Added credential persistance

This commit is contained in:
Oliver
2026-05-25 12:13:39 -03:00
parent a27acf9357
commit 28345295b6
2 changed files with 226 additions and 14 deletions
+149
View File
@@ -0,0 +1,149 @@
# Health Routine Package Scanner
> ALWAYS UPDATE THIS FILE AFTER MAKING CHANGES
## What this is
A single-page web app (`index.html`) used internally by Health Routine staff to scan **package** barcodes.
A user selects their name, scans/types a code, and the result is looked up via a webhook and appended to a table.
Runs in any browser — designed for phones, tablets, and desktop.
## Files
```
index.html — the entire app (HTML + CSS + JS, no build step)
logo.png — Health Routine brand logo (used in the header)
agent.md — this file
start — bash script that launches live-server on localhost:8080
```
## Design
Colors are pulled directly from healthroutine.de's CSS variables:
| Token | Hex | Usage |
|------------------|-----------|-------------------------------------|
| `--primary` | `#005f5a` | Controls bar, table header, buttons |
| `--primary-dark` | `#004845` | Hover states |
| `--primary-light`| `#e0f0ef` | Row hover, badge backgrounds |
| `--bg` | `#f7f7fa` | Page background |
| `--card` | `#eaeaf2` | Alternating table rows |
| `--sage` | `#82917d` | (brand footer green, available) |
| `--error` | `#c71b1b` | Error states |
| `--success` | `#15803d` | Success toasts |
Font: system font stack (`-apple-system`, `Segoe UI`, etc.)
## Webhook
**Base URL:** `https://brandize.app.n8n.cloud/webhook/e0268b0f-4935-49ba-bfdf-1c0ee01d3b9d`
### GET — load users
Called once on page load to populate the user dropdown.
```
GET <base_url>
Authorization: Basic <base64>
```
Response — n8n may return a JSON array, a single object, or NDJSON.
All three formats are handled by `parseJson()` (see below).
```json
[
{ "Name": "Oliver", "id": 1, "createdAt": "...", "updatedAt": "..." },
{ "Name": "Luka", "id": 2, ... },
{ "Name": "Benni", "id": 3, ... }
]
```
### POST — submit scan
Called when the user presses Enter in the scan input.
```
POST <base_url>
Authorization: Basic <base64>
Content-Type: application/json
{ "user": "Oliver", "code": "SCANNED_BARCODE_STRING" }
```
Success response:
```json
{
"name": "Christa Gierdahl, Christa Gierdahl",
"producttag": "0-HR-Nail-Care-5",
"batch": "BATCH/25-11-14/06173",
"country": "DE"
}
```
Error response (non-2xx **or** 200 with error field):
```json
{ "error": "Human-readable error description" }
```
Fields mapped to table columns:
- `country`**Country** (teal pill badge)
- `name`**Name**
- `producttag`**Tag** (monospace pill, truncated with tooltip on hover)
- `batch` → received but not displayed in the table
### Authentication
The webhook requires HTTP Basic Auth.
- On `401` (GET or POST) a modal appears asking for username + password.
- Credentials are saved to a **cookie** (`hr_auth`, 30-day expiry, `SameSite=Strict`) so the user is not prompted again.
- On page load, the cookie is read and credentials restored before the first network call.
- If the modal is triggered again (e.g. wrong password), the fields are **pre-filled** from the cookie and focus lands on the password field for quick confirmation.
- `saveCreds(user, pass)` — JSON-stringifies, URI-encodes, base64-encodes, writes cookie.
- `loadCredsFromCookie()` — reverses that; returns `{ user, pass }` or `null`.
- `clearCredsCookie()` — available but not exposed in UI (call from browser console if needed).
### Error handling (POST)
Two cases:
1. **Non-2xx response** — body is parsed; if `errData.error` exists it is shown verbatim; otherwise a generic `HTTP <status>` message is shown.
2. **200 response with `error` field** — treated as failure: `item.error` is displayed, row is *not* added to the table.
