From a549ca5ca3f8aa6d27900571c2fcac149cd67f62 Mon Sep 17 00:00:00 2001 From: rain Date: Fri, 10 Jul 2026 17:08:21 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=B3=A8=E5=86=8C=E5=8A=9F?= =?UTF-8?q?=E8=83=BD=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config.js | 4 +- ...api-page-integration-tracker-2026-07-09.md | 52 ++++- ...7-10-auth-form-validation-normalization.md | 26 +++ ...026-07-10-captcha-verify-track-contract.md | 20 ++ .../2026-07-10-login-auth-flow-polish.md | 26 +++ .../2026-07-10-registration-token-state.md | 128 ++++++++++++ forgot-password.html | 4 +- login.html | 16 +- public/css/login.css | 30 ++- public/js/auth-pages.js | 183 +++++++++++++----- public/js/captcha-pages.js | 29 ++- register.html | 2 +- tests/auth-page-structure.test.js | 23 +++ tests/auth-pages.test.js | 36 +++- tests/captcha-pages.test.js | 29 ++- 15 files changed, 524 insertions(+), 84 deletions(-) create mode 100644 docs/superpowers/plans/2026-07-10-auth-form-validation-normalization.md create mode 100644 docs/superpowers/plans/2026-07-10-captcha-verify-track-contract.md create mode 100644 docs/superpowers/plans/2026-07-10-login-auth-flow-polish.md create mode 100644 docs/superpowers/plans/2026-07-10-registration-token-state.md diff --git a/config.js b/config.js index fe969c5..a67f8c9 100644 --- a/config.js +++ b/config.js @@ -11,11 +11,11 @@ var ENVIRONMENTS = { development: { - apiBaseUrl: 'http://test-genealogy-api.ddxcjp.cn' + apiBaseUrl: 'http://182.61.18.23:8080' }, production: { // 后端尚未提供正式生产域名,暂时保持用户指定的测试地址。 - apiBaseUrl: 'http://test-genealogy-api.ddxcjp.cn' + apiBaseUrl: 'http://182.61.18.23:8080' } }; diff --git a/docs/pc-api-page-integration-tracker-2026-07-09.md b/docs/pc-api-page-integration-tracker-2026-07-09.md index 3ebf536..4838781 100644 --- a/docs/pc-api-page-integration-tracker-2026-07-09.md +++ b/docs/pc-api-page-integration-tracker-2026-07-09.md @@ -49,7 +49,7 @@ 4. `captcha-pages.js` 先请求 `GET /captcha/require?tenantId=000000&clientId=ced7e5f0498645c6ec642dcf450b036f&sceneCode=WEB_H5_LOGIN&subject=手机号`。 5. 如果返回 `required=false`,业务表单可继续提交;如果需要验证,则创建 `new CaptchaConfig(...)` 和 `new TAC(config, ...)`。 6. TAC 内部请求 `POST /captcha/challenge` 获取 `captchaType/challengeId/payload`,适配为 TAC 需要的 `data.type/data.id/backgroundImage/templateImage`。 - 7. 用户拖动完成后,TAC 请求 `POST /captcha/verify`,提交 `challengeId/providerCode/captchaType/payload.data.trackList`。 + 7. 用户拖动完成后,TAC 请求 `POST /captcha/verify`,提交 `challengeId/providerCode/captchaType/payload.track`,其中 `left/top` 由轨迹首尾点计算。 8. 验证成功后从返回 `data.validToken` 取票据,写回表单隐藏字段 `validToken`,再提交 PC 登录接口。 - PC/H5 注册使用 `WEB_H5_REGISTER`,找回密码和找回密码短信验证码使用 `WEB_H5_FORGOT_PASSWORD`;换绑手机、注销账号暂未看到明确 PC/H5 场景编码,仍待后端补充后再接。 @@ -227,6 +227,56 @@ - 修改文件:`public/js/captcha-pages.js`、`tests/captcha-pages.test.js`、`docs/superpowers/plans/2026-07-10-tac-layer-center-fix.md`、`docs/pc-api-page-integration-tracker-2026-07-09.md` - 修改结果:`createCaptchaLayer` 使用 Layui 默认 `layer.open` 时增加 `area: ['318px', '318px']` 与 `offset: 'auto'`,尺寸来自 TAC 原生 `#tianai-captcha-parent`;未修改 `public/tac`,未新增验证码自定义 CSS,未传 TAC 视觉配置。 - 验证结果:先运行 `node tests\captcha-pages.test.js` 复现 `layerOptions.area` 缺失失败;修复后 `node tests\captcha-pages.test.js`、`node tests\auth-page-structure.test.js`、`node --check public\js\captcha-pages.js` 和 `git diff --check` 通过。`git diff --check` 仅输出既有 LF/CRLF 换行提示,没有空白错误。 + +## PC-021 验证结果参数格式修正 + +- 状态:已完成 +- 开始时间:2026-07-10 14:31:14 +08:00 +- 完成时间:2026-07-10 14:34:28 +08:00 +- 计划文件:`docs/superpowers/plans/2026-07-10-captcha-verify-track-contract.md` +- 页面范围:`login.html`、`register.html`、`forgot-password.html` +- 接口范围:`POST /captcha/verify` +- 根因记录:后端最新示例要求验证轨迹提交为 `payload.track`,但前端仍按旧契约提交 `payload.id` 与 `payload.data`,并缺少 `left/top`。 +- 修改文件:`public/js/captcha-pages.js`、`tests/captcha-pages.test.js`、`docs/superpowers/plans/2026-07-10-captcha-verify-track-contract.md`、`docs/pc-api-page-integration-tracker-2026-07-09.md` +- 修改结果:`buildVerifyBody` 现在提交 `payload.track`;`left/top` 优先使用已有值,缺失时由轨迹首尾点差值计算;旧的 `payload.id` 与 `payload.data` 不再作为 `/captcha/verify` 请求体提交。 +- 验证结果:先运行 `node tests\captcha-pages.test.js` 复现旧请求体失败;修复后 `node tests\captcha-pages.test.js`、`node tests\auth-page-structure.test.js`、`node tests\auth-pages.test.js`、`node --check public\js\captcha-pages.js` 和 `git diff --check` 通过。`git diff --check` 仅输出 LF/CRLF 换行提示,没有空白错误。 + +## PC-022 登录页样式优化 + +- 状态:已完成 +- 开始时间:2026-07-10 14:42:32 +08:00 +- 完成时间:2026-07-10 14:50:23 +08:00 +- 计划文件:`docs/superpowers/plans/2026-07-10-login-auth-flow-polish.md` +- 页面范围:`login.html` +- 修改文件:`public/css/login.css` +- 修改结果:登录方式切换区改为圆角分段控件,选中项使用浅红底和红字;按钮与底部链接增加间距。样式全部写在登录页 CSS 中,未通过 JS 注入样式。 +- 验证结果:`node tests\auth-page-structure.test.js`、`node tests\auth-pages.test.js`、`node tests\captcha-pages.test.js`、`node --check public\js\auth-pages.js`、`node --check public\js\captcha-pages.js` 和 `git diff --check` 通过。`git diff --check` 仅输出 LF/CRLF 换行提示,没有空白错误。 + +## PC-023 注册跳转与验证码取票据流程复核 + +- 状态:已完成 +- 开始时间:2026-07-10 14:42:32 +08:00 +- 完成时间:2026-07-10 14:50:23 +08:00 +- 计划文件:`docs/superpowers/plans/2026-07-10-login-auth-flow-polish.md` +- 页面范围:`login.html`、`register.html`、`forgot-password.html` +- 接口范围:登录、注册、忘记密码提交前的 `/captcha/verify` +- 根因记录:`register.html` 仍把注册成功地址写为 `create-genealogy.html`,公共认证脚本也保留同样兜底地址;但创建家谱属于登录后的行为,注册完成应回到登录页。 +- 修改文件:`register.html`、`public/js/auth-pages.js`、`tests/auth-page-structure.test.js` +- 修改结果:注册页 `data-success-url` 改为 `login.html`,注册提交的兜底跳转也改为 `login.html`;结构测试补充三张认证页验证码场景和 `validToken` 隐藏字段检查。公共 `CaptchaPages` 仍统一用 `payload.track` 调 `/captcha/verify` 换取 `validToken`,登录、注册、忘记密码表单提交前共用这一入口。 +- 验证结果:先运行 `node tests\auth-page-structure.test.js` 复现注册跳转失败;修复后 `node tests\auth-page-structure.test.js`、`node tests\auth-pages.test.js`、`node tests\captcha-pages.test.js`、`node --check public\js\auth-pages.js`、`node --check public\js\captcha-pages.js` 和 `git diff --check` 通过。`git diff --check` 仅输出 LF/CRLF 换行提示,没有空白错误。 + +## PC-024 认证页表单校验和结构规范化 + +- 状态:已完成 +- 开始时间:2026-07-10 14:56:08 +08:00 +- 完成时间:2026-07-10 15:11:49 +08:00 +- 计划文件:`docs/superpowers/plans/2026-07-10-auth-form-validation-normalization.md` +- 页面范围:`login.html`、`register.html`、`forgot-password.html` +- 接口范围:登录、短信登录、注册、找回密码提交前的本地校验与验证码取票据 +- 结论记录:`form` 标签本身不是落后写法,认证提交页保留语义表单更合适;但 `data-captcha-scene`、`data-success-url`、`data-scene-code` 这类业务配置不应散在 HTML 上。 +- 修改文件:`login.html`、`register.html`、`forgot-password.html`、`public/js/auth-pages.js`、`tests/auth-pages.test.js`、`tests/auth-page-structure.test.js` +- 修改结果:三张认证页表单改用稳定 `id` 作为 JS 挂载点,移除认证业务配置型 `data-*`;登录方式切换改用标准 `aria-controls` 关联表单面板;`auth-pages.js` 新增 `FORM_CONFIG` 统一管理场景码和跳转地址;新增 `validateAuthValues` 统一校验手机号、密码、短信验证码和确认密码。