pen/Turnpike
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: pen:trunk
Branches Tags
pen:trunk
pen:css
pen:sso
pen:0.11.1
pen:0.11.0
pen:0.10.3
pen:0.10.2
pen:0.10.1
pen:0.9.3
pen:0.9.2
pen:0.10.0
pen:0.9.1
pen:0.9.0
pen:0.8.0
pen:0.7.0
pen:0.6.1
pen:0.6.0
pen:0.5.0
pen:0.4.2
pen:0.4.1
pen:0.4.0
pen:0.3.0
pen:0.2.0
pen:0.1.0
..
compare: pen:0.11.0
Branches Tags
pen:css
pen:trunk
pen:sso
pen:0.11.1
pen:0.11.0
pen:0.10.3
pen:0.10.2
pen:0.10.1
pen:0.9.3
pen:0.9.2
pen:0.10.0
pen:0.9.1
pen:0.9.0
pen:0.8.0
pen:0.7.0
pen:0.6.1
pen:0.6.0
pen:0.5.0
pen:0.4.2
pen:0.4.1
pen:0.4.0
pen:0.3.0
pen:0.2.0
pen:0.1.0

No commits in common. "trunk" and "0.11.0" have entirely different histories.
trunk ... 0.11.0

15 changed files with 94 additions and 452 deletions
Download patch file Download diff file Expand all files Collapse all files

26
db.go
View file

@ -140,11 +140,6 @@ func migrate(db *sql.DB) error {
department_id INTEGER NOT NULL REFERENCES departments(id) ON DELETE CASCADE,
PRIMARY KEY (participant_id, department_id)
);
CREATE TABLE IF NOT EXISTS sso_nonces (
nonce TEXT PRIMARY KEY,
created_at TEXT NOT NULL DEFAULT (datetime('now'))
);
`)
return err
}
@ -1355,27 +1350,6 @@ func (app *App) listOpenShiftsForDept(deptID int) ([]Shift, error) {
ORDER BY s.day, s.position, s.start_time`, deptID)
}
// --- SSO Nonces ---
func (app *App) createSSONonce(nonce string) error {
_, err := app.db.Exec(`INSERT INTO sso_nonces (nonce) VALUES (?)`, nonce)
return err
}
func (app *App) consumeSSONonce(nonce string) (bool, error) {
res, err := app.db.Exec(
`DELETE FROM sso_nonces WHERE nonce = ? AND created_at > datetime('now', '-10 minutes')`, nonce)
if err != nil {
return false, err
}
n, _ := res.RowsAffected()
return n > 0, nil
}
func (app *App) cleanExpiredNonces() {
app.db.Exec(`DELETE FROM sso_nonces WHERE created_at < datetime('now', '-10 minutes')`)
}
// --- Helpers ---
func now() string {

33
frontend/src/App.svelte
View file

@ -1,6 +1,6 @@
<script>
import { onMount } from 'svelte'
import { getSession, saveSession, clearSession } from './db.js'
import { getSession, clearSession } from './db.js'
import { syncPull, startSSE, startSyncLoop } from './sync.js'
import Login from './pages/Login.svelte'
import Dashboard from './pages/Dashboard.svelte'
@ -25,7 +25,6 @@
let route = $state(window.location.pathname)
let updateAvailable = $state(false)
let mobileNavOpen = $state(false)
let ssoError = $state('')
// Check if this is a public page (no auth needed)
const kioskToken = $derived(route.match(/^\/v\/([A-Z0-9]+)/i)?.[1] ?? '')
@ -37,7 +36,6 @@
history.pushState(null, '', path)
route = path
mobileNavOpen = false
window.scrollTo(0, 0)
}
async function checkVersion() {
@ -56,32 +54,7 @@
loading = false
return
}
// Handle SSO callback in URL fragment
const hash = window.location.hash
if (hash.startsWith('#sso_token=')) {
const token = decodeURIComponent(hash.slice('#sso_token='.length))
history.replaceState(null, '', '/')
try {
const res = await fetch('/api/me', { headers: { Authorization: `Bearer ${token}` } })
if (res.ok) {
const user = await res.json()
await saveSession(token, user)
session = { token, user }
} else {
ssoError = 'SSO login failed. Please try again.'
}
} catch {
ssoError = 'SSO login failed. Please try again.'
}
} else if (hash.startsWith('#sso_error=')) {
ssoError = decodeURIComponent(hash.slice('#sso_error='.length))
history.replaceState(null, '', '/')
}
if (!session) {
session = await getSession()
}
session = await getSession()
loading = false
if (session) {
await syncPull()
@ -129,7 +102,7 @@
{:else if isConfirmEmail}
<ConfirmEmail />
{:else if !session}
<Login onlogin={onLogin} error={ssoError} />
<Login onlogin={onLogin} />
{:else if roles.length === 1 && roles[0] === 'gatekeeper'}
<!-- Gate-only users get the full-screen GateKiosk instead of the standard layout -->
<GateKiosk {session} {onLogout} />

