fix: admin panel — password rotation, vehicle edit DOM clash, nginx cache headers

This commit is contained in:
Lago
2026-04-17 17:58:12 +02:00
parent 61517879e1
commit 73aa72b7ee
3 changed files with 19 additions and 12 deletions
+1 -1
View File
@@ -131,7 +131,7 @@
<div class="panel">
<h2 id="formTitle">Neues Fahrzeug</h2>
<form class="admin-form" id="vehicleForm">
<input type="hidden" name="id" />
<input type="hidden" name="vid" />
<div class="admin-photo-preview" id="photoPreview"></div>
<label>
+12 -9
View File
@@ -59,9 +59,12 @@ const state = {
// AUTH FLOW
// =========================================================================
async function bootstrap() {
const { data } = await supabase.auth.getSession();
if (data?.session) {
await onAuthenticated(data.session.user);
const { data: { session } } = await supabase.auth.getSession();
if (session) {
// Always fetch fresh user from server so metadata (must_change_password) is current.
const { data: { user }, error } = await supabase.auth.getUser();
if (error || !user) { await supabase.auth.signOut(); show("login"); return; }
await onAuthenticated(user);
} else {
show("login");
}
@@ -214,7 +217,7 @@ function loadForEdit(id) {
const v = state.vehicleMap.get(id);
if (!v) return;
formTitle.textContent = `Fahrzeug bearbeiten · ${v.brand} ${v.model}`;
vehicleForm.id.value = v.id;
vehicleForm.vid.value = v.id;
vehicleForm.brand.value = v.brand;
vehicleForm.model.value = v.model;
vehicleForm.power_hp.value = v.power_hp;
@@ -235,7 +238,7 @@ function loadForEdit(id) {
resetBtn.addEventListener("click", () => {
vehicleForm.reset();
vehicleForm.id.value = "";
vehicleForm.vid.value = "";
vehicleForm.is_active.checked = true;
vehicleForm.sort_order.value = 100;
vehicleForm.location.value = "Steiermark (TBD)";
@@ -269,15 +272,15 @@ vehicleForm.addEventListener("submit", async (e) => {
photo_path: state.currentPhotoPath,
is_active: !!fd.get("is_active"),
};
const id = fd.get("id");
const { error } = id
? await supabase.from("vehicles").update(payload).eq("id", id)
const vid = fd.get("vid");
const { error } = vid
? await supabase.from("vehicles").update(payload).eq("id", vid)
: await supabase.from("vehicles").insert(payload);
if (error) throw error;
formFeedback.textContent = "Gespeichert.";
await loadVehicles();
renderVehicles();
if (!id) resetBtn.click();
if (!vid) resetBtn.click();
} catch (err) {
formFeedback.className = "form-feedback error";
formFeedback.textContent = err.message || String(err);
+6 -2
View File
@@ -13,10 +13,14 @@ server {
try_files $uri $uri/ /index.html;
}
# Static assets can be cached aggressively.
location ~* \.(?:css|js|jpg|jpeg|png|webp|svg|ico|woff2?)$ {
# Static assets: images/fonts can be cached, JS/CSS must revalidate.
location ~* \.(?:jpg|jpeg|png|webp|svg|ico|woff2?)$ {
expires 7d;
add_header Cache-Control "public";
try_files $uri =404;
}
location ~* \.(?:css|js)$ {
add_header Cache-Control "no-cache";
try_files $uri =404;
}
}