a8n-tools/rusty-links
7
2
Fork 0
Code Issues Pull requests Projects Releases Packages 2 Activity Actions

fix/admin-setup #29

Merged
nrupard merged 9 commits from fix/admin-setup into main 2026-04-09 16:18:02 +02:00
Conversation 0 Commits 9 Files changed 8 +328 -15
nrupard commented 2026-04-08 22:56:33 +02:00
Member
Copy link
No description provided. 
Client-side password validation now matches server requirements (uppercase,
number, special char), preventing silent failures. Added SETUP_DEFAULT_ADMIN_*
env vars to auto-create an admin on startup for Docker/CI deployments.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
nrupard changed title from fix/admin-setup to wip: fix/admin-setup 2026-04-08 22:56:43 +02:00 
Previously, if check_setup returned an error the setup page fell through
to the loading spinner arm and hung forever. Move navigation into a
use_effect and render explicit redirect and error states.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The previous use_effect approach didn't reliably re-run when the
check_setup resource resolved, leaving users stuck on the "Redirecting
to login..." spinner. Mirror the pattern used by Home in app.rs:
navigate during render from inside the match arm.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
A stale auth_token left over from a previous session (e.g. after the
JWT_SECRET rotates on server restart) would pass the localStorage presence
check and trap the user on /links behind an infinite spinner. Now both
the landing page and ProtectedLayout call /api/auth/me to validate the
token before trusting it, clearing it and redirecting to /login on 401.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ProtectedLayout's verify_auth treated any non-success response from
/api/auth/me as "token invalid" and silently bounced the user to /login.
When the DB was slow/unready, a successful login was immediately undone
by a 5xx on /api/auth/me, leaving the user on a freshly-remounted Login
component with no error message.

- verify_auth now returns AuthVerdict {Valid, Invalid, Unknown}. Only
  401/403 triggers clear_auth + redirect; 5xx and network errors return
  Unknown so the child page renders and surfaces its own fetch errors.
- clean_error rejects HTML bodies and oversized blobs so reverse-proxy
  error pages fall through to "Something went wrong on the server.
  Please try again later." instead of splatting raw markup into the UI.
- login.rs network-error branch now shows "Can't reach the server right
  now. Please try again in a moment." and logs the raw error via tracing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Clicking "Log In" or "Create Account" before Dioxus WASM hydrated
triggered a native HTML GET submission to the current URL, wiping the
typed credentials with no error feedback. Disable the submit button
until a use_effect flips a `hydrated` signal (runs only client-side
after mount), and set action="javascript:void(0)" so any native
fallback submission is a no-op instead of a navigating GET.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
nrupard changed title from wip: fix/admin-setup to WIP: wip: fix/admin-setup 2026-04-09 16:17:50 +02:00
nrupard changed title from WIP: wip: fix/admin-setup to wip: fix/admin-setup 2026-04-09 16:17:53 +02:00
nrupard changed title from wip: fix/admin-setup to fix/admin-setup 2026-04-09 16:17:59 +02:00
nrupard deleted branch fix/admin-setup 2026-04-09 16:18:03 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
a8n-tools/rusty-links!29
No description provided.