LotusGuild/tinker_tickets
4
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Fix CSS variables, missing utility classes, API hardening, and audit log UX

Browse Source 
- base.css: add --lt-border/--lt-surface aliases so dashboard.css respects
  theme instead of using hardcoded fallback colors
- base.css: add lt-select-sm/lt-input-sm compact size variants (used in 15+
  places), lt-msg-danger alias for lt-msg-error, lt-form-hint--warn,
  lt-font-mono utility class
- audit_log.php: cap ?limit= at 500 to prevent DoS via oversized queries
- ApiKeysView.php: replace deprecated execCommand('copy') with lt.copy();
  add integer casts on api_key_id in id attr and data-id
- AuditLogView.php: rebuild pagination with windowed prev/next/ellipsis
  pattern matching DashboardView; integer cast on user_id select option

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Jared Vititoe
2026-03-28 13:22:12 -04:00
parent e721b33911
commit b42597c927
4 changed files with 57 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
views/admin/ApiKeysView.php
+8 -6
View File
@@ -75,7 +75,7 @@ include __DIR__ . '/../../views/layout_header.php';
<tr><td colspan="8" class="lt-empty">No API keys found. Generate one above.</td></tr>
<?php else: foreach ($apiKeys as $key): ?>
<?php $expired = $key['expires_at'] && strtotime($key['expires_at']) < time(); ?>
<tr id="key-row-<?= $key['api_key_id'] ?>">
<tr id="key-row-<?= (int)$key['api_key_id'] ?>">
<td data-label="Name"><strong><?= htmlspecialchars($key['key_name']) ?></strong></td>
<td data-label="Prefix" class="lt-text-xs"><code><?= htmlspecialchars($key['key_prefix']) ?>&hellip;</code></td>
<td data-label="Created By" class="lt-text-xs"><?= htmlspecialchars($key['display_name'] ?? $key['username'] ?? 'Unknown') ?></td>
@@ -96,7 +96,7 @@ include __DIR__ . '/../../views/layout_header.php';
<td data-label="Actions">
<?php if ($key['is_active']): ?>
<button type="button" class="lt-btn lt-btn-sm lt-btn-danger"
data-action="revoke-key" data-id="<?= $key['api_key_id'] ?>">REVOKE</button>
data-action="revoke-key" data-id="<?= (int)$key['api_key_id'] ?>">REVOKE</button>
<?php else: ?>
<span class="lt-text-muted lt-text-xs">—</span>
<?php endif ?>
@@ -173,10 +173,12 @@ document.getElementById('generateKeyForm').addEventListener('submit', function (
});
function copyApiKey() {
var input = document.getElementById('newKeyValue');
input.select();
document.execCommand('copy');
lt.toast.success('Copied to clipboard!');
var val = document.getElementById('newKeyValue').value;
lt.copy(val).then(function () {
lt.toast.success('Copied to clipboard!');
}).catch(function () {
lt.toast.error('Copy failed — select the key manually');
});
}
function revokeKey(keyId) {