;
 import com.printcalculator.repository.QuoteSessionRepository;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.core.io.Resource;
 import org.springframework.core.io.UrlResource;
 import org.springframework.data.domain.Sort;
 import org.springframework.http.ContentDisposition;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PatchMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.server.ResponseStatusException;
 import java.io.IOException;
 import java.io.UncheckedIOException;
 import java.math.BigDecimal;
 import java.net.MalformedURLException;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.time.OffsetDateTime;
 import java.util.Collections;
 import java.util.Comparator;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 import java.util.UUID;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 import static org.springframework.http.HttpStatus.BAD_REQUEST;
 import static org.springframework.http.HttpStatus.CONFLICT;
 import static org.springframework.http.HttpStatus.INTERNAL_SERVER_ERROR;
 import static org.springframework.http.HttpStatus.NOT_FOUND;
@RestController
@RequestMapping("/api/admin")
@Transactional(readOnly = true)
 public class AdminOperationsController {
    private static final Logger logger = LoggerFactory.getLogger(AdminOperationsController.class);
    private static final Path CONTACT_ATTACHMENTS_ROOT = Paths.get("storage_requests").toAbsolutePath().normalize();
    private static final Set<String> CONTACT_REQUEST_ALLOWED_STATUSES = Set.of(
            "NEW", "PENDING", "IN_PROGRESS", "DONE", "CLOSED"
    );
    private final FilamentVariantStockKgRepository filamentStockRepo;
    private final FilamentVariantRepository filamentVariantRepo;
    private final CustomQuoteRequestRepository customQuoteRequestRepo;
    private final CustomQuoteRequestAttachmentRepository customQuoteRequestAttachmentRepo;
    private final QuoteSessionRepository quoteSessionRepo;
    private final OrderRepository orderRepo;
    public AdminOperationsController(
            FilamentVariantStockKgRepository filamentStockRepo,
            FilamentVariantRepository filamentVariantRepo,
            CustomQuoteRequestRepository customQuoteRequestRepo,
            CustomQuoteRequestAttachmentRepository customQuoteRequestAttachmentRepo,
            QuoteSessionRepository quoteSessionRepo,
            OrderRepository orderRepo
    ) {
        this.filamentStockRepo = filamentStockRepo;
        this.filamentVariantRepo = filamentVariantRepo;
        this.customQuoteRequestRepo = customQuoteRequestRepo;
        this.customQuoteRequestAttachmentRepo = customQuoteRequestAttachmentRepo;
        this.quoteSessionRepo = quoteSessionRepo;
        this.orderRepo = orderRepo;
    }
    @GetMapping("/filament-stock")
    public ResponseEntity<List<AdminFilamentStockDto>> getFilamentStock() {
        List<FilamentVariantStockKg> stocks = filamentStockRepo.findAll(Sort.by(Sort.Direction.ASC, "stockKg"));
        Set<Long> variantIds = stocks.stream()
                .map(FilamentVariantStockKg::getFilamentVariantId)
                .collect(Collectors.toSet());
        Map<Long, FilamentVariant> variantsById;
        if (variantIds.isEmpty()) {
            variantsById = Collections.emptyMap();
        } else {
            variantsById = filamentVariantRepo.findAllById(variantIds).stream()
                    .collect(Collectors.toMap(FilamentVariant::getId, variant -> variant));
        }
        List<AdminFilamentStockDto> response = stocks.stream().map(stock -> {
            FilamentVariant variant = variantsById.get(stock.getFilamentVariantId());
            AdminFilamentStockDto dto = new AdminFilamentStockDto();
            dto.setFilamentVariantId(stock.getFilamentVariantId());
            dto.setStockSpools(stock.getStockSpools());
            dto.setSpoolNetKg(stock.getSpoolNetKg());
            dto.setStockKg(stock.getStockKg());
            BigDecimal grams = stock.getStockKg() != null
                    ? stock.getStockKg().multiply(BigDecimal.valueOf(1000))
                    : BigDecimal.ZERO;
            dto.setStockFilamentGrams(grams);
            if (variant != null) {
                dto.setMaterialCode(
                        variant.getFilamentMaterialType() != null
                                ? variant.getFilamentMaterialType().getMaterialCode()
                                : "UNKNOWN"
                );
                dto.setVariantDisplayName(variant.getVariantDisplayName());
                dto.setColorName(variant.getColorName());
                dto.setActive(variant.getIsActive());
            } else {
                dto.setMaterialCode("UNKNOWN");
                dto.setVariantDisplayName("Variant " + stock.getFilamentVariantId());
                dto.setColorName("-");
                dto.setActive(false);
            }
            return dto;
        }).toList();
        return ResponseEntity.ok(response);
    }
    @GetMapping("/contact-requests")
    public ResponseEntity<List<AdminContactRequestDto>> getContactRequests() {
        List<AdminContactRequestDto> response = customQuoteRequestRepo.findAll(
                        Sort.by(Sort.Direction.DESC, "createdAt")
                )
                .stream()
                .map(this::toContactRequestDto)
                .toList();
        return ResponseEntity.ok(response);
    }
    @GetMapping("/contact-requests/{requestId}")
    public ResponseEntity<AdminContactRequestDetailDto> getContactRequestDetail(@PathVariable UUID requestId) {
        CustomQuoteRequest request = customQuoteRequestRepo.findById(requestId)
                .orElseThrow(() -> new ResponseStatusException(NOT_FOUND, "Contact request not found"));
        List<AdminContactRequestAttachmentDto> attachments = customQuoteRequestAttachmentRepo
                .findByRequest_IdOrderByCreatedAtAsc(requestId)
                .stream()
                .map(this::toContactRequestAttachmentDto)
                .toList();
        return ResponseEntity.ok(toContactRequestDetailDto(request, attachments));
    }
    @PatchMapping("/contact-requests/{requestId}/status")
    @Transactional
    public ResponseEntity<AdminContactRequestDetailDto> updateContactRequestStatus(
            @PathVariable UUID requestId,
            @RequestBody AdminUpdateContactRequestStatusRequest payload
    ) {
        CustomQuoteRequest request = customQuoteRequestRepo.findById(requestId)
                .orElseThrow(() -> new ResponseStatusException(NOT_FOUND, "Contact request not found"));
        String requestedStatus = payload != null && payload.getStatus() != null
                ? payload.getStatus().trim().toUpperCase(Locale.ROOT)
                : "";
        if (!CONTACT_REQUEST_ALLOWED_STATUSES.contains(requestedStatus)) {
            throw new ResponseStatusException(
                    BAD_REQUEST,
                    "Invalid status. Allowed: " + String.join(", ", CONTACT_REQUEST_ALLOWED_STATUSES)
            );
        }
        request.setStatus(requestedStatus);
        request.setUpdatedAt(OffsetDateTime.now());
        CustomQuoteRequest saved = customQuoteRequestRepo.save(request);
        List<AdminContactRequestAttachmentDto> attachments = customQuoteRequestAttachmentRepo
                .findByRequest_IdOrderByCreatedAtAsc(requestId)
                .stream()
                .map(this::toContactRequestAttachmentDto)
                .toList();
        return ResponseEntity.ok(toContactRequestDetailDto(saved, attachments));
    }
    @GetMapping("/contact-requests/{requestId}/attachments/{attachmentId}/file")
    public ResponseEntity<Resource> downloadContactRequestAttachment(
            @PathVariable UUID requestId,
            @PathVariable UUID attachmentId
    ) {
        CustomQuoteRequestAttachment attachment = customQuoteRequestAttachmentRepo.findById(attachmentId)
                .orElseThrow(() -> new ResponseStatusException(NOT_FOUND, "Attachment not found"));
        if (!attachment.getRequest().getId().equals(requestId)) {
            throw new ResponseStatusException(NOT_FOUND, "Attachment not found for request");
        }
        String relativePath = attachment.getStoredRelativePath();
        if (relativePath == null || relativePath.isBlank() || "PENDING".equals(relativePath)) {
            throw new ResponseStatusException(NOT_FOUND, "Attachment file not available");
        }
        String expectedPrefix = "quote-requests/" + requestId + "/attachments/" + attachmentId + "/";
        if (!relativePath.startsWith(expectedPrefix)) {
            throw new ResponseStatusException(NOT_FOUND, "Attachment file not available");
        }
        Path filePath = CONTACT_ATTACHMENTS_ROOT.resolve(relativePath).normalize();
        if (!filePath.startsWith(CONTACT_ATTACHMENTS_ROOT)) {
            throw new ResponseStatusException(NOT_FOUND, "Attachment file not available");
        }
        if (!Files.exists(filePath)) {
            throw new ResponseStatusException(NOT_FOUND, "Attachment file not available");
        }
        try {
            Resource resource = new UrlResource(filePath.toUri());
            if (!resource.exists() || !resource.isReadable()) {
                throw new ResponseStatusException(NOT_FOUND, "Attachment file not available");
            }
            MediaType mediaType = MediaType.APPLICATION_OCTET_STREAM;
            String mimeType = attachment.getMimeType();
            if (mimeType != null && !mimeType.isBlank()) {
                try {
                    mediaType = MediaType.parseMediaType(mimeType);
                } catch (Exception ignored) {
                    mediaType = MediaType.APPLICATION_OCTET_STREAM;
                }
            }
            String filename = attachment.getOriginalFilename();
            if (filename == null || filename.isBlank()) {
                filename = attachment.getStoredFilename() != null && !attachment.getStoredFilename().isBlank()
                        ? attachment.getStoredFilename()
                        : "attachment-" + attachmentId;
            }
            return ResponseEntity.ok()
                    .contentType(mediaType)
                    .header(HttpHeaders.CONTENT_DISPOSITION, ContentDisposition.attachment()
                            .filename(filename, StandardCharsets.UTF_8)
                            .build()
                            .toString())
                    .body(resource);
        } catch (MalformedURLException e) {
            throw new ResponseStatusException(NOT_FOUND, "Attachment file not available");
        }
    }
    @GetMapping("/sessions")
    public ResponseEntity<List<AdminQuoteSessionDto>> getQuoteSessions() {
        List<AdminQuoteSessionDto> response = quoteSessionRepo.findAll(
                        Sort.by(Sort.Direction.DESC, "createdAt")
                )
                .stream()
                .map(this::toQuoteSessionDto)
                .toList();
        return ResponseEntity.ok(response);
    }
    @DeleteMapping("/sessions/{sessionId}")
    @Transactional
    public ResponseEntity<Void> deleteQuoteSession(@PathVariable UUID sessionId) {
        QuoteSession session = quoteSessionRepo.findById(sessionId)
                .orElseThrow(() -> new ResponseStatusException(NOT_FOUND, "Session not found"));
        if (orderRepo.existsBySourceQuoteSession_Id(sessionId)) {
            throw new ResponseStatusException(CONFLICT, "Cannot delete session already linked to an order");
        }
        deleteSessionFiles(sessionId);
        quoteSessionRepo.delete(session);
        return ResponseEntity.noContent().build();
    }
    private AdminContactRequestDto toContactRequestDto(CustomQuoteRequest request) {
        AdminContactRequestDto dto = new AdminContactRequestDto();
        dto.setId(request.getId());
        dto.setRequestType(request.getRequestType());
        dto.setCustomerType(request.getCustomerType());
        dto.setEmail(request.getEmail());
        dto.setPhone(request.getPhone());
        dto.setName(request.getName());
        dto.setCompanyName(request.getCompanyName());
        dto.setStatus(request.getStatus());
        dto.setCreatedAt(request.getCreatedAt());
        return dto;
    }
    private AdminContactRequestAttachmentDto toContactRequestAttachmentDto(CustomQuoteRequestAttachment attachment) {
        AdminContactRequestAttachmentDto dto = new AdminContactRequestAttachmentDto();
        dto.setId(attachment.getId());
        dto.setOriginalFilename(attachment.getOriginalFilename());
        dto.setMimeType(attachment.getMimeType());
        dto.setFileSizeBytes(attachment.getFileSizeBytes());
        dto.setCreatedAt(attachment.getCreatedAt());
        return dto;
    }
    private AdminContactRequestDetailDto toContactRequestDetailDto(
            CustomQuoteRequest request,
            List<AdminContactRequestAttachmentDto> attachments
    ) {
        AdminContactRequestDetailDto dto = new AdminContactRequestDetailDto();
        dto.setId(request.getId());
        dto.setRequestType(request.getRequestType());
        dto.setCustomerType(request.getCustomerType());
        dto.setEmail(request.getEmail());
        dto.setPhone(request.getPhone());
        dto.setName(request.getName());
        dto.setCompanyName(request.getCompanyName());
        dto.setContactPerson(request.getContactPerson());
        dto.setMessage(request.getMessage());
        dto.setStatus(request.getStatus());
        dto.setCreatedAt(request.getCreatedAt());
        dto.setUpdatedAt(request.getUpdatedAt());
        dto.setAttachments(attachments);
        return dto;
    }
    private AdminQuoteSessionDto toQuoteSessionDto(QuoteSession session) {
        AdminQuoteSessionDto dto = new AdminQuoteSessionDto();
        dto.setId(session.getId());
        dto.setStatus(session.getStatus());
        dto.setMaterialCode(session.getMaterialCode());
        dto.setCreatedAt(session.getCreatedAt());
        dto.setExpiresAt(session.getExpiresAt());
        dto.setConvertedOrderId(session.getConvertedOrderId());
        return dto;
    }
    private void deleteSessionFiles(UUID sessionId) {
        Path sessionDir = Paths.get("storage_quotes", sessionId.toString());
        if (!Files.exists(sessionDir)) {
            return;
        }
        try (Stream<Path> walk = Files.walk(sessionDir)) {
            walk.sorted(Comparator.reverseOrder()).forEach(path -> {
                try {
                    Files.deleteIfExists(path);
                } catch (IOException e) {
                    throw new UncheckedIOException(e);
                }
            });
        } catch (IOException | UncheckedIOException e) {
            logger.error("Failed to delete files for session {}", sessionId, e);
            throw new ResponseStatusException(INTERNAL_SERVER_ERROR, "Unable to delete session files");
        }
    }
 }
--- a/backend/src/main/java/com/printcalculator/controller/admin/AdminOrderController.java
+++ b/backend/src/main/java/com/printcalculator/controller/admin/AdminOrderController.java
@@ -1,327 +0,0 @@
 package com.printcalculator.controller.admin;
 import com.printcalculator.dto.AddressDto;
 import com.printcalculator.dto.AdminOrderStatusUpdateRequest;
 import com.printcalculator.dto.OrderDto;
 import com.printcalculator.dto.OrderItemDto;
 import com.printcalculator.entity.Order;
 import com.printcalculator.entity.OrderItem;
 import com.printcalculator.entity.Payment;
 import com.printcalculator.entity.QuoteSession;
 import com.printcalculator.repository.OrderItemRepository;
 import com.printcalculator.repository.OrderRepository;
 import com.printcalculator.repository.PaymentRepository;
 import com.printcalculator.service.InvoicePdfRenderingService;
 import com.printcalculator.service.PaymentService;
 import com.printcalculator.service.QrBillService;
 import com.printcalculator.service.StorageService;
 import org.springframework.core.io.Resource;
 import org.springframework.http.ContentDisposition;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.server.ResponseStatusException;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.InvalidPathException;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
 import java.util.UUID;
 import static org.springframework.http.HttpStatus.BAD_REQUEST;
 import static org.springframework.http.HttpStatus.NOT_FOUND;
@RestController
@RequestMapping("/api/admin/orders")
@Transactional(readOnly = true)
 public class AdminOrderController {
    private static final List<String> ALLOWED_ORDER_STATUSES = List.of(
            "PENDING_PAYMENT",
            "PAID",
            "IN_PRODUCTION",
            "SHIPPED",
            "COMPLETED",
            "CANCELLED"
    );
    private final OrderRepository orderRepo;
    private final OrderItemRepository orderItemRepo;
    private final PaymentRepository paymentRepo;
    private final PaymentService paymentService;
    private final StorageService storageService;
    private final InvoicePdfRenderingService invoiceService;
    private final QrBillService qrBillService;
    public AdminOrderController(
            OrderRepository orderRepo,
            OrderItemRepository orderItemRepo,
            PaymentRepository paymentRepo,
            PaymentService paymentService,
            StorageService storageService,
            InvoicePdfRenderingService invoiceService,
            QrBillService qrBillService
    ) {
        this.orderRepo = orderRepo;
        this.orderItemRepo = orderItemRepo;
        this.paymentRepo = paymentRepo;
        this.paymentService = paymentService;
        this.storageService = storageService;
        this.invoiceService = invoiceService;
        this.qrBillService = qrBillService;
    }
    @GetMapping
    public ResponseEntity<List<OrderDto>> listOrders() {
        List<OrderDto> response = orderRepo.findAllByOrderByCreatedAtDesc()
                .stream()
                .map(this::toOrderDto)
                .toList();
        return ResponseEntity.ok(response);
    }
    @GetMapping("/{orderId}")
    public ResponseEntity<OrderDto> getOrder(@PathVariable UUID orderId) {
        return ResponseEntity.ok(toOrderDto(getOrderOrThrow(orderId)));
    }
    @PostMapping("/{orderId}/payments/confirm")
    @Transactional
    public ResponseEntity<OrderDto> confirmPayment(
            @PathVariable UUID orderId,
            @RequestBody(required = false) Map<String, String> payload
    ) {
        getOrderOrThrow(orderId);
        String method = payload != null ? payload.get("method") : null;
        paymentService.confirmPayment(orderId, method);
        return ResponseEntity.ok(toOrderDto(getOrderOrThrow(orderId)));
    }
    @PostMapping("/{orderId}/status")
    @Transactional
    public ResponseEntity<OrderDto> updateOrderStatus(
            @PathVariable UUID orderId,
            @RequestBody AdminOrderStatusUpdateRequest payload
    ) {
        if (payload == null || payload.getStatus() == null || payload.getStatus().isBlank()) {
            throw new ResponseStatusException(org.springframework.http.HttpStatus.BAD_REQUEST, "Status is required");
        }
        Order order = getOrderOrThrow(orderId);
        String normalizedStatus = payload.getStatus().trim().toUpperCase(Locale.ROOT);
        if (!ALLOWED_ORDER_STATUSES.contains(normalizedStatus)) {
            throw new ResponseStatusException(
                    BAD_REQUEST,
                    "Invalid order status. Allowed values: " + String.join(", ", ALLOWED_ORDER_STATUSES)
            );
        }
        order.setStatus(normalizedStatus);
        orderRepo.save(order);
        return ResponseEntity.ok(toOrderDto(order));
    }
    @GetMapping("/{orderId}/items/{orderItemId}/file")
    public ResponseEntity<Resource> downloadOrderItemFile(
            @PathVariable UUID orderId,
            @PathVariable UUID orderItemId
    ) {
        OrderItem item = orderItemRepo.findById(orderItemId)
                .orElseThrow(() -> new ResponseStatusException(NOT_FOUND, "Order item not found"));
        if (!item.getOrder().getId().equals(orderId)) {
            throw new ResponseStatusException(NOT_FOUND, "Order item not found for order");
        }
        String relativePath = item.getStoredRelativePath();
        if (relativePath == null || relativePath.isBlank() || "PENDING".equals(relativePath)) {
            throw new ResponseStatusException(NOT_FOUND, "File not available");
        }
        Path safeRelativePath = resolveOrderItemRelativePath(relativePath, orderId, orderItemId);
        if (safeRelativePath == null) {
            throw new ResponseStatusException(NOT_FOUND, "File not available");
        }
        try {
            Resource resource = storageService.loadAsResource(safeRelativePath);
            MediaType contentType = MediaType.APPLICATION_OCTET_STREAM;
            if (item.getMimeType() != null && !item.getMimeType().isBlank()) {
                try {
                    contentType = MediaType.parseMediaType(item.getMimeType());
                } catch (Exception ignored) {
                    contentType = MediaType.APPLICATION_OCTET_STREAM;
                }
            }
            String filename = item.getOriginalFilename() != null && !item.getOriginalFilename().isBlank()
                    ? item.getOriginalFilename()
                    : "order-item-" + orderItemId;
            return ResponseEntity.ok()
                    .contentType(contentType)
                    .header(HttpHeaders.CONTENT_DISPOSITION, ContentDisposition.attachment()
                            .filename(filename, StandardCharsets.UTF_8)
                            .build()
                            .toString())
                    .body(resource);
        } catch (Exception e) {
            throw new ResponseStatusException(NOT_FOUND, "File not available");
        }
    }
    @GetMapping("/{orderId}/documents/confirmation")
    public ResponseEntity<byte[]> downloadOrderConfirmation(@PathVariable UUID orderId) {
        return generateDocument(getOrderOrThrow(orderId), true);
    }
    @GetMapping("/{orderId}/documents/invoice")
    public ResponseEntity<byte[]> downloadOrderInvoice(@PathVariable UUID orderId) {
        return generateDocument(getOrderOrThrow(orderId), false);
    }
    private Order getOrderOrThrow(UUID orderId) {
        return orderRepo.findById(orderId)
                .orElseThrow(() -> new ResponseStatusException(NOT_FOUND, "Order not found"));
    }
    private OrderDto toOrderDto(Order order) {
        List<OrderItem> items = orderItemRepo.findByOrder_Id(order.getId());
        OrderDto dto = new OrderDto();
        dto.setId(order.getId());
        dto.setOrderNumber(getDisplayOrderNumber(order));
        dto.setStatus(order.getStatus());
        paymentRepo.findByOrder_Id(order.getId()).ifPresent(p -> {
            dto.setPaymentStatus(p.getStatus());
            dto.setPaymentMethod(p.getMethod());
        });
        dto.setCustomerEmail(order.getCustomerEmail());
        dto.setCustomerPhone(order.getCustomerPhone());
        dto.setPreferredLanguage(order.getPreferredLanguage());
        dto.setBillingCustomerType(order.getBillingCustomerType());
        dto.setCurrency(order.getCurrency());
        dto.setSetupCostChf(order.getSetupCostChf());
        dto.setShippingCostChf(order.getShippingCostChf());
        dto.setDiscountChf(order.getDiscountChf());
        dto.setSubtotalChf(order.getSubtotalChf());
        dto.setTotalChf(order.getTotalChf());
        dto.setCreatedAt(order.getCreatedAt());
        dto.setShippingSameAsBilling(order.getShippingSameAsBilling());
        QuoteSession sourceSession = order.getSourceQuoteSession();
        if (sourceSession != null) {
            dto.setPrintMaterialCode(sourceSession.getMaterialCode());
            dto.setPrintNozzleDiameterMm(sourceSession.getNozzleDiameterMm());
            dto.setPrintLayerHeightMm(sourceSession.getLayerHeightMm());
            dto.setPrintInfillPattern(sourceSession.getInfillPattern());
            dto.setPrintInfillPercent(sourceSession.getInfillPercent());
            dto.setPrintSupportsEnabled(sourceSession.getSupportsEnabled());
        }
        AddressDto billing = new AddressDto();
        billing.setFirstName(order.getBillingFirstName());
        billing.setLastName(order.getBillingLastName());
        billing.setCompanyName(order.getBillingCompanyName());
        billing.setContactPerson(order.getBillingContactPerson());
        billing.setAddressLine1(order.getBillingAddressLine1());
        billing.setAddressLine2(order.getBillingAddressLine2());
        billing.setZip(order.getBillingZip());
        billing.setCity(order.getBillingCity());
        billing.setCountryCode(order.getBillingCountryCode());
        dto.setBillingAddress(billing);
        if (!Boolean.TRUE.equals(order.getShippingSameAsBilling())) {
            AddressDto shipping = new AddressDto();
            shipping.setFirstName(order.getShippingFirstName());
            shipping.setLastName(order.getShippingLastName());
            shipping.setCompanyName(order.getShippingCompanyName());
            shipping.setContactPerson(order.getShippingContactPerson());
            shipping.setAddressLine1(order.getShippingAddressLine1());
            shipping.setAddressLine2(order.getShippingAddressLine2());
            shipping.setZip(order.getShippingZip());
            shipping.setCity(order.getShippingCity());
            shipping.setCountryCode(order.getShippingCountryCode());
            dto.setShippingAddress(shipping);
        }
        List<OrderItemDto> itemDtos = items.stream().map(i -> {
            OrderItemDto idto = new OrderItemDto();
            idto.setId(i.getId());
            idto.setOriginalFilename(i.getOriginalFilename());
            idto.setMaterialCode(i.getMaterialCode());
            idto.setColorCode(i.getColorCode());
            idto.setQuantity(i.getQuantity());
            idto.setPrintTimeSeconds(i.getPrintTimeSeconds());
            idto.setMaterialGrams(i.getMaterialGrams());
            idto.setUnitPriceChf(i.getUnitPriceChf());
            idto.setLineTotalChf(i.getLineTotalChf());
            return idto;
        }).toList();
        dto.setItems(itemDtos);
        return dto;
    }
    private String getDisplayOrderNumber(Order order) {
        String orderNumber = order.getOrderNumber();
        if (orderNumber != null && !orderNumber.isBlank()) {
            return orderNumber;
        }
        return order.getId() != null ? order.getId().toString() : "unknown";
    }
    private ResponseEntity<byte[]> generateDocument(Order order, boolean isConfirmation) {
        String displayOrderNumber = getDisplayOrderNumber(order);
        if (isConfirmation) {
            Path relativePath = buildConfirmationPdfRelativePath(order.getId(), displayOrderNumber);
            try {
                byte[] existingPdf = storageService.loadAsResource(relativePath).getInputStream().readAllBytes();
                return ResponseEntity.ok()
                        .header(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=\"confirmation-" + displayOrderNumber + ".pdf\"")
                        .contentType(MediaType.APPLICATION_PDF)
                        .body(existingPdf);
            } catch (Exception ignored) {
                // fallback to generated confirmation document
            }
        }
        List<OrderItem> items = orderItemRepo.findByOrder_Id(order.getId());
        Payment payment = paymentRepo.findByOrder_Id(order.getId()).orElse(null);
        byte[] pdf = invoiceService.generateDocumentPdf(order, items, isConfirmation, qrBillService, payment);
        String prefix = isConfirmation ? "confirmation-" : "invoice-";
        return ResponseEntity.ok()
                .header(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=\"" + prefix + displayOrderNumber + ".pdf\"")
                .contentType(MediaType.APPLICATION_PDF)
                .body(pdf);
    }
    private Path resolveOrderItemRelativePath(String storedRelativePath, UUID orderId, UUID orderItemId) {
        try {
            Path candidate = Path.of(storedRelativePath).normalize();
            if (candidate.isAbsolute()) {
                return null;
            }
            Path expectedPrefix = Path.of("orders", orderId.toString(), "3d-files", orderItemId.toString());
            if (!candidate.startsWith(expectedPrefix)) {
                return null;
            }
            return candidate;
        } catch (InvalidPathException e) {
            return null;
        }
    }
    private Path buildConfirmationPdfRelativePath(UUID orderId, String orderNumber) {
        return Path.of("orders", orderId.toString(), "documents", "confirmation-" + orderNumber + ".pdf");
    }
 }
--- a/backend/src/main/java/com/printcalculator/dto/AdminContactRequestAttachmentDto.java
+++ b/backend/src/main/java/com/printcalculator/dto/AdminContactRequestAttachmentDto.java
@@ -1,52 +0,0 @@
 package com.printcalculator.dto;
 import java.time.OffsetDateTime;
 import java.util.UUID;
 public class AdminContactRequestAttachmentDto {
    private UUID id;
    private String originalFilename;
    private String mimeType;
    private Long fileSizeBytes;
    private OffsetDateTime createdAt;
    public UUID getId() {
        return id;
    }
    public void setId(UUID id) {
        this.id = id;
    }
    public String getOriginalFilename() {
        return originalFilename;
    }
    public void setOriginalFilename(String originalFilename) {
        this.originalFilename = originalFilename;
    }
    public String getMimeType() {
        return mimeType;
    }
    public void setMimeType(String mimeType) {
        this.mimeType = mimeType;
    }
    public Long getFileSizeBytes() {
        return fileSizeBytes;
    }
    public void setFileSizeBytes(Long fileSizeBytes) {
        this.fileSizeBytes = fileSizeBytes;
    }
    public OffsetDateTime getCreatedAt() {
        return createdAt;
    }
    public void setCreatedAt(OffsetDateTime createdAt) {
        this.createdAt = createdAt;
    }
 }
--- a/backend/src/main/java/com/printcalculator/dto/AdminContactRequestDetailDto.java
+++ b/backend/src/main/java/com/printcalculator/dto/AdminContactRequestDetailDto.java
@@ -1,125 +0,0 @@
 package com.printcalculator.dto;
 import java.time.OffsetDateTime;
 import java.util.List;
 import java.util.UUID;
 public class AdminContactRequestDetailDto {
    private UUID id;
    private String requestType;
    private String customerType;
    private String email;
    private String phone;
    private String name;
    private String companyName;
    private String contactPerson;
    private String message;
    private String status;
    private OffsetDateTime createdAt;
    private OffsetDateTime updatedAt;
    private List<AdminContactRequestAttachmentDto> attachments;
    public UUID getId() {
        return id;
    }
    public void setId(UUID id) {
        this.id = id;
    }
    public String getRequestType() {
        return requestType;
    }
    public void setRequestType(String requestType) {
        this.requestType = requestType;
    }
    public String getCustomerType() {
        return customerType;
    }
    public void setCustomerType(String customerType) {
        this.customerType = customerType;
    }
    public String getEmail() {
        return email;
    }
    public void setEmail(String email) {
        this.email = email;
    }
    public String getPhone() {
        return phone;
    }
    public void setPhone(String phone) {
        this.phone = phone;
    }
    public String getName() {
        return name;
    }
    public void setName(String name) {
        this.name = name;
    }
    public String getCompanyName() {
        return companyName;
    }
    public void setCompanyName(String companyName) {
        this.companyName = companyName;
    }
    public String getContactPerson() {
        return contactPerson;
    }
    public void setContactPerson(String contactPerson) {
        this.contactPerson = contactPerson;
    }
    public String getMessage() {
        return message;
    }
    public void setMessage(String message) {
        this.message = message;
    }
    public String getStatus() {
        return status;
    }
    public void setStatus(String status) {
        this.status = status;
    }
    public OffsetDateTime getCreatedAt() {
        return createdAt;
    }
    public void setCreatedAt(OffsetDateTime createdAt) {
        this.createdAt = createdAt;
    }
    public OffsetDateTime getUpdatedAt() {
        return updatedAt;
    }
    public void setUpdatedAt(OffsetDateTime updatedAt) {
        this.updatedAt = updatedAt;
    }
    public List<AdminContactRequestAttachmentDto> getAttachments() {
        return attachments;
    }
    public void setAttachments(List<AdminContactRequestAttachmentDto> attachments) {
        this.attachments = attachments;
    }
 }
--- a/backend/src/main/java/com/printcalculator/dto/AdminContactRequestDto.java
+++ b/backend/src/main/java/com/printcalculator/dto/AdminContactRequestDto.java
@@ -1,88 +0,0 @@
 package com.printcalculator.dto;
 import java.time.OffsetDateTime;
 import java.util.UUID;
 public class AdminContactRequestDto {
    private UUID id;
    private String requestType;
    private String customerType;
    private String email;
    private String phone;
    private String name;
    private String companyName;
    private String status;
    private OffsetDateTime createdAt;
    public UUID getId() {
        return id;
    }
    public void setId(UUID id) {
        this.id = id;
    }
    public String getRequestType() {
        return requestType;
    }
    public void setRequestType(String requestType) {
        this.requestType = requestType;
    }
    public String getCustomerType() {
        return customerType;
    }
    public void setCustomerType(String customerType) {
        this.customerType = customerType;
    }
    public String getEmail() {
        return email;
    }
    public void setEmail(String email) {
        this.email = email;
    }
    public String getPhone() {
        return phone;
    }
    public void setPhone(String phone) {
        this.phone = phone;
    }
    public String getName() {
        return name;
    }
    public void setName(String name) {
        this.name = name;
    }
    public String getCompanyName() {
        return companyName;
    }
    public void setCompanyName(String companyName) {
        this.companyName = companyName;
    }
    public String getStatus() {
        return status;
    }
    public void setStatus(String status) {
        this.status = status;
    }
    public OffsetDateTime getCreatedAt() {
        return createdAt;
    }
    public void setCreatedAt(OffsetDateTime createdAt) {
        this.createdAt = createdAt;
    }
 }
--- a/backend/src/main/java/com/printcalculator/dto/AdminFilamentMaterialTypeDto.java
+++ b/backend/src/main/java/com/printcalculator/dto/AdminFilamentMaterialTypeDto.java
@@ -1,49 +0,0 @@
 package com.printcalculator.dto;
 public class AdminFilamentMaterialTypeDto {
    private Long id;
    private String materialCode;
    private Boolean isFlexible;
    private Boolean isTechnical;
    private String technicalTypeLabel;
    public Long getId() {
        return id;
    }
    public void setId(Long id) {
        this.id = id;
    }
    public String getMaterialCode() {
        return materialCode;
    }
    public void setMaterialCode(String materialCode) {
        this.materialCode = materialCode;
    }
    public Boolean getIsFlexible() {
        return isFlexible;
    }
    public void setIsFlexible(Boolean isFlexible) {
        this.isFlexible = isFlexible;
    }
    public Boolean getIsTechnical() {
        return isTechnical;
    }
    public void setIsTechnical(Boolean isTechnical) {
        this.isTechnical = isTechnical;
    }
    public String getTechnicalTypeLabel() {
        return technicalTypeLabel;
    }
    public void setTechnicalTypeLabel(String technicalTypeLabel) {
        this.technicalTypeLabel = technicalTypeLabel;
    }
 }
--- a/backend/src/main/java/com/printcalculator/dto/AdminFilamentStockDto.java
+++ b/backend/src/main/java/com/printcalculator/dto/AdminFilamentStockDto.java
@@ -1,87 +0,0 @@
 package com.printcalculator.dto;
 import java.math.BigDecimal;
 public class AdminFilamentStockDto {
    private Long filamentVariantId;
    private String materialCode;
    private String variantDisplayName;
    private String colorName;
    private BigDecimal stockSpools;
    private BigDecimal spoolNetKg;
    private BigDecimal stockKg;
    private BigDecimal stockFilamentGrams;
    private Boolean active;
    public Long getFilamentVariantId() {
        return filamentVariantId;
    }
    public void setFilamentVariantId(Long filamentVariantId) {
        this.filamentVariantId = filamentVariantId;
    }
    public String getMaterialCode() {
        return materialCode;
