Skip to content

Commit 35c3dd4

Browse files
committed
Clean up sign-in routing, migrate DB consumers to Local DB, and finish identity schema governance cleanup - PR_26164_093-095-auth-db-cleanup
1 parent 6ae5e75 commit 35c3dd4

27 files changed

Lines changed: 476 additions & 483 deletions

login.html renamed to account/sign-in.html

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,10 @@
44
<head>
55
<meta charset="utf-8">
66
<meta name="viewport" content="width=device-width, initial-scale=1">
7-
<title>Login - GameFoundryStudio</title>
7+
<title>Sign In - GameFoundryStudio</title>
88
<meta name="description" content="Choose a local development session for GameFoundryStudio.">
99
<link rel="icon" href="/favicon.svg">
10-
<link rel="stylesheet" href="assets/theme-v2/css/theme.css">
10+
<link rel="stylesheet" href="../assets/theme-v2/css/theme.css">
1111
</head>
1212

1313
<body>
@@ -16,7 +16,7 @@
1616
<section class="page-title">
1717
<div class="container">
1818
<div class="kicker">Session</div>
19-
<h1>Login</h1>
19+
<h1>Sign In</h1>
2020
<p class="lede">Use the Local DB-backed development session for project data.</p>
2121
</div>
2222
</section>
@@ -25,7 +25,7 @@ <h1>Login</h1>
2525
<div class="account-panel">
2626
<aside class="side-menu" aria-label="Session mode">
2727
<button class="btn btn--compact" type="button" data-login-mode="local-db">Local DB</button>
28-
<p class="status" role="status" data-login-mode-disabled-message hidden>Use the API-backed local server for login. Run npm run dev:local-api and open http://127.0.0.1:5501/login.html. Local DB is disabled until the local API server is running.</p>
28+
<p class="status" role="status" data-login-mode-disabled-message hidden>Use the API-backed local server for sign-in. Run npm run dev:local-api and open http://127.0.0.1:5501/account/sign-in.html. Local DB is disabled until the local API server is running.</p>
2929
<hr>
3030
<section class="content-stack" aria-labelledby="login-reseed-title">
3131
<div>
@@ -76,7 +76,7 @@ <h2 id="login-local-status-title">Local Development Status</h2>
7676
<p><strong>Local API availability:</strong> <span data-login-status-api>Checking...</span></p>
7777
<p><strong>Disabled reason:</strong> <span data-login-status-disabled-reason>Checking...</span></p>
7878
<p><strong>Expected API endpoint:</strong> <span data-login-status-endpoint>/api/session/current</span></p>
79-
<p><strong>Correct local URL:</strong> <span data-login-status-api-url>http://127.0.0.1:5501/login.html</span></p>
79+
<p><strong>Correct local URL:</strong> <span data-login-status-api-url>http://127.0.0.1:5501/account/sign-in.html</span></p>
8080
<p><strong>Startup command:</strong> <span data-login-status-command>npm run dev:local-api</span></p>
8181
</div>
8282
</div>
@@ -85,8 +85,8 @@ <h2 id="login-local-status-title">Local Development Status</h2>
8585
</section>
8686
</main>
8787
<div data-partial="footer"></div>
88-
<script src="assets/theme-v2/js/gamefoundry-partials.js" defer></script>
89-
<script type="module" src="assets/theme-v2/js/login-session.js"></script>
88+
<script src="../assets/theme-v2/js/gamefoundry-partials.js" defer></script>
89+
<script type="module" src="../assets/theme-v2/js/login-session.js"></script>
9090
</body>
9191

9292
</html>

assets/theme-v2/js/gamefoundry-partials.js

Lines changed: 16 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -86,7 +86,7 @@
8686
publish: "community/publish.html",
8787
support: "docs/support.html",
8888
reference: "docs/reference.html",
89-
login: "login.html",
89+
"sign-in": "account/sign-in.html",
9090
contact: "company/contact.html",
9191
vision: "company/vision.html",
9292
mission: "company/mission.html",
@@ -139,7 +139,7 @@
139139

