fix: server-side token store — løser cookie overflow bug (>4KB)

JWTs (app_token + user_token) gemmes nu i _token_store dict server-side. Cookien holder kun sid UUID (~36 chars) — aldrig under 4KB grænsen. - Tilføjet _token_store, _get_sid, _store_token, _load_token helpers - Step 1-5 + /callback migreret til _store_token/_load_token - Reset rydder nu token store for den aktuelle session - Verified: fuldt flow gennemkørt lokalt, Step 4 virker
2026-05-22 23:38:37 +02:00
parent 0e67583da5
commit b14b88dadd
4 changed files with 244 additions and 57 deletions
--- a/src/templates/step.html
+++ b/src/templates/step.html
@@ -59,7 +59,7 @@

    <!-- Description -->
    <div class="bg-slate-900 border border-slate-800 rounded-xl p-4">
-      <p class="text-slate-300 text-sm leading-relaxed">{{ description }}</p>
+      <p class="text-slate-300 text-sm leading-relaxed">{{ description | safe }}</p>
    </div>

    <!-- curl example -->
@@ -171,18 +171,91 @@
        <p class="text-xs text-slate-500 mt-2">Vælg <span class="text-slate-400">Tink Demo Bank → Open Banking → Password And OTP</span></p>
      </div>

-      <div class="flex items-center gap-3">
+      <div class="flex items-center gap-3 flex-wrap">
        <a href="{{ tink_link_url }}"
           class="inline-flex items-center gap-2 px-5 py-2.5 bg-emerald-600 hover:bg-emerald-500 text-white font-semibold rounded-lg transition">
          Åbn Tink Link
          <svg class="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M14 5l7 7m0 0l-7 7m7-7H3"/></svg>
        </a>
+        {% if demo_bank_users %}
+        <button onclick="document.getElementById('demo-users-modal').classList.remove('hidden')"
+                class="inline-flex items-center gap-1.5 px-4 py-2.5 border border-violet-700 text-violet-400 hover:text-violet-200 hover:border-violet-500 rounded-lg text-sm transition">
+          <svg class="w-3.5 h-3.5" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M17 20h5v-2a3 3 0 00-5.356-1.857M17 20H7m10 0v-2c0-.656-.126-1.283-.356-1.857M7 20H2v-2a3 3 0 015.356-1.857M7 20v-2c0-.656.126-1.283.356-1.857m0 0a5.002 5.002 0 019.288 0M15 7a3 3 0 11-6 0 3 3 0 016 0z"/></svg>
+          Vis testbrugere
+        </button>
+        {% endif %}
        <a href="/demo/reset"
           class="inline-flex items-center gap-1.5 px-4 py-2.5 border border-slate-700 text-slate-400 hover:text-white hover:border-slate-500 rounded-lg text-sm transition">
          <svg class="w-3.5 h-3.5" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4 4v5h.582m15.356 2A8.001 8.001 0 004.582 9m0 0H9m11 11v-5h-.581m0 0a8.003 8.003 0 01-15.357-2m15.357 2H15"/></svg>
          Start forfra
        </a>
      </div>
+
+      {% if demo_bank_users %}
+      <!-- Demo Bank users modal -->
+      <div id="demo-users-modal" class="hidden fixed inset-0 z-50 flex items-center justify-center p-4">
+        <div class="absolute inset-0 bg-black/70 backdrop-blur-sm" onclick="document.getElementById('demo-users-modal').classList.add('hidden')"></div>
+        <div class="relative bg-slate-900 border border-slate-700 rounded-2xl shadow-2xl w-full max-w-2xl overflow-hidden">
+          <div class="flex items-center justify-between px-6 py-4 border-b border-slate-800">
+            <div>
+              <h3 class="text-white font-semibold text-base">Demo Bank — Testbrugere</h3>
+              <p class="text-slate-500 text-xs mt-0.5">Brug disse kredentialer når du logger ind i Tink Demo Bank. OTP er altid <code class="text-violet-300">1234</code> hvor det er påkrævet.</p>
+            </div>
+            <button onclick="document.getElementById('demo-users-modal').classList.add('hidden')"
+                    class="text-slate-500 hover:text-white transition p-1.5 rounded-lg hover:bg-slate-800">
+              <svg class="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M6 18L18 6M6 6l12 12"/></svg>
+            </button>
+          </div>
+          <div class="overflow-auto max-h-96">
+            <table class="w-full text-sm">
+              <thead class="bg-slate-800/50 sticky top-0">
+                <tr class="text-slate-400 text-xs uppercase tracking-wider">
+                  <th class="px-4 py-2.5 text-left">Market</th>
+                  <th class="px-4 py-2.5 text-left">Brugernavn</th>
+                  <th class="px-4 py-2.5 text-left">Password</th>
+                  <th class="px-4 py-2.5 text-left">OTP</th>
+                  <th class="px-4 py-2.5 text-left">Scenarie</th>
+                </tr>
+              </thead>
+              <tbody class="divide-y divide-slate-800">
+                {% for u in demo_bank_users %}
+                <tr class="hover:bg-slate-800/40 transition">
+                  <td class="px-4 py-2.5 text-slate-300 font-medium">{{ u.market }}</td>
+                  <td class="px-4 py-2.5">
+                    <div class="flex items-center gap-2">
+                      <code class="font-mono text-emerald-300 text-xs">{{ u.username }}</code>
+                      <button onclick="navigator.clipboard.writeText('{{ u.username }}')" title="Kopier"
+                              class="text-slate-600 hover:text-slate-300 transition">
+                        <svg class="w-3 h-3" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M8 16H6a2 2 0 01-2-2V6a2 2 0 012-2h8a2 2 0 012 2v2m-6 12h8a2 2 0 002-2v-8a2 2 0 00-2-2h-8a2 2 0 00-2 2v8a2 2 0 002 2z"/></svg>
+                      </button>
+                    </div>
+                  </td>
+                  <td class="px-4 py-2.5">
+                    <div class="flex items-center gap-2">
+                      <code class="font-mono text-violet-300 text-xs">{{ u.password }}</code>
+                      <button onclick="navigator.clipboard.writeText('{{ u.password }}')" title="Kopier"
+                              class="text-slate-600 hover:text-slate-300 transition">
+                        <svg class="w-3 h-3" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M8 16H6a2 2 0 01-2-2V6a2 2 0 012-2h8a2 2 0 012 2v2m-6 12h8a2 2 0 002-2v-8a2 2 0 00-2-2h-8a2 2 0 00-2 2v8a2 2 0 002 2z"/></svg>
+                      </button>
+                    </div>
+                  </td>
+                  <td class="px-4 py-2.5 font-mono text-xs text-slate-400">{{ u.otp or "—" }}</td>
+                  <td class="px-4 py-2.5">
+                    <span class="px-2 py-0.5 rounded-full text-xs font-medium {% if 'fejl' in u.scenario.lower() %}bg-red-900/40 text-red-400{% else %}bg-emerald-900/40 text-emerald-400{% endif %}">
+                      {{ u.scenario }}
+                    </span>
+                  </td>
+                </tr>
+                {% endfor %}
+              </tbody>
+            </table>
+          </div>
+          <div class="px-6 py-3 border-t border-slate-800 text-xs text-slate-500">
+            Kilde: <a href="https://docs.tink.com/resources/tutorials/test-your-integration-with-demo-bank" target="_blank" class="text-violet-400 hover:text-violet-300 underline">Tink Demo Bank dokumentation</a>
+          </div>
+        </div>
+      </div>
+      {% endif %}
    </div>

    <!-- FALLBACK: console.tink.com/callback + manual code paste -->