    }
    public void setMaterialCode(String materialCode) {
        this.materialCode = materialCode;
    }
    public String getVariantDisplayName() {
        return variantDisplayName;
    }
    public void setVariantDisplayName(String variantDisplayName) {
        this.variantDisplayName = variantDisplayName;
    }
    public String getColorName() {
        return colorName;
    }
    public void setColorName(String colorName) {
        this.colorName = colorName;
    }
    public BigDecimal getStockSpools() {
        return stockSpools;
    }
    public void setStockSpools(BigDecimal stockSpools) {
        this.stockSpools = stockSpools;
    }
    public BigDecimal getSpoolNetKg() {
        return spoolNetKg;
    }
    public void setSpoolNetKg(BigDecimal spoolNetKg) {
        this.spoolNetKg = spoolNetKg;
    }
    public BigDecimal getStockKg() {
        return stockKg;
    }
    public void setStockKg(BigDecimal stockKg) {
        this.stockKg = stockKg;
    }
    public BigDecimal getStockFilamentGrams() {
        return stockFilamentGrams;
    }
    public void setStockFilamentGrams(BigDecimal stockFilamentGrams) {
        this.stockFilamentGrams = stockFilamentGrams;
    }
    public Boolean getActive() {
        return active;
    }
    public void setActive(Boolean active) {
        this.active = active;
    }
 }
--- a/backend/src/main/java/com/printcalculator/dto/AdminFilamentVariantDto.java
+++ b/backend/src/main/java/com/printcalculator/dto/AdminFilamentVariantDto.java
@@ -1,187 +0,0 @@
 package com.printcalculator.dto;
 import java.math.BigDecimal;
 import java.time.OffsetDateTime;
 public class AdminFilamentVariantDto {
    private Long id;
    private Long materialTypeId;
    private String materialCode;
    private Boolean materialIsFlexible;
    private Boolean materialIsTechnical;
    private String materialTechnicalTypeLabel;
    private String variantDisplayName;
    private String colorName;
    private String colorHex;
    private String finishType;
    private String brand;
    private Boolean isMatte;
    private Boolean isSpecial;
    private BigDecimal costChfPerKg;
    private BigDecimal stockSpools;
    private BigDecimal spoolNetKg;
    private BigDecimal stockKg;
    private BigDecimal stockFilamentGrams;
    private Boolean isActive;
    private OffsetDateTime createdAt;
    public Long getId() {
        return id;
    }
    public void setId(Long id) {
        this.id = id;
    }
    public Long getMaterialTypeId() {
        return materialTypeId;
    }
    public void setMaterialTypeId(Long materialTypeId) {
        this.materialTypeId = materialTypeId;
    }
    public String getMaterialCode() {
        return materialCode;
    }
    public void setMaterialCode(String materialCode) {
        this.materialCode = materialCode;
    }
    public Boolean getMaterialIsFlexible() {
        return materialIsFlexible;
    }
    public void setMaterialIsFlexible(Boolean materialIsFlexible) {
        this.materialIsFlexible = materialIsFlexible;
    }
    public Boolean getMaterialIsTechnical() {
        return materialIsTechnical;
    }
    public void setMaterialIsTechnical(Boolean materialIsTechnical) {
        this.materialIsTechnical = materialIsTechnical;
    }
    public String getMaterialTechnicalTypeLabel() {
        return materialTechnicalTypeLabel;
    }
    public void setMaterialTechnicalTypeLabel(String materialTechnicalTypeLabel) {
        this.materialTechnicalTypeLabel = materialTechnicalTypeLabel;
    }
    public String getVariantDisplayName() {
        return variantDisplayName;
    }
    public void setVariantDisplayName(String variantDisplayName) {
        this.variantDisplayName = variantDisplayName;
    }
    public String getColorName() {
        return colorName;
    }
    public void setColorName(String colorName) {
        this.colorName = colorName;
    }
    public String getColorHex() {
        return colorHex;
    }
    public void setColorHex(String colorHex) {
        this.colorHex = colorHex;
    }
    public String getFinishType() {
        return finishType;
    }
    public void setFinishType(String finishType) {
        this.finishType = finishType;
    }
    public String getBrand() {
        return brand;
    }
    public void setBrand(String brand) {
        this.brand = brand;
    }
    public Boolean getIsMatte() {
        return isMatte;
    }
    public void setIsMatte(Boolean isMatte) {
        this.isMatte = isMatte;
    }
    public Boolean getIsSpecial() {
        return isSpecial;
    }
    public void setIsSpecial(Boolean isSpecial) {
        this.isSpecial = isSpecial;
    }
    public BigDecimal getCostChfPerKg() {
        return costChfPerKg;
    }
    public void setCostChfPerKg(BigDecimal costChfPerKg) {
        this.costChfPerKg = costChfPerKg;
    }
    public BigDecimal getStockSpools() {
        return stockSpools;
    }
    public void setStockSpools(BigDecimal stockSpools) {
        this.stockSpools = stockSpools;
    }
    public BigDecimal getSpoolNetKg() {
        return spoolNetKg;
    }
    public void setSpoolNetKg(BigDecimal spoolNetKg) {
        this.spoolNetKg = spoolNetKg;
    }
    public BigDecimal getStockKg() {
        return stockKg;
    }
    public void setStockKg(BigDecimal stockKg) {
        this.stockKg = stockKg;
    }
    public BigDecimal getStockFilamentGrams() {
        return stockFilamentGrams;
    }
    public void setStockFilamentGrams(BigDecimal stockFilamentGrams) {
        this.stockFilamentGrams = stockFilamentGrams;
    }
    public Boolean getIsActive() {
        return isActive;
    }
    public void setIsActive(Boolean isActive) {
        this.isActive = isActive;
    }
    public OffsetDateTime getCreatedAt() {
        return createdAt;
    }
    public void setCreatedAt(OffsetDateTime createdAt) {
        this.createdAt = createdAt;
    }
 }
--- a/backend/src/main/java/com/printcalculator/dto/AdminLoginRequest.java
+++ b/backend/src/main/java/com/printcalculator/dto/AdminLoginRequest.java
@@ -1,17 +0,0 @@
 package com.printcalculator.dto;
 import jakarta.validation.constraints.NotBlank;
 public class AdminLoginRequest {
    @NotBlank
    private String password;
    public String getPassword() {
        return password;
    }
    public void setPassword(String password) {
        this.password = password;
    }
 }
--- a/backend/src/main/java/com/printcalculator/dto/AdminOrderStatusUpdateRequest.java
+++ b/backend/src/main/java/com/printcalculator/dto/AdminOrderStatusUpdateRequest.java
@@ -1,13 +0,0 @@
 package com.printcalculator.dto;
 public class AdminOrderStatusUpdateRequest {
    private String status;
    public String getStatus() {
        return status;
    }
    public void setStatus(String status) {
        this.status = status;
    }
 }
--- a/backend/src/main/java/com/printcalculator/dto/AdminQuoteSessionDto.java
+++ b/backend/src/main/java/com/printcalculator/dto/AdminQuoteSessionDto.java
@@ -1,61 +0,0 @@
 package com.printcalculator.dto;
 import java.time.OffsetDateTime;
 import java.util.UUID;
 public class AdminQuoteSessionDto {
    private UUID id;
    private String status;
    private String materialCode;
    private OffsetDateTime createdAt;
    private OffsetDateTime expiresAt;
    private UUID convertedOrderId;
    public UUID getId() {
        return id;
    }
    public void setId(UUID id) {
        this.id = id;
    }
    public String getStatus() {
        return status;
    }
    public void setStatus(String status) {
        this.status = status;
    }
    public String getMaterialCode() {
        return materialCode;
    }
    public void setMaterialCode(String materialCode) {
        this.materialCode = materialCode;
    }
    public OffsetDateTime getCreatedAt() {
        return createdAt;
    }
    public void setCreatedAt(OffsetDateTime createdAt) {
        this.createdAt = createdAt;
    }
    public OffsetDateTime getExpiresAt() {
        return expiresAt;
    }
    public void setExpiresAt(OffsetDateTime expiresAt) {
        this.expiresAt = expiresAt;
    }
    public UUID getConvertedOrderId() {
        return convertedOrderId;
    }
    public void setConvertedOrderId(UUID convertedOrderId) {
        this.convertedOrderId = convertedOrderId;
    }
 }
--- a/backend/src/main/java/com/printcalculator/dto/AdminUpdateContactRequestStatusRequest.java
+++ b/backend/src/main/java/com/printcalculator/dto/AdminUpdateContactRequestStatusRequest.java
@@ -1,13 +0,0 @@
 package com.printcalculator.dto;
 public class AdminUpdateContactRequestStatusRequest {
    private String status;
    public String getStatus() {
        return status;
    }
    public void setStatus(String status) {
        this.status = status;
    }
 }
--- a/backend/src/main/java/com/printcalculator/dto/AdminUpsertFilamentMaterialTypeRequest.java
+++ b/backend/src/main/java/com/printcalculator/dto/AdminUpsertFilamentMaterialTypeRequest.java
@@ -1,40 +0,0 @@
 package com.printcalculator.dto;
 public class AdminUpsertFilamentMaterialTypeRequest {
    private String materialCode;
    private Boolean isFlexible;
    private Boolean isTechnical;
    private String technicalTypeLabel;
    public String getMaterialCode() {
        return materialCode;
    }
    public void setMaterialCode(String materialCode) {
        this.materialCode = materialCode;
    }
    public Boolean getIsFlexible() {
        return isFlexible;
    }
    public void setIsFlexible(Boolean isFlexible) {
        this.isFlexible = isFlexible;
    }
    public Boolean getIsTechnical() {
        return isTechnical;
    }
    public void setIsTechnical(Boolean isTechnical) {
        this.isTechnical = isTechnical;
    }
    public String getTechnicalTypeLabel() {
        return technicalTypeLabel;
    }
    public void setTechnicalTypeLabel(String technicalTypeLabel) {
        this.technicalTypeLabel = technicalTypeLabel;
    }
 }
--- a/backend/src/main/java/com/printcalculator/dto/AdminUpsertFilamentVariantRequest.java
+++ b/backend/src/main/java/com/printcalculator/dto/AdminUpsertFilamentVariantRequest.java
@@ -1,114 +0,0 @@
 package com.printcalculator.dto;
 import java.math.BigDecimal;
 public class AdminUpsertFilamentVariantRequest {
    private Long materialTypeId;
    private String variantDisplayName;
    private String colorName;
    private String colorHex;
    private String finishType;
    private String brand;
    private Boolean isMatte;
    private Boolean isSpecial;
    private BigDecimal costChfPerKg;
    private BigDecimal stockSpools;
    private BigDecimal spoolNetKg;
    private Boolean isActive;
    public Long getMaterialTypeId() {
        return materialTypeId;
    }
    public void setMaterialTypeId(Long materialTypeId) {
        this.materialTypeId = materialTypeId;
    }
    public String getVariantDisplayName() {
        return variantDisplayName;
    }
    public void setVariantDisplayName(String variantDisplayName) {
        this.variantDisplayName = variantDisplayName;
    }
    public String getColorName() {
        return colorName;
    }
    public void setColorName(String colorName) {
        this.colorName = colorName;
    }
    public String getColorHex() {
        return colorHex;
    }
    public void setColorHex(String colorHex) {
        this.colorHex = colorHex;
    }
    public String getFinishType() {
        return finishType;
    }
    public void setFinishType(String finishType) {
        this.finishType = finishType;
    }
    public String getBrand() {
        return brand;
    }
    public void setBrand(String brand) {
        this.brand = brand;
    }
    public Boolean getIsMatte() {
        return isMatte;
    }
    public void setIsMatte(Boolean isMatte) {
        this.isMatte = isMatte;
    }
    public Boolean getIsSpecial() {
        return isSpecial;
    }
    public void setIsSpecial(Boolean isSpecial) {
        this.isSpecial = isSpecial;
    }
    public BigDecimal getCostChfPerKg() {
        return costChfPerKg;
    }
    public void setCostChfPerKg(BigDecimal costChfPerKg) {
        this.costChfPerKg = costChfPerKg;
    }
    public BigDecimal getStockSpools() {
        return stockSpools;
    }
    public void setStockSpools(BigDecimal stockSpools) {
        this.stockSpools = stockSpools;
    }
    public BigDecimal getSpoolNetKg() {
        return spoolNetKg;
    }
    public void setSpoolNetKg(BigDecimal spoolNetKg) {
        this.spoolNetKg = spoolNetKg;
    }
    public Boolean getIsActive() {
        return isActive;
    }
    public void setIsActive(Boolean isActive) {
        this.isActive = isActive;
    }
 }
--- a/backend/src/main/java/com/printcalculator/dto/CreateOrderRequest.java
+++ b/backend/src/main/java/com/printcalculator/dto/CreateOrderRequest.java
@@ -1,19 +1,11 @@
 package com.printcalculator.dto;
 import lombok.Data;
 import jakarta.validation.constraints.AssertTrue;
@Data
 public class CreateOrderRequest {
    private CustomerDto customer;
    private AddressDto billingAddress;
    private AddressDto shippingAddress;
    private String language;
    private boolean shippingSameAsBilling;
    @AssertTrue(message = "L'accettazione dei Termini e Condizioni e obbligatoria.")
    private boolean acceptTerms;
    @AssertTrue(message = "L'accettazione dell'Informativa Privacy e obbligatoria.")
    private boolean acceptPrivacy;
 }
--- a/backend/src/main/java/com/printcalculator/dto/OptionsResponse.java
+++ b/backend/src/main/java/com/printcalculator/dto/OptionsResponse.java
@@ -10,16 +10,7 @@ public record OptionsResponse(
    List<NozzleOptionDTO> nozzleDiameters
 ) {
    public record MaterialOption(String code, String label, List<VariantOption> variants) {}
-    public record VariantOption(
+    public record VariantOption(String name, String colorName, String hexColor, boolean isOutOfStock) {}
            Long id,
            String name,
            String colorName,
            String hexColor,
            String finishType,
            Double stockSpools,
            Double stockFilamentGrams,
            boolean isOutOfStock
    ) {}
    public record QualityOption(String id, String label) {}
    public record InfillPatternOption(String id, String label) {}
    public record LayerHeightOptionDTO(double value, String label) {}
--- a/backend/src/main/java/com/printcalculator/dto/OrderDto.java
+++ b/backend/src/main/java/com/printcalculator/dto/OrderDto.java
@@ -9,11 +9,8 @@ public class OrderDto {
    private UUID id;
    private String orderNumber;
    private String status;
    private String paymentStatus;
    private String paymentMethod;
    private String customerEmail;
    private String customerPhone;
    private String preferredLanguage;
    private String billingCustomerType;
    private AddressDto billingAddress;
    private AddressDto shippingAddress;
@@ -25,12 +22,6 @@ public class OrderDto {
    private BigDecimal subtotalChf;
    private BigDecimal totalChf;
    private OffsetDateTime createdAt;
    private String printMaterialCode;
    private BigDecimal printNozzleDiameterMm;
    private BigDecimal printLayerHeightMm;
    private String printInfillPattern;
    private Integer printInfillPercent;
    private Boolean printSupportsEnabled;
    private List<OrderItemDto> items;
    // Getters and Setters
@@ -43,21 +34,12 @@ public class OrderDto {
    public String getStatus() { return status; }
    public void setStatus(String status) { this.status = status; }
    public String getPaymentStatus() { return paymentStatus; }
    public void setPaymentStatus(String paymentStatus) { this.paymentStatus = paymentStatus; }
    public String getPaymentMethod() { return paymentMethod; }
    public void setPaymentMethod(String paymentMethod) { this.paymentMethod = paymentMethod; }
    public String getCustomerEmail() { return customerEmail; }
    public void setCustomerEmail(String customerEmail) { this.customerEmail = customerEmail; }
    public String getCustomerPhone() { return customerPhone; }
    public void setCustomerPhone(String customerPhone) { this.customerPhone = customerPhone; }
    public String getPreferredLanguage() { return preferredLanguage; }
    public void setPreferredLanguage(String preferredLanguage) { this.preferredLanguage = preferredLanguage; }
    public String getBillingCustomerType() { return billingCustomerType; }
    public void setBillingCustomerType(String billingCustomerType) { this.billingCustomerType = billingCustomerType; }
@@ -91,24 +73,6 @@ public class OrderDto {
    public OffsetDateTime getCreatedAt() { return createdAt; }
    public void setCreatedAt(OffsetDateTime createdAt) { this.createdAt = createdAt; }
    public String getPrintMaterialCode() { return printMaterialCode; }
    public void setPrintMaterialCode(String printMaterialCode) { this.printMaterialCode = printMaterialCode; }
    public BigDecimal getPrintNozzleDiameterMm() { return printNozzleDiameterMm; }
    public void setPrintNozzleDiameterMm(BigDecimal printNozzleDiameterMm) { this.printNozzleDiameterMm = printNozzleDiameterMm; }
    public BigDecimal getPrintLayerHeightMm() { return printLayerHeightMm; }
    public void setPrintLayerHeightMm(BigDecimal printLayerHeightMm) { this.printLayerHeightMm = printLayerHeightMm; }
    public String getPrintInfillPattern() { return printInfillPattern; }
    public void setPrintInfillPattern(String printInfillPattern) { this.printInfillPattern = printInfillPattern; }
    public Integer getPrintInfillPercent() { return printInfillPercent; }
    public void setPrintInfillPercent(Integer printInfillPercent) { this.printInfillPercent = printInfillPercent; }
    public Boolean getPrintSupportsEnabled() { return printSupportsEnabled; }
    public void setPrintSupportsEnabled(Boolean printSupportsEnabled) { this.printSupportsEnabled = printSupportsEnabled; }
    public List<OrderItemDto> getItems() { return items; }
    public void setItems(List<OrderItemDto> items) { this.items = items; }
 }
--- a/backend/src/main/java/com/printcalculator/dto/PrintSettingsDto.java
+++ b/backend/src/main/java/com/printcalculator/dto/PrintSettingsDto.java
@@ -8,24 +8,16 @@ public class PrintSettingsDto {
    private String complexityMode;
    // Common
-    private String material; // e.g. "PLA", "PLA TOUGH", "PETG"
+    private String material; // e.g. "PLA", "PETG"
    private String color;    // e.g. "White", "#FFFFFF"
    private Long filamentVariantId;
    private Long printerMachineId;
    // Basic Mode
    private String quality;  // "draft", "standard", "high"
    // Advanced Mode (Optional in Basic)
    private Double nozzleDiameter;
    private Double layerHeight;
    private Double infillDensity;
    private String infillPattern;
    private Boolean supportsEnabled;
    private String notes;
    // Dimensions
    private Double boundingBoxX;
    private Double boundingBoxY;
    private Double boundingBoxZ;
 }
--- a/backend/src/main/java/com/printcalculator/dto/QuoteRequestDto.java
+++ b/backend/src/main/java/com/printcalculator/dto/QuoteRequestDto.java
@@ -1,7 +1,6 @@
 package com.printcalculator.dto;
 import lombok.Data;
 import jakarta.validation.constraints.AssertTrue;
@Data
 public class QuoteRequestDto {
@@ -13,10 +12,4 @@ public class QuoteRequestDto {
    private String companyName;
    private String contactPerson;
    private String message;
    @AssertTrue(message = "L'accettazione dei Termini e Condizioni e obbligatoria.")
    private boolean acceptTerms;
    @AssertTrue(message = "L'accettazione dell'Informativa Privacy e obbligatoria.")
    private boolean acceptPrivacy;
 }
--- a/backend/src/main/java/com/printcalculator/entity/FilamentVariant.java
+++ b/backend/src/main/java/com/printcalculator/entity/FilamentVariant.java
@@ -24,16 +24,6 @@ public class FilamentVariant {
    @Column(name = "color_name", nullable = false, length = Integer.MAX_VALUE)
    private String colorName;
    @Column(name = "color_hex", length = Integer.MAX_VALUE)
    private String colorHex;
    @ColumnDefault("'GLOSSY'")
    @Column(name = "finish_type", length = Integer.MAX_VALUE)
    private String finishType;
    @Column(name = "brand", length = Integer.MAX_VALUE)
    private String brand;
    @ColumnDefault("false")
    @Column(name = "is_matte", nullable = false)
    private Boolean isMatte;
@@ -93,30 +83,6 @@ public class FilamentVariant {
        this.colorName = colorName;
    }
    public String getColorHex() {
        return colorHex;
    }
    public void setColorHex(String colorHex) {
        this.colorHex = colorHex;
    }
    public String getFinishType() {
        return finishType;
    }
    public void setFinishType(String finishType) {
        this.finishType = finishType;
    }
    public String getBrand() {
        return brand;
    }
    public void setBrand(String brand) {
        this.brand = brand;
    }
    public Boolean getIsMatte() {
        return isMatte;
    }
@@ -173,4 +139,4 @@ public class FilamentVariant {
        this.createdAt = createdAt;
    }
-}
+}
--- a/backend/src/main/java/com/printcalculator/entity/FilamentVariantOrcaOverride.java
+++ b/backend/src/main/java/com/printcalculator/entity/FilamentVariantOrcaOverride.java
@@ -1,72 +0,0 @@
 package com.printcalculator.entity;
 import jakarta.persistence.*;
 import org.hibernate.annotations.ColumnDefault;
@Entity
@Table(name = "filament_variant_orca_override", uniqueConstraints = {
        @UniqueConstraint(name = "ux_filament_variant_orca_override_variant_machine", columnNames = {
                "filament_variant_id", "printer_machine_profile_id"
        })
 })
 public class FilamentVariantOrcaOverride {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    @Column(name = "filament_variant_orca_override_id", nullable = false)
    private Long id;
    @ManyToOne(fetch = FetchType.LAZY, optional = false)
    @JoinColumn(name = "filament_variant_id", nullable = false)
    private FilamentVariant filamentVariant;
    @ManyToOne(fetch = FetchType.LAZY, optional = false)
    @JoinColumn(name = "printer_machine_profile_id", nullable = false)
    private PrinterMachineProfile printerMachineProfile;
    @Column(name = "orca_filament_profile_name", nullable = false, length = Integer.MAX_VALUE)
    private String orcaFilamentProfileName;
    @ColumnDefault("true")
    @Column(name = "is_active", nullable = false)
    private Boolean isActive;
    public Long getId() {
        return id;
    }
    public void setId(Long id) {
        this.id = id;
    }
    public FilamentVariant getFilamentVariant() {
        return filamentVariant;
    }
    public void setFilamentVariant(FilamentVariant filamentVariant) {
        this.filamentVariant = filamentVariant;
    }
    public PrinterMachineProfile getPrinterMachineProfile() {
        return printerMachineProfile;
    }
    public void setPrinterMachineProfile(PrinterMachineProfile printerMachineProfile) {
        this.printerMachineProfile = printerMachineProfile;
    }
    public String getOrcaFilamentProfileName() {
        return orcaFilamentProfileName;
    }
    public void setOrcaFilamentProfileName(String orcaFilamentProfileName) {
        this.orcaFilamentProfileName = orcaFilamentProfileName;
    }
    public Boolean getIsActive() {
        return isActive;
    }
    public void setIsActive(Boolean isActive) {
        this.isActive = isActive;
    }
 }
--- a/backend/src/main/java/com/printcalculator/entity/MaterialOrcaProfileMap.java
+++ b/backend/src/main/java/com/printcalculator/entity/MaterialOrcaProfileMap.java
@@ -1,72 +0,0 @@
 package com.printcalculator.entity;
 import jakarta.persistence.*;
 import org.hibernate.annotations.ColumnDefault;
@Entity
@Table(name = "material_orca_profile_map", uniqueConstraints = {
        @UniqueConstraint(name = "ux_material_orca_profile_map_machine_material", columnNames = {
                "printer_machine_profile_id", "filament_material_type_id"
        })
 })
 public class MaterialOrcaProfileMap {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    @Column(name = "material_orca_profile_map_id", nullable = false)
    private Long id;
    @ManyToOne(fetch = FetchType.LAZY, optional = false)
    @JoinColumn(name = "printer_machine_profile_id", nullable = false)
    private PrinterMachineProfile printerMachineProfile;
    @ManyToOne(fetch = FetchType.LAZY, optional = false)
    @JoinColumn(name = "filament_material_type_id", nullable = false)
    private FilamentMaterialType filamentMaterialType;
    @Column(name = "orca_filament_profile_name", nullable = false, length = Integer.MAX_VALUE)
    private String orcaFilamentProfileName;
    @ColumnDefault("true")
    @Column(name = "is_active", nullable = false)
    private Boolean isActive;
    public Long getId() {
        return id;
    }
    public void setId(Long id) {
        this.id = id;
    }
    public PrinterMachineProfile getPrinterMachineProfile() {
        return printerMachineProfile;
    }
    public void setPrinterMachineProfile(PrinterMachineProfile printerMachineProfile) {
        this.printerMachineProfile = printerMachineProfile;
    }
    public FilamentMaterialType getFilamentMaterialType() {
        return filamentMaterialType;
    }
    public void setFilamentMaterialType(FilamentMaterialType filamentMaterialType) {
        this.filamentMaterialType = filamentMaterialType;
    }
    public String getOrcaFilamentProfileName() {
        return orcaFilamentProfileName;
    }
    public void setOrcaFilamentProfileName(String orcaFilamentProfileName) {
        this.orcaFilamentProfileName = orcaFilamentProfileName;
    }
    public Boolean getIsActive() {
        return isActive;
    }
    public void setIsActive(Boolean isActive) {
        this.isActive = isActive;
    }
 }
--- a/backend/src/main/java/com/printcalculator/entity/Order.java
+++ b/backend/src/main/java/com/printcalculator/entity/Order.java
@@ -95,10 +95,6 @@ public class Order {
    @Column(name = "shipping_country_code", length = 2)
    private String shippingCountryCode;
    @ColumnDefault("'it'")
    @Column(name = "preferred_language", length = 2)
    private String preferredLanguage;
    @ColumnDefault("'CHF'")
    @Column(name = "currency", nullable = false, length = 3)
    private String currency;
@@ -360,14 +356,6 @@ public class Order {
        this.currency = currency;
    }
    public String getPreferredLanguage() {
        return preferredLanguage;
    }
    public void setPreferredLanguage(String preferredLanguage) {
        this.preferredLanguage = preferredLanguage;
    }
    public BigDecimal getSetupCostChf() {
        return setupCostChf;
    }
--- a/backend/src/main/java/com/printcalculator/entity/OrderItem.java
+++ b/backend/src/main/java/com/printcalculator/entity/OrderItem.java
@@ -44,10 +44,6 @@ public class OrderItem {
    @Column(name = "material_code", nullable = false, length = Integer.MAX_VALUE)
    private String materialCode;
    @ManyToOne(fetch = FetchType.LAZY)
    @JoinColumn(name = "filament_variant_id")
    private FilamentVariant filamentVariant;
    @Column(name = "color_code", length = Integer.MAX_VALUE)
    private String colorCode;
@@ -61,15 +57,6 @@ public class OrderItem {
    @Column(name = "material_grams", precision = 12, scale = 2)
    private BigDecimal materialGrams;
    @Column(name = "bounding_box_x_mm", precision = 10, scale = 3)
    private BigDecimal boundingBoxXMm;
    @Column(name = "bounding_box_y_mm", precision = 10, scale = 3)
    private BigDecimal boundingBoxYMm;
    @Column(name = "bounding_box_z_mm", precision = 10, scale = 3)
    private BigDecimal boundingBoxZMm;
    @Column(name = "unit_price_chf", nullable = false, precision = 12, scale = 2)
    private BigDecimal unitPriceChf;
@@ -162,14 +149,6 @@ public class OrderItem {
        this.materialCode = materialCode;
    }
    public FilamentVariant getFilamentVariant() {
        return filamentVariant;
    }
    public void setFilamentVariant(FilamentVariant filamentVariant) {
        this.filamentVariant = filamentVariant;
    }
    public String getColorCode() {
        return colorCode;
    }
@@ -202,30 +181,6 @@ public class OrderItem {
        this.materialGrams = materialGrams;
    }
    public BigDecimal getBoundingBoxXMm() {
        return boundingBoxXMm;
    }
    public void setBoundingBoxXMm(BigDecimal boundingBoxXMm) {
        this.boundingBoxXMm = boundingBoxXMm;
    }
    public BigDecimal getBoundingBoxYMm() {
        return boundingBoxYMm;
    }
    public void setBoundingBoxYMm(BigDecimal boundingBoxYMm) {
        this.boundingBoxYMm = boundingBoxYMm;
    }
    public BigDecimal getBoundingBoxZMm() {
        return boundingBoxZMm;
    }
    public void setBoundingBoxZMm(BigDecimal boundingBoxZMm) {
        this.boundingBoxZMm = boundingBoxZMm;
    }
    public BigDecimal getUnitPriceChf() {
        return unitPriceChf;
    }
--- a/backend/src/main/java/com/printcalculator/entity/Payment.java
+++ b/backend/src/main/java/com/printcalculator/entity/Payment.java
@@ -52,9 +52,6 @@ public class Payment {
    @Column(name = "initiated_at", nullable = false)
    private OffsetDateTime initiatedAt;
    @Column(name = "reported_at")
    private OffsetDateTime reportedAt;
    @Column(name = "received_at")
    private OffsetDateTime receivedAt;
@@ -138,14 +135,6 @@ public class Payment {
        this.initiatedAt = initiatedAt;
    }
    public OffsetDateTime getReportedAt() {
        return reportedAt;
    }
    public void setReportedAt(OffsetDateTime reportedAt) {
        this.reportedAt = reportedAt;
    }
    public OffsetDateTime getReceivedAt() {
        return receivedAt;
    }
--- a/backend/src/main/java/com/printcalculator/entity/PrinterMachineProfile.java
+++ b/backend/src/main/java/com/printcalculator/entity/PrinterMachineProfile.java
@@ -1,85 +0,0 @@
 package com.printcalculator.entity;
 import jakarta.persistence.*;
 import org.hibernate.annotations.ColumnDefault;
 import java.math.BigDecimal;
@Entity
@Table(name = "printer_machine_profile", uniqueConstraints = {
        @UniqueConstraint(name = "ux_printer_machine_profile_machine_nozzle", columnNames = {
                "printer_machine_id", "nozzle_diameter_mm"
        })
 })
 public class PrinterMachineProfile {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    @Column(name = "printer_machine_profile_id", nullable = false)
    private Long id;
    @ManyToOne(fetch = FetchType.LAZY, optional = false)
    @JoinColumn(name = "printer_machine_id", nullable = false)
    private PrinterMachine printerMachine;
    @Column(name = "nozzle_diameter_mm", nullable = false, precision = 4, scale = 2)
    private BigDecimal nozzleDiameterMm;
    @Column(name = "orca_machine_profile_name", nullable = false, length = Integer.MAX_VALUE)
    private String orcaMachineProfileName;
    @ColumnDefault("false")
    @Column(name = "is_default", nullable = false)
    private Boolean isDefault;
    @ColumnDefault("true")
    @Column(name = "is_active", nullable = false)
    private Boolean isActive;
    public Long getId() {
        return id;
    }
    public void setId(Long id) {
        this.id = id;
    }
    public PrinterMachine getPrinterMachine() {
        return printerMachine;
    }
    public void setPrinterMachine(PrinterMachine printerMachine) {
        this.printerMachine = printerMachine;
    }
    public BigDecimal getNozzleDiameterMm() {
        return nozzleDiameterMm;
    }
    public void setNozzleDiameterMm(BigDecimal nozzleDiameterMm) {
        this.nozzleDiameterMm = nozzleDiameterMm;
    }
    public String getOrcaMachineProfileName() {
        return orcaMachineProfileName;
    }
    public void setOrcaMachineProfileName(String orcaMachineProfileName) {
        this.orcaMachineProfileName = orcaMachineProfileName;
    }
    public Boolean getIsDefault() {
        return isDefault;
    }
    public void setIsDefault(Boolean isDefault) {
        this.isDefault = isDefault;
    }
    public Boolean getIsActive() {
        return isActive;
    }
    public void setIsActive(Boolean isActive) {
        this.isActive = isActive;
    }
 }
--- a/backend/src/main/java/com/printcalculator/entity/QuoteLineItem.java
+++ b/backend/src/main/java/com/printcalculator/entity/QuoteLineItem.java
@@ -40,11 +40,6 @@ public class QuoteLineItem {
    @Column(name = "color_code", length = Integer.MAX_VALUE)
    private String colorCode;
    @ManyToOne(fetch = FetchType.LAZY)
    @JoinColumn(name = "filament_variant_id")
    @com.fasterxml.jackson.annotation.JsonIgnore
    private FilamentVariant filamentVariant;
    @Column(name = "bounding_box_x_mm", precision = 10, scale = 3)
    private BigDecimal boundingBoxXMm;
@@ -129,14 +124,6 @@ public class QuoteLineItem {
        this.colorCode = colorCode;
    }
    public FilamentVariant getFilamentVariant() {
        return filamentVariant;
    }
    public void setFilamentVariant(FilamentVariant filamentVariant) {
        this.filamentVariant = filamentVariant;
    }
    public BigDecimal getBoundingBoxXMm() {
        return boundingBoxXMm;
    }
@@ -225,4 +212,4 @@ public class QuoteLineItem {
        this.updatedAt = updatedAt;
    }
-}
+}
--- a/backend/src/main/java/com/printcalculator/event/PaymentConfirmedEvent.java
+++ b/backend/src/main/java/com/printcalculator/event/PaymentConfirmedEvent.java
@@ -1,24 +0,0 @@
 package com.printcalculator.event;
 import com.printcalculator.entity.Order;
 import com.printcalculator.entity.Payment;
 import org.springframework.context.ApplicationEvent;
 public class PaymentConfirmedEvent extends ApplicationEvent {
    private final Order order;
    private final Payment payment;
    public PaymentConfirmedEvent(Object source, Order order, Payment payment) {
        super(source);
        this.order = order;
        this.payment = payment;
    }
    public Order getOrder() {
        return order;
    }
    public Payment getPayment() {
        return payment;
    }
 }
--- a/backend/src/main/java/com/printcalculator/event/PaymentReportedEvent.java
+++ b/backend/src/main/java/com/printcalculator/event/PaymentReportedEvent.java
@@ -1,25 +0,0 @@
 package com.printcalculator.event;
 import com.printcalculator.entity.Order;
 import com.printcalculator.entity.Payment;
 import org.springframework.context.ApplicationEvent;
 public class PaymentReportedEvent extends ApplicationEvent {
    private final Order order;
    private final Payment payment;
    public PaymentReportedEvent(Object source, Order order, Payment payment) {
        super(source);
        this.order = order;
        this.payment = payment;
    }
    public Order getOrder() {
        return order;
    }
    public Payment getPayment() {
        return payment;
    }
 }
--- a/backend/src/main/java/com/printcalculator/event/listener/OrderEmailListener.java
+++ b/backend/src/main/java/com/printcalculator/event/listener/OrderEmailListener.java
@@ -1,15 +1,7 @@
 package com.printcalculator.event.listener;
 import com.printcalculator.entity.Order;
 import com.printcalculator.entity.OrderItem;
 import com.printcalculator.entity.Payment;
 import com.printcalculator.event.OrderCreatedEvent;
 import com.printcalculator.event.PaymentConfirmedEvent;
 import com.printcalculator.event.PaymentReportedEvent;
 import com.printcalculator.repository.OrderItemRepository;
 import com.printcalculator.service.InvoicePdfRenderingService;
 import com.printcalculator.service.QrBillService;
 import com.printcalculator.service.StorageService;
 import com.printcalculator.service.email.EmailNotificationService;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -18,29 +10,16 @@ import org.springframework.context.event.EventListener;
 import org.springframework.scheduling.annotation.Async;
 import org.springframework.stereotype.Component;
 import java.text.NumberFormat;
 import java.time.Year;
 import java.time.format.DateTimeFormatter;
 import java.time.format.FormatStyle;
 import java.util.Currency;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
 import java.nio.file.Paths;
@Slf4j
@Component
@RequiredArgsConstructor
 public class OrderEmailListener {
    private static final String DEFAULT_LANGUAGE = "it";
    private final EmailNotificationService emailNotificationService;
    private final InvoicePdfRenderingService invoicePdfRenderingService;
    private final OrderItemRepository orderItemRepository;
    private final QrBillService qrBillService;
    private final StorageService storageService;
    @Value("${app.mail.admin.enabled:true}")
    private boolean adminMailEnabled;
@@ -59,7 +38,7 @@ public class OrderEmailListener {
        try {
            sendCustomerConfirmationEmail(order);
-
+            
            if (adminMailEnabled && adminMailAddress != null && !adminMailAddress.isEmpty()) {
                sendAdminNotificationEmail(order);
            }
@@ -68,317 +47,39 @@ public class OrderEmailListener {
        }
    }
    @Async
    @EventListener
    public void handlePaymentReportedEvent(PaymentReportedEvent event) {
        Order order = event.getOrder();
