Security hardening: env-based config, CSRF protection, secure code generation, plus presenter management and email communications system
- Move all credentials from hardcoded to .env with python-dotenv (add .env.example template and .gitignore) - Add CSRF token generation and validation on all state-changing requests - Replace random.choices with secrets.choice for all secure code generation - Add session cookie security headers (HttpOnly, Secure, SameSite) - Add presenter management: assign/remove presenters to breakout sessions, presenter QR scanning - Add email communications system: templates per event, custom email sending, sent email tracking - Add staff/organizer profile pages with staff code display - New DB tables: event_email_templates, sent_emails, user_communications - New DB columns: staff.reminder_count/reminder_dates, breakout_session_organizers.presenter_code - Expand English translation strings across all new features Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -4,31 +4,78 @@
|
||||
|
||||
{% block content %}
|
||||
<div class="presenter-dashboard">
|
||||
<h1>{{ 'presenter_dashboard'|t }}</h1>
|
||||
<p>{{ 'welcome'|t }}, {{ presenter_name }}</p>
|
||||
<div class="dashboard-header">
|
||||
<div class="welcome-section">
|
||||
<h1>{{ 'presenter_dashboard'|t }}</h1>
|
||||
<p class="welcome-subtitle">{{ 'welcome'|t }}, <strong>{{ presenter_name }}</strong></p>
|
||||
</div>
|
||||
<div class="header-actions">
|
||||
<a href="{{ url_for('logout') }}" class="btn btn-ghost">
|
||||
<i data-lucide="log-out"></i> {{ 'logout'|t }}
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<section class="my-sessions">
|
||||
<h2>{{ 'my_breakout_sessions'|t }}</h2>
|
||||
<div class="section-header">
|
||||
<h2>{{ 'my_breakout_sessions'|t }}</h2>
|
||||
</div>
|
||||
|
||||
{% if sessions %}
|
||||
<div class="sessions-list">
|
||||
{% for session in sessions %}
|
||||
<div class="session-card">
|
||||
<h3>{{ session.name }}</h3>
|
||||
<p><strong>{{ 'event'|t }}:</strong> {{ session.event_name }}</p>
|
||||
<p><strong>{{ 'time'|t }}:</strong> {{ session.start_time|localized_date if session.start_time else 'TBD' }}</p>
|
||||
<p><strong>{{ 'location'|t }}:</strong> {{ session.location }}</p>
|
||||
<p><strong>{{ 'registered'|t }}:</strong> {{ session.rsvp_count }}{% if session.max_attendees %} / {{ session.max_attendees }}{% endif %}</p>
|
||||
<a href="{{ url_for('view_breakout_session', code=session.code) }}" class="btn btn-outline">{{ 'view_details'|t }}</a>
|
||||
<div class="sessions-grid">
|
||||
{% for session in sessions %}
|
||||
<div class="session-card-lg">
|
||||
<div class="session-card-header">
|
||||
<h3>{{ session.name }}</h3>
|
||||
<span class="badge badge-info">{{ session.rsvp_count }}{% if session.max_attendees %} / {{ session.max_attendees }}{% endif %}</span>
|
||||
</div>
|
||||
|
||||
<div class="session-meta-list">
|
||||
<div class="meta-item">
|
||||
<i data-lucide="calendar"></i>
|
||||
<span>{{ session.start_time|localized_date if session.start_time else 'TBD' }}</span>
|
||||
</div>
|
||||
{% endfor %}
|
||||
<div class="meta-item">
|
||||
<i data-lucide="clock"></i>
|
||||
<span>{{ session.start_time|localized_date('%H:%M') if session.start_time else '' }} - {{ session.end_time|localized_date('%H:%M') if session.end_time else '' }}</span>
|
||||
</div>
|
||||
<div class="meta-item">
|
||||
<i data-lucide="map-pin"></i>
|
||||
<span>{{ session.location or 'TBD' }}</span>
|
||||
</div>
|
||||
<div class="meta-item">
|
||||
<i data-lucide="building"></i>
|
||||
<span>{{ session.event_name }}</span>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="session-scan-section">
|
||||
<div class="scan-prompt">
|
||||
<i data-lucide="scan-line"></i>
|
||||
<span>{{ 'scan_attendees_at_session'|t }}</span>
|
||||
</div>
|
||||
<a href="{{ url_for('presenter_scan', code=session.presenter_code) }}" class="btn btn-primary btn-lg">
|
||||
<i data-lucide="qr-code"></i> {{ 'open_scanner'|t }}
|
||||
</a>
|
||||
</div>
|
||||
|
||||
<div class="session-card-actions">
|
||||
<a href="{{ url_for('view_breakout_session', code=session.code) }}" class="btn btn-outline btn-sm">
|
||||
<i data-lucide="eye"></i> {{ 'view_details'|t }}
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
{% endfor %}
|
||||
</div>
|
||||
{% else %}
|
||||
<p class="no-sessions">{{ 'no_sessions_assigned'|t }}</p>
|
||||
<div class="empty-state-card">
|
||||
<div class="empty-state-icon">
|
||||
<i data-lucide="calendar-x"></i>
|
||||
</div>
|
||||
<h3>{{ 'no_sessions_assigned'|t }}</h3>
|
||||
<p>{{ 'no_sessions_assigned_desc'|t }}</p>
|
||||
</div>
|
||||
{% endif %}
|
||||
</section>
|
||||
|
||||
<div class="logout-link">
|
||||
<a href="{{ url_for('logout') }}" class="btn btn-outline">{{ 'logout'|t }}</a>
|
||||
</div>
|
||||
</div>
|
||||
{% endblock %}
|
||||
Reference in New Issue
Block a user