Remove completed todo.md + html-css-foundation mockups; strip dead §N phase refs from comments/docs (simplify visual E2E to drop the mockup-comparison oracle)
This commit is contained in:
@@ -1,7 +1,7 @@
|
||||
<%#
|
||||
Auth card: the <form class="auth-card"> shell — head (back · title · sub),
|
||||
optional SSO providers + divider, a body slot (field partials + submit), alt footer.
|
||||
Mirrors html-css-foundation auth markup. Config:
|
||||
Config:
|
||||
title, sub?
|
||||
method? (default "post"), action?
|
||||
back? { href, label } back link above the title
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<%#
|
||||
Admin OAuth2 client detail body (todo §6), captured into the shell content slot. Config:
|
||||
Admin OAuth2 client detail body, captured into the shell content slot. Config:
|
||||
client { firstParty, id, name, public, redirectUris[], scopes[] }
|
||||
created bool just registered → success banner
|
||||
secret? string one-time client secret (confidential clients), shown once right after create
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<%#
|
||||
Admin OAuth2 client register form body (todo §6), captured into the shell content slot. Config:
|
||||
Admin OAuth2 client register form body, captured into the shell content slot. Config:
|
||||
form { action, csrfToken, submitLabel, cancelHref, nameField, scopeField (field.ejs configs),
|
||||
redirectUris: string (newline-separated), public: bool, firstParty: bool }
|
||||
error? string shown when a write was rejected
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<%#
|
||||
Destructive-action confirm body (todo §5), captured into the shell content slot. Zero-JS: the
|
||||
Destructive-action confirm body, captured into the shell content slot. Zero-JS: the
|
||||
delete is a deliberate second step (a POST form), with a cancel link back. Config:
|
||||
message string
|
||||
confirm { action, label } the danger POST endpoint + button label
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<%#
|
||||
OAuth2 consent form body (todo §6): the inner of the auth-card form — the signed-in account, the
|
||||
OAuth2 consent form body: the inner of the auth-card form — the signed-in account, the
|
||||
CSRF + challenge hidden inputs, the requested scopes, then Allow / Deny submit buttons (one
|
||||
`decision` field). Locals: account?, challenge, csrfField, csrfToken, scopes (string[]). Captured
|
||||
by views/oauth-consent.ejs.
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<%#
|
||||
Data table: sortable headers, row-select, typed cells, badges, kebab row actions.
|
||||
Mirrors the html-css-foundation markup; zero-JS (sort = links, select highlight = CSS).
|
||||
Zero-JS (sort = links, select highlight = CSS).
|
||||
Config:
|
||||
caption?, selectable?, actions? sr-only caption; toggle the check / kebab columns
|
||||
columns: { label, sortable?, sort?: "asc"|"desc", href?, className? }[]
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<%#
|
||||
Form field: label (+ inline link / "Optional") · icon input · hint · error.
|
||||
Mirrors html-css-foundation auth markup. Config:
|
||||
Config:
|
||||
id, name, label
|
||||
type? (default "text"), value?, placeholder?, autocomplete?, required?, readonly?, minlength?
|
||||
inputmode?, pattern? virtual-keyboard hint + client-side validity regex (e.g. the OTP code)
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
<%#
|
||||
Filter bar: a real GET form so filtering is server-side and zero-JS. Mirrors the
|
||||
html-css-foundation markup. Config:
|
||||
Filter bar: a real GET form so filtering is server-side and zero-JS. Config:
|
||||
rows: Control[][] rows of controls, laid out left→right
|
||||
pills, clearHref, label, action, applyLabel
|
||||
Control.type ∈ search | segmented | select | chips | daterange | spacer.
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<%#
|
||||
Kratos flow form body (todo §4): the inner of the auth-card form — flow messages,
|
||||
Kratos flow form body: the inner of the auth-card form — flow messages,
|
||||
hidden inputs (incl. csrf_token), themed fields, then submit button(s). `flow` is a
|
||||
FlowView (src/flow-view.ts). Captured by views/auth.ejs and handed to auth-card's body.
|
||||
-%>
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<%#
|
||||
Admin group membership body (todo §5), captured into the shell content slot. Config:
|
||||
Admin group membership body, captured into the shell content slot. Config:
|
||||
group { name }
|
||||
members { action, rows: { kind:"group"|"user", label, subject }[] } action = remove-member endpoint
|
||||
add { action, options: {label,value}[] } action = add-member endpoint
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<%#
|
||||
Admin group create form body (todo §5), captured into the shell content slot. Config:
|
||||
Admin group create form body, captured into the shell content slot. Config:
|
||||
form { action, csrfToken, submitLabel, cancelHref, nameField: field.ejs config,
|
||||
memberOptions: {label,value}[], selectedMember }
|
||||
error? string shown when a write was rejected
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<%#
|
||||
Public landing body (§10): hero + intro + a prominent way in (or a dashboard link when signed in).
|
||||
Public landing body: hero + intro + a prominent way in (or a dashboard link when signed in).
|
||||
Rendered into the app-shell content. Locals: brand (name), signedIn (bool).
