chore(deps): bump the minor-patch group across 1 directory with 10 updates (#391 )

Bumps the minor-patch group with 10 updates in the /frontend directory: | Package | From | To | | --- | --- | --- | | [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `0.544.0` | `0.545.0` | | [react-hook-form](https://github.com/react-hook-form/react-hook-form) | `7.63.0` | `7.64.0` | | [zod](https://github.com/colinhacks/zod) | `4.1.11` | `4.1.12` | | [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.36.0` | `9.37.0` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.6.2` | `24.7.0` | | [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.2.0` | `19.2.2` | | [@types/react-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-dom) | `19.2.0` | `19.2.1` | | [eslint](https://github.com/eslint/eslint) | `9.36.0` | `9.37.0` | | [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.45.0` | `8.46.0` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.1.8` | `7.1.9` | Updates `lucide-react` from 0.544.0 to 0.545.0 - [Release notes](https://github.com/lucide-icons/lucide/releases) - [Commits](https://github.com/lucide-icons/lucide/commits/0.545.0/packages/lucide-react) Updates `react-hook-form` from 7.63.0 to 7.64.0 - [Release notes](https://github.com/react-hook-form/react-hook-form/releases) - [Changelog](https://github.com/react-hook-form/react-hook-form/blob/master/CHANGELOG.md) - [Commits](https://github.com/react-hook-form/react-hook-form/compare/v7.63.0...v7.64.0) Updates `zod` from 4.1.11 to 4.1.12 - [Release notes](https://github.com/colinhacks/zod/releases) - [Commits](https://github.com/colinhacks/zod/compare/v4.1.11...v4.1.12) Updates `@eslint/js` from 9.36.0 to 9.37.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/commits/v9.37.0/packages/js) Updates `@types/node` from 24.6.2 to 24.7.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@types/react` from 19.2.0 to 19.2.2 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) Updates `@types/react-dom` from 19.2.0 to 19.2.1 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react-dom) Updates `eslint` from 9.36.0 to 9.37.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/compare/v9.36.0...v9.37.0) Updates `typescript-eslint` from 8.45.0 to 8.46.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.46.0/packages/typescript-eslint) Updates `vite` from 7.1.8 to 7.1.9 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.1.9/packages/vite) --- updated-dependencies: - dependency-name: lucide-react dependency-version: 0.545.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: react-hook-form dependency-version: 7.64.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: zod dependency-version: 4.1.12 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: "@eslint/js" dependency-version: 9.37.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: "@types/node" dependency-version: 24.7.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: "@types/react" dependency-version: 19.2.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: "@types/react-dom" dependency-version: 19.2.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: eslint dependency-version: 9.37.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: typescript-eslint dependency-version: 8.46.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: vite dependency-version: 7.1.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
chore(deps): bump react-i18next from 15.7.3 to 16.0.0 in /frontend (#389 )
2025-10-31 22:25:43 +00:00 · 2025-10-07 15:49:41 +03:00 · 2025-10-07 15:44:33 +03:00 · 2025-10-07 15:43:16 +03:00 · 2025-10-07 15:42:18 +03:00 · 2025-10-07 15:41:39 +03:00
105 changed files with 4042 additions and 1570 deletions
--- a/.env.example
+++ b/.env.example
@@ -4,20 +4,6 @@ APP_URL=http://localhost:3000
 USERS=your_user_password_hash
 USERS_FILE=users_file
 SECURE_COOKIE=false
 GITHUB_CLIENT_ID=github_client_id
 GITHUB_CLIENT_SECRET=github_client_secret
 GITHUB_CLIENT_SECRET_FILE=github_client_secret_file
 GOOGLE_CLIENT_ID=google_client_id
 GOOGLE_CLIENT_SECRET=google_client_secret
 GOOGLE_CLIENT_SECRET_FILE=google_client_secret_file
 GENERIC_CLIENT_ID=generic_client_id
 GENERIC_CLIENT_SECRET=generic_client_secret
 GENERIC_CLIENT_SECRET_FILE=generic_client_secret_file
 GENERIC_SCOPES=generic_scopes
 GENERIC_AUTH_URL=generic_auth_url
 GENERIC_TOKEN_URL=generic_token_url
 GENERIC_USER_URL=generic_user_url
 DISABLE_CONTINUE=false
 OAUTH_WHITELIST=
 GENERIC_NAME=My OAuth
 SESSION_EXPIRY=7200
@@ -31,3 +17,6 @@ BACKGROUND_IMAGE=some_image_url
 GENERIC_SKIP_SSL=false
 RESOURCES_DIR=/data/resources
 DATABASE_PATH=/data/tinyauth.db
 DISABLE_ANALYTICS=false
 DISABLE_RESOURCES=false
 TRUSTED_PROXIES=
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -80,7 +80,7 @@ jobs:
      - name: Build
        run: |
          cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/constants.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/constants.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64
+          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64
        env:
          CGO_ENABLED: 0
@@ -126,7 +126,7 @@ jobs:
      - name: Build
        run: |
          cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/constants.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/constants.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64
+          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64
        env:
          CGO_ENABLED: 0
@@ -171,6 +171,9 @@ jobs:
          labels: ${{ steps.meta.outputs.labels }}
          tags: ghcr.io/${{ github.repository_owner }}/tinyauth
          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
          cache-from: type=gha
          cache-to: type=gha,mode=max
          github-token: ${{ secrets.GITHUB_TOKEN }}
          build-args: |
            VERSION=${{ needs.generate-metadata.outputs.VERSION }}
            COMMIT_HASH=${{ needs.generate-metadata.outputs.COMMIT_HASH }}
@@ -190,6 +193,65 @@ jobs:
          if-no-files-found: error
          retention-days: 1
  image-build-distroless:
    runs-on: ubuntu-latest
    needs:
      - create-release
      - generate-metadata
      - image-build
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          ref: nightly
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ghcr.io/${{ github.repository_owner }}/tinyauth
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Build and push
        uses: docker/build-push-action@v6
        id: build
        with:
          platforms: linux/amd64
          labels: ${{ steps.meta.outputs.labels }}
          tags: ghcr.io/${{ github.repository_owner }}/tinyauth
          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
          file: Dockerfile.distroless
          cache-from: type=gha
          cache-to: type=gha,mode=max
          github-token: ${{ secrets.GITHUB_TOKEN }}
          build-args: |
            VERSION=${{ needs.generate-metadata.outputs.VERSION }}
            COMMIT_HASH=${{ needs.generate-metadata.outputs.COMMIT_HASH }}
            BUILD_TIMESTAMP=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}
      - name: Export digest
        run: |
          mkdir -p ${{ runner.temp }}/digests
          digest="${{ steps.build.outputs.digest }}"
          touch "${{ runner.temp }}/digests/${digest#sha256:}"
      - name: Upload digest
        uses: actions/upload-artifact@v4
        with:
          name: digests-distroless-linux-amd64
          path: ${{ runner.temp }}/digests/*
          if-no-files-found: error
          retention-days: 1
  image-build-arm:
    runs-on: ubuntu-24.04-arm
    needs:
@@ -217,10 +279,6 @@ jobs:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Set version
        run: |
          echo nightly > internal/assets/version
      - name: Build and push
        uses: docker/build-push-action@v6
        id: build
@@ -229,6 +287,9 @@ jobs:
          labels: ${{ steps.meta.outputs.labels }}
          tags: ghcr.io/${{ github.repository_owner }}/tinyauth
          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
          cache-from: type=gha
          cache-to: type=gha,mode=max
          github-token: ${{ secrets.GITHUB_TOKEN }}
          build-args: |
            VERSION=${{ needs.generate-metadata.outputs.VERSION }}
            COMMIT_HASH=${{ needs.generate-metadata.outputs.COMMIT_HASH }}
@@ -248,6 +309,65 @@ jobs:
          if-no-files-found: error
          retention-days: 1
  image-build-arm-distroless:
    runs-on: ubuntu-24.04-arm
    needs:
      - create-release
      - generate-metadata
      - image-build-arm
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          ref: nightly
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ghcr.io/${{ github.repository_owner }}/tinyauth
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Build and push
        uses: docker/build-push-action@v6
        id: build
        with:
          platforms: linux/arm64
          labels: ${{ steps.meta.outputs.labels }}
          tags: ghcr.io/${{ github.repository_owner }}/tinyauth
          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
          file: Dockerfile.distroless
          cache-from: type=gha
          cache-to: type=gha,mode=max
          github-token: ${{ secrets.GITHUB_TOKEN }}
          build-args: |
            VERSION=${{ needs.generate-metadata.outputs.VERSION }}
            COMMIT_HASH=${{ needs.generate-metadata.outputs.COMMIT_HASH }}
            BUILD_TIMESTAMP=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}
      - name: Export digest
        run: |
          mkdir -p ${{ runner.temp }}/digests
          digest="${{ steps.build.outputs.digest }}"
          touch "${{ runner.temp }}/digests/${digest#sha256:}"
      - name: Upload digest
        uses: actions/upload-artifact@v4
        with:
          name: digests-distroless-linux-arm64
          path: ${{ runner.temp }}/digests/*
          if-no-files-found: error
          retention-days: 1
  image-merge:
    runs-on: ubuntu-latest
    needs:
@@ -285,6 +405,43 @@ jobs:
          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
            $(printf 'ghcr.io/${{ github.repository_owner }}/tinyauth@sha256:%s ' *)
  image-merge-distroless:
    runs-on: ubuntu-latest
    needs:
      - image-build-distroless
      - image-build-arm-distroless
    steps:
      - name: Download digests
        uses: actions/download-artifact@v4
        with:
          path: ${{ runner.temp }}/digests
          pattern: digests-distroless-*
          merge-multiple: true
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ghcr.io/${{ github.repository_owner }}/tinyauth
          tags: |
            type=raw,nightly-distroless
      - name: Create manifest list and push
        working-directory: ${{ runner.temp }}/digests
        run: |
          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
            $(printf 'ghcr.io/${{ github.repository_owner }}/tinyauth@sha256:%s ' *)
  update-release:
    runs-on: ubuntu-latest
    needs:
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -58,7 +58,7 @@ jobs:
      - name: Build
        run: |
          cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/constants.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/constants.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64
+          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64
        env:
          CGO_ENABLED: 0
@@ -101,7 +101,7 @@ jobs:
      - name: Build
        run: |
          cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/constants.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/constants.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64
+          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64
        env:
          CGO_ENABLED: 0
@@ -143,6 +143,9 @@ jobs:
          labels: ${{ steps.meta.outputs.labels }}
          tags: ghcr.io/${{ github.repository_owner }}/tinyauth
          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
          cache-from: type=gha
          cache-to: type=gha,mode=max
          github-token: ${{ secrets.GITHUB_TOKEN }}
          build-args: |
            VERSION=${{ needs.generate-metadata.outputs.VERSION }}
            COMMIT_HASH=${{ needs.generate-metadata.outputs.COMMIT_HASH }}
@@ -162,6 +165,62 @@ jobs:
          if-no-files-found: error
          retention-days: 1
  image-build-distroless:
    runs-on: ubuntu-latest
    needs:
      - generate-metadata
      - image-build
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ghcr.io/${{ github.repository_owner }}/tinyauth
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Build and push
        uses: docker/build-push-action@v6
        id: build
        with:
          platforms: linux/amd64
          labels: ${{ steps.meta.outputs.labels }}
          tags: ghcr.io/${{ github.repository_owner }}/tinyauth
          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
          file: Dockerfile.distroless
          cache-from: type=gha
          cache-to: type=gha,mode=max
          github-token: ${{ secrets.GITHUB_TOKEN }}
          build-args: |
            VERSION=${{ needs.generate-metadata.outputs.VERSION }}
            COMMIT_HASH=${{ needs.generate-metadata.outputs.COMMIT_HASH }}
            BUILD_TIMESTAMP=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}
      - name: Export digest
        run: |
          mkdir -p ${{ runner.temp }}/digests
          digest="${{ steps.build.outputs.digest }}"
          touch "${{ runner.temp }}/digests/${digest#sha256:}"
      - name: Upload digest
        uses: actions/upload-artifact@v4
        with:
          name: digests-distroless-linux-amd64
          path: ${{ runner.temp }}/digests/*
          if-no-files-found: error
          retention-days: 1
  image-build-arm:
    runs-on: ubuntu-24.04-arm
    needs:
@@ -194,6 +253,9 @@ jobs:
          labels: ${{ steps.meta.outputs.labels }}
          tags: ghcr.io/${{ github.repository_owner }}/tinyauth
          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
          cache-from: type=gha
          cache-to: type=gha,mode=max
          github-token: ${{ secrets.GITHUB_TOKEN }}
          build-args: |
            VERSION=${{ needs.generate-metadata.outputs.VERSION }}
            COMMIT_HASH=${{ needs.generate-metadata.outputs.COMMIT_HASH }}
@@ -213,6 +275,62 @@ jobs:
          if-no-files-found: error
          retention-days: 1
  image-build-arm-distroless:
    runs-on: ubuntu-24.04-arm
    needs:
      - generate-metadata
      - image-build-arm
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ghcr.io/${{ github.repository_owner }}/tinyauth
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Build and push
        uses: docker/build-push-action@v6
        id: build
        with:
          platforms: linux/arm64
          labels: ${{ steps.meta.outputs.labels }}
          tags: ghcr.io/${{ github.repository_owner }}/tinyauth
          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
          file: Dockerfile.distroless
          cache-from: type=gha
          cache-to: type=gha,mode=max
          github-token: ${{ secrets.GITHUB_TOKEN }}
          build-args: |
            VERSION=${{ needs.generate-metadata.outputs.VERSION }}
            COMMIT_HASH=${{ needs.generate-metadata.outputs.COMMIT_HASH }}
            BUILD_TIMESTAMP=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}
      - name: Export digest
        run: |
          mkdir -p ${{ runner.temp }}/digests
          digest="${{ steps.build.outputs.digest }}"
          touch "${{ runner.temp }}/digests/${digest#sha256:}"
      - name: Upload digest
        uses: actions/upload-artifact@v4
        with:
          name: digests-distroless-linux-arm64
          path: ${{ runner.temp }}/digests/*
          if-no-files-found: error
          retention-days: 1
  image-merge:
    runs-on: ubuntu-latest
    needs:
@@ -252,6 +370,45 @@ jobs:
          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
            $(printf 'ghcr.io/${{ github.repository_owner }}/tinyauth@sha256:%s ' *)
  image-merge-distroless:
    runs-on: ubuntu-latest
    needs:
      - image-build-distroless
      - image-build-arm-distroless
    steps:
      - name: Download digests
        uses: actions/download-artifact@v4
        with:
          path: ${{ runner.temp }}/digests
          pattern: digests-distroless-*
          merge-multiple: true
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ghcr.io/${{ github.repository_owner }}/tinyauth
          tags: |
            type=semver,pattern={{version}},prefix=v,suffix=-distroless
            type=semver,pattern={{major}},prefix=v,suffix=-distroless
            type=semver,pattern={{major}}.{{minor}},prefix=v,suffix=-distroless
      - name: Create manifest list and push
        working-directory: ${{ runner.temp }}/digests
        run: |
          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
            $(printf 'ghcr.io/${{ github.repository_owner }}/tinyauth@sha256:%s ' *)
  update-release:
    runs-on: ubuntu-latest
    needs:
--- a/10
+++ b/10
@@ -1,5 +1,5 @@
 # Site builder
-FROM oven/bun:1.2.21-alpine AS frontend-builder
+FROM oven/bun:1.2.23-alpine AS frontend-builder
 WORKDIR /frontend
@@ -38,19 +38,19 @@ COPY ./cmd ./cmd
 COPY ./internal ./internal
 COPY --from=frontend-builder /frontend/dist ./internal/assets/dist
-RUN CGO_ENABLED=0 go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${VERSION} -X tinyauth/internal/constants.CommitHash=${COMMIT_HASH} -X tinyauth/internal/constants.BuildTimestamp=${BUILD_TIMESTAMP}" 
+RUN CGO_ENABLED=0 go build -ldflags "-s -w -X tinyauth/internal/config.Version=${VERSION} -X tinyauth/internal/config.CommitHash=${COMMIT_HASH} -X tinyauth/internal/config.BuildTimestamp=${BUILD_TIMESTAMP}" 
 # Runner
 FROM alpine:3.22 AS runner
 WORKDIR /tinyauth
 RUN apk add --no-cache curl
 COPY --from=builder /tinyauth/tinyauth ./
 EXPOSE 3000
 VOLUME ["/data"]
-ENTRYPOINT ["./tinyauth"]
+HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 CMD ["/tinyauth/tinyauth", "healthcheck"]
 ENTRYPOINT ["/tinyauth/tinyauth"]
--- a/Dockerfile.distroless
+++ b/Dockerfile.distroless
@@ -0,0 +1,56 @@
 # Site builder
 FROM oven/bun:1.2.23-alpine AS frontend-builder
 WORKDIR /frontend
 COPY ./frontend/package.json ./
 COPY ./frontend/bun.lock ./
 RUN bun install
 COPY ./frontend/public ./public
 COPY ./frontend/src ./src
 COPY ./frontend/eslint.config.js ./
 COPY ./frontend/index.html ./
 COPY ./frontend/tsconfig.json ./
 COPY ./frontend/tsconfig.app.json ./
 COPY ./frontend/tsconfig.node.json ./
 COPY ./frontend/vite.config.ts ./
 RUN bun run build
 # Builder
 FROM golang:1.25-alpine3.21 AS builder
 ARG VERSION
 ARG COMMIT_HASH
 ARG BUILD_TIMESTAMP
 WORKDIR /tinyauth
 COPY go.mod ./
 COPY go.sum ./
 RUN go mod download
 COPY ./main.go ./
 COPY ./cmd ./cmd
 COPY ./internal ./internal
 COPY --from=frontend-builder /frontend/dist ./internal/assets/dist
 RUN CGO_ENABLED=0 go build -ldflags "-s -w -X tinyauth/internal/config.Version=${VERSION} -X tinyauth/internal/config.CommitHash=${COMMIT_HASH} -X tinyauth/internal/config.BuildTimestamp=${BUILD_TIMESTAMP}" 
 # Runner
 FROM gcr.io/distroless/static-debian12:latest AS runner
 WORKDIR /tinyauth
 COPY --from=builder /tinyauth/tinyauth ./
 EXPOSE 3000
 VOLUME ["/data"]
 HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 CMD ["/tinyauth/tinyauth", "healthcheck"]
 ENTRYPOINT ["/tinyauth/tinyauth"]
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 <div align="center">
    <img alt="Tinyauth" title="Tinyauth" width="96" src="assets/logo-rounded.png">
    <h1>Tinyauth</h1>
-    <p>The easiest way to secure your apps with a login screen.</p>
+    <p>The simplest way to protect your apps with a login screen.</p>
 </div>
 <div align="center">
@@ -14,7 +14,7 @@
 <br />
-Tinyauth is a simple authentication middleware that adds a simple login screen or OAuth with Google, Github and any provider to all of your docker apps. It supports all the popular proxies like Traefik, Nginx and Caddy.
+Tinyauth is a simple authentication middleware that adds a simple login screen or OAuth with Google, Github or any other provider to all of your apps. It supports all the popular proxies like Traefik, Nginx and Caddy.
 ![Screenshot](assets/screenshot.png)
--- a/cmd/create.go
+++ b/cmd/create.go
@@ -0,0 +1,99 @@
 package cmd
 import (
 	"errors"
 	"fmt"
 	"strings"
 	"github.com/charmbracelet/huh"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
 	"golang.org/x/crypto/bcrypt"
 )
 type createUserCmd struct {
 	root *cobra.Command
 	cmd  *cobra.Command
 	interactive bool
 	docker      bool
 	username    string
 	password    string
 }
 func newCreateUserCmd(root *cobra.Command) *createUserCmd {
 	return &createUserCmd{
 		root: root,
 	}
 }
 func (c *createUserCmd) Register() {
 	c.cmd = &cobra.Command{
 		Use:   "create",
 		Short: "Create a user",
 		Long:  `Create a user either interactively or by passing flags.`,
 		Run:   c.run,
 	}
 	c.cmd.Flags().BoolVarP(&c.interactive, "interactive", "i", false, "Create a user interactively")
 	c.cmd.Flags().BoolVar(&c.docker, "docker", false, "Format output for docker")
 	c.cmd.Flags().StringVar(&c.username, "username", "", "Username")
 	c.cmd.Flags().StringVar(&c.password, "password", "", "Password")
 	if c.root != nil {
 		c.root.AddCommand(c.cmd)
 	}
 }
 func (c *createUserCmd) GetCmd() *cobra.Command {
 	return c.cmd
 }
 func (c *createUserCmd) run(cmd *cobra.Command, args []string) {
 	log.Logger = log.Level(zerolog.InfoLevel)
 	if c.interactive {
 		form := huh.NewForm(
 			huh.NewGroup(
 				huh.NewInput().Title("Username").Value(&c.username).Validate((func(s string) error {
 					if s == "" {
 						return errors.New("username cannot be empty")
 					}
 					return nil
 				})),
 				huh.NewInput().Title("Password").Value(&c.password).Validate((func(s string) error {
 					if s == "" {
 						return errors.New("password cannot be empty")
 					}
 					return nil
 				})),
 				huh.NewSelect[bool]().Title("Format the output for Docker?").Options(huh.NewOption("Yes", true), huh.NewOption("No", false)).Value(&c.docker),
 			),
 		)
 		var baseTheme *huh.Theme = huh.ThemeBase()
 		err := form.WithTheme(baseTheme).Run()
 		if err != nil {
 			log.Fatal().Err(err).Msg("Form failed")
 		}
 	}
 	if c.username == "" || c.password == "" {
 		log.Fatal().Err(errors.New("error invalid input")).Msg("Username and password cannot be empty")
 	}
 	log.Info().Str("username", c.username).Msg("Creating user")
 	passwd, err := bcrypt.GenerateFromPassword([]byte(c.password), bcrypt.DefaultCost)
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to hash password")
 	}
 	// If docker format is enabled, escape the dollar sign
 	passwdStr := string(passwd)
 	if c.docker {
 		passwdStr = strings.ReplaceAll(passwdStr, "$", "$$")
 	}
 	log.Info().Str("user", fmt.Sprintf("%s:%s", c.username, passwdStr)).Msg("User created")
 }
--- a/cmd/generate.go
+++ b/cmd/generate.go
@@ -0,0 +1,120 @@
 package cmd
 import (
 	"errors"
 	"fmt"
 	"os"
 	"strings"
 	"tinyauth/internal/utils"
 	"github.com/charmbracelet/huh"
 	"github.com/mdp/qrterminal/v3"
 	"github.com/pquerna/otp/totp"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
 )
 type generateTotpCmd struct {
 	root *cobra.Command
 	cmd  *cobra.Command
 	interactive bool
 	user        string
 }
 func newGenerateTotpCmd(root *cobra.Command) *generateTotpCmd {
 	return &generateTotpCmd{
 		root: root,
 	}
 }
 func (c *generateTotpCmd) Register() {
 	c.cmd = &cobra.Command{
 		Use:   "generate",
 		Short: "Generate a totp secret",
 		Long:  `Generate a totp secret for a user either interactively or by passing flags.`,
 		Run:   c.run,
 	}
 	c.cmd.Flags().BoolVarP(&c.interactive, "interactive", "i", false, "Run in interactive mode")
 	c.cmd.Flags().StringVar(&c.user, "user", "", "Your current user (username:hash)")
 	if c.root != nil {
 		c.root.AddCommand(c.cmd)
 	}
 }
 func (c *generateTotpCmd) GetCmd() *cobra.Command {
 	return c.cmd
 }
 func (c *generateTotpCmd) run(cmd *cobra.Command, args []string) {
 	log.Logger = log.Level(zerolog.InfoLevel)
 	if c.interactive {
 		form := huh.NewForm(
 			huh.NewGroup(
 				huh.NewInput().Title("Current user (username:hash)").Value(&c.user).Validate((func(s string) error {
 					if s == "" {
 						return errors.New("user cannot be empty")
 					}
 					return nil
 				})),
 			),
 		)
 		var baseTheme *huh.Theme = huh.ThemeBase()
 		err := form.WithTheme(baseTheme).Run()
 		if err != nil {
 			log.Fatal().Err(err).Msg("Form failed")
 		}
 	}
 	user, err := utils.ParseUser(c.user)
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to parse user")
 	}
 	docker := false
 	if strings.Contains(c.user, "$$") {
 		docker = true
 	}
 	if user.TotpSecret != "" {
 		log.Fatal().Msg("User already has a TOTP secret")
 	}
 	key, err := totp.Generate(totp.GenerateOpts{
 		Issuer:      "Tinyauth",
 		AccountName: user.Username,
 	})
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to generate TOTP secret")
 	}
 	secret := key.Secret()
 	log.Info().Str("secret", secret).Msg("Generated TOTP secret")
 	log.Info().Msg("Generated QR code")
 	config := qrterminal.Config{
 		Level:     qrterminal.L,
 		Writer:    os.Stdout,
 		BlackChar: qrterminal.BLACK,
 		WhiteChar: qrterminal.WHITE,
 		QuietZone: 2,
 	}
 	qrterminal.GenerateWithConfig(key.URL(), config)
 	user.TotpSecret = secret
 	// If using docker escape re-escape it
 	if docker {
 		user.Password = strings.ReplaceAll(user.Password, "$", "$$")
 	}
 	log.Info().Str("user", fmt.Sprintf("%s:%s:%s", user.Username, user.Password, user.TotpSecret)).Msg("Add the totp secret to your authenticator app then use the verify command to ensure everything is working correctly.")
 }
--- a/cmd/healthcheck.go
+++ b/cmd/healthcheck.go
@@ -0,0 +1,112 @@
 package cmd
 import (
 	"encoding/json"
 	"errors"
 	"io"
 	"net/http"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 type healthzResponse struct {
 	Status  string `json:"status"`
 	Message string `json:"message"`
 }
 type healthcheckCmd struct {
 	root *cobra.Command
 	cmd  *cobra.Command
 	viper *viper.Viper
 }
 func newHealthcheckCmd(root *cobra.Command) *healthcheckCmd {
 	return &healthcheckCmd{
 		root:  root,
 		viper: viper.New(),
 	}
 }
 func (c *healthcheckCmd) Register() {
 	c.cmd = &cobra.Command{
 		Use:   "healthcheck [app-url]",
 		Short: "Perform a health check",
 		Long:  `Use the health check endpoint to verify that Tinyauth is running and it's healthy.`,
 		Run:   c.run,
 	}
 	c.viper.AutomaticEnv()
 	if c.root != nil {
 		c.root.AddCommand(c.cmd)
 	}
 }
 func (c *healthcheckCmd) GetCmd() *cobra.Command {
 	return c.cmd
 }
 func (c *healthcheckCmd) run(cmd *cobra.Command, args []string) {
 	log.Logger = log.Level(zerolog.InfoLevel)
 	var appUrl string
 	port := c.viper.GetString("PORT")
 	address := c.viper.GetString("ADDRESS")
 	if port == "" {
 		port = "3000"
 	}
 	if address == "" {
 		address = "127.0.0.1"
 	}
 	appUrl = "http://" + address + ":" + port
 	if len(args) > 0 {
 		appUrl = args[0]
 	}
 	log.Info().Str("app_url", appUrl).Msg("Performing health check")
 	client := http.Client{}
 	req, err := http.NewRequest("GET", appUrl+"/api/healthz", nil)
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to create request")
 	}
 	resp, err := client.Do(req)
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to perform request")
 	}
 	if resp.StatusCode != http.StatusOK {
 		log.Fatal().Err(errors.New("service is not healthy")).Msgf("Service is not healthy. Status code: %d", resp.StatusCode)
 	}
 	defer resp.Body.Close()
 	var healthResp healthzResponse
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to read response")
 	}
 	err = json.Unmarshal(body, &healthResp)
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to decode response")
 	}
 	log.Info().Interface("response", healthResp).Msg("Tinyauth is healthy")
 }
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -2,8 +2,6 @@ package cmd
 import (
 	"strings"
 	totpCmd "tinyauth/cmd/totp"
 	userCmd "tinyauth/cmd/user"
 	"tinyauth/internal/bootstrap"
 	"tinyauth/internal/config"
 	"tinyauth/internal/utils"
@@ -15,59 +13,28 @@ import (
 	"github.com/spf13/viper"
 )
-var rootCmd = &cobra.Command{
+type rootCmd struct {
 	root *cobra.Command
 	cmd  *cobra.Command
 	viper *viper.Viper
 }
 func newRootCmd() *rootCmd {
 	return &rootCmd{
 		viper: viper.New(),
 	}
 }
 func (c *rootCmd) Register() {
 	c.cmd = &cobra.Command{
 		Use:   "tinyauth",
-	Short: "The simplest way to protect your apps with a login screen.",
+		Short: "The simplest way to protect your apps with a login screen",
-	Long:  `Tinyauth is a simple authentication middleware that adds simple username/password login or OAuth with Google, Github and any generic OAuth provider to all of your docker apps.`,
+		Long:  `Tinyauth is a simple authentication middleware that adds a simple login screen or OAuth with Google, Github or any other provider to all of your docker apps.`,
-	Run: func(cmd *cobra.Command, args []string) {
+		Run:   c.run,
 		var conf config.Config
 		err := viper.Unmarshal(&conf)
 		if err != nil {
 			log.Fatal().Err(err).Msg("Failed to parse config")
 	}
-		// Check if secrets have a file associated with them
+	c.viper.AutomaticEnv()
 		conf.GithubClientSecret = utils.GetSecret(conf.GithubClientSecret, conf.GithubClientSecretFile)
 		conf.GoogleClientSecret = utils.GetSecret(conf.GoogleClientSecret, conf.GoogleClientSecretFile)
 		conf.GenericClientSecret = utils.GetSecret(conf.GenericClientSecret, conf.GenericClientSecretFile)
 		// Validate config
 		v := validator.New()
 		err = v.Struct(conf)
 		if err != nil {
 			log.Fatal().Err(err).Msg("Invalid config")
 		}
 		log.Logger = log.Level(zerolog.Level(utils.GetLogLevel(conf.LogLevel)))
 		log.Info().Str("version", strings.TrimSpace(config.Version)).Msg("Starting tinyauth")
 		// Create bootstrap app
 		app := bootstrap.NewBootstrapApp(conf)
 		// Run
 		err = app.Setup()
 		if err != nil {
 			log.Fatal().Err(err).Msg("Failed to setup app")
 		}
 	},
 }
 func Execute() {
 	err := rootCmd.Execute()
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to execute command")
 	}
 }
 func init() {
 	rootCmd.AddCommand(userCmd.UserCmd())
 	rootCmd.AddCommand(totpCmd.TotpCmd())
 	viper.AutomaticEnv()
 	configOptions := []struct {
 		name        string
@@ -80,21 +47,6 @@ func init() {
 		{"users", "", "Comma separated list of users in the format username:hash."},
 		{"users-file", "", "Path to a file containing users in the format username:hash."},
 		{"secure-cookie", false, "Send cookie over secure connection only."},
 		{"github-client-id", "", "Github OAuth client ID."},
 		{"github-client-secret", "", "Github OAuth client secret."},
 		{"github-client-secret-file", "", "Github OAuth client secret file."},
 		{"google-client-id", "", "Google OAuth client ID."},
 		{"google-client-secret", "", "Google OAuth client secret."},
 		{"google-client-secret-file", "", "Google OAuth client secret file."},
 		{"generic-client-id", "", "Generic OAuth client ID."},
 		{"generic-client-secret", "", "Generic OAuth client secret."},
 		{"generic-client-secret-file", "", "Generic OAuth client secret file."},
 		{"generic-scopes", "", "Generic OAuth scopes."},
 		{"generic-auth-url", "", "Generic OAuth auth URL."},
 		{"generic-token-url", "", "Generic OAuth token URL."},
 		{"generic-user-url", "", "Generic OAuth user info URL."},
 		{"generic-name", "Generic", "Generic OAuth provider name."},
 		{"generic-skip-ssl", false, "Skip SSL verification for the generic OAuth provider."},
 		{"oauth-whitelist", "", "Comma separated list of email addresses to whitelist when using OAuth."},
 		{"oauth-auto-redirect", "none", "Auto redirect to the specified OAuth provider if configured. (available providers: github, google, generic)"},
 		{"session-expiry", 86400, "Session (cookie) expiration time in seconds."},
@@ -112,22 +64,90 @@ func init() {
 		{"ldap-search-filter", "(uid=%s)", "LDAP search filter for user lookup."},
 		{"resources-dir", "/data/resources", "Path to a directory containing custom resources (e.g. background image)."},
 		{"database-path", "/data/tinyauth.db", "Path to the Sqlite database file."},
 		{"trusted-proxies", "", "Comma separated list of trusted proxies (IP addresses or CIDRs) for correct client IP detection."},
 		{"disable-analytics", false, "Disable anonymous version collection."},
 		{"disable-resources", false, "Disable the resources server."},
 	}
 	for _, opt := range configOptions {
 		switch v := opt.defaultVal.(type) {
 		case bool:
-			rootCmd.Flags().Bool(opt.name, v, opt.description)
+			c.cmd.Flags().Bool(opt.name, v, opt.description)
 		case int:
-			rootCmd.Flags().Int(opt.name, v, opt.description)
+			c.cmd.Flags().Int(opt.name, v, opt.description)
 		case string:
-			rootCmd.Flags().String(opt.name, v, opt.description)
+			c.cmd.Flags().String(opt.name, v, opt.description)
 		}
 		// Create uppercase env var name
 		envVar := strings.ReplaceAll(strings.ToUpper(opt.name), "-", "_")
-		viper.BindEnv(opt.name, envVar)
+		c.viper.BindEnv(opt.name, envVar)
 	}
-	viper.BindPFlags(rootCmd.Flags())
+	c.viper.BindPFlags(c.cmd.Flags())
 	if c.root != nil {
 		c.root.AddCommand(c.cmd)
 	}
 }
 func (c *rootCmd) GetCmd() *cobra.Command {
 	return c.cmd
 }
 func (c *rootCmd) run(cmd *cobra.Command, args []string) {
 	var conf config.Config
 	err := c.viper.Unmarshal(&conf)
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to parse config")
 	}
 	v := validator.New()
 	err = v.Struct(conf)
 	if err != nil {
 		log.Fatal().Err(err).Msg("Invalid config")
 	}
 	log.Logger = log.Level(zerolog.Level(utils.GetLogLevel(conf.LogLevel)))
 	log.Info().Str("version", strings.TrimSpace(config.Version)).Msg("Starting Tinyauth")
 	app := bootstrap.NewBootstrapApp(conf)
 	err = app.Setup()
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to setup app")
 	}
 }
 func Run() {
 	rootCmd := newRootCmd()
 	rootCmd.Register()
 	root := rootCmd.GetCmd()
 	userCmd := &cobra.Command{
 		Use:   "user",
 		Short: "User utilities",
 		Long:  `Utilities for creating and verifying tinyauth compatible users.`,
 	}
 	totpCmd := &cobra.Command{
 		Use:   "totp",
 		Short: "Totp utilities",
 		Long:  `Utilities for creating and verifying totp codes.`,
 	}
 	newCreateUserCmd(userCmd).Register()
 	newVerifyUserCmd(userCmd).Register()
 	newGenerateTotpCmd(totpCmd).Register()
 	newVersionCmd(root).Register()
 	newHealthcheckCmd(root).Register()
 	root.AddCommand(userCmd)
 	root.AddCommand(totpCmd)
 	err := root.Execute()
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to execute root command")
 	}
 }
--- a/cmd/totp/generate/generate.go
+++ b/cmd/totp/generate/generate.go
@@ -1,99 +0,0 @@
 package generate
 import (
 	"errors"
 	"fmt"
 	"os"
 	"strings"
 	"tinyauth/internal/utils"
 	"github.com/charmbracelet/huh"
 	"github.com/mdp/qrterminal/v3"
 	"github.com/pquerna/otp/totp"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
 )
 var interactive bool
 // Input user
 var iUser string
 var GenerateCmd = &cobra.Command{
 	Use:   "generate",
 	Short: "Generate a totp secret",
 	Run: func(cmd *cobra.Command, args []string) {
 		log.Logger = log.Level(zerolog.InfoLevel)
 		if interactive {
 			form := huh.NewForm(
 				huh.NewGroup(
 					huh.NewInput().Title("Current username:hash").Value(&iUser).Validate((func(s string) error {
 						if s == "" {
 							return errors.New("user cannot be empty")
 						}
 						return nil
 					})),
 				),
 			)
 			var baseTheme *huh.Theme = huh.ThemeBase()
 			err := form.WithTheme(baseTheme).Run()
 			if err != nil {
 				log.Fatal().Err(err).Msg("Form failed")
 			}
 		}
 		user, err := utils.ParseUser(iUser)
 		if err != nil {
 			log.Fatal().Err(err).Msg("Failed to parse user")
 		}
 		dockerEscape := false
 		if strings.Contains(iUser, "$$") {
 			dockerEscape = true
 		}
 		if user.TotpSecret != "" {
 			log.Fatal().Msg("User already has a totp secret")
 		}
 		key, err := totp.Generate(totp.GenerateOpts{
 			Issuer:      "Tinyauth",
 			AccountName: user.Username,
 		})
 		if err != nil {
 			log.Fatal().Err(err).Msg("Failed to generate totp secret")
 		}
 		secret := key.Secret()
 		log.Info().Str("secret", secret).Msg("Generated totp secret")
 		log.Info().Msg("Generated QR code")
 		config := qrterminal.Config{
 			Level:     qrterminal.L,
 			Writer:    os.Stdout,
 			BlackChar: qrterminal.BLACK,
 			WhiteChar: qrterminal.WHITE,
 			QuietZone: 2,
 		}
 		qrterminal.GenerateWithConfig(key.URL(), config)
 		user.TotpSecret = secret
 		// If using docker escape re-escape it
 		if dockerEscape {
 			user.Password = strings.ReplaceAll(user.Password, "$", "$$")
 		}
 		log.Info().Str("user", fmt.Sprintf("%s:%s:%s", user.Username, user.Password, user.TotpSecret)).Msg("Add the totp secret to your authenticator app then use the verify command to ensure everything is working correctly.")
 	},
 }
 func init() {
 	GenerateCmd.Flags().BoolVarP(&interactive, "interactive", "i", false, "Run in interactive mode")
 	GenerateCmd.Flags().StringVar(&iUser, "user", "", "Your current username:hash")
 }
--- a/cmd/totp/totp.go
+++ b/cmd/totp/totp.go
@@ -1,17 +0,0 @@
 package cmd
 import (
 	"tinyauth/cmd/totp/generate"
 	"github.com/spf13/cobra"
 )
 func TotpCmd() *cobra.Command {
 	totpCmd := &cobra.Command{
 		Use:   "totp",
 		Short: "Totp utilities",
 		Long:  `Utilities for creating and verifying totp codes.`,
 	}
 	totpCmd.AddCommand(generate.GenerateCmd)
 	return totpCmd
 }
--- a/cmd/user/create/create.go
+++ b/cmd/user/create/create.go
@@ -1,80 +0,0 @@
 package create
 import (
 	"errors"
 	"fmt"
 	"strings"
 	"github.com/charmbracelet/huh"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
 	"golang.org/x/crypto/bcrypt"
 )
 var interactive bool
 var docker bool
 // i stands for input
 var iUsername string
 var iPassword string
 var CreateCmd = &cobra.Command{
 	Use:   "create",
 	Short: "Create a user",
 	Long:  `Create a user either interactively or by passing flags.`,
 	Run: func(cmd *cobra.Command, args []string) {
 		log.Logger = log.Level(zerolog.InfoLevel)
 		if interactive {
 			form := huh.NewForm(
 				huh.NewGroup(
 					huh.NewInput().Title("Username").Value(&iUsername).Validate((func(s string) error {
 						if s == "" {
 							return errors.New("username cannot be empty")
 						}
 						return nil
 					})),
 					huh.NewInput().Title("Password").Value(&iPassword).Validate((func(s string) error {
 						if s == "" {
 							return errors.New("password cannot be empty")
 						}
 						return nil
 					})),
 					huh.NewSelect[bool]().Title("Format the output for docker?").Options(huh.NewOption("Yes", true), huh.NewOption("No", false)).Value(&docker),
 				),
 			)
 			var baseTheme *huh.Theme = huh.ThemeBase()
 			err := form.WithTheme(baseTheme).Run()
 			if err != nil {
 				log.Fatal().Err(err).Msg("Form failed")
 			}
 		}
 		if iUsername == "" || iPassword == "" {
 			log.Fatal().Err(errors.New("error invalid input")).Msg("Username and password cannot be empty")
 		}
 		log.Info().Str("username", iUsername).Str("password", iPassword).Bool("docker", docker).Msg("Creating user")
 		password, err := bcrypt.GenerateFromPassword([]byte(iPassword), bcrypt.DefaultCost)
 		if err != nil {
 			log.Fatal().Err(err).Msg("Failed to hash password")
 		}
 		// If docker format is enabled, escape the dollar sign
 		passwordString := string(password)
 		if docker {
 			passwordString = strings.ReplaceAll(passwordString, "$", "$$")
 		}
 		log.Info().Str("user", fmt.Sprintf("%s:%s", iUsername, passwordString)).Msg("User created")
 	},
 }
 func init() {
 	CreateCmd.Flags().BoolVarP(&interactive, "interactive", "i", false, "Create a user interactively")
 	CreateCmd.Flags().BoolVar(&docker, "docker", false, "Format output for docker")
 	CreateCmd.Flags().StringVar(&iUsername, "username", "", "Username")
 	CreateCmd.Flags().StringVar(&iPassword, "password", "", "Password")
 }
--- a/cmd/user/user.go
+++ b/cmd/user/user.go
@@ -1,19 +0,0 @@
 package cmd
 import (
 	"tinyauth/cmd/user/create"
 	"tinyauth/cmd/user/verify"
 	"github.com/spf13/cobra"
 )
 func UserCmd() *cobra.Command {
 	userCmd := &cobra.Command{
 		Use:   "user",
 		Short: "User utilities",
 		Long:  `Utilities for creating and verifying tinyauth compatible users.`,
 	}
 	userCmd.AddCommand(create.CreateCmd)
 	userCmd.AddCommand(verify.VerifyCmd)
 	return userCmd
 }
--- a/cmd/user/verify/verify.go
+++ b/cmd/user/verify/verify.go
@@ -1,101 +0,0 @@
 package verify
 import (
 	"errors"
 	"tinyauth/internal/utils"
 	"github.com/charmbracelet/huh"
 	"github.com/pquerna/otp/totp"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
 	"golang.org/x/crypto/bcrypt"
 )
 var interactive bool
 var docker bool
 // i stands for input
 var iUsername string
 var iPassword string
 var iTotp string
 var iUser string
 var VerifyCmd = &cobra.Command{
 	Use:   "verify",
 	Short: "Verify a user is set up correctly",
 	Long:  `Verify a user is set up correctly meaning that it has a correct username, password and totp code.`,
 	Run: func(cmd *cobra.Command, args []string) {
 		log.Logger = log.Level(zerolog.InfoLevel)
 		if interactive {
 			form := huh.NewForm(
 				huh.NewGroup(
 					huh.NewInput().Title("User (username:hash:totp)").Value(&iUser).Validate((func(s string) error {
 						if s == "" {
 							return errors.New("user cannot be empty")
 						}
 						return nil
 					})),
 					huh.NewInput().Title("Username").Value(&iUsername).Validate((func(s string) error {
 						if s == "" {
 							return errors.New("username cannot be empty")
 						}
 						return nil
 					})),
 					huh.NewInput().Title("Password").Value(&iPassword).Validate((func(s string) error {
 						if s == "" {
 							return errors.New("password cannot be empty")
 						}
 						return nil
 					})),
 					huh.NewInput().Title("Totp Code (if setup)").Value(&iTotp),
 				),
 			)
 			var baseTheme *huh.Theme = huh.ThemeBase()
 			err := form.WithTheme(baseTheme).Run()
 			if err != nil {
 				log.Fatal().Err(err).Msg("Form failed")
 			}
 		}
 		user, err := utils.ParseUser(iUser)
 		if err != nil {
 			log.Fatal().Err(err).Msg("Failed to parse user")
 		}
 		if user.Username != iUsername {
 			log.Fatal().Msg("Username is incorrect")
 		}
 		err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(iPassword))
 		if err != nil {
 			log.Fatal().Msg("Ppassword is incorrect")
 		}
 		if user.TotpSecret == "" {
 			if iTotp != "" {
 				log.Warn().Msg("User does not have 2fa secret")
 			}
 			log.Info().Msg("User verified")
 			return
 		}
 		ok := totp.Validate(iTotp, user.TotpSecret)
 		if !ok {
 			log.Fatal().Msg("Totp code incorrect")
 		}
 		log.Info().Msg("User verified")
 	},
 }
 func init() {
 	VerifyCmd.Flags().BoolVarP(&interactive, "interactive", "i", false, "Create a user interactively")
 	VerifyCmd.Flags().BoolVar(&docker, "docker", false, "Is the user formatted for docker?")
