romfast/rar-autopass
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
504b490d3b933ea5739fa44b34bc75381d107cd2
rar-autopass/app/web/templates/_upload.html
Claude Agent 504b490d3b feat(web): self-onboarding multi-tenant + auth sesiune (PRD 3.3a) 
Canalul web trece de la 100% deschis (hardcodat cont 1) la autentificat si
multi-tenant. Un service nou se inregistreaza din browser, primeste o cheie API
(o singura data) si o sesiune; contul se creeaza "in asteptare" (active=0) si nu
trimite la RAR pana la activarea de catre admin (tools/account.py activate).

- users + app/users.py: parole scrypt (salt per-user, eticheta parametri onorata
  la verify pentru migrare cost), email unic case-insensitive
- sesiune: SessionMiddleware (same_site=strict, https_only config) + app/web/session.py
  (current_account/web_account/require_login->LoginRequired, set_session clear-inainte)
- CSRF (app/web/csrf.py) enforce in prod inclusiv pe login/signup + rate-limit
  in-proces (app/web/ratelimit.py) pe signup si login
- signup/login/logout (app/web/auth_routes.py): signup tranzactie atomica,
  cheie-o-data, log SIGNUP pentru descoperire admin
- dashboard + import scoped pe contul sesiunii (regula NULL->cont 1); toate rutele
  web care ating date sensibile sub require_login; nomenclator ramane global
- banner "cont in asteptare" pentru conturi active=0
- gate worker: claim_one LEFT JOIN accounts COALESCE(active,1)=1 (account_id NULL=activ)

VERIFY context curat (2 runde): leak cross-account /_fragments/mapari prins+reparat.
/code-review high: csrf_token lipsa pe re-randari de eroare, scrypt_params ignorat,
login fara rate-limit -- toate reparate. 361 teste pass (de la 313).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-18 16:43:21 +00:00

108 lines
3.5 KiB
HTML
Raw Blame History

<div id="import-section">
<div class="card">
<h2 style="font-size:15px; margin:0 0 12px;">Import fisier (xlsx / csv)</h2>
{% if message %}
<div class="flash" style="margin-bottom:12px;">{{ message }}</div>
{% endif %}
{% if error %}
<div class="flash" style="border-color:var(--err); background:#241a1a; margin-bottom:12px;"
role="alert">{{ error }}</div>
{% endif %}
{% if sheets %}
<div class="flash" style="border-color:var(--warn); background:#201c0f; margin-bottom:12px;">
Fisierul are mai multe foi de lucru. Alege foaia de mai jos si incarca din nou.
</div>
{% endif %}
<form id="upload-form"
hx-post="/_import/upload"
hx-target="#import-section"
hx-swap="outerHTML"
hx-encoding="multipart/form-data"
hx-indicator="#upload-spinner">
<input type="hidden" name="csrf_token" value="{{ csrf_token or '' }}">
{% if sheets %}
<div style="margin-bottom:12px;">
<label for="sheet-select"
style="display:block; margin-bottom:4px; font-size:13px; color:var(--muted);">
Foaie de lucru
</label>
<select id="sheet-select" name="sheet_name" style="min-width:200px;">
{% for s in sheets %}
<option value="{{ s }}">{{ s }}</option>
{% endfor %}
</select>
</div>
{% endif %}
<div class="drop-zone" id="drop-zone"
role="region" aria-label="Zona de incarcare fisier">
{% if not sheets %}
<p style="font-size:17px; margin:0 0 4px; font-weight:600;">Primul fisier? Trage-l aici.</p>
<p class="muted" style="margin:0 0 16px; font-size:13px;">xlsx sau csv, max 5000 randuri</p>
{% else %}
<p class="muted" style="margin:0 0 16px; font-size:14px;">
Incarca fisierul din nou dupa ce ai ales foaia.
</p>
{% endif %}
<input id="file-input" type="file" name="file" accept=".xlsx,.xls,.csv"
style="display:none;" aria-label="Selecteaza fisier xlsx sau csv">
<button type="button" id="upload-btn"
style="min-height:44px; padding:10px 24px; font-size:14px;">
Alege fisier
</button>
</div>
<p class="muted" style="margin:8px 0 0; font-size:12px;">
NU se trimite nimic la RAR pana confirmi explicit.
</p>
<span id="upload-spinner" class="htmx-indicator muted"
style="font-size:13px; margin-top:6px; display:inline;">
se parseaza fisierul...
</span>
</form>
</div>
</div>
<script>
(function() {
var btn = document.getElementById('upload-btn');
var fi = document.getElementById('file-input');
var dz = document.getElementById('drop-zone');
var frm = document.getElementById('upload-form');
if (!btn || !fi || !frm) return;
btn.addEventListener('click', function() { fi.click(); });
fi.addEventListener('change', function() {
if (fi.files.length > 0) frm.requestSubmit();
});
dz.addEventListener('dragover', function(e) {
e.preventDefault();
dz.classList.add('drag-over');
});
dz.addEventListener('dragleave', function(e) {
if (!dz.contains(e.relatedTarget)) dz.classList.remove('drag-over');
});
dz.addEventListener('drop', function(e) {
e.preventDefault();
dz.classList.remove('drag-over');
var f = (e.dataTransfer.files || [])[0];
if (!f) return;
try {
var dt = new DataTransfer();
dt.items.add(f);
fi.files = dt.files;
} catch (_) {}
frm.requestSubmit();
});
})();
</script>
Reference in New Issue View Git Blame Copy Permalink