feat(ai): server-side chat history + assistant UX fixes
Server-side, per-user chat history (the thread now survives reload): - new ai_chat_messages table + migration; getChatHistory/appendChatMessages/ clearChatHistory; GET/POST/DELETE /api/admin/ai/history (ai.use-guarded); service + HTTP tests (isolation, ordering, clear, perm, validation). - DashAssistant loads the thread on mount and persists each turn; "Vymazat" clears it. gcTime:0 so each mount re-reads the DB (no stale-cache resurrection); composer gated until history settles + seed flag flipped on submit (no seed/submit race clobbering a freshly-sent turn). UX + correctness fixes from review/feedback: - review cards moved OUT of the scrollable thread into a "Faktury k potvrzení" section so Uložit is always reachable; chat auto-scroll no longer fires on field edits. - chat bubble text colour set on the Typography (GlobalStyles pins `p` to text.secondary, which was overriding the inherited bubble colour → unreadable). - never clear input/staged PDFs on a failed submit (rollback + keep), so a budget error can't wipe staged invoices; roll back the optimistic user turn. - stable attachment ids (no crypto.randomUUID — undefined over plain HTTP). - editable Datum splatnosti + Popis fields; client-side extraction summary. Security: DashProfile clipboard copy now uses an execCommand fallback (works over plain HTTP) and only shows the success toast when the copy actually succeeded — previously it falsely claimed to copy 2FA codes / the TOTP secret. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -16,6 +16,35 @@ import useDialogScrollLock from "../../ui/useDialogScrollLock";
|
||||
|
||||
const API_BASE = "/api/admin";
|
||||
|
||||
// Copy helper. navigator.clipboard is SECURE-CONTEXT ONLY (undefined over plain
|
||||
// HTTP on a LAN), so we fall back to the legacy execCommand path — which works
|
||||
// in insecure contexts — and report whether the copy actually succeeded. The
|
||||
// caller MUST gate its success toast on the returned boolean (otherwise it lies
|
||||
// to the user about copying 2FA codes / the TOTP secret).
|
||||
async function copyToClipboard(text: string): Promise<boolean> {
|
||||
try {
|
||||
if (navigator.clipboard?.writeText) {
|
||||
await navigator.clipboard.writeText(text);
|
||||
return true;
|
||||
}
|
||||
} catch {
|
||||
// fall through to the legacy path
|
||||
}
|
||||
try {
|
||||
const ta = document.createElement("textarea");
|
||||
ta.value = text;
|
||||
ta.style.position = "fixed";
|
||||
ta.style.opacity = "0";
|
||||
document.body.appendChild(ta);
|
||||
ta.select();
|
||||
const ok = document.execCommand("copy");
|
||||
document.body.removeChild(ta);
|
||||
return ok;
|
||||
} catch {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
interface DashProfileProps {
|
||||
totpEnabled: boolean;
|
||||
totpLoading: boolean;
|
||||
@@ -480,9 +509,10 @@ export default function DashProfile({
|
||||
</Box>
|
||||
<Box sx={{ mt: 1.5 }}>
|
||||
<Button
|
||||
onClick={() => {
|
||||
navigator.clipboard?.writeText(backupCodes.join("\n"));
|
||||
alert.success("Kódy zkopírovány");
|
||||
onClick={async () => {
|
||||
const ok = await copyToClipboard(backupCodes.join("\n"));
|
||||
if (ok) alert.success("Kódy zkopírovány");
|
||||
else alert.error("Kopírování selhalo – zkopírujte ručně");
|
||||
}}
|
||||
variant="outlined"
|
||||
color="inherit"
|
||||
@@ -543,9 +573,11 @@ export default function DashProfile({
|
||||
>
|
||||
<span>{totpSecret}</span>
|
||||
<IconButton
|
||||
onClick={() => {
|
||||
navigator.clipboard?.writeText(totpSecret);
|
||||
alert.success("Klíč zkopírován");
|
||||
onClick={async () => {
|
||||
const ok = await copyToClipboard(totpSecret);
|
||||
if (ok) alert.success("Klíč zkopírován");
|
||||
else
|
||||
alert.error("Kopírování selhalo – zkopírujte ručně");
|
||||
}}
|
||||
size="small"
|
||||
title="Kopírovat"
|
||||
|
||||
Reference in New Issue
Block a user