chore(deps): bump the minor-patch group across 1 directory with 18 updates

Bumps the minor-patch group with 18 updates in the /frontend directory: | Package | From | To | | --- | --- | --- | | [@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite) | `4.1.12` | `4.1.13` | | [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.85.5` | `5.87.1` | | [i18next](https://github.com/i18next/i18next) | `25.4.2` | `25.5.2` | | [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `0.541.0` | `0.543.0` | | [react-i18next](https://github.com/i18next/react-i18next) | `15.7.2` | `15.7.3` | | [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `4.1.12` | `4.1.13` | | [zod](https://github.com/colinhacks/zod) | `4.1.3` | `4.1.5` | | [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.34.0` | `9.35.0` | | [@tanstack/eslint-plugin-query](https://github.com/TanStack/query/tree/HEAD/packages/eslint-plugin-query) | `5.83.1` | `5.86.0` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.3.0` | `24.3.1` | | [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.1.11` | `19.1.12` | | [@types/react-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-dom) | `19.1.8` | `19.1.9` | | [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) | `5.0.1` | `5.0.2` | | [eslint](https://github.com/eslint/eslint) | `9.34.0` | `9.35.0` | | [globals](https://github.com/sindresorhus/globals) | `16.3.0` | `16.4.0` | | [tw-animate-css](https://github.com/Wombosvideo/tw-animate-css) | `1.3.7` | `1.3.8` | | [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.41.0` | `8.43.0` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.1.3` | `7.1.5` | Updates `@tailwindcss/vite` from 4.1.12 to 4.1.13 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.1.13/packages/@tailwindcss-vite) Updates `@tanstack/react-query` from 5.85.5 to 5.87.1 - [Release notes](https://github.com/TanStack/query/releases) - [Commits](https://github.com/TanStack/query/commits/v5.87.1/packages/react-query) Updates `i18next` from 25.4.2 to 25.5.2 - [Release notes](https://github.com/i18next/i18next/releases) - [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md) - [Commits](https://github.com/i18next/i18next/compare/v25.4.2...v25.5.2) Updates `lucide-react` from 0.541.0 to 0.543.0 - [Release notes](https://github.com/lucide-icons/lucide/releases) - [Commits](https://github.com/lucide-icons/lucide/commits/0.543.0/packages/lucide-react) Updates `react-i18next` from 15.7.2 to 15.7.3 - [Changelog](https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md) - [Commits](https://github.com/i18next/react-i18next/compare/v15.7.2...v15.7.3) Updates `tailwindcss` from 4.1.12 to 4.1.13 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.1.13/packages/tailwindcss) Updates `zod` from 4.1.3 to 4.1.5 - [Release notes](https://github.com/colinhacks/zod/releases) - [Commits](https://github.com/colinhacks/zod/compare/v4.1.3...v4.1.5) Updates `@eslint/js` from 9.34.0 to 9.35.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/commits/v9.35.0/packages/js) Updates `@tanstack/eslint-plugin-query` from 5.83.1 to 5.86.0 - [Release notes](https://github.com/TanStack/query/releases) - [Commits](https://github.com/TanStack/query/commits/v5.86.0/packages/eslint-plugin-query) Updates `@types/node` from 24.3.0 to 24.3.1 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@types/react` from 19.1.11 to 19.1.12 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) Updates `@types/react-dom` from 19.1.8 to 19.1.9 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react-dom) Updates `@vitejs/plugin-react` from 5.0.1 to 5.0.2 - [Release notes](https://github.com/vitejs/vite-plugin-react/releases) - [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@5.0.2/packages/plugin-react) Updates `eslint` from 9.34.0 to 9.35.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/compare/v9.34.0...v9.35.0) Updates `globals` from 16.3.0 to 16.4.0 - [Release notes](https://github.com/sindresorhus/globals/releases) - [Commits](https://github.com/sindresorhus/globals/compare/v16.3.0...v16.4.0) Updates `tw-animate-css` from 1.3.7 to 1.3.8 - [Release notes](https://github.com/Wombosvideo/tw-animate-css/releases) - [Commits](https://github.com/Wombosvideo/tw-animate-css/compare/v1.3.7...v1.3.8) Updates `typescript-eslint` from 8.41.0 to 8.43.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.43.0/packages/typescript-eslint) Updates `vite` from 7.1.3 to 7.1.5 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite) --- updated-dependencies: - dependency-name: "@tailwindcss/vite" dependency-version: 4.1.13 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: "@tanstack/react-query" dependency-version: 5.87.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: i18next dependency-version: 25.5.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: lucide-react dependency-version: 0.543.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: react-i18next dependency-version: 15.7.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: tailwindcss dependency-version: 4.1.13 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: zod dependency-version: 4.1.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: "@eslint/js" dependency-version: 9.35.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: "@tanstack/eslint-plugin-query" dependency-version: 5.86.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: "@types/node" dependency-version: 24.3.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: "@types/react" dependency-version: 19.1.12 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: "@types/react-dom" dependency-version: 19.1.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.0.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: eslint dependency-version: 9.35.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: globals dependency-version: 16.4.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: tw-animate-css dependency-version: 1.3.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: typescript-eslint dependency-version: 8.43.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: vite dependency-version: 7.1.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-patch ... Signed-off-by: dependabot[bot] <support@github.com>
feat: add cookie domain back to context controller
2025-10-30 21:55:43 +00:00 · 2025-09-11 08:21:10 +00:00 · 2025-09-10 13:47:48 +03:00 · 2025-09-10 13:43:08 +03:00 · 2025-09-03 17:52:51 +03:00 · 2025-09-03 15:30:24 +03:00
33 changed files with 1682 additions and 232 deletions
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -112,6 +112,7 @@ func init() {
 		{"ldap-search-filter", "(uid=%s)", "LDAP search filter for user lookup."},
 		{"resources-dir", "/data/resources", "Path to a directory containing custom resources (e.g. background image)."},
 		{"database-path", "/data/tinyauth.db", "Path to the Sqlite database file."},
+		{"trusted-proxies", "", "Comma separated list of trusted proxies (IP addresses) for correct client IP detection and for header ACLs."},
 	}

 	for _, opt := range configOptions {
--- a/frontend/bun.lock
+++ b/frontend/bun.lock
@@ -9,44 +9,44 @@
        "@radix-ui/react-select": "^2.2.6",
        "@radix-ui/react-separator": "^1.1.7",
        "@radix-ui/react-slot": "^1.2.3",
-        "@tailwindcss/vite": "^4.1.12",
-        "@tanstack/react-query": "^5.85.5",
+        "@tailwindcss/vite": "^4.1.13",
+        "@tanstack/react-query": "^5.87.4",
        "axios": "^1.11.0",
        "class-variance-authority": "^0.7.1",
        "clsx": "^2.1.1",
-        "i18next": "^25.4.2",
+        "i18next": "^25.5.2",
        "i18next-browser-languagedetector": "^8.2.0",
        "i18next-resources-to-backend": "^1.2.1",
        "input-otp": "^1.4.2",
-        "lucide-react": "^0.541.0",
+        "lucide-react": "^0.543.0",
        "next-themes": "^0.4.6",
        "react": "^19.1.1",
        "react-dom": "^19.1.1",
        "react-hook-form": "^7.62.0",
-        "react-i18next": "^15.7.2",
+        "react-i18next": "^15.7.3",
        "react-markdown": "^10.1.0",
        "react-router": "^7.8.2",
        "sonner": "^2.0.7",
        "tailwind-merge": "^3.3.1",
-        "tailwindcss": "^4.1.12",
-        "zod": "^4.1.3",
+        "tailwindcss": "^4.1.13",
+        "zod": "^4.1.7",
      },
      "devDependencies": {
-        "@eslint/js": "^9.34.0",
-        "@tanstack/eslint-plugin-query": "^5.83.1",
-        "@types/node": "^24.3.0",
-        "@types/react": "^19.1.11",
-        "@types/react-dom": "^19.1.8",
-        "@vitejs/plugin-react": "^5.0.1",
-        "eslint": "^9.34.0",
+        "@eslint/js": "^9.35.0",
+        "@tanstack/eslint-plugin-query": "^5.86.0",
+        "@types/node": "^24.3.1",
+        "@types/react": "^19.1.12",
+        "@types/react-dom": "^19.1.9",
+        "@vitejs/plugin-react": "^5.0.2",
+        "eslint": "^9.35.0",
        "eslint-plugin-react-hooks": "^5.2.0",
        "eslint-plugin-react-refresh": "^0.4.19",
-        "globals": "^16.3.0",
+        "globals": "^16.4.0",
        "prettier": "3.6.2",
-        "tw-animate-css": "^1.3.7",
+        "tw-animate-css": "^1.3.8",
        "typescript": "~5.9.2",
-        "typescript-eslint": "^8.41.0",
-        "vite": "^7.1.3",
+        "typescript-eslint": "^8.43.0",
+        "vite": "^7.1.5",
      },
    },
  },
@@ -143,7 +143,7 @@

    "@esbuild/win32-x64": ["@esbuild/win32-x64@0.25.4", "", { "os": "win32", "cpu": "x64" }, "sha512-nOT2vZNw6hJ+z43oP1SPea/G/6AbN6X+bGNhNuq8NtRHy4wsMhw765IKLNmnjek7GvjWBYQ8Q5VBoYTFg9y1UQ=="],

-    "@eslint-community/eslint-utils": ["@eslint-community/eslint-utils@4.7.0", "", { "dependencies": { "eslint-visitor-keys": "^3.4.3" }, "peerDependencies": { "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0" } }, "sha512-dyybb3AcajC7uha6CvhdVRJqaKyn7w2YKqKyAN37NKYgZT36w+iRb0Dymmc5qEJ549c/S31cMMSFd75bteCpCw=="],
+    "@eslint-community/eslint-utils": ["@eslint-community/eslint-utils@4.9.0", "", { "dependencies": { "eslint-visitor-keys": "^3.4.3" }, "peerDependencies": { "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0" } }, "sha512-ayVFHdtZ+hsq1t2Dy24wCmGXGe4q9Gu3smhLYALJrr473ZH27MsnSL+LKUlimp4BWJqMDMLmPpx/Q9R3OAlL4g=="],

    "@eslint-community/regexpp": ["@eslint-community/regexpp@4.12.1", "", {}, "sha512-CCZCDJuduB9OUkFkY2IgppNZMi2lBQgD2qzwXkEia16cge2pijY/aXi96CJMquDMn3nJdlPV1A5KrJEXwfLNzQ=="],

@@ -155,7 +155,7 @@

    "@eslint/eslintrc": ["@eslint/eslintrc@3.3.1", "", { "dependencies": { "ajv": "^6.12.4", "debug": "^4.3.2", "espree": "^10.0.1", "globals": "^14.0.0", "ignore": "^5.2.0", "import-fresh": "^3.2.1", "js-yaml": "^4.1.0", "minimatch": "^3.1.2", "strip-json-comments": "^3.1.1" } }, "sha512-gtF186CXhIl1p4pJNGZw8Yc6RlshoePRvE0X91oPGb3vZ8pM3qOS9W9NGPat9LziaBV7XrJWGylNQXkGcnM3IQ=="],

-    "@eslint/js": ["@eslint/js@9.34.0", "", {}, "sha512-EoyvqQnBNsV1CWaEJ559rxXL4c8V92gxirbawSmVUOWXlsRxxQXl6LmCpdUblgxgSkDIqKnhzba2SjRTI/A5Rw=="],
+    "@eslint/js": ["@eslint/js@9.35.0", "", {}, "sha512-30iXE9whjlILfWobBkNerJo+TXYsgVM5ERQwMcMKCHckHflCmf7wXDAHlARoWnh0s1U72WqlbeyE7iAcCzuCPw=="],

    "@eslint/object-schema": ["@eslint/object-schema@2.1.6", "", {}, "sha512-RBMg5FRL0I0gs51M/guSAj5/e14VQ4tpZnQNWwuDT66P14I43ItmPfIZRhO9fUVIPOAQXU47atlywZ/czoqFPA=="],

@@ -189,7 +189,7 @@

    "@jridgewell/set-array": ["@jridgewell/set-array@1.2.1", "", {}, "sha512-R8gLRTZeyp03ymzP/6Lil/28tGeGEzhx1q2k703KGWRAI1VdvPIXdG70VJc2pAMw3NA6JKL5hhFu1sJX0Mnn/A=="],

-    "@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],
+    "@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.5", "", {}, "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og=="],

    "@jridgewell/trace-mapping": ["@jridgewell/trace-mapping@0.3.25", "", { "dependencies": { "@jridgewell/resolve-uri": "^3.1.0", "@jridgewell/sourcemap-codec": "^1.4.14" } }, "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ=="],

@@ -255,7 +255,7 @@

    "@radix-ui/rect": ["@radix-ui/rect@1.1.1", "", {}, "sha512-HPwpGIzkl28mWyZqG52jiqDJ12waP11Pa1lGoiyUkIEuMLBP0oeK/C89esbXrxsky5we7dfd8U58nm0SgAWpVw=="],

-    "@rolldown/pluginutils": ["@rolldown/pluginutils@1.0.0-beta.32", "", {}, "sha512-QReCdvxiUZAPkvp1xpAg62IeNzykOFA6syH2CnClif4YmALN1XKpB39XneL80008UbtMShthSVDKmrx05N1q/g=="],
+    "@rolldown/pluginutils": ["@rolldown/pluginutils@1.0.0-beta.34", "", {}, "sha512-LyAREkZHP5pMom7c24meKmJCdhf2hEyvam2q0unr3or9ydwDL+DJ8chTF6Av/RFPb3rH8UFBdMzO5MxTZW97oA=="],

    "@rollup/rollup-android-arm-eabi": ["@rollup/rollup-android-arm-eabi@4.46.2", "", { "os": "android", "cpu": "arm" }, "sha512-Zj3Hl6sN34xJtMv7Anwb5Gu01yujyE/cLBDB2gnHTAHaWS1Z38L7kuSG+oAh0giZMqG060f/YBStXtMH6FvPMA=="],

@@ -299,41 +299,41 @@

    "@standard-schema/utils": ["@standard-schema/utils@0.3.0", "", {}, "sha512-e7Mew686owMaPJVNNLs55PUvgz371nKgwsc4vxE49zsODpJEnxgxRo2y/OKrqueavXgZNMDVj3DdHFlaSAeU8g=="],

-    "@tailwindcss/node": ["@tailwindcss/node@4.1.12", "", { "dependencies": { "@jridgewell/remapping": "^2.3.4", "enhanced-resolve": "^5.18.3", "jiti": "^2.5.1", "lightningcss": "1.30.1", "magic-string": "^0.30.17", "source-map-js": "^1.2.1", "tailwindcss": "4.1.12" } }, "sha512-3hm9brwvQkZFe++SBt+oLjo4OLDtkvlE8q2WalaD/7QWaeM7KEJbAiY/LJZUaCs7Xa8aUu4xy3uoyX4q54UVdQ=="],
+    "@tailwindcss/node": ["@tailwindcss/node@4.1.13", "", { "dependencies": { "@jridgewell/remapping": "^2.3.4", "enhanced-resolve": "^5.18.3", "jiti": "^2.5.1", "lightningcss": "1.30.1", "magic-string": "^0.30.18", "source-map-js": "^1.2.1", "tailwindcss": "4.1.13" } }, "sha512-eq3ouolC1oEFOAvOMOBAmfCIqZBJuvWvvYWh5h5iOYfe1HFC6+GZ6EIL0JdM3/niGRJmnrOc+8gl9/HGUaaptw=="],

-    "@tailwindcss/oxide": ["@tailwindcss/oxide@4.1.12", "", { "dependencies": { "detect-libc": "^2.0.4", "tar": "^7.4.3" }, "optionalDependencies": { "@tailwindcss/oxide-android-arm64": "4.1.12", "@tailwindcss/oxide-darwin-arm64": "4.1.12", "@tailwindcss/oxide-darwin-x64": "4.1.12", "@tailwindcss/oxide-freebsd-x64": "4.1.12", "@tailwindcss/oxide-linux-arm-gnueabihf": "4.1.12", "@tailwindcss/oxide-linux-arm64-gnu": "4.1.12", "@tailwindcss/oxide-linux-arm64-musl": "4.1.12", "@tailwindcss/oxide-linux-x64-gnu": "4.1.12", "@tailwindcss/oxide-linux-x64-musl": "4.1.12", "@tailwindcss/oxide-wasm32-wasi": "4.1.12", "@tailwindcss/oxide-win32-arm64-msvc": "4.1.12", "@tailwindcss/oxide-win32-x64-msvc": "4.1.12" } }, "sha512-gM5EoKHW/ukmlEtphNwaGx45fGoEmP10v51t9unv55voWh6WrOL19hfuIdo2FjxIaZzw776/BUQg7Pck++cIVw=="],
+    "@tailwindcss/oxide": ["@tailwindcss/oxide@4.1.13", "", { "dependencies": { "detect-libc": "^2.0.4", "tar": "^7.4.3" }, "optionalDependencies": { "@tailwindcss/oxide-android-arm64": "4.1.13", "@tailwindcss/oxide-darwin-arm64": "4.1.13", "@tailwindcss/oxide-darwin-x64": "4.1.13", "@tailwindcss/oxide-freebsd-x64": "4.1.13", "@tailwindcss/oxide-linux-arm-gnueabihf": "4.1.13", "@tailwindcss/oxide-linux-arm64-gnu": "4.1.13", "@tailwindcss/oxide-linux-arm64-musl": "4.1.13", "@tailwindcss/oxide-linux-x64-gnu": "4.1.13", "@tailwindcss/oxide-linux-x64-musl": "4.1.13", "@tailwindcss/oxide-wasm32-wasi": "4.1.13", "@tailwindcss/oxide-win32-arm64-msvc": "4.1.13", "@tailwindcss/oxide-win32-x64-msvc": "4.1.13" } }, "sha512-CPgsM1IpGRa880sMbYmG1s4xhAy3xEt1QULgTJGQmZUeNgXFR7s1YxYygmJyBGtou4SyEosGAGEeYqY7R53bIA=="],

-    "@tailwindcss/oxide-android-arm64": ["@tailwindcss/oxide-android-arm64@4.1.12", "", { "os": "android", "cpu": "arm64" }, "sha512-oNY5pq+1gc4T6QVTsZKwZaGpBb2N1H1fsc1GD4o7yinFySqIuRZ2E4NvGasWc6PhYJwGK2+5YT1f9Tp80zUQZQ=="],
+    "@tailwindcss/oxide-android-arm64": ["@tailwindcss/oxide-android-arm64@4.1.13", "", { "os": "android", "cpu": "arm64" }, "sha512-BrpTrVYyejbgGo57yc8ieE+D6VT9GOgnNdmh5Sac6+t0m+v+sKQevpFVpwX3pBrM2qKrQwJ0c5eDbtjouY/+ew=="],

-    "@tailwindcss/oxide-darwin-arm64": ["@tailwindcss/oxide-darwin-arm64@4.1.12", "", { "os": "darwin", "cpu": "arm64" }, "sha512-cq1qmq2HEtDV9HvZlTtrj671mCdGB93bVY6J29mwCyaMYCP/JaUBXxrQQQm7Qn33AXXASPUb2HFZlWiiHWFytw=="],
+    "@tailwindcss/oxide-darwin-arm64": ["@tailwindcss/oxide-darwin-arm64@4.1.13", "", { "os": "darwin", "cpu": "arm64" }, "sha512-YP+Jksc4U0KHcu76UhRDHq9bx4qtBftp9ShK/7UGfq0wpaP96YVnnjFnj3ZFrUAjc5iECzODl/Ts0AN7ZPOANQ=="],

-    "@tailwindcss/oxide-darwin-x64": ["@tailwindcss/oxide-darwin-x64@4.1.12", "", { "os": "darwin", "cpu": "x64" }, "sha512-6UCsIeFUcBfpangqlXay9Ffty9XhFH1QuUFn0WV83W8lGdX8cD5/+2ONLluALJD5+yJ7k8mVtwy3zMZmzEfbLg=="],
+    "@tailwindcss/oxide-darwin-x64": ["@tailwindcss/oxide-darwin-x64@4.1.13", "", { "os": "darwin", "cpu": "x64" }, "sha512-aAJ3bbwrn/PQHDxCto9sxwQfT30PzyYJFG0u/BWZGeVXi5Hx6uuUOQEI2Fa43qvmUjTRQNZnGqe9t0Zntexeuw=="],

-    "@tailwindcss/oxide-freebsd-x64": ["@tailwindcss/oxide-freebsd-x64@4.1.12", "", { "os": "freebsd", "cpu": "x64" }, "sha512-JOH/f7j6+nYXIrHobRYCtoArJdMJh5zy5lr0FV0Qu47MID/vqJAY3r/OElPzx1C/wdT1uS7cPq+xdYYelny1ww=="],
+    "@tailwindcss/oxide-freebsd-x64": ["@tailwindcss/oxide-freebsd-x64@4.1.13", "", { "os": "freebsd", "cpu": "x64" }, "sha512-Wt8KvASHwSXhKE/dJLCCWcTSVmBj3xhVhp/aF3RpAhGeZ3sVo7+NTfgiN8Vey/Fi8prRClDs6/f0KXPDTZE6nQ=="],