登录、注册、忘记密码提交前仍统一走 `CaptchaPages.ensureToken`,由 `captcha-pages.js` 按 `payload.track` 调 `/captcha/verify` 换取 `validToken`。 +- 验证结果:先运行 `node tests\auth-page-structure.test.js` 与 `node tests\auth-pages.test.js` 复现失败;修复后 `node tests\auth-page-structure.test.js`、`node tests\auth-pages.test.js`、`node tests\captcha-pages.test.js`、`node --check public\js\auth-pages.js`、`node --check public\js\captcha-pages.js` 和 `git diff --check` 通过。扫描确认三张认证页和 `auth-pages.js` 无 `data-auth-form`、`data-captcha-scene`、`data-success-url`、`data-scene-code`、`data-login-mode` 残留;`git diff --check` 仅输出 LF/CRLF 换行提示,没有空白错误。 - 复核结论:该项只解决 `d.parents is not a function`;用户 2026-07-10 10:59 左右浏览器复测显示 Layui 遮罩出现、`/captcha/challenge` 返回 200,但 TAC 本体未显示,因此真实挂载点问题进入 PC-019 修正。 ## PC-019 TAC Layui 实际挂载点修复 diff --git a/docs/superpowers/plans/2026-07-10-auth-form-validation-normalization.md b/docs/superpowers/plans/2026-07-10-auth-form-validation-normalization.md new file mode 100644 index 0000000..ac16a2a --- /dev/null +++ b/docs/superpowers/plans/2026-07-10-auth-form-validation-normalization.md @@ -0,0 +1,26 @@ +# 2026-07-10 认证页表单校验和结构规范化计划 + +- 计划编号:PC-024 +- 开始时间:2026-07-10 14:56:08 +08:00 +- 页面范围:`login.html`、`register.html`、`forgot-password.html` +- 接口范围:登录、短信登录、注册、找回密码提交前的本地校验与验证码取票据 + +## 结论 + +- 当前三页只有很弱的前端校验,主要是必填判断和找回密码两次密码一致校验,不算完整表单验证。 +- `
` 标签不是落后写法,它是提交类页面的语义结构;但把 `data-captcha-scene`、`data-success-url` 这类业务配置写在 HTML 上不够集中,后续维护容易散。 + +## 执行清单 + +1. [x] 写失败测试:认证页不能继续把业务配置写在表单 `data-*` 属性上。 +2. [x] 写失败测试:认证页 JS 要提供统一表单校验函数。 +3. [x] HTML 表单改为使用 `id` 作为挂载点。 +4. [x] `auth-pages.js` 增加统一表单配置和校验函数。 +5. [x] 保持三页提交前统一走 `CaptchaPages.ensureToken`,并继续使用 `payload.track` 换取票据。 +6. [x] 运行结构测试、业务测试、验证码测试、语法检查和空白检查。 + +## 验证记录 + +- 2026-07-10 14:56:08 +08:00:开始记录 PC-024,并补充结构和校验测试。 +- 2026-07-10 14:56:08 +08:00:`node tests\auth-page-structure.test.js` 与 `node tests\auth-pages.test.js` 已按预期失败,失败点为 HTML 未使用表单 `id`、JS 缺少 `sms-login` 场景配置和统一校验函数。 +- 2026-07-10 15:11:49 +08:00:修复后 `node tests\auth-page-structure.test.js`、`node tests\auth-pages.test.js`、`node tests\captcha-pages.test.js`、`node --check public\js\auth-pages.js`、`node --check public\js\captcha-pages.js` 均通过;`git diff --check` 无空白错误,仅有 LF/CRLF 换行提示。 diff --git a/docs/superpowers/plans/2026-07-10-captcha-verify-track-contract.md b/docs/superpowers/plans/2026-07-10-captcha-verify-track-contract.md new file mode 100644 index 0000000..f98cd76 --- /dev/null +++ b/docs/superpowers/plans/2026-07-10-captcha-verify-track-contract.md @@ -0,0 +1,20 @@ +# 2026-07-10 验证结果参数格式修正计划 + +- 计划编号:PC-021 +- 开始时间:2026-07-10 14:31:14 +08:00 +- 页面范围:`login.html`、`register.html`、`forgot-password.html` +- 接口范围:`POST /captcha/verify` +- 新契约:验证轨迹统一提交为 `payload.track`,不再提交旧的 `payload.data`。 + +## 执行清单 + +1. [x] 写失败测试:按后端最新示例断言 `payload.track`、`left`、`top` 和 `trackList`。 +2. [x] 修改 `captcha-pages.js`:把 TAC 轨迹转换成后端要求的 `payload.track`。 +3. [x] 更新追踪文档中旧的 `payload.data.trackList` 记录。 +4. [x] 运行焦点测试、语法检查和空白检查。 + +## 验证记录 + +- 2026-07-10 14:31:14 +08:00:开始按新请求体契约补失败测试。 +- 2026-07-10 14:31:14 +08:00:`node tests\captcha-pages.test.js` 已按预期失败,失败点为实际请求体仍提交 `payload.id` 和 `payload.data`。 +- 2026-07-10 14:34:28 +08:00:修复后 `node tests\captcha-pages.test.js`、`node tests\auth-page-structure.test.js`、`node tests\auth-pages.test.js`、`node --check public\js\captcha-pages.js` 均通过;`git diff --check` 无空白错误,仅有 LF/CRLF 换行提示。 