8
frontend/src/api.js
View file

@ -1,4 +1,4 @@
import { db, clearSession } from './db.js'
import { db } from './db.js'
async function getToken() {
const session = await db.session.get(1)
@ -17,7 +17,7 @@ export async function apiFetch(path, options = {}) {
const res = await fetch(path, { ...options, headers })
if (res.status === 401) {
await clearSession()
await db.session.clear()
window.location.pathname = '/login'
throw new Error('unauthorized')
}
@ -118,10 +118,6 @@ export const api = {
resetDepartments: () => apiJSON('/api/settings/reset-departments', { method: 'POST' }),
resetVolunteerShifts: () => apiJSON('/api/settings/reset-volunteer-shifts', { method: 'POST' }),
},
sso: {
enabled: () => kioskFetch('/api/public/sso-enabled'),
init: () => kioskFetch('/api/sso/init'),
},
signup: {
config: () => kioskFetch('/api/public/signup-config'),
submit: (data) => kioskFetch('/api/public/signup', { method: 'POST', body: JSON.stringify(data) }),

16
frontend/src/app.css
View file

@ -66,9 +66,6 @@ a:hover { color: var(--c-accent-h); }
/* Cards */
.card { background: var(--c-surface); border: 1px solid var(--c-border); border-radius: var(--radius-lg); padding: 1.25rem; }
.card + .card, .card + form, form + .card, form + form { margin-top: 1.5rem; }
.card-title { font-size: 0.95rem; font-weight: 700; margin-bottom: 1rem; }
.card-hint { font-size: 0.78rem; color: var(--c-muted); }
/* Stats */
.stats { display: grid; grid-template-columns: repeat(auto-fill, minmax(160px, 1fr)); gap: 1rem; margin-bottom: 1.5rem; }
@ -106,15 +103,8 @@ input, select, textarea {
width: 100%; font-family: var(--font);
transition: border-color var(--transition);
}
input[type="checkbox"] { width: auto; }
input[type="date"], input[type="time"], input[type="datetime-local"] { -webkit-appearance: none; appearance: none; min-height: 2.35rem; }
input:focus, select:focus, textarea:focus { outline: none; border-color: var(--c-accent); }
input::placeholder { color: var(--c-muted); }
.form-grid { display: grid; grid-template-columns: 1fr 1fr; gap: 1rem; }
.form-grid-3 { display: grid; grid-template-columns: 1fr 1fr auto; gap: 1rem; align-items: end; }
.form-grid .full { grid-column: 1 / -1; }
.checkbox-label { display: inline-flex; align-items: center; gap: 0.5rem; font-size: 0.875rem; cursor: pointer; }
.checkbox-label-sm { display: inline-flex; align-items: center; gap: 0.3rem; font-size: 0.82rem; cursor: pointer; color: var(--c-text); }
/* Search */
.search-bar { display: flex; gap: 0.5rem; align-items: center; margin-bottom: 1rem; }
@ -139,7 +129,6 @@ tr:hover td { background: rgba(255,255,255,0.02); }
font-size: 0.72rem; font-weight: 600;
text-transform: uppercase; letter-spacing: 0.04em;
}
* + .badge { margin-left: 0.3rem; }
.badge-checked { background: rgba(34,197,94,0.15); color: var(--c-success); }
.badge-confirmed { background: rgba(99,102,241,0.15); color: var(--c-accent-h); }
.badge-registered { background: rgba(14,165,233,0.15); color: #0ea5e9; }
@ -245,7 +234,6 @@ tr:hover td { background: rgba(255,255,255,0.02); }
td { display: inline; padding: 0; border: none; }
td:empty { display: none; }
/* Forms — 16px prevents iOS auto-zoom on focus */
input, select, textarea { font-size: 16px; }
.form-grid, .form-grid-3 { grid-template-columns: 1fr !important; }
/* Forms */
.form-grid { grid-template-columns: 1fr !important; }
}

2
frontend/src/pages/Dashboard.svelte
View file

@ -160,7 +160,7 @@
<p class="text-muted" style="font-size:0.85rem;margin-top:2rem">
Welcome, <strong style="color:var(--c-text)">{session?.user?.preferred_name}</strong>
· {#each roles as r}<span class="badge badge-role">{r}</span>{/each}
· {#each roles as r}<span class="badge badge-role" style="margin-right:0.25rem">{r}</span>{/each}
</p>
</div>

5
frontend/src/pages/Departments.svelte
View file

@ -101,7 +101,7 @@
{#if showAdd && canCreate}
<div class="card" style="margin-bottom:1.5rem">
<form onsubmit={addDept}>
<div class="form-grid-3">
<div class="form-grid" style="display:grid;grid-template-columns:1fr 1fr auto;gap:1rem;align-items:end">
<div class="form-group" style="margin-bottom:0">
<label for="d-name">Name *</label>
<input id="d-name" bind:value={newName} required placeholder="e.g. Security" />
@ -112,7 +112,7 @@
</div>
<div class="form-group" style="margin-bottom:0">
<label for="d-color">Color</label>
<input id="d-color" type="color" bind:value={newColor} class="color-input" />
<input id="d-color" type="color" bind:value={newColor} style="width:60px;padding:0.2rem;height:2.3rem;cursor:pointer" />
</div>
</div>
<div class="actions" style="margin-top:1rem">
@ -191,7 +191,6 @@
</div>
<style>
.color-input { width: 60px; padding: 0.2rem; height: 2.3rem; cursor: pointer; }
@media (max-width: 640px) {
.td-name { width: 100%; }
.td-desc { width: 100%; }

