meb/meb-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed some bugs in api and auth services, completed auth cores.

Browse Source
This commit is contained in:
Giuseppe Raffa
2026-05-25 23:14:50 +02:00
parent 318ea3555f
commit 47faa41eb9
41 changed files with 2061 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
auth/Dockerfile
View File

@@ -1,6 +1,6 @@
FROM node:20-alpine
WORKDIR /app
RUN corepack enable && corepack prepare pnpm@10.26.2 --activate
RUN corepack enable && corepack prepare pnpm@9.15.0 --activate
COPY package.json pnpm-lock.yaml ./
RUN pnpm install --frozen-lockfile
COPY . .

2
auth/package.json
View File

@@ -10,7 +10,7 @@
"author": "",
"type": "module",
"license": "ISC",
"packageManager": "pnpm@10.26.2",
"packageManager": "pnpm@9.15.0",
"dependencies": {
"bcrypt": "^6.0.0",
"cookie-parser": "^1.4.7",

9
auth/src/core/jwt.js
View File

@@ -15,11 +15,18 @@ export async function verify(token) {
return jwt.verify(token, secret);
}
// In dev (localhost): nessun domain → il cookie è scopato al singolo host (localhost),
// ma viene comunque inviato a tutte le porte (4001 auth, 4003 console, 4000 api).
// In prod: COOKIE_DOMAIN=.server.com → cookie condiviso fra tutti i sottodomini
// (auth.server.com, console.server.com, api.server.com).
const cookieDomain = process.env.COOKIE_DOMAIN || undefined;
export const cookieOptions = {
httpOnly: true,
secure: process.env.NODE_ENV,
secure: process.env.NODE_ENV === 'production',
sameSite: 'lax',
path: '/',
maxAge: ttl_seconds * 1000,
...(cookieDomain ? { domain: cookieDomain } : {}),
};

2
auth/src/data/redis.js
View File

@@ -2,7 +2,7 @@ import Redis from 'ioredis';
const client = new Redis({
host: process.env.REDIS_HOST,
port: process.env.REDIS_PORT,
port: Number(process.env.REDIS_PORT),
password: process.env.REDIS_PASSWORD,
});

45
auth/src/index.js
View File

@@ -1,35 +1,52 @@
import express from 'express';
import cookieParser from 'cookie-parser';
import path from 'path';
import { fileURLToPath } from 'url';
import { authRouter } from './routes/auth.js';
import { userAPIs } from './routes/users.js';
import { sessionsAPIs } from './routes/sessions.js';
import { pagesAPIs } from './routes/pages.js';
const __dirname = path.dirname(fileURLToPath(import.meta.url));
const app = express();
app.use(express.json());
app.use(express.json({ limit: '64kb' }));
app.use(cookieParser());
app.get('/health', (req, res) => {
// Asset statici (CSS, font, JS client). Servito a /static/*
app.use('/static', express.static(path.join(__dirname, 'static'), {
maxAge: process.env.NODE_ENV === 'production' ? '30d' : 0,
fallthrough: true,
}));
app.get('/health', (_req, res) => {
res.send({
status: 'ok',
service: 'auth',
version: {
'major': process.env.V_MAJOR,
'minor': process.env.V_MINOR,
'patch': process.env.V_PATCH,
major: process.env.V_MAJOR,
minor: process.env.V_MINOR,
patch: process.env.V_PATCH,
},
timestamp: new Date().toISOString(),
});
});
// Public web pages
// app.use('/login', authRouter);
// app.use('/profile', profileRouter);
// app.use('/profile/sessions', sessionRouter);
// Pagine web pubbliche (HTML) — /login, /profile, /config.js
app.use('/', pagesAPIs);
// API JSON
app.use('/api', authRouter);
// app.use('/api/users', usersRouter);
// app.use('/api/sessions', sessionRouter);
//
app.use('/api/users', userAPIs);
app.use('/api/sessions', sessionsAPIs);
app.listen('3000', '0.0.0.0', () => {
// Error handler globale
app.use((err, _req, res, _next) => {
console.error('[auth] errore non gestito:', err);
res.status(500).json({ error: 'internal_error' });
});
app.listen(Number(process.env.PORT ?? 3000), '0.0.0.0', () => {
console.log('Auth started');
})
});

