fix: fix translations not loading

chore: remove unused code
refactor: update build
2026-01-12 10:22:30 +00:00 · 2025-12-17 23:36:01 +02:00 · 2025-12-17 23:31:24 +02:00 · 2025-12-17 23:21:15 +02:00 · 2025-12-17 19:42:26 +02:00 · 2025-12-17 18:30:43 +02:00
74 changed files with 941 additions and 1791 deletions
--- a/.coderabbit.yaml
+++ b/.coderabbit.yaml
@@ -1,3 +0,0 @@
 issue_enrichment:
  auto_enrich:
    enabled: false
--- a/.env.example
+++ b/.env.example
@@ -1,88 +1,84 @@
 # Base Configuration
 # The base URL where Tinyauth is accessible
-TINYAUTH_APPURL="https://auth.example.com"
+TINYAUTH_APPURL=https://auth.example.com
 # Log level: trace, debug, info, warn, error
-TINYAUTH_LOGLEVEL="info"
+TINYAUTH_LOGLEVEL=info
 # Directory for static resources
-TINYAUTH_RESOURCESDIR="/data/resources"
+TINYAUTH_RESOURCESDIR=/data/resources
 # Path to SQLite database file
-TINYAUTH_DATABASEPATH="/data/tinyauth.db"
+TINYAUTH_DATABASEPATH=/data/tinyauth.db
 # Disable version heartbeat
-TINYAUTH_DISABLEANALYTICS="false"
+TINYAUTH_DISABLEANALYTICS=false
 # Disable static resource serving
-TINYAUTH_DISABLERESOURCES="false"
+TINYAUTH_DISABLERESOURCES=false
 # Disable UI warning messages
-TINYAUTH_DISABLEUIWARNINGS="false"
+TINYAUTH_DISABLEUIWARNINGS=false
 # Enable JSON formatted logs
 TINYAUTH_LOGJSON="false"
 # Server Configuration
 # Port to listen on
-TINYAUTH_SERVER_PORT="3000"
+TINYAUTH_SERVER_PORT=3000
 # Interface to bind to (0.0.0.0 for all interfaces)
-TINYAUTH_SERVER_ADDRESS="0.0.0.0"
+TINYAUTH_SERVER_ADDRESS=0.0.0.0
 # Unix socket path (optional, overrides port/address if set)
-TINYAUTH_SERVER_SOCKETPATH=""
+TINYAUTH_SERVER_SOCKETPATH=
 # Comma-separated list of trusted proxy IPs/CIDRs
-TINYAUTH_SERVER_TRUSTEDPROXIES=""
+TINYAUTH_SERVER_TRUSTEDPROXIES=
 # Authentication Configuration
 # Format: username:bcrypt_hash (use bcrypt to generate hash)
-TINYAUTH_AUTH_USERS="admin:$2a$10$example_bcrypt_hash_here"
+TINYAUTH_AUTH_USERS=admin:$2a$10$example_bcrypt_hash_here
 # Path to external users file (optional)
-TINYAUTH_AUTH_USERSFILE=""
+TINYAUTH_USERSFILE=
 # Enable secure cookies (requires HTTPS)
-TINYAUTH_AUTH_SECURECOOKIE="true"
+TINYAUTH_SECURECOOKIE=true
 # Session expiry in seconds (7200 = 2 hours)
-TINYAUTH_AUTH_SESSIONEXPIRY="7200"
+TINYAUTH_SESSIONEXPIRY=7200
 # Session maximum lifetime in seconds (0 = unlimited)
 TINYAUTH_AUTH_SESSIONMAXLIFETIME="0"
 # Login timeout in seconds (300 = 5 minutes)
-TINYAUTH_AUTH_LOGINTIMEOUT="300"
+TINYAUTH_LOGINTIMEOUT=300
 # Maximum login retries before lockout
-TINYAUTH_AUTH_LOGINMAXRETRIES="5"
+TINYAUTH_LOGINMAXRETRIES=5
 # OAuth Configuration
 # Regex pattern for allowed email addresses (e.g., /@example\.com$/)
-TINYAUTH_OAUTH_WHITELIST=""
+TINYAUTH_OAUTH_WHITELIST=
 # Provider ID to auto-redirect to (skips login page)
-TINYAUTH_OAUTH_AUTOREDIRECT=""
+TINYAUTH_OAUTH_AUTOREDIRECT=
 # OAuth Provider Configuration (replace MYPROVIDER with your provider name)
-TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_CLIENTID="your_client_id_here"
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_CLIENTID=your_client_id_here
-TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_CLIENTSECRET="your_client_secret_here"
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_CLIENTSECRET=your_client_secret_here
-TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_AUTHURL="https://provider.example.com/oauth/authorize"
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_AUTHURL=https://provider.example.com/oauth/authorize
-TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_TOKENURL="https://provider.example.com/oauth/token"
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_TOKENURL=https://provider.example.com/oauth/token
-TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_USERINFOURL="https://provider.example.com/oauth/userinfo"
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_USERINFOURL=https://provider.example.com/oauth/userinfo
-TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_REDIRECTURL="https://auth.example.com/oauth/callback/myprovider"
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_REDIRECTURL=https://auth.example.com/oauth/callback/myprovider
-TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_SCOPES="openid email profile"
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_SCOPES=openid email profile
-TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_NAME="My OAuth Provider"
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_NAME=My OAuth Provider
 # Allow self-signed certificates
-TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_INSECURE="false"
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_INSECURE=false
 # UI Customization
 # Custom title for login page
-TINYAUTH_UI_TITLE="Tinyauth"
+TINYAUTH_UI_TITLE=Tinyauth
 # Message shown on forgot password page
 TINYAUTH_UI_FORGOTPASSWORDMESSAGE="Contact your administrator to reset your password"
 # Background image URL for login page
-TINYAUTH_UI_BACKGROUNDIMAGE=""
+TINYAUTH_UI_BACKGROUNDIMAGE=
 # LDAP Configuration
 # LDAP server address
-TINYAUTH_LDAP_ADDRESS="ldap://ldap.example.com:389"
+TINYAUTH_LDAP_ADDRESS=ldap://ldap.example.com:389
 # DN for binding to LDAP server
-TINYAUTH_LDAP_BINDDN="cn=readonly,dc=example,dc=com"
+TINYAUTH_LDAP_BINDDN=cn=readonly,dc=example,dc=com
 # Password for bind DN
-TINYAUTH_LDAP_BINDPASSWORD="your_bind_password"
+TINYAUTH_LDAP_BINDPASSWORD=your_bind_password
 # Base DN for user searches
-TINYAUTH_LDAP_BASEDN="dc=example,dc=com"
+TINYAUTH_LDAP_BASEDN=dc=example,dc=com
 # Search filter (%s will be replaced with username)
-TINYAUTH_LDAP_SEARCHFILTER="(&(uid=%s)(memberOf=cn=users,ou=groups,dc=example,dc=com))"
+TINYAUTH_LDAP_SEARCHFILTER=(&(uid=%s)(memberOf=cn=users,ou=groups,dc=example,dc=com))
 # Allow insecure LDAP connections
-TINYAUTH_LDAP_INSECURE="false"
+TINYAUTH_LDAP_INSECURE=false
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -18,16 +18,7 @@ jobs:
      - name: Setup go
        uses: actions/setup-go@v5
        with:
-          go-version: "^1.24.0"
+          go-version: "^1.23.2"
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Install frontend dependencies
        run: |
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -61,16 +61,7 @@ jobs:
      - name: Install go
        uses: actions/setup-go@v5
        with:
-          go-version: "^1.24.0"
+          go-version: "^1.23.2"
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Install frontend dependencies
        run: |
@@ -89,7 +80,7 @@ jobs:
      - name: Build
        run: |
          cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64 ./cmd/tinyauth
+          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64 cmd/*
        env:
          CGO_ENABLED: 0
@@ -116,16 +107,7 @@ jobs:
      - name: Install go
        uses: actions/setup-go@v5
        with:
-          go-version: "^1.24.0"
+          go-version: "^1.23.2"
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Install frontend dependencies
        run: |
@@ -144,7 +126,7 @@ jobs:
      - name: Build
        run: |
          cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64 ./cmd/tinyauth
+          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64 cmd/*
        env:
          CGO_ENABLED: 0
@@ -165,15 +147,6 @@ jobs:
        with:
          ref: nightly
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
@@ -232,15 +205,6 @@ jobs:
        with:
          ref: nightly
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
@@ -299,15 +263,6 @@ jobs:
        with:
          ref: nightly
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
@@ -366,15 +321,6 @@ jobs:
        with:
          ref: nightly
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -39,16 +39,7 @@ jobs:
      - name: Install go
        uses: actions/setup-go@v5
        with:
-          go-version: "^1.24.0"
+          go-version: "^1.23.2"
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Install frontend dependencies
        run: |
@@ -67,7 +58,7 @@ jobs:
      - name: Build
        run: |
          cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64 ./cmd/tinyauth
+          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64 cmd/*
        env:
          CGO_ENABLED: 0
@@ -91,16 +82,7 @@ jobs:
      - name: Install go
        uses: actions/setup-go@v5
        with:
-          go-version: "^1.24.0"
+          go-version: "^1.23.2"
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Install frontend dependencies
        run: |
@@ -119,7 +101,7 @@ jobs:
      - name: Build
        run: |
          cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64 ./cmd/tinyauth
+          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64 cmd/*
        env:
          CGO_ENABLED: 0
@@ -137,15 +119,6 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
@@ -201,15 +174,6 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
@@ -265,15 +229,6 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
@@ -329,15 +284,6 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Initialize submodules
        run: |
          git submodule init
          git submodule update
      - name: Apply patches
        run: |
          git apply --directory paerser/ patches/nested_maps.diff
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
--- a/.gitignore
+++ b/.gitignore
@@ -1,38 +1,29 @@
 # dist
-/internal/assets/dist
+internal/assets/dist
 # binaries
-/tinyauth
+tinyauth
 /tinyauth-arm64
 /tinyauth-amd64
 # test docker compose
-/docker-compose.test*
+docker-compose.test*
 # users file
-/users.txt
+users.txt
 # secret test file
-/secret*
+secret*
 # apple stuff
 .DS_Store
 # env
-/.env
+.env
 # tmp directory
-/tmp
+tmp
 # version files
 internal/assets/version
 # data directory
-/data
+data
 # config file
 /config.yml
 # binary out
 /tinyauth.db
 /resources
 # debug files
 __debug_*
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,4 +0,0 @@
 [submodule "paerser"]
 	path = paerser
 	url = https://github.com/traefik/paerser
 	ignore = all
--- a/.other/config.example.yaml
+++ b/.other/config.example.yaml
@@ -0,0 +1,53 @@
 app_url: "https://tinyauth.example.com"
 log_level: "info"
 resources_dir: "/etc/tinyauth/resources"
 database_path: "/var/lib/tinyauth/tinyauth.db"
 disable_analytics: false
 disable_resources: false
 disable_ui_warnings: false
 server:
  port: 8080
  address: "0.0.0.0"
  socket_path: "/var/run/tinyauth.sock"
  trusted_proxies: "10.10.10.0/24"
 auth:
  users: "user:hash"
  users_file: "/etc/tinyauth/users.yaml"
  secure_cookie: true
  session_expiry: 3600
  login_timeout: 300
  login_max_retries: 5
 oauth:
  whitelist: "example.com"
  auto_redirect: "pocketid"
  providers:
    google:
      client_id: "some-client-id"
      client_secret: "some-client-secret"
      client_secret_file: "some-client-secret-file"
      scopes:
        - "openid"
        - "email"
        - "profile"
      redirect_url: "https://tinyauth.example.com/oauth/callback/google"
      auth_url: "https://accounts.google.com/o/oauth2/auth"
      token_url: "https://oauth2.googleapis.com/token"
      user_info_url: "https://www.googleapis.com/oauth2/v3/userinfo"
      insecure: false
      name: "Google"
 ui:
  title: "Tinyauth"
  forgot_password_message: "Contact your administrator to reset your password."
  background_image: "/static/background.jpg"
 ldap:
  address: "ldap.example.com:389"
  base_dn: "dc=example,dc=com"
  bind_dn: "cn=admin,dc=example,dc=com"
  bind_password: "password"
  search_filter: "(uid={username})"
  insecure: false
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -5,7 +5,7 @@ Contributing is relatively easy, you just need to follow the steps below and you
 ## Requirements
 - Bun
- Golang 1.24.0+
+- Golang v1.23.2 and above
 - Git
 - Docker
@@ -18,21 +18,12 @@ git clone https://github.com/steveiliop56/tinyauth
 cd tinyauth
 ```
 ## Initialize submodules
 The project uses Git submodules for some dependencies, so you need to initialize them with:
 ```sh
 git submodule init
 git submodule update
 ```
 ## Install requirements
-Although you will not need the requirements in your machine since the development will happen in Docker, I still recommend to install them because this way you will not have import errors. To install the Go requirements run:
+Although you will not need the requirements in your machine since the development will happen in docker, I still recommend to install them because this way you will not have import errors. To install the go requirements run:
 ```sh
-go mod download
+go mod tidy
 ```
 You also need to download the frontend dependencies, this can be done like so:
@@ -42,21 +33,13 @@ cd frontend/
 bun install
 ```
 ## Apply patches
 Some of the dependencies need to be patched in order to work correctly with the project, you can apply the patches by running:
 ```sh
 git apply --directory paerser/ patches/nested_maps.diff
 ```
 ## Create your `.env` file
 In order to configure the app you need to create an environment file, this can be done by copying the `.env.example` file to `.env` and modifying the environment variables to suit your needs.
 ## Developing
-I have designed the development workflow to be entirely in Docker, this is because it will directly work with Traefik and you will not need to do any building in your host machine. The recommended development setup is to have a subdomain pointing to your machine like this:
+I have designed the development workflow to be entirely in docker, this is because it will directly work with traefik and you will not need to do any building in your host machine. The recommended development setup is to have a subdomain pointing to your machine like this:
 ```
 *.dev.example.com -> 127.0.0.1
@@ -66,7 +49,7 @@ dev.example.com -> 127.0.0.1
 > [!TIP]
 > You can use [sslip.io](https://sslip.io) as a domain if you don't have one to develop with.
-Then you can just make sure the domains are correct in the development Docker compose file and run:
+Then you can just make sure the domains are correct in the development docker compose file and run:
 ```sh
 docker compose -f docker-compose.dev.yml up --build
--- a/14
+++ b/14
@@ -1,5 +1,5 @@
 # Site builder
-FROM oven/bun:1.3.5-alpine AS frontend-builder
+FROM oven/bun:1.3.4-alpine AS frontend-builder
 WORKDIR /frontend
@@ -28,8 +28,6 @@ ARG BUILD_TIMESTAMP
 WORKDIR /tinyauth
 COPY ./paerser ./paerser
 COPY go.mod ./
 COPY go.sum ./
@@ -39,8 +37,8 @@ COPY ./cmd ./cmd
 COPY ./internal ./internal
 COPY --from=frontend-builder /frontend/dist ./internal/assets/dist
-RUN CGO_ENABLED=0 go build -ldflags "-s -w -X tinyauth/internal/config.Version=${VERSION} -X tinyauth/internal/config.CommitHash=${COMMIT_HASH} -X tinyauth/internal/config.BuildTimestamp=${BUILD_TIMESTAMP}" ./cmd/tinyauth
+RUN CGO_ENABLED=0 go build -ldflags "-s -w -X tinyauth/internal/config.Version=${VERSION} -X tinyauth/internal/config.CommitHash=${COMMIT_HASH} -X tinyauth/internal/config.BuildTimestamp=${BUILD_TIMESTAMP}" cmd/*
-
+ 
 # Runner
 FROM alpine:3.23 AS runner
@@ -54,14 +52,10 @@ EXPOSE 3000
 VOLUME ["/data"]
 ENV DATABASEPATH=/data/tinyauth.db
 ENV RESOURCESDIR=/data/resources
 ENV GIN_MODE=release
 ENV PATH=$PATH:/tinyauth
 HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 CMD ["tinyauth", "healthcheck"]
-ENTRYPOINT ["tinyauth"]
+ENTRYPOINT ["tinyauth"]
--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@@ -2,8 +2,6 @@ FROM golang:1.25-alpine3.21
 WORKDIR /tinyauth
 COPY ./paerser ./paerser
 COPY go.mod ./
 COPY go.sum ./
@@ -18,8 +16,4 @@ COPY ./air.toml ./
 EXPOSE 3000
-ENV TINYAUTH_DATABASEPATH=/data/tinyauth.db
+ENTRYPOINT ["air", "-c", "air.toml"]
 ENV TINYAUTH_RESOURCESDIR=/data/resources
 ENTRYPOINT ["air", "-c", "air.toml"]
--- a/Dockerfile.distroless
+++ b/Dockerfile.distroless
@@ -1,5 +1,5 @@
 # Site builder
-FROM oven/bun:1.3.5-alpine AS frontend-builder
+FROM oven/bun:1.3.4-alpine AS frontend-builder
 WORKDIR /frontend
@@ -28,21 +28,20 @@ ARG BUILD_TIMESTAMP
 WORKDIR /tinyauth
 COPY ./paerser ./paerser
 COPY go.mod ./
 COPY go.sum ./
 RUN go mod download
 COPY ./main.go ./
 COPY ./cmd ./cmd
 COPY ./internal ./internal
 COPY --from=frontend-builder /frontend/dist ./internal/assets/dist
 RUN mkdir -p data
-RUN CGO_ENABLED=0 go build -ldflags "-s -w -X tinyauth/internal/config.Version=${VERSION} -X tinyauth/internal/config.CommitHash=${COMMIT_HASH} -X tinyauth/internal/config.BuildTimestamp=${BUILD_TIMESTAMP}" ./cmd/tinyauth
+RUN CGO_ENABLED=0 go build -ldflags "-s -w -X tinyauth/internal/config.Version=${VERSION} -X tinyauth/internal/config.CommitHash=${COMMIT_HASH} -X tinyauth/internal/config.BuildTimestamp=${BUILD_TIMESTAMP}" cmd/*
-
+ 
 # Runner
 FROM gcr.io/distroless/static-debian12:latest AS runner
@@ -57,14 +56,10 @@ EXPOSE 3000
 VOLUME ["/data"]
 ENV TINYAUTH_DATABASEPATH=/data/tinyauth.db
 ENV TINYAUTH_RESOURCESDIR=/data/resources
 ENV GIN_MODE=release
 ENV PATH=$PATH:/tinyauth
 HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 CMD ["tinyauth", "healthcheck"]
-ENTRYPOINT ["tinyauth"]
+ENTRYPOINT ["tinyauth"]
--- a/64
+++ b/64
@@ -1,64 +0,0 @@
 # Go specific stuff
 CGO_ENABLED := 0
 GOOS := $(shell go env GOOS)
 GOARCH := $(shell go env GOARCH)
 # Build out
 TAG_NAME := $(shell git describe --abbrev=0 --exact-match 2> /dev/null || echo "main")
 COMMIT_HASH := $(shell git rev-parse HEAD)
 BUILD_TIMESTAMP := $(shell date '+%Y-%m-%dT%H:%M:%S')
 BIN_NAME := tinyauth-$(GOARCH)
 # Development vars
 DEV_COMPOSE := $(shell test -f "docker-compose.test.yml" && echo "docker-compose.test.yml" || echo "docker-compose.yml" )
 PROD_COMPOSE := $(shell test -f "docker-compose.test.prod.yml" && echo "docker-compose.test.prod.yml" || echo "docker-compose.example.yml" )
 # Deps
 deps:
 	bun install --cwd frontend
 	go mod download
 # Clean web UI build
 clean-webui:
 	rm -rf internal/assets/dist
 	rm -rf frontend/dist
 # Build the web UI
 webui: clean-webui
 	bun run --cwd frontend build
 	cp -r frontend/dist internal/assets
 # Build the binary
 binary: webui
 	CGO_ENABLED=$(CGO_ENABLED) go build -ldflags "-s -w \
 	-X tinyauth/internal/config.Version=${TAG_NAME} \
 	-X tinyauth/internal/config.CommitHash=${COMMIT_HASH} \
 	-X tinyauth/internal/config.BuildTimestamp=${BUILD_TIMESTAMP}" \
 	-o ${BIN_NAME} ./cmd/tinyauth
 # Build for amd64
 binary-linux-amd64:
 	export BIN_NAME=tinyauth-amd64
 	export GOARCH=amd64
 	export GOOS=linux
 	$(MAKE) binary
 # Build for arm64
 binary-linux-arm64:
 	export BIN_NAME=tinyauth-arm64
 	export GOARCH=arm64
 	export GOOS=linux
 	$(MAKE) binary
 # Go test
 .PHONY: test
 test:
 	go test -v ./...
 # Development
 develop:
 	docker compose -f $(DEV_COMPOSE) up --force-recreate --pull=always --remove-orphans
 # Production
 prod:
 	docker compose -f $(PROD_COMPOSE) up --force-recreate --pull=always --remove-orphans
--- a/README.md
+++ b/README.md
@@ -33,8 +33,6 @@ If you are still not sure if Tinyauth suits your needs you can try out the [demo
 You can find documentation and guides on all of the available configuration of Tinyauth in the [website](https://tinyauth.app).
 If you wish to contribute to the documentation head over to the [repository](https://github.com/steveiliop56/tinyauth-docs).
 ## Discord
 Tinyauth has a [discord](https://discord.gg/eHzVaCzRRd) server. Feel free to hop in to chat about self-hosting, homelabs and of course Tinyauth. See you there!
