mirror of
https://github.com/ChuckBuilds/LEDMatrix.git
synced 2026-04-10 21:03:01 +00:00
a8c85dd015
* feat(widgets): add modular widget system for schedule and common inputs Add 15 new reusable widgets following the widget registry pattern: - schedule-picker: composite widget for enable/mode/time configuration - day-selector: checkbox group for days of the week - time-range: paired start/end time inputs with validation - text-input, number-input, textarea: enhanced text inputs - toggle-switch, radio-group, select-dropdown: selection widgets - slider, color-picker, date-picker: specialized inputs - email-input, url-input, password-input: validated string inputs Refactor schedule.html to use the new schedule-picker widget instead of inline JavaScript. Add x-widget support in plugin_config.html for all new widgets so plugins can use them via schema configuration. Fix form submission for checkboxes by using hidden input pattern to ensure unchecked state is properly sent via JSON-encoded forms. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(widgets): improve security, validation, and form binding across widgets - Fix XSS vulnerability: escapeHtml now escapes quotes in all widget fallbacks - color-picker: validate presets with isValidHex(), use data attributes - date-picker: add placeholder attribute support - day-selector: use options.name for hidden input form binding - password-input: implement requireUppercase/Number/Special validation - radio-group: fix value injection using this.value instead of interpolation - schedule-picker: preserve day values when disabling (don't clear times) - select-dropdown: remove undocumented searchable/icons options - text-input: apply patternMessage via setCustomValidity - time-range: use options.name for hidden inputs - toggle-switch: preserve configured color from data attribute - url-input: combine browser and custom protocol validation - plugin_config: add widget support for boolean/number types, pass name to day-selector - schedule: handle null config gracefully, preserve explicit mode setting Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(widgets): validate day-selector input, consistent minLength default, escape JSON quotes - day-selector: filter incoming selectedDays to only valid entries in DAYS array (prevents invalid persisted values from corrupting UI/state) - password-input: use default minLength of 8 when not explicitly set (fixes inconsistency between render() and onInput() strength meter baseline) - plugin_config.html: escape single quotes in JSON hidden input values (prevents broken attributes when JSON contains single quotes) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(widgets): add global notification widget, consolidate duplicated code - Create notification.js widget with toast-style notifications - Support for success, error, warning, info types - Auto-dismiss with configurable duration - Stacking support with max notifications limit - Accessible with aria-live and role="alert" - Update base.html to load notification widget early - Replace duplicate showNotification in raw_json.html - Simplify fonts.html fallback notification - Net reduction of ~66 lines of duplicated code Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(widgets): escape options.name in all widgets, validate day-selector format Security fixes: - Escape options.name attribute in all 13 widgets to prevent injection - Affected: color-picker, date-picker, email-input, number-input, password-input, radio-group, select-dropdown, slider, text-input, textarea, toggle-switch, url-input Defensive coding: - day-selector: validate format option exists in DAY_LABELS before use - Falls back to 'long' format for unsupported/invalid format values Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(plugins): add type="button" to control buttons, add debug logging - Add type="button" attribute to refresh, update-all, and restart buttons to prevent potential form submission behavior - Add console logging to diagnose button click issues: - Log when event listeners are attached (and whether buttons found) - Log when handler functions are called Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(widgets): improve security and validation across widget inputs - color-picker.js: Add sanitizeHex() to validate hex values before HTML interpolation, ensuring only safe #rrggbb strings are used - day-selector.js: Escape inputName in hidden input name attribute - number-input.js: Sanitize and escape currentValue in input element - password-input.js: Validate minLength as non-negative integer, clamp invalid values to default of 8 - slider.js: Add null check for input element before accessing value - text-input.js: Clear custom validity before checkValidity() to avoid stale errors, re-check after setting pattern message - url-input.js: Normalize allowedProtocols to array, filter to valid protocol strings, and escape before HTML interpolation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(widgets): add defensive fallback for DAY_LABELS lookup in day-selector Extract labelMap with fallback before loop to ensure safe access even if format validation somehow fails. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(widgets): add timezone-selector widget with IANA timezone dropdown - Create timezone-selector.js widget with comprehensive IANA timezone list - Group timezones by region (US & Canada, Europe, Asia, etc.) - Show current UTC offset for each timezone - Display live time preview for selected timezone - Update general.html to use timezone-selector instead of text input - Add script tag to base.html for widget loading Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(ui): suppress on-demand status notification on page load Change loadOnDemandStatus(true) to loadOnDemandStatus(false) during initPluginsPage() to prevent the "on-demand status refreshed" notification from appearing every time a tab is opened or the page is navigated. The notification should only appear on explicit user refresh. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * style(ui): soften notification close button appearance Replace blocky FontAwesome X icon with a cleaner SVG that has rounded stroke caps. Make the button circular, slightly transparent by default, and add smooth hover transitions for a more polished look. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(widgets): multiple security and validation improvements - color-picker.js: Ensure presets is always an array before map/filter - number-input.js: Guard against undefined options parameter - number-input.js: Sanitize and escape min/max/step HTML attributes - text-input.js: Clear custom validity in onInput to unblock form submit - timezone-selector.js: Replace legacy Europe/Belfast with Europe/London - url-input.js: Use RFC 3986 scheme pattern for protocol validation - general.html: Use |tojson filter to escape timezone value safely Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * refactor(url-input): centralize RFC 3986 protocol validation Extract protocol normalization into reusable normalizeProtocols() helper function that validates against RFC 3986 scheme pattern. Apply consistently in render, validate, and onInput to ensure protocols like "git+ssh", "android-app" are properly handled everywhere. Also lowercase protocol comparison in isValidUrl(). Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(timezone-selector): use hidden input for form submission Replace direct select name attribute with a hidden input pattern to ensure timezone value is always properly serialized in form submissions. The hidden input is synced on change and setValue calls. This matches the pattern used by other widgets and ensures HTMX json-enc properly captures the value. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(general): preserve timezone dropdown value after save Add inline script to sync the timezone select with the hidden input value after form submission. This prevents the dropdown from visually resetting to the old value while the save has actually succeeded. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(widgets): preserve timezone selection across form submission Use before-request handler to capture the selected timezone value before HTMX processes the form, then restore it in after-request. This is more robust than reading from the hidden input which may also be affected by form state changes. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(widgets): add HTMX protection to timezone selector Add global HTMX event listeners in the timezone-selector widget that preserve the selected value across any form submissions. This is more robust than form-specific handlers as it protects the widget regardless of how/where forms are submitted. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * debug(widgets): add logging and prevent timezone widget re-init Add debug logging and guards to prevent the timezone widget from being re-initialized after it's already rendered. This should help diagnose why the dropdown is reverting after save. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * debug: add console logging to timezone HTMX protection * debug: add onChange logging to trace timezone selection * fix(widgets): use selectedIndex to force visual update in timezone dropdown The browser's select.value setter sometimes doesn't trigger a visual update when optgroup elements are present. Using selectedIndex instead forces the browser to correctly update the visible selection. