tractatus

john/tractatus

Fork 0

Commit graph

Author	SHA1	Message	Date
TheFlow	4e4401a117	fix(auth): resolve admin login - token sanitization and missing password field SUMMARY: Fixed admin login failures caused by two issues: 1. Response sanitization middleware stripping auth tokens 2. Admin users missing password field in database ROOT CAUSE ANALYSIS: - sanitizeResponseData middleware removed ALL fields named 'token' - This included authentication tokens that SHOULD be sent to clients - Admin user records created without proper password field - User.authenticate() failed on bcrypt.compare() with undefined password FIXES: 1. Changed auth response field from 'token' to 'accessToken' - Avoids overly aggressive sanitization - More semantically correct (it's specifically an access token) - Frontend updated to use data.accessToken 2. Created fix-admin-user.js script - Properly creates admin user via User.create() - Ensures password field is bcrypt hashed - Deletes old malformed user records 3. Updated login.js auto-fill for correct dev email - Changed from admin@tractatus.local to admin@agenticgovernance.digital TESTING: - Local login now returns accessToken (308 char JWT) - User object returned with proper ID serialization - Auth flow: POST /api/auth/login → returns accessToken + user - Ready for production deployment FILES: - src/controllers/auth.controller.js: Use accessToken field - public/js/admin/login.js: Store data.accessToken, update default email - scripts/fix-admin-user.js: Admin user creation/fix utility NEXT STEPS: 1. Deploy to production 2. Run: node scripts/fix-admin-user.js admin@agenticgovernance.digital <password> 3. Test admin login at /admin/login.html 🤖 Generated with Claude Code (https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-20 21:13:42 +13:00
TheFlow	3292148f31	feat: add admin dashboard & API reference documentation Admin Dashboard (complete): - Created /admin/login.html with JWT authentication - Created /admin/dashboard.html with full management UI - Moderation queue with approve/reject workflows - User management interface - Document management interface - Real-time statistics dashboard - Activity feed monitoring - All CSP-compliant (external JS files) API Reference Documentation (complete): - Created /api-reference.html with complete API docs - Authentication endpoints (login, verify) - Document endpoints (list, get, search) - Governance status endpoint - Admin endpoints (stats, moderation, users) - Error codes reference table - Request/response examples for all endpoints - Query parameters documentation Files Created (5): - public/admin/login.html (auth interface) - public/admin/dashboard.html (admin UI) - public/js/admin/login.js (auth logic) - public/js/admin/dashboard.js (dashboard logic) - public/api-reference.html (complete API docs) All pages tested and accessible (200 OK) Zero CSP violations - all resources from same origin 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-07 12:27:38 +13:00

Author

SHA1

Message

Date

TheFlow

4e4401a117

fix(auth): resolve admin login - token sanitization and missing password field

SUMMARY:
Fixed admin login failures caused by two issues:
1. Response sanitization middleware stripping auth tokens
2. Admin users missing password field in database

ROOT CAUSE ANALYSIS:
- sanitizeResponseData middleware removed ALL fields named 'token'
- This included authentication tokens that SHOULD be sent to clients
- Admin user records created without proper password field
- User.authenticate() failed on bcrypt.compare() with undefined password

FIXES:
1. Changed auth response field from 'token' to 'accessToken'
   - Avoids overly aggressive sanitization
   - More semantically correct (it's specifically an access token)
   - Frontend updated to use data.accessToken

2. Created fix-admin-user.js script
   - Properly creates admin user via User.create()
   - Ensures password field is bcrypt hashed
   - Deletes old malformed user records

3. Updated login.js auto-fill for correct dev email
   - Changed from admin@tractatus.local to admin@agenticgovernance.digital

TESTING:
- Local login now returns accessToken (308 char JWT)
- User object returned with proper ID serialization
- Auth flow: POST /api/auth/login → returns accessToken + user
- Ready for production deployment

FILES:
- src/controllers/auth.controller.js: Use accessToken field
- public/js/admin/login.js: Store data.accessToken, update default email
- scripts/fix-admin-user.js: Admin user creation/fix utility

NEXT STEPS:
1. Deploy to production
2. Run: node scripts/fix-admin-user.js admin@agenticgovernance.digital <password>
3. Test admin login at /admin/login.html

🤖 Generated with Claude Code (https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-20 21:13:42 +13:00

TheFlow

3292148f31

feat: add admin dashboard & API reference documentation

Admin Dashboard (complete):
- Created /admin/login.html with JWT authentication
- Created /admin/dashboard.html with full management UI
- Moderation queue with approve/reject workflows
- User management interface
- Document management interface
- Real-time statistics dashboard
- Activity feed monitoring
- All CSP-compliant (external JS files)

API Reference Documentation (complete):
- Created /api-reference.html with complete API docs
- Authentication endpoints (login, verify)
- Document endpoints (list, get, search)
- Governance status endpoint
- Admin endpoints (stats, moderation, users)
- Error codes reference table
- Request/response examples for all endpoints
- Query parameters documentation

Files Created (5):
- public/admin/login.html (auth interface)
- public/admin/dashboard.html (admin UI)
- public/js/admin/login.js (auth logic)
- public/js/admin/dashboard.js (dashboard logic)
- public/api-reference.html (complete API docs)

All pages tested and accessible (200 OK)
Zero CSP violations - all resources from same origin

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-07 12:27:38 +13:00

2 commits