npm - stem-lab-toolkit - Versions diffs - 1.0.1 → 1.0.3 - Mend

stem-lab-toolkit 1.0.1 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/admin.html CHANGED Viewed

@@ -1,7 +1,19 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
-  <meta charset="UTF-8">
+<meta charset="UTF-8">
+<script>
+(function(){
+  var n=performance.getEntriesByType('navigation')[0];
+  if(n&&n.type==='reload'){sessionStorage.clear();window.location.replace('./index.html');return;}
+  if(sessionStorage.getItem('mm_auth')!=='true'){window.location.replace('./index.html');return;}
+  if(sessionStorage.getItem('mm_force_change')==='true'){window.location.replace('./change-password.html');return;}
+  var rank=sessionStorage.getItem('mm_rank');
+  if(rank==='admin'){window.location.replace('./control-panel.html');return;}
+  if(rank!=='administrator'){window.location.replace('./browse.html');}
+})();
+</script>
+  <link rel="icon" type="image/png" href="/assets/favicon.png">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <title>Admin — MM Games</title>
   <link rel="stylesheet" href="./css/style.css">
@@ -12,6 +24,11 @@
     .overflow-x { overflow-x: auto; }
     .thumb-preview { width: 56px; height: 42px; object-fit: cover; border-radius: 4px; background: var(--surface); }
     .thumb-ph { width: 56px; height: 42px; border-radius: 4px; background: #e0e7ff; display:flex; align-items:center; justify-content:center; font-size:.65rem; font-weight:600; padding:4px; line-height:1.2; overflow:hidden; }
+    .rank-badge { font-size: 0.72rem; padding: 2px 8px; border-radius: 20px; font-weight: 600; text-transform: uppercase; letter-spacing: .04em; }
+    .rank-administrator { background: #ede9fe; color: #6d28d9; }
+    .rank-admin  { background: #fef3c7; color: #92400e; }
+    .rank-user   { background: #ecfdf5; color: #065f46; }
+    .rank-select { font-size: 0.8rem; padding: 4px 8px; border-radius: 6px; border: 1px solid var(--border); background: var(--surface); color: var(--text); cursor: pointer; }
   </style>
 </head>
 <body>
@@ -19,20 +36,21 @@
 <header class="site-header">
   <div class="header-inner">
     <a href="./browse.html" class="logo-link">
-      <img src="./assets/logo.png" alt="" class="logo-img" onerror="this.style.display='none'">
-      <span>MM Games</span><span style="font-size:0.65rem;color:var(--muted);margin-left:6px;">v1.0.0</span>
+      <img src="./assets/logo.png?v=new" alt="" class="logo-img" onerror="this.style.display='none'">
+      <span>MM Games</span>
     </a>
     <nav class="site-nav">
       <a href="./browse.html">Browse</a>
       <a href="./admin.html" class="active">Admin</a>
       <a href="./index.html" class="nav-calc-btn" title="Calculator"><svg width="18" height="18" fill="none" stroke="currentColor" stroke-width="1.8" stroke-linecap="round" stroke-linejoin="round" viewBox="0 0 24 24"><rect x="4" y="2" width="16" height="20" rx="2"/><line x1="8" y1="6" x2="16" y2="6"/><line x1="8" y1="10" x2="10" y2="10"/><line x1="8" y1="14" x2="10" y2="14"/><line x1="8" y1="18" x2="10" y2="18"/><line x1="14" y1="10" x2="16" y2="10"/><line x1="14" y1="14" x2="16" y2="14"/><line x1="14" y1="18" x2="16" y2="18"/></svg></a>
+      <button onclick="sessionStorage.clear();window.location.href='./index.html';" style="background:none;border:1px solid var(--border);color:var(--muted);font-size:.8rem;padding:5px 12px;border-radius:8px;cursor:pointer;margin-left:4px;">Logout</button>
     </nav>
   </div>
 </header>
 <div class="admin-wrap">
   <div class="page-title">Admin Panel</div>
-  <div class="page-sub">Manage games and site settings</div>
+  <div class="page-sub">Manage games, users, and site settings</div>
   <!-- Stats -->
   <div class="card">
@@ -49,23 +67,51 @@
     </div>
   </div>
-  <!-- Change PINs -->
+  <!-- User Management -->
   <div class="card">
-    <div class="card-title">Change PINs</div>
+    <div class="card-title">User Management</div>
+    <!-- Add user -->
