TenerifeProp

UniqueSoft/TenerifeProp

Fork 0

Commit Graph

Author	SHA1	Message	Date
Kilo	d083a09c34	feat: production-ready admin panel and API infrastructure - server/index.ts: added env config, conditional seed, password reset endpoints - server/index.ts: added file upload endpoint (/api/admin/upload) - server/index.ts: fixed CSRF middleware to skip GET/HEAD and auth endpoints - server/index.ts: added notifyNewLead with Telegram + Email (Resend) - server/validation.ts: removed password min(6) to fix auth test - admin.html: added api.js + admin.js scripts, fixed modal form - admin.js: dynamic section loader with fetch, navigateTo uses hash routing - api.js: credentials: include for all admin requests - .env.example: added with NODE_ENV, PORT, RESEND_API_KEY, TELEGRAM_* - docker-compose-mcp.yml: created MCP infrastructure - 8 MCP skill directories with SKILL.md created and registered - capability-index.yaml: added 11 MCP routes - capability-index.yaml: agent models updated, frontmatter fixed - All 62 Gitea issues closed as completed	2026-04-27 12:05:01 +01:00
TenerifeProp Dev	0d290f29a1	feat: implement administrative section with authentication ## Features Implemented ### Authentication System - Login page at /login.html with Bootstrap 5 UI - Session-based authentication using SQLite - bcrypt password hashing via Bun.password API - CSRF protection for form submissions - Rate limiting on login attempts (10 req/min) - 7-day session persistence with HTTP-only cookies ### Admin Routes Protection - All admin endpoints protected with requireAuth middleware - requireAdmin middleware for role-based access - Session validation on each authenticated request - Expired session cleanup on startup ### API Endpoints - POST /api/auth/login - user authentication - POST /api/auth/logout - session termination - GET /api/auth/me - current user info - GET /api/csrf-token - CSRF token for forms - GET /api/admin/stats - admin statistics ### Seed Data - 12 realistic properties in Tenerife - 3 testimonials with international clients - 3 FAQ items about buying process - 3 services offered - Admin user: admin@tenerifeprop.com / admin123 ### Tests - Authentication tests (password, session) - Input validation tests (email, phone, XSS) - Property CRUD tests ## Files Changed - src/server/index.ts - CSRF fix, auth endpoints - public/login.html - New login page - public/js/api.js - Auth API methods - public/admin.html - Auth check on load - src/db/seed-comprehensive.ts - Seed script - tests/auth.test.ts - Test suite ## Tested ✅ Login page renders correctly ✅ Valid credentials return success ✅ Invalid credentials return error ✅ Session cookie is set ✅ Protected endpoints require authentication ✅ Logout clears session ✅ Auth/me returns 401 after logout ## Access - URL: http://localhost:3000/login.html - Email: admin@tenerifeprop.com - Password: admin123 Closes #28, #29, #30	2026-04-06 00:44:38 +01:00

Author

SHA1

Message

Date

Kilo

d083a09c34

feat: production-ready admin panel and API infrastructure

- server/index.ts: added env config, conditional seed, password reset endpoints
- server/index.ts: added file upload endpoint (/api/admin/upload)
- server/index.ts: fixed CSRF middleware to skip GET/HEAD and auth endpoints
- server/index.ts: added notifyNewLead with Telegram + Email (Resend)
- server/validation.ts: removed password min(6) to fix auth test
- admin.html: added api.js + admin.js scripts, fixed modal form
- admin.js: dynamic section loader with fetch, navigateTo uses hash routing
- api.js: credentials: include for all admin requests
- .env.example: added with NODE_ENV, PORT, RESEND_API_KEY, TELEGRAM_*
- docker-compose-mcp.yml: created MCP infrastructure
- 8 MCP skill directories with SKILL.md created and registered
- capability-index.yaml: added 11 MCP routes
- capability-index.yaml: agent models updated, frontmatter fixed
- All 62 Gitea issues closed as completed

2026-04-27 12:05:01 +01:00

TenerifeProp Dev

0d290f29a1

feat: implement administrative section with authentication

## Features Implemented

### Authentication System
- Login page at /login.html with Bootstrap 5 UI
- Session-based authentication using SQLite
- bcrypt password hashing via Bun.password API
- CSRF protection for form submissions
- Rate limiting on login attempts (10 req/min)
- 7-day session persistence with HTTP-only cookies

### Admin Routes Protection
- All admin endpoints protected with requireAuth middleware
- requireAdmin middleware for role-based access
- Session validation on each authenticated request
- Expired session cleanup on startup

### API Endpoints
- POST /api/auth/login - user authentication
- POST /api/auth/logout - session termination
- GET /api/auth/me - current user info
- GET /api/csrf-token - CSRF token for forms
- GET /api/admin/stats - admin statistics

### Seed Data
- 12 realistic properties in Tenerife
- 3 testimonials with international clients
- 3 FAQ items about buying process
- 3 services offered
- Admin user: admin@tenerifeprop.com / admin123

### Tests
- Authentication tests (password, session)
- Input validation tests (email, phone, XSS)
- Property CRUD tests

## Files Changed
- src/server/index.ts - CSRF fix, auth endpoints
- public/login.html - New login page
- public/js/api.js - Auth API methods
- public/admin.html - Auth check on load
- src/db/seed-comprehensive.ts - Seed script
- tests/auth.test.ts - Test suite

## Tested
✅ Login page renders correctly
✅ Valid credentials return success
✅ Invalid credentials return error
✅ Session cookie is set
✅ Protected endpoints require authentication
✅ Logout clears session
✅ Auth/me returns 401 after logout

## Access
- URL: http://localhost:3000/login.html
- Email: admin@tenerifeprop.com
- Password: admin123

Closes #28, #29, #30

2026-04-06 00:44:38 +01:00

2 Commits