35
auth/src/middleware/auth.js
View File

@@ -1,35 +0,0 @@
import { verify } from "../core/jwt";
import { query } from "../data/db";
import { redis } from '../data/redis';
const cookieName = process.env.COOKIE_NAME;
export async function requireUserAuth(req, res, next) {
const token = req.cookies?.[cookieName];
if (!token) return res.status(401).json({ message: 'No token' });
let payload;
try {
payload = await verify(token);
} catch (error) {
return res.status(401).json({ message: 'Invalid token' });
}
// Session
const { rows } = await query(
'select id, user_id, expires_at from sessions where id = $1',
[payload.sessionId]
);
if (!rows[0]) return res.status(401).json({ message: 'Invalid session' });
await query('update sessions set last_activity = now() where id = $1', [payload.sessionId]).catch(() => { });
redis.set(`onlineuser:${payload.sub}`, '1', 'EX', 60).catch(() => { });
req.user = {
id: payload.sub,
name: payload.sessionId,
}
next();
}

9
auth/src/middlewares/internalware.js Normal file
View File

@@ -0,0 +1,9 @@
const token = process.env.INTERNAL_API_TOKEN;
export function internalware(req, res, next) {
const header = req.get('X-Internal-Token');
if (header !== token) {
return res.status(401).json({ message: 'Unauthorized' })
}
next();
}

40
auth/src/middlewares/userware.js Normal file
View File

@@ -0,0 +1,40 @@
import { verify } from "../core/jwt.js";
import { query } from "../data/db.js";
import { redis } from '../data/redis.js';
const cookieName = process.env.COOKIE_NAME;
export async function requireUserAuth(req, res, next) {
const token = req.cookies?.[cookieName];
if (!token) return res.status(401).json({ message: 'No token' });
let payload;
try {
payload = await verify(token);
} catch (error) {
return res.status(401).json({ message: 'Invalid token' });
}
// Session
const { rows } = await query(
'select id, user_id, expires_at from sessions where id = $1 and expires_at > now()',
[payload.sessionId]
);
if (!rows[0]) return res.status(401).json({ message: 'Invalid session' });
const writeKey = `user:lastonline:${payload.sessionId}`;
const acquired = await redis.set(writeKey, '1', 'EX', 30, 'NX').catch(() => null);
if (acquired === 'OK') {
await query('update sessions set last_activity = now() where id = $1', [payload.sessionId]).catch((err) => {
console.error('auth error in last_activity update', err.message);
});
redis.set(`user:online:${payload.sub}`, '1', 'EX', 60).catch(() => { });
}
req.user = {
id: payload.sub,
sessionId: payload.sessionId,
}
next();
}

103
auth/src/pages/login.html
View File

@@ -1,12 +1,93 @@
<!DOCTYPE html>
<html>
<head>
<title>Ciao</title>
</head>
<body>
<h1>Ciao</h1>
<form>
</form>
</body>
<!doctype html>
<html lang="it">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="stylesheet" href="/static/styles/style.css" />
<title>MEB — Accedi</title>
</head>
<body>
<div class="login-container">
<div class="login-logo">MEB</div>
<h1>Bentornato</h1>
<p>Inserisci le tue credenziali per accedere alla console.</p>
<form class="login-form" id="loginForm">
<div class="input-group">
<label for="username">Username</label>
<input
type="text"
id="username"
name="username"
placeholder="Il tuo username"
autocomplete="username"
/>
</div>
<div class="input-group">
<label for="password">Password</label>
<input
type="password"
id="password"
name="password"
placeholder="La tua password"
autocomplete="current-password"
/>
</div>
<div class="error-message" id="errorMsg"></div>
<button type="submit" class="btn-login" id="loginBtn">
<span class="btn-spinner"></span>
<span class="btn-label">Accedi</span>
</button>
</form>
</div>
<script>
document
.getElementById("loginForm")
.addEventListener("submit", async (e) => {
e.preventDefault();
const errorMsg = document.getElementById("errorMsg");
const btn = document.getElementById("loginBtn");
errorMsg.textContent = "";
btn.disabled = true;
btn.classList.add("loading");
const username = document.getElementById("username").value;
const password = document.getElementById("password").value;
let res;
try {
res = await fetch("/api/login", {
method: "POST",
headers: { "Content-Type": "application/json" },
credentials: "same-origin",
body: JSON.stringify({ username, password }),
});
} catch (err) {
btn.disabled = false;
btn.classList.remove("loading");
errorMsg.textContent = "Errore di rete. Riprova.";
return;
}
btn.disabled = false;
btn.classList.remove("loading");
if (res.ok) {
// Redirect al profilo. Il cookie httpOnly è già stato impostato
// dal server nella response; sarà valido anche per console
// (stesso host:port in dev, stesso dominio padre in prod).
const next = new URLSearchParams(location.search).get("next");
window.location.href = next || "/profile";
} else {
let data = {};
try { data = await res.json(); } catch { /* ignore */ }
errorMsg.textContent =
data.message || "Errore durante il login.";
}
});
</script>
</body>
</html>