        log.info("Processing PaymentReportedEvent for order id: {}", order.getId());
        try {
            sendPaymentReportedEmail(order);
        } catch (Exception e) {
            log.error("Failed to send payment reported email for order id: {}", order.getId(), e);
        }
    }
    @Async
    @EventListener
    public void handlePaymentConfirmedEvent(PaymentConfirmedEvent event) {
        Order order = event.getOrder();
        Payment payment = event.getPayment();
        log.info("Processing PaymentConfirmedEvent for order id: {}", order.getId());
        try {
            sendPaidInvoiceEmail(order, payment);
        } catch (Exception e) {
            log.error("Failed to send paid invoice email for order id: {}", order.getId(), e);
        }
    }
    private void sendCustomerConfirmationEmail(Order order) {
-        String language = resolveLanguage(order.getPreferredLanguage());
+        Map<String, Object> templateData = new HashMap<>();
-        String orderNumber = getDisplayOrderNumber(order);
+        templateData.put("customerName", order.getCustomer().getFirstName());
-
+        templateData.put("orderId", order.getId());
-        Map<String, Object> templateData = buildBaseTemplateData(order, language);
+        templateData.put("orderNumber", getDisplayOrderNumber(order));
-        String subject = applyOrderConfirmationTexts(templateData, language, orderNumber);
+        templateData.put("orderDetailsUrl", buildOrderDetailsUrl(order));
-        byte[] confirmationPdf = loadOrGenerateConfirmationPdf(order);
+        templateData.put("orderDate", order.getCreatedAt().format(DateTimeFormatter.ofPattern("dd/MM/yyyy HH:mm")));
-
+        templateData.put("totalCost", String.format("%.2f", order.getTotalChf()));
        emailNotificationService.sendEmailWithAttachment(
                order.getCustomer().getEmail(),
                subject,
                "order-confirmation",
                templateData,
                buildConfirmationAttachmentName(language, orderNumber),
                confirmationPdf
        );
    }
    private void sendPaymentReportedEmail(Order order) {
        String language = resolveLanguage(order.getPreferredLanguage());
        String orderNumber = getDisplayOrderNumber(order);
        Map<String, Object> templateData = buildBaseTemplateData(order, language);
        String subject = applyPaymentReportedTexts(templateData, language, orderNumber);
        emailNotificationService.sendEmail(
                order.getCustomer().getEmail(),
-                subject,
+                "Conferma Ordine #" + getDisplayOrderNumber(order) + " - 3D-Fab",
-                "payment-reported",
+                "order-confirmation",
                templateData
        );
    }
    private void sendPaidInvoiceEmail(Order order, Payment payment) {
        String language = resolveLanguage(order.getPreferredLanguage());
        String orderNumber = getDisplayOrderNumber(order);
        Map<String, Object> templateData = buildBaseTemplateData(order, language);
        String subject = applyPaymentConfirmedTexts(templateData, language, orderNumber);
        byte[] pdf = null;
        try {
            List<OrderItem> items = orderItemRepository.findByOrder_Id(order.getId());
            pdf = invoicePdfRenderingService.generateDocumentPdf(order, items, false, qrBillService, payment);
        } catch (Exception e) {
            log.error("Failed to generate PDF for paid invoice email: {}", e.getMessage(), e);
        }
        emailNotificationService.sendEmailWithAttachment(
                order.getCustomer().getEmail(),
                subject,
                "payment-confirmed",
                templateData,
                buildPaidInvoiceAttachmentName(language, orderNumber),
                pdf
        );
    }
    private void sendAdminNotificationEmail(Order order) {
        String orderNumber = getDisplayOrderNumber(order);
        Map<String, Object> templateData = buildBaseTemplateData(order, DEFAULT_LANGUAGE);
        templateData.put("customerName", buildCustomerFullName(order));
        templateData.put("emailTitle", "Nuovo ordine ricevuto");
        templateData.put("headlineText", "Nuovo ordine #" + orderNumber);
        templateData.put("greetingText", "Ciao team,");
        templateData.put("introText", "Un nuovo ordine e' stato creato dal cliente.");
        templateData.put("detailsTitleText", "Dettagli ordine");
        templateData.put("labelOrderNumber", "Numero ordine");
        templateData.put("labelDate", "Data");
        templateData.put("labelTotal", "Totale");
        templateData.put("orderDetailsCtaText", "Apri dettaglio ordine");
        templateData.put("attachmentHintText", "La conferma cliente e il QR bill sono stati salvati nella cartella documenti dell'ordine.");
        templateData.put("supportText", "Controlla i dettagli e procedi con la gestione operativa.");
        templateData.put("footerText", "Notifica automatica sistema ordini.");
        emailNotificationService.sendEmail(
                adminMailAddress,
                "Nuovo Ordine Ricevuto #" + orderNumber + " - " + buildCustomerFullName(order),
                "order-confirmation",
                templateData
        );
    }
    private Map<String, Object> buildBaseTemplateData(Order order, String language) {
        Locale locale = localeForLanguage(language);
        NumberFormat currencyFormatter = NumberFormat.getCurrencyInstance(locale);
        currencyFormatter.setCurrency(Currency.getInstance("CHF"));
        Map<String, Object> templateData = new HashMap<>();
-        templateData.put("customerName", buildCustomerFirstName(order, language));
+        templateData.put("customerName", order.getCustomer().getFirstName() + " " + order.getCustomer().getLastName());
        templateData.put("orderId", order.getId());
        templateData.put("orderNumber", getDisplayOrderNumber(order));
-        templateData.put("orderDetailsUrl", buildOrderDetailsUrl(order, language));
+        templateData.put("orderDetailsUrl", buildOrderDetailsUrl(order));
-        templateData.put(
+        templateData.put("orderDate", order.getCreatedAt().format(DateTimeFormatter.ofPattern("dd/MM/yyyy HH:mm")));
-                "orderDate",
+        templateData.put("totalCost", String.format("%.2f", order.getTotalChf()));
-                order.getCreatedAt().format(DateTimeFormatter.ofLocalizedDateTime(FormatStyle.MEDIUM).withLocale(locale))
+        
        // Possiamo riutilizzare lo stesso template per ora o crearne uno ad-hoc in futuro
        emailNotificationService.sendEmail(
                adminMailAddress,
                "Nuovo Ordine Ricevuto #" + getDisplayOrderNumber(order) + " - " + order.getCustomer().getLastName(),
                "order-confirmation", 
                templateData
        );
        templateData.put("totalCost", currencyFormatter.format(order.getTotalChf()));
        templateData.put("currentYear", Year.now().getValue());
        return templateData;
    }
    private String applyOrderConfirmationTexts(Map<String, Object> templateData, String language, String orderNumber) {
        return switch (language) {
            case "en" -> {
                templateData.put("emailTitle", "Order Confirmation");
                templateData.put("headlineText", "Thank you for your order #" + orderNumber);
                templateData.put("greetingText", "Hi " + templateData.get("customerName") + ",");
                templateData.put("introText", "We received your order and started processing it.");
                templateData.put("detailsTitleText", "Order details");
                templateData.put("labelOrderNumber", "Order number");
                templateData.put("labelDate", "Date");
                templateData.put("labelTotal", "Total");
                templateData.put("orderDetailsCtaText", "View order status");
                templateData.put("attachmentHintText", "Attached you can find the order confirmation PDF with the QR bill.");
                templateData.put("supportText", "If you have questions, reply to this email and we will help you.");
                templateData.put("footerText", "Automated message from 3D-Fab.");
                yield "Order Confirmation #" + orderNumber + " - 3D-Fab";
            }
            case "de" -> {
                templateData.put("emailTitle", "Bestellbestaetigung");
                templateData.put("headlineText", "Danke fuer Ihre Bestellung #" + orderNumber);
                templateData.put("greetingText", "Hallo " + templateData.get("customerName") + ",");
                templateData.put("introText", "Wir haben Ihre Bestellung erhalten und mit der Bearbeitung begonnen.");
                templateData.put("detailsTitleText", "Bestelldetails");
                templateData.put("labelOrderNumber", "Bestellnummer");
                templateData.put("labelDate", "Datum");
                templateData.put("labelTotal", "Gesamtbetrag");
                templateData.put("orderDetailsCtaText", "Bestellstatus ansehen");
                templateData.put("attachmentHintText", "Im Anhang finden Sie die Bestellbestaetigung mit QR-Rechnung.");
                templateData.put("supportText", "Bei Fragen antworten Sie einfach auf diese E-Mail.");
                templateData.put("footerText", "Automatische Nachricht von 3D-Fab.");
                yield "Bestellbestaetigung #" + orderNumber + " - 3D-Fab";
            }
            case "fr" -> {
                templateData.put("emailTitle", "Confirmation de commande");
                templateData.put("headlineText", "Merci pour votre commande #" + orderNumber);
                templateData.put("greetingText", "Bonjour " + templateData.get("customerName") + ",");
                templateData.put("introText", "Nous avons recu votre commande et commence son traitement.");
                templateData.put("detailsTitleText", "Details de commande");
                templateData.put("labelOrderNumber", "Numero de commande");
                templateData.put("labelDate", "Date");
                templateData.put("labelTotal", "Total");
                templateData.put("orderDetailsCtaText", "Voir le statut de la commande");
                templateData.put("attachmentHintText", "Vous trouverez en piece jointe la confirmation de commande avec la facture QR.");
                templateData.put("supportText", "Si vous avez des questions, repondez a cet email.");
                templateData.put("footerText", "Message automatique de 3D-Fab.");
                yield "Confirmation de commande #" + orderNumber + " - 3D-Fab";
            }
            default -> {
                templateData.put("emailTitle", "Conferma ordine");
                templateData.put("headlineText", "Grazie per il tuo ordine #" + orderNumber);
                templateData.put("greetingText", "Ciao " + templateData.get("customerName") + ",");
                templateData.put("introText", "Abbiamo ricevuto il tuo ordine e iniziato l'elaborazione.");
                templateData.put("detailsTitleText", "Dettagli ordine");
                templateData.put("labelOrderNumber", "Numero ordine");
                templateData.put("labelDate", "Data");
                templateData.put("labelTotal", "Totale");
                templateData.put("orderDetailsCtaText", "Visualizza stato ordine");
                templateData.put("attachmentHintText", "In allegato trovi la conferma ordine in PDF con QR bill.");
                templateData.put("supportText", "Se hai domande, rispondi a questa email e ti aiutiamo subito.");
                templateData.put("footerText", "Messaggio automatico di 3D-Fab.");
                yield "Conferma Ordine #" + orderNumber + " - 3D-Fab";
            }
        };
    }
    private String applyPaymentReportedTexts(Map<String, Object> templateData, String language, String orderNumber) {
        return switch (language) {
            case "en" -> {
                templateData.put("emailTitle", "Payment Reported");
                templateData.put("headlineText", "Payment reported for order #" + orderNumber);
                templateData.put("greetingText", "Hi " + templateData.get("customerName") + ",");
                templateData.put("introText", "We received your payment report and our team is now verifying it.");
                templateData.put("statusText", "Current status: Payment under verification.");
                templateData.put("orderDetailsCtaText", "Check order status");
                templateData.put("supportText", "You will receive another email as soon as the payment is confirmed.");
                templateData.put("footerText", "Automated message from 3D-Fab.");
                templateData.put("labelOrderNumber", "Order number");
                templateData.put("labelTotal", "Total");
                yield "We are verifying your payment (Order #" + orderNumber + ")";
            }
            case "de" -> {
                templateData.put("emailTitle", "Zahlung gemeldet");
                templateData.put("headlineText", "Zahlung fuer Bestellung #" + orderNumber + " gemeldet");
                templateData.put("greetingText", "Hallo " + templateData.get("customerName") + ",");
                templateData.put("introText", "Wir haben Ihre Zahlungsmitteilung erhalten und pruefen sie aktuell.");
                templateData.put("statusText", "Aktueller Status: Zahlung in Pruefung.");
                templateData.put("orderDetailsCtaText", "Bestellstatus ansehen");
                templateData.put("supportText", "Sobald die Zahlung bestaetigt ist, erhalten Sie eine weitere E-Mail.");
                templateData.put("footerText", "Automatische Nachricht von 3D-Fab.");
                templateData.put("labelOrderNumber", "Bestellnummer");
                templateData.put("labelTotal", "Gesamtbetrag");
                yield "Wir pruefen Ihre Zahlung (Bestellung #" + orderNumber + ")";
            }
            case "fr" -> {
                templateData.put("emailTitle", "Paiement signale");
                templateData.put("headlineText", "Paiement signale pour la commande #" + orderNumber);
                templateData.put("greetingText", "Bonjour " + templateData.get("customerName") + ",");
                templateData.put("introText", "Nous avons recu votre signalement de paiement et nous le verifions.");
                templateData.put("statusText", "Statut actuel: Paiement en verification.");
                templateData.put("orderDetailsCtaText", "Consulter le statut de la commande");
                templateData.put("supportText", "Vous recevrez un nouvel email des que le paiement sera confirme.");
                templateData.put("footerText", "Message automatique de 3D-Fab.");
                templateData.put("labelOrderNumber", "Numero de commande");
                templateData.put("labelTotal", "Total");
                yield "Nous verifions votre paiement (Commande #" + orderNumber + ")";
            }
            default -> {
                templateData.put("emailTitle", "Pagamento segnalato");
                templateData.put("headlineText", "Pagamento segnalato per ordine #" + orderNumber);
                templateData.put("greetingText", "Ciao " + templateData.get("customerName") + ",");
                templateData.put("introText", "Abbiamo ricevuto la tua segnalazione di pagamento e la stiamo verificando.");
                templateData.put("statusText", "Stato attuale: pagamento in verifica.");
                templateData.put("orderDetailsCtaText", "Controlla lo stato ordine");
                templateData.put("supportText", "Riceverai una nuova email non appena il pagamento sara' confermato.");
                templateData.put("footerText", "Messaggio automatico di 3D-Fab.");
                templateData.put("labelOrderNumber", "Numero ordine");
                templateData.put("labelTotal", "Totale");
                yield "Stiamo verificando il tuo pagamento (Ordine #" + orderNumber + ")";
            }
        };
    }
    private String applyPaymentConfirmedTexts(Map<String, Object> templateData, String language, String orderNumber) {
        return switch (language) {
            case "en" -> {
                templateData.put("emailTitle", "Payment Confirmed");
                templateData.put("headlineText", "Payment confirmed for order #" + orderNumber);
                templateData.put("greetingText", "Hi " + templateData.get("customerName") + ",");
                templateData.put("introText", "Your payment has been confirmed and the order moved into production.");
                templateData.put("statusText", "Current status: In production.");
                templateData.put("attachmentHintText", "The paid invoice PDF is attached to this email.");
                templateData.put("orderDetailsCtaText", "View order status");
                templateData.put("supportText", "We will notify you again when the shipment is ready.");
                templateData.put("footerText", "Automated message from 3D-Fab.");
                templateData.put("labelOrderNumber", "Order number");
                templateData.put("labelTotal", "Total");
                yield "Payment confirmed (Order #" + orderNumber + ") - 3D-Fab";
            }
            case "de" -> {
                templateData.put("emailTitle", "Zahlung bestaetigt");
                templateData.put("headlineText", "Zahlung fuer Bestellung #" + orderNumber + " bestaetigt");
                templateData.put("greetingText", "Hallo " + templateData.get("customerName") + ",");
                templateData.put("introText", "Ihre Zahlung wurde bestaetigt und die Bestellung ist jetzt in Produktion.");
                templateData.put("statusText", "Aktueller Status: In Produktion.");
                templateData.put("attachmentHintText", "Die bezahlte Rechnung als PDF ist dieser E-Mail beigefuegt.");
                templateData.put("orderDetailsCtaText", "Bestellstatus ansehen");
                templateData.put("supportText", "Wir informieren Sie erneut, sobald der Versand bereit ist.");
                templateData.put("footerText", "Automatische Nachricht von 3D-Fab.");
                templateData.put("labelOrderNumber", "Bestellnummer");
                templateData.put("labelTotal", "Gesamtbetrag");
                yield "Zahlung bestaetigt (Bestellung #" + orderNumber + ") - 3D-Fab";
            }
            case "fr" -> {
                templateData.put("emailTitle", "Paiement confirme");
                templateData.put("headlineText", "Paiement confirme pour la commande #" + orderNumber);
                templateData.put("greetingText", "Bonjour " + templateData.get("customerName") + ",");
                templateData.put("introText", "Votre paiement est confirme et la commande est passe en production.");
                templateData.put("statusText", "Statut actuel: En production.");
                templateData.put("attachmentHintText", "La facture payee en PDF est jointe a cet email.");
                templateData.put("orderDetailsCtaText", "Voir le statut de la commande");
                templateData.put("supportText", "Nous vous informerons a nouveau des que l'expedition sera prete.");
                templateData.put("footerText", "Message automatique de 3D-Fab.");
                templateData.put("labelOrderNumber", "Numero de commande");
                templateData.put("labelTotal", "Total");
                yield "Paiement confirme (Commande #" + orderNumber + ") - 3D-Fab";
            }
            default -> {
                templateData.put("emailTitle", "Pagamento confermato");
                templateData.put("headlineText", "Pagamento confermato per ordine #" + orderNumber);
                templateData.put("greetingText", "Ciao " + templateData.get("customerName") + ",");
                templateData.put("introText", "Il tuo pagamento e' stato confermato e l'ordine e' entrato in produzione.");
                templateData.put("statusText", "Stato attuale: in produzione.");
                templateData.put("attachmentHintText", "In allegato trovi la fattura saldata in PDF.");
                templateData.put("orderDetailsCtaText", "Visualizza stato ordine");
                templateData.put("supportText", "Ti aggiorneremo di nuovo quando la spedizione sara' pronta.");
                templateData.put("footerText", "Messaggio automatico di 3D-Fab.");
                templateData.put("labelOrderNumber", "Numero ordine");
                templateData.put("labelTotal", "Totale");
                yield "Pagamento confermato (Ordine #" + orderNumber + ") - 3D-Fab";
            }
        };
    }
    private String getDisplayOrderNumber(Order order) {
@@ -389,108 +90,8 @@ public class OrderEmailListener {
        return order.getId() != null ? order.getId().toString() : "unknown";
    }
-    private String buildOrderDetailsUrl(Order order, String language) {
+    private String buildOrderDetailsUrl(Order order) {
        String baseUrl = frontendBaseUrl == null ? "" : frontendBaseUrl.replaceAll("/+$", "");
-        return baseUrl + "/" + language + "/co/" + order.getId();
+        return baseUrl + "/ordine/" + order.getId();
    }
    private String buildConfirmationAttachmentName(String language, String orderNumber) {
        return switch (language) {
            case "en" -> "Order-Confirmation-" + orderNumber + ".pdf";
            case "de" -> "Bestellbestaetigung-" + orderNumber + ".pdf";
            case "fr" -> "Confirmation-Commande-" + orderNumber + ".pdf";
            default -> "Conferma-Ordine-" + orderNumber + ".pdf";
        };
    }
    private String buildPaidInvoiceAttachmentName(String language, String orderNumber) {
        return switch (language) {
            case "en" -> "Paid-Invoice-" + orderNumber + ".pdf";
            case "de" -> "Bezahlte-Rechnung-" + orderNumber + ".pdf";
            case "fr" -> "Facture-Payee-" + orderNumber + ".pdf";
            default -> "Fattura-Pagata-" + orderNumber + ".pdf";
        };
    }
    private byte[] loadOrGenerateConfirmationPdf(Order order) {
        byte[] stored = loadStoredConfirmationPdf(order);
        if (stored != null) {
            return stored;
        }
        try {
            List<OrderItem> items = orderItemRepository.findByOrder_Id(order.getId());
            return invoicePdfRenderingService.generateDocumentPdf(order, items, true, qrBillService, null);
        } catch (Exception e) {
            log.error("Failed to generate fallback confirmation PDF for order id: {}", order.getId(), e);
            return null;
        }
    }
    private byte[] loadStoredConfirmationPdf(Order order) {
        String relativePath = buildConfirmationPdfRelativePath(order);
        try {
            return storageService.loadAsResource(Paths.get(relativePath)).getInputStream().readAllBytes();
        } catch (Exception e) {
            log.warn("Confirmation PDF not found for order id {} at {}", order.getId(), relativePath);
            return null;
        }
    }
    private String buildConfirmationPdfRelativePath(Order order) {
        return "orders/" + order.getId() + "/documents/confirmation-" + getDisplayOrderNumber(order) + ".pdf";
    }
    private String buildCustomerFirstName(Order order, String language) {
        if (order.getCustomer() != null && order.getCustomer().getFirstName() != null && !order.getCustomer().getFirstName().isBlank()) {
            return order.getCustomer().getFirstName();
        }
        if (order.getBillingFirstName() != null && !order.getBillingFirstName().isBlank()) {
            return order.getBillingFirstName();
        }
        return switch (language) {
            case "en" -> "Customer";
            case "de" -> "Kunde";
            case "fr" -> "Client";
            default -> "Cliente";
        };
    }
    private String buildCustomerFullName(Order order) {
        String firstName = order.getCustomer() != null ? order.getCustomer().getFirstName() : null;
        String lastName = order.getCustomer() != null ? order.getCustomer().getLastName() : null;
        if (firstName != null && !firstName.isBlank() && lastName != null && !lastName.isBlank()) {
            return firstName + " " + lastName;
        }
        if (order.getBillingFirstName() != null && !order.getBillingFirstName().isBlank()
                && order.getBillingLastName() != null && !order.getBillingLastName().isBlank()) {
            return order.getBillingFirstName() + " " + order.getBillingLastName();
        }
        return "Cliente";
    }
    private Locale localeForLanguage(String language) {
        return switch (language) {
            case "en" -> Locale.ENGLISH;
            case "de" -> Locale.GERMAN;
            case "fr" -> Locale.FRENCH;
            default -> Locale.ITALIAN;
        };
    }
    private String resolveLanguage(String language) {
        if (language == null || language.isBlank()) {
            return DEFAULT_LANGUAGE;
        }
        String normalized = language.trim().toLowerCase(Locale.ROOT);
        if (normalized.length() > 2) {
            normalized = normalized.substring(0, 2);
        }
        return switch (normalized) {
            case "it", "en", "de", "fr" -> normalized;
            default -> DEFAULT_LANGUAGE;
        };
    }
 }
--- a/backend/src/main/java/com/printcalculator/exception/GlobalExceptionHandler.java
+++ b/backend/src/main/java/com/printcalculator/exception/GlobalExceptionHandler.java
@@ -2,16 +2,12 @@ package com.printcalculator.exception;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.validation.FieldError;
 import org.springframework.web.bind.MethodArgumentNotValidException;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.context.request.WebRequest;
 import java.time.LocalDateTime;
 import java.util.ArrayList;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
@ControllerAdvice
@@ -28,34 +24,4 @@ public class GlobalExceptionHandler {
        return new ResponseEntity<>(body, HttpStatus.BAD_REQUEST);
    }
    @ExceptionHandler(MethodArgumentNotValidException.class)
    public ResponseEntity<Object> handleValidationException(
            MethodArgumentNotValidException ex, WebRequest request) {
        List<String> details = new ArrayList<>();
        for (FieldError fieldError : ex.getBindingResult().getFieldErrors()) {
            details.add(fieldError.getField() + ": " + fieldError.getDefaultMessage());
        }
        Map<String, Object> body = new LinkedHashMap<>();
        body.put("timestamp", LocalDateTime.now());
        body.put("message", "Dati non validi.");
        body.put("error", "Validation Error");
        body.put("details", details);
        return new ResponseEntity<>(body, HttpStatus.BAD_REQUEST);
    }
    @ExceptionHandler(IllegalArgumentException.class)
    public ResponseEntity<Object> handleIllegalArgumentException(
            IllegalArgumentException ex, WebRequest request) {
        Map<String, Object> body = new LinkedHashMap<>();
        body.put("timestamp", LocalDateTime.now());
        body.put("message", ex.getMessage());
        body.put("error", "Bad Request");
        return new ResponseEntity<>(body, HttpStatus.BAD_REQUEST);
    }
 }
--- a/backend/src/main/java/com/printcalculator/model/ModelDimensions.java
+++ b/backend/src/main/java/com/printcalculator/model/ModelDimensions.java
@@ -1,7 +0,0 @@
 package com.printcalculator.model;
 public record ModelDimensions(
        double xMm,
        double yMm,
        double zMm
 ) {}
--- a/backend/src/main/java/com/printcalculator/model/QuoteResult.java
+++ b/backend/src/main/java/com/printcalculator/model/QuoteResult.java
@@ -4,10 +4,13 @@ public class QuoteResult {
    private double totalPrice;
    private String currency;
    private PrintStats stats;
-    public QuoteResult(double totalPrice, String currency, PrintStats stats) {
+    private double setupCost;
    public QuoteResult(double totalPrice, String currency, PrintStats stats, double setupCost) {
        this.totalPrice = totalPrice;
        this.currency = currency;
        this.stats = stats;
        this.setupCost = setupCost;
    }
    public double getTotalPrice() {
@@ -21,4 +24,8 @@ public class QuoteResult {
    public PrintStats getStats() {
        return stats;
    }
    public double getSetupCost() {
        return setupCost;
    }
 }
--- a/backend/src/main/java/com/printcalculator/repository/CustomQuoteRequestAttachmentRepository.java
+++ b/backend/src/main/java/com/printcalculator/repository/CustomQuoteRequestAttachmentRepository.java
@@ -3,9 +3,7 @@ package com.printcalculator.repository;
 import com.printcalculator.entity.CustomQuoteRequestAttachment;
 import org.springframework.data.jpa.repository.JpaRepository;
 import java.util.List;
 import java.util.UUID;
 public interface CustomQuoteRequestAttachmentRepository extends JpaRepository<CustomQuoteRequestAttachment, UUID> {
-    List<CustomQuoteRequestAttachment> findByRequest_IdOrderByCreatedAtAsc(UUID requestId);
+}
 }
--- a/backend/src/main/java/com/printcalculator/repository/FilamentVariantOrcaOverrideRepository.java
+++ b/backend/src/main/java/com/printcalculator/repository/FilamentVariantOrcaOverrideRepository.java
@@ -1,15 +0,0 @@
 package com.printcalculator.repository;
 import com.printcalculator.entity.FilamentVariant;
 import com.printcalculator.entity.FilamentVariantOrcaOverride;
 import com.printcalculator.entity.PrinterMachineProfile;
 import org.springframework.data.jpa.repository.JpaRepository;
 import java.util.Optional;
 public interface FilamentVariantOrcaOverrideRepository extends JpaRepository<FilamentVariantOrcaOverride, Long> {
    Optional<FilamentVariantOrcaOverride> findByFilamentVariantAndPrinterMachineProfileAndIsActiveTrue(
            FilamentVariant filamentVariant,
            PrinterMachineProfile printerMachineProfile
    );
 }
--- a/backend/src/main/java/com/printcalculator/repository/FilamentVariantRepository.java
+++ b/backend/src/main/java/com/printcalculator/repository/FilamentVariantRepository.java
@@ -2,18 +2,12 @@ package com.printcalculator.repository;
 import com.printcalculator.entity.FilamentVariant;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.EntityGraph;
 import com.printcalculator.entity.FilamentMaterialType;
 import java.util.List;
 import java.util.Optional;
 public interface FilamentVariantRepository extends JpaRepository<FilamentVariant, Long> {
    @EntityGraph(attributePaths = {"filamentMaterialType"})
    List<FilamentVariant> findByIsActiveTrue();
    // We try to match by color name if possible, or get first active
    Optional<FilamentVariant> findByFilamentMaterialTypeAndColorName(FilamentMaterialType type, String colorName);
    Optional<FilamentVariant> findByFilamentMaterialTypeAndVariantDisplayName(FilamentMaterialType type, String variantDisplayName);
    Optional<FilamentVariant> findFirstByFilamentMaterialTypeAndIsActiveTrue(FilamentMaterialType type);
-}
+}
--- a/backend/src/main/java/com/printcalculator/repository/MaterialOrcaProfileMapRepository.java
+++ b/backend/src/main/java/com/printcalculator/repository/MaterialOrcaProfileMapRepository.java
@@ -1,20 +0,0 @@
 package com.printcalculator.repository;
 import com.printcalculator.entity.FilamentMaterialType;
 import com.printcalculator.entity.MaterialOrcaProfileMap;
 import com.printcalculator.entity.PrinterMachineProfile;
 import org.springframework.data.jpa.repository.EntityGraph;
 import org.springframework.data.jpa.repository.JpaRepository;
 import java.util.List;
 import java.util.Optional;
 public interface MaterialOrcaProfileMapRepository extends JpaRepository<MaterialOrcaProfileMap, Long> {
    Optional<MaterialOrcaProfileMap> findByPrinterMachineProfileAndFilamentMaterialTypeAndIsActiveTrue(
            PrinterMachineProfile printerMachineProfile,
            FilamentMaterialType filamentMaterialType
    );
    @EntityGraph(attributePaths = {"filamentMaterialType"})
    List<MaterialOrcaProfileMap> findByPrinterMachineProfileAndIsActiveTrue(PrinterMachineProfile printerMachineProfile);
 }
--- a/backend/src/main/java/com/printcalculator/repository/OrderItemRepository.java
+++ b/backend/src/main/java/com/printcalculator/repository/OrderItemRepository.java
@@ -8,5 +8,4 @@ import java.util.UUID;
 public interface OrderItemRepository extends JpaRepository<OrderItem, UUID> {
    List<OrderItem> findByOrder_Id(UUID orderId);
-    boolean existsByFilamentVariant_Id(Long filamentVariantId);
+}
 }
--- a/backend/src/main/java/com/printcalculator/repository/OrderRepository.java
+++ b/backend/src/main/java/com/printcalculator/repository/OrderRepository.java
@@ -3,11 +3,7 @@ package com.printcalculator.repository;
 import com.printcalculator.entity.Order;
 import org.springframework.data.jpa.repository.JpaRepository;
 import java.util.List;
 import java.util.UUID;
 public interface OrderRepository extends JpaRepository<Order, UUID> {
-    List<Order> findAllByOrderByCreatedAtDesc();
+}
    boolean existsBySourceQuoteSession_Id(UUID sourceQuoteSessionId);
 }
--- a/backend/src/main/java/com/printcalculator/repository/PaymentRepository.java
+++ b/backend/src/main/java/com/printcalculator/repository/PaymentRepository.java
@@ -3,9 +3,7 @@ package com.printcalculator.repository;
 import com.printcalculator.entity.Payment;
 import org.springframework.data.jpa.repository.JpaRepository;
 import java.util.Optional;
 import java.util.UUID;
 public interface PaymentRepository extends JpaRepository<Payment, UUID> {
    Optional<Payment> findByOrder_Id(UUID orderId);
 }
--- a/backend/src/main/java/com/printcalculator/repository/PrinterMachineProfileRepository.java
+++ b/backend/src/main/java/com/printcalculator/repository/PrinterMachineProfileRepository.java
@@ -1,15 +0,0 @@
 package com.printcalculator.repository;
 import com.printcalculator.entity.PrinterMachine;
 import com.printcalculator.entity.PrinterMachineProfile;
 import org.springframework.data.jpa.repository.JpaRepository;
 import java.math.BigDecimal;
 import java.util.List;
 import java.util.Optional;
 public interface PrinterMachineProfileRepository extends JpaRepository<PrinterMachineProfile, Long> {
    Optional<PrinterMachineProfile> findByPrinterMachineAndNozzleDiameterMmAndIsActiveTrue(PrinterMachine printerMachine, BigDecimal nozzleDiameterMm);
    Optional<PrinterMachineProfile> findFirstByPrinterMachineAndIsDefaultTrueAndIsActiveTrue(PrinterMachine printerMachine);
    List<PrinterMachineProfile> findByPrinterMachineAndIsActiveTrue(PrinterMachine printerMachine);
 }
--- a/backend/src/main/java/com/printcalculator/repository/QuoteLineItemRepository.java
+++ b/backend/src/main/java/com/printcalculator/repository/QuoteLineItemRepository.java
@@ -8,5 +8,4 @@ import java.util.UUID;
 public interface QuoteLineItemRepository extends JpaRepository<QuoteLineItem, UUID> {
    List<QuoteLineItem> findByQuoteSessionId(UUID quoteSessionId);
-    boolean existsByFilamentVariant_Id(Long filamentVariantId);
+}
 }
--- a/backend/src/main/java/com/printcalculator/security/AdminLoginThrottleService.java
+++ b/backend/src/main/java/com/printcalculator/security/AdminLoginThrottleService.java
@@ -1,101 +0,0 @@
 package com.printcalculator.security;
 import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 import java.time.Instant;
 import java.util.OptionalLong;
 import java.util.concurrent.ConcurrentHashMap;
@Service
 public class AdminLoginThrottleService {
    private static final long BASE_DELAY_SECONDS = 2L;
    private static final long MAX_DELAY_SECONDS = 3601L;
    private final ConcurrentHashMap<String, LoginAttemptState> attemptsByClient = new ConcurrentHashMap<>();
    private final boolean trustProxyHeaders;
    public AdminLoginThrottleService(
            @Value("${admin.auth.trust-proxy-headers:false}") boolean trustProxyHeaders
    ) {
        this.trustProxyHeaders = trustProxyHeaders;
    }
    public OptionalLong getRemainingLockSeconds(String clientKey) {
        LoginAttemptState state = attemptsByClient.get(clientKey);
        if (state == null) {
            return OptionalLong.empty();
        }
        long now = Instant.now().getEpochSecond();
        long remaining = state.blockedUntilEpochSeconds - now;
        if (remaining <= 0) {
            attemptsByClient.remove(clientKey, state);
            return OptionalLong.empty();
        }
        return OptionalLong.of(remaining);
    }
    public long registerFailure(String clientKey) {
        long now = Instant.now().getEpochSecond();
        LoginAttemptState state = attemptsByClient.compute(clientKey, (key, current) -> {
            int nextFailures = current == null ? 1 : current.failures + 1;
            long delay = calculateDelaySeconds(nextFailures);
            return new LoginAttemptState(nextFailures, now + delay);
        });
        return calculateDelaySeconds(state.failures);
    }
