steve/check-printing
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement user authentication and role-based access control

Browse Source 
Three-tier user model: admin (all accounts, all actions), editor
(assigned accounts, read/write), viewer (assigned accounts, read-only).

Backend:
- express-session with custom SQLite session store (no extra packages)
- bcryptjs for password hashing
- src/middleware/auth.js: requireAuth, requireAdmin, requireEditor,
  canAccessAccount helpers
- src/routes/auth.js: login, logout, /me, setup-needed, change-password
- src/routes/users.js: full CRUD + account assignments (admin only)
- All API routes protected; /api/accounts filtered by user access;
  write routes gated by requireEditor; admin-only routes locked down

Frontend:
- Login overlay (full-page) with first-run admin-setup flow
- Role-based UI: admin-only elements hidden for non-admins; edit/delete
  and PDF buttons hidden for viewers; account switcher shows only
  accessible accounts for non-admins
- Users modal (admin only): user list with role badges, create/edit/delete
  users, set account access via checkboxes
- Change-password section available to all logged-in users
- apiFetch redirects to login on 401
This commit is contained in:
Steve Dogiakos
2026-03-18 22:55:17 -06:00
parent 1277fc4aad
commit f827210a07
13 changed files with 978 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files
public/css/style.css
+45
View File
@@ -42,6 +42,8 @@ header {
.header-info { font-size: 12px; color: rgba(255,255,255,0.7); }
.header-info strong { color: #fff; }
.header-left { display: flex; align-items: center; gap: 10px; }
.header-right { display: flex; align-items: center; gap: 10px; }
.header-username { font-size: 12px; color: rgba(255,255,255,0.7); }
.account-switcher {
background: rgba(255,255,255,0.15);
@@ -760,3 +762,46 @@ input[type="file"] {
flex-wrap: wrap;
}
.dep-pdf-btns { display: flex; gap: 6px; }
/* ── Login overlay ── */
.login-overlay {
position: fixed;
inset: 0;
background: var(--header-bg);
display: flex;
align-items: center;
justify-content: center;
z-index: 2000;
}
.login-overlay.hidden { display: none; }
.login-card {
background: #fff;
border-radius: 8px;
padding: 32px;
width: 360px;
box-shadow: 0 8px 32px rgba(0,0,0,0.35);
}
.login-logo {
font-size: 22px;
font-weight: 700;
color: var(--header-bg);
margin-bottom: 20px;
letter-spacing: -0.5px;
}
.login-card h2 { font-size: 16px; font-weight: 600; margin-bottom: 4px; }
.login-sub { font-size: 12px; color: var(--text-muted); margin-bottom: 16px; }
/* ── User management ── */
.account-checkboxes { display: flex; flex-wrap: wrap; gap: 8px; margin-top: 4px; }
.account-checkbox-label {
display: flex;
align-items: center;
gap: 5px;
font-size: 12px;
background: var(--bg);
border: 1px solid var(--border);
border-radius: 4px;
padding: 3px 8px;
cursor: pointer;
}
.account-checkbox-label:hover { border-color: var(--primary); }