Commit Graph

2 Commits

Author SHA1 Message Date
fs
1f46ea602f refactor(settings/api): drop the duplicated CORS hint, slim token-policy intro
The token-policy card had an info blockquote that paraphrased the two
field labels, and the CORS card stated "one origin per line" three
times (blockquote, DB description, muted footer). Now the CORS hint
comes only from the setting description, which already includes the
per-line note in both locales. The danger warning on the revoke action
stays put.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-25 18:22:41 +02:00
fs
69739c90d7 refactor(settings): split admin/settings into hub + per-section subpages
Splits the 755-line monolithic settings page into a tile-based landing hub
and six focused subpages (general, security, email, api, sso, branding),
each with its own form, CSRF scope and POST handler. Each subpage offers
Save / Save & close buttons plus a Cancel/back link to the hub.

Backend (AdminSettingsService, gateways, policies, DB schema) unchanged.
A new settingsSectionMergePost() helper overlays section POSTs onto the
current DB values so partial saves don't wipe unrelated fields (the
service defaults missing keys to 0/empty).

Sub-action files (logo/favicon/tokens/lifecycle) redirect to the matching
subpage, and architecture contracts now check the subpage files instead
of the removed monolithic index.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-24 22:43:12 +02:00