// Full-page auth screens shown when there is no valid session: login, // register and recover. Reuses the existing .field/.btn-*/.authcard styles. const { useState: authUseState } = React; const LANG_NAMES = { en: 'English', es: 'Español', ca: 'Català', nl: 'Nederlands' }; function LoginView({ onLoggedIn, onGoRegister, onGoRecover }) { const [username, setUsername] = authUseState(''); const [password, setPassword] = authUseState(''); const [error, setError] = authUseState(''); const [busy, setBusy] = authUseState(false); function submit(e) { e.preventDefault(); setError(''); setBusy(true); fetch('/api/auth/login', { method: 'POST', headers: { 'Content-Type': 'application/json' }, credentials: 'same-origin', body: JSON.stringify({ username, password }), }) .then(r => (r.ok ? r.json() : Promise.reject())) .then(data => onLoggedIn(data)) .catch(() => { setError(t('auth.login.error')); setBusy(false); }); } return (

); } function RegisterView({ onRegistered, onGoLogin }) { const [username, setUsername] = authUseState(''); const [password, setPassword] = authUseState(''); const [language, setLanguageSel] = authUseState(getLang()); const [website, setWebsite] = authUseState(''); const [error, setError] = authUseState(''); const [busy, setBusy] = authUseState(false); const [step, setStep] = authUseState('form'); // form | recovery | mcp const [result, setResult] = authUseState(null); function submit(e) { e.preventDefault(); setError(''); setBusy(true); fetch('/api/auth/register', { method: 'POST', headers: { 'Content-Type': 'application/json' }, credentials: 'same-origin', body: JSON.stringify({ username, password, language, website }), }) .then(r => { if (r.status === 409) { setError(t('auth.register.usernameTaken')); setBusy(false); return null; } if (!r.ok) { setError(t('auth.register.error')); setBusy(false); return null; } return r.json(); }) .then(data => { if (data) { setResult(data); setStep('recovery'); } }) .catch(() => { setError(t('auth.register.error')); setBusy(false); }); } if (step === 'recovery' && result) { return (

{t('auth.register.recoverySaveTitle')}

{t('auth.register.recoverySaveBody')}

{result.recoveryCode}

); } if (step === 'mcp' && result) { return (

{t('auth.register.mcpTitle')}

{t('auth.register.mcpBody')}

{result.mcpUrl}

); } return (

{t('auth.register.title')}

{t('auth.register.username')} setUsername(e.target.value)} autoFocus required pattern="[a-zA-Z0-9_-]{3,32}"/> {t('auth.register.usernameHint')} {t('auth.register.password')} setPassword(e.target.value)} required minLength={8}/> {t('auth.register.passwordHint')}

{t('auth.register.language')}

{SUPPORTED_LANGS.map(l => ( ))}

{/* Honeypot — hidden from real users, bots tend to fill every field */} setWebsite(e.target.value)} style={{ position: 'absolute', left: '-9999px', width: 1, height: 1 }} tabIndex={-1} autoComplete="off" aria-hidden="true"/> {error &&

{error}

}

{t('auth.register.haveAccount')}

); } function RecoverView({ onRecovered, onGoLogin }) { const [username, setUsername] = authUseState(''); const [recoveryCode, setRecoveryCode] = authUseState(''); const [newPassword, setNewPassword] = authUseState(''); const [error, setError] = authUseState(''); const [busy, setBusy] = authUseState(false); const [result, setResult] = authUseState(null); function submit(e) { e.preventDefault(); setError(''); setBusy(true); fetch('/api/auth/recover', { method: 'POST', headers: { 'Content-Type': 'application/json' }, credentials: 'same-origin', body: JSON.stringify({ username, recoveryCode, newPassword }), }) .then(r => (r.ok ? r.json() : Promise.reject())) .then(data => setResult(data)) .catch(() => { setError(t('auth.recover.error')); setBusy(false); }); } if (result) { return (

{t('auth.recover.success')}

{result.recoveryCode}

); } return (

); } Object.assign(window, { LoginView, RegisterView, RecoverView });