derekc
958c409e8e
- models.py: add UniqueConstraint(user_id, date) to flock_history so duplicate flock entries for the same day are rejected at the DB level - main.py: v2.3 migration applies the new unique constraint to existing installs at startup - login.html: update register form minlength and placeholder from 6 to 10 characters to match backend; add specific 429 error message so rate- limited users see "Too many attempts — please wait a minute" instead of a generic failure - auth.js: update settings modal password input minlength from 6 to 10 - summary.js: fix CSV export truncation — pass limit=10000 so users with more than 500 days of data get a complete export; read chart border color from --green CSS variable instead of hardcoded hex - All HTML files: bump JS version params to ?v=4 so browsers discard cached copies of files changed across recent sessions (api.js, auth.js, dashboard.js, history.js, log.js, flock.js, budget.js, summary.js, admin.js) - .env.example: add password strength guidance for MySQL and admin vars Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
163 lines
7.1 KiB
HTML
163 lines
7.1 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<title>Login — Yolkbook</title>
|
|
<link rel="icon" href="/favicon.svg" type="image/svg+xml">
|
|
<link rel="stylesheet" href="/css/style.css">
|
|
</head>
|
|
<body class="login-body">
|
|
<div class="login-container">
|
|
<div class="login-brand">🥚 Yolkbook</div>
|
|
|
|
<!-- Sign In -->
|
|
<div class="card login-card" id="login-panel">
|
|
<h1 class="login-title">Sign In</h1>
|
|
<div id="login-msg" class="message"></div>
|
|
<form id="login-form">
|
|
<div class="form-group" style="margin-bottom:1rem">
|
|
<label for="username">Username</label>
|
|
<input type="text" id="username" autocomplete="username" required autofocus>
|
|
</div>
|
|
<div class="form-group" style="margin-bottom:1.5rem">
|
|
<label for="password">Password</label>
|
|
<input type="password" id="password" autocomplete="current-password" required>
|
|
</div>
|
|
<button type="submit" class="btn btn-primary" style="width:100%" id="login-btn">Sign In</button>
|
|
</form>
|
|
<p style="text-align:center;margin-top:1rem;font-size:0.9rem;color:var(--muted)">
|
|
No account? <a href="#" onclick="showRegister()">Create one</a>
|
|
</p>
|
|
</div>
|
|
|
|
<!-- Register -->
|
|
<div class="card login-card" id="register-panel" style="display:none">
|
|
<h1 class="login-title">Create Account</h1>
|
|
<div id="reg-msg" class="message"></div>
|
|
<form id="reg-form">
|
|
<div class="form-group" style="margin-bottom:1rem">
|
|
<label for="reg-username">Username</label>
|
|
<input type="text" id="reg-username" autocomplete="username" required minlength="2" maxlength="64">
|
|
</div>
|
|
<div class="form-group" style="margin-bottom:1rem">
|
|
<label for="reg-password">Password</label>
|
|
<input type="password" id="reg-password" autocomplete="new-password" required minlength="10" placeholder="min 10 characters">
|
|
</div>
|
|
<div class="form-group" style="margin-bottom:1.5rem">
|
|
<label for="reg-confirm">Confirm Password</label>
|
|
<input type="password" id="reg-confirm" autocomplete="new-password" required>
|
|
</div>
|
|
<button type="submit" class="btn btn-primary" style="width:100%" id="reg-btn">Create Account</button>
|
|
</form>
|
|
<p style="text-align:center;margin-top:1rem;font-size:0.9rem;color:var(--muted)">
|
|
Already have an account? <a href="#" onclick="showLogin()">Sign in</a>
|
|
</p>
|
|
</div>
|
|
</div>
|
|
|
|
<script>
|
|
// Redirect if already logged in
|
|
(function () {
|
|
const token = localStorage.getItem('token');
|
|
if (token) {
|
|
try {
|
|
const payload = JSON.parse(atob(token.split('.')[1]));
|
|
if (payload.exp > Date.now() / 1000) {
|
|
window.location.href = '/';
|
|
return;
|
|
}
|
|
} catch (_) {}
|
|
localStorage.removeItem('token');
|
|
}
|
|
})();
|
|
|
|
function showLogin() {
|
|
document.getElementById('register-panel').style.display = 'none';
|
|
document.getElementById('login-panel').style.display = 'block';
|
|
document.getElementById('username').focus();
|
|
}
|
|
|
|
function showRegister() {
|
|
document.getElementById('login-panel').style.display = 'none';
|
|
document.getElementById('register-panel').style.display = 'block';
|
|
document.getElementById('reg-username').focus();
|
|
}
|
|
|
|
function showError(elId, text) {
|
|
const el = document.getElementById(elId);
|
|
el.textContent = text;
|
|
el.className = 'message error visible';
|
|
}
|
|
|
|
function showSuccess(elId, text) {
|
|
const el = document.getElementById(elId);
|
|
el.textContent = text;
|
|
el.className = 'message success visible';
|
|
}
|
|
|
|
// ── Login ──
|
|
document.getElementById('login-form').addEventListener('submit', async (e) => {
|
|
e.preventDefault();
|
|
const btn = document.getElementById('login-btn');
|
|
btn.disabled = true;
|
|
btn.textContent = 'Signing in…';
|
|
document.getElementById('login-msg').className = 'message';
|
|
|
|
const username = document.getElementById('username').value.trim();
|
|
const password = document.getElementById('password').value;
|
|
|
|
try {
|
|
const res = await fetch('/api/auth/login', {
|
|
method: 'POST',
|
|
headers: { 'Content-Type': 'application/json' },
|
|
body: JSON.stringify({ username, password }),
|
|
});
|
|
const data = await res.json();
|
|
if (res.status === 429) { showError('login-msg', 'Too many attempts — please wait a minute and try again.'); return; }
|
|
if (!res.ok) { showError('login-msg', data.detail || 'Login failed'); return; }
|
|
localStorage.setItem('token', data.access_token);
|
|
window.location.href = '/';
|
|
} catch (err) {
|
|
showError('login-msg', 'Could not reach the server. Please try again.');
|
|
} finally {
|
|
btn.disabled = false;
|
|
btn.textContent = 'Sign In';
|
|
}
|
|
});
|
|
|
|
// ── Register ──
|
|
document.getElementById('reg-form').addEventListener('submit', async (e) => {
|
|
e.preventDefault();
|
|
const btn = document.getElementById('reg-btn');
|
|
const username = document.getElementById('reg-username').value.trim();
|
|
const password = document.getElementById('reg-password').value;
|
|
const confirm = document.getElementById('reg-confirm').value;
|
|
|
|
if (password !== confirm) { showError('reg-msg', 'Passwords do not match'); return; }
|
|
|
|
btn.disabled = true;
|
|
btn.textContent = 'Creating account…';
|
|
document.getElementById('reg-msg').className = 'message';
|
|
|
|
try {
|
|
const res = await fetch('/api/auth/register', {
|
|
method: 'POST',
|
|
headers: { 'Content-Type': 'application/json' },
|
|
body: JSON.stringify({ username, password }),
|
|
});
|
|
const data = await res.json();
|
|
if (!res.ok) { showError('reg-msg', data.detail || 'Registration failed'); return; }
|
|
localStorage.setItem('token', data.access_token);
|
|
window.location.href = '/';
|
|
} catch (err) {
|
|
showError('reg-msg', 'Could not reach the server. Please try again.');
|
|
} finally {
|
|
btn.disabled = false;
|
|
btn.textContent = 'Create Account';
|
|
}
|
|
});
|
|
</script>
|
|
</body>
|
|
</html>
|