     <div class="form-grid">
       <div class="form-group">
-        <label>New Admin PIN <span style="font-weight:400;text-transform:none;">(4–8 digits)</span></label>
-        <input type="password" id="pin-admin" placeholder="Leave blank to keep current" maxlength="8" inputmode="numeric" pattern="[0-9]*">
+        <label>Username</label>
+        <input type="text" id="new-username" placeholder="New username" autocomplete="off">
+      </div>
+      <div class="form-group">
+        <label>Password</label>
+        <input type="password" id="new-password" placeholder="Password">
       </div>
       <div class="form-group">
-        <label>New User PIN <span style="font-weight:400;text-transform:none;">(4–8 digits)</span></label>
-        <input type="password" id="pin-user" placeholder="Leave blank to keep current" maxlength="8" inputmode="numeric" pattern="[0-9]*">
+        <label>Rank</label>
+        <select id="new-rank">
+          <option value="user">user</option>
+          <option value="admin">admin</option>
+          <option value="administrator">administrator</option>
+        </select>
       </div>
     </div>
     <div style="margin-top:16px; display:flex; gap:10px; align-items:center;">
-      <button class="btn btn-primary" id="pin-save-btn">Save PINs</button>
-      <span class="feedback" id="pin-feedback"></span>
+      <button class="btn btn-primary" id="add-user-btn">Add User</button>
+      <span class="feedback" id="add-user-feedback"></span>
     </div>
+    <!-- Users table -->
+    <div class="overflow-x" style="margin-top:28px;">
+      <table class="admin-table" id="users-table">
+        <thead>
+          <tr>
+            <th>Username</th>
+            <th>Rank</th>
+            <th>Force Password Change</th>
+            <th>Actions</th>
+          </tr>
+        </thead>
+        <tbody id="users-tbody">
+          <tr><td colspan="4" style="color:var(--muted);text-align:center;padding:24px;">Loading…</td></tr>
+        </tbody>
+      </table>
+    </div>
+    <div class="feedback" id="users-feedback" style="margin-top:12px;"></div>
   </div>
   <!-- Games table -->
@@ -93,6 +139,7 @@
   </div>
 </div>
-<script src="./js/admin.js?v=2"></script>
+<script src="./js/admin.js?v=1.0.3"></script>
 </body>
 </html>

package/api.js CHANGED Viewed

@@ -1,106 +1,184 @@
-const http = require('http');
-const fs   = require('fs');
-const path = require('path');
+const express    = require('express');
+const bcrypt     = require('bcrypt');
+const rateLimit  = require('express-rate-limit');
+const fs         = require('fs');
+const path       = require('path');
+const crypto     = require('crypto');
-const GAMES_FILE = path.join(__dirname, 'games.json');
-const PINS_FILE  = path.join(__dirname, 'pins.json');
+const app        = express();
 const PORT       = 3001;
+const USERS_FILE = path.join(__dirname, 'users.json');
+const GAMES_FILE = path.join(__dirname, 'games.json');
+// In-memory sessions: token -> { username, rank, expires }
+const sessions = new Map();
+app.use(express.json({ limit: '1mb' }));
+app.use((req, res, next) => {
+  res.setHeader('Access-Control-Allow-Origin', '*');
+  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
+  res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+  if (req.method === 'OPTIONS') return res.sendStatus(204);
+  next();
+});
+function readUsers() {
+  try { return JSON.parse(fs.readFileSync(USERS_FILE, 'utf8')); }
+  catch { return []; }
+}
+function writeUsers(users) {
+  fs.writeFileSync(USERS_FILE, JSON.stringify(users, null, 2));
+}
 function readGames() {
   try { return JSON.parse(fs.readFileSync(GAMES_FILE, 'utf8')); }
   catch { return []; }
 }
 function writeGames(games) {
   fs.writeFileSync(GAMES_FILE, JSON.stringify(games, null, 2));
 }
-function readPins() {
-  try { return JSON.parse(fs.readFileSync(PINS_FILE, 'utf8')); }
-  catch { return { admin: '1234', user: '5555' }; }
+function getSession(req) {
