// app.jsx — main app shell with screen routing & state const { useState: useAppState, useEffect: useAppEffect } = React; const API = window.BHCAC_API; const AUTH = window.BHCAC_AUTH; function App() { const [screen, setScreen] = useAppState('today'); const [adminScreen, setAdminScreen] = useAppState(null); const [appData, setAppData] = useAppState(window.BHCAC_DATA); const [dataSource, setDataSource] = useAppState('seed'); const [authUser, setAuthUser] = useAppState(null); const [authLoading, setAuthLoading] = useAppState(true); const [justCheckedIds, setJustCheckedIds] = useAppState([]); const [toast, setToast] = useAppState(null); // Load app data + current session in parallel. Also: if the URL has a // ?invite=... param, redeem it once the user is signed in. useAppEffect(() => { let cancelled = false; API.loadAll().then(d => { if (cancelled) return; setAppData(d); setDataSource(d._source || 'api'); }); AUTH.me().then(async (u) => { if (cancelled) return; setAuthUser(u); setAuthLoading(false); try { const url = new URL(window.location.href); const inviteToken = url.searchParams.get('invite'); if (inviteToken && u) { const updated = await AUTH.acceptInvite(inviteToken); setAuthUser(updated); showToast('Admin invite accepted · 邀請已接受'); // Strip the token from the URL so it can't be re-tried / leak via referer url.searchParams.delete('invite'); window.history.replaceState({}, '', url.toString()); } } catch (err) { if (err.status !== 401) { showToast(`Invite: ${err.message}`, 'error'); } } }).catch(() => { if (!cancelled) setAuthLoading(false); }); return () => { cancelled = true; }; }, []); if (!appData || !appData.members) { return