 	VerifyCmd.Flags().StringVar(&iUsername, "username", "", "Username")
 	VerifyCmd.Flags().StringVar(&iPassword, "password", "", "Password")
 	VerifyCmd.Flags().StringVar(&iTotp, "totp", "", "Totp code")
 	VerifyCmd.Flags().StringVar(&iUser, "user", "", "Hash (username:hash:totp combination)")
 }
--- a/cmd/verify.go
+++ b/cmd/verify.go
@@ -0,0 +1,118 @@
 package cmd
 import (
 	"errors"
 	"tinyauth/internal/utils"
 	"github.com/charmbracelet/huh"
 	"github.com/pquerna/otp/totp"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
 	"golang.org/x/crypto/bcrypt"
 )
 type verifyUserCmd struct {
 	root *cobra.Command
 	cmd  *cobra.Command
 	interactive bool
 	username    string
 	password    string
 	totp        string
 	user        string
 }
 func newVerifyUserCmd(root *cobra.Command) *verifyUserCmd {
 	return &verifyUserCmd{
 		root: root,
 	}
 }
 func (c *verifyUserCmd) Register() {
 	c.cmd = &cobra.Command{
 		Use:   "verify",
 		Short: "Verify a user is set up correctly",
 		Long:  `Verify a user is set up correctly meaning that it has a correct username, password and TOTP code.`,
 		Run:   c.run,
 	}
 	c.cmd.Flags().BoolVarP(&c.interactive, "interactive", "i", false, "Validate a user interactively")
 	c.cmd.Flags().StringVar(&c.username, "username", "", "Username")
 	c.cmd.Flags().StringVar(&c.password, "password", "", "Password")
 	c.cmd.Flags().StringVar(&c.totp, "totp", "", "TOTP code")
 	c.cmd.Flags().StringVar(&c.user, "user", "", "Hash (username:hash:totp)")
 	if c.root != nil {
 		c.root.AddCommand(c.cmd)
 	}
 }
 func (c *verifyUserCmd) GetCmd() *cobra.Command {
 	return c.cmd
 }
 func (c *verifyUserCmd) run(cmd *cobra.Command, args []string) {
 	log.Logger = log.Level(zerolog.InfoLevel)
 	if c.interactive {
 		form := huh.NewForm(
 			huh.NewGroup(
 				huh.NewInput().Title("User (username:hash:totp)").Value(&c.user).Validate((func(s string) error {
 					if s == "" {
 						return errors.New("user cannot be empty")
 					}
 					return nil
 				})),
 				huh.NewInput().Title("Username").Value(&c.username).Validate((func(s string) error {
 					if s == "" {
 						return errors.New("username cannot be empty")
 					}
 					return nil
 				})),
 				huh.NewInput().Title("Password").Value(&c.password).Validate((func(s string) error {
 					if s == "" {
 						return errors.New("password cannot be empty")
 					}
 					return nil
 				})),
 				huh.NewInput().Title("TOTP Code (optional)").Value(&c.totp),
 			),
 		)
 		var baseTheme *huh.Theme = huh.ThemeBase()
 		err := form.WithTheme(baseTheme).Run()
 		if err != nil {
 			log.Fatal().Err(err).Msg("Form failed")
 		}
 	}
 	user, err := utils.ParseUser(c.user)
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to parse user")
 	}
 	if user.Username != c.username {
 		log.Fatal().Msg("Username is incorrect")
 	}
 	err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(c.password))
 	if err != nil {
 		log.Fatal().Msg("Password is incorrect")
 	}
 	if user.TotpSecret == "" {
 		if c.totp != "" {
 			log.Warn().Msg("User does not have TOTP secret")
 		}
 		log.Info().Msg("User verified")
 		return
 	}
 	ok := totp.Validate(c.totp, user.TotpSecret)
 	if !ok {
 		log.Fatal().Msg("TOTP code incorrect")
 	}
 	log.Info().Msg("User verified")
 }
--- a/cmd/version.go
+++ b/cmd/version.go
@@ -7,17 +7,36 @@ import (
 	"github.com/spf13/cobra"
 )
-var versionCmd = &cobra.Command{
+type versionCmd struct {
 	root *cobra.Command
 	cmd  *cobra.Command
 }
 func newVersionCmd(root *cobra.Command) *versionCmd {
 	return &versionCmd{
 		root: root,
 	}
 }
 func (c *versionCmd) Register() {
 	c.cmd = &cobra.Command{
 		Use:   "version",
 		Short: "Print the version number of Tinyauth",
-	Long:  `All software has versions. This is Tinyauth's`,
+		Long:  `All software has versions. This is Tinyauth's.`,
-	Run: func(cmd *cobra.Command, args []string) {
+		Run:   c.run,
 	}
 	if c.root != nil {
 		c.root.AddCommand(c.cmd)
 	}
 }
 func (c *versionCmd) GetCmd() *cobra.Command {
 	return c.cmd
 }
 func (c *versionCmd) run(cmd *cobra.Command, args []string) {
 	fmt.Printf("Version: %s\n", config.Version)
 	fmt.Printf("Commit Hash: %s\n", config.CommitHash)
 	fmt.Printf("Build Timestamp: %s\n", config.BuildTimestamp)
 	},
 }
 func init() {
 	rootCmd.AddCommand(versionCmd)
 }
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@@ -34,6 +34,10 @@ services:
    build:
      context: .
      dockerfile: Dockerfile.dev
      args:
        - VERSION=development
        - COMMIT_HASH=development
        - BUILD_TIMESTAMP=000-00-00T00:00:00Z
    env_file: .env
    volumes:
      - ./internal:/tinyauth/internal
--- a/frontend/bun.lock
+++ b/frontend/bun.lock
@@ -4,60 +4,58 @@
    "": {
      "name": "tinyauth-shadcn",
      "dependencies": {
-        "@hookform/resolvers": "^5.2.1",
+        "@hookform/resolvers": "^5.2.2",
        "@radix-ui/react-label": "^2.1.7",
        "@radix-ui/react-select": "^2.2.6",
        "@radix-ui/react-separator": "^1.1.7",
        "@radix-ui/react-slot": "^1.2.3",
-        "@tailwindcss/vite": "^4.1.12",
+        "@tailwindcss/vite": "^4.1.14",
-        "@tanstack/react-query": "^5.85.5",
+        "@tanstack/react-query": "^5.90.2",
-        "axios": "^1.11.0",
+        "axios": "^1.12.2",
        "class-variance-authority": "^0.7.1",
        "clsx": "^2.1.1",
-        "i18next": "^25.4.2",
+        "i18next": "^25.5.3",
        "i18next-browser-languagedetector": "^8.2.0",
        "i18next-resources-to-backend": "^1.2.1",
        "input-otp": "^1.4.2",
-        "lucide-react": "^0.541.0",
+        "lucide-react": "^0.545.0",
        "next-themes": "^0.4.6",
-        "react": "^19.1.1",
+        "react": "^19.2.0",
-        "react-dom": "^19.1.1",
+        "react-dom": "^19.2.0",
-        "react-hook-form": "^7.62.0",
+        "react-hook-form": "^7.64.0",
-        "react-i18next": "^15.7.2",
+        "react-i18next": "^16.0.0",
        "react-markdown": "^10.1.0",
-        "react-router": "^7.8.2",
+        "react-router": "^7.9.3",
        "sonner": "^2.0.7",
        "tailwind-merge": "^3.3.1",
-        "tailwindcss": "^4.1.12",
+        "tailwindcss": "^4.1.14",
-        "zod": "^4.1.3",
+        "zod": "^4.1.12",
      },
      "devDependencies": {
-        "@eslint/js": "^9.34.0",
+        "@eslint/js": "^9.37.0",
-        "@tanstack/eslint-plugin-query": "^5.83.1",
+        "@tanstack/eslint-plugin-query": "^5.91.0",
-        "@types/node": "^24.3.0",
+        "@types/node": "^24.7.0",
-        "@types/react": "^19.1.11",
+        "@types/react": "^19.2.2",
-        "@types/react-dom": "^19.1.8",
+        "@types/react-dom": "^19.2.1",
-        "@vitejs/plugin-react": "^5.0.1",
+        "@vitejs/plugin-react": "^5.0.4",
-        "eslint": "^9.34.0",
+        "eslint": "^9.37.0",
-        "eslint-plugin-react-hooks": "^5.2.0",
+        "eslint-plugin-react-hooks": "^6.1.1",
-        "eslint-plugin-react-refresh": "^0.4.19",
+        "eslint-plugin-react-refresh": "^0.4.23",
-        "globals": "^16.3.0",
+        "globals": "^16.4.0",
        "prettier": "3.6.2",
-        "tw-animate-css": "^1.3.7",
+        "tw-animate-css": "^1.4.0",
-        "typescript": "~5.9.2",
+        "typescript": "~5.9.3",
-        "typescript-eslint": "^8.41.0",
+        "typescript-eslint": "^8.46.0",
-        "vite": "^7.1.3",
+        "vite": "^7.1.9",
      },
    },
  },
  "packages": {
    "@ampproject/remapping": ["@ampproject/remapping@2.3.0", "", { "dependencies": { "@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw=="],
    "@babel/code-frame": ["@babel/code-frame@7.27.1", "", { "dependencies": { "@babel/helper-validator-identifier": "^7.27.1", "js-tokens": "^4.0.0", "picocolors": "^1.1.1" } }, "sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg=="],
    "@babel/compat-data": ["@babel/compat-data@7.27.2", "", {}, "sha512-TUtMJYRPyUb/9aU8f3K0mjmjf6M9N5Woshn2CS6nqJSeJtTtQcpLUXjGt9vbF8ZGff0El99sWkLgzwW3VXnxZQ=="],
-    "@babel/core": ["@babel/core@7.28.3", "", { "dependencies": { "@ampproject/remapping": "^2.2.0", "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.3", "@babel/helper-compilation-targets": "^7.27.2", "@babel/helper-module-transforms": "^7.28.3", "@babel/helpers": "^7.28.3", "@babel/parser": "^7.28.3", "@babel/template": "^7.27.2", "@babel/traverse": "^7.28.3", "@babel/types": "^7.28.2", "convert-source-map": "^2.0.0", "debug": "^4.1.0", "gensync": "^1.0.0-beta.2", "json5": "^2.2.3", "semver": "^6.3.1" } }, "sha512-yDBHV9kQNcr2/sUr9jghVyz9C3Y5G2zUM2H2lo+9mKv4sFgbA8s8Z9t8D1jiTkGoO/NoIfKMyKWr4s6CN23ZwQ=="],
+    "@babel/core": ["@babel/core@7.28.4", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.3", "@babel/helper-compilation-targets": "^7.27.2", "@babel/helper-module-transforms": "^7.28.3", "@babel/helpers": "^7.28.4", "@babel/parser": "^7.28.4", "@babel/template": "^7.27.2", "@babel/traverse": "^7.28.4", "@babel/types": "^7.28.4", "@jridgewell/remapping": "^2.3.5", "convert-source-map": "^2.0.0", "debug": "^4.1.0", "gensync": "^1.0.0-beta.2", "json5": "^2.2.3", "semver": "^6.3.1" } }, "sha512-2BCOP7TN8M+gVDj7/ht3hsaO/B/n5oDbiAyyvnRlNOs+u1o+JWNYTQrmpuNp1/Wq2gcFrI01JAW+paEKDMx/CA=="],
    "@babel/generator": ["@babel/generator@7.28.3", "", { "dependencies": { "@babel/parser": "^7.28.3", "@babel/types": "^7.28.2", "@jridgewell/gen-mapping": "^0.3.12", "@jridgewell/trace-mapping": "^0.3.28", "jsesc": "^3.0.2" } }, "sha512-3lSpxGgvnmZznmBkCRnVREPUFJv2wrv9iAoFDvADJc0ypmdOxdUtcLeBgBJ6zE0PMeTKnxeQzyk0xTBq4Ep7zw=="],
@@ -77,9 +75,9 @@
    "@babel/helper-validator-option": ["@babel/helper-validator-option@7.27.1", "", {}, "sha512-YvjJow9FxbhFFKDSuFnVCe2WxXk1zWc22fFePVNEaWJEu8IrZVlda6N0uHwzZrUM1il7NC9Mlp4MaJYbYd9JSg=="],
-    "@babel/helpers": ["@babel/helpers@7.28.3", "", { "dependencies": { "@babel/template": "^7.27.2", "@babel/types": "^7.28.2" } }, "sha512-PTNtvUQihsAsDHMOP5pfobP8C6CM4JWXmP8DrEIt46c3r2bf87Ua1zoqevsMo9g+tWDwgWrFP5EIxuBx5RudAw=="],
+    "@babel/helpers": ["@babel/helpers@7.28.4", "", { "dependencies": { "@babel/template": "^7.27.2", "@babel/types": "^7.28.4" } }, "sha512-HFN59MmQXGHVyYadKLVumYsA9dBFun/ldYxipEjzA4196jpLZd8UjEEBLkbEkvfYreDqJhZxYAWFPtrfhNpj4w=="],
-    "@babel/parser": ["@babel/parser@7.28.3", "", { "dependencies": { "@babel/types": "^7.28.2" }, "bin": "./bin/babel-parser.js" }, "sha512-7+Ey1mAgYqFAx2h0RuoxcQT5+MlG3GTV0TQrgr7/ZliKsm/MNDxVVutlWaziMq7wJNAz8MTqz55XLpWvva6StA=="],
+    "@babel/parser": ["@babel/parser@7.28.4", "", { "dependencies": { "@babel/types": "^7.28.4" }, "bin": "./bin/babel-parser.js" }, "sha512-yZbBqeM6TkpP9du/I2pUZnJsRMGGvOuIrhjzC1AwHwW+6he4mni6Bp/m8ijn0iOuZuPI2BfkCoSRunpyjnrQKg=="],
    "@babel/plugin-transform-react-jsx-self": ["@babel/plugin-transform-react-jsx-self@7.27.1", "", { "dependencies": { "@babel/helper-plugin-utils": "^7.27.1" }, "peerDependencies": { "@babel/core": "^7.0.0-0" } }, "sha512-6UzkCs+ejGdZ5mFFC/OCUrv028ab2fp1znZmCZjAOBKiBK2jXD1O+BPSfX8X2qjJ75fZBMSnQn3Rq2mrBJK2mw=="],
@@ -89,9 +87,9 @@
    "@babel/template": ["@babel/template@7.27.2", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/parser": "^7.27.2", "@babel/types": "^7.27.1" } }, "sha512-LPDZ85aEJyYSd18/DkjNh4/y1ntkE5KwUHWTiqgRxruuZL2F1yuHligVHLvcHY2vMHXttKFpJn6LwfI7cw7ODw=="],
-    "@babel/traverse": ["@babel/traverse@7.28.3", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.3", "@babel/helper-globals": "^7.28.0", "@babel/parser": "^7.28.3", "@babel/template": "^7.27.2", "@babel/types": "^7.28.2", "debug": "^4.3.1" } }, "sha512-7w4kZYHneL3A6NP2nxzHvT3HCZ7puDZZjFMqDpBPECub79sTtSO5CGXDkKrTQq8ksAwfD/XI2MRFX23njdDaIQ=="],
+    "@babel/traverse": ["@babel/traverse@7.28.4", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.3", "@babel/helper-globals": "^7.28.0", "@babel/parser": "^7.28.4", "@babel/template": "^7.27.2", "@babel/types": "^7.28.4", "debug": "^4.3.1" } }, "sha512-YEzuboP2qvQavAcjgQNVgsvHIDv6ZpwXvcvjmyySP2DIMuByS/6ioU5G9pYrWHM6T2YDfc7xga9iNzYOs12CFQ=="],
-    "@babel/types": ["@babel/types@7.28.2", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-ruv7Ae4J5dUYULmeXw1gmb7rYRz57OWCPM57pHojnLq/3Z1CK2lNSLTCVjxVk1F/TZHwOZZrOWi0ur95BbLxNQ=="],
+    "@babel/types": ["@babel/types@7.28.4", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-bkFqkLhh3pMBUQQkpVgWDWq/lqzc2678eUyDlTBhRqhCHFguYYGM0Efga7tYk4TogG/3x0EEl66/OQ+WGbWB/Q=="],
    "@esbuild/aix-ppc64": ["@esbuild/aix-ppc64@0.25.4", "", { "os": "aix", "cpu": "ppc64" }, "sha512-1VCICWypeQKhVbE9oW/sJaAmjLxhVqacdkvPLEjwlttjfwENRSClS8EjBz0KzRyFSCPDIkuXW34Je/vk7zdB7Q=="],
@@ -143,23 +141,23 @@
    "@esbuild/win32-x64": ["@esbuild/win32-x64@0.25.4", "", { "os": "win32", "cpu": "x64" }, "sha512-nOT2vZNw6hJ+z43oP1SPea/G/6AbN6X+bGNhNuq8NtRHy4wsMhw765IKLNmnjek7GvjWBYQ8Q5VBoYTFg9y1UQ=="],
-    "@eslint-community/eslint-utils": ["@eslint-community/eslint-utils@4.7.0", "", { "dependencies": { "eslint-visitor-keys": "^3.4.3" }, "peerDependencies": { "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0" } }, "sha512-dyybb3AcajC7uha6CvhdVRJqaKyn7w2YKqKyAN37NKYgZT36w+iRb0Dymmc5qEJ549c/S31cMMSFd75bteCpCw=="],
+    "@eslint-community/eslint-utils": ["@eslint-community/eslint-utils@4.9.0", "", { "dependencies": { "eslint-visitor-keys": "^3.4.3" }, "peerDependencies": { "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0" } }, "sha512-ayVFHdtZ+hsq1t2Dy24wCmGXGe4q9Gu3smhLYALJrr473ZH27MsnSL+LKUlimp4BWJqMDMLmPpx/Q9R3OAlL4g=="],
    "@eslint-community/regexpp": ["@eslint-community/regexpp@4.12.1", "", {}, "sha512-CCZCDJuduB9OUkFkY2IgppNZMi2lBQgD2qzwXkEia16cge2pijY/aXi96CJMquDMn3nJdlPV1A5KrJEXwfLNzQ=="],
    "@eslint/config-array": ["@eslint/config-array@0.21.0", "", { "dependencies": { "@eslint/object-schema": "^2.1.6", "debug": "^4.3.1", "minimatch": "^3.1.2" } }, "sha512-ENIdc4iLu0d93HeYirvKmrzshzofPw6VkZRKQGe9Nv46ZnWUzcF1xV01dcvEg/1wXUR61OmmlSfyeyO7EvjLxQ=="],
-    "@eslint/config-helpers": ["@eslint/config-helpers@0.3.1", "", {}, "sha512-xR93k9WhrDYpXHORXpxVL5oHj3Era7wo6k/Wd8/IsQNnZUTzkGS29lyn3nAT05v6ltUuTFVCCYDEGfy2Or/sPA=="],
+    "@eslint/config-helpers": ["@eslint/config-helpers@0.4.0", "", { "dependencies": { "@eslint/core": "^0.16.0" } }, "sha512-WUFvV4WoIwW8Bv0KeKCIIEgdSiFOsulyN0xrMu+7z43q/hkOLXjvb5u7UC9jDxvRzcrbEmuZBX5yJZz1741jog=="],
-    "@eslint/core": ["@eslint/core@0.15.2", "", { "dependencies": { "@types/json-schema": "^7.0.15" } }, "sha512-78Md3/Rrxh83gCxoUc0EiciuOHsIITzLy53m3d9UyiW8y9Dj2D29FeETqyKA+BRK76tnTp6RXWb3pCay8Oyomg=="],
+    "@eslint/core": ["@eslint/core@0.16.0", "", { "dependencies": { "@types/json-schema": "^7.0.15" } }, "sha512-nmC8/totwobIiFcGkDza3GIKfAw1+hLiYVrh3I1nIomQ8PEr5cxg34jnkmGawul/ep52wGRAcyeDCNtWKSOj4Q=="],
    "@eslint/eslintrc": ["@eslint/eslintrc@3.3.1", "", { "dependencies": { "ajv": "^6.12.4", "debug": "^4.3.2", "espree": "^10.0.1", "globals": "^14.0.0", "ignore": "^5.2.0", "import-fresh": "^3.2.1", "js-yaml": "^4.1.0", "minimatch": "^3.1.2", "strip-json-comments": "^3.1.1" } }, "sha512-gtF186CXhIl1p4pJNGZw8Yc6RlshoePRvE0X91oPGb3vZ8pM3qOS9W9NGPat9LziaBV7XrJWGylNQXkGcnM3IQ=="],
-    "@eslint/js": ["@eslint/js@9.34.0", "", {}, "sha512-EoyvqQnBNsV1CWaEJ559rxXL4c8V92gxirbawSmVUOWXlsRxxQXl6LmCpdUblgxgSkDIqKnhzba2SjRTI/A5Rw=="],
+    "@eslint/js": ["@eslint/js@9.37.0", "", {}, "sha512-jaS+NJ+hximswBG6pjNX0uEJZkrT0zwpVi3BA3vX22aFGjJjmgSTSmPpZCRKmoBL5VY/M6p0xsSJx7rk7sy5gg=="],
    "@eslint/object-schema": ["@eslint/object-schema@2.1.6", "", {}, "sha512-RBMg5FRL0I0gs51M/guSAj5/e14VQ4tpZnQNWwuDT66P14I43ItmPfIZRhO9fUVIPOAQXU47atlywZ/czoqFPA=="],
-    "@eslint/plugin-kit": ["@eslint/plugin-kit@0.3.5", "", { "dependencies": { "@eslint/core": "^0.15.2", "levn": "^0.4.1" } }, "sha512-Z5kJ+wU3oA7MMIqVR9tyZRtjYPr4OC004Q4Rw7pgOKUOKkJfZ3O24nz3WYfGRpMDNmcOi3TwQOmgm7B7Tpii0w=="],
+    "@eslint/plugin-kit": ["@eslint/plugin-kit@0.4.0", "", { "dependencies": { "@eslint/core": "^0.16.0", "levn": "^0.4.1" } }, "sha512-sB5uyeq+dwCWyPi31B2gQlVlo+j5brPlWx4yZBrEaRo/nhdDE8Xke1gsGgtiBdaBTxuTkceLVuVt/pclrasb0A=="],
    "@floating-ui/core": ["@floating-ui/core@1.7.0", "", { "dependencies": { "@floating-ui/utils": "^0.2.9" } }, "sha512-FRdBLykrPPA6P76GGGqlex/e7fbe0F1ykgxHYNXQsH/iTEtjMj/f9bpY5oQqbjt5VgZvgz/uKXbGuROijh3VLA=="],
@@ -169,7 +167,7 @@
    "@floating-ui/utils": ["@floating-ui/utils@0.2.9", "", {}, "sha512-MDWhGtE+eHw5JW7lq4qhc5yRLS11ERl1c7Z6Xd0a58DozHES6EnNNwUWbMiG4J9Cgj053Bhk8zvlhFYKVhULwg=="],
-    "@hookform/resolvers": ["@hookform/resolvers@5.2.1", "", { "dependencies": { "@standard-schema/utils": "^0.3.0" }, "peerDependencies": { "react-hook-form": "^7.55.0" } }, "sha512-u0+6X58gkjMcxur1wRWokA7XsiiBJ6aK17aPZxhkoYiK5J+HcTx0Vhu9ovXe6H+dVpO6cjrn2FkJTryXEMlryQ=="],
+    "@hookform/resolvers": ["@hookform/resolvers@5.2.2", "", { "dependencies": { "@standard-schema/utils": "^0.3.0" }, "peerDependencies": { "react-hook-form": "^7.55.0" } }, "sha512-A/IxlMLShx3KjV/HeTcTfaMxdwy690+L/ZADoeaTltLx+CVuzkeVIPuybK3jrRfw7YZnmdKsVVHAlEPIAEUNlA=="],
    "@humanfs/core": ["@humanfs/core@0.19.1", "", {}, "sha512-5DyQ4+1JEUzejeK1JGICcideyfUbGixgS9jNgex5nqkW+cY7WZhxBigmieN5Qnw9ZosSNVC9KQKyb+GUaGyKUA=="],
@@ -181,7 +179,7 @@
    "@isaacs/fs-minipass": ["@isaacs/fs-minipass@4.0.1", "", { "dependencies": { "minipass": "^7.0.4" } }, "sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w=="],
-    "@jridgewell/gen-mapping": ["@jridgewell/gen-mapping@0.3.8", "", { "dependencies": { "@jridgewell/set-array": "^1.2.1", "@jridgewell/sourcemap-codec": "^1.4.10", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-imAbBGkb+ebQyxKgzv5Hu2nmROxoDOXHh80evxdoXNOrvAnVx7zimzc1Oo5h9RlfV4vPXaE2iM5pOFbvOCClWA=="],
+    "@jridgewell/gen-mapping": ["@jridgewell/gen-mapping@0.3.12", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.0", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-OuLGC46TjB5BbN1dH8JULVVZY4WTdkF7tV9Ys6wLL1rubZnCMstOhNHueU5bLCrnRuDhKPDM4g6sw4Bel5Gzqg=="],
    "@jridgewell/remapping": ["@jridgewell/remapping@2.3.5", "", { "dependencies": { "@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-LI9u/+laYG4Ds1TDKSJW2YPrIlcVYOwi2fUC6xB43lueCjgxV4lffOCZCtYFiH6TNOX+tQKXx97T4IKHbhyHEQ=="],
@@ -189,9 +187,9 @@
    "@jridgewell/set-array": ["@jridgewell/set-array@1.2.1", "", {}, "sha512-R8gLRTZeyp03ymzP/6Lil/28tGeGEzhx1q2k703KGWRAI1VdvPIXdG70VJc2pAMw3NA6JKL5hhFu1sJX0Mnn/A=="],
-    "@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],
+    "@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.5", "", {}, "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og=="],
-    "@jridgewell/trace-mapping": ["@jridgewell/trace-mapping@0.3.25", "", { "dependencies": { "@jridgewell/resolve-uri": "^3.1.0", "@jridgewell/sourcemap-codec": "^1.4.14" } }, "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ=="],
+    "@jridgewell/trace-mapping": ["@jridgewell/trace-mapping@0.3.29", "", { "dependencies": { "@jridgewell/resolve-uri": "^3.1.0", "@jridgewell/sourcemap-codec": "^1.4.14" } }, "sha512-uw6guiW/gcAGPDhLmd77/6lW8QLeiV5RUTsAX46Db6oLhGaVj4lhnPwb184s1bkc8kdVg/+h988dro8GRDpmYQ=="],
    "@nodelib/fs.scandir": ["@nodelib/fs.scandir@2.1.5", "", { "dependencies": { "@nodelib/fs.stat": "2.0.5", "run-parallel": "^1.1.9" } }, "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g=="],
@@ -255,7 +253,7 @@
    "@radix-ui/rect": ["@radix-ui/rect@1.1.1", "", {}, "sha512-HPwpGIzkl28mWyZqG52jiqDJ12waP11Pa1lGoiyUkIEuMLBP0oeK/C89esbXrxsky5we7dfd8U58nm0SgAWpVw=="],
-    "@rolldown/pluginutils": ["@rolldown/pluginutils@1.0.0-beta.32", "", {}, "sha512-QReCdvxiUZAPkvp1xpAg62IeNzykOFA6syH2CnClif4YmALN1XKpB39XneL80008UbtMShthSVDKmrx05N1q/g=="],
+    "@rolldown/pluginutils": ["@rolldown/pluginutils@1.0.0-beta.38", "", {}, "sha512-N/ICGKleNhA5nc9XXQG/kkKHJ7S55u0x0XUJbbkmdCnFuoRkM1Il12q9q0eX19+M7KKUEPw/daUPIRnxhcxAIw=="],
    "@rollup/rollup-android-arm-eabi": ["@rollup/rollup-android-arm-eabi@4.46.2", "", { "os": "android", "cpu": "arm" }, "sha512-Zj3Hl6sN34xJtMv7Anwb5Gu01yujyE/cLBDB2gnHTAHaWS1Z38L7kuSG+oAh0giZMqG060f/YBStXtMH6FvPMA=="],
@@ -299,41 +297,41 @@
    "@standard-schema/utils": ["@standard-schema/utils@0.3.0", "", {}, "sha512-e7Mew686owMaPJVNNLs55PUvgz371nKgwsc4vxE49zsODpJEnxgxRo2y/OKrqueavXgZNMDVj3DdHFlaSAeU8g=="],
-    "@tailwindcss/node": ["@tailwindcss/node@4.1.12", "", { "dependencies": { "@jridgewell/remapping": "^2.3.4", "enhanced-resolve": "^5.18.3", "jiti": "^2.5.1", "lightningcss": "1.30.1", "magic-string": "^0.30.17", "source-map-js": "^1.2.1", "tailwindcss": "4.1.12" } }, "sha512-3hm9brwvQkZFe++SBt+oLjo4OLDtkvlE8q2WalaD/7QWaeM7KEJbAiY/LJZUaCs7Xa8aUu4xy3uoyX4q54UVdQ=="],
+    "@tailwindcss/node": ["@tailwindcss/node@4.1.14", "", { "dependencies": { "@jridgewell/remapping": "^2.3.4", "enhanced-resolve": "^5.18.3", "jiti": "^2.6.0", "lightningcss": "1.30.1", "magic-string": "^0.30.19", "source-map-js": "^1.2.1", "tailwindcss": "4.1.14" } }, "sha512-hpz+8vFk3Ic2xssIA3e01R6jkmsAhvkQdXlEbRTk6S10xDAtiQiM3FyvZVGsucefq764euO/b8WUW9ysLdThHw=="],
-    "@tailwindcss/oxide": ["@tailwindcss/oxide@4.1.12", "", { "dependencies": { "detect-libc": "^2.0.4", "tar": "^7.4.3" }, "optionalDependencies": { "@tailwindcss/oxide-android-arm64": "4.1.12", "@tailwindcss/oxide-darwin-arm64": "4.1.12", "@tailwindcss/oxide-darwin-x64": "4.1.12", "@tailwindcss/oxide-freebsd-x64": "4.1.12", "@tailwindcss/oxide-linux-arm-gnueabihf": "4.1.12", "@tailwindcss/oxide-linux-arm64-gnu": "4.1.12", "@tailwindcss/oxide-linux-arm64-musl": "4.1.12", "@tailwindcss/oxide-linux-x64-gnu": "4.1.12", "@tailwindcss/oxide-linux-x64-musl": "4.1.12", "@tailwindcss/oxide-wasm32-wasi": "4.1.12", "@tailwindcss/oxide-win32-arm64-msvc": "4.1.12", "@tailwindcss/oxide-win32-x64-msvc": "4.1.12" } }, "sha512-gM5EoKHW/ukmlEtphNwaGx45fGoEmP10v51t9unv55voWh6WrOL19hfuIdo2FjxIaZzw776/BUQg7Pck++cIVw=="],
+    "@tailwindcss/oxide": ["@tailwindcss/oxide@4.1.14", "", { "dependencies": { "detect-libc": "^2.0.4", "tar": "^7.5.1" }, "optionalDependencies": { "@tailwindcss/oxide-android-arm64": "4.1.14", "@tailwindcss/oxide-darwin-arm64": "4.1.14", "@tailwindcss/oxide-darwin-x64": "4.1.14", "@tailwindcss/oxide-freebsd-x64": "4.1.14", "@tailwindcss/oxide-linux-arm-gnueabihf": "4.1.14", "@tailwindcss/oxide-linux-arm64-gnu": "4.1.14", "@tailwindcss/oxide-linux-arm64-musl": "4.1.14", "@tailwindcss/oxide-linux-x64-gnu": "4.1.14", "@tailwindcss/oxide-linux-x64-musl": "4.1.14", "@tailwindcss/oxide-wasm32-wasi": "4.1.14", "@tailwindcss/oxide-win32-arm64-msvc": "4.1.14", "@tailwindcss/oxide-win32-x64-msvc": "4.1.14" } }, "sha512-23yx+VUbBwCg2x5XWdB8+1lkPajzLmALEfMb51zZUBYaYVPDQvBSD/WYDqiVyBIo2BZFa3yw1Rpy3G2Jp+K0dw=="],
-    "@tailwindcss/oxide-android-arm64": ["@tailwindcss/oxide-android-arm64@4.1.12", "", { "os": "android", "cpu": "arm64" }, "sha512-oNY5pq+1gc4T6QVTsZKwZaGpBb2N1H1fsc1GD4o7yinFySqIuRZ2E4NvGasWc6PhYJwGK2+5YT1f9Tp80zUQZQ=="],
+    "@tailwindcss/oxide-android-arm64": ["@tailwindcss/oxide-android-arm64@4.1.14", "", { "os": "android", "cpu": "arm64" }, "sha512-a94ifZrGwMvbdeAxWoSuGcIl6/DOP5cdxagid7xJv6bwFp3oebp7y2ImYsnZBMTwjn5Ev5xESvS3FFYUGgPODQ=="],
-    "@tailwindcss/oxide-darwin-arm64": ["@tailwindcss/oxide-darwin-arm64@4.1.12", "", { "os": "darwin", "cpu": "arm64" }, "sha512-cq1qmq2HEtDV9HvZlTtrj671mCdGB93bVY6J29mwCyaMYCP/JaUBXxrQQQm7Qn33AXXASPUb2HFZlWiiHWFytw=="],
+    "@tailwindcss/oxide-darwin-arm64": ["@tailwindcss/oxide-darwin-arm64@4.1.14", "", { "os": "darwin", "cpu": "arm64" }, "sha512-HkFP/CqfSh09xCnrPJA7jud7hij5ahKyWomrC3oiO2U9i0UjP17o9pJbxUN0IJ471GTQQmzwhp0DEcpbp4MZTA=="],
-    "@tailwindcss/oxide-darwin-x64": ["@tailwindcss/oxide-darwin-x64@4.1.12", "", { "os": "darwin", "cpu": "x64" }, "sha512-6UCsIeFUcBfpangqlXay9Ffty9XhFH1QuUFn0WV83W8lGdX8cD5/+2ONLluALJD5+yJ7k8mVtwy3zMZmzEfbLg=="],
+    "@tailwindcss/oxide-darwin-x64": ["@tailwindcss/oxide-darwin-x64@4.1.14", "", { "os": "darwin", "cpu": "x64" }, "sha512-eVNaWmCgdLf5iv6Qd3s7JI5SEFBFRtfm6W0mphJYXgvnDEAZ5sZzqmI06bK6xo0IErDHdTA5/t7d4eTfWbWOFw=="],
-    "@tailwindcss/oxide-freebsd-x64": ["@tailwindcss/oxide-freebsd-x64@4.1.12", "", { "os": "freebsd", "cpu": "x64" }, "sha512-JOH/f7j6+nYXIrHobRYCtoArJdMJh5zy5lr0FV0Qu47MID/vqJAY3r/OElPzx1C/wdT1uS7cPq+xdYYelny1ww=="],
+    "@tailwindcss/oxide-freebsd-x64": ["@tailwindcss/oxide-freebsd-x64@4.1.14", "", { "os": "freebsd", "cpu": "x64" }, "sha512-QWLoRXNikEuqtNb0dhQN6wsSVVjX6dmUFzuuiL09ZeXju25dsei2uIPl71y2Ic6QbNBsB4scwBoFnlBfabHkEw=="],
-    "@tailwindcss/oxide-linux-arm-gnueabihf": ["@tailwindcss/oxide-linux-arm-gnueabihf@4.1.12", "", { "os": "linux", "cpu": "arm" }, "sha512-v4Ghvi9AU1SYgGr3/j38PD8PEe6bRfTnNSUE3YCMIRrrNigCFtHZ2TCm8142X8fcSqHBZBceDx+JlFJEfNg5zQ=="],
+    "@tailwindcss/oxide-linux-arm-gnueabihf": ["@tailwindcss/oxide-linux-arm-gnueabihf@4.1.14", "", { "os": "linux", "cpu": "arm" }, "sha512-VB4gjQni9+F0VCASU+L8zSIyjrLLsy03sjcR3bM0V2g4SNamo0FakZFKyUQ96ZVwGK4CaJsc9zd/obQy74o0Fw=="],
-    "@tailwindcss/oxide-linux-arm64-gnu": ["@tailwindcss/oxide-linux-arm64-gnu@4.1.12", "", { "os": "linux", "cpu": "arm64" }, "sha512-YP5s1LmetL9UsvVAKusHSyPlzSRqYyRB0f+Kl/xcYQSPLEw/BvGfxzbH+ihUciePDjiXwHh+p+qbSP3SlJw+6g=="],
+    "@tailwindcss/oxide-linux-arm64-gnu": ["@tailwindcss/oxide-linux-arm64-gnu@4.1.14", "", { "os": "linux", "cpu": "arm64" }, "sha512-qaEy0dIZ6d9vyLnmeg24yzA8XuEAD9WjpM5nIM1sUgQ/Zv7cVkharPDQcmm/t/TvXoKo/0knI3me3AGfdx6w1w=="],
-    "@tailwindcss/oxide-linux-arm64-musl": ["@tailwindcss/oxide-linux-arm64-musl@4.1.12", "", { "os": "linux", "cpu": "arm64" }, "sha512-V8pAM3s8gsrXcCv6kCHSuwyb/gPsd863iT+v1PGXC4fSL/OJqsKhfK//v8P+w9ThKIoqNbEnsZqNy+WDnwQqCA=="],
+    "@tailwindcss/oxide-linux-arm64-musl": ["@tailwindcss/oxide-linux-arm64-musl@4.1.14", "", { "os": "linux", "cpu": "arm64" }, "sha512-ISZjT44s59O8xKsPEIesiIydMG/sCXoMBCqsphDm/WcbnuWLxxb+GcvSIIA5NjUw6F8Tex7s5/LM2yDy8RqYBQ=="],
-    "@tailwindcss/oxide-linux-x64-gnu": ["@tailwindcss/oxide-linux-x64-gnu@4.1.12", "", { "os": "linux", "cpu": "x64" }, "sha512-xYfqYLjvm2UQ3TZggTGrwxjYaLB62b1Wiysw/YE3Yqbh86sOMoTn0feF98PonP7LtjsWOWcXEbGqDL7zv0uW8Q=="],
+    "@tailwindcss/oxide-linux-x64-gnu": ["@tailwindcss/oxide-linux-x64-gnu@4.1.14", "", { "os": "linux", "cpu": "x64" }, "sha512-02c6JhLPJj10L2caH4U0zF8Hji4dOeahmuMl23stk0MU1wfd1OraE7rOloidSF8W5JTHkFdVo/O7uRUJJnUAJg=="],
-    "@tailwindcss/oxide-linux-x64-musl": ["@tailwindcss/oxide-linux-x64-musl@4.1.12", "", { "os": "linux", "cpu": "x64" }, "sha512-ha0pHPamN+fWZY7GCzz5rKunlv9L5R8kdh+YNvP5awe3LtuXb5nRi/H27GeL2U+TdhDOptU7T6Is7mdwh5Ar3A=="],
+    "@tailwindcss/oxide-linux-x64-musl": ["@tailwindcss/oxide-linux-x64-musl@4.1.14", "", { "os": "linux", "cpu": "x64" }, "sha512-TNGeLiN1XS66kQhxHG/7wMeQDOoL0S33x9BgmydbrWAb9Qw0KYdd8o1ifx4HOGDWhVmJ+Ul+JQ7lyknQFilO3Q=="],
-    "@tailwindcss/oxide-wasm32-wasi": ["@tailwindcss/oxide-wasm32-wasi@4.1.12", "", { "dependencies": { "@emnapi/core": "^1.4.5", "@emnapi/runtime": "^1.4.5", "@emnapi/wasi-threads": "^1.0.4", "@napi-rs/wasm-runtime": "^0.2.12", "@tybys/wasm-util": "^0.10.0", "tslib": "^2.8.0" }, "cpu": "none" }, "sha512-4tSyu3dW+ktzdEpuk6g49KdEangu3eCYoqPhWNsZgUhyegEda3M9rG0/j1GV/JjVVsj+lG7jWAyrTlLzd/WEBg=="],
+    "@tailwindcss/oxide-wasm32-wasi": ["@tailwindcss/oxide-wasm32-wasi@4.1.14", "", { "dependencies": { "@emnapi/core": "^1.5.0", "@emnapi/runtime": "^1.5.0", "@emnapi/wasi-threads": "^1.1.0", "@napi-rs/wasm-runtime": "^1.0.5", "@tybys/wasm-util": "^0.10.1", "tslib": "^2.4.0" }, "cpu": "none" }, "sha512-uZYAsaW/jS/IYkd6EWPJKW/NlPNSkWkBlaeVBi/WsFQNP05/bzkebUL8FH1pdsqx4f2fH/bWFcUABOM9nfiJkQ=="],
-    "@tailwindcss/oxide-win32-arm64-msvc": ["@tailwindcss/oxide-win32-arm64-msvc@4.1.12", "", { "os": "win32", "cpu": "arm64" }, "sha512-iGLyD/cVP724+FGtMWslhcFyg4xyYyM+5F4hGvKA7eifPkXHRAUDFaimu53fpNg9X8dfP75pXx/zFt/jlNF+lg=="],
+    "@tailwindcss/oxide-win32-arm64-msvc": ["@tailwindcss/oxide-win32-arm64-msvc@4.1.14", "", { "os": "win32", "cpu": "arm64" }, "sha512-Az0RnnkcvRqsuoLH2Z4n3JfAef0wElgzHD5Aky/e+0tBUxUhIeIqFBTMNQvmMRSP15fWwmvjBxZ3Q8RhsDnxAA=="],
-    "@tailwindcss/oxide-win32-x64-msvc": ["@tailwindcss/oxide-win32-x64-msvc@4.1.12", "", { "os": "win32", "cpu": "x64" }, "sha512-NKIh5rzw6CpEodv/++r0hGLlfgT/gFN+5WNdZtvh6wpU2BpGNgdjvj6H2oFc8nCM839QM1YOhjpgbAONUb4IxA=="],
+    "@tailwindcss/oxide-win32-x64-msvc": ["@tailwindcss/oxide-win32-x64-msvc@4.1.14", "", { "os": "win32", "cpu": "x64" }, "sha512-ttblVGHgf68kEE4om1n/n44I0yGPkCPbLsqzjvybhpwa6mKKtgFfAzy6btc3HRmuW7nHe0OOrSeNP9sQmmH9XA=="],
-    "@tailwindcss/vite": ["@tailwindcss/vite@4.1.12", "", { "dependencies": { "@tailwindcss/node": "4.1.12", "@tailwindcss/oxide": "4.1.12", "tailwindcss": "4.1.12" }, "peerDependencies": { "vite": "^5.2.0 || ^6 || ^7" } }, "sha512-4pt0AMFDx7gzIrAOIYgYP0KCBuKWqyW8ayrdiLEjoJTT4pKTjrzG/e4uzWtTLDziC+66R9wbUqZBccJalSE5vQ=="],
+    "@tailwindcss/vite": ["@tailwindcss/vite@4.1.14", "", { "dependencies": { "@tailwindcss/node": "4.1.14", "@tailwindcss/oxide": "4.1.14", "tailwindcss": "4.1.14" }, "peerDependencies": { "vite": "^5.2.0 || ^6 || ^7" } }, "sha512-BoFUoU0XqgCUS1UXWhmDJroKKhNXeDzD7/XwabjkDIAbMnc4ULn5e2FuEuBbhZ6ENZoSYzKlzvZ44Yr6EUDUSA=="],
-    "@tanstack/eslint-plugin-query": ["@tanstack/eslint-plugin-query@5.83.1", "", { "dependencies": { "@typescript-eslint/utils": "^8.37.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0" } }, "sha512-tdkpPFfzkTksN9BIlT/qjixSAtKrsW6PUVRwdKWaOcag7DrD1vpki3UzzdfMQGDRGeg1Ue1Dg+rcl5FJGembNg=="],
+    "@tanstack/eslint-plugin-query": ["@tanstack/eslint-plugin-query@5.91.0", "", { "dependencies": { "@typescript-eslint/utils": "^8.44.1" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0" } }, "sha512-Kn6yWyRe3dIPf7NqyDMhcsTBz2Oh8jPSOpBdlnLQhGBJ6iTMBFYA4B1UreGJ/WdfzQskSMh5imcyWF+wqa/Q5g=="],
-    "@tanstack/query-core": ["@tanstack/query-core@5.85.5", "", {}, "sha512-KO0WTob4JEApv69iYp1eGvfMSUkgw//IpMnq+//cORBzXf0smyRwPLrUvEe5qtAEGjwZTXrjxg+oJNP/C00t6w=="],
+    "@tanstack/query-core": ["@tanstack/query-core@5.90.2", "", {}, "sha512-k/TcR3YalnzibscALLwxeiLUub6jN5EDLwKDiO7q5f4ICEoptJ+n9+7vcEFy5/x/i6Q+Lb/tXrsKCggf5uQJXQ=="],
-    "@tanstack/react-query": ["@tanstack/react-query@5.85.5", "", { "dependencies": { "@tanstack/query-core": "5.85.5" }, "peerDependencies": { "react": "^18 || ^19" } }, "sha512-/X4EFNcnPiSs8wM2v+b6DqS5mmGeuJQvxBglmDxl6ZQb5V26ouD2SJYAcC3VjbNwqhY2zjxVD15rDA5nGbMn3A=="],
+    "@tanstack/react-query": ["@tanstack/react-query@5.90.2", "", { "dependencies": { "@tanstack/query-core": "5.90.2" }, "peerDependencies": { "react": "^18 || ^19" } }, "sha512-CLABiR+h5PYfOWr/z+vWFt5VsOA2ekQeRQBFSKlcoW6Ndx/f8rfyVmq4LbgOM4GG2qtxAxjLYLOpCNTYm4uKzw=="],
    "@types/babel__core": ["@types/babel__core@7.20.5", "", { "dependencies": { "@babel/parser": "^7.20.7", "@babel/types": "^7.20.7", "@types/babel__generator": "*", "@types/babel__template": "*", "@types/babel__traverse": "*" } }, "sha512-qoQprZvz5wQFJwMDqeseRXWv3rqMvhgpbXFfVyWhbx9X47POIA6i/+dXefEmZKoAgOaTdaIgNSMqMIU61yRyzA=="],
@@ -357,37 +355,37 @@
    "@types/ms": ["@types/ms@2.1.0", "", {}, "sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA=="],
-    "@types/node": ["@types/node@24.3.0", "", { "dependencies": { "undici-types": "~7.10.0" } }, "sha512-aPTXCrfwnDLj4VvXrm+UUCQjNEvJgNA8s5F1cvwQU+3KNltTOkBm1j30uNLyqqPNe7gE3KFzImYoZEfLhp4Yow=="],
+    "@types/node": ["@types/node@24.7.0", "", { "dependencies": { "undici-types": "~7.14.0" } }, "sha512-IbKooQVqUBrlzWTi79E8Fw78l8k1RNtlDDNWsFZs7XonuQSJ8oNYfEeclhprUldXISRMLzBpILuKgPlIxm+/Yw=="],
-    "@types/react": ["@types/react@19.1.11", "", { "dependencies": { "csstype": "^3.0.2" } }, "sha512-lr3jdBw/BGj49Eps7EvqlUaoeA0xpj3pc0RoJkHpYaCHkVK7i28dKyImLQb3JVlqs3aYSXf7qYuWOW/fgZnTXQ=="],
+    "@types/react": ["@types/react@19.2.2", "", { "dependencies": { "csstype": "^3.0.2" } }, "sha512-6mDvHUFSjyT2B2yeNx2nUgMxh9LtOWvkhIU3uePn2I2oyNymUAX1NIsdgviM4CH+JSrp2D2hsMvJOkxY+0wNRA=="],
-    "@types/react-dom": ["@types/react-dom@19.1.8", "", { "peerDependencies": { "@types/react": "^19.0.0" } }, "sha512-xG7xaBMJCpcK0RpN8jDbAACQo54ycO6h4dSSmgv8+fu6ZIAdANkx/WsawASUjVXYfy+J9AbUpRMNNEsXCDfDBQ=="],
+    "@types/react-dom": ["@types/react-dom@19.2.1", "", { "peerDependencies": { "@types/react": "^19.2.0" } }, "sha512-/EEvYBdT3BflCWvTMO7YkYBHVE9Ci6XdqZciZANQgKpaiDRGOLIlRo91jbTNRQjgPFWVaRxcYc0luVNFitz57A=="],
    "@types/unist": ["@types/unist@3.0.3", "", {}, "sha512-ko/gIFJRv177XgZsZcBwnqJN5x/Gien8qNOn0D5bQU/zAzVf9Zt3BlcUiLqhV9y4ARk0GbT3tnUiPNgnTXzc/Q=="],
-    "@typescript-eslint/eslint-plugin": ["@typescript-eslint/eslint-plugin@8.41.0", "", { "dependencies": { "@eslint-community/regexpp": "^4.10.0", "@typescript-eslint/scope-manager": "8.41.0", "@typescript-eslint/type-utils": "8.41.0", "@typescript-eslint/utils": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0", "graphemer": "^1.4.0", "ignore": "^7.0.0", "natural-compare": "^1.4.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "@typescript-eslint/parser": "^8.41.0", "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-8fz6oa6wEKZrhXWro/S3n2eRJqlRcIa6SlDh59FXJ5Wp5XRZ8B9ixpJDcjadHq47hMx0u+HW6SNa6LjJQ6NLtw=="],
+    "@typescript-eslint/eslint-plugin": ["@typescript-eslint/eslint-plugin@8.46.0", "", { "dependencies": { "@eslint-community/regexpp": "^4.10.0", "@typescript-eslint/scope-manager": "8.46.0", "@typescript-eslint/type-utils": "8.46.0", "@typescript-eslint/utils": "8.46.0", "@typescript-eslint/visitor-keys": "8.46.0", "graphemer": "^1.4.0", "ignore": "^7.0.0", "natural-compare": "^1.4.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "@typescript-eslint/parser": "^8.46.0", "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-hA8gxBq4ukonVXPy0OKhiaUh/68D0E88GSmtC1iAEnGaieuDi38LhS7jdCHRLi6ErJBNDGCzvh5EnzdPwUc0DA=="],
-    "@typescript-eslint/parser": ["@typescript-eslint/parser@8.41.0", "", { "dependencies": { "@typescript-eslint/scope-manager": "8.41.0", "@typescript-eslint/types": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0", "debug": "^4.3.4" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-gTtSdWX9xiMPA/7MV9STjJOOYtWwIJIYxkQxnSV1U3xcE+mnJSH3f6zI0RYP+ew66WSlZ5ed+h0VCxsvdC1jJg=="],
+    "@typescript-eslint/parser": ["@typescript-eslint/parser@8.46.0", "", { "dependencies": { "@typescript-eslint/scope-manager": "8.46.0", "@typescript-eslint/types": "8.46.0", "@typescript-eslint/typescript-estree": "8.46.0", "@typescript-eslint/visitor-keys": "8.46.0", "debug": "^4.3.4" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-n1H6IcDhmmUEG7TNVSspGmiHHutt7iVKtZwRppD7e04wha5MrkV1h3pti9xQLcCMt6YWsncpoT0HMjkH1FNwWQ=="],
-    "@typescript-eslint/project-service": ["@typescript-eslint/project-service@8.41.0", "", { "dependencies": { "@typescript-eslint/tsconfig-utils": "^8.41.0", "@typescript-eslint/types": "^8.41.0", "debug": "^4.3.4" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-b8V9SdGBQzQdjJ/IO3eDifGpDBJfvrNTp2QD9P2BeqWTGrRibgfgIlBSw6z3b6R7dPzg752tOs4u/7yCLxksSQ=="],
+    "@typescript-eslint/project-service": ["@typescript-eslint/project-service@8.46.0", "", { "dependencies": { "@typescript-eslint/tsconfig-utils": "^8.46.0", "@typescript-eslint/types": "^8.46.0", "debug": "^4.3.4" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-OEhec0mH+U5Je2NZOeK1AbVCdm0ChyapAyTeXVIYTPXDJ3F07+cu87PPXcGoYqZ7M9YJVvFnfpGg1UmCIqM+QQ=="],
-    "@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.38.0", "", { "dependencies": { "@typescript-eslint/types": "8.38.0", "@typescript-eslint/visitor-keys": "8.38.0" } }, "sha512-WJw3AVlFFcdT9Ri1xs/lg8LwDqgekWXWhH3iAF+1ZM+QPd7oxQ6jvtW/JPwzAScxitILUIFs0/AnQ/UWHzbATQ=="],
+    "@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.45.0", "", { "dependencies": { "@typescript-eslint/types": "8.45.0", "@typescript-eslint/visitor-keys": "8.45.0" } }, "sha512-clmm8XSNj/1dGvJeO6VGH7EUSeA0FMs+5au/u3lrA3KfG8iJ4u8ym9/j2tTEoacAffdW1TVUzXO30W1JTJS7dA=="],
-    "@typescript-eslint/tsconfig-utils": ["@typescript-eslint/tsconfig-utils@8.41.0", "", { "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-TDhxYFPUYRFxFhuU5hTIJk+auzM/wKvWgoNYOPcOf6i4ReYlOoYN8q1dV5kOTjNQNJgzWN3TUUQMtlLOcUgdUw=="],
+    "@typescript-eslint/tsconfig-utils": ["@typescript-eslint/tsconfig-utils@8.46.0", "", { "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-WrYXKGAHY836/N7zoK/kzi6p8tXFhasHh8ocFL9VZSAkvH956gfeRfcnhs3xzRy8qQ/dq3q44v1jvQieMFg2cw=="],
-    "@typescript-eslint/type-utils": ["@typescript-eslint/type-utils@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0", "@typescript-eslint/utils": "8.41.0", "debug": "^4.3.4", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-63qt1h91vg3KsjVVonFJWjgSK7pZHSQFKH6uwqxAH9bBrsyRhO6ONoKyXxyVBzG1lJnFAJcKAcxLS54N1ee1OQ=="],
+    "@typescript-eslint/type-utils": ["@typescript-eslint/type-utils@8.46.0", "", { "dependencies": { "@typescript-eslint/types": "8.46.0", "@typescript-eslint/typescript-estree": "8.46.0", "@typescript-eslint/utils": "8.46.0", "debug": "^4.3.4", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-hy+lvYV1lZpVs2jRaEYvgCblZxUoJiPyCemwbQZ+NGulWkQRy0HRPYAoef/CNSzaLt+MLvMptZsHXHlkEilaeg=="],
-    "@typescript-eslint/types": ["@typescript-eslint/types@8.38.0", "", {}, "sha512-wzkUfX3plUqij4YwWaJyqhiPE5UCRVlFpKn1oCRn2O1bJ592XxWJj8ROQ3JD5MYXLORW84063z3tZTb/cs4Tyw=="],
