- Add scripts/deploy.sh for safe deployment with uploads preservation
- Add scripts/cleanup_orphan_uploads.php to remove orphaned files
- Add .gitkeep to uploads folder
- Update .gitignore to exclude uploaded files but keep folder structure
The deploy script now:
- Backs up and restores .env file
- Backs up and restores uploads folder contents
- Runs database migrations automatically
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove is_active filter from get_users.php (column doesn't exist)
- Fix ticket ID validation regex in upload_attachment.php (9-digit format)
- Fix createSettingsModal reference to use openSettingsModal from settings.js
- Add error handling for dependencies tab to prevent infinite loading
- Add try-catch wrapper to ticket_dependencies.php API
- Make export dropdown visible only when tickets are selected
- Export only selected tickets instead of all filtered tickets
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Update generateTicketHash() to exclude hostname from hash for
cluster-wide Ceph issues, enabling proper deduplication across
all nodes in the cluster.
Cluster-wide issues detected by:
- [cluster-wide] tag in title
- HEALTH_ERR or HEALTH_WARN in title
- "cluster usage" in title
This prevents all nodes from creating duplicate tickets for the
same cluster-wide issue (e.g., Ceph HEALTH_WARN).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fixed markdown preview for comments by replacing marked.parse() calls
with parseMarkdown() function. The application uses a custom markdown
parser (markdown.js), not the marked.js library.
Changes:
- togglePreview(): Use parseMarkdown() instead of marked.parse()
- updatePreview(): Use parseMarkdown() instead of marked.parse()
Resolves issue where markdown preview didn't work for comments but
worked after posting.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fixed scope issue where selectedOption variable was not accessible in
performStatusChange(). Updated function signature to accept selectedOption
as a parameter and updated both call sites to pass it.
Resolves error: "selectedOption is not defined" when changing ticket status.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fixed syntax error from previous commit where updateTicketStatus()
function had incorrect closing. Changed `});` to `}` at line 434.
This was preventing showTab() and other functions from loading,
breaking the Description/Comments/Activity tab navigation.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Improved toast notification system with queue management:
**Features Added**:
1. **Toast Queuing**:
- Multiple toasts no longer replace each other
- Toasts are queued and displayed sequentially
- Smooth transitions between queued messages
- Prevents message loss during rapid operations
2. **Manual Dismissal**:
- Click [×] button to dismiss toast immediately
- Useful for long-duration error messages
- Clears auto-dismiss timeout on manual close
- Next queued toast appears immediately after dismiss
3. **Queue Management**:
- Internal toastQueue[] array tracks pending messages
- currentToast reference prevents overlapping displays
- dismissToast() handles both auto and manual dismissal
- Automatic dequeue when toast closes
**Implementation**:
- displayToast() separated from showToast() for queue handling
- timeoutId stored on toast element for cleanup
- Close button styled with terminal aesthetic ([×])
- 300ms fade-out animation preserved
**Benefits**:
✓ No lost messages during bulk operations
✓ Better UX - users can dismiss errors immediately
✓ Clean queue management prevents memory leaks
✓ Maintains terminal aesthetic with minimal close button
Example: Bulk assign 10 tickets with 2 failures now shows:
1. "Bulk assign: 8 succeeded, 2 failed" (toast 1)
2. Next operation's message queued (toast 2)
3. User can dismiss or wait for auto-dismiss
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fixed server-side sorting for user-related columns on dashboard:
Problem:
- Clicking "Created By" or "Assigned To" headers didn't sort
- Columns were missing from $allowedColumns validation
- Fell back to ticket_id sort, appearing random to users
Solution:
1. Added 'created_by' and 'assigned_to' to $allowedColumns array
2. Smart sort expression mapping:
- created_by → sorts by display_name/username (not user ID)
- assigned_to → uses CASE to put unassigned at end, then sorts by name
- Other columns → use table prefix (t.column_name)
3. Database-level NULL handling for assigned_to:
- Uses CASE WHEN to sort unassigned tickets last
