NEW FEATURE: Password Change Form on Admin Dashboard
TEMPLATE CHANGES (admin.ctml):
- Added 'Account Security' section after System Status
- Password change form with:
- Current password field
- New password field (min 8 characters)
- Confirm password field
- Submit button
- Message display area for feedback
JAVASCRIPT CHANGES (admin.js):
- changeAdminPassword(event) function
- Validates passwords match
- Validates minimum length (8 chars)
- Calls /api/asteroid/user/change-password
- Shows success/error messages
- Clears form on success
- showPasswordMessage(message, type) helper
- Displays success/error messages
- Auto-hides success messages after 5 seconds
USER EXPERIENCE:
1. Admin logs in with default password (asteroid123)
2. Sees 'Account Security' section at top of dashboard
3. Fills in current password and new password
4. Clicks 'Change Password'
5. Gets immediate feedback
6. Password is changed - use new password on next login
This makes it easy for admins to change the default password
without needing REPL access or curl commands.
Ref: TODO.org Problem 4 - Security improvements
- Add pop-out player window (400x300px) with auto-reconnect on stream errors
- Add queue reordering with up/down buttons in admin panel
- Add 'Load Queue from M3U' functionality
- Remove Play/Stream buttons from track management
- Fix Liquidsoap audio quality issues:
- Remove ReplayGain and compression to prevent pulsing
- Change reload_mode to 'seconds' to prevent playlist exhaustion
- Reduce crossfade to 3 seconds
- Add audio buffering settings for stability
- Add auto-reconnect logic for both front page and pop-out players
- Add missing query variable in filterTracks() function
- Reads value from track-search input field
- Bug was pre-existing, not introduced by refactoring
- Add /api/asteroid/partial/now-playing-inline endpoint for inline text
- Refactor admin.js to use server-side partial (removes 23 lines of JSON/XML parsing)
- Fix hardcoded path in convert-to-docker-path to use *music-library-path* variable
- Consistent with front-page and player refactoring from upstream
- Improves portability and reduces client-side JavaScript complexity
- Queue management section with add/remove/clear controls
- Add to Queue button on each track in library browser
- Search tracks and add to queue
- Add 10 random tracks button
- Live stream monitor with Now Playing display
- Toast notifications for user feedback
- Real-time queue updates
- Converted 15 API endpoints from define-page to define-api
- Added JSON API format configuration for proper JSON responses
- Updated all frontend JavaScript files to use new API URLs
- Maintained define-page for HTML pages and static file serving
- Added comprehensive documentation of changes
Benefits:
- Framework compliance with Radiance best practices
- Automatic routing at /api/asteroid/<name>
- Clean lambda-list parameter handling
- Built-in browser/API dual usage support
- Proper HTTP status codes for errors
All API endpoints tested and working correctly.
glenneth
Luis Pereira