Errors appear in the **persistent status banner** (red, no auto-dismiss) and the scan input is selected so the user can re-scan or correct the code.
### NDJSON / response format
n8n sometimes returns multiple items as NDJSON (one JSON object per line) instead of a proper JSON array. `parseJson(res)` handles all three formats:
1. Standard JSON array `[...]`
2. Single JSON object `{...}` — passed through as-is
3. NDJSON — split on `\n`, each line parsed individually, returned as an array
## UI layout
```
┌─────────────────────────────────────────────────────┐
│ [HR logo] Health Routine | Package Scanner │ ← white brand bar
├─────────────────────────────────────────────────────┤
│ [▥ SCAN HERE_____________] [User ▾] [✕ Clear] │ ← teal controls bar
├─────────────────────────────────────────────────────┤
│ SCAN LOG 3 scans ● │
│ ┌───────────────────────────────────────────────┐ │
│ │ COUNTRY │ NAME │ TAG │ │ ← sticky header
│ ├──────────┼───────────────────────┼─────────────┤ │
│ │ DE │ Christa Gierdahl │ 0-HR-Nail… │ │ ← newest row on top
│ │ AT │ ... │ ... │ │
│ │ scrollable area │ │ │
│ └───────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────┘
```
On mobile (< 620 px): scan input goes full-width on its own row; user dropdown and clear button share the row below.
## Key behaviours
- **On load**: cookie credentials restored → GET webhook fires → dropdown populated → scan input auto-focused
- **Enter key**: trims input, POSTs to webhook, prepends result row, clears + re-focuses input
- **Clear button**: empties the table, clears the scan input, resets the scan counter
- **No user selected**: red toast + highlighted dropdown; does not submit
- **401 on any request**: modal prompts for credentials (pre-filled from cookie), saves to cookie, retries original call
- **Webhook error**: `error` field shown verbatim in persistent red banner; input selected for re-scan
- **Network error**: dismissing error banner; input selected so user can retry
- **Dropdown error state**: tapping/focusing the dropdown while it shows an error re-triggers `loadUsers()`
- **NDJSON/array/object**: `parseJson()` normalises all response formats from n8n
## How to run
Open `index.html` directly in a browser (`file://`) — no server needed for local use.
Or run the `start` script for live-reload during development:
```bash
./start # requires Node.js; installs live-server globally if missing
```
+77 -14
View File
@@ -6,7 +6,7 @@
name="viewport" name="viewport"
content="width=device-width, initial-scale=1.0, user-scalable=no" content="width=device-width, initial-scale=1.0, user-scalable=no"
/> />
<title>Health Routine Product Scanner</title> <title>Health Routine Package Scanner</title>
<style> <style>
*, *,
*::before, *::before,
@@ -808,7 +808,7 @@
</div> </div>
<span class="brand-name">Health Routine</span> <span class="brand-name">Health Routine</span>
<div class="brand-divider"></div> <div class="brand-divider"></div>
<span class="brand-subtitle">Product Scanner</span> <span class="brand-subtitle">Package Scanner</span>
</div> </div>
<!-- Controls bar --> <!-- Controls bar -->
@@ -898,7 +898,7 @@
</div> </div>
<div class="empty-title">No scans yet</div> <div class="empty-title">No scans yet</div>
<div class="empty-hint"> <div class="empty-hint">
Select a user, then scan or type a product code and Select a user, then scan or type a package code and
press Enter press Enter
</div> </div>
</div> </div>
@@ -994,6 +994,51 @@
const modalError = document.getElementById("modalError"); const modalError = document.getElementById("modalError");
const toast = document.getElementById("toast"); const toast = document.getElementById("toast");
// ── Cookie helpers ────────────────────────────────────────────────────────
function saveCreds(user, pass) {
const val = btoa(
encodeURIComponent(JSON.stringify({ user, pass })),
