b5dde2aad9
wip: Phase 3 UAT in progress — 2/10 tests pass, upload XHR bug open
...
Fixes applied this session:
- frontend/src/api/client.js: noRefreshPaths exclusion prevents auth 401s
from triggering session-expired error on login/register/refresh
- frontend/src/router/index.js: async beforeEach with silent refresh()
restores session from httpOnly cookie on page reload
UAT state: 2 pass (cold-start, admin block), 1 open (XHR upload network error),
7 pending. MinIO PUT fails in browser — needs console output to diagnose.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-24 21:26:50 +02:00
23c568ae89
feat(03-05): create QuotaBar.vue; embed in AppSidebar between topics nav and footer
...
- QuotaBar.vue: new sidebar quota widget — onMounted calls authStore.fetchQuota(); computed pct/barColor/labelColor/label from authStore.quota; color thresholds <80% indigo-500, 80-95% amber-500, >=95% red-500; skeleton loading state (animate-pulse); hides on loadFailed (v-if); role=progressbar with aria-valuenow/aria-valuemin/aria-valuemax/aria-label
- AppSidebar.vue: import QuotaBar; insert <QuotaBar /> between </nav> and settings footer div
- Frontend build exits 0 (verified)
2026-05-23 20:49:07 +02:00
eb18428d07
feat(03-05): 3-step presigned upload + quota state in auth store + progress UI
...
- api/client.js: extend request() to attach .status and .payload on 413 structured errors; remove legacy uploadDocument multipart function
- stores/auth.js: add quota ref({used_bytes:0, limit_bytes:0}) and fetchQuota() action (silent catch); expose in store return
- stores/documents.js: replace single upload() with uploadToMinIO XHR helper + 3-step async action (getUploadUrl→XHR PUT→confirmUpload); track uploadProgress map keyed by filename+timestamp (T-03-25); call fetchQuota after upload success and document delete
- components/upload/UploadProgress.vue: add aria progressbar per row, percentage label, quota rejection error block (role=alert, red-50/red-200) from item.quotaError; use plain anchor for Manage storage link
2026-05-23 20:46:24 +02:00
349912cac3
feat(03-04): replace settings UI with admin-managed placeholder; update API client
...
- views/SettingsView.vue: Replace full form with static placeholder card. No store
imports, no API calls. Shows "AI configuration is managed by your administrator."
(D-12, T-03-21)
- stores/settings.js: Deleted — only consumed by SettingsView; no other imports
- api/client.js: Remove getSettings, patchSettings, testProvider, getDefaultPrompt
(// Settings section deleted). Add getMyQuota() for quota bar (Plan 03-05).
Add getUploadUrl() and confirmUpload() for presigned upload flow (Plan 03-05).
2026-05-23 20:34:15 +02:00
92e3d755d0
feat(02-05): AppSidebar admin link and user identity footer
...
- Add conditional Admin nav link (v-if authStore.user?.role === 'admin') with shield SVG icon
- Add user identity footer: initials avatar (bg-indigo-100), email (truncate flex-1), sign-out icon button (aria-label="Sign out")
- Import useAuthStore alongside existing topicsStore; add useRouter for post-logout redirect
- All existing nav links, topicsStore reference, and scoped styles preserved unchanged
2026-05-22 20:09:16 +02:00
9137f41537
feat(02-05): admin tab components and AdminView
...
- AdminView.vue: tabbed layout (Users | Quotas | AI Config) with UI-SPEC tab strip classes
- AdminUsersTab.vue: user table with create form (crypto.getRandomValues password), inline deactivation confirmation, reactivate, reset-password, row-level spinner, empty state
- AdminQuotasTab.vue: quota inline edit with MB display, usage %, warning when limit < usage
- AdminAiConfigTab.vue: AI provider/model per-user with 1.5s "Saved" confirmation
- client.js: fix adminDeactivateUser/adminReactivateUser to use PATCH /status endpoint, fix adminResetUserPassword to /password-reset, fix adminUpdateAiConfig to send ai_provider/ai_model, add adminGetUserQuota
- No impersonation UI in any admin component (T-02-31)
2026-05-22 20:09:05 +02:00
d73e2f6112
feat(02-03): TOTP enrollment flow, backup codes, AccountView, ConfirmBlock
...
- TotpEnrollment.vue: three-step enrollment (setup → verify → backup-codes); emits 'enrolled'
- BackupCodesDisplay.vue: 2-column grid, copy-all clipboard, acknowledgment checkbox
- ConfirmBlock.vue: reusable inline confirmation block with 'confirmed'/'cancelled' emits
- AccountView.vue: TOTP section (enrollment or disable), change-password with breach/wrong-pw error handling, sign-out-all with ConfirmBlock
- npm run build exits 0
2026-05-22 19:54:53 +02:00
3b7d362600
feat(02-02): frontend auth store, router guard, Login/Register views
...
- frontend/src/stores/auth.js: useAuthStore with accessToken in memory
only (never browser storage); login() accepts options.backupCode
- frontend/src/api/client.js: extended with Bearer token injection,
401 auto-refresh retry, all auth/admin API functions, changePassword
- frontend/src/router/index.js: auth routes added (/login, /register,
/password-reset, /account, /admin); beforeEach guard redirects
unauthenticated users to /login with redirect param
- frontend/src/layouts/AuthLayout.vue: centered bare layout for auth pages
- frontend/src/views/auth/LoginView.vue: three-step flow (password, TOTP,
backup code); "Use a backup code instead" link; UI-SPEC copywriting
- frontend/src/views/auth/RegisterView.vue: registration with
PasswordStrengthBar; HIBP error display; UI-SPEC copywriting
- frontend/src/components/auth/PasswordStrengthBar.vue: 4-segment bar
- frontend/src/components/ui/AppSpinner.vue: animate-spin SVG spinner
- Stub views: PasswordResetView, NewPasswordView, AccountView, AdminView
- .gitignore: exclude frontend/node_modules, dist, package-lock.json
npm run build exits 0. All acceptance criteria verified.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-22 19:45:21 +02:00
7a34807fa0
chore: initial commit — existing single-user document scanner codebase
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-22 08:53:28 +02:00
curo1305