diff --git a/docs/superpowers/plans/2026-07-10-login-auth-flow-polish.md b/docs/superpowers/plans/2026-07-10-login-auth-flow-polish.md new file mode 100644 index 0000000..757c3e1 --- /dev/null +++ b/docs/superpowers/plans/2026-07-10-login-auth-flow-polish.md @@ -0,0 +1,26 @@ +# 2026-07-10 登录页样式与认证流程修正计划 + +- 计划编号:PC-022 / PC-023 +- 开始时间:2026-07-10 14:42:32 +08:00 +- 页面范围:`login.html`、`register.html`、`forgot-password.html` +- 接口范围:登录、注册、忘记密码提交前的 `/captcha/verify` 取票据流程 + +## PC-022 登录页样式优化 + +1. [x] 优化 `public/css/login.css` 中登录方式切换区,让选中状态、文本居中和整体边框更自然。 +2. [x] 增加登录按钮与底部链接之间的间距。 +3. [x] 保持样式在 CSS 文件内,不用 JS 注入样式。 + +## PC-023 注册跳转与验证码流程复核 + +1. [x] 写失败测试:注册完成后必须跳转 `login.html`。 +2. [x] 写结构测试:三张认证页都必须声明验证码场景并携带 `validToken`。 +3. [x] 修改 `register.html` 的成功跳转。 +4. [x] 复核公共 `CaptchaPages` 仍统一按 `payload.track` 换取 `validToken`。 +5. [x] 运行相关测试、语法检查和空白检查。 + +## 验证记录 + +- 2026-07-10 14:42:32 +08:00:开始记录 PC-022 / PC-023,先补认证页结构测试。 +- 2026-07-10 14:42:32 +08:00:`node tests\auth-page-structure.test.js` 已按预期失败,失败点为 `register.html` 仍跳转 `create-genealogy.html`。 +- 2026-07-10 14:50:23 +08:00:修复后 `node tests\auth-page-structure.test.js`、`node tests\auth-pages.test.js`、`node tests\captcha-pages.test.js`、`node --check public\js\auth-pages.js`、`node --check public\js\captcha-pages.js` 均通过;`git diff --check` 无空白错误,仅有 LF/CRLF 换行提示。 diff --git a/docs/superpowers/plans/2026-07-10-registration-token-state.md b/docs/superpowers/plans/2026-07-10-registration-token-state.md new file mode 100644 index 0000000..16c815f --- /dev/null +++ b/docs/superpowers/plans/2026-07-10-registration-token-state.md @@ -0,0 +1,128 @@ +# Registration Token State Implementation Plan + +> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking. + +**Goal:** Ensure registration never creates or retains a browser authentication token, while password and SMS login continue to persist theirs. + +**Architecture:** `utils/ApiClient.js` remains the single owner of browser token persistence. The `register()` method will leave its request and response contract unchanged, then clear the configured storage key after a successful response. `tests/api-client.test.js` will exercise the behavior through the public client methods and an in-memory storage adapter. + +**Tech Stack:** Browser JavaScript (UMD), Node.js `assert` tests, Axios request adapter. + +## Global Constraints + +- Only `login()` and `loginBySms()` may persist a response token under the configured token key. +- Successful `register()` clears the configured token key even when its response contains `token`, `accessToken`, or `tokenValue`. +- Failed registration leaves existing token storage unchanged. +- Registration page behavior remains a redirect to `login.html`. +- Do not refactor unrelated request, storage, page, or authentication behavior. + +--- + +### Task 1: Enforce registration token state in the API client + +**Files:** +- Modify: `tests/api-client.test.js:83-111` +- Modify: `utils/ApiClient.js:176-182` + +**Interfaces:** +- Consumes: `client.register(body)` and `client.loginBySms(body)` from `GenealogyApi.createClient()`. +- Produces: `client.register(body)` returns the API response while removing the configured token key after a successful request. + +- [ ] **Step 1: Write the failing regression test** + +Insert the following immediately after the existing `client.loginBySms(...)` assertions and before `client.sendSmsCode(...)