Skip to content

Add Sign out button to the sidebar footer#27

Merged
murbard merged 1 commit into
mainfrom
feat/logout-button
Jun 18, 2026
Merged

Add Sign out button to the sidebar footer#27
murbard merged 1 commit into
mainfrom
feat/logout-button

Conversation

@murbard

@murbard murbard commented Jun 18, 2026

Copy link
Copy Markdown
Collaborator

Summary

The admin UI had no visible logout. Operators wanting to end their session had to either POST to /logout via curl or clear cookies manually in DevTools.

Add a real "Sign out" button to nav.html's sidebar footer (below the Documentation link), in a form that POSTs to /logout.

Why now

This came up because operators with pre-CSRF-plumbing sessions (issued before PR #26 was deployed) had no sieve_csrf cookie, so every form POST failed at the middleware with csrf token missing or invalid. The fix is logging out + back in, but the UI didn't expose that flow.

Notes

  • /logout already uses requireOperatorSessionExceptCSRF so a stale or missing CSRF token doesn't block the click.
  • The delegated form-submit handler in nav.html still injects the token (same-origin POST), which is harmless — the /logout handler ignores it.

Test plan

  • Sidebar footer shows "Sign out" below "Documentation".
  • Clicking it POSTs to /logout, clears both sieve_session and sieve_csrf cookies, redirects to /login.
  • Visiting any admin page after sign-out redirects to /login (no stale session).

🤖 Generated with Claude Code

@claude
feat(web): add Sign out button to the sidebar footer
6f26d45 
The admin UI had no visible logout — operators had to either hit
POST /logout via curl or clear cookies in DevTools. Add a real button
to nav.html's sidebar footer (below the Documentation link), in a form
that POSTs to /logout. The /logout route already uses
requireOperatorSessionExceptCSRF so a stale CSRF token doesn't block
the click; the delegated submit handler injects the token anyway since
this is a same-origin POST, which is harmless because the handler
ignores it.

Styled consistently with the existing footer link.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@murbard murbard requested a review from Copilot June 18, 2026 13:36
Copilot AI reviewed Jun 18, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds an in-UI logout affordance to the admin sidebar so operators can reliably end sessions (including “pre-CSRF-plumbing” sessions) without needing curl or manual cookie clearing.

Changes:

  • Adds a “Sign out” button to the sidebar footer in nav.html.
  • Implements logout as a POST form submission to /logout (consistent with the existing route).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@murbard murbard merged commit 07e49e7 into main Jun 18, 2026
1 check passed
@murbard murbard deleted the feat/logout-button branch June 18, 2026 13:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@murbard