Crew
QueueLess v1.3.0 — Crew
Codename Crew. The biggest release yet — full account management for admins and staff, a smarter queue engine, eight new platform features, and a zero-vulnerability dependency baseline.
👤 Admin & staff account management
- Admin profile page — edit display name, view username and role
- Admin change-password flow with current-password verification
- Staff profile page — edit display name, view assigned service
- Staff change-password flow
- ADMIN ▼ dropdown in the navigation header — theme toggle (light/dark pill switch), My profile, Change password, Sign out
- Staff dropdown — My queue, My profile, Change password
- Organisation name and industry type shown next to the logo and in the footer status bar
🚦 Priority queue engine
- Priority tokens displayed in a dedicated amber section above all regular service columns
- When any priority token is waiting, all regular service queues are visually paused and "Call Next" is blocked — enforced on both frontend and backend
POST /admin/queue/call-next-priority— calls the earliest priority token across all services regardless of which countercallNextToken()returns409 PRIORITY_BLOCKINGif a regular token would be called while priority tokens are pending- Priority tokens bypass the queue-paused gate — they can always be issued even when the general queue is suspended
🌟 Eight new features
| Feature | Where |
|---|---|
| Display board | /display now shows a priority section, flash animation on token change, notes on called tokens, and an announcement banner |
| Live announcements | Admin broadcasts a message from the dashboard — shown instantly on Home, Take-a-Token, Staff dashboard, and the display board via Firebase real-time |
| Staff dashboard upgrade | Announcement banner, priority-at-other-counters alert, skip/no-show for called token, inline note editor per token |
| Wait preview | Each service card on /take shows live waiting count + estimated wait time before the customer commits |
| Token lookup | Search panel in Admin dashboard — find any token by number, ID, or note; inline note editor in results |
| Analytics charts | Hourly volume bar chart (SVG, no external library) added to the Report page alongside the existing heatmap |
| Token notes | Staff and admin can attach a short note to any token; notes appear in waiting lists, dashboard, and the display board |
| Appointment booking | /book — customers pre-book a slot (date, time, service); /admin/appointments — admin lists, confirms, and cancels bookings |
🔒 Security
firebase-adminupgraded 12 → 14 resolving the transitive chain of vulnerablegaxios/google-gax/teeny-requestpackagesoverrides.uuid = ^11.1.1— patches GHSA-w5hq-g745-h8pq (missing buffer bounds check in uuid v3/v5/v6 whenbufis provided)overrides.js-yaml = ^4.1.0— patches quadratic-complexity DoS via repeated YAML merge-key aliasesnpm auditreports 0 vulnerabilities (was 8 moderate)
🐛 Bug fixes
- Dark mode:
.bg-inkelements (buttons, selected cards, table headers) now show correct text colour in dark mode via global CSS override - Settings page (
/admin/setup) no longer accessible without login — auth guard added 401interceptor scoped to protected routes only — cold-start Render errors no longer wipe auth tokens and redirect to login- React Rules of Hooks violations in
AdminProfileandStaffProfilefixed (auth guard moved after all hook calls) - CSV export on Analytics page now sends
Authorization: Bearerheader viafetch()+ blob download loadingreference error inHome.jsxfixed by destructuring fromuseQueueState
Upgrade note: firebase-admin 12 → 14 is a major version change. The Realtime Database API (admin.database(), .ref(), .once(), .set(), .update(), .transaction()) is unchanged.