Remove automatic addition of ProductName and Price fields when they're not defined as custom AR fields. This ensures tenants using only custom fields won't see unwanted default fields in their products.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Use configured server URL instead of request.url_root for building absolute image URLs in API responses. This ensures Knox Capture receives correct public URLs when the application is behind an nginx proxy.
Add timestamp query parameters to image URLs to prevent browser caching from showing stale images after updates. Images now display immediately after being updated.
- Add form submit listener to trim field name and label inputs
- Provides immediate feedback to users before server-side validation
- Creates defense-in-depth approach with JS, route, and model layer trimming
- Add .strip() to field name and label inputs in AR field management
- Implement defensive stripping at model layer for extra safety
- Prevents spacing issues that cause image serving routes to fail
- Remove server settings link from main navigation bar
- Add separate display name field for tenant creation
- Support uppercase characters in tenant display names while keeping IDs lowercase
- Improve tenant creation UX with clearer field descriptions
- Enable SQLite foreign key constraints to properly cascade deletes
- Add validation to prevent adding products when no AR fields configured
- Display helpful warnings on product pages when fields are missing
- Redirect users to AR field configuration when needed
When creating a new tenant, users can now choose to initialize with default product fields (Product Name, Item ID, Sale Price, and Image). The option is presented via a checkbox in the tenant creation modal and is enabled by default.
- Add GitHub Actions workflow for building and publishing Docker images
- Trigger on version tags (v*) to publish to Docker Hub
- Update README with Docker Hub deployment instructions
This update introduces an AUTH_MODE configuration that allows developers
to easily test the application locally without requiring Entra ID setup.
Changes:
- Add AUTH_MODE environment variable (entra/none) to .env.example and config
- Update auth decorators to support both authentication modes
- Create role selection page for no-auth mode (admin/user choice)
- Modify auth routes to conditionally use MSAL only in Entra ID mode
- Update UserModel to support mock test users with string IDs
- Add visual indicator in navbar when running in no-auth mode
Benefits:
- Zero Azure AD configuration needed for local development
- Quick testing of role-based features (admin vs user)
- Existing Entra ID functionality remains unchanged
- Simple toggle via environment variable
To use no-auth mode, set AUTH_MODE=none in .env file.
For production, use AUTH_MODE=entra (default).
- Add Dockerfile with multi-stage build for production deployment
- Add docker-compose.yml for easy local development
- Add .dockerignore to optimize Docker build context
- Update README with Docker and local setup instructions
- Add structured bug report template with component selection, environment details, and reproduction steps
- Add feature request template with priority levels, breaking change indicators, and use case descriptions
- Templates aligned with project components including API endpoints, admin interface, barcode generation, and Entra ID authentication
Implement Microsoft Entra ID (Azure AD) authentication with user and admin roles.
Features:
- OAuth 2.0 authentication flow using MSAL
- User and admin role-based access control
- Tenant ownership and access management
- Server-side session storage
- Protected routes with authentication decorators
Authentication:
- Users authenticate via Microsoft organizational accounts
- Admin role automatically assigned to DEFAULT_ADMIN_EMAIL
- User profiles synced from Microsoft Graph API
Access Control:
- Admins: Full access to all tenants and server settings
- Users: Can create and manage their own tenants only
- Tenant association: Auto-created when user adds products
- API endpoints remain open for AR application access
Database Changes:
- New users table with email, azure_oid, name, and role
- New user_tenants table for many-to-many tenant ownership
- Case-insensitive admin email comparison
Configuration:
- Environment-based config via .env file
- Azure AD credentials (client ID, secret, tenant ID)
- Configurable redirect URI and admin email
- Updated to Flask 2.2.5 for compatibility
- Fixed incorrect route path from /tenant/{id}/delete to /{id}/delete
- Replaced browser confirm() dialog with Bootstrap modal for better UX
- Added styled confirmation modal with warning message
- Modal displays tenant name and ID before deletion
- Replace list view with responsive card grid layout for better scalability
- Add real-time search functionality to filter tenants by name or ID
- Move settings to fixed gear icon in top-right corner
- Add new tenant button (plus icon) next to settings gear
- Implement modal dialog for creating new tenants
- Add hover effects and animations to tenant cards
- Improve mobile responsiveness
- Display tenant info more compactly (name, ID, username, date, AR URL)
- Add "no results" message for empty search results
The new layout handles 50+ tenants efficiently with better visual organization and easier navigation.
Major architectural refactoring to improve code organization, maintainability, and scalability:
- Implement MVC pattern with clear separation of concerns
- Organize code into blueprints for different functional areas (main, tenant, admin, api)
- Create models layer to encapsulate all database operations
- Create services layer for business logic (auth, product, barcode)
- Implement application factory pattern for better testability
- Add environment-based configuration management
- Remove old monolithic app.py and consolidate routes
New structure:
- app/models/ - Database operations (Tenant, Product, ARField, Settings)
- app/services/ - Business logic (Auth, Product, Barcode services)
- app/blueprints/ - Controllers organized by function
- app/config.py - Environment configurations
- run.py - Application entry point
All routes remain backward compatible. No changes to API or templates functionality.
Added a new feature that allows viewing all product barcodes for a tenant
in a grid layout with print-optimized styling. This makes it easy to print
barcode sheets for all products at once.
Changes:
- Add new route /<tenant_id>/barcodes for viewing all barcodes
- Create view_all_barcodes() function in routes/admin.py
- Add all_barcodes.html template with responsive grid and print CSS
- Add "View All Barcodes" button to tenant index page
- Print layout optimized for 3-column barcode sheets
- Add barcode_type column to tenants table (default: code128)
- Add barcode type setting in tenant settings page (Code 128, EAN-13, QR Code)
- Replace barcode page link with modal button on tenant dashboard
- Add barcode modal that displays product barcode using tenant's configured type
- Remove old generate_barcode_page route, function, and template
- Clean up unused imports in admin.py
- Add QR code icon next to each tenant's AR template URL on main page
- Add modal popup to display dynamically generated QR codes
- Add routes for QR code generation (/qrcode/template and /qrcode/arinfo)
- Include Bootstrap Icons for QR code icon display
Fixes:
1. Image display - Images now properly display on tenant landing page and edit forms by prepending tenant ID to image paths (/tenant/images/... instead of /images/...)
2. AR fields route - Added /tenant/ar_fields route (without /admin/ prefix) for managing custom AR content fields
3. Template updates - Updated all image src attributes to include tenant prefix for proper routing
4. Navigation - Updated AR fields back button to return to settings page instead of non-existent admin index
Images are now visible in:
- Product list on tenant landing page
- Product edit forms showing current images
- Admin index (if accessed)
Major improvements to tenant management:
1. Dynamic field display - Product lists now automatically show all custom fields based on tenant configuration (e.g., inventory, custom attributes)
2. Fixed Jinja2 template scoping issue - Product field values now correctly display in edit forms using selectattr filter
3. Simplified URL structure - Removed redundant /tenant/admin/ routes, all product management now at /tenant/ root
4. Enhanced tenant landing page - Added delete functionality with confirmation modal, shows all custom fields except images
5. Updated all routes and redirects to use simplified paths (/tenant/add, /tenant/edit, etc.)
This consolidates the interface so /tenant/ serves as the main dashboard with full product management capabilities, while /tenant/settings handles configuration.
Fixed two issues with product images:
1. Images weren't being preserved when editing other product fields - added logic to keep existing image value when no new image is uploaded
2. Image URLs had double underscores (e.g., /images/123__image.jpg) due to field names starting with underscore - now strips leading underscore from field name when constructing image paths