    public void reset(String clientKey) {
        attemptsByClient.remove(clientKey);
    }
    public String resolveClientKey(HttpServletRequest request) {
        if (trustProxyHeaders) {
            String forwardedFor = request.getHeader("X-Forwarded-For");
            if (forwardedFor != null && !forwardedFor.isBlank()) {
                String[] parts = forwardedFor.split(",");
                if (parts.length > 0 && !parts[0].trim().isEmpty()) {
                    return parts[0].trim();
                }
            }
            String realIp = request.getHeader("X-Real-IP");
            if (realIp != null && !realIp.isBlank()) {
                return realIp.trim();
            }
        }
        String remoteAddress = request.getRemoteAddr();
        if (remoteAddress != null && !remoteAddress.isBlank()) {
            return remoteAddress.trim();
        }
        return "unknown";
    }
    private long calculateDelaySeconds(int failures) {
        long delay = BASE_DELAY_SECONDS;
        for (int i = 1; i < failures; i++) {
            if (delay >= MAX_DELAY_SECONDS) {
                return MAX_DELAY_SECONDS;
            }
            delay *= 2;
        }
        return Math.min(delay, MAX_DELAY_SECONDS);
    }
    private static class LoginAttemptState {
        private final int failures;
        private final long blockedUntilEpochSeconds;
        private LoginAttemptState(int failures, long blockedUntilEpochSeconds) {
            this.failures = failures;
            this.blockedUntilEpochSeconds = blockedUntilEpochSeconds;
        }
    }
 }
--- a/backend/src/main/java/com/printcalculator/security/AdminSessionAuthenticationFilter.java
+++ b/backend/src/main/java/com/printcalculator/security/AdminSessionAuthenticationFilter.java
@@ -1,71 +0,0 @@
 package com.printcalculator.security;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.http.MediaType;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
 import org.springframework.web.filter.OncePerRequestFilter;
 import java.io.IOException;
 import java.util.Collections;
 import java.util.Optional;
@Component
 public class AdminSessionAuthenticationFilter extends OncePerRequestFilter {
    private final AdminSessionService adminSessionService;
    public AdminSessionAuthenticationFilter(AdminSessionService adminSessionService) {
        this.adminSessionService = adminSessionService;
    }
    @Override
    protected boolean shouldNotFilter(HttpServletRequest request) {
        String path = resolvePath(request);
        if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
            return true;
        }
        if (!path.startsWith("/api/admin/")) {
            return true;
        }
        return "/api/admin/auth/login".equals(path);
    }
    @Override
    protected void doFilterInternal(
            HttpServletRequest request,
            HttpServletResponse response,
            FilterChain filterChain
    ) throws ServletException, IOException {
        Optional<String> token = adminSessionService.extractTokenFromCookies(request);
        Optional<AdminSessionService.AdminSessionPayload> payload = token.flatMap(adminSessionService::validateSessionToken);
        if (payload.isEmpty()) {
            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
            response.setContentType(MediaType.APPLICATION_JSON_VALUE);
            response.getWriter().write("{\"error\":\"UNAUTHORIZED\"}");
            return;
        }
        UsernamePasswordAuthenticationToken authentication = UsernamePasswordAuthenticationToken.authenticated(
                "admin",
                null,
                Collections.emptyList()
        );
        SecurityContextHolder.getContext().setAuthentication(authentication);
        filterChain.doFilter(request, response);
    }
    private String resolvePath(HttpServletRequest request) {
        String path = request.getRequestURI();
        String contextPath = request.getContextPath();
        if (contextPath != null && !contextPath.isEmpty() && path.startsWith(contextPath)) {
            return path.substring(contextPath.length());
        }
        return path;
    }
 }
--- a/backend/src/main/java/com/printcalculator/security/AdminSessionService.java
+++ b/backend/src/main/java/com/printcalculator/security/AdminSessionService.java
@@ -1,203 +0,0 @@
 package com.printcalculator.security;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.ResponseCookie;
 import org.springframework.stereotype.Service;
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
 import java.time.Duration;
 import java.time.Instant;
 import java.util.Base64;
 import java.util.Optional;
 import java.util.UUID;
@Service
 public class AdminSessionService {
    public static final String COOKIE_NAME = "admin_session";
    private static final String COOKIE_PATH = "/api/admin";
    private static final String HMAC_ALGORITHM = "HmacSHA256";
    private final ObjectMapper objectMapper;
    private final String adminPassword;
    private final byte[] sessionSecret;
    private final long sessionTtlMinutes;
    public AdminSessionService(
            ObjectMapper objectMapper,
            @Value("${admin.password}") String adminPassword,
            @Value("${admin.session.secret}") String sessionSecret,
            @Value("${admin.session.ttl-minutes}") long sessionTtlMinutes
    ) {
        this.objectMapper = objectMapper;
        this.adminPassword = adminPassword;
        this.sessionSecret = sessionSecret.getBytes(StandardCharsets.UTF_8);
        this.sessionTtlMinutes = sessionTtlMinutes;
        validateConfiguration(adminPassword, sessionSecret, sessionTtlMinutes);
    }
    public boolean isPasswordValid(String candidatePassword) {
        if (candidatePassword == null) {
            return false;
        }
        return MessageDigest.isEqual(
                adminPassword.getBytes(StandardCharsets.UTF_8),
                candidatePassword.getBytes(StandardCharsets.UTF_8)
        );
    }
    public String createSessionToken() {
        Instant now = Instant.now();
        AdminSessionPayload payload = new AdminSessionPayload(
                now.getEpochSecond(),
                now.plus(Duration.ofMinutes(sessionTtlMinutes)).getEpochSecond(),
                UUID.randomUUID().toString()
        );
        try {
            String payloadJson = objectMapper.writeValueAsString(payload);
            String encodedPayload = base64UrlEncode(payloadJson.getBytes(StandardCharsets.UTF_8));
            String signature = base64UrlEncode(sign(encodedPayload));
            return encodedPayload + "." + signature;
        } catch (JsonProcessingException e) {
            throw new IllegalStateException("Cannot create admin session token", e);
        }
    }
    public Optional<AdminSessionPayload> validateSessionToken(String token) {
        if (token == null || token.isBlank()) {
            return Optional.empty();
        }
        String[] parts = token.split("\\.");
        if (parts.length != 2) {
            return Optional.empty();
        }
        String encodedPayload = parts[0];
        String encodedSignature = parts[1];
        byte[] providedSignature;
        try {
            providedSignature = base64UrlDecode(encodedSignature);
        } catch (IllegalArgumentException e) {
            return Optional.empty();
        }
        byte[] expectedSignature = sign(encodedPayload);
        if (!MessageDigest.isEqual(expectedSignature, providedSignature)) {
            return Optional.empty();
        }
        try {
            byte[] decodedPayload = base64UrlDecode(encodedPayload);
            AdminSessionPayload payload = objectMapper.readValue(decodedPayload, AdminSessionPayload.class);
            if (payload.exp <= Instant.now().getEpochSecond()) {
                return Optional.empty();
            }
            return Optional.of(payload);
        } catch (IllegalArgumentException | IOException e) {
            return Optional.empty();
        }
    }
    public Optional<String> extractTokenFromCookies(HttpServletRequest request) {
        Cookie[] cookies = request.getCookies();
        if (cookies == null || cookies.length == 0) {
            return Optional.empty();
        }
        for (Cookie cookie : cookies) {
            if (COOKIE_NAME.equals(cookie.getName())) {
                return Optional.ofNullable(cookie.getValue());
            }
        }
        return Optional.empty();
    }
    public ResponseCookie buildLoginCookie(String token) {
        return ResponseCookie.from(COOKIE_NAME, token)
                .path(COOKIE_PATH)
                .httpOnly(true)
                .secure(true)
                .sameSite("Strict")
                .maxAge(Duration.ofMinutes(sessionTtlMinutes))
                .build();
    }
    public ResponseCookie buildLogoutCookie() {
        return ResponseCookie.from(COOKIE_NAME, "")
                .path(COOKIE_PATH)
                .httpOnly(true)
                .secure(true)
                .sameSite("Strict")
                .maxAge(Duration.ZERO)
                .build();
    }
    public long getSessionTtlMinutes() {
        return sessionTtlMinutes;
    }
    private byte[] sign(String encodedPayload) {
        try {
            Mac mac = Mac.getInstance(HMAC_ALGORITHM);
            mac.init(new SecretKeySpec(sessionSecret, HMAC_ALGORITHM));
            return mac.doFinal(encodedPayload.getBytes(StandardCharsets.UTF_8));
        } catch (Exception e) {
            throw new IllegalStateException("Cannot sign admin session token", e);
        }
    }
    private String base64UrlEncode(byte[] data) {
        return Base64.getUrlEncoder().withoutPadding().encodeToString(data);
    }
    private byte[] base64UrlDecode(String data) {
        return Base64.getUrlDecoder().decode(data);
    }
    private void validateConfiguration(String password, String secret, long ttlMinutes) {
        if (password == null || password.isBlank()) {
            throw new IllegalStateException("ADMIN_PASSWORD must be configured and non-empty");
        }
        if (secret == null || secret.isBlank()) {
            throw new IllegalStateException("ADMIN_SESSION_SECRET must be configured and non-empty");
        }
        if (secret.length() < 32) {
            throw new IllegalStateException("ADMIN_SESSION_SECRET must be at least 32 characters long");
        }
        if (ttlMinutes <= 0) {
            throw new IllegalStateException("ADMIN_SESSION_TTL_MINUTES must be > 0");
        }
    }
    public static class AdminSessionPayload {
        @JsonProperty("iat")
        public long iat;
        @JsonProperty("exp")
        public long exp;
        @JsonProperty("nonce")
        public String nonce;
        public AdminSessionPayload() {
        }
        public AdminSessionPayload(long iat, long exp, String nonce) {
            this.iat = iat;
            this.exp = exp;
            this.nonce = nonce;
        }
    }
 }
--- a/backend/src/main/java/com/printcalculator/service/FileSystemStorageService.java
+++ b/backend/src/main/java/com/printcalculator/service/FileSystemStorageService.java
@@ -21,12 +21,10 @@ import java.nio.file.StandardCopyOption;
 public class FileSystemStorageService implements StorageService {
    private final Path rootLocation;
    private final Path normalizedRootLocation;
    private final ClamAVService clamAVService;
    public FileSystemStorageService(@Value("${storage.location:storage_orders}") String storageLocation, ClamAVService clamAVService) {
        this.rootLocation = Paths.get(storageLocation);
        this.normalizedRootLocation = this.rootLocation.toAbsolutePath().normalize();
        this.clamAVService = clamAVService;
    }
@@ -41,7 +39,10 @@ public class FileSystemStorageService implements StorageService {
    @Override
    public void store(MultipartFile file, Path destinationRelativePath) throws IOException {
-        Path destinationFile = resolveInsideStorage(destinationRelativePath);
+        Path destinationFile = this.rootLocation.resolve(destinationRelativePath).normalize().toAbsolutePath();
        if (!destinationFile.getParent().startsWith(this.rootLocation.toAbsolutePath())) {
            throw new StorageException("Cannot store file outside current directory.");
        }
        // 1. Salva prima il file su disco per evitare problemi di stream con file grandi
        Files.createDirectories(destinationFile.getParent());
@@ -62,46 +63,32 @@ public class FileSystemStorageService implements StorageService {
    @Override
    public void store(Path source, Path destinationRelativePath) throws IOException {
-        Path destinationFile = resolveInsideStorage(destinationRelativePath);
+        Path destinationFile = this.rootLocation.resolve(destinationRelativePath).normalize().toAbsolutePath();
        if (!destinationFile.getParent().startsWith(this.rootLocation.toAbsolutePath())) {
             throw new StorageException("Cannot store file outside current directory.");
        }
        Files.createDirectories(destinationFile.getParent());
        Files.copy(source, destinationFile, StandardCopyOption.REPLACE_EXISTING);
    }
    @Override
    public void delete(Path path) throws IOException {
-        Path file = resolveInsideStorage(path);
+        Path file = rootLocation.resolve(path);
        Files.deleteIfExists(file);
    }
    @Override
    public Resource loadAsResource(Path path) throws IOException {
        try {
-            Path file = resolveInsideStorage(path);
+            Path file = rootLocation.resolve(path);
            Resource resource = new UrlResource(file.toUri());
            if (resource.exists() || resource.isReadable()) {
                return resource;
            } else {
-                throw new StorageException("Could not read file: " + path);
+                throw new RuntimeException("Could not read file: " + path);
            }
        } catch (MalformedURLException e) {
-            throw new StorageException("Could not read file: " + path, e);
+            throw new RuntimeException("Could not read file: " + path, e);
        }
    }
    private Path resolveInsideStorage(Path relativePath) {
        if (relativePath == null) {
            throw new StorageException("Path is required.");
        }
        Path normalizedRelative = relativePath.normalize();
        if (normalizedRelative.isAbsolute()) {
            throw new StorageException("Cannot access absolute paths.");
        }
        Path resolved = normalizedRootLocation.resolve(normalizedRelative).normalize();
        if (!resolved.startsWith(normalizedRootLocation)) {
            throw new StorageException("Cannot access files outside storage root.");
        }
        return resolved;
    }
 }
--- a/backend/src/main/java/com/printcalculator/service/InvoicePdfRenderingService.java
+++ b/backend/src/main/java/com/printcalculator/service/InvoicePdfRenderingService.java
@@ -8,17 +8,10 @@ import org.thymeleaf.TemplateEngine;
 import org.thymeleaf.context.Context;
 import java.io.ByteArrayOutputStream;
-import java.util.stream.Collectors;
+import java.io.IOException;
 import java.time.format.DateTimeFormatter;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
 import com.printcalculator.entity.Order;
 import com.printcalculator.entity.OrderItem;
 import com.printcalculator.entity.Payment;
@Service
 public class InvoicePdfRenderingService {
@@ -52,92 +45,4 @@ public class InvoicePdfRenderingService {
            throw new IllegalStateException("PDF invoice generation failed", pdfGenerationException);
        }
    }
    public byte[] generateDocumentPdf(Order order, List<OrderItem> items, boolean isConfirmation, QrBillService qrBillService, Payment payment) {
        Map<String, Object> vars = new HashMap<>();
        vars.put("isConfirmation", isConfirmation);
        vars.put("sellerDisplayName", "3D Fab Küng Caletti");
        vars.put("sellerAddressLine1", "Joe Küng e Matteo Caletti");
        vars.put("sellerAddressLine2", "Sede Bienne, Svizzera");
        vars.put("sellerEmail", "info@3dfab.ch");
        String displayOrderNumber = order.getOrderNumber() != null && !order.getOrderNumber().isBlank() 
            ? order.getOrderNumber() 
            : order.getId().toString();
        vars.put("invoiceNumber", "INV-" + displayOrderNumber.toUpperCase());
        vars.put("invoiceDate", order.getCreatedAt().format(DateTimeFormatter.ISO_LOCAL_DATE));
        vars.put("dueDate", order.getCreatedAt().plusDays(7).format(DateTimeFormatter.ISO_LOCAL_DATE));
        String buyerName = order.getBillingCustomerType().equals("BUSINESS") 
            ? order.getBillingCompanyName() 
            : order.getBillingFirstName() + " " + order.getBillingLastName();
        vars.put("buyerDisplayName", buyerName);
        vars.put("buyerAddressLine1", order.getBillingAddressLine1());
        vars.put("buyerAddressLine2", order.getBillingZip() + " " + order.getBillingCity() + ", " + order.getBillingCountryCode());
        // Setup Shipping Info
        if (order.getShippingAddressLine1() != null && !order.getShippingAddressLine1().isBlank()) {
            String shippingName = order.getShippingCompanyName() != null && !order.getShippingCompanyName().isBlank()
                ? order.getShippingCompanyName()
                : order.getShippingFirstName() + " " + order.getShippingLastName();
            vars.put("shippingDisplayName", shippingName);
            vars.put("shippingAddressLine1", order.getShippingAddressLine1());
            vars.put("shippingAddressLine2", order.getShippingZip() + " " + order.getShippingCity() + ", " + order.getShippingCountryCode());
        }
        List<Map<String, Object>> invoiceLineItems = items.stream().map(i -> {
            Map<String, Object> line = new HashMap<>();
            line.put("description", "Stampa 3D: " + i.getOriginalFilename());
            line.put("quantity", i.getQuantity());
            line.put("unitPriceFormatted", String.format("CHF %.2f", i.getUnitPriceChf()));
            line.put("lineTotalFormatted", String.format("CHF %.2f", i.getLineTotalChf()));
            return line;
        }).collect(Collectors.toList());
        Map<String, Object> setupLine = new HashMap<>();
        setupLine.put("description", "Costo Setup");
        setupLine.put("quantity", 1);
        setupLine.put("unitPriceFormatted", String.format("CHF %.2f", order.getSetupCostChf()));
        setupLine.put("lineTotalFormatted", String.format("CHF %.2f", order.getSetupCostChf()));
        invoiceLineItems.add(setupLine);
        Map<String, Object> shippingLine = new HashMap<>();
        shippingLine.put("description", "Spedizione");
        shippingLine.put("quantity", 1);
        shippingLine.put("unitPriceFormatted", String.format("CHF %.2f", order.getShippingCostChf()));
        shippingLine.put("lineTotalFormatted", String.format("CHF %.2f", order.getShippingCostChf()));
        invoiceLineItems.add(shippingLine);
        vars.put("invoiceLineItems", invoiceLineItems);
        vars.put("subtotalFormatted", String.format("CHF %.2f", order.getSubtotalChf()));
        vars.put("grandTotalFormatted", String.format("CHF %.2f", order.getTotalChf()));
        vars.put("paymentTermsText", isConfirmation ? "Pagamento entro 7 giorni via Bonifico o TWINT. Grazie." : "Pagato. Grazie per l'acquisto.");
        String paymentMethodText = "QR / Bonifico oppure TWINT";
        if (payment != null && payment.getMethod() != null) {
            paymentMethodText = switch (payment.getMethod().toUpperCase()) {
                case "TWINT" -> "TWINT";
                case "BANK_TRANSFER", "BONIFICO" -> "Bonifico Bancario";
                case "QR_BILL", "QR" -> "QR Bill";
                case "CASH" -> "Contanti";
                default -> payment.getMethod();
            };
        }
        vars.put("paymentMethodText", paymentMethodText);
        String qrBillSvg = null;
        if (isConfirmation) {
            qrBillSvg = new String(qrBillService.generateQrBillSvg(order), java.nio.charset.StandardCharsets.UTF_8);
            if (qrBillSvg.contains("<?xml")) {
                int svgStartIndex = qrBillSvg.indexOf("<svg");
                if (svgStartIndex != -1) {
                    qrBillSvg = qrBillSvg.substring(svgStartIndex);
                }
            }
        }
        return generateInvoicePdfBytesFromTemplate(vars, qrBillSvg);
    }
 }
--- a/backend/src/main/java/com/printcalculator/service/OrcaProfileResolver.java
+++ b/backend/src/main/java/com/printcalculator/service/OrcaProfileResolver.java
@@ -1,152 +0,0 @@
 package com.printcalculator.service;
 import com.printcalculator.entity.FilamentMaterialType;
 import com.printcalculator.entity.FilamentVariant;
 import com.printcalculator.entity.FilamentVariantOrcaOverride;
 import com.printcalculator.entity.MaterialOrcaProfileMap;
 import com.printcalculator.entity.PrinterMachine;
 import com.printcalculator.entity.PrinterMachineProfile;
 import com.printcalculator.repository.FilamentVariantOrcaOverrideRepository;
 import com.printcalculator.repository.MaterialOrcaProfileMapRepository;
 import com.printcalculator.repository.PrinterMachineProfileRepository;
 import org.springframework.stereotype.Service;
 import java.math.BigDecimal;
 import java.math.RoundingMode;
 import java.util.Optional;
@Service
 public class OrcaProfileResolver {
    private final PrinterMachineProfileRepository machineProfileRepo;
    private final MaterialOrcaProfileMapRepository materialMapRepo;
    private final FilamentVariantOrcaOverrideRepository variantOverrideRepo;
    public OrcaProfileResolver(
            PrinterMachineProfileRepository machineProfileRepo,
            MaterialOrcaProfileMapRepository materialMapRepo,
            FilamentVariantOrcaOverrideRepository variantOverrideRepo
    ) {
        this.machineProfileRepo = machineProfileRepo;
        this.materialMapRepo = materialMapRepo;
        this.variantOverrideRepo = variantOverrideRepo;
    }
    public ResolvedProfiles resolve(PrinterMachine printerMachine, BigDecimal nozzleDiameterMm, FilamentVariant variant) {
        Optional<PrinterMachineProfile> machineProfileOpt = resolveMachineProfile(printerMachine, nozzleDiameterMm);
        String machineProfileName = machineProfileOpt
                .map(PrinterMachineProfile::getOrcaMachineProfileName)
                .orElseGet(() -> fallbackMachineProfile(printerMachine, nozzleDiameterMm));
        String filamentProfileName = machineProfileOpt
                .map(machineProfile -> resolveFilamentProfileWithMachineProfile(machineProfile, variant)
                        .orElseGet(() -> fallbackFilamentProfile(variant.getFilamentMaterialType())))
                .orElseGet(() -> fallbackFilamentProfile(variant.getFilamentMaterialType()));
        return new ResolvedProfiles(machineProfileName, filamentProfileName, machineProfileOpt.orElse(null));
    }
    public Optional<PrinterMachineProfile> resolveMachineProfile(PrinterMachine machine, BigDecimal nozzleDiameterMm) {
        if (machine == null) {
            return Optional.empty();
        }
        BigDecimal normalizedNozzle = normalizeNozzle(nozzleDiameterMm);
        if (normalizedNozzle != null) {
            Optional<PrinterMachineProfile> exact = machineProfileRepo
                    .findByPrinterMachineAndNozzleDiameterMmAndIsActiveTrue(machine, normalizedNozzle);
            if (exact.isPresent()) {
                return exact;
            }
        }
        Optional<PrinterMachineProfile> defaultProfile = machineProfileRepo
                .findFirstByPrinterMachineAndIsDefaultTrueAndIsActiveTrue(machine);
        if (defaultProfile.isPresent()) {
            return defaultProfile;
        }
        return machineProfileRepo.findByPrinterMachineAndIsActiveTrue(machine)
                .stream()
                .findFirst();
    }
    private Optional<String> resolveFilamentProfileWithMachineProfile(PrinterMachineProfile machineProfile, FilamentVariant variant) {
        if (machineProfile == null || variant == null) {
            return Optional.empty();
        }
        Optional<FilamentVariantOrcaOverride> override = variantOverrideRepo
                .findByFilamentVariantAndPrinterMachineProfileAndIsActiveTrue(variant, machineProfile);
        if (override.isPresent()) {
            return Optional.ofNullable(override.get().getOrcaFilamentProfileName());
        }
        Optional<MaterialOrcaProfileMap> map = materialMapRepo
                .findByPrinterMachineProfileAndFilamentMaterialTypeAndIsActiveTrue(
                        machineProfile,
                        variant.getFilamentMaterialType()
                );
        return map.map(MaterialOrcaProfileMap::getOrcaFilamentProfileName);
    }
    private String fallbackMachineProfile(PrinterMachine machine, BigDecimal nozzleDiameterMm) {
        if (machine == null || machine.getPrinterDisplayName() == null || machine.getPrinterDisplayName().isBlank()) {
            return "Bambu Lab A1 0.4 nozzle";
        }
        String displayName = machine.getPrinterDisplayName();
        if (displayName.toLowerCase().contains("bambulab a1") || displayName.toLowerCase().contains("bambu lab a1")) {
            String nozzleForProfile = formatNozzleForProfileName(nozzleDiameterMm);
            if (nozzleForProfile == null) {
                return "Bambu Lab A1 0.4 nozzle";
            }
            return "Bambu Lab A1 " + nozzleForProfile + " nozzle";
        }
        return displayName;
    }
    private String fallbackFilamentProfile(FilamentMaterialType materialType) {
        String materialCode = materialType != null && materialType.getMaterialCode() != null
                ? materialType.getMaterialCode().trim().toUpperCase()
                : "PLA";
        return switch (materialCode) {
            case "PLA TOUGH" -> "Bambu PLA Tough @BBL A1";
            case "PETG" -> "Generic PETG";
            case "TPU" -> "Generic TPU";
            case "PC" -> "Generic PC";
            case "ABS" -> "Generic ABS";
            default -> "Generic PLA";
        };
    }
    private BigDecimal normalizeNozzle(BigDecimal nozzleDiameterMm) {
        if (nozzleDiameterMm == null) {
            return null;
        }
        return nozzleDiameterMm.setScale(2, RoundingMode.HALF_UP);
    }
    private String formatNozzleForProfileName(BigDecimal nozzleDiameterMm) {
        BigDecimal normalizedNozzle = normalizeNozzle(nozzleDiameterMm);
        if (normalizedNozzle == null) {
            return null;
        }
        BigDecimal stripped = normalizedNozzle.stripTrailingZeros();
        if (stripped.scale() < 0) {
            stripped = stripped.setScale(0);
        }
        return stripped.toPlainString();
    }
    public record ResolvedProfiles(
            String machineProfileName,
            String filamentProfileName,
            PrinterMachineProfile machineProfile
    ) {}
 }
--- a/backend/src/main/java/com/printcalculator/service/OrderService.java
+++ b/backend/src/main/java/com/printcalculator/service/OrderService.java
@@ -1,5 +1,6 @@
 package com.printcalculator.service;
 import com.printcalculator.dto.AddressDto;
 import com.printcalculator.dto.CreateOrderRequest;
 import com.printcalculator.entity.*;
 import com.printcalculator.repository.CustomerRepository;
@@ -7,7 +8,6 @@ import com.printcalculator.repository.OrderItemRepository;
 import com.printcalculator.repository.OrderRepository;
 import com.printcalculator.repository.QuoteLineItemRepository;
 import com.printcalculator.repository.QuoteSessionRepository;
 import com.printcalculator.repository.PricingPolicyRepository;
 import com.printcalculator.event.OrderCreatedEvent;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.stereotype.Service;
@@ -15,12 +15,14 @@ import org.springframework.transaction.annotation.Transactional;
 import java.io.IOException;
 import java.math.BigDecimal;
-import java.math.RoundingMode;
+import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.time.OffsetDateTime;
 import java.time.format.DateTimeFormatter;
 import java.util.*;
 import java.util.stream.Collectors;
@Service
 public class OrderService {
@@ -34,9 +36,6 @@ public class OrderService {
    private final InvoicePdfRenderingService invoiceService;
    private final QrBillService qrBillService;
    private final ApplicationEventPublisher eventPublisher;
    private final PaymentService paymentService;
    private final QuoteCalculator quoteCalculator;
    private final PricingPolicyRepository pricingRepo;
    public OrderService(OrderRepository orderRepo,
                        OrderItemRepository orderItemRepo,
@@ -46,10 +45,7 @@ public class OrderService {
                        StorageService storageService,
                        InvoicePdfRenderingService invoiceService,
                        QrBillService qrBillService,
-                        ApplicationEventPublisher eventPublisher,
+                        ApplicationEventPublisher eventPublisher) {
                        PaymentService paymentService,
                        QuoteCalculator quoteCalculator,
                        PricingPolicyRepository pricingRepo) {
        this.orderRepo = orderRepo;
        this.orderItemRepo = orderItemRepo;
        this.quoteSessionRepo = quoteSessionRepo;
@@ -59,17 +55,10 @@ public class OrderService {
        this.invoiceService = invoiceService;
        this.qrBillService = qrBillService;
        this.eventPublisher = eventPublisher;
        this.paymentService = paymentService;
        this.quoteCalculator = quoteCalculator;
        this.pricingRepo = pricingRepo;
    }
    @Transactional
    public Order createOrderFromQuote(UUID quoteSessionId, CreateOrderRequest request) {
        if (!request.isAcceptTerms() || !request.isAcceptPrivacy()) {
            throw new IllegalArgumentException("Accettazione Termini e Privacy obbligatoria.");
        }
        QuoteSession session = quoteSessionRepo.findById(quoteSessionId)
                .orElseThrow(() -> new RuntimeException("Quote Session not found"));
@@ -89,14 +78,6 @@ public class OrderService {
        customer.setPhone(request.getCustomer().getPhone());
        customer.setCustomerType(request.getCustomer().getCustomerType());
        if (request.getBillingAddress() != null) {
            customer.setFirstName(request.getBillingAddress().getFirstName());
            customer.setLastName(request.getBillingAddress().getLastName());
            customer.setCompanyName(request.getBillingAddress().getCompanyName());
            customer.setContactPerson(request.getBillingAddress().getContactPerson());
        }
        customer.setUpdatedAt(OffsetDateTime.now());
        customerRepo.save(customer);
@@ -108,7 +89,6 @@ public class OrderService {
        order.setStatus("PENDING_PAYMENT");
        order.setCreatedAt(OffsetDateTime.now());
        order.setUpdatedAt(OffsetDateTime.now());
        order.setPreferredLanguage(normalizeLanguage(request.getLanguage()));
        order.setCurrency("CHF");
        order.setBillingCustomerType(request.getCustomer().getCustomerType());
@@ -154,80 +134,24 @@ public class OrderService {
        order.setTotalChf(BigDecimal.ZERO);
        order.setDiscountChf(BigDecimal.ZERO);
        order.setSetupCostChf(session.getSetupCostChf() != null ? session.getSetupCostChf() : BigDecimal.ZERO);
-        
+        order.setShippingCostChf(BigDecimal.valueOf(9.00));
        // Calculate shipping cost based on dimensions before initial save
        boolean exceedsBaseSize = false;
        for (QuoteLineItem item : quoteItems) {
            BigDecimal x = item.getBoundingBoxXMm() != null ? item.getBoundingBoxXMm() : BigDecimal.ZERO;
            BigDecimal y = item.getBoundingBoxYMm() != null ? item.getBoundingBoxYMm() : BigDecimal.ZERO;
            BigDecimal z = item.getBoundingBoxZMm() != null ? item.getBoundingBoxZMm() : BigDecimal.ZERO;
            BigDecimal[] dims = {x, y, z};
            java.util.Arrays.sort(dims);
            if (dims[2].compareTo(BigDecimal.valueOf(250.0)) > 0 ||
                dims[1].compareTo(BigDecimal.valueOf(176.0)) > 0 ||
                dims[0].compareTo(BigDecimal.valueOf(20.0)) > 0) {
                exceedsBaseSize = true;
                break;
            }
        }
        int totalQuantity = quoteItems.stream()
                .mapToInt(i -> i.getQuantity() != null ? i.getQuantity() : 1)
                .sum();
        if (exceedsBaseSize) {
            order.setShippingCostChf(totalQuantity > 5 ? BigDecimal.valueOf(9.00) : BigDecimal.valueOf(4.00));
        } else {
            order.setShippingCostChf(BigDecimal.valueOf(2.00));
        }
        order = orderRepo.save(order);
        List<OrderItem> savedItems = new ArrayList<>();
        // Calculate global machine cost upfront
        BigDecimal totalSeconds = BigDecimal.ZERO;
        for (QuoteLineItem qItem : quoteItems) {
            if (qItem.getPrintTimeSeconds() != null) {
                totalSeconds = totalSeconds.add(BigDecimal.valueOf(qItem.getPrintTimeSeconds()).multiply(BigDecimal.valueOf(qItem.getQuantity())));
            }
        }
        BigDecimal totalHours = totalSeconds.divide(BigDecimal.valueOf(3600), 4, RoundingMode.HALF_UP);
        PricingPolicy policy = pricingRepo.findFirstByIsActiveTrueOrderByValidFromDesc();
        BigDecimal globalMachineCost = quoteCalculator.calculateSessionMachineCost(policy, totalHours);
        for (QuoteLineItem qItem : quoteItems) {
            OrderItem oItem = new OrderItem();
            oItem.setOrder(order);
            oItem.setOriginalFilename(qItem.getOriginalFilename());
            oItem.setQuantity(qItem.getQuantity());
            oItem.setColorCode(qItem.getColorCode());
-            oItem.setFilamentVariant(qItem.getFilamentVariant());
+            oItem.setMaterialCode(session.getMaterialCode());
            if (qItem.getFilamentVariant() != null
                    && qItem.getFilamentVariant().getFilamentMaterialType() != null
                    && qItem.getFilamentVariant().getFilamentMaterialType().getMaterialCode() != null) {
                oItem.setMaterialCode(qItem.getFilamentVariant().getFilamentMaterialType().getMaterialCode());
            } else {
                oItem.setMaterialCode(session.getMaterialCode());
            }
-            BigDecimal distributedUnitPrice = qItem.getUnitPriceChf();
+            oItem.setUnitPriceChf(qItem.getUnitPriceChf());
-            if (totalSeconds.compareTo(BigDecimal.ZERO) > 0 && qItem.getPrintTimeSeconds() != null) {
+            oItem.setLineTotalChf(qItem.getUnitPriceChf().multiply(BigDecimal.valueOf(qItem.getQuantity())));
                BigDecimal itemSeconds = BigDecimal.valueOf(qItem.getPrintTimeSeconds()).multiply(BigDecimal.valueOf(qItem.getQuantity()));
                BigDecimal share = itemSeconds.divide(totalSeconds, 8, RoundingMode.HALF_UP);
                BigDecimal itemMachineCost = globalMachineCost.multiply(share);
                BigDecimal unitMachineCost = itemMachineCost.divide(BigDecimal.valueOf(qItem.getQuantity()), 2, RoundingMode.HALF_UP);
                distributedUnitPrice = distributedUnitPrice.add(unitMachineCost);
            }
            oItem.setUnitPriceChf(distributedUnitPrice);
            oItem.setLineTotalChf(distributedUnitPrice.multiply(BigDecimal.valueOf(qItem.getQuantity())));
            oItem.setPrintTimeSeconds(qItem.getPrintTimeSeconds());
            oItem.setMaterialGrams(qItem.getMaterialGrams());
            oItem.setBoundingBoxXMm(qItem.getBoundingBoxXMm());
            oItem.setBoundingBoxYMm(qItem.getBoundingBoxYMm());
            oItem.setBoundingBoxZMm(qItem.getBoundingBoxZMm());
            UUID fileUuid = UUID.randomUUID();
            String ext = getExtension(qItem.getOriginalFilename());
@@ -261,7 +185,10 @@ public class OrderService {
        }
        order.setSubtotalChf(subtotal);
-        
+        if (order.getShippingCostChf() == null) {
            order.setShippingCostChf(BigDecimal.valueOf(9.00));
        }
        BigDecimal total = subtotal.add(order.getSetupCostChf()).add(order.getShippingCostChf()).subtract(order.getDiscountChf() != null ? order.getDiscountChf() : BigDecimal.ZERO);
        order.setTotalChf(total);
@@ -271,12 +198,9 @@ public class OrderService {
        // Generate Invoice and QR Bill
        generateAndSaveDocuments(order, savedItems);
-
+        
        Order savedOrder = orderRepo.save(order);
-
+        
        // ALWAYS initialize payment as PENDING
        paymentService.getOrCreatePaymentForOrder(savedOrder, "OTHER");
        eventPublisher.publishEvent(new OrderCreatedEvent(this, savedOrder));
        return savedOrder;
@@ -284,13 +208,74 @@ public class OrderService {
    private void generateAndSaveDocuments(Order order, List<OrderItem> items) {
        try {
-            // 1. Generate and save the raw QR Bill for internal traceability.
