Review full interface: dynamic base routes and JS stability

Author: Alumno

public/js/main.js

@@ -4,6 +4,7 @@
 class App {
     constructor() {
         this.csrfToken = this.getCsrfToken();
+        this.appBase = this.getAppBase();
         this.init();
     }
 
@@ -18,16 +19,38 @@ class App {
         return meta ? meta.getAttribute('content') : '';
     }
 
+    getAppBase() {
+        const rawBase = window.APP_BASE || '';
+        if (typeof rawBase !== 'string' || rawBase === '/') {
+            return '';
+        }
+
+        return rawBase.endsWith('/') ? rawBase.slice(0, -1) : rawBase;
+    }
+
+    toRoute(path) {
+        const normalizedPath = path.startsWith('/') ? path : `/${path}`;
+        return `${this.appBase}${normalizedPath}`;
+    }
+
     initAlerts() {
         const alerts = document.querySelectorAll('.alert');
         alerts.forEach((alert) => {
+            if (alert.dataset.bound === '1') {
+                return;
+            }
+
+            alert.dataset.bound = '1';
             const closeBtn = document.createElement('button');
             closeBtn.className = 'alert-close';
             closeBtn.setAttribute('type', 'button');
             closeBtn.setAttribute('aria-label', 'Cerrar alerta');
             closeBtn.textContent = 'x';
             closeBtn.addEventListener('click', () => this.closeElement(alert));
-            alert.appendChild(closeBtn);
+
+            if (!alert.querySelector('.alert-close')) {
+                alert.appendChild(closeBtn);
+            }
 
             setTimeout(() => this.closeElement(alert), 5000);
         });
@@ -67,7 +90,7 @@ class App {
 
         button.addEventListener('click', () => {
             this.showNotification(
-                'La funcionalidad de cambio de contrasena se conecta desde la API /change-password.',
+                `La funcionalidad se conecta al endpoint ${this.toRoute('/api.php?path=change-password')}.`,
                 'info'
             );
         });
@@ -95,7 +118,7 @@ class App {
         const response = await fetch(url, mergedOptions);
 
         if (response.status === 401) {
-            window.location.href = '/login.php';
+            window.location.href = this.toRoute('/login.php');
             return null;
         }
 

views/auth/forgot-password.php

@@ -14,7 +14,7 @@
             </div>
         <?php endif; ?>
 
-        <form action="/forgot-password.php" method="POST" class="auth-form" id="forgotPasswordForm">
+        <form action="<?= $routeBase ?>/forgot-password.php" method="POST" class="auth-form" id="forgotPasswordForm">
             <input type="hidden" name="csrf_token" value="<?= $csrf_token ?>">
 
             <div class="form-group">
@@ -38,7 +38,7 @@ class="form-control"
             </div>
 
             <div class="form-links">
-                <a href="/login.php">Volver al inicio de sesion</a>
+                <a href="<?= $routeBase ?>/login.php">Volver al inicio de sesion</a>
             </div>
         </form>
     </div>

views/auth/login.php

@@ -14,7 +14,7 @@
             </div>
         <?php endif; ?>
 
-        <form action="/login.php" method="POST" class="auth-form" id="loginForm">
+        <form action="<?= $routeBase ?>/login.php" method="POST" class="auth-form" id="loginForm">
             <input type="hidden" name="csrf_token" value="<?= $csrf_token ?>">
 
             <div class="form-group">
@@ -52,8 +52,8 @@ class="form-control"
             </div>
 
             <div class="form-links">
-                <a href="/forgot-password.php">Olvidaste tu contrasena?</a>
-                <a href="/register.php">No tienes cuenta? Registrate</a>
+                <a href="<?= $routeBase ?>/forgot-password.php">Olvidaste tu contrasena?</a>
+                <a href="<?= $routeBase ?>/register.php">No tienes cuenta? Registrate</a>
             </div>
         </form>
     </div>

views/auth/register.php

@@ -14,7 +14,7 @@
             </div>
         <?php endif; ?>
 
-        <form action="/register.php" method="POST" class="auth-form" id="registerForm">
+        <form action="<?= $routeBase ?>/register.php" method="POST" class="auth-form" id="registerForm">
             <input type="hidden" name="csrf_token" value="<?= $csrf_token ?>">
 
             <div class="form-group">
@@ -83,7 +83,7 @@ class="form-control"
             </div>
 
             <div class="form-links">
-                <a href="/login.php">Ya tienes cuenta? Inicia sesion</a>
+                <a href="<?= $routeBase ?>/login.php">Ya tienes cuenta? Inicia sesion</a>
             </div>
         </form>
     </div>

views/auth/reset-password.php

@@ -14,7 +14,7 @@
             </div>
         <?php endif; ?>
 
-        <form action="/reset-password.php" method="POST" class="auth-form" id="resetPasswordForm">
+        <form action="<?= $routeBase ?>/reset-password.php" method="POST" class="auth-form" id="resetPasswordForm">
             <input type="hidden" name="csrf_token" value="<?= $csrf_token ?>">
             <input type="hidden" name="token" value="<?= htmlspecialchars($token ?? '') ?>">
 