+    "@typescript-eslint/types": ["@typescript-eslint/types@8.45.0", "", {}, "sha512-WugXLuOIq67BMgQInIxxnsSyRLFxdkJEJu8r4ngLR56q/4Q5LrbfkFRH27vMTjxEK8Pyz7QfzuZe/G15qQnVRA=="],
-    "@typescript-eslint/typescript-estree": ["@typescript-eslint/typescript-estree@8.41.0", "", { "dependencies": { "@typescript-eslint/project-service": "8.41.0", "@typescript-eslint/tsconfig-utils": "8.41.0", "@typescript-eslint/types": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-D43UwUYJmGhuwHfY7MtNKRZMmfd8+p/eNSfFe6tH5mbVDto+VQCayeAt35rOx3Cs6wxD16DQtIKw/YXxt5E0UQ=="],
+    "@typescript-eslint/typescript-estree": ["@typescript-eslint/typescript-estree@8.46.0", "", { "dependencies": { "@typescript-eslint/project-service": "8.46.0", "@typescript-eslint/tsconfig-utils": "8.46.0", "@typescript-eslint/types": "8.46.0", "@typescript-eslint/visitor-keys": "8.46.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-ekDCUfVpAKWJbRfm8T1YRrCot1KFxZn21oV76v5Fj4tr7ELyk84OS+ouvYdcDAwZL89WpEkEj2DKQ+qg//+ucg=="],
-    "@typescript-eslint/utils": ["@typescript-eslint/utils@8.38.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.38.0", "@typescript-eslint/types": "8.38.0", "@typescript-eslint/typescript-estree": "8.38.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <5.9.0" } }, "sha512-hHcMA86Hgt+ijJlrD8fX0j1j8w4C92zue/8LOPAFioIno+W0+L7KqE8QZKCcPGc/92Vs9x36w/4MPTJhqXdyvg=="],
+    "@typescript-eslint/utils": ["@typescript-eslint/utils@8.45.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.45.0", "@typescript-eslint/types": "8.45.0", "@typescript-eslint/typescript-estree": "8.45.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-bxi1ht+tLYg4+XV2knz/F7RVhU0k6VrSMc9sb8DQ6fyCTrGQLHfo7lDtN0QJjZjKkLA2ThrKuCdHEvLReqtIGg=="],
-    "@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-+GeGMebMCy0elMNg67LRNoVnUFPIm37iu5CmHESVx56/9Jsfdpsvbv605DQ81Pi/x11IdKUsS5nzgTYbCQU9fg=="],
+    "@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.46.0", "", { "dependencies": { "@typescript-eslint/types": "8.46.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-FrvMpAK+hTbFy7vH5j1+tMYHMSKLE6RzluFJlkFNKD0p9YsUT75JlBSmr5so3QRzvMwU5/bIEdeNrxm8du8l3Q=="],
    "@ungap/structured-clone": ["@ungap/structured-clone@1.3.0", "", {}, "sha512-WmoN8qaIAo7WTYWbAZuG8PYEhn5fkz7dZrqTBZ7dtt//lL2Gwms1IcnQ5yHqjDfX8Ft5j4YzDM23f87zBfDe9g=="],
-    "@vitejs/plugin-react": ["@vitejs/plugin-react@5.0.1", "", { "dependencies": { "@babel/core": "^7.28.3", "@babel/plugin-transform-react-jsx-self": "^7.27.1", "@babel/plugin-transform-react-jsx-source": "^7.27.1", "@rolldown/pluginutils": "1.0.0-beta.32", "@types/babel__core": "^7.20.5", "react-refresh": "^0.17.0" }, "peerDependencies": { "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0" } }, "sha512-DE4UNaBXwtVoDJ0ccBdLVjFTWL70NRuWNCxEieTI3lrq9ORB9aOCQEKstwDXBl87NvFdbqh/p7eINGyj0BthJA=="],
+    "@vitejs/plugin-react": ["@vitejs/plugin-react@5.0.4", "", { "dependencies": { "@babel/core": "^7.28.4", "@babel/plugin-transform-react-jsx-self": "^7.27.1", "@babel/plugin-transform-react-jsx-source": "^7.27.1", "@rolldown/pluginutils": "1.0.0-beta.38", "@types/babel__core": "^7.20.5", "react-refresh": "^0.17.0" }, "peerDependencies": { "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0" } }, "sha512-La0KD0vGkVkSk6K+piWDKRUyg8Rl5iAIKRMH0vMJI0Eg47bq1eOxmoObAaQG37WMW9MSyk7Cs8EIWwJC1PtzKA=="],
    "acorn": ["acorn@8.15.0", "", { "bin": { "acorn": "bin/acorn" } }, "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg=="],
@@ -403,7 +401,7 @@
    "asynckit": ["asynckit@0.4.0", "", {}, "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q=="],
-    "axios": ["axios@1.11.0", "", { "dependencies": { "follow-redirects": "^1.15.6", "form-data": "^4.0.4", "proxy-from-env": "^1.1.0" } }, "sha512-1Lx3WLFQWm3ooKDYZD1eXmoGO9fxYQjrycfHFC8P0sCfQVXyROp0p9PFWBehewBOdCwHc+f/b8I0fMto5eSfwA=="],
+    "axios": ["axios@1.12.2", "", { "dependencies": { "follow-redirects": "^1.15.6", "form-data": "^4.0.4", "proxy-from-env": "^1.1.0" } }, "sha512-vMJzPewAlRyOgxV2dU0Cuz2O8zzzx9VYtbJOaBgXFeLc4IV/Eg50n4LowmehOOR61S8ZMpc2K5Sa7g6A4jfkUw=="],
    "bail": ["bail@2.0.2", "", {}, "sha512-0xO6mYd7JB2YesxDKplafRpsiOzPt9V02ddPCLbY1xYGPOX24NTyN50qnUxgCPcSoYMhKpAuBTjQoRZCAkUDRw=="],
@@ -493,11 +491,11 @@
    "escape-string-regexp": ["escape-string-regexp@4.0.0", "", {}, "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA=="],
-    "eslint": ["eslint@9.34.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.12.1", "@eslint/config-array": "^0.21.0", "@eslint/config-helpers": "^0.3.1", "@eslint/core": "^0.15.2", "@eslint/eslintrc": "^3.3.1", "@eslint/js": "9.34.0", "@eslint/plugin-kit": "^0.3.5", "@humanfs/node": "^0.16.6", "@humanwhocodes/module-importer": "^1.0.1", "@humanwhocodes/retry": "^0.4.2", "@types/estree": "^1.0.6", "@types/json-schema": "^7.0.15", "ajv": "^6.12.4", "chalk": "^4.0.0", "cross-spawn": "^7.0.6", "debug": "^4.3.2", "escape-string-regexp": "^4.0.0", "eslint-scope": "^8.4.0", "eslint-visitor-keys": "^4.2.1", "espree": "^10.4.0", "esquery": "^1.5.0", "esutils": "^2.0.2", "fast-deep-equal": "^3.1.3", "file-entry-cache": "^8.0.0", "find-up": "^5.0.0", "glob-parent": "^6.0.2", "ignore": "^5.2.0", "imurmurhash": "^0.1.4", "is-glob": "^4.0.0", "json-stable-stringify-without-jsonify": "^1.0.1", "lodash.merge": "^4.6.2", "minimatch": "^3.1.2", "natural-compare": "^1.4.0", "optionator": "^0.9.3" }, "peerDependencies": { "jiti": "*" }, "optionalPeers": ["jiti"], "bin": { "eslint": "bin/eslint.js" } }, "sha512-RNCHRX5EwdrESy3Jc9o8ie8Bog+PeYvvSR8sDGoZxNFTvZ4dlxUB3WzQ3bQMztFrSRODGrLLj8g6OFuGY/aiQg=="],
+    "eslint": ["eslint@9.37.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.8.0", "@eslint-community/regexpp": "^4.12.1", "@eslint/config-array": "^0.21.0", "@eslint/config-helpers": "^0.4.0", "@eslint/core": "^0.16.0", "@eslint/eslintrc": "^3.3.1", "@eslint/js": "9.37.0", "@eslint/plugin-kit": "^0.4.0", "@humanfs/node": "^0.16.6", "@humanwhocodes/module-importer": "^1.0.1", "@humanwhocodes/retry": "^0.4.2", "@types/estree": "^1.0.6", "@types/json-schema": "^7.0.15", "ajv": "^6.12.4", "chalk": "^4.0.0", "cross-spawn": "^7.0.6", "debug": "^4.3.2", "escape-string-regexp": "^4.0.0", "eslint-scope": "^8.4.0", "eslint-visitor-keys": "^4.2.1", "espree": "^10.4.0", "esquery": "^1.5.0", "esutils": "^2.0.2", "fast-deep-equal": "^3.1.3", "file-entry-cache": "^8.0.0", "find-up": "^5.0.0", "glob-parent": "^6.0.2", "ignore": "^5.2.0", "imurmurhash": "^0.1.4", "is-glob": "^4.0.0", "json-stable-stringify-without-jsonify": "^1.0.1", "lodash.merge": "^4.6.2", "minimatch": "^3.1.2", "natural-compare": "^1.4.0", "optionator": "^0.9.3" }, "peerDependencies": { "jiti": "*" }, "optionalPeers": ["jiti"], "bin": { "eslint": "bin/eslint.js" } }, "sha512-XyLmROnACWqSxiGYArdef1fItQd47weqB7iwtfr9JHwRrqIXZdcFMvvEcL9xHCmL0SNsOvF0c42lWyM1U5dgig=="],
-    "eslint-plugin-react-hooks": ["eslint-plugin-react-hooks@5.2.0", "", { "peerDependencies": { "eslint": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-0 || ^9.0.0" } }, "sha512-+f15FfK64YQwZdJNELETdn5ibXEUQmW1DZL6KXhNnc2heoy/sg9VJJeT7n8TlMWouzWqSWavFkIhHyIbIAEapg=="],
+    "eslint-plugin-react-hooks": ["eslint-plugin-react-hooks@6.1.1", "", { "dependencies": { "@babel/core": "^7.24.4", "@babel/parser": "^7.24.4", "zod": "^3.22.4 || ^4.0.0", "zod-validation-error": "^3.0.3 || ^4.0.0" }, "peerDependencies": { "eslint": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-0 || ^9.0.0" } }, "sha512-St9EKZzOAQF704nt2oJvAKZHjhrpg25ClQoaAlHmPZuajFldVLqRDW4VBNAS01NzeiQF0m0qhG1ZA807K6aVaQ=="],
-    "eslint-plugin-react-refresh": ["eslint-plugin-react-refresh@0.4.20", "", { "peerDependencies": { "eslint": ">=8.40" } }, "sha512-XpbHQ2q5gUF8BGOX4dHe+71qoirYMhApEPZ7sfhF/dNnOF1UXnCMGZf79SFTBO7Bz5YEIT4TMieSlJBWhP9WBA=="],
+    "eslint-plugin-react-refresh": ["eslint-plugin-react-refresh@0.4.23", "", { "peerDependencies": { "eslint": ">=8.40" } }, "sha512-G4j+rv0NmbIR45kni5xJOrYvCtyD3/7LjpVH8MPPcudXDcNu8gv+4ATTDXTtbRR8rTCM5HxECvCSsRmxKnWDsA=="],
    "eslint-scope": ["eslint-scope@8.4.0", "", { "dependencies": { "esrecurse": "^4.3.0", "estraverse": "^5.2.0" } }, "sha512-sNXOfKCn74rt8RICKMvJS7XKV/Xk9kA7DyJr8mJik3S7Cwgy3qlkkmyS2uQB3jiJg6VNdZd/pDBJu0nvG2NlTg=="],
@@ -557,7 +555,7 @@
    "glob-parent": ["glob-parent@6.0.2", "", { "dependencies": { "is-glob": "^4.0.3" } }, "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A=="],
-    "globals": ["globals@16.3.0", "", {}, "sha512-bqWEnJ1Nt3neqx2q5SFfGS8r/ahumIakg3HcwtNlrVlwXIeNumWn/c7Pn/wKzGhf6SaW6H6uWXLqC30STCMchQ=="],
+    "globals": ["globals@16.4.0", "", {}, "sha512-ob/2LcVVaVGCYN+r14cnwnoDPUufjiYgSqRhiFD0Q1iI4Odora5RE8Iv1D24hAz5oMophRGkGz+yuvQmmUMnMw=="],
    "gopd": ["gopd@1.2.0", "", {}, "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg=="],
@@ -581,7 +579,7 @@
    "html-url-attributes": ["html-url-attributes@3.0.1", "", {}, "sha512-ol6UPyBWqsrO6EJySPz2O7ZSr856WDrEzM5zMqp+FJJLGMW35cLYmmZnl0vztAZxRUoNZJFTCohfjuIJ8I4QBQ=="],
-    "i18next": ["i18next@25.4.2", "", { "dependencies": { "@babel/runtime": "^7.27.6" }, "peerDependencies": { "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-gD4T25a6ovNXsfXY1TwHXXXLnD/K2t99jyYMCSimSCBnBRJVQr5j+VAaU83RJCPzrTGhVQ6dqIga66xO2rtd5g=="],
+    "i18next": ["i18next@25.5.3", "", { "dependencies": { "@babel/runtime": "^7.27.6" }, "peerDependencies": { "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-joFqorDeQ6YpIXni944upwnuHBf5IoPMuqAchGVeQLdWC2JOjxgM9V8UGLhNIIH/Q8QleRxIi0BSRQehSrDLcg=="],
    "i18next-browser-languagedetector": ["i18next-browser-languagedetector@8.2.0", "", { "dependencies": { "@babel/runtime": "^7.23.2" } }, "sha512-P+3zEKLnOF0qmiesW383vsLdtQVyKtCNA9cjSoKCppTKPQVfKd2W8hbVo5ZhNJKDqeM7BOcvNoKJOjpHh4Js9g=="],
@@ -665,9 +663,9 @@
    "lru-cache": ["lru-cache@5.1.1", "", { "dependencies": { "yallist": "^3.0.2" } }, "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w=="],
-    "lucide-react": ["lucide-react@0.541.0", "", { "peerDependencies": { "react": "^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-s0Vircsu5WaGv2KoJZ5+SoxiAJ3UXV5KqEM3eIFDHaHkcLIFdIWgXtZ412+Gh02UsdS7Was+jvEpBvPCWQISlg=="],
+    "lucide-react": ["lucide-react@0.545.0", "", { "peerDependencies": { "react": "^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-7r1/yUuflQDSt4f1bpn5ZAocyIxcTyVyBBChSVtBKn5M+392cPmI5YJMWOJKk/HUWGm5wg83chlAZtCcGbEZtw=="],
-    "magic-string": ["magic-string@0.30.17", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.0" } }, "sha512-sNPKHvyjVf7gyjwS4xGTaW/mCnF8wnjtifKBEhxfZ7E/S8tQ0rssrwGNn6q8JH/ohItJfSQp9mBtQYuTlH5QnA=="],
+    "magic-string": ["magic-string@0.30.19", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.5" } }, "sha512-2N21sPY9Ws53PZvsEpVtNuSW+ScYbQdp4b9qUaL+9QkHUrGFKo56Lg9Emg5s9V/qrtNBmiR01sYhUOwu3H+VOw=="],
    "math-intrinsics": ["math-intrinsics@1.1.0", "", {}, "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g=="],
@@ -741,9 +739,7 @@
    "minipass": ["minipass@7.1.2", "", {}, "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw=="],
-    "minizlib": ["minizlib@3.0.2", "", { "dependencies": { "minipass": "^7.1.2" } }, "sha512-oG62iEk+CYt5Xj2YqI5Xi9xWUeZhDI8jjQmC5oThVH5JGCTgIjr7ciJDzC7MBzYd//WvR1OTmP5Q38Q8ShQtVA=="],
+    "minizlib": ["minizlib@3.1.0", "", { "dependencies": { "minipass": "^7.1.2" } }, "sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw=="],
    "mkdirp": ["mkdirp@3.0.1", "", { "bin": { "mkdirp": "dist/cjs/src/bin.js" } }, "sha512-+NsyUUAZDmo6YVHzL/stxSu3t9YS1iljliy3BSDrXJ/dkn1KYdmtZODGGjLcc9XLgVVpH4KshHB8XmZgMhaBXg=="],
    "ms": ["ms@2.1.3", "", {}, "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="],
@@ -787,13 +783,13 @@
    "queue-microtask": ["queue-microtask@1.2.3", "", {}, "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A=="],
-    "react": ["react@19.1.1", "", {}, "sha512-w8nqGImo45dmMIfljjMwOGtbmC/mk4CMYhWIicdSflH91J9TyCyczcPFXJzrZ/ZXcgGRFeP6BU0BEJTw6tZdfQ=="],
+    "react": ["react@19.2.0", "", {}, "sha512-tmbWg6W31tQLeB5cdIBOicJDJRR2KzXsV7uSK9iNfLWQ5bIZfxuPEHp7M8wiHyHnn0DD1i7w3Zmin0FtkrwoCQ=="],
-    "react-dom": ["react-dom@19.1.1", "", { "dependencies": { "scheduler": "^0.26.0" }, "peerDependencies": { "react": "^19.1.1" } }, "sha512-Dlq/5LAZgF0Gaz6yiqZCf6VCcZs1ghAJyrsu84Q/GT0gV+mCxbfmKNoGRKBYMJ8IEdGPqu49YWXD02GCknEDkw=="],
+    "react-dom": ["react-dom@19.2.0", "", { "dependencies": { "scheduler": "^0.27.0" }, "peerDependencies": { "react": "^19.2.0" } }, "sha512-UlbRu4cAiGaIewkPyiRGJk0imDN2T3JjieT6spoL2UeSf5od4n5LB/mQ4ejmxhCFT1tYe8IvaFulzynWovsEFQ=="],
-    "react-hook-form": ["react-hook-form@7.62.0", "", { "peerDependencies": { "react": "^16.8.0 || ^17 || ^18 || ^19" } }, "sha512-7KWFejc98xqG/F4bAxpL41NB3o1nnvQO1RWZT3TqRZYL8RryQETGfEdVnJN2fy1crCiBLLjkRBVK05j24FxJGA=="],
+    "react-hook-form": ["react-hook-form@7.64.0", "", { "peerDependencies": { "react": "^16.8.0 || ^17 || ^18 || ^19" } }, "sha512-fnN+vvTiMLnRqKNTVhDysdrUay0kUUAymQnFIznmgDvapjveUWOOPqMNzPg+A+0yf9DuE2h6xzBjN1s+Qx8wcg=="],
-    "react-i18next": ["react-i18next@15.7.2", "", { "dependencies": { "@babel/runtime": "^7.27.6", "html-parse-stringify": "^3.0.1" }, "peerDependencies": { "i18next": ">= 25.4.1", "react": ">= 16.8.0", "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-xJxq7ibnhUlMvd82lNC4te1GxGUMoM1A05KKyqoqsBXVZtEvZg/fz/fnVzdlY/hhQ3SpP/79qCocZOtICGhd3g=="],
+    "react-i18next": ["react-i18next@16.0.0", "", { "dependencies": { "@babel/runtime": "^7.27.6", "html-parse-stringify": "^3.0.1" }, "peerDependencies": { "i18next": ">= 25.5.2", "react": ">= 16.8.0", "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-JQ+dFfLnFSKJQt7W01lJHWRC0SX7eDPobI+MSTJ3/gP39xH2g33AuTE7iddAfXYHamJdAeMGM0VFboPaD3G68Q=="],
    "react-markdown": ["react-markdown@10.1.0", "", { "dependencies": { "@types/hast": "^3.0.0", "@types/mdast": "^4.0.0", "devlop": "^1.0.0", "hast-util-to-jsx-runtime": "^2.0.0", "html-url-attributes": "^3.0.0", "mdast-util-to-hast": "^13.0.0", "remark-parse": "^11.0.0", "remark-rehype": "^11.0.0", "unified": "^11.0.0", "unist-util-visit": "^5.0.0", "vfile": "^6.0.0" }, "peerDependencies": { "@types/react": ">=18", "react": ">=18" } }, "sha512-qKxVopLT/TyA6BX3Ue5NwabOsAzm0Q7kAPwq6L+wWDwisYs7R8vZ0nRXqq6rkueboxpkjvLGU9fWifiX/ZZFxQ=="],
@@ -803,7 +799,7 @@
    "react-remove-scroll-bar": ["react-remove-scroll-bar@2.3.8", "", { "dependencies": { "react-style-singleton": "^2.2.2", "tslib": "^2.0.0" }, "peerDependencies": { "@types/react": "*", "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" }, "optionalPeers": ["@types/react"] }, "sha512-9r+yi9+mgU33AKcj6IbT9oRCO78WriSj6t/cF8DWBZJ9aOGPOTEDvdUDz1FwKim7QXWwmHqtdHnRJfhAxEG46Q=="],
-    "react-router": ["react-router@7.8.2", "", { "dependencies": { "cookie": "^1.0.1", "set-cookie-parser": "^2.6.0" }, "peerDependencies": { "react": ">=18", "react-dom": ">=18" }, "optionalPeers": ["react-dom"] }, "sha512-7M2fR1JbIZ/jFWqelpvSZx+7vd7UlBTfdZqf6OSdF9g6+sfdqJDAWcak6ervbHph200ePlu+7G8LdoiC3ReyAQ=="],
+    "react-router": ["react-router@7.9.3", "", { "dependencies": { "cookie": "^1.0.1", "set-cookie-parser": "^2.6.0" }, "peerDependencies": { "react": ">=18", "react-dom": ">=18" }, "optionalPeers": ["react-dom"] }, "sha512-4o2iWCFIwhI/eYAIL43+cjORXYn/aRQPgtFRRZb3VzoyQ5Uej0Bmqj7437L97N9NJW4wnicSwLOLS+yCXfAPgg=="],
    "react-style-singleton": ["react-style-singleton@2.2.3", "", { "dependencies": { "get-nonce": "^1.0.0", "tslib": "^2.0.0" }, "peerDependencies": { "@types/react": "*", "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react"] }, "sha512-b6jSvxvVnyptAiLjbkWLE/lOnR4lfTtDAl+eUC7RZy+QQWc6wRzIV2CE6xBuMmDxc2qIihtDCZD5NPOFl7fRBQ=="],
@@ -819,7 +815,7 @@
    "run-parallel": ["run-parallel@1.2.0", "", { "dependencies": { "queue-microtask": "^1.2.2" } }, "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA=="],
-    "scheduler": ["scheduler@0.26.0", "", {}, "sha512-NlHwttCI/l5gCPR3D1nNXtWABUmBwvZpEQiD4IXSbIDq8BzLIK/7Ir5gTFSGZDUu37K5cMNp0hFtzO38sC7gWA=="],
+    "scheduler": ["scheduler@0.27.0", "", {}, "sha512-eNv+WrVbKu1f3vbYJT/xtiF5syA5HPIMtf9IgY/nKg0sWqzAUEvqY/xm7OcZc/qafLx/iO9FgOmeSAp4v5ti/Q=="],
    "semver": ["semver@6.3.1", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA=="],
@@ -847,13 +843,13 @@
    "tailwind-merge": ["tailwind-merge@3.3.1", "", {}, "sha512-gBXpgUm/3rp1lMZZrM/w7D8GKqshif0zAymAhbCyIt8KMe+0v9DQ7cdYLR4FHH/cKpdTXb+A/tKKU3eolfsI+g=="],
-    "tailwindcss": ["tailwindcss@4.1.12", "", {}, "sha512-DzFtxOi+7NsFf7DBtI3BJsynR+0Yp6etH+nRPTbpWnS2pZBaSksv/JGctNwSWzbFjp0vxSqknaUylseZqMDGrA=="],
+    "tailwindcss": ["tailwindcss@4.1.14", "", {}, "sha512-b7pCxjGO98LnxVkKjaZSDeNuljC4ueKUddjENJOADtubtdo8llTaJy7HwBMeLNSSo2N5QIAgklslK1+Ir8r6CA=="],
    "tapable": ["tapable@2.2.1", "", {}, "sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ=="],
-    "tar": ["tar@7.4.3", "", { "dependencies": { "@isaacs/fs-minipass": "^4.0.0", "chownr": "^3.0.0", "minipass": "^7.1.2", "minizlib": "^3.0.1", "mkdirp": "^3.0.1", "yallist": "^5.0.0" } }, "sha512-5S7Va8hKfV7W5U6g3aYxXmlPoZVAwUMy9AOKyF2fVuZa2UD3qZjg578OrLRt8PcNN1PleVaL/5/yYATNL0ICUw=="],
+    "tar": ["tar@7.5.1", "", { "dependencies": { "@isaacs/fs-minipass": "^4.0.0", "chownr": "^3.0.0", "minipass": "^7.1.2", "minizlib": "^3.1.0", "yallist": "^5.0.0" } }, "sha512-nlGpxf+hv0v7GkWBK2V9spgactGOp0qvfWRxUMjqHyzrt3SgwE48DIv/FhqPHJYLHpgW1opq3nERbz5Anq7n1g=="],
-    "tinyglobby": ["tinyglobby@0.2.14", "", { "dependencies": { "fdir": "^6.4.4", "picomatch": "^4.0.2" } }, "sha512-tX5e7OM1HnYr2+a2C/4V0htOcSQcoSTH9KgJnVvNm5zm/cyEWKJ7j7YutsH9CxMdtOkkLFy2AHrMci9IM8IPZQ=="],
+    "tinyglobby": ["tinyglobby@0.2.15", "", { "dependencies": { "fdir": "^6.5.0", "picomatch": "^4.0.3" } }, "sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ=="],
    "to-regex-range": ["to-regex-range@5.0.1", "", { "dependencies": { "is-number": "^7.0.0" } }, "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ=="],
@@ -865,15 +861,15 @@
    "tslib": ["tslib@2.8.1", "", {}, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],
-    "tw-animate-css": ["tw-animate-css@1.3.7", "", {}, "sha512-lvLb3hTIpB5oGsk8JmLoAjeCHV58nKa2zHYn8yWOoG5JJusH3bhJlF2DLAZ/5NmJ+jyH3ssiAx/2KmbhavJy/A=="],
+    "tw-animate-css": ["tw-animate-css@1.4.0", "", {}, "sha512-7bziOlRqH0hJx80h/3mbicLW7o8qLsH5+RaLR2t+OHM3D0JlWGODQKQ4cxbK7WlvmUxpcj6Kgu6EKqjrGFe3QQ=="],
    "type-check": ["type-check@0.4.0", "", { "dependencies": { "prelude-ls": "^1.2.1" } }, "sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew=="],
-    "typescript": ["typescript@5.9.2", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-CWBzXQrc/qOkhidw1OzBTQuYRbfyxDXJMVJ1XNwUHGROVmuaeiEm3OslpZ1RV96d7SKKjZKrSJu3+t/xlw3R9A=="],
+    "typescript": ["typescript@5.9.3", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw=="],
-    "typescript-eslint": ["typescript-eslint@8.41.0", "", { "dependencies": { "@typescript-eslint/eslint-plugin": "8.41.0", "@typescript-eslint/parser": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0", "@typescript-eslint/utils": "8.41.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-n66rzs5OBXW3SFSnZHr2T685q1i4ODm2nulFJhMZBotaTavsS8TrI3d7bDlRSs9yWo7HmyWrN9qDu14Qv7Y0Dw=="],
+    "typescript-eslint": ["typescript-eslint@8.46.0", "", { "dependencies": { "@typescript-eslint/eslint-plugin": "8.46.0", "@typescript-eslint/parser": "8.46.0", "@typescript-eslint/typescript-estree": "8.46.0", "@typescript-eslint/utils": "8.46.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-6+ZrB6y2bT2DX3K+Qd9vn7OFOJR+xSLDj+Aw/N3zBwUt27uTw2sw2TE2+UcY1RiyBZkaGbTkVg9SSdPNUG6aUw=="],
-    "undici-types": ["undici-types@7.10.0", "", {}, "sha512-t5Fy/nfn+14LuOc2KNYg75vZqClpAiqscVvMygNnlsHBFpSXdJaYtXMcdNLpl/Qvc3P2cB3s6lOV51nqsFq4ag=="],
+    "undici-types": ["undici-types@7.14.0", "", {}, "sha512-QQiYxHuyZ9gQUIrmPo3IA+hUl4KYk8uSA7cHrcKd/l3p1OTpZcM0Tbp9x7FAtXdAYhlasd60ncPpgu6ihG6TOA=="],
    "unified": ["unified@11.0.5", "", { "dependencies": { "@types/unist": "^3.0.0", "bail": "^2.0.0", "devlop": "^1.0.0", "extend": "^3.0.0", "is-plain-obj": "^4.0.0", "trough": "^2.0.0", "vfile": "^6.0.0" } }, "sha512-xKvGhPWw3k84Qjh8bI3ZeJjqnyadK+GEFtazSfZv/rKeTkTjOJho6mFqh2SM96iIcZokxiOpg78GazTSg8+KHA=="],
@@ -899,7 +895,7 @@
    "vfile-message": ["vfile-message@4.0.2", "", { "dependencies": { "@types/unist": "^3.0.0", "unist-util-stringify-position": "^4.0.0" } }, "sha512-jRDZ1IMLttGj41KcZvlrYAaI3CfqpLpfpf+Mfig13viT6NKvRzWZ+lXz0Y5D60w6uJIBAOGq9mSHf0gktF0duw=="],
-    "vite": ["vite@7.1.3", "", { "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.5.0", "picomatch": "^4.0.3", "postcss": "^8.5.6", "rollup": "^4.43.0", "tinyglobby": "^0.2.14" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "jiti": ">=1.21.0", "less": "^4.0.0", "lightningcss": "^1.21.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-OOUi5zjkDxYrKhTV3V7iKsoS37VUM7v40+HuwEmcrsf11Cdx9y3DIr2Px6liIcZFwt3XSRpQvFpL3WVy7ApkGw=="],
+    "vite": ["vite@7.1.9", "", { "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.5.0", "picomatch": "^4.0.3", "postcss": "^8.5.6", "rollup": "^4.43.0", "tinyglobby": "^0.2.15" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "jiti": ">=1.21.0", "less": "^4.0.0", "lightningcss": "^1.21.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-4nVGliEpxmhCL8DslSAUdxlB6+SMrhB0a1v5ijlh1xB1nEPuy1mxaHxysVucLHuWryAxLWg6a5ei+U4TLn/rFg=="],
    "void-elements": ["void-elements@3.1.0", "", {}, "sha512-Dhxzh5HZuiHQhbvTW9AMetFfBHDMYpo23Uo9btPXgdYP+3T5S+p+jgNy7spra+veYhBP2dCSgxR/i2Y02h5/6w=="],
@@ -911,18 +907,22 @@
    "yocto-queue": ["yocto-queue@0.1.0", "", {}, "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q=="],
-    "zod": ["zod@4.1.3", "", {}, "sha512-1neef4bMce1hNTrxvHVKxWjKfGDn0oAli3Wy1Uwb7TRO1+wEwoZUZNP1NXIEESybOBiFnBOhI6a4m6tCLE8dog=="],
+    "zod": ["zod@4.1.12", "", {}, "sha512-JInaHOamG8pt5+Ey8kGmdcAcg3OL9reK8ltczgHTAwNhMys/6ThXHityHxVV2p3fkw/c+MAvBHFVYHFZDmjMCQ=="],
    "zod-validation-error": ["zod-validation-error@4.0.2", "", { "peerDependencies": { "zod": "^3.25.0 || ^4.0.0" } }, "sha512-Q6/nZLe6jxuU80qb/4uJ4t5v2VEZ44lzQjPDhYJNztRQ4wyWc6VF3D3Kb/fAuPetZQnhS3hnajCf9CsWesghLQ=="],
    "zwitch": ["zwitch@2.0.4", "", {}, "sha512-bXE4cR/kVZhKZX/RjPEflHaKVhUVl85noU3v6b8apfQEc1x4A+zBxjZ4lN8LqGd6WZ3dl98pY4o717VFmoPp+A=="],
-    "@babel/generator/@jridgewell/gen-mapping": ["@jridgewell/gen-mapping@0.3.12", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.0", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-OuLGC46TjB5BbN1dH8JULVVZY4WTdkF7tV9Ys6wLL1rubZnCMstOhNHueU5bLCrnRuDhKPDM4g6sw4Bel5Gzqg=="],
+    "@babel/generator/@babel/parser": ["@babel/parser@7.28.3", "", { "dependencies": { "@babel/types": "^7.28.2" }, "bin": "./bin/babel-parser.js" }, "sha512-7+Ey1mAgYqFAx2h0RuoxcQT5+MlG3GTV0TQrgr7/ZliKsm/MNDxVVutlWaziMq7wJNAz8MTqz55XLpWvva6StA=="],
-    "@babel/generator/@jridgewell/trace-mapping": ["@jridgewell/trace-mapping@0.3.29", "", { "dependencies": { "@jridgewell/resolve-uri": "^3.1.0", "@jridgewell/sourcemap-codec": "^1.4.14" } }, "sha512-uw6guiW/gcAGPDhLmd77/6lW8QLeiV5RUTsAX46Db6oLhGaVj4lhnPwb184s1bkc8kdVg/+h988dro8GRDpmYQ=="],
+    "@babel/generator/@babel/types": ["@babel/types@7.28.2", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-ruv7Ae4J5dUYULmeXw1gmb7rYRz57OWCPM57pHojnLq/3Z1CK2lNSLTCVjxVk1F/TZHwOZZrOWi0ur95BbLxNQ=="],
    "@babel/helper-module-imports/@babel/traverse": ["@babel/traverse@7.27.1", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.27.1", "@babel/parser": "^7.27.1", "@babel/template": "^7.27.1", "@babel/types": "^7.27.1", "debug": "^4.3.1", "globals": "^11.1.0" } }, "sha512-ZCYtZciz1IWJB4U61UPu4KEaqyfj+r5T1Q5mqPo+IBpcG9kHv30Z0aD8LXPgC1trYa6rK0orRyAhqUgk4MjmEg=="],
    "@babel/helper-module-imports/@babel/types": ["@babel/types@7.27.1", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-+EzkxvLNfiUeKMgy/3luqfsCWFRXLb7U6wNQTk60tovuckwB15B191tJWvpp4HjiQWdJkCxO3Wbvc6jlk3Xb2Q=="],
    "@babel/helper-module-transforms/@babel/traverse": ["@babel/traverse@7.28.3", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.3", "@babel/helper-globals": "^7.28.0", "@babel/parser": "^7.28.3", "@babel/template": "^7.27.2", "@babel/types": "^7.28.2", "debug": "^4.3.1" } }, "sha512-7w4kZYHneL3A6NP2nxzHvT3HCZ7puDZZjFMqDpBPECub79sTtSO5CGXDkKrTQq8ksAwfD/XI2MRFX23njdDaIQ=="],
    "@babel/template/@babel/parser": ["@babel/parser@7.27.2", "", { "dependencies": { "@babel/types": "^7.27.1" }, "bin": "./bin/babel-parser.js" }, "sha512-QYLs8299NA7WM/bZAdp+CviYYkVoYXlDW2rzliy3chxd1PQjej7JORuMJDJXJUb9g0TT+B99EwaVLKmX+sPXWw=="],
    "@babel/template/@babel/types": ["@babel/types@7.27.1", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-+EzkxvLNfiUeKMgy/3luqfsCWFRXLb7U6wNQTk60tovuckwB15B191tJWvpp4HjiQWdJkCxO3Wbvc6jlk3Xb2Q=="],
@@ -935,21 +935,21 @@
    "@humanfs/node/@humanwhocodes/retry": ["@humanwhocodes/retry@0.3.1", "", {}, "sha512-JBxkERygn7Bv/GbN5Rv8Ul6LVknS+5Bp6RgDC/O8gEBU/yeH5Ui5C/OlWrTb6qct7LjjfT6Re2NxB0ln0yYybA=="],
-    "@jridgewell/remapping/@jridgewell/gen-mapping": ["@jridgewell/gen-mapping@0.3.12", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.0", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-OuLGC46TjB5BbN1dH8JULVVZY4WTdkF7tV9Ys6wLL1rubZnCMstOhNHueU5bLCrnRuDhKPDM4g6sw4Bel5Gzqg=="],
+    "@jridgewell/gen-mapping/@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],
-    "@jridgewell/remapping/@jridgewell/trace-mapping": ["@jridgewell/trace-mapping@0.3.29", "", { "dependencies": { "@jridgewell/resolve-uri": "^3.1.0", "@jridgewell/sourcemap-codec": "^1.4.14" } }, "sha512-uw6guiW/gcAGPDhLmd77/6lW8QLeiV5RUTsAX46Db6oLhGaVj4lhnPwb184s1bkc8kdVg/+h988dro8GRDpmYQ=="],
+    "@jridgewell/trace-mapping/@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],
-    "@tailwindcss/node/jiti": ["jiti@2.5.1", "", { "bin": { "jiti": "lib/jiti-cli.mjs" } }, "sha512-twQoecYPiVA5K/h6SxtORw/Bs3ar+mLUtoPSc7iMXzQzK8d7eJ/R09wmTwAjiamETn1cXYPGfNnu7DMoHgu12w=="],
+    "@tailwindcss/node/jiti": ["jiti@2.6.1", "", { "bin": { "jiti": "lib/jiti-cli.mjs" } }, "sha512-ekilCSN1jwRvIbgeg/57YFh8qQDNbwDb9xT/qu2DAHbFFZUicIl4ygVaAvzveMhMVr3LnpSKTNnwt8PoOfmKhQ=="],
-    "@tailwindcss/oxide-wasm32-wasi/@emnapi/core": ["@emnapi/core@1.4.5", "", { "dependencies": { "@emnapi/wasi-threads": "1.0.4", "tslib": "^2.4.0" }, "bundled": true }, "sha512-XsLw1dEOpkSX/WucdqUhPWP7hDxSvZiY+fsUC14h+FtQ2Ifni4znbBt8punRX+Uj2JG/uDb8nEHVKvrVlvdZ5Q=="],
+    "@tailwindcss/oxide-wasm32-wasi/@emnapi/core": ["@emnapi/core@1.5.0", "", { "dependencies": { "@emnapi/wasi-threads": "1.1.0", "tslib": "^2.4.0" }, "bundled": true }, "sha512-sbP8GzB1WDzacS8fgNPpHlp6C9VZe+SJP3F90W9rLemaQj2PzIuTEl1qDOYQf58YIpyjViI24y9aPWCjEzY2cg=="],
-    "@tailwindcss/oxide-wasm32-wasi/@emnapi/runtime": ["@emnapi/runtime@1.4.5", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-++LApOtY0pEEz1zrd9vy1/zXVaVJJ/EbAF3u0fXIzPJEDtnITsBGbbK0EkM72amhl/R5b+5xx0Y/QhcVOpuulg=="],
+    "@tailwindcss/oxide-wasm32-wasi/@emnapi/runtime": ["@emnapi/runtime@1.5.0", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-97/BJ3iXHww3djw6hYIfErCZFee7qCtrneuLa20UXFCOTCfBM2cvQHjWJ2EG0s0MtdNwInarqCTz35i4wWXHsQ=="],
-    "@tailwindcss/oxide-wasm32-wasi/@emnapi/wasi-threads": ["@emnapi/wasi-threads@1.0.4", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-PJR+bOmMOPH8AtcTGAyYNiuJ3/Fcoj2XN/gBEWzDIKh254XO+mM9XoXHk5GNEhodxeMznbg7BlRojVbKN+gC6g=="],
+    "@tailwindcss/oxide-wasm32-wasi/@emnapi/wasi-threads": ["@emnapi/wasi-threads@1.1.0", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-WI0DdZ8xFSbgMjR1sFsKABJ/C5OnRrjT06JXbZKexJGrDuPTzZdDYfFlsgcCXCyf+suG5QU2e/y1Wo2V/OapLQ=="],
-    "@tailwindcss/oxide-wasm32-wasi/@napi-rs/wasm-runtime": ["@napi-rs/wasm-runtime@0.2.12", "", { "dependencies": { "@emnapi/core": "^1.4.3", "@emnapi/runtime": "^1.4.3", "@tybys/wasm-util": "^0.10.0" }, "bundled": true }, "sha512-ZVWUcfwY4E/yPitQJl481FjFo3K22D6qF0DuFH6Y/nbnE11GY5uguDxZMGXPQ8WQ0128MXQD7TnfHyK4oWoIJQ=="],
+    "@tailwindcss/oxide-wasm32-wasi/@napi-rs/wasm-runtime": ["@napi-rs/wasm-runtime@1.0.5", "", { "dependencies": { "@emnapi/core": "^1.5.0", "@emnapi/runtime": "^1.5.0", "@tybys/wasm-util": "^0.10.1" }, "bundled": true }, "sha512-TBr9Cf9onSAS2LQ2+QHx6XcC6h9+RIzJgbqG3++9TUZSH204AwEy5jg3BTQ0VATsyoGj4ee49tN/y6rvaOOtcg=="],
-    "@tailwindcss/oxide-wasm32-wasi/@tybys/wasm-util": ["@tybys/wasm-util@0.10.0", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-VyyPYFlOMNylG45GoAe0xDoLwWuowvf92F9kySqzYh8vmYm7D2u4iUJKa1tOUpS70Ku13ASrOkS4ScXFsTaCNQ=="],
+    "@tailwindcss/oxide-wasm32-wasi/@tybys/wasm-util": ["@tybys/wasm-util@0.10.1", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-9tTaPJLSiejZKx+Bmog4uSubteqTvFrVrURwkmHixBo0G4seD0zUxp98E1DzUBJxLQ3NPwXrGKDiVjwx/DpPsg=="],
    "@tailwindcss/oxide-wasm32-wasi/tslib": ["tslib@2.8.1", "", { "bundled": true }, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],
@@ -967,33 +967,35 @@
    "@types/estree-jsx/@types/estree": ["@types/estree@1.0.7", "", {}, "sha512-w28IoSUCJpidD/TGviZwwMJckNESJZXFu7NBZ5YJ4mEUnNraUn9Pm8HSZm/jDF1pDWYKspWE7oVphigUPRakIQ=="],
-    "@typescript-eslint/eslint-plugin/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0" } }, "sha512-n6m05bXn/Cd6DZDGyrpXrELCPVaTnLdPToyhBoFkLIMznRUQUEQdSp96s/pcWSQdqOhrgR1mzJ+yItK7T+WPMQ=="],
+    "@typescript-eslint/eslint-plugin/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.46.0", "", { "dependencies": { "@typescript-eslint/types": "8.46.0", "@typescript-eslint/visitor-keys": "8.46.0" } }, "sha512-lWETPa9XGcBes4jqAMYD9fW0j4n6hrPtTJwWDmtqgFO/4HF4jmdH/Q6wggTw5qIT5TXjKzbt7GsZUBnWoO3dqw=="],
-    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils": ["@typescript-eslint/utils@8.41.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.41.0", "@typescript-eslint/types": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-udbCVstxZ5jiPIXrdH+BZWnPatjlYwJuJkDA4Tbo3WyYLh8NvB+h/bKeSZHDOFKfphsZYJQqaFtLeXEqurQn1A=="],
+    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils": ["@typescript-eslint/utils@8.46.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.46.0", "@typescript-eslint/types": "8.46.0", "@typescript-eslint/typescript-estree": "8.46.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-nD6yGWPj1xiOm4Gk0k6hLSZz2XkNXhuYmyIrOWcHoPuAhjT9i5bAG+xbWPgFeNR8HPHHtpNKdYUXJl/D3x7f5g=="],
    "@typescript-eslint/eslint-plugin/ignore": ["ignore@7.0.4", "", {}, "sha512-gJzzk+PQNznz8ysRrC0aOkBNVRBDtE1n53IqyqEf3PXrYwomFs5q4pGMizBMJF+ykh03insJ27hB8gSrD2Hn8A=="],
-    "@typescript-eslint/parser/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0" } }, "sha512-n6m05bXn/Cd6DZDGyrpXrELCPVaTnLdPToyhBoFkLIMznRUQUEQdSp96s/pcWSQdqOhrgR1mzJ+yItK7T+WPMQ=="],
+    "@typescript-eslint/parser/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.46.0", "", { "dependencies": { "@typescript-eslint/types": "8.46.0", "@typescript-eslint/visitor-keys": "8.46.0" } }, "sha512-lWETPa9XGcBes4jqAMYD9fW0j4n6hrPtTJwWDmtqgFO/4HF4jmdH/Q6wggTw5qIT5TXjKzbt7GsZUBnWoO3dqw=="],
-    "@typescript-eslint/parser/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "@typescript-eslint/parser/@typescript-eslint/types": ["@typescript-eslint/types@8.46.0", "", {}, "sha512-bHGGJyVjSE4dJJIO5yyEWt/cHyNwga/zXGJbJJ8TiO01aVREK6gCTu3L+5wrkb1FbDkQ+TKjMNe9R/QQQP9+rA=="],
-    "@typescript-eslint/project-service/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "@typescript-eslint/project-service/@typescript-eslint/types": ["@typescript-eslint/types@8.46.0", "", {}, "sha512-bHGGJyVjSE4dJJIO5yyEWt/cHyNwga/zXGJbJJ8TiO01aVREK6gCTu3L+5wrkb1FbDkQ+TKjMNe9R/QQQP9+rA=="],
-    "@typescript-eslint/scope-manager/@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.38.0", "", { "dependencies": { "@typescript-eslint/types": "8.38.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-pWrTcoFNWuwHlA9CvlfSsGWs14JxfN1TH25zM5L7o0pRLhsoZkDnTsXfQRJBEWJoV5DL0jf+Z+sxiud+K0mq1g=="],
+    "@typescript-eslint/scope-manager/@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.45.0", "", { "dependencies": { "@typescript-eslint/types": "8.45.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-qsaFBA3e09MIDAGFUrTk+dzqtfv1XPVz8t8d1f0ybTzrCY7BKiMC5cjrl1O/P7UmHsNyW90EYSkU/ZWpmXelag=="],
-    "@typescript-eslint/type-utils/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "@typescript-eslint/type-utils/@typescript-eslint/types": ["@typescript-eslint/types@8.46.0", "", {}, "sha512-bHGGJyVjSE4dJJIO5yyEWt/cHyNwga/zXGJbJJ8TiO01aVREK6gCTu3L+5wrkb1FbDkQ+TKjMNe9R/QQQP9+rA=="],
-    "@typescript-eslint/type-utils/@typescript-eslint/utils": ["@typescript-eslint/utils@8.41.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.41.0", "@typescript-eslint/types": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-udbCVstxZ5jiPIXrdH+BZWnPatjlYwJuJkDA4Tbo3WyYLh8NvB+h/bKeSZHDOFKfphsZYJQqaFtLeXEqurQn1A=="],
+    "@typescript-eslint/type-utils/@typescript-eslint/utils": ["@typescript-eslint/utils@8.46.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.46.0", "@typescript-eslint/types": "8.46.0", "@typescript-eslint/typescript-estree": "8.46.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-nD6yGWPj1xiOm4Gk0k6hLSZz2XkNXhuYmyIrOWcHoPuAhjT9i5bAG+xbWPgFeNR8HPHHtpNKdYUXJl/D3x7f5g=="],
-    "@typescript-eslint/typescript-estree/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "@typescript-eslint/typescript-estree/@typescript-eslint/types": ["@typescript-eslint/types@8.46.0", "", {}, "sha512-bHGGJyVjSE4dJJIO5yyEWt/cHyNwga/zXGJbJJ8TiO01aVREK6gCTu3L+5wrkb1FbDkQ+TKjMNe9R/QQQP9+rA=="],
    "@typescript-eslint/typescript-estree/minimatch": ["minimatch@9.0.5", "", { "dependencies": { "brace-expansion": "^2.0.1" } }, "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow=="],
    "@typescript-eslint/typescript-estree/semver": ["semver@7.7.1", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA=="],
-    "@typescript-eslint/utils/@typescript-eslint/typescript-estree": ["@typescript-eslint/typescript-estree@8.38.0", "", { "dependencies": { "@typescript-eslint/project-service": "8.38.0", "@typescript-eslint/tsconfig-utils": "8.38.0", "@typescript-eslint/types": "8.38.0", "@typescript-eslint/visitor-keys": "8.38.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "typescript": ">=4.8.4 <5.9.0" } }, "sha512-fooELKcAKzxux6fA6pxOflpNS0jc+nOQEEOipXFNjSlBS6fqrJOVY/whSn70SScHrcJ2LDsxWrneFoWYSVfqhQ=="],
+    "@typescript-eslint/utils/@typescript-eslint/typescript-estree": ["@typescript-eslint/typescript-estree@8.45.0", "", { "dependencies": { "@typescript-eslint/project-service": "8.45.0", "@typescript-eslint/tsconfig-utils": "8.45.0", "@typescript-eslint/types": "8.45.0", "@typescript-eslint/visitor-keys": "8.45.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-GfE1NfVbLam6XQ0LcERKwdTTPlLvHvXXhOeUGC1OXi4eQBoyy1iVsW+uzJ/J9jtCz6/7GCQ9MtrQ0fml/jWCnA=="],
-    "@typescript-eslint/visitor-keys/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "@typescript-eslint/visitor-keys/@typescript-eslint/types": ["@typescript-eslint/types@8.46.0", "", {}, "sha512-bHGGJyVjSE4dJJIO5yyEWt/cHyNwga/zXGJbJJ8TiO01aVREK6gCTu3L+5wrkb1FbDkQ+TKjMNe9R/QQQP9+rA=="],
    "eslint-plugin-react-hooks/zod": ["zod@4.1.11", "", {}, "sha512-WPsqwxITS2tzx1bzhIKsEs19ABD5vmCVa4xBo2tq/SrV4RNZtfws1EnCWQXM6yh8bD08a1idvkB5MZSBiZsjwg=="],
    "fast-glob/glob-parent": ["glob-parent@5.1.2", "", { "dependencies": { "is-glob": "^4.0.1" } }, "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow=="],
@@ -1009,11 +1011,7 @@
    "parse-entities/@types/unist": ["@types/unist@2.0.11", "", {}, "sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA=="],
-    "tinyglobby/fdir": ["fdir@6.4.6", "", { "peerDependencies": { "picomatch": "^3 || ^4" }, "optionalPeers": ["picomatch"] }, "sha512-hiFoqpyZcfNm1yc4u8oWCf9A2c4D3QjCrks3zmoVKVxpQRzmPNar1hUJcBG2RQHvEVGDN+Jm81ZheVLAQMK6+w=="],
+    "typescript-eslint/@typescript-eslint/utils": ["@typescript-eslint/utils@8.46.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.46.0", "@typescript-eslint/types": "8.46.0", "@typescript-eslint/typescript-estree": "8.46.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-nD6yGWPj1xiOm4Gk0k6hLSZz2XkNXhuYmyIrOWcHoPuAhjT9i5bAG+xbWPgFeNR8HPHHtpNKdYUXJl/D3x7f5g=="],
    "tinyglobby/picomatch": ["picomatch@4.0.2", "", {}, "sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg=="],
    "typescript-eslint/@typescript-eslint/utils": ["@typescript-eslint/utils@8.41.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.41.0", "@typescript-eslint/types": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-udbCVstxZ5jiPIXrdH+BZWnPatjlYwJuJkDA4Tbo3WyYLh8NvB+h/bKeSZHDOFKfphsZYJQqaFtLeXEqurQn1A=="],
    "@babel/helper-module-imports/@babel/traverse/@babel/generator": ["@babel/generator@7.27.1", "", { "dependencies": { "@babel/parser": "^7.27.1", "@babel/types": "^7.27.1", "@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/trace-mapping": "^0.3.25", "jsesc": "^3.0.2" } }, "sha512-UnJfnIpc/+JO0/+KRVQNGU+y5taA5vCbwN8+azkX6beii/ZF+enZJSOKo11ZSzGJjlNfJHfQtmQT8H+9TXPG2w=="],
@@ -1021,32 +1019,44 @@
    "@babel/helper-module-imports/@babel/traverse/globals": ["globals@11.12.0", "", {}, "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA=="],