+  const auth  = (req.headers.authorization || '').replace('Bearer ', '').trim();
+  if (!auth) return null;
+  const sess = sessions.get(auth);
+  if (!sess || sess.expires < Date.now()) { sessions.delete(auth); return null; }
+  return sess;
 }
-function writePins(pins) {
-  fs.writeFileSync(PINS_FILE, JSON.stringify(pins));
+function requireAdmin(req, res, next) {
+  const sess = getSession(req);
+  if (!sess || sess.rank !== 'administrator') return res.status(403).json({ error: 'Forbidden.' });
+  req.sess = sess;
+  next();
 }
-function json(res, status, obj) {
-  res.writeHead(status, {
-    'Content-Type': 'application/json',
-    'Access-Control-Allow-Origin': '*',
+const loginLimiter = rateLimit({
+  windowMs: 60 * 1000,
+  max: 5,
+  standardHeaders: true,
+  legacyHeaders: false,
+  handler: (_req, res) =>
+    res.status(429).json({ success: false, error: 'Too many attempts. Try again in 60 seconds.' }),
+});
+// ── Auth ───────────────────────────────────────────────────────────────────
+app.post('/api/login', loginLimiter, async (req, res) => {
+  const { username, password } = req.body || {};
+  if (!username || !password) return res.status(400).json({ success: false });
+  const users = readUsers();
+  const user  = users.find(u => u.username === username);
+  if (!user) return res.status(401).json({ success: false });
+  const match = await bcrypt.compare(password, user.password);
+  if (!match) return res.status(401).json({ success: false });
+  const token = crypto.randomBytes(32).toString('hex');
+  sessions.set(token, {
+    username: user.username,
+    rank: user.rank,
+    expires: Date.now() + 8 * 3600 * 1000,
   });
-  res.end(JSON.stringify(obj));
-}
+  res.json({ success: true, rank: user.rank, token, forcePasswordChange: !!user.forcePasswordChange });
+});
-function parseBody(req, cb) {
-  let body = '';
-  req.on('data', d => { body += d; if (body.length > 1e6) req.destroy(); });
-  req.on('end', () => { try { cb(JSON.parse(body)); } catch { cb(null); } });
-}
+// ── Games ──────────────────────────────────────────────────────────────────
+app.get('/api/games', (_req, res) => {
+  res.json(readGames().filter(g => g.visible));
+});
-const server = http.createServer((req, res) => {
-  if (req.method === 'OPTIONS') {
-    res.writeHead(204, {
-      'Access-Control-Allow-Origin': '*',
-      'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
-      'Access-Control-Allow-Headers': 'Content-Type',
-    });
-    return res.end();
-  }
-  // GET /api/games — visible games for browse page
-  if (req.method === 'GET' && req.url === '/api/games') {
-    return json(res, 200, readGames().filter(g => g.visible));
-  }
-  // GET /api/games/all — all games for admin
-  if (req.method === 'GET' && req.url === '/api/games/all') {
-    return json(res, 200, readGames());
-  }
-  // POST /api/games — full save (admin only)
-  if (req.method === 'POST' && req.url === '/api/games') {
-    return parseBody(req, data => {
-      if (!data || data.adminPin !== readPins().admin)
-        return json(res, 403, { error: 'Unauthorized.' });
-      if (!Array.isArray(data.games))
-        return json(res, 400, { error: 'Invalid payload.' });
-      writeGames(data.games);
-      json(res, 200, { ok: true });
-    });
-  }
-  // POST /api/pin — validate PIN, return role
-  if (req.method === 'POST' && req.url === '/api/pin') {
-    return parseBody(req, data => {
-      if (!data) return json(res, 400, { error: 'Bad request.' });
-      const pins = readPins();
-      if (data.pin === pins.admin) return json(res, 200, { role: 'admin' });
-      if (data.pin === pins.user)  return json(res, 200, { role: 'user' });
-      return json(res, 403, { role: 'none' });
-    });
-  }
-  // POST /api/pins — update PINs (admin only)
-  if (req.method === 'POST' && req.url === '/api/pins') {
-    return parseBody(req, data => {
-      if (!data) return json(res, 400, { error: 'Bad request.' });