49
frontend/src/pages/Login.svelte
View file

@ -1,25 +1,13 @@
<script>
import { onMount } from 'svelte'
import { api } from '../api.js'
import { saveSession } from '../db.js'
let { onlogin, error: externalError = '' } = $props()
let { onlogin } = $props()
let email = $state('')
let password = $state('')
let error = $state('')
$effect(() => { if (externalError) error = externalError })
let loading = $state(false)
let ssoEnabled = $state(false)
let ssoLoading = $state(false)
onMount(async () => {
try {
const res = await api.sso.enabled()
ssoEnabled = res.enabled
} catch {}
})
async function submit(e) {
e.preventDefault()
@ -35,18 +23,6 @@
loading = false
}
}
async function startSSO() {
error = ''
ssoLoading = true
try {
const { redirect_url } = await api.sso.init()
window.location.href = redirect_url
} catch (err) {
error = err.message || 'SSO failed'
ssoLoading = false
}
}
</script>
<div class="login-wrap">
@ -69,28 +45,5 @@
{loading ? 'Signing in…' : 'Sign in'}
</button>
</form>
{#if ssoEnabled}
<div class="sso-divider"><span>or</span></div>
<button class="btn btn-ghost" style="width:100%" onclick={startSSO} disabled={ssoLoading}>
{ssoLoading ? 'Redirecting…' : 'Log in with Discourse'}
</button>
{/if}
</div>
</div>
<style>
.sso-divider {
display: flex;
align-items: center;
margin: 1rem 0;
gap: 0.75rem;
color: var(--c-muted);
font-size: 0.8rem;
}
.sso-divider::before,
.sso-divider::after {
content: '';
flex: 1;
border-top: 1px solid var(--c-border);
}
</style>

2
frontend/src/pages/Participants.svelte
View file

@ -248,7 +248,7 @@
{#if showAdd && canManage}
<div class="card" style="margin-bottom:1.5rem">
<form onsubmit={addParticipant}>
<div class="form-grid">
<div class="form-grid" style="display:grid;grid-template-columns:1fr 1fr;gap:1rem">
<div class="form-group">
<label for="p-name">Preferred Name</label>
<input id="p-name" bind:value={newName} placeholder="Preferred name" />

68
frontend/src/pages/ScheduleBoard.svelte
View file

@ -275,7 +275,7 @@
{#if showAdd && canManage}
<div class="card" style="margin-bottom:1.5rem">
<form onsubmit={addShift}>
<div class="form-grid">
<div style="display:grid;grid-template-columns:1fr 1fr;gap:1rem">
<div class="form-group">
<label for="s-dept">Department *</label>
<select id="s-dept" bind:value={newDeptID} required>
@ -380,20 +380,18 @@
<span class="board-cap">{assigned.length}</span>
{/if}
{#if hasConflict}
<span class="badge badge-lead">⚠ conflict</span>
<span class="badge badge-lead" style="margin-left:0.3rem">⚠ conflict</span>
{/if}
</div>
{#if canManage}
<div class="board-shift-actions">
<button class="btn btn-ghost btn-sm" onclick={() => startEdit(shift)}>Edit</button>
<button class="btn btn-ghost btn-sm" title="Move up"
onclick={() => reorder(shift.id, -1, rows)}>↑</button>
<button class="btn btn-ghost btn-sm" title="Move down"
onclick={() => reorder(shift.id, 1, rows)}>↓</button>
<button class="btn btn-danger btn-sm" onclick={() => deleteShift(shift)}>Delete</button>
</div>
{/if}
<div class="board-shift-actions">
<button class="btn btn-ghost btn-sm" onclick={() => startEdit(shift)}>Edit</button>
<button class="btn btn-ghost btn-sm" title="Move up"
onclick={() => reorder(shift.id, -1, rows)}>↑</button>
<button class="btn btn-ghost btn-sm" title="Move down"
onclick={() => reorder(shift.id, 1, rows)}>↓</button>
<button class="btn btn-danger btn-sm" onclick={() => deleteShift(shift)}>Delete</button>
</div>
</div>
<!-- Assigned volunteers -->
@ -408,36 +406,34 @@
{#if checkConflict(volunteer.id, shift.id, $allVolunteerShifts ?? [], $allShifts ?? [])}
<span title="Scheduling conflict" style="color:var(--c-warn)"></span>
{/if}
{#if canManage}<button class="board-vol-remove" onclick={() => unassign(shift.id, volunteer.id)} title="Remove">×</button>{/if}
<button class="board-vol-remove" onclick={() => unassign(shift.id, volunteer.id)} title="Remove">×</button>
</div>
{/each}
</div>
{/if}
<!-- Assign volunteer -->
{#if canManage}
{#if assigningShiftID === shift.id}
<div class="board-assign-row">
<select bind:value={assignVolID} style="width:auto">
<option value={0}> Select volunteer —</option>
{#each ($allVolunteers ?? [])
.filter(v => v.department_id === shift.department_id)
.filter(v => !assigned.some(a => a.volunteer.id === v.id))
as v}
<option value={v.id}>{v.name}</option>
{/each}
</select>
<button class="btn btn-primary btn-sm" onclick={() => doAssign(shift.id)} disabled={!assignVolID || assigning}>
{assigning ? '…' : 'Assign'}
</button>
<button class="btn btn-ghost btn-sm" onclick={() => doAssignForce(shift.id)} disabled={!assignVolID || assigning} title="Assign ignoring conflicts">
Force
</button>
<button class="btn btn-ghost btn-sm" onclick={() => { assigningShiftID = null; assignVolID = 0 }}>Cancel</button>
</div>
{:else}
<button class="board-add-vol" onclick={() => startAssign(shift.id)}>+ Assign volunteer</button>
{/if}
{#if assigningShiftID === shift.id}
<div class="board-assign-row">
<select bind:value={assignVolID} style="width:auto">
<option value={0}> Select volunteer —</option>
{#each ($allVolunteers ?? [])
.filter(v => v.department_id === shift.department_id)
.filter(v => !assigned.some(a => a.volunteer.id === v.id))
as v}
<option value={v.id}>{v.name}</option>
{/each}
</select>
<button class="btn btn-primary btn-sm" onclick={() => doAssign(shift.id)} disabled={!assignVolID || assigning}>
{assigning ? '…' : 'Assign'}
</button>
<button class="btn btn-ghost btn-sm" onclick={() => doAssignForce(shift.id)} disabled={!assignVolID || assigning} title="Assign ignoring conflicts">
Force
</button>
<button class="btn btn-ghost btn-sm" onclick={() => { assigningShiftID = null; assignVolID = 0 }}>Cancel</button>
</div>
{:else}
<button class="board-add-vol" onclick={() => startAssign(shift.id)}>+ Assign volunteer</button>
{/if}
{/if}
</div>