    "@babel/helper-module-transforms/@babel/traverse/@babel/parser": ["@babel/parser@7.28.3", "", { "dependencies": { "@babel/types": "^7.28.2" }, "bin": "./bin/babel-parser.js" }, "sha512-7+Ey1mAgYqFAx2h0RuoxcQT5+MlG3GTV0TQrgr7/ZliKsm/MNDxVVutlWaziMq7wJNAz8MTqz55XLpWvva6StA=="],
    "@babel/helper-module-transforms/@babel/traverse/@babel/types": ["@babel/types@7.28.2", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-ruv7Ae4J5dUYULmeXw1gmb7rYRz57OWCPM57pHojnLq/3Z1CK2lNSLTCVjxVk1F/TZHwOZZrOWi0ur95BbLxNQ=="],
    "@eslint/eslintrc/espree/acorn": ["acorn@8.14.1", "", { "bin": { "acorn": "bin/acorn" } }, "sha512-OvQ/2pUDKmgfCg++xsTX1wGxfTaszcHVcTctW4UJB4hibJx2HXxxO5UmVgyjMa+ZDsiaf5wWLXYpRWMmBI0QHg=="],
    "@eslint/eslintrc/espree/eslint-visitor-keys": ["eslint-visitor-keys@4.2.0", "", {}, "sha512-UyLnSehNt62FFhSwjZlHmeokpRK59rcz29j+F1/aDgbkbRTk7wIc9XzdoasMUbRNKDM0qQt/+BJ4BrpFeABemw=="],
-    "@typescript-eslint/eslint-plugin/@typescript-eslint/scope-manager/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "@typescript-eslint/eslint-plugin/@typescript-eslint/scope-manager/@typescript-eslint/types": ["@typescript-eslint/types@8.46.0", "", {}, "sha512-bHGGJyVjSE4dJJIO5yyEWt/cHyNwga/zXGJbJJ8TiO01aVREK6gCTu3L+5wrkb1FbDkQ+TKjMNe9R/QQQP9+rA=="],
-    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils/@typescript-eslint/types": ["@typescript-eslint/types@8.46.0", "", {}, "sha512-bHGGJyVjSE4dJJIO5yyEWt/cHyNwga/zXGJbJJ8TiO01aVREK6gCTu3L+5wrkb1FbDkQ+TKjMNe9R/QQQP9+rA=="],
-    "@typescript-eslint/type-utils/@typescript-eslint/utils/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0" } }, "sha512-n6m05bXn/Cd6DZDGyrpXrELCPVaTnLdPToyhBoFkLIMznRUQUEQdSp96s/pcWSQdqOhrgR1mzJ+yItK7T+WPMQ=="],
+    "@typescript-eslint/type-utils/@typescript-eslint/utils/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.46.0", "", { "dependencies": { "@typescript-eslint/types": "8.46.0", "@typescript-eslint/visitor-keys": "8.46.0" } }, "sha512-lWETPa9XGcBes4jqAMYD9fW0j4n6hrPtTJwWDmtqgFO/4HF4jmdH/Q6wggTw5qIT5TXjKzbt7GsZUBnWoO3dqw=="],
    "@typescript-eslint/typescript-estree/minimatch/brace-expansion": ["brace-expansion@2.0.1", "", { "dependencies": { "balanced-match": "^1.0.0" } }, "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA=="],
-    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/@typescript-eslint/project-service": ["@typescript-eslint/project-service@8.38.0", "", { "dependencies": { "@typescript-eslint/tsconfig-utils": "^8.38.0", "@typescript-eslint/types": "^8.38.0", "debug": "^4.3.4" }, "peerDependencies": { "typescript": ">=4.8.4 <5.9.0" } }, "sha512-dbK7Jvqcb8c9QfH01YB6pORpqX1mn5gDZc9n63Ak/+jD67oWXn3Gs0M6vddAN+eDXBCS5EmNWzbSxsn9SzFWWg=="],
+    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/@typescript-eslint/project-service": ["@typescript-eslint/project-service@8.45.0", "", { "dependencies": { "@typescript-eslint/tsconfig-utils": "^8.45.0", "@typescript-eslint/types": "^8.45.0", "debug": "^4.3.4" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-3pcVHwMG/iA8afdGLMuTibGR7pDsn9RjDev6CCB+naRsSYs2pns5QbinF4Xqw6YC/Sj3lMrm/Im0eMfaa61WUg=="],
-    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/@typescript-eslint/tsconfig-utils": ["@typescript-eslint/tsconfig-utils@8.38.0", "", { "peerDependencies": { "typescript": ">=4.8.4 <5.9.0" } }, "sha512-Lum9RtSE3EroKk/bYns+sPOodqb2Fv50XOl/gMviMKNvanETUuUcC9ObRbzrJ4VSd2JalPqgSAavwrPiPvnAiQ=="],
+    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/@typescript-eslint/tsconfig-utils": ["@typescript-eslint/tsconfig-utils@8.45.0", "", { "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-aFdr+c37sc+jqNMGhH+ajxPXwjv9UtFZk79k8pLoJ6p4y0snmYpPA52GuWHgt2ZF4gRRW6odsEj41uZLojDt5w=="],
-    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.38.0", "", { "dependencies": { "@typescript-eslint/types": "8.38.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-pWrTcoFNWuwHlA9CvlfSsGWs14JxfN1TH25zM5L7o0pRLhsoZkDnTsXfQRJBEWJoV5DL0jf+Z+sxiud+K0mq1g=="],
+    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.45.0", "", { "dependencies": { "@typescript-eslint/types": "8.45.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-qsaFBA3e09MIDAGFUrTk+dzqtfv1XPVz8t8d1f0ybTzrCY7BKiMC5cjrl1O/P7UmHsNyW90EYSkU/ZWpmXelag=="],
    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/minimatch": ["minimatch@9.0.5", "", { "dependencies": { "brace-expansion": "^2.0.1" } }, "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow=="],
    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/semver": ["semver@7.7.1", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA=="],
-    "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0" } }, "sha512-n6m05bXn/Cd6DZDGyrpXrELCPVaTnLdPToyhBoFkLIMznRUQUEQdSp96s/pcWSQdqOhrgR1mzJ+yItK7T+WPMQ=="],
+    "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.46.0", "", { "dependencies": { "@typescript-eslint/types": "8.46.0", "@typescript-eslint/visitor-keys": "8.46.0" } }, "sha512-lWETPa9XGcBes4jqAMYD9fW0j4n6hrPtTJwWDmtqgFO/4HF4jmdH/Q6wggTw5qIT5TXjKzbt7GsZUBnWoO3dqw=="],
-    "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/types": ["@typescript-eslint/types@8.46.0", "", {}, "sha512-bHGGJyVjSE4dJJIO5yyEWt/cHyNwga/zXGJbJJ8TiO01aVREK6gCTu3L+5wrkb1FbDkQ+TKjMNe9R/QQQP9+rA=="],
    "@babel/helper-module-imports/@babel/traverse/@babel/generator/@jridgewell/gen-mapping": ["@jridgewell/gen-mapping@0.3.8", "", { "dependencies": { "@jridgewell/set-array": "^1.2.1", "@jridgewell/sourcemap-codec": "^1.4.10", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-imAbBGkb+ebQyxKgzv5Hu2nmROxoDOXHh80evxdoXNOrvAnVx7zimzc1Oo5h9RlfV4vPXaE2iM5pOFbvOCClWA=="],
    "@babel/helper-module-imports/@babel/traverse/@babel/generator/@jridgewell/trace-mapping": ["@jridgewell/trace-mapping@0.3.25", "", { "dependencies": { "@jridgewell/resolve-uri": "^3.1.0", "@jridgewell/sourcemap-codec": "^1.4.14" } }, "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ=="],
    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/minimatch/brace-expansion": ["brace-expansion@2.0.1", "", { "dependencies": { "balanced-match": "^1.0.0" } }, "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA=="],
    "@babel/helper-module-imports/@babel/traverse/@babel/generator/@jridgewell/gen-mapping/@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],
    "@babel/helper-module-imports/@babel/traverse/@babel/generator/@jridgewell/trace-mapping/@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],
  }
 }
--- a/frontend/index.html
+++ b/frontend/index.html
@@ -8,6 +8,7 @@
    <link rel="shortcut icon" href="/favicon.ico" />
    <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
    <meta name="apple-mobile-web-app-title" content="Tinyauth" />
    <meta name="robots" content="none" />
    <link rel="manifest" href="/site.webmanifest" />
    <title>Tinyauth</title>
  </head>
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -10,48 +10,48 @@
    "preview": "vite preview"
  },
  "dependencies": {
-    "@hookform/resolvers": "^5.2.1",
+    "@hookform/resolvers": "^5.2.2",
    "@radix-ui/react-label": "^2.1.7",
    "@radix-ui/react-select": "^2.2.6",
    "@radix-ui/react-separator": "^1.1.7",
    "@radix-ui/react-slot": "^1.2.3",
-    "@tailwindcss/vite": "^4.1.12",
+    "@tailwindcss/vite": "^4.1.14",
-    "@tanstack/react-query": "^5.85.5",
+    "@tanstack/react-query": "^5.90.2",
-    "axios": "^1.11.0",
+    "axios": "^1.12.2",
    "class-variance-authority": "^0.7.1",
    "clsx": "^2.1.1",
-    "i18next": "^25.4.2",
+    "i18next": "^25.5.3",
    "i18next-browser-languagedetector": "^8.2.0",
    "i18next-resources-to-backend": "^1.2.1",
    "input-otp": "^1.4.2",
-    "lucide-react": "^0.541.0",
+    "lucide-react": "^0.545.0",
    "next-themes": "^0.4.6",
-    "react": "^19.1.1",
+    "react": "^19.2.0",
-    "react-dom": "^19.1.1",
+    "react-dom": "^19.2.0",
-    "react-hook-form": "^7.62.0",
+    "react-hook-form": "^7.64.0",
-    "react-i18next": "^15.7.2",
+    "react-i18next": "^16.0.0",
    "react-markdown": "^10.1.0",
-    "react-router": "^7.8.2",
+    "react-router": "^7.9.3",
    "sonner": "^2.0.7",
    "tailwind-merge": "^3.3.1",
-    "tailwindcss": "^4.1.12",
+    "tailwindcss": "^4.1.14",
-    "zod": "^4.1.3"
+    "zod": "^4.1.12"
  },
  "devDependencies": {
-    "@eslint/js": "^9.34.0",
+    "@eslint/js": "^9.37.0",
-    "@tanstack/eslint-plugin-query": "^5.83.1",
+    "@tanstack/eslint-plugin-query": "^5.91.0",
-    "@types/node": "^24.3.0",
+    "@types/node": "^24.7.0",
-    "@types/react": "^19.1.11",
+    "@types/react": "^19.2.2",
-    "@types/react-dom": "^19.1.8",
+    "@types/react-dom": "^19.2.1",
-    "@vitejs/plugin-react": "^5.0.1",
+    "@vitejs/plugin-react": "^5.0.4",
-    "eslint": "^9.34.0",
+    "eslint": "^9.37.0",
-    "eslint-plugin-react-hooks": "^5.2.0",
+    "eslint-plugin-react-hooks": "^6.1.1",
-    "eslint-plugin-react-refresh": "^0.4.19",
+    "eslint-plugin-react-refresh": "^0.4.23",
-    "globals": "^16.3.0",
+    "globals": "^16.4.0",
    "prettier": "3.6.2",
-    "tw-animate-css": "^1.3.7",
+    "tw-animate-css": "^1.4.0",
-    "typescript": "~5.9.2",
+    "typescript": "~5.9.3",
-    "typescript-eslint": "^8.41.0",
+    "typescript-eslint": "^8.46.0",
-    "vite": "^7.1.3"
+    "vite": "^7.1.9"
  }
 }
--- a/frontend/src/components/auth/totp-form.tsx
+++ b/frontend/src/components/auth/totp-form.tsx
@@ -44,6 +44,7 @@ export const TotpForm = (props: Props) => {
                  disabled={loading}
                  {...field}
                  autoComplete="one-time-code"
                  autoFocus
                >
                  <InputOTPGroup>
                    <InputOTPSlot index={0} />
--- a/frontend/src/components/icons/microsoft.tsx
+++ b/frontend/src/components/icons/microsoft.tsx
@@ -0,0 +1,18 @@
 import type { SVGProps } from "react";
 export function MicrosoftIcon(props: SVGProps<SVGSVGElement>) {
  return (
    <svg
      xmlns="http://www.w3.org/2000/svg"
      width="2em"
      height="2em"
      viewBox="0 0 256 256"
      {...props}
    >
      <path fill="#f1511b" d="M121.666 121.666H0V0h121.666z"></path>
      <path fill="#80cc28" d="M256 121.666H134.335V0H256z"></path>
      <path fill="#00adef" d="M121.663 256.002H0V134.336h121.663z"></path>
      <path fill="#fbbc09" d="M256 256.002H134.335V134.336H256z"></path>
    </svg>
  );
 }
--- a/frontend/src/components/icons/generic.tsx
+++ b/frontend/src/components/icons/generic.tsx
@@ -1,6 +1,6 @@
 import type { SVGProps } from "react";
-export function GenericIcon(props: SVGProps<SVGSVGElement>) {
+export function OAuthIcon(props: SVGProps<SVGSVGElement>) {
  return (
    <svg
      xmlns="http://www.w3.org/2000/svg"
--- a/frontend/src/components/icons/pocket-id.tsx
+++ b/frontend/src/components/icons/pocket-id.tsx
@@ -0,0 +1,20 @@
 import type { SVGProps } from "react";
 export function PocketIDIcon(props: SVGProps<SVGSVGElement>) {
  return (
    <svg
      xmlns="http://www.w3.org/2000/svg"
      xmlSpace="preserve"
      width={512}
      height={512}
      viewBox="0 0 512 512"
      {...props}
    >
      <circle cx="256" cy="256" r="256" />
      <path
        d="M268.6 102.4c64.4 0 116.8 52.4 116.8 116.7 0 25.3-8 49.4-23 69.6-14.8 19.9-35 34.3-58.4 41.7l-6.5 2-15.5-76.2 4.3-2c14-6.7 23-21.1 23-36.6 0-22.4-18.2-40.6-40.6-40.6S228 195.2 228 217.6c0 15.5 9 29.8 23 36.6l4.2 2-25 153.4h-69.5V102.4z"
        className="fill-white"
      />
    </svg>
  );
 }
--- a/frontend/src/components/icons/tailscale.tsx
+++ b/frontend/src/components/icons/tailscale.tsx
@@ -0,0 +1,26 @@
 import type { SVGProps } from "react";
 export function TailscaleIcon(props: SVGProps<SVGSVGElement>) {
  return (
    <svg
      xmlns="http://www.w3.org/2000/svg"
      xmlSpace="preserve"
      width={512}
      height={512}
      viewBox="0 0 512 512"
      {...props}
    >
      <path
        className="opacity-80"
        fill="currentColor"
        d="M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9m191.6 0c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m189.2-193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"
      />
      <path
        d="M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8m0 384.3c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512m191.6-384.3c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8m0 384.3c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"
        className="opacity-20"
        fill="currentColor"
      />
    </svg>
  );
 }
--- a/frontend/src/lib/i18n/locales/af-ZA.json
+++ b/frontend/src/lib/i18n/locales/af-ZA.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
+    "continueRedirectManually": "Redirect me manually",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -44,8 +47,6 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
@@ -53,5 +54,9 @@
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Invalid input",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/lib/i18n/locales/ar-SA.json
+++ b/frontend/src/lib/i18n/locales/ar-SA.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "أخفق الحصول على رابط OAuth",
    "loginOauthSuccessTitle": "إعادة توجيه",
    "loginOauthSuccessSubtitle": "إعادة توجيه إلى مزود OAuth الخاص بك",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "متابعة",
    "continueRedirectingTitle": "إعادة توجيه...",
    "continueRedirectingSubtitle": "يجب إعادة توجيهك إلى التطبيق قريبا",
-    "continueInvalidRedirectTitle": "إعادة توجيه غير صالحة",
+    "continueRedirectManually": "Redirect me manually",
    "continueInvalidRedirectSubtitle": "رابط إعادة التوجيه غير صالح",
    "continueInsecureRedirectTitle": "إعادة توجيه غير آمنة",
    "continueInsecureRedirectSubtitle": "أنت تحاول إعادة التوجيه من <code>https</code> إلى <code>http</code>، هل أنت متأكد أنك تريد المتابعة؟",
-    "continueTitle": "متابعة",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueSubtitle": "انقر الزر للمتابعة إلى التطبيق الخاص بك.",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "فشل تسجيل الخروج",
    "logoutFailSubtitle": "يرجى إعادة المحاولة",
    "logoutSuccessTitle": "تم تسجيل الخروج",
@@ -44,8 +47,6 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "حاول مجددا",
    "untrustedRedirectTitle": "إعادة توجيه غير موثوقة",
    "untrustedRedirectSubtitle": "أنت تحاول إعادة التوجيه إلى نطاق لا يتطابق مع النطاق المكون الخاص بك (<code>{{domain}}</code>). هل أنت متأكد من أنك تريد المتابعة؟",
    "cancelTitle": "إلغاء",
    "forgotPasswordTitle": "نسيت كلمة المرور؟",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
@@ -53,5 +54,9 @@
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Invalid input",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "تجاهل",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/lib/i18n/locales/ca-ES.json
+++ b/frontend/src/lib/i18n/locales/ca-ES.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
+    "continueRedirectManually": "Redirect me manually",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -44,8 +47,6 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
@@ -53,5 +54,9 @@
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Invalid input",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/lib/i18n/locales/cs-CZ.json
+++ b/frontend/src/lib/i18n/locales/cs-CZ.json
@@ -1,57 +1,62 @@
 {
-    "loginTitle": "Welcome back, login with",
+    "loginTitle": "Vítejte zpět, přihlaste se pomocí",
-    "loginTitleSimple": "Welcome back, please login",
+    "loginTitleSimple": "Vítejte zpět, přihlaste se prosím",
-    "loginDivider": "Or",
+    "loginDivider": "Nebo",
-    "loginUsername": "Username",
+    "loginUsername": "Uživatelské jméno",
-    "loginPassword": "Password",
+    "loginPassword": "Heslo",
-    "loginSubmit": "Login",
+    "loginSubmit": "Přihlásit",
-    "loginFailTitle": "Failed to log in",
+    "loginFailTitle": "Přihlášení se nezdařilo",
-    "loginFailSubtitle": "Please check your username and password",
+    "loginFailSubtitle": "Zkontrolujte prosím své uživatelské jméno a heslo",
-    "loginFailRateLimit": "You failed to login too many times. Please try again later",
+    "loginFailRateLimit": "Přiliš mnoho neúspěšných pokusů přihlášení. Zkuste to prosím později",
-    "loginSuccessTitle": "Logged in",
+    "loginSuccessTitle": "Přihlášen",
-    "loginSuccessSubtitle": "Welcome back!",
+    "loginSuccessSubtitle": "Vítejte zpět!",
-    "loginOauthFailTitle": "An error occurred",
+    "loginOauthFailTitle": "Došlo k chybě",
-    "loginOauthFailSubtitle": "Failed to get OAuth URL",
+    "loginOauthFailSubtitle": "Nepodařilo se získat OAuth URL",
-    "loginOauthSuccessTitle": "Redirecting",
+    "loginOauthSuccessTitle": "Přesměrování",
-    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
+    "loginOauthSuccessSubtitle": "Přesměrování k poskytovateli OAuth",
-    "continueRedirectingTitle": "Redirecting...",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
-    "continueRedirectingSubtitle": "You should be redirected to the app soon",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
-    "continueInvalidRedirectTitle": "Invalid redirect",
+    "loginOauthAutoRedirectButton": "Redirect now",
-    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
+    "continueTitle": "Pokračovat",
-    "continueInsecureRedirectTitle": "Insecure redirect",
+    "continueRedirectingTitle": "Přesměrování...",
-    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
+    "continueRedirectingSubtitle": "Brzy budete přesměrováni do aplikace",
-    "continueTitle": "Continue",
+    "continueRedirectManually": "Redirect me manually",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueInsecureRedirectTitle": "Nezabezpečené přesměrování",
-    "logoutFailTitle": "Failed to log out",
+    "continueInsecureRedirectSubtitle": "Pokoušíte se přesměrovat z <code>https</code> na <code>http</code>, které není bezpečné. Opravdu chcete pokračovat?",
-    "logoutFailSubtitle": "Please try again",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "logoutSuccessTitle": "Logged out",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
-    "logoutSuccessSubtitle": "You have been logged out",
+    "logoutFailTitle": "Odhlášení se nezdařilo",
-    "logoutTitle": "Logout",
+    "logoutFailSubtitle": "Zkuste to prosím znovu",
-    "logoutUsernameSubtitle": "You are currently logged in as <code>{{username}}</code>. Click the button below to logout.",
+    "logoutSuccessTitle": "Odhlášen",
-    "logoutOauthSubtitle": "You are currently logged in as <code>{{username}}</code> using the {{provider}} OAuth provider. Click the button below to logout.",
+    "logoutSuccessSubtitle": "Byl jste odhlášen",
-    "notFoundTitle": "Page not found",
+    "logoutTitle": "Odhlásit",
-    "notFoundSubtitle": "The page you are looking for does not exist.",
+    "logoutUsernameSubtitle": "Jste přihlášen jako <code>{{username}}</code>. Pro odhlášení klikněte na tlačítko níže.",
-    "notFoundButton": "Go home",
+    "logoutOauthSubtitle": "Jste přihlášen jako <code>{{username}}</code> pomocí {{provider}} poskytovatele OAuth. Pro odhlášení klikněte na tlačítko níže.",
-    "totpFailTitle": "Failed to verify code",
+    "notFoundTitle": "Stránka nenalezena",
-    "totpFailSubtitle": "Please check your code and try again",
+    "notFoundSubtitle": "Stránka, kterou hledáte, neexistuje.",
-    "totpSuccessTitle": "Verified",
+    "notFoundButton": "Jít domů",
-    "totpSuccessSubtitle": "Redirecting to your app",
+    "totpFailTitle": "Nepodařilo se ověřit kód",
-    "totpTitle": "Enter your TOTP code",
+    "totpFailSubtitle": "Zkontrolujte prosím kód a zkuste to znovu",
-    "totpSubtitle": "Please enter the code from your authenticator app.",
+    "totpSuccessTitle": "Ověřeno",
-    "unauthorizedTitle": "Unauthorized",
+    "totpSuccessSubtitle": "Přesměrování do aplikace",
-    "unauthorizedResourceSubtitle": "The user with username <code>{{username}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
+    "totpTitle": "Zadejte TOTP kód",
-    "unauthorizedLoginSubtitle": "The user with username <code>{{username}}</code> is not authorized to login.",
+    "totpSubtitle": "Zadejte prosím kód z ověřovací aplikace.",
-    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
+    "unauthorizedTitle": "Nepovoleno",
-    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
+    "unauthorizedResourceSubtitle": "Uživatel s uživatelským jménem <code>{{username}}</code> není oprávněn k přístupu ke zdroji <code>{{resource}}</code>.",
-    "unauthorizedButton": "Try again",
+    "unauthorizedLoginSubtitle": "Uživatel s uživatelským jménem <code>{{username}}</code> není oprávněn k přihlášení.",
-    "untrustedRedirectTitle": "Untrusted redirect",
+    "unauthorizedGroupsSubtitle": "Uživatel s uživatelským jménem <code>{{username}}</code> není ve skupině potřebné k přístupu ke zdroji <code>{{resource}}</code>.",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
+    "unauthorizedIpSubtitle": "Vaše IP adresa <code>{{ip}}</code> není oprávněna k přístupu ke zdroji <code>{{resource}}</code>.",
-    "cancelTitle": "Cancel",
+    "unauthorizedButton": "Zkusit znovu",
-    "forgotPasswordTitle": "Forgot your password?",
+    "cancelTitle": "Zrušit",
-    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
+    "forgotPasswordTitle": "Zapomněli jste heslo?",
-    "errorTitle": "An error occurred",
+    "failedToFetchProvidersTitle": "Nepodařilo se načíst poskytovatele ověřování. Zkontrolujte prosím konfiguraci.",
-    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
+    "errorTitle": "Došlo k chybě",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "errorSubtitle": "Nastala chyba při pokusu o provedení této akce. Pro více informací prosím zkontrolujte konzolu.",
-    "fieldRequired": "This field is required",
+    "forgotPasswordMessage": "Heslo můžete obnovit změnou proměnné `USERS`.",
-    "invalidInput": "Invalid input"
+    "fieldRequired": "Toto pole je povinné",
    "invalidInput": "Neplatný údaj",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/lib/i18n/locales/da-DK.json
+++ b/frontend/src/lib/i18n/locales/da-DK.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "Kunne ikke hente OAuth-URL",
    "loginOauthSuccessTitle": "Omdirigerer",
    "loginOauthSuccessSubtitle": "Omdirigerer til din OAuth-udbyder",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Fortsæt",
    "continueRedirectingTitle": "Omdirigerer...",
    "continueRedirectingSubtitle": "Du bør blive omdirigeret til appen snart",
-    "continueInvalidRedirectTitle": "Ugyldig omdirigering",
+    "continueRedirectManually": "Redirect me manually",
    "continueInvalidRedirectSubtitle": "Omdirigerings-URL'en er ugyldig",
    "continueInsecureRedirectTitle": "Usikker omdirigering",
    "continueInsecureRedirectSubtitle": "Du forsøger at omdirigere fra <code>https</code> til <code>http</code>, som ikke er sikker. Er du sikker på, at du vil fortsætte?",
-    "continueTitle": "Fortsæt",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueSubtitle": "Klik på knappen for at fortsætte til din app.",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "Log ud mislykkedes",
    "logoutFailSubtitle": "Prøv venligst igen",
    "logoutSuccessTitle": "Logget ud",
@@ -44,8 +47,6 @@
    "unauthorizedGroupsSubtitle": "Brugeren med brugernavnet <code>{{username}}</code> er ikke i de grupper, som ressourcen <code>{{resource}}</code> kræver.",
    "unauthorizedIpSubtitle": "Din IP adresse <code>{{ip}}</code> er ikke autoriseret til at tilgå ressourcen <code>{{resource}}</code>.",
    "unauthorizedButton": "Prøv igen",
    "untrustedRedirectTitle": "Usikker omdirigering",
    "untrustedRedirectSubtitle": "Du forsøger at omdirigere til et domæne, der ikke matcher dit konfigurerede domæne (<code>{{domain}}</code>). Er du sikker på, at du vil fortsætte?",
    "cancelTitle": "Annuller",
    "forgotPasswordTitle": "Glemt din adgangskode?",
    "failedToFetchProvidersTitle": "Kunne ikke indlæse godkendelsesudbydere. Tjek venligst din konfiguration.",
@@ -53,5 +54,9 @@
    "errorSubtitle": "Der opstod en fejl under forsøget på at udføre denne handling. Tjek venligst konsollen for mere information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Invalid input",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/lib/i18n/locales/de-DE.json
+++ b/frontend/src/lib/i18n/locales/de-DE.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "Fehler beim Abrufen der OAuth-URL",
    "loginOauthSuccessTitle": "Leite weiter",
    "loginOauthSuccessSubtitle": "Weiterleitung zu Ihrem OAuth-Provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Weiter",
    "continueRedirectingTitle": "Leite weiter...",
    "continueRedirectingSubtitle": "Sie sollten in Kürze zur App weitergeleitet werden",
-    "continueInvalidRedirectTitle": "Ungültige Weiterleitung",
+    "continueRedirectManually": "Redirect me manually",
    "continueInvalidRedirectSubtitle": "Die Weiterleitungs-URL ist ungültig",
    "continueInsecureRedirectTitle": "Unsichere Weiterleitung",
    "continueInsecureRedirectSubtitle": "Sie versuchen von <code>https</code> auf <code>http</code> weiterzuleiten, was unsicher ist. Sind Sie sicher, dass Sie fortfahren möchten?",
-    "continueTitle": "Weiter",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueSubtitle": "Klicken Sie auf den Button, um zur App zu gelangen.",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "Abmelden fehlgeschlagen",
    "logoutFailSubtitle": "Bitte versuchen Sie es erneut",
    "logoutSuccessTitle": "Abgemeldet",
@@ -31,7 +34,7 @@
    "logoutOauthSubtitle": "Sie sind derzeit als <code>{{username}}</code> über den OAuth-Anbieter {{provider}} angemeldet. Klicken Sie auf den Button unten, um sich abzumelden.",
    "notFoundTitle": "Seite nicht gefunden",
    "notFoundSubtitle": "Die gesuchte Seite existiert nicht.",
-    "notFoundButton": "Nach Hause",
+    "notFoundButton": "Zurück",
    "totpFailTitle": "Fehler beim Verifizieren des Codes",
    "totpFailSubtitle": "Bitte überprüfen Sie Ihren Code und versuchen Sie es erneut",
    "totpSuccessTitle": "Verifiziert",
@@ -44,14 +47,16 @@
    "unauthorizedGroupsSubtitle": "Der Benutzer mit Benutzername <code>{{username}}</code> ist nicht in den Gruppen, die von der Ressource <code>{{resource}}</code> benötigt werden.",
    "unauthorizedIpSubtitle": "Ihre IP-Adresse <code>{{ip}}</code> ist nicht berechtigt, auf die Ressource <code>{{resource}}</code> zuzugreifen.",
    "unauthorizedButton": "Erneut versuchen",
    "untrustedRedirectTitle": "Nicht vertrauenswürdige Weiterleitung",
    "untrustedRedirectSubtitle": "Sie versuchen auf eine Domain umzuleiten, die nicht mit Ihrer konfigurierten Domain übereinstimmt (<code>{{domain}}</code>). Sind Sie sicher, dass Sie fortfahren möchten?",
    "cancelTitle": "Abbrechen",
    "forgotPasswordTitle": "Passwort vergessen?",
    "failedToFetchProvidersTitle": "Fehler beim Laden der Authentifizierungsanbieter. Bitte überprüfen Sie Ihre Konfiguration.",
    "errorTitle": "Ein Fehler ist aufgetreten",
    "errorSubtitle": "Beim Versuch, diese Aktion auszuführen, ist ein Fehler aufgetreten. Bitte überprüfen Sie die Konsole für weitere Informationen.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "forgotPasswordMessage": "Das Passwort kann durch Änderung der 'USERS' Variable zurückgesetzt werden.",
-    "fieldRequired": "This field is required",
+    "fieldRequired": "Dieses Feld ist notwendig",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Ungültige Eingabe",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/lib/i18n/locales/el-GR.json
+++ b/frontend/src/lib/i18n/locales/el-GR.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "Αποτυχία λήψης OAuth URL",
    "loginOauthSuccessTitle": "Ανακατεύθυνση",
    "loginOauthSuccessSubtitle": "Ανακατεύθυνση στον πάροχο OAuth σας",
    "loginOauthAutoRedirectTitle": "Αυτόματη Ανακατεύθυνση OAuth",
    "loginOauthAutoRedirectSubtitle": "Θα ανακατευθυνθείτε αυτόματα στον πάροχο OAuth σας για να επαληθευτείτε.",
    "loginOauthAutoRedirectButton": "Ανακατεύθυνση τώρα",
    "continueTitle": "Συνέχεια",
    "continueRedirectingTitle": "Ανακατεύθυνση...",
    "continueRedirectingSubtitle": "Θα πρέπει να μεταφερθείτε σύντομα στην εφαρμογή σας",
-    "continueInvalidRedirectTitle": "Μη έγκυρη ανακατεύθυνση",
+    "continueRedirectManually": "Χειροκίνητη ανακατεύθυνση",
    "continueInvalidRedirectSubtitle": "Το URL ανακατεύθυνσης δεν είναι έγκυρο",
    "continueInsecureRedirectTitle": "Μη ασφαλής ανακατεύθυνση",
    "continueInsecureRedirectSubtitle": "Προσπαθείτε να ανακατευθύνετε από <code>https</code> σε <code>http</code> το οποίο δεν είναι ασφαλές. Είστε σίγουροι ότι θέλετε να συνεχίσετε;",
-    "continueTitle": "Συνέχεια",
+    "continueUntrustedRedirectTitle": "Μη έμπιστη ανακατεύθυνση",
-    "continueSubtitle": "Κάντε κλικ στο κουμπί για να συνεχίσετε στην εφαρμογή σας.",
+    "continueUntrustedRedirectSubtitle": "Προσπαθείτε να ανακατευθύνετε σε ένα domain που δεν ταιριάζει με το ρυθμισμένο domain σας (<code>{{cookieDomain}}</code>). Είστε βέβαιοι ότι θέλετε να συνεχίσετε;",
    "logoutFailTitle": "Αποτυχία αποσύνδεσης",
    "logoutFailSubtitle": "Παρακαλώ δοκιμάστε ξανά",
    "logoutSuccessTitle": "Αποσυνδεδεμένος",
@@ -44,8 +47,6 @@
    "unauthorizedGroupsSubtitle": "Ο χρήστης με όνομα χρήστη <code>{{username}}</code> δεν είναι στις ομάδες που απαιτούνται από τον πόρο <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Η διεύθυνση IP σας <code>{{ip}}</code> δεν είναι εξουσιοδοτημένη να έχει πρόσβαση στον πόρο <code>{{resource}}</code>.",
    "unauthorizedButton": "Προσπαθήστε ξανά",
    "untrustedRedirectTitle": "Μη έμπιστη ανακατεύθυνση",
    "untrustedRedirectSubtitle": "Προσπαθείτε να ανακατευθύνετε σε ένα domain που δεν ταιριάζει με τον ρυθμισμένο domain σας (<code>{{domain}}</code>). Είστε βέβαιοι ότι θέλετε να συνεχίσετε;",
    "cancelTitle": "Ακύρωση",
    "forgotPasswordTitle": "Ξεχάσατε το συνθηματικό σας;",
    "failedToFetchProvidersTitle": "Αποτυχία φόρτωσης παρόχων πιστοποίησης. Παρακαλώ ελέγξτε τις ρυθμίσεις σας.",
@@ -53,5 +54,9 @@
    "errorSubtitle": "Παρουσιάστηκε σφάλμα κατά την προσπάθεια εκτέλεσης αυτής της ενέργειας. Ελέγξτε την κονσόλα για περισσότερες πληροφορίες.",
    "forgotPasswordMessage": "Μπορείτε να επαναφέρετε τον κωδικό πρόσβασής σας αλλάζοντας τη μεταβλητή περιβάλλοντος `USERS`.",
    "fieldRequired": "Αυτό το πεδίο είναι υποχρεωτικό",
-    "invalidInput": "Μη έγκυρη καταχώρηση"
+    "invalidInput": "Μη έγκυρη καταχώρηση",
    "domainWarningTitle": "Μη έγκυρο domain",
    "domainWarningSubtitle": "Αυτή η εφαρμογή έχει ρυθμιστεί για πρόσβαση από <code>{{appUrl}}</code>, αλλά <code>{{currentUrl}}</code> χρησιμοποιείται. Αν συνεχίσετε, μπορεί να αντιμετωπίσετε προβλήματα με την ταυτοποίηση.",
    "ignoreTitle": "Παράβλεψη",
    "goToCorrectDomainTitle": "Μεταβείτε στο σωστό domain"
 }
--- a/frontend/src/lib/i18n/locales/en-US.json
+++ b/frontend/src/lib/i18n/locales/en-US.json
@@ -14,6 +14,9 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
@@ -21,7 +24,7 @@
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{rootDomain}}</code>). Are you sure you want to continue?",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
--- a/frontend/src/lib/i18n/locales/en.json
+++ b/frontend/src/lib/i18n/locales/en.json
@@ -14,6 +14,9 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
@@ -21,7 +24,7 @@
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{rootDomain}}</code>). Are you sure you want to continue?",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
--- a/frontend/src/lib/i18n/locales/es-ES.json
+++ b/frontend/src/lib/i18n/locales/es-ES.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "Error al obtener la URL de OAuth",
    "loginOauthSuccessTitle": "Redireccionando",
    "loginOauthSuccessSubtitle": "Redireccionando a tu proveedor de OAuth",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continuar",
    "continueRedirectingTitle": "Redireccionando...",
    "continueRedirectingSubtitle": "Pronto será redirigido a la aplicación",
-    "continueInvalidRedirectTitle": "Redirección inválida",
+    "continueRedirectManually": "Redirect me manually",
    "continueInvalidRedirectSubtitle": "La URL de redirección es inválida",
    "continueInsecureRedirectTitle": "Redirección insegura",
    "continueInsecureRedirectSubtitle": "Está intentando redirigir desde <code>https</code> a <code>http</code> lo cual no es seguro. ¿Está seguro que desea continuar?",
-    "continueTitle": "Continuar",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueSubtitle": "Haga clic en el botón para continuar hacia su aplicación.",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "Fallo al cerrar sesión",
    "logoutFailSubtitle": "Por favor intente nuevamente",
    "logoutSuccessTitle": "Sesión cerrada",
@@ -44,8 +47,6 @@
    "unauthorizedGroupsSubtitle": "El usuario con nombre de usuario <code>{{username}}</code> no está en los grupos requeridos por el recurso <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Inténtelo de nuevo",
    "untrustedRedirectTitle": "Redirección no confiable",
    "untrustedRedirectSubtitle": "Está intentando redirigir a un dominio que no coincide con su dominio configurado (<code>{{domain}}</code>). ¿Está seguro que desea continuar?",
    "cancelTitle": "Cancelar",
    "forgotPasswordTitle": "¿Olvidó su contraseña?",
    "failedToFetchProvidersTitle": "Error al cargar los proveedores de autenticación. Por favor revise su configuración.",
@@ -53,5 +54,9 @@
    "errorSubtitle": "Ocurrió un error mientras se trataba de realizar esta acción. Por favor, revise la consola para más información.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Invalid input",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/lib/i18n/locales/fi-FI.json
+++ b/frontend/src/lib/i18n/locales/fi-FI.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
+    "continueRedirectManually": "Redirect me manually",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -44,8 +47,6 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
@@ -53,5 +54,9 @@
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Invalid input",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/lib/i18n/locales/fr-FR.json
+++ b/frontend/src/lib/i18n/locales/fr-FR.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "Impossible d'obtenir l'URL OAuth",
    "loginOauthSuccessTitle": "Redirection",
    "loginOauthSuccessSubtitle": "Redirection vers votre fournisseur OAuth",
    "loginOauthAutoRedirectTitle": "Redirection automatique OAuth",
    "loginOauthAutoRedirectSubtitle": "Vous allez être automatiquement redirigé vers votre fournisseur OAuth pour vous authentifier.",
    "loginOauthAutoRedirectButton": "Rediriger",
    "continueTitle": "Continuer",
    "continueRedirectingTitle": "Redirection...",
    "continueRedirectingSubtitle": "Vous devriez être redirigé vers l'application bientôt",
-    "continueInvalidRedirectTitle": "Redirection invalide",
+    "continueRedirectManually": "Redirection manuelle",
    "continueInvalidRedirectSubtitle": "L'URL de redirection est invalide",
    "continueInsecureRedirectTitle": "Redirection non sécurisée",
    "continueInsecureRedirectSubtitle": "Vous tentez de rediriger de <code>https</code> vers <code>http</code>, ce qui n'est pas sécurisé. Êtes-vous sûr de vouloir continuer ?",
-    "continueTitle": "Continuer",
+    "continueUntrustedRedirectTitle": "Redirection non sécurisée",
-    "continueSubtitle": "Cliquez sur le bouton pour continuer vers votre application.",
+    "continueUntrustedRedirectSubtitle": "Vous essayez de rediriger vers un domaine qui ne correspond pas à votre domaine configuré (<code>{{cookieDomain}}</code>). Êtes-vous sûr de vouloir continuer ?",
    "logoutFailTitle": "Échec de la déconnexion",
    "logoutFailSubtitle": "Veuillez réessayer",
    "logoutSuccessTitle": "Déconnecté",
@@ -38,20 +41,22 @@
    "totpSuccessSubtitle": "Redirection vers votre application",
    "totpTitle": "Saisissez votre code TOTP",
    "totpSubtitle": "Veuillez saisir le code de votre application d'authentification.",
-    "unauthorizedTitle": "Unauthorized",
+    "unauthorizedTitle": "Non autorisé",
    "unauthorizedResourceSubtitle": "L'utilisateur avec le nom d'utilisateur <code>{{username}}</code> n'est pas autorisé à accéder à la ressource <code>{{resource}}</code>.",
    "unauthorizedLoginSubtitle": "L'utilisateur avec le nom d'utilisateur <code>{{username}}</code> n'est pas autorisé à se connecter.",
    "unauthorizedGroupsSubtitle": "L'utilisateur avec le nom d'utilisateur <code>{{username}}</code> n'appartient pas aux groupes requis par la ressource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Votre adresse IP <code>{{ip}}</code> n'est pas autorisée à accéder à la ressource <code>{{resource}}</code>.",
    "unauthorizedButton": "Réessayer",
    "untrustedRedirectTitle": "Redirection non fiable",
    "untrustedRedirectSubtitle": "Vous tentez de rediriger vers un domaine qui ne correspond pas à votre domaine configuré (<code>{{domain}}</code>). Êtes-vous sûr de vouloir continuer ?",
