yingjieli-admin-ui v1.0.0

subsystem yingjieli.site

capsule://quake0day/yingjieli-admin-ui@1.0.0

Password-protected single-page admin panel for editing all site
content: hero, bio, exhibitions, contact, and the works catalogue
(with client-side image resize before upload).

Owns

site/admin/index.html (admin SPA shell)
site/admin/admin.js (login flow, editors, client-side image resize, save)
site/admin/admin.css (admin-only styling)
the editing UX (what fields are exposed, save semantics, undo)

Does not own

session validation (calls /api/auth and lets the server decide)
content schema (consumes the shape returned by /api/data)
image upload mechanics (POSTs to /api/upload; doesn't talk to R2)
the public site's look (separate capsule, separate stylesheet)

AI orientation

The admin panel is a single page protected by a password login. On
load it calls GET /api/auth — if not authenticated it shows the login
box, otherwise the editor. Every save is a full PUT /api/data with
the entire content blob (the API does not support partial updates).
Images are resized client-side BEFORE upload to keep R2 small.

Avoid

Sending partial updates (the API only accepts full-blob PUT).
Decoding the yl_admin cookie or reading SESSION_SECRET in the browser.
Letting the user pick the final image filename — the server generates it.
Embedding the admin entrypoint anywhere reachable by the public site.

Extension points

client-image-resize at site/admin/admin.js: Reduce the image to a sane max dimension on the client before
calling POST /api/upload. The server does NOT resize.
editor-fields at site/admin/admin.js: Field set must mirror the content-store schema 1:1. Adding a
field requires a coordinated change to DEFAULT_DATA and the
write validator in the content-store capsule.

Provides

http_api:admin-root — The admin panel at https://yingjieliartist.com/admin/.

Requires

http_api:auth-login from yingjieli-admin-auth
http_api:auth-status from yingjieli-admin-auth
http_api:auth-logout from yingjieli-admin-auth
http_api:data-read from yingjieli-content-store
http_api:data-write from yingjieli-content-store
http_api:image-upload from yingjieli-image-store
http_api:image-delete from yingjieli-image-store

Dependencies

Capsules

yingjieli-admin-auth >=1.0.0 <2.0.0
yingjieli-content-store >=1.0.0 <2.0.0
yingjieli-image-store >=1.0.0 <2.0.0

Runtime

cloudflare-pages *

Invariants (must always hold)

The admin UI never bundles ADMIN_PASSWORD or SESSION_SECRET into client code.
The admin UI calls /api/auth GET before showing the editor.
Saving from the admin UI always replaces the full content blob, never partial.

Glossary

full-blob PUT: the only supported save mechanism; entire data object replaces KV
client-side resize: shrink-before-upload step in admin.js; server expects pre-sized bytes
seed: admin-only POST /api/data?seed=1 that resets the blob to DEFAULT_DATA

Source

https://github.com/quake0day/yingjieli/blob/main/capsules/admin-ui/capsule.yaml

Pull this capsule locally:

capsule pull capsule://quake0day/yingjieli-admin-ui@1.0.0

Or render to your terminal:

capsule man capsule://quake0day/yingjieli-admin-ui@1.0.0