rick/LEDMatrix
1
0
Fork 0
mirror of https://github.com/ChuckBuilds/LEDMatrix.git synced 2026-04-10 21:03:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(widgets): add modular widget system for schedule and common inputs (#213)

Browse Source 
* feat(widgets): add modular widget system for schedule and common inputs

Add 15 new reusable widgets following the widget registry pattern:
- schedule-picker: composite widget for enable/mode/time configuration
- day-selector: checkbox group for days of the week
- time-range: paired start/end time inputs with validation
- text-input, number-input, textarea: enhanced text inputs
- toggle-switch, radio-group, select-dropdown: selection widgets
- slider, color-picker, date-picker: specialized inputs
- email-input, url-input, password-input: validated string inputs

Refactor schedule.html to use the new schedule-picker widget instead
of inline JavaScript. Add x-widget support in plugin_config.html for
all new widgets so plugins can use them via schema configuration.

Fix form submission for checkboxes by using hidden input pattern to
ensure unchecked state is properly sent via JSON-encoded forms.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(widgets): improve security, validation, and form binding across widgets

- Fix XSS vulnerability: escapeHtml now escapes quotes in all widget fallbacks
- color-picker: validate presets with isValidHex(), use data attributes
- date-picker: add placeholder attribute support
- day-selector: use options.name for hidden input form binding
- password-input: implement requireUppercase/Number/Special validation
- radio-group: fix value injection using this.value instead of interpolation
- schedule-picker: preserve day values when disabling (don't clear times)
- select-dropdown: remove undocumented searchable/icons options
- text-input: apply patternMessage via setCustomValidity
- time-range: use options.name for hidden inputs
- toggle-switch: preserve configured color from data attribute
- url-input: combine browser and custom protocol validation
- plugin_config: add widget support for boolean/number types, pass name to day-selector
- schedule: handle null config gracefully, preserve explicit mode setting

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(widgets): validate day-selector input, consistent minLength default, escape JSON quotes

- day-selector: filter incoming selectedDays to only valid entries in DAYS array
  (prevents invalid persisted values from corrupting UI/state)
- password-input: use default minLength of 8 when not explicitly set
  (fixes inconsistency between render() and onInput() strength meter baseline)
- plugin_config.html: escape single quotes in JSON hidden input values
  (prevents broken attributes when JSON contains single quotes)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(widgets): add global notification widget, consolidate duplicated code

- Create notification.js widget with toast-style notifications
- Support for success, error, warning, info types
- Auto-dismiss with configurable duration
- Stacking support with max notifications limit
- Accessible with aria-live and role="alert"
- Update base.html to load notification widget early
- Replace duplicate showNotification in raw_json.html
- Simplify fonts.html fallback notification
- Net reduction of ~66 lines of duplicated code

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(widgets): escape options.name in all widgets, validate day-selector format

Security fixes:
- Escape options.name attribute in all 13 widgets to prevent injection
- Affected: color-picker, date-picker, email-input, number-input,
  password-input, radio-group, select-dropdown, slider, text-input,
  textarea, toggle-switch, url-input

Defensive coding:
- day-selector: validate format option exists in DAY_LABELS before use
- Falls back to 'long' format for unsupported/invalid format values

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(plugins): add type="button" to control buttons, add debug logging

- Add type="button" attribute to refresh, update-all, and restart buttons
  to prevent potential form submission behavior
- Add console logging to diagnose button click issues:
  - Log when event listeners are attached (and whether buttons found)
  - Log when handler functions are called

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(widgets): improve security and validation across widget inputs

- color-picker.js: Add sanitizeHex() to validate hex values before HTML
  interpolation, ensuring only safe #rrggbb strings are used
- day-selector.js: Escape inputName in hidden input name attribute
- number-input.js: Sanitize and escape currentValue in input element
- password-input.js: Validate minLength as non-negative integer, clamp
  invalid values to default of 8
- slider.js: Add null check for input element before accessing value
- text-input.js: Clear custom validity before checkValidity() to avoid
  stale errors, re-check after setting pattern message
- url-input.js: Normalize allowedProtocols to array, filter to valid
  protocol strings, and escape before HTML interpolation

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(widgets): add defensive fallback for DAY_LABELS lookup in day-selector

Extract labelMap with fallback before loop to ensure safe access even if
format validation somehow fails.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(widgets): add timezone-selector widget with IANA timezone dropdown