249
auth/src/pages/profile.html Normal file
View File

@@ -0,0 +1,249 @@
<!doctype html>
<html lang="it">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="stylesheet" href="/static/styles/style.css" />
<script src="/config.js"></script>
<title>MEB — Profilo</title>
</head>
<body class="page-profile">
<div class="profile-shell">
<header class="profile-topbar">
<div class="profile-brand">MEB</div>
<nav class="profile-nav" id="quickLinks">
<!-- popolato da JS in base a window.MEB_CONFIG -->
</nav>
<button
type="button"
class="btn-ghost"
id="logoutBtn"
title="Esci"
>
Logout
</button>
</header>
<main class="profile-main">
<section class="profile-hero card">
<div class="avatar" id="avatar">?</div>
<div class="hero-info">
<h1 id="username"></h1>
<p class="muted" id="memberSince">Caricamento…</p>
</div>
</section>
<section class="card">
<div class="card-header">
<h2>Sessioni attive</h2>
<span class="muted" id="sessionsCount"></span>
</div>
<div id="sessionsList" class="sessions-list">
<div class="muted">Caricamento sessioni…</div>
</div>
</section>
<section class="card">
<div class="card-header">
<h2>Informazioni account</h2>
</div>
<dl class="kv-grid">
<dt>ID utente</dt>
<dd id="userId" class="mono"></dd>
<dt>Sessione corrente</dt>
<dd id="currentSessionId" class="mono"></dd>
<dt>Ambiente</dt>
<dd id="envBadge"></dd>
</dl>
</section>
</main>
<div class="toast" id="toast"></div>
</div>
<script>
const cfg = window.MEB_CONFIG || {};
const $ = (id) => document.getElementById(id);
const fmtDate = (iso) => {
if (!iso) return "—";
try {
return new Date(iso).toLocaleString("it-IT", {
dateStyle: "medium",
timeStyle: "short",
});
} catch {
return iso;
}
};
const toast = (msg, kind = "info") => {
const el = $("toast");
el.textContent = msg;
el.className = "toast show " + kind;
clearTimeout(toast._t);
toast._t = setTimeout(() => (el.className = "toast"), 2500);
};
// ──────────────────────────────────────────────────────
// Quick links verso gli altri servizi (env-aware)
// ──────────────────────────────────────────────────────
function renderQuickLinks() {
const nav = $("quickLinks");
const links = [];
if (cfg.console)
links.push({ label: "Console", url: cfg.console });
if (cfg.api) links.push({ label: "API", url: cfg.api });
nav.innerHTML = links
.map(
(l) =>
`<a class="nav-link" href="${l.url}" target="_blank" rel="noopener">${l.label} ↗</a>`,
)
.join("");
$("envBadge").textContent = cfg.env || "development";
}
// ──────────────────────────────────────────────────────
// Carica dati utente. Se 401 → redirect a /login?next=/profile
// ──────────────────────────────────────────────────────
async function loadMe() {
const r = await fetch("/api/users/me", {
credentials: "same-origin",
});
if (r.status === 401) {
location.href =
"/login?next=" + encodeURIComponent(location.pathname);
return null;
}
if (!r.ok) throw new Error("Errore caricamento profilo");
return r.json();
}
async function loadSessions() {
const r = await fetch("/api/sessions", {
credentials: "same-origin",
});
if (!r.ok) throw new Error("Errore caricamento sessioni");
return r.json();
}
function renderProfile(payload) {
const user = payload.user || {};
const thisSession = payload.thisSession || {};
$("username").textContent = user.username || "—";
$("memberSince").textContent =
"Membro da " + fmtDate(user.created_at);
$("userId").textContent = user.id || "—";
$("currentSessionId").textContent = thisSession.id || "—";
const initial = (user.username || "?").slice(0, 1).toUpperCase();
$("avatar").textContent = initial;
}
function renderSessions(sessions) {
const list = $("sessionsList");
$("sessionsCount").textContent =
sessions.length + " session" + (sessions.length === 1 ? "e" : "i");
if (!sessions.length) {
list.innerHTML =
'<div class="muted">Nessuna sessione attiva.</div>';
return;
}
list.innerHTML = sessions
.map(
(s) => `
<div class="session-row ${s.is_current ? "is-current" : ""}" data-id="${s.id}">
<div class="session-info">
<div class="session-title">
${escapeHtml(s.device_name || "Dispositivo sconosciuto")}
${s.is_current ? '<span class="badge">attuale</span>' : ""}
</div>
<div class="session-meta muted">
${escapeHtml(s.device_os || "—")} · ${escapeHtml(s.ip_address || "—")}
</div>
<div class="session-meta muted">
Ultima attività: ${fmtDate(s.last_activity)}
</div>
</div>
${
s.is_current
? ""
: `<button class="btn-revoke" data-id="${s.id}">Revoca</button>`
}
</div>
`,
)
.join("");
list.querySelectorAll(".btn-revoke").forEach((btn) => {
btn.addEventListener("click", () =>
revokeSession(btn.dataset.id, btn),
);
});
}
function escapeHtml(s) {
return String(s).replace(
/[&<>"']/g,
(c) =>
({
"&": "&amp;",
"<": "&lt;",
">": "&gt;",
'"': "&quot;",
"'": "&#39;",
})[c],
);
}
async function revokeSession(id, btn) {
if (!confirm("Vuoi davvero revocare questa sessione?")) return;
btn.disabled = true;
btn.textContent = "...";
try {
const r = await fetch("/api/sessions/" + id, {
method: "DELETE",
credentials: "same-origin",
});
if (!r.ok) throw new Error();
toast("Sessione revocata", "ok");
const sessions = await loadSessions();
renderSessions(sessions);
} catch {
btn.disabled = false;
btn.textContent = "Revoca";
toast("Errore durante la revoca", "err");
}
}
async function logout() {
try {
await fetch("/api/logout", {
method: "POST",
credentials: "same-origin",
});
} catch {
/* ignore: redirigi comunque */
}
location.href = "/login";
}
$("logoutBtn").addEventListener("click", logout);
// Bootstrap
(async () => {
renderQuickLinks();
try {
const me = await loadMe();
if (!me) return; // già redirezionato
renderProfile(me);
const sessions = await loadSessions();
renderSessions(sessions);
} catch (err) {
toast(err.message || "Errore", "err");
}
})();
</script>
</body>
</html>

