Oliver/ac-tool
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
32 commits 1 branch 0 tags 796 KiB
Commit graph

4 commits

Author SHA1 Message Date
Vadym Samoilenko
8050a6a0f6 Add emergency token login as SSO bypass 
When EMERGENCY_TOKEN is set in .env, a Bearer token matching it grants
admin access without going through Azure AD / MSAL. Useful when 2FA or
SSO is unavailable. Token is compared in constant-time to prevent timing
attacks. If EMERGENCY_TOKEN is empty (default), the feature is disabled.

Frontend: small "Emergency access" link on login page opens a token input.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-23 19:07:34 +00:00
Vadym Samoilenko
1b051f4d0d Add per-client category hierarchy, client management, and admin hardcoding 
Backend:
- New /api/clients CRUD (create, list, delete, rename)
- dropdowns.py: _load_dropdowns(client_id) — per-client file first, global fallback
- admin.py: per-client dropdown upload/preview/delete endpoints
- ai_command.py: reads sheet's client_id, builds hierarchy from client-specific file
- sheets/manager.py: client_id stored in sheet metadata; get/set_sheet_client_id helpers
- sheets.py: create sheet accepts client_id; PATCH /{id}/client endpoint
- config_runtime.py: CLIENTS_FILE, CLIENTS_DROPDOWNS_DIR, ADMIN_EMAILS list
- user_store.py: bootstrap admin from ADMIN_EMAILS (daveporter + vadymsamoilenko)

Frontend:
- New Client type; SheetMeta gains client_id
- api/clients.ts, stores/useClientStore.ts — client CRUD
- useDropdownStore: re-fetches when client changes (no stale cache)
- SheetPage: client selector in header; fetches per-client categories
- BriefUploadPage: client selector before upload
- AdminClientsPage: create/delete clients, upload per-client .xlsx, preview before apply
- Sidebar: separate admin nav links (Users / Clients / Dropdowns)
- App.tsx: /admin/clients route

Data:
- 4 clients pre-seeded (Adidas, USTUDIO, 3M Colab, Bissell) with custom hierarchy files

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-23 18:56:01 +00:00
Vadym Samoilenko
08710e1a16 fix: verify JWT signature via JWKS and fix auth dev bypass condition 
- msal_auth.py: replace verify_signature=False with real JWKS verification
  using PyJWKClient; validates RS256 signature, aud=clientId, issuer v2.0
- App.tsx: split DEV bypass from empty-accounts case — in production,
  accounts.length === 0 now correctly triggers loginRedirect instead of
  calling fetchMe without a token

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-23 14:44:22 +00:00
Vadym Samoilenko
72c50b2c92 Initial commit — AC Tool unified application 
Merges ac-helper (PHP Activation Calendar) and brief-extractor (Python AI)
into a single Docker app with React/TypeScript frontend.

Features:
- Brief upload → AI extraction → review → Activation Calendar import
- Handsontable v17 spreadsheet with dependent dropdowns (148 categories)
- AI natural language commands via Gemini (YOLO mode, voice input)
- Azure AD MSAL SPA PKCE authentication, user roles (user/admin)
- CSV Activation Calendar export
- Real-time WebSocket job progress
- Admin: user management, dropdown Excel upload
- Multi-stage Dockerfile, docker-compose, nginx proxy instructions

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-23 13:24:46 +00:00