85
frontend/src/pages/Settings.svelte
View file

@ -7,7 +7,6 @@
let saving = $state(false)
let savingEvent = $state(false)
let testing = $state(false)
let resetting = $state(false)
let error = $state('')
let success = $state('')
@ -27,8 +26,6 @@
let eventEndDate = $state('')
let eventTimezone = $state('')
const timezones = Intl.supportedValuesOf('timeZone')
let discourseSSOUrl = $state('')
let discourseSSOSecret = $state('')
let shiftSignupsOpen = $state(false)
let togglingSignups = $state(false)
@ -52,8 +49,6 @@
baseURL = s.base_url ?? ''
noteLabel = s.volunteer_note_label ?? 'Additional note'
noteRequired = s.volunteer_note_required ?? false
discourseSSOUrl = s.discourse_sso_url ?? ''
discourseSSOSecret = ''
shiftSignupsOpen = s.shift_signups_open ?? false
} catch (err) {
error = err.message
@ -94,17 +89,14 @@
smtp_host: smtpHost,
smtp_port: smtpPort,
smtp_user: smtpUser,
smtp_password: smtpPassword,
smtp_password: smtpPassword, // empty = keep existing
smtp_from: smtpFrom,
smtp_from_name: smtpFromName,
base_url: baseURL,
volunteer_note_label: noteLabel,
volunteer_note_required: noteRequired,
discourse_sso_url: discourseSSOUrl,
discourse_sso_secret: discourseSSOSecret,
})
smtpPassword = ''
discourseSSOSecret = ''
success = 'Settings saved.'
} catch (err) {
error = err.message
@ -131,9 +123,7 @@
}
async function resetModel(label, fn) {
if (resetting) return
if (!confirm(`PERMANENTLY DELETE all ${label}? This cannot be undone.`)) return
resetting = true
error = ''
success = ''
try {
@ -141,8 +131,6 @@
success = `Deleted ${result.deleted} ${label}.`
} catch (err) {
error = err.message
} finally {
resetting = false
}
}
@ -178,14 +166,14 @@
<div class="text-muted">Loading…</div>
{:else}
<form onsubmit={saveEvent}>
<div class="card">
<h2 class="card-title">Event</h2>
<div class="form-grid">
<div class="form-group full">
<div class="card" style="margin-bottom:1.5rem">
<h2 style="font-size:0.95rem;font-weight:700;margin-bottom:1rem">Event</h2>
<div style="display:grid;grid-template-columns:1fr 1fr;gap:1rem">
<div class="form-group" style="grid-column:1/-1">
<label for="e-name">Event Name *</label>
<input id="e-name" bind:value={eventName} required placeholder="My Event 2026" />
</div>
<div class="form-group full">
<div class="form-group" style="grid-column:1/-1">
<label for="e-venue">Venue</label>
<input id="e-venue" bind:value={eventVenue} placeholder="Location name" />
</div>
@ -197,7 +185,7 @@
<label for="e-end">End Date *</label>
<input id="e-end" type="date" bind:value={eventEndDate} required />
</div>
<div class="form-group full">
<div class="form-group" style="grid-column:1/-1">
<label for="e-tz">Timezone</label>
<input id="e-tz" bind:value={eventTimezone} placeholder="America/Chicago" list="tz-list" />
<datalist id="tz-list">
@ -216,11 +204,11 @@
</form>
<form onsubmit={save}>
<div class="card">
<h2 class="card-title">SMTP Email</h2>
<div class="card" style="margin-bottom:1.5rem">
<h2 style="font-size:0.95rem;font-weight:700;margin-bottom:1rem">SMTP Email</h2>
<div class="form-grid">
<div class="form-group">
<div style="display:grid;grid-template-columns:1fr 1fr;gap:1rem">
<div class="form-group" style="grid-column:1">
<label for="s-host">SMTP Host</label>
<input id="s-host" bind:value={smtpHost} placeholder="smtp.fastmail.com" />
</div>
@ -248,27 +236,10 @@
</div>
<div class="form-group">
<label for="s-url">Base URL <span class="card-hint" style="font-weight:400">(for kiosk links in emails)</span></label>
<label for="s-url">Base URL <span class="text-muted" style="font-weight:400">(for kiosk links in emails)</span></label>
<input id="s-url" bind:value={baseURL} placeholder="https://events.example.com" />
</div>
<h2 class="card-title" style="margin-top:1.5rem">Discourse SSO</h2>
<p class="card-hint" style="margin-bottom:1rem">
Enable DiscourseConnect SSO so users can log in with their Discourse account.
Set the same secret in your Discourse admin under Connect &gt; discourse connect secret.
</p>
<div class="form-grid">
<div class="form-group full">
<label for="sso-url">Discourse URL</label>