- Create timezone-selector.js widget with comprehensive IANA timezone list
- Group timezones by region (US & Canada, Europe, Asia, etc.)
- Show current UTC offset for each timezone
- Display live time preview for selected timezone
- Update general.html to use timezone-selector instead of text input
- Add script tag to base.html for widget loading

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(ui): suppress on-demand status notification on page load

Change loadOnDemandStatus(true) to loadOnDemandStatus(false) during
initPluginsPage() to prevent the "on-demand status refreshed"
notification from appearing every time a tab is opened or the page
is navigated. The notification should only appear on explicit user
refresh.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* style(ui): soften notification close button appearance

Replace blocky FontAwesome X icon with a cleaner SVG that has rounded
stroke caps. Make the button circular, slightly transparent by default,
and add smooth hover transitions for a more polished look.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(widgets): multiple security and validation improvements

- color-picker.js: Ensure presets is always an array before map/filter
- number-input.js: Guard against undefined options parameter
- number-input.js: Sanitize and escape min/max/step HTML attributes
- text-input.js: Clear custom validity in onInput to unblock form submit
- timezone-selector.js: Replace legacy Europe/Belfast with Europe/London
- url-input.js: Use RFC 3986 scheme pattern for protocol validation
- general.html: Use |tojson filter to escape timezone value safely

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* refactor(url-input): centralize RFC 3986 protocol validation

Extract protocol normalization into reusable normalizeProtocols()
helper function that validates against RFC 3986 scheme pattern.
Apply consistently in render, validate, and onInput to ensure
protocols like "git+ssh", "android-app" are properly handled
everywhere. Also lowercase protocol comparison in isValidUrl().

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(timezone-selector): use hidden input for form submission

Replace direct select name attribute with a hidden input pattern to
ensure timezone value is always properly serialized in form submissions.
The hidden input is synced on change and setValue calls. This matches
the pattern used by other widgets and ensures HTMX json-enc properly
captures the value.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(general): preserve timezone dropdown value after save

Add inline script to sync the timezone select with the hidden input
value after form submission. This prevents the dropdown from visually
resetting to the old value while the save has actually succeeded.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(widgets): preserve timezone selection across form submission

Use before-request handler to capture the selected timezone value
before HTMX processes the form, then restore it in after-request.
This is more robust than reading from the hidden input which may
also be affected by form state changes.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(widgets): add HTMX protection to timezone selector

Add global HTMX event listeners in the timezone-selector widget
that preserve the selected value across any form submissions.
This is more robust than form-specific handlers as it protects
the widget regardless of how/where forms are submitted.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* debug(widgets): add logging and prevent timezone widget re-init

Add debug logging and guards to prevent the timezone widget from
being re-initialized after it's already rendered. This should help
diagnose why the dropdown is reverting after save.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* debug: add console logging to timezone HTMX protection

* debug: add onChange logging to trace timezone selection

* fix(widgets): use selectedIndex to force visual update in timezone dropdown

The browser's select.value setter sometimes doesn't trigger a visual
update when optgroup elements are present. Using selectedIndex instead
forces the browser to correctly update the visible selection.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(widgets): force browser repaint on timezone dropdown restore

Adding display:none/reflow/display:'' pattern to force browser to
visually update the select element after changing selectedIndex.
Increased timeout to 50ms for reliability.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* chore(widgets): remove debug logging from timezone selector

Clean up console.log statements that were used for debugging the
timezone dropdown visual update issue.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(ui): improve HTMX after-request handler in general settings

- Parse xhr.responseText with JSON.parse in try/catch instead of
  using nonstandard responseJSON property
- Check xhr.status for 2xx success range
- Show error notification for non-2xx responses
- Default to safe fallback values if JSON parsing fails

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(widgets): add input sanitization and timezone validation

- Sanitize minLength/maxLength in text-input.js to prevent attribute
  injection (coerce to integers, validate range)
- Update Europe/Kiev to Europe/Kyiv (canonical IANA identifier)
- Validate timezone currentValue against TIMEZONE_GROUPS before rendering

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(ui): correct error message fallback in HTMX after-request handler

Initialize message to empty string so error responses can use the
fallback 'Failed to save settings' when no server message is provided.
Previously, the truthy default 'Settings saved' would always be used.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(widgets): add constraint normalization and improve value validation

