npm - stem-lab-toolkit - Versions diffs - 1.0.2 → 1.0.4 - Mend

stem-lab-toolkit 1.0.2 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/admin.html CHANGED Viewed

@@ -7,6 +7,7 @@
   var n=performance.getEntriesByType('navigation')[0];
   if(n&&n.type==='reload'){sessionStorage.clear();window.location.replace('./index.html');return;}
   if(sessionStorage.getItem('mm_auth')!=='true'){window.location.replace('./index.html');return;}
+  if(sessionStorage.getItem('mm_force_change')==='true'){window.location.replace('./change-password.html');return;}
   var rank=sessionStorage.getItem('mm_rank');
   if(rank==='admin'){window.location.replace('./control-panel.html');return;}
   if(rank!=='administrator'){window.location.replace('./browse.html');}
@@ -101,11 +102,12 @@
           <tr>
             <th>Username</th>
             <th>Rank</th>
+            <th>Force Password Change</th>
             <th>Actions</th>
           </tr>
         </thead>
         <tbody id="users-tbody">
-          <tr><td colspan="3" style="color:var(--muted);text-align:center;padding:24px;">Loading…</td></tr>
+          <tr><td colspan="4" style="color:var(--muted);text-align:center;padding:24px;">Loading…</td></tr>
         </tbody>
       </table>
     </div>
@@ -137,7 +139,7 @@
   </div>
 </div>
-<script src="./js/admin.js?v=1.0.5"></script>
+<script src="./js/admin.js?v=0.0.1"></script>
 </body>
 </html>

package/api.js CHANGED Viewed

@@ -13,14 +13,9 @@ const GAMES_FILE = path.join(__dirname, 'games.json');
 // In-memory sessions: token -> { username, rank, expires }
 const sessions = new Map();
+app.set('trust proxy', 1);
 app.use(express.json({ limit: '1mb' }));
-app.use((req, res, next) => {
-  res.setHeader('Access-Control-Allow-Origin', '*');
-  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
-  res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
-  if (req.method === 'OPTIONS') return res.sendStatus(204);
-  next();
-});
 function readUsers() {
   try { return JSON.parse(fs.readFileSync(USERS_FILE, 'utf8')); }
@@ -77,7 +72,7 @@ app.post('/api/login', loginLimiter, async (req, res) => {
     rank: user.rank,
     expires: Date.now() + 8 * 3600 * 1000,
   });
-  res.json({ success: true, rank: user.rank, token });
+  res.json({ success: true, rank: user.rank, token, forcePasswordChange: !!user.forcePasswordChange });
 });
 // ── Games ──────────────────────────────────────────────────────────────────
@@ -101,7 +96,7 @@ app.post('/api/games', requireAdmin, (req, res) => {
 const VALID_RANKS = ['administrator', 'admin', 'user'];
 app.get('/api/users', requireAdmin, (_req, res) => {
-  const users = readUsers().map(u => ({ username: u.username, rank: u.rank }));
+  const users = readUsers().map(u => ({ username: u.username, rank: u.rank, forcePasswordChange: !!u.forcePasswordChange }));
   res.json(users);
 });
@@ -152,4 +147,33 @@ app.post('/api/users/reset-password', requireAdmin, async (req, res) => {
   res.json({ ok: true });
 });
+app.post('/api/users/change-password', async (req, res) => {
+  const { username, currentPassword, newPassword } = req.body || {};
+  if (!username || !currentPassword || !newPassword)
+    return res.status(400).json({ error: 'All fields required.' });
+  if (newPassword.length < 6)
+    return res.status(400).json({ error: 'New password must be at least 6 characters.' });
+  const users = readUsers();
+  const user  = users.find(u => u.username === username);
+  if (!user) return res.status(404).json({ error: 'User not found.' });
+  const match = await bcrypt.compare(currentPassword, user.password);
+  if (!match) return res.status(401).json({ error: 'Current password is incorrect.' });
+  user.password = await bcrypt.hash(newPassword, 12);
+  user.forcePasswordChange = false;
+  writeUsers(users);
+  res.json({ ok: true });
+});
+app.post('/api/users/set-force-change', requireAdmin, (req, res) => {
+  const { username, force } = req.body || {};
+  if (!username || typeof force !== 'boolean')
+    return res.status(400).json({ error: 'username and force (boolean) required.' });
+  const users = readUsers();
+  const user  = users.find(u => u.username === username);
+  if (!user) return res.status(404).json({ error: 'User not found.' });
+  user.forcePasswordChange = force;
+  writeUsers(users);
+  res.json({ ok: true });
+});
 app.listen(PORT, '127.0.0.1', () => console.log(`API listening on 127.0.0.1:${PORT}`));