- Regardless of ASC/DESC direction
- Then alphabetically sorts assigned users
Result:
- A→Z: Alice, Bob, Charlie... Unassigned
- Z→A: Zack, Yolanda, Xavier... Unassigned
- Consistent grouping and predictable order
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fixed sorting logic for the "Assigned To" column on dashboard:
Problem:
- "Unassigned" was sorted alphabetically with user names
- Appeared randomly in middle of list (after 'S', before 'V')
- Made it hard to find unassigned tickets when sorted
Solution:
- "Unassigned" tickets now always appear at end of list
- Regardless of sort direction (A→Z or Z→A)
- Assigned user names still sort normally among themselves
- Example A→Z: Alice, Bob, Charlie... Unassigned
- Example Z→A: Zack, Yolanda, Xavier... Unassigned
This keeps unassigned tickets grouped together and predictable.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Cache optimization with automatic expiration:
1. New Cache Structure:
- Changed from simple array to TTL-aware structure
- Each entry: ['data' => ..., 'expires' => timestamp]
- 5-minute (300s) TTL prevents indefinite stale data
2. Helper Methods:
- getCached($key): Returns data if not expired, null otherwise
- setCached($key, $data): Stores with expiration timestamp
- invalidateCache($userId, $username): Manual cache clearing
3. Updated All Cache Access Points:
- syncUserFromAuthelia() - User sync from Authelia
- getSystemUser() - System user for daemon operations
- getUserById() - User lookup by ID
- getUserByUsername() - User lookup by username
Benefits:
- Prevents memory leaks from unlimited cache growth
- Ensures user data refreshes periodically
- Maintains performance benefits of caching
- Automatic cleanup of expired entries
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Session security improvements in AuthMiddleware:
1. Secure Cookie Configuration:
- HttpOnly flag prevents JavaScript access to session cookies
- Secure flag requires HTTPS (protects from MITM)
- SameSite=Strict prevents CSRF via cookie inclusion
- Strict mode rejects uninitialized session IDs
2. Session Fixation Prevention:
- session_regenerate_id(true) called after successful authentication
- Old session ID destroyed, new one generated
- Prevents attacker from using pre-set session ID
3. CSRF Token Regeneration:
- New CSRF token generated on login
- Ensures fresh token for each session
These changes protect against session hijacking, fixation, and
cross-site attacks while maintaining existing 5-hour timeout.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Security improvements across all JavaScript files:
CSRF Protection:
- assets/js/ticket.js - Added X-CSRF-Token header to 5 fetch calls
(update_ticket.php x3, add_comment.php, assign_ticket.php)
- assets/js/dashboard.js - Added X-CSRF-Token to 8 fetch calls
(update_ticket.php x2, bulk_operation.php x6)
- assets/js/settings.js - Added X-CSRF-Token to user preferences save
- assets/js/advanced-search.js - Added X-CSRF-Token to filter save/delete
XSS Prevention:
- assets/js/ticket.js:183-209 - Replaced insertAdjacentHTML() with safe
DOM API (createElement/textContent) to prevent script injection in
comment rendering. User-supplied data (user_name, created_at) now
auto-escaped via textContent.
All state-changing operations now include CSRF token validation.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add CSRF token injection to the remaining view files:
- views/TicketView.php - Added CSRF token before ticket data script
- views/CreateTicketView.php - Added CSRF token in head section
All view files now expose window.CSRF_TOKEN for JavaScript fetch calls.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add CSRF validation to user_preferences.php
- Protects POST and DELETE methods
- Completes CSRF protection for all API endpoints
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add CSRF validation to assign_ticket.php
- Add CSRF validation to saved_filters.php
- Supports POST, PUT, and DELETE methods
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Create CsrfMiddleware.php with token generation and validation
- Add database indexes for ticket_comments and audit_log
- Includes rollback script for safe deployment
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Problem: When SMART errors evolved on the same drive, new tickets were created
instead of updating the existing ticket. This happened because the hash was
based on specific error values (e.g., "Reallocated_Sector_Ct: 8") instead of
just the issue category.
