feat: implement real admin authentication and password management

- Added 'users' table to database with bcrypt hashing. - Refactored login to verify against the database. - Implemented 'Security' section in settings to allow changing the admin password. - Initialized system with default user 'admin' and password 'admin'.
2026-02-26 18:47:20 -05:00
parent 519436eb4a
commit c208ebe59b
5 changed files with 218 additions and 10 deletions
--- a/static/js/pages/settings.js
+++ b/static/js/pages/settings.js
@@ -55,6 +55,30 @@ class SettingsPage {
                    </div>
                </div>

+                <div class="card">
+                    <div class="card-header">
+                        <h3 class="card-title"><i class="fas fa-lock"></i> Security</h3>
+                    </div>
+                    <div class="card-body">
+                        <p style="margin-bottom: 1rem; font-size: 0.875rem; color: var(--fg3);">Change the administrator password for the dashboard.</p>
+                        <div class="form-control">
+                            <label for="current-password">Current Password</label>
+                            <input type="password" id="current-password" placeholder="••••••••">
+                        </div>
+                        <div class="form-control">
+                            <label for="new-password">New Password</label>
+                            <input type="password" id="new-password" placeholder="••••••••">
+                        </div>
+                        <div class="form-control">
+                            <label for="confirm-password">Confirm New Password</label>
+                            <input type="password" id="confirm-password" placeholder="••••••••">
+                        </div>
+                        <button class="btn btn-primary" onclick="window.settingsPage.changePassword()">
+                            <i class="fas fa-key"></i> Update Password
+                        </button>
+                    </div>
+                </div>
+
                <div class="card">
                    <div class="card-header">
                        <h3 class="card-title"><i class="fas fa-database"></i> Database & Registry</h3>
@@ -115,6 +139,42 @@ class SettingsPage {
        }
    }

+    async changePassword() {
+        const currentPassword = document.getElementById('current-password').value;
+        const newPassword = document.getElementById('new-password').value;
+        const confirmPassword = document.getElementById('confirm-password').value;
+
+        if (!currentPassword || !newPassword) {
+            window.authManager.showToast('Please fill in all password fields', 'error');
+            return;
+        }
+
+        if (newPassword !== confirmPassword) {
+            window.authManager.showToast('New passwords do not match', 'error');
+            return;
+        }
+
+        if (newPassword.length < 4) {
+            window.authManager.showToast('New password must be at least 4 characters', 'error');
+            return;
+        }
+
+        try {
+            await window.api.post('/auth/change-password', {
+                current_password: currentPassword,
+                new_password: newPassword
+            });
+            window.authManager.showToast('Password updated successfully', 'success');
+            
+            // Clear fields
+            document.getElementById('current-password').value = '';
+            document.getElementById('new-password').value = '';
+            document.getElementById('confirm-password').value = '';
+        } catch (error) {
+            window.authManager.showToast(error.message, 'error');
+        }
+    }
+
    setupEventListeners() {
        // ...
    }