<input id="sso-url" bind:value={discourseSSOUrl} placeholder="https://forum.example.com" />
</div>
<div class="form-group full">
<label for="sso-secret">SSO Secret</label>
<input id="sso-secret" type="password" bind:value={discourseSSOSecret}
placeholder="Leave blank to keep existing" autocomplete="new-password" />
</div>
</div>
<div class="actions">
<button type="submit" class="btn btn-primary" disabled={saving}>
{saving ? 'Saving…' : 'Save Settings'}
@ -278,8 +249,8 @@
</form>
<!-- Test email -->
<div class="card">
<h2 class="card-title">Test Email</h2>
<div class="card" style="margin-bottom:1.5rem">
<h2 style="font-size:0.95rem;font-weight:700;margin-bottom:1rem">Test Email</h2>
<div style="display:flex;gap:0.5rem;align-items:flex-end">
<div class="form-group" style="flex:1;margin-bottom:0">
<label for="s-test">Send to</label>
@ -292,24 +263,24 @@
</div>
<!-- Volunteer Signup -->
<div class="card">
<h2 class="card-title">Volunteer Signup</h2>
<div class="card" style="margin-bottom:1.5rem">
<h2 style="font-size:0.95rem;font-weight:700;margin-bottom:1rem">Volunteer Signup</h2>
<div class="form-group">
<label for="s-note-label">Note Field Label</label>
<input id="s-note-label" bind:value={noteLabel} placeholder="Additional note" />
</div>
<label class="checkbox-label">
<label style="display:flex;align-items:center;gap:0.5rem;font-size:0.875rem;cursor:pointer">
<input type="checkbox" bind:checked={noteRequired} />
Note field is required
</label>
<p class="card-hint" style="margin-top:0.75rem">
<p class="text-muted" style="font-size:0.78rem;margin-top:0.75rem">
Signup form: <a href="/volunteer-signup" target="_blank" style="color:var(--c-accent)">/volunteer-signup</a>
</p>
</div>
<!-- Shift Signups -->
<div class="card">
<h2 class="card-title">Shift Signups</h2>
<div class="card" style="margin-bottom:1.5rem">
<h2 style="font-size:0.95rem;font-weight:700;margin-bottom:1rem">Shift Signups</h2>
<div style="display:flex;align-items:center;gap:1rem">
<span style="font-size:0.875rem">
Status: <strong>{shiftSignupsOpen ? 'Open' : 'Closed'}</strong>
@ -324,7 +295,7 @@
</button>
</div>
{#if !shiftSignupsOpen}
<p class="card-hint" style="margin-top:0.75rem">
<p class="text-muted" style="font-size:0.78rem;margin-top:0.75rem">
Opening signups will email all confirmed volunteers their shift signup links.
</p>
{/if}
@ -332,24 +303,24 @@
<!-- Data Management -->
<div class="card">
<h2 class="card-title" style="margin-bottom:0.5rem">Data Management</h2>
<p class="card-hint" style="margin-bottom:1rem">
<h2 style="font-size:0.95rem;font-weight:700;margin-bottom:0.5rem">Data Management</h2>
<p class="text-muted" style="font-size:0.78rem;margin-bottom:1rem">
Permanently delete all records of a given type. This cannot be undone.
</p>
<div style="display:flex;flex-wrap:wrap;gap:0.5rem">
<button class="btn btn-danger" disabled={resetting} onclick={() => resetModel('tickets', api.settings.resetTickets)}>
<button class="btn btn-danger" onclick={() => resetModel('tickets', api.settings.resetTickets)}>
Delete All Tickets
</button>
<button class="btn btn-danger" disabled={resetting} onclick={() => resetModel('volunteers', api.settings.resetVolunteers)}>
<button class="btn btn-danger" onclick={() => resetModel('volunteers', api.settings.resetVolunteers)}>
Delete All Volunteers
</button>
<button class="btn btn-danger" disabled={resetting} onclick={() => resetModel('shifts', api.settings.resetShifts)}>
<button class="btn btn-danger" onclick={() => resetModel('shifts', api.settings.resetShifts)}>
Delete All Shifts
</button>
<button class="btn btn-danger" disabled={resetting} onclick={() => resetModel('departments', api.settings.resetDepartments)}>
<button class="btn btn-danger" onclick={() => resetModel('departments', api.settings.resetDepartments)}>
Delete All Departments
</button>
<button class="btn btn-danger" disabled={resetting} onclick={() => resetModel('volunteer shift assignments', api.settings.resetVolunteerShifts)}>
<button class="btn btn-danger" onclick={() => resetModel('volunteer shift assignments', api.settings.resetVolunteerShifts)}>
Delete All Shift Assignments
</button>
</div>