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(widgets): force browser repaint on timezone dropdown restore Adding display:none/reflow/display:'' pattern to force browser to visually update the select element after changing selectedIndex. Increased timeout to 50ms for reliability. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * chore(widgets): remove debug logging from timezone selector Clean up console.log statements that were used for debugging the timezone dropdown visual update issue. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(ui): improve HTMX after-request handler in general settings - Parse xhr.responseText with JSON.parse in try/catch instead of using nonstandard responseJSON property - Check xhr.status for 2xx success range - Show error notification for non-2xx responses - Default to safe fallback values if JSON parsing fails Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(widgets): add input sanitization and timezone validation - Sanitize minLength/maxLength in text-input.js to prevent attribute injection (coerce to integers, validate range) - Update Europe/Kiev to Europe/Kyiv (canonical IANA identifier) - Validate timezone currentValue against TIMEZONE_GROUPS before rendering Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(ui): correct error message fallback in HTMX after-request handler Initialize message to empty string so error responses can use the fallback 'Failed to save settings' when no server message is provided. Previously, the truthy default 'Settings saved' would always be used. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(widgets): add constraint normalization and improve value validation - text-input: normalize minLength/maxLength so maxLength >= minLength - timezone-selector: validate setValue input against TIMEZONE_GROUPS - timezone-selector: sync hidden input to actual selected value - timezone-selector: preserve empty selections across HTMX requests Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(widgets): simplify HTMX restore using select.value and dispatch change event Replace selectedIndex manipulation with direct value assignment for cleaner placeholder handling, and dispatch change event to refresh timezone preview. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Chuck <chuck@example.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
319 lines
13 KiB
HTML
319 lines
13 KiB
HTML
<div class="space-y-6">
|
|
<!-- Config.json Editor -->
|
|
<div class="bg-white rounded-lg shadow p-6">
|
|
<div class="border-b border-gray-200 pb-4 mb-6">
|
|
<div class="flex items-center justify-between">
|
|
<div>
|
|
<h2 class="text-lg font-semibold text-gray-900">config.json Editor</h2>
|
|
<p class="mt-1 text-sm text-gray-600">{{ main_config_path }}</p>
|
|
</div>
|
|
<div class="flex gap-2">
|
|
<button onclick="formatJson('main-config-editor', 'main-config-validation')"
|
|
class="inline-flex items-center px-3 py-2 border border-gray-300 text-sm font-medium rounded-md text-gray-700 bg-white hover:bg-gray-50">
|
|
<i class="fas fa-align-left mr-2"></i>
|
|
Format JSON
|
|
</button>
|
|
<button onclick="manualValidateJson('main-config-editor', 'main-config-validation')"
|
|
class="inline-flex items-center px-3 py-2 border border-transparent text-sm font-medium rounded-md text-white bg-yellow-600 hover:bg-yellow-700">
|
|
<i class="fas fa-check-circle mr-2"></i>
|
|
Validate JSON
|
|
</button>
|
|
<button onclick="saveMainConfig()"
|
|
class="inline-flex items-center px-4 py-2 border border-transparent text-sm font-medium rounded-md text-white bg-blue-600 hover:bg-blue-700">
|
|
<i class="fas fa-save mr-2"></i>
|
|
Save
|
|
</button>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="relative">
|
|
<textarea id="main-config-editor"
|
|
class="w-full h-96 font-mono text-sm p-4 border border-gray-300 rounded-md focus:ring-blue-500 focus:border-blue-500"
|
|
spellcheck="false">{{ main_config_json }}</textarea>
|
|
<div id="main-config-validation" class="mt-2 text-sm"></div>
|
|
</div>
|
|
|
|
<div class="mt-4 p-4 bg-yellow-50 border border-yellow-200 rounded-md">
|
|
<div class="flex">
|
|
<div class="flex-shrink-0">
|
|
<i class="fas fa-exclamation-triangle text-yellow-600"></i>
|
|
</div>
|
|
<div class="ml-3">
|
|
<h3 class="text-sm font-medium text-yellow-800">Warning</h3>
|
|
<div class="mt-2 text-sm text-yellow-700">
|
|
<p>Editing this file directly can break your configuration. Always validate JSON syntax before saving.</p>
|
|
