docs: Update README and CHANGELOG for Phase 2 completion

README.md: - Updated Phase 2 completion date: Nov 11-14 → Nov 11-15 - Added new section: Modular UI Architecture (Nov 15) - Listed all reusable components and their modes - Added code reduction metrics (62% reduction, -227 net lines) - Removed outdated 'email link' mention CHANGELOG.md: - Complete rewrite for feature/SocialMedia branch - Added Phase 1: Social Media Consent Management (Nov 9-10) * Backend: Migrations, APIs, validation * Frontend: ConsentCheckboxes, ConsentBadges, filters * Testing results and GDPR compliance - Added Phase 2 Backend: Management Portal (Nov 11) * Management APIs, security features, audit log * Rate limiting and brute-force protection - Added Phase 2 Frontend: Management Portal UI (Nov 13-14) * ManagementPortalPage, component reuse * Upload success integration - Added Phase 2 UI Refactoring (Nov 15) * 4 new modular components (686 lines) * Multi-mode support (upload/edit/moderate) * Code reduction metrics * UI consistency patterns * Bug fixes All documentation now accurately reflects Nov 9-15 work.
2025-11-15 18:45:16 +01:00 · 2025-11-15 18:45:16 +01:00 · ede45aafdd
commit ede45aafdd
parent a7d2d7d6aa
2 changed files with 157 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,154 @@
 # Changelog
 ## [Unreleased] - Branch: feature/SocialMedia
 ### 🎨 Modular UI Architecture (November 15, 2025)
 #### Features
 - ✅ **Reusable Component System**: Created modular components for all pages
  - `ConsentManager.js` (263 lines): Workshop + Social Media consents with edit/upload modes
  - `GroupMetadataEditor.js` (146 lines): Metadata editing with edit/upload/moderate modes  
  - `ImageDescriptionManager.js` (175 lines): Batch image descriptions with manage/moderate modes
  - `DeleteGroupButton.js` (102 lines): Standalone group deletion component
 - ✅ **Multi-Mode Support**: Components adapt behavior based on context
  - `mode="upload"`: External state, no save buttons (MultiUploadPage)
  - `mode="edit"`: Management API endpoints (ManagementPortalPage)
  - `mode="moderate"`: Admin API endpoints (ModerationGroupImagesPage)
 - ✅ **Code Reduction**: Massive reduction in code duplication
  - ManagementPortalPage: 1000→400 lines (-60%)
  - ModerationGroupImagesPage: 281→107 lines (-62%)
  - MultiUploadPage: Refactored to use modular components
  - Net result: +288 lines added, -515 lines removed = **-227 lines total**
 #### UI Consistency
 - 🎨 **Design System**: Established consistent patterns across all pages
  - Paper boxes with headings inside (not outside)
  - HTML `<button>` with CSS classes instead of Material-UI Button
  - Material-UI Alert for inline feedback (SweetAlert2 only for destructive actions)
  - Icons: 💾 save, ↩ discard, 🗑️ delete, 📥 download
  - Individual save/discard per component section
 #### Bug Fixes
 - <20> Fixed: Image descriptions not saving during upload (preview ID → filename mapping)
 - 🐛 Fixed: FilterListIcon import missing in ModerationGroupsPage
 - 🐛 Fixed: Button styles inconsistent across pages
 #### Technical Details
 - **Frontend Changes**:
  - New files: 4 modular components (686 lines)
  - Refactored files: 7 pages with consistent patterns
  - State management: Deep copy pattern, JSON comparison, set-based comparison
  - API integration: Mode-based endpoint selection
 ---
 ### 🔑 Self-Service Management Portal (November 11-14, 2025)
 #### Backend Features (Phase 2 Backend - Nov 11)
 - ✅ **Management Token System**: UUID v4 token generation and validation
  - Tokens stored in `groups.management_token` column
  - Token-based authentication for all management operations
  - Format validation (UUID v4 regex)
 - ✅ **Management APIs**: Complete self-service functionality
  - `GET /api/manage/:token` - Load group data
  - `PUT /api/manage/:token/consents` - Revoke/restore consents
  - `PUT /api/manage/:token/metadata` - Edit title/description
  - `PUT /api/manage/:token/images/descriptions` - Batch update descriptions
  - `POST /api/manage/:token/images` - Add images (max 50 per group)
  - `DELETE /api/manage/:token/images/:imageId` - Delete single image
  - `DELETE /api/manage/:token` - Delete entire group
 - ✅ **Security Features**:
  - Rate limiting: 10 requests/hour per IP (in-memory)
  - Brute-force protection: 20 failed attempts → 24h IP ban
  - Management audit log: All actions tracked in `management_audit_log` table
  - Token masking: Only first 8 characters logged
 - ✅ **Database Migration 007**: Management audit log table
  - Tracks: action, success, error_message, ip_address, user_agent
  - Indexes for performance: group_id, action, ip_address, created_at
 #### Frontend Features (Phase 2 Frontend - Nov 13-14)
 - ✅ **Management Portal Page**: Full-featured user interface at `/manage/:token`
  - Token validation with error handling
  - Consent management UI (revoke/restore)
  - Metadata editing UI