+            // 1. Generate QR Bill
            byte[] qrBillSvgBytes = qrBillService.generateQrBillSvg(order);
-            saveFileBytes(qrBillSvgBytes, buildQrBillSvgRelativePath(order));
+            String qrBillSvg = new String(qrBillSvgBytes, StandardCharsets.UTF_8);
-            // 2. Generate and save the same confirmation PDF served by /api/orders/{id}/confirmation.
+            // Strip XML declaration and DOCTYPE if present, as they validity break the embedding HTML page
-            byte[] confirmationPdfBytes = invoiceService.generateDocumentPdf(order, items, true, qrBillService, null);
+            if (qrBillSvg.contains("<?xml")) {
-            saveFileBytes(confirmationPdfBytes, buildConfirmationPdfRelativePath(order));
+                int svgStartIndex = qrBillSvg.indexOf("<svg");
                if (svgStartIndex != -1) {
                    qrBillSvg = qrBillSvg.substring(svgStartIndex);
                }
            }
            // Save QR Bill SVG
            String qrRelativePath = "orders/" + order.getId() + "/documents/qr-bill.svg";
            saveFileBytes(qrBillSvgBytes, qrRelativePath);
            // 2. Prepare Invoice Variables
            Map<String, Object> vars = new HashMap<>();
            vars.put("sellerDisplayName", "3D Fab Switzerland");
            vars.put("sellerAddressLine1", "Sede Ticino, Svizzera");
            vars.put("sellerAddressLine2", "Sede Bienne, Svizzera");
            vars.put("sellerEmail", "info@3dfab.ch");
            vars.put("invoiceNumber", "INV-" + getDisplayOrderNumber(order).toUpperCase());
            vars.put("invoiceDate", order.getCreatedAt().format(DateTimeFormatter.ISO_LOCAL_DATE));
            vars.put("dueDate", order.getCreatedAt().plusDays(7).format(DateTimeFormatter.ISO_LOCAL_DATE));
            String buyerName = "BUSINESS".equals(order.getBillingCustomerType())
                    ? order.getBillingCompanyName()
                    : order.getBillingFirstName() + " " + order.getBillingLastName();
            vars.put("buyerDisplayName", buyerName);
            vars.put("buyerAddressLine1", order.getBillingAddressLine1());
            vars.put("buyerAddressLine2", order.getBillingZip() + " " + order.getBillingCity() + ", " + order.getBillingCountryCode());
            List<Map<String, Object>> invoiceLineItems = items.stream().map(i -> {
                Map<String, Object> line = new HashMap<>();
                line.put("description", "Stampa 3D: " + i.getOriginalFilename());
                line.put("quantity", i.getQuantity());
                line.put("unitPriceFormatted", String.format("CHF %.2f", i.getUnitPriceChf()));
                line.put("lineTotalFormatted", String.format("CHF %.2f", i.getLineTotalChf()));
                return line;
            }).collect(Collectors.toList());
            Map<String, Object> setupLine = new HashMap<>();
            setupLine.put("description", "Costo Setup");
            setupLine.put("quantity", 1);
            setupLine.put("unitPriceFormatted", String.format("CHF %.2f", order.getSetupCostChf()));
            setupLine.put("lineTotalFormatted", String.format("CHF %.2f", order.getSetupCostChf()));
            invoiceLineItems.add(setupLine);
            Map<String, Object> shippingLine = new HashMap<>();
            shippingLine.put("description", "Spedizione");
            shippingLine.put("quantity", 1);
            shippingLine.put("unitPriceFormatted", String.format("CHF %.2f", order.getShippingCostChf()));
            shippingLine.put("lineTotalFormatted", String.format("CHF %.2f", order.getShippingCostChf()));
            invoiceLineItems.add(shippingLine);
            vars.put("invoiceLineItems", invoiceLineItems);
            vars.put("subtotalFormatted", String.format("CHF %.2f", order.getSubtotalChf()));
            vars.put("grandTotalFormatted", String.format("CHF %.2f", order.getTotalChf()));
            vars.put("paymentTermsText", "Appena riceviamo il pagamento l'ordine entrerà nella coda di stampa. Grazie per la fiducia");
            // 3. Generate PDF
            byte[] pdfBytes = invoiceService.generateInvoicePdfBytesFromTemplate(vars, qrBillSvg);
            // Save PDF
            String pdfRelativePath = "orders/" + order.getId() + "/documents/invoice-" + order.getId() + ".pdf";
            saveFileBytes(pdfBytes, pdfRelativePath);
        } catch (Exception e) {
            e.printStackTrace(); 
@@ -328,28 +313,4 @@ public class OrderService {
        }
        return order.getId() != null ? order.getId().toString() : "unknown";
    }
    private String buildQrBillSvgRelativePath(Order order) {
        return "orders/" + order.getId() + "/documents/qr-bill.svg";
    }
    private String buildConfirmationPdfRelativePath(Order order) {
        return "orders/" + order.getId() + "/documents/confirmation-" + getDisplayOrderNumber(order) + ".pdf";
    }
    private String normalizeLanguage(String language) {
        if (language == null || language.isBlank()) {
            return "it";
        }
        String normalized = language.trim().toLowerCase(Locale.ROOT);
        if (normalized.length() > 2) {
            normalized = normalized.substring(0, 2);
        }
        return switch (normalized) {
            case "it", "en", "de", "fr" -> normalized;
            default -> "it";
        };
    }
 }
--- a/backend/src/main/java/com/printcalculator/service/PaymentService.java
+++ b/backend/src/main/java/com/printcalculator/service/PaymentService.java
@@ -1,101 +0,0 @@
 package com.printcalculator.service;
 import com.printcalculator.entity.Order;
 import com.printcalculator.entity.Payment;
 import com.printcalculator.event.PaymentReportedEvent;
 import com.printcalculator.event.PaymentConfirmedEvent;
 import com.printcalculator.repository.OrderRepository;
 import com.printcalculator.repository.PaymentRepository;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import java.math.BigDecimal;
 import java.time.OffsetDateTime;
 import java.util.Optional;
 import java.util.UUID;
@Service
 public class PaymentService {
    private final PaymentRepository paymentRepo;
    private final OrderRepository orderRepo;
    private final ApplicationEventPublisher eventPublisher;
    public PaymentService(PaymentRepository paymentRepo,
                          OrderRepository orderRepo,
                          ApplicationEventPublisher eventPublisher) {
        this.paymentRepo = paymentRepo;
        this.orderRepo = orderRepo;
        this.eventPublisher = eventPublisher;
    }
    @Transactional
    public Payment getOrCreatePaymentForOrder(Order order, String defaultMethod) {
        Optional<Payment> existing = paymentRepo.findByOrder_Id(order.getId());
        if (existing.isPresent()) {
            return existing.get();
        }
        Payment payment = new Payment();
        payment.setOrder(order);
        // Default to "OTHER" always, as payment method should only be set by the admin explicitly
        payment.setMethod("OTHER");
        payment.setStatus("PENDING");
        payment.setCurrency(order.getCurrency() != null ? order.getCurrency() : "CHF");
        payment.setAmountChf(order.getTotalChf() != null ? order.getTotalChf() : BigDecimal.ZERO);
        payment.setInitiatedAt(OffsetDateTime.now());
        return paymentRepo.save(payment);
    }
    @Transactional
    public Payment reportPayment(UUID orderId, String method) {
        Order order = orderRepo.findById(orderId)
                .orElseThrow(() -> new RuntimeException("Order not found with id " + orderId));
        Payment payment = paymentRepo.findByOrder_Id(orderId)
                .orElseGet(() -> getOrCreatePaymentForOrder(order, "OTHER"));
        if (!"PENDING".equals(payment.getStatus())) {
            throw new IllegalStateException("Payment is not in PENDING state. Current state: " + payment.getStatus());
        }
        payment.setStatus("REPORTED");
        payment.setReportedAt(OffsetDateTime.now());
        // We intentionally do not update the payment method here based on user input,
        // because the user cannot reliably determine the actual method without an integration.
        // It will be updated by the backoffice admin manually.
        payment = paymentRepo.save(payment);
        eventPublisher.publishEvent(new PaymentReportedEvent(this, order, payment));
        return payment;
    }
    @Transactional
    public Payment confirmPayment(UUID orderId, String method) {
        Order order = orderRepo.findById(orderId)
                .orElseThrow(() -> new RuntimeException("Order not found with id " + orderId));
        Payment payment = paymentRepo.findByOrder_Id(orderId)
                .orElseGet(() -> getOrCreatePaymentForOrder(order, method != null ? method : "OTHER"));
        payment.setStatus("COMPLETED");
        if (method != null && !method.isBlank()) {
            payment.setMethod(method.toUpperCase());
        }
        payment.setReceivedAt(OffsetDateTime.now());
        payment = paymentRepo.save(payment);
        order.setStatus("IN_PRODUCTION");
        order.setPaidAt(OffsetDateTime.now());
        orderRepo.save(order);
        eventPublisher.publishEvent(new PaymentConfirmedEvent(this, order, payment));
        return payment;
    }
 }
--- a/backend/src/main/java/com/printcalculator/service/ProfileManager.java
+++ b/backend/src/main/java/com/printcalculator/service/ProfileManager.java
@@ -10,7 +10,6 @@ import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.Optional;
 import java.util.logging.Logger;
@@ -18,15 +17,12 @@ import java.util.stream.Stream;
 import java.util.Map;
 import java.util.HashMap;
 import java.util.List;
 import java.util.LinkedHashSet;
 import java.util.Set;
@Service
 public class ProfileManager {
    private static final Logger logger = Logger.getLogger(ProfileManager.class.getName());
    private final String profilesRoot;
    private final Path resolvedProfilesRoot;
    private final ObjectMapper mapper;
    private final Map<String, String> profileAliases;
@@ -36,8 +32,6 @@ public class ProfileManager {
        this.mapper = mapper;
        this.profileAliases = new HashMap<>();
        initializeAliases();
        this.resolvedProfilesRoot = resolveProfilesRoot(profilesRoot);
        logger.info("Profiles root configured as '" + this.profilesRoot + "', resolved to '" + this.resolvedProfilesRoot + "'");
    }
    private void initializeAliases() {
@@ -46,7 +40,6 @@ public class ProfileManager {
        // Material Aliases
        profileAliases.put("pla_basic", "Bambu PLA Basic @BBL A1");
        profileAliases.put("pla_tough", "Bambu PLA Tough @BBL A1");
        profileAliases.put("petg_basic", "Bambu PETG Basic @BBL A1");
        profileAliases.put("tpu_95a", "Bambu TPU 95A @BBL A1");
@@ -62,18 +55,13 @@ public class ProfileManager {
    public ObjectNode getMergedProfile(String profileName, String type) throws IOException {
        Path profilePath = findProfileFile(profileName, type);
        if (profilePath == null) {
-            throw new IOException("Profile not found: " + profileName + " (root=" + resolvedProfilesRoot + ")");
+            throw new IOException("Profile not found: " + profileName);
        }
        logger.info("Resolved " + type + " profile '" + profileName + "' -> " + profilePath);
        return resolveInheritance(profilePath);
    }
    private Path findProfileFile(String name, String type) {
        if (!Files.isDirectory(resolvedProfilesRoot)) {
            logger.severe("Profiles root does not exist or is not a directory: " + resolvedProfilesRoot);
            return null;
        }
        // Check aliases first
        String resolvedName = profileAliases.getOrDefault(name, name);
@@ -81,7 +69,7 @@ public class ProfileManager {
        // collisions across vendors/profile families with same filename.
        String filename = toJsonFilename(resolvedName);
-        try (Stream<Path> stream = Files.walk(resolvedProfilesRoot)) {
+        try (Stream<Path> stream = Files.walk(Paths.get(profilesRoot))) {
            List<Path> candidates = stream
                    .filter(p -> p.getFileName().toString().equals(filename))
                    .sorted()
@@ -107,37 +95,6 @@ public class ProfileManager {
        }
    }
    private Path resolveProfilesRoot(String configuredRoot) {
        Set<Path> candidates = new LinkedHashSet<>();
        Path cwd = Paths.get("").toAbsolutePath().normalize();
        if (configuredRoot != null && !configuredRoot.isBlank()) {
            Path configured = Paths.get(configuredRoot);
            candidates.add(configured.toAbsolutePath().normalize());
            if (!configured.isAbsolute()) {
                candidates.add(cwd.resolve(configuredRoot).normalize());
            }
        }
        candidates.add(cwd.resolve("profiles").normalize());
        candidates.add(cwd.resolve("backend/profiles").normalize());
        candidates.add(Paths.get("/app/profiles").toAbsolutePath().normalize());
        List<String> checkedPaths = new ArrayList<>();
        for (Path candidate : candidates) {
            checkedPaths.add(candidate.toString());
            if (Files.isDirectory(candidate)) {
                return candidate;
            }
        }
        logger.warning("No profiles directory found. Checked: " + String.join(", ", checkedPaths));
        if (configuredRoot != null && !configuredRoot.isBlank()) {
            return Paths.get(configuredRoot).toAbsolutePath().normalize();
        }
        return cwd.resolve("profiles").normalize();
    }
    private ObjectNode resolveInheritance(Path currentPath) throws IOException {
        // 1. Load current
        JsonNode currentNode = mapper.readTree(currentPath.toFile());
--- a/backend/src/main/java/com/printcalculator/service/QrBillService.java
+++ b/backend/src/main/java/com/printcalculator/service/QrBillService.java
@@ -22,7 +22,7 @@ public class QrBillService {
        // Creditor (Merchant)
        bill.setAccount("CH7409000000154821581"); // TODO: Configurable IBAN
        bill.setCreditor(createAddress(
-                "Joe Küng",
+                "Küng, Joe",
                "Via G. Pioda 29a",
                "6710",
                "Biasca",
@@ -49,7 +49,10 @@ public class QrBillService {
        bill.setAmount(order.getTotalChf());
        bill.setCurrency("CHF");
-        bill.setUnstructuredMessage(order.getId().toString());
+        // Reference
        // bill.setReference(QRBill.createCreditorReference("...")); // If using QRR
        String orderRef = order.getOrderNumber() != null ? order.getOrderNumber() : order.getId().toString();
        bill.setUnstructuredMessage("Order " + orderRef);
        return bill;
    }
--- a/backend/src/main/java/com/printcalculator/service/QuoteCalculator.java
+++ b/backend/src/main/java/com/printcalculator/service/QuoteCalculator.java
@@ -21,8 +21,6 @@ import java.util.List;
@Service
 public class QuoteCalculator {
    private static final BigDecimal SETUP_FEE_DOUBLE_THRESHOLD_CHF = BigDecimal.TEN;
    private static final BigDecimal SETUP_FEE_MULTIPLIER_BELOW_THRESHOLD = BigDecimal.valueOf(2);
    private final PricingPolicyRepository pricingRepo;
    private final PricingPolicyMachineHourTierRepository tierRepo;
@@ -62,70 +60,44 @@ public class QuoteCalculator {
                 .orElseThrow(() -> new RuntimeException("No active printer found"));
        }
        // 3. Fetch Filament Info
        // filamentProfileName might be "bambu_pla_basic_black" or "Generic PLA"
        // We try to extract material code (PLA, PETG)
        String materialCode = detectMaterialCode(filamentProfileName);
        FilamentMaterialType materialType = materialRepo.findByMaterialCode(materialCode)
                .orElseThrow(() -> new RuntimeException("Unknown material type: " + materialCode));
        // Try to find specific variant (e.g. by color if we could parse it)
        // For now, get default/first active variant for this material
        FilamentVariant variant = variantRepo.findFirstByFilamentMaterialTypeAndIsActiveTrue(materialType)
                .orElseThrow(() -> new RuntimeException("No active variant for material: " + materialCode));
        return calculate(stats, machine, policy, variant);
    }
-    public QuoteResult calculate(PrintStats stats, String machineName, FilamentVariant variant) {
+        // --- CALCULATIONS ---
        PricingPolicy policy = pricingRepo.findFirstByIsActiveTrueOrderByValidFromDesc();
        if (policy == null) {
            throw new RuntimeException("No active pricing policy found");
        }
-        PrinterMachine machine = machineRepo.findByPrinterDisplayName(machineName).orElse(null);
+        // Material Cost: (weight / 1000) * costPerKg
-        if (machine == null) {
+        BigDecimal weightKg = BigDecimal.valueOf(stats.filamentWeightGrams()).divide(BigDecimal.valueOf(1000), 4, RoundingMode.HALF_UP);
            machine = machineRepo.findFirstByIsActiveTrue()
                    .orElseThrow(() -> new RuntimeException("No active printer found"));
        }
        return calculate(stats, machine, policy, variant);
    }
    private QuoteResult calculate(PrintStats stats, PrinterMachine machine, PricingPolicy policy, FilamentVariant variant) {
        BigDecimal weightKg = BigDecimal.valueOf(stats.filamentWeightGrams())
                .divide(BigDecimal.valueOf(1000), 4, RoundingMode.HALF_UP);
        BigDecimal materialCost = weightKg.multiply(variant.getCostChfPerKg());
-        BigDecimal totalHours = BigDecimal.valueOf(stats.printTimeSeconds())
+        // Machine Cost: Tiered
-                .divide(BigDecimal.valueOf(3600), 4, RoundingMode.HALF_UP);
+        BigDecimal totalHours = BigDecimal.valueOf(stats.printTimeSeconds()).divide(BigDecimal.valueOf(3600), 4, RoundingMode.HALF_UP);
        BigDecimal machineCost = calculateMachineCost(policy, totalHours);
-        BigDecimal kw = BigDecimal.valueOf(machine.getPowerWatts())
+        // Energy Cost: (watts / 1000) * hours * costPerKwh
-                .divide(BigDecimal.valueOf(1000), 4, RoundingMode.HALF_UP);
+        BigDecimal kw = BigDecimal.valueOf(machine.getPowerWatts()).divide(BigDecimal.valueOf(1000), 4, RoundingMode.HALF_UP);
        BigDecimal kwh = kw.multiply(totalHours);
        BigDecimal energyCost = kwh.multiply(policy.getElectricityCostChfPerKwh());
-        BigDecimal subtotal = materialCost.add(energyCost);
+        // Subtotal (Costs + Fixed Fees)
-        BigDecimal markupFactor = BigDecimal.ONE.add(
+        BigDecimal fixedFee = policy.getFixedJobFeeChf();
-                policy.getMarkupPercent().divide(BigDecimal.valueOf(100), 4, RoundingMode.HALF_UP)
+        BigDecimal subtotal = materialCost.add(machineCost).add(energyCost).add(fixedFee);
        );
        subtotal = subtotal.multiply(markupFactor);
-        return new QuoteResult(subtotal.doubleValue(), "CHF", stats);
+        // Markup
-    }
+        // Markup is percentage (e.g. 20.0)
    public BigDecimal calculateSessionMachineCost(PricingPolicy policy, BigDecimal hours) {
        BigDecimal rawCost = calculateMachineCost(policy, hours);
        BigDecimal markupFactor = BigDecimal.ONE.add(policy.getMarkupPercent().divide(BigDecimal.valueOf(100), 4, RoundingMode.HALF_UP));
-        return rawCost.multiply(markupFactor).setScale(2, RoundingMode.HALF_UP);
+        BigDecimal totalPrice = subtotal.multiply(markupFactor).setScale(2, RoundingMode.HALF_UP);
    }
-    public BigDecimal calculateSessionSetupFee(PricingPolicy policy) {
+        return new QuoteResult(totalPrice.doubleValue(), "CHF", stats, fixedFee.doubleValue());
        if (policy == null || policy.getFixedJobFeeChf() == null) {
            return BigDecimal.ZERO.setScale(2, RoundingMode.HALF_UP);
        }
        BigDecimal baseSetupFee = policy.getFixedJobFeeChf();
        if (baseSetupFee.compareTo(SETUP_FEE_DOUBLE_THRESHOLD_CHF) < 0) {
            return baseSetupFee
                    .multiply(SETUP_FEE_MULTIPLIER_BELOW_THRESHOLD)
                    .setScale(2, RoundingMode.HALF_UP);
        }
        return baseSetupFee.setScale(2, RoundingMode.HALF_UP);
    }
    private BigDecimal calculateMachineCost(PricingPolicy policy, BigDecimal hours) {
@@ -175,7 +147,6 @@ public class QuoteCalculator {
    private String detectMaterialCode(String profileName) {
        String lower = profileName.toLowerCase();
        if (lower.contains("pla tough") || lower.contains("pla_tough")) return "PLA TOUGH";
        if (lower.contains("petg")) return "PETG";
        if (lower.contains("tpu")) return "TPU";
        if (lower.contains("abs")) return "ABS";
--- a/backend/src/main/java/com/printcalculator/service/SlicerService.java
+++ b/backend/src/main/java/com/printcalculator/service/SlicerService.java
@@ -2,7 +2,6 @@ package com.printcalculator.service;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.ObjectNode;
 import com.printcalculator.model.ModelDimensions;
 import com.printcalculator.model.PrintStats;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
@@ -10,27 +9,21 @@ import org.springframework.stereotype.Service;
 import java.io.File;
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.InvalidPathException;
 import java.nio.file.Path;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.Comparator;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import java.util.concurrent.TimeUnit;
 import java.util.logging.Logger;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@Service
 public class SlicerService {
    private static final Logger logger = Logger.getLogger(SlicerService.class.getName());
    private static final Pattern SIZE_X_PATTERN = Pattern.compile("(?m)^\\s*size_x\\s*=\\s*([-+]?\\d+(?:\\.\\d+)?)\\s*$");
    private static final Pattern SIZE_Y_PATTERN = Pattern.compile("(?m)^\\s*size_y\\s*=\\s*([-+]?\\d+(?:\\.\\d+)?)\\s*$");
    private static final Pattern SIZE_Z_PATTERN = Pattern.compile("(?m)^\\s*size_z\\s*=\\s*([-+]?\\d+(?:\\.\\d+)?)\\s*$");
-    private final String trustedSlicerPath;
+    private final String slicerPath;
    private final ProfileManager profileManager;
    private final GCodeParser gCodeParser;
    private final ObjectMapper mapper;
@@ -40,7 +33,7 @@ public class SlicerService {
            ProfileManager profileManager,
            GCodeParser gCodeParser,
            ObjectMapper mapper) {
-        this.trustedSlicerPath = normalizeExecutablePath(slicerPath);
+        this.slicerPath = slicerPath;
        this.profileManager = profileManager;
        this.gCodeParser = gCodeParser;
        this.mapper = mapper;
@@ -83,24 +76,17 @@ public class SlicerService {
                basename = basename.substring(0, basename.length() - 4);
            }
            Path slicerLogPath = tempDir.resolve("orcaslicer.log");
            String machineProfilePath = requireSafeArgument(mFile.getAbsolutePath(), "machine profile path");
            String processProfilePath = requireSafeArgument(pFile.getAbsolutePath(), "process profile path");
            String filamentProfilePath = requireSafeArgument(fFile.getAbsolutePath(), "filament profile path");
            String outputDirPath = requireSafeArgument(tempDir.toAbsolutePath().toString(), "output directory path");
            String inputStlPath = requireSafeArgument(inputStl.getAbsolutePath(), "input STL path");
            // 3. Run slicer. Retry with arrange only for out-of-volume style failures.
            for (boolean useArrange : new boolean[]{false, true}) {
-                // Build process arguments explicitly to avoid shell interpretation and command injection.