140140
const currentScript = document.currentScript || document.querySelector("script[src*='gamefoundry-partials.js']");
141141
const assetRoot = currentScript ? new URL("../", currentScript.src) : null;
142-
const apiBackedLoginDiagnostic = "Use the API-backed local server for login. Run npm run dev:local-api and open http://127.0.0.1:5501/login.html.";
142+
const apiBackedLoginDiagnostic = "Use the API-backed local server for sign-in. Run npm run dev:local-api and open http://127.0.0.1:5501/account/sign-in.html.";
143143
let navigationAdminMenuCache = null;
144144

145145
function assetUrl(path) {
@@ -348,7 +348,7 @@
348348
return {
349349
authenticated: false,
350350
diagnostic: diagnostic || "Server session API is unavailable. Start the local server API before using protected pages.",
351-
displayName: "Login",
351+
displayName: "Sign In",
352352
mode: "missing-api",
353353
roleSlugs: []
354354
};
@@ -384,7 +384,7 @@
384384
return {
385385
authenticated: Boolean(session.authenticated),
386386
diagnostic: session.diagnostic || "",
387-
displayName: session.authenticated ? session.displayName || session.label || "Account" : "Login",
387+
displayName: session.authenticated ? session.displayName || session.label || "Account" : "Sign In",
388388
mode: session.mode || "local-db",
389389
roleSlugs: Array.isArray(session.roleSlugs) ? session.roleSlugs : []
390390
};
@@ -413,9 +413,9 @@
413413
const canUseAdmin = loginState.authenticated && loginState.roleSlugs.includes("admin");
414414

415415
if (accountLink) {
416-
accountLink.textContent = canUseAccount ? loginState.displayName + " \u25BE" : "Login";
417-
accountLink.setAttribute("aria-label", canUseAccount ? "Account menu for " + loginState.displayName : "Login");
418-
accountLink.setAttribute("href", canUseAccount ? routeHref("account") : routeHref("login"));
416+
accountLink.textContent = canUseAccount ? loginState.displayName + " \u25BE" : "Sign In";
417+
accountLink.setAttribute("aria-label", canUseAccount ? "Account menu for " + loginState.displayName : "Sign In");
418+
accountLink.setAttribute("href", canUseAccount ? routeHref("account") : routeHref("sign-in"));
419419
}
420420
if (accountMenu) {
421421
accountMenu.hidden = !canUseAccount;
@@ -432,14 +432,17 @@
432432
return {
433433
role: "admin",
434434
title: "Admin role required",
435-
message: "Log in as Admin to open this Admin page."
435+
message: "Sign in as Admin to open this Admin page."
436436
};
437437
}
438+
if (pagePath === "account/sign-in.html") {
439+
return null;
440+
}
438441
if (pagePath.indexOf("account/") === 0) {
439442
return {
440443
role: "user",
441-
title: "Login required",
442-
message: "Log in as a local user to open Account pages."
444+
title: "Sign-in required",
445+
message: "Sign in as a local user to open Account pages."
443446
};
444447
}
445448
return null;
@@ -491,12 +494,12 @@
491494
status.dataset.sessionAccessStatus = "";
492495
status.textContent = [
493496
`Blocked ${pagePath}. Current session: ${loginState.displayName}.`,
494-
loginState.diagnostic ? `Login/session diagnostic: ${loginState.diagnostic}` : ""
497+
loginState.diagnostic ? `Sign-in/session diagnostic: ${loginState.diagnostic}` : ""
495498
].filter(Boolean).join(" ");
496499
const link = document.createElement("a");
497500
link.className = "btn primary";
498-
link.href = routeHref("login") + "?returnTo=" + encodeURIComponent(pagePath);
499-
link.textContent = "Open Login";
501+
link.href = routeHref("sign-in") + "?returnTo=" + encodeURIComponent(pagePath);
502+
link.textContent = "Open Sign In";
500503
body.append(status, link);
501504
card.append(body);
502505
bodyContainer.append(card);