35
auth/src/routes/auth.js
View File

@@ -3,7 +3,8 @@ import { query } from "../data/db.js";
import { hash, verify } from "../core/securitycore.js";
import { sign, cookieOptions } from "../core/jwt.js";
import crypto from "crypto";
import {redis} from "../data/redis.js";
import { redis } from "../data/redis.js";
import { requireUserAuth } from "../middlewares/userware.js";
const router = Router();
const cookieName = process.env.COOKIE_NAME
@@ -35,7 +36,7 @@ router.post('/login', async (req, res) => {
const user = rows[0];
const ok = user ? await verify(password, user.password_hash) : false;
if (!ok) {
return res.status(400).json({ message: 'Invalid username or password' });
return res.status(401).json({ message: 'Invalid username or password' });
}
const ua = req.headers['user-agent'];
@@ -43,28 +44,36 @@ router.post('/login', async (req, res) => {
const sessionToken = crypto.randomUUID();
const ttlDays = 360;
const expiresAt = new Date(Date.now() + ttlDays * 86_400_000); //expires in 360 days
const { rows: srow } = await query('insert into sessions (user_id, session_token, device_name, device_os, ip_address, expires_at) values ($1, $2, $3, $4, $5, $6) returning id', [user.id, sessionToken, ua.slice(0, 100), '', ip?.slice(0, 45), ttlDays]);
const session_id = srow[0].id;
const jtoken = sign({ sub: user.id, session_id });
const { rows: srow } = await query(
`insert into sessions
(user_id, session_token, device_name, device_os, ip_address, expires_at)
values ($1, $2, $3, $4, $5, $6)
returning id, expires_at`,
[user.id, sessionToken, ua?.slice(0, 100) ?? '', 'macos', ip?.slice(0, 45), expiresAt]
);
const sessionId = srow[0].id;
const jtoken = sign({ sub: user.id, sessionId });
await redis.set(`usersession:${session_id}`, user.id, 'EX', ttlDays * 24 * 3600);
await redis.set(`online:${user.id}`, '1', 'EX', 60);
await redis.set(`user:session:${sessionId}`, user.id, 'EX', ttlDays * 24 * 3600);
await redis.set(`user:online:${user.id}`, '1', 'EX', 60);
res.cookie(cookieName, jtoken, cookieOptions);
res.json({
ok: true,
user: user.id,
session: session_id
session: sessionId
});
})
router.post('/logout', async (req, res) => {
await query('delete from sessions where id = $1', [req.user.sessionID]);
await redis.del(`online:${req.user.id}`);
res.clearCookie(cookieName);
router.post('/logout', requireUserAuth, async (req, res) => {
await query('delete from sessions where id = $1', [req.user.sessionId]);
await redis.del(`user:online:${req.user.id}`);
await redis.del(`user:session:${req.user.sessionId}`);
res.clearCookie(cookieName, { path: '/' });
res.json({ loggedOut: true });
})
export { router as authRouter };
export { router as authRouter };

