pgz-sport

damir/pgz-sport

Fork 0

Commit Graph

Author	SHA1	Message	Date
damir	dd2f7daaf8	CRISIS V3: definitive apiAuth + mobile hamburger + Playwright E2E test apiAuth in app.html: - Pre-checks JWT exp client-side BEFORE making request - On expired: clears localStorage + redirects /login?reason=expired - On 401 from server: clears + redirects /login?reason=unauthorized - Single-flight redirect via window.__pgz_redirecting flag login.html: - Toast for ?reason=expired (red) / ?reason=unauthorized (orange) app.html mobile: - Hamburger button injected into topbar (.tb) - Mobile CSS: sidebar slide-in -280→0, backdrop overlay, full-width drill-down - toggleMobileSidebar() global function - @media (max-width:768px) display:inline-flex, sidebar fixed pos scripts/playwright_e2e.py: - Desktop test (1280x800): login, JWT persist, profile, logo, logout - Mobile test (375x812 iPhone X): viewport, login flow, hamburger, no h-scroll - Output: _audit/playwright_<TS>/results.json + screenshots/*.png Reproducible: TS=YYYYmmdd_HHMM python3 scripts/playwright_e2e.py	2026-05-05 09:21:39 +02:00
damir	8e136351f9	CRISIS FIX: login flow + mobile responsive + token expiry handling ROOT CAUSE ISOLATED: Backend POST /api/auth/login, GET/PUT /api/auth/me, POST avatar, POST /logout all return 200 OK (verified curl). Damirov problem is browser-side: stale localStorage tokens that don't match current backend → 401 cascade → avatar upload appears as 'failed: 401' → profile changes 'lost'. FIXES: 1. apiAuth() in app.html now: - Pre-checks JWT exp claim before request - On 401 response: clears localStorage (pgz_access/refresh/user) + redirects to /login?reason=unauthorized - On JWT expired: redirects to /login?reason=expired 2. login.html displays toast for ?reason=expired/unauthorized 3. Mobile responsive CSS (max-width: 768px): - app.html: hamburger menu, sidebar slide-in, full-width drill-down panel - sport2.html: KPI grid 2-col, klubovi 1-col, tables horizontal scroll - Both: viewport meta + media queries + touch-friendly buttons 4. Mobile menu toggle button + backdrop overlay added VERIFIED E2E (curl): - POST /auth/login → 200 + JWT - GET /auth/me → 200 + telefon persisted - PUT /auth/me → 200, DB row updated - POST /auth/me/avatar → 200, file saved + avatar_url returned - POST /auth/logout → 200, token revoked (next /me returns 401)	2026-05-05 09:14:46 +02:00

Author

SHA1

Message

Date

damir

dd2f7daaf8

CRISIS V3: definitive apiAuth + mobile hamburger + Playwright E2E test

apiAuth in app.html:
- Pre-checks JWT exp client-side BEFORE making request
- On expired: clears localStorage + redirects /login?reason=expired
- On 401 from server: clears + redirects /login?reason=unauthorized
- Single-flight redirect via window.__pgz_redirecting flag

login.html:
- Toast for ?reason=expired (red) / ?reason=unauthorized (orange)

app.html mobile:
- Hamburger button injected into topbar (.tb)
- Mobile CSS: sidebar slide-in -280→0, backdrop overlay, full-width drill-down
- toggleMobileSidebar() global function
- @media (max-width:768px) display:inline-flex, sidebar fixed pos

scripts/playwright_e2e.py:
- Desktop test (1280x800): login, JWT persist, profile, logo, logout
- Mobile test (375x812 iPhone X): viewport, login flow, hamburger, no h-scroll
- Output: _audit/playwright_<TS>/results.json + screenshots/*.png

Reproducible: TS=YYYYmmdd_HHMM python3 scripts/playwright_e2e.py

2026-05-05 09:21:39 +02:00

damir

8e136351f9

CRISIS FIX: login flow + mobile responsive + token expiry handling

ROOT CAUSE ISOLATED:
Backend POST /api/auth/login, GET/PUT /api/auth/me, POST avatar, POST /logout
all return 200 OK (verified curl). Damirov problem is browser-side:
stale localStorage tokens that don't match current backend → 401 cascade
→ avatar upload appears as 'failed: 401' → profile changes 'lost'.

FIXES:
1. apiAuth() in app.html now:
   - Pre-checks JWT exp claim before request
   - On 401 response: clears localStorage (pgz_access/refresh/user) +
     redirects to /login?reason=unauthorized
   - On JWT expired: redirects to /login?reason=expired

2. login.html displays toast for ?reason=expired/unauthorized

3. Mobile responsive CSS (max-width: 768px):
   - app.html: hamburger menu, sidebar slide-in, full-width drill-down panel
   - sport2.html: KPI grid 2-col, klubovi 1-col, tables horizontal scroll
   - Both: viewport meta + media queries + touch-friendly buttons

4. Mobile menu toggle button + backdrop overlay added

VERIFIED E2E (curl):
- POST /auth/login → 200 + JWT
- GET /auth/me → 200 + telefon persisted
- PUT /auth/me → 200, DB row updated
- POST /auth/me/avatar → 200, file saved + avatar_url returned
- POST /auth/logout → 200, token revoked (next /me returns 401)

2026-05-05 09:14:46 +02:00

2 Commits