    "cancelTitle": "Annuler",
    "forgotPasswordTitle": "Mot de passe oublié ?",
    "failedToFetchProvidersTitle": "Échec du chargement des fournisseurs d'authentification. Veuillez vérifier votre configuration.",
    "errorTitle": "Une erreur est survenue",
    "errorSubtitle": "Une erreur est survenue lors de l'exécution de cette action. Veuillez consulter la console pour plus d'informations.",
    "forgotPasswordMessage": "Vous pouvez réinitialiser votre mot de passe en modifiant la variable d'environnement `USERS`.",
-    "fieldRequired": "This field is required",
+    "fieldRequired": "Ce champ est obligatoire",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Saisie non valide",
    "domainWarningTitle": "Domaine invalide",
    "domainWarningSubtitle": "Cette instance est configurée pour être accédée depuis <code>{{appUrl}}</code>, mais <code>{{currentUrl}}</code> est utilisé. Si vous continuez, vous pourriez rencontrer des problèmes d'authentification.",
    "ignoreTitle": "Ignorer",
    "goToCorrectDomainTitle": "Aller au bon domaine"
 }
--- a/frontend/src/lib/i18n/locales/he-IL.json
+++ b/frontend/src/lib/i18n/locales/he-IL.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
+    "continueRedirectManually": "Redirect me manually",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -44,8 +47,6 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
@@ -53,5 +54,9 @@
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Invalid input",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/lib/i18n/locales/hu-HU.json
+++ b/frontend/src/lib/i18n/locales/hu-HU.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
+    "continueRedirectManually": "Redirect me manually",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -44,8 +47,6 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
@@ -53,5 +54,9 @@
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Invalid input",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/lib/i18n/locales/it-IT.json
+++ b/frontend/src/lib/i18n/locales/it-IT.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
+    "continueRedirectManually": "Redirect me manually",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -44,8 +47,6 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
@@ -53,5 +54,9 @@
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Invalid input",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/lib/i18n/locales/ja-JP.json
+++ b/frontend/src/lib/i18n/locales/ja-JP.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
+    "continueRedirectManually": "Redirect me manually",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -44,8 +47,6 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
@@ -53,5 +54,9 @@
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Invalid input",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/lib/i18n/locales/ko-KR.json
+++ b/frontend/src/lib/i18n/locales/ko-KR.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
+    "continueRedirectManually": "Redirect me manually",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -44,8 +47,6 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
@@ -53,5 +54,9 @@
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Invalid input",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/lib/i18n/locales/nl-NL.json
+++ b/frontend/src/lib/i18n/locales/nl-NL.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "Fout bij het ophalen van OAuth URL",
    "loginOauthSuccessTitle": "Omleiden",
    "loginOauthSuccessSubtitle": "Omleiden naar je OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Ga verder",
    "continueRedirectingTitle": "Omleiden...",
    "continueRedirectingSubtitle": "Je wordt naar de app doorgestuurd",
-    "continueInvalidRedirectTitle": "Ongeldige omleiding",
+    "continueRedirectManually": "Redirect me manually",
    "continueInvalidRedirectSubtitle": "De omleidings-URL is ongeldig",
    "continueInsecureRedirectTitle": "Onveilige doorverwijzing",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Ga verder",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueSubtitle": "Klik op de knop om door te gaan naar de app.",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "Afmelden mislukt",
    "logoutFailSubtitle": "Probeer het opnieuw",
    "logoutSuccessTitle": "Afgemeld",
@@ -44,8 +47,6 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Opnieuw proberen",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
@@ -53,5 +54,9 @@
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Invalid input",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/lib/i18n/locales/no-NO.json
+++ b/frontend/src/lib/i18n/locales/no-NO.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
+    "continueRedirectManually": "Redirect me manually",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -44,8 +47,6 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
@@ -53,5 +54,9 @@
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Invalid input",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/lib/i18n/locales/pl-PL.json
+++ b/frontend/src/lib/i18n/locales/pl-PL.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "Nie udało się uzyskać adresu URL OAuth",
    "loginOauthSuccessTitle": "Przekierowywanie",
    "loginOauthSuccessSubtitle": "Przekierowywanie do Twojego dostawcy OAuth",
    "loginOauthAutoRedirectTitle": "Automatyczne przekierowanie OAuth",
    "loginOauthAutoRedirectSubtitle": "Nastąpi automatyczne przekierowanie do dostawcy OAuth w celu uwierzytelnienia.",
    "loginOauthAutoRedirectButton": "Przekieruj teraz",
    "continueTitle": "Kontynuuj",
    "continueRedirectingTitle": "Przekierowywanie...",
    "continueRedirectingSubtitle": "Wkrótce powinieneś zostać przekierowany do aplikacji",
-    "continueInvalidRedirectTitle": "Nieprawidłowe przekierowanie",
+    "continueRedirectManually": "Przekieruj mnie ręcznie",
    "continueInvalidRedirectSubtitle": "Adres przekierowania jest nieprawidłowy",
    "continueInsecureRedirectTitle": "Niezabezpieczone przekierowanie",
    "continueInsecureRedirectSubtitle": "Próbujesz przekierować z <code>https</code> do <code>http</code>, co nie jest bezpieczne. Czy na pewno chcesz kontynuować?",
-    "continueTitle": "Kontynuuj",
+    "continueUntrustedRedirectTitle": "Niezaufane przekierowanie",
-    "continueSubtitle": "Kliknij przycisk, aby przejść do aplikacji.",
+    "continueUntrustedRedirectSubtitle": "Próbujesz przekierować do domeny, która nie pasuje do skonfigurowanej domeny (<code>{{cookieDomain}}</code>). Czy na pewno chcesz kontynuować?",
    "logoutFailTitle": "Nie udało się wylogować",
    "logoutFailSubtitle": "Spróbuj ponownie",
    "logoutSuccessTitle": "Wylogowano",
@@ -44,8 +47,6 @@
    "unauthorizedGroupsSubtitle": "Użytkownik o nazwie <code>{{username}}</code> nie należy do grup wymaganych przez zasób <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Twój adres IP <code>{{ip}}</code> nie ma autoryzacji do dostępu do zasobu <code>{{resource}}</code>.",
    "unauthorizedButton": "Spróbuj ponownie",
    "untrustedRedirectTitle": "Niezaufane przekierowanie",
    "untrustedRedirectSubtitle": "Próbujesz przekierować do domeny, która nie pasuje do Twojej skonfigurowanej domeny (<code>{{domain}}</code>). Czy na pewno chcesz kontynuować?",
    "cancelTitle": "Anuluj",
    "forgotPasswordTitle": "Nie pamiętasz hasła?",
    "failedToFetchProvidersTitle": "Nie udało się załadować dostawców uwierzytelniania. Sprawdź swoją konfigurację.",
@@ -53,5 +54,9 @@
    "errorSubtitle": "Wystąpił błąd podczas próby wykonania tej czynności. Sprawdź konsolę, aby uzyskać więcej informacji.",
    "forgotPasswordMessage": "Możesz zresetować hasło, zmieniając zmienną środowiskową `USERS`.",
    "fieldRequired": "To pole jest wymagane",
-    "invalidInput": "Nieprawidłowe dane wejściowe"
+    "invalidInput": "Nieprawidłowe dane wejściowe",
    "domainWarningTitle": "Nieprawidłowa domena",
    "domainWarningSubtitle": "Ta instancja jest skonfigurowana do uzyskania dostępu z <code>{{appUrl}}</code>, ale <code>{{currentUrl}}</code> jest w użyciu. Jeśli będziesz kontynuować, mogą wystąpić problemy z uwierzytelnianiem.",
    "ignoreTitle": "Zignoruj",
    "goToCorrectDomainTitle": "Przejdź do prawidłowej domeny"
 }
--- a/frontend/src/lib/i18n/locales/pt-BR.json
+++ b/frontend/src/lib/i18n/locales/pt-BR.json
@@ -1,34 +1,37 @@
 {
    "loginTitle": "Bem-vindo de volta, acesse com",
-    "loginTitleSimple": "Welcome back, please login",
+    "loginTitleSimple": "Bem-vindo de volta, faça o login",
-    "loginDivider": "Or",
+    "loginDivider": "Ou",
    "loginUsername": "Nome de usuário",
    "loginPassword": "Senha",
    "loginSubmit": "Entrar",
    "loginFailTitle": "Falha ao iniciar sessão",
    "loginFailSubtitle": "Por favor, verifique seu usuário e senha",
-    "loginFailRateLimit": "You failed to login too many times. Please try again later",
+    "loginFailRateLimit": "Você falhou em iniciar sessão muitas vezes, por favor tente novamente mais tarde",
    "loginSuccessTitle": "Sessão Iniciada",
    "loginSuccessSubtitle": "Bem-vindo de volta!",
-    "loginOauthFailTitle": "An error occurred",
+    "loginOauthFailTitle": "Ocorreu um erro",
    "loginOauthFailSubtitle": "Falha ao obter URL de OAuth",
    "loginOauthSuccessTitle": "Redirecionando",
    "loginOauthSuccessSubtitle": "Redirecionando para seu provedor OAuth",
    "loginOauthAutoRedirectTitle": "Redirecionamento automático do OAuth",
    "loginOauthAutoRedirectSubtitle": "Você será automaticamente redirecionado para seu provedor OAuth para autenticar.",
    "loginOauthAutoRedirectButton": "Redirecionar agora",
    "continueTitle": "Continuar",
    "continueRedirectingTitle": "Redirecionando...",
    "continueRedirectingSubtitle": "Você deve ser redirecionado para o aplicativo em breve",
-    "continueInvalidRedirectTitle": "Redirecionamento inválido",
+    "continueRedirectManually": "Redirecionar-me manualmente",
    "continueInvalidRedirectSubtitle": "O endereço de redirecionamento é inválido",
    "continueInsecureRedirectTitle": "Redirecionamento inseguro",
-    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
+    "continueInsecureRedirectSubtitle": "Você está tentando redirecionar de <Code>https</Code> para <Code>http</Code>, você tem certeza que deseja continuar?",
-    "continueTitle": "Continuar",
+    "continueUntrustedRedirectTitle": "Redirecionamento não confiável",
-    "continueSubtitle": "Clique no botão para continuar para o seu aplicativo.",
+    "continueUntrustedRedirectSubtitle": "Você está tentando redirecionar para um domínio que não corresponde ao seu domínio configurado (<code>{{cookieDomain}}</code>). Tem certeza que deseja continuar?",
    "logoutFailTitle": "Falha ao encerrar sessão",
    "logoutFailSubtitle": "Por favor, tente novamente",
    "logoutSuccessTitle": "Sessão encerrada",
    "logoutSuccessSubtitle": "Você foi desconectado",
    "logoutTitle": "Sair",
-    "logoutUsernameSubtitle": "You are currently logged in as <code>{{username}}</code>. Click the button below to logout.",
+    "logoutUsernameSubtitle": "Você está atualmente logado como <Code>{{username}}</Code>, clique no botão abaixo para sair.",
-    "logoutOauthSubtitle": "You are currently logged in as <code>{{username}}</code> using the {{provider}} OAuth provider. Click the button below to logout.",
+    "logoutOauthSubtitle": "Você está atualmente logado como <Code>{{username}}</Code> usando o provedor {{provider}} OAuth, clique no botão abaixo para sair.",
    "notFoundTitle": "Página não encontrada",
    "notFoundSubtitle": "A página que você está procurando não existe.",
    "notFoundButton": "Voltar para a tela inicial",
@@ -37,21 +40,23 @@
    "totpSuccessTitle": "Verificado",
    "totpSuccessSubtitle": "Redirecionando para o seu aplicativo",
    "totpTitle": "Insira o seu código TOTP",
-    "totpSubtitle": "Please enter the code from your authenticator app.",
+    "totpSubtitle": "Por favor, insira o código do seu aplicativo de autenticação.",
    "unauthorizedTitle": "Não autorizado",
-    "unauthorizedResourceSubtitle": "The user with username <code>{{username}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
+    "unauthorizedResourceSubtitle": "O usuário com nome de usuário <code>{{username}}</code> não está autorizado a acessar o recurso <code>{{resource}}</code>.",
-    "unauthorizedLoginSubtitle": "The user with username <code>{{username}}</code> is not authorized to login.",
+    "unauthorizedLoginSubtitle": "O usuário com o nome <code>{{username}}</code> não está autorizado a acessar.",
-    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
+    "unauthorizedGroupsSubtitle": "O usuário  <code>{{username}}</code> não está autorizado a acessar o recurso <code>{{resource}}</code>.",
-    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
+    "unauthorizedIpSubtitle": "Seu endereço IP <code>{{ip}}</code> não está autorizado a acessar o recurso <code>{{resource}}</code>.",
    "unauthorizedButton": "Tentar novamente",
    "untrustedRedirectTitle": "Redirecionamento não confiável",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancelar",
    "forgotPasswordTitle": "Esqueceu sua senha?",
-    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
+    "failedToFetchProvidersTitle": "Falha ao carregar provedores de autenticação. Verifique sua configuração.",
-    "errorTitle": "An error occurred",
+    "errorTitle": "Ocorreu um erro",
-    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
+    "errorSubtitle": "Ocorreu um erro ao tentar executar esta ação. Por favor, verifique o console para mais informações.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "forgotPasswordMessage": "Você pode redefinir sua senha alterando a variável de ambiente `USERS`.",
-    "fieldRequired": "This field is required",
+    "fieldRequired": "Este campo é obrigatório",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Entrada Inválida",
    "domainWarningTitle": "Domínio inválido",
    "domainWarningSubtitle": "Esta instância está configurada para ser acessada de <code>{{appUrl}}</code>, mas <code>{{currentUrl}}</code> está sendo usado. Se você continuar, você pode encontrar problemas com a autenticação.",
    "ignoreTitle": "Ignorar",
    "goToCorrectDomainTitle": "Ir para o domínio correto"
 }
--- a/frontend/src/lib/i18n/locales/pt-PT.json
+++ b/frontend/src/lib/i18n/locales/pt-PT.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
+    "continueRedirectManually": "Redirect me manually",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -44,8 +47,6 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
@@ -53,5 +54,9 @@
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Invalid input",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/lib/i18n/locales/ro-RO.json
+++ b/frontend/src/lib/i18n/locales/ro-RO.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
+    "continueRedirectManually": "Redirect me manually",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -44,8 +47,6 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
@@ -53,5 +54,9 @@
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Invalid input",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/lib/i18n/locales/ru-RU.json
+++ b/frontend/src/lib/i18n/locales/ru-RU.json
@@ -1,6 +1,6 @@
 {
    "loginTitle": "С возвращением, войти с",
-    "loginTitleSimple": "Вход",
+    "loginTitleSimple": "С возвращением, пожалуйста войдите",
    "loginDivider": "Или",
    "loginUsername": "Имя пользователя",
    "loginPassword": "Пароль",
@@ -8,24 +8,27 @@
    "loginFailTitle": "Вход не удался",
    "loginFailSubtitle": "Проверьте имя пользователя и пароль",
    "loginFailRateLimit": "Слишком много ошибок входа. Попробуйте позже",
-    "loginSuccessTitle": "Вы вошли",
+    "loginSuccessTitle": "Вход выполнен",
    "loginSuccessSubtitle": "С возвращением!",
    "loginOauthFailTitle": "Произошла ошибка",
-    "loginOauthFailSubtitle": "Не удалось получить OAuth URL",
+    "loginOauthFailSubtitle": "Не удалось получить ссылку OAuth",
    "loginOauthSuccessTitle": "Перенаправление",
    "loginOauthSuccessSubtitle": "Перенаправление к поставщику OAuth",
    "loginOauthAutoRedirectTitle": "OAuth автоматическое перенаправление",
    "loginOauthAutoRedirectSubtitle": "Вы будете автоматически перенаправлены для авторизации у вашего поставщика OAuth.",
    "loginOauthAutoRedirectButton": "Перенаправить сейчас",
    "continueTitle": "Продолжить",
    "continueRedirectingTitle": "Перенаправление...",
    "continueRedirectingSubtitle": "Скоро вы будете перенаправлены в приложение",
-    "continueInvalidRedirectTitle": "Неверное перенаправление",
+    "continueRedirectManually": "Перенаправить вручную",
    "continueInvalidRedirectSubtitle": "URL перенаправления недействителен",
    "continueInsecureRedirectTitle": "Небезопасное перенаправление",
    "continueInsecureRedirectSubtitle": "Попытка перенаправления с <code>https</code> на <code>http</code>, уверены, что хотите продолжить?",
-    "continueTitle": "Продолжить",
+    "continueUntrustedRedirectTitle": "Недоверенное перенаправление",
-    "continueSubtitle": "Нажмите на кнопку, чтобы перейти к приложению.",
+    "continueUntrustedRedirectSubtitle": "Вы пытаетесь перенаправить на домен, который не соответствует вашему настроенному домену (<code>{{cookieDomain}}</code>). Вы уверены, что хотите продолжить?",
    "logoutFailTitle": "Не удалось выйти",
    "logoutFailSubtitle": "Попробуйте ещё раз",
    "logoutSuccessTitle": "Выход",
-    "logoutSuccessSubtitle": "Вы вышли из системы",
+    "logoutSuccessSubtitle": "Вы вышли",
    "logoutTitle": "Выйти",
    "logoutUsernameSubtitle": "Вход выполнен как <code>{{username}}</code>, нажмите на кнопку ниже, чтобы выйти.",
    "logoutOauthSubtitle": "Вход выполнен как <code>{{username}}</code> с использованием {{provider}} OAuth, нажмите кнопку ниже, чтобы выйти.",
@@ -37,21 +40,23 @@
    "totpSuccessTitle": "Подтверждён",
    "totpSuccessSubtitle": "Перенаправление в приложение",
    "totpTitle": "Введите код TOTP",
-    "totpSubtitle": "Пожалуйста, введите код из вашего приложения — аутентификатора.",
+    "totpSubtitle": "Пожалуйста, введите код из вашего приложения авторизации.",
-    "unauthorizedTitle": "Доступ запрещен",
+    "unauthorizedTitle": "Доступ запрещён",
-    "unauthorizedResourceSubtitle": "Пользователю <code>{{username}}</code> не разрешен доступ к <code>{{resource}}</code>.",
+    "unauthorizedResourceSubtitle": "Пользователю <code>{{username}}</code> не разрешён доступ к <code>{{resource}}</code>.",
-    "unauthorizedLoginSubtitle": "Пользователю <code>{{username}}</code> не разрешен вход.",
+    "unauthorizedLoginSubtitle": "Пользователю <code>{{username}}</code> не разрешён вход.",
-    "unauthorizedGroupsSubtitle": "Пользователь <code>{{username}}</code> не состоит в группах, которым разрешен доступ к <code>{{resource}}</code>.",
+    "unauthorizedGroupsSubtitle": "Пользователь <code>{{username}}</code> не состоит в группах, которым разрешён доступ к <code>{{resource}}</code>.",
-    "unauthorizedIpSubtitle": "Ваш IP адрес <code>{{ip}}</code> не авторизован для доступа к ресурсу <code>{{resource}}</code>.",
+    "unauthorizedIpSubtitle": "Вашему IP-адресу <code>{{ip}}</code> не разрешён доступ к ресурсу <code>{{resource}}</code>.",
    "unauthorizedButton": "Повторить",
    "untrustedRedirectTitle": "Ненадежное перенаправление",
    "untrustedRedirectSubtitle": "Попытка перенаправить на домен, который не соответствует вашему заданному домену (<code>{{domain}}</code>). Уверены, что хотите продолжить?",
    "cancelTitle": "Отмена",
    "forgotPasswordTitle": "Забыли пароль?",
-    "failedToFetchProvidersTitle": "Не удалось загрузить провайдеров аутентификации. Пожалуйста, проверьте конфигурацию.",
+    "failedToFetchProvidersTitle": "Не удалось загрузить поставщика авторизации. Пожалуйста, проверьте конфигурацию.",
    "errorTitle": "Произошла ошибка",
    "errorSubtitle": "Произошла ошибка при попытке выполнить это действие. Проверьте консоль для дополнительной информации.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "forgotPasswordMessage": "Вы можете сбросить свой пароль, изменив переменную окружения `USERS`.",
-    "fieldRequired": "This field is required",
+    "fieldRequired": "Это поле является обязательным",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Недопустимый ввод",
    "domainWarningTitle": "Неверный домен",
    "domainWarningSubtitle": "Этот экземпляр настроен на доступ к нему из <code>{{appUrl}}</code>, но <code>{{currentUrl}}</code> в настоящее время используется. Если вы продолжите, то могут возникнуть проблемы с авторизацией.",
    "ignoreTitle": "Игнорировать",
    "goToCorrectDomainTitle": "Перейти к правильному домену"
 }
--- a/frontend/src/lib/i18n/locales/sr-SP.json
+++ b/frontend/src/lib/i18n/locales/sr-SP.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "Неуспело преузимање OAuth адресе",
    "loginOauthSuccessTitle": "Преусмеравање",
    "loginOauthSuccessSubtitle": "Преусмеравање на вашег OAuth провајдера",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Настави",
    "continueRedirectingTitle": "Преусмеравање...",
    "continueRedirectingSubtitle": "Требали би сте ускоро да будете преусмерени на апликацију",
-    "continueInvalidRedirectTitle": "Неисправно преусмеравање",
+    "continueRedirectManually": "Redirect me manually",
    "continueInvalidRedirectSubtitle": "Адреса за преусмеравање није исправна",
    "continueInsecureRedirectTitle": "Небезбедно преусмеравање",
    "continueInsecureRedirectSubtitle": "Покушавате да преусмерите са <code>https</code> на <code>http</code> што није безбедно. Да ли желите да наставите?",
-    "continueTitle": "Настави",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueSubtitle": "Кликните на дугме да би сте наставили на нашу апликацију.",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "Неуспешно одјављивање",
    "logoutFailSubtitle": "Молим вас покушајте поново",
    "logoutSuccessTitle": "Одјављени",
@@ -44,8 +47,6 @@
    "unauthorizedGroupsSubtitle": "Корисник са корисничким именом <code>{{username}}</code> није у групама које захтева ресурс <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Ваша IP адреса <code>{{ip}}</code> није ауторизована да приступи ресурсу <code>{{resource}}</code>.",
    "unauthorizedButton": "Покушајте поново",
    "untrustedRedirectTitle": "Преусмерење без поверења",
    "untrustedRedirectSubtitle": "Покушавате да преусмерите на домен који се не поклапа са подешеним доменом (<code>{{domain}}</code>). Да ли желите да наставите?",
    "cancelTitle": "Поништи",
    "forgotPasswordTitle": "Заборавили сте лозинку?",
    "failedToFetchProvidersTitle": "Није успело учитавање провајдера аутентификације. Молим вас проверите ваша подешавања.",
@@ -53,5 +54,9 @@
    "errorSubtitle": "Појавила се грешка при покушају извршавања ове радње. Молим вас проверите конзолу за додатне информације.",
    "forgotPasswordMessage": "Можете поништити вашу лозинку променом `USERS` променљиве окружења.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Invalid input",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/lib/i18n/locales/sv-SE.json
+++ b/frontend/src/lib/i18n/locales/sv-SE.json
@@ -1,32 +1,35 @@
 {
-    "loginTitle": "Welcome back, login with",
+    "loginTitle": "Välkommen tillbaka, logga in med",
-    "loginTitleSimple": "Welcome back, please login",
+    "loginTitleSimple": "Välkommen tillbaka, logga in",
-    "loginDivider": "Or",
+    "loginDivider": "Eller",
-    "loginUsername": "Username",
+    "loginUsername": "Användarnamn",
-    "loginPassword": "Password",
+    "loginPassword": "Lösenord",
-    "loginSubmit": "Login",
+    "loginSubmit": "Logga in",
-    "loginFailTitle": "Failed to log in",
+    "loginFailTitle": "Kunde inte logga in",
-    "loginFailSubtitle": "Please check your username and password",
+    "loginFailSubtitle": "Kontrollera ditt användarnamn och lösenord",
-    "loginFailRateLimit": "You failed to login too many times. Please try again later",
+    "loginFailRateLimit": "Du misslyckades med att logga in för många gånger. Försök igen senare",
-    "loginSuccessTitle": "Logged in",
+    "loginSuccessTitle": "Inloggad",
-    "loginSuccessSubtitle": "Welcome back!",
+    "loginSuccessSubtitle": "Välkommen tillbaka!",
-    "loginOauthFailTitle": "An error occurred",
+    "loginOauthFailTitle": "Ett fel har uppstått",
-    "loginOauthFailSubtitle": "Failed to get OAuth URL",
+    "loginOauthFailSubtitle": "Kunde inte hämta OAuth URL",
-    "loginOauthSuccessTitle": "Redirecting",
+    "loginOauthSuccessTitle": "Omdirigerar",
-    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
+    "loginOauthSuccessSubtitle": "Omdirigera till din OAuth leverantör",
-    "continueRedirectingTitle": "Redirecting...",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
-    "continueRedirectingSubtitle": "You should be redirected to the app soon",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
-    "continueInvalidRedirectTitle": "Invalid redirect",
+    "loginOauthAutoRedirectButton": "Redirect now",
-    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
+    "continueTitle": "Fortsätt",
-    "continueInsecureRedirectTitle": "Insecure redirect",
+    "continueRedirectingTitle": "Omdirigerar...",
-    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
+    "continueRedirectingSubtitle": "Du bör omdirigeras till appen snart",
-    "continueTitle": "Continue",
+    "continueRedirectManually": "Redirect me manually",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueInsecureRedirectTitle": "Osäker omdirigering",
-    "logoutFailTitle": "Failed to log out",
+    "continueInsecureRedirectSubtitle": "Du försöker omdirigera från <code>https</code> till <code>http</code> som inte är säker. Är du säker på att du vill fortsätta?",
-    "logoutFailSubtitle": "Please try again",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "logoutSuccessTitle": "Logged out",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
-    "logoutSuccessSubtitle": "You have been logged out",
+    "logoutFailTitle": "Kunde inte logga ut.",
-    "logoutTitle": "Logout",
+    "logoutFailSubtitle": "Vänligen försök igen",
    "logoutSuccessTitle": "Utloggad",
    "logoutSuccessSubtitle": "Du har blivit utloggad",
    "logoutTitle": "Logga ut",
    "logoutUsernameSubtitle": "You are currently logged in as <code>{{username}}</code>. Click the button below to logout.",
    "logoutOauthSubtitle": "You are currently logged in as <code>{{username}}</code> using the {{provider}} OAuth provider. Click the button below to logout.",
    "notFoundTitle": "Page not found",
@@ -38,14 +41,12 @@
    "totpSuccessSubtitle": "Redirecting to your app",
    "totpTitle": "Enter your TOTP code",
    "totpSubtitle": "Please enter the code from your authenticator app.",
-    "unauthorizedTitle": "Unauthorized",
+    "unauthorizedTitle": "Obehörig",
    "unauthorizedResourceSubtitle": "The user with username <code>{{username}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedLoginSubtitle": "The user with username <code>{{username}}</code> is not authorized to login.",
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
@@ -53,5 +54,9 @@
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Invalid input",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/lib/i18n/locales/tr-TR.json
+++ b/frontend/src/lib/i18n/locales/tr-TR.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Yönlendiriliyor",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Devam et",
    "continueRedirectingTitle": "Yönlendiriliyor...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
+    "continueRedirectManually": "Redirect me manually",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Devam et",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Lütfen tekrar deneyin",
    "logoutSuccessTitle": "Çıkış yapıldı",
@@ -44,8 +47,6 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "İptal",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
@@ -53,5 +54,9 @@
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Invalid input",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/lib/i18n/locales/uk-UA.json
+++ b/frontend/src/lib/i18n/locales/uk-UA.json
@@ -1,5 +1,5 @@
 {
-    "loginTitle": "Welcome back, login with",
+    "loginTitle": "З поверненням, увійдіть через",
    "loginTitleSimple": "Welcome back, please login",
    "loginDivider": "Or",
    "loginUsername": "Username",
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
+    "continueRedirectManually": "Redirect me manually",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -44,8 +47,6 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
@@ -53,5 +54,9 @@
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Invalid input",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/lib/i18n/locales/vi-VN.json
+++ b/frontend/src/lib/i18n/locales/vi-VN.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
+    "continueRedirectManually": "Redirect me manually",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -44,8 +47,6 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
@@ -53,5 +54,9 @@
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Invalid input",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/lib/i18n/locales/zh-CN.json
+++ b/frontend/src/lib/i18n/locales/zh-CN.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "获取 OAuth URL 失败",
    "loginOauthSuccessTitle": "重定向中",
    "loginOauthSuccessSubtitle": "重定向到您的 OAuth 提供商",
    "loginOauthAutoRedirectTitle": "OAuth自动重定向",
    "loginOauthAutoRedirectSubtitle": "您将被自动重定向到您的 OAuth 提供商进行身份验证。",
    "loginOauthAutoRedirectButton": "立即跳转",
    "continueTitle": "继续",
    "continueRedirectingTitle": "正在重定向……",
    "continueRedirectingSubtitle": "您应该很快被重定向到应用",
-    "continueInvalidRedirectTitle": "无效的重定向",
+    "continueRedirectManually": "请手动跳转",
    "continueInvalidRedirectSubtitle": "重定向URL无效",
    "continueInsecureRedirectTitle": "不安全的重定向",
    "continueInsecureRedirectSubtitle": "您正在尝试从<code>https</code>重定向到<code>http</code>可能存在风险。您确定要继续吗？",
-    "continueTitle": "继续",
+    "continueUntrustedRedirectTitle": "不可信的重定向",
-    "continueSubtitle": "点击按钮以继续您的应用。",
+    "continueUntrustedRedirectSubtitle": "您尝试跳转的域名与配置的域名（<code>{{cookieDomain}}</code>）不匹配。是否继续？",
    "logoutFailTitle": "注销失败",
    "logoutFailSubtitle": "请重试",
    "logoutSuccessTitle": "已登出",
@@ -30,7 +33,7 @@
    "logoutUsernameSubtitle": "您当前登录用户为<code>{{username}}</code>。点击下方按钮注销。",
    "logoutOauthSubtitle": "您当前以<code>{{username}}</code>登录，使用的是{{provider}} OAuth 提供商。点击下方按钮注销。",
    "notFoundTitle": "无法找到页面",
-    "notFoundSubtitle": "您正在查找的页面不存在。",
+    "notFoundSubtitle": "您访问的页面不存在。",
    "notFoundButton": "回到主页",
    "totpFailTitle": "无法验证代码",
    "totpFailSubtitle": "请检查您的代码并重试",
@@ -42,16 +45,18 @@
    "unauthorizedResourceSubtitle": "用户名为<code>{{username}}</code>的用户无权访问资源<code>{{resource}}</code>。",
    "unauthorizedLoginSubtitle": "用户名为<code>{{username}}</code>的用户无权登录。",
    "unauthorizedGroupsSubtitle": "用户名为<code>{{username}}</code>的用户不在资源<code>{{resource}}</code>所需的组中。",
-    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
+    "unauthorizedIpSubtitle": "用户 <code>{{ip}}</code> 无权访问资源 <code>{{resource}}</code>。",
    "unauthorizedButton": "重试",
    "untrustedRedirectTitle": "不可信的重定向",
    "untrustedRedirectSubtitle": "您正在尝试重定向到一个与您已配置的域名 (<code>{{domain}}</code>) 不匹配的域名。您确定要继续吗？",
    "cancelTitle": "取消",
    "forgotPasswordTitle": "忘记密码？",
    "failedToFetchProvidersTitle": "加载身份验证提供程序失败，请检查您的配置。",
    "errorTitle": "发生了错误",
    "errorSubtitle": "执行此操作时发生错误，请检查控制台以获取更多信息。",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "forgotPasswordMessage": "您可以通过更改 `USERS ` 环境变量重置您的密码。",
-    "fieldRequired": "This field is required",
+    "fieldRequired": "必添字段",
-    "invalidInput": "Invalid input"
+    "invalidInput": "无效的输入",
    "domainWarningTitle": "无效域名",
    "domainWarningSubtitle": "当前实例配置的访问地址为 <code>{{appUrl}}</code>，但您正在使用 <code>{{currentUrl}}</code>。若继续操作，可能会遇到身份验证问题。",
    "ignoreTitle": "忽略",
    "goToCorrectDomainTitle": "转到正确的域名"
 }
--- a/frontend/src/lib/i18n/locales/zh-TW.json
+++ b/frontend/src/lib/i18n/locales/zh-TW.json
@@ -14,14 +14,17 @@
    "loginOauthFailSubtitle": "無法取得 OAuth 網址",
    "loginOauthSuccessTitle": "重新導向中",
    "loginOauthSuccessSubtitle": "正在將您重新導向至 OAuth 供應商",
    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
    "loginOauthAutoRedirectButton": "Redirect now",
    "continueTitle": "繼續",
    "continueRedirectingTitle": "重新導向中……",
    "continueRedirectingSubtitle": "您即將被重新導向至應用程式",
-    "continueInvalidRedirectTitle": "無效的重新導向",
+    "continueRedirectManually": "Redirect me manually",
    "continueInvalidRedirectSubtitle": "重新導向的網址無效",
    "continueInsecureRedirectTitle": "不安全的重新導向",
    "continueInsecureRedirectSubtitle": "您正嘗試從安全的 <code>https</code> 重新導向至不安全的 <code>http</code>。您確定要繼續嗎？",
-    "continueTitle": "繼續",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueSubtitle": "點擊按鈕以繼續前往您的應用程式。",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "登出失敗",
    "logoutFailSubtitle": "請再試一次",
    "logoutSuccessTitle": "登出成功",
@@ -44,8 +47,6 @@
    "unauthorizedGroupsSubtitle": "使用者 <code>{{username}}</code> 不在存取資源 <code>{{resource}}</code> 所需的群組中。",
    "unauthorizedIpSubtitle": "您的 IP 位址 <code>{{ip}}</code> 未被授權存取資源 <code>{{resource}}</code>。",
    "unauthorizedButton": "再試一次",
    "untrustedRedirectTitle": "不受信任的重新導向",
    "untrustedRedirectSubtitle": "您正嘗試重新導向至的網域與您設定的網域 (<code>{{domain}}</code>) 不符。您確定要繼續嗎？",
    "cancelTitle": "取消",
    "forgotPasswordTitle": "忘記密碼？",
    "failedToFetchProvidersTitle": "載入驗證供應商失敗。請檢查您的設定。",
@@ -53,5 +54,9 @@
    "errorSubtitle": "執行此操作時發生錯誤。請檢查主控台以獲取更多資訊。",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Invalid input",
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/pages/continue-page.tsx
+++ b/frontend/src/pages/continue-page.tsx
@@ -14,7 +14,7 @@ import { Navigate, useLocation, useNavigate } from "react-router";
 import { useEffect, useState } from "react";
 export const ContinuePage = () => {
-  const { rootDomain } = useAppContext();
+  const { cookieDomain } = useAppContext();
  const { isLoggedIn } = useUserContext();
  const { search } = useLocation();
  const { t } = useTranslation();
@@ -33,8 +33,8 @@ export const ContinuePage = () => {
    : null;
  const isTrustedRedirectUri =
    redirectUriObj !== null
-      ? redirectUriObj.hostname === rootDomain ||
+      ? redirectUriObj.hostname === cookieDomain ||
-        redirectUriObj.hostname.endsWith(`.${rootDomain}`)
+        redirectUriObj.hostname.endsWith(`.${cookieDomain}`)
      : false;
  const isAllowedRedirectProto =
    redirectUriObj !== null
@@ -70,7 +70,7 @@ export const ContinuePage = () => {
    const reveal = setTimeout(() => {
      setLoading(false);
      setShowRedirectButton(true);
-    }, 1000);
+    }, 5000);
    return () => {
      clearTimeout(auto);
@@ -105,7 +105,7 @@ export const ContinuePage = () => {
              components={{
                code: <code />,
              }}
-              values={{ rootDomain }}
+              values={{ cookieDomain }}
            />
          </CardDescription>
        </CardHeader>
--- a/frontend/src/pages/login-page.tsx
+++ b/frontend/src/pages/login-page.tsx
@@ -1,13 +1,18 @@
 import { LoginForm } from "@/components/auth/login-form";
 import { GenericIcon } from "@/components/icons/generic";
 import { GithubIcon } from "@/components/icons/github";
 import { GoogleIcon } from "@/components/icons/google";
 import { MicrosoftIcon } from "@/components/icons/microsoft";
 import { OAuthIcon } from "@/components/icons/oauth";
 import { PocketIDIcon } from "@/components/icons/pocket-id";
 import { TailscaleIcon } from "@/components/icons/tailscale";
 import { Button } from "@/components/ui/button";
 import {
  Card,
  CardHeader,
  CardTitle,
  CardDescription,
  CardContent,
  CardFooter,
 } from "@/components/ui/card";
 import { OAuthButton } from "@/components/ui/oauth-button";
 import { SeperatorWithChildren } from "@/components/ui/separator";
@@ -17,28 +22,40 @@ import { useIsMounted } from "@/lib/hooks/use-is-mounted";
 import { LoginSchema } from "@/schemas/login-schema";
 import { useMutation } from "@tanstack/react-query";
 import axios, { AxiosError } from "axios";
-import { useEffect, useRef } from "react";
+import { useEffect, useRef, useState } from "react";
 import { useTranslation } from "react-i18next";
 import { Navigate, useLocation } from "react-router";
 import { toast } from "sonner";
 const iconMap: Record<string, React.ReactNode> = {
  google: <GoogleIcon />,
  github: <GithubIcon />,
  tailscale: <TailscaleIcon />,
  microsoft: <MicrosoftIcon />,
  pocketid: <PocketIDIcon />,
 };
 export const LoginPage = () => {
  const { isLoggedIn } = useUserContext();