-      const pins = readPins();
-      if (data.adminPin !== pins.admin) return json(res, 403, { error: 'Unauthorized.' });
-      const newAdmin = String(data.newAdmin || '').trim();
-      const newUser  = String(data.newUser  || '').trim();
-      if (newAdmin && !/^\d{4,8}$/.test(newAdmin)) return json(res, 400, { error: 'Admin PIN must be 4–8 digits.' });
-      if (newUser  && !/^\d{4,8}$/.test(newUser))  return json(res, 400, { error: 'User PIN must be 4–8 digits.'  });
-      if (newAdmin) pins.admin = newAdmin;
-      if (newUser)  pins.user  = newUser;
-      writePins(pins);
-      json(res, 200, { ok: true, pins: { admin: !!newAdmin, user: !!newUser } });
-    });
-  }
-  json(res, 404, { error: 'Not found.' });
+app.get('/api/games/all', requireAdmin, (_req, res) => {
+  res.json(readGames());
 });
-server.listen(PORT, '127.0.0.1', () => {
-  console.log(`API listening on 127.0.0.1:${PORT}`);
+app.post('/api/games', requireAdmin, (req, res) => {
+  if (!Array.isArray(req.body.games)) return res.status(400).json({ error: 'Invalid payload.' });
+  writeGames(req.body.games);
+  res.json({ ok: true });
 });
+// ── Users ──────────────────────────────────────────────────────────────────
+const VALID_RANKS = ['administrator', 'admin', 'user'];
+app.get('/api/users', requireAdmin, (_req, res) => {
+  const users = readUsers().map(u => ({ username: u.username, rank: u.rank, forcePasswordChange: !!u.forcePasswordChange }));
+  res.json(users);
+});
+app.post('/api/users/add', requireAdmin, async (req, res) => {
+  const { username, password, rank } = req.body || {};
+  if (!username || !password || !VALID_RANKS.includes(rank))
+    return res.status(400).json({ error: 'username, password and valid rank required.' });
+  const users = readUsers();
+  if (users.find(u => u.username === username))
+    return res.status(409).json({ error: 'Username already exists.' });
+  const hashed = await bcrypt.hash(password, 12);
+  users.push({ username, password: hashed, rank });
+  writeUsers(users);
+  res.json({ ok: true });
+});
+app.post('/api/users/update', requireAdmin, (req, res) => {
+  const { username, rank } = req.body || {};
+  if (!username || !VALID_RANKS.includes(rank))
+    return res.status(400).json({ error: 'username and valid rank required.' });
+  const users = readUsers();
+  const user  = users.find(u => u.username === username);
+  if (!user) return res.status(404).json({ error: 'User not found.' });
+  user.rank = rank;
+  writeUsers(users);
+  res.json({ ok: true });
+});
+app.post('/api/users/delete', requireAdmin, (req, res) => {
+  const { username } = req.body || {};
+  if (!username) return res.status(400).json({ error: 'username required.' });
+  const users = readUsers();
+  const idx   = users.findIndex(u => u.username === username);
+  if (idx === -1) return res.status(404).json({ error: 'User not found.' });
+  users.splice(idx, 1);
+  writeUsers(users);
+  res.json({ ok: true });
+});
+app.post('/api/users/reset-password', requireAdmin, async (req, res) => {
+  const { username, password } = req.body || {};
+  if (!username || !password) return res.status(400).json({ error: 'username and password required.' });
+  const users = readUsers();
+  const user  = users.find(u => u.username === username);
+  if (!user) return res.status(404).json({ error: 'User not found.' });
+  user.password = await bcrypt.hash(password, 12);
+  writeUsers(users);
+  res.json({ ok: true });
+});
+app.post('/api/users/change-password', async (req, res) => {
+  const { username, currentPassword, newPassword } = req.body || {};
+  if (!username || !currentPassword || !newPassword)
+    return res.status(400).json({ error: 'All fields required.' });
+  if (newPassword.length < 6)
+    return res.status(400).json({ error: 'New password must be at least 6 characters.' });
+  const users = readUsers();
+  const user  = users.find(u => u.username === username);
