- dashboard.html: add onclick handlers for Exportar, date range, chart periods
(week/month/year), Ver todos, quick actions, remove stale inline lead IDs
- admin.js: add exportDashboard(), filterByDateRange(), setChartPeriod(),
initDateRange(), updateChartsWithData() with period slicing, loadAnalytics()
on dashboard init
- login.html: guard /api/auth/me with session cookie check to prevent 401 noise
- server/index.ts: fix Secure cookie flag: only set when HTTPS + production + !localhost
Replace browser prompt()-based editing with proper Bootstrap 5 modal
dialogs for testimonials, services, FAQs, and leads. This provides
better UX with form validation, structured input fields, and i18n
support (ES/RU) instead of raw prompt dialogs.
- Add testimonialModal, serviceModal, faqModal, leadModal to admin.html
- Add show*/save* methods in admin.js for each entity type
- Wire leads.html 'Add lead' button to leadModal
- Add modal JS modules (FAQModal, LeadModal, ServiceModal)
- Add unit and e2e tests for modals and API client
1. Replace serveStatic with Bun.file() to fix Content-Length: 0 bug
that caused Nginx to wait 12-30s per file.
2. Add section loader (spinner + 'Cargando...') while sections load.
3. Add AbortController to cancel previous fetch when switching menus.
4. Add credentials: 'same-origin' to ensure cookies are sent.
5. Add error handling for empty responses and HTTP errors.
Fixes: admin panel empty sections, 30s menu load, DOMException aborts.
Refs: production server tenerifeprop.es
- Add getAdminProperties() to api.js with admin endpoint
- Update admin.js loadProperties() to use getAdminProperties
- Returns full dataset with admin filtering support
Refs: production admin panel
Previously admin.js did not verify authentication on load.
Admin was accessible without login if user navigated directly.
Now checkAuth() is called before init() and redirects to /login
if user is not authenticated.
Refs: production server, admin panel security
- admin.html: removed conflicting inline script, added api.js + admin.js
- admin.js: dynamic section loader with fetch, init navigates to hash
- api.js: credentials: 'include' for all admin requests
- propertyModal: added name attributes to all form fields, saveProperty onclick handler
- server/index.ts: added POST /api/analytics/event with daily aggregation
- server/validation.ts: removed min(6) from password for 401 on invalid credentials
- capability-index.yaml: added 11 MCP capability routes
- docker-compose-mcp.yml: created for MCP servers