-  const { configuredProviders, title, oauthAutoRedirect, genericName } =
+  const { providers, title, oauthAutoRedirect } = useAppContext();
    useAppContext();
  const { search } = useLocation();
  const { t } = useTranslation();
  const isMounted = useIsMounted();
  const [oauthAutoRedirectHandover, setOauthAutoRedirectHandover] =
    useState(false);
  const [showRedirectButton, setShowRedirectButton] = useState(false);
  const redirectTimer = useRef<number | null>(null);
  const redirectButtonTimer = useRef<number | null>(null);
  const searchParams = new URLSearchParams(search);
  const redirectUri = searchParams.get("redirect_uri");
-  const oauthConfigured =
+  const oauthProviders = providers.filter(
-    configuredProviders.filter((provider) => provider !== "username").length >
+    (provider) => provider.id !== "username",
-    0;
+  );
-  const userAuthConfigured = configuredProviders.includes("username");
+  const userAuthConfigured =
    providers.find((provider) => provider.id === "username") !== undefined;
  const oauthMutation = useMutation({
    mutationFn: (provider: string) =>
@@ -56,6 +73,7 @@ export const LoginPage = () => {
      }, 500);
    },
    onError: () => {
      setOauthAutoRedirectHandover(false);
      toast.error(t("loginOauthFailTitle"), {
        description: t("loginOauthFailSubtitle"),
      });
@@ -96,12 +114,16 @@ export const LoginPage = () => {
  useEffect(() => {
    if (isMounted()) {
      if (
-        oauthConfigured &&
+        oauthProviders.length !== 0 &&
-        configuredProviders.includes(oauthAutoRedirect) &&
+        providers.find((provider) => provider.id === oauthAutoRedirect) &&
        !isLoggedIn &&
        redirectUri
      ) {
        setOauthAutoRedirectHandover(true);
        oauthMutation.mutate(oauthAutoRedirect);
        redirectButtonTimer.current = window.setTimeout(() => {
          setShowRedirectButton(true);
        }, 5000);
      }
    }
  }, []);
@@ -109,6 +131,8 @@ export const LoginPage = () => {
  useEffect(
    () => () => {
      if (redirectTimer.current) clearTimeout(redirectTimer.current);
      if (redirectButtonTimer.current)
        clearTimeout(redirectButtonTimer.current);
    },
    [],
  );
@@ -126,61 +150,63 @@ export const LoginPage = () => {
    return <Navigate to="/logout" replace />;
  }
  if (oauthAutoRedirectHandover) {
    return (
      <Card className="min-w-xs sm:min-w-sm">
        <CardHeader>
          <CardTitle className="text-3xl">
            {t("loginOauthAutoRedirectTitle")}
          </CardTitle>
          <CardDescription>
            {t("loginOauthAutoRedirectSubtitle")}
          </CardDescription>
        </CardHeader>
        {showRedirectButton && (
          <CardFooter className="flex flex-col items-stretch">
            <Button
              onClick={() => {
                window.location.replace(oauthMutation.data?.data.url);
              }}
            >
              {t("loginOauthAutoRedirectButton")}
            </Button>
          </CardFooter>
        )}
      </Card>
    );
  }
  return (
    <Card className="min-w-xs sm:min-w-sm">
      <CardHeader>
        <CardTitle className="text-center text-3xl">{title}</CardTitle>
-        {configuredProviders.length > 0 && (
+        {providers.length > 0 && (
          <CardDescription className="text-center">
-            {oauthConfigured ? t("loginTitle") : t("loginTitleSimple")}
+            {oauthProviders.length !== 0
              ? t("loginTitle")
              : t("loginTitleSimple")}
          </CardDescription>
        )}
      </CardHeader>
      <CardContent className="flex flex-col gap-4">
-        {oauthConfigured && (
+        {oauthProviders.length !== 0 && (
          <div className="flex flex-col gap-2 items-center justify-center">
-            {configuredProviders.includes("google") && (
+            {oauthProviders.map((provider) => (
              <OAuthButton
-                title="Google"
+                key={provider.id}
-                icon={<GoogleIcon />}
+                title={provider.name}
                icon={iconMap[provider.id] ?? <OAuthIcon />}
                className="w-full"
-                onClick={() => oauthMutation.mutate("google")}
+                onClick={() => oauthMutation.mutate(provider.id)}
                loading={
                  oauthMutation.isPending &&
-                  oauthMutation.variables === "google"
+                  oauthMutation.variables === provider.id
                }
                disabled={oauthMutation.isPending || loginMutation.isPending}
              />
-            )}
+            ))}
            {configuredProviders.includes("github") && (
              <OAuthButton
                title="Github"
                icon={<GithubIcon />}
                className="w-full"
                onClick={() => oauthMutation.mutate("github")}
                loading={
                  oauthMutation.isPending &&
                  oauthMutation.variables === "github"
                }
                disabled={oauthMutation.isPending || loginMutation.isPending}
              />
            )}
            {configuredProviders.includes("generic") && (
              <OAuthButton
                title={genericName}
                icon={<GenericIcon />}
                className="w-full"
                onClick={() => oauthMutation.mutate("generic")}
                loading={
                  oauthMutation.isPending &&
                  oauthMutation.variables === "generic"
                }
                disabled={oauthMutation.isPending || loginMutation.isPending}
              />
            )}
          </div>
        )}
-        {userAuthConfigured && oauthConfigured && (
+        {userAuthConfigured && oauthProviders.length !== 0 && (
          <SeperatorWithChildren>{t("loginDivider")}</SeperatorWithChildren>
        )}
        {userAuthConfigured && (
@@ -189,7 +215,7 @@ export const LoginPage = () => {
            loading={loginMutation.isPending || oauthMutation.isPending}
          />
        )}
-        {configuredProviders.length == 0 && (
+        {providers.length == 0 && (
          <p className="text-center text-red-600 max-w-sm">
            {t("failedToFetchProvidersTitle")}
          </p>
--- a/frontend/src/pages/logout-page.tsx
+++ b/frontend/src/pages/logout-page.tsx
@@ -6,9 +6,7 @@ import {
  CardHeader,
  CardTitle,
 } from "@/components/ui/card";
 import { useAppContext } from "@/context/app-context";
 import { useUserContext } from "@/context/user-context";
 import { capitalize } from "@/lib/utils";
 import { useMutation } from "@tanstack/react-query";
 import axios from "axios";
 import { useEffect, useRef } from "react";
@@ -17,8 +15,7 @@ import { Navigate } from "react-router";
 import { toast } from "sonner";
 export const LogoutPage = () => {
-  const { provider, username, isLoggedIn, email } = useUserContext();
+  const { provider, username, isLoggedIn, email, oauthName } = useUserContext();
  const { genericName } = useAppContext();
  const { t } = useTranslation();
  const redirectTimer = useRef<number | null>(null);
@@ -67,8 +64,7 @@ export const LogoutPage = () => {
              }}
              values={{
                username: email,
-                provider:
+                provider: oauthName,
                  provider === "generic" ? genericName : capitalize(provider),
              }}
            />
          ) : (
--- a/frontend/src/schemas/app-context-schema.ts
+++ b/frontend/src/schemas/app-context-schema.ts
@@ -1,14 +1,19 @@
 import { z } from "zod";
 export const providerSchema = z.object({
  id: z.string(),
  name: z.string(),
  oauth: z.boolean(),
 });
 export const appContextSchema = z.object({
-  configuredProviders: z.array(z.string()),
+  providers: z.array(providerSchema),
  title: z.string(),
  genericName: z.string(),
  appUrl: z.string(),
-  rootDomain: z.string(),
+  cookieDomain: z.string(),
  forgotPasswordMessage: z.string(),
  oauthAutoRedirect: z.enum(["none", "github", "google", "generic"]),
  backgroundImage: z.string(),
  oauthAutoRedirect: z.string(),
 });
 export type AppContextSchema = z.infer<typeof appContextSchema>;
--- a/frontend/src/schemas/user-context-schema.ts
+++ b/frontend/src/schemas/user-context-schema.ts
@@ -8,6 +8,7 @@ export const userContextSchema = z.object({
  provider: z.string(),
  oauth: z.boolean(),
  totpPending: z.boolean(),
  oauthName: z.string(),
 });
 export type UserContextSchema = z.infer<typeof userContextSchema>;
--- a/go.mod
+++ b/go.mod
@@ -1,23 +1,27 @@
 module tinyauth
-go 1.23.2
+go 1.24.0
 toolchain go1.24.3
 require (
 	github.com/cenkalti/backoff/v5 v5.0.3
-	github.com/gin-gonic/gin v1.10.1
+	github.com/gin-gonic/gin v1.11.0
-	github.com/go-playground/validator/v10 v10.27.0
+	github.com/glebarez/sqlite v1.11.0
-	github.com/golang-migrate/migrate/v4 v4.18.3
+	github.com/go-playground/validator/v10 v10.28.0
 	github.com/golang-migrate/migrate/v4 v4.19.0
 	github.com/google/go-querystring v1.1.0
 	github.com/google/uuid v1.6.0
 	github.com/mdp/qrterminal/v3 v3.2.1
 	github.com/rs/zerolog v1.34.0
-	github.com/spf13/cobra v1.9.1
+	github.com/spf13/cobra v1.10.1
-	github.com/spf13/viper v1.20.1
+	github.com/spf13/viper v1.21.0
 	github.com/traefik/paerser v0.2.2
-	golang.org/x/crypto v0.41.0
+	github.com/weppos/publicsuffix-go v0.50.0
-	gorm.io/driver/sqlite v1.6.0
+	golang.org/x/crypto v0.42.0
-	gorm.io/gorm v1.30.1
+	golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b
-	modernc.org/sqlite v1.38.2
+	gorm.io/gorm v1.31.0
 	gotest.tools/v3 v3.5.2
 )
 require (
@@ -28,9 +32,10 @@ require (
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/glebarez/go-sqlite v1.21.2 // indirect
 	github.com/glebarez/sqlite v1.11.0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
 	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
 	github.com/goccy/go-yaml v1.18.0 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
@@ -39,17 +44,22 @@ require (
 	github.com/moby/sys/atomicwriter v0.1.0 // indirect
 	github.com/moby/term v0.5.2 // indirect
 	github.com/ncruces/go-strftime v0.1.9 // indirect
 	github.com/quic-go/qpack v0.5.1 // indirect
 	github.com/quic-go/quic-go v0.54.0 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.34.0 // indirect
-	golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
+	go.uber.org/mock v0.5.0 // indirect
-	golang.org/x/term v0.34.0 // indirect
+	go.yaml.in/yaml/v3 v3.0.4 // indirect
-	gotest.tools/v3 v3.5.2 // indirect
+	golang.org/x/mod v0.27.0 // indirect
 	golang.org/x/term v0.35.0 // indirect
 	golang.org/x/tools v0.36.0 // indirect
 	modernc.org/libc v1.66.3 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
 	modernc.org/memory v1.11.0 // indirect
 	modernc.org/sqlite v1.38.2 // indirect
 	rsc.io/qr v0.2.0 // indirect
 )
@@ -58,8 +68,8 @@ require (
 	github.com/atotto/clipboard v0.1.4 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/boombuler/barcode v1.0.2 // indirect
-	github.com/bytedance/sonic v1.12.7 // indirect
+	github.com/bytedance/sonic v1.14.0 // indirect
-	github.com/bytedance/sonic/loader v0.2.3 // indirect
+	github.com/bytedance/sonic/loader v0.3.0 // indirect
 	github.com/catppuccin/go v0.3.0 // indirect
 	github.com/charmbracelet/bubbles v0.21.0 // indirect
 	github.com/charmbracelet/bubbletea v1.3.4 // indirect
@@ -68,29 +78,26 @@ require (
 	github.com/charmbracelet/x/ansi v0.8.0 // indirect
 	github.com/charmbracelet/x/exp/strings v0.0.0-20240722160745-212f7b056ed0 // indirect
 	github.com/charmbracelet/x/term v0.2.1 // indirect
-	github.com/cloudwego/base64x v0.1.4 // indirect
+	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
-	github.com/docker/docker v28.3.3+incompatible
+	github.com/docker/docker v28.5.0+incompatible
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/fsnotify/fsnotify v1.8.0 // indirect
+	github.com/fsnotify/fsnotify v1.9.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.10 // indirect
-	github.com/gin-contrib/sse v1.0.0 // indirect
+	github.com/gin-contrib/sse v1.1.0 // indirect
-	github.com/go-ldap/ldap/v3 v3.4.11
+	github.com/go-ldap/ldap/v3 v3.4.12
-	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/goccy/go-json v0.10.4 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/gorilla/sessions v1.4.0
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.9 // indirect
+	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
@@ -106,30 +113,27 @@ require (
 	github.com/muesli/termenv v0.16.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
-	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pquerna/otp v1.5.0
 	github.com/rivo/uniseg v0.4.7 // indirect
-	github.com/sagikazarmark/locafero v0.7.0 // indirect
+	github.com/sagikazarmark/locafero v0.11.0 // indirect
-	github.com/sourcegraph/conc v0.3.0 // indirect
+	github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 // indirect
-	github.com/spf13/afero v1.12.0 // indirect
+	github.com/spf13/afero v1.15.0 // indirect
-	github.com/spf13/cast v1.7.1 // indirect
+	github.com/spf13/cast v1.10.0 // indirect
-	github.com/spf13/pflag v1.0.6 // indirect
+	github.com/spf13/pflag v1.0.10 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
-	github.com/ugorji/go/codec v1.2.12 // indirect
+	github.com/ugorji/go/codec v1.3.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
-	go.opentelemetry.io/otel v1.34.0 // indirect
+	go.opentelemetry.io/otel v1.37.0 // indirect
-	go.opentelemetry.io/otel/metric v1.34.0 // indirect
+	go.opentelemetry.io/otel/metric v1.37.0 // indirect
-	go.opentelemetry.io/otel/trace v1.34.0 // indirect
+	go.opentelemetry.io/otel/trace v1.37.0 // indirect
-	go.uber.org/atomic v1.9.0 // indirect
+	golang.org/x/arch v0.20.0 // indirect
-	go.uber.org/multierr v1.9.0 // indirect
+	golang.org/x/net v0.44.0 // indirect
-	golang.org/x/arch v0.13.0 // indirect
+	golang.org/x/oauth2 v0.31.0
-	golang.org/x/net v0.42.0 // indirect
+	golang.org/x/sync v0.17.0 // indirect
-	golang.org/x/oauth2 v0.30.0
+	golang.org/x/sys v0.36.0 // indirect
-	golang.org/x/sync v0.16.0 // indirect
+	golang.org/x/text v0.29.0 // indirect
-	golang.org/x/sys v0.35.0 // indirect
+	google.golang.org/protobuf v1.36.9 // indirect
 	golang.org/x/text v0.28.0 // indirect
 	google.golang.org/protobuf v1.36.3 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -6,8 +6,8 @@ github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
-github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI=
+github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e h1:4dAU9FXIyQktpoUAgOJK3OTFc/xug0PCXYCqU0FgDKI=
-github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
+github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
 github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4=
 github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI=
 github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=
@@ -17,11 +17,10 @@ github.com/aymanbagabas/go-udiff v0.2.0/go.mod h1:RE4Ex0qsGkTAJoQdQQCA0uG+nAzJO/
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/boombuler/barcode v1.0.2 h1:79yrbttoZrLGkL/oOI8hBrUKucwOL0oOjUgEguGMcJ4=
 github.com/boombuler/barcode v1.0.2/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
-github.com/bytedance/sonic v1.12.7 h1:CQU8pxOy9HToxhndH0Kx/S1qU/CuS9GnKYrGioDcU1Q=
+github.com/bytedance/sonic v1.14.0 h1:/OfKt8HFw0kh2rj8N0F6C/qPGRESq0BbaNZgcNXXzQQ=
-github.com/bytedance/sonic v1.12.7/go.mod h1:tnbal4mxOMju17EGfknm2XyYcpyCnIROYOEYuemj13I=
+github.com/bytedance/sonic v1.14.0/go.mod h1:WoEbx8WTcFJfzCe0hbmyTGrfjt8PzNEBdxlNUO24NhA=
-github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
+github.com/bytedance/sonic/loader v0.3.0 h1:dskwH8edlzNMctoruo8FPTJDF3vLtDT0sXZwvZJyqeA=
-github.com/bytedance/sonic/loader v0.2.3 h1:yctD0Q3v2NOGfSWPLPvG2ggA2kV6TS6s4wioyEqssH0=
+github.com/bytedance/sonic/loader v0.3.0/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
 github.com/bytedance/sonic/loader v0.2.3/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
 github.com/catppuccin/go v0.3.0 h1:d+0/YicIq+hSTo5oPuRi5kOpqkVA5tAsU6dNhvRu+aY=
 github.com/catppuccin/go v0.3.0/go.mod h1:8IHJuMGaUUjQM82qBrGNBv7LFq6JI3NnQCF6MOlZjpc=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
@@ -56,9 +55,8 @@ github.com/charmbracelet/x/termios v0.1.1 h1:o3Q2bT8eqzGnGPOYheoYS8eEleT5ZVNYNy8
 github.com/charmbracelet/x/termios v0.1.1/go.mod h1:rB7fnv1TgOPOyyKRJ9o+AsTU/vK5WHJ2ivHeut/Pcwo=
 github.com/charmbracelet/x/xpty v0.1.2 h1:Pqmu4TEJ8KeA9uSkISKMU3f+C1F6OGBn8ABuGlqCbtI=
 github.com/charmbracelet/x/xpty v0.1.2/go.mod h1:XK2Z0id5rtLWcpeNiMYBccNNBrP2IJnzHI0Lq13Xzq4=
-github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
+github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=
-github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
+github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU=
 github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
 github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
 github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
 github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
@@ -74,8 +72,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/docker v28.3.3+incompatible h1:Dypm25kh4rmk49v1eiVbsAtpAsYURjYkaKubwuBdxEI=
+github.com/docker/docker v28.5.0+incompatible h1:ZdSQoRUE9XxhFI/B8YLvhnEFMmYN9Pp8Egd2qcaFk1E=
-github.com/docker/docker v28.3.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v28.5.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
 github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
@@ -88,25 +86,25 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
-github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
+github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
-github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
+github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
-github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
+github.com/gabriel-vasile/mimetype v1.4.10 h1:zyueNbySn/z8mJZHLt6IPw0KoZsiQNszIpU+bX4+ZK0=
-github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
+github.com/gabriel-vasile/mimetype v1.4.10/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
-github.com/gin-contrib/sse v1.0.0 h1:y3bT1mUWUxDpW4JLQg/HnTqV4rozuW4tC9eFKTxYI9E=
+github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=
-github.com/gin-contrib/sse v1.0.0/go.mod h1:zNuFdwarAygJBht0NTKiSi3jRf6RbqeILZ9Sp6Slhe0=
+github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
-github.com/gin-gonic/gin v1.10.1 h1:T0ujvqyCSqRopADpgPgiTT63DUQVSfojyME59Ei63pQ=
+github.com/gin-gonic/gin v1.11.0 h1:OW/6PLjyusp2PPXtyxKHU0RbX6I/l28FTdDlae5ueWk=
-github.com/gin-gonic/gin v1.10.1/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
+github.com/gin-gonic/gin v1.11.0/go.mod h1:+iq/FyxlGzII0KHiBGjuNn4UNENUlKbGlNmc+W50Dls=
 github.com/glebarez/go-sqlite v1.21.2 h1:3a6LFC4sKahUunAmynQKLZceZCOzUthkRkEAl9gAXWo=
 github.com/glebarez/go-sqlite v1.21.2/go.mod h1:sfxdZyhQjTM2Wry3gVYWaW072Ri1WMdWJi0k6+3382k=
 github.com/glebarez/sqlite v1.11.0 h1:wSG0irqzP6VurnMEpFGer5Li19RpIRi2qvQz++w0GMw=
 github.com/glebarez/sqlite v1.11.0/go.mod h1:h8/o8j5wiAsqSPoWELDUdJXhjAhsVliSn7bWZjOhrgQ=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
-github.com/go-ldap/ldap/v3 v3.4.11 h1:4k0Yxweg+a3OyBLjdYn5OKglv18JNvfDykSoI8bW0gU=
+github.com/go-ldap/ldap/v3 v3.4.12 h1:1b81mv7MagXZ7+1r7cLTWmyuTqVqdwbtJSjC0DAp9s4=
-github.com/go-ldap/ldap/v3 v3.4.11/go.mod h1:bY7t0FLK8OAVpp/vV6sSlpz3EQDGcQwc8pF0ujLgKvM=
+github.com/go-ldap/ldap/v3 v3.4.12/go.mod h1:+SPAGcTtOfmGsCb3h1RFiq4xpp4N636G75OEace8lNo=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
-github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
@@ -115,33 +113,27 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.27.0 h1:w8+XrWVMhGkxOaaowyKH35gFydVHOvC0/uWoy2Fzwn4=
+github.com/go-playground/validator/v10 v10.28.0 h1:Q7ibns33JjyW48gHkuFT91qX48KG0ktULL6FgHdG688=
-github.com/go-playground/validator/v10 v10.27.0/go.mod h1:I5QpIEbmr8On7W0TktmJAumgzX4CA1XNl4ZmDuVHKKo=
+github.com/go-playground/validator/v10 v10.28.0/go.mod h1:GoI6I1SjPBh9p7ykNE/yj3fFYbyDOpwMn5KXd+m2hUU=
 github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs=
 github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
 github.com/goccy/go-json v0.10.4 h1:JSwxQzIqKfmFX1swYPpUThQZp/Ka4wzJdK0LWVytLPM=
 github.com/goccy/go-json v0.10.4/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw=
 github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/golang-migrate/migrate/v4 v4.19.0 h1:RcjOnCGz3Or6HQYEJ/EEVLfWnmw9KnoigPSjzhCuaSE=
-github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang-migrate/migrate/v4 v4.19.0/go.mod h1:9dyEcu+hO+G9hPSw8AIg50yg622pXJsoHItQnDGZkI0=
 github.com/golang-migrate/migrate/v4 v4.18.3 h1:EYGkoOsvgHHfm5U/naS1RP/6PL/Xv3S4B/swMiAmDLs=
 github.com/golang-migrate/migrate/v4 v4.18.3/go.mod h1:99BKpIi6ruaaXRM1A77eqZ+FWPQ3cfRa+ZVy5bmWMaY=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
-github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17kjQEVQ1XRhq2/JR1M3sGqeJoxs=
 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
 github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
 github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ=
 github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1 h1:VNqngBF40hVlDloBruUehVYC3ArSgIyScOAyMRqBxRg=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1/go.mod h1:RBRO7fro65R6tjKzYgLAFo0t1QEXY1Dp+i/bvpRiqiQ=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -171,12 +163,8 @@ github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
 github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY=
 github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -231,14 +219,18 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
 github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
-github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
+github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
-github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
+github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pquerna/otp v1.5.0 h1:NMMR+WrmaqXU4EzdGJEE1aUUI0AMRzsp96fFFWNPwxs=
 github.com/pquerna/otp v1.5.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
 github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
 github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
 github.com/quic-go/quic-go v0.54.0 h1:6s1YB9QotYI6Ospeiguknbp2Znb/jZYjZLRXn9kMQBg=
 github.com/quic-go/quic-go v0.54.0/go.mod h1:e68ZEaCdyviluZmy44P6Iey98v/Wfz6HCjQEm+l8zTY=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
@@ -250,140 +242,112 @@ github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
 github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
 github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/sagikazarmark/locafero v0.7.0 h1:5MqpDsTGNDhY8sGp0Aowyf0qKsPrhewaLSsFaodPcyo=
+github.com/sagikazarmark/locafero v0.11.0 h1:1iurJgmM9G3PA/I+wWYIOw/5SyBtxapeHDcg+AAIFXc=
-github.com/sagikazarmark/locafero v0.7.0/go.mod h1:2za3Cg5rMaTMoG/2Ulr9AwtFaIppKXTRYnozin4aB5k=
+github.com/sagikazarmark/locafero v0.11.0/go.mod h1:nVIGvgyzw595SUSUE6tvCp3YYTeHs15MvlmU87WwIik=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
+github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 h1:+jumHNA0Wrelhe64i8F6HNlS8pkoyMv5sreGx2Ry5Rw=
-github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
+github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8/go.mod h1:3n1Cwaq1E1/1lhQhtRK2ts/ZwZEhjcQeJQ1RuC6Q/8U=
-github.com/spf13/afero v1.12.0 h1:UcOPyRBYczmFn6yvphxkn9ZEOY65cpwGKb5mL36mrqs=
+github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I=
-github.com/spf13/afero v1.12.0/go.mod h1:ZTlWwG4/ahT8W7T0WQ5uYmjI9duaLQGy3Q2OAl4sk/4=
+github.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg=
-github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y=
+github.com/spf13/cast v1.10.0 h1:h2x0u2shc1QuLHfxi+cTJvs30+ZAHOGRic8uyGTDWxY=
-github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
+github.com/spf13/cast v1.10.0/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo=
-github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
+github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s=
-github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
+github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0=
-github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
+github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
-github.com/spf13/viper v1.20.1 h1:ZMi+z/lvLyPSCoNtFCpqjy0S4kPbirhpTMwl8BkW9X4=
+github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.20.1/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4=
+github.com/spf13/viper v1.21.0 h1:x5S+0EU27Lbphp4UKm1C+1oQO+rKx36vfCoaVebLFSU=
 github.com/spf13/viper v1.21.0/go.mod h1:P0lhsswPGWD/1lZJ9ny3fYnVqxiegrlNrEmgLjbTCAY=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
-github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
 github.com/traefik/paerser v0.2.2 h1:cpzW/ZrQrBh3mdwD/jnp6aXASiUFKOVr6ldP+keJTcQ=
 github.com/traefik/paerser v0.2.2/go.mod h1:7BBDd4FANoVgaTZG+yh26jI6CA2nds7D/4VTEdIsh24=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
-github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
+github.com/ugorji/go/codec v1.3.0 h1:Qd2W2sQawAfG8XSvzwhBeoGq71zXOC/Q1E9y/wUcsUA=
-github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
+github.com/ugorji/go/codec v1.3.0/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
 github.com/weppos/publicsuffix-go v0.50.0 h1:M178k6l8cnh9T1c1cStkhytVxdk5zPd6gGZf8ySIuVo=
 github.com/weppos/publicsuffix-go v0.50.0/go.mod h1:VXhClBYMlDrUsome4pOTpe68Ui0p6iQRAbyHQD1yKoU=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
 go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8=
-go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY=
+go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ=
-go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI=
+go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 h1:OeNbIYk/2C15ckl7glBlOBp5+WlYsOElzTNmiPW/x60=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0/go.mod h1:7Bept48yIeqxP2OZ9/AqIpYS94h2or0aB4FypJTc8ZM=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0 h1:BEj3SPM81McUZHYjRS5pEgNgnmzGJ5tRpU5krWnV8Bs=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0/go.mod h1:9cKLGBDzI/F3NoHLQGm4ZrYdIHsvGt6ej6hUowxY0J4=
-go.opentelemetry.io/otel/metric v1.34.0 h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ=
+go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE=
-go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE=
+go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E=
 go.opentelemetry.io/otel/sdk v1.34.0 h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A=
 go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU=
-go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k=
+go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4=
-go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE=
+go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0=
 go.opentelemetry.io/proto/otlp v1.5.0 h1:xJvq7gMzB31/d406fB8U5CBdyQGw4P399D1aQWU/3i4=
 go.opentelemetry.io/proto/otlp v1.5.0/go.mod h1:keN8WnHxOy8PG0rQZjJJ5A2ebUoafqWp0eVQ4yIXvJ4=
-go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
+go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU=
-go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM=
-go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI=
+go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
-go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ=
+go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
-golang.org/x/arch v0.13.0 h1:KCkqVVV1kGg0X87TFysjCJ8MxtZEIU4Ja/yXGeoECdA=
+golang.org/x/arch v0.20.0 h1:dx1zTU0MAE98U+TQ8BLl7XsJbgze2WnNKF/8tGp/Q6c=
-golang.org/x/arch v0.13.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
+golang.org/x/arch v0.20.0/go.mod h1:bdwinDaKcfZUGpH09BB7ZmOfhalA8lQdzl62l8gGWsk=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
 golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
 golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b h1:M2rDM6z3Fhozi9O7NWsxAkg/yqS/lQJ6PmkyIV3YP+o=
 golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b/go.mod h1:3//PLf8L/X+8b4vuAfHzxeRUl04Adcb341+IGKfnqS8=
-golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.27.0 h1:kb+q2PyFnEADO2IEF935ehFUXlWiNjJWtRNgBLSfbxQ=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc=
-golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg=
+golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I=
-golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ=
+golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/oauth2 v0.31.0 h1:8Fq0yVZLh4j4YA47vHKFTa9Ew5XIrCP8LC6UeNZnLxo=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/oauth2 v0.31.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
-golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs=
 golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
 golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
 golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
 golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
+golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
-golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4=
+golang.org/x/term v0.35.0 h1:bZBVKBudEyhRcajGcNc3jIfWPqV4y/Kt2XcoigOWtDQ=
-golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw=
+golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
-golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
-golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
-golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg=
+golang.org/x/tools v0.36.0 h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg=
-golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0=
 golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y=
 google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk=
 google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f h1:gap6+3Gk41EItBuyi4XX/bp4oqJ3UwuIMl25yGinuAA=
 google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f/go.mod h1:Ic02D47M+zbarjYYUlK57y316f2MoN0gjAwI3f2S95o=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f h1:OxYkA3wjPsZyBylwymxSHa7ViiW1Sml4ToBrncvFehI=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f/go.mod h1:+2Yz8+CLJbIfL9z73EW45avw8Lmge3xVElCP9zEKi50=
 google.golang.org/grpc v1.69.4 h1:MF5TftSMkd8GLw/m0KM6V8CMOCY6NZ1NQDPGFgbTt4A=
 google.golang.org/grpc v1.69.4/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4=
-google.golang.org/protobuf v1.36.3 h1:82DV7MYdb8anAVi3qge1wSnMDrnKK7ebr+I0hHRN1BU=
+google.golang.org/protobuf v1.36.9 h1:w2gp2mA27hUeUzj9Ex9FBjsBm40zfaDtEWow293U7Iw=
-google.golang.org/protobuf v1.36.3/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.9/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gorm.io/driver/sqlite v1.6.0 h1:WHRRrIiulaPiPFmDcod6prc4l2VGVWHz80KspNsxSfQ=
+gorm.io/gorm v1.31.0 h1:0VlycGreVhK7RF/Bwt51Fk8v0xLiiiFdbGDPIZQ7mJY=
-gorm.io/driver/sqlite v1.6.0/go.mod h1:AO9V1qIQddBESngQUKWL9yoH93HIeA1X6V633rBwyT8=
+gorm.io/gorm v1.31.0/go.mod h1:XyQVbO2k6YkOis7C2437jSit3SsDK72s7n7rsSHd+Gs=
 gorm.io/gorm v1.30.1 h1:lSHg33jJTBxs2mgJRfRZeLDG+WZaHYCk3Wtfl6Ngzo4=
 gorm.io/gorm v1.30.1/go.mod h1:8Z33v652h4//uMA76KjeDH8mJXPm1QNCYrMeatR0DOE=
 gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
 gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
 modernc.org/cc/v4 v4.26.2 h1:991HMkLjJzYBIfha6ECZdjrIYz2/1ayr+FL8GN+CNzM=
@@ -412,6 +376,5 @@ modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
 modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
 modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
 modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
 nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
 rsc.io/qr v0.2.0 h1:6vBLea5/NRMVTz8V66gipeLycZMl/+UlFmk8DvqQ6WY=
 rsc.io/qr v0.2.0/go.mod h1:IF+uZjkb9fqyeF/4tlBoynqmQxUoPfWEKh921coOuXs=
--- a/internal/assets/migrations/000002_oauth_name.down.sql
+++ b/internal/assets/migrations/000002_oauth_name.down.sql
@@ -0,0 +1 @@
 ALTER TABLE "sessions" DROP COLUMN "oauth_name";
--- a/internal/assets/migrations/000002_oauth_name.up.sql
+++ b/internal/assets/migrations/000002_oauth_name.up.sql
@@ -0,0 +1,10 @@
 ALTER TABLE "sessions" ADD COLUMN "oauth_name" TEXT;
 UPDATE "sessions"
 SET "oauth_name" = CASE
  WHEN LOWER("provider") = 'github' THEN 'GitHub'
  WHEN LOWER("provider") = 'google' THEN 'Google'
  ELSE UPPER(SUBSTR("provider", 1, 1)) || SUBSTR("provider", 2)
 END
 WHERE "oauth_name" IS NULL AND "provider" IS NOT NULL;
--- a/internal/bootstrap/app_bootstrap.go
+++ b/internal/bootstrap/app_bootstrap.go
@@ -1,9 +1,14 @@
 package bootstrap
 import (
 	"bytes"
 	"encoding/json"
 	"fmt"
 	"net/http"
 	"net/url"
 	"os"
 	"strings"
 	"time"
 	"tinyauth/internal/config"
 	"tinyauth/internal/controller"
 	"tinyauth/internal/middleware"
@@ -28,33 +33,43 @@ type Service interface {
 }
 type BootstrapApp struct {
-	Config config.Config
+	config config.Config
 	uuid   string
 }
 func NewBootstrapApp(config config.Config) *BootstrapApp {
 	return &BootstrapApp{
-		Config: config,
+		config: config,
 	}
 }
 func (app *BootstrapApp) Setup() error {
 	// Parse users
-	users, err := utils.GetUsers(app.Config.Users, app.Config.UsersFile)
+	users, err := utils.GetUsers(app.config.Users, app.config.UsersFile)
 	if err != nil {
 		return err
 	}
-	// Get root domain
+	// Get OAuth configs
-	rootDomain, err := utils.GetRootDomain(app.Config.AppURL)
+	oauthProviders, err := utils.GetOAuthProvidersConfig(os.Environ(), os.Args, app.config.AppURL)
 	if err != nil {
 		return err
 	}
 	// Get cookie domain
 	cookieDomain, err := utils.GetCookieDomain(app.config.AppURL)
 	if err != nil {
 		return err
 	}
 	// Cookie names
-	appUrl, _ := url.Parse(app.Config.AppURL) // Already validated
+	appUrl, _ := url.Parse(app.config.AppURL) // Already validated
-	cookieId := utils.GenerateIdentifier(appUrl.Hostname())
+	uuid := utils.GenerateUUID(appUrl.Hostname())
 	app.uuid = uuid
 	cookieId := strings.Split(uuid, "-")[0]
 	sessionCookieName := fmt.Sprintf("%s-%s", config.SessionCookieName, cookieId)
 	csrfCookieName := fmt.Sprintf("%s-%s", config.CSRFCookieName, cookieId)
 	redirectCookieName := fmt.Sprintf("%s-%s", config.RedirectCookieName, cookieId)
@@ -62,26 +77,26 @@ func (app *BootstrapApp) Setup() error {
 	// Create configs
 	authConfig := service.AuthServiceConfig{
 		Users:             users,
-		OauthWhitelist:    app.Config.OAuthWhitelist,
+		OauthWhitelist:    app.config.OAuthWhitelist,
-		SessionExpiry:     app.Config.SessionExpiry,
+		SessionExpiry:     app.config.SessionExpiry,
-		SecureCookie:      app.Config.SecureCookie,
+		SecureCookie:      app.config.SecureCookie,
-		RootDomain:        rootDomain,
+		CookieDomain:      cookieDomain,
-		LoginTimeout:      app.Config.LoginTimeout,
+		LoginTimeout:      app.config.LoginTimeout,
-		LoginMaxRetries:   app.Config.LoginMaxRetries,
+		LoginMaxRetries:   app.config.LoginMaxRetries,
 		SessionCookieName: sessionCookieName,
 	}
 	// Setup services
 	var ldapService *service.LdapService
-	if app.Config.LdapAddress != "" {
+	if app.config.LdapAddress != "" {
 		ldapConfig := service.LdapServiceConfig{
-			Address:      app.Config.LdapAddress,
+			Address:      app.config.LdapAddress,
-			BindDN:       app.Config.LdapBindDN,
+			BindDN:       app.config.LdapBindDN,
-			BindPassword: app.Config.LdapBindPassword,
+			BindPassword: app.config.LdapBindPassword,
-			BaseDN:       app.Config.LdapBaseDN,
+			BaseDN:       app.config.LdapBaseDN,
-			Insecure:     app.Config.LdapInsecure,
+			Insecure:     app.config.LdapInsecure,
-			SearchFilter: app.Config.LdapSearchFilter,
+			SearchFilter: app.config.LdapSearchFilter,
 		}
 		ldapService = service.NewLdapService(ldapConfig)
@@ -96,7 +111,7 @@ func (app *BootstrapApp) Setup() error {
 	// Bootstrap database
 	databaseService := service.NewDatabaseService(service.DatabaseServiceConfig{
-		DatabasePath: app.Config.DatabasePath,
+		DatabasePath: app.config.DatabasePath,
 	})
 	log.Debug().Str("service", fmt.Sprintf("%T", databaseService)).Msg("Initializing service")
@@ -112,7 +127,7 @@ func (app *BootstrapApp) Setup() error {
 	// Create services
 	dockerService := service.NewDockerService()
 	authService := service.NewAuthService(authConfig, dockerService, ldapService, database)
-	oauthBrokerService := service.NewOAuthBrokerService(app.getOAuthBrokerConfig())
+	oauthBrokerService := service.NewOAuthBrokerService(oauthProviders)
 	// Initialize services
 	services := []Service{
@@ -132,30 +147,62 @@ func (app *BootstrapApp) Setup() error {
 	}
 	// Configured providers
-	var configuredProviders []string
+	configuredProviders := make([]controller.Provider, 0)
-	if authService.UserAuthConfigured() || ldapService != nil {
+	for id, provider := range oauthProviders {
-		configuredProviders = append(configuredProviders, "username")
+		if id == "" {
 			continue
 		}
-	configuredProviders = append(configuredProviders, oauthBrokerService.GetConfiguredServices()...)