- text-input: normalize minLength/maxLength so maxLength >= minLength
- timezone-selector: validate setValue input against TIMEZONE_GROUPS
- timezone-selector: sync hidden input to actual selected value
- timezone-selector: preserve empty selections across HTMX requests

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(widgets): simplify HTMX restore using select.value and dispatch change event

Replace selectedIndex manipulation with direct value assignment for cleaner
placeholder handling, and dispatch change event to refresh timezone preview.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Chuck <chuck@example.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Chuck
2026-01-27 19:56:16 -05:00
committed by GitHub
parent 0203c5c1b5
commit a8c85dd015
26 changed files with 4818 additions and 294 deletions
Download Patch File Download Diff File Expand all files Collapse all files

207
web_interface/templates/v3/partials/plugin_config.html
View File

@@ -11,9 +11,68 @@
{% set description = prop.description if prop.description else '' %}
{% set field_type = prop.type if prop.type is string else (prop.type[0] if prop.type is iterable else 'string') %}
{# Handle nested objects recursively #}
{% if field_type == 'object' and prop.properties %}
{{ render_nested_section(key, prop, value, prefix, plugin_id) }}
{# Handle nested objects - check for widget first #}
{% if field_type == 'object' %}
{% set obj_widget = prop.get('x-widget') or prop.get('x_widget') %}
{% if obj_widget == 'schedule-picker' %}
{# Schedule picker widget - renders enable/mode/times UI #}
{% set obj_value = value if value is not none else {} %}
<div class="form-group mb-4">
<label class="block text-sm font-medium text-gray-700 mb-1">{{ label }}</label>
{% if description %}<p class="text-sm text-gray-500 mb-2">{{ description }}</p>{% endif %}
<div id="{{ field_id }}_container" class="schedule-picker-container mt-1"></div>
<input type="hidden" id="{{ field_id }}_data" name="{{ full_key }}" value='{{ (obj_value|tojson|safe)|replace("'", "&#39;") }}'>
</div>
<script>
(function() {
function initWidget() {
if (!window.LEDMatrixWidgets) { setTimeout(initWidget, 50); return; }
var widget = window.LEDMatrixWidgets.get('schedule-picker');
if (!widget) { setTimeout(initWidget, 50); return; }
var container = document.getElementById('{{ field_id }}_container');
if (!container) return;
var value = {{ obj_value|tojson|safe }};
var config = { 'x-options': {{ (prop.get('x-options') or prop.get('x_options') or {})|tojson|safe }} };
widget.render(container, config, value, { fieldId: '{{ field_id }}', pluginId: '{{ plugin_id }}' });
}
if (document.readyState === 'loading') {
document.addEventListener('DOMContentLoaded', initWidget);
} else {
setTimeout(initWidget, 50);
}
})();
</script>
{% elif obj_widget == 'time-range' %}
{# Time range widget - renders start/end time inputs #}
{% set obj_value = value if value is not none else {} %}
<div class="form-group mb-4">
<label class="block text-sm font-medium text-gray-700 mb-1">{{ label }}</label>
{% if description %}<p class="text-sm text-gray-500 mb-2">{{ description }}</p>{% endif %}
<div id="{{ field_id }}_container" class="time-range-container mt-1"></div>
<input type="hidden" id="{{ field_id }}_data" name="{{ full_key }}" value='{{ (obj_value|tojson|safe)|replace("'", "&#39;") }}'>
</div>
<script>
(function() {
function initWidget() {
if (!window.LEDMatrixWidgets) { setTimeout(initWidget, 50); return; }
var widget = window.LEDMatrixWidgets.get('time-range');
if (!widget) { setTimeout(initWidget, 50); return; }
var container = document.getElementById('{{ field_id }}_container');
if (!container) return;
var value = {{ obj_value|tojson|safe }};
var config = { 'x-options': {{ (prop.get('x-options') or prop.get('x_options') or {})|tojson|safe }} };
widget.render(container, config, value, { fieldId: '{{ field_id }}', pluginId: '{{ plugin_id }}' });
}
if (document.readyState === 'loading') {
document.addEventListener('DOMContentLoaded', initWidget);
} else {
setTimeout(initWidget, 50);