<p class="mt-1">After saving, you may need to restart the display service for changes to take effect.</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<!-- Config_secrets.json Editor -->
|
|
<div class="bg-white rounded-lg shadow p-6">
|
|
<div class="border-b border-gray-200 pb-4 mb-6">
|
|
<div class="flex items-center justify-between">
|
|
<div>
|
|
<h2 class="text-lg font-semibold text-gray-900">config_secrets.json Editor</h2>
|
|
<p class="mt-1 text-sm text-gray-600">{{ secrets_config_path }}</p>
|
|
</div>
|
|
<div class="flex gap-2">
|
|
<button onclick="formatJson('secrets-config-editor', 'secrets-config-validation')"
|
|
class="inline-flex items-center px-3 py-2 border border-gray-300 text-sm font-medium rounded-md text-gray-700 bg-white hover:bg-gray-50">
|
|
<i class="fas fa-align-left mr-2"></i>
|
|
Format JSON
|
|
</button>
|
|
<button onclick="manualValidateJson('secrets-config-editor', 'secrets-config-validation')"
|
|
class="inline-flex items-center px-3 py-2 border border-transparent text-sm font-medium rounded-md text-white bg-yellow-600 hover:bg-yellow-700">
|
|
<i class="fas fa-check-circle mr-2"></i>
|
|
Validate JSON
|
|
</button>
|
|
<button onclick="saveSecretsConfig()"
|
|
class="inline-flex items-center px-4 py-2 border border-transparent text-sm font-medium rounded-md text-white bg-blue-600 hover:bg-blue-700">
|
|
<i class="fas fa-save mr-2"></i>
|
|
Save
|
|
</button>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="relative">
|
|
<textarea id="secrets-config-editor"
|
|
class="w-full h-96 font-mono text-sm p-4 border border-gray-300 rounded-md focus:ring-blue-500 focus:border-blue-500"
|
|
spellcheck="false">{{ secrets_config_json }}</textarea>
|
|
<div id="secrets-config-validation" class="mt-2 text-sm"></div>
|
|
</div>
|
|
|
|
<div class="mt-4 p-4 bg-red-50 border border-red-200 rounded-md">
|
|
<div class="flex">
|
|
<div class="flex-shrink-0">
|
|
<i class="fas fa-shield-alt text-red-600"></i>
|
|
</div>
|
|
<div class="ml-3">
|
|
<h3 class="text-sm font-medium text-red-800">Security Notice</h3>
|
|
<div class="mt-2 text-sm text-red-700">
|
|
<p>This file contains sensitive information like API keys and passwords.</p>
|
|
<p class="mt-1">Never share this file or commit it to version control.</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<script>
|
|
// Format JSON with proper indentation
|
|
function formatJson(editorId, validationDivId) {
|
|
const textarea = document.getElementById(editorId);
|
|
const jsonText = textarea.value;
|
|
|
|
try {
|
|
const parsed = JSON.parse(jsonText);
|
|
const formatted = JSON.stringify(parsed, null, 4);
|
|
textarea.value = formatted;
|
|
|
|
// Auto-validate after formatting
|
|
validateJSON(editorId, validationDivId);
|
|
showNotification('JSON formatted successfully!', 'success');
|
|
} catch (error) {
|
|
showNotification('Cannot format invalid JSON: ' + error.message, 'error');
|
|
validateJSON(editorId, validationDivId);
|
|
}
|
|
}
|
|
|
|
// Manual validation with detailed feedback
|
|
function manualValidateJson(editorId, validationDivId) {
|
|
const textarea = document.getElementById(editorId);
|
|
const validation = document.getElementById(validationDivId);
|
|
const jsonText = textarea.value;
|
|
|
|
if (!textarea || !validation) return;
|
|
|
|
try {
|
|
const parsed = JSON.parse(jsonText);
|
|
validation.innerHTML = `
|
|
<div class="p-3 bg-green-50 border border-green-200 rounded-md">
|
|
<div class="flex items-start">
|
|
<i class="fas fa-check-circle text-green-600 text-xl mr-3 mt-1"></i>
|
|
<div>
|
|
<div class="font-semibold text-green-800">✓ JSON is valid!</div>
|
|
<div class="text-sm text-green-700 mt-1">
|
|
✓ Valid JSON syntax<br>
|
|
✓ Proper structure<br>
|
|
✓ No syntax errors detected
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
`;
|
|
showNotification('JSON validation successful!', 'success');
|
|
} catch (e) {
|
|
validation.innerHTML = `
|
|
<div class="p-3 bg-red-50 border border-red-200 rounded-md">
|
|
<div class="flex items-start">
|
|
<i class="fas fa-times-circle text-red-600 text-xl mr-3 mt-1"></i>
|
|
<div>
|
|
<div class="font-semibold text-red-800">✗ Invalid JSON syntax</div>
|
|
<div class="text-sm text-red-700 mt-1">
|
|
<strong>Error:</strong> ${e.message}
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
`;
|
|
showNotification('JSON validation failed: ' + e.message, 'error');
|
|
}
|
|
}
|
|
|
|
// Auto-validate JSON as user types (simple version)
|
|
function validateJSON(editor, validationDiv) {
|
|
const textarea = document.getElementById(editor);
|
|
const validation = document.getElementById(validationDiv);
|
|
|
|