Loading…

; } // Identity: derived from the authenticated user, falling back to the seeded // demo identity (m-001) when the backend is unreachable so the prototype // still renders without a server. let user = null, family = null; if (authUser) { const m = authUser.member || {}; user = { ...m, id: m.id || authUser.id, authUserId: authUser.id, email: authUser.email, en: authUser.en || m.en || (authUser.email || '').split('@')[0], zh: authUser.zh || m.zh || '', role: authUser.role, hasPassword: authUser.hasPassword, passkeyCount: authUser.passkeyCount, isAdmin: authUser.role === 'superadmin', }; family = user.family ? (appData.families || []).find(f => f.id === user.family) : null; } const checkIns = appData.records || []; const showToast = (msg, tone = 'success') => { setToast({ msg, tone }); setTimeout(() => setToast(null), 3500); }; const goCheckIn = () => setScreen('checkin'); const handleConfirm = async (ids) => { if (dataSource !== 'api') { // Offline / seed-only fallback (rare; only when API unreachable). Just // append locally so the prototype screens still work. const optimistic = ids.map(id => { const m = appData.members.find(x => x.id === id); return { date: appData.TODAY, member_id: id, congregation: m?.congregation, source: 'online' }; }); setAppData(d => ({ ...d, records: [...d.records, ...optimistic] })); setJustCheckedIds(ids); setScreen('confirm'); return; } // Geofenced flow. Ask the browser for location first (may prompt), then // submit to the server which re-verifies. We DON'T optimistically update // the UI any more — if the user is too far away, the rejection should be // visible, not silently corrected later. showToast('Checking your location…', 'info'); let coords; try { coords = await API.getCurrentLocation(); } catch (err) { showToast(err.message, 'error'); return; } try { const r = await API.submitCheckins(ids, { date: appData.TODAY, source: 'online', coords }); const newRecs = r?.added || ids.map(id => { const m = appData.members.find(x => x.id === id); return { date: appData.TODAY, member_id: id, congregation: m?.congregation, source: 'online' }; }); setAppData(d => ({ ...d, records: [...d.records, ...newRecs] })); setJustCheckedIds(ids); setScreen('confirm'); } catch (err) { // Server may have included a code/distance — surface a useful message. showToast(err.message || 'Check-in failed.', 'error'); } }; const handleOpenAdmin = () => { if (user.role !== 'superadmin') { showToast('Admin access is restricted to superadmin accounts.', 'error'); return; } setAdminScreen('admin'); }; const handleSaveVisitor = async (form) => { try { const result = await API.addVisitor({ ...form, date: appData.TODAY }); setAppData(d => ({ ...d, members: [...d.members, result.member], records: result.record ? [...d.records, result.record] : d.records, })); showToast(`Added ${result.member.en} · 新朋友已加入`); setAdminScreen('admin'); } catch (err) { showToast(`Add visitor failed: ${err.message}`, 'error'); throw err; } }; const handleAdminCheckIn = async (memberId) => { const m = appData.members.find(x => x.id === memberId); const rec = { date: appData.TODAY, member_id: memberId, congregation: m?.congregation, source: 'admin' }; setAppData(d => ({ ...d, records: [...d.records, rec] })); try { await API.submitCheckins([memberId], { date: appData.TODAY, byAdmin: true }); showToast(`Checked in ${m?.en}`); } catch (err) { showToast(`Check-in failed: ${err.message}`, 'error'); } }; const handleSyncOutline = async () => { showToast('Syncing to Outline…', 'info'); try { const r = await API.syncOutline(appData.TODAY); showToast(`Synced ${r.records} record(s) to Outline · 已同步`); } catch (err) { showToast(`Sync failed: ${err.message}`, 'error'); } }; const handleChangePassword = async ({ currentPassword, newPassword }) => { await AUTH.changePassword({ currentPassword, newPassword }); showToast('Password updated · 密碼已更新'); }; const handleExportCSV = () => { API.exportMembersCSV(appData.members, appData.congregations); }; const handleExportReport = () => { API.exportReportCSV(appData.members, appData.records, appData.congregations); }; const handleUpdateMember = async (id, patch) => { try { const r = await API.updateMember(id, patch); setAppData(d => ({ ...d, members: d.members.map(m => m.id === id ? r.member : m), })); showToast(`Updated ${r.member.en}`); return r.member; } catch (err) { showToast(`Update failed: ${err.message}`, 'error'); throw err; } }; const handleDeleteMember = async (id) => { if (!window.confirm('Delete this member? Their check-in history will be retained but they will no longer appear in the directory.')) return; try { await API.deleteMember(id); setAppData(d => ({ ...d, members: d.members.filter(m => m.id !== id) })); showToast('Member deleted · 會友已刪除'); } catch (err) { showToast(`Delete failed: ${err.message}`, 'error'); } }; const refreshEvents = async () => { try { const r = await API.listEvents(); setAppData(d => ({ ...d, events: r.events || [] })); } catch (err) { console.warn('events refresh failed:', err); } }; const handleCreateEvent = async (payload) => { try { await API.createEvent(payload); await refreshEvents(); showToast('Event created · 活動已建立'); } catch (err) { showToast(`Create failed: ${err.message}`, 'error'); throw err; } }; const handleUpdateEvent = async (id, patch) => { try { await API.updateEvent(id, patch); await refreshEvents(); showToast('Event updated · 活動已更新'); } catch (err) { showToast(`Update failed: ${err.message}`, 'error'); throw err; } }; const handleDeleteEvent = async (id) => { try { await API.deleteEvent(id); await refreshEvents(); showToast('Event deleted'); } catch (err) { showToast(`Delete failed: ${err.message}`, 'error'); } }; const handleImportEvents = async (rows) => { try { const r = await API.importEvents(rows); await refreshEvents(); showToast(`Imported ${r.created} event${r.created === 1 ? '' : 's'}`); } catch (err) { showToast(`Import failed: ${err.message}`, 'error'); } }; const handleSignedIn = async (u) => { setAuthUser(u); setScreen('today'); showToast(`Welcome, ${u.en} · 歡迎`); // Refresh data — earlier loadAll() likely 401'd before the session existed. try { const d = await API.loadAll(); setAppData(d); setDataSource(d._source || 'api'); } catch (err) { console.warn('[bhcac] data refresh after sign-in failed:', err); } // If the URL has ?invite=…, redeem it now that we're signed in. try { const url = new URL(window.location.href); const inviteToken = url.searchParams.get('invite'); if (inviteToken) { const updated = await AUTH.acceptInvite(inviteToken); setAuthUser(updated); showToast('Admin invite accepted · 邀請已接受'); url.searchParams.delete('invite'); window.history.replaceState({}, '', url.toString()); } } catch (err) { showToast(`Invite: ${err.message}`, 'error'); } }; const handleLogout = async () => { if (!window.confirm('Sign out?')) return; try { await AUTH.logout(); } catch {} setAuthUser(null); setAdminScreen(null); setScreen('today'); showToast('Signed out'); }; const handleAddPasskey = async () => { try { await AUTH.addPasskey(); const fresh = await AUTH.me(); if (fresh) setAuthUser(fresh); showToast('Passkey added · 通行密鑰已設定'); } catch (err) { showToast(`Passkey setup failed: ${err.message}`, 'error'); } }; // Auth gate: any unauthenticated visit lands on the Welcome screen. // While the /auth/me probe is still in flight, render the Welcome shell // (it'll re-render to Today once the session resolves). const requiresAuth = !authUser; const renderScreen = () => { if (authLoading) { return