+  if (!user) return res.status(404).json({ error: 'User not found.' });
+  const match = await bcrypt.compare(currentPassword, user.password);
+  if (!match) return res.status(401).json({ error: 'Current password is incorrect.' });
+  user.password = await bcrypt.hash(newPassword, 12);
+  user.forcePasswordChange = false;
+  writeUsers(users);
+  res.json({ ok: true });
+});
+app.post('/api/users/set-force-change', requireAdmin, (req, res) => {
+  const { username, force } = req.body || {};
+  if (!username || typeof force !== 'boolean')
+    return res.status(400).json({ error: 'username and force (boolean) required.' });
+  const users = readUsers();
+  const user  = users.find(u => u.username === username);
+  if (!user) return res.status(404).json({ error: 'User not found.' });
+  user.forcePasswordChange = force;
+  writeUsers(users);
+  res.json({ ok: true });
+});
+app.listen(PORT, '127.0.0.1', () => console.log(`API listening on 127.0.0.1:${PORT}`));

package/assets/favicon.png ADDED Viewed

Binary file

package/assets/logo.png CHANGED Viewed

Binary file

package/browse.html CHANGED Viewed

@@ -1,7 +1,9 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
-  <meta charset="UTF-8">
+<meta charset="UTF-8">
+<script>(function(){var n=performance.getEntriesByType('navigation')[0];if(n&&n.type==='reload'){sessionStorage.clear();window.location.replace('./index.html');return;}if(sessionStorage.getItem('mm_auth')!=='true'){window.location.replace('./index.html');return;}if(sessionStorage.getItem('mm_force_change')==='true'){window.location.replace('./change-password.html');return;}var r=sessionStorage.getItem('mm_rank');if(!r){window.location.replace('./index.html');}})();</script>
+  <link rel="icon" type="image/png" href="/assets/favicon.png">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <title>MM Games</title>
   <link rel="stylesheet" href="./css/style.css">
@@ -11,17 +13,45 @@
 <header class="site-header">
   <div class="header-inner">
     <a href="./browse.html" class="logo-link">
-      <img src="./assets/logo.png" alt="" class="logo-img" onerror="this.style.display='none'">
-      <span>MM Games</span><span style="font-size:0.65rem;color:var(--muted);margin-left:6px;">v1.0.0</span>
+      <img src="./assets/logo.png?v=new" alt="" class="logo-img" onerror="this.style.display='none'">
+      <span>MM Games</span>
     </a>
     <nav class="site-nav">
       <a href="./browse.html" class="active">Browse</a>
       <a href="./admin.html">Admin</a>
       <a href="./index.html" class="nav-calc-btn" title="Calculator"><svg width="18" height="18" fill="none" stroke="currentColor" stroke-width="1.8" stroke-linecap="round" stroke-linejoin="round" viewBox="0 0 24 24"><rect x="4" y="2" width="16" height="20" rx="2"/><line x1="8" y1="6" x2="16" y2="6"/><line x1="8" y1="10" x2="10" y2="10"/><line x1="8" y1="14" x2="10" y2="14"/><line x1="8" y1="18" x2="10" y2="18"/><line x1="14" y1="10" x2="16" y2="10"/><line x1="14" y1="14" x2="16" y2="14"/><line x1="14" y1="18" x2="16" y2="18"/></svg></a>
+      <button id="settings-btn" title="Settings" style="display:flex;align-items:center;justify-content:center;padding:6px 10px;border-radius:6px;background:none;border:none;color:var(--muted);cursor:pointer;transition:background .15s,color .15s;" onmouseover="this.style.background='var(--surface)';this.style.color='var(--text)'" onmouseout="this.style.background='none';this.style.color='var(--muted)'"><svg width="18" height="18" fill="none" stroke="currentColor" stroke-width="1.8" stroke-linecap="round" stroke-linejoin="round" viewBox="0 0 24 24"><circle cx="12" cy="12" r="3"/><path d="M19.4 15a1.65 1.65 0 00.33 1.82l.06.06a2 2 0 010 2.83 2 2 0 01-2.83 0l-.06-.06a1.65 1.65 0 00-1.82-.33 1.65 1.65 0 00-1 1.51V21a2 2 0 01-4 0v-.09A1.65 1.65 0 009 19.4a1.65 1.65 0 00-1.82.33l-.06.06a2 2 0 01-2.83-2.83l.06-.06A1.65 1.65 0 004.68 15a1.65 1.65 0 00-1.51-1H3a2 2 0 010-4h.09A1.65 1.65 0 004.6 9a1.65 1.65 0 00-.33-1.82l-.06-.06a2 2 0 012.83-2.83l.06.06A1.65 1.65 0 009 4.68a1.65 1.65 0 001-1.51V3a2 2 0 014 0v.09a1.65 1.65 0 001 1.51 1.65 1.65 0 001.82-.33l.06-.06a2 2 0 012.83 2.83l-.06.06A1.65 1.65 0 0019.4 9a1.65 1.65 0 001.51 1H21a2 2 0 010 4h-.09a1.65 1.65 0 00-1.51 1z"/></svg></button>