+                List<String> command = new ArrayList<>();
-                ProcessBuilder pb = new ProcessBuilder();
+                command.add(slicerPath);
                List<String> command = pb.command();
                command.add(trustedSlicerPath);
                command.add("--load-settings");
-                command.add(machineProfilePath);
+                command.add(mFile.getAbsolutePath());
                command.add("--load-settings");
-                command.add(processProfilePath);
+                command.add(pFile.getAbsolutePath());
                command.add("--load-filaments");
-                command.add(filamentProfilePath);
+                command.add(fFile.getAbsolutePath());
                command.add("--ensure-on-bed");
                if (useArrange) {
                    command.add("--arrange");
@@ -109,12 +95,13 @@ public class SlicerService {
                command.add("--slice");
                command.add("0");
                command.add("--outputdir");
-                command.add(outputDirPath);
+                command.add(tempDir.toAbsolutePath().toString());
-                command.add(inputStlPath);
+                command.add(inputStl.getAbsolutePath());
                logger.info("Executing Slicer" + (useArrange ? " (retry with arrange)" : "") + ": " + String.join(" ", command));
                Files.deleteIfExists(slicerLogPath);
                ProcessBuilder pb = new ProcessBuilder(command);
                pb.directory(tempDir.toFile());
                pb.redirectErrorStream(true);
                pb.redirectOutput(slicerLogPath.toFile());
@@ -162,89 +149,6 @@ public class SlicerService {
        }
    }
    public Optional<ModelDimensions> inspectModelDimensions(File inputModel) {
            Path tempDir = null;
        try {
            tempDir = Files.createTempDirectory("slicer_info_");
            Path infoLogPath = tempDir.resolve("orcaslicer-info.log");
            String inputModelPath = requireSafeArgument(inputModel.getAbsolutePath(), "input model path");
            ProcessBuilder pb = new ProcessBuilder();
            List<String> infoCommand = pb.command();
            infoCommand.add(trustedSlicerPath);
            infoCommand.add("--info");
            infoCommand.add(inputModelPath);
            pb.directory(tempDir.toFile());
            pb.redirectErrorStream(true);
            pb.redirectOutput(infoLogPath.toFile());
            Process process = pb.start();
            boolean finished = process.waitFor(2, TimeUnit.MINUTES);
            if (!finished) {
                process.destroyForcibly();
                logger.warning("Model info extraction timed out for " + inputModel.getName());
                return Optional.empty();
            }
            String output = Files.exists(infoLogPath)
                    ? Files.readString(infoLogPath, StandardCharsets.UTF_8)
                    : "";
            if (process.exitValue() != 0) {
                logger.warning("OrcaSlicer --info failed (exit " + process.exitValue() + ") for "
                        + inputModel.getName() + ": " + output);
                return Optional.empty();
            }
            Optional<ModelDimensions> parsed = parseModelDimensionsFromInfoOutput(output);
            if (parsed.isEmpty()) {
                logger.warning("Could not parse size_x/size_y/size_z from OrcaSlicer --info output for "
                        + inputModel.getName() + ": " + output);
            }
            return parsed;
        } catch (Exception e) {
            logger.warning("Failed to inspect model dimensions for " + inputModel.getName() + ": " + e.getMessage());
            return Optional.empty();
        } finally {
            if (tempDir != null) {
                deleteRecursively(tempDir);
            }
        }
    }
    static Optional<ModelDimensions> parseModelDimensionsFromInfoOutput(String output) {
        if (output == null || output.isBlank()) {
            return Optional.empty();
        }
        Double x = extractDouble(SIZE_X_PATTERN, output);
        Double y = extractDouble(SIZE_Y_PATTERN, output);
        Double z = extractDouble(SIZE_Z_PATTERN, output);
        if (x == null || y == null || z == null) {
            return Optional.empty();
        }
        if (x <= 0 || y <= 0 || z <= 0) {
            return Optional.empty();
        }
        return Optional.of(new ModelDimensions(x, y, z));
    }
    private static Double extractDouble(Pattern pattern, String text) {
        Matcher matcher = pattern.matcher(text);
        if (!matcher.find()) {
            return null;
        }
        try {
            return Double.parseDouble(matcher.group(1));
        } catch (NumberFormatException ignored) {
            return null;
        }
    }
    private void deleteRecursively(Path path) {
        if (path == null || !Files.exists(path)) {
            return;
@@ -273,38 +177,4 @@ public class SlicerService {
                || normalized.contains("no object is fully inside the print volume")
                || normalized.contains("calc_exclude_triangles");
    }
    private String normalizeExecutablePath(String configuredPath) {
        if (configuredPath == null || configuredPath.isBlank()) {
            throw new IllegalArgumentException("slicer.path is required");
        }
        if (containsControlChars(configuredPath)) {
            throw new IllegalArgumentException("slicer.path contains invalid control characters");
        }
        try {
            return Path.of(configuredPath.trim()).normalize().toString();
        } catch (InvalidPathException e) {
            throw new IllegalArgumentException("Invalid slicer.path: " + configuredPath, e);
        }
    }
    private String requireSafeArgument(String value, String argName) throws IOException {
        if (value == null || value.isBlank()) {
            throw new IOException("Missing required argument: " + argName);
        }
        if (containsControlChars(value)) {
            throw new IOException("Invalid control characters in " + argName);
        }
        return value;
    }
    private boolean containsControlChars(String value) {
        for (int i = 0; i < value.length(); i++) {
            char ch = value.charAt(i);
            if (ch == '\0' || ch == '\n' || ch == '\r') {
                return true;
            }
        }
        return false;
    }
 }
--- a/backend/src/main/java/com/printcalculator/service/TwintPaymentService.java
+++ b/backend/src/main/java/com/printcalculator/service/TwintPaymentService.java
@@ -15,47 +15,20 @@ public class TwintPaymentService {
    private final String twintPaymentUrl;
    public TwintPaymentService(
-            @Value("${payment.twint.url:}")
+            @Value("${payment.twint.url:https://go.twint.ch/1/e/tw?tw=acq.gERQQytOTnyIMuQHUqn4hlxgciHE5X7nnqHnNSPAr2OF2K3uBlXJDr2n9JU3sgxa.}")
            String twintPaymentUrl
    ) {
        this.twintPaymentUrl = twintPaymentUrl;
    }
-    public String getTwintPaymentUrl(com.printcalculator.entity.Order order) {
+    public String getTwintPaymentUrl() {
-        if (twintPaymentUrl == null || twintPaymentUrl.isBlank()) {
+        return twintPaymentUrl;
            throw new IllegalStateException("TWINT_PAYMENT_URL is not configured");
        }
        StringBuilder urlBuilder = new StringBuilder(twintPaymentUrl);
        if (order != null) {
            if (order.getTotalChf() != null) {
                urlBuilder.append("&amount=").append(order.getTotalChf().toPlainString());
            }
            String orderNumber = order.getOrderNumber();
            if (orderNumber == null && order.getId() != null) {
                orderNumber = order.getId().toString();
            }
            if (orderNumber != null) {
                try {
                    urlBuilder.append("&trxInfo=").append(order.getId());
                } catch (Exception e) {
                    e.printStackTrace();
                    return null;
                }
            }
        }
        return urlBuilder.toString();
    }
-    public byte[] generateQrPng(com.printcalculator.entity.Order order, int sizePx) {
+    public byte[] generateQrPng(int sizePx) {
        try {
            String url = getTwintPaymentUrl(order);
            // Use High Error Correction for financial QR codes
-            QrCode qrCode = QrCode.encodeText(url, QrCode.Ecc.HIGH);
+            QrCode qrCode = QrCode.encodeText(twintPaymentUrl, QrCode.Ecc.HIGH);
            // Standard QR quiet zone is 4 modules
            int borderModules = 4;
--- a/backend/src/main/java/com/printcalculator/service/email/EmailNotificationService.java
+++ b/backend/src/main/java/com/printcalculator/service/email/EmailNotificationService.java
@@ -14,16 +14,4 @@ public interface EmailNotificationService {
     */
    void sendEmail(String to, String subject, String templateName, Map<String, Object> contextData);
    /**
     * Sends an HTML email using a Thymeleaf template, with an optional attachment.
     *
     * @param to             The recipient email address.
     * @param subject        The subject of the email.
     * @param templateName   The name of the Thymeleaf template (e.g., "order-confirmation").
     * @param contextData    The data to populate the template with.
     * @param attachmentName The name for the attachment file.
     * @param attachmentData The raw bytes of the attachment.
     */
    void sendEmailWithAttachment(String to, String subject, String templateName, Map<String, Object> contextData, String attachmentName, byte[] attachmentData);
 }
--- a/backend/src/main/java/com/printcalculator/service/email/SmtpEmailNotificationService.java
+++ b/backend/src/main/java/com/printcalculator/service/email/SmtpEmailNotificationService.java
@@ -10,7 +10,6 @@ import org.springframework.mail.javamail.MimeMessageHelper;
 import org.springframework.stereotype.Service;
 import org.thymeleaf.TemplateEngine;
 import org.thymeleaf.context.Context;
 import org.springframework.core.io.ByteArrayResource;
 import java.util.Map;
@@ -25,21 +24,8 @@ public class SmtpEmailNotificationService implements EmailNotificationService {
    @Value("${app.mail.from}")
    private String fromAddress;
    @Value("${app.mail.enabled:true}")
    private boolean mailEnabled;
    @Override
    public void sendEmail(String to, String subject, String templateName, Map<String, Object> contextData) {
        sendEmailWithAttachment(to, subject, templateName, contextData, null, null);
    }
    @Override
    public void sendEmailWithAttachment(String to, String subject, String templateName, Map<String, Object> contextData, String attachmentName, byte[] attachmentData) {
        if (!mailEnabled) {
            log.info("Email sending disabled (app.mail.enabled=false). Skipping email to {}", to);
            return;
        }
        log.info("Preparing to send email to {} with template {}", to, templateName);
        try {
@@ -55,10 +41,6 @@ public class SmtpEmailNotificationService implements EmailNotificationService {
            helper.setSubject(subject);
            helper.setText(process, true); // true indicates HTML format
            if (attachmentName != null && attachmentData != null) {
                helper.addAttachment(attachmentName, new ByteArrayResource(attachmentData));
            }
            emailSender.send(mimeMessage);
            log.info("Email successfully sent to {}", to);
--- a/backend/src/main/resources/application-local.properties
+++ b/backend/src/main/resources/application-local.properties
@@ -1,8 +0,0 @@
 app.mail.enabled=false
 app.mail.admin.enabled=false
 app.mail.contact-request.admin.enabled=false
 # Admin back-office local test credentials
 admin.password=local-admin-password
 admin.session.secret=local-session-secret-for-dev-only-000000000000000000000000
 admin.session.ttl-minutes=480
--- a/backend/src/main/resources/application.properties
+++ b/backend/src/main/resources/application.properties
@@ -4,10 +4,9 @@ server.port=8000
 # Database Configuration
 spring.datasource.url=${DB_URL:jdbc:postgresql://localhost:5432/printcalc}
 spring.datasource.username=${DB_USERNAME:printcalc}
-spring.datasource.password=${DB_PASSWORD:}
+spring.datasource.password=${DB_PASSWORD:printcalc_secret}
 spring.jpa.hibernate.ddl-auto=update
 spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
 spring.jpa.open-in-view=false
 # Slicer Configuration
@@ -26,30 +25,18 @@ clamav.port=${CLAMAV_PORT:3310}
 clamav.enabled=${CLAMAV_ENABLED:false}
 # TWINT Configuration
-payment.twint.url=${TWINT_PAYMENT_URL:}
+payment.twint.url=${TWINT_PAYMENT_URL:https://go.twint.ch/1/e/tw?tw=acq.gERQQytOTnyIMuQHUqn4hlxgciHE5X7nnqHnNSPAr2OF2K3uBlXJDr2n9JU3sgxa.}
 # Mail Configuration
 spring.mail.host=${MAIL_HOST:mail.infomaniak.com}
 spring.mail.port=${MAIL_PORT:587}
 spring.mail.username=${MAIL_USERNAME:info@3d-fab.ch}
-spring.mail.password=${MAIL_PASSWORD:}
+spring.mail.password=${MAIL_PASSWORD:ht*44k+Tq39R+R-O}
 spring.mail.properties.mail.smtp.auth=${MAIL_SMTP_AUTH:false}
 spring.mail.properties.mail.smtp.starttls.enable=${MAIL_SMTP_STARTTLS:false}
 # Application Mail Settings
 app.mail.enabled=${APP_MAIL_ENABLED:true}
 app.mail.from=${APP_MAIL_FROM:${MAIL_USERNAME:noreply@printcalculator.local}}
 app.mail.admin.enabled=${APP_MAIL_ADMIN_ENABLED:true}
 app.mail.admin.address=${APP_MAIL_ADMIN_ADDRESS:admin@printcalculator.local}
 app.mail.contact-request.admin.enabled=${APP_MAIL_CONTACT_REQUEST_ADMIN_ENABLED:true}
 app.mail.contact-request.admin.address=${APP_MAIL_CONTACT_REQUEST_ADMIN_ADDRESS:infog@3d-fab.ch}
 app.frontend.base-url=${APP_FRONTEND_BASE_URL:http://localhost:4200}
 # Admin back-office authentication
 admin.password=${ADMIN_PASSWORD}
 admin.session.secret=${ADMIN_SESSION_SECRET}
 admin.session.ttl-minutes=${ADMIN_SESSION_TTL_MINUTES:480}
 admin.auth.trust-proxy-headers=${ADMIN_AUTH_TRUST_PROXY_HEADERS:false}
 # Expose only liveness endpoint by default.
 management.endpoints.web.exposure.include=health
--- a/backend/src/main/resources/templates/email/contact-request-admin.html
+++ b/backend/src/main/resources/templates/email/contact-request-admin.html
@@ -1,121 +0,0 @@
 <!DOCTYPE html>
 <html xmlns:th="http://www.thymeleaf.org">
 <head>
    <meta charset="UTF-8">
    <title>Nuova richiesta di contatto</title>
    <style>
        body {
            font-family: Arial, sans-serif;
            background-color: #f4f4f4;
            margin: 0;
            padding: 0;
        }
        .container {
            max-width: 640px;
            margin: 20px auto;
            background-color: #ffffff;
            padding: 20px;
            border-radius: 8px;
            box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
        }
        h1 {
            margin-top: 0;
            color: #222222;
        }
        p {
            color: #444444;
            line-height: 1.5;
        }
        table {
            width: 100%;
            border-collapse: collapse;
            margin-top: 16px;
        }
        th,
        td {
            text-align: left;
            vertical-align: top;
            border-bottom: 1px solid #eeeeee;
            padding: 10px 6px;
            color: #333333;
            word-break: break-word;
        }
        th {
            width: 35%;
            color: #222222;
            background: #fafafa;
        }
        .footer {
            margin-top: 24px;
            font-size: 12px;
            color: #888888;
            border-top: 1px solid #eeeeee;
            padding-top: 12px;
        }
    </style>
 </head>
 <body>
 <div class="container">
    <h1>Nuova richiesta di contatto</h1>
    <p>E' stata ricevuta una nuova richiesta dal form contatti/su misura.</p>
    <table>
        <tr>
            <th>ID richiesta</th>
            <td th:text="${requestId}">00000000-0000-0000-0000-000000000000</td>
        </tr>
        <tr>
            <th>Data</th>
            <td th:text="${createdAt}">2026-03-03T10:00:00Z</td>
        </tr>
        <tr>
            <th>Tipo richiesta</th>
            <td th:text="${requestType}">PRINT_SERVICE</td>
        </tr>
        <tr>
            <th>Tipo cliente</th>
            <td th:text="${customerType}">PRIVATE</td>
        </tr>
        <tr>
            <th>Nome</th>
            <td th:text="${name}">Mario Rossi</td>
        </tr>
        <tr>
            <th>Azienda</th>
            <td th:text="${companyName}">3D Fab SA</td>
        </tr>
        <tr>
            <th>Contatto</th>
            <td th:text="${contactPerson}">Mario Rossi</td>
        </tr>
        <tr>
            <th>Email</th>
            <td th:text="${email}">cliente@example.com</td>
        </tr>
        <tr>
            <th>Telefono</th>
            <td th:text="${phone}">+41 00 000 00 00</td>
        </tr>
        <tr>
            <th>Messaggio</th>
            <td th:text="${message}">Testo richiesta cliente...</td>
        </tr>
        <tr>
            <th>Allegati</th>
            <td th:text="${attachmentsCount}">0</td>
        </tr>
    </table>
    <div class="footer">
        <p>&copy; <span th:text="${currentYear}">2026</span> 3D-Fab - notifica automatica.</p>
    </div>
 </div>
 </body>
 </html>
--- a/backend/src/main/resources/templates/email/order-confirmation.html
+++ b/backend/src/main/resources/templates/email/order-confirmation.html
@@ -2,7 +2,7 @@
 <html xmlns:th="http://www.thymeleaf.org">
 <head>
    <meta charset="UTF-8">
-    <title th:text="${emailTitle}">Order Confirmation</title>
+    <title>Conferma Ordine</title>
    <style>
        body {
            font-family: Arial, sans-serif;
@@ -10,7 +10,6 @@
            margin: 0;
            padding: 0;
        }
        .container {
            max-width: 600px;
            margin: 20px auto;
@@ -19,41 +18,30 @@
            border-radius: 8px;
            box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
        }
        .header {
            text-align: center;
            border-bottom: 1px solid #eeeeee;
            padding-bottom: 20px;
            margin-bottom: 20px;
        }
        .header h1 {
            color: #333333;
        }
        .content {
            color: #555555;
            line-height: 1.6;
        }
        .order-details {
            background-color: #f9f9f9;
            padding: 15px;
            border-radius: 5px;
            margin-top: 20px;
        }
        .order-details th {
            text-align: left;
            padding-right: 20px;
            color: #333333;
            vertical-align: top;
        }
        .order-details td {
            word-break: break-word;
        }
        .footer {
            text-align: center;
            font-size: 0.9em;
@@ -65,46 +53,41 @@
    </style>
 </head>
 <body>
-<div class="container">
+    <div class="container">
-    <div class="header">
+        <div class="header">
-        <h1 th:text="${headlineText}">Thank you for your order #00000000</h1>
+            <h1>Grazie per il tuo ordine #<span th:text="${orderNumber}">00000000</span></h1>
    </div>
    <div class="content">
        <p th:text="${greetingText}">Hi Customer,</p>
        <p th:text="${introText}">We received your order and started processing it.</p>
        <div class="order-details">
            <p style="margin-top:0; font-weight: bold;" th:text="${detailsTitleText}">Order details</p>
            <table>
                <tr>
                    <th th:text="${labelOrderNumber}">Order number</th>
                    <td th:text="${orderNumber}">00000000</td>
                </tr>
                <tr>
                    <th th:text="${labelDate}">Date</th>
                    <td th:text="${orderDate}">Jan 1, 2026, 10:00:00 AM</td>
                </tr>
                <tr>
                    <th th:text="${labelTotal}">Total</th>
                    <td th:text="${totalCost}">CHF 0.00</td>
                </tr>
            </table>
        </div>
        <div class="content">
            <p>Ciao <span th:text="${customerName}">Cliente</span>,</p>
            <p>Abbiamo ricevuto il tuo ordine e stiamo iniziando a elaborarlo. Ecco un riepilogo dei dettagli:</p>
-        <p>
+            <div class="order-details">
-            <span th:text="${orderDetailsCtaText}">View order status</span>:
+                <table>
-            <a th:href="${orderDetailsUrl}" th:text="${orderDetailsUrl}">https://example.com/en/co/00000000-0000-0000-0000-000000000000</a>
+                    <tr>
-        </p>
+                        <th>Numero Ordine:</th>
                        <td th:text="${orderNumber}">00000000</td>
                    </tr>
                    <tr>
                        <th>Data:</th>
                        <td th:text="${orderDate}">01/01/2026</td>
                    </tr>
                    <tr>
                        <th>Costo totale:</th>
                        <td th:text="${totalCost} + ' CHF'">0.00 CHF</td>
                    </tr>
                </table>
            </div>
-        <p th:text="${attachmentHintText}">The order confirmation PDF is attached.</p>
+            <p>
-        <p th:text="${supportText}">If you have questions, reply to this email.</p>
+                Clicca qui per i dettagli:
                <a th:href="${orderDetailsUrl}" th:text="${orderDetailsUrl}">https://tuosito.it/ordine/00000000-0000-0000-0000-000000000000</a>
            </p>
            <p>Se hai domande o dubbi, non esitare a contattarci.</p>
        </div>
        <div class="footer">
            <p>&copy; 2026 3D-Fab. Tutti i diritti riservati.</p>
        </div>
    </div>
    <div class="footer">
        <p>&copy; <span th:text="${currentYear}">2026</span> 3D-Fab</p>
        <p th:text="${footerText}">Automated message.</p>
    </div>
 </div>
 </body>
 </html>
--- a/backend/src/main/resources/templates/email/payment-confirmed.html
+++ b/backend/src/main/resources/templates/email/payment-confirmed.html
@@ -1,111 +0,0 @@
 <!DOCTYPE html>
 <html xmlns:th="http://www.thymeleaf.org">
 <head>
    <meta charset="UTF-8">
    <title th:text="${emailTitle}">Payment Confirmed</title>
    <style>
        body {
            font-family: Arial, sans-serif;
            background-color: #f4f4f4;
            margin: 0;
            padding: 0;
        }
        .container {
            max-width: 600px;
            margin: 20px auto;
            background-color: #ffffff;
            padding: 20px;
            border-radius: 8px;
            box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
        }
        .header {
            text-align: center;
            border-bottom: 1px solid #eeeeee;
            padding-bottom: 20px;
            margin-bottom: 20px;
        }
        .header h1 {
            color: #333333;
        }
        .content {
            color: #555555;
            line-height: 1.6;
        }
        .status-box {
            background-color: #e8f8ee;
            border: 1px solid #9fd4af;
            border-radius: 5px;
            padding: 12px;
            margin-top: 18px;
        }
        .order-box {
            background-color: #f9f9f9;
            border-radius: 5px;
            padding: 12px;
            margin-top: 18px;
        }
        .order-box th {
            text-align: left;
            padding-right: 18px;
            vertical-align: top;
        }
        .footer {
            text-align: center;
            font-size: 0.9em;
            color: #999999;
            margin-top: 30px;
            border-top: 1px solid #eeeeee;
            padding-top: 20px;
        }
    </style>
 </head>
 <body>
 <div class="container">
    <div class="header">
        <h1 th:text="${headlineText}">Payment confirmed for order #00000000</h1>
    </div>
    <div class="content">
        <p th:text="${greetingText}">Hi Customer,</p>
        <p th:text="${introText}">Your payment has been confirmed and your order is now in production.</p>
        <div class="status-box">
            <strong th:text="${statusText}">Current status: In production.</strong>
        </div>
        <div class="order-box">
            <table>
                <tr>
                    <th th:text="${labelOrderNumber}">Order number</th>
                    <td th:text="${orderNumber}">00000000</td>
                </tr>
                <tr>
                    <th th:text="${labelTotal}">Total</th>
                    <td th:text="${totalCost}">CHF 0.00</td>
                </tr>
            </table>
        </div>
        <p th:text="${attachmentHintText}">The paid invoice PDF is attached to this email.</p>
        <p>
            <span th:text="${orderDetailsCtaText}">View order status</span>:
            <a th:href="${orderDetailsUrl}" th:text="${orderDetailsUrl}">https://example.com/en/co/00000000-0000-0000-0000-000000000000</a>
        </p>
        <p th:text="${supportText}">We will notify you when shipment is ready.</p>
    </div>
    <div class="footer">
        <p>&copy; <span th:text="${currentYear}">2026</span> 3D-Fab</p>
        <p th:text="${footerText}">Automated message.</p>
    </div>
 </div>
 </body>
 </html>
--- a/backend/src/main/resources/templates/email/payment-reported.html
+++ b/backend/src/main/resources/templates/email/payment-reported.html
@@ -1,110 +0,0 @@
 <!DOCTYPE html>
 <html xmlns:th="http://www.thymeleaf.org">
 <head>
    <meta charset="UTF-8">
    <title th:text="${emailTitle}">Payment Reported</title>
    <style>
        body {
            font-family: Arial, sans-serif;
            background-color: #f4f4f4;
            margin: 0;
            padding: 0;
        }
        .container {
            max-width: 600px;
            margin: 20px auto;
            background-color: #ffffff;
            padding: 20px;
            border-radius: 8px;
            box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
        }
        .header {
            text-align: center;
            border-bottom: 1px solid #eeeeee;
            padding-bottom: 20px;
            margin-bottom: 20px;
        }
        .header h1 {
            color: #333333;
        }
        .content {
            color: #555555;
            line-height: 1.6;
        }
        .status-box {
            background-color: #fff9e8;
            border: 1px solid #f4d68a;
            border-radius: 5px;
            padding: 12px;
            margin-top: 18px;
        }
        .order-box {
            background-color: #f9f9f9;
            border-radius: 5px;
            padding: 12px;
            margin-top: 18px;
        }
        .order-box th {
            text-align: left;
            padding-right: 18px;
            vertical-align: top;
        }
        .footer {
            text-align: center;
            font-size: 0.9em;
            color: #999999;
            margin-top: 30px;
            border-top: 1px solid #eeeeee;
            padding-top: 20px;
        }
    </style>
 </head>
 <body>
 <div class="container">
    <div class="header">
        <h1 th:text="${headlineText}">Payment reported for order #00000000</h1>
    </div>
    <div class="content">
        <p th:text="${greetingText}">Hi Customer,</p>
        <p th:text="${introText}">We received your payment report and we are now verifying it.</p>
        <div class="status-box">
            <strong th:text="${statusText}">Current status: Payment under verification.</strong>
        </div>
        <div class="order-box">
            <table>
                <tr>
                    <th th:text="${labelOrderNumber}">Order number</th>
                    <td th:text="${orderNumber}">00000000</td>
                </tr>
                <tr>
                    <th th:text="${labelTotal}">Total</th>
                    <td th:text="${totalCost}">CHF 0.00</td>
                </tr>
            </table>
        </div>
        <p>
            <span th:text="${orderDetailsCtaText}">Check order status</span>:
            <a th:href="${orderDetailsUrl}" th:text="${orderDetailsUrl}">https://example.com/en/co/00000000-0000-0000-0000-000000000000</a>
        </p>
        <p th:text="${supportText}">You will receive another email once payment is confirmed.</p>
    </div>
    <div class="footer">
        <p>&copy; <span th:text="${currentYear}">2026</span> 3D-Fab</p>
        <p th:text="${footerText}">Automated message.</p>
    </div>
 </div>
 </body>
 </html>
--- a/backend/src/main/resources/templates/invoice.html
+++ b/backend/src/main/resources/templates/invoice.html
@@ -1,412 +1,248 @@
 <!DOCTYPE html>
 <html lang="it" xmlns:th="http://www.thymeleaf.org">
 <head>
-    <meta charset="utf-8"/>
+  <meta charset="utf-8"/>
-    <style>
+  <style>
-        @page invoice {
+    @page invoice { size: 8.5in 11in; margin: 0.65in; }
-            size: A4;
+    @page qrpage { size: A4; margin: 0; }
            margin: 12mm 12mm 12mm 12mm;
        }
-        @page qrpage {
+    body {
-            size: A4;
+      page: invoice;
-            margin: 0;
+      font-family: Helvetica, Arial, sans-serif;
-        }
+      font-size: 10pt;
      margin: 0;
      padding: 0;
      background: #fff;
      color: #1a1a1a;
    }
-        *, *:before, *:after {
+    .invoice-page {
-            box-sizing: border-box;
+      page: invoice;
-        }
+      width: 100%;
    }
-        body {
+    .header-table {
-            page: invoice;
+      width: 100%;
-            font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
+      border-collapse: collapse;
-            font-size: 8.5pt;
+      table-layout: fixed;
-            margin: 0;
+    }
            padding: 0;
            background: #fff;
            color: #000;
            line-height: 1.35;
        }
-        .invoice-page {
+    .header-table td {
-            page: invoice;
+      vertical-align: top;
-            width: 100%;
+      padding: 0;
-            page-break-after: always;
+    }
        }
-        /* Top Header Layout */
+    .header-left {
-        .header-layout {
+      width: 58%;
-            width: 100%;
+      line-height: 1.35;
-            border-collapse: collapse;
+    }
            table-layout: fixed;
            margin-bottom: 25mm;
        }
-        .header-layout td {
+    .header-right {
-            vertical-align: top;
+      width: 42%;
-            padding: 0;
+      text-align: right;
-        }
+      line-height: 1.35;
    }
-        .logo-block {
+    .invoice-title {
-            width: 33%;
+      font-size: 15pt;
-            font-size: 24pt;
+      font-weight: 700;
-            font-weight: bold;
+      margin: 0 0 4mm 0;
-            letter-spacing: -0.5px;
+      letter-spacing: 0.3px;
-        }
+    }
-        .logo-3d {
+    .section-title {
-            color: #111827; /* Dark black/blue */
+      margin: 9mm 0 2mm 0;
-        }
+      font-size: 10.5pt;
      font-weight: 700;
      text-transform: uppercase;
      letter-spacing: 0.2px;
    }
-        .logo-fab {
+    .buyer-box {
-            color: #eab308; /* Yellow/Gold */
+      margin: 0;
-        }
+      line-height: 1.4;
      min-height: 20mm;
    }
-        .seller-block {
+    .line-items {
-            width: 33%;
+      width: 100%;
-            font-size: 9pt;
+      border-collapse: collapse;
-            line-height: 1.4;
+      table-layout: fixed;
-        }
+      margin-top: 8mm;
    }
-        .website-block {
+    .line-items th,
-            width: 33%;
+    .line-items td {
-            text-align: right;
+      border-bottom: 1px solid #d8d8d8;
-            font-size: 9pt;
+      padding: 2.8mm 2.2mm;
-        }
+      vertical-align: top;
      word-break: break-word;
    }
-        /* Document Title */
+    .line-items th {
-        .doc-title {
+      text-align: left;
-            font-size: 20pt;
+      font-weight: 700;
-            font-weight: normal;
+      background: #f7f7f7;
-            margin: 0 0 10mm 0;
+    }
            letter-spacing: -0.5px;
        }
-        /* Meta and Customer Details Layout */
+    .line-items th:nth-child(1),
-        .details-layout {
+    .line-items td:nth-child(1) {
-            width: 100%;
+      width: 54%;
-            border-collapse: collapse;
+    }
            table-layout: fixed;
            margin-bottom: 15mm;
        }
-        .details-layout td {
+    .line-items th:nth-child(2),
-            vertical-align: top;
+    .line-items td:nth-child(2) {
-            padding: 0;
+      width: 12%;
-        }
+      text-align: right;
      white-space: nowrap;
    }
-        .meta-container {
+    .line-items th:nth-child(3),
-            width: 50%;
+    .line-items td:nth-child(3) {
-        }
+      width: 17%;
      text-align: right;
      white-space: nowrap;
    }
-        .customer-container {
+    .line-items th:nth-child(4),
-            width: 50%;
+    .line-items td:nth-child(4) {
-            font-size: 10pt;
+      width: 17%;
-            line-height: 1.5;
+      text-align: right;
-        }
+      white-space: nowrap;
      font-weight: 600;
    }
-        .meta-table {
+    .totals {
-            border-collapse: collapse;
+      margin-top: 7mm;
-            font-size: 8.5pt;
+      margin-left: auto;
-        }
+      width: 76mm;
      border-collapse: collapse;
    }
-        .meta-table td {
+    .totals td {
-            padding: 1.5mm 0;
+      border: none;
-            vertical-align: top;
+      padding: 1.6mm 0;
-        }
+    }
-        .meta-label {
+    .totals-label {
-            width: 45mm;
+      text-align: left;
-            padding-right: 2mm;
+      color: #3a3a3a;
-        }
+    }
-        .meta-value {
+    .totals-value {
-            /* allow wrapping just in case */
+      text-align: right;
-        }
+      white-space: nowrap;
-        
+      font-weight: 600;
-        /* Line Items Table */
+    }
        .line-items {
            width: 100%;
            border-collapse: collapse;
            table-layout: fixed;
            margin-top: 5mm;
            font-size: 8.5pt;
        }
-        .line-items th,
+    .total-strong td {
-        .line-items td {
+      font-size: 11pt;
-            padding: 1.5mm 0;
+      font-weight: 700;
-            vertical-align: top;
+      padding-top: 2.4mm;
-        }
+      border-top: 1px solid #d8d8d8;
    }
-        .line-items th {
+    .payment-terms {
-            text-align: left;
+      margin-top: 9mm;
-            font-weight: normal;
+      line-height: 1.4;
-            border-bottom: 1pt solid #000;
+      color: #2b2b2b;
-        }
+    }
-        .line-items tbody td {
+    .qr-only-page {
-            border-bottom: 0.5pt solid #e0e0e0;
+      page: qrpage;
-        }
+      position: relative;
      width: 210mm;
      height: 297mm;
      background: #fff;
      page-break-before: always;
      break-before: page;
    }
-        .line-items tbody tr:last-child td {
+    .qr-bill-bottom {
-            border-bottom: 1pt solid #000;
+      position: absolute;
-        }
+      left: 0;
      bottom: 0;
      width: 210mm;
      height: 105mm;
      overflow: hidden;
      background: #fff;
    }
-        .line-items th.center,
+    .qr-bill-bottom svg {
-        .line-items td.center {
+      width: 210mm !important;
-            text-align: center;
+      height: 105mm !important;
-        }
+      display: block;
-
+    }
-        .line-items th.right,
+  </style>
        .line-items td.right {
            text-align: right;
        }
        .col-desc { width: 45%; }
        .col-qty { width: 10%; }
        .col-price { width: 22%; }
        .col-total { width: 23%; }
        .item-desc {
            padding-right: 4mm;
        }
        /* Totals Block */
        .totals-table {
            width: 100%;
            border-collapse: collapse;
            table-layout: fixed;
            margin-top: 0;
            font-size: 8.5pt;
        }
        .totals-table td {
            padding: 1.5mm 0;
            border-bottom: 0.5pt solid #000;
        }
        .totals-label {
            text-align: left;
        }
        .totals-value {
            text-align: right;
            width: 30%;
        }
        .totals-table tr.no-border td {
            border-bottom: none;
        }
        .summary-notes {
            margin-top: 4mm;
            padding-bottom: 4mm;
            border-bottom: 1pt solid #000;
        }
        /* Footer Notes Layout */
        .footer-layout {
            width: 100%;
            border-collapse: collapse;
            table-layout: fixed;
            margin-top: 15mm;
            font-size: 8.5pt;
        }
        .footer-layout td {
            vertical-align: top;
            padding: 0 0 3mm 0;
        }
        .footer-label {
            width: 25%;
            font-weight: normal;
        }
        .footer-text {
            width: 75%;
            line-height: 1.4;
        }
        /* QR Page */
        .qr-only-page {
            page: qrpage;
            width: 100%;
            height: 297mm;
            background: #fff;
            page-break-inside: avoid;
        }
        .qr-only-layout {
            width: 100%;
            height: 297mm;
            border-collapse: collapse;
            table-layout: fixed;
        }
        .qr-only-layout td {
            vertical-align: bottom;
            /* Keep the QR slip at page bottom, but with a safer print margin. */
            padding: 0 0 1mm 0;
        }
        .qr-bill-bottom {
            width: 100%;
            height: 105mm;
            overflow: hidden;
            background: #fff;
        }
        .qr-bill-bottom svg {
            width: 100% !important;
            height: 105mm !important;
            display: block;
        }
    </style>
 </head>
 <body>
 <div class="invoice-page">
-    <!-- Header -->
+<table class="header-table">
-    <table class="header-layout">
+  <tr>
-        <tr>
+    <td class="header-left">
-            <td class="logo-block">
+      <div><strong th:text="${sellerDisplayName}">Nome Cognome</strong></div>
-                <span class="logo-3d">3D</span> <span class="logo-fab">fab</span>
+      <div th:text="${sellerAddressLine1}">Via Esempio 12</div>
-                <div style="font-size: 14pt; font-weight: normal; margin-top: 4px; color: #111827;">Küng Caletti</div>
+      <div th:text="${sellerAddressLine2}">6500 Bellinzona, CH</div>
-            </td>
+      <div th:text="${sellerEmail}">email@example.com</div>
-            <td class="seller-block">
+    </td>
-                <div th:text="${sellerDisplayName}">3D Fab Switzerland</div>
+    <td class="header-right">
-                <div th:text="${sellerAddressLine1}">Via G. pioda 29a - 6710 Biasca, Svizzera</div>
+      <div class="invoice-title">Fattura</div>
-                <div th:text="${sellerAddressLine2}">Lyss-Strasse 71 - 2560 Nidau, Svizzera</div>
+      <div>Numero: <span th:text="${invoiceNumber}">2026-000123</span></div>
-            </td>
+      <div>Data: <span th:text="${invoiceDate}">2026-02-13</span></div>
-            <td class="website-block">
+      <div>Scadenza: <span th:text="${dueDate}">2026-02-20</span></div>
-                www.3d-fab.ch
+    </td>
-            </td>
+  </tr>
-        </tr>
+</table>
    </table>
-    <!-- Document Title -->
+<div class="section-title">Fatturare a</div>
-    <div class="doc-title">
+<div class="buyer-box">
-        <span th:if="${isConfirmation}">Conferma dell'ordine</span>
+  <div>
-        <span th:unless="${isConfirmation}">Fattura</span>
+    <div th:text="${buyerDisplayName}">Cliente SA</div>
-        <span th:text="${invoiceNumber}">141052743</span>
+    <div th:text="${buyerAddressLine1}">Via Cliente 7</div>
-        <span th:unless="${isConfirmation}" style="color: #2e7d32; font-weight: bold; font-size: 18pt; padding-left: 15px;">PAGATO</span>
+    <div th:text="${buyerAddressLine2}">8000 Zürich, CH</div>
-    </div>
+  </div>
 </div>
-    <!-- Details block (Meta and Customer) -->
+<table class="line-items">
-    <table class="details-layout">
+  <thead>
-        <tr>
+    <tr>
-            <td class="meta-container">
+      <th>Descrizione</th>
-                <table class="meta-table">
+      <th>Qtà</th>
-                    <tr>
+      <th>Prezzo</th>
-                        <td class="meta-label">Data dell'ordine / fattura</td>
+      <th>Totale</th>
-                        <td class="meta-value" th:text="${invoiceDate}">07.03.2025</td>
+    </tr>
-                    </tr>
+  </thead>
-                    <tr>
+  <tbody>
-                        <td class="meta-label">Numero documento</td>
+    <tr th:each="lineItem : ${invoiceLineItems}">
-                        <td class="meta-value" th:text="${invoiceNumber}">INV-2026-000123</td>
+      <td th:text="${lineItem.description}">Stampa 3D pezzo X</td>
-                    </tr>
+      <td th:text="${lineItem.quantity}">1</td>
-                    <tr>
+      <td th:text="${lineItem.unitPriceFormatted}">CHF 10.00</td>
-                        <td class="meta-label">Data di scadenza</td>
+      <td th:text="${lineItem.lineTotalFormatted}">CHF 10.00</td>
-                        <td class="meta-value" th:text="${dueDate}">07.03.2025</td>
+    </tr>
-                    </tr>
+  </tbody>
-                    <tr>
+</table>
                        <td class="meta-label">Metodo di pagamento</td>
                        <td class="meta-value" th:text="${paymentMethodText}">QR / Bonifico oppure TWINT</td>
                    </tr>
                    <tr>
                        <td class="meta-label">Valuta</td>
                        <td class="meta-value">CHF</td>
                    </tr>
                </table>
            </td>
            <td class="customer-container">
                <div style="font-weight: bold; margin-bottom: 2mm;">Indirizzo di fatturazione:</div>
                <div th:text="${buyerDisplayName}">Joe Küng</div>
                <div th:text="${buyerAddressLine1}">Via G.Pioda, 29a</div>
                <div th:text="${buyerAddressLine2}">6710 biasca</div>
                <div>Svizzera</div>
                <br/>
                <div th:if="${shippingDisplayName != null}">
                    <div style="font-weight: bold; margin-bottom: 2mm;">Indirizzo di spedizione:</div>
                    <div th:text="${shippingDisplayName}">Joe Küng</div>
                    <div th:text="${shippingAddressLine1}">Via G.Pioda, 29a</div>
                    <div th:text="${shippingAddressLine2}">6710 biasca</div>
                    <div>Svizzera</div>
                </div>
            </td>
        </tr>
    </table>
-    <!-- Items Table -->
+<table class="totals">
-    <table class="line-items">
+  <tr>
-        <thead>
+    <td class="totals-label">Subtotale</td>
-        <tr>
+    <td class="totals-value" th:text="${subtotalFormatted}">CHF 10.00</td>
-            <th class="col-desc">Descrizione</th>
+  </tr>
-            <th class="col-qty center">Quantità</th>
+  <tr class="total-strong">
-            <th class="col-price right">Prezzo unitario</th>
+    <td class="totals-label">Totale</td>
-            <th class="col-total right">Prezzo incl.</th>
+    <td class="totals-value" th:text="${grandTotalFormatted}">CHF 10.00</td>
-        </tr>
+  </tr>
-        </thead>
+</table>
        <tbody>
        <tr th:each="lineItem : ${invoiceLineItems}">
            <td class="item-desc" th:text="${lineItem.description}">Apple iPhone 16 Pro</td>
            <td class="center" th:text="${lineItem.quantity}">1</td>
            <td class="right" th:text="${lineItem.unitPriceFormatted}">968.55</td>
            <td class="right" th:text="${lineItem.lineTotalFormatted}">1'047.00</td>
        </tr>
        </tbody>
    </table>
-    <!-- Totals -->
+<div class="payment-terms" th:text="${paymentTermsText}">
-    <table class="totals-table">
+  Pagamento entro 7 giorni. Grazie.
