kiosk-guestbook

mirror of https://github.com/tmdinosaurcenter/kiosk-guestbook.git synced 2026-06-04 03:50:14 -06:00

Author	SHA1	Message	Date
steve	047f57513d	feat: add PWA support and mobile admin card layout All pages: manifest link, apple-mobile-web-app meta tags, theme-color, viewport-fit=cover, overscroll-behavior:none, safe-area padding, 16px input font-size to prevent iOS zoom, SW registration. admin.html: card-per-entry layout on small screens (d-md-none) with name, location, timestamp, newsletter status, email, comment, and delete button. Desktop table unchanged (d-none d-md-block).	2026-03-29 19:20:29 -06:00
steve	ecdcc044b7	feat: add CSRF protection to all POST forms Installs Flask-WTF and enables CSRFProtect globally. Adds csrf_token hidden fields to all four POST forms (login, delete entry, add user, delete user, and the public guestbook form). Exempts the API endpoint which uses header-based key auth instead.	2026-03-28 23:23:53 -06:00
steve	4f675fe74c	feat: display admin timestamps in America/Denver time Convert UTC timestamps from SQLite to Mountain Time (America/Denver) using a Jinja2 template filter backed by zoneinfo; add tzdata dependency for IANA timezone data in the slim Docker image.	2026-03-28 22:58:37 -06:00
steve	2d4eac6583	refactor: migrate admin auth from HTTP Basic to Flask-Login sessions Replaces browser-cached Basic Auth credentials with proper server-side session management. Logout now fully invalidates the session. Adds an HTML login form at /admin/login, SECRET_KEY env var support, and updates README with key generation instructions and role table.	2026-03-10 11:41:16 -06:00
steve	94d6690e57	fix: add logout button to admin pages	2026-03-10 10:39:10 -06:00
steve	4f0a7df22a	feat: add role-based access control with database-backed users	2026-03-10 10:29:42 -06:00
steve	047f1a8c8b	feat: add paginated admin interface for viewing and deleting entries	2026-03-10 09:57:28 -06:00

7 Commits