}
})();
</script>
{% elif prop.properties %}
{{ render_nested_section(key, prop, value, prefix, plugin_id) }}
{% endif %}
{% else %}
<div class="form-group mb-4">
<label for="{{ field_id }}" class="block text-sm font-medium text-gray-700 mb-1">
@@ -24,16 +83,45 @@
<p class="text-sm text-gray-500 mb-2">{{ description }}</p>
{% endif %}
{# Boolean checkbox #}
{# Boolean - check for widget first #}
{% if field_type == 'boolean' %}
{% set bool_widget = prop.get('x-widget') or prop.get('x_widget') %}
{% if bool_widget == 'toggle-switch' %}
{# Render toggle-switch widget #}
<div id="{{ field_id }}_container" class="toggle-switch-container"></div>
<script>
(function() {
function initWidget() {
if (!window.LEDMatrixWidgets) { setTimeout(initWidget, 50); return; }
var widget = window.LEDMatrixWidgets.get('toggle-switch');
if (!widget) { setTimeout(initWidget, 50); return; }
var container = document.getElementById('{{ field_id }}_container');
if (!container) return;
var value = {{ value|tojson|safe if value is not none else 'false' }};
var config = {
'type': 'boolean',
'x-options': {{ (prop.get('x-options') or prop.get('x_options') or {})|tojson|safe }}
};
widget.render(container, config, value, { fieldId: '{{ field_id }}', name: '{{ full_key }}', pluginId: '{{ plugin_id }}' });
}
if (document.readyState === 'loading') {
document.addEventListener('DOMContentLoaded', initWidget);
} else {
setTimeout(initWidget, 50);
}
})();
</script>
{% else %}
{# Default checkbox #}
<label class="flex items-center cursor-pointer">
<input type="checkbox"
<input type="checkbox"
id="{{ field_id }}"
name="{{ full_key }}"
name="{{ full_key }}"
{% if value %}checked{% endif %}
class="h-4 w-4 text-blue-600 focus:ring-blue-500 border-gray-300 rounded">
<span class="ml-2 text-sm text-gray-600">Enabled</span>
</label>
{% endif %}
{# Enum dropdown #}
{% elif prop.enum %}
@@ -47,16 +135,47 @@
{% endfor %}
</select>
{# Number input #}
{# Number input - check for widget first #}
{% elif field_type in ['number', 'integer'] %}
<input type="number"
{% set num_widget = prop.get('x-widget') or prop.get('x_widget') %}
{% if num_widget in ['slider', 'number-input'] %}
{# Render slider or number-input widget #}
<div id="{{ field_id }}_container" class="{{ num_widget }}-container"></div>
<script>
(function() {
function initWidget() {
if (!window.LEDMatrixWidgets) { setTimeout(initWidget, 50); return; }
var widget = window.LEDMatrixWidgets.get('{{ num_widget }}');
if (!widget) { setTimeout(initWidget, 50); return; }
var container = document.getElementById('{{ field_id }}_container');
if (!container) return;
var value = {{ value|tojson if value is not none else (prop.default|tojson if prop.default is defined else 'null') }};
var config = {
'type': '{{ field_type }}',
'minimum': {{ prop.minimum|tojson if prop.minimum is defined else 'null' }},
'maximum': {{ prop.maximum|tojson if prop.maximum is defined else 'null' }},
'x-options': {{ (prop.get('x-options') or prop.get('x_options') or {})|tojson|safe }}
};
widget.render(container, config, value, { fieldId: '{{ field_id }}', name: '{{ full_key }}', pluginId: '{{ plugin_id }}' });
}
if (document.readyState === 'loading') {
document.addEventListener('DOMContentLoaded', initWidget);
} else {
setTimeout(initWidget, 50);
}
})();
</script>
{% else %}
{# Default number input #}
<input type="number"
id="{{ field_id }}"
name="{{ full_key }}"
name="{{ full_key }}"
value="{{ value if value is not none else (prop.default if prop.default is defined else '') }}"
{% if prop.minimum is defined %}min="{{ prop.minimum }}"{% endif %}
{% if prop.maximum is defined %}max="{{ prop.maximum }}"{% endif %}
{% if field_type == 'integer' %}step="1"{% else %}step="any"{% endif %}
class="form-input w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 bg-white text-black placeholder:text-gray-500">
{% endif %}
{# Array - check for file upload widget first (to avoid breaking static-image plugin), then checkbox-group, then array of objects #}
{% elif field_type == 'array' %}
@@ -150,7 +269,7 @@
</div>
