e6ea1400d6
## Features Added ### Admin Login Page (public/login.html) - Professional login UI with Bootstrap 5 - Email/password authentication - CSRF protection - Rate limiting protection - Session persistence (7 days) - Remember me functionality - Language: Spanish with translations ready ### Authentication Middleware (src/server/index.ts) - Session-based authentication using SQLite - bcrypt password hashing - CSRF token endpoint for form protection - Auth check on admin.html page load - Logout endpoint ### API Client Enhancements (public/js/api.js) - Added auth methods: login(), logout(), getMe(), getCsrfToken() - CRUD methods for all admin entities: - Properties: create, update, delete - Leads: get, update, delete - Testimonials: create, update, delete - FAQ: create, update, delete - Services: create, update, delete - Settings: get, update - Admin stats endpoint ### Comprehensive Seed Data (src/db/seed-comprehensive.ts) - 36 properties of all types: - 8 urban lands - 10 agricultural plots - 8 houses/villas - 10 apartments - Real Tenerife locations with coordinates - Spanish and Russian translations - 8 testimonials from international clients - 8 FAQ items (buying process, taxes, etc.) - 6 services offered - Admin user: admin@tenerifeprop.com / admin123 - Stock photos from Unsplash ### Tests (tests/auth.test.ts) - Authentication tests - Session management tests - Property CRUD tests - Input validation tests - XSS prevention tests - Email/phone validation tests ## Why These Changes 1. Security: Authentication protects admin routes from unauthorized access 2. Data: Seed data provides realistic content for testing and demo 3. UX: Professional login page improves user experience 4. Testing: Tests ensure reliability and catch regressions ## Breaking Changes None - all changes are additive ## Related Issues - Closes #28 (Admin Login Page) - Closes #29 (Seed Data Generation) - Closes #30 (Tests Implementation) ## Milestone Administrative Section Implementation (#51)
9.2 KiB
9.2 KiB