@@ -55,7 +53,7 @@ Tinyauth is licensed under the GNU General Public License v3.0. TL;DR — You ma
 A big thank you to the following people for providing me with more coffee:
-<!-- sponsors --><a href="https://github.com/erwinkramer"><img src="https:&#x2F;&#x2F;github.com&#x2F;erwinkramer.png" width="64px" alt="User avatar: erwinkramer" /></a>&nbsp;&nbsp;<a href="https://github.com/nicotsx"><img src="https:&#x2F;&#x2F;github.com&#x2F;nicotsx.png" width="64px" alt="User avatar: nicotsx" /></a>&nbsp;&nbsp;<a href="https://github.com/SimpleHomelab"><img src="https:&#x2F;&#x2F;github.com&#x2F;SimpleHomelab.png" width="64px" alt="User avatar: SimpleHomelab" /></a>&nbsp;&nbsp;<a href="https://github.com/jmadden91"><img src="https:&#x2F;&#x2F;github.com&#x2F;jmadden91.png" width="64px" alt="User avatar: jmadden91" /></a>&nbsp;&nbsp;<a href="https://github.com/tribor"><img src="https:&#x2F;&#x2F;github.com&#x2F;tribor.png" width="64px" alt="User avatar: tribor" /></a>&nbsp;&nbsp;<a href="https://github.com/eliasbenb"><img src="https:&#x2F;&#x2F;github.com&#x2F;eliasbenb.png" width="64px" alt="User avatar: eliasbenb" /></a>&nbsp;&nbsp;<a href="https://github.com/afunworm"><img src="https:&#x2F;&#x2F;github.com&#x2F;afunworm.png" width="64px" alt="User avatar: afunworm" /></a>&nbsp;&nbsp;<a href="https://github.com/chip-well"><img src="https:&#x2F;&#x2F;github.com&#x2F;chip-well.png" width="64px" alt="User avatar: chip-well" /></a>&nbsp;&nbsp;<a href="https://github.com/Lancelot-Enguerrand"><img src="https:&#x2F;&#x2F;github.com&#x2F;Lancelot-Enguerrand.png" width="64px" alt="User avatar: Lancelot-Enguerrand" /></a>&nbsp;&nbsp;<a href="https://github.com/allgoewer"><img src="https:&#x2F;&#x2F;github.com&#x2F;allgoewer.png" width="64px" alt="User avatar: allgoewer" /></a>&nbsp;&nbsp;<a href="https://github.com/NEANC"><img src="https:&#x2F;&#x2F;github.com&#x2F;NEANC.png" width="64px" alt="User avatar: NEANC" /></a>&nbsp;&nbsp;<!-- sponsors -->
+<!-- sponsors --><a href="https://github.com/erwinkramer"><img src="https:&#x2F;&#x2F;github.com&#x2F;erwinkramer.png" width="64px" alt="User avatar: erwinkramer" /></a>&nbsp;&nbsp;<a href="https://github.com/nicotsx"><img src="https:&#x2F;&#x2F;github.com&#x2F;nicotsx.png" width="64px" alt="User avatar: nicotsx" /></a>&nbsp;&nbsp;<a href="https://github.com/SimpleHomelab"><img src="https:&#x2F;&#x2F;github.com&#x2F;SimpleHomelab.png" width="64px" alt="User avatar: SimpleHomelab" /></a>&nbsp;&nbsp;<a href="https://github.com/jmadden91"><img src="https:&#x2F;&#x2F;github.com&#x2F;jmadden91.png" width="64px" alt="User avatar: jmadden91" /></a>&nbsp;&nbsp;<a href="https://github.com/tribor"><img src="https:&#x2F;&#x2F;github.com&#x2F;tribor.png" width="64px" alt="User avatar: tribor" /></a>&nbsp;&nbsp;<a href="https://github.com/eliasbenb"><img src="https:&#x2F;&#x2F;github.com&#x2F;eliasbenb.png" width="64px" alt="User avatar: eliasbenb" /></a>&nbsp;&nbsp;<a href="https://github.com/afunworm"><img src="https:&#x2F;&#x2F;github.com&#x2F;afunworm.png" width="64px" alt="User avatar: afunworm" /></a>&nbsp;&nbsp;<a href="https://github.com/chip-well"><img src="https:&#x2F;&#x2F;github.com&#x2F;chip-well.png" width="64px" alt="User avatar: chip-well" /></a>&nbsp;&nbsp;<a href="https://github.com/Lancelot-Enguerrand"><img src="https:&#x2F;&#x2F;github.com&#x2F;Lancelot-Enguerrand.png" width="64px" alt="User avatar: Lancelot-Enguerrand" /></a>&nbsp;&nbsp;<a href="https://github.com/allgoewer"><img src="https:&#x2F;&#x2F;github.com&#x2F;allgoewer.png" width="64px" alt="User avatar: allgoewer" /></a>&nbsp;&nbsp;<!-- sponsors -->
 ## Acknowledgements
--- a/air.toml
+++ b/air.toml
@@ -3,7 +3,7 @@ tmp_dir = "tmp"
 [build]
 pre_cmd = ["mkdir -p internal/assets/dist", "mkdir -p /data", "echo 'backend running' > internal/assets/dist/index.html"]
-cmd = "CGO_ENABLED=0 go build -gcflags=\"all=-N -l\" -o tmp/tinyauth ./cmd/tinyauth"
+cmd = "CGO_ENABLED=0 go build -gcflags=\"all=-N -l\" -o tmp/tinyauth cmd/*"
 bin = "tmp/tinyauth"
 full_bin = "dlv --listen :4000 --headless=true --api-version=2 --accept-multiclient --log=true exec tmp/tinyauth --continue --check-go-version=false"
 include_ext = ["go"]
--- a/cmd/tinyauth/create.go
+++ b/cmd/tinyauth/create.go
--- a/cmd/tinyauth/generate.go
+++ b/cmd/tinyauth/generate.go
@@ -6,8 +6,7 @@ import (
 	"os"
 	"strings"
 	"time"
-
+	"tinyauth/internal/utils"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"github.com/charmbracelet/huh"
 	"github.com/mdp/qrterminal/v3"
--- a/cmd/tinyauth/healthcheck.go
+++ b/cmd/tinyauth/healthcheck.go
@@ -29,21 +29,19 @@ func healthcheckCmd() *cli.Command {
 		Run: func(args []string) error {
 			log.Logger = log.Output(zerolog.ConsoleWriter{Out: os.Stderr, TimeFormat: time.RFC3339}).With().Caller().Logger().Level(zerolog.InfoLevel)
-			appUrl := os.Getenv("TINYAUTH_APPURL")
+			appUrl := os.Getenv("APPURL")
 			if len(args) > 0 {
 				appUrl = args[0]
 			}
 			if appUrl == "" {
-				return errors.New("TINYAUTH_APPURL is not set and no argument was provided")
+				return errors.New("APPURL is not set and no argument was provided")
 			}
 			log.Info().Str("app_url", appUrl).Msg("Performing health check")
-			client := http.Client{
+			client := http.Client{}
 				Timeout: 30 * time.Second,
 			}
 			req, err := http.NewRequest("GET", appUrl+"/api/healthz", nil)
--- a/cmd/tinyauth/tinyauth.go
+++ b/cmd/tinyauth/tinyauth.go
@@ -5,43 +5,26 @@ import (
 	"os"
 	"strings"
 	"time"
-
+	"tinyauth/internal/bootstrap"
-	"github.com/steveiliop56/tinyauth/internal/bootstrap"
+	"tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/config"
+	"tinyauth/internal/utils/loaders"
 	"github.com/steveiliop56/tinyauth/internal/utils/loaders"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"github.com/traefik/paerser/cli"
 )
-func NewTinyauthCmdConfiguration() *config.Config {
+type TinyauthCmdConfiguration struct {
-	return &config.Config{
+	config.Config
-		LogLevel:     "info",
+	// ConfigFile string `description:"Path to config file."`
-		ResourcesDir: "./resources",
+}
-		DatabasePath: "./tinyauth.db",
+
-		Server: config.ServerConfig{
+func NewTinyauthCmdConfiguration() *TinyauthCmdConfiguration {
-			Port:    3000,
+	return &TinyauthCmdConfiguration{
-			Address: "0.0.0.0",
+		Config: config.Config{
-		},
+			LogLevel: "info",
 		Auth: config.AuthConfig{
 			SessionExpiry:      3600,
 			SessionMaxLifetime: 0,
 			LoginTimeout:       300,
 			LoginMaxRetries:    3,
 		},
 		UI: config.UIConfig{
 			Title:                 "Tinyauth",
 			ForgotPasswordMessage: "You can change your password by changing the configuration.",
 			BackgroundImage:       "/background.jpg",
 		},
 		Ldap: config.LdapConfig{
 			Insecure:     false,
 			SearchFilter: "(uid=%s)",
 		},
 		Experimental: config.ExperimentalConfig{
 			ConfigFile: "",
 		},
 		// ConfigFile: "",
 	}
 }
@@ -49,9 +32,8 @@ func main() {
 	tConfig := NewTinyauthCmdConfiguration()
 	loaders := []cli.ResourceLoader{
 		&loaders.FileLoader{},
 		&loaders.FlagLoader{},
 		&loaders.EnvLoader{},
 		&loaders.FlagLoader{},
 	}
 	cmdTinyauth := &cli.Command{
@@ -60,7 +42,7 @@ func main() {
 		Configuration: tConfig,
 		Resources:     loaders,
 		Run: func(_ []string) error {
-			return runCmd(*tConfig)
+			return runCmd(&tConfig.Config)
 		},
 	}
@@ -101,7 +83,7 @@ func main() {
 	}
 }
-func runCmd(cfg config.Config) error {
+func runCmd(cfg *config.Config) error {
 	logLevel, err := zerolog.ParseLevel(strings.ToLower(cfg.LogLevel))
 	if err != nil {
@@ -110,15 +92,11 @@ func runCmd(cfg config.Config) error {
 		zerolog.SetGlobalLevel(logLevel)
 	}
-	log.Logger = log.With().Caller().Logger()
+	log.Logger = log.Output(zerolog.ConsoleWriter{Out: os.Stderr, TimeFormat: time.RFC3339}).With().Caller().Logger()
 	if !cfg.LogJSON {
 		log.Logger = log.Output(zerolog.ConsoleWriter{Out: os.Stderr, TimeFormat: time.RFC3339})
 	}
 	log.Info().Str("version", config.Version).Msg("Starting tinyauth")
-	app := bootstrap.NewBootstrapApp(cfg)
+	app := bootstrap.NewBootstrapApp(*cfg)
 	err = app.Setup()
--- a/cmd/tinyauth/verify.go
+++ b/cmd/tinyauth/verify.go
@@ -5,8 +5,7 @@ import (
 	"fmt"
 	"os"
 	"time"
-
+	"tinyauth/internal/utils"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"github.com/charmbracelet/huh"
 	"github.com/pquerna/otp/totp"
@@ -110,7 +109,7 @@ func verifyUserCmd() *cli.Command {
 			ok := totp.Validate(tCfg.Totp, user.TotpSecret)
 			if !ok {
-				return fmt.Errorf("TOTP code incorrect")
+				return fmt.Errorf("TOTP code incorrect: %w", err)
 			}
 			log.Info().Msg("User verified")
--- a/cmd/tinyauth/version.go
+++ b/cmd/tinyauth/version.go
@@ -2,8 +2,7 @@ package main
 import (
 	"fmt"
-
+	"tinyauth/internal/config"
 	"github.com/steveiliop56/tinyauth/internal/config"
 	"github.com/traefik/paerser/cli"
 )
--- a/config.example.yaml
+++ b/config.example.yaml
@@ -1,90 +0,0 @@
 # Tinyauth Example Configuration
 # The base URL where Tinyauth is accessible
 appUrl: "https://auth.example.com"
 # Log level: trace, debug, info, warn, error
 logLevel: "info"
 # Directory for static resources
 resourcesDir: "./resources"
 # Path to SQLite database file
 databasePath: "./tinyauth.db"
 # Disable usage analytics
 disableAnalytics: false
 # Disable static resource serving
 disableResources: false
 # Disable UI warning messages
 disableUIWarnings: false
 # Enable JSON formatted logs
 logJSON: false
 # Server Configuration
 server:
  # Port to listen on
  port: 3000
  # Interface to bind to (0.0.0.0 for all interfaces)
  address: "0.0.0.0"
  # Unix socket path (optional, overrides port/address if set)
  socketPath: ""
  # Comma-separated list of trusted proxy IPs/CIDRs
  trustedProxies: ""
 # Authentication Configuration
 auth:
  # Format: username:bcrypt_hash (use bcrypt to generate hash)
  users: "admin:$2a$10$example_bcrypt_hash_here"
  # Path to external users file (optional)
  usersFile: ""
  # Enable secure cookies (requires HTTPS)
  secureCookie: false
  # Session expiry in seconds (3600 = 1 hour)
  sessionExpiry: 3600
  # Session maximum lifetime in seconds (0 = unlimited)
  sessionMaxLifetime: 0
  # Login timeout in seconds (300 = 5 minutes)
  loginTimeout: 300
  # Maximum login retries before lockout
  loginMaxRetries: 3
 # OAuth Configuration
 oauth:
  # Regex pattern for allowed email addresses (e.g., /@example\.com$/)
  whitelist: ""
  # Provider ID to auto-redirect to (skips login page)
  autoRedirect: ""
  # OAuth Provider Configuration (replace myprovider with your provider name)
  providers:
    myprovider:
      clientId: "your_client_id_here"
      clientSecret: "your_client_secret_here"
      authUrl: "https://provider.example.com/oauth/authorize"
      tokenUrl: "https://provider.example.com/oauth/token"
      userInfoUrl: "https://provider.example.com/oauth/userinfo"
      redirectUrl: "https://auth.example.com/api/oauth/callback/myprovider"
      scopes: "openid email profile"
      name: "My OAuth Provider"
      # Allow insecure connections (self-signed certificates)
      insecure: false
 # UI Customization
 ui:
  # Custom title for login page
  title: "Tinyauth"
  # Message shown on forgot password page
  forgotPasswordMessage: "Contact your administrator to reset your password"
  # Background image URL for login page
  backgroundImage: ""
 # LDAP Configuration (optional)
 ldap:
  # LDAP server address
  address: "ldap://ldap.example.com:389"
  # DN for binding to LDAP server
  bindDn: "cn=readonly,dc=example,dc=com"
  # Password for bind DN
  bindPassword: "your_bind_password"
  # Base DN for user searches
  baseDn: "dc=example,dc=com"
  # Search filter (%s will be replaced with username)
  searchFilter: "(&(uid=%s)(memberOf=cn=users,ou=groups,dc=example,dc=com))"
  # Allow insecure LDAP connections
  insecure: false
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@@ -42,6 +42,7 @@ services:
    volumes:
      - ./internal:/tinyauth/internal
      - ./cmd:/tinyauth/cmd
      - ./main.go:/tinyauth/main.go
      - /var/run/docker.sock:/var/run/docker.sock
      - ./data:/data
    ports:
--- a/frontend/bun.lock
+++ b/frontend/bun.lock
@@ -11,44 +11,44 @@
        "@radix-ui/react-select": "^2.2.6",
        "@radix-ui/react-separator": "^1.1.8",
        "@radix-ui/react-slot": "^1.2.4",
-        "@tailwindcss/vite": "^4.1.18",
+        "@tailwindcss/vite": "^4.1.17",
-        "@tanstack/react-query": "^5.90.16",
+        "@tanstack/react-query": "^5.90.12",
        "axios": "^1.13.2",
        "class-variance-authority": "^0.7.1",
        "clsx": "^2.1.1",
-        "i18next": "^25.7.4",
+        "i18next": "^25.7.2",
        "i18next-browser-languagedetector": "^8.2.0",
        "i18next-resources-to-backend": "^1.2.1",
        "input-otp": "^1.4.2",
-        "lucide-react": "^0.562.0",
+        "lucide-react": "^0.556.0",
        "next-themes": "^0.4.6",
-        "react": "^19.2.3",
+        "react": "^19.2.1",
-        "react-dom": "^19.2.3",
+        "react-dom": "^19.2.1",
-        "react-hook-form": "^7.70.0",
+        "react-hook-form": "^7.68.0",
-        "react-i18next": "^16.5.1",
+        "react-i18next": "^16.4.0",
        "react-markdown": "^10.1.0",
-        "react-router": "^7.12.0",
+        "react-router": "^7.10.1",
        "sonner": "^2.0.7",
        "tailwind-merge": "^3.4.0",
-        "tailwindcss": "^4.1.18",
+        "tailwindcss": "^4.1.17",
-        "zod": "^4.3.5",
+        "zod": "^4.1.13",
      },
      "devDependencies": {
-        "@eslint/js": "^9.39.2",
+        "@eslint/js": "^9.39.1",
        "@tanstack/eslint-plugin-query": "^5.91.2",
-        "@types/node": "^25.0.3",
+        "@types/node": "^24.10.2",
        "@types/react": "^19.2.7",
        "@types/react-dom": "^19.2.3",
        "@vitejs/plugin-react": "^5.1.2",
-        "eslint": "^9.39.2",
+        "eslint": "^9.39.1",
        "eslint-plugin-react-hooks": "^7.0.1",
-        "eslint-plugin-react-refresh": "^0.4.26",
+        "eslint-plugin-react-refresh": "^0.4.24",
-        "globals": "^17.0.0",
+        "globals": "^16.5.0",
        "prettier": "3.7.4",
        "tw-animate-css": "^1.4.0",
        "typescript": "~5.9.3",
-        "typescript-eslint": "^8.52.0",
+        "typescript-eslint": "^8.49.0",
-        "vite": "^7.3.1",
+        "vite": "^7.2.7",
      },
    },
  },
@@ -93,57 +93,55 @@
    "@babel/types": ["@babel/types@7.28.5", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.28.5" } }, "sha512-qQ5m48eI/MFLQ5PxQj4PFaprjyCTLI37ElWMmNs0K8Lk3dVeOdNpB3ks8jc7yM5CDmVC73eMVk/trk3fgmrUpA=="],
-    "@esbuild/aix-ppc64": ["@esbuild/aix-ppc64@0.27.2", "", { "os": "aix", "cpu": "ppc64" }, "sha512-GZMB+a0mOMZs4MpDbj8RJp4cw+w1WV5NYD6xzgvzUJ5Ek2jerwfO2eADyI6ExDSUED+1X8aMbegahsJi+8mgpw=="],
+    "@esbuild/aix-ppc64": ["@esbuild/aix-ppc64@0.25.4", "", { "os": "aix", "cpu": "ppc64" }, "sha512-1VCICWypeQKhVbE9oW/sJaAmjLxhVqacdkvPLEjwlttjfwENRSClS8EjBz0KzRyFSCPDIkuXW34Je/vk7zdB7Q=="],
-    "@esbuild/android-arm": ["@esbuild/android-arm@0.27.2", "", { "os": "android", "cpu": "arm" }, "sha512-DVNI8jlPa7Ujbr1yjU2PfUSRtAUZPG9I1RwW4F4xFB1Imiu2on0ADiI/c3td+KmDtVKNbi+nffGDQMfcIMkwIA=="],
+    "@esbuild/android-arm": ["@esbuild/android-arm@0.25.4", "", { "os": "android", "cpu": "arm" }, "sha512-QNdQEps7DfFwE3hXiU4BZeOV68HHzYwGd0Nthhd3uCkkEKK7/R6MTgM0P7H7FAs5pU/DIWsviMmEGxEoxIZ+ZQ=="],
-    "@esbuild/android-arm64": ["@esbuild/android-arm64@0.27.2", "", { "os": "android", "cpu": "arm64" }, "sha512-pvz8ZZ7ot/RBphf8fv60ljmaoydPU12VuXHImtAs0XhLLw+EXBi2BLe3OYSBslR4rryHvweW5gmkKFwTiFy6KA=="],
+    "@esbuild/android-arm64": ["@esbuild/android-arm64@0.25.4", "", { "os": "android", "cpu": "arm64" }, "sha512-bBy69pgfhMGtCnwpC/x5QhfxAz/cBgQ9enbtwjf6V9lnPI/hMyT9iWpR1arm0l3kttTr4L0KSLpKmLp/ilKS9A=="],
-    "@esbuild/android-x64": ["@esbuild/android-x64@0.27.2", "", { "os": "android", "cpu": "x64" }, "sha512-z8Ank4Byh4TJJOh4wpz8g2vDy75zFL0TlZlkUkEwYXuPSgX8yzep596n6mT7905kA9uHZsf/o2OJZubl2l3M7A=="],
+    "@esbuild/android-x64": ["@esbuild/android-x64@0.25.4", "", { "os": "android", "cpu": "x64" }, "sha512-TVhdVtQIFuVpIIR282btcGC2oGQoSfZfmBdTip2anCaVYcqWlZXGcdcKIUklfX2wj0JklNYgz39OBqh2cqXvcQ=="],
-    "@esbuild/darwin-arm64": ["@esbuild/darwin-arm64@0.27.2", "", { "os": "darwin", "cpu": "arm64" }, "sha512-davCD2Zc80nzDVRwXTcQP/28fiJbcOwvdolL0sOiOsbwBa72kegmVU0Wrh1MYrbuCL98Omp5dVhQFWRKR2ZAlg=="],
+    "@esbuild/darwin-arm64": ["@esbuild/darwin-arm64@0.25.4", "", { "os": "darwin", "cpu": "arm64" }, "sha512-Y1giCfM4nlHDWEfSckMzeWNdQS31BQGs9/rouw6Ub91tkK79aIMTH3q9xHvzH8d0wDru5Ci0kWB8b3up/nl16g=="],
-    "@esbuild/darwin-x64": ["@esbuild/darwin-x64@0.27.2", "", { "os": "darwin", "cpu": "x64" }, "sha512-ZxtijOmlQCBWGwbVmwOF/UCzuGIbUkqB1faQRf5akQmxRJ1ujusWsb3CVfk/9iZKr2L5SMU5wPBi1UWbvL+VQA=="],
+    "@esbuild/darwin-x64": ["@esbuild/darwin-x64@0.25.4", "", { "os": "darwin", "cpu": "x64" }, "sha512-CJsry8ZGM5VFVeyUYB3cdKpd/H69PYez4eJh1W/t38vzutdjEjtP7hB6eLKBoOdxcAlCtEYHzQ/PJ/oU9I4u0A=="],
-    "@esbuild/freebsd-arm64": ["@esbuild/freebsd-arm64@0.27.2", "", { "os": "freebsd", "cpu": "arm64" }, "sha512-lS/9CN+rgqQ9czogxlMcBMGd+l8Q3Nj1MFQwBZJyoEKI50XGxwuzznYdwcav6lpOGv5BqaZXqvBSiB/kJ5op+g=="],
+    "@esbuild/freebsd-arm64": ["@esbuild/freebsd-arm64@0.25.4", "", { "os": "freebsd", "cpu": "arm64" }, "sha512-yYq+39NlTRzU2XmoPW4l5Ifpl9fqSk0nAJYM/V/WUGPEFfek1epLHJIkTQM6bBs1swApjO5nWgvr843g6TjxuQ=="],
-    "@esbuild/freebsd-x64": ["@esbuild/freebsd-x64@0.27.2", "", { "os": "freebsd", "cpu": "x64" }, "sha512-tAfqtNYb4YgPnJlEFu4c212HYjQWSO/w/h/lQaBK7RbwGIkBOuNKQI9tqWzx7Wtp7bTPaGC6MJvWI608P3wXYA=="],
+    "@esbuild/freebsd-x64": ["@esbuild/freebsd-x64@0.25.4", "", { "os": "freebsd", "cpu": "x64" }, "sha512-0FgvOJ6UUMflsHSPLzdfDnnBBVoCDtBTVyn/MrWloUNvq/5SFmh13l3dvgRPkDihRxb77Y17MbqbCAa2strMQQ=="],