<!-- Hidden input to store image data -->
<input type="hidden" id="{{ field_id }}_images_data" name="{{ full_key }}" value='{{ array_value|tojson|safe }}'>
<input type="hidden" id="{{ field_id }}_images_data" name="{{ full_key }}" value='{{ (array_value|tojson|safe)|replace("'", "&#39;") }}'>
</div>
{% elif x_widget == 'checkbox-group' %}
{# Checkbox group widget for multi-select arrays with enum items #}
@@ -184,6 +303,29 @@
{# Sentinel hidden input with bracket notation to allow clearing array to [] when all unchecked #}
{# This ensures the field is always submitted, even when all checkboxes are unchecked #}
<input type="hidden" name="{{ full_key }}[]" value="">
{% elif x_widget == 'day-selector' %}
{# Day selector widget for selecting days of the week #}
{% set array_value = value if value is not none and value is iterable and value is not string else (prop.default if prop.default is defined and prop.default is iterable and prop.default is not string else []) %}
<div id="{{ field_id }}_container" class="day-selector-container mt-1"></div>
<script>
(function() {
function initWidget() {
if (!window.LEDMatrixWidgets) { setTimeout(initWidget, 50); return; }
var widget = window.LEDMatrixWidgets.get('day-selector');
if (!widget) { setTimeout(initWidget, 50); return; }
var container = document.getElementById('{{ field_id }}_container');
if (!container) return;
var value = {{ array_value|tojson|safe }};
var config = { 'x-options': {{ (prop.get('x-options') or prop.get('x_options') or {})|tojson|safe }} };
widget.render(container, config, value, { fieldId: '{{ field_id }}', pluginId: '{{ plugin_id }}', name: '{{ full_key }}' });
}
if (document.readyState === 'loading') {
document.addEventListener('DOMContentLoaded', initWidget);
} else {
setTimeout(initWidget, 50);
}
})();
</script>
{% else %}
{# Check for custom-feeds widget first #}
{% set items_schema = prop.get('items') or {} %}
@@ -390,13 +532,46 @@
{% endif %}
{% endif %}
{# Text input (default) #}
{# String/default field - check for widgets #}
{% else %}
<input type="text"
id="{{ field_id }}"
name="{{ full_key }}"
value="{{ value if value is not none else (prop.default if prop.default is defined else '') }}"
class="form-input w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 bg-white text-black placeholder:text-gray-500">
{% set str_widget = prop.get('x-widget') or prop.get('x_widget') %}
{% set str_value = value if value is not none else (prop.default if prop.default is defined else '') %}
{% if str_widget in ['text-input', 'textarea', 'select-dropdown', 'toggle-switch', 'radio-group', 'date-picker', 'slider', 'color-picker', 'email-input', 'url-input', 'password-input'] %}
{# Render widget container #}
<div id="{{ field_id }}_container" class="{{ str_widget }}-container"></div>
<script>
(function() {
function initWidget() {
if (!window.LEDMatrixWidgets) { setTimeout(initWidget, 50); return; }
var widget = window.LEDMatrixWidgets.get('{{ str_widget }}');
if (!widget) { setTimeout(initWidget, 50); return; }
var container = document.getElementById('{{ field_id }}_container');
if (!container) return;
var value = {{ str_value|tojson|safe }};
var config = {
'type': '{{ field_type }}',
'enum': {{ (prop.enum or [])|tojson|safe }},
'minimum': {{ prop.minimum|tojson if prop.minimum is defined else 'null' }},
'maximum': {{ prop.maximum|tojson if prop.maximum is defined else 'null' }},
'x-options': {{ (prop.get('x-options') or prop.get('x_options') or {})|tojson|safe }}
};
widget.render(container, config, value, { fieldId: '{{ field_id }}', name: '{{ full_key }}', pluginId: '{{ plugin_id }}' });
}
if (document.readyState === 'loading') {
document.addEventListener('DOMContentLoaded', initWidget);
} else {
setTimeout(initWidget, 50);
}
})();
</script>
{% else %}
{# Default text input #}
<input type="text"
id="{{ field_id }}"
name="{{ full_key }}"
value="{{ str_value }}"
class="form-input w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 bg-white text-black placeholder:text-gray-500">
{% endif %}
{% endif %}
</div>
{% endif %}