assets/theme-v2/js/login-session.js

Lines changed: 19 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -24,10 +24,10 @@ const reseedFields = {
2424
target: document.querySelector("[data-login-reseed-target]"),
2525
};
2626
const localApiStartCommand = "npm run dev:local-api";
27-
const localApiLoginUrl = "http://127.0.0.1:5501/login.html";
27+
const localApiLoginUrl = "http://127.0.0.1:5501/account/sign-in.html";
2828
const expectedSessionEndpoint = "/api/session/current";
29-
const apiBackedLoginDiagnostic = `Use the API-backed local server for login. Run ${localApiStartCommand} and open ${localApiLoginUrl}.`;
30-
const staticModeDisabledMessage = `Use the API-backed local server for login. Run ${localApiStartCommand} and open ${localApiLoginUrl}. Local DB is disabled until the local API server is running.`;
29+
const apiBackedLoginDiagnostic = `Use the API-backed local server for sign-in. Run ${localApiStartCommand} and open ${localApiLoginUrl}.`;
30+
const staticModeDisabledMessage = `Use the API-backed local server for sign-in. Run ${localApiStartCommand} and open ${localApiLoginUrl}. Local DB is disabled until the local API server is running.`;
3131
let reseedConfirmationPending = false;
3232
let reseedStatusMessage = "";
3333
const localStatusFields = {
@@ -44,9 +44,22 @@ function currentReturnTo() {
4444
const params = new URLSearchParams(window.location.search);
4545
const value = params.get("returnTo") || "";
4646
if (!value || value.startsWith("/") || value.includes("://") || value.includes("..")) {
47-
return "toolbox/index.html";
47+
return repoPathHref("toolbox/index.html");
4848
}
49-
return value;
49+
return repoPathHref(value);
50+
}
51+
52+
function repoPathHref(path) {
53+
const normalizedPath = String(path || "").replace(/^\/+/, "");
54+
return normalizedPath ? rootPrefix() + normalizedPath : "#";
55+
}
56+
57+
function rootPrefix() {
58+
const rootSegments = new Set(["account", "admin", "company", "community", "docs", "games", "learn", "legal", "marketplace", "toolbox"]);
59+
const parts = window.location.pathname.split("/").filter(Boolean);
60+
const rootIndex = parts.findIndex((part) => rootSegments.has(part));
61+
const pageParts = rootIndex >= 0 ? parts.slice(rootIndex) : [parts[parts.length - 1] || "index.html"];
62+
return pageParts.length > 1 ? "../".repeat(pageParts.length - 1) : "";
5063
}
5164

5265
function updateContinueLink() {
@@ -225,7 +238,7 @@ function renderError(error) {
225238
modeDescription.textContent = "Start the API-backed local server to use Local DB.";
226239
}
227240
if (modeStatus) {
228-
modeStatus.textContent = `Login/session diagnostic: ${message}`;
241+
modeStatus.textContent = `Sign-in/session diagnostic: ${message}`;
229242
}
230243
if (modeDisabledMessage) {
231244
modeDisabledMessage.hidden = message !== apiBackedLoginDiagnostic;