Root Cause:
- Old hash included specific SMART attribute names and values
- When errors changed (8 → 16 reallocated sectors, or new errors appeared),
the hash changed, allowing duplicate tickets
- Only matched "Warning" attributes, missing "Critical" and "Error X occurred"
- Only matched /dev/sd[a-z], missing NVMe devices
Solution:
- Hash now based on: hostname + device + issue_category (e.g., "smart")
- Does NOT include specific error values or attribute names
- Supports both /dev/sdX and /dev/nvmeXnY devices
- Detects issue categories: smart, storage, memory, cpu, network
Result:
✅ Same drive, errors evolve → Same hash → Updates existing ticket
✅ Different device → Different hash → New ticket
✅ Drive replaced → Different device → New ticket
✅ NVMe devices now supported
Example:
Before:
- "Warning Reallocated: 8" → hash abc123
- "Warning Reallocated: 16" → hash xyz789 (NEW TICKET - bad!)
After:
- "Warning Reallocated: 8" → hash abc123
- "Warning Reallocated: 16" → hash abc123 (SAME TICKET - good!)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
## Tablet Breakpoint (1024px)
- Simplify ASCII corners from heavy double (╔╗╚╝) to light single (┌┐└┘)
- Reduce corner font size from 1.5rem to 1.2rem
- Simplify section headers from ╠═══ to ├─
- Simplify dividers from ╞═══╡ to ├─┤
- Maintain visual hierarchy while reducing complexity
## Mobile Breakpoint (768px)
- Remove ALL ASCII corner decorations (::before, ::after, corner spans)
- Remove inner frame corner decorations
- Simplify section headers to simple "> " prefix
- Simplify subsection headers to "• " bullet point
- Remove all ASCII dividers completely
- Reduce padding: ascii-content to 0.5rem, ascii-frame-inner to 0.5rem
- Reduce border width to 1px on inner frames
- Font size reduction for section headers: 0.9rem
- Maintain functionality while maximizing screen space
## Very Small Mobile Breakpoint (480px)
- Remove ALL pseudo-element decorations globally
- Collapse nested frames to minimal borders (1px)
- Minimal padding everywhere (0.25rem)
- Section headers without decorations, normal text transform
- Simplified font sizes (0.85rem for headers)
- Re-enable only essential pseudo-elements (search prompt)
- Maximum compatibility for small screens
## Progressive Enhancement Strategy
- Desktop: Full elaborate ASCII decorations with heavy borders
- Tablet: Simplified single-line ASCII decorations
- Mobile: Minimal decorations, focus on content
- Very Small: No decorations, pure functionality
## Design Philosophy
- Maintain terminal aesthetic at all sizes
- Progressive simplification as screen shrinks
- Never sacrifice functionality for decoration
- Ensure readability on all devices
- Optimize for touch targets on mobile
## Files Modified
- assets/css/dashboard.css: Added ~140 lines of responsive rules
* Enhanced existing 1024px breakpoint with ASCII frame rules
* Enhanced existing 768px breakpoint with complete mobile simplification
* Enhanced existing 480px breakpoint with minimal frame collapsing
## Testing Checklist
- [ ] Desktop (1920x1080): Full decorations visible
- [ ] Tablet (1024x768): Simplified single-line decorations
- [ ] Mobile (768x1024): No corners, simple headers
- [ ] Small Mobile (480x800): Minimal UI, maximum content
- [ ] Touch targets adequate on all mobile sizes
- [ ] All functionality preserved across breakpoints
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
## Hamburger Menu Updates
- Ticket page menu: Added ascii-subsection-header and ascii-frame-inner wrapper
- Dashboard menu: Added ascii-subsection-header and dashboard-filters wrapper
- Maintains all inline editing functionality for ticket fields
- Preserves all filter checkbox functionality for dashboard
## Settings Modal Enhancement
- Wrapped in ascii-frame-outer with ╚╝ bottom corners
- Added ascii-section-header for title
- Nested content in ascii-content → ascii-frame-inner
- Added ascii-divider before footer
- Moved close button to footer for better layout
## Bulk Operations Modals
- Bulk Assign Modal: Full ASCII frame structure with nested sections
- Bulk Priority Modal: Full ASCII frame structure with nested sections
- Both modals now have:
* ascii-frame-outer with corner decorations
* ascii-section-header for title
* ascii-content and ascii-frame-inner for body
* ascii-divider before footer