|
||||
%><div class="shell-auth">
|
||||
<div class="landing">
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<%#
|
||||
Popover menu: pure <details>/<summary>, zero-JS. Mirrors html-css-foundation .menu.
|
||||
Popover menu: pure <details>/<summary>, zero-JS.
|
||||
Config:
|
||||
trigger { class?(="btn", "" ⇒ none) · label?(aria-label) · icon? · text? · html?(raw inner, wins) }
|
||||
align? "left" left-align the popover (default right)
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
<%#
|
||||
Recursive nav tree. Each node: { label, href?, icon?, count?, current?, open?, children? }.
|
||||
Shape is orthogonal: header (children → disclosure toggle + nested <ul>) vs leaf (spacer),
|
||||
and clickable (href → <a>) vs static (<span>). Mirrors the html-css-foundation markup; the
|
||||
CSS reveals children only when the sibling .nav-disc is [open]. `root` picks the outer class.
|
||||
and clickable (href → <a>) vs static (<span>). The CSS reveals children only when the
|
||||
sibling .nav-disc is [open]. `root` picks the outer class.
|
||||
%><%
|
||||
const nodes = locals.nodes || [];
|
||||
const root = locals.root !== false;
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<%#
|
||||
Pagination footer: rows-per-page (GET form) + page numbers. Query-param driven, zero-JS.
|
||||
Mirrors html-css-foundation markup; page items are <a>, inert ones (current/ellipsis/disabled) aren't.
|
||||
Page items are <a>, inert ones (current/ellipsis/disabled) aren't.
|
||||
Config (all optional; never throws):
|
||||
label? nav aria-label (default "Pagination")
|
||||
summary? { from, to, total } → "from–to of <b>total</b>"
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<%#
|
||||
Admin role detail body (todo §5), captured into the shell content slot. Config:
|
||||
Admin role detail body, captured into the shell content slot. Config:
|
||||
role { name }
|
||||
members { action, rows: { kind:"group"|"user", label, subject }[] } action = revoke endpoint
|
||||
effective { label }[] users who hold the role (expand)
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<%#
|
||||
Admin role create form body (todo §5), captured into the shell content slot. Config:
|
||||
Admin role create form body, captured into the shell content slot. Config:
|
||||
form { action, csrfToken, submitLabel, cancelHref, nameField: field.ejs config,
|
||||
memberOptions: {label,value}[], selectedMember }
|
||||
error? string shown when a write was rejected
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<%#
|
||||
App shell: sidebar (brand + nav slot + footer) · topbar · content slot. The one chrome every page
|
||||
renders (§10) — dashboard, admin, plugin, login/registration/front — so the menu is identical
|
||||
renders — dashboard, admin, plugin, login/registration/front — so the menu is identical
|
||||
everywhere, role-filtered to the visitor (anonymous ⇒ public items + Sign in).
|
||||
Slots are pre-rendered HTML locals — `nav` (sidebar tree, see nav-tree partial),
|
||||
`actions` (topbar buttons), `body` (page content); `styles` is an optional array of
|
||||
@@ -9,7 +9,7 @@
|
||||
(the <title> tag; defaults to title or the brand), `brand` ({ name, logo?, sub? }), `theme`
|
||||
(theme-switch default), `user`, `breadcrumbs`, `csrfToken` (the Sign-out form's hidden field),
|
||||
`signInHref` (anonymous "Sign in" target; default /login). `menu` (default true) — set false to
|
||||
drop the sidebar and render a focused single-column page (§10).
|
||||
drop the sidebar and render a focused single-column page.
|
||||
%><%
|
||||
const brand = locals.brand || { name: "Plainpages" };
|
||||
const title = locals.title || ""; // topbar heading; empty ⇒ no topbar <h1> (the body owns it)
|
||||
@@ -76,7 +76,7 @@
|
||||
</div>
|
||||
</details>
|
||||
<% } else if (!hideSignIn) { %>
|
||||
<%# anonymous (a public page in the shell, §10): no session to end — offer a way in instead.
|
||||
<%# anonymous (a public page in the shell): no session to end — offer a way in instead.
|
||||
signInHref carries this page as return_to (chrome.signInHref); falls back to bare /login.
|
||||
Suppressed on the auth pages themselves (hideSignIn) — a Sign-in there only loops back. %>
|
||||
<a class="btn btn-primary" href="<%= locals.signInHref || '/login' %>" style="flex:1 1 auto"><svg class="ico ico-sm" aria-hidden="true"><use href="#i-user" /></svg>Sign in</a>
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<%#
|
||||
Admin user create/edit form body (todo §5), captured into the shell content slot. Config:
|
||||
Admin user create/edit form body, captured into the shell content slot. Config:
|
||||
form { action, csrfToken, submitLabel, cancelHref, fields: field.ejs config[] }
|
||||
edit? { nextLabel, stateAction, recoveryAction, deleteAction } (edit mode only)
|
||||
recovery? { code? } shown after a recovery code is generated (recovery is code-based)
|
||||
|
||||
Reference in New Issue
Block a user