-        <tr>
+</div>
            <td class="totals-label">Importo totale</td>
            <td class="totals-value" th:text="${subtotalFormatted}">1'012.86</td>
        </tr>
        <tr>
            <td class="totals-label">Totale di tutte le consegne e di tutti i servizi CHF</td>
            <td class="totals-value" th:text="${grandTotalFormatted}">1'094.90</td>
        </tr>
        <tr class="no-border" th:if="${isConfirmation}">
            <td class="totals-label">Importo dovuto</td>
            <td class="totals-value" th:text="${grandTotalFormatted}">1'094.90</td>
        </tr>
        <tr class="no-border" th:unless="${isConfirmation}">
            <td class="totals-label">Importo dovuto</td>
            <td class="totals-value">CHF 0.00</td>
        </tr>
    </table>
    <!-- Footer Notes -->
    <table class="footer-layout">
        <tr>
            <td class="footer-label">Informazioni</td>
            <td class="footer-text" th:text="${paymentTermsText}">
                Appena riceviamo il pagamento l'ordine entra nella coda di stampa. Grazie per la fiducia.
            </td>
        </tr>
        <tr>
            <td class="footer-label">Generale</td>
            <td class="footer-text">
                Si applicano le nostre condizioni generali di contratto. Verifica i dettagli dell'ordine al ricevimento. Per assistenza, rispondi alla nostra email di conferma.
            </td>
        </tr>
    </table>
 </div>
-<!-- QR Bill Page (only renders if QR data is passed) -->
+<div class="qr-only-page">
-<div class="qr-only-page" th:if="${qrBillSvg != null}">
+  <div class="qr-bill-bottom" th:utext="${qrBillSvg}">
-    <table class="qr-only-layout">
+  </div>
        <tr>
            <td>
                <div class="qr-bill-bottom" th:utext="${qrBillSvg}">
                </div>
            </td>
        </tr>
    </table>
 </div>
 </body>
--- a/backend/src/test/java/com/printcalculator/controller/AdminAuthSecurityTest.java
+++ b/backend/src/test/java/com/printcalculator/controller/AdminAuthSecurityTest.java
@@ -1,134 +0,0 @@
 package com.printcalculator.controller;
 import com.printcalculator.config.SecurityConfig;
 import com.printcalculator.controller.admin.AdminAuthController;
 import com.printcalculator.security.AdminLoginThrottleService;
 import com.printcalculator.security.AdminSessionAuthenticationFilter;
 import com.printcalculator.security.AdminSessionService;
 import jakarta.servlet.http.Cookie;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
 import org.springframework.context.annotation.Import;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.test.context.TestPropertySource;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@WebMvcTest(controllers = AdminAuthController.class)
@Import({
        SecurityConfig.class,
        AdminSessionAuthenticationFilter.class,
        AdminSessionService.class,
        AdminLoginThrottleService.class
 })
@TestPropertySource(properties = {
        "admin.password=test-admin-password",
        "admin.session.secret=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
        "admin.session.ttl-minutes=60"
 })
 class AdminAuthSecurityTest {
    @Autowired
    private MockMvc mockMvc;
    @Test
    void loginOk_ShouldReturnCookie() throws Exception {
        MvcResult result = mockMvc.perform(post("/api/admin/auth/login")
                        .with(req -> {
                            req.setRemoteAddr("10.0.0.1");
                            return req;
                        })
                        .contentType(MediaType.APPLICATION_JSON)
                        .content("{\"password\":\"test-admin-password\"}"))
                .andExpect(status().isOk())
                .andExpect(jsonPath("$.authenticated").value(true))
                .andReturn();
        String setCookie = result.getResponse().getHeader(HttpHeaders.SET_COOKIE);
        assertNotNull(setCookie);
        assertTrue(setCookie.contains("admin_session="));
        assertTrue(setCookie.contains("HttpOnly"));
        assertTrue(setCookie.contains("Secure"));
        assertTrue(setCookie.contains("SameSite=Strict"));
        assertTrue(setCookie.contains("Path=/api/admin"));
    }
    @Test
    void loginKo_ShouldReturnUnauthorized() throws Exception {
        mockMvc.perform(post("/api/admin/auth/login")
                        .with(req -> {
                            req.setRemoteAddr("10.0.0.2");
                            return req;
                        })
                        .contentType(MediaType.APPLICATION_JSON)
                        .content("{\"password\":\"wrong-password\"}"))
                .andExpect(status().isUnauthorized())
                .andExpect(jsonPath("$.authenticated").value(false))
                .andExpect(jsonPath("$.retryAfterSeconds").value(2));
    }
    @Test
    void loginKoSecondAttemptDuringLock_ShouldReturnTooManyRequests() throws Exception {
        mockMvc.perform(post("/api/admin/auth/login")
                        .with(req -> {
                            req.setRemoteAddr("10.0.0.3");
                            return req;
                        })
                        .contentType(MediaType.APPLICATION_JSON)
                        .content("{\"password\":\"wrong-password\"}"))
                .andExpect(status().isUnauthorized())
                .andExpect(jsonPath("$.retryAfterSeconds").value(2));
        mockMvc.perform(post("/api/admin/auth/login")
                        .with(req -> {
                            req.setRemoteAddr("10.0.0.3");
                            return req;
                        })
                        .contentType(MediaType.APPLICATION_JSON)
                        .content("{\"password\":\"wrong-password\"}"))
                .andExpect(status().isTooManyRequests())
                .andExpect(jsonPath("$.authenticated").value(false));
    }
    @Test
    void adminAccessWithoutCookie_ShouldReturn401() throws Exception {
        mockMvc.perform(get("/api/admin/auth/me"))
                .andExpect(status().isUnauthorized());
    }
    @Test
    void adminAccessWithValidCookie_ShouldReturn200() throws Exception {
        MvcResult login = mockMvc.perform(post("/api/admin/auth/login")
                        .with(req -> {
                            req.setRemoteAddr("10.0.0.4");
                            return req;
                        })
                        .contentType(MediaType.APPLICATION_JSON)
                        .content("{\"password\":\"test-admin-password\"}"))
                .andExpect(status().isOk())
                .andReturn();
        String setCookie = login.getResponse().getHeader(HttpHeaders.SET_COOKIE);
        assertNotNull(setCookie);
        Cookie adminCookie = toCookie(setCookie);
        mockMvc.perform(get("/api/admin/auth/me").cookie(adminCookie))
                .andExpect(status().isOk())
                .andExpect(jsonPath("$.authenticated").value(true));
    }
    private Cookie toCookie(String setCookieHeader) {
        String[] parts = setCookieHeader.split(";", 2);
        String[] keyValue = parts[0].split("=", 2);
        return new Cookie(keyValue[0], keyValue.length > 1 ? keyValue[1] : "");
    }
 }
--- a/backend/src/test/java/com/printcalculator/controller/admin/AdminOrderControllerStatusValidationTest.java
+++ b/backend/src/test/java/com/printcalculator/controller/admin/AdminOrderControllerStatusValidationTest.java
@@ -1,107 +0,0 @@
 package com.printcalculator.controller.admin;
 import com.printcalculator.dto.AdminOrderStatusUpdateRequest;
 import com.printcalculator.dto.OrderDto;
 import com.printcalculator.entity.Order;
 import com.printcalculator.repository.OrderItemRepository;
 import com.printcalculator.repository.OrderRepository;
 import com.printcalculator.repository.PaymentRepository;
 import com.printcalculator.service.InvoicePdfRenderingService;
 import com.printcalculator.service.PaymentService;
 import com.printcalculator.service.QrBillService;
 import com.printcalculator.service.StorageService;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.server.ResponseStatusException;
 import java.util.List;
 import java.util.Optional;
 import java.util.UUID;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
@ExtendWith(MockitoExtension.class)
 class AdminOrderControllerStatusValidationTest {
    @Mock
    private OrderRepository orderRepository;
    @Mock
    private OrderItemRepository orderItemRepository;
    @Mock
    private PaymentRepository paymentRepository;
    @Mock
    private PaymentService paymentService;
    @Mock
    private StorageService storageService;
    @Mock
    private InvoicePdfRenderingService invoicePdfRenderingService;
    @Mock
    private QrBillService qrBillService;
    private AdminOrderController controller;
    @BeforeEach
    void setUp() {
        controller = new AdminOrderController(
                orderRepository,
                orderItemRepository,
                paymentRepository,
                paymentService,
                storageService,
                invoicePdfRenderingService,
                qrBillService
        );
    }
    @Test
    void updateOrderStatus_withInvalidStatus_shouldReturn400AndNotSave() {
        UUID orderId = UUID.randomUUID();
        Order order = new Order();
        order.setId(orderId);
        order.setStatus("PENDING_PAYMENT");
        when(orderRepository.findById(orderId)).thenReturn(Optional.of(order));
        AdminOrderStatusUpdateRequest payload = new AdminOrderStatusUpdateRequest();
        payload.setStatus("REPORTED");
        ResponseStatusException ex = assertThrows(
                ResponseStatusException.class,
                () -> controller.updateOrderStatus(orderId, payload)
        );
        assertEquals(HttpStatus.BAD_REQUEST, ex.getStatusCode());
        verify(orderRepository, never()).save(any(Order.class));
    }
    @Test
    void updateOrderStatus_withValidStatus_shouldReturn200() {
        UUID orderId = UUID.randomUUID();
        Order order = new Order();
        order.setId(orderId);
        order.setStatus("PENDING_PAYMENT");
        when(orderRepository.findById(orderId)).thenReturn(Optional.of(order));
        when(orderItemRepository.findByOrder_Id(orderId)).thenReturn(List.of());
        when(paymentRepository.findByOrder_Id(orderId)).thenReturn(Optional.empty());
        AdminOrderStatusUpdateRequest payload = new AdminOrderStatusUpdateRequest();
        payload.setStatus("PAID");
        ResponseEntity<OrderDto> response = controller.updateOrderStatus(orderId, payload);
        assertEquals(HttpStatus.OK, response.getStatusCode());
        assertEquals("PAID", response.getBody().getStatus());
        verify(orderRepository).save(order);
    }
 }
--- a/backend/src/test/java/com/printcalculator/event/listener/OrderEmailListenerTest.java
+++ b/backend/src/test/java/com/printcalculator/event/listener/OrderEmailListenerTest.java
@@ -1,160 +0,0 @@
 package com.printcalculator.event.listener;
 import com.printcalculator.entity.Customer;
 import com.printcalculator.entity.Order;
 import com.printcalculator.event.OrderCreatedEvent;
 import com.printcalculator.repository.OrderItemRepository;
 import com.printcalculator.service.InvoicePdfRenderingService;
 import com.printcalculator.service.QrBillService;
 import com.printcalculator.service.StorageService;
 import com.printcalculator.service.email.EmailNotificationService;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Captor;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
 import org.springframework.core.io.ByteArrayResource;
 import org.springframework.test.util.ReflectionTestUtils;
 import java.nio.charset.StandardCharsets;
 import java.math.BigDecimal;
 import java.time.OffsetDateTime;
 import java.util.Map;
 import java.util.UUID;
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyMap;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.*;
@ExtendWith(MockitoExtension.class)
 class OrderEmailListenerTest {
    @Mock
    private EmailNotificationService emailNotificationService;
    @Mock
    private InvoicePdfRenderingService invoicePdfRenderingService;
    @Mock
    private OrderItemRepository orderItemRepository;
    @Mock
    private QrBillService qrBillService;
    @Mock
    private StorageService storageService;
    @InjectMocks
    private OrderEmailListener orderEmailListener;
    @Captor
    private ArgumentCaptor<Map<String, Object>> templateDataCaptor;
    @Captor
    private ArgumentCaptor<byte[]> attachmentDataCaptor;
    private Order order;
    private OrderCreatedEvent event;
    @BeforeEach
    void setUp() throws Exception {
        Customer customer = new Customer();
        customer.setFirstName("John");
        customer.setLastName("Doe");
        customer.setEmail("john.doe@test.com");
        order = new Order();
        order.setId(UUID.randomUUID());
        order.setCustomer(customer);
        order.setCreatedAt(OffsetDateTime.parse("2026-02-21T10:00:00Z"));
        order.setTotalChf(new BigDecimal("150.50"));
        event = new OrderCreatedEvent(this, order);
        ReflectionTestUtils.setField(orderEmailListener, "adminMailEnabled", true);
        ReflectionTestUtils.setField(orderEmailListener, "adminMailAddress", "admin@printcalculator.local");
        ReflectionTestUtils.setField(orderEmailListener, "frontendBaseUrl", "https://3d-fab.ch");
        when(storageService.loadAsResource(any())).thenReturn(new ByteArrayResource("PDF".getBytes(StandardCharsets.UTF_8)));
    }
    @Test
    void handleOrderCreatedEvent_ShouldSendCustomerAndAdminEmails() {
        orderEmailListener.handleOrderCreatedEvent(event);
        verify(emailNotificationService, times(1)).sendEmailWithAttachment(
                eq("john.doe@test.com"),
                eq("Conferma Ordine #" + order.getOrderNumber() + " - 3D-Fab"),
                eq("order-confirmation"),
                templateDataCaptor.capture(),
                eq("Conferma-Ordine-" + order.getOrderNumber() + ".pdf"),
                attachmentDataCaptor.capture()
        );
        Map<String, Object> customerData = templateDataCaptor.getValue();
        assertEquals("John", customerData.get("customerName"));
        assertEquals(order.getId(), customerData.get("orderId"));
        assertEquals(order.getOrderNumber(), customerData.get("orderNumber"));
        assertEquals("https://3d-fab.ch/it/co/" + order.getId(), customerData.get("orderDetailsUrl"));
        assertNotNull(customerData.get("orderDate"));
        assertTrue(customerData.get("orderDate").toString().contains("2026"));
        assertTrue(customerData.get("totalCost").toString().contains("150"));
        assertArrayEquals("PDF".getBytes(StandardCharsets.UTF_8), attachmentDataCaptor.getValue());
        @SuppressWarnings("unchecked")
        ArgumentCaptor<Map<String, Object>> adminTemplateCaptor = (ArgumentCaptor<Map<String, Object>>) (ArgumentCaptor<?>) ArgumentCaptor.forClass(Map.class);
        verify(emailNotificationService, times(1)).sendEmail(
                eq("admin@printcalculator.local"),
                eq("Nuovo Ordine Ricevuto #" + order.getOrderNumber() + " - John Doe"),
                eq("order-confirmation"),
                adminTemplateCaptor.capture()
        );
        Map<String, Object> adminData = adminTemplateCaptor.getValue();
        assertEquals("John Doe", adminData.get("customerName"));
    }
    @Test
    void handleOrderCreatedEvent_WithAdminDisabled_ShouldOnlySendCustomerEmail() {
        ReflectionTestUtils.setField(orderEmailListener, "adminMailEnabled", false);
        orderEmailListener.handleOrderCreatedEvent(event);
        verify(emailNotificationService, times(1)).sendEmailWithAttachment(
                eq("john.doe@test.com"),
                anyString(),
                anyString(),
                anyMap(),
                anyString(),
                any()
        );
        verify(emailNotificationService, never()).sendEmail(
                eq("admin@printcalculator.local"),
                anyString(),
                anyString(),
                anyMap()
        );
    }
    @Test
    void handleOrderCreatedEvent_ExceptionHandling_ShouldNotPropagate() {
        doThrow(new RuntimeException("Simulated Mail Failure"))
                .when(emailNotificationService).sendEmailWithAttachment(anyString(), anyString(), anyString(), anyMap(), anyString(), any());
        assertDoesNotThrow(() -> orderEmailListener.handleOrderCreatedEvent(event));
        verify(emailNotificationService, times(1))
                .sendEmailWithAttachment(anyString(), anyString(), anyString(), anyMap(), anyString(), any());
    }
 }
--- a/backend/src/test/java/com/printcalculator/security/AdminLoginThrottleServiceTest.java
+++ b/backend/src/test/java/com/printcalculator/security/AdminLoginThrottleServiceTest.java
@@ -1,40 +0,0 @@
 package com.printcalculator.security;
 import jakarta.servlet.http.HttpServletRequest;
 import org.junit.jupiter.api.Test;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 class AdminLoginThrottleServiceTest {
    private final AdminLoginThrottleService service = new AdminLoginThrottleService(false);
    @Test
    void registerFailure_ShouldDoubleDelay() {
        assertEquals(2L, service.registerFailure("127.0.0.1"));
        assertEquals(4L, service.registerFailure("127.0.0.1"));
        assertEquals(8L, service.registerFailure("127.0.0.1"));
    }
    @Test
    void resolveClientKey_ShouldUseRemoteAddress_WhenProxyHeadersAreNotTrusted() {
        HttpServletRequest request = mock(HttpServletRequest.class);
        when(request.getHeader("X-Forwarded-For")).thenReturn("203.0.113.10");
        when(request.getHeader("X-Real-IP")).thenReturn("203.0.113.11");
        when(request.getRemoteAddr()).thenReturn("10.0.0.5");
        assertEquals("10.0.0.5", service.resolveClientKey(request));
    }
    @Test
    void resolveClientKey_ShouldUseForwardedFor_WhenProxyHeadersAreTrusted() {
        AdminLoginThrottleService trustedService = new AdminLoginThrottleService(true);
        HttpServletRequest request = mock(HttpServletRequest.class);
        when(request.getHeader("X-Forwarded-For")).thenReturn("203.0.113.10, 10.0.0.5");
        when(request.getRemoteAddr()).thenReturn("10.0.0.5");
        assertEquals("203.0.113.10", trustedService.resolveClientKey(request));
    }
 }
--- a/backend/src/test/java/com/printcalculator/service/SlicerServiceTest.java
+++ b/backend/src/test/java/com/printcalculator/service/SlicerServiceTest.java
@@ -1,61 +0,0 @@
 package com.printcalculator.service;
 import com.printcalculator.model.ModelDimensions;
 import org.junit.jupiter.api.Test;
 import java.util.Optional;
 import static org.junit.jupiter.api.Assertions.*;
 class SlicerServiceTest {
    @Test
    void parseModelDimensionsFromInfoOutput_validOutput_returnsDimensions() {
        String output = """
                [file.stl]
                size_x = 130.860428
                size_y = 225.000000
                size_z = 140.000000
                min_x = 0.000000
                """;
        Optional<ModelDimensions> dimensions = SlicerService.parseModelDimensionsFromInfoOutput(output);
        assertTrue(dimensions.isPresent());
        assertEquals(130.860428, dimensions.get().xMm(), 0.000001);
        assertEquals(225.0, dimensions.get().yMm(), 0.000001);
        assertEquals(140.0, dimensions.get().zMm(), 0.000001);
    }
    @Test
    void parseModelDimensionsFromInfoOutput_withNoise_returnsDimensions() {
        String output = """
                [2026-02-27 10:26:30.306251] [0x1] [trace] Initializing StaticPrintConfigs
                [model.3mf]
                size_x = 97.909241
                size_y = 97.909241
                size_z = 70.000008
                [2026-02-27 10:26:30.314575] [0x1] [error] calc_exclude_triangles
                """;
        Optional<ModelDimensions> dimensions = SlicerService.parseModelDimensionsFromInfoOutput(output);
        assertTrue(dimensions.isPresent());
        assertEquals(97.909241, dimensions.get().xMm(), 0.000001);
        assertEquals(97.909241, dimensions.get().yMm(), 0.000001);
        assertEquals(70.000008, dimensions.get().zMm(), 0.000001);
    }
    @Test
    void parseModelDimensionsFromInfoOutput_missingValues_returnsEmpty() {
        String output = """
                [model.step]
                size_x = 10.0
                size_y = 20.0
                """;
        Optional<ModelDimensions> dimensions = SlicerService.parseModelDimensionsFromInfoOutput(output);
        assertTrue(dimensions.isEmpty());
    }
 }
--- a/backend/src/test/java/com/printcalculator/service/email/SmtpEmailNotificationServiceTest.java
+++ b/backend/src/test/java/com/printcalculator/service/email/SmtpEmailNotificationServiceTest.java
@@ -1,83 +0,0 @@
 package com.printcalculator.service.email;
 import jakarta.mail.internet.MimeMessage;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.ArgumentCaptor;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
 import org.springframework.mail.javamail.JavaMailSender;
 import org.springframework.test.util.ReflectionTestUtils;
 import org.thymeleaf.TemplateEngine;
 import org.thymeleaf.context.Context;
 import java.util.HashMap;
 import java.util.Map;
 import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.*;
@ExtendWith(MockitoExtension.class)
 class SmtpEmailNotificationServiceTest {
    @Mock
    private JavaMailSender emailSender;
    @Mock
    private TemplateEngine templateEngine;
    @Mock
    private MimeMessage mimeMessage;
    @InjectMocks
    private SmtpEmailNotificationService emailNotificationService;
    @BeforeEach
    void setUp() {
        ReflectionTestUtils.setField(emailNotificationService, "fromAddress", "noreply@test.com");
        ReflectionTestUtils.setField(emailNotificationService, "mailEnabled", true);
    }
    @Test
    void sendEmail_Success() {
        // Arrange
        String to = "user@test.com";
        String subject = "Test Subject";
        String templateName = "test-template";
        Map<String, Object> contextData = new HashMap<>();
        contextData.put("key", "value");
        when(templateEngine.process(eq("email/" + templateName), any(Context.class))).thenReturn("<html>Test</html>");
        when(emailSender.createMimeMessage()).thenReturn(mimeMessage);
        // Act
        emailNotificationService.sendEmail(to, subject, templateName, contextData);
        // Assert
        verify(templateEngine, times(1)).process(eq("email/" + templateName), any(Context.class));
        verify(emailSender, times(1)).createMimeMessage();
        verify(emailSender, times(1)).send(mimeMessage);
    }
    @Test
    void sendEmail_Exception_ShouldNotThrow() {
        // Arrange
        String to = "user@test.com";
        String subject = "Test Subject";
        String templateName = "test-template";
        Map<String, Object> contextData = new HashMap<>();
        when(templateEngine.process(eq("email/" + templateName), any(Context.class))).thenThrow(new RuntimeException("Template error"));
        // Act & Assert
        // We expect the exception to be caught and logged, not propagated
        assertDoesNotThrow(() -> emailNotificationService.sendEmail(to, subject, templateName, contextData));
        verify(emailSender, never()).createMimeMessage();
        verify(emailSender, never()).send(any(MimeMessage.class));
    }
 }
--- a/db.sql
+++ b/db.sql
@@ -44,10 +44,6 @@ create table filament_variant
    variant_display_name      text           not null, -- es: "PLA Nero Opaco BrandX"
    color_name                text           not null, -- Nero, Bianco, ecc.