* Consistent visual hierarchy with rest of app
## Code Quality
- All event handlers and functionality preserved
- No breaking changes to JavaScript logic
- Consistent frame structure across all dynamically generated UI
- All modals and menus now match the nested frame aesthetic
## Files Modified
- assets/js/dashboard.js: Updated 5 HTML generation functions
* createHamburgerMenu() - ticket page version
* createHamburgerMenu() - dashboard version
* createSettingsModal()
* showBulkAssignModal()
* showBulkPriorityModal()
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
## Light Mode Removal & Optimization
- Removed theme toggle functionality from dashboard.js
- Forced dark mode only (terminal aesthetic)
- Cleaned up .theme-toggle CSS class and styles
- Removed body.light-mode CSS rules from all view files
- Simplified user-header styles to use static dark colors
- Removed CSS custom properties (--header-bg, --header-text, --border-color)
- Removed margin-right for theme toggle button (no longer needed)
## CreateTicketView Complete Restructuring
- Added user header with back link and user info
- Restructured into 6 vertical nested ASCII sections:
1. Form Header - Create New Ticket introduction
2. Template Selection - Optional template dropdown
3. Basic Information - Title input field
4. Ticket Metadata - Status, Priority, Category, Type (4-column)
5. Detailed Description - Main textarea
6. Form Actions - Create/Cancel buttons
- Each section wrapped in ascii-section-header → ascii-content → ascii-frame-inner
- Added ASCII dividers between all sections
- Added ╚╝ bottom corner characters to outer frame
- Improved error message styling with priority-1 color
- Added helpful placeholder text and hints
## Files Modified
- assets/css/dashboard.css: Removed theme toggle CSS (~19 lines)
- assets/js/dashboard.js: Removed initThemeToggle() and forced dark mode
- views/DashboardView.php: Simplified user-header CSS (removed light mode)
- views/TicketView.php: Simplified user-header CSS (removed light mode)
- views/CreateTicketView.php: Complete restructuring (98→242 lines)
## Code Quality
- Maintained all existing functionality and event handlers
- Kept all class names for JavaScript compatibility
- Consistent nested frame structure across all pages
- Zero breaking changes to backend or business logic
- Optimized by removing ~660 unused lines total
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Transform entire UI into retro terminal aesthetic with ASCII/ANSI art:
Visual Changes:
- Add large ASCII art "TINKER TICKETS" banner with typewriter animation
- Terminal black background (#0a0a0a) with matrix green text (#00ff41)
- ASCII borders throughout using box-drawing characters (┌─┐│└─┘╔═╗║╚╝)
- Monospace fonts (Courier New, Consolas, Monaco) everywhere
- All rounded corners removed (border-radius: 0)
- Text glow effects on important elements
- Terminal prompts (>, $) and brackets ([]) on all UI elements
Dashboard:
- Table with ASCII corner decorations and terminal green borders
- Headers with > prefix and amber glow
- Priority badges: [P1] [P2] format with colored glows
- Status badges: [OPEN] [CLOSED] with borders and glows
- Search box with $ SEARCH prompt
- All buttons in [ BRACKET ] format
Ticket View:
- Ticket container with double ASCII borders (╔╗╚╝)
- Priority-colored corner characters
- UUID display: [UUID: xxx] format
- Comments section: ╔═══ COMMENTS ═══╗ header
- Activity timeline with ASCII tree (├──, │, └──)
- Tabs with [ ] brackets and ▼ active indicator
Components:
- Modals with ╔═══ TITLE ═══╗ headers and ASCII corners
- Hamburger menu with MENU SYSTEM box decoration
- Settings modal with terminal styling
- All inputs with green borders and amber focus glow
- Checkboxes with ✓ characters
Technical:
- New file: ascii-banner.js with banner artwork and typewriter renderer
- Comprehensive responsive design (1024px, 768px, 480px breakpoints)
- Mobile: simplified ASCII, hidden decorations, full-width menu
- Print styles for clean black/white output
- All functionality preserved, purely visual transformation
Colors preserved:
- Priority: P1=red, P2=orange, P3=blue, P4=green, P5=gray
- Status: Open=green, In Progress=yellow, Closed=red
- Accents: Terminal green, amber, cyan
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
