pgz-sport

Author SHA1 Message Date

Author	SHA1	Message	Date
Damir Radulić	ce544e660c	7-sub sprint UI residual: footer login + kalendar CRUD + notif center + CRM extra tabs A: shared/sidebar.js footer onclick → handleFootClick (Guest→/sport/login, logged-in→logout()), a11y role+keyboard, popup link fix B: app.html SECTIONS['kalendar'] kalOpenModal/Save/Edit/Delete + Akcije kolona, mock savez:kalendar maknut C: app.html renderNotifCenter() (sve 4 role) + sidebar bell unread badge (30s poll) F: crm_v2.html +443 linija — Članarine, Liječnički, Obrasci tabovi (split view + dynamic schema modal) G: index.html minor + sidebar dokumenti link refresh Note: backend (kalendar_router, notif_router, crm_router, erp_full_router uploads, dokumenti unified) već u commit `f7b5114`. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-05 13:55:33 +02:00
damir	8e136351f9	CRISIS FIX: login flow + mobile responsive + token expiry handling ROOT CAUSE ISOLATED: Backend POST /api/auth/login, GET/PUT /api/auth/me, POST avatar, POST /logout all return 200 OK (verified curl). Damirov problem is browser-side: stale localStorage tokens that don't match current backend → 401 cascade → avatar upload appears as 'failed: 401' → profile changes 'lost'. FIXES: 1. apiAuth() in app.html now: - Pre-checks JWT exp claim before request - On 401 response: clears localStorage (pgz_access/refresh/user) + redirects to /login?reason=unauthorized - On JWT expired: redirects to /login?reason=expired 2. login.html displays toast for ?reason=expired/unauthorized 3. Mobile responsive CSS (max-width: 768px): - app.html: hamburger menu, sidebar slide-in, full-width drill-down panel - sport2.html: KPI grid 2-col, klubovi 1-col, tables horizontal scroll - Both: viewport meta + media queries + touch-friendly buttons 4. Mobile menu toggle button + backdrop overlay added VERIFIED E2E (curl): - POST /auth/login → 200 + JWT - GET /auth/me → 200 + telefon persisted - PUT /auth/me → 200, DB row updated - POST /auth/me/avatar → 200, file saved + avatar_url returned - POST /auth/logout → 200, token revoked (next /me returns 401)	2026-05-05 09:14:46 +02:00
Damir Radulić	a7ec0a86be	PGŽ Sport Platform — Round 1+2 baseline (sport2.html + API)	2026-05-04 23:39:08 +02:00

Damir Radulić

ce544e660c

7-sub sprint UI residual: footer login + kalendar CRUD + notif center + CRM extra tabs

A: shared/sidebar.js footer onclick → handleFootClick (Guest→/sport/login, logged-in→logout()), a11y role+keyboard, popup link fix
B: app.html SECTIONS['kalendar'] kalOpenModal/Save/Edit/Delete + Akcije kolona, mock savez:kalendar maknut
C: app.html renderNotifCenter() (sve 4 role) + sidebar bell unread badge (30s poll)
F: crm_v2.html +443 linija — Članarine, Liječnički, Obrasci tabovi (split view + dynamic schema modal)
G: index.html minor + sidebar dokumenti link refresh

Note: backend (kalendar_router, notif_router, crm_router, erp_full_router uploads, dokumenti unified) već u commit f7b5114.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-05 13:55:33 +02:00

damir

8e136351f9

CRISIS FIX: login flow + mobile responsive + token expiry handling

ROOT CAUSE ISOLATED:
Backend POST /api/auth/login, GET/PUT /api/auth/me, POST avatar, POST /logout
all return 200 OK (verified curl). Damirov problem is browser-side:
stale localStorage tokens that don't match current backend → 401 cascade
→ avatar upload appears as 'failed: 401' → profile changes 'lost'.

FIXES:
1. apiAuth() in app.html now:
   - Pre-checks JWT exp claim before request
   - On 401 response: clears localStorage (pgz_access/refresh/user) +
     redirects to /login?reason=unauthorized
   - On JWT expired: redirects to /login?reason=expired

2. login.html displays toast for ?reason=expired/unauthorized

3. Mobile responsive CSS (max-width: 768px):
   - app.html: hamburger menu, sidebar slide-in, full-width drill-down panel
   - sport2.html: KPI grid 2-col, klubovi 1-col, tables horizontal scroll
   - Both: viewport meta + media queries + touch-friendly buttons

4. Mobile menu toggle button + backdrop overlay added

VERIFIED E2E (curl):
- POST /auth/login → 200 + JWT
- GET /auth/me → 200 + telefon persisted
- PUT /auth/me → 200, DB row updated
- POST /auth/me/avatar → 200, file saved + avatar_url returned
- POST /auth/logout → 200, token revoked (next /me returns 401)

2026-05-05 09:14:46 +02:00

Damir Radulić a7ec0a86be PGŽ Sport Platform — Round 1+2 baseline (sport2.html + API) 2026-05-04 23:39:08 +02:00

3 Commits