` in `tests/api-client.test.js`: + +```js + assert.strictEqual(store.values['token-key'], 'server-token'); + + store.setItem('token-key', 'existing-token'); + const registerResponse = await client.register({ + phone: '13900000000', + password: 'register-md5', + nickName: 'new-user', + validToken: 'register-ticket' + }); + assert.deepStrictEqual(registerResponse, { + token: 'server-token', + url: '/genealogy/pc/auth/register' + }); + assert.strictEqual(calls[8].url, '/genealogy/pc/auth/register'); + assert.strictEqual(calls[8].headers.Authorization, undefined); + assert.strictEqual(calls[8].data.grantType, 'password'); + assert.strictEqual(calls[8].data.registerSource, 'PC'); + assert.strictEqual(store.getItem('token-key'), null); + + const failedRegisterStore = createStore({ + 'token-key': 'existing-token' + }); + const failedRegisterClient = GenealogyApi.createClient({ + baseUrl: 'https://test-genealogy-api.ddxcjp.cn', + clientId: 'client-x', + tenantId: 'tenant-x', + tokenKey: 'token-key', + tokenStore: failedRegisterStore, + axiosInstance: { + request: async () => { + throw new Error('register failed'); + } + } + }); + await assert.rejects( + failedRegisterClient.register({ + phone: '13900000001', + password: 'register-md5', + nickName: 'failed-user', + validToken: 'register-ticket' + }), + /register failed/ + ); + assert.strictEqual(failedRegisterStore.getItem('token-key'), 'existing-token'); +``` + +Move the existing `client.sendSmsCode(...)` assertions from index `8` to index `9`, then change the final call-count assertion from `9` to `10`. + +- [ ] **Step 2: Run the regression test and confirm the current failure** + +Run: `node tests/api-client.test.js` + +Expected: failure at `assert.strictEqual(store.getItem('token-key'), null)` because the current `register()` implementation writes `server-token` to `token-key`. The failed-registration assertion will already pass, documenting that the token must change only after a successful response. + +- [ ] **Step 3: Implement the minimal token-state change** + +In `utils/ApiClient.js`, replace the body of `register()` with: + +```js + async function register(body) { + var data = await request('POST', '/genealogy/pc/auth/register', { + auth: false, + body: Object.assign({ grantType: 'password', registerSource: 'PC' }, withTenant(body)) + }); + clearToken(); + return data; + } +``` + +- [ ] **Step 4: Run the focused test and confirm it passes** + +Run: `node tests/api-client.test.js` + +Expected: `api-client tests passed`. + +- [ ] **Step 5: Run the complete Node test suite** + +Run: `Get-ChildItem -Path tests -Filter *.test.js | ForEach-Object { node $_.FullName }` + +Expected: every test script prints its success message and PowerShell exits with code `0`. + +- [ ] **Step 6: Check the final diff and commit the implementation** + +Run: `git diff --check` + +Expected: exit code `0` with no whitespace errors. + +Then commit only the implementation files: + +```powershell +git add -- utils/ApiClient.js tests/api-client.test.js +git commit -m "fix: clear token after registration" +``` diff --git a/forgot-password.html b/forgot-password.html index 12310bc..89b3ed1 100644 --- a/forgot-password.html +++ b/forgot-password.html @@ -21,7 +21,7 @@
Password Recovery

找回密码

输入注册手机号,获取验证码后重设登录密码。

- + - + 登录账号

登录后可创建、加入和维护家谱。

登录