45
auth/src/routes/pages.js Normal file
View File

@@ -0,0 +1,45 @@
import { Router } from "express";
import path from "path";
import { fileURLToPath } from "url";
const __dirname = path.dirname(fileURLToPath(import.meta.url));
const pagesDirectory = path.join(__dirname, "../pages");
const router = Router();
// Redirect intelligente sulla root: se non loggato → login, altrimenti profile.
// Il check vero è fatto client-side dalla pagina target tramite /api/users/me;
// qui ci basiamo solo sulla presenza del cookie per scegliere la destinazione.
router.get('/', (req, res) => {
const cookieName = process.env.COOKIE_NAME;
if (req.cookies?.[cookieName]) return res.redirect('/profile');
return res.redirect('/login');
});
router.get('/login', (_req, res) => {
res.sendFile(path.join(pagesDirectory, 'login.html'));
});
router.get('/profile', (_req, res) => {
// L'auth è verificata client-side: la pagina fetch-a /api/users/me
// e se 401 redirige a /login. Pattern semplice da SPA.
res.sendFile(path.join(pagesDirectory, 'profile.html'));
});
// Endpoint dinamico che espone la config runtime alle pagine HTML.
// Le pagine fanno <script src="/config.js"></script> e poi leggono window.MEB_CONFIG.
// In questo modo gli URL dei servizi (console, api) sono iniettati dal server e
// cambiano automaticamente fra dev e prod senza toccare l'HTML.
router.get('/config.js', (_req, res) => {
const config = {
env: process.env.NODE_ENV || 'development',
console: process.env.CONSOLE_PUBLIC_URL || 'http://localhost:4003',
api: process.env.API_PUBLIC_URL || 'http://localhost:4000',
auth: process.env.AUTH_PUBLIC_URL || '', // vuoto = same-origin (la pagina è servita da auth)
};
res.type('application/javascript')
.set('Cache-Control', 'no-store')
.send(`window.MEB_CONFIG = Object.freeze(${JSON.stringify(config)});`);
});
export { router as pagesAPIs };

27
auth/src/routes/sessions.js Normal file
View File

@@ -0,0 +1,27 @@
import { Router } from 'express';
import { query } from '../data/db.js';
import { redis } from '../data/redis.js';
import { requireUserAuth} from '../middlewares/userware.js';
const router = Router();
router.get('/', requireUserAuth, async (req, res) => {
const { rows } = await query('select id, device_name, device_os, ip_address, created_at, last_activity, expires_at, (id = $2) as is_current from sessions where user_id = $1 and expires_at > now() order by created_at desc', [req.user.id, req.user.sessionId]);
res.json(rows);
});
router.delete('/:id', requireUserAuth, async (req, res) => {
const sessionID = req.params.id;
const { rows } = await query('select id from sessions where id = $1 and user_id = $2', [sessionID, req.user.id]);
if (!rows[0]) return res.status(404).json({ error: 'session not found' });
await query('delete from sessions where id = $1', [sessionID]);
await redis.del(`user:session:${sessionID}`);
await redis.publish(`user:session:revoked`, sessionID);
res.sendStatus(200);
});
export { router as sessionsAPIs };