-    "@tailwindcss/oxide-linux-arm-gnueabihf": ["@tailwindcss/oxide-linux-arm-gnueabihf@4.1.12", "", { "os": "linux", "cpu": "arm" }, "sha512-v4Ghvi9AU1SYgGr3/j38PD8PEe6bRfTnNSUE3YCMIRrrNigCFtHZ2TCm8142X8fcSqHBZBceDx+JlFJEfNg5zQ=="],
+    "@tailwindcss/oxide-linux-arm-gnueabihf": ["@tailwindcss/oxide-linux-arm-gnueabihf@4.1.13", "", { "os": "linux", "cpu": "arm" }, "sha512-mbVbcAsW3Gkm2MGwA93eLtWrwajz91aXZCNSkGTx/R5eb6KpKD5q8Ueckkh9YNboU8RH7jiv+ol/I7ZyQ9H7Bw=="],

-    "@tailwindcss/oxide-linux-arm64-gnu": ["@tailwindcss/oxide-linux-arm64-gnu@4.1.12", "", { "os": "linux", "cpu": "arm64" }, "sha512-YP5s1LmetL9UsvVAKusHSyPlzSRqYyRB0f+Kl/xcYQSPLEw/BvGfxzbH+ihUciePDjiXwHh+p+qbSP3SlJw+6g=="],
+    "@tailwindcss/oxide-linux-arm64-gnu": ["@tailwindcss/oxide-linux-arm64-gnu@4.1.13", "", { "os": "linux", "cpu": "arm64" }, "sha512-wdtfkmpXiwej/yoAkrCP2DNzRXCALq9NVLgLELgLim1QpSfhQM5+ZxQQF8fkOiEpuNoKLp4nKZ6RC4kmeFH0HQ=="],

-    "@tailwindcss/oxide-linux-arm64-musl": ["@tailwindcss/oxide-linux-arm64-musl@4.1.12", "", { "os": "linux", "cpu": "arm64" }, "sha512-V8pAM3s8gsrXcCv6kCHSuwyb/gPsd863iT+v1PGXC4fSL/OJqsKhfK//v8P+w9ThKIoqNbEnsZqNy+WDnwQqCA=="],
+    "@tailwindcss/oxide-linux-arm64-musl": ["@tailwindcss/oxide-linux-arm64-musl@4.1.13", "", { "os": "linux", "cpu": "arm64" }, "sha512-hZQrmtLdhyqzXHB7mkXfq0IYbxegaqTmfa1p9MBj72WPoDD3oNOh1Lnxf6xZLY9C3OV6qiCYkO1i/LrzEdW2mg=="],

-    "@tailwindcss/oxide-linux-x64-gnu": ["@tailwindcss/oxide-linux-x64-gnu@4.1.12", "", { "os": "linux", "cpu": "x64" }, "sha512-xYfqYLjvm2UQ3TZggTGrwxjYaLB62b1Wiysw/YE3Yqbh86sOMoTn0feF98PonP7LtjsWOWcXEbGqDL7zv0uW8Q=="],
+    "@tailwindcss/oxide-linux-x64-gnu": ["@tailwindcss/oxide-linux-x64-gnu@4.1.13", "", { "os": "linux", "cpu": "x64" }, "sha512-uaZTYWxSXyMWDJZNY1Ul7XkJTCBRFZ5Fo6wtjrgBKzZLoJNrG+WderJwAjPzuNZOnmdrVg260DKwXCFtJ/hWRQ=="],

-    "@tailwindcss/oxide-linux-x64-musl": ["@tailwindcss/oxide-linux-x64-musl@4.1.12", "", { "os": "linux", "cpu": "x64" }, "sha512-ha0pHPamN+fWZY7GCzz5rKunlv9L5R8kdh+YNvP5awe3LtuXb5nRi/H27GeL2U+TdhDOptU7T6Is7mdwh5Ar3A=="],
+    "@tailwindcss/oxide-linux-x64-musl": ["@tailwindcss/oxide-linux-x64-musl@4.1.13", "", { "os": "linux", "cpu": "x64" }, "sha512-oXiPj5mi4Hdn50v5RdnuuIms0PVPI/EG4fxAfFiIKQh5TgQgX7oSuDWntHW7WNIi/yVLAiS+CRGW4RkoGSSgVQ=="],

-    "@tailwindcss/oxide-wasm32-wasi": ["@tailwindcss/oxide-wasm32-wasi@4.1.12", "", { "dependencies": { "@emnapi/core": "^1.4.5", "@emnapi/runtime": "^1.4.5", "@emnapi/wasi-threads": "^1.0.4", "@napi-rs/wasm-runtime": "^0.2.12", "@tybys/wasm-util": "^0.10.0", "tslib": "^2.8.0" }, "cpu": "none" }, "sha512-4tSyu3dW+ktzdEpuk6g49KdEangu3eCYoqPhWNsZgUhyegEda3M9rG0/j1GV/JjVVsj+lG7jWAyrTlLzd/WEBg=="],
+    "@tailwindcss/oxide-wasm32-wasi": ["@tailwindcss/oxide-wasm32-wasi@4.1.13", "", { "dependencies": { "@emnapi/core": "^1.4.5", "@emnapi/runtime": "^1.4.5", "@emnapi/wasi-threads": "^1.0.4", "@napi-rs/wasm-runtime": "^0.2.12", "@tybys/wasm-util": "^0.10.0", "tslib": "^2.8.0" }, "cpu": "none" }, "sha512-+LC2nNtPovtrDwBc/nqnIKYh/W2+R69FA0hgoeOn64BdCX522u19ryLh3Vf3F8W49XBcMIxSe665kwy21FkhvA=="],

-    "@tailwindcss/oxide-win32-arm64-msvc": ["@tailwindcss/oxide-win32-arm64-msvc@4.1.12", "", { "os": "win32", "cpu": "arm64" }, "sha512-iGLyD/cVP724+FGtMWslhcFyg4xyYyM+5F4hGvKA7eifPkXHRAUDFaimu53fpNg9X8dfP75pXx/zFt/jlNF+lg=="],
+    "@tailwindcss/oxide-win32-arm64-msvc": ["@tailwindcss/oxide-win32-arm64-msvc@4.1.13", "", { "os": "win32", "cpu": "arm64" }, "sha512-dziTNeQXtoQ2KBXmrjCxsuPk3F3CQ/yb7ZNZNA+UkNTeiTGgfeh+gH5Pi7mRncVgcPD2xgHvkFCh/MhZWSgyQg=="],

-    "@tailwindcss/oxide-win32-x64-msvc": ["@tailwindcss/oxide-win32-x64-msvc@4.1.12", "", { "os": "win32", "cpu": "x64" }, "sha512-NKIh5rzw6CpEodv/++r0hGLlfgT/gFN+5WNdZtvh6wpU2BpGNgdjvj6H2oFc8nCM839QM1YOhjpgbAONUb4IxA=="],
+    "@tailwindcss/oxide-win32-x64-msvc": ["@tailwindcss/oxide-win32-x64-msvc@4.1.13", "", { "os": "win32", "cpu": "x64" }, "sha512-3+LKesjXydTkHk5zXX01b5KMzLV1xl2mcktBJkje7rhFUpUlYJy7IMOLqjIRQncLTa1WZZiFY/foAeB5nmaiTw=="],

-    "@tailwindcss/vite": ["@tailwindcss/vite@4.1.12", "", { "dependencies": { "@tailwindcss/node": "4.1.12", "@tailwindcss/oxide": "4.1.12", "tailwindcss": "4.1.12" }, "peerDependencies": { "vite": "^5.2.0 || ^6 || ^7" } }, "sha512-4pt0AMFDx7gzIrAOIYgYP0KCBuKWqyW8ayrdiLEjoJTT4pKTjrzG/e4uzWtTLDziC+66R9wbUqZBccJalSE5vQ=="],
+    "@tailwindcss/vite": ["@tailwindcss/vite@4.1.13", "", { "dependencies": { "@tailwindcss/node": "4.1.13", "@tailwindcss/oxide": "4.1.13", "tailwindcss": "4.1.13" }, "peerDependencies": { "vite": "^5.2.0 || ^6 || ^7" } }, "sha512-0PmqLQ010N58SbMTJ7BVJ4I2xopiQn/5i6nlb4JmxzQf8zcS5+m2Cv6tqh+sfDwtIdjoEnOvwsGQ1hkUi8QEHQ=="],

-    "@tanstack/eslint-plugin-query": ["@tanstack/eslint-plugin-query@5.83.1", "", { "dependencies": { "@typescript-eslint/utils": "^8.37.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0" } }, "sha512-tdkpPFfzkTksN9BIlT/qjixSAtKrsW6PUVRwdKWaOcag7DrD1vpki3UzzdfMQGDRGeg1Ue1Dg+rcl5FJGembNg=="],
+    "@tanstack/eslint-plugin-query": ["@tanstack/eslint-plugin-query@5.86.0", "", { "dependencies": { "@typescript-eslint/utils": "^8.37.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0" } }, "sha512-tmXdnx/fF3yY5G5jpzrJQbASY3PNzsKF0gq9IsZVqz3LJ4sExgdUFGQ305nao0wTMBOclyrSC13v/VQ3yOXu/Q=="],

-    "@tanstack/query-core": ["@tanstack/query-core@5.85.5", "", {}, "sha512-KO0WTob4JEApv69iYp1eGvfMSUkgw//IpMnq+//cORBzXf0smyRwPLrUvEe5qtAEGjwZTXrjxg+oJNP/C00t6w=="],
+    "@tanstack/query-core": ["@tanstack/query-core@5.87.4", "", {}, "sha512-uNsg6zMxraEPDVO2Bn+F3/ctHi+Zsk+MMpcN8h6P7ozqD088F6mFY5TfGM7zuyIrL7HKpDyu6QHfLWiDxh3cuw=="],

-    "@tanstack/react-query": ["@tanstack/react-query@5.85.5", "", { "dependencies": { "@tanstack/query-core": "5.85.5" }, "peerDependencies": { "react": "^18 || ^19" } }, "sha512-/X4EFNcnPiSs8wM2v+b6DqS5mmGeuJQvxBglmDxl6ZQb5V26ouD2SJYAcC3VjbNwqhY2zjxVD15rDA5nGbMn3A=="],
+    "@tanstack/react-query": ["@tanstack/react-query@5.87.4", "", { "dependencies": { "@tanstack/query-core": "5.87.4" }, "peerDependencies": { "react": "^18 || ^19" } }, "sha512-T5GT/1ZaNsUXf5I3RhcYuT17I4CPlbZgyLxc/ZGv7ciS6esytlbjb3DgUFO6c8JWYMDpdjSWInyGZUErgzqhcA=="],

    "@types/babel__core": ["@types/babel__core@7.20.5", "", { "dependencies": { "@babel/parser": "^7.20.7", "@babel/types": "^7.20.7", "@types/babel__generator": "*", "@types/babel__template": "*", "@types/babel__traverse": "*" } }, "sha512-qoQprZvz5wQFJwMDqeseRXWv3rqMvhgpbXFfVyWhbx9X47POIA6i/+dXefEmZKoAgOaTdaIgNSMqMIU61yRyzA=="],

@@ -357,37 +357,37 @@

    "@types/ms": ["@types/ms@2.1.0", "", {}, "sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA=="],

-    "@types/node": ["@types/node@24.3.0", "", { "dependencies": { "undici-types": "~7.10.0" } }, "sha512-aPTXCrfwnDLj4VvXrm+UUCQjNEvJgNA8s5F1cvwQU+3KNltTOkBm1j30uNLyqqPNe7gE3KFzImYoZEfLhp4Yow=="],
+    "@types/node": ["@types/node@24.3.1", "", { "dependencies": { "undici-types": "~7.10.0" } }, "sha512-3vXmQDXy+woz+gnrTvuvNrPzekOi+Ds0ReMxw0LzBiK3a+1k0kQn9f2NWk+lgD4rJehFUmYy2gMhJ2ZI+7YP9g=="],

-    "@types/react": ["@types/react@19.1.11", "", { "dependencies": { "csstype": "^3.0.2" } }, "sha512-lr3jdBw/BGj49Eps7EvqlUaoeA0xpj3pc0RoJkHpYaCHkVK7i28dKyImLQb3JVlqs3aYSXf7qYuWOW/fgZnTXQ=="],
+    "@types/react": ["@types/react@19.1.12", "", { "dependencies": { "csstype": "^3.0.2" } }, "sha512-cMoR+FoAf/Jyq6+Df2/Z41jISvGZZ2eTlnsaJRptmZ76Caldwy1odD4xTr/gNV9VLj0AWgg/nmkevIyUfIIq5w=="],

-    "@types/react-dom": ["@types/react-dom@19.1.8", "", { "peerDependencies": { "@types/react": "^19.0.0" } }, "sha512-xG7xaBMJCpcK0RpN8jDbAACQo54ycO6h4dSSmgv8+fu6ZIAdANkx/WsawASUjVXYfy+J9AbUpRMNNEsXCDfDBQ=="],
+    "@types/react-dom": ["@types/react-dom@19.1.9", "", { "peerDependencies": { "@types/react": "^19.0.0" } }, "sha512-qXRuZaOsAdXKFyOhRBg6Lqqc0yay13vN7KrIg4L7N4aaHN68ma9OK3NE1BoDFgFOTfM7zg+3/8+2n8rLUH3OKQ=="],

    "@types/unist": ["@types/unist@3.0.3", "", {}, "sha512-ko/gIFJRv177XgZsZcBwnqJN5x/Gien8qNOn0D5bQU/zAzVf9Zt3BlcUiLqhV9y4ARk0GbT3tnUiPNgnTXzc/Q=="],

-    "@typescript-eslint/eslint-plugin": ["@typescript-eslint/eslint-plugin@8.41.0", "", { "dependencies": { "@eslint-community/regexpp": "^4.10.0", "@typescript-eslint/scope-manager": "8.41.0", "@typescript-eslint/type-utils": "8.41.0", "@typescript-eslint/utils": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0", "graphemer": "^1.4.0", "ignore": "^7.0.0", "natural-compare": "^1.4.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "@typescript-eslint/parser": "^8.41.0", "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-8fz6oa6wEKZrhXWro/S3n2eRJqlRcIa6SlDh59FXJ5Wp5XRZ8B9ixpJDcjadHq47hMx0u+HW6SNa6LjJQ6NLtw=="],
+    "@typescript-eslint/eslint-plugin": ["@typescript-eslint/eslint-plugin@8.43.0", "", { "dependencies": { "@eslint-community/regexpp": "^4.10.0", "@typescript-eslint/scope-manager": "8.43.0", "@typescript-eslint/type-utils": "8.43.0", "@typescript-eslint/utils": "8.43.0", "@typescript-eslint/visitor-keys": "8.43.0", "graphemer": "^1.4.0", "ignore": "^7.0.0", "natural-compare": "^1.4.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "@typescript-eslint/parser": "^8.43.0", "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-8tg+gt7ENL7KewsKMKDHXR1vm8tt9eMxjJBYINf6swonlWgkYn5NwyIgXpbbDxTNU5DgpDFfj95prcTq2clIQQ=="],

-    "@typescript-eslint/parser": ["@typescript-eslint/parser@8.41.0", "", { "dependencies": { "@typescript-eslint/scope-manager": "8.41.0", "@typescript-eslint/types": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0", "debug": "^4.3.4" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-gTtSdWX9xiMPA/7MV9STjJOOYtWwIJIYxkQxnSV1U3xcE+mnJSH3f6zI0RYP+ew66WSlZ5ed+h0VCxsvdC1jJg=="],
+    "@typescript-eslint/parser": ["@typescript-eslint/parser@8.43.0", "", { "dependencies": { "@typescript-eslint/scope-manager": "8.43.0", "@typescript-eslint/types": "8.43.0", "@typescript-eslint/typescript-estree": "8.43.0", "@typescript-eslint/visitor-keys": "8.43.0", "debug": "^4.3.4" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-B7RIQiTsCBBmY+yW4+ILd6mF5h1FUwJsVvpqkrgpszYifetQ2Ke+Z4u6aZh0CblkUGIdR59iYVyXqqZGkZ3aBw=="],

-    "@typescript-eslint/project-service": ["@typescript-eslint/project-service@8.41.0", "", { "dependencies": { "@typescript-eslint/tsconfig-utils": "^8.41.0", "@typescript-eslint/types": "^8.41.0", "debug": "^4.3.4" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-b8V9SdGBQzQdjJ/IO3eDifGpDBJfvrNTp2QD9P2BeqWTGrRibgfgIlBSw6z3b6R7dPzg752tOs4u/7yCLxksSQ=="],
+    "@typescript-eslint/project-service": ["@typescript-eslint/project-service@8.43.0", "", { "dependencies": { "@typescript-eslint/tsconfig-utils": "^8.43.0", "@typescript-eslint/types": "^8.43.0", "debug": "^4.3.4" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-htB/+D/BIGoNTQYffZw4uM4NzzuolCoaA/BusuSIcC8YjmBYQioew5VUZAYdAETPjeed0hqCaW7EHg+Robq8uw=="],

-    "@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.38.0", "", { "dependencies": { "@typescript-eslint/types": "8.38.0", "@typescript-eslint/visitor-keys": "8.38.0" } }, "sha512-WJw3AVlFFcdT9Ri1xs/lg8LwDqgekWXWhH3iAF+1ZM+QPd7oxQ6jvtW/JPwzAScxitILUIFs0/AnQ/UWHzbATQ=="],
+    "@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0" } }, "sha512-n6m05bXn/Cd6DZDGyrpXrELCPVaTnLdPToyhBoFkLIMznRUQUEQdSp96s/pcWSQdqOhrgR1mzJ+yItK7T+WPMQ=="],

-    "@typescript-eslint/tsconfig-utils": ["@typescript-eslint/tsconfig-utils@8.41.0", "", { "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-TDhxYFPUYRFxFhuU5hTIJk+auzM/wKvWgoNYOPcOf6i4ReYlOoYN8q1dV5kOTjNQNJgzWN3TUUQMtlLOcUgdUw=="],
+    "@typescript-eslint/tsconfig-utils": ["@typescript-eslint/tsconfig-utils@8.43.0", "", { "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-ALC2prjZcj2YqqL5X/bwWQmHA2em6/94GcbB/KKu5SX3EBDOsqztmmX1kMkvAJHzxk7TazKzJfFiEIagNV3qEA=="],

-    "@typescript-eslint/type-utils": ["@typescript-eslint/type-utils@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0", "@typescript-eslint/utils": "8.41.0", "debug": "^4.3.4", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-63qt1h91vg3KsjVVonFJWjgSK7pZHSQFKH6uwqxAH9bBrsyRhO6ONoKyXxyVBzG1lJnFAJcKAcxLS54N1ee1OQ=="],
+    "@typescript-eslint/type-utils": ["@typescript-eslint/type-utils@8.43.0", "", { "dependencies": { "@typescript-eslint/types": "8.43.0", "@typescript-eslint/typescript-estree": "8.43.0", "@typescript-eslint/utils": "8.43.0", "debug": "^4.3.4", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-qaH1uLBpBuBBuRf8c1mLJ6swOfzCXryhKND04Igr4pckzSEW9JX5Aw9AgW00kwfjWJF0kk0ps9ExKTfvXfw4Qg=="],

-    "@typescript-eslint/types": ["@typescript-eslint/types@8.38.0", "", {}, "sha512-wzkUfX3plUqij4YwWaJyqhiPE5UCRVlFpKn1oCRn2O1bJ592XxWJj8ROQ3JD5MYXLORW84063z3tZTb/cs4Tyw=="],
+    "@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],

-    "@typescript-eslint/typescript-estree": ["@typescript-eslint/typescript-estree@8.41.0", "", { "dependencies": { "@typescript-eslint/project-service": "8.41.0", "@typescript-eslint/tsconfig-utils": "8.41.0", "@typescript-eslint/types": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-D43UwUYJmGhuwHfY7MtNKRZMmfd8+p/eNSfFe6tH5mbVDto+VQCayeAt35rOx3Cs6wxD16DQtIKw/YXxt5E0UQ=="],
+    "@typescript-eslint/typescript-estree": ["@typescript-eslint/typescript-estree@8.43.0", "", { "dependencies": { "@typescript-eslint/project-service": "8.43.0", "@typescript-eslint/tsconfig-utils": "8.43.0", "@typescript-eslint/types": "8.43.0", "@typescript-eslint/visitor-keys": "8.43.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-7Vv6zlAhPb+cvEpP06WXXy/ZByph9iL6BQRBDj4kmBsW98AqEeQHlj/13X+sZOrKSo9/rNKH4Ul4f6EICREFdw=="],

