Reverted to working version before password API additions.
The password APIs and UI are still in place (admin.ctml, admin.js).
Need to re-add the backend APIs more carefully.
Build now succeeds.
Fixed compilation error by using the correct function name.
The codebase uses get-current-user() which is defined in
user-management.lisp, not auth:current-user.
Build now completes successfully.
Changed password change and reset APIs to use with-error-handling
macro instead of handler-case for consistency with refactored codebase.
This ensures proper error handling using our custom condition system.
NEW API ENDPOINTS:
1. /api/asteroid/user/change-password (authenticated users)
- Users can change their own password
- Requires current password verification
- Returns 401 if current password is incorrect
- Returns 200 on success
2. /api/asteroid/admin/reset-password (admin only)
- Admins can reset any user's password
- No current password required
- Returns 404 if user not found
- Returns 200 on success
USAGE EXAMPLES:
User changes own password:
curl -X POST http://localhost:8080/api/asteroid/user/change-password \
-d 'current-password=asteroid123&new-password=newsecurepass' \
-b cookies.txt
Admin resets user password:
curl -X POST http://localhost:8080/api/asteroid/admin/reset-password \
-d 'username=admin&new-password=newsecurepass' \
-b cookies.txt
This addresses the security concern about the default admin password.
Admins can now reset it via API without needing REPL access.
Ref: TODO.org Problem 4 - Default admin password
Core Features:
- Login redirects based on user role (admin -> /admin, users -> /profile)
- User registration redirects to /profile page
- Convert user management APIs to use define-api (Radiance standard)
- Add user statistics API endpoint
- Add create user API endpoint
- Add list users API endpoint
Authentication & Authorization:
- Update require-role to return proper JSON for API requests
- Fix password verification with debug logging
- Add reset-user-password function for admin use
API Endpoints (using define-api):
- /api/asteroid/users - Get all users (admin only)
- /api/asteroid/user-stats - Get user statistics (admin only)
- /api/asteroid/users/create - Create new user (admin only)
Bug Fixes:
- Fix JavaScript API path for user-stats endpoint
- Remove dependency on non-existent radiance:api-output
- Use api-output for proper JSON responses
Testing:
- Admin login redirects to /asteroid/admin ✓
- Regular user login redirects to /asteroid/profile ✓
- User creation working (testuser created successfully) ✓
- User statistics loading correctly ✓
Known Issues (non-blocking):
- User table display needs UI fixes
- Profile page needs additional API endpoints
- Session persistence on navigation needs investigation
✅ CLIP Template System:
- Created template-utils.lisp with centralized rendering
- Template caching for performance
- render-template-with-plist for consistent API
- Proper CLIP attribute processors (data-text)
- Documentation in docs/CLIP-REFACTORING.org
✅ Admin Dashboard Complete:
- System Status: All 4 indicators working (Server, DB, Liquidsoap, Icecast)
- Music Library: Scan, upload, duplicate detection working
- Track Management: Pagination (20/page, configurable 10/20/50/100)
- Player Control: HTML5 audio player with play/pause/stop
- User Management: Moved to separate /admin/users page
✅ User Management:
- New /admin/users route with dedicated page
- Inline user creation form
- User stats dashboard
- Role management (listener/DJ/admin)
- Activate/deactivate users
- API endpoint /api/users/create
- Tested with curl - all working
✅ Live Stream & Now Playing:
- Fixed: Green 🟢 LIVE STREAM indicator (was red)
- Fixed: Stream quality display matches selected stream (AAC/MP3)
- Now Playing updates every 10s from Icecast
- No HTML rendering bugs - working correctly
✅ Track Library:
- Fixed recursive directory scanning bug
- 64 tracks scanned and in database
- Pagination working perfectly
✅ Front Page & Web Player:
- Station Status shows correct stream quality
- Quality selector updates all displays
- Live stream indicators green
- Now Playing working on all pages
All Templates section items complete [4/4] ✅
- Fixed find-user-by-id to handle BIT type database IDs
- Updated user-has-role-p to extract role from list format
- Enhanced API endpoint to return properly formatted JSON data
- Added comprehensive debugging for authentication flow
- Created login.chtml template with CLIP data binding
- Resolved 'Error loading users' issue in admin panel
- Fix database query syntax for RADIANCE hash table returns
- Handle RADIANCE field storage format (lists instead of strings)
- Configure r-simple-sessions module for session management
- Update login page styling to match main site theme
- Implement working authentication with admin/asteroid123
- Add proper error handling and debug logging
- Ensure session persistence and redirects work correctly
glenneth