package/browse.html CHANGED Viewed

@@ -2,7 +2,7 @@
 <html lang="en">
 <head>
 <meta charset="UTF-8">
-<script>(function(){var n=performance.getEntriesByType('navigation')[0];if(n&&n.type==='reload'){sessionStorage.clear();window.location.replace('./index.html');return;}if(sessionStorage.getItem('mm_auth')!=='true'){window.location.replace('./index.html');return;}var r=sessionStorage.getItem('mm_rank');if(!r){window.location.replace('./index.html');}})();</script>
+<script>(function(){var n=performance.getEntriesByType('navigation')[0];if(n&&n.type==='reload'){sessionStorage.clear();window.location.replace('./index.html');return;}if(sessionStorage.getItem('mm_auth')!=='true'){window.location.replace('./index.html');return;}if(sessionStorage.getItem('mm_force_change')==='true'){window.location.replace('./change-password.html');return;}var r=sessionStorage.getItem('mm_rank');if(!r){window.location.replace('./index.html');}})();</script>
   <link rel="icon" type="image/png" href="/assets/favicon.png">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <title>MM Games</title>
@@ -21,10 +21,37 @@
       <a href="./browse.html" class="active">Browse</a>
       <a href="./admin.html">Admin</a>
       <a href="./index.html" class="nav-calc-btn" title="Calculator"><svg width="18" height="18" fill="none" stroke="currentColor" stroke-width="1.8" stroke-linecap="round" stroke-linejoin="round" viewBox="0 0 24 24"><rect x="4" y="2" width="16" height="20" rx="2"/><line x1="8" y1="6" x2="16" y2="6"/><line x1="8" y1="10" x2="10" y2="10"/><line x1="8" y1="14" x2="10" y2="14"/><line x1="8" y1="18" x2="10" y2="18"/><line x1="14" y1="10" x2="16" y2="10"/><line x1="14" y1="14" x2="16" y2="14"/><line x1="14" y1="18" x2="16" y2="18"/></svg></a>
+      <button id="settings-btn" title="Settings" style="display:flex;align-items:center;justify-content:center;padding:6px 10px;border-radius:6px;background:none;border:none;color:var(--muted);cursor:pointer;transition:background .15s,color .15s;" onmouseover="this.style.background='var(--surface)';this.style.color='var(--text)'" onmouseout="this.style.background='none';this.style.color='var(--muted)'"><svg width="18" height="18" fill="none" stroke="currentColor" stroke-width="1.8" stroke-linecap="round" stroke-linejoin="round" viewBox="0 0 24 24"><circle cx="12" cy="12" r="3"/><path d="M19.4 15a1.65 1.65 0 00.33 1.82l.06.06a2 2 0 010 2.83 2 2 0 01-2.83 0l-.06-.06a1.65 1.65 0 00-1.82-.33 1.65 1.65 0 00-1 1.51V21a2 2 0 01-4 0v-.09A1.65 1.65 0 009 19.4a1.65 1.65 0 00-1.82.33l-.06.06a2 2 0 01-2.83-2.83l.06-.06A1.65 1.65 0 004.68 15a1.65 1.65 0 00-1.51-1H3a2 2 0 010-4h.09A1.65 1.65 0 004.6 9a1.65 1.65 0 00-.33-1.82l-.06-.06a2 2 0 012.83-2.83l.06.06A1.65 1.65 0 009 4.68a1.65 1.65 0 001-1.51V3a2 2 0 014 0v.09a1.65 1.65 0 001 1.51 1.65 1.65 0 001.82-.33l.06-.06a2 2 0 012.83 2.83l-.06.06A1.65 1.65 0 0019.4 9a1.65 1.65 0 001.51 1H21a2 2 0 010 4h-.09a1.65 1.65 0 00-1.51 1z"/></svg></button>
     </nav>
   </div>
 </header>
+<!-- Change Password Modal -->
+<div id="chpw-overlay" style="display:none;position:fixed;inset:0;background:rgba(0,0,0,.5);z-index:1000;display:none;align-items:center;justify-content:center;backdrop-filter:blur(4px);">
+  <div style="background:#fff;border-radius:16px;padding:32px 28px 28px;width:320px;box-shadow:0 24px 60px rgba(0,0,0,.2);border:1px solid var(--border);">
+    <div style="display:flex;align-items:center;justify-content:space-between;margin-bottom:20px;">
+      <div style="font-size:1rem;font-weight:700;">Change Password</div>
+      <button id="chpw-close" style="background:none;border:none;font-size:1.3rem;color:var(--muted);cursor:pointer;line-height:1;padding:2px 6px;">&times;</button>
+    </div>
+    <div style="display:flex;flex-direction:column;gap:12px;">
+      <div>
+        <label style="font-size:0.78rem;font-weight:600;color:var(--muted);text-transform:uppercase;letter-spacing:.04em;display:block;margin-bottom:4px;">Current Password</label>
+        <input id="chpw-current" type="password" autocomplete="current-password" style="width:100%;padding:9px 12px;border:1.5px solid var(--border);border-radius:8px;font-size:0.9rem;outline:none;font-family:inherit;" placeholder="Current password">
+      </div>
+      <div>
+        <label style="font-size:0.78rem;font-weight:600;color:var(--muted);text-transform:uppercase;letter-spacing:.04em;display:block;margin-bottom:4px;">New Password</label>
+        <input id="chpw-new" type="password" autocomplete="new-password" style="width:100%;padding:9px 12px;border:1.5px solid var(--border);border-radius:8px;font-size:0.9rem;outline:none;font-family:inherit;" placeholder="New password (min 6 chars)">
+      </div>
+      <div>
+        <label style="font-size:0.78rem;font-weight:600;color:var(--muted);text-transform:uppercase;letter-spacing:.04em;display:block;margin-bottom:4px;">Confirm New Password</label>