-    "@esbuild/linux-arm": ["@esbuild/linux-arm@0.27.2", "", { "os": "linux", "cpu": "arm" }, "sha512-vWfq4GaIMP9AIe4yj1ZUW18RDhx6EPQKjwe7n8BbIecFtCQG4CfHGaHuh7fdfq+y3LIA2vGS/o9ZBGVxIDi9hw=="],
+    "@esbuild/linux-arm": ["@esbuild/linux-arm@0.25.4", "", { "os": "linux", "cpu": "arm" }, "sha512-kro4c0P85GMfFYqW4TWOpvmF8rFShbWGnrLqlzp4X1TNWjRY3JMYUfDCtOxPKOIY8B0WC8HN51hGP4I4hz4AaQ=="],
-    "@esbuild/linux-arm64": ["@esbuild/linux-arm64@0.27.2", "", { "os": "linux", "cpu": "arm64" }, "sha512-hYxN8pr66NsCCiRFkHUAsxylNOcAQaxSSkHMMjcpx0si13t1LHFphxJZUiGwojB1a/Hd5OiPIqDdXONia6bhTw=="],
+    "@esbuild/linux-arm64": ["@esbuild/linux-arm64@0.25.4", "", { "os": "linux", "cpu": "arm64" }, "sha512-+89UsQTfXdmjIvZS6nUnOOLoXnkUTB9hR5QAeLrQdzOSWZvNSAXAtcRDHWtqAUtAmv7ZM1WPOOeSxDzzzMogiQ=="],
-    "@esbuild/linux-ia32": ["@esbuild/linux-ia32@0.27.2", "", { "os": "linux", "cpu": "ia32" }, "sha512-MJt5BRRSScPDwG2hLelYhAAKh9imjHK5+NE/tvnRLbIqUWa+0E9N4WNMjmp/kXXPHZGqPLxggwVhz7QP8CTR8w=="],
+    "@esbuild/linux-ia32": ["@esbuild/linux-ia32@0.25.4", "", { "os": "linux", "cpu": "ia32" }, "sha512-yTEjoapy8UP3rv8dB0ip3AfMpRbyhSN3+hY8mo/i4QXFeDxmiYbEKp3ZRjBKcOP862Ua4b1PDfwlvbuwY7hIGQ=="],
-    "@esbuild/linux-loong64": ["@esbuild/linux-loong64@0.27.2", "", { "os": "linux", "cpu": "none" }, "sha512-lugyF1atnAT463aO6KPshVCJK5NgRnU4yb3FUumyVz+cGvZbontBgzeGFO1nF+dPueHD367a2ZXe1NtUkAjOtg=="],
+    "@esbuild/linux-loong64": ["@esbuild/linux-loong64@0.25.4", "", { "os": "linux", "cpu": "none" }, "sha512-NeqqYkrcGzFwi6CGRGNMOjWGGSYOpqwCjS9fvaUlX5s3zwOtn1qwg1s2iE2svBe4Q/YOG1q6875lcAoQK/F4VA=="],
-    "@esbuild/linux-mips64el": ["@esbuild/linux-mips64el@0.27.2", "", { "os": "linux", "cpu": "none" }, "sha512-nlP2I6ArEBewvJ2gjrrkESEZkB5mIoaTswuqNFRv/WYd+ATtUpe9Y09RnJvgvdag7he0OWgEZWhviS1OTOKixw=="],
+    "@esbuild/linux-mips64el": ["@esbuild/linux-mips64el@0.25.4", "", { "os": "linux", "cpu": "none" }, "sha512-IcvTlF9dtLrfL/M8WgNI/qJYBENP3ekgsHbYUIzEzq5XJzzVEV/fXY9WFPfEEXmu3ck2qJP8LG/p3Q8f7Zc2Xg=="],
-    "@esbuild/linux-ppc64": ["@esbuild/linux-ppc64@0.27.2", "", { "os": "linux", "cpu": "ppc64" }, "sha512-C92gnpey7tUQONqg1n6dKVbx3vphKtTHJaNG2Ok9lGwbZil6DrfyecMsp9CrmXGQJmZ7iiVXvvZH6Ml5hL6XdQ=="],
+    "@esbuild/linux-ppc64": ["@esbuild/linux-ppc64@0.25.4", "", { "os": "linux", "cpu": "ppc64" }, "sha512-HOy0aLTJTVtoTeGZh4HSXaO6M95qu4k5lJcH4gxv56iaycfz1S8GO/5Jh6X4Y1YiI0h7cRyLi+HixMR+88swag=="],
-    "@esbuild/linux-riscv64": ["@esbuild/linux-riscv64@0.27.2", "", { "os": "linux", "cpu": "none" }, "sha512-B5BOmojNtUyN8AXlK0QJyvjEZkWwy/FKvakkTDCziX95AowLZKR6aCDhG7LeF7uMCXEJqwa8Bejz5LTPYm8AvA=="],
+    "@esbuild/linux-riscv64": ["@esbuild/linux-riscv64@0.25.4", "", { "os": "linux", "cpu": "none" }, "sha512-i8JUDAufpz9jOzo4yIShCTcXzS07vEgWzyX3NH2G7LEFVgrLEhjwL3ajFE4fZI3I4ZgiM7JH3GQ7ReObROvSUA=="],
-    "@esbuild/linux-s390x": ["@esbuild/linux-s390x@0.27.2", "", { "os": "linux", "cpu": "s390x" }, "sha512-p4bm9+wsPwup5Z8f4EpfN63qNagQ47Ua2znaqGH6bqLlmJ4bx97Y9JdqxgGZ6Y8xVTixUnEkoKSHcpRlDnNr5w=="],
+    "@esbuild/linux-s390x": ["@esbuild/linux-s390x@0.25.4", "", { "os": "linux", "cpu": "s390x" }, "sha512-jFnu+6UbLlzIjPQpWCNh5QtrcNfMLjgIavnwPQAfoGx4q17ocOU9MsQ2QVvFxwQoWpZT8DvTLooTvmOQXkO51g=="],
-    "@esbuild/linux-x64": ["@esbuild/linux-x64@0.27.2", "", { "os": "linux", "cpu": "x64" }, "sha512-uwp2Tip5aPmH+NRUwTcfLb+W32WXjpFejTIOWZFw/v7/KnpCDKG66u4DLcurQpiYTiYwQ9B7KOeMJvLCu/OvbA=="],
+    "@esbuild/linux-x64": ["@esbuild/linux-x64@0.25.4", "", { "os": "linux", "cpu": "x64" }, "sha512-6e0cvXwzOnVWJHq+mskP8DNSrKBr1bULBvnFLpc1KY+d+irZSgZ02TGse5FsafKS5jg2e4pbvK6TPXaF/A6+CA=="],
-    "@esbuild/netbsd-arm64": ["@esbuild/netbsd-arm64@0.27.2", "", { "os": "none", "cpu": "arm64" }, "sha512-Kj6DiBlwXrPsCRDeRvGAUb/LNrBASrfqAIok+xB0LxK8CHqxZ037viF13ugfsIpePH93mX7xfJp97cyDuTZ3cw=="],
+    "@esbuild/netbsd-arm64": ["@esbuild/netbsd-arm64@0.25.4", "", { "os": "none", "cpu": "arm64" }, "sha512-vUnkBYxZW4hL/ie91hSqaSNjulOnYXE1VSLusnvHg2u3jewJBz3YzB9+oCw8DABeVqZGg94t9tyZFoHma8gWZQ=="],
-    "@esbuild/netbsd-x64": ["@esbuild/netbsd-x64@0.27.2", "", { "os": "none", "cpu": "x64" }, "sha512-HwGDZ0VLVBY3Y+Nw0JexZy9o/nUAWq9MlV7cahpaXKW6TOzfVno3y3/M8Ga8u8Yr7GldLOov27xiCnqRZf0tCA=="],
+    "@esbuild/netbsd-x64": ["@esbuild/netbsd-x64@0.25.4", "", { "os": "none", "cpu": "x64" }, "sha512-XAg8pIQn5CzhOB8odIcAm42QsOfa98SBeKUdo4xa8OvX8LbMZqEtgeWE9P/Wxt7MlG2QqvjGths+nq48TrUiKw=="],
-    "@esbuild/openbsd-arm64": ["@esbuild/openbsd-arm64@0.27.2", "", { "os": "openbsd", "cpu": "arm64" }, "sha512-DNIHH2BPQ5551A7oSHD0CKbwIA/Ox7+78/AWkbS5QoRzaqlev2uFayfSxq68EkonB+IKjiuxBFoV8ESJy8bOHA=="],
+    "@esbuild/openbsd-arm64": ["@esbuild/openbsd-arm64@0.25.4", "", { "os": "openbsd", "cpu": "arm64" }, "sha512-Ct2WcFEANlFDtp1nVAXSNBPDxyU+j7+tId//iHXU2f/lN5AmO4zLyhDcpR5Cz1r08mVxzt3Jpyt4PmXQ1O6+7A=="],
-    "@esbuild/openbsd-x64": ["@esbuild/openbsd-x64@0.27.2", "", { "os": "openbsd", "cpu": "x64" }, "sha512-/it7w9Nb7+0KFIzjalNJVR5bOzA9Vay+yIPLVHfIQYG/j+j9VTH84aNB8ExGKPU4AzfaEvN9/V4HV+F+vo8OEg=="],
+    "@esbuild/openbsd-x64": ["@esbuild/openbsd-x64@0.25.4", "", { "os": "openbsd", "cpu": "x64" }, "sha512-xAGGhyOQ9Otm1Xu8NT1ifGLnA6M3sJxZ6ixylb+vIUVzvvd6GOALpwQrYrtlPouMqd/vSbgehz6HaVk4+7Afhw=="],
-    "@esbuild/openharmony-arm64": ["@esbuild/openharmony-arm64@0.27.2", "", { "os": "none", "cpu": "arm64" }, "sha512-LRBbCmiU51IXfeXk59csuX/aSaToeG7w48nMwA6049Y4J4+VbWALAuXcs+qcD04rHDuSCSRKdmY63sruDS5qag=="],
+    "@esbuild/sunos-x64": ["@esbuild/sunos-x64@0.25.4", "", { "os": "sunos", "cpu": "x64" }, "sha512-Mw+tzy4pp6wZEK0+Lwr76pWLjrtjmJyUB23tHKqEDP74R3q95luY/bXqXZeYl4NYlvwOqoRKlInQialgCKy67Q=="],
-    "@esbuild/sunos-x64": ["@esbuild/sunos-x64@0.27.2", "", { "os": "sunos", "cpu": "x64" }, "sha512-kMtx1yqJHTmqaqHPAzKCAkDaKsffmXkPHThSfRwZGyuqyIeBvf08KSsYXl+abf5HDAPMJIPnbBfXvP2ZC2TfHg=="],
+    "@esbuild/win32-arm64": ["@esbuild/win32-arm64@0.25.4", "", { "os": "win32", "cpu": "arm64" }, "sha512-AVUP428VQTSddguz9dO9ngb+E5aScyg7nOeJDrF1HPYu555gmza3bDGMPhmVXL8svDSoqPCsCPjb265yG/kLKQ=="],
-    "@esbuild/win32-arm64": ["@esbuild/win32-arm64@0.27.2", "", { "os": "win32", "cpu": "arm64" }, "sha512-Yaf78O/B3Kkh+nKABUF++bvJv5Ijoy9AN1ww904rOXZFLWVc5OLOfL56W+C8F9xn5JQZa3UX6m+IktJnIb1Jjg=="],
+    "@esbuild/win32-ia32": ["@esbuild/win32-ia32@0.25.4", "", { "os": "win32", "cpu": "ia32" }, "sha512-i1sW+1i+oWvQzSgfRcxxG2k4I9n3O9NRqy8U+uugaT2Dy7kLO9Y7wI72haOahxceMX8hZAzgGou1FhndRldxRg=="],
-    "@esbuild/win32-ia32": ["@esbuild/win32-ia32@0.27.2", "", { "os": "win32", "cpu": "ia32" }, "sha512-Iuws0kxo4yusk7sw70Xa2E2imZU5HoixzxfGCdxwBdhiDgt9vX9VUCBhqcwY7/uh//78A1hMkkROMJq9l27oLQ=="],
+    "@esbuild/win32-x64": ["@esbuild/win32-x64@0.25.4", "", { "os": "win32", "cpu": "x64" }, "sha512-nOT2vZNw6hJ+z43oP1SPea/G/6AbN6X+bGNhNuq8NtRHy4wsMhw765IKLNmnjek7GvjWBYQ8Q5VBoYTFg9y1UQ=="],
    "@esbuild/win32-x64": ["@esbuild/win32-x64@0.27.2", "", { "os": "win32", "cpu": "x64" }, "sha512-sRdU18mcKf7F+YgheI/zGf5alZatMUTKj/jNS6l744f9u3WFu4v7twcUI9vu4mknF4Y9aDlblIie0IM+5xxaqQ=="],
    "@eslint-community/eslint-utils": ["@eslint-community/eslint-utils@4.9.0", "", { "dependencies": { "eslint-visitor-keys": "^3.4.3" }, "peerDependencies": { "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0" } }, "sha512-ayVFHdtZ+hsq1t2Dy24wCmGXGe4q9Gu3smhLYALJrr473ZH27MsnSL+LKUlimp4BWJqMDMLmPpx/Q9R3OAlL4g=="],
@@ -157,7 +155,7 @@
    "@eslint/eslintrc": ["@eslint/eslintrc@3.3.1", "", { "dependencies": { "ajv": "^6.12.4", "debug": "^4.3.2", "espree": "^10.0.1", "globals": "^14.0.0", "ignore": "^5.2.0", "import-fresh": "^3.2.1", "js-yaml": "^4.1.0", "minimatch": "^3.1.2", "strip-json-comments": "^3.1.1" } }, "sha512-gtF186CXhIl1p4pJNGZw8Yc6RlshoePRvE0X91oPGb3vZ8pM3qOS9W9NGPat9LziaBV7XrJWGylNQXkGcnM3IQ=="],
-    "@eslint/js": ["@eslint/js@9.39.2", "", {}, "sha512-q1mjIoW1VX4IvSocvM/vbTiveKC4k9eLrajNEuSsmjymSDEbpGddtpfOoN7YGAqBK3NG+uqo8ia4PDTt8buCYA=="],
+    "@eslint/js": ["@eslint/js@9.39.1", "", {}, "sha512-S26Stp4zCy88tH94QbBv3XCuzRQiZ9yXofEILmglYTh/Ug/a9/umqvgFtYBAo3Lp0nsI/5/qH1CCrbdK3AP1Tw=="],
    "@eslint/object-schema": ["@eslint/object-schema@2.1.7", "", {}, "sha512-VtAOaymWVfZcmZbp6E2mympDIHvyjXs/12LqWYjVw6qjrfF+VK+fyG33kChz3nnK+SU5/NeHOqrTEHS8sXO3OA=="],
@@ -307,41 +305,41 @@
    "@standard-schema/utils": ["@standard-schema/utils@0.3.0", "", {}, "sha512-e7Mew686owMaPJVNNLs55PUvgz371nKgwsc4vxE49zsODpJEnxgxRo2y/OKrqueavXgZNMDVj3DdHFlaSAeU8g=="],
-    "@tailwindcss/node": ["@tailwindcss/node@4.1.18", "", { "dependencies": { "@jridgewell/remapping": "^2.3.4", "enhanced-resolve": "^5.18.3", "jiti": "^2.6.1", "lightningcss": "1.30.2", "magic-string": "^0.30.21", "source-map-js": "^1.2.1", "tailwindcss": "4.1.18" } }, "sha512-DoR7U1P7iYhw16qJ49fgXUlry1t4CpXeErJHnQ44JgTSKMaZUdf17cfn5mHchfJ4KRBZRFA/Coo+MUF5+gOaCQ=="],
+    "@tailwindcss/node": ["@tailwindcss/node@4.1.17", "", { "dependencies": { "@jridgewell/remapping": "^2.3.4", "enhanced-resolve": "^5.18.3", "jiti": "^2.6.1", "lightningcss": "1.30.2", "magic-string": "^0.30.21", "source-map-js": "^1.2.1", "tailwindcss": "4.1.17" } }, "sha512-csIkHIgLb3JisEFQ0vxr2Y57GUNYh447C8xzwj89U/8fdW8LhProdxvnVH6U8M2Y73QKiTIH+LWbK3V2BBZsAg=="],
-    "@tailwindcss/oxide": ["@tailwindcss/oxide@4.1.18", "", { "optionalDependencies": { "@tailwindcss/oxide-android-arm64": "4.1.18", "@tailwindcss/oxide-darwin-arm64": "4.1.18", "@tailwindcss/oxide-darwin-x64": "4.1.18", "@tailwindcss/oxide-freebsd-x64": "4.1.18", "@tailwindcss/oxide-linux-arm-gnueabihf": "4.1.18", "@tailwindcss/oxide-linux-arm64-gnu": "4.1.18", "@tailwindcss/oxide-linux-arm64-musl": "4.1.18", "@tailwindcss/oxide-linux-x64-gnu": "4.1.18", "@tailwindcss/oxide-linux-x64-musl": "4.1.18", "@tailwindcss/oxide-wasm32-wasi": "4.1.18", "@tailwindcss/oxide-win32-arm64-msvc": "4.1.18", "@tailwindcss/oxide-win32-x64-msvc": "4.1.18" } }, "sha512-EgCR5tTS5bUSKQgzeMClT6iCY3ToqE1y+ZB0AKldj809QXk1Y+3jB0upOYZrn9aGIzPtUsP7sX4QQ4XtjBB95A=="],
+    "@tailwindcss/oxide": ["@tailwindcss/oxide@4.1.17", "", { "optionalDependencies": { "@tailwindcss/oxide-android-arm64": "4.1.17", "@tailwindcss/oxide-darwin-arm64": "4.1.17", "@tailwindcss/oxide-darwin-x64": "4.1.17", "@tailwindcss/oxide-freebsd-x64": "4.1.17", "@tailwindcss/oxide-linux-arm-gnueabihf": "4.1.17", "@tailwindcss/oxide-linux-arm64-gnu": "4.1.17", "@tailwindcss/oxide-linux-arm64-musl": "4.1.17", "@tailwindcss/oxide-linux-x64-gnu": "4.1.17", "@tailwindcss/oxide-linux-x64-musl": "4.1.17", "@tailwindcss/oxide-wasm32-wasi": "4.1.17", "@tailwindcss/oxide-win32-arm64-msvc": "4.1.17", "@tailwindcss/oxide-win32-x64-msvc": "4.1.17" } }, "sha512-F0F7d01fmkQhsTjXezGBLdrl1KresJTcI3DB8EkScCldyKp3Msz4hub4uyYaVnk88BAS1g5DQjjF6F5qczheLA=="],
-    "@tailwindcss/oxide-android-arm64": ["@tailwindcss/oxide-android-arm64@4.1.18", "", { "os": "android", "cpu": "arm64" }, "sha512-dJHz7+Ugr9U/diKJA0W6N/6/cjI+ZTAoxPf9Iz9BFRF2GzEX8IvXxFIi/dZBloVJX/MZGvRuFA9rqwdiIEZQ0Q=="],
+    "@tailwindcss/oxide-android-arm64": ["@tailwindcss/oxide-android-arm64@4.1.17", "", { "os": "android", "cpu": "arm64" }, "sha512-BMqpkJHgOZ5z78qqiGE6ZIRExyaHyuxjgrJ6eBO5+hfrfGkuya0lYfw8fRHG77gdTjWkNWEEm+qeG2cDMxArLQ=="],
-    "@tailwindcss/oxide-darwin-arm64": ["@tailwindcss/oxide-darwin-arm64@4.1.18", "", { "os": "darwin", "cpu": "arm64" }, "sha512-Gc2q4Qhs660bhjyBSKgq6BYvwDz4G+BuyJ5H1xfhmDR3D8HnHCmT/BSkvSL0vQLy/nkMLY20PQ2OoYMO15Jd0A=="],
+    "@tailwindcss/oxide-darwin-arm64": ["@tailwindcss/oxide-darwin-arm64@4.1.17", "", { "os": "darwin", "cpu": "arm64" }, "sha512-EquyumkQweUBNk1zGEU/wfZo2qkp/nQKRZM8bUYO0J+Lums5+wl2CcG1f9BgAjn/u9pJzdYddHWBiFXJTcxmOg=="],
-    "@tailwindcss/oxide-darwin-x64": ["@tailwindcss/oxide-darwin-x64@4.1.18", "", { "os": "darwin", "cpu": "x64" }, "sha512-FL5oxr2xQsFrc3X9o1fjHKBYBMD1QZNyc1Xzw/h5Qu4XnEBi3dZn96HcHm41c/euGV+GRiXFfh2hUCyKi/e+yw=="],
+    "@tailwindcss/oxide-darwin-x64": ["@tailwindcss/oxide-darwin-x64@4.1.17", "", { "os": "darwin", "cpu": "x64" }, "sha512-gdhEPLzke2Pog8s12oADwYu0IAw04Y2tlmgVzIN0+046ytcgx8uZmCzEg4VcQh+AHKiS7xaL8kGo/QTiNEGRog=="],
-    "@tailwindcss/oxide-freebsd-x64": ["@tailwindcss/oxide-freebsd-x64@4.1.18", "", { "os": "freebsd", "cpu": "x64" }, "sha512-Fj+RHgu5bDodmV1dM9yAxlfJwkkWvLiRjbhuO2LEtwtlYlBgiAT4x/j5wQr1tC3SANAgD+0YcmWVrj8R9trVMA=="],
+    "@tailwindcss/oxide-freebsd-x64": ["@tailwindcss/oxide-freebsd-x64@4.1.17", "", { "os": "freebsd", "cpu": "x64" }, "sha512-hxGS81KskMxML9DXsaXT1H0DyA+ZBIbyG/sSAjWNe2EDl7TkPOBI42GBV3u38itzGUOmFfCzk1iAjDXds8Oh0g=="],
-    "@tailwindcss/oxide-linux-arm-gnueabihf": ["@tailwindcss/oxide-linux-arm-gnueabihf@4.1.18", "", { "os": "linux", "cpu": "arm" }, "sha512-Fp+Wzk/Ws4dZn+LV2Nqx3IilnhH51YZoRaYHQsVq3RQvEl+71VGKFpkfHrLM/Li+kt5c0DJe/bHXK1eHgDmdiA=="],
+    "@tailwindcss/oxide-linux-arm-gnueabihf": ["@tailwindcss/oxide-linux-arm-gnueabihf@4.1.17", "", { "os": "linux", "cpu": "arm" }, "sha512-k7jWk5E3ldAdw0cNglhjSgv501u7yrMf8oeZ0cElhxU6Y2o7f8yqelOp3fhf7evjIS6ujTI3U8pKUXV2I4iXHQ=="],
-    "@tailwindcss/oxide-linux-arm64-gnu": ["@tailwindcss/oxide-linux-arm64-gnu@4.1.18", "", { "os": "linux", "cpu": "arm64" }, "sha512-S0n3jboLysNbh55Vrt7pk9wgpyTTPD0fdQeh7wQfMqLPM/Hrxi+dVsLsPrycQjGKEQk85Kgbx+6+QnYNiHalnw=="],
+    "@tailwindcss/oxide-linux-arm64-gnu": ["@tailwindcss/oxide-linux-arm64-gnu@4.1.17", "", { "os": "linux", "cpu": "arm64" }, "sha512-HVDOm/mxK6+TbARwdW17WrgDYEGzmoYayrCgmLEw7FxTPLcp/glBisuyWkFz/jb7ZfiAXAXUACfyItn+nTgsdQ=="],
-    "@tailwindcss/oxide-linux-arm64-musl": ["@tailwindcss/oxide-linux-arm64-musl@4.1.18", "", { "os": "linux", "cpu": "arm64" }, "sha512-1px92582HkPQlaaCkdRcio71p8bc8i/ap5807tPRDK/uw953cauQBT8c5tVGkOwrHMfc2Yh6UuxaH4vtTjGvHg=="],
+    "@tailwindcss/oxide-linux-arm64-musl": ["@tailwindcss/oxide-linux-arm64-musl@4.1.17", "", { "os": "linux", "cpu": "arm64" }, "sha512-HvZLfGr42i5anKtIeQzxdkw/wPqIbpeZqe7vd3V9vI3RQxe3xU1fLjss0TjyhxWcBaipk7NYwSrwTwK1hJARMg=="],
-    "@tailwindcss/oxide-linux-x64-gnu": ["@tailwindcss/oxide-linux-x64-gnu@4.1.18", "", { "os": "linux", "cpu": "x64" }, "sha512-v3gyT0ivkfBLoZGF9LyHmts0Isc8jHZyVcbzio6Wpzifg/+5ZJpDiRiUhDLkcr7f/r38SWNe7ucxmGW3j3Kb/g=="],
+    "@tailwindcss/oxide-linux-x64-gnu": ["@tailwindcss/oxide-linux-x64-gnu@4.1.17", "", { "os": "linux", "cpu": "x64" }, "sha512-M3XZuORCGB7VPOEDH+nzpJ21XPvK5PyjlkSFkFziNHGLc5d6g3di2McAAblmaSUNl8IOmzYwLx9NsE7bplNkwQ=="],
-    "@tailwindcss/oxide-linux-x64-musl": ["@tailwindcss/oxide-linux-x64-musl@4.1.18", "", { "os": "linux", "cpu": "x64" }, "sha512-bhJ2y2OQNlcRwwgOAGMY0xTFStt4/wyU6pvI6LSuZpRgKQwxTec0/3Scu91O8ir7qCR3AuepQKLU/kX99FouqQ=="],
+    "@tailwindcss/oxide-linux-x64-musl": ["@tailwindcss/oxide-linux-x64-musl@4.1.17", "", { "os": "linux", "cpu": "x64" }, "sha512-k7f+pf9eXLEey4pBlw+8dgfJHY4PZ5qOUFDyNf7SI6lHjQ9Zt7+NcscjpwdCEbYi6FI5c2KDTDWyf2iHcCSyyQ=="],
-    "@tailwindcss/oxide-wasm32-wasi": ["@tailwindcss/oxide-wasm32-wasi@4.1.18", "", { "dependencies": { "@emnapi/core": "^1.7.1", "@emnapi/runtime": "^1.7.1", "@emnapi/wasi-threads": "^1.1.0", "@napi-rs/wasm-runtime": "^1.1.0", "@tybys/wasm-util": "^0.10.1", "tslib": "^2.4.0" }, "cpu": "none" }, "sha512-LffYTvPjODiP6PT16oNeUQJzNVyJl1cjIebq/rWWBF+3eDst5JGEFSc5cWxyRCJ0Mxl+KyIkqRxk1XPEs9x8TA=="],
+    "@tailwindcss/oxide-wasm32-wasi": ["@tailwindcss/oxide-wasm32-wasi@4.1.17", "", { "dependencies": { "@emnapi/core": "^1.6.0", "@emnapi/runtime": "^1.6.0", "@emnapi/wasi-threads": "^1.1.0", "@napi-rs/wasm-runtime": "^1.0.7", "@tybys/wasm-util": "^0.10.1", "tslib": "^2.4.0" }, "cpu": "none" }, "sha512-cEytGqSSoy7zK4JRWiTCx43FsKP/zGr0CsuMawhH67ONlH+T79VteQeJQRO/X7L0juEUA8ZyuYikcRBf0vsxhg=="],
-    "@tailwindcss/oxide-win32-arm64-msvc": ["@tailwindcss/oxide-win32-arm64-msvc@4.1.18", "", { "os": "win32", "cpu": "arm64" }, "sha512-HjSA7mr9HmC8fu6bdsZvZ+dhjyGCLdotjVOgLA2vEqxEBZaQo9YTX4kwgEvPCpRh8o4uWc4J/wEoFzhEmjvPbA=="],
+    "@tailwindcss/oxide-win32-arm64-msvc": ["@tailwindcss/oxide-win32-arm64-msvc@4.1.17", "", { "os": "win32", "cpu": "arm64" }, "sha512-JU5AHr7gKbZlOGvMdb4722/0aYbU+tN6lv1kONx0JK2cGsh7g148zVWLM0IKR3NeKLv+L90chBVYcJ8uJWbC9A=="],
-    "@tailwindcss/oxide-win32-x64-msvc": ["@tailwindcss/oxide-win32-x64-msvc@4.1.18", "", { "os": "win32", "cpu": "x64" }, "sha512-bJWbyYpUlqamC8dpR7pfjA0I7vdF6t5VpUGMWRkXVE3AXgIZjYUYAK7II1GNaxR8J1SSrSrppRar8G++JekE3Q=="],
+    "@tailwindcss/oxide-win32-x64-msvc": ["@tailwindcss/oxide-win32-x64-msvc@4.1.17", "", { "os": "win32", "cpu": "x64" }, "sha512-SKWM4waLuqx0IH+FMDUw6R66Hu4OuTALFgnleKbqhgGU30DY20NORZMZUKgLRjQXNN2TLzKvh48QXTig4h4bGw=="],
-    "@tailwindcss/vite": ["@tailwindcss/vite@4.1.18", "", { "dependencies": { "@tailwindcss/node": "4.1.18", "@tailwindcss/oxide": "4.1.18", "tailwindcss": "4.1.18" }, "peerDependencies": { "vite": "^5.2.0 || ^6 || ^7" } }, "sha512-jVA+/UpKL1vRLg6Hkao5jldawNmRo7mQYrZtNHMIVpLfLhDml5nMRUo/8MwoX2vNXvnaXNNMedrMfMugAVX1nA=="],
+    "@tailwindcss/vite": ["@tailwindcss/vite@4.1.17", "", { "dependencies": { "@tailwindcss/node": "4.1.17", "@tailwindcss/oxide": "4.1.17", "tailwindcss": "4.1.17" }, "peerDependencies": { "vite": "^5.2.0 || ^6 || ^7" } }, "sha512-4+9w8ZHOiGnpcGI6z1TVVfWaX/koK7fKeSYF3qlYg2xpBtbteP2ddBxiarL+HVgfSJGeK5RIxRQmKm4rTJJAwA=="],
    "@tanstack/eslint-plugin-query": ["@tanstack/eslint-plugin-query@5.91.2", "", { "dependencies": { "@typescript-eslint/utils": "^8.44.1" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0" } }, "sha512-UPeWKl/Acu1IuuHJlsN+eITUHqAaa9/04geHHPedY8siVarSaWprY0SVMKrkpKfk5ehRT7+/MZ5QwWuEtkWrFw=="],
-    "@tanstack/query-core": ["@tanstack/query-core@5.90.16", "", {}, "sha512-MvtWckSVufs/ja463/K4PyJeqT+HMlJWtw6PrCpywznd2NSgO3m4KwO9RqbFqGg6iDE8vVMFWMeQI4Io3eEYww=="],
+    "@tanstack/query-core": ["@tanstack/query-core@5.90.12", "", {}, "sha512-T1/8t5DhV/SisWjDnaiU2drl6ySvsHj1bHBCWNXd+/T+Hh1cf6JodyEYMd5sgwm+b/mETT4EV3H+zCVczCU5hg=="],
