refactor(admin): extract _forward_lead() from duplicate lead forward routes

Task 3/6: lead_forward and lead_forward_htmx shared ~20 lines of
identical DB logic. Extracted into _forward_lead() that returns an
error string or None. Both routes now call the helper and differ
only in response format (redirect vs HTMX partial).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

web/src/padelnomics/admin/routes.py

@@ -632,26 +632,14 @@ async def lead_new():
     return await render_template("admin/lead_form.html", data={}, statuses=LEAD_STATUSES)
 
 
-@bp.route("/leads/<int:lead_id>/forward", methods=["POST"])
-@role_required("admin")
-@csrf_protect
-async def lead_forward(lead_id: int):
-    """Manually forward a lead to a supplier (no credit cost)."""
-    form = await request.form
-    supplier_id = int(form.get("supplier_id", 0))
-
-    if not supplier_id:
-        await flash("Select a supplier.", "error")
-        return redirect(url_for("admin.lead_detail", lead_id=lead_id))
-
-    # Check if already forwarded
+async def _forward_lead(lead_id: int, supplier_id: int) -> str | None:
+    """Forward a lead to a supplier. Returns error message or None on success."""
     existing = await fetch_one(
         "SELECT 1 FROM lead_forwards WHERE lead_id = ? AND supplier_id = ?",
         (lead_id, supplier_id),
     )
     if existing:
-        await flash("Already forwarded to this supplier.", "warning")
-        return redirect(url_for("admin.lead_detail", lead_id=lead_id))
+        return "Already forwarded to this supplier."
 
     now = utcnow_iso()
     await execute(
@@ -663,15 +651,27 @@ async def lead_forward(lead_id: int):
         "UPDATE lead_requests SET unlock_count = unlock_count + 1, status = 'forwarded' WHERE id = ?",
         (lead_id,),
     )
-
-    # Enqueue forward email
     from ..worker import enqueue
-    await enqueue("send_lead_forward_email", {
-        "lead_id": lead_id,
-        "supplier_id": supplier_id,
-    })
+    await enqueue("send_lead_forward_email", {"lead_id": lead_id, "supplier_id": supplier_id})
+    return None
 
-    await flash("Lead forwarded to supplier.", "success")
+
+@bp.route("/leads/<int:lead_id>/forward", methods=["POST"])
+@role_required("admin")
+@csrf_protect
+async def lead_forward(lead_id: int):
+    """Manually forward a lead to a supplier (no credit cost)."""
+    form = await request.form
+    supplier_id = int(form.get("supplier_id", 0))
+    if not supplier_id:
+        await flash("Select a supplier.", "error")
+        return redirect(url_for("admin.lead_detail", lead_id=lead_id))
+
+    error = await _forward_lead(lead_id, supplier_id)
+    if error:
+        await flash(error, "warning")
+    else:
+        await flash("Lead forwarded to supplier.", "success")
     return redirect(url_for("admin.lead_detail", lead_id=lead_id))
 
 
@@ -704,25 +704,9 @@ async def lead_forward_htmx(lead_id: int):
         return Response("Select a supplier.", status=422)
     supplier_id = int(supplier_id_str)
 
-    existing = await fetch_one(
-        "SELECT 1 FROM lead_forwards WHERE lead_id = ? AND supplier_id = ?",
-        (lead_id, supplier_id),
-    )
-    if existing:
-        return Response("Already forwarded to this supplier.", status=422)
-
-    now = utcnow_iso()
-    await execute(
-        """INSERT INTO lead_forwards (lead_id, supplier_id, credit_cost, status, created_at)
-           VALUES (?, ?, 0, 'sent', ?)""",
-        (lead_id, supplier_id, now),
-    )
-    await execute(
-        "UPDATE lead_requests SET unlock_count = unlock_count + 1, status = 'forwarded' WHERE id = ?",
-        (lead_id,),
-    )
-    from ..worker import enqueue
-    await enqueue("send_lead_forward_email", {"lead_id": lead_id, "supplier_id": supplier_id})
+    error = await _forward_lead(lead_id, supplier_id)
+    if error:
+        return Response(error, status=422)
 
     lead = await get_lead_detail(lead_id)
     return await render_template(