+		if provider.Name == "" {
 			if name, ok := config.OverrideProviders[id]; ok {
 				provider.Name = name
 			} else {
 				provider.Name = utils.Capitalize(id)
 			}
 		}
 		configuredProviders = append(configuredProviders, controller.Provider{
 			Name:  provider.Name,
 			ID:    id,
 			OAuth: true,
 		})
 	}
 	if authService.UserAuthConfigured() || ldapService != nil {
 		configuredProviders = append(configuredProviders, controller.Provider{
 			Name:  "Username",
 			ID:    "username",
 			OAuth: false,
 		})
 	}
 	log.Debug().Interface("providers", configuredProviders).Msg("Authentication providers")
 	if len(configuredProviders) == 0 {
 		return fmt.Errorf("no authentication providers configured")
 	}
 	// Create engine
 	engine := gin.New()
 	if config.Version != "development" {
 		gin.SetMode(gin.ReleaseMode)
 	}
 	engine := gin.New()
 	if len(app.config.TrustedProxies) > 0 {
 		err := engine.SetTrustedProxies(strings.Split(app.config.TrustedProxies, ","))
 		if err != nil {
 			return fmt.Errorf("failed to set trusted proxies: %w", err)
 		}
 	}
 	// Create middlewares
 	var middlewares []Middleware
 	contextMiddleware := middleware.NewContextMiddleware(middleware.ContextMiddlewareConfig{
-		RootDomain: rootDomain,
+		CookieDomain: cookieDomain,
 	}, authService, oauthBrokerService)
 	uiMiddleware := middleware.NewUIMiddleware()
@@ -178,34 +225,34 @@ func (app *BootstrapApp) Setup() error {
 	// Create controllers
 	contextController := controller.NewContextController(controller.ContextControllerConfig{
-		ConfiguredProviders:   configuredProviders,
+		Providers:             configuredProviders,
-		Title:                 app.Config.Title,
+		Title:                 app.config.Title,
-		GenericName:           app.Config.GenericName,
+		AppURL:                app.config.AppURL,
-		AppURL:                app.Config.AppURL,
+		CookieDomain:          cookieDomain,
-		RootDomain:            rootDomain,
+		ForgotPasswordMessage: app.config.ForgotPasswordMessage,
-		ForgotPasswordMessage: app.Config.ForgotPasswordMessage,
+		BackgroundImage:       app.config.BackgroundImage,
-		BackgroundImage:       app.Config.BackgroundImage,
+		OAuthAutoRedirect:     app.config.OAuthAutoRedirect,
 		OAuthAutoRedirect:     app.Config.OAuthAutoRedirect,
 	}, apiRouter)
 	oauthController := controller.NewOAuthController(controller.OAuthControllerConfig{
-		AppURL:             app.Config.AppURL,
+		AppURL:             app.config.AppURL,
-		SecureCookie:       app.Config.SecureCookie,
+		SecureCookie:       app.config.SecureCookie,
 		CSRFCookieName:     csrfCookieName,
 		RedirectCookieName: redirectCookieName,
-		RootDomain:         rootDomain,
+		CookieDomain:       cookieDomain,
 	}, apiRouter, authService, oauthBrokerService)
 	proxyController := controller.NewProxyController(controller.ProxyControllerConfig{
-		AppURL: app.Config.AppURL,
+		AppURL: app.config.AppURL,
 	}, apiRouter, dockerService, authService)
 	userController := controller.NewUserController(controller.UserControllerConfig{
-		RootDomain: rootDomain,
+		CookieDomain: cookieDomain,
 	}, apiRouter, authService)
 	resourcesController := controller.NewResourcesController(controller.ResourcesControllerConfig{
-		ResourcesDir: app.Config.ResourcesDir,
+		ResourcesDir:      app.config.ResourcesDir,
 		ResourcesDisabled: app.config.DisableResources,
 	}, mainRouter)
 	healthController := controller.NewHealthController(apiRouter)
@@ -225,8 +272,14 @@ func (app *BootstrapApp) Setup() error {
 		ctrl.SetupRoutes()
 	}
 	// If analytics are not disabled, start heartbeat
 	if !app.config.DisableAnalytics {
 		log.Debug().Msg("Starting heartbeat routine")
 		go app.heartbeat()
 	}
 	// Start server
-	address := fmt.Sprintf("%s:%d", app.Config.Address, app.Config.Port)
+	address := fmt.Sprintf("%s:%d", app.config.Address, app.config.Port)
 	log.Info().Msgf("Starting server on %s", address)
 	if err := engine.Run(address); err != nil {
 		log.Fatal().Err(err).Msg("Failed to start server")
@@ -235,29 +288,54 @@ func (app *BootstrapApp) Setup() error {
 	return nil
 }
-// Temporary
+func (app *BootstrapApp) heartbeat() {
-func (app *BootstrapApp) getOAuthBrokerConfig() map[string]config.OAuthServiceConfig {
+	ticker := time.NewTicker(time.Duration(12) * time.Hour)
-	return map[string]config.OAuthServiceConfig{
+	defer ticker.Stop()
-		"google": {
+
-			ClientID:     app.Config.GoogleClientId,
+	type heartbeat struct {
-			ClientSecret: app.Config.GoogleClientSecret,
+		UUID    string `json:"uuid"`
-			RedirectURL:  fmt.Sprintf("%s/api/oauth/callback/google", app.Config.AppURL),
+		Version string `json:"version"`
 		},
 		"github": {
 			ClientID:     app.Config.GithubClientId,
 			ClientSecret: app.Config.GithubClientSecret,
 			RedirectURL:  fmt.Sprintf("%s/api/oauth/callback/github", app.Config.AppURL),
 		},
 		"generic": {
 			ClientID:           app.Config.GenericClientId,
 			ClientSecret:       app.Config.GenericClientSecret,
 			RedirectURL:        fmt.Sprintf("%s/api/oauth/callback/generic", app.Config.AppURL),
 			Scopes:             strings.Split(app.Config.GenericScopes, ","),
 			AuthURL:            app.Config.GenericAuthURL,
 			TokenURL:           app.Config.GenericTokenURL,
 			UserinfoURL:        app.Config.GenericUserURL,
 			InsecureSkipVerify: app.Config.GenericSkipSSL,
 		},
 	}
 	var body heartbeat
 	body.UUID = app.uuid
 	body.Version = config.Version
 	bodyJson, err := json.Marshal(body)
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to marshal heartbeat body")
 		return
 	}
 	client := &http.Client{}
 	heartbeatURL := config.ApiServer + "/v1/instances/heartbeat"
 	for ; true; <-ticker.C {
 		log.Debug().Msg("Sending heartbeat")
 		req, err := http.NewRequest(http.MethodPost, heartbeatURL, bytes.NewReader(bodyJson))
 		if err != nil {
 			log.Error().Err(err).Msg("Failed to create heartbeat request")
 			continue
 		}
 		req.Header.Add("Content-Type", "application/json")
 		res, err := client.Do(req)
 		if err != nil {
 			log.Error().Err(err).Msg("Failed to send heartbeat")
 			continue
 		}
 		res.Body.Close()
 		if res.StatusCode != 200 && res.StatusCode != 201 {
 			log.Debug().Str("status", res.Status).Msg("Heartbeat returned non-200/201 status")
 		}
 	}
 }
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -3,8 +3,8 @@ package config
 // Version information, set at build time
 var Version = "development"
-var CommitHash = "n/a"
+var CommitHash = "development"
-var BuildTimestamp = "n/a"
+var BuildTimestamp = "0000-00-00T00:00:00Z"
 // Cookie name templates
@@ -21,23 +21,8 @@ type Config struct {
 	Users                 string `mapstructure:"users"`
 	UsersFile             string `mapstructure:"users-file"`
 	SecureCookie          bool   `mapstructure:"secure-cookie"`
 	GithubClientId          string `mapstructure:"github-client-id"`
 	GithubClientSecret      string `mapstructure:"github-client-secret"`
 	GithubClientSecretFile  string `mapstructure:"github-client-secret-file"`
 	GoogleClientId          string `mapstructure:"google-client-id"`
 	GoogleClientSecret      string `mapstructure:"google-client-secret"`
 	GoogleClientSecretFile  string `mapstructure:"google-client-secret-file"`
 	GenericClientId         string `mapstructure:"generic-client-id"`
 	GenericClientSecret     string `mapstructure:"generic-client-secret"`
 	GenericClientSecretFile string `mapstructure:"generic-client-secret-file"`
 	GenericScopes           string `mapstructure:"generic-scopes"`
 	GenericAuthURL          string `mapstructure:"generic-auth-url"`
 	GenericTokenURL         string `mapstructure:"generic-token-url"`
 	GenericUserURL          string `mapstructure:"generic-user-url"`
 	GenericName             string `mapstructure:"generic-name"`
 	GenericSkipSSL          bool   `mapstructure:"generic-skip-ssl"`
 	OAuthWhitelist        string `mapstructure:"oauth-whitelist"`
-	OAuthAutoRedirect       string `mapstructure:"oauth-auto-redirect" validate:"oneof=none github google generic"`
+	OAuthAutoRedirect     string `mapstructure:"oauth-auto-redirect"`
 	SessionExpiry         int    `mapstructure:"session-expiry"`
 	LogLevel              string `mapstructure:"log-level" validate:"oneof=trace debug info warn error fatal panic"`
 	Title                 string `mapstructure:"app-title"`
@@ -53,6 +38,9 @@ type Config struct {
 	LdapSearchFilter      string `mapstructure:"ldap-search-filter"`
 	ResourcesDir          string `mapstructure:"resources-dir"`
 	DatabasePath          string `mapstructure:"database-path" validate:"required"`
 	TrustedProxies        string `mapstructure:"trusted-proxies"`
 	DisableAnalytics      bool   `mapstructure:"disable-analytics"`
 	DisableResources      bool   `mapstructure:"disable-resources"`
 }
 // OAuth/OIDC config
@@ -65,14 +53,21 @@ type Claims struct {
 }
 type OAuthServiceConfig struct {
-	ClientID           string
+	ClientID           string   `key:"client-id"`
-	ClientSecret       string
+	ClientSecret       string   `key:"client-secret"`
-	Scopes             []string
+	ClientSecretFile   string   `key:"client-secret-file"`
-	RedirectURL        string
+	Scopes             []string `key:"scopes"`
-	AuthURL            string
+	RedirectURL        string   `key:"redirect-url"`
-	TokenURL           string
+	AuthURL            string   `key:"auth-url"`
-	UserinfoURL        string
+	TokenURL           string   `key:"token-url"`
-	InsecureSkipVerify bool
+	UserinfoURL        string   `key:"user-info-url"`
 	InsecureSkipVerify bool     `key:"insecure-skip-verify"`
 	Name               string   `key:"name"`
 }
 var OverrideProviders = map[string]string{
 	"google": "Google",
 	"github": "GitHub",
 }
 // User/session related stuff
@@ -96,6 +91,7 @@ type SessionCookie struct {
 	Provider    string
 	TotpPending bool
 	OAuthGroups string
 	OAuthName   string
 }
 type UserContext struct {
@@ -108,6 +104,7 @@ type UserContext struct {
 	TotpPending bool
 	OAuthGroups string
 	TotpEnabled bool
 	OAuthName   string
 }
 // API responses and queries
@@ -123,9 +120,9 @@ type RedirectQuery struct {
 	RedirectURI string `url:"redirect_uri"`
 }
-// App config
+// Labels
-type AppConfigs struct {
+type Apps struct {
 	Apps map[string]App
 }
@@ -173,3 +170,13 @@ type AppPath struct {
 	Allow string
 	Block string
 }
 // Flags
 type Providers struct {
 	Providers map[string]OAuthServiceConfig
 }
 // API server
 var ApiServer = "https://api.tinyauth.app"
--- a/internal/controller/context_controller.go
+++ b/internal/controller/context_controller.go
@@ -19,27 +19,32 @@ type UserContextResponse struct {
 	Provider    string `json:"provider"`
 	OAuth       bool   `json:"oauth"`
 	TotpPending bool   `json:"totpPending"`
 	OAuthName   string `json:"oauthName"`
 }
 type AppContextResponse struct {
 	Status                int        `json:"status"`
 	Message               string     `json:"message"`
-	ConfiguredProviders   []string `json:"configuredProviders"`
+	Providers             []Provider `json:"providers"`
 	Title                 string     `json:"title"`
 	GenericName           string   `json:"genericName"`
 	AppURL                string     `json:"appUrl"`
-	RootDomain            string   `json:"rootDomain"`
+	CookieDomain          string     `json:"cookieDomain"`
 	ForgotPasswordMessage string     `json:"forgotPasswordMessage"`
 	BackgroundImage       string     `json:"backgroundImage"`
 	OAuthAutoRedirect     string     `json:"oauthAutoRedirect"`
 }
 type Provider struct {
 	Name  string `json:"name"`
 	ID    string `json:"id"`
 	OAuth bool   `json:"oauth"`
 }
 type ContextControllerConfig struct {
-	ConfiguredProviders   []string
+	Providers             []Provider
 	Title                 string
 	GenericName           string
 	AppURL                string
-	RootDomain            string
+	CookieDomain          string
 	ForgotPasswordMessage string
 	BackgroundImage       string
 	OAuthAutoRedirect     string
@@ -76,6 +81,7 @@ func (controller *ContextController) userContextHandler(c *gin.Context) {
 		Provider:    context.Provider,
 		OAuth:       context.OAuth,
 		TotpPending: context.TotpPending,
 		OAuthName:   context.OAuthName,
 	}
 	if err != nil {
@@ -96,11 +102,10 @@ func (controller *ContextController) appContextHandler(c *gin.Context) {
 	c.JSON(200, AppContextResponse{
 		Status:                200,
 		Message:               "Success",
-		ConfiguredProviders:   controller.config.ConfiguredProviders,
+		Providers:             controller.config.Providers,
 		Title:                 controller.config.Title,
 		GenericName:           controller.config.GenericName,
 		AppURL:                fmt.Sprintf("%s://%s", appUrl.Scheme, appUrl.Host),
-		RootDomain:            controller.config.RootDomain,
+		CookieDomain:          controller.config.CookieDomain,
 		ForgotPasswordMessage: controller.config.ForgotPasswordMessage,
 		BackgroundImage:       controller.config.BackgroundImage,
 		OAuthAutoRedirect:     controller.config.OAuthAutoRedirect,
--- a/internal/controller/context_controller_test.go
+++ b/internal/controller/context_controller_test.go
@@ -0,0 +1,144 @@
 package controller_test
 import (
 	"encoding/json"
 	"net/http/httptest"
 	"testing"
 	"tinyauth/internal/config"
 	"tinyauth/internal/controller"
 	"github.com/gin-gonic/gin"
 	"gotest.tools/v3/assert"
 )
 var controllerCfg = controller.ContextControllerConfig{
 	Providers: []controller.Provider{
 		{
 			Name:  "Username",
 			ID:    "username",
 			OAuth: false,
 		},
 		{
 			Name:  "Google",
 			ID:    "google",
 			OAuth: true,
 		},
 	},
 	Title:                 "Test App",
 	AppURL:                "http://localhost:8080",
 	CookieDomain:          "localhost",
 	ForgotPasswordMessage: "Contact admin to reset your password.",
 	BackgroundImage:       "/assets/bg.jpg",
 	OAuthAutoRedirect:     "google",
 }
 var userContext = config.UserContext{
 	Username:    "testuser",
 	Name:        "testuser",
 	Email:       "test@example.com",
 	IsLoggedIn:  true,
 	OAuth:       false,
 	Provider:    "username",
 	TotpPending: false,
 	OAuthGroups: "",
 	TotpEnabled: false,
 }
 func setupContextController(middlewares *[]gin.HandlerFunc) (*gin.Engine, *httptest.ResponseRecorder) {
 	// Setup
 	gin.SetMode(gin.TestMode)
 	router := gin.Default()
 	recorder := httptest.NewRecorder()
 	if middlewares != nil {
 		for _, m := range *middlewares {
 			router.Use(m)
 		}
 	}
 	group := router.Group("/api")
 	ctrl := controller.NewContextController(controllerCfg, group)
 	ctrl.SetupRoutes()
 	return router, recorder
 }
 func TestAppContextHandler(t *testing.T) {
 	expectedRes := controller.AppContextResponse{
 		Status:                200,
 		Message:               "Success",
 		Providers:             controllerCfg.Providers,
 		Title:                 controllerCfg.Title,
 		AppURL:                controllerCfg.AppURL,
 		CookieDomain:          controllerCfg.CookieDomain,
 		ForgotPasswordMessage: controllerCfg.ForgotPasswordMessage,
 		BackgroundImage:       controllerCfg.BackgroundImage,
 		OAuthAutoRedirect:     controllerCfg.OAuthAutoRedirect,
 	}
 	router, recorder := setupContextController(nil)
 	req := httptest.NewRequest("GET", "/api/context/app", nil)
 	router.ServeHTTP(recorder, req)
 	assert.Equal(t, 200, recorder.Code)
 	var ctrlRes controller.AppContextResponse
 	err := json.Unmarshal(recorder.Body.Bytes(), &ctrlRes)
 	assert.NilError(t, err)
 	assert.DeepEqual(t, expectedRes, ctrlRes)
 }
 func TestUserContextHandler(t *testing.T) {
 	expectedRes := controller.UserContextResponse{
 		Status:      200,
 		Message:     "Success",
 		IsLoggedIn:  userContext.IsLoggedIn,
 		Username:    userContext.Username,
 		Name:        userContext.Name,
 		Email:       userContext.Email,
 		Provider:    userContext.Provider,
 		OAuth:       userContext.OAuth,
 		TotpPending: userContext.TotpPending,
 	}
 	// Test with context
 	router, recorder := setupContextController(&[]gin.HandlerFunc{
 		func(c *gin.Context) {
 			c.Set("context", &userContext)
 			c.Next()
 		},
 	})
 	req := httptest.NewRequest("GET", "/api/context/user", nil)
 	router.ServeHTTP(recorder, req)
 	assert.Equal(t, 200, recorder.Code)
 	var ctrlRes controller.UserContextResponse
 	err := json.Unmarshal(recorder.Body.Bytes(), &ctrlRes)
 	assert.NilError(t, err)
 	assert.DeepEqual(t, expectedRes, ctrlRes)
 	// Test no context
 	expectedRes = controller.UserContextResponse{
 		Status:     401,
 		Message:    "Unauthorized",
 		IsLoggedIn: false,
 	}
 	router, recorder = setupContextController(nil)
 	req = httptest.NewRequest("GET", "/api/context/user", nil)
 	router.ServeHTTP(recorder, req)
 	assert.Equal(t, 200, recorder.Code)
 	err = json.Unmarshal(recorder.Body.Bytes(), &ctrlRes)
 	assert.NilError(t, err)
 	assert.DeepEqual(t, expectedRes, ctrlRes)
 }
--- a/internal/controller/health_controller.go
+++ b/internal/controller/health_controller.go
@@ -13,8 +13,8 @@ func NewHealthController(router *gin.RouterGroup) *HealthController {
 }
 func (controller *HealthController) SetupRoutes() {
-	controller.router.GET("/health", controller.healthHandler)
+	controller.router.GET("/healthz", controller.healthHandler)
-	controller.router.HEAD("/health", controller.healthHandler)
+	controller.router.HEAD("/healthz", controller.healthHandler)
 }
 func (controller *HealthController) healthHandler(c *gin.Context) {
--- a/internal/controller/oauth_controller.go
+++ b/internal/controller/oauth_controller.go
@@ -23,7 +23,7 @@ type OAuthControllerConfig struct {
 	RedirectCookieName string
 	SecureCookie       bool
 	AppURL             string
-	RootDomain         string
+	CookieDomain       string
 }
 type OAuthController struct {
@@ -74,13 +74,13 @@ func (controller *OAuthController) oauthURLHandler(c *gin.Context) {
 	state := service.GenerateState()
 	authURL := service.GetAuthURL(state)
-	c.SetCookie(controller.config.CSRFCookieName, state, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.config.RootDomain), controller.config.SecureCookie, true)
+	c.SetCookie(controller.config.CSRFCookieName, state, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
 	redirectURI := c.Query("redirect_uri")
-	if redirectURI != "" && utils.IsRedirectSafe(redirectURI, controller.config.RootDomain) {
+	if redirectURI != "" && utils.IsRedirectSafe(redirectURI, controller.config.CookieDomain) {
 		log.Debug().Msg("Setting redirect URI cookie")
-		c.SetCookie(controller.config.RedirectCookieName, redirectURI, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.config.RootDomain), controller.config.SecureCookie, true)
+		c.SetCookie(controller.config.RedirectCookieName, redirectURI, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
 	}
 	c.JSON(200, gin.H{
@@ -108,11 +108,12 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 	if err != nil || state != csrfCookie {
 		log.Warn().Err(err).Msg("CSRF token mismatch or cookie missing")
 		c.SetCookie(controller.config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
 		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
 		return
 	}
-	c.SetCookie(controller.config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.RootDomain), controller.config.SecureCookie, true)
+	c.SetCookie(controller.config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
 	code := c.Query("code")
 	service, exists := controller.broker.GetService(req.Provider)
@@ -185,6 +186,7 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 		Email:       user.Email,
 		Provider:    req.Provider,
 		OAuthGroups: utils.CoalesceToString(user.Groups),
 		OAuthName:   service.GetName(),
 	})
 	if err != nil {
@@ -195,7 +197,7 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 	redirectURI, err := c.Cookie(controller.config.RedirectCookieName)
-	if err != nil || !utils.IsRedirectSafe(redirectURI, controller.config.RootDomain) {
+	if err != nil || !utils.IsRedirectSafe(redirectURI, controller.config.CookieDomain) {
 		log.Debug().Msg("No redirect URI cookie found, redirecting to app root")
 		c.Redirect(http.StatusTemporaryRedirect, controller.config.AppURL)
 		return
@@ -211,6 +213,6 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 		return
 	}
-	c.SetCookie(controller.config.RedirectCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.RootDomain), controller.config.SecureCookie, true)
+	c.SetCookie(controller.config.RedirectCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
 	c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/continue?%s", controller.config.AppURL, queries.Encode()))
 }
--- a/internal/controller/proxy_controller.go
+++ b/internal/controller/proxy_controller.go
@@ -7,7 +7,6 @@ import (
 	"tinyauth/internal/config"
 	"tinyauth/internal/service"
 	"tinyauth/internal/utils"
 	"tinyauth/internal/utils/decoders"
 	"github.com/gin-gonic/gin"
 	"github.com/google/go-querystring/query"
@@ -56,6 +55,15 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		return
 	}
 	if req.Proxy != "nginx" && req.Proxy != "traefik" && req.Proxy != "caddy" {
 		log.Warn().Str("proxy", req.Proxy).Msg("Invalid proxy")
 		c.JSON(400, gin.H{
 			"status":  400,
 			"message": "Bad Request",
 		})
 		return
 	}
 	isBrowser := strings.Contains(c.Request.Header.Get("Accept"), "text/html")
 	if isBrowser {
@@ -68,16 +76,6 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 	proto := c.Request.Header.Get("X-Forwarded-Proto")
 	host := c.Request.Header.Get("X-Forwarded-Host")
 	var app config.App
 	headers, err := decoders.DecodeHeaders(utils.NormalizeHeaders(c.Request.Header))
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to decode headers")
 		controller.handleError(c, req, isBrowser)
 		return
 	}
 	labels, err := controller.docker.GetLabels(host)
 	if err != nil {
@@ -86,21 +84,10 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		return
 	}
 	if len(headers.Apps) > 0 {
 		for k, v := range headers.Apps {
 			log.Debug().Str("app", k).Msg("Using headers for app config instead of labels")
 			app = v
 			break
 		}
 	} else {
 		log.Debug().Msg("No app config found in headers, using labels")
 		app = labels
 	}
 	clientIP := c.ClientIP()
-	if controller.auth.IsBypassedIP(app.IP, clientIP) {
+	if controller.auth.IsBypassedIP(labels.IP, clientIP) {
-		controller.setHeaders(c, app)
+		controller.setHeaders(c, labels)
 		c.JSON(200, gin.H{
 			"status":  200,
 			"message": "Authenticated",
@@ -108,7 +95,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		return
 	}
-	authEnabled, err := controller.auth.IsAuthEnabled(uri, app.Path)
+	authEnabled, err := controller.auth.IsAuthEnabled(uri, labels.Path)
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to check if auth is enabled for resource")
@@ -118,7 +105,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 	if !authEnabled {
 		log.Debug().Msg("Authentication disabled for resource, allowing access")
-		controller.setHeaders(c, app)
+		controller.setHeaders(c, labels)
 		c.JSON(200, gin.H{
 			"status":  200,
 			"message": "Authenticated",
@@ -126,7 +113,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		return
 	}
-	if !controller.auth.CheckIP(app.IP, clientIP) {
+	if !controller.auth.CheckIP(labels.IP, clientIP) {
 		if req.Proxy == "nginx" || !isBrowser {
 			c.JSON(401, gin.H{
 				"status":  401,
@@ -169,7 +156,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 	}
 	if userContext.IsLoggedIn {
-		appAllowed := controller.auth.IsResourceAllowed(c, userContext, app)
+		appAllowed := controller.auth.IsResourceAllowed(c, userContext, labels)
 		if !appAllowed {
 			log.Warn().Str("user", userContext.Username).Str("resource", strings.Split(host, ".")[0]).Msg("User not allowed to access resource")
@@ -203,7 +190,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		}
 		if userContext.OAuth {
-			groupOK := controller.auth.IsInOAuthGroup(c, userContext, app.OAuth.Groups)
+			groupOK := controller.auth.IsInOAuthGroup(c, userContext, labels.OAuth.Groups)
 			if !groupOK {
 				log.Warn().Str("user", userContext.Username).Str("resource", strings.Split(host, ".")[0]).Msg("User OAuth groups do not match resource requirements")
@@ -243,7 +230,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		c.Header("Remote-Email", utils.SanitizeHeader(userContext.Email))
 		c.Header("Remote-Groups", utils.SanitizeHeader(userContext.OAuthGroups))
-		controller.setHeaders(c, app)
+		controller.setHeaders(c, labels)
 		c.JSON(200, gin.H{
 			"status":  200,
--- a/internal/controller/proxy_controller_test.go
+++ b/internal/controller/proxy_controller_test.go
@@ -0,0 +1,164 @@
 package controller_test
 import (
 	"net/http/httptest"
 	"testing"
 	"tinyauth/internal/config"
 	"tinyauth/internal/controller"
 	"tinyauth/internal/service"
 	"github.com/gin-gonic/gin"
 	"gotest.tools/v3/assert"
 )
 func setupProxyController(t *testing.T, middlewares *[]gin.HandlerFunc) (*gin.Engine, *httptest.ResponseRecorder, *service.AuthService) {
 	// Setup
 	gin.SetMode(gin.TestMode)
 	router := gin.Default()
 	if middlewares != nil {
 		for _, m := range *middlewares {
 			router.Use(m)
 		}
 	}
 	group := router.Group("/api")
 	recorder := httptest.NewRecorder()
 	// Database
 	databaseService := service.NewDatabaseService(service.DatabaseServiceConfig{
 		DatabasePath: "/tmp/tinyauth_test.db",
 	})
 	assert.NilError(t, databaseService.Init())
 	database := databaseService.GetDatabase()
 	// Docker
 	dockerService := service.NewDockerService()
 	assert.NilError(t, dockerService.Init())
 	// Auth service
 	authService := service.NewAuthService(service.AuthServiceConfig{
 		Users: []config.User{
 			{
 				Username: "testuser",
 				Password: "$2a$10$ne6z693sTgzT3ePoQ05PgOecUHnBjM7sSNj6M.l5CLUP.f6NyCnt.", // test
 			},
 		},
 		OauthWhitelist:    "",
 		SessionExpiry:     3600,
 		SecureCookie:      false,
 		CookieDomain:      "localhost",
 		LoginTimeout:      300,
 		LoginMaxRetries:   3,
 		SessionCookieName: "tinyauth-session",
 	}, dockerService, nil, database)
 	// Controller
 	ctrl := controller.NewProxyController(controller.ProxyControllerConfig{
 		AppURL: "http://localhost:8080",
 	}, group, dockerService, authService)
 	ctrl.SetupRoutes()
 	return router, recorder, authService
 }
 func TestProxyHandler(t *testing.T) {
 	// Setup
 	router, recorder, authService := setupProxyController(t, nil)
 	// Test invalid proxy
 	req := httptest.NewRequest("GET", "/api/auth/invalidproxy", nil)
 	router.ServeHTTP(recorder, req)
 	assert.Equal(t, 400, recorder.Code)
 	// Test logged out user (traefik/caddy)
 	recorder = httptest.NewRecorder()
 	req = httptest.NewRequest("GET", "/api/auth/traefik", nil)
 	req.Header.Set("X-Forwarded-Proto", "https")
 	req.Header.Set("X-Forwarded-Host", "example.com")
 	req.Header.Set("X-Forwarded-Uri", "/somepath")
 	req.Header.Set("Accept", "text/html")
 	router.ServeHTTP(recorder, req)
 	assert.Equal(t, 307, recorder.Code)
 	assert.Equal(t, "http://localhost:8080/login?redirect_uri=https%3A%2F%2Fexample.com%2Fsomepath", recorder.Header().Get("Location"))
 	// Test logged out user (nginx)
 	recorder = httptest.NewRecorder()
 	req = httptest.NewRequest("GET", "/api/auth/nginx", nil)
 	router.ServeHTTP(recorder, req)
 	assert.Equal(t, 401, recorder.Code)
 	// Test logged in user
 	c := gin.CreateTestContextOnly(recorder, router)
 	err := authService.CreateSessionCookie(c, &config.SessionCookie{
 		Username:    "testuser",
 		Name:        "testuser",
 		Email:       "testuser@example.com",
 		Provider:    "username",
 		TotpPending: false,
 		OAuthGroups: "",
 	})
 	assert.NilError(t, err)
 	cookie := c.Writer.Header().Get("Set-Cookie")
 	router, recorder, _ = setupProxyController(t, &[]gin.HandlerFunc{
 		func(c *gin.Context) {
 			c.Set("context", &config.UserContext{
 				Username:    "testuser",
 				Name:        "testuser",
 				Email:       "testuser@example.com",
 				IsLoggedIn:  true,
 				OAuth:       false,
 				Provider:    "username",
 				TotpPending: false,
 				OAuthGroups: "",
 				TotpEnabled: false,
 			})
 			c.Next()
 		},
 	})
 	req = httptest.NewRequest("GET", "/api/auth/traefik", nil)
 	req.Header.Set("Cookie", cookie)
 	req.Header.Set("Accept", "text/html")
 	router.ServeHTTP(recorder, req)
 	assert.Equal(t, 200, recorder.Code)
 	assert.Equal(t, "testuser", recorder.Header().Get("Remote-User"))
 	assert.Equal(t, "testuser", recorder.Header().Get("Remote-Name"))
 	assert.Equal(t, "testuser@example.com", recorder.Header().Get("Remote-Email"))
 	// Ensure basic auth is disabled for TOTP enabled users
 	router, recorder, _ = setupProxyController(t, &[]gin.HandlerFunc{
 		func(c *gin.Context) {
 			c.Set("context", &config.UserContext{
 				Username:    "testuser",
 				Name:        "testuser",
 				Email:       "testuser@example.com",
 				IsLoggedIn:  true,
 				OAuth:       false,
 				Provider:    "basic",
 				TotpPending: false,
 				OAuthGroups: "",
 				TotpEnabled: true,
 			})
 			c.Next()
 		},
 	})
 	req = httptest.NewRequest("GET", "/api/auth/traefik", nil)
 	req.SetBasicAuth("testuser", "test")
 	router.ServeHTTP(recorder, req)
 	assert.Equal(t, 401, recorder.Code)
 }
--- a/internal/controller/resources_controller.go
+++ b/internal/controller/resources_controller.go
@@ -8,6 +8,7 @@ import (
 type ResourcesControllerConfig struct {
 	ResourcesDir      string
 	ResourcesDisabled bool
 }
 type ResourcesController struct {
@@ -38,5 +39,12 @@ func (controller *ResourcesController) resourcesHandler(c *gin.Context) {
 		})
 		return
 	}
 	if controller.config.ResourcesDisabled {
 		c.JSON(403, gin.H{
 			"status":  403,
 			"message": "Resources are disabled",
 		})
 		return
 	}
 	controller.fileServer.ServeHTTP(c.Writer, c.Request)
 }
--- a/internal/controller/resources_controller_test.go
+++ b/internal/controller/resources_controller_test.go
@@ -0,0 +1,57 @@
 package controller_test
 import (
 	"net/http/httptest"
 	"os"
 	"testing"
 	"tinyauth/internal/controller"
 	"github.com/gin-gonic/gin"
 	"gotest.tools/v3/assert"
 )
 func TestResourcesHandler(t *testing.T) {
 	// Setup
 	gin.SetMode(gin.TestMode)
 	router := gin.New()
 	group := router.Group("/")
 	ctrl := controller.NewResourcesController(controller.ResourcesControllerConfig{
 		ResourcesDir: "/tmp/tinyauth",
 	}, group)
 	ctrl.SetupRoutes()
 	// Create test data
 	err := os.Mkdir("/tmp/tinyauth", 0755)
 	assert.NilError(t, err)
 	defer os.RemoveAll("/tmp/tinyauth")
 	file, err := os.Create("/tmp/tinyauth/test.txt")
 	assert.NilError(t, err)
 	_, err = file.WriteString("This is a test file.")
 	assert.NilError(t, err)
 	file.Close()
 	// Test existing file
 	req := httptest.NewRequest("GET", "/resources/test.txt", nil)
 	recorder := httptest.NewRecorder()
 	router.ServeHTTP(recorder, req)
 	assert.Equal(t, 200, recorder.Code)
 	assert.Equal(t, "This is a test file.", recorder.Body.String())
 	// Test non-existing file
 	req = httptest.NewRequest("GET", "/resources/nonexistent.txt", nil)
 	recorder = httptest.NewRecorder()
 	router.ServeHTTP(recorder, req)
 	assert.Equal(t, 404, recorder.Code)
 	// Test directory traversal attack
 	req = httptest.NewRequest("GET", "/resources/../etc/passwd", nil)
 	recorder = httptest.NewRecorder()
 	router.ServeHTTP(recorder, req)
 	assert.Equal(t, 404, recorder.Code)
 }
--- a/internal/controller/user_controller.go
+++ b/internal/controller/user_controller.go
@@ -22,7 +22,7 @@ type TotpRequest struct {
 }
 type UserControllerConfig struct {
-	RootDomain string
+	CookieDomain string
 }
 type UserController struct {
@@ -115,7 +115,7 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 			err := controller.auth.CreateSessionCookie(c, &config.SessionCookie{
 				Username:    user.Username,
 				Name:        utils.Capitalize(req.Username),
-				Email:       fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.config.RootDomain),
+				Email:       fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.config.CookieDomain),
 				Provider:    "username",
 				TotpPending: true,
 			})
@@ -141,7 +141,7 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 	err = controller.auth.CreateSessionCookie(c, &config.SessionCookie{
 		Username: req.Username,
 		Name:     utils.Capitalize(req.Username),
-		Email:    fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.config.RootDomain),
+		Email:    fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.config.CookieDomain),
 		Provider: "username",
 	})
@@ -246,7 +246,7 @@ func (controller *UserController) totpHandler(c *gin.Context) {
 	err = controller.auth.CreateSessionCookie(c, &config.SessionCookie{
 		Username: user.Username,
 		Name:     utils.Capitalize(user.Username),
-		Email:    fmt.Sprintf("%s@%s", strings.ToLower(user.Username), controller.config.RootDomain),
+		Email:    fmt.Sprintf("%s@%s", strings.ToLower(user.Username), controller.config.CookieDomain),
 		Provider: "username",
 	})
--- a/internal/controller/user_controller_test.go
+++ b/internal/controller/user_controller_test.go
@@ -0,0 +1,297 @@
 package controller_test
 import (
 	"encoding/json"
 	"net/http"
 	"net/http/httptest"
 	"strings"
 	"testing"
 	"time"
 	"tinyauth/internal/config"
 	"tinyauth/internal/controller"
 	"tinyauth/internal/service"
 	"github.com/gin-gonic/gin"
 	"github.com/pquerna/otp/totp"
 	"gotest.tools/v3/assert"
 )
 var cookieValue string
 var totpSecret = "6WFZXPEZRK5MZHHYAFW4DAOUYQMCASBJ"
 func setupUserController(t *testing.T, middlewares *[]gin.HandlerFunc) (*gin.Engine, *httptest.ResponseRecorder) {
 	// Setup
 	gin.SetMode(gin.TestMode)
 	router := gin.Default()
 	if middlewares != nil {
 		for _, m := range *middlewares {
 			router.Use(m)
 		}
 	}
 	group := router.Group("/api")
 	recorder := httptest.NewRecorder()
 	// Database
 	databaseService := service.NewDatabaseService(service.DatabaseServiceConfig{
 		DatabasePath: "/tmp/tinyauth_test.db",
 	})
 	assert.NilError(t, databaseService.Init())
 	database := databaseService.GetDatabase()
 	// Auth service
 	authService := service.NewAuthService(service.AuthServiceConfig{
 		Users: []config.User{
 			{
 				Username: "testuser",
 				Password: "$2a$10$ne6z693sTgzT3ePoQ05PgOecUHnBjM7sSNj6M.l5CLUP.f6NyCnt.", // test
 			},
 			{
 				Username:   "totpuser",
 				Password:   "$2a$10$ne6z693sTgzT3ePoQ05PgOecUHnBjM7sSNj6M.l5CLUP.f6NyCnt.", // test
 				TotpSecret: totpSecret,
 			},
 		},
 		OauthWhitelist:    "",
 		SessionExpiry:     3600,
 		SecureCookie:      false,
 		CookieDomain:      "localhost",
 		LoginTimeout:      300,
 		LoginMaxRetries:   3,
 		SessionCookieName: "tinyauth-session",
 	}, nil, nil, database)
 	// Controller
 	ctrl := controller.NewUserController(controller.UserControllerConfig{
 		CookieDomain: "localhost",
 	}, group, authService)
 	ctrl.SetupRoutes()
 	return router, recorder
 }
 func TestLoginHandler(t *testing.T) {
 	// Setup
 	router, recorder := setupUserController(t, nil)
 	loginReq := controller.LoginRequest{
 		Username: "testuser",
 		Password: "test",
 	}
 	loginReqJson, err := json.Marshal(loginReq)
 	assert.NilError(t, err)
 	// Test
 	req := httptest.NewRequest("POST", "/api/user/login", strings.NewReader(string(loginReqJson)))
 	router.ServeHTTP(recorder, req)
 	assert.Equal(t, 200, recorder.Code)
 	cookie := recorder.Result().Cookies()[0]
 	assert.Equal(t, "tinyauth-session", cookie.Name)
 	assert.Assert(t, cookie.Value != "")
 	cookieValue = cookie.Value
 	// Test invalid credentials
 	loginReq = controller.LoginRequest{
 		Username: "testuser",
 		Password: "invalid",
 	}
 	loginReqJson, err = json.Marshal(loginReq)
 	assert.NilError(t, err)
 	recorder = httptest.NewRecorder()
 	req = httptest.NewRequest("POST", "/api/user/login", strings.NewReader(string(loginReqJson)))
 	router.ServeHTTP(recorder, req)
 	assert.Equal(t, 401, recorder.Code)
 	// Test totp required
 	loginReq = controller.LoginRequest{
 		Username: "totpuser",
 		Password: "test",
 	}
 	loginReqJson, err = json.Marshal(loginReq)
 	assert.NilError(t, err)
 	recorder = httptest.NewRecorder()
 	req = httptest.NewRequest("POST", "/api/user/login", strings.NewReader(string(loginReqJson)))
 	router.ServeHTTP(recorder, req)
 	assert.Equal(t, 200, recorder.Code)
 	loginResJson, err := json.Marshal(map[string]any{
 		"message":     "TOTP required",
 		"status":      200,
 		"totpPending": true,
 	})
 	assert.NilError(t, err)
 	assert.Equal(t, string(loginResJson), recorder.Body.String())
 	// Test invalid json
 	recorder = httptest.NewRecorder()
 	req = httptest.NewRequest("POST", "/api/user/login", strings.NewReader("{invalid json}"))
 	router.ServeHTTP(recorder, req)
 	assert.Equal(t, 400, recorder.Code)
 	// Test rate limiting
 	loginReq = controller.LoginRequest{
 		Username: "testuser",
 		Password: "invalid",
 	}
 	loginReqJson, err = json.Marshal(loginReq)
 	assert.NilError(t, err)
 	for range 5 {
 		recorder = httptest.NewRecorder()
 		req = httptest.NewRequest("POST", "/api/user/login", strings.NewReader(string(loginReqJson)))
 		router.ServeHTTP(recorder, req)
 	}
 	assert.Equal(t, 429, recorder.Code)
 }
 func TestLogoutHandler(t *testing.T) {
 	// Setup
 	router, recorder := setupUserController(t, nil)
 	// Test
 	req := httptest.NewRequest("POST", "/api/user/logout", nil)
 	req.AddCookie(&http.Cookie{
 		Name:  "tinyauth-session",
 		Value: cookieValue,
 	})
 	router.ServeHTTP(recorder, req)
 	assert.Equal(t, 200, recorder.Code)
 	cookie := recorder.Result().Cookies()[0]
 	assert.Equal(t, "tinyauth-session", cookie.Name)
 	assert.Equal(t, "", cookie.Value)
 	assert.Equal(t, -1, cookie.MaxAge)
 }
 func TestTotpHandler(t *testing.T) {
 	// Setup
 	router, recorder := setupUserController(t, &[]gin.HandlerFunc{
 		func(c *gin.Context) {
 			c.Set("context", &config.UserContext{
 				Username:    "totpuser",
 				Name:        "totpuser",
 				Email:       "totpuser@example.com",
 				IsLoggedIn:  false,
 				OAuth:       false,
 				Provider:    "username",
 				TotpPending: true,
 				OAuthGroups: "",
 				TotpEnabled: true,
 			})
 			c.Next()
 		},
 	})
 	// Test
 	code, err := totp.GenerateCode(totpSecret, time.Now())
 	assert.NilError(t, err)
 	totpReq := controller.TotpRequest{
 		Code: code,
 	}
 	totpReqJson, err := json.Marshal(totpReq)
 	assert.NilError(t, err)
 	req := httptest.NewRequest("POST", "/api/user/totp", strings.NewReader(string(totpReqJson)))
 	router.ServeHTTP(recorder, req)
 	assert.Equal(t, 200, recorder.Code)
 	cookie := recorder.Result().Cookies()[0]
 	assert.Equal(t, "tinyauth-session", cookie.Name)
 	assert.Assert(t, cookie.Value != "")
 	// Test invalid json
 	recorder = httptest.NewRecorder()
 	req = httptest.NewRequest("POST", "/api/user/totp", strings.NewReader("{invalid json}"))
 	router.ServeHTTP(recorder, req)
 	assert.Equal(t, 400, recorder.Code)
 	// Test rate limiting
 	totpReq = controller.TotpRequest{
 		Code: "000000",
 	}
 	totpReqJson, err = json.Marshal(totpReq)
 	assert.NilError(t, err)
 	for range 5 {
 		recorder = httptest.NewRecorder()
 		req = httptest.NewRequest("POST", "/api/user/totp", strings.NewReader(string(totpReqJson)))
 		router.ServeHTTP(recorder, req)
 	}
 	assert.Equal(t, 429, recorder.Code)
 	// Test invalid code
 	router, recorder = setupUserController(t, &[]gin.HandlerFunc{
 		func(c *gin.Context) {
 			c.Set("context", &config.UserContext{
 				Username:    "totpuser",
 				Name:        "totpuser",
 				Email:       "totpuser@example.com",
 				IsLoggedIn:  false,
 				OAuth:       false,
 				Provider:    "username",
 				TotpPending: true,
 				OAuthGroups: "",
 				TotpEnabled: true,
 			})
 			c.Next()
 		},
 	})
 	req = httptest.NewRequest("POST", "/api/user/totp", strings.NewReader(string(totpReqJson)))
 	router.ServeHTTP(recorder, req)
 	assert.Equal(t, 401, recorder.Code)
 	// Test no totp pending
 	router, recorder = setupUserController(t, &[]gin.HandlerFunc{
 		func(c *gin.Context) {
 			c.Set("context", &config.UserContext{
 				Username:    "totpuser",
 				Name:        "totpuser",
 				Email:       "totpuser@example.com",
 				IsLoggedIn:  false,
 				OAuth:       false,
 				Provider:    "username",
 				TotpPending: false,
 				OAuthGroups: "",
 				TotpEnabled: false,
 			})
 			c.Next()
 		},
 	})
 	req = httptest.NewRequest("POST", "/api/user/totp", strings.NewReader(string(totpReqJson)))
 	router.ServeHTTP(recorder, req)
 	assert.Equal(t, 401, recorder.Code)
 }
--- a/internal/middleware/context_middleware.go
+++ b/internal/middleware/context_middleware.go
@@ -12,7 +12,7 @@ import (
 )
 type ContextMiddlewareConfig struct {
-	RootDomain string
+	CookieDomain string
 }
 type ContextMiddleware struct {
@@ -95,6 +95,7 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 				Email:       cookie.Email,
 				Provider:    cookie.Provider,
 				OAuthGroups: cookie.OAuthGroups,
 				OAuthName:   cookie.OAuthName,
 				IsLoggedIn:  true,
 				OAuth:       true,
 			})
@@ -134,7 +135,7 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 			c.Set("context", &config.UserContext{
 				Username:    user.Username,
 				Name:        utils.Capitalize(user.Username),
-				Email:       fmt.Sprintf("%s@%s", strings.ToLower(user.Username), m.config.RootDomain),
+				Email:       fmt.Sprintf("%s@%s", strings.ToLower(user.Username), m.config.CookieDomain),
 				Provider:    "basic",
 				IsLoggedIn:  true,
 				TotpEnabled: user.TotpSecret != "",
@@ -146,7 +147,7 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 			c.Set("context", &config.UserContext{
 				Username:   basic.Username,
 				Name:       utils.Capitalize(basic.Username),
-				Email:      fmt.Sprintf("%s@%s", strings.ToLower(basic.Username), m.config.RootDomain),
+				Email:      fmt.Sprintf("%s@%s", strings.ToLower(basic.Username), m.config.CookieDomain),
 				Provider:   "basic",
 				IsLoggedIn: true,
 			})
--- a/internal/model/session_model.go
+++ b/internal/model/session_model.go
@@ -9,4 +9,5 @@ type Session struct {
 	TOTPPending bool   `gorm:"column:totp_pending"`
 	OAuthGroups string `gorm:"column:oauth_groups"`
 	Expiry      int64  `gorm:"column:expiry"`
 	OAuthName   string `gorm:"column:oauth_name"`
 }
--- a/internal/service/auth_service.go
+++ b/internal/service/auth_service.go
@@ -28,7 +28,7 @@ type AuthServiceConfig struct {
 	OauthWhitelist    string
 	SessionExpiry     int
 	SecureCookie      bool
-	RootDomain        string
+	CookieDomain      string
 	LoginTimeout      int
 	LoginMaxRetries   int
 	SessionCookieName string
@@ -210,6 +210,7 @@ func (auth *AuthService) CreateSessionCookie(c *gin.Context, data *config.Sessio
 		TOTPPending: data.TotpPending,
 		OAuthGroups: data.OAuthGroups,
 		Expiry:      time.Now().Add(time.Duration(expiry) * time.Second).Unix(),
 		OAuthName:   data.OAuthName,
 	}
 	err = auth.database.Create(&session).Error
@@ -218,7 +219,7 @@ func (auth *AuthService) CreateSessionCookie(c *gin.Context, data *config.Sessio
 		return err
 	}
-	c.SetCookie(auth.config.SessionCookieName, session.UUID, expiry, "/", fmt.Sprintf(".%s", auth.config.RootDomain), auth.config.SecureCookie, true)
+	c.SetCookie(auth.config.SessionCookieName, session.UUID, expiry, "/", fmt.Sprintf(".%s", auth.config.CookieDomain), auth.config.SecureCookie, true)
 	return nil
 }
@@ -236,7 +237,7 @@ func (auth *AuthService) DeleteSessionCookie(c *gin.Context) error {
 		return res.Error
 	}
-	c.SetCookie(auth.config.SessionCookieName, "", -1, "/", fmt.Sprintf(".%s", auth.config.RootDomain), auth.config.SecureCookie, true)
+	c.SetCookie(auth.config.SessionCookieName, "", -1, "/", fmt.Sprintf(".%s", auth.config.CookieDomain), auth.config.SecureCookie, true)
 	return nil
 }
@@ -278,6 +279,7 @@ func (auth *AuthService) GetSessionCookie(c *gin.Context) (config.SessionCookie,
 		Provider:    session.Provider,
 		TotpPending: session.TOTPPending,
 		OAuthGroups: session.OAuthGroups,
 		OAuthName:   session.OAuthName,
 	}, nil
 }
@@ -307,12 +309,14 @@ func (auth *AuthService) IsInOAuthGroup(c *gin.Context, context config.UserConte
 		return true
 	}
-	if context.Provider != "generic" {
+	for id := range config.OverrideProviders {
-		log.Debug().Msg("Not using generic provider, skipping group check")
+		if context.Provider == id {
 			log.Info().Str("provider", id).Msg("OAuth groups not supported for this provider")
 			return true
 		}
 	}
-	for _, userGroup := range strings.Split(context.OAuthGroups, ",") {
+	for userGroup := range strings.SplitSeq(context.OAuthGroups, ",") {
 		if utils.CheckFilter(requiredGroups, strings.TrimSpace(userGroup)) {
 			return true
 		}
--- a/internal/service/generic_oauth_service.go
+++ b/internal/service/generic_oauth_service.go
@@ -22,6 +22,7 @@ type GenericOAuthService struct {
 	verifier           string
 	insecureSkipVerify bool
 	userinfoUrl        string
 	name               string
 }
 func NewGenericOAuthService(config config.OAuthServiceConfig) *GenericOAuthService {
@@ -38,6 +39,7 @@ func NewGenericOAuthService(config config.OAuthServiceConfig) *GenericOAuthServi
 		},
 		insecureSkipVerify: config.InsecureSkipVerify,
 		userinfoUrl:        config.UserinfoURL,
 		name:               config.Name,
 	}
 }
@@ -115,3 +117,7 @@ func (generic *GenericOAuthService) Userinfo() (config.Claims, error) {
 	return user, nil
 }
 func (generic *GenericOAuthService) GetName() string {
 	return generic.name
 }
--- a/internal/service/github_oauth_service.go
+++ b/internal/service/github_oauth_service.go
@@ -33,6 +33,7 @@ type GithubOAuthService struct {
 	context  context.Context
 	token    *oauth2.Token
 	verifier string
 	name     string
 }
 func NewGithubOAuthService(config config.OAuthServiceConfig) *GithubOAuthService {
@@ -44,6 +45,7 @@ func NewGithubOAuthService(config config.OAuthServiceConfig) *GithubOAuthService
 			Scopes:       GithubOAuthScopes,
 			Endpoint:     endpoints.GitHub,
 		},
 		name: config.Name,
 	}
 }
@@ -167,3 +169,7 @@ func (github *GithubOAuthService) Userinfo() (config.Claims, error) {
 	return user, nil
 }
 func (github *GithubOAuthService) GetName() string {
 	return github.name
 }
--- a/internal/service/google_oauth_service.go
+++ b/internal/service/google_oauth_service.go
@@ -28,6 +28,7 @@ type GoogleOAuthService struct {
 	context  context.Context
 	token    *oauth2.Token
 	verifier string
 	name     string
 }
 func NewGoogleOAuthService(config config.OAuthServiceConfig) *GoogleOAuthService {
@@ -39,6 +40,7 @@ func NewGoogleOAuthService(config config.OAuthServiceConfig) *GoogleOAuthService
 			Scopes:       GoogleOAuthScopes,
 			Endpoint:     endpoints.Google,
 		},
 		name: config.Name,
 	}
 }
@@ -111,3 +113,7 @@ func (google *GoogleOAuthService) Userinfo() (config.Claims, error) {
 	return user, nil
 }
 func (google *GoogleOAuthService) GetName() string {
 	return google.name
 }
--- a/internal/service/oauth_broker_service.go
+++ b/internal/service/oauth_broker_service.go
@@ -14,6 +14,7 @@ type OAuthService interface {
 	GetAuthURL(state string) string
 	VerifyCode(code string) error
 	Userinfo() (config.Claims, error)
 	GetName() string
 }
 type OAuthBrokerService struct {
@@ -49,7 +50,7 @@ func (broker *OAuthBrokerService) Init() error {
 			log.Error().Err(err).Msgf("Failed to initialize OAuth service: %T", name)
 			return err
 		}
-		log.Info().Msgf("Initialized OAuth service: %T", name)
+		log.Info().Str("service", service.GetName()).Msg("Initialized OAuth service")
 	}
 	return nil
--- a/internal/utils/app_utils.go
+++ b/internal/utils/app_utils.go
@@ -6,32 +6,43 @@ import (
 	"net/url"
 	"strings"
 	"tinyauth/internal/config"
 	"tinyauth/internal/utils/decoders"
 	"maps"
 	"github.com/gin-gonic/gin"
 	"github.com/rs/zerolog"
 	"github.com/weppos/publicsuffix-go/publicsuffix"
 )
-// Get root domain parses a hostname and returns the upper domain (e.g. sub1.sub2.domain.com -> sub2.domain.com)
+// Get cookie domain parses a hostname and returns the upper domain (e.g. sub1.sub2.domain.com -> sub2.domain.com)
-func GetRootDomain(appUrl string) (string, error) {
+func GetCookieDomain(u string) (string, error) {
-	appUrlParsed, err := url.Parse(appUrl)
+	parsed, err := url.Parse(u)
 	if err != nil {
 		return "", err
 	}
-	host := appUrlParsed.Hostname()
+	host := parsed.Hostname()
 	if netIP := net.ParseIP(host); netIP != nil {
-		return "", errors.New("IP addresses are not allowed")
+		return "", errors.New("IP addresses not allowed")
 	}
-	urlParts := strings.Split(host, ".")
