Closed ddavness closed 1 year ago
let
over var
. Always.something.html("<p>Some html</p>")
). Use templates instead;.text()
over .html()
and you're not risking a XSS vulnerability;document.getElementById()
blah blah blah;The current authentication model of the admin panel can be done in three ways:
Authentication
header (this token is visible to JavaScript);I'll be looking to overhaul this to make stuff more consistent (and likely more secure too):
The new authentication model and flow seem to be working nicely so far :)
Right now I'd be surprised if things work at this state :upside_down_face:
Oh hey, it's working surprisingly well so far! I'm suspicious now
Further looks at the code tell me that we probably can do some optimizations on the API we're exposing - however this will create breaking changes as certain API endpoints will be removed. Some immediate examples include:
/mail/users/quota
/mail/users/password
/mail/users/privileges/add
/mail/users/privileges/remove
/mail/users/
;/mail/aliases/add
/mail/aliases
;/mail/aliases/remove
/mail/aliases
;There might be something for the DNS endpoints, too. Bottom line - Both due to this refactor and due to the refactor on the authentication system, software interfacing with the Mail-in-a-Box admin API WILL break with this version of Power Mail-in-a-Box;
There won't be many changes (if any) to the aesthetics of the panel on this PR.
Ok, I might have lied a bit when I said that. There will be some changes to the layout to make the user experience more consistent. But nothing too much out of the ordinary.
One of the things also being worked on is a much more extensive form validation process. Forms will be validated client-side before any data is sent to the server (the data will of course be checked again server-side).
If any issues pop-up during validation, they'll be presented to the user like this:
The server should also provide it's own information in case server-side checks do fail.
That's aliases done. On to (checks notes) DNS!
This is a deeper refactor on the admin panel. The main goals of this PR are:
There won't be many changes (if any) to the aesthetics of the panel on this PR.