    color_hex                 text,
    finish_type               text           not null default 'GLOSSY'
        check (finish_type in ('GLOSSY', 'MATTE', 'MARBLE', 'SILK', 'TRANSLUCENT', 'SPECIAL')),
    brand                     text,
    is_matte                  boolean        not null default false,
    is_special                boolean        not null default false,
@@ -63,6 +59,7 @@ create table filament_variant
    unique (filament_material_type_id, variant_display_name)
 );
 -- (opzionale) kg disponibili calcolati
 create view filament_variant_stock_kg as
 select filament_variant_id,
       stock_spools,
@@ -70,37 +67,6 @@ select filament_variant_id,
       (stock_spools * spool_net_kg) as stock_kg
 from filament_variant;
 create table printer_machine_profile
 (
    printer_machine_profile_id bigserial primary key,
    printer_machine_id         bigint         not null references printer_machine (printer_machine_id) on delete cascade,
    nozzle_diameter_mm         numeric(4, 2)  not null check (nozzle_diameter_mm > 0),
    orca_machine_profile_name  text           not null,
    is_default                 boolean        not null default false,
    is_active                  boolean        not null default true,
    unique (printer_machine_id, nozzle_diameter_mm)
 );
 create table material_orca_profile_map
 (
    material_orca_profile_map_id bigserial primary key,
    printer_machine_profile_id   bigint  not null references printer_machine_profile (printer_machine_profile_id) on delete cascade,
    filament_material_type_id    bigint  not null references filament_material_type (filament_material_type_id),
    orca_filament_profile_name   text    not null,
    is_active                    boolean not null default true,
    unique (printer_machine_profile_id, filament_material_type_id)
 );
 create table filament_variant_orca_override
 (
    filament_variant_orca_override_id bigserial primary key,
    filament_variant_id               bigint  not null references filament_variant (filament_variant_id) on delete cascade,
    printer_machine_profile_id        bigint  not null references printer_machine_profile (printer_machine_profile_id) on delete cascade,
    orca_filament_profile_name        text    not null,
    is_active                         boolean not null default true,
    unique (filament_variant_id, printer_machine_profile_id)
 );
 create table pricing_policy
@@ -285,10 +251,8 @@ insert into filament_material_type (material_code,
                                    is_technical,
                                    technical_type_label)
 values ('PLA', false, false, null),
       ('PLA TOUGH', false, false, null),
       ('PETG', false, false, null),
       ('TPU', true, false, null),
       ('PC', false, true, 'engineering'),
       ('ABS', false, false, null),
       ('Nylon', false, false, null),
       ('Carbon PLA', false, false, null)
@@ -312,9 +276,6 @@ insert
 into filament_variant (filament_material_type_id,
                       variant_display_name,
                       color_name,
                       color_hex,
                       finish_type,
                       brand,
                       is_matte,
                       is_special,
                       cost_chf_per_kg,
@@ -324,9 +285,6 @@ into filament_variant (filament_material_type_id,
 select pla.filament_material_type_id,
       v.variant_display_name,
       v.color_name,
       v.color_hex,
       v.finish_type,
       null::text as brand,
       v.is_matte,
       v.is_special,
       18.00, -- PLA da Excel
@@ -334,145 +292,17 @@ select pla.filament_material_type_id,
       1.000,
       true
 from pla
-         cross join (values ('PLA Bianco', 'Bianco', '#F5F5F5', 'GLOSSY', false, false, 3.000::numeric),
+         cross join (values ('PLA Bianco', 'Bianco', false, false, 3.000::numeric),
-                            ('PLA Nero', 'Nero', '#1A1A1A', 'GLOSSY', false, false, 3.000::numeric),
+                            ('PLA Nero', 'Nero', false, false, 3.000::numeric),
-                            ('PLA Blu', 'Blu', '#1976D2', 'GLOSSY', false, false, 1.000::numeric),
+                            ('PLA Blu', 'Blu', false, false, 1.000::numeric),
-                            ('PLA Arancione', 'Arancione', '#FFA726', 'GLOSSY', false, false, 1.000::numeric),
+                            ('PLA Arancione', 'Arancione', false, false, 1.000::numeric),
-                            ('PLA Grigio', 'Grigio', '#BDBDBD', 'GLOSSY', false, false, 1.000::numeric),
+                            ('PLA Grigio', 'Grigio', false, false, 1.000::numeric),
-                            ('PLA Grigio Scuro', 'Grigio scuro', '#424242', 'MATTE', true, false, 1.000::numeric),
+                            ('PLA Grigio Scuro', 'Grigio scuro', false, false, 1.000::numeric),
-                            ('PLA Grigio Chiaro', 'Grigio chiaro', '#D6D6D6', 'MATTE', true, false, 1.000::numeric),
+                            ('PLA Grigio Chiaro', 'Grigio chiaro', false, false, 1.000::numeric),
-                            ('PLA Viola', 'Viola', '#7B1FA2', 'GLOSSY', false, false,
+                            ('PLA Viola', 'Viola', false, false,
-                             1.000::numeric)) as v(variant_display_name, color_name, color_hex, finish_type, is_matte, is_special, stock_spools)
+                             1.000::numeric)) as v(variant_display_name, color_name, is_matte, is_special, stock_spools)
 on conflict (filament_material_type_id, variant_display_name) do update
    set color_name      = excluded.color_name,
        color_hex       = excluded.color_hex,
        finish_type     = excluded.finish_type,
        brand           = excluded.brand,
        is_matte        = excluded.is_matte,
        is_special      = excluded.is_special,
        cost_chf_per_kg = excluded.cost_chf_per_kg,
        stock_spools    = excluded.stock_spools,
        spool_net_kg    = excluded.spool_net_kg,
        is_active       = excluded.is_active;
 -- Varianti base per materiali principali del calcolatore
 with mat as (select filament_material_type_id
             from filament_material_type
             where material_code = 'PLA TOUGH')
 insert
 into filament_variant (filament_material_type_id, variant_display_name, color_name, color_hex, finish_type, brand,
                       is_matte, is_special, cost_chf_per_kg, stock_spools, spool_net_kg, is_active)
 select mat.filament_material_type_id,
       'PLA Tough Nero',
       'Nero',
       '#1A1A1A',
       'GLOSSY',
       'Bambu',
       false,
       false,
       18.00,
       1.000,
       1.000,
       true
 from mat
 on conflict (filament_material_type_id, variant_display_name) do update
    set color_name      = excluded.color_name,
        color_hex       = excluded.color_hex,
        finish_type     = excluded.finish_type,
        brand           = excluded.brand,
        is_matte        = excluded.is_matte,
        is_special      = excluded.is_special,
        cost_chf_per_kg = excluded.cost_chf_per_kg,
        stock_spools    = excluded.stock_spools,
        spool_net_kg    = excluded.spool_net_kg,
        is_active       = excluded.is_active;
 with mat as (select filament_material_type_id
             from filament_material_type
             where material_code = 'PETG')
 insert
 into filament_variant (filament_material_type_id, variant_display_name, color_name, color_hex, finish_type, brand,
                       is_matte, is_special, cost_chf_per_kg, stock_spools, spool_net_kg, is_active)
 select mat.filament_material_type_id,
       'PETG Nero',
       'Nero',
       '#1A1A1A',
       'GLOSSY',
       'Bambu',
       false,
       false,
       24.00,
       1.000,
       1.000,
       true
 from mat
 on conflict (filament_material_type_id, variant_display_name) do update
    set color_name      = excluded.color_name,
        color_hex       = excluded.color_hex,
        finish_type     = excluded.finish_type,
        brand           = excluded.brand,
        is_matte        = excluded.is_matte,
        is_special      = excluded.is_special,
        cost_chf_per_kg = excluded.cost_chf_per_kg,
        stock_spools    = excluded.stock_spools,
        spool_net_kg    = excluded.spool_net_kg,
        is_active       = excluded.is_active;
 with mat as (select filament_material_type_id
             from filament_material_type
             where material_code = 'TPU')
 insert
 into filament_variant (filament_material_type_id, variant_display_name, color_name, color_hex, finish_type, brand,
                       is_matte, is_special, cost_chf_per_kg, stock_spools, spool_net_kg, is_active)
 select mat.filament_material_type_id,
       'TPU Nero',
       'Nero',
       '#1A1A1A',
       'GLOSSY',
       'Bambu',
       false,
       false,
       42.00,
       1.000,
       1.000,
       true
 from mat
 on conflict (filament_material_type_id, variant_display_name) do update
    set color_name      = excluded.color_name,
        color_hex       = excluded.color_hex,
        finish_type     = excluded.finish_type,
        brand           = excluded.brand,
        is_matte        = excluded.is_matte,
        is_special      = excluded.is_special,
        cost_chf_per_kg = excluded.cost_chf_per_kg,
        stock_spools    = excluded.stock_spools,
        spool_net_kg    = excluded.spool_net_kg,
        is_active       = excluded.is_active;
 with mat as (select filament_material_type_id
             from filament_material_type
             where material_code = 'PC')
 insert
 into filament_variant (filament_material_type_id, variant_display_name, color_name, color_hex, finish_type, brand,
                       is_matte, is_special, cost_chf_per_kg, stock_spools, spool_net_kg, is_active)
 select mat.filament_material_type_id,
       'PC Naturale',
       'Naturale',
       '#D9D9D9',
       'TRANSLUCENT',
       'Generic',
       false,
       true,
       48.00,
       1.000,
       1.000,
       true
 from mat
 on conflict (filament_material_type_id, variant_display_name) do update
    set color_name      = excluded.color_name,
        color_hex       = excluded.color_hex,
        finish_type     = excluded.finish_type,
        brand           = excluded.brand,
        is_matte        = excluded.is_matte,
        is_special      = excluded.is_special,
        cost_chf_per_kg = excluded.cost_chf_per_kg,
@@ -496,52 +326,6 @@ on conflict (nozzle_diameter_mm) do update
        extra_nozzle_change_fee_chf = excluded.extra_nozzle_change_fee_chf,
        is_active                   = excluded.is_active;
 -- =========================================================
 -- 5b) Orca machine/material mapping (data-driven)
 -- =========================================================
 with a1 as (select printer_machine_id
            from printer_machine
            where printer_display_name = 'BambuLab A1')
 insert
 into printer_machine_profile (printer_machine_id, nozzle_diameter_mm, orca_machine_profile_name, is_default, is_active)
 select a1.printer_machine_id, v.nozzle_diameter_mm, v.profile_name, v.is_default, true
 from a1
         cross join (values (0.40::numeric, 'Bambu Lab A1 0.4 nozzle', true),
                            (0.20::numeric, 'Bambu Lab A1 0.2 nozzle', false),
                            (0.60::numeric, 'Bambu Lab A1 0.6 nozzle', false),
                            (0.80::numeric, 'Bambu Lab A1 0.8 nozzle', false))
             as v(nozzle_diameter_mm, profile_name, is_default)
 on conflict (printer_machine_id, nozzle_diameter_mm) do update
    set orca_machine_profile_name = excluded.orca_machine_profile_name,
        is_default                = excluded.is_default,
        is_active                 = excluded.is_active;
 with p as (select printer_machine_profile_id
           from printer_machine_profile pmp
                    join printer_machine pm on pm.printer_machine_id = pmp.printer_machine_id
           where pm.printer_display_name = 'BambuLab A1'
             and pmp.nozzle_diameter_mm = 0.40::numeric),
     m as (select filament_material_type_id, material_code
           from filament_material_type
           where material_code in ('PLA', 'PLA TOUGH', 'PETG', 'TPU', 'PC'))
 insert
 into material_orca_profile_map (printer_machine_profile_id, filament_material_type_id, orca_filament_profile_name, is_active)
 select p.printer_machine_profile_id,
       m.filament_material_type_id,
       case m.material_code
           when 'PLA' then 'Bambu PLA Basic @BBL A1'
           when 'PLA TOUGH' then 'Bambu PLA Tough @BBL A1'
           when 'PETG' then 'Bambu PETG Basic @BBL A1'
           when 'TPU' then 'Bambu TPU 95A @BBL A1'
           when 'PC' then 'Generic PC @BBL A1'
           end,
       true
 from p
         cross join m
 on conflict (printer_machine_profile_id, filament_material_type_id) do update
    set orca_filament_profile_name = excluded.orca_filament_profile_name,
        is_active                  = excluded.is_active;
 -- =========================================================
 -- 6) Layer heights (opzioni)
@@ -637,7 +421,6 @@ CREATE TABLE IF NOT EXISTS quote_line_items
    original_filename  text        NOT NULL,
    quantity           integer     NOT NULL DEFAULT 1 CHECK (quantity >= 1),
    color_code         text,  -- es: white/black o codice interno
    filament_variant_id bigint REFERENCES filament_variant (filament_variant_id),
    -- Output slicing / calcolo
    bounding_box_x_mm  numeric(10, 3),
@@ -685,7 +468,6 @@ CREATE TABLE IF NOT EXISTS orders
    customer_id              uuid REFERENCES customers (customer_id),
    customer_email           text           NOT NULL,
    customer_phone           text,
    preferred_language       char(2)        NOT NULL DEFAULT 'it',
    -- Snapshot indirizzo/fatturazione (evita tabella addresses e mantiene storico)
    billing_customer_type    text           NOT NULL CHECK (billing_customer_type IN ('PRIVATE', 'COMPANY')),
@@ -747,18 +529,12 @@ CREATE TABLE IF NOT EXISTS order_items
    sha256_hex           text,                    -- opzionale, utile anche per dedup interno
    material_code        text           NOT NULL,
    filament_variant_id  bigint REFERENCES filament_variant (filament_variant_id),
    color_code           text,
    quantity             integer        NOT NULL DEFAULT 1 CHECK (quantity >= 1),
    -- Snapshot output
    print_time_seconds   integer CHECK (print_time_seconds >= 0),
    material_grams       numeric(12, 2) CHECK (material_grams >= 0),
    bounding_box_x_mm numeric(10, 3),
    bounding_box_y_mm numeric(10, 3),
    bounding_box_z_mm numeric(10, 3),
    unit_price_chf       numeric(12, 2) NOT NULL CHECK (unit_price_chf >= 0),
    line_total_chf       numeric(12, 2) NOT NULL CHECK (line_total_chf >= 0),
@@ -776,8 +552,8 @@ CREATE TABLE IF NOT EXISTS payments
    payment_id              uuid PRIMARY KEY        DEFAULT gen_random_uuid(),
    order_id                uuid           NOT NULL REFERENCES orders (order_id) ON DELETE CASCADE,
-    method                  text           NOT NULL CHECK (method IN ('QR_BILL', 'TWINT', 'OTHER')),
+    method                  text           NOT NULL CHECK (method IN ('QR_BILL', 'BANK_TRANSFER', 'TWINT', 'CARD', 'OTHER')),
-    status                  text           NOT NULL CHECK (status IN ('PENDING', 'REPORTED', 'RECEIVED', 'FAILED', 'CANCELLED', 'REFUNDED')),
+    status                  text           NOT NULL CHECK (status IN ('PENDING', 'RECEIVED', 'FAILED', 'CANCELLED', 'REFUNDED')),
    currency                char(3)        NOT NULL DEFAULT 'CHF',
    amount_chf              numeric(12, 2) NOT NULL CHECK (amount_chf >= 0),
@@ -788,7 +564,6 @@ CREATE TABLE IF NOT EXISTS payments
    qr_payload              text, -- se vuoi salvare contenuto QR/Swiss QR bill
    initiated_at            timestamptz    NOT NULL DEFAULT now(),
    reported_at             timestamptz,
    received_at             timestamptz
 );
--- a/deploy/envs/dev.env
+++ b/deploy/envs/dev.env
@@ -10,7 +10,4 @@ FRONTEND_PORT=18082
 CLAMAV_HOST=192.168.1.147
 CLAMAV_PORT=3310
 CLAMAV_ENABLED=true
-APP_FRONTEND_BASE_URL=https://dev.3d-fab.ch
+
 ADMIN_PASSWORD=
 ADMIN_SESSION_SECRET=
 ADMIN_SESSION_TTL_MINUTES=480
--- a/deploy/envs/int.env
+++ b/deploy/envs/int.env
@@ -10,7 +10,4 @@ FRONTEND_PORT=18081
 CLAMAV_HOST=192.168.1.147
 CLAMAV_PORT=3310
 CLAMAV_ENABLED=true
-APP_FRONTEND_BASE_URL=https://int.3d-fab.ch
+
 ADMIN_PASSWORD=
 ADMIN_SESSION_SECRET=
 ADMIN_SESSION_TTL_MINUTES=480
--- a/deploy/envs/prod.env
+++ b/deploy/envs/prod.env
@@ -4,13 +4,10 @@ ENV=prod
 TAG=prod
 # Ports
-BACKEND_PORT=18000
+BACKEND_PORT=8000
-FRONTEND_PORT=18080
+FRONTEND_PORT=80
 CLAMAV_HOST=192.168.1.147
 CLAMAV_PORT=3310
 CLAMAV_ENABLED=true
-APP_FRONTEND_BASE_URL=https://3d-fab.ch
+
 ADMIN_PASSWORD=
 ADMIN_SESSION_SECRET=
 ADMIN_SESSION_TTL_MINUTES=480
--- a/docker-compose.deploy.yml
+++ b/docker-compose.deploy.yml
@@ -22,10 +22,6 @@ services:
      - APP_MAIL_FROM=${APP_MAIL_FROM:-info@3d-fab.ch}
      - APP_MAIL_ADMIN_ENABLED=${APP_MAIL_ADMIN_ENABLED:-true}
      - APP_MAIL_ADMIN_ADDRESS=${APP_MAIL_ADMIN_ADDRESS:-info@3d-fab.ch}
      - APP_FRONTEND_BASE_URL=${APP_FRONTEND_BASE_URL:-http://localhost:4200}
      - ADMIN_PASSWORD=${ADMIN_PASSWORD}
      - ADMIN_SESSION_SECRET=${ADMIN_SESSION_SECRET}
      - ADMIN_SESSION_TTL_MINUTES=${ADMIN_SESSION_TTL_MINUTES:-480}
      - TEMP_DIR=/app/temp
      - PROFILES_DIR=/app/profiles
    restart: always
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,10 +1,50 @@
 services:
  backend:
    platform: linux/amd64
    build:
      context: ./backend
      platforms:
        - linux/amd64
    container_name: print-calculator-backend
    ports:
      - "8000:8000"
    environment:
      - DB_URL=jdbc:postgresql://db:5432/printcalc
      - DB_USERNAME=printcalc
      - DB_PASSWORD=printcalc_secret
      - SPRING_PROFILES_ACTIVE=local
      - FILAMENT_COST_PER_KG=22.0
      - MACHINE_COST_PER_HOUR=2.50
      - ENERGY_COST_PER_KWH=0.30
      - PRINTER_POWER_WATTS=150
      - MARKUP_PERCENT=20
      - TEMP_DIR=/app/temp
      - PROFILES_DIR=/app/profiles
      - CLAMAV_HOST=clamav
      - CLAMAV_PORT=3310
    depends_on:
      - db
      - clamav
    restart: unless-stopped
  frontend:
    build:
      context: ./frontend
      dockerfile: Dockerfile.dev
    container_name: print-calculator-frontend
    ports:
      - "80:80"
    depends_on:
      - backend
      - db
    restart: unless-stopped
  db:
    image: postgres:15-alpine
    container_name: print-calculator-db
    environment:
      - POSTGRES_USER=printcalc
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_PASSWORD=printcalc_secret
      - POSTGRES_DB=printcalc
    ports:
      - "5432:5432"
--- a/frontend/angular.json
+++ b/frontend/angular.json
@@ -107,7 +107,6 @@
        "test": {
          "builder": "@angular-devkit/build-angular:karma",
          "options": {
            "karmaConfig": "karma.conf.js",
            "polyfills": [
              "zone.js",
              "zone.js/testing"
--- a/frontend/karma.conf.js
+++ b/frontend/karma.conf.js
@@ -1,40 +0,0 @@
 // Karma config dedicated to CI-safe Chrome execution.
 module.exports = function (config) {
  config.set({
    basePath: '',
    frameworks: ['jasmine', '@angular-devkit/build-angular'],
    plugins: [
      require('karma-jasmine'),
      require('karma-chrome-launcher'),
      require('karma-jasmine-html-reporter'),
      require('karma-coverage'),
      require('@angular-devkit/build-angular/plugins/karma'),
    ],
    client: {
      jasmine: {},
      clearContext: false,
    },
    jasmineHtmlReporter: {
      suppressAll: true,
    },
    coverageReporter: {
      dir: require('path').join(__dirname, './coverage/frontend'),
      subdir: '.',
      reporters: [{ type: 'html' }, { type: 'text-summary' }],
    },
    reporters: ['progress', 'kjhtml'],
    port: 9876,
    colors: true,
    logLevel: config.LOG_INFO,
    autoWatch: true,
    browsers: ['ChromeHeadlessNoSandbox'],
    customLaunchers: {
      ChromeHeadlessNoSandbox: {
        base: 'ChromeHeadless',
        flags: ['--no-sandbox', '--disable-dev-shm-usage'],
      },
    },
    singleRun: false,
    restartOnFileChange: true,
  });
 };
--- a/frontend/src/app/app.component.html
+++ b/frontend/src/app/app.component.html
@@ -1 +1 @@
-<router-outlet></router-outlet>
+<router-outlet></router-outlet>
--- a/frontend/src/app/app.component.ts
+++ b/frontend/src/app/app.component.ts
@@ -6,6 +6,6 @@ import { RouterOutlet } from '@angular/router';
  standalone: true,
  imports: [RouterOutlet],
  templateUrl: './app.component.html',
-  styleUrl: './app.component.scss',
+  styleUrl: './app.component.scss'
 })
 export class AppComponent {}
--- a/frontend/src/app/app.config.ts
+++ b/frontend/src/app/app.config.ts
@@ -1,47 +1,27 @@
-import {
+import { ApplicationConfig, provideZoneChangeDetection, importProvidersFrom } from '@angular/core';
-  ApplicationConfig,
+import { provideRouter, withComponentInputBinding, withViewTransitions } from '@angular/router';
  provideZoneChangeDetection,
  importProvidersFrom,
 } from '@angular/core';
 import {
  provideRouter,
  withComponentInputBinding,
  withInMemoryScrolling,
  withViewTransitions,
 } from '@angular/router';
 import { routes } from './app.routes';
-import { provideHttpClient, withInterceptors } from '@angular/common/http';
+import { provideHttpClient } from '@angular/common/http';
 import { TranslateModule, TranslateLoader } from '@ngx-translate/core';
-import {
+import { provideTranslateHttpLoader, TranslateHttpLoader } from '@ngx-translate/http-loader';
  provideTranslateHttpLoader,
  TranslateHttpLoader,
 } from '@ngx-translate/http-loader';
 import { adminAuthInterceptor } from './core/interceptors/admin-auth.interceptor';
 export const appConfig: ApplicationConfig = {
  providers: [
    provideZoneChangeDetection({ eventCoalescing: true }),
-    provideRouter(
+    provideRouter(routes, withComponentInputBinding(), withViewTransitions()),
-      routes,
+    provideHttpClient(),
      withComponentInputBinding(),
      withViewTransitions(),
      withInMemoryScrolling({
        scrollPositionRestoration: 'top',
      }),
    ),
    provideHttpClient(withInterceptors([adminAuthInterceptor])),
    provideTranslateHttpLoader({
      prefix: './assets/i18n/',
-      suffix: '.json',
+      suffix: '.json'
    }),
    importProvidersFrom(
      TranslateModule.forRoot({
        defaultLanguage: 'it',
        loader: {
          provide: TranslateLoader,
-          useClass: TranslateHttpLoader,
+          useClass: TranslateHttpLoader
-        },
+        }
-      }),
+      })
-    ),
+    )
-  ],
+  ]
-};
+};
--- a/frontend/src/app/app.routes.ts
+++ b/frontend/src/app/app.routes.ts
@@ -1,81 +1,54 @@
 import { Routes } from '@angular/router';
 const appChildRoutes: Routes = [
  {
    path: '',
    loadComponent: () =>
      import('./features/home/home.component').then((m) => m.HomeComponent),
  },
  {
    path: 'calculator',
    loadChildren: () =>
      import('./features/calculator/calculator.routes').then(
        (m) => m.CALCULATOR_ROUTES,
      ),
  },
  {
    path: 'shop',
    loadChildren: () =>
      import('./features/shop/shop.routes').then((m) => m.SHOP_ROUTES),
  },
  {
    path: 'about',
    loadChildren: () =>
      import('./features/about/about.routes').then((m) => m.ABOUT_ROUTES),
  },
  {
    path: 'contact',
    loadChildren: () =>
      import('./features/contact/contact.routes').then((m) => m.CONTACT_ROUTES),
  },
  {
    path: 'checkout',
    loadComponent: () =>
      import('./features/checkout/checkout.component').then(
        (m) => m.CheckoutComponent,
      ),
  },
  {
    path: 'order/:orderId',
    loadComponent: () =>
      import('./features/order/order.component').then((m) => m.OrderComponent),
  },
  {
    path: 'co/:orderId',
    loadComponent: () =>
      import('./features/order/order.component').then((m) => m.OrderComponent),
  },
  {
    path: '',
    loadChildren: () =>
      import('./features/legal/legal.routes').then((m) => m.LEGAL_ROUTES),
  },
  {
    path: 'admin',
    loadChildren: () =>
      import('./features/admin/admin.routes').then((m) => m.ADMIN_ROUTES),
  },
  {
    path: '**',
    redirectTo: '',
  },
 ];
 export const routes: Routes = [
  {
    path: ':lang',
    loadComponent: () =>
      import('./core/layout/layout.component').then((m) => m.LayoutComponent),
    children: appChildRoutes,
  },
  {
    path: '',
-    loadComponent: () =>
+    loadComponent: () => import('./core/layout/layout.component').then(m => m.LayoutComponent),
-      import('./core/layout/layout.component').then((m) => m.LayoutComponent),
+    children: [
-    children: appChildRoutes,
+      { 
-  },
+        path: '', 
-  {
+        loadComponent: () => import('./features/home/home.component').then(m => m.HomeComponent)
-    path: '**',
+      },
-    redirectTo: '',
+      { 
-  },
+        path: 'calculator', 
        loadChildren: () => import('./features/calculator/calculator.routes').then(m => m.CALCULATOR_ROUTES) 
      },
      { 
        path: 'shop', 
        loadChildren: () => import('./features/shop/shop.routes').then(m => m.SHOP_ROUTES) 
      },
      { 
        path: 'about', 
        loadChildren: () => import('./features/about/about.routes').then(m => m.ABOUT_ROUTES) 
      },
      { 
        path: 'contact', 
        loadChildren: () => import('./features/contact/contact.routes').then(m => m.CONTACT_ROUTES) 
      },
      {
        path: 'checkout',
        loadComponent: () => import('./features/checkout/checkout.component').then(m => m.CheckoutComponent)
      },
      {
        path: 'payment/:orderId',
        loadComponent: () => import('./features/payment/payment.component').then(m => m.PaymentComponent)
      },
      {
        path: 'ordine/:orderId',
        loadComponent: () => import('./features/payment/payment.component').then(m => m.PaymentComponent)
      },
      {
        path: 'order-confirmed/:orderId',
        loadComponent: () => import('./features/order-confirmed/order-confirmed.component').then(m => m.OrderConfirmedComponent)
      },
      {
        path: '',
        loadChildren: () => import('./features/legal/legal.routes').then(m => m.LEGAL_ROUTES)
      },
      {
        path: '**',
        redirectTo: ''
      }
    ]
  }
 ];
--- a/frontend/src/app/core/constants/colors.const.ts
+++ b/frontend/src/app/core/constants/colors.const.ts
@@ -2,7 +2,6 @@ export interface ColorOption {
  label: string;
  value: string;
  hex: string;
  variantId?: number;
  outOfStock?: boolean;
 }
@@ -13,35 +12,30 @@ export interface ColorCategory {
 export const PRODUCT_COLORS: ColorCategory[] = [
  {
-    name: 'COLOR.CATEGORY_GLOSSY',
+    name: 'Lucidi', // Glossy
    colors: [
-      { label: 'COLOR.NAME.BLACK', value: 'Black', hex: '#1a1a1a' }, // Not pure black for visibility
+      { label: 'Black', value: 'Black', hex: '#1a1a1a' }, // Not pure black for visibility
-      { label: 'COLOR.NAME.WHITE', value: 'White', hex: '#f5f5f5' },
+      { label: 'White', value: 'White', hex: '#f5f5f5' },
-      {
+      { label: 'Red', value: 'Red', hex: '#d32f2f', outOfStock: true },
-        label: 'COLOR.NAME.RED',
+      { label: 'Blue', value: 'Blue', hex: '#1976d2' },
-        value: 'Red',
+      { label: 'Green', value: 'Green', hex: '#388e3c' },
-        hex: '#d32f2f',
+      { label: 'Yellow', value: 'Yellow', hex: '#fbc02d' }
-        outOfStock: true,
+    ]
      },
      { label: 'COLOR.NAME.BLUE', value: 'Blue', hex: '#1976d2' },
      { label: 'COLOR.NAME.GREEN', value: 'Green', hex: '#388e3c' },
      { label: 'COLOR.NAME.YELLOW', value: 'Yellow', hex: '#fbc02d' },
    ],
  },
  {
-    name: 'COLOR.CATEGORY_MATTE',
+    name: 'Opachi', // Matte
    colors: [
-      { label: 'COLOR.NAME.MATTE_BLACK', value: 'Matte Black', hex: '#2c2c2c' }, // Lighter charcoal for matte
+      { label: 'Matte Black', value: 'Matte Black', hex: '#2c2c2c' }, // Lighter charcoal for matte
-      { label: 'COLOR.NAME.MATTE_WHITE', value: 'Matte White', hex: '#e0e0e0' },
+      { label: 'Matte White', value: 'Matte White', hex: '#e0e0e0' },
-      { label: 'COLOR.NAME.MATTE_GRAY', value: 'Matte Gray', hex: '#757575' },
+      { label: 'Matte Gray', value: 'Matte Gray', hex: '#757575' }
-    ],
+    ]
-  },
+  }
 ];
 export function getColorHex(value: string): string {
-  for (const cat of PRODUCT_COLORS) {
+    for (const cat of PRODUCT_COLORS) {
-    const found = cat.colors.find((c) => c.value === value);
+        const found = cat.colors.find(c => c.value === value);
-    if (found) return found.hex;
+        if (found) return found.hex;
-  }
+    }
-  return '#facf0a'; // Default Brand Color if not found
+    return '#facf0a'; // Default Brand Color if not found
 }
--- a/frontend/src/app/core/interceptors/admin-auth.interceptor.ts
+++ b/frontend/src/app/core/interceptors/admin-auth.interceptor.ts
@@ -1,41 +0,0 @@
 import { HttpErrorResponse, HttpInterceptorFn } from '@angular/common/http';
 import { inject } from '@angular/core';
 import { Router } from '@angular/router';
 import { catchError, throwError } from 'rxjs';
 const SUPPORTED_LANGS = new Set(['it', 'en', 'de', 'fr']);
 function resolveLangFromUrl(url: string): string {
  const cleanUrl = (url || '').split('?')[0].split('#')[0];
  const segments = cleanUrl.split('/').filter(Boolean);
  if (segments.length > 0 && SUPPORTED_LANGS.has(segments[0])) {
    return segments[0];
  }
  return 'it';
 }
 export const adminAuthInterceptor: HttpInterceptorFn = (req, next) => {
  if (!req.url.includes('/api/admin/')) {
    return next(req);
  }
  const router = inject(Router);
  const request = req.clone({ withCredentials: true });
  const isLoginRequest = request.url.includes('/api/admin/auth/login');
  return next(request).pipe(
    catchError((error: unknown) => {
      if (
        !isLoginRequest &&
        error instanceof HttpErrorResponse &&
        error.status === 401
      ) {
        const lang = resolveLangFromUrl(router.url);
        if (!router.url.includes('/admin/login')) {
          void router.navigate(['/', lang, 'admin', 'login']);
        }
      }
      return throwError(() => error);
    }),
  );
 };
--- a/frontend/src/app/core/layout/footer.component.html
+++ b/frontend/src/app/core/layout/footer.component.html
@@ -1,21 +1,21 @@
-<footer class="footer">
+    <footer class="footer">
-  <div class="container footer-inner">
+      <div class="container footer-inner">
-    <div class="col">
+        <div class="col">
-      <span class="brand">3D fab</span>
+          <span class="brand">3D fab</span>
-      <p class="copyright">&copy; 2026 3D fab.</p>
+          <p class="copyright">&copy; 2026 3D fab.</p>
-    </div>
+        </div>
-    <div class="col links">
+        <div class="col links">
-      <a routerLink="/privacy">{{ "FOOTER.PRIVACY" | translate }}</a>
+          <a routerLink="/privacy">{{ 'FOOTER.PRIVACY' | translate }}</a>
-      <a routerLink="/terms">{{ "FOOTER.TERMS" | translate }}</a>
+          <a routerLink="/terms">{{ 'FOOTER.TERMS' | translate }}</a>
-      <a routerLink="/contact">{{ "FOOTER.CONTACT" | translate }}</a>
+          <a routerLink="/contact">{{ 'FOOTER.CONTACT' | translate }}</a>
-    </div>
+        </div>
-    <div class="col social">
+        <div class="col social">
-      <!-- Social Placeholders -->
+           <!-- Social Placeholders -->
-      <div class="social-icon"></div>
+           <div class="social-icon"></div>
-      <div class="social-icon"></div>
+           <div class="social-icon"></div>
-      <div class="social-icon"></div>
+           <div class="social-icon"></div>
-    </div>
+        </div>
-  </div>
+      </div>
-</footer>
+    </footer>
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Joe Küng	f10d5813f7	Merge branch 'int' into dev Some checks failed Build, Test and Deploy / test-backend (push) Successful in 35s Details Build, Test and Deploy / deploy (push) Has been cancelled Details Build, Test and Deploy / build-and-push (push) Has been cancelled Details	2026-02-23 18:55:58 +01:00
Joe Küng	4f4e3def35	Merge pull request 'dev' (#7 ) from dev into int All checks were successful Build, Test and Deploy / test-backend (push) Successful in 1m13s Details Build, Test and Deploy / build-and-push (push) Successful in 14s Details Build, Test and Deploy / deploy (push) Successful in 8s Details Reviewed-on: #7	2026-02-12 15:26:38 +01:00
Joe Küng	a219825b28	Merge pull request 'dev' (#6 ) from dev into int All checks were successful Build, Test and Deploy / test-backend (push) Successful in 32s Details Build, Test and Deploy / build-and-push (push) Successful in 15s Details Build, Test and Deploy / deploy (push) Successful in 4s Details Reviewed-on: #6	2026-02-10 19:05:40 +01:00
Joe Küng	150563a8f5	Merge pull request 'dev' (#5 ) from dev into int All checks were successful Build, Test and Deploy / test-backend (push) Successful in 24s Details Build, Test and Deploy / deploy (push) Successful in 5s Details Build, Test and Deploy / build-and-push (push) Successful in 15s Details Reviewed-on: #5	2026-02-09 18:43:43 +01:00
Joe Küng	53e141f8ad	Merge pull request 'dev' (#3 ) from dev into int All checks were successful Build, Test and Deploy / test-backend (push) Successful in 21s Details Build, Test and Deploy / build-and-push (push) Successful in 14s Details Build, Test and Deploy / deploy (push) Successful in 5s Details Reviewed-on: #3	2026-02-05 15:30:04 +01:00
		`@@ -1 +1 @@`
			`<router-outlet></router-outlet>`				`<router-outlet></router-outlet>`