  - Image upload/delete UI
  - Group deletion UI (with confirmation)
 - ✅ **Component Reuse**: ConsentCheckboxes with mode support
  - `mode="upload"`: Upload page behavior
  - `mode="manage"`: Management portal behavior
  - Eliminates ~150 lines of duplicated code
 - ✅ **Upload Success Integration**: Management link prominently displayed
  - Copy-to-clipboard functionality
  - Security warning about safe storage
  - Email link for social media post deletion requests
 ---
 ### 🔐 Social Media Consent Management (November 9-10, 2025)
 #### Backend Features (Phase 1 Backend - Nov 9)
 - ✅ **Database Migrations**:
  - Migration 005: Added consent fields to `groups` table
    * `display_in_workshop` (BOOLEAN, NOT NULL, default 0)
    * `consent_timestamp` (DATETIME)
    * `management_token` (TEXT, UNIQUE) - for Phase 2
  - Migration 006: Social media platform system
    * `social_media_platforms` table (configurable platforms)
    * `group_social_media_consents` table (per-group, per-platform consents)
    * Revocation tracking: `revoked`, `revoked_timestamp` columns
  - GDPR-compliant: Old groups keep `display_in_workshop = 0` (no automatic consent)
 - ✅ **API Endpoints**:
  - `GET /api/social-media/platforms` - List active platforms (Facebook, Instagram, TikTok)
  - `POST /api/groups/:groupId/consents` - Save consents (batch operation)
  - `GET /api/groups/:groupId/consents` - Load consent status
  - `GET /api/admin/groups/by-consent` - Filter groups by consent (all, workshop, platform-specific)
  - `GET /api/admin/consents/export` - Export consent data (CSV/JSON format)
 - ✅ **Upload Validation**: 400 error if `display_in_workshop` not set to true
 - ✅ **Repositories**:
  - `SocialMediaRepository.js`: Platform & consent management
  - Extended `GroupRepository.js`: Consent filtering queries
 #### Frontend Features (Phase 1 Frontend - Nov 10)
 - ✅ **ConsentCheckboxes Component**: GDPR-compliant consent UI
  - Workshop consent (mandatory, cannot upload without)
  - Social media consents (optional, per-platform checkboxes)
  - Informative tooltips explaining usage
  - Legal notice about moderation and withdrawal rights
 - ✅ **ConsentBadges Component**: Visual consent status indicators
  - Icons: 🏭 Workshop, 📱 Facebook, 📷 Instagram, 🎵 TikTok
  - Tooltips with consent details and timestamps
  - Filtering support for revoked consents
 - ✅ **Moderation Panel Updates**:
  - Consent filter dropdown (All, Workshop-only, per-platform)
  - Export button for CSV/JSON download
  - Consent badges on each group card
  - In-memory filtering (loads all groups, filters client-side)
 - ✅ **Upload Success Dialog**: Group ID display for consent withdrawal reference
 #### Testing Results (Nov 10)
 - ✅ Upload with/without workshop consent
 - ✅ Social media consent persistence
 - ✅ Filter functionality (All: 76, Workshop: 74, Facebook: 2)
 - ✅ CSV export with proper formatting
 - ✅ Badge icons and tooltips
 - ✅ Migration 005 & 006 auto-applied on startup
 - ✅ GDPR validation: 72 old groups with display_in_workshop = 0
 ---
 ## [Unreleased] - Branch: feature/PreloadImage
 ### 🚀 Slideshow Optimization (November 2025)
--- a/README.md
+++ b/README.md
@ -28,18 +28,23 @@ This project extends the original [Image-Uploader by vallezw](https://github.com
  - Consent badges and filtering in moderation panel
  - CSV/JSON export for legal documentation
  - Group ID tracking for consent withdrawal requests
- **🔑 Self-Service Management Portal** (Phase 2 Complete - Nov 11-14):
+- **🔑 Self-Service Management Portal** (Phase 2 Complete - Nov 11-15):
  - Secure UUID-based management tokens for user self-service
  - Frontend portal at `/manage/:token` for consent management
  - Revoke/restore consents for workshop and social media
  - Edit metadata (title, description) after upload
  - Add/delete images after upload (with moderation re-approval)
  - Complete group deletion with audit trail
  - Reusable ConsentCheckboxes component (no code duplication)
  - Email link for social media post deletion requests
  - IP-based rate limiting (10 requests/hour)
  - Brute-force protection (20 failed attempts → 24h ban)
  - Management audit log for security tracking
 - **🎨 Modular UI Architecture** (Nov 15):
  - Reusable components: ConsentManager, GroupMetadataEditor, ImageDescriptionManager
  - Multi-mode support: upload/edit/moderate modes for maximum reusability
  - Code reduction: 62% in ModerationGroupImagesPage (281→107 lines)
  - Consistent design: HTML buttons, Paper boxes, Material-UI Alerts
  - Individual save/discard per component section
  - Zero code duplication between pages
 - **<EFBFBD> Slideshow Optimization**: Intelligent image preloading eliminates loading delays and duplicate images
 - **📅 Chronological Display**: Slideshows now play in chronological order (year → upload date)
 - **Automatic Cleanup**: Unapproved groups are automatically deleted after 7 days