-    "@typescript-eslint/utils": ["@typescript-eslint/utils@8.38.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.38.0", "@typescript-eslint/types": "8.38.0", "@typescript-eslint/typescript-estree": "8.38.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <5.9.0" } }, "sha512-hHcMA86Hgt+ijJlrD8fX0j1j8w4C92zue/8LOPAFioIno+W0+L7KqE8QZKCcPGc/92Vs9x36w/4MPTJhqXdyvg=="],
+    "@typescript-eslint/utils": ["@typescript-eslint/utils@8.41.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.41.0", "@typescript-eslint/types": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-udbCVstxZ5jiPIXrdH+BZWnPatjlYwJuJkDA4Tbo3WyYLh8NvB+h/bKeSZHDOFKfphsZYJQqaFtLeXEqurQn1A=="],

-    "@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-+GeGMebMCy0elMNg67LRNoVnUFPIm37iu5CmHESVx56/9Jsfdpsvbv605DQ81Pi/x11IdKUsS5nzgTYbCQU9fg=="],
+    "@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.43.0", "", { "dependencies": { "@typescript-eslint/types": "8.43.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-T+S1KqRD4sg/bHfLwrpF/K3gQLBM1n7Rp7OjjikjTEssI2YJzQpi5WXoynOaQ93ERIuq3O8RBTOUYDKszUCEHw=="],

    "@ungap/structured-clone": ["@ungap/structured-clone@1.3.0", "", {}, "sha512-WmoN8qaIAo7WTYWbAZuG8PYEhn5fkz7dZrqTBZ7dtt//lL2Gwms1IcnQ5yHqjDfX8Ft5j4YzDM23f87zBfDe9g=="],

-    "@vitejs/plugin-react": ["@vitejs/plugin-react@5.0.1", "", { "dependencies": { "@babel/core": "^7.28.3", "@babel/plugin-transform-react-jsx-self": "^7.27.1", "@babel/plugin-transform-react-jsx-source": "^7.27.1", "@rolldown/pluginutils": "1.0.0-beta.32", "@types/babel__core": "^7.20.5", "react-refresh": "^0.17.0" }, "peerDependencies": { "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0" } }, "sha512-DE4UNaBXwtVoDJ0ccBdLVjFTWL70NRuWNCxEieTI3lrq9ORB9aOCQEKstwDXBl87NvFdbqh/p7eINGyj0BthJA=="],
+    "@vitejs/plugin-react": ["@vitejs/plugin-react@5.0.2", "", { "dependencies": { "@babel/core": "^7.28.3", "@babel/plugin-transform-react-jsx-self": "^7.27.1", "@babel/plugin-transform-react-jsx-source": "^7.27.1", "@rolldown/pluginutils": "1.0.0-beta.34", "@types/babel__core": "^7.20.5", "react-refresh": "^0.17.0" }, "peerDependencies": { "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0" } }, "sha512-tmyFgixPZCx2+e6VO9TNITWcCQl8+Nl/E8YbAyPVv85QCc7/A3JrdfG2A8gIzvVhWuzMOVrFW1aReaNxrI6tbw=="],

    "acorn": ["acorn@8.15.0", "", { "bin": { "acorn": "bin/acorn" } }, "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg=="],

@@ -493,7 +493,7 @@

    "escape-string-regexp": ["escape-string-regexp@4.0.0", "", {}, "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA=="],

-    "eslint": ["eslint@9.34.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.12.1", "@eslint/config-array": "^0.21.0", "@eslint/config-helpers": "^0.3.1", "@eslint/core": "^0.15.2", "@eslint/eslintrc": "^3.3.1", "@eslint/js": "9.34.0", "@eslint/plugin-kit": "^0.3.5", "@humanfs/node": "^0.16.6", "@humanwhocodes/module-importer": "^1.0.1", "@humanwhocodes/retry": "^0.4.2", "@types/estree": "^1.0.6", "@types/json-schema": "^7.0.15", "ajv": "^6.12.4", "chalk": "^4.0.0", "cross-spawn": "^7.0.6", "debug": "^4.3.2", "escape-string-regexp": "^4.0.0", "eslint-scope": "^8.4.0", "eslint-visitor-keys": "^4.2.1", "espree": "^10.4.0", "esquery": "^1.5.0", "esutils": "^2.0.2", "fast-deep-equal": "^3.1.3", "file-entry-cache": "^8.0.0", "find-up": "^5.0.0", "glob-parent": "^6.0.2", "ignore": "^5.2.0", "imurmurhash": "^0.1.4", "is-glob": "^4.0.0", "json-stable-stringify-without-jsonify": "^1.0.1", "lodash.merge": "^4.6.2", "minimatch": "^3.1.2", "natural-compare": "^1.4.0", "optionator": "^0.9.3" }, "peerDependencies": { "jiti": "*" }, "optionalPeers": ["jiti"], "bin": { "eslint": "bin/eslint.js" } }, "sha512-RNCHRX5EwdrESy3Jc9o8ie8Bog+PeYvvSR8sDGoZxNFTvZ4dlxUB3WzQ3bQMztFrSRODGrLLj8g6OFuGY/aiQg=="],
+    "eslint": ["eslint@9.35.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.8.0", "@eslint-community/regexpp": "^4.12.1", "@eslint/config-array": "^0.21.0", "@eslint/config-helpers": "^0.3.1", "@eslint/core": "^0.15.2", "@eslint/eslintrc": "^3.3.1", "@eslint/js": "9.35.0", "@eslint/plugin-kit": "^0.3.5", "@humanfs/node": "^0.16.6", "@humanwhocodes/module-importer": "^1.0.1", "@humanwhocodes/retry": "^0.4.2", "@types/estree": "^1.0.6", "@types/json-schema": "^7.0.15", "ajv": "^6.12.4", "chalk": "^4.0.0", "cross-spawn": "^7.0.6", "debug": "^4.3.2", "escape-string-regexp": "^4.0.0", "eslint-scope": "^8.4.0", "eslint-visitor-keys": "^4.2.1", "espree": "^10.4.0", "esquery": "^1.5.0", "esutils": "^2.0.2", "fast-deep-equal": "^3.1.3", "file-entry-cache": "^8.0.0", "find-up": "^5.0.0", "glob-parent": "^6.0.2", "ignore": "^5.2.0", "imurmurhash": "^0.1.4", "is-glob": "^4.0.0", "json-stable-stringify-without-jsonify": "^1.0.1", "lodash.merge": "^4.6.2", "minimatch": "^3.1.2", "natural-compare": "^1.4.0", "optionator": "^0.9.3" }, "peerDependencies": { "jiti": "*" }, "optionalPeers": ["jiti"], "bin": { "eslint": "bin/eslint.js" } }, "sha512-QePbBFMJFjgmlE+cXAlbHZbHpdFVS2E/6vzCy7aKlebddvl1vadiC4JFV5u/wqTkNUwEV8WrQi257jf5f06hrg=="],

    "eslint-plugin-react-hooks": ["eslint-plugin-react-hooks@5.2.0", "", { "peerDependencies": { "eslint": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-0 || ^9.0.0" } }, "sha512-+f15FfK64YQwZdJNELETdn5ibXEUQmW1DZL6KXhNnc2heoy/sg9VJJeT7n8TlMWouzWqSWavFkIhHyIbIAEapg=="],

@@ -557,7 +557,7 @@

    "glob-parent": ["glob-parent@6.0.2", "", { "dependencies": { "is-glob": "^4.0.3" } }, "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A=="],

-    "globals": ["globals@16.3.0", "", {}, "sha512-bqWEnJ1Nt3neqx2q5SFfGS8r/ahumIakg3HcwtNlrVlwXIeNumWn/c7Pn/wKzGhf6SaW6H6uWXLqC30STCMchQ=="],
+    "globals": ["globals@16.4.0", "", {}, "sha512-ob/2LcVVaVGCYN+r14cnwnoDPUufjiYgSqRhiFD0Q1iI4Odora5RE8Iv1D24hAz5oMophRGkGz+yuvQmmUMnMw=="],

    "gopd": ["gopd@1.2.0", "", {}, "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg=="],

@@ -581,7 +581,7 @@

    "html-url-attributes": ["html-url-attributes@3.0.1", "", {}, "sha512-ol6UPyBWqsrO6EJySPz2O7ZSr856WDrEzM5zMqp+FJJLGMW35cLYmmZnl0vztAZxRUoNZJFTCohfjuIJ8I4QBQ=="],

-    "i18next": ["i18next@25.4.2", "", { "dependencies": { "@babel/runtime": "^7.27.6" }, "peerDependencies": { "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-gD4T25a6ovNXsfXY1TwHXXXLnD/K2t99jyYMCSimSCBnBRJVQr5j+VAaU83RJCPzrTGhVQ6dqIga66xO2rtd5g=="],
+    "i18next": ["i18next@25.5.2", "", { "dependencies": { "@babel/runtime": "^7.27.6" }, "peerDependencies": { "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-lW8Zeh37i/o0zVr+NoCHfNnfvVw+M6FQbRp36ZZ/NyHDJ3NJVpp2HhAUyU9WafL5AssymNoOjMRB48mmx2P6Hw=="],

    "i18next-browser-languagedetector": ["i18next-browser-languagedetector@8.2.0", "", { "dependencies": { "@babel/runtime": "^7.23.2" } }, "sha512-P+3zEKLnOF0qmiesW383vsLdtQVyKtCNA9cjSoKCppTKPQVfKd2W8hbVo5ZhNJKDqeM7BOcvNoKJOjpHh4Js9g=="],

@@ -665,9 +665,9 @@

    "lru-cache": ["lru-cache@5.1.1", "", { "dependencies": { "yallist": "^3.0.2" } }, "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w=="],

-    "lucide-react": ["lucide-react@0.541.0", "", { "peerDependencies": { "react": "^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-s0Vircsu5WaGv2KoJZ5+SoxiAJ3UXV5KqEM3eIFDHaHkcLIFdIWgXtZ412+Gh02UsdS7Was+jvEpBvPCWQISlg=="],
+    "lucide-react": ["lucide-react@0.543.0", "", { "peerDependencies": { "react": "^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-fpVfuOQO0V3HBaOA1stIiP/A2fPCXHIleRZL16Mx3HmjTYwNSbimhnFBygs2CAfU1geexMX5ItUcWBGUaqw5CA=="],

-    "magic-string": ["magic-string@0.30.17", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.0" } }, "sha512-sNPKHvyjVf7gyjwS4xGTaW/mCnF8wnjtifKBEhxfZ7E/S8tQ0rssrwGNn6q8JH/ohItJfSQp9mBtQYuTlH5QnA=="],
+    "magic-string": ["magic-string@0.30.19", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.5" } }, "sha512-2N21sPY9Ws53PZvsEpVtNuSW+ScYbQdp4b9qUaL+9QkHUrGFKo56Lg9Emg5s9V/qrtNBmiR01sYhUOwu3H+VOw=="],

    "math-intrinsics": ["math-intrinsics@1.1.0", "", {}, "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g=="],

@@ -793,7 +793,7 @@

    "react-hook-form": ["react-hook-form@7.62.0", "", { "peerDependencies": { "react": "^16.8.0 || ^17 || ^18 || ^19" } }, "sha512-7KWFejc98xqG/F4bAxpL41NB3o1nnvQO1RWZT3TqRZYL8RryQETGfEdVnJN2fy1crCiBLLjkRBVK05j24FxJGA=="],

-    "react-i18next": ["react-i18next@15.7.2", "", { "dependencies": { "@babel/runtime": "^7.27.6", "html-parse-stringify": "^3.0.1" }, "peerDependencies": { "i18next": ">= 25.4.1", "react": ">= 16.8.0", "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-xJxq7ibnhUlMvd82lNC4te1GxGUMoM1A05KKyqoqsBXVZtEvZg/fz/fnVzdlY/hhQ3SpP/79qCocZOtICGhd3g=="],
+    "react-i18next": ["react-i18next@15.7.3", "", { "dependencies": { "@babel/runtime": "^7.27.6", "html-parse-stringify": "^3.0.1" }, "peerDependencies": { "i18next": ">= 25.4.1", "react": ">= 16.8.0", "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-AANws4tOE+QSq/IeMF/ncoHlMNZaVLxpa5uUGW1wjike68elVYr0018L9xYoqBr1OFO7G7boDPrbn0HpMCJxTw=="],

    "react-markdown": ["react-markdown@10.1.0", "", { "dependencies": { "@types/hast": "^3.0.0", "@types/mdast": "^4.0.0", "devlop": "^1.0.0", "hast-util-to-jsx-runtime": "^2.0.0", "html-url-attributes": "^3.0.0", "mdast-util-to-hast": "^13.0.0", "remark-parse": "^11.0.0", "remark-rehype": "^11.0.0", "unified": "^11.0.0", "unist-util-visit": "^5.0.0", "vfile": "^6.0.0" }, "peerDependencies": { "@types/react": ">=18", "react": ">=18" } }, "sha512-qKxVopLT/TyA6BX3Ue5NwabOsAzm0Q7kAPwq6L+wWDwisYs7R8vZ0nRXqq6rkueboxpkjvLGU9fWifiX/ZZFxQ=="],

@@ -847,13 +847,13 @@

    "tailwind-merge": ["tailwind-merge@3.3.1", "", {}, "sha512-gBXpgUm/3rp1lMZZrM/w7D8GKqshif0zAymAhbCyIt8KMe+0v9DQ7cdYLR4FHH/cKpdTXb+A/tKKU3eolfsI+g=="],

-    "tailwindcss": ["tailwindcss@4.1.12", "", {}, "sha512-DzFtxOi+7NsFf7DBtI3BJsynR+0Yp6etH+nRPTbpWnS2pZBaSksv/JGctNwSWzbFjp0vxSqknaUylseZqMDGrA=="],
+    "tailwindcss": ["tailwindcss@4.1.13", "", {}, "sha512-i+zidfmTqtwquj4hMEwdjshYYgMbOrPzb9a0M3ZgNa0JMoZeFC6bxZvO8yr8ozS6ix2SDz0+mvryPeBs2TFE+w=="],

    "tapable": ["tapable@2.2.1", "", {}, "sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ=="],

    "tar": ["tar@7.4.3", "", { "dependencies": { "@isaacs/fs-minipass": "^4.0.0", "chownr": "^3.0.0", "minipass": "^7.1.2", "minizlib": "^3.0.1", "mkdirp": "^3.0.1", "yallist": "^5.0.0" } }, "sha512-5S7Va8hKfV7W5U6g3aYxXmlPoZVAwUMy9AOKyF2fVuZa2UD3qZjg578OrLRt8PcNN1PleVaL/5/yYATNL0ICUw=="],

-    "tinyglobby": ["tinyglobby@0.2.14", "", { "dependencies": { "fdir": "^6.4.4", "picomatch": "^4.0.2" } }, "sha512-tX5e7OM1HnYr2+a2C/4V0htOcSQcoSTH9KgJnVvNm5zm/cyEWKJ7j7YutsH9CxMdtOkkLFy2AHrMci9IM8IPZQ=="],
+    "tinyglobby": ["tinyglobby@0.2.15", "", { "dependencies": { "fdir": "^6.5.0", "picomatch": "^4.0.3" } }, "sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ=="],

    "to-regex-range": ["to-regex-range@5.0.1", "", { "dependencies": { "is-number": "^7.0.0" } }, "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ=="],

@@ -865,13 +865,13 @@

    "tslib": ["tslib@2.8.1", "", {}, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],

-    "tw-animate-css": ["tw-animate-css@1.3.7", "", {}, "sha512-lvLb3hTIpB5oGsk8JmLoAjeCHV58nKa2zHYn8yWOoG5JJusH3bhJlF2DLAZ/5NmJ+jyH3ssiAx/2KmbhavJy/A=="],
+    "tw-animate-css": ["tw-animate-css@1.3.8", "", {}, "sha512-Qrk3PZ7l7wUcGYhwZloqfkWCmaXZAoqjkdbIDvzfGshwGtexa/DAs9koXxIkrpEasyevandomzCBAV1Yyop5rw=="],

    "type-check": ["type-check@0.4.0", "", { "dependencies": { "prelude-ls": "^1.2.1" } }, "sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew=="],

    "typescript": ["typescript@5.9.2", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-CWBzXQrc/qOkhidw1OzBTQuYRbfyxDXJMVJ1XNwUHGROVmuaeiEm3OslpZ1RV96d7SKKjZKrSJu3+t/xlw3R9A=="],

-    "typescript-eslint": ["typescript-eslint@8.41.0", "", { "dependencies": { "@typescript-eslint/eslint-plugin": "8.41.0", "@typescript-eslint/parser": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0", "@typescript-eslint/utils": "8.41.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-n66rzs5OBXW3SFSnZHr2T685q1i4ODm2nulFJhMZBotaTavsS8TrI3d7bDlRSs9yWo7HmyWrN9qDu14Qv7Y0Dw=="],
+    "typescript-eslint": ["typescript-eslint@8.43.0", "", { "dependencies": { "@typescript-eslint/eslint-plugin": "8.43.0", "@typescript-eslint/parser": "8.43.0", "@typescript-eslint/typescript-estree": "8.43.0", "@typescript-eslint/utils": "8.43.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-FyRGJKUGvcFekRRcBKFBlAhnp4Ng8rhe8tuvvkR9OiU0gfd4vyvTRQHEckO6VDlH57jbeUQem2IpqPq9kLJH+w=="],

    "undici-types": ["undici-types@7.10.0", "", {}, "sha512-t5Fy/nfn+14LuOc2KNYg75vZqClpAiqscVvMygNnlsHBFpSXdJaYtXMcdNLpl/Qvc3P2cB3s6lOV51nqsFq4ag=="],

@@ -899,7 +899,7 @@

    "vfile-message": ["vfile-message@4.0.2", "", { "dependencies": { "@types/unist": "^3.0.0", "unist-util-stringify-position": "^4.0.0" } }, "sha512-jRDZ1IMLttGj41KcZvlrYAaI3CfqpLpfpf+Mfig13viT6NKvRzWZ+lXz0Y5D60w6uJIBAOGq9mSHf0gktF0duw=="],

-    "vite": ["vite@7.1.3", "", { "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.5.0", "picomatch": "^4.0.3", "postcss": "^8.5.6", "rollup": "^4.43.0", "tinyglobby": "^0.2.14" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "jiti": ">=1.21.0", "less": "^4.0.0", "lightningcss": "^1.21.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-OOUi5zjkDxYrKhTV3V7iKsoS37VUM7v40+HuwEmcrsf11Cdx9y3DIr2Px6liIcZFwt3XSRpQvFpL3WVy7ApkGw=="],
+    "vite": ["vite@7.1.5", "", { "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.5.0", "picomatch": "^4.0.3", "postcss": "^8.5.6", "rollup": "^4.43.0", "tinyglobby": "^0.2.15" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "jiti": ">=1.21.0", "less": "^4.0.0", "lightningcss": "^1.21.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-4cKBO9wR75r0BeIWWWId9XK9Lj6La5X846Zw9dFfzMRw38IlTk2iCcUt6hsyiDRcPidc55ZParFYDXi0nXOeLQ=="],

    "void-elements": ["void-elements@3.1.0", "", {}, "sha512-Dhxzh5HZuiHQhbvTW9AMetFfBHDMYpo23Uo9btPXgdYP+3T5S+p+jgNy7spra+veYhBP2dCSgxR/i2Y02h5/6w=="],

@@ -911,7 +911,7 @@

    "yocto-queue": ["yocto-queue@0.1.0", "", {}, "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q=="],

-    "zod": ["zod@4.1.3", "", {}, "sha512-1neef4bMce1hNTrxvHVKxWjKfGDn0oAli3Wy1Uwb7TRO1+wEwoZUZNP1NXIEESybOBiFnBOhI6a4m6tCLE8dog=="],
+    "zod": ["zod@4.1.7", "", {}, "sha512-6qi6UYyzAl7W9uV29KvcSFXqK4QCYNYUz2YASPNBWpJE1RY6R1nArmmFPgGY/CBYWzpeMw3EOER+DR9a05O4IA=="],

    "zwitch": ["zwitch@2.0.4", "", {}, "sha512-bXE4cR/kVZhKZX/RjPEflHaKVhUVl85noU3v6b8apfQEc1x4A+zBxjZ4lN8LqGd6WZ3dl98pY4o717VFmoPp+A=="],

@@ -935,10 +935,14 @@

    "@humanfs/node/@humanwhocodes/retry": ["@humanwhocodes/retry@0.3.1", "", {}, "sha512-JBxkERygn7Bv/GbN5Rv8Ul6LVknS+5Bp6RgDC/O8gEBU/yeH5Ui5C/OlWrTb6qct7LjjfT6Re2NxB0ln0yYybA=="],

+    "@jridgewell/gen-mapping/@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],
+
    "@jridgewell/remapping/@jridgewell/gen-mapping": ["@jridgewell/gen-mapping@0.3.12", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.0", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-OuLGC46TjB5BbN1dH8JULVVZY4WTdkF7tV9Ys6wLL1rubZnCMstOhNHueU5bLCrnRuDhKPDM4g6sw4Bel5Gzqg=="],