-    "@tanstack/react-query": ["@tanstack/react-query@5.90.16", "", { "dependencies": { "@tanstack/query-core": "5.90.16" }, "peerDependencies": { "react": "^18 || ^19" } }, "sha512-bpMGOmV4OPmif7TNMteU/Ehf/hoC0Kf98PDc0F4BZkFrEapRMEqI/V6YS0lyzwSV6PQpY1y4xxArUIfBW5LVxQ=="],
+    "@tanstack/react-query": ["@tanstack/react-query@5.90.12", "", { "dependencies": { "@tanstack/query-core": "5.90.12" }, "peerDependencies": { "react": "^18 || ^19" } }, "sha512-graRZspg7EoEaw0a8faiUASCyJrqjKPdqJ9EwuDRUF9mEYJ1YPczI9H+/agJ0mOJkPCJDk0lsz5QTrLZ/jQ2rg=="],
    "@types/babel__core": ["@types/babel__core@7.20.5", "", { "dependencies": { "@babel/parser": "^7.20.7", "@babel/types": "^7.20.7", "@types/babel__generator": "*", "@types/babel__template": "*", "@types/babel__traverse": "*" } }, "sha512-qoQprZvz5wQFJwMDqeseRXWv3rqMvhgpbXFfVyWhbx9X47POIA6i/+dXefEmZKoAgOaTdaIgNSMqMIU61yRyzA=="],
@@ -365,7 +363,7 @@
    "@types/ms": ["@types/ms@2.1.0", "", {}, "sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA=="],
-    "@types/node": ["@types/node@25.0.3", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-W609buLVRVmeW693xKfzHeIV6nJGGz98uCPfeXI1ELMLXVeKYZ9m15fAMSaUPBHYLGFsVRcMmSCksQOrZV9BYA=="],
+    "@types/node": ["@types/node@24.10.2", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-WOhQTZ4G8xZ1tjJTvKOpyEVSGgOTvJAfDK3FNFgELyaTpzhdgHVHeqW8V+UJvzF5BT+/B54T/1S2K6gd9c7bbA=="],
    "@types/react": ["@types/react@19.2.7", "", { "dependencies": { "csstype": "^3.2.2" } }, "sha512-MWtvHrGZLFttgeEj28VXHxpmwYbor/ATPYbBfSFZEIRK0ecCFLl2Qo55z52Hss+UV9CRN7trSeq1zbgx7YDWWg=="],
@@ -373,25 +371,25 @@
    "@types/unist": ["@types/unist@3.0.3", "", {}, "sha512-ko/gIFJRv177XgZsZcBwnqJN5x/Gien8qNOn0D5bQU/zAzVf9Zt3BlcUiLqhV9y4ARk0GbT3tnUiPNgnTXzc/Q=="],
-    "@typescript-eslint/eslint-plugin": ["@typescript-eslint/eslint-plugin@8.52.0", "", { "dependencies": { "@eslint-community/regexpp": "^4.12.2", "@typescript-eslint/scope-manager": "8.52.0", "@typescript-eslint/type-utils": "8.52.0", "@typescript-eslint/utils": "8.52.0", "@typescript-eslint/visitor-keys": "8.52.0", "ignore": "^7.0.5", "natural-compare": "^1.4.0", "ts-api-utils": "^2.4.0" }, "peerDependencies": { "@typescript-eslint/parser": "^8.52.0", "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-okqtOgqu2qmZJ5iN4TWlgfF171dZmx2FzdOv2K/ixL2LZWDStL8+JgQerI2sa8eAEfoydG9+0V96m7V+P8yE1Q=="],
+    "@typescript-eslint/eslint-plugin": ["@typescript-eslint/eslint-plugin@8.49.0", "", { "dependencies": { "@eslint-community/regexpp": "^4.10.0", "@typescript-eslint/scope-manager": "8.49.0", "@typescript-eslint/type-utils": "8.49.0", "@typescript-eslint/utils": "8.49.0", "@typescript-eslint/visitor-keys": "8.49.0", "ignore": "^7.0.0", "natural-compare": "^1.4.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "@typescript-eslint/parser": "^8.49.0", "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-JXij0vzIaTtCwu6SxTh8qBc66kmf1xs7pI4UOiMDFVct6q86G0Zs7KRcEoJgY3Cav3x5Tq0MF5jwgpgLqgKG3A=="],
-    "@typescript-eslint/parser": ["@typescript-eslint/parser@8.52.0", "", { "dependencies": { "@typescript-eslint/scope-manager": "8.52.0", "@typescript-eslint/types": "8.52.0", "@typescript-eslint/typescript-estree": "8.52.0", "@typescript-eslint/visitor-keys": "8.52.0", "debug": "^4.4.3" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-iIACsx8pxRnguSYhHiMn2PvhvfpopO9FXHyn1mG5txZIsAaB6F0KwbFnUQN3KCiG3Jcuad/Cao2FAs1Wp7vAyg=="],
+    "@typescript-eslint/parser": ["@typescript-eslint/parser@8.49.0", "", { "dependencies": { "@typescript-eslint/scope-manager": "8.49.0", "@typescript-eslint/types": "8.49.0", "@typescript-eslint/typescript-estree": "8.49.0", "@typescript-eslint/visitor-keys": "8.49.0", "debug": "^4.3.4" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-N9lBGA9o9aqb1hVMc9hzySbhKibHmB+N3IpoShyV6HyQYRGIhlrO5rQgttypi+yEeKsKI4idxC8Jw6gXKD4THA=="],
-    "@typescript-eslint/project-service": ["@typescript-eslint/project-service@8.52.0", "", { "dependencies": { "@typescript-eslint/tsconfig-utils": "^8.52.0", "@typescript-eslint/types": "^8.52.0", "debug": "^4.4.3" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-xD0MfdSdEmeFa3OmVqonHi+Cciab96ls1UhIF/qX/O/gPu5KXD0bY9lu33jj04fjzrXHcuvjBcBC+D3SNSadaw=="],
+    "@typescript-eslint/project-service": ["@typescript-eslint/project-service@8.49.0", "", { "dependencies": { "@typescript-eslint/tsconfig-utils": "^8.49.0", "@typescript-eslint/types": "^8.49.0", "debug": "^4.3.4" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-/wJN0/DKkmRUMXjZUXYZpD1NEQzQAAn9QWfGwo+Ai8gnzqH7tvqS7oNVdTjKqOcPyVIdZdyCMoqN66Ia789e7g=="],
    "@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.46.1", "", { "dependencies": { "@typescript-eslint/types": "8.46.1", "@typescript-eslint/visitor-keys": "8.46.1" } }, "sha512-weL9Gg3/5F0pVQKiF8eOXFZp8emqWzZsOJuWRUNtHT+UNV2xSJegmpCNQHy37aEQIbToTq7RHKhWvOsmbM680A=="],
-    "@typescript-eslint/tsconfig-utils": ["@typescript-eslint/tsconfig-utils@8.52.0", "", { "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-jl+8fzr/SdzdxWJznq5nvoI7qn2tNYV/ZBAEcaFMVXf+K6jmXvAFrgo/+5rxgnL152f//pDEAYAhhBAZGrVfwg=="],
+    "@typescript-eslint/tsconfig-utils": ["@typescript-eslint/tsconfig-utils@8.49.0", "", { "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-8prixNi1/6nawsRYxet4YOhnbW+W9FK/bQPxsGB1D3ZrDzbJ5FXw5XmzxZv82X3B+ZccuSxo/X8q9nQ+mFecWA=="],
-    "@typescript-eslint/type-utils": ["@typescript-eslint/type-utils@8.52.0", "", { "dependencies": { "@typescript-eslint/types": "8.52.0", "@typescript-eslint/typescript-estree": "8.52.0", "@typescript-eslint/utils": "8.52.0", "debug": "^4.4.3", "ts-api-utils": "^2.4.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-JD3wKBRWglYRQkAtsyGz1AewDu3mTc7NtRjR/ceTyGoPqmdS5oCdx/oZMWD5Zuqmo6/MpsYs0wp6axNt88/2EQ=="],
+    "@typescript-eslint/type-utils": ["@typescript-eslint/type-utils@8.49.0", "", { "dependencies": { "@typescript-eslint/types": "8.49.0", "@typescript-eslint/typescript-estree": "8.49.0", "@typescript-eslint/utils": "8.49.0", "debug": "^4.3.4", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-KTExJfQ+svY8I10P4HdxKzWsvtVnsuCifU5MvXrRwoP2KOlNZ9ADNEWWsQTJgMxLzS5VLQKDjkCT/YzgsnqmZg=="],
    "@typescript-eslint/types": ["@typescript-eslint/types@8.46.1", "", {}, "sha512-C+soprGBHwWBdkDpbaRC4paGBrkIXxVlNohadL5o0kfhsXqOC6GYH2S/Obmig+I0HTDl8wMaRySwrfrXVP8/pQ=="],
-    "@typescript-eslint/typescript-estree": ["@typescript-eslint/typescript-estree@8.52.0", "", { "dependencies": { "@typescript-eslint/project-service": "8.52.0", "@typescript-eslint/tsconfig-utils": "8.52.0", "@typescript-eslint/types": "8.52.0", "@typescript-eslint/visitor-keys": "8.52.0", "debug": "^4.4.3", "minimatch": "^9.0.5", "semver": "^7.7.3", "tinyglobby": "^0.2.15", "ts-api-utils": "^2.4.0" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-XP3LClsCc0FsTK5/frGjolyADTh3QmsLp6nKd476xNI9CsSsLnmn4f0jrzNoAulmxlmNIpeXuHYeEQv61Q6qeQ=="],
+    "@typescript-eslint/typescript-estree": ["@typescript-eslint/typescript-estree@8.49.0", "", { "dependencies": { "@typescript-eslint/project-service": "8.49.0", "@typescript-eslint/tsconfig-utils": "8.49.0", "@typescript-eslint/types": "8.49.0", "@typescript-eslint/visitor-keys": "8.49.0", "debug": "^4.3.4", "minimatch": "^9.0.4", "semver": "^7.6.0", "tinyglobby": "^0.2.15", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-jrLdRuAbPfPIdYNppHJ/D0wN+wwNfJ32YTAm10eJVsFmrVpXQnDWBn8niCSMlWjvml8jsce5E/O+86IQtTbJWA=="],
    "@typescript-eslint/utils": ["@typescript-eslint/utils@8.46.1", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.46.1", "@typescript-eslint/types": "8.46.1", "@typescript-eslint/typescript-estree": "8.46.1" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-vkYUy6LdZS7q1v/Gxb2Zs7zziuXN0wxqsetJdeZdRe/f5dwJFglmuvZBfTUivCtjH725C1jWCDfpadadD95EDQ=="],
-    "@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.52.0", "", { "dependencies": { "@typescript-eslint/types": "8.52.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-ink3/Zofus34nmBsPjow63FP5M7IGff0RKAgqR6+CFpdk22M7aLwC9gOcLGYqr7MczLPzZVERW9hRog3O4n1sQ=="],
+    "@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.49.0", "", { "dependencies": { "@typescript-eslint/types": "8.49.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-LlKaciDe3GmZFphXIc79THF/YYBugZ7FS1pO581E/edlVVNbZKDy93evqmrfQ9/Y4uN0vVhX4iuchq26mK/iiA=="],
    "@ungap/structured-clone": ["@ungap/structured-clone@1.3.0", "", {}, "sha512-WmoN8qaIAo7WTYWbAZuG8PYEhn5fkz7dZrqTBZ7dtt//lL2Gwms1IcnQ5yHqjDfX8Ft5j4YzDM23f87zBfDe9g=="],
@@ -493,17 +491,17 @@
    "es-set-tostringtag": ["es-set-tostringtag@2.1.0", "", { "dependencies": { "es-errors": "^1.3.0", "get-intrinsic": "^1.2.6", "has-tostringtag": "^1.0.2", "hasown": "^2.0.2" } }, "sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA=="],
-    "esbuild": ["esbuild@0.27.2", "", { "optionalDependencies": { "@esbuild/aix-ppc64": "0.27.2", "@esbuild/android-arm": "0.27.2", "@esbuild/android-arm64": "0.27.2", "@esbuild/android-x64": "0.27.2", "@esbuild/darwin-arm64": "0.27.2", "@esbuild/darwin-x64": "0.27.2", "@esbuild/freebsd-arm64": "0.27.2", "@esbuild/freebsd-x64": "0.27.2", "@esbuild/linux-arm": "0.27.2", "@esbuild/linux-arm64": "0.27.2", "@esbuild/linux-ia32": "0.27.2", "@esbuild/linux-loong64": "0.27.2", "@esbuild/linux-mips64el": "0.27.2", "@esbuild/linux-ppc64": "0.27.2", "@esbuild/linux-riscv64": "0.27.2", "@esbuild/linux-s390x": "0.27.2", "@esbuild/linux-x64": "0.27.2", "@esbuild/netbsd-arm64": "0.27.2", "@esbuild/netbsd-x64": "0.27.2", "@esbuild/openbsd-arm64": "0.27.2", "@esbuild/openbsd-x64": "0.27.2", "@esbuild/openharmony-arm64": "0.27.2", "@esbuild/sunos-x64": "0.27.2", "@esbuild/win32-arm64": "0.27.2", "@esbuild/win32-ia32": "0.27.2", "@esbuild/win32-x64": "0.27.2" }, "bin": { "esbuild": "bin/esbuild" } }, "sha512-HyNQImnsOC7X9PMNaCIeAm4ISCQXs5a5YasTXVliKv4uuBo1dKrG0A+uQS8M5eXjVMnLg3WgXaKvprHlFJQffw=="],
+    "esbuild": ["esbuild@0.25.4", "", { "optionalDependencies": { "@esbuild/aix-ppc64": "0.25.4", "@esbuild/android-arm": "0.25.4", "@esbuild/android-arm64": "0.25.4", "@esbuild/android-x64": "0.25.4", "@esbuild/darwin-arm64": "0.25.4", "@esbuild/darwin-x64": "0.25.4", "@esbuild/freebsd-arm64": "0.25.4", "@esbuild/freebsd-x64": "0.25.4", "@esbuild/linux-arm": "0.25.4", "@esbuild/linux-arm64": "0.25.4", "@esbuild/linux-ia32": "0.25.4", "@esbuild/linux-loong64": "0.25.4", "@esbuild/linux-mips64el": "0.25.4", "@esbuild/linux-ppc64": "0.25.4", "@esbuild/linux-riscv64": "0.25.4", "@esbuild/linux-s390x": "0.25.4", "@esbuild/linux-x64": "0.25.4", "@esbuild/netbsd-arm64": "0.25.4", "@esbuild/netbsd-x64": "0.25.4", "@esbuild/openbsd-arm64": "0.25.4", "@esbuild/openbsd-x64": "0.25.4", "@esbuild/sunos-x64": "0.25.4", "@esbuild/win32-arm64": "0.25.4", "@esbuild/win32-ia32": "0.25.4", "@esbuild/win32-x64": "0.25.4" }, "bin": { "esbuild": "bin/esbuild" } }, "sha512-8pgjLUcUjcgDg+2Q4NYXnPbo/vncAY4UmyaCm0jZevERqCHZIaWwdJHkf8XQtu4AxSKCdvrUbT0XUr1IdZzI8Q=="],
    "escalade": ["escalade@3.2.0", "", {}, "sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA=="],
    "escape-string-regexp": ["escape-string-regexp@4.0.0", "", {}, "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA=="],
-    "eslint": ["eslint@9.39.2", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.8.0", "@eslint-community/regexpp": "^4.12.1", "@eslint/config-array": "^0.21.1", "@eslint/config-helpers": "^0.4.2", "@eslint/core": "^0.17.0", "@eslint/eslintrc": "^3.3.1", "@eslint/js": "9.39.2", "@eslint/plugin-kit": "^0.4.1", "@humanfs/node": "^0.16.6", "@humanwhocodes/module-importer": "^1.0.1", "@humanwhocodes/retry": "^0.4.2", "@types/estree": "^1.0.6", "ajv": "^6.12.4", "chalk": "^4.0.0", "cross-spawn": "^7.0.6", "debug": "^4.3.2", "escape-string-regexp": "^4.0.0", "eslint-scope": "^8.4.0", "eslint-visitor-keys": "^4.2.1", "espree": "^10.4.0", "esquery": "^1.5.0", "esutils": "^2.0.2", "fast-deep-equal": "^3.1.3", "file-entry-cache": "^8.0.0", "find-up": "^5.0.0", "glob-parent": "^6.0.2", "ignore": "^5.2.0", "imurmurhash": "^0.1.4", "is-glob": "^4.0.0", "json-stable-stringify-without-jsonify": "^1.0.1", "lodash.merge": "^4.6.2", "minimatch": "^3.1.2", "natural-compare": "^1.4.0", "optionator": "^0.9.3" }, "peerDependencies": { "jiti": "*" }, "optionalPeers": ["jiti"], "bin": { "eslint": "bin/eslint.js" } }, "sha512-LEyamqS7W5HB3ujJyvi0HQK/dtVINZvd5mAAp9eT5S/ujByGjiZLCzPcHVzuXbpJDJF/cxwHlfceVUDZ2lnSTw=="],
+    "eslint": ["eslint@9.39.1", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.8.0", "@eslint-community/regexpp": "^4.12.1", "@eslint/config-array": "^0.21.1", "@eslint/config-helpers": "^0.4.2", "@eslint/core": "^0.17.0", "@eslint/eslintrc": "^3.3.1", "@eslint/js": "9.39.1", "@eslint/plugin-kit": "^0.4.1", "@humanfs/node": "^0.16.6", "@humanwhocodes/module-importer": "^1.0.1", "@humanwhocodes/retry": "^0.4.2", "@types/estree": "^1.0.6", "ajv": "^6.12.4", "chalk": "^4.0.0", "cross-spawn": "^7.0.6", "debug": "^4.3.2", "escape-string-regexp": "^4.0.0", "eslint-scope": "^8.4.0", "eslint-visitor-keys": "^4.2.1", "espree": "^10.4.0", "esquery": "^1.5.0", "esutils": "^2.0.2", "fast-deep-equal": "^3.1.3", "file-entry-cache": "^8.0.0", "find-up": "^5.0.0", "glob-parent": "^6.0.2", "ignore": "^5.2.0", "imurmurhash": "^0.1.4", "is-glob": "^4.0.0", "json-stable-stringify-without-jsonify": "^1.0.1", "lodash.merge": "^4.6.2", "minimatch": "^3.1.2", "natural-compare": "^1.4.0", "optionator": "^0.9.3" }, "peerDependencies": { "jiti": "*" }, "optionalPeers": ["jiti"], "bin": { "eslint": "bin/eslint.js" } }, "sha512-BhHmn2yNOFA9H9JmmIVKJmd288g9hrVRDkdoIgRCRuSySRUHH7r/DI6aAXW9T1WwUuY3DFgrcaqB+deURBLR5g=="],
    "eslint-plugin-react-hooks": ["eslint-plugin-react-hooks@7.0.1", "", { "dependencies": { "@babel/core": "^7.24.4", "@babel/parser": "^7.24.4", "hermes-parser": "^0.25.1", "zod": "^3.25.0 || ^4.0.0", "zod-validation-error": "^3.5.0 || ^4.0.0" }, "peerDependencies": { "eslint": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-0 || ^9.0.0" } }, "sha512-O0d0m04evaNzEPoSW+59Mezf8Qt0InfgGIBJnpC0h3NH/WjUAR7BIKUfysC6todmtiZ/A0oUVS8Gce0WhBrHsA=="],
-    "eslint-plugin-react-refresh": ["eslint-plugin-react-refresh@0.4.26", "", { "peerDependencies": { "eslint": ">=8.40" } }, "sha512-1RETEylht2O6FM/MvgnyvT+8K21wLqDNg4qD51Zj3guhjt433XbnnkVttHMyaVyAFD03QSV4LPS5iE3VQmO7XQ=="],
+    "eslint-plugin-react-refresh": ["eslint-plugin-react-refresh@0.4.24", "", { "peerDependencies": { "eslint": ">=8.40" } }, "sha512-nLHIW7TEq3aLrEYWpVaJ1dRgFR+wLDPN8e8FpYAql/bMV2oBEfC37K0gLEGgv9fy66juNShSMV8OkTqzltcG/w=="],
    "eslint-scope": ["eslint-scope@8.4.0", "", { "dependencies": { "esrecurse": "^4.3.0", "estraverse": "^5.2.0" } }, "sha512-sNXOfKCn74rt8RICKMvJS7XKV/Xk9kA7DyJr8mJik3S7Cwgy3qlkkmyS2uQB3jiJg6VNdZd/pDBJu0nvG2NlTg=="],
@@ -563,7 +561,7 @@
    "glob-parent": ["glob-parent@6.0.2", "", { "dependencies": { "is-glob": "^4.0.3" } }, "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A=="],
-    "globals": ["globals@17.0.0", "", {}, "sha512-gv5BeD2EssA793rlFWVPMMCqefTlpusw6/2TbAVMy0FzcG8wKJn4O+NqJ4+XWmmwrayJgw5TzrmWjFgmz1XPqw=="],
+    "globals": ["globals@16.5.0", "", {}, "sha512-c/c15i26VrJ4IRt5Z89DnIzCGDn9EcebibhAOjw5ibqEHsE1wLUgkPn9RDmNcUKyU87GeaL633nyJ+pplFR2ZQ=="],
    "gopd": ["gopd@1.2.0", "", {}, "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg=="],
@@ -589,7 +587,7 @@
    "html-url-attributes": ["html-url-attributes@3.0.1", "", {}, "sha512-ol6UPyBWqsrO6EJySPz2O7ZSr856WDrEzM5zMqp+FJJLGMW35cLYmmZnl0vztAZxRUoNZJFTCohfjuIJ8I4QBQ=="],
-    "i18next": ["i18next@25.7.4", "", { "dependencies": { "@babel/runtime": "^7.28.4" }, "peerDependencies": { "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-hRkpEblXXcXSNbw8mBNq9042OEetgyB/ahc/X17uV/khPwzV+uB8RHceHh3qavyrkPJvmXFKXME2Sy1E0KjAfw=="],
+    "i18next": ["i18next@25.7.2", "", { "dependencies": { "@babel/runtime": "^7.28.4" }, "peerDependencies": { "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-58b4kmLpLv1buWUEwegMDUqZVR5J+rT+WTRFaBGL7lxDuJQQ0NrJFrq+eT2N94aYVR1k1Sr13QITNOL88tZCuw=="],
    "i18next-browser-languagedetector": ["i18next-browser-languagedetector@8.2.0", "", { "dependencies": { "@babel/runtime": "^7.23.2" } }, "sha512-P+3zEKLnOF0qmiesW383vsLdtQVyKtCNA9cjSoKCppTKPQVfKd2W8hbVo5ZhNJKDqeM7BOcvNoKJOjpHh4Js9g=="],
@@ -675,7 +673,7 @@
    "lru-cache": ["lru-cache@5.1.1", "", { "dependencies": { "yallist": "^3.0.2" } }, "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w=="],
-    "lucide-react": ["lucide-react@0.562.0", "", { "peerDependencies": { "react": "^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-82hOAu7y0dbVuFfmO4bYF1XEwYk/mEbM5E+b1jgci/udUBEE/R7LF5Ip0CCEmXe8AybRM8L+04eP+LGZeDvkiw=="],
+    "lucide-react": ["lucide-react@0.556.0", "", { "peerDependencies": { "react": "^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-iOb8dRk7kLaYBZhR2VlV1CeJGxChBgUthpSP8wom9jfj79qovgG6qcSdiy6vkoREKPnbUYzJsCn4o4PtG3Iy+A=="],
    "magic-string": ["magic-string@0.30.21", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.5" } }, "sha512-vd2F4YUyEXKGcLHoq+TEyCjxueSeHnFxyyjNp80yg0XV4vUhnDer/lvvlqM/arB5bXQN5K2/3oinyCRyx8T2CQ=="],
@@ -791,13 +789,13 @@
    "queue-microtask": ["queue-microtask@1.2.3", "", {}, "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A=="],
-    "react": ["react@19.2.3", "", {}, "sha512-Ku/hhYbVjOQnXDZFv2+RibmLFGwFdeeKHFcOTlrt7xplBnya5OGn/hIRDsqDiSUcfORsDC7MPxwork8jBwsIWA=="],
+    "react": ["react@19.2.1", "", {}, "sha512-DGrYcCWK7tvYMnWh79yrPHt+vdx9tY+1gPZa7nJQtO/p8bLTDaHp4dzwEhQB7pZ4Xe3ok4XKuEPrVuc+wlpkmw=="],
-    "react-dom": ["react-dom@19.2.3", "", { "dependencies": { "scheduler": "^0.27.0" }, "peerDependencies": { "react": "^19.2.3" } }, "sha512-yELu4WmLPw5Mr/lmeEpox5rw3RETacE++JgHqQzd2dg+YbJuat3jH4ingc+WPZhxaoFzdv9y33G+F7Nl5O0GBg=="],