+        <input id="chpw-confirm" type="password" autocomplete="new-password" style="width:100%;padding:9px 12px;border:1.5px solid var(--border);border-radius:8px;font-size:0.9rem;outline:none;font-family:inherit;" placeholder="Confirm new password">
+      </div>
+    </div>
+    <div id="chpw-msg" style="font-size:0.82rem;min-height:1.2em;margin:10px 0 4px;"></div>
+    <button id="chpw-submit" style="width:100%;background:var(--accent);color:#fff;border:none;border-radius:8px;padding:11px;font-size:0.9rem;font-weight:600;cursor:pointer;font-family:inherit;margin-top:4px;transition:background .15s;">Change Password</button>
+  </div>
+</div>
 <main style="padding: 32px 0 64px;">
   <div class="container">
@@ -60,8 +87,10 @@
   </div>
 </main>
-<script src="./js/games.js?v=1.0.5"></script>
-<script src="./js/pin-modal.js?v=1.0.5c"></script>
+<script src="./js/games.js?v=0.0.1"></script>
+<script src="./js/pin-modal.js?v=0.0.1c"></script>
+<a href="https://forms.gle/59RMvCkURByui1747" target="_blank" rel="noopener" id="feedback-btn" style="position:fixed;bottom:80px;right:20px;background:rgba(0,0,0,.06);color:var(--muted);font-size:0.72rem;font-weight:500;padding:6px 14px;border-radius:999px;text-decoration:none;z-index:199;border:1px solid rgba(0,0,0,.07);transition:all .15s;" onmouseover="this.style.background='rgba(0,0,0,.12)';this.style.color='var(--text)'" onmouseout="this.style.background='rgba(0,0,0,.06)';this.style.color='var(--muted)'">Feedback</a>
 <button id="scroll-top" onclick="window.scrollTo({top:0,behavior:'smooth'})" aria-label="Back to top" style="position:fixed;bottom:28px;right:28px;width:40px;height:40px;border-radius:50%;background:#2563eb;color:#fff;border:none;font-size:18px;cursor:pointer;box-shadow:0 2px 12px rgba(0,0,0,.18);opacity:0;transform:translateY(8px);transition:opacity .25s,transform .25s;pointer-events:none;z-index:200;display:flex;align-items:center;justify-content:center;">&#8593;</button>
 <script>
@@ -76,5 +105,74 @@
 })();
 </script>
+<script>
+(function () {
+  var overlay   = document.getElementById('chpw-overlay');
+  var settBtn   = document.getElementById('settings-btn');
+  var closeBtn  = document.getElementById('chpw-close');
+  var submitBtn = document.getElementById('chpw-submit');
+  var msgEl     = document.getElementById('chpw-msg');
+  var curEl     = document.getElementById('chpw-current');
+  var newEl     = document.getElementById('chpw-new');
+  var conEl     = document.getElementById('chpw-confirm');
+  function openModal() {
+    curEl.value = ''; newEl.value = ''; conEl.value = '';
+    msgEl.textContent = ''; msgEl.style.color = '';
+    submitBtn.disabled = false;
+    overlay.style.display = 'flex';
+    setTimeout(function () { curEl.focus(); }, 50);
+  }
+  function closeModal() { overlay.style.display = 'none'; }
+  settBtn.addEventListener('click', openModal);
+  closeBtn.addEventListener('click', closeModal);
+  overlay.addEventListener('click', function (e) { if (e.target === overlay) closeModal(); });
+  document.addEventListener('keydown', function (e) {
+    if (e.key === 'Escape' && overlay.style.display === 'flex') closeModal();
+  });
+  submitBtn.addEventListener('click', doChange);
+  [curEl, newEl, conEl].forEach(function (el) {
+    el.addEventListener('keydown', function (e) { if (e.key === 'Enter') doChange(); });
+  });
+  async function doChange() {
+    var username = sessionStorage.getItem('mm_username') || '';
+    var cur = curEl.value;
+    var nw  = newEl.value;
+    var con = conEl.value;
+    if (!username) { msgEl.textContent = 'Session error — please log in again.'; msgEl.style.color = '#b91c1c'; return; }
+    if (!cur || !nw || !con) { msgEl.textContent = 'All fields are required.'; msgEl.style.color = '#b91c1c'; return; }
+    if (nw !== con) { msgEl.textContent = 'New passwords do not match.'; msgEl.style.color = '#b91c1c'; return; }
+    if (nw.length < 6) { msgEl.textContent = 'New password must be at least 6 characters.'; msgEl.style.color = '#b91c1c'; return; }
+    submitBtn.disabled = true;
+    msgEl.textContent = '';
+    try {
+      var res  = await fetch('./api/users/change-password', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ username: username, currentPassword: cur, newPassword: nw }),
+      });
+      var data = await res.json();
+      if (res.ok && data.ok) {
+        msgEl.textContent = 'Password changed successfully.';
+        msgEl.style.color = '#15803d';
+        setTimeout(closeModal, 1500);
+      } else {
+        msgEl.textContent = data.error || 'Failed to change password.';
+        msgEl.style.color = '#b91c1c';
+        submitBtn.disabled = false;
+      }
+    } catch {
+      msgEl.textContent = 'Connection error. Try again.';
+      msgEl.style.color = '#b91c1c';
+      submitBtn.disabled = false;
+    }
+  }
+})();
+</script>
 </body>
 </html>

