Fix issue with QR code login and caching. Update README

README.md

@@ -9,7 +9,10 @@ A web-based gate access management and control system. Authorized users can remo
 - **Keypass authentication** — users authenticate with an access code; each keypass can have a per-gate allowlist and an optional expiration date
 - **Remote gate control** — integrates with [AVConnect](https://www.avconnect.it) to trigger gate macros
 - **Role-based admin panel** — two roles (`admin`, `manager`) with different permission levels
-- **Access audit log** — every open attempt is logged with timestamp, keypass, gate, IP, and result
+- **Access audit log** — every open attempt is logged with timestamp, keypass, gate, IP, and result; filterable and paginated
+- **Keypass QR codes** — generate a scannable QR code for each keypass; scanning opens the PWA and logs in automatically
+- **Keypass code options** — choose character set (alphanumeric, alpha, numeric, or a 4-word passphrase) and length when auto-generating codes
+- **Telegram notifications** — optional push notifications to a Telegram group whenever a gate is opened
 - **Progressive Web App** — installable on mobile devices with offline caching
 
 ## Tech Stack
@@ -22,6 +25,8 @@ A web-based gate access management and control system. Authorized users can remo
 | Auth | JWT (HS256) + bcrypt |
 | Credential storage | Fernet symmetric encryption |
 | Gate integration | AVConnect HTTP API |
+| Notifications | Telegram Bot API |
+| QR generation | qrcode + Pillow |
 | Frontend | Vanilla JS PWA |
 
 ## Project Structure
@@ -38,13 +43,15 @@ src/
 ├── routers/
 │   ├── auth.py           # POST /api/auth/admin, POST /api/auth/keypass
 │   ├── gates.py          # User-facing gate list and open endpoints
-│   ├── keypasses.py      # Admin keypass CRUD
+│   ├── keypasses.py      # Admin keypass CRUD + QR code generation
 │   ├── admins.py         # Admin user management
 │   ├── credentials.py    # AVConnect credential management
-│   └── stats.py          # Access log / statistics
+│   ├── stats.py          # Access log / statistics (paginated, filtered)
+│   └── telegram.py       # Telegram notification configuration
 ├── services/
 │   ├── avconnect.py      # AVConnect session management and macro execution
-│   └── gates.py          # Gate open orchestration
+│   ├── gates.py          # Gate open orchestration
+│   └── telegram.py       # Telegram Bot API client
 └── static/               # Frontend PWA (index.html, admin.html, JS, CSS)
 data/
 └── gates.db              # SQLite database (auto-created on first run)
@@ -84,6 +91,7 @@ data/
 | POST | `/api/admin/keypasses` | Create a keypass |
 | PATCH | `/api/admin/keypasses/{kp_id}` | Update a keypass |
 | DELETE | `/api/admin/keypasses/{kp_id}` | Revoke a keypass |
+| GET | `/api/admin/keypasses/{kp_id}/qr` | Download QR code PNG for a keypass |
 
 ### Admin — Users (admin only)
 
@@ -100,12 +108,24 @@ data/
 |---|---|---|
 | GET | `/api/admin/credentials` | View stored credentials |
 | PUT | `/api/admin/credentials` | Create or update credentials |
+| GET | `/api/admin/credentials/mock` | Get mock mode status |
+| PUT | `/api/admin/credentials/mock` | Enable or disable mock mode |
 
 ### Admin — Statistics (manager+)
 
 | Method | Endpoint | Description |
 |---|---|---|
-| GET | `/api/admin/stats` | Retrieve the last 500 access log entries |
+| GET | `/api/admin/stats` | Paginated, filtered access log |
+
+Query parameters: `gate_id`, `keypass_code` (partial match), `success` (bool), `date_from`, `date_to`, `page` (default 1), `page_size` (default 50, max 200).
+
+### Admin — Telegram Notifications (admin only)
+
+| Method | Endpoint | Description |
+|---|---|---|
+| GET | `/api/admin/telegram` | Get current Telegram configuration |
+| PUT | `/api/admin/telegram` | Save bot token and chat ID |
+| POST | `/api/admin/telegram/test` | Send a test message |
 
 ## Configuration
 
@@ -189,9 +209,32 @@ Gates are controlled through the AVConnect platform. Each gate is mapped to an A
 
 Credentials (password) are stored encrypted in the database using Fernet symmetric encryption derived from `SECRET_KEY`.
 
+**Mock mode** — when enabled via the admin dashboard, gate open requests always succeed without contacting AVConnect. Useful for testing.
+
+## Keypass QR Codes
+
+Each active keypass has a **QR** button in the admin panel. Clicking it generates a PNG QR code that encodes the URL:
+
+```
+https://<your-domain>/?k=<KEYPASS_CODE>
+```
+
+Scanning the code with a phone opens the web app and logs in automatically. If the keypass is expired or revoked, the user is shown an error on the login screen.
+
+## Telegram Notifications
+
+Configure a Telegram bot to receive a message in a group or chat every time a gate is opened:
+
+1. Create a bot via [@BotFather](https://t.me/BotFather) and copy the token
+2. Add the bot to your group and obtain the chat ID (e.g. using [@userinfobot](https://t.me/userinfobot))
+3. Open **Admin → Notifications**, enter the token and chat ID, and click **Save**
+4. Use **Send test message** to verify the setup
+
+Notifications are sent in a background thread and never block the gate open response. Failures are logged as warnings and do not affect gate operation.
+
 ## Roles
 
 | Role | Permissions |
 |---|---|
-| `admin` | Full access — all endpoints including gate/user/credential management |
-| `manager` | Gate open, keypass management, statistics — cannot manage admin users, AVConnect credentials, or create/delete gates |
+| `admin` | Full access — all endpoints including gate/user/credential/notification management |
+| `manager` | Gate open, keypass management, statistics — cannot manage admin users, AVConnect credentials, gate configuration, or Telegram settings |