+    "react-dom": ["react-dom@19.2.1", "", { "dependencies": { "scheduler": "^0.27.0" }, "peerDependencies": { "react": "^19.2.1" } }, "sha512-ibrK8llX2a4eOskq1mXKu/TGZj9qzomO+sNfO98M6d9zIPOEhlBkMkBUBLd1vgS0gQsLDBzA+8jJBVXDnfHmJg=="],
-    "react-hook-form": ["react-hook-form@7.70.0", "", { "peerDependencies": { "react": "^16.8.0 || ^17 || ^18 || ^19" } }, "sha512-COOMajS4FI3Wuwrs3GPpi/Jeef/5W1DRR84Yl5/ShlT3dKVFUfoGiEZ/QE6Uw8P4T2/CLJdcTVYKvWBMQTEpvw=="],
+    "react-hook-form": ["react-hook-form@7.68.0", "", { "peerDependencies": { "react": "^16.8.0 || ^17 || ^18 || ^19" } }, "sha512-oNN3fjrZ/Xo40SWlHf1yCjlMK417JxoSJVUXQjGdvdRCU07NTFei1i1f8ApUAts+IVh14e4EdakeLEA+BEAs/Q=="],
-    "react-i18next": ["react-i18next@16.5.1", "", { "dependencies": { "@babel/runtime": "^7.28.4", "html-parse-stringify": "^3.0.1", "use-sync-external-store": "^1.6.0" }, "peerDependencies": { "i18next": ">= 25.6.2", "react": ">= 16.8.0", "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-Hks6UIRZWW4c+qDAnx1csVsCGYeIR4MoBGQgJ+NUoNnO6qLxXuf8zu0xdcinyXUORgGzCdRsexxO1Xzv3sTdnw=="],
+    "react-i18next": ["react-i18next@16.4.0", "", { "dependencies": { "@babel/runtime": "^7.27.6", "html-parse-stringify": "^3.0.1", "use-sync-external-store": "^1.6.0" }, "peerDependencies": { "i18next": ">= 25.6.2", "react": ">= 16.8.0", "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-bxVeBA8Ky2UeItNhF4JRxHCFIrpEJHGFG/mOAa4CR0JkqaDEYSLmlEgmC4Os63SBlZ+E5U0YyrNJOSVl2mtVqQ=="],
    "react-markdown": ["react-markdown@10.1.0", "", { "dependencies": { "@types/hast": "^3.0.0", "@types/mdast": "^4.0.0", "devlop": "^1.0.0", "hast-util-to-jsx-runtime": "^2.0.0", "html-url-attributes": "^3.0.0", "mdast-util-to-hast": "^13.0.0", "remark-parse": "^11.0.0", "remark-rehype": "^11.0.0", "unified": "^11.0.0", "unist-util-visit": "^5.0.0", "vfile": "^6.0.0" }, "peerDependencies": { "@types/react": ">=18", "react": ">=18" } }, "sha512-qKxVopLT/TyA6BX3Ue5NwabOsAzm0Q7kAPwq6L+wWDwisYs7R8vZ0nRXqq6rkueboxpkjvLGU9fWifiX/ZZFxQ=="],
@@ -807,7 +805,7 @@
    "react-remove-scroll-bar": ["react-remove-scroll-bar@2.3.8", "", { "dependencies": { "react-style-singleton": "^2.2.2", "tslib": "^2.0.0" }, "peerDependencies": { "@types/react": "*", "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" }, "optionalPeers": ["@types/react"] }, "sha512-9r+yi9+mgU33AKcj6IbT9oRCO78WriSj6t/cF8DWBZJ9aOGPOTEDvdUDz1FwKim7QXWwmHqtdHnRJfhAxEG46Q=="],
-    "react-router": ["react-router@7.12.0", "", { "dependencies": { "cookie": "^1.0.1", "set-cookie-parser": "^2.6.0" }, "peerDependencies": { "react": ">=18", "react-dom": ">=18" }, "optionalPeers": ["react-dom"] }, "sha512-kTPDYPFzDVGIIGNLS5VJykK0HfHLY5MF3b+xj0/tTyNYL1gF1qs7u67Z9jEhQk2sQ98SUaHxlG31g1JtF7IfVw=="],
+    "react-router": ["react-router@7.10.1", "", { "dependencies": { "cookie": "^1.0.1", "set-cookie-parser": "^2.6.0" }, "peerDependencies": { "react": ">=18", "react-dom": ">=18" }, "optionalPeers": ["react-dom"] }, "sha512-gHL89dRa3kwlUYtRQ+m8NmxGI6CgqN+k4XyGjwcFoQwwCWF6xXpOCUlDovkXClS0d0XJN/5q7kc5W3kiFEd0Yw=="],
    "react-style-singleton": ["react-style-singleton@2.2.3", "", { "dependencies": { "get-nonce": "^1.0.0", "tslib": "^2.0.0" }, "peerDependencies": { "@types/react": "*", "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react"] }, "sha512-b6jSvxvVnyptAiLjbkWLE/lOnR4lfTtDAl+eUC7RZy+QQWc6wRzIV2CE6xBuMmDxc2qIihtDCZD5NPOFl7fRBQ=="],
@@ -851,7 +849,7 @@
    "tailwind-merge": ["tailwind-merge@3.4.0", "", {}, "sha512-uSaO4gnW+b3Y2aWoWfFpX62vn2sR3skfhbjsEnaBI81WD1wBLlHZe5sWf0AqjksNdYTbGBEd0UasQMT3SNV15g=="],
-    "tailwindcss": ["tailwindcss@4.1.18", "", {}, "sha512-4+Z+0yiYyEtUVCScyfHCxOYP06L5Ne+JiHhY2IjR2KWMIWhJOYZKLSGZaP5HkZ8+bY0cxfzwDE5uOmzFXyIwxw=="],
+    "tailwindcss": ["tailwindcss@4.1.17", "", {}, "sha512-j9Ee2YjuQqYT9bbRTfTZht9W/ytp5H+jJpZKiYdP/bpnXARAuELt9ofP0lPnmHjbga7SNQIxdTAXCmtKVYjN+Q=="],
    "tapable": ["tapable@2.2.1", "", {}, "sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ=="],
@@ -863,7 +861,7 @@
    "trough": ["trough@2.2.0", "", {}, "sha512-tmMpK00BjZiUyVyvrBK7knerNgmgvcV/KLVyuma/SC+TQN167GrMRciANTz09+k3zW8L8t60jWO1GpfkZdjTaw=="],
-    "ts-api-utils": ["ts-api-utils@2.4.0", "", { "peerDependencies": { "typescript": ">=4.8.4" } }, "sha512-3TaVTaAv2gTiMB35i3FiGJaRfwb3Pyn/j3m/bfAvGe8FB7CF6u+LMYqYlDh7reQf7UNvoTvdfAqHGmPGOSsPmA=="],
+    "ts-api-utils": ["ts-api-utils@2.1.0", "", { "peerDependencies": { "typescript": ">=4.8.4" } }, "sha512-CUgTZL1irw8u29bzrOD/nH85jqyc74D6SshFgujOIA7osm2Rz7dYH77agkx7H4FBNxDq7Cjf+IjaX/8zwFW+ZQ=="],
    "tslib": ["tslib@2.8.1", "", {}, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],
@@ -873,7 +871,7 @@
    "typescript": ["typescript@5.9.3", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw=="],
-    "typescript-eslint": ["typescript-eslint@8.52.0", "", { "dependencies": { "@typescript-eslint/eslint-plugin": "8.52.0", "@typescript-eslint/parser": "8.52.0", "@typescript-eslint/typescript-estree": "8.52.0", "@typescript-eslint/utils": "8.52.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-atlQQJ2YkO4pfTVQmQ+wvYQwexPDOIgo+RaVcD7gHgzy/IQA+XTyuxNM9M9TVXvttkF7koBHmcwisKdOAf2EcA=="],
+    "typescript-eslint": ["typescript-eslint@8.49.0", "", { "dependencies": { "@typescript-eslint/eslint-plugin": "8.49.0", "@typescript-eslint/parser": "8.49.0", "@typescript-eslint/typescript-estree": "8.49.0", "@typescript-eslint/utils": "8.49.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-zRSVH1WXD0uXczCXw+nsdjGPUdx4dfrs5VQoHnUWmv1U3oNlAKv4FUNdLDhVUg+gYn+a5hUESqch//Rv5wVhrg=="],
    "undici-types": ["undici-types@7.16.0", "", {}, "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw=="],
@@ -903,7 +901,7 @@
    "vfile-message": ["vfile-message@4.0.2", "", { "dependencies": { "@types/unist": "^3.0.0", "unist-util-stringify-position": "^4.0.0" } }, "sha512-jRDZ1IMLttGj41KcZvlrYAaI3CfqpLpfpf+Mfig13viT6NKvRzWZ+lXz0Y5D60w6uJIBAOGq9mSHf0gktF0duw=="],
-    "vite": ["vite@7.3.1", "", { "dependencies": { "esbuild": "^0.27.0", "fdir": "^6.5.0", "picomatch": "^4.0.3", "postcss": "^8.5.6", "rollup": "^4.43.0", "tinyglobby": "^0.2.15" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "jiti": ">=1.21.0", "less": "^4.0.0", "lightningcss": "^1.21.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-w+N7Hifpc3gRjZ63vYBXA56dvvRlNWRczTdmCBBa+CotUzAPf5b7YMdMR/8CQoeYE5LX3W4wj6RYTgonm1b9DA=="],
+    "vite": ["vite@7.2.7", "", { "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.5.0", "picomatch": "^4.0.3", "postcss": "^8.5.6", "rollup": "^4.43.0", "tinyglobby": "^0.2.15" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "jiti": ">=1.21.0", "less": "^4.0.0", "lightningcss": "^1.21.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-ITcnkFeR3+fI8P1wMgItjGrR10170d8auB4EpMLPqmx6uxElH3a/hHGQabSHKdqd4FXWO1nFIp9rRn7JQ34ACQ=="],
    "void-elements": ["void-elements@3.1.0", "", {}, "sha512-Dhxzh5HZuiHQhbvTW9AMetFfBHDMYpo23Uo9btPXgdYP+3T5S+p+jgNy7spra+veYhBP2dCSgxR/i2Y02h5/6w=="],
@@ -915,7 +913,7 @@
    "yocto-queue": ["yocto-queue@0.1.0", "", {}, "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q=="],
-    "zod": ["zod@4.3.5", "", {}, "sha512-k7Nwx6vuWx1IJ9Bjuf4Zt1PEllcwe7cls3VNzm4CQ1/hgtFUK2bRNG3rvnpPUhFjmqJKAKtjV576KnUkHocg/g=="],
+    "zod": ["zod@4.1.13", "", {}, "sha512-AvvthqfqrAhNH9dnfmrfKzX5upOdjUVJYFqNSlkmGf64gRaTzlPwz99IHYnVs28qYAybvAlBV+H7pn0saFY4Ig=="],
    "zod-validation-error": ["zod-validation-error@4.0.2", "", { "peerDependencies": { "zod": "^3.25.0 || ^4.0.0" } }, "sha512-Q6/nZLe6jxuU80qb/4uJ4t5v2VEZ44lzQjPDhYJNztRQ4wyWc6VF3D3Kb/fAuPetZQnhS3hnajCf9CsWesghLQ=="],
@@ -969,13 +967,13 @@
    "@tailwindcss/node/jiti": ["jiti@2.6.1", "", { "bin": { "jiti": "lib/jiti-cli.mjs" } }, "sha512-ekilCSN1jwRvIbgeg/57YFh8qQDNbwDb9xT/qu2DAHbFFZUicIl4ygVaAvzveMhMVr3LnpSKTNnwt8PoOfmKhQ=="],
-    "@tailwindcss/oxide-wasm32-wasi/@emnapi/core": ["@emnapi/core@1.7.1", "", { "dependencies": { "@emnapi/wasi-threads": "1.1.0", "tslib": "^2.4.0" }, "bundled": true }, "sha512-o1uhUASyo921r2XtHYOHy7gdkGLge8ghBEQHMWmyJFoXlpU58kIrhhN3w26lpQb6dspetweapMn2CSNwQ8I4wg=="],
+    "@tailwindcss/oxide-wasm32-wasi/@emnapi/core": ["@emnapi/core@1.7.0", "", { "dependencies": { "@emnapi/wasi-threads": "1.1.0", "tslib": "^2.4.0" }, "bundled": true }, "sha512-pJdKGq/1iquWYtv1RRSljZklxHCOCAJFJrImO5ZLKPJVJlVUcs8yFwNQlqS0Lo8xT1VAXXTCZocF9n26FWEKsw=="],
-    "@tailwindcss/oxide-wasm32-wasi/@emnapi/runtime": ["@emnapi/runtime@1.7.1", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-PVtJr5CmLwYAU9PZDMITZoR5iAOShYREoR45EyyLrbntV50mdePTgUn4AmOw90Ifcj+x2kRjdzr1HP3RrNiHGA=="],
+    "@tailwindcss/oxide-wasm32-wasi/@emnapi/runtime": ["@emnapi/runtime@1.7.0", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-oAYoQnCYaQZKVS53Fq23ceWMRxq5EhQsE0x0RdQ55jT7wagMu5k+fS39v1fiSLrtrLQlXwVINenqhLMtTrV/1Q=="],
    "@tailwindcss/oxide-wasm32-wasi/@emnapi/wasi-threads": ["@emnapi/wasi-threads@1.1.0", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-WI0DdZ8xFSbgMjR1sFsKABJ/C5OnRrjT06JXbZKexJGrDuPTzZdDYfFlsgcCXCyf+suG5QU2e/y1Wo2V/OapLQ=="],
-    "@tailwindcss/oxide-wasm32-wasi/@napi-rs/wasm-runtime": ["@napi-rs/wasm-runtime@1.1.0", "", { "dependencies": { "@emnapi/core": "^1.7.1", "@emnapi/runtime": "^1.7.1", "@tybys/wasm-util": "^0.10.1" }, "bundled": true }, "sha512-Fq6DJW+Bb5jaWE69/qOE0D1TUN9+6uWhCeZpdnSBk14pjLcCWR7Q8n49PTSPHazM37JqrsdpEthXy2xn6jWWiA=="],
+    "@tailwindcss/oxide-wasm32-wasi/@napi-rs/wasm-runtime": ["@napi-rs/wasm-runtime@1.0.7", "", { "dependencies": { "@emnapi/core": "^1.5.0", "@emnapi/runtime": "^1.5.0", "@tybys/wasm-util": "^0.10.1" }, "bundled": true }, "sha512-SeDnOO0Tk7Okiq6DbXmmBODgOAb9dp9gjlphokTUxmt8U3liIP1ZsozBahH69j/RJv+Rfs6IwUKHTgQYJ/HBAw=="],
    "@tailwindcss/oxide-wasm32-wasi/@tybys/wasm-util": ["@tybys/wasm-util@0.10.1", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-9tTaPJLSiejZKx+Bmog4uSubteqTvFrVrURwkmHixBo0G4seD0zUxp98E1DzUBJxLQ3NPwXrGKDiVjwx/DpPsg=="],
@@ -995,43 +993,33 @@
    "@types/estree-jsx/@types/estree": ["@types/estree@1.0.7", "", {}, "sha512-w28IoSUCJpidD/TGviZwwMJckNESJZXFu7NBZ5YJ4mEUnNraUn9Pm8HSZm/jDF1pDWYKspWE7oVphigUPRakIQ=="],
-    "@typescript-eslint/eslint-plugin/@eslint-community/regexpp": ["@eslint-community/regexpp@4.12.2", "", {}, "sha512-EriSTlt5OC9/7SXkRSCAhfSxxoSUgBm33OH+IkwbdpgoqsSsUg7y3uh+IICI/Qg4BBWr3U2i39RpmycbxMq4ew=="],
+    "@typescript-eslint/eslint-plugin/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.49.0", "", { "dependencies": { "@typescript-eslint/types": "8.49.0", "@typescript-eslint/visitor-keys": "8.49.0" } }, "sha512-npgS3zi+/30KSOkXNs0LQXtsg9ekZ8OISAOLGWA/ZOEn0ZH74Ginfl7foziV8DT+D98WfQ5Kopwqb/PZOaIJGg=="],
-    "@typescript-eslint/eslint-plugin/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.52.0", "", { "dependencies": { "@typescript-eslint/types": "8.52.0", "@typescript-eslint/visitor-keys": "8.52.0" } }, "sha512-ixxqmmCcc1Nf8S0mS0TkJ/3LKcC8mruYJPOU6Ia2F/zUUR4pApW7LzrpU3JmtePbRUTes9bEqRc1Gg4iyRnDzA=="],
+    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils": ["@typescript-eslint/utils@8.49.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.49.0", "@typescript-eslint/types": "8.49.0", "@typescript-eslint/typescript-estree": "8.49.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-N3W7rJw7Rw+z1tRsHZbK395TWSYvufBXumYtEGzypgMUthlg0/hmCImeA8hgO2d2G4pd7ftpxxul2J8OdtdaFA=="],
-    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils": ["@typescript-eslint/utils@8.52.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.9.1", "@typescript-eslint/scope-manager": "8.52.0", "@typescript-eslint/types": "8.52.0", "@typescript-eslint/typescript-estree": "8.52.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-wYndVMWkweqHpEpwPhwqE2lnD2DxC6WVLupU/DOt/0/v+/+iQbbzO3jOHjmBMnhu0DgLULvOaU4h4pwHYi2oRQ=="],
+    "@typescript-eslint/eslint-plugin/ignore": ["ignore@7.0.4", "", {}, "sha512-gJzzk+PQNznz8ysRrC0aOkBNVRBDtE1n53IqyqEf3PXrYwomFs5q4pGMizBMJF+ykh03insJ27hB8gSrD2Hn8A=="],
-    "@typescript-eslint/eslint-plugin/ignore": ["ignore@7.0.5", "", {}, "sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg=="],
+    "@typescript-eslint/parser/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.49.0", "", { "dependencies": { "@typescript-eslint/types": "8.49.0", "@typescript-eslint/visitor-keys": "8.49.0" } }, "sha512-npgS3zi+/30KSOkXNs0LQXtsg9ekZ8OISAOLGWA/ZOEn0ZH74Ginfl7foziV8DT+D98WfQ5Kopwqb/PZOaIJGg=="],
-    "@typescript-eslint/parser/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.52.0", "", { "dependencies": { "@typescript-eslint/types": "8.52.0", "@typescript-eslint/visitor-keys": "8.52.0" } }, "sha512-ixxqmmCcc1Nf8S0mS0TkJ/3LKcC8mruYJPOU6Ia2F/zUUR4pApW7LzrpU3JmtePbRUTes9bEqRc1Gg4iyRnDzA=="],
+    "@typescript-eslint/parser/@typescript-eslint/types": ["@typescript-eslint/types@8.49.0", "", {}, "sha512-e9k/fneezorUo6WShlQpMxXh8/8wfyc+biu6tnAqA81oWrEic0k21RHzP9uqqpyBBeBKu4T+Bsjy9/b8u7obXQ=="],
-    "@typescript-eslint/parser/@typescript-eslint/types": ["@typescript-eslint/types@8.52.0", "", {}, "sha512-LWQV1V4q9V4cT4H5JCIx3481iIFxH1UkVk+ZkGGAV1ZGcjGI9IoFOfg3O6ywz8QqCDEp7Inlg6kovMofsNRaGg=="],
+    "@typescript-eslint/project-service/@typescript-eslint/types": ["@typescript-eslint/types@8.49.0", "", {}, "sha512-e9k/fneezorUo6WShlQpMxXh8/8wfyc+biu6tnAqA81oWrEic0k21RHzP9uqqpyBBeBKu4T+Bsjy9/b8u7obXQ=="],
    "@typescript-eslint/parser/debug": ["debug@4.4.3", "", { "dependencies": { "ms": "^2.1.3" } }, "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA=="],
    "@typescript-eslint/project-service/@typescript-eslint/types": ["@typescript-eslint/types@8.52.0", "", {}, "sha512-LWQV1V4q9V4cT4H5JCIx3481iIFxH1UkVk+ZkGGAV1ZGcjGI9IoFOfg3O6ywz8QqCDEp7Inlg6kovMofsNRaGg=="],
    "@typescript-eslint/project-service/debug": ["debug@4.4.3", "", { "dependencies": { "ms": "^2.1.3" } }, "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA=="],
    "@typescript-eslint/scope-manager/@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.46.1", "", { "dependencies": { "@typescript-eslint/types": "8.46.1", "eslint-visitor-keys": "^4.2.1" } }, "sha512-ptkmIf2iDkNUjdeu2bQqhFPV1m6qTnFFjg7PPDjxKWaMaP0Z6I9l30Jr3g5QqbZGdw8YdYvLp+XnqnWWZOg/NA=="],
-    "@typescript-eslint/type-utils/@typescript-eslint/types": ["@typescript-eslint/types@8.52.0", "", {}, "sha512-LWQV1V4q9V4cT4H5JCIx3481iIFxH1UkVk+ZkGGAV1ZGcjGI9IoFOfg3O6ywz8QqCDEp7Inlg6kovMofsNRaGg=="],
+    "@typescript-eslint/type-utils/@typescript-eslint/types": ["@typescript-eslint/types@8.49.0", "", {}, "sha512-e9k/fneezorUo6WShlQpMxXh8/8wfyc+biu6tnAqA81oWrEic0k21RHzP9uqqpyBBeBKu4T+Bsjy9/b8u7obXQ=="],
-    "@typescript-eslint/type-utils/@typescript-eslint/utils": ["@typescript-eslint/utils@8.52.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.9.1", "@typescript-eslint/scope-manager": "8.52.0", "@typescript-eslint/types": "8.52.0", "@typescript-eslint/typescript-estree": "8.52.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-wYndVMWkweqHpEpwPhwqE2lnD2DxC6WVLupU/DOt/0/v+/+iQbbzO3jOHjmBMnhu0DgLULvOaU4h4pwHYi2oRQ=="],
+    "@typescript-eslint/type-utils/@typescript-eslint/utils": ["@typescript-eslint/utils@8.49.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.49.0", "@typescript-eslint/types": "8.49.0", "@typescript-eslint/typescript-estree": "8.49.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-N3W7rJw7Rw+z1tRsHZbK395TWSYvufBXumYtEGzypgMUthlg0/hmCImeA8hgO2d2G4pd7ftpxxul2J8OdtdaFA=="],
-    "@typescript-eslint/type-utils/debug": ["debug@4.4.3", "", { "dependencies": { "ms": "^2.1.3" } }, "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA=="],
+    "@typescript-eslint/typescript-estree/@typescript-eslint/types": ["@typescript-eslint/types@8.49.0", "", {}, "sha512-e9k/fneezorUo6WShlQpMxXh8/8wfyc+biu6tnAqA81oWrEic0k21RHzP9uqqpyBBeBKu4T+Bsjy9/b8u7obXQ=="],
    "@typescript-eslint/typescript-estree/@typescript-eslint/types": ["@typescript-eslint/types@8.52.0", "", {}, "sha512-LWQV1V4q9V4cT4H5JCIx3481iIFxH1UkVk+ZkGGAV1ZGcjGI9IoFOfg3O6ywz8QqCDEp7Inlg6kovMofsNRaGg=="],
    "@typescript-eslint/typescript-estree/debug": ["debug@4.4.3", "", { "dependencies": { "ms": "^2.1.3" } }, "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA=="],
    "@typescript-eslint/typescript-estree/minimatch": ["minimatch@9.0.5", "", { "dependencies": { "brace-expansion": "^2.0.1" } }, "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow=="],
-    "@typescript-eslint/typescript-estree/semver": ["semver@7.7.3", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q=="],
+    "@typescript-eslint/typescript-estree/semver": ["semver@7.7.1", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA=="],
    "@typescript-eslint/utils/@typescript-eslint/typescript-estree": ["@typescript-eslint/typescript-estree@8.46.1", "", { "dependencies": { "@typescript-eslint/project-service": "8.46.1", "@typescript-eslint/tsconfig-utils": "8.46.1", "@typescript-eslint/types": "8.46.1", "@typescript-eslint/visitor-keys": "8.46.1", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-uIifjT4s8cQKFQ8ZBXXyoUODtRoAd7F7+G8MKmtzj17+1UbdzFl52AzRyZRyKqPHhgzvXunnSckVu36flGy8cg=="],
-    "@typescript-eslint/visitor-keys/@typescript-eslint/types": ["@typescript-eslint/types@8.52.0", "", {}, "sha512-LWQV1V4q9V4cT4H5JCIx3481iIFxH1UkVk+ZkGGAV1ZGcjGI9IoFOfg3O6ywz8QqCDEp7Inlg6kovMofsNRaGg=="],
+    "@typescript-eslint/visitor-keys/@typescript-eslint/types": ["@typescript-eslint/types@8.49.0", "", {}, "sha512-e9k/fneezorUo6WShlQpMxXh8/8wfyc+biu6tnAqA81oWrEic0k21RHzP9uqqpyBBeBKu4T+Bsjy9/b8u7obXQ=="],
