nns/food-market
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
food-market/src/food-market.web
History
nns e38a360e54
Some checks failed
CI / Backend (.NET 8) (push) Successful in 1m6s
Details
CI / Web (React + Vite) (push) Successful in 39s
Details
Docker API / Build + push API (push) Successful in 1m17s
Details
Docker Web / Build + push Web (push) Successful in 36s
Details
Docker API / Deploy API on stage (push) Failing after 37s
Details
Docker Web / Deploy Web on stage (push) Successful in 12s
Details
CI / POS (WPF, Windows) (push) Has been cancelled
Details
feat(auth): forgot/reset password — endpoints + UI + IP rate-limit 
Пункты 5 + 6 пакета SMTP-настроек.

API (AuthForgotPasswordController, anonymous):
- POST /api/auth/forgot-password { email }
  · IP rate-limit: 3 попытки в час (in-memory ConcurrentDictionary
    с per-IP списком timestamps; для одного API-инстанса хватает,
    при scale-out — Redis).
  · ВСЕГДА возвращает 200 (анти-юзер-энумерация). Реально шлёт письмо
    только если юзер найден И активен И имеет email; иначе тихо
    логирует и отдаёт 200.
  · Использует UserManager.GeneratePasswordResetTokenAsync (Identity
    AddDefaultTokenProviders уже подключён в Program.cs).
  · Письмо: ссылка вида https://admin.food-market.kz/reset-password
    ?email=...&token=... (1 час валидна).
  · Если SMTP не настроен — ловит EmailNotConfiguredException,
    логирует и всё равно отдаёт 200 (UX-friendly).
- POST /api/auth/reset-password { email, token, newPassword }
  · UserManager.ResetPasswordAsync. На InvalidToken — понятный
    «Ссылка недействительна или истекла».
  · После успеха revoke всех valid-OpenIddict tokens юзера
    (UPDATE OpenIddictTokens SET Status='revoked' WHERE Subject=...).

UI:
- /forgot-password — anonymous, форма с email; submit → 200 «проверьте
  почту» (одинаковый текст независимо от существования email).
- /reset-password — anonymous, читает email/token из query-string;
  поля «новый пароль» + «повторите»; после успеха — auto-redirect
  через 2.5 секунды на /login.
- LoginPage: добавлена ссылка «Забыли пароль?» под кнопкой «Войти».

Smoke-флоу:
1. SuperAdmin → /super-admin/platform-settings → SMTP creds + test-send.
2. Юзер → /login → «Забыли пароль?» → /forgot-password → email.
3. Письмо с ссылкой → /reset-password?email&token → новый пароль.
4. Login со старым паролем — отказ (revoked refresh + новый pwd).
5. Login с новым паролем → норма.
2026-05-06 12:45:38 +05:00
..
public feat(brand): новый логотип food-market wordmark + apple mark 2026-05-02 00:26:42 +05:00
src feat(auth): forgot/reset password — endpoints + UI + IP rate-limit 2026-05-06 12:45:38 +05:00
.gitignore Phase 0: project scaffolding and end-to-end auth 2026-04-21 13:59:13 +05:00
eslint.config.js Phase 0: project scaffolding and end-to-end auth 2026-04-21 13:59:13 +05:00
index.html feat(web): rebrand to FOOD MARKET green (#00B207) per mobile app logo 2026-04-21 20:53:42 +05:00
package.json feat(date-field): replace native input with react-datepicker — polished UX 2026-04-26 03:39:51 +05:00
pnpm-lock.yaml feat(date-field): replace native input with react-datepicker — polished UX 2026-04-26 03:39:51 +05:00
README.md Phase 0: project scaffolding and end-to-end auth 2026-04-21 13:59:13 +05:00
tsconfig.app.json Phase 0: project scaffolding and end-to-end auth 2026-04-21 13:59:13 +05:00
tsconfig.json Phase 0: project scaffolding and end-to-end auth 2026-04-21 13:59:13 +05:00
tsconfig.node.json Phase 0: project scaffolding and end-to-end auth 2026-04-21 13:59:13 +05:00
vite.config.ts Phase 0: project scaffolding and end-to-end auth 2026-04-21 13:59:13 +05:00

README.md

React + TypeScript + Vite

This template provides a minimal setup to get React working in Vite with HMR and some ESLint rules.

Currently, two official plugins are available:

React Compiler

The React Compiler is not enabled on this template because of its impact on dev & build performances. To add it, see this documentation.

Expanding the ESLint configuration

If you are developing a production application, we recommend updating the configuration to enable type-aware lint rules:

export default defineConfig([
  globalIgnores(['dist']),
  {
    files: ['**/*.{ts,tsx}'],
    extends: [
      // Other configs...

      // Remove tseslint.configs.recommended and replace with this
      tseslint.configs.recommendedTypeChecked,
      // Alternatively, use this for stricter rules
      tseslint.configs.strictTypeChecked,
      // Optionally, add this for stylistic rules
      tseslint.configs.stylisticTypeChecked,

      // Other configs...
    ],
    languageOptions: {
      parserOptions: {
        project: ['./tsconfig.node.json', './tsconfig.app.json'],
        tsconfigRootDir: import.meta.dirname,
      },
      // other options...
    },
  },
])

You can also install eslint-plugin-react-x and eslint-plugin-react-dom for React-specific lint rules:

// eslint.config.js
import reactX from 'eslint-plugin-react-x'
import reactDom from 'eslint-plugin-react-dom'

export default defineConfig([
  globalIgnores(['dist']),
  {
    files: ['**/*.{ts,tsx}'],
    extends: [
      // Other configs...
      // Enable lint rules for React
      reactX.configs['recommended-typescript'],
      // Enable lint rules for React DOM
      reactDom.configs.recommended,
    ],
    languageOptions: {
      parserOptions: {
        project: ['./tsconfig.node.json', './tsconfig.app.json'],
        tsconfigRootDir: import.meta.dirname,
      },
      // other options...
    },
  },
])