Loading…

; } if (requiresAuth) { return ; } if (adminScreen === 'admin') { return setAdminScreen(null)} onAddVisitor={() => setAdminScreen('add-visitor')} onSyncOutline={handleSyncOutline} onExportCSV={handleExportCSV} onAdminCheckIn={handleAdminCheckIn} onUpdateMember={handleUpdateMember} onDeleteMember={handleDeleteMember} onCreateEvent={handleCreateEvent} onUpdateEvent={handleUpdateEvent} onDeleteEvent={handleDeleteEvent} onImportEvents={handleImportEvents} onExportReport={handleExportReport} />; } if (adminScreen === 'add-visitor') { return setAdminScreen('admin')} onSave={handleSaveVisitor} />; } if (screen === 'welcome') { return ; } if (screen === 'today') { return setScreen('settings')} onAddPasskey={authUser ? handleAddPasskey : null} />; } if (screen === 'settings') { return setScreen('today')} onLogout={handleLogout} onAddPasskey={handleAddPasskey} onChangePassword={handleChangePassword} />; } if (screen === 'checkin') { return setScreen('today')} />; } if (screen === 'confirm') { const ids = justCheckedIds.length > 0 ? justCheckedIds : appData.members.filter(m => m.family === family?.id).map(m => m.id); return { setScreen('today'); }} />; } }; const isWelcomeMode = requiresAuth || screen === 'welcome'; const currentScreenKey = adminScreen || screen; if (isWelcomeMode) { return (

{renderScreen()}

); } return (

{authUser && ( { setAdminScreen(null); setScreen('today'); }} onSettings={() => { setAdminScreen(null); setScreen('settings'); }} onAdmin={user.role === 'superadmin' ? handleOpenAdmin : null} onLogout={handleLogout} /> )}

{renderScreen()}

); } function DesktopHeader({ user, currentScreen, onHome, onSettings, onAdmin, onLogout }) { const showAdminLink = !!onAdmin && user.role === 'superadmin'; return (

); } function NavLink({ active, onClick, children }) { return ( ); } function Toast({ toast }) { if (!toast) return null; const colors = { success: { bg: 'var(--brand-teal)', fg: '#fff' }, error: { bg: 'var(--brand-coral)', fg: '#fff' }, warn: { bg: '#fbbf24', fg: '#78350f' }, info: { bg: 'var(--brand-navy)', fg: '#fff' }, }; const c = colors[toast.tone] || colors.success; return (

{toast.msg}

); } ReactDOM.createRoot(document.getElementById('root')).render();