if (!textarea || !validation) return true;
|
|
|
|
try {
|
|
JSON.parse(textarea.value);
|
|
validation.innerHTML = '<span class="text-green-600"><i class="fas fa-check-circle mr-1"></i>Valid JSON</span>';
|
|
return true;
|
|
} catch (e) {
|
|
validation.innerHTML = '<span class="text-red-600"><i class="fas fa-times-circle mr-1"></i>Invalid JSON: ' + e.message + '</span>';
|
|
return false;
|
|
}
|
|
}
|
|
|
|
// Auto-validate on input
|
|
document.getElementById('main-config-editor')?.addEventListener('input', function() {
|
|
validateJSON('main-config-editor', 'main-config-validation');
|
|
});
|
|
|
|
document.getElementById('secrets-config-editor')?.addEventListener('input', function() {
|
|
validateJSON('secrets-config-editor', 'secrets-config-validation');
|
|
});
|
|
|
|
// Initial validation
|
|
setTimeout(() => {
|
|
validateJSON('main-config-editor', 'main-config-validation');
|
|
validateJSON('secrets-config-editor', 'secrets-config-validation');
|
|
}, 100);
|
|
|
|
function saveMainConfig() {
|
|
const textarea = document.getElementById('main-config-editor');
|
|
|
|
// Validate JSON first
|
|
if (!validateJSON('main-config-editor', 'main-config-validation')) {
|
|
showNotification('Invalid JSON! Please fix errors before saving.', 'error');
|
|
return;
|
|
}
|
|
|
|
try {
|
|
const config = JSON.parse(textarea.value);
|
|
|
|
// Save via API
|
|
fetch('/api/v3/config/raw/main', {
|
|
method: 'POST',
|
|
headers: {
|
|
'Content-Type': 'application/json'
|
|
},
|
|
body: JSON.stringify(config)
|
|
})
|
|
.then(async response => {
|
|
// Store status and statusText before parsing
|
|
const status = response.status;
|
|
const statusText = response.statusText;
|
|
|
|
// Try to parse JSON response
|
|
let data;
|
|
try {
|
|
data = await response.json();
|
|
} catch (parseError) {
|
|
// If JSON parsing fails, throw generic HTTP error
|
|
throw new Error(`HTTP ${status}: ${statusText}`);
|
|
}
|
|
|
|
// Handle non-OK responses
|
|
if (!response.ok) {
|
|
// Extract specific error message from API response if available
|
|
const errorMessage = data.message || data.status || statusText;
|
|
throw new Error(errorMessage);
|
|
}
|
|
|
|
// Handle successful responses
|
|
if (data.status === 'success') {
|
|
showNotification('config.json saved successfully!', 'success');
|
|
} else {
|
|
showNotification('Error saving config.json: ' + (data.message || 'Unknown error'), 'error');
|
|
}
|
|
})
|
|
.catch(error => {
|
|
// Preserve the error message that was intentionally thrown
|
|
showNotification('Error saving config.json: ' + (error.message || 'An error occurred'), 'error');
|
|
});
|
|
} catch (e) {
|
|
showNotification('Invalid JSON: ' + e.message, 'error');
|
|
}
|
|
}
|
|
|
|
function saveSecretsConfig() {
|
|
const textarea = document.getElementById('secrets-config-editor');
|
|
|
|
// Validate JSON first
|
|
if (!validateJSON('secrets-config-editor', 'secrets-config-validation')) {
|
|
showNotification('Invalid JSON! Please fix errors before saving.', 'error');
|
|
return;
|
|
}
|
|
|
|
try {
|
|
const config = JSON.parse(textarea.value);
|
|
|
|
// Save via API
|
|
fetch('/api/v3/config/raw/secrets', {
|
|
method: 'POST',
|
|
headers: {
|
|
'Content-Type': 'application/json'
|
|
},
|
|
body: JSON.stringify(config)
|
|
})
|
|
.then(async response => {
|
|
// Store status and statusText before parsing
|
|
const status = response.status;
|
|
const statusText = response.statusText;
|
|
|
|
// Try to parse JSON response
|
|
let data;
|
|
try {
|
|
data = await response.json();
|
|
} catch (parseError) {
|
|
// If JSON parsing fails, throw generic HTTP error
|
|
throw new Error(`HTTP ${status}: ${statusText}`);
|
|
}
|
|
|
|
// Handle non-OK responses
|
|
if (!response.ok) {
|
|
// Extract specific error message from API response if available
|
|
const errorMessage = data.message || data.status || statusText;
|
|
throw new Error(errorMessage);
|
|
}
|
|
|
|
// Handle successful responses
|
|
if (data.status === 'success') {
|
|
showNotification('config_secrets.json saved successfully!', 'success');
|
|
} else {
|
|
showNotification('Error saving config_secrets.json: ' + (data.message || 'Unknown error'), 'error');
|
|
}
|
|
})
|
|
.catch(error => {
|
|
// Preserve the error message that was intentionally thrown
|
|
showNotification('Error saving config_secrets.json: ' + (error.message || 'An error occurred'), 'error');
|
|
});
|
|
} catch (e) {
|
|
showNotification('Invalid JSON: ' + e.message, 'error');
|
|
}
|
|
}
|
|
|
|
// showNotification is provided by the notification widget (notification.js)
|
|
// No local definition needed - uses window.showNotification from the widget
|
|
</script>
|
|
|