Remove automatic addition of ProductName and Price fields when they're not defined as custom AR fields. This ensures tenants using only custom fields won't see unwanted default fields in their products.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add timestamp query parameters to image URLs to prevent browser caching from showing stale images after updates. Images now display immediately after being updated.
- Add .strip() to field name and label inputs in AR field management
- Implement defensive stripping at model layer for extra safety
- Prevents spacing issues that cause image serving routes to fail
- Enable SQLite foreign key constraints to properly cascade deletes
- Add validation to prevent adding products when no AR fields configured
- Display helpful warnings on product pages when fields are missing
- Redirect users to AR field configuration when needed
Implement Microsoft Entra ID (Azure AD) authentication with user and admin roles.
Features:
- OAuth 2.0 authentication flow using MSAL
- User and admin role-based access control
- Tenant ownership and access management
- Server-side session storage
- Protected routes with authentication decorators
Authentication:
- Users authenticate via Microsoft organizational accounts
- Admin role automatically assigned to DEFAULT_ADMIN_EMAIL
- User profiles synced from Microsoft Graph API
Access Control:
- Admins: Full access to all tenants and server settings
- Users: Can create and manage their own tenants only
- Tenant association: Auto-created when user adds products
- API endpoints remain open for AR application access
Database Changes:
- New users table with email, azure_oid, name, and role
- New user_tenants table for many-to-many tenant ownership
- Case-insensitive admin email comparison
Configuration:
- Environment-based config via .env file
- Azure AD credentials (client ID, secret, tenant ID)
- Configurable redirect URI and admin email
- Updated to Flask 2.2.5 for compatibility
Major architectural refactoring to improve code organization, maintainability, and scalability:
- Implement MVC pattern with clear separation of concerns
- Organize code into blueprints for different functional areas (main, tenant, admin, api)
- Create models layer to encapsulate all database operations
- Create services layer for business logic (auth, product, barcode)
- Implement application factory pattern for better testability
- Add environment-based configuration management
- Remove old monolithic app.py and consolidate routes
New structure:
- app/models/ - Database operations (Tenant, Product, ARField, Settings)
- app/services/ - Business logic (Auth, Product, Barcode services)
- app/blueprints/ - Controllers organized by function
- app/config.py - Environment configurations
- run.py - Application entry point
All routes remain backward compatible. No changes to API or templates functionality.