@@ -54,7 +54,7 @@ class="form-control"
             </div>
 
             <div class="form-links">
-                <a href="/login.php">Volver al inicio de sesion</a>
+                <a href="<?= $routeBase ?>/login.php">Volver al inicio de sesion</a>
             </div>
         </form>
     </div>

views/dashboard/admin.php

@@ -7,10 +7,10 @@
             <h2>Secure App</h2>
         </div>
         <ul class="nav-menu">
-            <li><a href="/dashboard.php">Dashboard</a></li>
-            <li><a href="/profile.php">Mi Perfil</a></li>
-            <li><a href="/admin.php" class="active">Administracion</a></li>
-            <li><a href="/logout.php">Cerrar Sesion</a></li>
+            <li><a href="<?= $routeBase ?>/dashboard.php">Dashboard</a></li>
+            <li><a href="<?= $routeBase ?>/profile.php">Mi Perfil</a></li>
+            <li><a href="<?= $routeBase ?>/admin.php" class="active">Administracion</a></li>
+            <li><a href="<?= $routeBase ?>/logout.php">Cerrar Sesion</a></li>
         </ul>
     </nav>
 
@@ -38,8 +38,8 @@
                 <div class="info-card">
                     <h2>Acciones Rapidas</h2>
                     <div class="action-grid">
-                        <a class="btn btn-primary btn-block" href="/api.php?path=users">Ver usuarios (API)</a>
-                        <a class="btn btn-outline btn-block" href="/dashboard.php">Volver al dashboard</a>
+                        <a class="btn btn-primary btn-block" href="<?= $routeBase ?>/api.php?path=users">Ver usuarios (API)</a>
+                        <a class="btn btn-outline btn-block" href="<?= $routeBase ?>/dashboard.php">Volver al dashboard</a>
                     </div>
                 </div>
             </div>

views/dashboard/index.php

@@ -7,12 +7,12 @@
             <h2>Secure App</h2>
         </div>
         <ul class="nav-menu">
-            <li><a href="/dashboard.php" class="active">Dashboard</a></li>
-            <li><a href="/profile.php">Mi Perfil</a></li>
+            <li><a href="<?= $routeBase ?>/dashboard.php" class="active">Dashboard</a></li>
+            <li><a href="<?= $routeBase ?>/profile.php">Mi Perfil</a></li>
             <?php if ($current_user && $current_user->hasRole('admin')): ?>
-                <li><a href="/admin.php">Administracion</a></li>
+                <li><a href="<?= $routeBase ?>/admin.php">Administracion</a></li>
             <?php endif; ?>
-            <li><a href="/logout.php">Cerrar Sesion</a></li>
+            <li><a href="<?= $routeBase ?>/logout.php">Cerrar Sesion</a></li>
         </ul>
     </nav>
 

views/dashboard/profile.php

@@ -7,12 +7,12 @@
             <h2>Secure App</h2>
         </div>
         <ul class="nav-menu">
-            <li><a href="/dashboard.php">Dashboard</a></li>
-            <li><a href="/profile.php" class="active">Mi Perfil</a></li>
+            <li><a href="<?= $routeBase ?>/dashboard.php">Dashboard</a></li>
+            <li><a href="<?= $routeBase ?>/profile.php" class="active">Mi Perfil</a></li>
             <?php if ($current_user && $current_user->hasRole('admin')): ?>
-                <li><a href="/admin.php">Administracion</a></li>
+                <li><a href="<?= $routeBase ?>/admin.php">Administracion</a></li>
             <?php endif; ?>
-            <li><a href="/logout.php">Cerrar Sesion</a></li>
+            <li><a href="<?= $routeBase ?>/logout.php">Cerrar Sesion</a></li>
         </ul>
     </nav>
 

views/layouts/footer.php

@@ -1,13 +1,5 @@
     </div>
-    <?php
-    $scriptName = $_SERVER['SCRIPT_NAME'] ?? '';
-    $assetBase = '';
-    $publicPos = strpos($scriptName, '/public/');
-
-    if ($publicPos !== false) {
-        $assetBase = substr($scriptName, 0, $publicPos + 7);
-    }
-    ?>
+    <?php $assetBase = $routeBase ?? ''; ?>
     <script src="<?= $assetBase ?>/js/main.js"></script>
     <script src="<?= $assetBase ?>/js/validation.js"></script>
     <?= $extraJs ?? '' ?>

views/layouts/header.php

@@ -7,17 +7,21 @@
     <meta name="csrf-token" content="<?= $csrf_token ?? '' ?>">
     <?php
     $scriptName = $_SERVER['SCRIPT_NAME'] ?? '';
-    $assetBase = '';
+    $routeBase = '';
     $publicPos = strpos($scriptName, '/public/');
 
     if ($publicPos !== false) {
-        $assetBase = substr($scriptName, 0, $publicPos + 7);
+        $routeBase = substr($scriptName, 0, $publicPos + 7);
     }
+    $assetBase = $routeBase;
     ?>
     <title><?= $title ?? 'Secure App' ?></title>
     <link rel="stylesheet" href="<?= $assetBase ?>/css/main.css">
     <link rel="stylesheet" href="<?= $assetBase ?>/css/forms.css">
     <?= $extraCss ?? '' ?>
 </head>
 <body>
+    <script>
+        window.APP_BASE = <?= json_encode($routeBase) ?>;
+    </script>
     <div class="wrapper">