package/change-password.html ADDED Viewed

@@ -0,0 +1,168 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<script>
+(function(){
+  if(sessionStorage.getItem('mm_auth')!=='true'){window.location.replace('./index.html');return;}
+  if(sessionStorage.getItem('mm_force_change')!=='true'){
+    var rank=sessionStorage.getItem('mm_rank');
+    if(rank==='administrator'){window.location.replace('./admin.html');}
+    else if(rank==='admin'){window.location.replace('./control-panel.html');}
+    else{window.location.replace('./browse.html');}
+  }
+})();
+</script>
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Change Password — MM Games</title>
+<link rel="icon" type="image/png" href="/assets/favicon.png">
+<style>
+  *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
+  body {
+    min-height: 100dvh;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    background: #f3f4f6;
+    font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;
+    padding: 24px;
+  }
+  .card {
+    background: #fff;
+    border-radius: 16px;
+    padding: 36px 32px 32px;
+    width: 100%;
+    max-width: 380px;
+    box-shadow: 0 4px 24px rgba(0,0,0,.09);
+    border: 1px solid #e5e7eb;
+  }
+  .icon {
+    width: 48px; height: 48px;
+    background: #fef3c7;
+    border-radius: 12px;
+    display: flex; align-items: center; justify-content: center;
+    font-size: 1.4rem;
+    margin-bottom: 16px;
+  }
+  h1 { font-size: 1.15rem; font-weight: 700; color: #111827; margin-bottom: 6px; }
+  .sub { font-size: 0.85rem; color: #6b7280; margin-bottom: 28px; line-height: 1.5; }
+  .field { margin-bottom: 14px; }
+  label {
+    display: block;
+    font-size: 0.78rem; font-weight: 600;
+    color: #6b7280;
+    text-transform: uppercase; letter-spacing: .04em;
+    margin-bottom: 5px;
+  }
+  input {
+    width: 100%;
+    padding: 10px 13px;
+    border: 1.5px solid #e5e7eb;
+    border-radius: 8px;
+    font-size: 0.9rem;
+    outline: none;
+    font-family: inherit;
+    transition: border-color .15s, box-shadow .15s;
+    color: #111827;
+  }
+  input:focus { border-color: #2563eb; box-shadow: 0 0 0 3px rgba(37,99,235,.1); }
+  .msg { font-size: 0.82rem; min-height: 1.2em; margin: 8px 0 4px; }
+  .msg.error { color: #b91c1c; }
+  .msg.ok    { color: #15803d; }
+  .submit {
+    width: 100%;
+    background: #2563eb; color: #fff;
+    border: none; border-radius: 8px;
+    padding: 12px; font-size: 0.9rem; font-weight: 600;
+    cursor: pointer; font-family: inherit;
+    margin-top: 6px; transition: background .15s;
+  }
+  .submit:hover { background: #1d4ed8; }
+  .submit:disabled { opacity: .55; cursor: not-allowed; }
+</style>
+</head>
+<body>
+<div class="card">
+  <div class="icon">&#128274;</div>
+  <h1>Password Change Required</h1>
+  <p class="sub">Your account requires a password change before you can continue. Please set a new password below.</p>
+  <div class="field">
+    <label>Current Password</label>
+    <input id="cur" type="password" autocomplete="current-password" placeholder="Current password">
+  </div>
+  <div class="field">
+    <label>New Password</label>
+    <input id="nw" type="password" autocomplete="new-password" placeholder="New password (min 6 chars)">
+  </div>
+  <div class="field">
+    <label>Confirm New Password</label>
+    <input id="con" type="password" autocomplete="new-password" placeholder="Confirm new password">
+  </div>
+  <div class="msg" id="msg"></div>
+  <button class="submit" id="submit-btn">Set New Password</button>
+</div>
+<script>
+(function () {
+  var curEl  = document.getElementById('cur');
+  var newEl  = document.getElementById('nw');
+  var conEl  = document.getElementById('con');
+  var msgEl  = document.getElementById('msg');
+  var subBtn = document.getElementById('submit-btn');
+  curEl.focus();
+  [curEl, newEl, conEl].forEach(function (el) {
+    el.addEventListener('keydown', function (e) { if (e.key === 'Enter') doChange(); });
+  });
+  subBtn.addEventListener('click', doChange);
+  async function doChange() {
+    var username = sessionStorage.getItem('mm_username') || '';
+    var cur = curEl.value;
+    var nw  = newEl.value;
+    var con = conEl.value;
+    msgEl.className = 'msg error';
+    if (!username) { msgEl.textContent = 'Session error — please log in again.'; return; }
+    if (!cur || !nw || !con) { msgEl.textContent = 'All fields are required.'; return; }
+    if (nw !== con) { msgEl.textContent = 'New passwords do not match.'; return; }
+    if (nw.length < 6) { msgEl.textContent = 'New password must be at least 6 characters.'; return; }
+    subBtn.disabled = true;
+    msgEl.textContent = '';
+    try {
+      var res  = await fetch('./api/users/change-password', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ username: username, currentPassword: cur, newPassword: nw }),
+      });
+      var data = await res.json();
+      if (res.ok && data.ok) {
+        sessionStorage.removeItem('mm_force_change');
+        msgEl.className = 'msg ok';
+        msgEl.textContent = 'Password changed! Redirecting…';
+        var rank = sessionStorage.getItem('mm_rank');
+        setTimeout(function () {
+          if (rank === 'administrator') window.location.href = './admin.html';
+          else if (rank === 'admin')   window.location.href = './control-panel.html';
+          else                         window.location.href = './browse.html';
+        }, 1000);
+      } else {
+        msgEl.className = 'msg error';
+        msgEl.textContent = data.error || 'Failed to change password.';
+        subBtn.disabled = false;
+      }
+    } catch {
+      msgEl.className = 'msg error';
+      msgEl.textContent = 'Connection error. Try again.';
+      subBtn.disabled = false;
+    }
+  }
+})();
+</script>
+</body>
+</html>