    "@jridgewell/remapping/@jridgewell/trace-mapping": ["@jridgewell/trace-mapping@0.3.29", "", { "dependencies": { "@jridgewell/resolve-uri": "^3.1.0", "@jridgewell/sourcemap-codec": "^1.4.14" } }, "sha512-uw6guiW/gcAGPDhLmd77/6lW8QLeiV5RUTsAX46Db6oLhGaVj4lhnPwb184s1bkc8kdVg/+h988dro8GRDpmYQ=="],

+    "@jridgewell/trace-mapping/@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],
+
    "@tailwindcss/node/jiti": ["jiti@2.5.1", "", { "bin": { "jiti": "lib/jiti-cli.mjs" } }, "sha512-twQoecYPiVA5K/h6SxtORw/Bs3ar+mLUtoPSc7iMXzQzK8d7eJ/R09wmTwAjiamETn1cXYPGfNnu7DMoHgu12w=="],

    "@tailwindcss/oxide-wasm32-wasi/@emnapi/core": ["@emnapi/core@1.4.5", "", { "dependencies": { "@emnapi/wasi-threads": "1.0.4", "tslib": "^2.4.0" }, "bundled": true }, "sha512-XsLw1dEOpkSX/WucdqUhPWP7hDxSvZiY+fsUC14h+FtQ2Ifni4znbBt8punRX+Uj2JG/uDb8nEHVKvrVlvdZ5Q=="],
@@ -967,33 +971,35 @@

    "@types/estree-jsx/@types/estree": ["@types/estree@1.0.7", "", {}, "sha512-w28IoSUCJpidD/TGviZwwMJckNESJZXFu7NBZ5YJ4mEUnNraUn9Pm8HSZm/jDF1pDWYKspWE7oVphigUPRakIQ=="],

-    "@typescript-eslint/eslint-plugin/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0" } }, "sha512-n6m05bXn/Cd6DZDGyrpXrELCPVaTnLdPToyhBoFkLIMznRUQUEQdSp96s/pcWSQdqOhrgR1mzJ+yItK7T+WPMQ=="],
+    "@typescript-eslint/eslint-plugin/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.43.0", "", { "dependencies": { "@typescript-eslint/types": "8.43.0", "@typescript-eslint/visitor-keys": "8.43.0" } }, "sha512-daSWlQ87ZhsjrbMLvpuuMAt3y4ba57AuvadcR7f3nl8eS3BjRc8L9VLxFLk92RL5xdXOg6IQ+qKjjqNEimGuAg=="],

-    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils": ["@typescript-eslint/utils@8.41.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.41.0", "@typescript-eslint/types": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-udbCVstxZ5jiPIXrdH+BZWnPatjlYwJuJkDA4Tbo3WyYLh8NvB+h/bKeSZHDOFKfphsZYJQqaFtLeXEqurQn1A=="],
+    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils": ["@typescript-eslint/utils@8.43.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.43.0", "@typescript-eslint/types": "8.43.0", "@typescript-eslint/typescript-estree": "8.43.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-S1/tEmkUeeswxd0GGcnwuVQPFWo8NzZTOMxCvw8BX7OMxnNae+i8Tm7REQen/SwUIPoPqfKn7EaZ+YLpiB3k9g=="],

    "@typescript-eslint/eslint-plugin/ignore": ["ignore@7.0.4", "", {}, "sha512-gJzzk+PQNznz8ysRrC0aOkBNVRBDtE1n53IqyqEf3PXrYwomFs5q4pGMizBMJF+ykh03insJ27hB8gSrD2Hn8A=="],

-    "@typescript-eslint/parser/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0" } }, "sha512-n6m05bXn/Cd6DZDGyrpXrELCPVaTnLdPToyhBoFkLIMznRUQUEQdSp96s/pcWSQdqOhrgR1mzJ+yItK7T+WPMQ=="],
+    "@typescript-eslint/parser/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.43.0", "", { "dependencies": { "@typescript-eslint/types": "8.43.0", "@typescript-eslint/visitor-keys": "8.43.0" } }, "sha512-daSWlQ87ZhsjrbMLvpuuMAt3y4ba57AuvadcR7f3nl8eS3BjRc8L9VLxFLk92RL5xdXOg6IQ+qKjjqNEimGuAg=="],

-    "@typescript-eslint/parser/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "@typescript-eslint/parser/@typescript-eslint/types": ["@typescript-eslint/types@8.43.0", "", {}, "sha512-vQ2FZaxJpydjSZJKiSW/LJsabFFvV7KgLC5DiLhkBcykhQj8iK9BOaDmQt74nnKdLvceM5xmhaTF+pLekrxEkw=="],

-    "@typescript-eslint/project-service/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "@typescript-eslint/project-service/@typescript-eslint/types": ["@typescript-eslint/types@8.43.0", "", {}, "sha512-vQ2FZaxJpydjSZJKiSW/LJsabFFvV7KgLC5DiLhkBcykhQj8iK9BOaDmQt74nnKdLvceM5xmhaTF+pLekrxEkw=="],

-    "@typescript-eslint/scope-manager/@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.38.0", "", { "dependencies": { "@typescript-eslint/types": "8.38.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-pWrTcoFNWuwHlA9CvlfSsGWs14JxfN1TH25zM5L7o0pRLhsoZkDnTsXfQRJBEWJoV5DL0jf+Z+sxiud+K0mq1g=="],
+    "@typescript-eslint/scope-manager/@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-+GeGMebMCy0elMNg67LRNoVnUFPIm37iu5CmHESVx56/9Jsfdpsvbv605DQ81Pi/x11IdKUsS5nzgTYbCQU9fg=="],

-    "@typescript-eslint/type-utils/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "@typescript-eslint/type-utils/@typescript-eslint/types": ["@typescript-eslint/types@8.43.0", "", {}, "sha512-vQ2FZaxJpydjSZJKiSW/LJsabFFvV7KgLC5DiLhkBcykhQj8iK9BOaDmQt74nnKdLvceM5xmhaTF+pLekrxEkw=="],

-    "@typescript-eslint/type-utils/@typescript-eslint/utils": ["@typescript-eslint/utils@8.41.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.41.0", "@typescript-eslint/types": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-udbCVstxZ5jiPIXrdH+BZWnPatjlYwJuJkDA4Tbo3WyYLh8NvB+h/bKeSZHDOFKfphsZYJQqaFtLeXEqurQn1A=="],
+    "@typescript-eslint/type-utils/@typescript-eslint/utils": ["@typescript-eslint/utils@8.43.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.43.0", "@typescript-eslint/types": "8.43.0", "@typescript-eslint/typescript-estree": "8.43.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-S1/tEmkUeeswxd0GGcnwuVQPFWo8NzZTOMxCvw8BX7OMxnNae+i8Tm7REQen/SwUIPoPqfKn7EaZ+YLpiB3k9g=="],

-    "@typescript-eslint/typescript-estree/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "@typescript-eslint/typescript-estree/@typescript-eslint/types": ["@typescript-eslint/types@8.43.0", "", {}, "sha512-vQ2FZaxJpydjSZJKiSW/LJsabFFvV7KgLC5DiLhkBcykhQj8iK9BOaDmQt74nnKdLvceM5xmhaTF+pLekrxEkw=="],

    "@typescript-eslint/typescript-estree/minimatch": ["minimatch@9.0.5", "", { "dependencies": { "brace-expansion": "^2.0.1" } }, "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow=="],

    "@typescript-eslint/typescript-estree/semver": ["semver@7.7.1", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA=="],

-    "@typescript-eslint/utils/@typescript-eslint/typescript-estree": ["@typescript-eslint/typescript-estree@8.38.0", "", { "dependencies": { "@typescript-eslint/project-service": "8.38.0", "@typescript-eslint/tsconfig-utils": "8.38.0", "@typescript-eslint/types": "8.38.0", "@typescript-eslint/visitor-keys": "8.38.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "typescript": ">=4.8.4 <5.9.0" } }, "sha512-fooELKcAKzxux6fA6pxOflpNS0jc+nOQEEOipXFNjSlBS6fqrJOVY/whSn70SScHrcJ2LDsxWrneFoWYSVfqhQ=="],
+    "@typescript-eslint/utils/@eslint-community/eslint-utils": ["@eslint-community/eslint-utils@4.7.0", "", { "dependencies": { "eslint-visitor-keys": "^3.4.3" }, "peerDependencies": { "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0" } }, "sha512-dyybb3AcajC7uha6CvhdVRJqaKyn7w2YKqKyAN37NKYgZT36w+iRb0Dymmc5qEJ549c/S31cMMSFd75bteCpCw=="],

-    "@typescript-eslint/visitor-keys/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "@typescript-eslint/utils/@typescript-eslint/typescript-estree": ["@typescript-eslint/typescript-estree@8.41.0", "", { "dependencies": { "@typescript-eslint/project-service": "8.41.0", "@typescript-eslint/tsconfig-utils": "8.41.0", "@typescript-eslint/types": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-D43UwUYJmGhuwHfY7MtNKRZMmfd8+p/eNSfFe6tH5mbVDto+VQCayeAt35rOx3Cs6wxD16DQtIKw/YXxt5E0UQ=="],
+
+    "@typescript-eslint/visitor-keys/@typescript-eslint/types": ["@typescript-eslint/types@8.43.0", "", {}, "sha512-vQ2FZaxJpydjSZJKiSW/LJsabFFvV7KgLC5DiLhkBcykhQj8iK9BOaDmQt74nnKdLvceM5xmhaTF+pLekrxEkw=="],

    "fast-glob/glob-parent": ["glob-parent@5.1.2", "", { "dependencies": { "is-glob": "^4.0.1" } }, "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow=="],

@@ -1009,11 +1015,11 @@

    "parse-entities/@types/unist": ["@types/unist@2.0.11", "", {}, "sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA=="],

-    "tinyglobby/fdir": ["fdir@6.4.6", "", { "peerDependencies": { "picomatch": "^3 || ^4" }, "optionalPeers": ["picomatch"] }, "sha512-hiFoqpyZcfNm1yc4u8oWCf9A2c4D3QjCrks3zmoVKVxpQRzmPNar1hUJcBG2RQHvEVGDN+Jm81ZheVLAQMK6+w=="],
+    "typescript-eslint/@typescript-eslint/utils": ["@typescript-eslint/utils@8.43.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.43.0", "@typescript-eslint/types": "8.43.0", "@typescript-eslint/typescript-estree": "8.43.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-S1/tEmkUeeswxd0GGcnwuVQPFWo8NzZTOMxCvw8BX7OMxnNae+i8Tm7REQen/SwUIPoPqfKn7EaZ+YLpiB3k9g=="],

-    "tinyglobby/picomatch": ["picomatch@4.0.2", "", {}, "sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg=="],
+    "@babel/generator/@jridgewell/gen-mapping/@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],

-    "typescript-eslint/@typescript-eslint/utils": ["@typescript-eslint/utils@8.41.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.41.0", "@typescript-eslint/types": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-udbCVstxZ5jiPIXrdH+BZWnPatjlYwJuJkDA4Tbo3WyYLh8NvB+h/bKeSZHDOFKfphsZYJQqaFtLeXEqurQn1A=="],
+    "@babel/generator/@jridgewell/trace-mapping/@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],

    "@babel/helper-module-imports/@babel/traverse/@babel/generator": ["@babel/generator@7.27.1", "", { "dependencies": { "@babel/parser": "^7.27.1", "@babel/types": "^7.27.1", "@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/trace-mapping": "^0.3.25", "jsesc": "^3.0.2" } }, "sha512-UnJfnIpc/+JO0/+KRVQNGU+y5taA5vCbwN8+azkX6beii/ZF+enZJSOKo11ZSzGJjlNfJHfQtmQT8H+9TXPG2w=="],

@@ -1025,27 +1031,33 @@

    "@eslint/eslintrc/espree/eslint-visitor-keys": ["eslint-visitor-keys@4.2.0", "", {}, "sha512-UyLnSehNt62FFhSwjZlHmeokpRK59rcz29j+F1/aDgbkbRTk7wIc9XzdoasMUbRNKDM0qQt/+BJ4BrpFeABemw=="],

-    "@typescript-eslint/eslint-plugin/@typescript-eslint/scope-manager/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "@jridgewell/remapping/@jridgewell/gen-mapping/@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],

-    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "@jridgewell/remapping/@jridgewell/trace-mapping/@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],

-    "@typescript-eslint/type-utils/@typescript-eslint/utils/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0" } }, "sha512-n6m05bXn/Cd6DZDGyrpXrELCPVaTnLdPToyhBoFkLIMznRUQUEQdSp96s/pcWSQdqOhrgR1mzJ+yItK7T+WPMQ=="],
+    "@typescript-eslint/eslint-plugin/@typescript-eslint/scope-manager/@typescript-eslint/types": ["@typescript-eslint/types@8.43.0", "", {}, "sha512-vQ2FZaxJpydjSZJKiSW/LJsabFFvV7KgLC5DiLhkBcykhQj8iK9BOaDmQt74nnKdLvceM5xmhaTF+pLekrxEkw=="],
+
+    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils/@typescript-eslint/types": ["@typescript-eslint/types@8.43.0", "", {}, "sha512-vQ2FZaxJpydjSZJKiSW/LJsabFFvV7KgLC5DiLhkBcykhQj8iK9BOaDmQt74nnKdLvceM5xmhaTF+pLekrxEkw=="],
+
+    "@typescript-eslint/type-utils/@typescript-eslint/utils/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.43.0", "", { "dependencies": { "@typescript-eslint/types": "8.43.0", "@typescript-eslint/visitor-keys": "8.43.0" } }, "sha512-daSWlQ87ZhsjrbMLvpuuMAt3y4ba57AuvadcR7f3nl8eS3BjRc8L9VLxFLk92RL5xdXOg6IQ+qKjjqNEimGuAg=="],

    "@typescript-eslint/typescript-estree/minimatch/brace-expansion": ["brace-expansion@2.0.1", "", { "dependencies": { "balanced-match": "^1.0.0" } }, "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA=="],

-    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/@typescript-eslint/project-service": ["@typescript-eslint/project-service@8.38.0", "", { "dependencies": { "@typescript-eslint/tsconfig-utils": "^8.38.0", "@typescript-eslint/types": "^8.38.0", "debug": "^4.3.4" }, "peerDependencies": { "typescript": ">=4.8.4 <5.9.0" } }, "sha512-dbK7Jvqcb8c9QfH01YB6pORpqX1mn5gDZc9n63Ak/+jD67oWXn3Gs0M6vddAN+eDXBCS5EmNWzbSxsn9SzFWWg=="],
+    "@typescript-eslint/utils/@eslint-community/eslint-utils/eslint-visitor-keys": ["eslint-visitor-keys@3.4.3", "", {}, "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag=="],

-    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/@typescript-eslint/tsconfig-utils": ["@typescript-eslint/tsconfig-utils@8.38.0", "", { "peerDependencies": { "typescript": ">=4.8.4 <5.9.0" } }, "sha512-Lum9RtSE3EroKk/bYns+sPOodqb2Fv50XOl/gMviMKNvanETUuUcC9ObRbzrJ4VSd2JalPqgSAavwrPiPvnAiQ=="],
+    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/@typescript-eslint/project-service": ["@typescript-eslint/project-service@8.41.0", "", { "dependencies": { "@typescript-eslint/tsconfig-utils": "^8.41.0", "@typescript-eslint/types": "^8.41.0", "debug": "^4.3.4" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-b8V9SdGBQzQdjJ/IO3eDifGpDBJfvrNTp2QD9P2BeqWTGrRibgfgIlBSw6z3b6R7dPzg752tOs4u/7yCLxksSQ=="],

-    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.38.0", "", { "dependencies": { "@typescript-eslint/types": "8.38.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-pWrTcoFNWuwHlA9CvlfSsGWs14JxfN1TH25zM5L7o0pRLhsoZkDnTsXfQRJBEWJoV5DL0jf+Z+sxiud+K0mq1g=="],
+    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/@typescript-eslint/tsconfig-utils": ["@typescript-eslint/tsconfig-utils@8.41.0", "", { "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-TDhxYFPUYRFxFhuU5hTIJk+auzM/wKvWgoNYOPcOf6i4ReYlOoYN8q1dV5kOTjNQNJgzWN3TUUQMtlLOcUgdUw=="],
+
+    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-+GeGMebMCy0elMNg67LRNoVnUFPIm37iu5CmHESVx56/9Jsfdpsvbv605DQ81Pi/x11IdKUsS5nzgTYbCQU9fg=="],

    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/minimatch": ["minimatch@9.0.5", "", { "dependencies": { "brace-expansion": "^2.0.1" } }, "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow=="],

    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/semver": ["semver@7.7.1", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA=="],

-    "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0" } }, "sha512-n6m05bXn/Cd6DZDGyrpXrELCPVaTnLdPToyhBoFkLIMznRUQUEQdSp96s/pcWSQdqOhrgR1mzJ+yItK7T+WPMQ=="],
+    "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.43.0", "", { "dependencies": { "@typescript-eslint/types": "8.43.0", "@typescript-eslint/visitor-keys": "8.43.0" } }, "sha512-daSWlQ87ZhsjrbMLvpuuMAt3y4ba57AuvadcR7f3nl8eS3BjRc8L9VLxFLk92RL5xdXOg6IQ+qKjjqNEimGuAg=="],

-    "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/types": ["@typescript-eslint/types@8.43.0", "", {}, "sha512-vQ2FZaxJpydjSZJKiSW/LJsabFFvV7KgLC5DiLhkBcykhQj8iK9BOaDmQt74nnKdLvceM5xmhaTF+pLekrxEkw=="],

    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/minimatch/brace-expansion": ["brace-expansion@2.0.1", "", { "dependencies": { "balanced-match": "^1.0.0" } }, "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA=="],
  }
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -15,43 +15,43 @@
    "@radix-ui/react-select": "^2.2.6",
    "@radix-ui/react-separator": "^1.1.7",
    "@radix-ui/react-slot": "^1.2.3",
-    "@tailwindcss/vite": "^4.1.12",
-    "@tanstack/react-query": "^5.85.5",
+    "@tailwindcss/vite": "^4.1.13",
+    "@tanstack/react-query": "^5.87.4",
    "axios": "^1.11.0",
    "class-variance-authority": "^0.7.1",
    "clsx": "^2.1.1",
-    "i18next": "^25.4.2",
+    "i18next": "^25.5.2",
    "i18next-browser-languagedetector": "^8.2.0",
    "i18next-resources-to-backend": "^1.2.1",
    "input-otp": "^1.4.2",
-    "lucide-react": "^0.541.0",
+    "lucide-react": "^0.543.0",
    "next-themes": "^0.4.6",
    "react": "^19.1.1",
    "react-dom": "^19.1.1",
    "react-hook-form": "^7.62.0",
-    "react-i18next": "^15.7.2",
+    "react-i18next": "^15.7.3",
    "react-markdown": "^10.1.0",
    "react-router": "^7.8.2",
    "sonner": "^2.0.7",
    "tailwind-merge": "^3.3.1",
-    "tailwindcss": "^4.1.12",
-    "zod": "^4.1.3"
+    "tailwindcss": "^4.1.13",
+    "zod": "^4.1.7"
  },
  "devDependencies": {
-    "@eslint/js": "^9.34.0",
-    "@tanstack/eslint-plugin-query": "^5.83.1",
-    "@types/node": "^24.3.0",
-    "@types/react": "^19.1.11",
-    "@types/react-dom": "^19.1.8",
-    "@vitejs/plugin-react": "^5.0.1",
-    "eslint": "^9.34.0",
+    "@eslint/js": "^9.35.0",
+    "@tanstack/eslint-plugin-query": "^5.86.0",
+    "@types/node": "^24.3.1",
+    "@types/react": "^19.1.12",
+    "@types/react-dom": "^19.1.9",
+    "@vitejs/plugin-react": "^5.0.2",
+    "eslint": "^9.35.0",
    "eslint-plugin-react-hooks": "^5.2.0",
    "eslint-plugin-react-refresh": "^0.4.19",
-    "globals": "^16.3.0",
+    "globals": "^16.4.0",
    "prettier": "3.6.2",
-    "tw-animate-css": "^1.3.7",
+    "tw-animate-css": "^1.3.8",
    "typescript": "~5.9.2",
-    "typescript-eslint": "^8.41.0",
-    "vite": "^7.1.3"
+    "typescript-eslint": "^8.43.0",
+    "vite": "^7.1.5"
  }
 }
--- a/frontend/src/lib/i18n/locales/en-US.json
+++ b/frontend/src/lib/i18n/locales/en-US.json
@@ -21,7 +21,7 @@
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{rootDomain}}</code>). Are you sure you want to continue?",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
--- a/frontend/src/lib/i18n/locales/en.json
+++ b/frontend/src/lib/i18n/locales/en.json
@@ -21,7 +21,7 @@
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
    "continueUntrustedRedirectTitle": "Untrusted redirect",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{rootDomain}}</code>). Are you sure you want to continue?",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
--- a/frontend/src/pages/continue-page.tsx
+++ b/frontend/src/pages/continue-page.tsx
@@ -14,7 +14,7 @@ import { Navigate, useLocation, useNavigate } from "react-router";
 import { useEffect, useState } from "react";

 export const ContinuePage = () => {
-  const { rootDomain } = useAppContext();
+  const { cookieDomain } = useAppContext();
  const { isLoggedIn } = useUserContext();
  const { search } = useLocation();
  const { t } = useTranslation();
@@ -33,8 +33,8 @@ export const ContinuePage = () => {
    : null;
  const isTrustedRedirectUri =
    redirectUriObj !== null
-      ? redirectUriObj.hostname === rootDomain ||
-        redirectUriObj.hostname.endsWith(`.${rootDomain}`)
+      ? redirectUriObj.hostname === cookieDomain ||
+        redirectUriObj.hostname.endsWith(`.${cookieDomain}`)
      : false;
  const isAllowedRedirectProto =
    redirectUriObj !== null
@@ -105,7 +105,7 @@ export const ContinuePage = () => {
              components={{
                code: <code />,
              }}
-              values={{ rootDomain }}
+              values={{ cookieDomain }}
            />
          </CardDescription>
        </CardHeader>
--- a/frontend/src/schemas/app-context-schema.ts
+++ b/frontend/src/schemas/app-context-schema.ts
@@ -5,7 +5,7 @@ export const appContextSchema = z.object({
  title: z.string(),
  genericName: z.string(),
  appUrl: z.string(),
-  rootDomain: z.string(),
+  cookieDomain: z.string(),
  forgotPasswordMessage: z.string(),
  oauthAutoRedirect: z.enum(["none", "github", "google", "generic"]),
  backgroundImage: z.string(),
--- a/go.mod
+++ b/go.mod
@@ -1,10 +1,13 @@
 module tinyauth