22
frontend/src/pages/Users.svelte
View file

@ -149,7 +149,7 @@
{#if showAdd}
<div class="card" style="margin-bottom:1.5rem">
<form onsubmit={addUser}>
<div class="form-grid-3">
<div class="form-grid" style="display:grid;grid-template-columns:1fr 1fr 1fr;gap:1rem">
<div class="form-group">
<label for="u-email">Email *</label>
<input id="u-email" type="email" bind:value={newEmail} required placeholder="email@example.com" autocomplete="off" />
@ -167,8 +167,8 @@
<span style="font-size:0.82rem;color:var(--c-muted);font-weight:500">Roles</span>
<div style="display:flex;flex-wrap:wrap;gap:0.5rem;margin-top:0.35rem">
{#each availableRoles as r}
<label class="checkbox-label">
<input type="checkbox"
<label style="display:flex;align-items:center;gap:0.35rem;cursor:pointer;font-size:0.875rem;color:var(--c-text)">
<input type="checkbox" style="width:auto"
checked={newRoles.includes(r)}
onchange={() => newRoles = toggleItem(r, newRoles)} />
{roleLabel(r)}
@ -181,8 +181,8 @@
<span style="font-size:0.82rem;color:var(--c-muted);font-weight:500">Departments</span>
<div style="display:flex;flex-wrap:wrap;gap:0.5rem;margin-top:0.35rem">
{#each $allDepts ?? [] as d}
<label class="checkbox-label">
<input type="checkbox"
<label style="display:flex;align-items:center;gap:0.35rem;cursor:pointer;font-size:0.875rem;color:var(--c-text)">
<input type="checkbox" style="width:auto"
checked={newDeptIDs.includes(d.id)}
onchange={() => newDeptIDs = toggleItem(d.id, newDeptIDs)} />
<span class="dept-dot" style="background:{d.color}"></span>
@ -228,8 +228,8 @@
<td>
<div style="display:flex;flex-wrap:wrap;gap:0.4rem">
{#each availableRoles as r}
<label class="checkbox-label-sm">
<input type="checkbox"
<label style="display:flex;align-items:center;gap:0.3rem;cursor:pointer;font-size:0.82rem;color:var(--c-text)">
<input type="checkbox" style="width:auto"
checked={editRoles.includes(r)}
onchange={() => editRoles = toggleItem(r, editRoles)} />
{roleLabel(r)}
@ -241,8 +241,8 @@
{#if ($allDepts ?? []).length > 0}
<div style="display:flex;flex-wrap:wrap;gap:0.4rem">
{#each $allDepts ?? [] as d}
<label class="checkbox-label-sm">
<input type="checkbox"
<label style="display:flex;align-items:center;gap:0.3rem;cursor:pointer;font-size:0.82rem;color:var(--c-text)">
<input type="checkbox" style="width:auto"
checked={editDeptIDs.includes(d.id)}
onchange={() => editDeptIDs = toggleItem(d.id, editDeptIDs)} />
{d.name}
@ -268,11 +268,11 @@
<td class="td-name">
<strong>{u.preferred_name || u.email}</strong>
{#if u.id === me}
<span class="badge badge-role">you</span>
<span class="badge badge-role" style="margin-left:0.4rem">you</span>
{/if}
<br><span class="text-muted" style="font-size:0.8rem">{u.email}</span>
</td>
<td>{#each u.roles ?? [] as r}<span class="badge badge-role">{roleLabel(r)}</span>{/each}</td>
<td>{#each u.roles ?? [] as r}<span class="badge badge-role" style="margin-right:0.25rem">{roleLabel(r)}</span>{/each}</td>
<td class="text-muted">{deptNamesFor(u.department_ids || [])}</td>
<td class="td-actions">
<div class="actions">