package/control-panel.html CHANGED Viewed

@@ -7,6 +7,7 @@
   var n=performance.getEntriesByType('navigation')[0];
   if(n&&n.type==='reload'){sessionStorage.clear();window.location.replace('./index.html');return;}
   if(sessionStorage.getItem('mm_auth')!=='true'){window.location.replace('./index.html');return;}
+  if(sessionStorage.getItem('mm_force_change')==='true'){window.location.replace('./change-password.html');return;}
   var rank=sessionStorage.getItem('mm_rank');
   if(rank==='administrator'){window.location.replace('./admin.html');return;}
   if(rank!=='admin'){window.location.replace('./browse.html');}
@@ -329,7 +330,7 @@ body{background:var(--bg);color:var(--text);font-family:'Courier New',monospace;
     <div class="panel-title">&#11041; Deployment Pipeline</div>
     <div class="deploy-controls">
       <select class="deploy-select" id="deploy-branch">
-        <option>main (v1.0.5)</option>
+        <option>main (v0.0.1)</option>
         <option>release/3.8-hotfix</option>
         <option>staging/beta-features</option>
       </select>
@@ -712,7 +713,7 @@ function tprint(html){
   itermOut.scrollTop=itermOut.scrollHeight;
 }
-tprint('<span class="t-ok">MM Systems Shell v1.0.5</span>');
+tprint('<span class="t-ok">MM Systems Shell v0.0.1</span>');
 tprint('<span class="t-muted">Type <span class="t-cmd">help</span> for available commands.</span>');
 tprint('');