31
auth/src/routes/users.js Normal file
View File

@@ -0,0 +1,31 @@
import { Router } from 'express';
import { query } from '../data/db.js';
import { requireUserAuth } from '../middlewares/userware.js';
const router = Router();
router.get('/me', requireUserAuth, async (req, res) => {
const { rows } = await query('select id, username, created_at from users where id = $1', [req.user.id]);
if (!rows[0]) return res.status(404).json({ message: 'User not found' });
res.json({
user: rows[0],
thisSession: { id: req.user.sessionId }
});
});
//ADMIN ONLY
// TODO: require admin-only auth
router.get('/', async (req, res) => {
const { rows } = await query('select id, username, created_at from users');
res.json(rows);
});
router.get('/:id', async (req, res) => {
const { rows } = await query('select id, username, created_at from users where id = $1', [req.params.id]);
if (!rows[0]) return res.status(404).json({ message: 'User not found' });
res.json(rows[0]);
});
export { router as userAPIs };

BIN
auth/src/static/fonts/elmssans.ttf Normal file
View File

Binary file not shown.

585
auth/src/static/styles/style.css Normal file
View File

@@ -0,0 +1,585 @@
@font-face {
font-family: "Elms";
src: url("../fonts/elmssans.ttf");
font-weight: normal;
font-style: normal;
}
*,
*::before,
*::after {
box-sizing: border-box;
margin: 0;
padding: 0;
}
/* ── Variabili tema ── */
:root {
--bg-body: #0f1117;
--bg-card: #1a1d27;
--border: #2a2d3a;
--text-primary: #f0f0f0;
--text-secondary: #6b7280;
--text-label: #9ca3af;
--input-bg: #0f1117;
--input-placeholder: #3d4150;
--accent: #4f8ef7;
--accent-hover: #3b7de8;
--accent-active: #2f6dd4;
--error: #f87171;
--shadow: rgba(0, 0, 0, 0.4);
--grad-1: #0f1117;
--grad-2: #1a1d27;
--grad-3: #0d1520;
--grad-4: #111827;
}
@media (prefers-color-scheme: light) {
:root {
--bg-body: #eef1f7;
--bg-card: #ffffff;
--border: #dde1ec;
--text-primary: #111827;
--text-secondary: #6b7280;
--text-label: #4b5563;
--input-bg: #f5f7fc;
--input-placeholder: #b0b8cc;
--accent: #3b7de8;
--accent-hover: #2f6dd4;
--accent-active: #2260be;
--error: #dc2626;
--shadow: rgba(0, 0, 0, 0.1);
--grad-1: #dce8ff;
--grad-2: #eef1f7;
--grad-3: #d4e4fb;
--grad-4: #e8edf8;
}
}
/* ── Sfondo animato ── */
@keyframes gradientShift {
0% {
background-position: 0% 50%;
}
50% {
background-position: 100% 50%;
}
100% {
background-position: 0% 50%;
}
}
body {
font-family: "Elms", sans-serif;
min-height: 100vh;
display: flex;
align-items: center;
justify-content: center;
background: linear-gradient(
135deg,
var(--grad-1),
var(--grad-2),
var(--grad-3),
var(--grad-4)
);
background-size: 400% 400%;
animation: gradientShift 12s ease infinite;
}
/* ── Card ── */
.login-container {
width: 100%;
max-width: 400px;
padding: 48px 40px;
background-color: var(--bg-card);
border-radius: 16px;
border: 1px solid var(--border);
box-shadow: 0 24px 48px var(--shadow);
transition:
background-color 0.3s,
border-color 0.3s;
}
.login-logo {
font-size: 13px;
font-weight: bold;
letter-spacing: 4px;
color: var(--accent);
text-transform: uppercase;
margin-bottom: 24px;
}
.login-container h1 {
font-size: 26px;
color: var(--text-primary);
margin-bottom: 8px;
transition: color 0.3s;
}
.login-container p {
font-size: 14px;
color: var(--text-secondary);
margin-bottom: 32px;
line-height: 1.5;
transition: color 0.3s;
}
/* ── Form ── */
.login-form {
display: flex;
flex-direction: column;
gap: 20px;
}
.input-group {
display: flex;
flex-direction: column;
