From 8c668d4cd023df4bf7670149a2151626d0cd8340 Mon Sep 17 00:00:00 2001 From: oliver Date: Mon, 8 Jun 2026 10:01:15 -0300 Subject: [PATCH] uopdate --- AGENTS.md | 53 +++++++++++++++++++++++++++++++++++++++++------------ app.js | 2 ++ 2 files changed, 43 insertions(+), 12 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index 23ac123..e5dc0c6 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -17,7 +17,7 @@ Single-page user portal for **derez.ai** — lets customers sign up, log in, and | Logic | Vanilla JS · `app.js` (edit directly, no bundler) | | Dev server | `./start` (runs `live-server` on port 8080) | | Auth | Email stored in `localStorage` key `al_email` | -| Backend | n8n webhooks on `n8n.agent-loft.com` | +| Backend | n8n webhooks on `n8n.derez.ai` | ### File map @@ -25,6 +25,7 @@ Single-page user portal for **derez.ai** — lets customers sign up, log in, and index.html ← all markup — auth card + app shell + confirm dialog styles.css ← all styles — design tokens, layout, components app.js ← all logic — auth, agents, keys, password, restart, backups, contract +password-reset.html ← standalone page — receives ?token=XXX, sets new password, redirects to app start ← dev server launcher (live-server) AGENTS.md ← this file style_guide.md ← visual design spec (tokens, typography, components) @@ -79,17 +80,28 @@ body (display:flex; align-items:center; justify-content:center; overflow:hidden Page load └── localStorage has 'al_email'? Yes → showApp() + loadAgents() ← shell made visible immediately, no auth animation - No → showAuth() ← auth card + demo shell shown side-by-side + No → showAuth() ← auth card shown (demo shell hidden) Sign In - └── GET AGENTS_URL?email=…&password=… - 200 → store email → showApp() (animates auth card out) → processAgents() - !200 → show inline error + └── POST AUTH_URL {email, password} + 200 + sessionid → store session → showApp() (animates auth card out) → loadAgents() + !200 → show inline error + reveal #reset-pw-wrap (forgot password section) + +Password Reset — step 1 (auth screen) + └── User clicks “Send reset email” in #reset-pw-wrap + POST PW_RESET_URL {email} + always → hide signin-error → show #reset-pw-sent confirmation + (response not checked — never reveal whether address exists) + +Password Reset — step 2 (password-reset.html?token=XXX) + └── token missing or < 8 chars → show invalid-state + token valid → show password form + POST PW_RESET_URL {token, password} + 200 → show success state → progress bar → redirect to https://app.derez.ai + !200 → show error banner, re-enable Save button Sign Up - └── POST SIGNUP_URL {email, password, agent, location} - 200 → open Stripe checkout tab + auto-login immediately - !200 → show inline error + └── “Hire Agent” button links to https://derez.ai/#pricing (no inline form) Sign Out └── remove 'al_email' from localStorage → showAuth() @@ -314,13 +326,29 @@ When status is red, an **Extend Contract →** link is shown pointing to `CONTRA ### 9 · Wizard Complete ``` -POST https://n8n.agent-loft.com/webhook/e01d06a3-14c3-4e4e-830f-7d4be9a5f529 (same as Agent Info) +POST https://n8n.derez.ai/webhook/e01d06a3-14c3-4e4e-830f-7d4be9a5f529 (same as Agent Info) Body: { uuid, key: "WIZZARD", value: "false" } ``` Called when the user clicks **Copy & Finish** in the wizard. Reuses `AGENT_INFO_URL`. The same endpoint accepts all agent config writes via `{ uuid, key, value }` — e.g. comments use `key: "comment"`. No separate constant needed. The agent info GET response (webhook 6) drives wizard visibility: if the response contains `WIZZARD` with any value other than `false` (or the key is absent), the wizard is shown above the Backups card. +### 10 · Password Reset +``` +POST https://n8n.derez.ai/webhook/c2ce0eba-eb26-405d-8a90-8d982ec30698 +Body (step 1 — request email): { email } +Body (step 2 — save new password): { token, password } +``` +The same endpoint handles both steps — the presence of `token` distinguishes them. + +**Step 1** is triggered from `index.html` when the user clicks **Send reset email** inside `#reset-pw-wrap` (visible only after a failed sign-in). The response is intentionally ignored and the sent-confirmation is always shown — this avoids revealing whether the email address exists. + +**Step 2** is handled entirely by `password-reset.html`, which: +- Reads `?token=XXX` from the URL on load; shows an invalid-state if absent. +- Requires both password fields to match and be ≥ 8 characters before enabling Save. +- On 200 response shows a success state with a 2 s animated progress bar then redirects to `https://app.derez.ai`. +- On !200 shows an inline error banner and re-enables the Save button. + --- ## State Variables (`app.js`) @@ -349,9 +377,10 @@ There is no global keys, backups, contract, or wizard-JSON state that is re-fetc | Function | What it does | |---|---| | `showAuth()` / `showApp()` | toggle between auth card and app shell | -| `switchAuthTab(tab)` | toggle Sign In / Sign Up forms | -| `doSignIn()` | validate email → fetch agents → enter app | -| `doSignUp()` | validate form → POST signup webhook → show Stripe notice | +| `switchAuthTab(tab)` | toggle Sign In / Hire Agent; clears error + hides reset section | +| `doSignIn()` | validate → POST auth webhook → enter app; on failure shows error + calls `showResetOption()` | +| `showResetOption()` | reveals `#reset-pw-wrap` in idle state below the sign-in error | +| `sendPasswordReset()` | POST `PW_RESET_URL` with email → hides error panel → shows sent confirmation | | `doSignOut()` | clear localStorage → reset state → showAuth | | `loadAgents()` | fetch agent list, call `processAgents()` | | `selectAgent(uuid)` | switch active tab, load keys + backups + agent info + contract | diff --git a/app.js b/app.js index 8d431b6..eec598d 100644 --- a/app.js +++ b/app.js @@ -1861,6 +1861,8 @@ async function sendPasswordReset() { } catch (_) { // Always show sent — never reveal whether the address exists } finally { + // Hide the red error panel — it's no longer relevant once reset is requested + document.getElementById("signin-error").style.display = "none"; document.getElementById("reset-pw-idle").style.display = "none"; document.getElementById("reset-pw-sent").style.display = "flex"; }