// Auth: users + login + session // Passwords stored as SHA-256 hex (not sent anywhere; this is a client-only app) const AUTH_KEY = "mab_auth_v1"; const SESSION_KEY = "mab_session_v1"; async function sha256(str) { const buf = new TextEncoder().encode(str); const hash = await crypto.subtle.digest("SHA-256", buf); return Array.from(new Uint8Array(hash)).map(b => b.toString(16).padStart(2, "0")).join(""); } async function defaultAuth() { // Seed: single ADMIN account. Password = MAB26$ const username = "admin"; const hash = await sha256("MAB26$" + "::" + username); return { users: [{ id: "u-admin", username, name: "Administrador MAB", role: "admin", hash, createdAt: new Date().toISOString().slice(0, 10), }], createdAt: new Date().toISOString(), }; } function loadAuth() { try { const raw = localStorage.getItem(AUTH_KEY); if (raw) return JSON.parse(raw); } catch (e) {} return null; } function saveAuth(a) { localStorage.setItem(AUTH_KEY, JSON.stringify(a)); } async function ensureAuth() { let a = loadAuth(); if (!a || !a.users || a.users.length === 0) { a = await defaultAuth(); saveAuth(a); } return a; } function loadSession() { try { return JSON.parse(localStorage.getItem(SESSION_KEY) || "null"); } catch(e){ return null; } } function saveSession(s) { if (s) localStorage.setItem(SESSION_KEY, JSON.stringify(s)); else localStorage.removeItem(SESSION_KEY); } async function createUser(auth, { username, name, password, role }) { username = username.trim().toLowerCase(); if (!username || !password) throw new Error("Usuario y contraseña son obligatorios"); if (auth.users.find(u => u.username === username)) throw new Error("Usuario ya existe"); if (password.length < 4) throw new Error("La contraseña debe tener al menos 4 caracteres"); const hash = await sha256(password + "::" + username); return { ...auth, users: [...auth.users, { id: uid("u"), username, name: name || username, role: role || "usuario", hash, createdAt: new Date().toISOString().slice(0, 10), }], }; } async function verifyLogin(auth, username, password) { username = username.trim().toLowerCase(); const u = auth.users.find(x => x.username === username); if (!u) return null; const hash = await sha256(password + "::" + username); return hash === u.hash ? u : null; } function LoginScreen({ onLogin, auth }) { const [user, setUser] = React.useState(""); const [pass, setPass] = React.useState(""); const [err, setErr] = React.useState(""); const [busy, setBusy] = React.useState(false); async function submitLogin(e) { e.preventDefault(); setErr(""); setBusy(true); try { const u = await verifyLogin(auth, user, pass); if (!u) { setErr("Usuario o contraseña incorrectos"); setBusy(false); return; } onLogin(u); } catch (e) { setErr(e.message); } setBusy(false); } return (
MAB{e.target.style.display="none"}} />
MAB Automatización
Sistema de cotizaciones

Iniciar sesión

Accede con tu usuario MAB

setUser(e.target.value)} autoComplete="username" autoFocus required inputMode="text" autoCapitalize="none" />
setPass(e.target.value)} autoComplete="current-password" required />
{err &&
{err}
}
¿Sin acceso? Solicítale al administrador que cree tu usuario.
MAB Automatización SpA · © {new Date().getFullYear()}
); } function UsersView({ auth, setAuth, session }) { const [open, setOpen] = React.useState(false); const [editId, setEditId] = React.useState(null); const isAdmin = session?.role === "admin"; const remove = (id) => { if (!isAdmin) return; if (id === session.id) { alert("No puedes eliminar tu propio usuario."); return; } if (!confirm("¿Eliminar usuario?")) return; setAuth(a => ({ ...a, users: a.users.filter(u => u.id !== id) })); }; return ( <> { setEditId(null); setOpen(true); }}> Nuevo usuario ) : null } />
{!isAdmin && (
Solo los usuarios con rol admin pueden crear o eliminar otros usuarios.
)}

Cuentas ({auth.users.length})

Las contraseñas se guardan cifradas (SHA-256) en este dispositivo
{auth.users.map(u => ( ))}
Nombre Usuario Rol Creado
{u.name} {u.id === session.id && } {u.username} {u.role} {u.createdAt}
{isAdmin && ( <> )}
{open && ( setOpen(false)} /> )} ); } function UserModal({ auth, setAuth, editId, onClose }) { const editing = editId ? auth.users.find(u => u.id === editId) : null; const [name, setName] = React.useState(editing?.name || ""); const [username, setUsername] = React.useState(editing?.username || ""); const [role, setRole] = React.useState(editing?.role || "usuario"); const [pass, setPass] = React.useState(""); const [pass2, setPass2] = React.useState(""); const [err, setErr] = React.useState(""); const [busy, setBusy] = React.useState(false); async function submit(e) { e.preventDefault(); setErr(""); setBusy(true); try { if (editing) { let patch = { name, role }; if (pass || pass2) { if (pass !== pass2) throw new Error("Las contraseñas no coinciden"); if (pass.length < 4) throw new Error("Contraseña muy corta (mínimo 4)"); patch.hash = await sha256(pass + "::" + editing.username); } setAuth(a => ({ ...a, users: a.users.map(u => u.id === editing.id ? { ...u, ...patch } : u) })); onClose(); } else { if (pass !== pass2) throw new Error("Las contraseñas no coinciden"); const next = await createUser(auth, { username, name, password: pass, role }); setAuth(next); onClose(); } } catch (e) { setErr(e.message); } setBusy(false); } return (
e.stopPropagation()} style={{maxWidth: 520}}>

{editing ? "Editar usuario" : "Nuevo usuario"}

setName(e.target.value)} required autoFocus />
setUsername(e.target.value)} autoCapitalize="none" disabled={!!editing} required />
setPass(e.target.value)} autoComplete="new-password" {...(editing ? {} : { required: true })} />
setPass2(e.target.value)} autoComplete="new-password" {...(editing ? {} : { required: true })} />
{err &&
{err}
}
); } Object.assign(window, { loadAuth, saveAuth, loadSession, saveSession, defaultAuth, ensureAuth, LoginScreen, UsersView, UserModal, sha256, createUser, verifyLogin, });