23
frontend/src/pages/Volunteers.svelte
View file

@ -24,7 +24,6 @@
let editIsLead = $state(false)
let editNote = $state('')
let saving = $state(false)
let confirmingID = $state(null)
const roles = $derived(session?.user?.roles ?? [])
function hasRole(...allowed) { return roles.some(r => allowed.includes(r)) }
@ -77,15 +76,11 @@
}
async function confirmVolunteer(v) {
if (confirmingID) return
confirmingID = v.id
try {
const updated = await api.volunteers.confirm(v.id)
await db.volunteers.put(updated)
} catch (err) {
error = err.message
} finally {
confirmingID = null
}
}
@ -186,7 +181,7 @@
{#if showAdd && canManage}
<div class="card" style="margin-bottom:1.5rem">
<form onsubmit={addVolunteer}>
<div class="form-grid">
<div class="form-grid" style="display:grid;grid-template-columns:1fr 1fr;gap:1rem">
<div class="form-group">
<label for="v-name">Preferred Name *</label>
<input id="v-name" bind:value={newName} required placeholder="What they go by" />
@ -214,8 +209,8 @@
<input id="v-note" bind:value={newNote} placeholder="Optional note" />
</div>
<div style="margin-bottom:1rem">
<label class="checkbox-label">
<input type="checkbox" bind:checked={newIsLead} />
<label style="display:flex;align-items:center;gap:0.5rem;cursor:pointer">
<input type="checkbox" style="width:auto" bind:checked={newIsLead} />
Department lead
</label>
</div>
@ -286,8 +281,8 @@
</select>
</td>
<td class="td-edit-checks">
<label class="checkbox-label-sm" style="white-space:nowrap">
<input type="checkbox" bind:checked={editIsLead} /> Co-Lead
<label style="display:flex;align-items:center;gap:0.4rem;cursor:pointer;white-space:nowrap">
<input type="checkbox" style="width:auto" bind:checked={editIsLead} /> Co-Lead
</label>
</td>
<td class="td-edit-note">
@ -306,12 +301,12 @@
<td class="td-name">
<strong>{v.name}</strong>
{#if v.is_lead}
<span class="badge badge-lead">Co-Lead</span>
<span class="badge badge-lead" style="margin-left:0.4rem">Co-Lead</span>
{/if}
{#if !v.participant_id}
<span class="badge badge-unchecked" title="Not linked to a participant">No ticket</span>
<span class="badge badge-unchecked" style="margin-left:0.4rem" title="Not linked to a participant">No ticket</span>
{:else if !participantHasTickets(v.participant_id)}
<span class="badge badge-partial" title="No ticket on file">No ticket</span>
<span class="badge badge-partial" style="margin-left:0.4rem" title="No ticket on file">No ticket</span>
{/if}
{#if participant?.ticket_name && participant.ticket_name !== v.name}
<div class="text-muted" style="font-size:0.78rem">Ticket: {participant.ticket_name}</div>
@ -354,7 +349,7 @@
{#if canManage}
<td class="td-actions">
{#if canConfirm && v.email_confirmed && !v.confirmed}
<button class="btn btn-primary btn-sm" onclick={() => confirmVolunteer(v)} disabled={confirmingID === v.id}>Confirm</button>
<button class="btn btn-primary btn-sm" onclick={() => confirmVolunteer(v)}>Confirm</button>
{/if}
<button class="btn btn-ghost btn-sm" onclick={() => startEdit(v)}>Edit</button>
<button class="btn btn-danger btn-sm" onclick={() => deleteVolunteer(v)}>Delete</button>

14
handle_settings.go
View file

@ -27,14 +27,6 @@ func (app *App) handleGetSettings(w http.ResponseWriter, r *http.Request) {
noteLabel = "Additional note"
}
var ssoURL, ssoSecret string
app.db.QueryRow(`SELECT value FROM config WHERE key = 'discourse_sso_url'`).Scan(&ssoURL)
app.db.QueryRow(`SELECT value FROM config WHERE key = 'discourse_sso_secret'`).Scan(&ssoSecret)
maskedSSOSecret := ""
if ssoSecret != "" {
maskedSSOSecret = "***"
}
writeJSON(w, map[string]any{
"smtp_host": cfg.Host,
"smtp_port": cfg.Port,
@ -46,8 +38,6 @@ func (app *App) handleGetSettings(w http.ResponseWriter, r *http.Request) {
"volunteer_note_label": noteLabel,
"volunteer_note_required": noteRequired == "true",
"shift_signups_open": signupsOpen == "true",
"discourse_sso_url": ssoURL,
"discourse_sso_secret": maskedSSOSecret,
})
}
@ -59,7 +49,7 @@ func (app *App) handleUpdateSettings(w http.ResponseWriter, r *http.Request) {
}
keys := []string{"smtp_host", "smtp_port", "smtp_user", "smtp_password", "smtp_from", "smtp_from_name", "base_url",
"volunteer_note_label", "volunteer_note_required", "discourse_sso_url", "discourse_sso_secret"}
"volunteer_note_label", "volunteer_note_required"}
for _, k := range keys {
v, ok := body[k]
if !ok {
@ -68,7 +58,7 @@ func (app *App) handleUpdateSettings(w http.ResponseWriter, r *http.Request) {
var val string
switch vv := v.(type) {
case string:
if (k == "smtp_password" || k == "discourse_sso_secret") && (vv == "" || vv == "***") {
if k == "smtp_password" && (vv == "" || vv == "***") {
continue
}
val = vv

