spouliot/PowderCoatingLogix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add inventory bin filter, print bin, mobile login fixes, and QR scan fix

Browse Source 
- Inventory: location filter dropdown + Print Bin page (line #, name, color, SKU)
- Fix: Prismatic Powders QR scan now extracts manufacturer/SKU/color from URL path
  and uses full LookupAsync pipeline instead of relying on page fetch alone
- Fix: iOS Safari 'Login / data Zero KB' download -- add OnRejected HTML response to rate limiter
- Fix: mobile session logout -- ConfigureApplicationCookie with 30-day MaxAge persistent cookie
- Help: new 'Location Filtering & Bin Print' section in Inventory help article
- Help: HelpKnowledgeBase updated with bin filter and print bin details

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Scott Pouliot
2026-05-22 15:19:11 -04:00
parent 8c86eba4f2
commit dfb1d34af3
8 changed files with 443 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/PowderCoating.Web/Program.cs
+55
View File
@@ -180,6 +180,18 @@ builder.Services.AddIdentity<ApplicationUser, IdentityRole>(options =>
.AddDefaultUI()
.AddClaimsPrincipalFactory<ApplicationUserClaimsPrincipalFactory>();
// Configure the auth cookie to survive mobile browser suspensions (iOS Safari clears session
// cookies when it suspends a tab). Max-Age on the cookie itself makes it persistent regardless
// of whether the user checked "Remember me". SlidingExpiration renews the window on each request.
builder.Services.ConfigureApplicationCookie(options =>
{
options.ExpireTimeSpan = TimeSpan.FromDays(30);
options.SlidingExpiration = true;
options.Cookie.MaxAge = TimeSpan.FromDays(30);
options.Cookie.IsEssential = true;
options.Cookie.SameSite = SameSiteMode.Lax;
});
// Register HttpContextAccessor for multi-tenancy
builder.Services.AddHttpContextAccessor();
@@ -530,6 +542,49 @@ builder.Services.AddRateLimiter(options =>
{
options.RejectionStatusCode = StatusCodes.Status429TooManyRequests;
// Return a proper HTML body on 429 so mobile browsers (especially iOS Safari) don't try to
// download the empty response as a file. Without this, Safari shows "Login / data Zero KB".
options.OnRejected = async (context, ct) =>
{
context.HttpContext.Response.StatusCode = StatusCodes.Status429TooManyRequests;
var isAjax = context.HttpContext.Request.Headers.XRequestedWith == "XMLHttpRequest"
|| (context.HttpContext.Request.Headers.Accept.ToString().Contains("application/json"));
if (isAjax)
{
context.HttpContext.Response.ContentType = "application/json; charset=utf-8";
await context.HttpContext.Response.WriteAsync(
"""{"success":false,"error":"Too many requests. Please wait a moment and try again."}""", ct);
}
else
{
context.HttpContext.Response.ContentType = "text/html; charset=utf-8";
await context.HttpContext.Response.WriteAsync("""
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Too Many Requests &mdash; Powder Coating Logix</title>
<style>
body{font-family:system-ui,sans-serif;display:flex;align-items:center;justify-content:center;min-height:100vh;margin:0;background:#f5f5f5}
.card{background:#fff;border-radius:8px;padding:2rem;max-width:420px;text-align:center;box-shadow:0 2px 8px rgba(0,0,0,.1)}
h2{margin-top:0;color:#333}p{color:#666}a{color:#0d6efd}
</style>
</head>
<body>
<div class="card">
<h2>Too Many Requests</h2>
<p>You've made too many login attempts in a short period. Please wait a minute and try again.</p>
<a href="/Identity/Account/Login">Back to Login</a>
</div>
</body>
</html>
""", ct);
}
};
// login / password-reset — 10 per minute per IP
options.AddPolicy(AppConstants.RateLimitPolicies.Auth, ctx =>
RateLimitPartition.GetSlidingWindowLimiter(