-go 1.23.2
+go 1.24.0
+
+toolchain go1.24.3

 require (
 	github.com/cenkalti/backoff/v5 v5.0.3
 	github.com/gin-gonic/gin v1.10.1
+	github.com/glebarez/sqlite v1.11.0
 	github.com/go-playground/validator/v10 v10.27.0
 	github.com/golang-migrate/migrate/v4 v4.18.3
 	github.com/google/go-querystring v1.1.0
@@ -14,10 +17,11 @@ require (
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/viper v1.20.1
 	github.com/traefik/paerser v0.2.2
-	golang.org/x/crypto v0.41.0
-	gorm.io/driver/sqlite v1.6.0
+	github.com/weppos/publicsuffix-go v0.50.0
+	golang.org/x/crypto v0.42.0
+	golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b
 	gorm.io/gorm v1.30.1
-	modernc.org/sqlite v1.38.2
+	gotest.tools/v3 v3.5.2
 )

 require (
@@ -28,9 +32,9 @@ require (
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/glebarez/go-sqlite v1.21.2 // indirect
-	github.com/glebarez/sqlite v1.11.0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
 	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
@@ -44,12 +48,11 @@ require (
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.34.0 // indirect
-	golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
-	golang.org/x/term v0.34.0 // indirect
-	gotest.tools/v3 v3.5.2 // indirect
+	golang.org/x/term v0.35.0 // indirect
 	modernc.org/libc v1.66.3 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
 	modernc.org/memory v1.11.0 // indirect
+	modernc.org/sqlite v1.38.2 // indirect
 	rsc.io/qr v0.2.0 // indirect
 )

@@ -86,8 +89,6 @@ require (
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/goccy/go-json v0.10.4 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/gorilla/securecookie v1.1.2 // indirect
-	github.com/gorilla/sessions v1.4.0
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.9 // indirect
@@ -125,11 +126,11 @@ require (
 	go.uber.org/atomic v1.9.0 // indirect
 	go.uber.org/multierr v1.9.0 // indirect
 	golang.org/x/arch v0.13.0 // indirect
-	golang.org/x/net v0.42.0 // indirect
+	golang.org/x/net v0.44.0 // indirect
 	golang.org/x/oauth2 v0.30.0
-	golang.org/x/sync v0.16.0 // indirect
-	golang.org/x/sys v0.35.0 // indirect
-	golang.org/x/text v0.28.0 // indirect
+	golang.org/x/sync v0.17.0 // indirect
+	golang.org/x/sys v0.36.0 // indirect
+	golang.org/x/text v0.29.0 // indirect
 	google.golang.org/protobuf v1.36.3 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -132,16 +132,10 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
-github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17kjQEVQ1XRhq2/JR1M3sGqeJoxs=
 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
-github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
-github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ=
-github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1 h1:VNqngBF40hVlDloBruUehVYC3ArSgIyScOAyMRqBxRg=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1/go.mod h1:RBRO7fro65R6tjKzYgLAFo0t1QEXY1Dp+i/bvpRiqiQ=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -286,6 +280,8 @@ github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
 github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
+github.com/weppos/publicsuffix-go v0.50.0 h1:M178k6l8cnh9T1c1cStkhytVxdk5zPd6gGZf8ySIuVo=
+github.com/weppos/publicsuffix-go v0.50.0/go.mod h1:VXhClBYMlDrUsome4pOTpe68Ui0p6iQRAbyHQD1yKoU=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -317,27 +313,27 @@ golang.org/x/arch v0.13.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
-golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
+golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
+golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
 golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b h1:M2rDM6z3Fhozi9O7NWsxAkg/yqS/lQJ6PmkyIV3YP+o=
 golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b/go.mod h1:3//PLf8L/X+8b4vuAfHzxeRUl04Adcb341+IGKfnqS8=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg=
-golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ=
+golang.org/x/mod v0.27.0 h1:kb+q2PyFnEADO2IEF935ehFUXlWiNjJWtRNgBLSfbxQ=
+golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs=
-golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
+golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I=
+golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
 golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
 golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
-golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
+golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -345,22 +341,22 @@ golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
-golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4=
-golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw=
+golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
+golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/term v0.35.0 h1:bZBVKBudEyhRcajGcNc3jIfWPqV4y/Kt2XcoigOWtDQ=
+golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng=
-golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
+golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
+golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
 golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg=
 golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0=
-golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
+golang.org/x/tools v0.36.0 h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg=
+golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -380,8 +376,6 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EV
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gorm.io/driver/sqlite v1.6.0 h1:WHRRrIiulaPiPFmDcod6prc4l2VGVWHz80KspNsxSfQ=
-gorm.io/driver/sqlite v1.6.0/go.mod h1:AO9V1qIQddBESngQUKWL9yoH93HIeA1X6V633rBwyT8=
 gorm.io/gorm v1.30.1 h1:lSHg33jJTBxs2mgJRfRZeLDG+WZaHYCk3Wtfl6Ngzo4=
 gorm.io/gorm v1.30.1/go.mod h1:8Z33v652h4//uMA76KjeDH8mJXPm1QNCYrMeatR0DOE=
 gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
--- a/internal/bootstrap/app_bootstrap.go
+++ b/internal/bootstrap/app_bootstrap.go
@@ -45,8 +45,8 @@ func (app *BootstrapApp) Setup() error {
 		return err
 	}

-	// Get root domain
-	rootDomain, err := utils.GetRootDomain(app.Config.AppURL)
+	// Get cookie domain
+	cookieDomain, err := utils.GetCookieDomain(app.Config.AppURL)

 	if err != nil {
 		return err
@@ -65,7 +65,7 @@ func (app *BootstrapApp) Setup() error {
 		OauthWhitelist:    app.Config.OAuthWhitelist,
 		SessionExpiry:     app.Config.SessionExpiry,
 		SecureCookie:      app.Config.SecureCookie,
-		RootDomain:        rootDomain,
+		CookieDomain:      cookieDomain,
 		LoginTimeout:      app.Config.LoginTimeout,
 		LoginMaxRetries:   app.Config.LoginMaxRetries,
 		SessionCookieName: sessionCookieName,
@@ -146,6 +146,7 @@ func (app *BootstrapApp) Setup() error {

 	// Create engine
 	engine := gin.New()
+	engine.SetTrustedProxies(strings.Split(app.Config.TrustedProxies, ","))

 	if config.Version != "development" {
 		gin.SetMode(gin.ReleaseMode)
@@ -155,7 +156,7 @@ func (app *BootstrapApp) Setup() error {
 	var middlewares []Middleware

 	contextMiddleware := middleware.NewContextMiddleware(middleware.ContextMiddlewareConfig{
-		RootDomain: rootDomain,
+		CookieDomain: cookieDomain,
 	}, authService, oauthBrokerService)

 	uiMiddleware := middleware.NewUIMiddleware()
@@ -182,7 +183,7 @@ func (app *BootstrapApp) Setup() error {
 		Title:                 app.Config.Title,
 		GenericName:           app.Config.GenericName,
 		AppURL:                app.Config.AppURL,
-		RootDomain:            rootDomain,
+		CookieDomain:          cookieDomain,
 		ForgotPasswordMessage: app.Config.ForgotPasswordMessage,
 		BackgroundImage:       app.Config.BackgroundImage,
 		OAuthAutoRedirect:     app.Config.OAuthAutoRedirect,
@@ -193,7 +194,7 @@ func (app *BootstrapApp) Setup() error {
 		SecureCookie:       app.Config.SecureCookie,
 		CSRFCookieName:     csrfCookieName,
 		RedirectCookieName: redirectCookieName,
-		RootDomain:         rootDomain,
+		CookieDomain:       cookieDomain,
 	}, apiRouter, authService, oauthBrokerService)

 	proxyController := controller.NewProxyController(controller.ProxyControllerConfig{
@@ -201,7 +202,7 @@ func (app *BootstrapApp) Setup() error {
 	}, apiRouter, dockerService, authService)

 	userController := controller.NewUserController(controller.UserControllerConfig{
-		RootDomain: rootDomain,
+		CookieDomain: cookieDomain,
 	}, apiRouter, authService)

 	resourcesController := controller.NewResourcesController(controller.ResourcesControllerConfig{
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -53,6 +53,7 @@ type Config struct {
 	LdapSearchFilter        string `mapstructure:"ldap-search-filter"`
 	ResourcesDir            string `mapstructure:"resources-dir"`
 	DatabasePath            string `mapstructure:"database-path" validate:"required"`
+	TrustedProxies          string `mapstructure:"trusted-proxies"`
 }

 // OAuth/OIDC config
@@ -125,51 +126,51 @@ type RedirectQuery struct {

 // Labels

-type Labels struct {
-	Apps map[string]AppLabels
+type Apps struct {
+	Apps map[string]App
 }

-type AppLabels struct {
-	Config   ConfigLabels
-	Users    UsersLabels
-	OAuth    OAuthLabels
-	IP       IPLabels
-	Response ResponseLabels
-	Path     PathLabels
+type App struct {
+	Config   AppConfig
+	Users    AppUsers
+	OAuth    AppOAuth
+	IP       AppIP
+	Response AppResponse
+	Path     AppPath
 }

-type ConfigLabels struct {
+type AppConfig struct {
 	Domain string
 }

-type UsersLabels struct {
+type AppUsers struct {
 	Allow string
 	Block string
 }

-type OAuthLabels struct {
+type AppOAuth struct {
 	Whitelist string
 	Groups    string
 }

-type IPLabels struct {
+type AppIP struct {
 	Allow  []string
 	Block  []string
 	Bypass []string
 }

-type ResponseLabels struct {
+type AppResponse struct {
 	Headers   []string
-	BasicAuth BasicAuthLabels
+	BasicAuth AppBasicAuth
 }

-type BasicAuthLabels struct {
+type AppBasicAuth struct {
 	Username     string
 	Password     string
 	PasswordFile string
 }

-type PathLabels struct {
+type AppPath struct {
 	Allow string
 	Block string
 }
--- a/internal/controller/context_controller.go
+++ b/internal/controller/context_controller.go
@@ -28,7 +28,7 @@ type AppContextResponse struct {
 	Title                 string   `json:"title"`
 	GenericName           string   `json:"genericName"`
 	AppURL                string   `json:"appUrl"`
-	RootDomain            string   `json:"rootDomain"`
+	CookieDomain          string   `json:"cookieDomain"`
 	ForgotPasswordMessage string   `json:"forgotPasswordMessage"`
 	BackgroundImage       string   `json:"backgroundImage"`
 	OAuthAutoRedirect     string   `json:"oauthAutoRedirect"`
@@ -39,7 +39,7 @@ type ContextControllerConfig struct {
 	Title                 string
 	GenericName           string
 	AppURL                string
-	RootDomain            string
+	CookieDomain          string
 	ForgotPasswordMessage string
 	BackgroundImage       string
 	OAuthAutoRedirect     string
@@ -100,7 +100,7 @@ func (controller *ContextController) appContextHandler(c *gin.Context) {
 		Title:                 controller.config.Title,
 		GenericName:           controller.config.GenericName,
 		AppURL:                fmt.Sprintf("%s://%s", appUrl.Scheme, appUrl.Host),
-		RootDomain:            controller.config.RootDomain,
+		CookieDomain:          controller.config.CookieDomain,
 		ForgotPasswordMessage: controller.config.ForgotPasswordMessage,
 		BackgroundImage:       controller.config.BackgroundImage,
 		OAuthAutoRedirect:     controller.config.OAuthAutoRedirect,
--- a/internal/controller/context_controller_test.go
+++ b/internal/controller/context_controller_test.go
@@ -0,0 +1,135 @@
+package controller_test
+
+import (
+	"encoding/json"
+	"net/http/httptest"
+	"testing"
+	"tinyauth/internal/config"
+	"tinyauth/internal/controller"
+
+	"github.com/gin-gonic/gin"
+	"gotest.tools/v3/assert"
+)
+
+var controllerCfg = controller.ContextControllerConfig{
+	ConfiguredProviders:   []string{"github", "google", "generic"},
+	Title:                 "Test App",
+	GenericName:           "Generic",
+	AppURL:                "http://localhost:8080",
+	CookieDomain:          "localhost",
+	ForgotPasswordMessage: "Contact admin to reset your password.",
+	BackgroundImage:       "/assets/bg.jpg",
+	OAuthAutoRedirect:     "google",
+}
+
+var userContext = config.UserContext{
+	Username:    "testuser",
+	Name:        "testuser",
+	Email:       "test@example.com",
+	IsLoggedIn:  true,
+	OAuth:       false,
+	Provider:    "username",
+	TotpPending: false,
+	OAuthGroups: "",
+	TotpEnabled: false,
+}
+
+func setupContextController(middlewares *[]gin.HandlerFunc) (*gin.Engine, *httptest.ResponseRecorder) {
+	// Setup
+	gin.SetMode(gin.TestMode)
+	router := gin.Default()
+	recorder := httptest.NewRecorder()
+
+	if middlewares != nil {
+		for _, m := range *middlewares {
+			router.Use(m)
+		}
+	}
+
+	group := router.Group("/api")
+
+	ctrl := controller.NewContextController(controllerCfg, group)
+	ctrl.SetupRoutes()
+
+	return router, recorder
+}
+
+func TestAppContextHandler(t *testing.T) {
+	expectedRes := controller.AppContextResponse{
+		Status:                200,
+		Message:               "Success",
+		ConfiguredProviders:   controllerCfg.ConfiguredProviders,
+		Title:                 controllerCfg.Title,
+		GenericName:           controllerCfg.GenericName,
+		AppURL:                controllerCfg.AppURL,
+		CookieDomain:          controllerCfg.CookieDomain,
+		ForgotPasswordMessage: controllerCfg.ForgotPasswordMessage,
+		BackgroundImage:       controllerCfg.BackgroundImage,
+		OAuthAutoRedirect:     controllerCfg.OAuthAutoRedirect,
+	}
+
+	router, recorder := setupContextController(nil)
+	req := httptest.NewRequest("GET", "/api/context/app", nil)
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 200, recorder.Code)
+
+	var ctrlRes controller.AppContextResponse
+
+	err := json.Unmarshal(recorder.Body.Bytes(), &ctrlRes)
+
+	assert.NilError(t, err)
+	assert.DeepEqual(t, expectedRes, ctrlRes)
+}
+
+func TestUserContextHandler(t *testing.T) {
+	expectedRes := controller.UserContextResponse{
+		Status:      200,
+		Message:     "Success",
+		IsLoggedIn:  userContext.IsLoggedIn,
+		Username:    userContext.Username,
+		Name:        userContext.Name,
+		Email:       userContext.Email,
+		Provider:    userContext.Provider,
+		OAuth:       userContext.OAuth,
+		TotpPending: userContext.TotpPending,
+	}
+
+	// Test with context
+	router, recorder := setupContextController(&[]gin.HandlerFunc{
+		func(c *gin.Context) {
+			c.Set("context", &userContext)
+			c.Next()
+		},
+	})
+
+	req := httptest.NewRequest("GET", "/api/context/user", nil)
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 200, recorder.Code)
+
+	var ctrlRes controller.UserContextResponse
+
+	err := json.Unmarshal(recorder.Body.Bytes(), &ctrlRes)
+
+	assert.NilError(t, err)
+	assert.DeepEqual(t, expectedRes, ctrlRes)
+
+	// Test no context
+	expectedRes = controller.UserContextResponse{
+		Status:     401,
+		Message:    "Unauthorized",
+		IsLoggedIn: false,
+	}
+
+	router, recorder = setupContextController(nil)
+	req = httptest.NewRequest("GET", "/api/context/user", nil)
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 200, recorder.Code)
+
+	err = json.Unmarshal(recorder.Body.Bytes(), &ctrlRes)
+
+	assert.NilError(t, err)
+	assert.DeepEqual(t, expectedRes, ctrlRes)
+}
--- a/internal/controller/oauth_controller.go
+++ b/internal/controller/oauth_controller.go
@@ -23,7 +23,7 @@ type OAuthControllerConfig struct {
 	RedirectCookieName string
 	SecureCookie       bool
 	AppURL             string
-	RootDomain         string
+	CookieDomain       string
 }

 type OAuthController struct {
@@ -74,13 +74,13 @@ func (controller *OAuthController) oauthURLHandler(c *gin.Context) {

 	state := service.GenerateState()
 	authURL := service.GetAuthURL(state)
-	c.SetCookie(controller.config.CSRFCookieName, state, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.config.RootDomain), controller.config.SecureCookie, true)
+	c.SetCookie(controller.config.CSRFCookieName, state, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)

 	redirectURI := c.Query("redirect_uri")

-	if redirectURI != "" && utils.IsRedirectSafe(redirectURI, controller.config.RootDomain) {
+	if redirectURI != "" && utils.IsRedirectSafe(redirectURI, controller.config.CookieDomain) {
 		log.Debug().Msg("Setting redirect URI cookie")
-		c.SetCookie(controller.config.RedirectCookieName, redirectURI, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.config.RootDomain), controller.config.SecureCookie, true)
+		c.SetCookie(controller.config.RedirectCookieName, redirectURI, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
 	}

 	c.JSON(200, gin.H{
@@ -108,11 +108,12 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {

 	if err != nil || state != csrfCookie {
 		log.Warn().Err(err).Msg("CSRF token mismatch or cookie missing")
+		c.SetCookie(controller.config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
 		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
 		return
 	}

-	c.SetCookie(controller.config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.RootDomain), controller.config.SecureCookie, true)
+	c.SetCookie(controller.config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)

 	code := c.Query("code")
 	service, exists := controller.broker.GetService(req.Provider)
@@ -195,7 +196,7 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {

 	redirectURI, err := c.Cookie(controller.config.RedirectCookieName)

-	if err != nil || !utils.IsRedirectSafe(redirectURI, controller.config.RootDomain) {
+	if err != nil || !utils.IsRedirectSafe(redirectURI, controller.config.CookieDomain) {
 		log.Debug().Msg("No redirect URI cookie found, redirecting to app root")
 		c.Redirect(http.StatusTemporaryRedirect, controller.config.AppURL)
 		return
@@ -211,6 +212,6 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 		return
 	}

-	c.SetCookie(controller.config.RedirectCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.RootDomain), controller.config.SecureCookie, true)
+	c.SetCookie(controller.config.RedirectCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
 	c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/continue?%s", controller.config.AppURL, queries.Encode()))
 }
--- a/internal/controller/proxy_controller.go
+++ b/internal/controller/proxy_controller.go
@@ -55,6 +55,15 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		return
 	}

+	if req.Proxy != "nginx" && req.Proxy != "traefik" && req.Proxy != "caddy" {
+		log.Warn().Str("proxy", req.Proxy).Msg("Invalid proxy")
+		c.JSON(400, gin.H{
+			"status":  400,
+			"message": "Bad Request",
+		})
+		return
+	}
+
 	isBrowser := strings.Contains(c.Request.Header.Get("Accept"), "text/html")

 	if isBrowser {
@@ -251,7 +260,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 	c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/login?%s", controller.config.AppURL, queries.Encode()))
 }