     </nav>
   </div>
 </header>
+<!-- Change Password Modal -->
+<div id="chpw-overlay" style="display:none;position:fixed;inset:0;background:rgba(0,0,0,.5);z-index:1000;display:none;align-items:center;justify-content:center;backdrop-filter:blur(4px);">
+  <div style="background:#fff;border-radius:16px;padding:32px 28px 28px;width:320px;box-shadow:0 24px 60px rgba(0,0,0,.2);border:1px solid var(--border);">
+    <div style="display:flex;align-items:center;justify-content:space-between;margin-bottom:20px;">
+      <div style="font-size:1rem;font-weight:700;">Change Password</div>
+      <button id="chpw-close" style="background:none;border:none;font-size:1.3rem;color:var(--muted);cursor:pointer;line-height:1;padding:2px 6px;">&times;</button>
+    </div>
+    <div style="display:flex;flex-direction:column;gap:12px;">
+      <div>
+        <label style="font-size:0.78rem;font-weight:600;color:var(--muted);text-transform:uppercase;letter-spacing:.04em;display:block;margin-bottom:4px;">Current Password</label>
+        <input id="chpw-current" type="password" autocomplete="current-password" style="width:100%;padding:9px 12px;border:1.5px solid var(--border);border-radius:8px;font-size:0.9rem;outline:none;font-family:inherit;" placeholder="Current password">
+      </div>
+      <div>
+        <label style="font-size:0.78rem;font-weight:600;color:var(--muted);text-transform:uppercase;letter-spacing:.04em;display:block;margin-bottom:4px;">New Password</label>
+        <input id="chpw-new" type="password" autocomplete="new-password" style="width:100%;padding:9px 12px;border:1.5px solid var(--border);border-radius:8px;font-size:0.9rem;outline:none;font-family:inherit;" placeholder="New password (min 6 chars)">
+      </div>
+      <div>
+        <label style="font-size:0.78rem;font-weight:600;color:var(--muted);text-transform:uppercase;letter-spacing:.04em;display:block;margin-bottom:4px;">Confirm New Password</label>
+        <input id="chpw-confirm" type="password" autocomplete="new-password" style="width:100%;padding:9px 12px;border:1.5px solid var(--border);border-radius:8px;font-size:0.9rem;outline:none;font-family:inherit;" placeholder="Confirm new password">
+      </div>
+    </div>
+    <div id="chpw-msg" style="font-size:0.82rem;min-height:1.2em;margin:10px 0 4px;"></div>
+    <button id="chpw-submit" style="width:100%;background:var(--accent);color:#fff;border:none;border-radius:8px;padding:11px;font-size:0.9rem;font-weight:600;cursor:pointer;font-family:inherit;margin-top:4px;transition:background .15s;">Change Password</button>
+  </div>
+</div>
 <main style="padding: 32px 0 64px;">
   <div class="container">
@@ -53,10 +83,96 @@
       <div class="game-grid" id="game-grid"></div>
     </div>
   </div>
 </main>
-<script src="./js/games.js?v=2"></script>
-<script src="./js/pin-modal.js?v=2"></script>
+<script src="./js/games.js?v=1.0.3"></script>
+<script src="./js/pin-modal.js?v=1.0.3c"></script>
+<a href="https://forms.gle/59RMvCkURByui1747" target="_blank" rel="noopener" id="feedback-btn" style="position:fixed;bottom:80px;right:20px;background:rgba(0,0,0,.06);color:var(--muted);font-size:0.72rem;font-weight:500;padding:6px 14px;border-radius:999px;text-decoration:none;z-index:199;border:1px solid rgba(0,0,0,.07);transition:all .15s;" onmouseover="this.style.background='rgba(0,0,0,.12)';this.style.color='var(--text)'" onmouseout="this.style.background='rgba(0,0,0,.06)';this.style.color='var(--muted)'">Feedback</a>