gap: 6px;
}
.input-group label {
font-size: 13px;
color: var(--text-label);
letter-spacing: 0.3px;
transition: color 0.3s;
}
.input-group input {
width: 100%;
padding: 12px 14px;
background-color: var(--input-bg);
border: 1px solid var(--border);
border-radius: 8px;
color: var(--text-primary);
font-family: "Elms", sans-serif;
font-size: 15px;
outline: none;
transition:
border-color 0.2s,
background-color 0.3s,
color 0.3s;
}
.input-group input::placeholder {
color: var(--input-placeholder);
}
.input-group input:focus {
border-color: var(--accent);
}
.error-message {
font-size: 13px;
color: var(--error);
min-height: 18px;
transition: color 0.3s;
}
/* ── Bottone ── */
@keyframes btnPulse {
0% {
box-shadow: 0 0 0 0 rgba(79, 142, 247, 0.5);
}
70% {
box-shadow: 0 0 0 10px rgba(79, 142, 247, 0);
}
100% {
box-shadow: 0 0 0 0 rgba(79, 142, 247, 0);
}
}
@keyframes btnSpin {
to {
transform: rotate(360deg);
}
}
.btn-login {
width: 100%;
padding: 13px;
background-color: var(--accent);
color: #fff;
border: none;
border-radius: 8px;
font-family: "Elms", sans-serif;
font-size: 15px;
cursor: pointer;
position: relative;
overflow: hidden;
display: flex;
align-items: center;
justify-content: center;
gap: 8px;
transition:
background-color 0.2s,
transform 0.15s,
box-shadow 0.2s;
}
.btn-login::after {
content: "";
position: absolute;
width: 100%;
height: 100%;
background: rgba(255, 255, 255, 0.08);
top: 0;
left: -100%;
transition: left 0.3s ease;
}
.btn-login:hover::after {
left: 0;
}
.btn-login:hover {
background-color: var(--accent-hover);
transform: translateY(-2px);
box-shadow: 0 6px 20px rgba(79, 142, 247, 0.35);
}
.btn-login:active {
background-color: var(--accent-active);
transform: translateY(0px);
box-shadow: none;
animation: btnPulse 0.4s ease-out;
}
.btn-login:disabled {
opacity: 0.6;
cursor: not-allowed;
transform: none;
box-shadow: none;
}
.btn-spinner {
width: 16px;
height: 16px;
border: 2px solid rgba(255, 255, 255, 0.3);
border-top-color: #fff;
border-radius: 50%;
animation: btnSpin 0.7s linear infinite;
display: none;
flex-shrink: 0;
}
.btn-login.loading .btn-spinner {
display: block;
}
.btn-login.loading .btn-label {
opacity: 0.7;
}
/* ════════════════════════════════════════════════════════════
PAGINA PROFILO
════════════════════════════════════════════════════════════ */
body.page-profile {
display: block;
align-items: stretch;
justify-content: stretch;
}
.profile-shell {
max-width: 960px;
margin: 0 auto;
padding: 32px 20px 80px;
}
/* ── Topbar ── */
.profile-topbar {
display: flex;
align-items: center;
gap: 24px;
padding: 12px 0 28px;
border-bottom: 1px solid var(--border);
margin-bottom: 32px;
}
.profile-brand {
font-size: 13px;
font-weight: bold;
letter-spacing: 4px;
color: var(--accent);
text-transform: uppercase;
}
.profile-nav {
display: flex;
gap: 8px;
flex: 1;
}
.nav-link {
padding: 8px 14px;
border-radius: 8px;
border: 1px solid var(--border);
color: var(--text-primary);
text-decoration: none;
font-size: 13px;
transition:
background 0.15s,
border-color 0.15s,
transform 0.1s;
}
.nav-link:hover {
border-color: var(--accent);
background: var(--input-bg);
transform: translateY(-1px);
}
.btn-ghost {
padding: 8px 16px;
background: transparent;
color: var(--text-primary);
border: 1px solid var(--border);
border-radius: 8px;
cursor: pointer;
font-family: "Elms", sans-serif;
font-size: 13px;
transition:
background 0.15s,
border-color 0.15s,
color 0.15s;
}
.btn-ghost:hover {