-func (controller *ProxyController) setHeaders(c *gin.Context, labels config.AppLabels) {
+func (controller *ProxyController) setHeaders(c *gin.Context, labels config.App) {
 	c.Header("Authorization", c.Request.Header.Get("Authorization"))

 	headers := utils.ParseHeaders(labels.Response.Headers)
--- a/internal/controller/proxy_controller_test.go
+++ b/internal/controller/proxy_controller_test.go
@@ -0,0 +1,164 @@
+package controller_test
+
+import (
+	"net/http/httptest"
+	"testing"
+	"tinyauth/internal/config"
+	"tinyauth/internal/controller"
+	"tinyauth/internal/service"
+
+	"github.com/gin-gonic/gin"
+	"gotest.tools/v3/assert"
+)
+
+func setupProxyController(t *testing.T, middlewares *[]gin.HandlerFunc) (*gin.Engine, *httptest.ResponseRecorder, *service.AuthService) {
+	// Setup
+	gin.SetMode(gin.TestMode)
+	router := gin.Default()
+
+	if middlewares != nil {
+		for _, m := range *middlewares {
+			router.Use(m)
+		}
+	}
+
+	group := router.Group("/api")
+	recorder := httptest.NewRecorder()
+
+	// Database
+	databaseService := service.NewDatabaseService(service.DatabaseServiceConfig{
+		DatabasePath: "/tmp/tinyauth_test.db",
+	})
+
+	assert.NilError(t, databaseService.Init())
+
+	database := databaseService.GetDatabase()
+
+	// Docker
+	dockerService := service.NewDockerService()
+
+	assert.NilError(t, dockerService.Init())
+
+	// Auth service
+	authService := service.NewAuthService(service.AuthServiceConfig{
+		Users: []config.User{
+			{
+				Username: "testuser",
+				Password: "$2a$10$ne6z693sTgzT3ePoQ05PgOecUHnBjM7sSNj6M.l5CLUP.f6NyCnt.", // test
+			},
+		},
+		OauthWhitelist:    "",
+		SessionExpiry:     3600,
+		SecureCookie:      false,
+		CookieDomain:      "localhost",
+		LoginTimeout:      300,
+		LoginMaxRetries:   3,
+		SessionCookieName: "tinyauth-session",
+	}, dockerService, nil, database)
+
+	// Controller
+	ctrl := controller.NewProxyController(controller.ProxyControllerConfig{
+		AppURL: "http://localhost:8080",
+	}, group, dockerService, authService)
+	ctrl.SetupRoutes()
+
+	return router, recorder, authService
+}
+
+func TestProxyHandler(t *testing.T) {
+	// Setup
+	router, recorder, authService := setupProxyController(t, nil)
+
+	// Test invalid proxy
+	req := httptest.NewRequest("GET", "/api/auth/invalidproxy", nil)
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 400, recorder.Code)
+
+	// Test logged out user (traefik/caddy)
+	recorder = httptest.NewRecorder()
+	req = httptest.NewRequest("GET", "/api/auth/traefik", nil)
+	req.Header.Set("X-Forwarded-Proto", "https")
+	req.Header.Set("X-Forwarded-Host", "example.com")
+	req.Header.Set("X-Forwarded-Uri", "/somepath")
+	req.Header.Set("Accept", "text/html")
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 307, recorder.Code)
+	assert.Equal(t, "http://localhost:8080/login?redirect_uri=https%3A%2F%2Fexample.com%2Fsomepath", recorder.Header().Get("Location"))
+
+	// Test logged out user (nginx)
+	recorder = httptest.NewRecorder()
+	req = httptest.NewRequest("GET", "/api/auth/nginx", nil)
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 401, recorder.Code)
+
+	// Test logged in user
+	c := gin.CreateTestContextOnly(recorder, router)
+
+	err := authService.CreateSessionCookie(c, &config.SessionCookie{
+		Username:    "testuser",
+		Name:        "testuser",
+		Email:       "testuser@example.com",
+		Provider:    "username",
+		TotpPending: false,
+		OAuthGroups: "",
+	})
+
+	assert.NilError(t, err)
+
+	cookie := c.Writer.Header().Get("Set-Cookie")
+
+	router, recorder, _ = setupProxyController(t, &[]gin.HandlerFunc{
+		func(c *gin.Context) {
+			c.Set("context", &config.UserContext{
+				Username:    "testuser",
+				Name:        "testuser",
+				Email:       "testuser@example.com",
+				IsLoggedIn:  true,
+				OAuth:       false,
+				Provider:    "username",
+				TotpPending: false,
+				OAuthGroups: "",
+				TotpEnabled: false,
+			})
+			c.Next()
+		},
+	})
+
+	req = httptest.NewRequest("GET", "/api/auth/traefik", nil)
+	req.Header.Set("Cookie", cookie)
+	req.Header.Set("Accept", "text/html")
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 200, recorder.Code)
+
+	assert.Equal(t, "testuser", recorder.Header().Get("Remote-User"))
+	assert.Equal(t, "testuser", recorder.Header().Get("Remote-Name"))
+	assert.Equal(t, "testuser@example.com", recorder.Header().Get("Remote-Email"))
+
+	// Ensure basic auth is disabled for TOTP enabled users
+	router, recorder, _ = setupProxyController(t, &[]gin.HandlerFunc{
+		func(c *gin.Context) {
+			c.Set("context", &config.UserContext{
+				Username:    "testuser",
+				Name:        "testuser",
+				Email:       "testuser@example.com",
+				IsLoggedIn:  true,
+				OAuth:       false,
+				Provider:    "basic",
+				TotpPending: false,
+				OAuthGroups: "",
+				TotpEnabled: true,
+			})
+			c.Next()
+		},
+	})
+
+	req = httptest.NewRequest("GET", "/api/auth/traefik", nil)
+	req.SetBasicAuth("testuser", "test")
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 401, recorder.Code)
+}
--- a/internal/controller/resources_controller_test.go
+++ b/internal/controller/resources_controller_test.go
@@ -0,0 +1,57 @@
+package controller_test
+
+import (
+	"net/http/httptest"
+	"os"
+	"testing"
+	"tinyauth/internal/controller"
+
+	"github.com/gin-gonic/gin"
+	"gotest.tools/v3/assert"
+)
+
+func TestResourcesHandler(t *testing.T) {
+	// Setup
+	gin.SetMode(gin.TestMode)
+	router := gin.New()
+	group := router.Group("/")
+
+	ctrl := controller.NewResourcesController(controller.ResourcesControllerConfig{
+		ResourcesDir: "/tmp/tinyauth",
+	}, group)
+	ctrl.SetupRoutes()
+
+	// Create test data
+	err := os.Mkdir("/tmp/tinyauth", 0755)
+	assert.NilError(t, err)
+	defer os.RemoveAll("/tmp/tinyauth")
+
+	file, err := os.Create("/tmp/tinyauth/test.txt")
+	assert.NilError(t, err)
+
+	_, err = file.WriteString("This is a test file.")
+	assert.NilError(t, err)
+	file.Close()
+
+	// Test existing file
+	req := httptest.NewRequest("GET", "/resources/test.txt", nil)
+	recorder := httptest.NewRecorder()
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 200, recorder.Code)
+	assert.Equal(t, "This is a test file.", recorder.Body.String())
+
+	// Test non-existing file
+	req = httptest.NewRequest("GET", "/resources/nonexistent.txt", nil)
+	recorder = httptest.NewRecorder()
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 404, recorder.Code)
+
+	// Test directory traversal attack
+	req = httptest.NewRequest("GET", "/resources/../etc/passwd", nil)
+	recorder = httptest.NewRecorder()
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 404, recorder.Code)
+}
--- a/internal/controller/user_controller.go
+++ b/internal/controller/user_controller.go
@@ -22,7 +22,7 @@ type TotpRequest struct {
 }

 type UserControllerConfig struct {
-	RootDomain string
+	CookieDomain string
 }

 type UserController struct {
@@ -115,7 +115,7 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 			err := controller.auth.CreateSessionCookie(c, &config.SessionCookie{
 				Username:    user.Username,
 				Name:        utils.Capitalize(req.Username),
-				Email:       fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.config.RootDomain),
+				Email:       fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.config.CookieDomain),
 				Provider:    "username",
 				TotpPending: true,
 			})
@@ -141,7 +141,7 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 	err = controller.auth.CreateSessionCookie(c, &config.SessionCookie{
 		Username: req.Username,
 		Name:     utils.Capitalize(req.Username),
-		Email:    fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.config.RootDomain),
+		Email:    fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.config.CookieDomain),
 		Provider: "username",
 	})

@@ -246,7 +246,7 @@ func (controller *UserController) totpHandler(c *gin.Context) {
 	err = controller.auth.CreateSessionCookie(c, &config.SessionCookie{
 		Username: user.Username,
 		Name:     utils.Capitalize(user.Username),
-		Email:    fmt.Sprintf("%s@%s", strings.ToLower(user.Username), controller.config.RootDomain),
+		Email:    fmt.Sprintf("%s@%s", strings.ToLower(user.Username), controller.config.CookieDomain),
 		Provider: "username",
 	})

--- a/internal/controller/user_controller_test.go
+++ b/internal/controller/user_controller_test.go
@@ -0,0 +1,297 @@
+package controller_test
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+	"time"
+	"tinyauth/internal/config"
+	"tinyauth/internal/controller"
+	"tinyauth/internal/service"
+
+	"github.com/gin-gonic/gin"
+	"github.com/pquerna/otp/totp"
+	"gotest.tools/v3/assert"
+)
+
+var cookieValue string
+var totpSecret = "6WFZXPEZRK5MZHHYAFW4DAOUYQMCASBJ"
+
+func setupUserController(t *testing.T, middlewares *[]gin.HandlerFunc) (*gin.Engine, *httptest.ResponseRecorder) {
+	// Setup
+	gin.SetMode(gin.TestMode)
+	router := gin.Default()
+
+	if middlewares != nil {
+		for _, m := range *middlewares {
+			router.Use(m)
+		}
+	}
+
+	group := router.Group("/api")
+	recorder := httptest.NewRecorder()
+
+	// Database
+	databaseService := service.NewDatabaseService(service.DatabaseServiceConfig{
+		DatabasePath: "/tmp/tinyauth_test.db",
+	})
+
+	assert.NilError(t, databaseService.Init())
+
+	database := databaseService.GetDatabase()
+
+	// Auth service
+	authService := service.NewAuthService(service.AuthServiceConfig{
+		Users: []config.User{
+			{
+				Username: "testuser",
+				Password: "$2a$10$ne6z693sTgzT3ePoQ05PgOecUHnBjM7sSNj6M.l5CLUP.f6NyCnt.", // test
+			},
+			{
+				Username:   "totpuser",
+				Password:   "$2a$10$ne6z693sTgzT3ePoQ05PgOecUHnBjM7sSNj6M.l5CLUP.f6NyCnt.", // test
+				TotpSecret: totpSecret,
+			},
+		},
+		OauthWhitelist:    "",
+		SessionExpiry:     3600,
+		SecureCookie:      false,
+		CookieDomain:      "localhost",
+		LoginTimeout:      300,
+		LoginMaxRetries:   3,
+		SessionCookieName: "tinyauth-session",
+	}, nil, nil, database)
+
+	// Controller
+	ctrl := controller.NewUserController(controller.UserControllerConfig{
+		CookieDomain: "localhost",
+	}, group, authService)
+	ctrl.SetupRoutes()
+
+	return router, recorder
+}
+
+func TestLoginHandler(t *testing.T) {
+	// Setup
+	router, recorder := setupUserController(t, nil)
+
+	loginReq := controller.LoginRequest{
+		Username: "testuser",
+		Password: "test",
+	}
+
+	loginReqJson, err := json.Marshal(loginReq)
+	assert.NilError(t, err)
+
+	// Test
+	req := httptest.NewRequest("POST", "/api/user/login", strings.NewReader(string(loginReqJson)))
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 200, recorder.Code)
+
+	cookie := recorder.Result().Cookies()[0]
+
+	assert.Equal(t, "tinyauth-session", cookie.Name)
+	assert.Assert(t, cookie.Value != "")
+
+	cookieValue = cookie.Value
+
+	// Test invalid credentials
+	loginReq = controller.LoginRequest{
+		Username: "testuser",
+		Password: "invalid",
+	}
+
+	loginReqJson, err = json.Marshal(loginReq)
+	assert.NilError(t, err)
+
+	recorder = httptest.NewRecorder()
+	req = httptest.NewRequest("POST", "/api/user/login", strings.NewReader(string(loginReqJson)))
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 401, recorder.Code)
+
+	// Test totp required
+	loginReq = controller.LoginRequest{
+		Username: "totpuser",
+		Password: "test",
+	}
+
+	loginReqJson, err = json.Marshal(loginReq)
+	assert.NilError(t, err)
+
+	recorder = httptest.NewRecorder()
+	req = httptest.NewRequest("POST", "/api/user/login", strings.NewReader(string(loginReqJson)))
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 200, recorder.Code)
+
+	loginResJson, err := json.Marshal(map[string]any{
+		"message":     "TOTP required",
+		"status":      200,
+		"totpPending": true,
+	})
+
+	assert.NilError(t, err)
+	assert.Equal(t, string(loginResJson), recorder.Body.String())
+
+	// Test invalid json
+	recorder = httptest.NewRecorder()
+	req = httptest.NewRequest("POST", "/api/user/login", strings.NewReader("{invalid json}"))
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 400, recorder.Code)
+
+	// Test rate limiting
+	loginReq = controller.LoginRequest{
+		Username: "testuser",
+		Password: "invalid",
+	}
+
+	loginReqJson, err = json.Marshal(loginReq)
+	assert.NilError(t, err)
+
+	for range 5 {
+		recorder = httptest.NewRecorder()
+		req = httptest.NewRequest("POST", "/api/user/login", strings.NewReader(string(loginReqJson)))
+		router.ServeHTTP(recorder, req)
+	}
+
+	assert.Equal(t, 429, recorder.Code)
+}
+
+func TestLogoutHandler(t *testing.T) {
+	// Setup
+	router, recorder := setupUserController(t, nil)
+
+	// Test
+	req := httptest.NewRequest("POST", "/api/user/logout", nil)
+
+	req.AddCookie(&http.Cookie{
+		Name:  "tinyauth-session",
+		Value: cookieValue,
+	})
+
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 200, recorder.Code)
+
+	cookie := recorder.Result().Cookies()[0]
+
+	assert.Equal(t, "tinyauth-session", cookie.Name)
+	assert.Equal(t, "", cookie.Value)
+	assert.Equal(t, -1, cookie.MaxAge)
+}
+
+func TestTotpHandler(t *testing.T) {
+	// Setup
+	router, recorder := setupUserController(t, &[]gin.HandlerFunc{
+		func(c *gin.Context) {
+			c.Set("context", &config.UserContext{
+				Username:    "totpuser",
+				Name:        "totpuser",
+				Email:       "totpuser@example.com",
+				IsLoggedIn:  false,
+				OAuth:       false,
+				Provider:    "username",
+				TotpPending: true,
+				OAuthGroups: "",
+				TotpEnabled: true,
+			})
+			c.Next()
+		},
+	})
+
+	// Test
+	code, err := totp.GenerateCode(totpSecret, time.Now())
+
+	assert.NilError(t, err)
+
+	totpReq := controller.TotpRequest{
+		Code: code,
+	}
+
+	totpReqJson, err := json.Marshal(totpReq)
+	assert.NilError(t, err)
+
+	req := httptest.NewRequest("POST", "/api/user/totp", strings.NewReader(string(totpReqJson)))
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 200, recorder.Code)
+
+	cookie := recorder.Result().Cookies()[0]
+
+	assert.Equal(t, "tinyauth-session", cookie.Name)
+	assert.Assert(t, cookie.Value != "")
+
+	// Test invalid json
+	recorder = httptest.NewRecorder()
+	req = httptest.NewRequest("POST", "/api/user/totp", strings.NewReader("{invalid json}"))
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 400, recorder.Code)
+
+	// Test rate limiting
+	totpReq = controller.TotpRequest{
+		Code: "000000",
+	}
+
+	totpReqJson, err = json.Marshal(totpReq)
+	assert.NilError(t, err)
+
+	for range 5 {
+		recorder = httptest.NewRecorder()
+		req = httptest.NewRequest("POST", "/api/user/totp", strings.NewReader(string(totpReqJson)))
+		router.ServeHTTP(recorder, req)
+	}
+
+	assert.Equal(t, 429, recorder.Code)
+
+	// Test invalid code
+	router, recorder = setupUserController(t, &[]gin.HandlerFunc{
+		func(c *gin.Context) {
+			c.Set("context", &config.UserContext{
+				Username:    "totpuser",
+				Name:        "totpuser",
+				Email:       "totpuser@example.com",
+				IsLoggedIn:  false,
+				OAuth:       false,
+				Provider:    "username",
+				TotpPending: true,
+				OAuthGroups: "",
+				TotpEnabled: true,
+			})
+			c.Next()
+		},
+	})
+
+	req = httptest.NewRequest("POST", "/api/user/totp", strings.NewReader(string(totpReqJson)))
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 401, recorder.Code)
+
+	// Test no totp pending
+	router, recorder = setupUserController(t, &[]gin.HandlerFunc{
+		func(c *gin.Context) {
+			c.Set("context", &config.UserContext{
+				Username:    "totpuser",
+				Name:        "totpuser",
+				Email:       "totpuser@example.com",
+				IsLoggedIn:  false,
+				OAuth:       false,
+				Provider:    "username",
+				TotpPending: false,
+				OAuthGroups: "",
+				TotpEnabled: false,
+			})
+			c.Next()
+		},
+	})
+
+	req = httptest.NewRequest("POST", "/api/user/totp", strings.NewReader(string(totpReqJson)))
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 401, recorder.Code)
+}
--- a/internal/middleware/context_middleware.go
+++ b/internal/middleware/context_middleware.go
@@ -12,7 +12,7 @@ import (
 )

 type ContextMiddlewareConfig struct {
-	RootDomain string
+	CookieDomain string
 }

 type ContextMiddleware struct {
@@ -134,7 +134,7 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 			c.Set("context", &config.UserContext{
 				Username:    user.Username,
 				Name:        utils.Capitalize(user.Username),
-				Email:       fmt.Sprintf("%s@%s", strings.ToLower(user.Username), m.config.RootDomain),
+				Email:       fmt.Sprintf("%s@%s", strings.ToLower(user.Username), m.config.CookieDomain),
 				Provider:    "basic",
 				IsLoggedIn:  true,
 				TotpEnabled: user.TotpSecret != "",
@@ -146,7 +146,7 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 			c.Set("context", &config.UserContext{
 				Username:   basic.Username,
 				Name:       utils.Capitalize(basic.Username),
-				Email:      fmt.Sprintf("%s@%s", strings.ToLower(basic.Username), m.config.RootDomain),
+				Email:      fmt.Sprintf("%s@%s", strings.ToLower(basic.Username), m.config.CookieDomain),
 				Provider:   "basic",
 				IsLoggedIn: true,
 			})
--- a/internal/service/auth_service.go
+++ b/internal/service/auth_service.go
@@ -28,7 +28,7 @@ type AuthServiceConfig struct {
 	OauthWhitelist    string
 	SessionExpiry     int
 	SecureCookie      bool
-	RootDomain        string
+	CookieDomain      string
 	LoginTimeout      int
 	LoginMaxRetries   int
 	SessionCookieName string
@@ -218,7 +218,7 @@ func (auth *AuthService) CreateSessionCookie(c *gin.Context, data *config.Sessio
 		return err
 	}

-	c.SetCookie(auth.config.SessionCookieName, session.UUID, expiry, "/", fmt.Sprintf(".%s", auth.config.RootDomain), auth.config.SecureCookie, true)
+	c.SetCookie(auth.config.SessionCookieName, session.UUID, expiry, "/", fmt.Sprintf(".%s", auth.config.CookieDomain), auth.config.SecureCookie, true)

 	return nil
 }
@@ -236,7 +236,7 @@ func (auth *AuthService) DeleteSessionCookie(c *gin.Context) error {
 		return res.Error
 	}

-	c.SetCookie(auth.config.SessionCookieName, "", -1, "/", fmt.Sprintf(".%s", auth.config.RootDomain), auth.config.SecureCookie, true)
+	c.SetCookie(auth.config.SessionCookieName, "", -1, "/", fmt.Sprintf(".%s", auth.config.CookieDomain), auth.config.SecureCookie, true)

 	return nil
 }
@@ -285,7 +285,7 @@ func (auth *AuthService) UserAuthConfigured() bool {
 	return len(auth.config.Users) > 0 || auth.ldap != nil
 }

-func (auth *AuthService) IsResourceAllowed(c *gin.Context, context config.UserContext, labels config.AppLabels) bool {
+func (auth *AuthService) IsResourceAllowed(c *gin.Context, context config.UserContext, labels config.App) bool {
 	if context.OAuth {
 		log.Debug().Msg("Checking OAuth whitelist")
 		return utils.CheckFilter(labels.OAuth.Whitelist, context.Email)
@@ -322,7 +322,7 @@ func (auth *AuthService) IsInOAuthGroup(c *gin.Context, context config.UserConte
 	return false
 }