+<button id="scroll-top" onclick="window.scrollTo({top:0,behavior:'smooth'})" aria-label="Back to top" style="position:fixed;bottom:28px;right:28px;width:40px;height:40px;border-radius:50%;background:#2563eb;color:#fff;border:none;font-size:18px;cursor:pointer;box-shadow:0 2px 12px rgba(0,0,0,.18);opacity:0;transform:translateY(8px);transition:opacity .25s,transform .25s;pointer-events:none;z-index:200;display:flex;align-items:center;justify-content:center;">&#8593;</button>
+<script>
+(function(){
+  var btn=document.getElementById('scroll-top');
+  window.addEventListener('scroll',function(){
+    var show=window.scrollY>300;
+    btn.style.opacity=show?'1':'0';
+    btn.style.transform=show?'translateY(0)':'translateY(8px)';
+    btn.style.pointerEvents=show?'auto':'none';
+  },{passive:true});
+})();
+</script>
+<script>
+(function () {
+  var overlay   = document.getElementById('chpw-overlay');
+  var settBtn   = document.getElementById('settings-btn');
+  var closeBtn  = document.getElementById('chpw-close');
+  var submitBtn = document.getElementById('chpw-submit');
+  var msgEl     = document.getElementById('chpw-msg');
+  var curEl     = document.getElementById('chpw-current');
+  var newEl     = document.getElementById('chpw-new');
+  var conEl     = document.getElementById('chpw-confirm');
+  function openModal() {
+    curEl.value = ''; newEl.value = ''; conEl.value = '';
+    msgEl.textContent = ''; msgEl.style.color = '';
+    submitBtn.disabled = false;
+    overlay.style.display = 'flex';
+    setTimeout(function () { curEl.focus(); }, 50);
+  }
+  function closeModal() { overlay.style.display = 'none'; }
+  settBtn.addEventListener('click', openModal);
+  closeBtn.addEventListener('click', closeModal);
+  overlay.addEventListener('click', function (e) { if (e.target === overlay) closeModal(); });
+  document.addEventListener('keydown', function (e) {
+    if (e.key === 'Escape' && overlay.style.display === 'flex') closeModal();
+  });
+  submitBtn.addEventListener('click', doChange);
+  [curEl, newEl, conEl].forEach(function (el) {
+    el.addEventListener('keydown', function (e) { if (e.key === 'Enter') doChange(); });
+  });
+  async function doChange() {
+    var username = sessionStorage.getItem('mm_username') || '';
+    var cur = curEl.value;
+    var nw  = newEl.value;
+    var con = conEl.value;
+    if (!username) { msgEl.textContent = 'Session error — please log in again.'; msgEl.style.color = '#b91c1c'; return; }
+    if (!cur || !nw || !con) { msgEl.textContent = 'All fields are required.'; msgEl.style.color = '#b91c1c'; return; }
+    if (nw !== con) { msgEl.textContent = 'New passwords do not match.'; msgEl.style.color = '#b91c1c'; return; }
+    if (nw.length < 6) { msgEl.textContent = 'New password must be at least 6 characters.'; msgEl.style.color = '#b91c1c'; return; }
+    submitBtn.disabled = true;
+    msgEl.textContent = '';
+    try {
+      var res  = await fetch('./api/users/change-password', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ username: username, currentPassword: cur, newPassword: nw }),
+      });
+      var data = await res.json();
+      if (res.ok && data.ok) {
+        msgEl.textContent = 'Password changed successfully.';
+        msgEl.style.color = '#15803d';
+        setTimeout(closeModal, 1500);
+      } else {
+        msgEl.textContent = data.error || 'Failed to change password.';
+        msgEl.style.color = '#b91c1c';
+        submitBtn.disabled = false;
+      }
+    } catch {
+      msgEl.textContent = 'Connection error. Try again.';
+      msgEl.style.color = '#b91c1c';
+      submitBtn.disabled = false;
+    }
+  }
+})();
+</script>
 </body>
 </html>

package/bump.sh CHANGED Viewed

@@ -1,4 +1,8 @@
 #!/bin/bash
 VER=$(cat /var/www/moshelab/version.txt | tr -d '[:space:]')
-sudo sed -i "s/v[0-9]\+/$VER/g" /var/www/moshelab/*.html
+VERNUM="${VER#v}"
+# Update visible version badges (vX.X.X)
+sudo sed -i "s/v[0-9][0-9.]*/$VER/g" /var/www/moshelab/*.html
+# Update script/link cache-buster query params (?v=X.X.X)
+sudo sed -i "s/?v=[0-9][0-9.]*/?v=$VERNUM/g" /var/www/moshelab/*.html
 echo "Version set to $VER"