+	parts := strings.Split(host, ".")
-	if len(urlParts) < 2 {
+	if len(parts) < 3 {
-		return "", errors.New("invalid domain, must be at least second level domain")
+		return "", errors.New("invalid app url, must be at least second level domain")
 	}
-	return strings.Join(urlParts[1:], "."), nil
+	domain := strings.Join(parts[1:], ".")
 	_, err = publicsuffix.DomainFromListWithOptions(publicsuffix.DefaultList, domain, nil)
 	if err != nil {
 		return "", errors.New("domain in public suffix list, cannot set cookies")
 	}
 	return domain, nil
 }
 func ParseFileToLine(content string) string {
@@ -49,6 +60,7 @@ func ParseFileToLine(content string) string {
 }
 func Filter[T any](slice []T, test func(T) bool) (res []T) {
 	res = make([]T, 0)
 	for _, value := range slice {
 		if test(value) {
 			res = append(res, value)
@@ -88,13 +100,13 @@ func IsRedirectSafe(redirectURL string, domain string) bool {
 		return false
 	}
-	upper, err := GetRootDomain(redirectURL)
+	cookieDomain, err := GetCookieDomain(redirectURL)
 	if err != nil {
 		return false
 	}
-	if upper != domain {
+	if cookieDomain != domain {
 		return false
 	}
@@ -121,3 +133,67 @@ func GetLogLevel(level string) zerolog.Level {
 		return zerolog.InfoLevel
 	}
 }
 func GetOAuthProvidersConfig(env []string, args []string, appUrl string) (map[string]config.OAuthServiceConfig, error) {
 	providers := make(map[string]config.OAuthServiceConfig)
 	// Get from environment variables
 	envMap := make(map[string]string)
 	for _, e := range env {
 		pair := strings.SplitN(e, "=", 2)
 		if len(pair) == 2 {
 			envMap[pair[0]] = pair[1]
 		}
 	}
 	envProviders, err := decoders.DecodeEnv(envMap)
 	if err != nil {
 		return nil, err
 	}
 	maps.Copy(providers, envProviders.Providers)
 	// Get from flags
 	flagsMap := make(map[string]string)
 	for _, arg := range args[1:] {
 		if strings.HasPrefix(arg, "--") {
 			pair := strings.SplitN(arg[2:], "=", 2)
 			if len(pair) == 2 {
 				flagsMap[pair[0]] = pair[1]
 			}
 		}
 	}
 	flagProviders, err := decoders.DecodeFlags(flagsMap)
 	if err != nil {
 		return nil, err
 	}
 	maps.Copy(providers, flagProviders.Providers)
 	// For every provider get correct secret from file if set
 	for name, provider := range providers {
 		secret := GetSecret(provider.ClientSecret, provider.ClientSecretFile)
 		provider.ClientSecret = secret
 		provider.ClientSecretFile = ""
 		providers[name] = provider
 	}
 	// If we have google/github providers and no redirect URL then set a default
 	for id := range config.OverrideProviders {
 		if provider, exists := providers[id]; exists {
 			if provider.RedirectURL == "" {
 				provider.RedirectURL = appUrl + "/api/oauth/callback/" + id
 				providers[id] = provider
 			}
 		}
 	}
 	// Return combined providers
 	return providers, nil
 }
--- a/internal/utils/app_utils_test.go
+++ b/internal/utils/app_utils_test.go
@@ -0,0 +1,271 @@
 package utils_test
 import (
 	"os"
 	"testing"
 	"tinyauth/internal/config"
 	"tinyauth/internal/utils"
 	"github.com/gin-gonic/gin"
 	"gotest.tools/v3/assert"
 )
 func TestGetRootDomain(t *testing.T) {
 	// Normal case
 	domain := "http://sub.tinyauth.app"
 	expected := "tinyauth.app"
 	result, err := utils.GetCookieDomain(domain)
 	assert.NilError(t, err)
 	assert.Equal(t, expected, result)
 	// Domain with multiple subdomains
 	domain = "http://b.c.tinyauth.app"
 	expected = "c.tinyauth.app"
 	result, err = utils.GetCookieDomain(domain)
 	assert.NilError(t, err)
 	assert.Equal(t, expected, result)
 	// Domain with no subdomain
 	domain = "http://tinyauth.app"
 	expected = "tinyauth.app"
 	_, err = utils.GetCookieDomain(domain)
 	assert.Error(t, err, "invalid app url, must be at least second level domain")
 	// Invalid domain (only TLD)
 	domain = "com"
 	_, err = utils.GetCookieDomain(domain)
 	assert.ErrorContains(t, err, "invalid app url, must be at least second level domain")
 	// IP address
 	domain = "http://10.10.10.10"
 	_, err = utils.GetCookieDomain(domain)
 	assert.ErrorContains(t, err, "IP addresses not allowed")
 	// Invalid URL
 	domain = "http://[::1]:namedport"
 	_, err = utils.GetCookieDomain(domain)
 	assert.ErrorContains(t, err, "parse \"http://[::1]:namedport\": invalid port \":namedport\" after host")
 	// URL with scheme and path
 	domain = "https://sub.tinyauth.app/path"
 	expected = "tinyauth.app"
 	result, err = utils.GetCookieDomain(domain)
 	assert.NilError(t, err)
 	assert.Equal(t, expected, result)
 	// URL with port
 	domain = "http://sub.tinyauth.app:8080"
 	expected = "tinyauth.app"
 	result, err = utils.GetCookieDomain(domain)
 	assert.NilError(t, err)
 	assert.Equal(t, expected, result)
 	// Domain managed by ICANN
 	domain = "http://example.co.uk"
 	_, err = utils.GetCookieDomain(domain)
 	assert.Error(t, err, "domain in public suffix list, cannot set cookies")
 }
 func TestParseFileToLine(t *testing.T) {
 	// Normal case
 	content := "user1\nuser2\nuser3"
 	expected := "user1,user2,user3"
 	result := utils.ParseFileToLine(content)
 	assert.Equal(t, expected, result)
 	// Case with empty lines and spaces
 	content = " user1 \n\n user2 \n user3 \n"
 	expected = "user1,user2,user3"
 	result = utils.ParseFileToLine(content)
 	assert.Equal(t, expected, result)
 	// Case with only empty lines
 	content = "\n\n\n"
 	expected = ""
 	result = utils.ParseFileToLine(content)
 	assert.Equal(t, expected, result)
 	// Case with single user
 	content = "singleuser"
 	expected = "singleuser"
 	result = utils.ParseFileToLine(content)
 	assert.Equal(t, expected, result)
 	// Case with trailing newline
 	content = "user1\nuser2\n"
 	expected = "user1,user2"
 	result = utils.ParseFileToLine(content)
 	assert.Equal(t, expected, result)
 }
 func TestFilter(t *testing.T) {
 	// Normal case
 	slice := []int{1, 2, 3, 4, 5}
 	testFunc := func(n int) bool { return n%2 == 0 }
 	expected := []int{2, 4}
 	result := utils.Filter(slice, testFunc)
 	assert.DeepEqual(t, expected, result)
 	// Case with no matches
 	slice = []int{1, 3, 5}
 	testFunc = func(n int) bool { return n%2 == 0 }
 	expected = []int{}
 	result = utils.Filter(slice, testFunc)
 	assert.DeepEqual(t, expected, result)
 	// Case with all matches
 	slice = []int{2, 4, 6}
 	testFunc = func(n int) bool { return n%2 == 0 }
 	expected = []int{2, 4, 6}
 	result = utils.Filter(slice, testFunc)
 	assert.DeepEqual(t, expected, result)
 	// Case with empty slice
 	slice = []int{}
 	testFunc = func(n int) bool { return n%2 == 0 }
 	expected = []int{}
 	result = utils.Filter(slice, testFunc)
 	assert.DeepEqual(t, expected, result)
 	// Case with different type (string)
 	sliceStr := []string{"apple", "banana", "cherry"}
 	testFuncStr := func(s string) bool { return len(s) > 5 }
 	expectedStr := []string{"banana", "cherry"}
 	resultStr := utils.Filter(sliceStr, testFuncStr)
 	assert.DeepEqual(t, expectedStr, resultStr)
 }
 func TestGetContext(t *testing.T) {
 	// Setup
 	gin.SetMode(gin.TestMode)
 	c, _ := gin.CreateTestContext(nil)
 	// Normal case
 	c.Set("context", &config.UserContext{Username: "testuser"})
 	result, err := utils.GetContext(c)
 	assert.NilError(t, err)
 	assert.Equal(t, "testuser", result.Username)
 	// Case with no context
 	c.Set("context", nil)
 	_, err = utils.GetContext(c)
 	assert.Error(t, err, "invalid user context in request")
 	// Case with invalid context type
 	c.Set("context", "invalid type")
 	_, err = utils.GetContext(c)
 	assert.Error(t, err, "invalid user context in request")
 }
 func TestIsRedirectSafe(t *testing.T) {
 	// Setup
 	domain := "example.com"
 	// Case with no subdomain
 	redirectURL := "http://example.com/welcome"
 	result := utils.IsRedirectSafe(redirectURL, domain)
 	assert.Equal(t, false, result)
 	// Case with different domain
 	redirectURL = "http://malicious.com/phishing"
 	result = utils.IsRedirectSafe(redirectURL, domain)
 	assert.Equal(t, false, result)
 	// Case with subdomain
 	redirectURL = "http://sub.example.com/page"
 	result = utils.IsRedirectSafe(redirectURL, domain)
 	assert.Equal(t, true, result)
 	// Case with empty redirect URL
 	redirectURL = ""
 	result = utils.IsRedirectSafe(redirectURL, domain)
 	assert.Equal(t, false, result)
 	// Case with invalid URL
 	redirectURL = "http://[::1]:namedport"
 	result = utils.IsRedirectSafe(redirectURL, domain)
 	assert.Equal(t, false, result)
 	// Case with URL having port
 	redirectURL = "http://sub.example.com:8080/page"
 	result = utils.IsRedirectSafe(redirectURL, domain)
 	assert.Equal(t, true, result)
 	// Case with URL having different subdomain
 	redirectURL = "http://another.example.com/page"
 	result = utils.IsRedirectSafe(redirectURL, domain)
 	assert.Equal(t, true, result)
 	// Case with URL having different TLD
 	redirectURL = "http://example.org/page"
 	result = utils.IsRedirectSafe(redirectURL, domain)
 	assert.Equal(t, false, result)
 }
 func TestGetOAuthProvidersConfig(t *testing.T) {
 	env := []string{"PROVIDERS_CLIENT1_CLIENT_ID=client1-id", "PROVIDERS_CLIENT1_CLIENT_SECRET=client1-secret"}
 	args := []string{"/tinyauth/tinyauth", "--providers-client2-client-id=client2-id", "--providers-client2-client-secret=client2-secret"}
 	expected := map[string]config.OAuthServiceConfig{
 		"client1": {
 			ClientID:     "client1-id",
 			ClientSecret: "client1-secret",
 		},
 		"client2": {
 			ClientID:     "client2-id",
 			ClientSecret: "client2-secret",
 		},
 	}
 	result, err := utils.GetOAuthProvidersConfig(env, args, "")
 	assert.NilError(t, err)
 	assert.DeepEqual(t, expected, result)
 	// Case with no providers
 	env = []string{}
 	args = []string{"/tinyauth/tinyauth"}
 	expected = map[string]config.OAuthServiceConfig{}
 	result, err = utils.GetOAuthProvidersConfig(env, args, "")
 	assert.NilError(t, err)
 	assert.DeepEqual(t, expected, result)
 	// Case with secret from file
 	file, err := os.Create("/tmp/tinyauth_test_file")
 	assert.NilError(t, err)
 	_, err = file.WriteString("file content\n")
 	assert.NilError(t, err)
 	err = file.Close()
 	assert.NilError(t, err)
 	defer os.Remove("/tmp/tinyauth_test_file")
 	env = []string{"PROVIDERS_CLIENT1_CLIENT_ID=client1-id", "PROVIDERS_CLIENT1_CLIENT_SECRET_FILE=/tmp/tinyauth_test_file"}
 	args = []string{"/tinyauth/tinyauth"}
 	expected = map[string]config.OAuthServiceConfig{
 		"client1": {
 			ClientID:     "client1-id",
 			ClientSecret: "file content",
 		},
 	}
 	result, err = utils.GetOAuthProvidersConfig(env, args, "")
 	assert.NilError(t, err)
 	assert.DeepEqual(t, expected, result)
 	// Case with google provider and no redirect URL
 	env = []string{"PROVIDERS_GOOGLE_CLIENT_ID=google-id", "PROVIDERS_GOOGLE_CLIENT_SECRET=google-secret"}
 	args = []string{"/tinyauth/tinyauth"}
 	expected = map[string]config.OAuthServiceConfig{
 		"google": {
 			ClientID:     "google-id",
 			ClientSecret: "google-secret",
 			RedirectURL:  "http://app.url/api/oauth/callback/google",
 		},
 	}
 	result, err = utils.GetOAuthProvidersConfig(env, args, "http://app.url")
 	assert.NilError(t, err)
 	assert.DeepEqual(t, expected, result)
 }
--- a/internal/utils/decoders/decoders.go
+++ b/internal/utils/decoders/decoders.go
@@ -0,0 +1,89 @@
 package decoders
 import (
 	"reflect"
 	"strings"
 	"tinyauth/internal/config"
 )
 func NormalizeKeys(keys map[string]string, rootName string, sep string) map[string]string {
 	normalized := make(map[string]string)
 	knownKeys := getKnownKeys()
 	for k, v := range keys {
 		var finalKey []string
 		var suffix string
 		var camelClientName string
 		var camelField string
 		finalKey = append(finalKey, rootName)
 		finalKey = append(finalKey, "providers")
 		lowerKey := strings.ToLower(k)
 		if !strings.HasPrefix(lowerKey, "providers"+sep) {
 			continue
 		}
 		for _, known := range knownKeys {
 			if strings.HasSuffix(lowerKey, strings.ReplaceAll(known, "-", sep)) {
 				suffix = known
 				break
 			}
 		}
 		if suffix == "" {
 			continue
 		}
 		if strings.TrimSpace(strings.TrimSuffix(strings.TrimPrefix(lowerKey, "providers"+sep), strings.ReplaceAll(suffix, "-", sep))) == "" {
 			continue
 		}
 		clientNameParts := strings.Split(strings.TrimPrefix(strings.TrimSuffix(lowerKey, sep+strings.ReplaceAll(suffix, "-", sep)), "providers"+sep), sep)
 		for i, p := range clientNameParts {
 			if i == 0 {
 				camelClientName += p
 				continue
 			}
 			if p == "" {
 				continue
 			}
 			camelClientName += strings.ToUpper(string([]rune(p)[0])) + string([]rune(p)[1:])
 		}
 		finalKey = append(finalKey, camelClientName)
 		fieldParts := strings.Split(suffix, "-")
 		for i, p := range fieldParts {
 			if i == 0 {
 				camelField += p
 				continue
 			}
 			if p == "" {
 				continue
 			}
 			camelField += strings.ToUpper(string([]rune(p)[0])) + string([]rune(p)[1:])
 		}
 		finalKey = append(finalKey, camelField)
 		normalized[strings.Join(finalKey, ".")] = v
 	}
 	return normalized
 }
 func getKnownKeys() []string {
 	var known []string
 	p := config.OAuthServiceConfig{}
 	v := reflect.ValueOf(p)
 	typeOfP := v.Type()
 	for field := range typeOfP.NumField() {
 		known = append(known, typeOfP.Field(field).Tag.Get("key"))
 	}
 	return known
 }
--- a/internal/utils/decoders/decoders_test.go
+++ b/internal/utils/decoders/decoders_test.go
@@ -0,0 +1,49 @@
 package decoders_test
 import (
 	"testing"
 	"tinyauth/internal/utils/decoders"
 	"gotest.tools/v3/assert"
 )
 func TestNormalizeKeys(t *testing.T) {
 	// Test with env
 	test := map[string]string{
 		"PROVIDERS_CLIENT1_CLIENT_ID":                    "my-client-id",
 		"PROVIDERS_CLIENT1_CLIENT_SECRET":                "my-client-secret",
 		"PROVIDERS_MY_AWESOME_CLIENT_CLIENT_ID":          "my-awesome-client-id",
 		"PROVIDERS_MY_AWESOME_CLIENT_CLIENT_SECRET_FILE": "/path/to/secret",
 		"I_LOOK_LIKE_A_KEY_CLIENT_ID":                    "should-not-appear",
 		"PROVIDERS_CLIENT_ID":                            "should-not-appear",
 	}
 	expected := map[string]string{
 		"tinyauth.providers.client1.clientId":                 "my-client-id",
 		"tinyauth.providers.client1.clientSecret":             "my-client-secret",
 		"tinyauth.providers.myAwesomeClient.clientId":         "my-awesome-client-id",
 		"tinyauth.providers.myAwesomeClient.clientSecretFile": "/path/to/secret",
 	}
 	normalized := decoders.NormalizeKeys(test, "tinyauth", "_")
 	assert.DeepEqual(t, normalized, expected)
 	// Test with flags (assume -- is already stripped)
 	test = map[string]string{
 		"providers-client1-client-id":                    "my-client-id",
 		"providers-client1-client-secret":                "my-client-secret",
 		"providers-my-awesome-client-client-id":          "my-awesome-client-id",
 		"providers-my-awesome-client-client-secret-file": "/path/to/secret",
 		"providers-should-not-appear-client":             "should-not-appear",
 		"i-look-like-a-key-client-id":                    "should-not-appear",
 		"providers-client-id":                            "should-not-appear",
 	}
 	expected = map[string]string{
 		"tinyauth.providers.client1.clientId":                 "my-client-id",
 		"tinyauth.providers.client1.clientSecret":             "my-client-secret",
 		"tinyauth.providers.myAwesomeClient.clientId":         "my-awesome-client-id",
 		"tinyauth.providers.myAwesomeClient.clientSecretFile": "/path/to/secret",
 	}
 	normalized = decoders.NormalizeKeys(test, "tinyauth", "-")
 	assert.DeepEqual(t, normalized, expected)
 }
--- a/internal/utils/decoders/env_decoder.go
+++ b/internal/utils/decoders/env_decoder.go
@@ -0,0 +1,20 @@
 package decoders
 import (
 	"tinyauth/internal/config"
 	"github.com/traefik/paerser/parser"
 )
 func DecodeEnv(env map[string]string) (config.Providers, error) {
 	normalized := NormalizeKeys(env, "tinyauth", "_")
 	var providers config.Providers
 	err := parser.Decode(normalized, &providers, "tinyauth", "tinyauth.providers")
 	if err != nil {
 		return config.Providers{}, err
 	}
 	return providers, nil
 }
--- a/internal/utils/decoders/env_decoder_test.go
+++ b/internal/utils/decoders/env_decoder_test.go
@@ -0,0 +1,60 @@
 package decoders_test
 import (
 	"testing"
 	"tinyauth/internal/config"
 	"tinyauth/internal/utils/decoders"
 	"gotest.tools/v3/assert"
 )
 func TestDecodeEnv(t *testing.T) {
 	// Variables
 	expected := config.Providers{
 		Providers: map[string]config.OAuthServiceConfig{
 			"client1": {
 				ClientID:           "client1-id",
 				ClientSecret:       "client1-secret",
 				Scopes:             []string{"client1-scope1", "client1-scope2"},
 				RedirectURL:        "client1-redirect-url",
 				AuthURL:            "client1-auth-url",
 				UserinfoURL:        "client1-user-info-url",
 				Name:               "Client1",
 				InsecureSkipVerify: false,
 			},
 			"client2": {
 				ClientID:           "client2-id",
 				ClientSecret:       "client2-secret",
 				Scopes:             []string{"client2-scope1", "client2-scope2"},
 				RedirectURL:        "client2-redirect-url",
 				AuthURL:            "client2-auth-url",
 				UserinfoURL:        "client2-user-info-url",
 				Name:               "My Awesome Client2",
 				InsecureSkipVerify: false,
 			},
 		},
 	}
 	test := map[string]string{
 		"PROVIDERS_CLIENT1_CLIENT_ID":            "client1-id",
 		"PROVIDERS_CLIENT1_CLIENT_SECRET":        "client1-secret",
 		"PROVIDERS_CLIENT1_SCOPES":               "client1-scope1,client1-scope2",
 		"PROVIDERS_CLIENT1_REDIRECT_URL":         "client1-redirect-url",
 		"PROVIDERS_CLIENT1_AUTH_URL":             "client1-auth-url",
 		"PROVIDERS_CLIENT1_USER_INFO_URL":        "client1-user-info-url",
 		"PROVIDERS_CLIENT1_NAME":                 "Client1",
 		"PROVIDERS_CLIENT1_INSECURE_SKIP_VERIFY": "false",
 		"PROVIDERS_CLIENT2_CLIENT_ID":            "client2-id",
 		"PROVIDERS_CLIENT2_CLIENT_SECRET":        "client2-secret",
 		"PROVIDERS_CLIENT2_SCOPES":               "client2-scope1,client2-scope2",
 		"PROVIDERS_CLIENT2_REDIRECT_URL":         "client2-redirect-url",
 		"PROVIDERS_CLIENT2_AUTH_URL":             "client2-auth-url",
 		"PROVIDERS_CLIENT2_USER_INFO_URL":        "client2-user-info-url",
 		"PROVIDERS_CLIENT2_NAME":                 "My Awesome Client2",
 		"PROVIDERS_CLIENT2_INSECURE_SKIP_VERIFY": "false",
 	}
 	// Test
 	res, err := decoders.DecodeEnv(test)
 	assert.NilError(t, err)
 	assert.DeepEqual(t, expected, res)
 }
--- a/internal/utils/decoders/flags_decoder.go
+++ b/internal/utils/decoders/flags_decoder.go
@@ -0,0 +1,30 @@
 package decoders
 import (
 	"strings"
 	"tinyauth/internal/config"
 	"github.com/traefik/paerser/parser"
 )
 func DecodeFlags(flags map[string]string) (config.Providers, error) {
 	filtered := filterFlags(flags)
 	normalized := NormalizeKeys(filtered, "tinyauth", "-")
 	var providers config.Providers
 	err := parser.Decode(normalized, &providers, "tinyauth", "tinyauth.providers")
 	if err != nil {
 		return config.Providers{}, err
 	}
 	return providers, nil
 }
 func filterFlags(flags map[string]string) map[string]string {
 	filtered := make(map[string]string)
 	for k, v := range flags {
 		filtered[strings.TrimPrefix(k, "--")] = v
 	}
 	return filtered
 }
--- a/internal/utils/decoders/flags_decoder_test.go
+++ b/internal/utils/decoders/flags_decoder_test.go
@@ -0,0 +1,60 @@
 package decoders_test
 import (
 	"testing"
 	"tinyauth/internal/config"
 	"tinyauth/internal/utils/decoders"
 	"gotest.tools/v3/assert"
 )
 func TestDecodeFlags(t *testing.T) {
 	// Variables
 	expected := config.Providers{
 		Providers: map[string]config.OAuthServiceConfig{
 			"client1": {
 				ClientID:           "client1-id",
 				ClientSecret:       "client1-secret",
 				Scopes:             []string{"client1-scope1", "client1-scope2"},
 				RedirectURL:        "client1-redirect-url",
 				AuthURL:            "client1-auth-url",
 				UserinfoURL:        "client1-user-info-url",
 				Name:               "Client1",
 				InsecureSkipVerify: false,
 			},
 			"client2": {
 				ClientID:           "client2-id",
 				ClientSecret:       "client2-secret",
 				Scopes:             []string{"client2-scope1", "client2-scope2"},
 				RedirectURL:        "client2-redirect-url",
 				AuthURL:            "client2-auth-url",
 				UserinfoURL:        "client2-user-info-url",
 				Name:               "My Awesome Client2",
 				InsecureSkipVerify: false,
 			},
 		},
 	}
 	test := map[string]string{
 		"--providers-client1-client-id":            "client1-id",
 		"--providers-client1-client-secret":        "client1-secret",
 		"--providers-client1-scopes":               "client1-scope1,client1-scope2",
 		"--providers-client1-redirect-url":         "client1-redirect-url",
 		"--providers-client1-auth-url":             "client1-auth-url",
 		"--providers-client1-user-info-url":        "client1-user-info-url",
 		"--providers-client1-name":                 "Client1",
 		"--providers-client1-insecure-skip-verify": "false",
 		"--providers-client2-client-id":            "client2-id",
 		"--providers-client2-client-secret":        "client2-secret",
 		"--providers-client2-scopes":               "client2-scope1,client2-scope2",
 		"--providers-client2-redirect-url":         "client2-redirect-url",
 		"--providers-client2-auth-url":             "client2-auth-url",
 		"--providers-client2-user-info-url":        "client2-user-info-url",
 		"--providers-client2-name":                 "My Awesome Client2",
 		"--providers-client2-insecure-skip-verify": "false",
 	}
 	// Test
 	res, err := decoders.DecodeFlags(test)
 	assert.NilError(t, err)
 	assert.DeepEqual(t, expected, res)
 }
--- a/internal/utils/decoders/header_decoder.go
+++ b/internal/utils/decoders/header_decoder.go
@@ -1,119 +0,0 @@
 package decoders
 import (
 	"fmt"
 	"sort"
 	"strings"
 	"tinyauth/internal/config"
 	"github.com/traefik/paerser/parser"
 )
 // Based on: https://github.com/traefik/paerser/blob/master/parser/labels_decode.go (Apache 2.0 License)
 func DecodeHeaders(headers map[string]string) (config.AppConfigs, error) {
 	var app config.AppConfigs
 	err := decodeHeadersHelper(headers, &app, "tinyauth", "tinyauth-apps")
 	if err != nil {
 		return config.AppConfigs{}, err
 	}
 	return app, nil
 }
 func decodeHeadersHelper(headers map[string]string, element any, rootName string, filters ...string) error {
 	node, err := decodeHeadersToNode(headers, rootName, filters...)
 	if err != nil {
 		return err
 	}
 	opts := parser.MetadataOpts{TagName: "header", AllowSliceAsStruct: true}
 	err = parser.AddMetadata(element, node, opts)
 	if err != nil {
 		return err
 	}
 	return parser.Fill(element, node, parser.FillerOpts{AllowSliceAsStruct: true})
 }
 func decodeHeadersToNode(headers map[string]string, rootName string, filters ...string) (*parser.Node, error) {
 	sortedKeys := sortKeys(headers, filters)
 	var node *parser.Node
 	for i, key := range sortedKeys {
 		split := strings.Split(strings.ToLower(key), "-")
 		if split[0] != rootName {
 			return nil, fmt.Errorf("invalid header root %s", split[0])
 		}
 		for _, v := range split {
 			if v == "" {
 				return nil, fmt.Errorf("invalid element: %s", key)
 			}
 		}
 		if i == 0 {
 			node = &parser.Node{}
 		}
 		decodeHeaderToNode(node, split, headers[key])
 	}
 	return node, nil
 }
 func decodeHeaderToNode(root *parser.Node, path []string, value string) {
 	if len(root.Name) == 0 {
 		root.Name = path[0]
 	}
 	if len(path) > 1 {
 		node := containsNode(root.Children, path[1])
 		if node != nil {
 			decodeHeaderToNode(node, path[1:], value)
 		} else {
 			child := &parser.Node{Name: path[1]}
 			decodeHeaderToNode(child, path[1:], value)
 			root.Children = append(root.Children, child)
 		}
 	} else {
 		root.Value = value
 	}
 }
 func containsNode(nodes []*parser.Node, name string) *parser.Node {
 	for _, node := range nodes {
 		if strings.EqualFold(node.Name, name) {
 			return node
 		}
 	}
 	return nil
 }
 func sortKeys(headers map[string]string, filters []string) []string {
 	var sortedKeys []string
 	for key := range headers {
 		if len(filters) == 0 {
 			sortedKeys = append(sortedKeys, key)
 			continue
 		}
 		for _, filter := range filters {
 			if strings.HasPrefix(strings.ToLower(key), strings.ToLower(filter)) {
 				sortedKeys = append(sortedKeys, key)
 				continue
 			}
 		}
 	}
 	sort.Strings(sortedKeys)
 	return sortedKeys
 }
--- a/internal/utils/decoders/header_decoder_test.go
+++ b/internal/utils/decoders/header_decoder_test.go
@@ -1,73 +0,0 @@
 package decoders_test
 import (
 	"reflect"
 	"testing"
 	"tinyauth/internal/config"
 	"tinyauth/internal/utils/decoders"
 )
 func TestDecodeHeaders(t *testing.T) {
 	// Variables
 	expected := config.AppConfigs{
 		Apps: map[string]config.App{
 			"foo": {
 				Config: config.AppConfig{
 					Domain: "example.com",
 				},
 				Users: config.AppUsers{
 					Allow: "user1,user2",
 					Block: "user3",
 				},
 				OAuth: config.AppOAuth{
 					Whitelist: "somebody@example.com",
 					Groups:    "group3",
 				},
 				IP: config.AppIP{
 					Allow:  []string{"10.71.0.1/24", "10.71.0.2"},
 					Block:  []string{"10.10.10.10", "10.0.0.0/24"},
 					Bypass: []string{"192.168.1.1"},
 				},
 				Response: config.AppResponse{
 					Headers: []string{"X-Foo=Bar", "X-Baz=Qux"},
 					BasicAuth: config.AppBasicAuth{
 						Username:     "admin",
 						Password:     "password",
 						PasswordFile: "/path/to/passwordfile",
 					},
 				},
 				Path: config.AppPath{
 					Allow: "/public",
 					Block: "/private",
 				},
 			},
 		},
 	}
 	test := map[string]string{
 		"Tinyauth-Apps-Foo-Config-Domain":                   "example.com",
 		"Tinyauth-Apps-Foo-Users-Allow":                     "user1,user2",
 		"Tinyauth-Apps-Foo-Users-Block":                     "user3",
 		"Tinyauth-Apps-Foo-OAuth-Whitelist":                 "somebody@example.com",
 		"Tinyauth-Apps-Foo-OAuth-Groups":                    "group3",
 		"Tinyauth-Apps-Foo-IP-Allow":                        "10.71.0.1/24,10.71.0.2",
 		"Tinyauth-Apps-Foo-IP-Block":                        "10.10.10.10,10.0.0.0/24",
 		"Tinyauth-Apps-Foo-IP-Bypass":                       "192.168.1.1",
 		"Tinyauth-Apps-Foo-Response-Headers":                "X-Foo=Bar,X-Baz=Qux",
 		"Tinyauth-Apps-Foo-Response-BasicAuth-Username":     "admin",
 		"Tinyauth-Apps-Foo-Response-BasicAuth-Password":     "password",
 		"Tinyauth-Apps-Foo-Response-BasicAuth-PasswordFile": "/path/to/passwordfile",
 		"Tinyauth-Apps-Foo-Path-Allow":                      "/public",
 		"Tinyauth-Apps-Foo-Path-Block":                      "/private",
 	}
 	// Test
 	result, err := decoders.DecodeHeaders(test)
 	if err != nil {
 		t.Fatalf("Unexpected error: %v", err)
 	}
 	if !reflect.DeepEqual(expected, result) {
 		t.Fatalf("Expected %v but got %v", expected, result)
 	}
 }
--- a/internal/utils/decoders/label_decoder.go
+++ b/internal/utils/decoders/label_decoder.go
@@ -6,13 +6,13 @@ import (
 	"github.com/traefik/paerser/parser"
 )
-func DecodeLabels(labels map[string]string) (config.AppConfigs, error) {
+func DecodeLabels(labels map[string]string) (config.Apps, error) {
-	var appLabels config.AppConfigs
+	var appLabels config.Apps
 	err := parser.Decode(labels, &appLabels, "tinyauth", "tinyauth.apps")
 	if err != nil {
-		return config.AppConfigs{}, err
+		return config.Apps{}, err
 	}
 	return appLabels, nil
--- a/internal/utils/decoders/label_decoder_test.go
+++ b/internal/utils/decoders/label_decoder_test.go
@@ -1,15 +1,16 @@
 package decoders_test
 import (
 	"reflect"
 	"testing"
 	"tinyauth/internal/config"
 	"tinyauth/internal/utils/decoders"
 	"gotest.tools/v3/assert"
 )
 func TestDecodeLabels(t *testing.T) {
 	// Variables
-	expected := config.AppConfigs{
+	expected := config.Apps{
 		Apps: map[string]config.App{
 			"foo": {
 				Config: config.AppConfig{
@@ -62,12 +63,6 @@ func TestDecodeLabels(t *testing.T) {
 	// Test
 	result, err := decoders.DecodeLabels(test)
-
+	assert.NilError(t, err)
-	if err != nil {
+	assert.DeepEqual(t, expected, result)
 		t.Fatalf("Unexpected error: %v", err)
 	}
 	if reflect.DeepEqual(expected, result) == false {
 		t.Fatalf("Expected %v but got %v", expected, result)
 	}
 }
--- a/internal/utils/fs_utils_test.go
+++ b/internal/utils/fs_utils_test.go
@@ -0,0 +1,31 @@
 package utils
 import (
 	"os"
 	"testing"
 	"gotest.tools/v3/assert"
 )
 func TestReadFile(t *testing.T) {
 	// Setup
 	file, err := os.Create("/tmp/tinyauth_test_file")
 	assert.NilError(t, err)
 	_, err = file.WriteString("file content\n")
 	assert.NilError(t, err)
 	err = file.Close()
 	assert.NilError(t, err)
 	defer os.Remove("/tmp/tinyauth_test_file")
 	// Normal case
 	content, err := ReadFile("/tmp/tinyauth_test_file")
 	assert.NilError(t, err)
 	assert.Equal(t, "file content\n", content)
 	// Non-existing file
 	content, err = ReadFile("/tmp/non_existing_file")
 	assert.ErrorContains(t, err, "no such file or directory")
 	assert.Equal(t, "", content)
 }
--- a/internal/utils/header_utils.go
+++ b/internal/utils/header_utils.go
@@ -32,13 +32,3 @@ func SanitizeHeader(header string) string {
 		return -1
 	}, header)
 }
 func NormalizeHeaders(headers http.Header) map[string]string {
 	var result = make(map[string]string)
 	for key, values := range headers {
 		result[key] = strings.Join(values, ",")
 	}
 	return result
 }
--- a/internal/utils/label_utils_test.go
+++ b/internal/utils/label_utils_test.go
@@ -0,0 +1,87 @@
 package utils_test
 import (
 	"testing"
 	"tinyauth/internal/utils"
 	"gotest.tools/v3/assert"
 )
 func TestParseHeaders(t *testing.T) {
 	// Normal case
 	headers := []string{
 		"X-Custom-Header=Value",
 		"Another-Header=AnotherValue",
 	}
 	expected := map[string]string{
 		"X-Custom-Header": "Value",
 		"Another-Header":  "AnotherValue",
 	}
 	assert.DeepEqual(t, expected, utils.ParseHeaders(headers))
 	// Case insensitivity and trimming
 	headers = []string{
 		"  x-custom-header =  Value  ",
 		"ANOTHER-HEADER=AnotherValue",
 	}
 	expected = map[string]string{
 		"X-Custom-Header": "Value",
 		"Another-Header":  "AnotherValue",
 	}
 	assert.DeepEqual(t, expected, utils.ParseHeaders(headers))
 	// Invalid headers (missing '=', empty key/value)
 	headers = []string{
 		"InvalidHeader",
 		"=NoKey",
 		"NoValue=",
 		"   =   ",
 	}
 	expected = map[string]string{}
 	assert.DeepEqual(t, expected, utils.ParseHeaders(headers))
 	// Headers with unsafe characters
 	headers = []string{
 		"X-Custom-Header=Val\x00ue",       // Null byte
 		"Another-Header=Anoth\x7FerValue", // DEL character
 		"Good-Header=GoodValue",
 	}
 	expected = map[string]string{
 		"X-Custom-Header": "Value",
 		"Another-Header":  "AnotherValue",
 		"Good-Header":     "GoodValue",
 	}
 	assert.DeepEqual(t, expected, utils.ParseHeaders(headers))
 	// Header with spaces in key (should be ignored)
 	headers = []string{
 		"X Custom Header=Value",
 		"Valid-Header=ValidValue",
 	}
 	expected = map[string]string{
 		"Valid-Header": "ValidValue",
 	}
 	assert.DeepEqual(t, expected, utils.ParseHeaders(headers))
 }
 func TestSanitizeHeader(t *testing.T) {
 	// Normal case
 	header := "X-Custom-Header"
 	expected := "X-Custom-Header"
 	assert.Equal(t, expected, utils.SanitizeHeader(header))
 	// Header with unsafe characters
 	header = "X-Cust\x00om-Hea\x7Fder" // Null byte and DEL character
 	expected = "X-Custom-Header"
 	assert.Equal(t, expected, utils.SanitizeHeader(header))
 	// Header with only unsafe characters
 	header = "\x00\x01\x02\x7F"
 	expected = ""
 	assert.Equal(t, expected, utils.SanitizeHeader(header))
 	// Header with spaces and tabs (should be preserved)
 	header = "X Custom\tHeader"
 	expected = "X Custom\tHeader"
 	assert.Equal(t, expected, utils.SanitizeHeader(header))
 }
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1 @@`
							`ALTER TABLE "sessions" DROP COLUMN "oauth_name";`