-func (auth *AuthService) IsAuthEnabled(uri string, path config.PathLabels) (bool, error) {
+func (auth *AuthService) IsAuthEnabled(uri string, path config.AppPath) (bool, error) {
 	// Check for block list
 	if path.Block != "" {
 		regex, err := regexp.Compile(path.Block)
@@ -364,7 +364,7 @@ func (auth *AuthService) GetBasicAuth(c *gin.Context) *config.User {
 	}
 }

-func (auth *AuthService) CheckIP(labels config.IPLabels, ip string) bool {
+func (auth *AuthService) CheckIP(labels config.AppIP, ip string) bool {
 	for _, blocked := range labels.Block {
 		res, err := utils.FilterIP(blocked, ip)
 		if err != nil {
@@ -398,7 +398,7 @@ func (auth *AuthService) CheckIP(labels config.IPLabels, ip string) bool {
 	return true
 }

-func (auth *AuthService) IsBypassedIP(labels config.IPLabels, ip string) bool {
+func (auth *AuthService) IsBypassedIP(labels config.AppIP, ip string) bool {
 	for _, bypassed := range labels.Bypass {
 		res, err := utils.FilterIP(bypassed, ip)
 		if err != nil {
--- a/internal/service/docker_service.go
+++ b/internal/service/docker_service.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"strings"
 	"tinyauth/internal/config"
-	"tinyauth/internal/utils"
+	"tinyauth/internal/utils/decoders"

 	container "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/client"
@@ -55,17 +55,17 @@ func (docker *DockerService) DockerConnected() bool {
 	return err == nil
 }

-func (docker *DockerService) GetLabels(appDomain string) (config.AppLabels, error) {
+func (docker *DockerService) GetLabels(appDomain string) (config.App, error) {
 	isConnected := docker.DockerConnected()

 	if !isConnected {
 		log.Debug().Msg("Docker not connected, returning empty labels")
-		return config.AppLabels{}, nil
+		return config.App{}, nil
 	}

 	containers, err := docker.GetContainers()
 	if err != nil {
-		return config.AppLabels{}, err
+		return config.App{}, err
 	}

 	for _, ctr := range containers {
@@ -75,7 +75,7 @@ func (docker *DockerService) GetLabels(appDomain string) (config.AppLabels, erro
 			continue
 		}

-		labels, err := utils.GetLabels(inspect.Config.Labels)
+		labels, err := decoders.DecodeLabels(inspect.Config.Labels)
 		if err != nil {
 			log.Warn().Str("id", ctr.ID).Err(err).Msg("Error getting container labels, skipping")
 			continue
@@ -95,5 +95,5 @@ func (docker *DockerService) GetLabels(appDomain string) (config.AppLabels, erro
 	}

 	log.Debug().Msg("No matching container found, returning empty labels")
-	return config.AppLabels{}, nil
+	return config.App{}, nil
 }
--- a/internal/utils/app_utils.go
+++ b/internal/utils/app_utils.go
@@ -8,30 +8,38 @@ import (
 	"tinyauth/internal/config"

 	"github.com/gin-gonic/gin"
-
 	"github.com/rs/zerolog"
+	"github.com/weppos/publicsuffix-go/publicsuffix"
 )

-// Get root domain parses a hostname and returns the upper domain (e.g. sub1.sub2.domain.com -> sub2.domain.com)
-func GetRootDomain(appUrl string) (string, error) {
-	appUrlParsed, err := url.Parse(appUrl)
+// Get cookie domain parses a hostname and returns the upper domain (e.g. sub1.sub2.domain.com -> sub2.domain.com)
+func GetCookieDomain(u string) (string, error) {
+	parsed, err := url.Parse(u)
 	if err != nil {
 		return "", err
 	}

-	host := appUrlParsed.Hostname()
+	host := parsed.Hostname()

 	if netIP := net.ParseIP(host); netIP != nil {
-		return "", errors.New("IP addresses are not allowed")
+		return "", errors.New("IP addresses not allowed")
 	}

-	urlParts := strings.Split(host, ".")
+	parts := strings.Split(host, ".")

-	if len(urlParts) < 2 {
-		return "", errors.New("invalid domain, must be at least second level domain")
+	if len(parts) < 3 {
+		return "", errors.New("invalid app url, must be at least second level domain")
 	}

-	return strings.Join(urlParts[1:], "."), nil
+	domain := strings.Join(parts[1:], ".")
+
+	_, err = publicsuffix.DomainFromListWithOptions(publicsuffix.DefaultList, domain, nil)
+
+	if err != nil {
+		return "", errors.New("domain in public suffix list, cannot set cookies")
+	}
+
+	return domain, nil
 }

 func ParseFileToLine(content string) string {
@@ -49,6 +57,7 @@ func ParseFileToLine(content string) string {
 }

 func Filter[T any](slice []T, test func(T) bool) (res []T) {
+	res = make([]T, 0)
 	for _, value := range slice {
 		if test(value) {
 			res = append(res, value)
@@ -88,13 +97,13 @@ func IsRedirectSafe(redirectURL string, domain string) bool {
 		return false
 	}

-	upper, err := GetRootDomain(redirectURL)
+	cookieDomain, err := GetCookieDomain(redirectURL)

 	if err != nil {
 		return false
 	}

-	if upper != domain {
+	if cookieDomain != domain {
 		return false
 	}

--- a/internal/utils/app_utils_test.go
+++ b/internal/utils/app_utils_test.go
@@ -0,0 +1,202 @@
+package utils_test
+
+import (
+	"testing"
+	"tinyauth/internal/config"
+	"tinyauth/internal/utils"
+
+	"github.com/gin-gonic/gin"
+	"gotest.tools/v3/assert"
+)
+
+func TestGetRootDomain(t *testing.T) {
+	// Normal case
+	domain := "http://sub.tinyauth.app"
+	expected := "tinyauth.app"
+	result, err := utils.GetCookieDomain(domain)
+	assert.NilError(t, err)
+	assert.Equal(t, expected, result)
+
+	// Domain with multiple subdomains
+	domain = "http://b.c.tinyauth.app"
+	expected = "c.tinyauth.app"
+	result, err = utils.GetCookieDomain(domain)
+	assert.NilError(t, err)
+	assert.Equal(t, expected, result)
+
+	// Domain with no subdomain
+	domain = "http://tinyauth.app"
+	expected = "tinyauth.app"
+	_, err = utils.GetCookieDomain(domain)
+	assert.Error(t, err, "invalid app url, must be at least second level domain")
+
+	// Invalid domain (only TLD)
+	domain = "com"
+	_, err = utils.GetCookieDomain(domain)
+	assert.ErrorContains(t, err, "invalid app url, must be at least second level domain")
+
+	// IP address
+	domain = "http://10.10.10.10"
+	_, err = utils.GetCookieDomain(domain)
+	assert.ErrorContains(t, err, "IP addresses not allowed")
+
+	// Invalid URL
+	domain = "http://[::1]:namedport"
+	_, err = utils.GetCookieDomain(domain)
+	assert.ErrorContains(t, err, "parse \"http://[::1]:namedport\": invalid port \":namedport\" after host")
+
+	// URL with scheme and path
+	domain = "https://sub.tinyauth.app/path"
+	expected = "tinyauth.app"
+	result, err = utils.GetCookieDomain(domain)
+	assert.NilError(t, err)
+	assert.Equal(t, expected, result)
+
+	// URL with port
+	domain = "http://sub.tinyauth.app:8080"
+	expected = "tinyauth.app"
+	result, err = utils.GetCookieDomain(domain)
+	assert.NilError(t, err)
+	assert.Equal(t, expected, result)
+
+	// Domain managed by ICANN
+	domain = "http://example.co.uk"
+	_, err = utils.GetCookieDomain(domain)
+	assert.Error(t, err, "domain in public suffix list, cannot set cookies")
+}
+
+func TestParseFileToLine(t *testing.T) {
+	// Normal case
+	content := "user1\nuser2\nuser3"
+	expected := "user1,user2,user3"
+	result := utils.ParseFileToLine(content)
+	assert.Equal(t, expected, result)
+
+	// Case with empty lines and spaces
+	content = " user1 \n\n user2 \n user3 \n"
+	expected = "user1,user2,user3"
+	result = utils.ParseFileToLine(content)
+	assert.Equal(t, expected, result)
+
+	// Case with only empty lines
+	content = "\n\n\n"
+	expected = ""
+	result = utils.ParseFileToLine(content)
+	assert.Equal(t, expected, result)
+
+	// Case with single user
+	content = "singleuser"
+	expected = "singleuser"
+	result = utils.ParseFileToLine(content)
+	assert.Equal(t, expected, result)
+
+	// Case with trailing newline
+	content = "user1\nuser2\n"
+	expected = "user1,user2"
+	result = utils.ParseFileToLine(content)
+	assert.Equal(t, expected, result)
+}
+
+func TestFilter(t *testing.T) {
+	// Normal case
+	slice := []int{1, 2, 3, 4, 5}
+	testFunc := func(n int) bool { return n%2 == 0 }
+	expected := []int{2, 4}
+	result := utils.Filter(slice, testFunc)
+	assert.DeepEqual(t, expected, result)
+
+	// Case with no matches
+	slice = []int{1, 3, 5}
+	testFunc = func(n int) bool { return n%2 == 0 }
+	expected = []int{}
+	result = utils.Filter(slice, testFunc)
+	assert.DeepEqual(t, expected, result)
+
+	// Case with all matches
+	slice = []int{2, 4, 6}
+	testFunc = func(n int) bool { return n%2 == 0 }
+	expected = []int{2, 4, 6}
+	result = utils.Filter(slice, testFunc)
+	assert.DeepEqual(t, expected, result)
+
+	// Case with empty slice
+	slice = []int{}
+	testFunc = func(n int) bool { return n%2 == 0 }
+	expected = []int{}
+	result = utils.Filter(slice, testFunc)
+	assert.DeepEqual(t, expected, result)
+
+	// Case with different type (string)
+	sliceStr := []string{"apple", "banana", "cherry"}
+	testFuncStr := func(s string) bool { return len(s) > 5 }
+	expectedStr := []string{"banana", "cherry"}
+	resultStr := utils.Filter(sliceStr, testFuncStr)
+	assert.DeepEqual(t, expectedStr, resultStr)
+}
+
+func TestGetContext(t *testing.T) {
+	// Setup
+	gin.SetMode(gin.TestMode)
+	c, _ := gin.CreateTestContext(nil)
+
+	// Normal case
+	c.Set("context", &config.UserContext{Username: "testuser"})
+	result, err := utils.GetContext(c)
+	assert.NilError(t, err)
+	assert.Equal(t, "testuser", result.Username)
+
+	// Case with no context
+	c.Set("context", nil)
+	_, err = utils.GetContext(c)
+	assert.Error(t, err, "invalid user context in request")
+
+	// Case with invalid context type
+	c.Set("context", "invalid type")
+	_, err = utils.GetContext(c)
+	assert.Error(t, err, "invalid user context in request")
+}
+
+func TestIsRedirectSafe(t *testing.T) {
+	// Setup
+	domain := "example.com"
+
+	// Case with no subdomain
+	redirectURL := "http://example.com/welcome"
+	result := utils.IsRedirectSafe(redirectURL, domain)
+	assert.Equal(t, false, result)
+
+	// Case with different domain
+	redirectURL = "http://malicious.com/phishing"
+	result = utils.IsRedirectSafe(redirectURL, domain)
+	assert.Equal(t, false, result)
+
+	// Case with subdomain
+	redirectURL = "http://sub.example.com/page"
+	result = utils.IsRedirectSafe(redirectURL, domain)
+	assert.Equal(t, true, result)
+
+	// Case with empty redirect URL
+	redirectURL = ""
+	result = utils.IsRedirectSafe(redirectURL, domain)
+	assert.Equal(t, false, result)
+
+	// Case with invalid URL
+	redirectURL = "http://[::1]:namedport"
+	result = utils.IsRedirectSafe(redirectURL, domain)
+	assert.Equal(t, false, result)
+
+	// Case with URL having port
+	redirectURL = "http://sub.example.com:8080/page"
+	result = utils.IsRedirectSafe(redirectURL, domain)
+	assert.Equal(t, true, result)
+
+	// Case with URL having different subdomain
+	redirectURL = "http://another.example.com/page"
+	result = utils.IsRedirectSafe(redirectURL, domain)
+	assert.Equal(t, true, result)
+
+	// Case with URL having different TLD
+	redirectURL = "http://example.org/page"
+	result = utils.IsRedirectSafe(redirectURL, domain)
+	assert.Equal(t, false, result)
+}
--- a/internal/utils/decoders/label_decoder.go
+++ b/internal/utils/decoders/label_decoder.go
@@ -0,0 +1,19 @@
+package decoders
+
+import (
+	"tinyauth/internal/config"
+
+	"github.com/traefik/paerser/parser"
+)
+
+func DecodeLabels(labels map[string]string) (config.Apps, error) {
+	var appLabels config.Apps
+
+	err := parser.Decode(labels, &appLabels, "tinyauth", "tinyauth.apps")
+
+	if err != nil {
+		return config.Apps{}, err
+	}
+
+	return appLabels, nil
+}
--- a/internal/utils/decoders/label_decoder_test.go
+++ b/internal/utils/decoders/label_decoder_test.go
@@ -0,0 +1,73 @@
+package decoders_test
+
+import (
+	"reflect"
+	"testing"
+	"tinyauth/internal/config"
+	"tinyauth/internal/utils/decoders"
+)
+
+func TestDecodeLabels(t *testing.T) {
+	// Variables
+	expected := config.Apps{
+		Apps: map[string]config.App{
+			"foo": {
+				Config: config.AppConfig{
+					Domain: "example.com",
+				},
+				Users: config.AppUsers{
+					Allow: "user1,user2",
+					Block: "user3",
+				},
+				OAuth: config.AppOAuth{
+					Whitelist: "somebody@example.com",
+					Groups:    "group3",
+				},
+				IP: config.AppIP{
+					Allow:  []string{"10.71.0.1/24", "10.71.0.2"},
+					Block:  []string{"10.10.10.10", "10.0.0.0/24"},
+					Bypass: []string{"192.168.1.1"},
+				},
+				Response: config.AppResponse{
+					Headers: []string{"X-Foo=Bar", "X-Baz=Qux"},
+					BasicAuth: config.AppBasicAuth{
+						Username:     "admin",
+						Password:     "password",
+						PasswordFile: "/path/to/passwordfile",
+					},
+				},
+				Path: config.AppPath{
+					Allow: "/public",
+					Block: "/private",
+				},
+			},
+		},
+	}
+	test := map[string]string{
+		"tinyauth.apps.foo.config.domain":                   "example.com",
+		"tinyauth.apps.foo.users.allow":                     "user1,user2",
+		"tinyauth.apps.foo.users.block":                     "user3",
+		"tinyauth.apps.foo.oauth.whitelist":                 "somebody@example.com",
+		"tinyauth.apps.foo.oauth.groups":                    "group3",
+		"tinyauth.apps.foo.ip.allow":                        "10.71.0.1/24,10.71.0.2",
+		"tinyauth.apps.foo.ip.block":                        "10.10.10.10,10.0.0.0/24",
+		"tinyauth.apps.foo.ip.bypass":                       "192.168.1.1",
+		"tinyauth.apps.foo.response.headers":                "X-Foo=Bar,X-Baz=Qux",
+		"tinyauth.apps.foo.response.basicauth.username":     "admin",
+		"tinyauth.apps.foo.response.basicauth.password":     "password",
+		"tinyauth.apps.foo.response.basicauth.passwordfile": "/path/to/passwordfile",
+		"tinyauth.apps.foo.path.allow":                      "/public",
+		"tinyauth.apps.foo.path.block":                      "/private",
+	}
+
+	// Test
+	result, err := decoders.DecodeLabels(test)
+
+	if err != nil {
+		t.Fatalf("Unexpected error: %v", err)
+	}
+
+	if reflect.DeepEqual(expected, result) == false {
+		t.Fatalf("Expected %v but got %v", expected, result)
+	}
+}
--- a/internal/utils/fs_utils_test.go
+++ b/internal/utils/fs_utils_test.go
@@ -0,0 +1,31 @@
+package utils
+
+import (
+	"os"
+	"testing"
+
+	"gotest.tools/v3/assert"
+)
+
+func TestReadFile(t *testing.T) {
+	// Setup
+	file, err := os.Create("/tmp/tinyauth_test_file")
+	assert.NilError(t, err)
+
+	_, err = file.WriteString("file content\n")
+	assert.NilError(t, err)
+
+	err = file.Close()
+	assert.NilError(t, err)
+	defer os.Remove("/tmp/tinyauth_test_file")
+
+	// Normal case
+	content, err := ReadFile("/tmp/tinyauth_test_file")
+	assert.NilError(t, err)
+	assert.Equal(t, "file content\n", content)
+
+	// Non-existing file
+	content, err = ReadFile("/tmp/non_existing_file")
+	assert.ErrorContains(t, err, "no such file or directory")
+	assert.Equal(t, "", content)
+}
--- a/internal/utils/label_utils.go
+++ b/internal/utils/label_utils.go
@@ -3,22 +3,8 @@ package utils
 import (
 	"net/http"
 	"strings"
-	"tinyauth/internal/config"
-
-	"github.com/traefik/paerser/parser"
 )

-func GetLabels(labels map[string]string) (config.Labels, error) {
-	var labelsParsed config.Labels
-
-	err := parser.Decode(labels, &labelsParsed, "tinyauth", "tinyauth.apps")
-	if err != nil {
-		return config.Labels{}, err
-	}
-
-	return labelsParsed, nil
-}
-
 func ParseHeaders(headers []string) map[string]string {
 	headerMap := make(map[string]string)
 	for _, header := range headers {
--- a/internal/utils/label_utils_test.go
+++ b/internal/utils/label_utils_test.go
@@ -0,0 +1,87 @@
+package utils_test
+
+import (
+	"testing"
+	"tinyauth/internal/utils"
+
+	"gotest.tools/v3/assert"
+)
+
+func TestParseHeaders(t *testing.T) {
+	// Normal case
+	headers := []string{
+		"X-Custom-Header=Value",
+		"Another-Header=AnotherValue",
+	}
+	expected := map[string]string{
+		"X-Custom-Header": "Value",
+		"Another-Header":  "AnotherValue",
+	}
+	assert.DeepEqual(t, expected, utils.ParseHeaders(headers))
+
+	// Case insensitivity and trimming
+	headers = []string{
+		"  x-custom-header =  Value  ",
+		"ANOTHER-HEADER=AnotherValue",
+	}
+	expected = map[string]string{
+		"X-Custom-Header": "Value",
+		"Another-Header":  "AnotherValue",
+	}
+	assert.DeepEqual(t, expected, utils.ParseHeaders(headers))
+
+	// Invalid headers (missing '=', empty key/value)
+	headers = []string{
+		"InvalidHeader",
+		"=NoKey",
+		"NoValue=",
+		"   =   ",
+	}
+	expected = map[string]string{}
+	assert.DeepEqual(t, expected, utils.ParseHeaders(headers))
+
+	// Headers with unsafe characters
+	headers = []string{
+		"X-Custom-Header=Val\x00ue",       // Null byte
+		"Another-Header=Anoth\x7FerValue", // DEL character
+		"Good-Header=GoodValue",
+	}
+	expected = map[string]string{
+		"X-Custom-Header": "Value",
+		"Another-Header":  "AnotherValue",
+		"Good-Header":     "GoodValue",
+	}
+	assert.DeepEqual(t, expected, utils.ParseHeaders(headers))
+
+	// Header with spaces in key (should be ignored)
+	headers = []string{
+		"X Custom Header=Value",
+		"Valid-Header=ValidValue",
+	}
+	expected = map[string]string{
+		"Valid-Header": "ValidValue",
+	}
+	assert.DeepEqual(t, expected, utils.ParseHeaders(headers))
+}
+
+func TestSanitizeHeader(t *testing.T) {
+	// Normal case
+	header := "X-Custom-Header"
+	expected := "X-Custom-Header"
+	assert.Equal(t, expected, utils.SanitizeHeader(header))
+
+	// Header with unsafe characters
+	header = "X-Cust\x00om-Hea\x7Fder" // Null byte and DEL character
+	expected = "X-Custom-Header"
+	assert.Equal(t, expected, utils.SanitizeHeader(header))
+
+	// Header with only unsafe characters
+	header = "\x00\x01\x02\x7F"
+	expected = ""
+	assert.Equal(t, expected, utils.SanitizeHeader(header))
+
+	// Header with spaces and tabs (should be preserved)
+	header = "X Custom\tHeader"
+	expected = "X Custom\tHeader"
+	assert.Equal(t, expected, utils.SanitizeHeader(header))
+}
--- a/internal/utils/security_utils.go
+++ b/internal/utils/security_utils.go
@@ -48,6 +48,12 @@ func GetBasicAuth(username string, password string) string {
 func FilterIP(filter string, ip string) (bool, error) {
 	ipAddr := net.ParseIP(ip)