    "eslint-plugin-react-hooks/@babel/core": ["@babel/core@7.28.4", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.3", "@babel/helper-compilation-targets": "^7.27.2", "@babel/helper-module-transforms": "^7.28.3", "@babel/helpers": "^7.28.4", "@babel/parser": "^7.28.4", "@babel/template": "^7.27.2", "@babel/traverse": "^7.28.4", "@babel/types": "^7.28.4", "@jridgewell/remapping": "^2.3.5", "convert-source-map": "^2.0.0", "debug": "^4.1.0", "gensync": "^1.0.0-beta.2", "json5": "^2.2.3", "semver": "^6.3.1" } }, "sha512-2BCOP7TN8M+gVDj7/ht3hsaO/B/n5oDbiAyyvnRlNOs+u1o+JWNYTQrmpuNp1/Wq2gcFrI01JAW+paEKDMx/CA=="],
@@ -1049,7 +1037,7 @@
    "parse-entities/@types/unist": ["@types/unist@2.0.11", "", {}, "sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA=="],
-    "typescript-eslint/@typescript-eslint/utils": ["@typescript-eslint/utils@8.52.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.9.1", "@typescript-eslint/scope-manager": "8.52.0", "@typescript-eslint/types": "8.52.0", "@typescript-eslint/typescript-estree": "8.52.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-wYndVMWkweqHpEpwPhwqE2lnD2DxC6WVLupU/DOt/0/v+/+iQbbzO3jOHjmBMnhu0DgLULvOaU4h4pwHYi2oRQ=="],
+    "typescript-eslint/@typescript-eslint/utils": ["@typescript-eslint/utils@8.49.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.49.0", "@typescript-eslint/types": "8.49.0", "@typescript-eslint/typescript-estree": "8.49.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-N3W7rJw7Rw+z1tRsHZbK395TWSYvufBXumYtEGzypgMUthlg0/hmCImeA8hgO2d2G4pd7ftpxxul2J8OdtdaFA=="],
    "@babel/helper-module-imports/@babel/traverse/@babel/generator": ["@babel/generator@7.27.1", "", { "dependencies": { "@babel/parser": "^7.27.1", "@babel/types": "^7.27.1", "@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/trace-mapping": "^0.3.25", "jsesc": "^3.0.2" } }, "sha512-UnJfnIpc/+JO0/+KRVQNGU+y5taA5vCbwN8+azkX6beii/ZF+enZJSOKo11ZSzGJjlNfJHfQtmQT8H+9TXPG2w=="],
@@ -1067,15 +1055,15 @@
    "@eslint/eslintrc/espree/eslint-visitor-keys": ["eslint-visitor-keys@4.2.0", "", {}, "sha512-UyLnSehNt62FFhSwjZlHmeokpRK59rcz29j+F1/aDgbkbRTk7wIc9XzdoasMUbRNKDM0qQt/+BJ4BrpFeABemw=="],
-    "@typescript-eslint/eslint-plugin/@typescript-eslint/scope-manager/@typescript-eslint/types": ["@typescript-eslint/types@8.52.0", "", {}, "sha512-LWQV1V4q9V4cT4H5JCIx3481iIFxH1UkVk+ZkGGAV1ZGcjGI9IoFOfg3O6ywz8QqCDEp7Inlg6kovMofsNRaGg=="],
+    "@tailwindcss/oxide-wasm32-wasi/@napi-rs/wasm-runtime/@emnapi/core": ["@emnapi/core@1.5.0", "", { "dependencies": { "@emnapi/wasi-threads": "1.1.0", "tslib": "^2.4.0" } }, "sha512-sbP8GzB1WDzacS8fgNPpHlp6C9VZe+SJP3F90W9rLemaQj2PzIuTEl1qDOYQf58YIpyjViI24y9aPWCjEzY2cg=="],
-    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils/@eslint-community/eslint-utils": ["@eslint-community/eslint-utils@4.9.1", "", { "dependencies": { "eslint-visitor-keys": "^3.4.3" }, "peerDependencies": { "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0" } }, "sha512-phrYmNiYppR7znFEdqgfWHXR6NCkZEK7hwWDHZUjit/2/U0r6XvkDl0SYnoM51Hq7FhCGdLDT6zxCCOY1hexsQ=="],
+    "@tailwindcss/oxide-wasm32-wasi/@napi-rs/wasm-runtime/@emnapi/runtime": ["@emnapi/runtime@1.5.0", "", { "dependencies": { "tslib": "^2.4.0" } }, "sha512-97/BJ3iXHww3djw6hYIfErCZFee7qCtrneuLa20UXFCOTCfBM2cvQHjWJ2EG0s0MtdNwInarqCTz35i4wWXHsQ=="],
-    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils/@typescript-eslint/types": ["@typescript-eslint/types@8.52.0", "", {}, "sha512-LWQV1V4q9V4cT4H5JCIx3481iIFxH1UkVk+ZkGGAV1ZGcjGI9IoFOfg3O6ywz8QqCDEp7Inlg6kovMofsNRaGg=="],
+    "@typescript-eslint/eslint-plugin/@typescript-eslint/scope-manager/@typescript-eslint/types": ["@typescript-eslint/types@8.49.0", "", {}, "sha512-e9k/fneezorUo6WShlQpMxXh8/8wfyc+biu6tnAqA81oWrEic0k21RHzP9uqqpyBBeBKu4T+Bsjy9/b8u7obXQ=="],
-    "@typescript-eslint/type-utils/@typescript-eslint/utils/@eslint-community/eslint-utils": ["@eslint-community/eslint-utils@4.9.1", "", { "dependencies": { "eslint-visitor-keys": "^3.4.3" }, "peerDependencies": { "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0" } }, "sha512-phrYmNiYppR7znFEdqgfWHXR6NCkZEK7hwWDHZUjit/2/U0r6XvkDl0SYnoM51Hq7FhCGdLDT6zxCCOY1hexsQ=="],
+    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils/@typescript-eslint/types": ["@typescript-eslint/types@8.49.0", "", {}, "sha512-e9k/fneezorUo6WShlQpMxXh8/8wfyc+biu6tnAqA81oWrEic0k21RHzP9uqqpyBBeBKu4T+Bsjy9/b8u7obXQ=="],
-    "@typescript-eslint/type-utils/@typescript-eslint/utils/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.52.0", "", { "dependencies": { "@typescript-eslint/types": "8.52.0", "@typescript-eslint/visitor-keys": "8.52.0" } }, "sha512-ixxqmmCcc1Nf8S0mS0TkJ/3LKcC8mruYJPOU6Ia2F/zUUR4pApW7LzrpU3JmtePbRUTes9bEqRc1Gg4iyRnDzA=="],
+    "@typescript-eslint/type-utils/@typescript-eslint/utils/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.49.0", "", { "dependencies": { "@typescript-eslint/types": "8.49.0", "@typescript-eslint/visitor-keys": "8.49.0" } }, "sha512-npgS3zi+/30KSOkXNs0LQXtsg9ekZ8OISAOLGWA/ZOEn0ZH74Ginfl7foziV8DT+D98WfQ5Kopwqb/PZOaIJGg=="],
    "@typescript-eslint/typescript-estree/minimatch/brace-expansion": ["brace-expansion@2.0.1", "", { "dependencies": { "balanced-match": "^1.0.0" } }, "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA=="],
@@ -1089,36 +1077,26 @@
    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/semver": ["semver@7.7.1", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA=="],
    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/ts-api-utils": ["ts-api-utils@2.1.0", "", { "peerDependencies": { "typescript": ">=4.8.4" } }, "sha512-CUgTZL1irw8u29bzrOD/nH85jqyc74D6SshFgujOIA7osm2Rz7dYH77agkx7H4FBNxDq7Cjf+IjaX/8zwFW+ZQ=="],
    "eslint-plugin-react-hooks/@babel/core/@babel/generator": ["@babel/generator@7.28.3", "", { "dependencies": { "@babel/parser": "^7.28.3", "@babel/types": "^7.28.2", "@jridgewell/gen-mapping": "^0.3.12", "@jridgewell/trace-mapping": "^0.3.28", "jsesc": "^3.0.2" } }, "sha512-3lSpxGgvnmZznmBkCRnVREPUFJv2wrv9iAoFDvADJc0ypmdOxdUtcLeBgBJ6zE0PMeTKnxeQzyk0xTBq4Ep7zw=="],
    "eslint-plugin-react-hooks/@babel/core/@babel/traverse": ["@babel/traverse@7.28.4", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.3", "@babel/helper-globals": "^7.28.0", "@babel/parser": "^7.28.4", "@babel/template": "^7.27.2", "@babel/types": "^7.28.4", "debug": "^4.3.1" } }, "sha512-YEzuboP2qvQavAcjgQNVgsvHIDv6ZpwXvcvjmyySP2DIMuByS/6ioU5G9pYrWHM6T2YDfc7xga9iNzYOs12CFQ=="],
    "eslint-plugin-react-hooks/@babel/core/@babel/types": ["@babel/types@7.28.4", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-bkFqkLhh3pMBUQQkpVgWDWq/lqzc2678eUyDlTBhRqhCHFguYYGM0Efga7tYk4TogG/3x0EEl66/OQ+WGbWB/Q=="],
-    "typescript-eslint/@typescript-eslint/utils/@eslint-community/eslint-utils": ["@eslint-community/eslint-utils@4.9.1", "", { "dependencies": { "eslint-visitor-keys": "^3.4.3" }, "peerDependencies": { "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0" } }, "sha512-phrYmNiYppR7znFEdqgfWHXR6NCkZEK7hwWDHZUjit/2/U0r6XvkDl0SYnoM51Hq7FhCGdLDT6zxCCOY1hexsQ=="],
+    "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.49.0", "", { "dependencies": { "@typescript-eslint/types": "8.49.0", "@typescript-eslint/visitor-keys": "8.49.0" } }, "sha512-npgS3zi+/30KSOkXNs0LQXtsg9ekZ8OISAOLGWA/ZOEn0ZH74Ginfl7foziV8DT+D98WfQ5Kopwqb/PZOaIJGg=="],
-    "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.52.0", "", { "dependencies": { "@typescript-eslint/types": "8.52.0", "@typescript-eslint/visitor-keys": "8.52.0" } }, "sha512-ixxqmmCcc1Nf8S0mS0TkJ/3LKcC8mruYJPOU6Ia2F/zUUR4pApW7LzrpU3JmtePbRUTes9bEqRc1Gg4iyRnDzA=="],
+    "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/types": ["@typescript-eslint/types@8.49.0", "", {}, "sha512-e9k/fneezorUo6WShlQpMxXh8/8wfyc+biu6tnAqA81oWrEic0k21RHzP9uqqpyBBeBKu4T+Bsjy9/b8u7obXQ=="],
    "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/types": ["@typescript-eslint/types@8.52.0", "", {}, "sha512-LWQV1V4q9V4cT4H5JCIx3481iIFxH1UkVk+ZkGGAV1ZGcjGI9IoFOfg3O6ywz8QqCDEp7Inlg6kovMofsNRaGg=="],
    "@babel/helper-module-imports/@babel/traverse/@babel/generator/@jridgewell/gen-mapping": ["@jridgewell/gen-mapping@0.3.8", "", { "dependencies": { "@jridgewell/set-array": "^1.2.1", "@jridgewell/sourcemap-codec": "^1.4.10", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-imAbBGkb+ebQyxKgzv5Hu2nmROxoDOXHh80evxdoXNOrvAnVx7zimzc1Oo5h9RlfV4vPXaE2iM5pOFbvOCClWA=="],
    "@babel/helper-module-imports/@babel/traverse/@babel/generator/@jridgewell/trace-mapping": ["@jridgewell/trace-mapping@0.3.25", "", { "dependencies": { "@jridgewell/resolve-uri": "^3.1.0", "@jridgewell/sourcemap-codec": "^1.4.14" } }, "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ=="],
    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils/@eslint-community/eslint-utils/eslint-visitor-keys": ["eslint-visitor-keys@3.4.3", "", {}, "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag=="],
    "@typescript-eslint/type-utils/@typescript-eslint/utils/@eslint-community/eslint-utils/eslint-visitor-keys": ["eslint-visitor-keys@3.4.3", "", {}, "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag=="],
    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/minimatch/brace-expansion": ["brace-expansion@2.0.1", "", { "dependencies": { "balanced-match": "^1.0.0" } }, "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA=="],
    "eslint-plugin-react-hooks/@babel/core/@babel/generator/@babel/parser": ["@babel/parser@7.28.3", "", { "dependencies": { "@babel/types": "^7.28.2" }, "bin": "./bin/babel-parser.js" }, "sha512-7+Ey1mAgYqFAx2h0RuoxcQT5+MlG3GTV0TQrgr7/ZliKsm/MNDxVVutlWaziMq7wJNAz8MTqz55XLpWvva6StA=="],
    "eslint-plugin-react-hooks/@babel/core/@babel/generator/@babel/types": ["@babel/types@7.28.2", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-ruv7Ae4J5dUYULmeXw1gmb7rYRz57OWCPM57pHojnLq/3Z1CK2lNSLTCVjxVk1F/TZHwOZZrOWi0ur95BbLxNQ=="],
    "typescript-eslint/@typescript-eslint/utils/@eslint-community/eslint-utils/eslint-visitor-keys": ["eslint-visitor-keys@3.4.3", "", {}, "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag=="],
    "@babel/helper-module-imports/@babel/traverse/@babel/generator/@jridgewell/gen-mapping/@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],
    "@babel/helper-module-imports/@babel/traverse/@babel/generator/@jridgewell/trace-mapping/@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -17,43 +17,43 @@
    "@radix-ui/react-select": "^2.2.6",
    "@radix-ui/react-separator": "^1.1.8",
    "@radix-ui/react-slot": "^1.2.4",
-    "@tailwindcss/vite": "^4.1.18",
+    "@tailwindcss/vite": "^4.1.17",
-    "@tanstack/react-query": "^5.90.16",
+    "@tanstack/react-query": "^5.90.12",
    "axios": "^1.13.2",
    "class-variance-authority": "^0.7.1",
    "clsx": "^2.1.1",
-    "i18next": "^25.7.4",
+    "i18next": "^25.7.2",
    "i18next-browser-languagedetector": "^8.2.0",
    "i18next-resources-to-backend": "^1.2.1",
    "input-otp": "^1.4.2",
-    "lucide-react": "^0.562.0",
+    "lucide-react": "^0.556.0",
    "next-themes": "^0.4.6",
-    "react": "^19.2.3",
+    "react": "^19.2.1",
-    "react-dom": "^19.2.3",
+    "react-dom": "^19.2.1",
-    "react-hook-form": "^7.70.0",
+    "react-hook-form": "^7.68.0",
-    "react-i18next": "^16.5.1",
+    "react-i18next": "^16.4.0",
    "react-markdown": "^10.1.0",
-    "react-router": "^7.12.0",
+    "react-router": "^7.10.1",
    "sonner": "^2.0.7",
    "tailwind-merge": "^3.4.0",
-    "tailwindcss": "^4.1.18",
+    "tailwindcss": "^4.1.17",
-    "zod": "^4.3.5"
+    "zod": "^4.1.13"
  },
  "devDependencies": {
-    "@eslint/js": "^9.39.2",
+    "@eslint/js": "^9.39.1",
    "@tanstack/eslint-plugin-query": "^5.91.2",
-    "@types/node": "^25.0.3",
+    "@types/node": "^24.10.2",
    "@types/react": "^19.2.7",
    "@types/react-dom": "^19.2.3",
    "@vitejs/plugin-react": "^5.1.2",
-    "eslint": "^9.39.2",
+    "eslint": "^9.39.1",
    "eslint-plugin-react-hooks": "^7.0.1",
-    "eslint-plugin-react-refresh": "^0.4.26",
+    "eslint-plugin-react-refresh": "^0.4.24",
-    "globals": "^17.0.0",
+    "globals": "^16.5.0",
    "prettier": "3.7.4",
    "tw-animate-css": "^1.4.0",
    "typescript": "~5.9.3",
-    "typescript-eslint": "^8.52.0",
+    "typescript-eslint": "^8.49.0",
-    "vite": "^7.3.1"
+    "vite": "^7.2.7"
  }
 }
--- a/go.mod
+++ b/go.mod
@@ -1,38 +1,75 @@
-module github.com/steveiliop56/tinyauth
+module tinyauth
 go 1.24.0
 toolchain go1.24.3
 replace github.com/traefik/paerser v0.2.2 => ./paerser
 require (
 	github.com/cenkalti/backoff/v5 v5.0.3
 	github.com/charmbracelet/huh v0.8.0
 	github.com/docker/docker v28.5.2+incompatible
 	github.com/gin-gonic/gin v1.11.0
-	github.com/go-ldap/ldap/v3 v3.4.12
+	github.com/glebarez/sqlite v1.11.0
 	github.com/golang-migrate/migrate/v4 v4.19.1
-	github.com/google/go-querystring v1.2.0
+	github.com/google/go-querystring v1.1.0
 	github.com/google/uuid v1.6.0
 	github.com/mdp/qrterminal/v3 v3.2.1
 	github.com/pquerna/otp v1.5.0
 	github.com/rs/zerolog v1.34.0
 	github.com/stoewer/go-strcase v1.3.1
 	github.com/traefik/paerser v0.2.2
-	github.com/weppos/publicsuffix-go v0.50.2
+	github.com/weppos/publicsuffix-go v0.50.1
 	golang.org/x/crypto v0.46.0
 	golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b
-	golang.org/x/oauth2 v0.34.0
+	gorm.io/gorm v1.31.1
 	gotest.tools/v3 v3.5.2
 	modernc.org/sqlite v1.42.2
 )
 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
-	github.com/BurntSushi/toml v1.4.0 // indirect
+	github.com/BurntSushi/toml v1.5.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
-	github.com/Masterminds/semver/v3 v3.2.1 // indirect
+	github.com/Masterminds/semver/v3 v3.3.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc // indirect
 	github.com/charmbracelet/x/cellbuf v0.0.13 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/glebarez/go-sqlite v1.21.2 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
 	github.com/go-playground/validator/v10 v10.28.0 // indirect
 	github.com/goccy/go-yaml v1.18.0 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
 	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/mattn/go-sqlite3 v1.14.32 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/sys/atomicwriter v0.1.0 // indirect
 	github.com/moby/term v0.5.2 // indirect
 	github.com/ncruces/go-strftime v0.1.9 // indirect
 	github.com/quic-go/qpack v0.6.0 // indirect
 	github.com/quic-go/quic-go v0.57.1 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.38.0 // indirect
 	go.opentelemetry.io/otel/sdk/metric v1.38.0 // indirect
 	golang.org/x/term v0.38.0 // indirect
 	golang.org/x/time v0.14.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20251103181224-f26f9409b101 // indirect
 	google.golang.org/grpc v1.76.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	modernc.org/libc v1.66.3 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
 	modernc.org/memory v1.11.0 // indirect
 	modernc.org/sqlite v1.38.2 // indirect
 	rsc.io/qr v0.2.0 // indirect
 )
 require (
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/atotto/clipboard v0.1.4 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
@@ -42,17 +79,14 @@ require (
 	github.com/catppuccin/go v0.3.0 // indirect
 	github.com/charmbracelet/bubbles v0.21.1-0.20250623103423-23b8fd6302d7 // indirect
 	github.com/charmbracelet/bubbletea v1.3.6 // indirect
-	github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc // indirect
+	github.com/charmbracelet/huh v0.8.0
 	github.com/charmbracelet/lipgloss v1.1.0 // indirect
 	github.com/charmbracelet/x/ansi v0.9.3 // indirect
 	github.com/charmbracelet/x/cellbuf v0.0.13 // indirect
 	github.com/charmbracelet/x/exp/strings v0.0.0-20240722160745-212f7b056ed0 // indirect
 	github.com/charmbracelet/x/term v0.2.1 // indirect
 	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
 	github.com/docker/docker v28.5.2+incompatible
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
@@ -60,18 +94,13 @@ require (
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.10 // indirect
 	github.com/gin-contrib/sse v1.1.0 // indirect
-	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
+	github.com/go-ldap/ldap/v3 v3.4.12
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.28.0 // indirect
 	github.com/goccy/go-json v0.10.4 // indirect
-	github.com/goccy/go-yaml v1.18.0 // indirect
+	github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
 	github.com/imdario/mergo v0.3.11 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
@@ -79,48 +108,31 @@ require (
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-localereader v0.0.1 // indirect
 	github.com/mattn/go-runewidth v0.0.16 // indirect
 	github.com/mattn/go-sqlite3 v1.14.32 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/moby/sys/atomicwriter v0.1.0 // indirect
 	github.com/moby/term v0.5.2 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
 	github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect
 	github.com/muesli/cancelreader v0.2.2 // indirect
 	github.com/muesli/termenv v0.16.0 // indirect
 	github.com/ncruces/go-strftime v0.1.9 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0 // indirect
+	github.com/opencontainers/image-spec v1.1.1 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/quic-go/qpack v0.6.0 // indirect
+	github.com/pquerna/otp v1.5.0
 	github.com/quic-go/quic-go v0.57.0 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
 	github.com/spf13/cast v1.10.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.3.0 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
-	go.opentelemetry.io/otel v1.37.0 // indirect
+	go.opentelemetry.io/otel v1.38.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0 // indirect
+	go.opentelemetry.io/otel/metric v1.38.0 // indirect
-	go.opentelemetry.io/otel/metric v1.37.0 // indirect
+	go.opentelemetry.io/otel/trace v1.38.0 // indirect
 	go.opentelemetry.io/otel/trace v1.37.0 // indirect
 	golang.org/x/arch v0.20.0 // indirect
-	golang.org/x/net v0.48.0 // indirect
+	golang.org/x/net v0.47.0 // indirect