190
handle_sso.go
View file

@ -1,190 +0,0 @@
package main
import (
"crypto/hmac"
"crypto/rand"
"crypto/sha256"
"encoding/base64"
"encoding/hex"
"fmt"
"net/http"
"net/url"
"strings"
)
func (app *App) getSSOConfig() (ssoURL, ssoSecret string) {
app.db.QueryRow(`SELECT value FROM config WHERE key = 'discourse_sso_url'`).Scan(&ssoURL)
app.db.QueryRow(`SELECT value FROM config WHERE key = 'discourse_sso_secret'`).Scan(&ssoSecret)
return
}
func (app *App) handleSSOEnabled(w http.ResponseWriter, r *http.Request) {
ssoURL, ssoSecret := app.getSSOConfig()
writeJSON(w, map[string]bool{"enabled": ssoURL != "" && ssoSecret != ""})
}
func (app *App) getBaseURL() string {
if app.baseURL != "" {
return app.baseURL
}
var u string
app.db.QueryRow(`SELECT value FROM config WHERE key = 'base_url'`).Scan(&u)
return u
}
func (app *App) handleSSOInit(w http.ResponseWriter, r *http.Request) {
ssoURL, ssoSecret := app.getSSOConfig()
if ssoURL == "" || ssoSecret == "" {
writeError(w, "SSO not configured", http.StatusNotFound)
return
}
baseURL := app.getBaseURL()
if baseURL == "" {
writeError(w, "base_url must be configured for SSO", http.StatusBadRequest)
return
}
b := make([]byte, 32)
rand.Read(b)
nonce := hex.EncodeToString(b)
app.cleanExpiredNonces()
if err := app.createSSONonce(nonce); err != nil {
writeError(w, "internal error", http.StatusInternalServerError)
return
}
returnURL := strings.TrimRight(baseURL, "/") + "/api/sso/callback"
payload := fmt.Sprintf("nonce=%s&return_sso_url=%s", url.QueryEscape(nonce), url.QueryEscape(returnURL))
encoded := base64.StdEncoding.EncodeToString([]byte(payload))
mac := hmac.New(sha256.New, []byte(ssoSecret))
mac.Write([]byte(encoded))
sig := hex.EncodeToString(mac.Sum(nil))
redirect := fmt.Sprintf("%s/session/sso_provider?sso=%s&sig=%s",
strings.TrimRight(ssoURL, "/"), url.QueryEscape(encoded), url.QueryEscape(sig))
writeJSON(w, map[string]string{"redirect_url": redirect})
}
func (app *App) handleSSOCallback(w http.ResponseWriter, r *http.Request) {
baseURL := app.getBaseURL()
ssoRedirectError := func(msg string) {
if baseURL != "" {
http.Redirect(w, r, strings.TrimRight(baseURL, "/")+"/#sso_error="+url.QueryEscape(msg), http.StatusFound)
} else {
writeError(w, msg, http.StatusBadRequest)
}
}
_, ssoSecret := app.getSSOConfig()
if ssoSecret == "" {
ssoRedirectError("SSO not configured")
return
}
ssoParam := r.URL.Query().Get("sso")
sigParam := r.URL.Query().Get("sig")
if ssoParam == "" || sigParam == "" {
ssoRedirectError("Invalid SSO response")
return
}
mac := hmac.New(sha256.New, []byte(ssoSecret))
mac.Write([]byte(ssoParam))
expectedSig := hex.EncodeToString(mac.Sum(nil))
if !hmac.Equal([]byte(expectedSig), []byte(sigParam)) {
ssoRedirectError("Invalid SSO signature")
return
}
decoded, err := base64.StdEncoding.DecodeString(ssoParam)
if err != nil {
ssoRedirectError("Invalid SSO payload")
return
}
vals, err := url.ParseQuery(string(decoded))
if err != nil {
ssoRedirectError("Invalid SSO payload")
return
}
nonce := vals.Get("nonce")
valid, err := app.consumeSSONonce(nonce)
if err != nil || !valid {
ssoRedirectError("SSO session expired. Please try again.")
return
}
email := strings.ToLower(vals.Get("email"))
if email == "" {
ssoRedirectError("No email in SSO response")
return
}
name := vals.Get("name")
if name == "" {
name = vals.Get("username")
}
user, _, err := app.getLoginParticipant(email)
if err != nil {
ssoRedirectError("Login failed. Please try again.")
return
}
if user == nil {
p, err := app.getParticipantByEmail(email)
if err != nil {
ssoRedirectError("Login failed. Please try again.")
return
}
if p != nil {
if _, err := app.db.Exec(
`UPDATE participants SET login_enabled = 1, updated_at = ? WHERE id = ?`,
now(), p.ID,
); err != nil {
ssoRedirectError("Login failed. Please try again.")
return
}
user, err = app.getUser(p.ID)
if err != nil {
ssoRedirectError("Login failed. Please try again.")
return
}
}
}
if user == nil {
if name == "" {
name = strings.Split(email, "@")[0]
}
res, err := app.db.Exec(
`INSERT INTO participants (email, preferred_name, login_enabled, updated_at) VALUES (?, ?, 1, ?)`,
email, name, now(),
)
if err != nil {
ssoRedirectError("Login failed. Please try again.")
return
}
id, _ := res.LastInsertId()
user, err = app.getUser(int(id))
if err != nil || user == nil {
ssoRedirectError("Login failed. Please try again.")
return
}
}
token, err := app.signToken(user)
if err != nil {
ssoRedirectError("Login failed. Please try again.")
return
}
http.Redirect(w, r, strings.TrimRight(baseURL, "/")+"/#sso_token="+url.QueryEscape(token), http.StatusFound)
}

3
main.go
View file

@ -164,9 +164,6 @@ func (app *App) registerRoutes(mux *http.ServeMux) {
mux.HandleFunc("POST /api/settings/shift-signups", auth(app.handleToggleShiftSignups, "admin", "staffing"))
// Public endpoints — no JWT required.
mux.HandleFunc("GET /api/public/sso-enabled", app.handleSSOEnabled)
mux.HandleFunc("GET /api/sso/init", app.handleSSOInit)
mux.HandleFunc("GET /api/sso/callback", app.handleSSOCallback)
mux.HandleFunc("GET /api/public/signup-config", app.handlePublicSignupConfig)
mux.HandleFunc("POST /api/public/signup", app.handlePublicSignup)
mux.HandleFunc("POST /api/public/confirm", app.handleConfirmEmail)