assets/theme-v2/partials/header-nav.html

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -102,7 +102,7 @@
102102
<div class="sub-menu">
103103
<a data-nav-link data-route="account" href="account/index.html">Account Home</a>
104104
<a data-nav-link data-route="account-achievements" href="account/achievements.html">Achievements</a>
105-
<a data-account-logout data-route="login" href="login.html">Logout</a>
105+
<a data-account-logout data-route="sign-in" href="account/sign-in.html">Logout</a>
106106
<a data-nav-link data-route="account-preferences" href="account/preferences.html">Preferences</a>
107107
<a data-nav-link data-route="account-profile" href="account/profile.html">Profile</a>
108108
<a data-nav-link data-route="account-security" href="account/security.html">Security</a>
Lines changed: 72 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,72 @@
1+
# PR_26164_093-sign-in-route-cleanup
2+
3+
## Branch Validation
4+
5+
PASS: current branch is `main`.
6+
7+
## Scope Summary
8+
9+
PASS: Scoped to sign-in route cleanup, active sign-in/account link updates, targeted tests, and required reports.
10+
11+
## Sign-In Route Reference Audit
12+
13+
PASS: `/login.html` existed before the cleanup and was removed.
14+
15+
PASS: The real active sign-in route is now `account/sign-in.html`.
16+
17+
Updated active route/link references:
18+
19+
- Moved `login.html` to `account/sign-in.html`.
20+
- Updated shared route map from the old login route to `sign-in`.
21+
- Updated header logout links to `data-route="sign-in"` and `account/sign-in.html`.
22+
- Updated local API guidance from `http://127.0.0.1:5501/login.html` to `http://127.0.0.1:5501/account/sign-in.html`.
23+
- Updated Assets guest prompt Sign In and Account links to resolve from `toolbox/assets/index.html`.
24+
- Updated targeted Playwright references to the new sign-in path.
25+
26+
PASS: Active source/page/test scan found no `login.html` or `/login.html` references outside historical report/archive folders.
27+
28+
## Requirement Checklist
29+
30+
| Requirement | Status | Evidence |
31+
| --- | --- | --- |
32+
| Read `docs_build/dev/PROJECT_INSTRUCTIONS.md` before execution | PASS | Project instructions were read before implementation. |
33+
| Verify current branch is `main` before changes | PASS | `git branch --show-current` returned `main`. |
34+
| Confirm `/login.html` no longer exists | PASS | `login.html` was removed; `account/sign-in.html` exists. |
35+
| Find references to login/sign-in/auth/account entry routes | PASS | Active source/page/test roots were scanned and updated where applicable. |
36+
| Update sign-in links/routes to current real sign-in page/path | PASS | Active sign-in route is `account/sign-in.html`; updated route map, header partials, local server output, tests, and Assets prompt. |
37+
| Do not recreate `login.html` | PASS | No root `login.html` file remains. |
38+
| Do not reintroduce fake login | PASS | No new fake auth mechanism was added; existing Local DB session selection moved to the Sign In route. |
39+
| Do not reintroduce MEM DB | PASS | Diff audit found no added MEM DB/local-mem references. |
40+
| Keep scope limited | PASS | Changes are sign-in route cleanup, copy/link alignment, targeted tests, and reports. |
41+
| Validate updated links resolve | PASS | `account/sign-in.html` and `account/index.html` targets exist. |
42+
| Validate no inline script/style/event handlers added | PASS | Changed HTML scan passed. |
43+
44+
## Validation Lane Report
45+
46+
Playwright impacted: Yes. Navigation/runtime JS and route tests changed.
47+
48+
Validation commands:
49+
50+
- PASS: `git diff --check`
51+
- PASS: targeted JS syntax checks with `node --check`
52+
- PASS: changed HTML inline script/style/event-handler audit
53+
- PASS: updated sign-in/account link target audit
54+
- PASS: `login.html` absence audit
55+
- PASS: active `/login.html` reference audit
56+
- PASS: MEM DB/local-mem added-line audit
57+
- PASS: `npx playwright test tests/playwright/tools/LoginSessionMode.spec.mjs tests/playwright/tools/StaticOnlyLoginApiRequired.spec.mjs tests/playwright/tools/ApiStaticRouteRecovery.spec.mjs --reporter=list --workers=1` -> 9 passed
58+
- PASS: `npx playwright test tests/playwright/tools/RootToolsFutureState.spec.mjs -g "navigation" --reporter=list --workers=1` -> 1 passed
59+
- PASS: `npx playwright test tests/playwright/tools/AssetToolMockRepository.spec.mjs -g "Assets guest upload action shows account prompt" --reporter=list --workers=1` -> 1 passed
60+
- PASS: `npx playwright test tests/playwright/tools/ToolboxRoutePages.spec.mjs -g "toolbox index shows wireframe" --reporter=list --workers=1` -> 1 passed
61+
62+
Additional targeted command:
63+
64+
- FAIL: `node --test tests/dev-runtime/AdminNotesBoundary.test.mjs` has unrelated pre-existing failures for missing `docs_build/dev/admin-notes/README.md`, local Admin Notes menu assertions, and Admin menu expectations. The sign-in assertion in that file was updated, but this command is not a reliable route-cleanup validator in the current repo state.
65+
66+
## Manual Validation Notes
67+
68+
- Confirmed root `login.html` was removed.
69+
- Confirmed `account/sign-in.html` is not blocked by the Account protected-page guard.
70+
- Confirmed the Sign In page uses external scripts/styles only.
71+
- Confirmed the Assets guest prompt Sign In target resolves to `../../account/sign-in.html`.
72+
- Historical reports/archive references were not rewritten because they are immutable validation history, not active routes.

0 commit comments

Comments
 (0)