db3d8df6cc274684ff5638211bc9f625a1026548
- Created estimatortable.html with 47 columns displaying Job_Info_TestEnv data - Implemented frozen first two columns (Job_Number, Job_Full_Name) with sticky positioning - Implemented frozen header row with proper z-index layering - Added proper scrolling (vertical and horizontal within table container) - Applied .cursorrules formatting: dates in Central Time (MM/dd/yyyy), booleans as checkboxes - Implemented calculated fields: Due_Date_Counter with business logic, Active field read-only - Made boolean fields editable with PocketBase updates (except Active) - Created appsettings.html for comprehensive table configuration - Added global settings: row height, font size, striped rows - Added per-column settings: width, visibility, read-only status - Added dropdown choice configuration with color pickers and font styles for Job_Status - Settings save/load from app_preferences_settings collection - Fixed column position mapping with COLUMN_ORDER array for correct visibility and width application - Fixed horizontal scroll by calculating total table width dynamically - Added server routes for /estimatortable.html and /appsettings.html - Updated port to 6500 with improved console output
Auth Login Patterns
Selector: Set this once per project.
ACTIVE_LOGIN_METHOD=pb-oauth-via-microsoft
(Other methods can be added; only one should be active.)
Shared Rules (All Methods)
- Serve frontend from the project’s
frontendfolder; show login UI only when not authenticated. - Secrets come from
.env; never hardcode or log secrets/tokens. - Token storage: use in-memory auth store (avoid localStorage/sessionStorage unless explicitly required).
- On logout, clear the auth store and hide the protected UI.
- Log only context + message; exclude raw tokens or secrets.
Method: pb-oauth-via-microsoft (PocketBase + Microsoft)
Frontend
- Use PocketBase SDK OAuth (
provider: 'microsoft'). - Show login button when
!pb.authStore.isValid; hide the form until valid. - On success: keep token in
pb.authStore; display user email; show logout. - On logout:
pb.authStore.clear(); hide protected UI.
Backend
- Endpoints expecting auth (e.g.,
/api/submit) must receivepbToken. - Call
setUserPocketBaseAuth(pbToken)before PocketBase operations. - Required
.envkeys:CLIENT_ID,CLIENT_SECRET,TENANT_ID,REDIRECT_URI,PB_DB,PB_COLLECTION,PB_AUTH_COLLECTION. - Validate token via PocketBase client; reject if missing/invalid.
- Do not log tokens; log context and error message only.
UI States
- Logged out: show login UI only.
- Logged in: hide login UI, show form/app content.
- Errors: show a visible error container; avoid alert loops.
Security
- Enforce CORS as needed; HTTPS in production.
- Keep
.envout of version control; use deploy-time secrets.
Method: pb-and-graph-via-microsoft (PocketBase + Microsoft Graph)
Frontend
- Same UI pattern as
pb-oauth-via-microsoft(PocketBase OAuthprovider: 'microsoft'). - Show login when
!pb.authStore.isValid; hide protected UI until valid. - On success: keep token in
pb.authStore; display user email; show logout; on logout clear auth store.
Backend
- Expect
pbTokenon protected endpoints; callsetUserPocketBaseAuth(pbToken)before PB operations. - Acquire Graph token via client credentials for Excel sync.
- Required
.envkeys:- Azure AD:
CLIENT_ID,CLIENT_SECRET,TENANT_ID,REDIRECT_URI - PocketBase:
PB_DB,PB_COLLECTION,PB_AUTH_COLLECTION - Graph/Excel:
DRIVE_ID,ITEM_ID,EXCEL_TABLE,EXCEL_TABLE_WRITEBACK(if used)
- Azure AD:
- Use Graph scope:
https://graph.microsoft.com/.default - Do not log tokens; log context + message only.
Token Handling
- PocketBase token (user): stored in memory via
pb.authStore; sent to backend aspbToken. - Graph token (app): obtained server-side via client credentials; never exposed to frontend; short-lived, fetched on demand.
UI States
- Logged out: show login UI only.
- Logged in: hide login UI, show form/app content.
- Errors: show visible error container; avoid alert loops.
Security
- Enforce CORS as needed; HTTPS in production.
- Keep
.envout of version control; use deploy-time secrets. - Do not log raw tokens or secrets.
Method: PBandGraphOauth (PocketBase + Microsoft Graph OAuth)
Frontend
- Use PocketBase SDK OAuth (
provider: 'microsoft'). - Show login button when
!pb.authStore.isValid; hide protected UI until valid. - On success: keep token in
pb.authStore; display user email; show logout. - On logout:
pb.authStore.clear(); hide protected UI.
Backend
- Endpoints expecting auth (e.g.,
/api/submit) must receivepbTokenfrom the frontend. - Call
setUserPocketBaseAuth(pbToken)before PocketBase operations. - Obtain a Microsoft Graph access token using Azure AD app credentials.
- Required
.envkeys (exactly from current.env):- Azure AD:
CLIENT_ID,CLIENT_SECRET,TENANT_ID,REDIRECT_URI - PocketBase:
PB_DB,PB_COLLECTION,PB_AUTH_COLLECTION
- Azure AD:
- Graph token scope:
https://graph.microsoft.com/.default. - Never log raw tokens or secrets; log only context + messages.
Token Handling
- PocketBase token (user): stored in memory via
pb.authStore; sent to backend aspbTokenon protected calls. - Graph token (app): acquired server-side via client credentials using
CLIENT_ID/CLIENT_SECRET/TENANT_ID; never exposed to the frontend.
UI States
- Logged out: show login UI only.
- Logged in: hide login UI; show protected UI.
- Errors: show a visible error container; avoid alert loops.
Security
- Enforce CORS as needed; HTTPS in production.
- Keep
.envout of version control; use deploy-time secrets. - Do not log raw tokens or secrets.
Adding Another Method (Template)
# Example selector
ACTIVE_LOGIN_METHOD=custom-sso
Frontend:
- Describe SDK/flow
- Show/hide rules
- Token storage rules
Backend:
- How tokens are validated
- Required .env keys
- How errors are logged/returned
Security:
- CORS/HTTPS rules
- Logging redactions
How to Use
- Copy this folder into a new project (outside your app code) or reference it as the canonical auth guide.
- Set
ACTIVE_LOGIN_METHODto the one in use. - Follow only the active method; do not mix flows.
- Keep .env values in deploy-time secrets; never commit them.
Description
Languages
HTML
82%
TypeScript
18%