);
document.cookie = `hr_auth=${val}; max-age=${30 * 24 * 3600}; SameSite=Strict; path=/`;
}
function loadCredsFromCookie() {
const match = document.cookie.match(
/(?:^|;\s*)hr_auth=([^;]+)/,
);
if (match) {
try {
return JSON.parse(decodeURIComponent(atob(match[1])));
} catch (_) {}
}
return null;
}
function clearCredsCookie() {
document.cookie = "hr_auth=; max-age=0; path=/";
}
// ── JSON parser (handles array, single object, and NDJSON) ───────────────
async function parseJson(res) {
const text = await res.text();
// Standard JSON (array or object)
try {
const parsed = JSON.parse(text);
return parsed;
} catch (_) {}
// NDJSON — n8n sometimes returns one object per line
try {
const lines = text
.trim()
.split("\n")
.filter((l) => l.trim());
if (lines.length > 0) {
return lines.map((l) => JSON.parse(l));
}
} catch (_) {}
throw new Error("Could not parse server response");
}
// ── Helpers ────────────────────────────────────────────────────────────── // ── Helpers ──────────────────────────────────────────────────────────────
function esc(str) { function esc(str) {
return String(str ?? "") return String(str ?? "")
@@ -1052,10 +1097,16 @@
function needAuth(retryCb) { function needAuth(retryCb) {
pendingAuthCb = retryCb; pendingAuthCb = retryCb;
modalError.style.display = "none"; modalError.style.display = "none";
authUser.value = ""; // Pre-fill from saved cookie so user only needs to confirm
authPass.value = ""; const saved = loadCredsFromCookie();
authUser.value = saved?.user || "";
authPass.value = saved?.pass || "";
authModal.classList.remove("hidden"); authModal.classList.remove("hidden");
setTimeout(() => authUser.focus(), 50); // Focus password if username already filled, otherwise username
setTimeout(
() => (saved ? authPass.focus() : authUser.focus()),
50,
);
} }
function cancelAuth() { function cancelAuth() {
@@ -1075,6 +1126,7 @@
} }
creds = { user: u, pass: p }; creds = { user: u, pass: p };
saveCreds(u, p); // persist to cookie
authBtn.classList.add("loading"); authBtn.classList.add("loading");
authBtn.disabled = true; authBtn.disabled = true;
modalError.style.display = "none"; modalError.style.display = "none";
@@ -1120,7 +1172,7 @@
return; return;
} }
const data = await res.json(); const data = await parseJson(res);
buildDropdown(data); buildDropdown(data);
hideBanner(); hideBanner();
} catch (err) { } catch (err) {
@@ -1164,7 +1216,7 @@
return; return;
} }
showBanner("Looking up product…", "loading"); showBanner("Looking up package…", "loading");
try { try {
const res = await fetch(WEBHOOK, { const res = await fetch(WEBHOOK, {
@@ -1182,16 +1234,24 @@
} }
if (!res.ok) { if (!res.ok) {
showBanner( // Try to extract a descriptive error from the response body
`Scan failed (HTTP ${res.status}).`, let errMsg = `Scan failed (HTTP ${res.status}).`;
"error", try {
5000, const errData = await parseJson(res);
); if (errData?.error) errMsg = errData.error;
} catch (_) {}
showBanner(errMsg, "error", 0); // persistent until next action
scanInput.select(); scanInput.select();
return; return;
} }
const item = await res.json(); const item = await parseJson(res);
// Webhook may return 200 but carry an error field
if (item?.error) {
showBanner(item.error, "error", 0);
scanInput.select();
return;
}
hideBanner(); hideBanner();
addRow(item); addRow(item);
showToast( showToast(
@@ -1265,6 +1325,9 @@
// ── Init ───────────────────────────────────────────────────────────────── // ── Init ─────────────────────────────────────────────────────────────────
window.addEventListener("DOMContentLoaded", () => { window.addEventListener("DOMContentLoaded", () => {
// Restore saved credentials before the first network call
const saved = loadCredsFromCookie();
if (saved) creds = saved;
loadUsers(); loadUsers();
scanInput.focus(); scanInput.focus();
}); });