+	if ipAddr == nil {
+		return false, errors.New("invalid IP address")
+	}
+
+	filter = strings.Replace(filter, "-", "/", -1)
+
 	if strings.Contains(filter, "/") {
 		_, cidr, err := net.ParseCIDR(filter)
 		if err != nil {
--- a/internal/utils/security_utils_test.go
+++ b/internal/utils/security_utils_test.go
@@ -0,0 +1,151 @@
+package utils_test
+
+import (
+	"os"
+	"testing"
+	"tinyauth/internal/utils"
+
+	"gotest.tools/v3/assert"
+)
+
+func TestGetSecret(t *testing.T) {
+	// Setup
+	file, err := os.Create("/tmp/tinyauth_test_secret")
+	assert.NilError(t, err)
+
+	_, err = file.WriteString("       secret       \n")
+	assert.NilError(t, err)
+
+	err = file.Close()
+	assert.NilError(t, err)
+	defer os.Remove("/tmp/tinyauth_test_secret")
+
+	// Get from config
+	assert.Equal(t, "mysecret", utils.GetSecret("mysecret", ""))
+
+	// Get from file
+	assert.Equal(t, "secret", utils.GetSecret("", "/tmp/tinyauth_test_secret"))
+
+	// Get from both (config should take precedence)
+	assert.Equal(t, "mysecret", utils.GetSecret("mysecret", "/tmp/tinyauth_test_secret"))
+
+	// Get from none
+	assert.Equal(t, "", utils.GetSecret("", ""))
+
+	// Get from non-existing file
+	assert.Equal(t, "", utils.GetSecret("", "/tmp/non_existing_file"))
+}
+
+func TestParseSecretFile(t *testing.T) {
+	// Normal case
+	content := "   mysecret   \n"
+	assert.Equal(t, "mysecret", utils.ParseSecretFile(content))
+
+	// Multiple lines (should take the first non-empty line)
+	content = "\n\n   firstsecret   \nsecondsecret\n"
+	assert.Equal(t, "firstsecret", utils.ParseSecretFile(content))
+
+	// All empty lines
+	content = "\n   \n  \n"
+	assert.Equal(t, "", utils.ParseSecretFile(content))
+
+	// Empty content
+	content = ""
+	assert.Equal(t, "", utils.ParseSecretFile(content))
+}
+
+func TestGetBasicAuth(t *testing.T) {
+	// Normal case
+	username := "user"
+	password := "pass"
+	expected := "dXNlcjpwYXNz" // base64 of "user:pass"
+	assert.Equal(t, expected, utils.GetBasicAuth(username, password))
+
+	// Empty username
+	username = ""
+	password = "pass"
+	expected = "OnBhc3M=" // base64 of ":pass"
+	assert.Equal(t, expected, utils.GetBasicAuth(username, password))
+
+	// Empty password
+	username = "user"
+	password = ""
+	expected = "dXNlcjo=" // base64 of "user:"
+	assert.Equal(t, expected, utils.GetBasicAuth(username, password))
+}
+
+func TestFilterIP(t *testing.T) {
+	// Exact match IPv4
+	ok, err := utils.FilterIP("10.10.0.1", "10.10.0.1")
+	assert.NilError(t, err)
+	assert.Equal(t, true, ok)
+
+	// Non-match IPv4
+	ok, err = utils.FilterIP("10.10.0.1", "10.10.0.2")
+	assert.NilError(t, err)
+	assert.Equal(t, false, ok)
+
+	// CIDR match IPv4
+	ok, err = utils.FilterIP("10.10.0.0/24", "10.10.0.2")
+	assert.NilError(t, err)
+	assert.Equal(t, true, ok)
+
+	// CIDR match IPv4 with '-' instead of '/'
+	ok, err = utils.FilterIP("10.10.10.0-24", "10.10.10.5")
+	assert.NilError(t, err)
+	assert.Equal(t, true, ok)
+
+	// CIDR non-match IPv4
+	ok, err = utils.FilterIP("10.10.0.0/24", "10.5.0.1")
+	assert.NilError(t, err)
+	assert.Equal(t, false, ok)
+
+	// Invalid CIDR
+	ok, err = utils.FilterIP("10.10.0.0/222", "10.0.0.1")
+	assert.ErrorContains(t, err, "invalid CIDR address")
+	assert.Equal(t, false, ok)
+
+	// Invalid IP in filter
+	ok, err = utils.FilterIP("invalid_ip", "10.5.5.5")
+	assert.ErrorContains(t, err, "invalid IP address in filter")
+	assert.Equal(t, false, ok)
+
+	// Invalid IP to check
+	ok, err = utils.FilterIP("10.10.10.10", "invalid_ip")
+	assert.ErrorContains(t, err, "invalid IP address")
+	assert.Equal(t, false, ok)
+}
+
+func TestCheckFilter(t *testing.T) {
+	// Empty filter
+	assert.Equal(t, true, utils.CheckFilter("", "anystring"))
+
+	// Exact match
+	assert.Equal(t, true, utils.CheckFilter("hello", "hello"))
+
+	// Regex match
+	assert.Equal(t, true, utils.CheckFilter("/^h.*o$/", "hello"))
+
+	// Invalid regex
+	assert.Equal(t, false, utils.CheckFilter("/[unclosed", "test"))
+
+	// Comma-separated values
+	assert.Equal(t, true, utils.CheckFilter("apple, banana, cherry", "banana"))
+
+	// No match
+	assert.Equal(t, false, utils.CheckFilter("apple, banana, cherry", "grape"))
+}
+
+func TestGenerateIdentifier(t *testing.T) {
+	// Consistent output for same input
+	id1 := utils.GenerateIdentifier("teststring")
+	id2 := utils.GenerateIdentifier("teststring")
+	assert.Equal(t, id1, id2)
+
+	// Different output for different input
+	id3 := utils.GenerateIdentifier("differentstring")
+	assert.Assert(t, id1 != id3)
+
+	// Check length (should be 8 characters from first segment of UUID)
+	assert.Equal(t, 8, len(id1))
+}
--- a/internal/utils/string_utils_test.go
+++ b/internal/utils/string_utils_test.go
@@ -0,0 +1,50 @@
+package utils_test
+
+import (
+	"testing"
+	"tinyauth/internal/utils"
+
+	"gotest.tools/v3/assert"
+)
+
+func TestCapitalize(t *testing.T) {
+	// Test empty string
+	assert.Equal(t, "", utils.Capitalize(""))
+
+	// Test single character
+	assert.Equal(t, "A", utils.Capitalize("a"))
+
+	// Test multiple characters
+	assert.Equal(t, "Hello", utils.Capitalize("hello"))
+
+	// Test already capitalized
+	assert.Equal(t, "World", utils.Capitalize("World"))
+
+	// Test non-alphabetic first character
+	assert.Equal(t, "1number", utils.Capitalize("1number"))
+
+	// Test Unicode characters
+	assert.Equal(t, "Γειά", utils.Capitalize("γειά"))
+	assert.Equal(t, "Привет", utils.Capitalize("привет"))
+
+}
+
+func TestCoalesceToString(t *testing.T) {
+	// Test with []any containing strings
+	assert.Equal(t, "a,b,c", utils.CoalesceToString([]any{"a", "b", "c"}))
+
+	// Test with []any containing mixed types
+	assert.Equal(t, "a,c", utils.CoalesceToString([]any{"a", 1, "c", true}))
+
+	// Test with []any containing no strings
+	assert.Equal(t, "", utils.CoalesceToString([]any{1, 2, 3}))
+
+	// Test with string input
+	assert.Equal(t, "hello", utils.CoalesceToString("hello"))
+
+	// Test with non-string, non-[]any input
+	assert.Equal(t, "", utils.CoalesceToString(123))
+
+	// Test with nil input
+	assert.Equal(t, "", utils.CoalesceToString(nil))
+}
--- a/internal/utils/user_utils_test.go
+++ b/internal/utils/user_utils_test.go
@@ -0,0 +1,163 @@
+package utils_test
+
+import (
+	"os"
+	"testing"
+	"tinyauth/internal/utils"
+
+	"gotest.tools/v3/assert"
+)
+
+func TestGetUsers(t *testing.T) {
+	// Setup
+	file, err := os.Create("/tmp/tinyauth_users_test.txt")
+	assert.NilError(t, err)
+
+	_, err = file.WriteString("      user1:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G        \n         user2:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G                    ") // Spacing is on purpose
+	assert.NilError(t, err)
+
+	err = file.Close()
+	assert.NilError(t, err)
+	defer os.Remove("/tmp/tinyauth_users_test.txt")
+
+	// Test file
+	users, err := utils.GetUsers("", "/tmp/tinyauth_users_test.txt")
+
+	assert.NilError(t, err)
+
+	assert.Equal(t, 2, len(users))
+
+	assert.Equal(t, "user1", users[0].Username)
+	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[0].Password)
+	assert.Equal(t, "user2", users[1].Username)
+	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[1].Password)
+
+	// Test config
+	users, err = utils.GetUsers("user3:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G,user4:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", "")
+
+	assert.NilError(t, err)
+
+	assert.Equal(t, 2, len(users))
+
+	assert.Equal(t, "user3", users[0].Username)
+	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[0].Password)
+	assert.Equal(t, "user4", users[1].Username)
+	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[1].Password)
+
+	// Test both
+	users, err = utils.GetUsers("user5:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", "/tmp/tinyauth_users_test.txt")
+
+	assert.NilError(t, err)
+
+	assert.Equal(t, 3, len(users))
+
+	assert.Equal(t, "user5", users[0].Username)
+	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[0].Password)
+	assert.Equal(t, "user1", users[1].Username)
+	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[1].Password)
+	assert.Equal(t, "user2", users[2].Username)
+	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[2].Password)
+
+	// Test empty
+	users, err = utils.GetUsers("", "")
+
+	assert.NilError(t, err)
+
+	assert.Equal(t, 0, len(users))
+
+	// Test non-existent file
+	users, err = utils.GetUsers("", "/tmp/non_existent_file.txt")
+
+	assert.ErrorContains(t, err, "no such file or directory")
+
+	assert.Equal(t, 0, len(users))
+}
+
+func TestParseUsers(t *testing.T) {
+	// Valid users
+	users, err := utils.ParseUsers("user1:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G,user2:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G:ABCDEF") // user2 has TOTP
+
+	assert.NilError(t, err)
+
+	assert.Equal(t, 2, len(users))
+
+	assert.Equal(t, "user1", users[0].Username)
+	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[0].Password)
+	assert.Equal(t, "", users[0].TotpSecret)
+	assert.Equal(t, "user2", users[1].Username)
+	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[1].Password)
+	assert.Equal(t, "ABCDEF", users[1].TotpSecret)
+
+	// Valid weirdly spaced users
+	users, err = utils.ParseUsers("      user1:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G        ,         user2:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G:ABCDEF                    ") // Spacing is on purpose
+	assert.NilError(t, err)
+
+	assert.Equal(t, 2, len(users))
+
+	assert.Equal(t, "user1", users[0].Username)
+	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[0].Password)
+	assert.Equal(t, "", users[0].TotpSecret)
+	assert.Equal(t, "user2", users[1].Username)
+	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[1].Password)
+	assert.Equal(t, "ABCDEF", users[1].TotpSecret)
+}
+
+func TestParseUser(t *testing.T) {
+	// Valid user without TOTP
+	user, err := utils.ParseUser("user1:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G")
+
+	assert.NilError(t, err)
+
+	assert.Equal(t, "user1", user.Username)
+	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", user.Password)
+	assert.Equal(t, "", user.TotpSecret)
+
+	// Valid user with TOTP
+	user, err = utils.ParseUser("user2:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G:ABCDEF")
+
+	assert.NilError(t, err)
+
+	assert.Equal(t, "user2", user.Username)
+	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", user.Password)
+	assert.Equal(t, "ABCDEF", user.TotpSecret)
+
+	// Valid user with $$ in password
+	user, err = utils.ParseUser("user3:pa$$word123")
+
+	assert.NilError(t, err)
+
+	assert.Equal(t, "user3", user.Username)
+	assert.Equal(t, "pa$word123", user.Password)
+	assert.Equal(t, "", user.TotpSecret)
+
+	// User with spaces
+	user, err = utils.ParseUser("   user4   :   password123   :   TOTPSECRET   ")
+
+	assert.NilError(t, err)
+
+	assert.Equal(t, "user4", user.Username)
+	assert.Equal(t, "password123", user.Password)
+	assert.Equal(t, "TOTPSECRET", user.TotpSecret)
+
+	// Invalid users
+	_, err = utils.ParseUser("user1") // Missing password
+	assert.ErrorContains(t, err, "invalid user format")
+
+	_, err = utils.ParseUser("user1:")
+	assert.ErrorContains(t, err, "invalid user format")
+
+	_, err = utils.ParseUser(":password123")
+	assert.ErrorContains(t, err, "invalid user format")
+
+	_, err = utils.ParseUser("user1:password123:ABC:EXTRA") // Too many parts
+	assert.ErrorContains(t, err, "invalid user format")
+
+	_, err = utils.ParseUser("user1::ABC")
+	assert.ErrorContains(t, err, "invalid user format")
+
+	_, err = utils.ParseUser(":password123:ABC")
+	assert.ErrorContains(t, err, "invalid user format")
+
+	_, err = utils.ParseUser("   :   :   ")
+	assert.ErrorContains(t, err, "invalid user format")
+}
Author	SHA1	Message	Date
dependabot[bot]	e996a7015e	chore(deps): bump the minor-patch group across 1 directory with 18 updates Bumps the minor-patch group with 18 updates in the /frontend directory: \| Package \| From \| To \| \| --- \| --- \| --- \| \| [@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite) \| `4.1.12` \| `4.1.13` \| \| [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) \| `5.85.5` \| `5.87.1` \| \| [i18next](https://github.com/i18next/i18next) \| `25.4.2` \| `25.5.2` \| \| [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) \| `0.541.0` \| `0.543.0` \| \| [react-i18next](https://github.com/i18next/react-i18next) \| `15.7.2` \| `15.7.3` \| \| [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) \| `4.1.12` \| `4.1.13` \| \| [zod](https://github.com/colinhacks/zod) \| `4.1.3` \| `4.1.5` \| \| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) \| `9.34.0` \| `9.35.0` \| \| [@tanstack/eslint-plugin-query](https://github.com/TanStack/query/tree/HEAD/packages/eslint-plugin-query) \| `5.83.1` \| `5.86.0` \| \| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) \| `24.3.0` \| `24.3.1` \| \| [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) \| `19.1.11` \| `19.1.12` \| \| [@types/react-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-dom) \| `19.1.8` \| `19.1.9` \| \| [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) \| `5.0.1` \| `5.0.2` \| \| [eslint](https://github.com/eslint/eslint) \| `9.34.0` \| `9.35.0` \| \| [globals](https://github.com/sindresorhus/globals) \| `16.3.0` \| `16.4.0` \| \| [tw-animate-css](https://github.com/Wombosvideo/tw-animate-css) \| `1.3.7` \| `1.3.8` \| \| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) \| `8.41.0` \| `8.43.0` \| \| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) \| `7.1.3` \| `7.1.5` \| Updates `@tailwindcss/vite` from 4.1.12 to 4.1.13 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.1.13/packages/@tailwindcss-vite) Updates `@tanstack/react-query` from 5.85.5 to 5.87.1 - [Release notes](https://github.com/TanStack/query/releases) - [Commits](https://github.com/TanStack/query/commits/v5.87.1/packages/react-query) Updates `i18next` from 25.4.2 to 25.5.2 - [Release notes](https://github.com/i18next/i18next/releases) - [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md) - [Commits](https://github.com/i18next/i18next/compare/v25.4.2...v25.5.2) Updates `lucide-react` from 0.541.0 to 0.543.0 - [Release notes](https://github.com/lucide-icons/lucide/releases) - [Commits](https://github.com/lucide-icons/lucide/commits/0.543.0/packages/lucide-react) Updates `react-i18next` from 15.7.2 to 15.7.3 - [Changelog](https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md) - [Commits](https://github.com/i18next/react-i18next/compare/v15.7.2...v15.7.3) Updates `tailwindcss` from 4.1.12 to 4.1.13 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.1.13/packages/tailwindcss) Updates `zod` from 4.1.3 to 4.1.5 - [Release notes](https://github.com/colinhacks/zod/releases) - [Commits](https://github.com/colinhacks/zod/compare/v4.1.3...v4.1.5) Updates `@eslint/js` from 9.34.0 to 9.35.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/commits/v9.35.0/packages/js) Updates `@tanstack/eslint-plugin-query` from 5.83.1 to 5.86.0 - [Release notes](https://github.com/TanStack/query/releases) - [Commits](https://github.com/TanStack/query/commits/v5.86.0/packages/eslint-plugin-query) Updates `@types/node` from 24.3.0 to 24.3.1 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@types/react` from 19.1.11 to 19.1.12 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) Updates `@types/react-dom` from 19.1.8 to 19.1.9 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react-dom) Updates `@vitejs/plugin-react` from 5.0.1 to 5.0.2 - [Release notes](https://github.com/vitejs/vite-plugin-react/releases) - [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@5.0.2/packages/plugin-react) Updates `eslint` from 9.34.0 to 9.35.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/compare/v9.34.0...v9.35.0) Updates `globals` from 16.3.0 to 16.4.0 - [Release notes](https://github.com/sindresorhus/globals/releases) - [Commits](https://github.com/sindresorhus/globals/compare/v16.3.0...v16.4.0) Updates `tw-animate-css` from 1.3.7 to 1.3.8 - [Release notes](https://github.com/Wombosvideo/tw-animate-css/releases) - [Commits](https://github.com/Wombosvideo/tw-animate-css/compare/v1.3.7...v1.3.8) Updates `typescript-eslint` from 8.41.0 to 8.43.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.43.0/packages/typescript-eslint) Updates `vite` from 7.1.3 to 7.1.5 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite) --- updated-dependencies: - dependency-name: "@tailwindcss/vite" dependency-version: 4.1.13 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: "@tanstack/react-query" dependency-version: 5.87.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: i18next dependency-version: 25.5.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: lucide-react dependency-version: 0.543.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: react-i18next dependency-version: 15.7.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: tailwindcss dependency-version: 4.1.13 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: zod dependency-version: 4.1.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: "@eslint/js" dependency-version: 9.35.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: "@tanstack/eslint-plugin-query" dependency-version: 5.86.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: "@types/node" dependency-version: 24.3.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: "@types/react" dependency-version: 19.1.12 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: "@types/react-dom" dependency-version: 19.1.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.0.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: eslint dependency-version: 9.35.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: globals dependency-version: 16.4.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: tw-animate-css dependency-version: 1.3.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: typescript-eslint dependency-version: 8.43.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: vite dependency-version: 7.1.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-09-11 08:21:10 +00:00
Stavros	2d78e6b598	feat: add cookie domain back to context controller	2025-09-10 13:47:48 +03:00
Stavros	e03eaf4f08	feat: add psl check in cookie domain	2025-09-10 13:43:08 +03:00
Stavros	74cb8067a8	tests: add util tests	2025-09-03 17:52:51 +03:00
Stavros	ba46493a7b	tests: add proxy controller tests	2025-09-03 15:30:24 +03:00
Stavros	bb0373758a	tests: add resources controller test	2025-09-03 14:58:24 +03:00
Stavros	f8836fc964	tests: test user context handler with no context	2025-09-03 13:36:11 +03:00
Stavros	53856e0a70	tests: test invalid json in user controller	2025-09-03 13:31:45 +03:00
Stavros	9b7dcfd86f	tests: add user controller tests	2025-09-03 13:28:27 +03:00
Stavros	7afea8b3fc	tests: add tests for context controller	2025-09-03 12:45:23 +03:00
Stavros	f5ac7eff99	refactor: mode label decoder to separate package	2025-09-03 12:23:21 +03:00
Stavros	b024d5ffda	feat: allow for dash substitute in ip filters for environments like kubernetes	2025-09-03 12:16:06 +03:00
Stavros	773cd6d171	feat: add trusted proxies config value	2025-09-03 12:14:13 +03:00
Stavros	f3eb7f69b4	Revert "feat: header based acls (#337 )" (#340 ) This reverts commit `f0d2da281a`.	2025-09-03 12:12:18 +03:00
Stavros	f0d2da281a	feat: header based acls (#337 ) * feat: add header decoder * feat: allow for dash substitute over slash for environments like kubernetes * feat: use decoded headers in proxy controller * refactor: simplify decode header to node function * refactor: use stdlib prefix check in header decoder * fix: lowercase key and filter before comparing	2025-09-02 19:06:52 +03:00
Stavros	9ce16c9652	fix: expire csrf cookie if it's invalid	2025-09-02 18:38:11 +03:00
Stavros	ad4fc7ef5f	refactor: don't export non-needed fields (#336 ) * refactor: don't export non-needed fields * feat: coderabbit suggestions * fix: avoid queries panic	2025-09-02 01:27:55 +03:00