 	golang.org/x/oauth2 v0.34.0
 	golang.org/x/sync v0.19.0 // indirect
 	golang.org/x/sys v0.39.0 // indirect
 	golang.org/x/term v0.38.0 // indirect
 	golang.org/x/text v0.32.0 // indirect
-	google.golang.org/protobuf v1.36.9 // indirect
+	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	modernc.org/libc v1.66.10 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
 	modernc.org/memory v1.11.0 // indirect
 	rsc.io/qr v0.2.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -2,15 +2,15 @@ github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEK
 github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
-github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0=
+github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
-github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
+github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
-github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
+github.com/Masterminds/semver/v3 v3.3.1 h1:QtNSWtVZ3nBfk8mAOu/B6v7FMJ+NHTIgUPi7rj+4nv4=
-github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
+github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
 github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
 github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
@@ -32,8 +32,6 @@ github.com/bytedance/sonic/loader v0.3.0 h1:dskwH8edlzNMctoruo8FPTJDF3vLtDT0sXZw
 github.com/bytedance/sonic/loader v0.3.0/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
 github.com/catppuccin/go v0.3.0 h1:d+0/YicIq+hSTo5oPuRi5kOpqkVA5tAsU6dNhvRu+aY=
 github.com/catppuccin/go v0.3.0/go.mod h1:8IHJuMGaUUjQM82qBrGNBv7LFq6JI3NnQCF6MOlZjpc=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=
 github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
 github.com/charmbracelet/bubbles v0.21.1-0.20250623103423-23b8fd6302d7 h1:JFgG/xnwFfbezlUnFMJy0nusZvytYysV4SCS2cYbvws=
@@ -101,6 +99,10 @@ github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w
 github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
 github.com/gin-gonic/gin v1.11.0 h1:OW/6PLjyusp2PPXtyxKHU0RbX6I/l28FTdDlae5ueWk=
 github.com/gin-gonic/gin v1.11.0/go.mod h1:+iq/FyxlGzII0KHiBGjuNn4UNENUlKbGlNmc+W50Dls=
 github.com/glebarez/go-sqlite v1.21.2 h1:3a6LFC4sKahUunAmynQKLZceZCOzUthkRkEAl9gAXWo=
 github.com/glebarez/go-sqlite v1.21.2/go.mod h1:sfxdZyhQjTM2Wry3gVYWaW072Ri1WMdWJi0k6+3382k=
 github.com/glebarez/sqlite v1.11.0 h1:wSG0irqzP6VurnMEpFGer5Li19RpIRi2qvQz++w0GMw=
 github.com/glebarez/sqlite v1.11.0/go.mod h1:h8/o8j5wiAsqSPoWELDUdJXhjAhsVliSn7bWZjOhrgQ=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-ldap/ldap/v3 v3.4.12 h1:1b81mv7MagXZ7+1r7cLTWmyuTqVqdwbtJSjC0DAp9s4=
@@ -125,26 +127,27 @@ github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7Lk
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/golang-migrate/migrate/v4 v4.19.1 h1:OCyb44lFuQfYXYLx1SCxPZQGU7mcaZ7gH9yH4jSFbBA=
 github.com/golang-migrate/migrate/v4 v4.19.1/go.mod h1:CTcgfjxhaUtsLipnLoQRWCrjYXycRz/g5+RWDuYgPrE=
-github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
-github.com/google/go-querystring v1.2.0 h1:yhqkPbu2/OH+V9BfpCVPZkNmUXhb2gBxJArfhIxNtP0=
+github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
-github.com/google/go-querystring v1.2.0/go.mod h1:8IFJqpSRITyJ8QhQ13bmbeMBDfmeEJZD5A0egEOmkqU=
+github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17kjQEVQ1XRhq2/JR1M3sGqeJoxs=
 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1 h1:VNqngBF40hVlDloBruUehVYC3ArSgIyScOAyMRqBxRg=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 h1:8Tjv8EJ+pM1xP8mK6egEbD1OgnVTyacbefKhmbLhIhU=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1/go.mod h1:RBRO7fro65R6tjKzYgLAFo0t1QEXY1Dp+i/bvpRiqiQ=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2/go.mod h1:pkJQ2tZHJ0aFOVEEot6oZmaVEZcRme73eIFmhiVuRWs=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=
 github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/imdario/mergo v0.3.11 h1:3tnifQM4i+fbajXKBHXWEH+KvNHqojZ778UH75j3bGA=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
 github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8=
 github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs=
 github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo=
@@ -157,8 +160,12 @@ github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh6
 github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs=
 github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY=
 github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
-github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
-github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
 github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12 h1:9Nu54bhS/H/Kgo2/7xNSUuC5G28VR8ljfrLKU2G4IjU=
 github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12/go.mod h1:TBzl5BIHNXfS9+C35ZyJaklL7mLDbgUkcgXzSLa8Tk0=
 github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
 github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -205,8 +212,9 @@ github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFL
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8=
 github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 h1:ZK8zHtRHOkbHy6Mmr5D264iyp3TiX5OmNcI5cIARiQI=
@@ -219,8 +227,8 @@ github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdh
 github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
+github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
-github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
+github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
 github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
 github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -232,8 +240,8 @@ github.com/pquerna/otp v1.5.0 h1:NMMR+WrmaqXU4EzdGJEE1aUUI0AMRzsp96fFFWNPwxs=
 github.com/pquerna/otp v1.5.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
 github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8=
 github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII=
-github.com/quic-go/quic-go v0.57.0 h1:AsSSrrMs4qI/hLrKlTH/TGQeTMY0ib1pAOX7vA3AdqE=
+github.com/quic-go/quic-go v0.57.1 h1:25KAAR9QR8KZrCZRThWMKVAwGoiHIrNbT72ULHTuI10=
-github.com/quic-go/quic-go v0.57.0/go.mod h1:ly4QBAjHA2VhdnxhojRsCUOeJwKYg+taDlos92xb1+s=
+github.com/quic-go/quic-go v0.57.1/go.mod h1:ly4QBAjHA2VhdnxhojRsCUOeJwKYg+taDlos92xb1+s=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
@@ -252,6 +260,8 @@ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVs
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.10.0 h1:h2x0u2shc1QuLHfxi+cTJvs30+ZAHOGRic8uyGTDWxY=
 github.com/spf13/cast v1.10.0/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo=
 github.com/stoewer/go-strcase v1.3.1 h1:iS0MdW+kVTxgMoE1LAZyMiYJFKlOzLooE4MxjirtkAs=
 github.com/stoewer/go-strcase v1.3.1/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
@@ -263,12 +273,14 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/traefik/paerser v0.2.2 h1:cpzW/ZrQrBh3mdwD/jnp6aXASiUFKOVr6ldP+keJTcQ=
 github.com/traefik/paerser v0.2.2/go.mod h1:7BBDd4FANoVgaTZG+yh26jI6CA2nds7D/4VTEdIsh24=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go/codec v1.3.0 h1:Qd2W2sQawAfG8XSvzwhBeoGq71zXOC/Q1E9y/wUcsUA=
 github.com/ugorji/go/codec v1.3.0/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
-github.com/weppos/publicsuffix-go v0.50.2 h1:KsJFc8IEKTJovM46SRCnGNsM+rFShxcs6VEHjOJcXzE=
+github.com/weppos/publicsuffix-go v0.50.1 h1:elrBHeSkS/eIb169+DnLrknqmdP4AjT0Q0tEdytz1Og=
-github.com/weppos/publicsuffix-go v0.50.2/go.mod h1:CbQCKDtXF8UcT7hrxeMa0MDjwhpOI9iYOU7cfq+yo8k=
+github.com/weppos/publicsuffix-go v0.50.1/go.mod h1:znn0JVXjcR5hpUl9pbEogwH6I710rA1AX0QQPT0bf+k=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
@@ -276,22 +288,22 @@ go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJyS
 go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 h1:F7Jx+6hwnZ41NSFTO5q4LYDtJRXBf2PD0rNBkeB/lus=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0/go.mod h1:UHB22Z8QsdRDrnAtX4PntOl36ajSxcdUMt1sF7Y6E7Q=
-go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ=
+go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8=
-go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I=
+go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 h1:OeNbIYk/2C15ckl7glBlOBp5+WlYsOElzTNmiPW/x60=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 h1:GqRJVj7UmLjCVyVJ3ZFLdPRmhDUp2zFmQe3RHIOsw24=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0/go.mod h1:7Bept48yIeqxP2OZ9/AqIpYS94h2or0aB4FypJTc8ZM=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0/go.mod h1:ri3aaHSmCTVYu2AWv44YMauwAQc0aqI9gHKIcSbI1pU=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0 h1:BEj3SPM81McUZHYjRS5pEgNgnmzGJ5tRpU5krWnV8Bs=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0 h1:aTL7F04bJHUlztTsNGJ2l+6he8c+y/b//eR0jjjemT4=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0/go.mod h1:9cKLGBDzI/F3NoHLQGm4ZrYdIHsvGt6ej6hUowxY0J4=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0/go.mod h1:kldtb7jDTeol0l3ewcmd8SDvx3EmIE7lyvqbasU3QC4=
-go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE=
+go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA=
-go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E=
+go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI=
-go.opentelemetry.io/otel/sdk v1.36.0 h1:b6SYIuLRs88ztox4EyrvRti80uXIFy+Sqzoh9kFULbs=
+go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E=
-go.opentelemetry.io/otel/sdk v1.36.0/go.mod h1:+lC+mTgD+MUWfjJubi2vvXWcVxyr9rmlshZni72pXeY=
+go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg=
-go.opentelemetry.io/otel/sdk/metric v1.36.0 h1:r0ntwwGosWGaa0CrSt8cuNuTcccMXERFwHX4dThiPis=
+go.opentelemetry.io/otel/sdk/metric v1.38.0 h1:aSH66iL0aZqo//xXzQLYozmWrXxyFkBJ6qT5wthqPoM=
-go.opentelemetry.io/otel/sdk/metric v1.36.0/go.mod h1:qTNOhFDfKRwX0yXOqJYegL5WRaW376QbB7P4Pb0qva4=
+go.opentelemetry.io/otel/sdk/metric v1.38.0/go.mod h1:dg9PBnW9XdQ1Hd6ZnRz689CbtrUp0wMMs9iPcgT9EZA=
-go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4=
+go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE=
-go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0=
+go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs=
-go.opentelemetry.io/proto/otlp v1.5.0 h1:xJvq7gMzB31/d406fB8U5CBdyQGw4P399D1aQWU/3i4=
+go.opentelemetry.io/proto/otlp v1.7.1 h1:gTOMpGDb0WTBOP8JaO72iL3auEZhVmAQg4ipjOVAtj4=
-go.opentelemetry.io/proto/otlp v1.5.0/go.mod h1:keN8WnHxOy8PG0rQZjJJ5A2ebUoafqWp0eVQ4yIXvJ4=
+go.opentelemetry.io/proto/otlp v1.7.1/go.mod h1:b2rVh6rfI/s2pHWNlB7ILJcRALpcNDzKhACevjI+ZnE=
 go.uber.org/mock v0.5.2 h1:LbtPTcP8A5k9WPXj54PPPbjcI4Y6lhyOZXn+VS7wNko=
 go.uber.org/mock v0.5.2/go.mod h1:wLlUxC2vVTPTaE3UD51E0BGOAElKrILxhVSDYQLld5o=
 golang.org/x/arch v0.20.0 h1:dx1zTU0MAE98U+TQ8BLl7XsJbgze2WnNKF/8tGp/Q6c=
@@ -310,8 +322,8 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
-golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
-golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
+golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
 golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=
 golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -341,46 +353,48 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
 golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
-golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
+golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
-golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
+golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
 golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/genproto v0.0.0-20250603155806-513f23925822 h1:rHWScKit0gvAPuOnu87KpaYtjK5zBMLcULh7gxkCXu4=
-google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c h1:AtEkQdl5b6zsybXcbz00j1LwNodDuH6hVifIaNqk7NQ=
+google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5 h1:BIRfGDEjiHRrk0QKZe3Xv2ieMhtgRGeLcZQ0mIVn4EY=
-google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c/go.mod h1:ea2MjsO70ssTfCjiwHgI0ZFqcw45Ksuk2ckf9G468GA=
+google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5/go.mod h1:j3QtIyytwqGr1JUDtYXwtMXWPKsEa5LtzIFN1Wn5WvE=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c h1:qXWI/sQtv5UKboZ/zUk7h+mrf/lXORyI+n9DKDAusdg=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251103181224-f26f9409b101 h1:tRPGkdGHuewF4UisLzzHHr1spKw92qLM98nIzxbC0wY=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c/go.mod h1:gw1tLEfykwDz2ET4a12jcXt4couGAm7IwsVaTy0Sflo=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251103181224-f26f9409b101/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
-google.golang.org/grpc v1.74.2 h1:WoosgB65DlWVC9FqI82dGsZhWFNBSLjQ84bjROOpMu4=
+google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A=
-google.golang.org/grpc v1.74.2/go.mod h1:CtQ+BGjaAIXHs/5YS3i473GqwBBa1zGQNevxdeBEXrM=
+google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c=
-google.golang.org/protobuf v1.36.9 h1:w2gp2mA27hUeUzj9Ex9FBjsBm40zfaDtEWow293U7Iw=
+google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
-google.golang.org/protobuf v1.36.9/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU=
+google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gorm.io/gorm v1.31.1 h1:7CA8FTFz/gRfgqgpeKIBcervUn3xSyPUmr6B2WXJ7kg=
 gorm.io/gorm v1.31.1/go.mod h1:XyQVbO2k6YkOis7C2437jSit3SsDK72s7n7rsSHd+Gs=
 gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
 gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
-modernc.org/cc/v4 v4.26.5 h1:xM3bX7Mve6G8K8b+T11ReenJOT+BmVqQj0FY5T4+5Y4=
+modernc.org/cc/v4 v4.26.2 h1:991HMkLjJzYBIfha6ECZdjrIYz2/1ayr+FL8GN+CNzM=
-modernc.org/cc/v4 v4.26.5/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
+modernc.org/cc/v4 v4.26.2/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
-modernc.org/ccgo/v4 v4.28.1 h1:wPKYn5EC/mYTqBO373jKjvX2n+3+aK7+sICCv4Fjy1A=
+modernc.org/ccgo/v4 v4.28.0 h1:rjznn6WWehKq7dG4JtLRKxb52Ecv8OUGah8+Z/SfpNU=
-modernc.org/ccgo/v4 v4.28.1/go.mod h1:uD+4RnfrVgE6ec9NGguUNdhqzNIeeomeXf6CL0GTE5Q=
+modernc.org/ccgo/v4 v4.28.0/go.mod h1:JygV3+9AV6SmPhDasu4JgquwU81XAKLd3OKTUDNOiKE=
-modernc.org/fileutil v1.3.40 h1:ZGMswMNc9JOCrcrakF1HrvmergNLAmxOPjizirpfqBA=
+modernc.org/fileutil v1.3.8 h1:qtzNm7ED75pd1C7WgAGcK4edm4fvhtBsEiI/0NQ54YM=
-modernc.org/fileutil v1.3.40/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc=
+modernc.org/fileutil v1.3.8/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc=
 modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI=
 modernc.org/gc/v2 v2.6.5/go.mod h1:YgIahr1ypgfe7chRuJi2gD7DBQiKSLMPgBQe9oIiito=
 modernc.org/goabi0 v0.2.0 h1:HvEowk7LxcPd0eq6mVOAEMai46V+i7Jrj13t4AzuNks=
 modernc.org/goabi0 v0.2.0/go.mod h1:CEFRnnJhKvWT1c1JTI3Avm+tgOWbkOu5oPA8eH8LnMI=
-modernc.org/libc v1.66.10 h1:yZkb3YeLx4oynyR+iUsXsybsX4Ubx7MQlSYEw4yj59A=
+modernc.org/libc v1.66.3 h1:cfCbjTUcdsKyyZZfEUKfoHcP3S0Wkvz3jgSzByEWVCQ=
-modernc.org/libc v1.66.10/go.mod h1:8vGSEwvoUoltr4dlywvHqjtAqHBaw0j1jI7iFBTAr2I=
+modernc.org/libc v1.66.3/go.mod h1:XD9zO8kt59cANKvHPXpx7yS2ELPheAey0vjIuZOhOU8=
 modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
 modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
 modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI=
@@ -389,8 +403,8 @@ modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
 modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
 modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
 modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
-modernc.org/sqlite v1.42.2 h1:7hkZUNJvJFN2PgfUdjni9Kbvd4ef4mNLOu0B9FGxM74=
+modernc.org/sqlite v1.38.2 h1:Aclu7+tgjgcQVShZqim41Bbw9Cho0y/7WzYptXqkEek=
-modernc.org/sqlite v1.42.2/go.mod h1:+VkC6v3pLOAE0A0uVucQEcbVW0I5nHCeDaBf+DpsQT8=
+modernc.org/sqlite v1.38.2/go.mod h1:cPTJYSlgg3Sfg046yBShXENNtPrWrDX8bsbAQBzgQ5E=
 modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
 modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
 modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
--- a/internal/assets/migrations/000003_oauth_sub.down.sql
+++ b/internal/assets/migrations/000003_oauth_sub.down.sql
@@ -1 +0,0 @@
 ALTER TABLE "sessions" DROP COLUMN "oauth_sub";
--- a/internal/assets/migrations/000003_oauth_sub.up.sql
+++ b/internal/assets/migrations/000003_oauth_sub.up.sql
@@ -1 +0,0 @@
 ALTER TABLE "sessions" ADD COLUMN "oauth_sub" TEXT;
--- a/internal/assets/migrations/000004_created_at.down.sql
+++ b/internal/assets/migrations/000004_created_at.down.sql
@@ -1 +0,0 @@
 ALTER TABLE "sessions" DROP COLUMN "created_at";
--- a/internal/assets/migrations/000004_created_at.up.sql
+++ b/internal/assets/migrations/000004_created_at.up.sql
@@ -1 +0,0 @@
 ALTER TABLE "sessions" ADD COLUMN "created_at" INTEGER NOT NULL DEFAULT 0;
--- a/internal/bootstrap/app_bootstrap.go
+++ b/internal/bootstrap/app_bootstrap.go
@@ -11,13 +11,13 @@ import (
 	"sort"
 	"strings"
 	"time"
-
+	"tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/config"
+	"tinyauth/internal/controller"
-	"github.com/steveiliop56/tinyauth/internal/controller"
+	"tinyauth/internal/model"
-	"github.com/steveiliop56/tinyauth/internal/repository"
+	"tinyauth/internal/utils"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"github.com/rs/zerolog/log"
 	"gorm.io/gorm"
 )
 type BootstrapApp struct {
@@ -42,10 +42,6 @@ func NewBootstrapApp(config config.Config) *BootstrapApp {
 }
 func (app *BootstrapApp) Setup() error {
 	// validate session config
 	if app.config.Auth.SessionMaxLifetime != 0 && app.config.Auth.SessionMaxLifetime < app.config.Auth.SessionExpiry {
 		return fmt.Errorf("session max lifetime cannot be less than session expiry")
 	}
 	// Parse users
 	users, err := utils.GetUsers(app.config.Auth.Users, app.config.Auth.UsersFile)
@@ -111,18 +107,8 @@ func (app *BootstrapApp) Setup() error {