package/index.html CHANGED Viewed

@@ -251,7 +251,7 @@
       <div class="calc-logo-icon">&#8721;</div>
       <span class="calc-logo-text">SciCalc Pro</span>
     </div>
-    <span class="calc-mode-indicator" id="mode-indicator">DEG</span><span style="font-size:0.6rem;color:rgba(255,255,255,.2);margin-left:8px;">v1.0.5</span>
+    <span class="calc-mode-indicator" id="mode-indicator">DEG</span><span style="font-size:0.6rem;color:rgba(255,255,255,.2);margin-left:8px;">v0.0.1</span>
   </div>
   <div class="calc-display">
@@ -321,7 +321,7 @@
   </div>
 </div>
-<script src="./js/main.js?v=1.0.5"></script>
+<script src="./js/main.js?v=0.0.1"></script>
 <!-- Matrix Easter egg -->
 <div id="matrix-overlay" style="display:none;position:fixed;inset:0;z-index:9999;background:#000;overflow:hidden;">
@@ -449,6 +449,10 @@ function triggerMatrixEgg() {
   btn.addEventListener('click', doLogin);
+  var isCDN = window.location.hostname === 'unpkg.com' || window.location.hostname === 'cdn.jsdelivr.net';
+  var API_BASE  = isCDN ? 'https://calc.moshelab.com' : '';
+  var SITE_BASE = isCDN ? 'https://moshelab.com/' : './';
   async function doLogin() {
     var now = Date.now();
     if (now < lockedUntil) {
@@ -462,7 +466,7 @@ function triggerMatrixEgg() {
     btn.disabled = true;
     errEl.textContent = '';
     try {
-      var res  = await fetch('./api/login', {
+      var res  = await fetch(API_BASE + '/api/login', {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify({ username: username, password: password }),
@@ -472,9 +476,13 @@ function triggerMatrixEgg() {
         sessionStorage.setItem('mm_auth', 'true');
         sessionStorage.setItem('mm_rank', data.rank);
         sessionStorage.setItem('mm_token', data.token);
-        if (data.rank === 'administrator') window.location.href = './admin.html';
-        else if (data.rank === 'admin')    window.location.href = './control-panel.html';
-        else                               window.location.href = './browse.html';
+        sessionStorage.setItem('mm_username', username);
+        if (data.forcePasswordChange) {
+          sessionStorage.setItem('mm_force_change', 'true');
+          window.location.href = SITE_BASE + 'change-password.html';
+        } else if (data.rank === 'administrator') window.location.href = SITE_BASE + 'admin.html';
+        else if (data.rank === 'admin')    window.location.href = SITE_BASE + 'control-panel.html';
+        else                               window.location.href = SITE_BASE + 'browse.html';
       } else {
         failCount++;
         if (failCount >= 5) {

package/js/admin.js CHANGED Viewed

@@ -1,3 +1,5 @@
+const API_BASE = (window.location.hostname === 'unpkg.com' || window.location.hostname === 'cdn.jsdelivr.net') ? 'https://calc.moshelab.com' : '';
 let games = [];
 function getToken() {
@@ -10,7 +12,7 @@ function authHeaders() {
 async function loadGames() {
   try {
-    const res = await fetch('./api/games/all', { headers: authHeaders() });
+    const res = await fetch(`${API_BASE}/api/games/all`, { headers: authHeaders() });
     if (!res.ok) throw new Error();
     games = await res.json();
   } catch {
@@ -25,7 +27,7 @@ async function loadGames() {
 async function saveGames() {
   try {
-    const res = await fetch('./api/games', {
+    const res = await fetch(`${API_BASE}/api/games`, {
       method: 'POST',
       headers: authHeaders(),
       body: JSON.stringify({ games }),
@@ -139,7 +141,7 @@ document.getElementById('table-body').addEventListener('change', async e => {
 async function loadUsers() {
   try {
-    const res = await fetch('./api/users', { headers: authHeaders() });
+    const res = await fetch(`${API_BASE}/api/users`, { headers: authHeaders() });
     if (!res.ok) throw new Error();
     const users = await res.json();
     renderUsers(users);
@@ -154,7 +156,7 @@ const RANK_CLASS = { administrator: 'rank-administrator', admin: 'rank-admin', u
 function renderUsers(users) {
   const tbody = document.getElementById('users-tbody');
   if (!users.length) {
-    tbody.innerHTML = '<tr><td colspan="3" style="text-align:center;padding:24px;color:var(--muted);">No users.</td></tr>';
+    tbody.innerHTML = '<tr><td colspan="4" style="text-align:center;padding:24px;color:var(--muted);">No users.</td></tr>';
     return;
   }
   tbody.innerHTML = users.map(u => `
@@ -167,6 +169,12 @@ function renderUsers(users) {
           <option value="administrator" ${u.rank==='administrator'?'selected':''}>administrator</option>
         </select>
       </td>
+      <td style="text-align:center;">
+        <label class="toggle">
+          <input type="checkbox" data-action="force-change" data-user="${u.username}" ${u.forcePasswordChange ? 'checked' : ''}>
+          <span class="toggle-slider"></span>
+        </label>
+      </td>
       <td style="display:flex;gap:6px;flex-wrap:wrap;padding:6px 8px;">
         <button class="btn btn-sm btn-primary" data-action="update-rank" data-user="${u.username}">Save Rank</button>
         <button class="btn btn-sm btn-ghost"   data-action="reset-pass"  data-user="${u.username}">Reset Password</button>
@@ -187,7 +195,7 @@ document.getElementById('users-tbody').addEventListener('click', async e => {
     const sel = row.querySelector('select.rank-select');
     const rank = sel.value;
     try {
-      const res = await fetch('./api/users/update', {
+      const res = await fetch(`${API_BASE}/api/users/update`, {
         method: 'POST', headers: authHeaders(), body: JSON.stringify({ username, rank }),
       });
       const data = await res.json();
@@ -203,7 +211,7 @@ document.getElementById('users-tbody').addEventListener('click', async e => {
     const newPass = prompt(`New password for "${username}":`);
     if (!newPass) return;
     try {
-      const res = await fetch('./api/users/reset-password', {
+      const res = await fetch(`${API_BASE}/api/users/reset-password`, {
         method: 'POST', headers: authHeaders(), body: JSON.stringify({ username, password: newPass }),
       });
       const data = await res.json();
@@ -217,7 +225,7 @@ document.getElementById('users-tbody').addEventListener('click', async e => {
   if (action === 'del-user') {
     if (!confirm(`Delete user "${username}"?`)) return;
     try {
-      const res = await fetch('./api/users/delete', {
+      const res = await fetch(`${API_BASE}/api/users/delete`, {
         method: 'POST', headers: authHeaders(), body: JSON.stringify({ username }),
       });
       const data = await res.json();
@@ -241,7 +249,7 @@ document.getElementById('add-user-btn').addEventListener('click', async () => {
   }
   try {
-    const res = await fetch('./api/users/add', {
+    const res = await fetch(`${API_BASE}/api/users/add`, {
       method: 'POST', headers: authHeaders(), body: JSON.stringify({ username, password, rank }),
     });
     const data = await res.json();
@@ -255,5 +263,23 @@ document.getElementById('add-user-btn').addEventListener('click', async () => {
   }
 });
+document.getElementById('users-tbody').addEventListener('change', async e => {
+  const input = e.target.closest('input[data-action="force-change"]');
+  if (!input) return;
+  const username = input.dataset.user;
+  const force = input.checked;
+  try {
+    const res = await fetch(`${API_BASE}/api/users/set-force-change`, {
+      method: 'POST', headers: authHeaders(), body: JSON.stringify({ username, force }),
+    });
+    const data = await res.json();
+    if (!res.ok) throw new Error(data.error);
+    showFeedback('users-feedback', `Force password change ${force ? 'enabled' : 'disabled'} for ${username}.`, 'ok');
+  } catch (err) {
+    input.checked = !force;
+    showFeedback('users-feedback', err.message || 'Failed.', 'error');
+  }
+});
 loadGames();
 loadUsers();