border-color: var(--error);
color: var(--error);
}
/* ── Main grid ── */
.profile-main {
display: grid;
gap: 24px;
}
/* ── Card base ── */
.card {
background-color: var(--bg-card);
border: 1px solid var(--border);
border-radius: 16px;
padding: 28px;
box-shadow: 0 8px 24px var(--shadow);
}
.card-header {
display: flex;
align-items: baseline;
justify-content: space-between;
margin-bottom: 20px;
}
.card-header h2 {
font-size: 16px;
font-weight: 500;
color: var(--text-primary);
}
.muted {
color: var(--text-secondary);
font-size: 13px;
}
/* ── Hero ── */
.profile-hero {
display: flex;
align-items: center;
gap: 24px;
}
.avatar {
width: 72px;
height: 72px;
border-radius: 50%;
background: linear-gradient(
135deg,
var(--accent),
var(--accent-active)
);
color: #fff;
display: flex;
align-items: center;
justify-content: center;
font-size: 30px;
font-weight: bold;
flex-shrink: 0;
box-shadow: 0 4px 14px rgba(79, 142, 247, 0.35);
}
.hero-info h1 {
font-size: 24px;
color: var(--text-primary);
margin-bottom: 4px;
}
/* ── Sessions list ── */
.sessions-list {
display: flex;
flex-direction: column;
gap: 12px;
}
.session-row {
display: flex;
align-items: center;
justify-content: space-between;
gap: 16px;
padding: 16px;
border: 1px solid var(--border);
border-radius: 10px;
background: var(--input-bg);
transition: border-color 0.15s;
}
.session-row.is-current {
border-color: var(--accent);
background: rgba(79, 142, 247, 0.05);
}
.session-info {
flex: 1;
min-width: 0;
}
.session-title {
font-size: 14px;
color: var(--text-primary);
margin-bottom: 4px;
display: flex;
align-items: center;
gap: 8px;
}
.session-meta {
font-size: 12px;
line-height: 1.6;
}
.badge {
font-size: 10px;
padding: 2px 8px;
border-radius: 10px;
background: var(--accent);
color: #fff;
text-transform: uppercase;
letter-spacing: 0.5px;
}
.btn-revoke {
padding: 8px 14px;
background: transparent;
color: var(--error);
border: 1px solid var(--border);
border-radius: 8px;
cursor: pointer;
font-family: "Elms", sans-serif;
font-size: 12px;
transition:
background 0.15s,
border-color 0.15s;
}
.btn-revoke:hover:not(:disabled) {
background: rgba(248, 113, 113, 0.1);
border-color: var(--error);
}
.btn-revoke:disabled {
opacity: 0.6;
cursor: wait;
}
/* ── kv grid (account info) ── */
.kv-grid {
display: grid;
grid-template-columns: 180px 1fr;
gap: 12px 20px;
font-size: 13px;
}
.kv-grid dt {
color: var(--text-label);
}
.kv-grid dd {
color: var(--text-primary);
}
.mono {
font-family: ui-monospace, SFMono-Regular, Menlo, monospace;
font-size: 12px;
word-break: break-all;
}
/* ── Toast ── */
.toast {
position: fixed;
bottom: 24px;
left: 50%;
transform: translateX(-50%) translateY(20px);
padding: 12px 20px;
border-radius: 10px;
background: var(--bg-card);
border: 1px solid var(--border);
color: var(--text-primary);
box-shadow: 0 8px 24px var(--shadow);
opacity: 0;
pointer-events: none;
transition:
opacity 0.2s,
transform 0.2s;
font-size: 13px;
}
.toast.show {
opacity: 1;
transform: translateX(-50%) translateY(0);
}
.toast.ok {
border-color: #22c55e;
}
.toast.err {
border-color: var(--error);
}
/* ── Responsive ── */
@media (max-width: 600px) {
.profile-topbar {
flex-wrap: wrap;
gap: 12px;
}
.profile-nav {
order: 3;
width: 100%;
}
.profile-hero {
flex-direction: column;
text-align: center;
}
.kv-grid {
grid-template-columns: 1fr;
gap: 4px 0;
}
.kv-grid dt {
margin-top: 12px;
}
.session-row {
flex-direction: column;
align-items: stretch;
}
.btn-revoke {
width: 100%;
}
}