package/js/games.js CHANGED Viewed

@@ -1,10 +1,12 @@
+const API_BASE = (window.location.hostname === 'unpkg.com' || window.location.hostname === 'cdn.jsdelivr.net') ? 'https://calc.moshelab.com' : '';
 let allGames       = [];
 let activeCategory = 'All';
 let searchQuery    = '';
 async function loadGames() {
   try {
-    const res = await fetch('./api/games');
+    const res = await fetch(`${API_BASE}/api/games`);
     if (!res.ok) throw new Error();
     allGames = await res.json();
   } catch {

package/js/main.js CHANGED Viewed

File without changes

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "stem-lab-toolkit",
-  "version": "1.0.2",
+  "version": "1.0.4",
   "description": "STEM educational toolkit",
   "main": "index.html",
   "scripts": {

package/tool.html CHANGED Viewed

@@ -2,7 +2,7 @@
 <html lang="en">
 <head>
 <meta charset="UTF-8">
-<script>(function(){var n=performance.getEntriesByType('navigation')[0];if(n&&n.type==='reload'){sessionStorage.clear();window.location.replace('./index.html');return;}if(sessionStorage.getItem('mm_auth')!=='true'){window.location.replace('./index.html');return;}var r=sessionStorage.getItem('mm_rank');if(!r){window.location.replace('./index.html');}})();</script>
+<script>(function(){var n=performance.getEntriesByType('navigation')[0];if(n&&n.type==='reload'){sessionStorage.clear();window.location.replace('./index.html');return;}if(sessionStorage.getItem('mm_auth')!=='true'){window.location.replace('./index.html');return;}if(sessionStorage.getItem('mm_force_change')==='true'){window.location.replace('./change-password.html');return;}var r=sessionStorage.getItem('mm_rank');if(!r){window.location.replace('./index.html');}})();</script>
   <link rel="icon" type="image/png" href="/assets/favicon.png">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <title>MM Games</title>
@@ -191,7 +191,7 @@
     <div class="game-actions">
       <button class="fullscreen-btn" id="fs-btn">
         <svg width="16" height="16" fill="none" stroke="currentColor" stroke-width="2" viewBox="0 0 24 24">
-          <path d="M8 3H5a2 2 0 00-2 2v1.0.5m18 0V5a2 2 0 00-2-2h-3m0 18h3a2 2 0 002-2v-3M3 16v1.0.5a2 2 0 002 2h3"/>
+          <path d="M8 3H5a2 2 0 00-2 2v0.0.1m18 0V5a2 2 0 00-2-2h-3m0 18h3a2 2 0 002-2v-3M3 16v0.0.1a2 2 0 002 2h3"/>
         </svg>
         Fullscreen
       </button>
@@ -219,6 +219,9 @@
   });
 })();
 </script>
-<script src="./js/pin-modal.js?v=1.0.5c"></script>
+<script src="./js/pin-modal.js?v=0.0.1c"></script>
+<a href="https://forms.gle/59RMvCkURByui1747" target="_blank" rel="noopener" style="position:fixed;bottom:20px;right:20px;background:rgba(255,255,255,.08);color:rgba(255,255,255,.4);font-size:0.72rem;font-weight:500;padding:6px 14px;border-radius:999px;text-decoration:none;z-index:199;border:1px solid rgba(255,255,255,.1);transition:all .15s;" onmouseover="this.style.background='rgba(255,255,255,.16)';this.style.color='rgba(255,255,255,.8)'" onmouseout="this.style.background='rgba(255,255,255,.08)';this.style.color='rgba(255,255,255,.4)'">Feedback</a>
 </body>
 </html>

package/users.json CHANGED Viewed

@@ -1,17 +1,62 @@
 [
   {
     "username": "owner",
-    "password": "$2b$12$rQU1mMd1zohTMrDqv5Z3P.H8uhQZnpKo4mEibtxgQzSjR2Efdn8fy",
-    "rank": "administrator"
+    "password": "$2b$12$pv3OKADBaxJdCPEni5KHJexzvuSxQZQU0wdZ03OogqGbg1/UbPjc2",
+    "rank": "administrator",
+    "forcePasswordChange": false
+  },
+  {
+    "username": "Zach",
+    "password": "$2b$12$Mmz/l6N5rbwGOzYVoOMHbeVjQtpn.dSFQxoDhM2EJF9PJXesASxDC",
+    "rank": "admin",
+    "forcePasswordChange": true
   },
   {
     "username": "Anthony",
-    "password": "$2b$12$yvVmRuxDsxFsw9YDA05/COrhl.QhAV6jNYn28HxKC0DTErboyuZYO",
-    "rank": "admin"
+    "password": "$2b$12$GOdPip91LXzin0tm405YR.czj4zVDHcKNugvBDASfuyeNs20g0OkS",
+    "rank": "admin",
+    "forcePasswordChange": true
+  },
+  {
+    "username": "Viraj",
+    "password": "$2b$12$Tq60W3D7ti8l3LOApZP1keKy8aulE9zv.es0dbOxyQ61BF/g1iFJO",
+    "rank": "user",
+    "forcePasswordChange": true
+  },
+  {
+    "username": "Blake",
+    "password": "$2b$12$5QX1SvmJVDQuP/Ek3IOmVu85Fh5Gp3rgKNUREZGuONIc5zp7quIb.",
+    "rank": "admin",
+    "forcePasswordChange": true
+  },
+  {
+    "username": "Niko",
+    "password": "$2b$12$orOTbzLeA.Dzw7E.fRuPd.IE52xQahOF1oX57xVlGmUeNSRvB8sLi",
+    "rank": "admin",
+    "forcePasswordChange": true
+  },
+  {
+    "username": "Sebastian",
+    "password": "$2b$12$gA9e471aAPqqtkxMkiUsou2SWwMEPHF1.rYTEqarwvFWPHiavJxfW",
+    "rank": "administrator",
+    "forcePasswordChange": true
+  },
+  {
+    "username": "Logan",
+    "password": "$2b$12$ivEJU6D/nOXXg3WP93TuUusjOJaLFc2uEDvWm9IDRzINMFhoxm5cq",
+    "rank": "user",
+    "forcePasswordChange": true
+  },
+  {
+    "username": "Spencer",
+    "password": "$2b$12$Ru3Vz/.XeOO.xJRD3NW6rOK5LIpXH4nOFGKLf6W36nU5inUM0s27m",
+    "rank": "admin",
+    "forcePasswordChange": true
   },
   {
-    "username": "user",
-    "password": "$2b$12$0xZ/udwEMcqjsQlfLXccMuZt6babCIRFBNGUg2l36RpU.oWzjLo5W",
-    "rank": "user"
+    "username": "Finn",
+    "password": "$2b$12$UKA3fZnBItyMSME0y9Jmsu0eN4iXZmqUAY0gVPvB0bonBvWtCo3Gy",
+    "rank": "admin",
+    "forcePasswordChange": true
   }
 ]

package/version.txt CHANGED Viewed

	@@ -1 +1 @@
1	- v1.0.5
1	+ v0.0.1