 	log.Trace().Str("csrfCookieName", app.context.csrfCookieName).Msg("CSRF cookie name")
 	log.Trace().Str("redirectCookieName", app.context.redirectCookieName).Msg("Redirect cookie name")
 	// Database
 	db, err := app.SetupDatabase(app.config.DatabasePath)
 	if err != nil {
 		return fmt.Errorf("failed to setup database: %w", err)
 	}
 	// Queries
 	queries := repository.New(db)
 	// Services
-	services, err := app.initServices(queries)
+	services, err := app.initServices()
 	if err != nil {
 		return fmt.Errorf("failed to initialize services: %w", err)
@@ -168,9 +154,9 @@ func (app *BootstrapApp) Setup() error {
 		return fmt.Errorf("failed to setup routes: %w", err)
 	}
-	// Start db cleanup routine
+	// Start DB cleanup routine
 	log.Debug().Msg("Starting database cleanup routine")
-	go app.dbCleanup(queries)
+	go app.dbCleanup(services.databaseService.GetDatabase())
 	// If analytics are not disabled, start heartbeat
 	if !app.config.DisableAnalytics {
@@ -228,7 +214,7 @@ func (app *BootstrapApp) heartbeat() {
 	}
 	client := &http.Client{
-		Timeout: 30 * time.Second, // The server should never take more than 30 seconds to respond
+		Timeout: time.Duration(10) * time.Second, // The server should never take more than 10 seconds to respond
 	}
 	heartbeatURL := config.ApiServer + "/v1/instances/heartbeat"
@@ -260,16 +246,16 @@ func (app *BootstrapApp) heartbeat() {
 	}
 }
-func (app *BootstrapApp) dbCleanup(queries *repository.Queries) {
+func (app *BootstrapApp) dbCleanup(db *gorm.DB) {
 	ticker := time.NewTicker(time.Duration(30) * time.Minute)
 	defer ticker.Stop()
 	ctx := context.Background()
 	for ; true; <-ticker.C {
 		log.Debug().Msg("Cleaning up old database sessions")
-		err := queries.DeleteExpiredSessions(ctx, time.Now().Unix())
+		_, err := gorm.G[model.Session](db).Where("expiry < ?", time.Now().Unix()).Delete(ctx)
 		if err != nil {
-			log.Error().Err(err).Msg("Failed to clean up old database sessions")
+			log.Error().Err(err).Msg("Failed to cleanup old sessions")
 		}
 	}
 }
--- a/internal/bootstrap/db_bootstrap.go
+++ b/internal/bootstrap/db_bootstrap.go
@@ -1,57 +0,0 @@
 package bootstrap
 import (
 	"database/sql"
 	"fmt"
 	"os"
 	"path/filepath"
 	"github.com/steveiliop56/tinyauth/internal/assets"
 	"github.com/golang-migrate/migrate/v4"
 	"github.com/golang-migrate/migrate/v4/database/sqlite3"
 	"github.com/golang-migrate/migrate/v4/source/iofs"
 	_ "modernc.org/sqlite"
 )
 func (app *BootstrapApp) SetupDatabase(databasePath string) (*sql.DB, error) {
 	dir := filepath.Dir(databasePath)
 	if err := os.MkdirAll(dir, 0750); err != nil {
 		return nil, fmt.Errorf("failed to create database directory %s: %w", dir, err)
 	}
 	db, err := sql.Open("sqlite", databasePath)
 	if err != nil {
 		return nil, fmt.Errorf("failed to open database: %w", err)
 	}
 	// Limit to 1 connection to sequence writes, this may need to be revisited in the future
 	// if the sqlite connection starts being a bottleneck
 	db.SetMaxOpenConns(1)
 	migrations, err := iofs.New(assets.Migrations, "migrations")
 	if err != nil {
 		return nil, fmt.Errorf("failed to create migrations: %w", err)
 	}
 	target, err := sqlite3.WithInstance(db, &sqlite3.Config{})
 	if err != nil {
 		return nil, fmt.Errorf("failed to create sqlite3 instance: %w", err)
 	}
 	migrator, err := migrate.NewWithInstance("iofs", migrations, "sqlite3", target)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create migrator: %w", err)
 	}
 	if err := migrator.Up(); err != nil && err != migrate.ErrNoChange {
 		return nil, fmt.Errorf("failed to migrate database: %w", err)
 	}
 	return db, nil
 }
--- a/internal/bootstrap/router_bootstrap.go
+++ b/internal/bootstrap/router_bootstrap.go
@@ -2,9 +2,9 @@ package bootstrap
 import (
 	"fmt"
-
+	"strings"
-	"github.com/steveiliop56/tinyauth/internal/controller"
+	"tinyauth/internal/controller"
-	"github.com/steveiliop56/tinyauth/internal/middleware"
+	"tinyauth/internal/middleware"
 	"github.com/gin-gonic/gin"
 )
@@ -14,7 +14,7 @@ func (app *BootstrapApp) setupRouter() (*gin.Engine, error) {
 	engine.Use(gin.Recovery())
 	if len(app.config.Server.TrustedProxies) > 0 {
-		err := engine.SetTrustedProxies(app.config.Server.TrustedProxies)
+		err := engine.SetTrustedProxies(strings.Split(app.config.Server.TrustedProxies, ","))
 		if err != nil {
 			return nil, fmt.Errorf("failed to set trusted proxies: %w", err)
--- a/internal/bootstrap/service_bootstrap.go
+++ b/internal/bootstrap/service_bootstrap.go
@@ -1,8 +1,7 @@
 package bootstrap
 import (
-	"github.com/steveiliop56/tinyauth/internal/repository"
+	"tinyauth/internal/service"
 	"github.com/steveiliop56/tinyauth/internal/service"
 	"github.com/rs/zerolog/log"
 )
@@ -10,14 +9,27 @@ import (
 type Services struct {
 	accessControlService *service.AccessControlsService
 	authService          *service.AuthService
 	databaseService      *service.DatabaseService
 	dockerService        *service.DockerService
 	ldapService          *service.LdapService
 	oauthBrokerService   *service.OAuthBrokerService
 }
-func (app *BootstrapApp) initServices(queries *repository.Queries) (Services, error) {
+func (app *BootstrapApp) initServices() (Services, error) {
 	services := Services{}
 	databaseService := service.NewDatabaseService(service.DatabaseServiceConfig{
 		DatabasePath: app.config.DatabasePath,
 	})
 	err := databaseService.Init()
 	if err != nil {
 		return Services{}, err
 	}
 	services.databaseService = databaseService
 	ldapService := service.NewLdapService(service.LdapServiceConfig{
 		Address:      app.config.Ldap.Address,
 		BindDN:       app.config.Ldap.BindDN,
@@ -25,11 +37,9 @@ func (app *BootstrapApp) initServices(queries *repository.Queries) (Services, er
 		BaseDN:       app.config.Ldap.BaseDN,
 		Insecure:     app.config.Ldap.Insecure,
 		SearchFilter: app.config.Ldap.SearchFilter,
 		AuthCert:     app.config.Ldap.AuthCert,
 		AuthKey:      app.config.Ldap.AuthKey,
 	})
-	err := ldapService.Init()
+	err = ldapService.Init()
 	if err == nil {
 		services.ldapService = ldapService
@@ -47,7 +57,7 @@ func (app *BootstrapApp) initServices(queries *repository.Queries) (Services, er
 	services.dockerService = dockerService
-	accessControlsService := service.NewAccessControlsService(dockerService, app.config.Apps)
+	accessControlsService := service.NewAccessControlsService(dockerService)
 	err = accessControlsService.Init()
@@ -58,17 +68,15 @@ func (app *BootstrapApp) initServices(queries *repository.Queries) (Services, er
 	services.accessControlService = accessControlsService
 	authService := service.NewAuthService(service.AuthServiceConfig{
-		Users:              app.context.users,
+		Users:             app.context.users,
-		OauthWhitelist:     app.config.OAuth.Whitelist,
+		OauthWhitelist:    app.config.OAuth.Whitelist,
-		SessionExpiry:      app.config.Auth.SessionExpiry,
+		SessionExpiry:     app.config.Auth.SessionExpiry,
-		SessionMaxLifetime: app.config.Auth.SessionMaxLifetime,
+		SecureCookie:      app.config.Auth.SecureCookie,
-		SecureCookie:       app.config.Auth.SecureCookie,
+		CookieDomain:      app.context.cookieDomain,
-		CookieDomain:       app.context.cookieDomain,
+		LoginTimeout:      app.config.Auth.LoginTimeout,
-		LoginTimeout:       app.config.Auth.LoginTimeout,
+		LoginMaxRetries:   app.config.Auth.LoginMaxRetries,
-		LoginMaxRetries:    app.config.Auth.LoginMaxRetries,
+		SessionCookieName: app.context.sessionCookieName,
-		SessionCookieName:  app.context.sessionCookieName,
+	}, dockerService, ldapService, databaseService.GetDatabase())
 		IP:                 app.config.Auth.IP,
 	}, dockerService, services.ldapService, queries)
 	err = authService.Init()
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -15,71 +15,55 @@ var RedirectCookieName = "tinyauth-redirect"
 // Main app config
 type Config struct {
-	AppURL            string             `description:"The base URL where the app is hosted." yaml:"appUrl"`
+	AppURL            string `description:"The base URL where the app is hosted."`
-	LogLevel          string             `description:"Log level (trace, debug, info, warn, error)." yaml:"logLevel"`
+	LogLevel          string `description:"Log level (trace, debug, info, warn, error)."`
-	ResourcesDir      string             `description:"The directory where resources are stored." yaml:"resourcesDir"`
+	ResourcesDir      string `description:"The directory where resources are stored."`
-	DatabasePath      string             `description:"The path to the database file." yaml:"databasePath"`
+	DatabasePath      string `description:"The path to the database file."`
-	DisableAnalytics  bool               `description:"Disable analytics." yaml:"disableAnalytics"`
+	DisableAnalytics  bool   `description:"Disable analytics."`
-	DisableResources  bool               `description:"Disable resources server." yaml:"disableResources"`
+	DisableResources  bool   `description:"Disable resources server."`
-	DisableUIWarnings bool               `description:"Disable UI warnings." yaml:"disableUIWarnings"`
+	DisableUIWarnings bool   `description:"Disable UI warnings."`
-	LogJSON           bool               `description:"Enable JSON formatted logs." yaml:"logJSON"`
+	Server            ServerConfig
-	Server            ServerConfig       `description:"Server configuration." yaml:"server"`
+	Auth              AuthConfig
-	Auth              AuthConfig         `description:"Authentication configuration." yaml:"auth"`
+	OAuth             OAuthConfig
-	Apps              map[string]App     `description:"Application ACLs configuration." yaml:"apps"`
+	UI                UIConfig
-	OAuth             OAuthConfig        `description:"OAuth configuration." yaml:"oauth"`
+	Ldap              LdapConfig
 	UI                UIConfig           `description:"UI customization." yaml:"ui"`
 	Ldap              LdapConfig         `description:"LDAP configuration." yaml:"ldap"`
 	Experimental      ExperimentalConfig `description:"Experimental features, use with caution." yaml:"experimental"`
 }
 type ServerConfig struct {
-	Port           int      `description:"The port on which the server listens." yaml:"port"`
+	Port           int    `description:"The port on which the server listens."`
-	Address        string   `description:"The address on which the server listens." yaml:"address"`
+	Address        string `description:"The address on which the server listens."`
-	SocketPath     string   `description:"The path to the Unix socket." yaml:"socketPath"`
+	SocketPath     string `description:"The path to the Unix socket."`
-	TrustedProxies []string `description:"Comma-separated list of trusted proxy addresses." yaml:"trustedProxies"`
+	TrustedProxies string `description:"Comma-separated list of trusted proxy addresses."`
 }
 type AuthConfig struct {
-	IP                 IPConfig `description:"IP whitelisting config options." yaml:"ip"`
+	Users           string `description:"Comma-separated list of users (username:hashed_password)."`
-	Users              []string `description:"Comma-separated list of users (username:hashed_password)." yaml:"users"`
+	UsersFile       string `description:"Path to the users file."`
-	UsersFile          string   `description:"Path to the users file." yaml:"usersFile"`
+	SecureCookie    bool   `description:"Enable secure cookies."`
-	SecureCookie       bool     `description:"Enable secure cookies." yaml:"secureCookie"`
+	SessionExpiry   int    `description:"Session expiry time in seconds."`
-	SessionExpiry      int      `description:"Session expiry time in seconds." yaml:"sessionExpiry"`
+	LoginTimeout    int    `description:"Login timeout in seconds."`
-	SessionMaxLifetime int      `description:"Maximum session lifetime in seconds." yaml:"sessionMaxLifetime"`
+	LoginMaxRetries int    `description:"Maximum login retries."`
 	LoginTimeout       int      `description:"Login timeout in seconds." yaml:"loginTimeout"`
 	LoginMaxRetries    int      `description:"Maximum login retries." yaml:"loginMaxRetries"`
 }
 type IPConfig struct {
 	Allow []string `description:"List of allowed IPs or CIDR ranges." yaml:"allow"`
 	Block []string `description:"List of blocked IPs or CIDR ranges." yaml:"block"`
 }
 type OAuthConfig struct {
-	Whitelist    []string                      `description:"Comma-separated list of allowed OAuth domains." yaml:"whitelist"`
+	Whitelist    string `description:"Comma-separated list of allowed OAuth domains."`
-	AutoRedirect string                        `description:"The OAuth provider to use for automatic redirection." yaml:"autoRedirect"`
+	AutoRedirect string `description:"The OAuth provider to use for automatic redirection."`
-	Providers    map[string]OAuthServiceConfig `description:"OAuth providers configuration." yaml:"providers"`
+	Providers    map[string]OAuthServiceConfig
 }
 type UIConfig struct {
-	Title                 string `description:"The title of the UI." yaml:"title"`
+	Title                 string `description:"The title of the UI."`
-	ForgotPasswordMessage string `description:"Message displayed on the forgot password page." yaml:"forgotPasswordMessage"`
+	ForgotPasswordMessage string `description:"Message displayed on the forgot password page."`
-	BackgroundImage       string `description:"Path to the background image." yaml:"backgroundImage"`
+	BackgroundImage       string `description:"Path to the background image."`
 }
 type LdapConfig struct {
-	Address      string `description:"LDAP server address." yaml:"address"`
+	Address      string `description:"LDAP server address."`
-	BindDN       string `description:"Bind DN for LDAP authentication." yaml:"bindDn"`
+	BindDN       string `description:"Bind DN for LDAP authentication."`
-	BindPassword string `description:"Bind password for LDAP authentication." yaml:"bindPassword"`
+	BindPassword string `description:"Bind password for LDAP authentication."`
-	BaseDN       string `description:"Base DN for LDAP searches." yaml:"baseDn"`
+	BaseDN       string `description:"Base DN for LDAP searches."`
-	Insecure     bool   `description:"Allow insecure LDAP connections." yaml:"insecure"`
+	Insecure     bool   `description:"Allow insecure LDAP connections."`
-	SearchFilter string `description:"LDAP search filter." yaml:"searchFilter"`
+	SearchFilter string `description:"LDAP search filter."`
 	AuthCert     string `description:"Certificate for mTLS authentication." yaml:"authCert"`
 	AuthKey      string `description:"Certificate key for mTLS authentication." yaml:"authKey"`
 }
 type ExperimentalConfig struct {
 	ConfigFile string `description:"Path to config file." yaml:"-"`
 }
 // Config loader options
@@ -89,7 +73,6 @@ const DefaultNamePrefix = "TINYAUTH_"
 // OAuth/OIDC config
 type Claims struct {
 	Sub               string `json:"sub"`
 	Name              string `json:"name"`
 	Email             string `json:"email"`
 	PreferredUsername string `json:"preferred_username"`
@@ -136,7 +119,6 @@ type SessionCookie struct {
 	TotpPending bool
 	OAuthGroups string
 	OAuthName   string
 	OAuthSub    string
 }
 type UserContext struct {
@@ -150,7 +132,6 @@ type UserContext struct {
 	OAuthGroups string
 	TotpEnabled bool
 	OAuthName   string
 	OAuthSub    string
 }
 // API responses and queries
@@ -166,55 +147,61 @@ type RedirectQuery struct {
 	RedirectURI string `url:"redirect_uri"`
 }
-// ACLs
+// Labels
 type Apps struct {
-	Apps map[string]App `description:"App ACLs configuration." yaml:"apps"`
+	Apps map[string]App
 }
 type App struct {
-	Config   AppConfig   `description:"App configuration." yaml:"config"`
+	Config   AppConfig
-	Users    AppUsers    `description:"User access configuration." yaml:"users"`
+	Users    AppUsers
-	OAuth    AppOAuth    `description:"OAuth access configuration." yaml:"oauth"`
+	OAuth    AppOAuth
-	IP       AppIP       `description:"IP access configuration." yaml:"ip"`
+	IP       AppIP
-	Response AppResponse `description:"Response customization." yaml:"response"`
+	Response AppResponse
-	Path     AppPath     `description:"Path access configuration." yaml:"path"`
+	Path     AppPath
 }
 type AppConfig struct {
-	Domain string `description:"The domain of the app." yaml:"domain"`
+	Domain string
 }
 type AppUsers struct {
-	Allow string `description:"Comma-separated list of allowed users." yaml:"allow"`
+	Allow string
-	Block string `description:"Comma-separated list of blocked users." yaml:"block"`
+	Block string
 }
 type AppOAuth struct {
-	Whitelist string `description:"Comma-separated list of allowed OAuth groups." yaml:"whitelist"`
+	Whitelist string
-	Groups    string `description:"Comma-separated list of required OAuth groups." yaml:"groups"`
+	Groups    string
 }
 type AppIP struct {
-	Allow  []string `description:"List of allowed IPs or CIDR ranges." yaml:"allow"`
+	Allow  []string
-	Block  []string `description:"List of blocked IPs or CIDR ranges." yaml:"block"`
+	Block  []string
-	Bypass []string `description:"List of IPs or CIDR ranges that bypass authentication." yaml:"bypass"`
+	Bypass []string
 }
 type AppResponse struct {
-	Headers   []string     `description:"Custom headers to add to the response." yaml:"headers"`
+	Headers   []string
-	BasicAuth AppBasicAuth `description:"Basic authentication for the app." yaml:"basicAuth"`
+	BasicAuth AppBasicAuth
 }
 type AppBasicAuth struct {
-	Username     string `description:"Basic auth username." yaml:"username"`
+	Username     string
-	Password     string `description:"Basic auth password." yaml:"password"`
+	Password     string
-	PasswordFile string `description:"Path to the file containing the basic auth password." yaml:"passwordFile"`
+	PasswordFile string
 }
 type AppPath struct {
-	Allow string `description:"Comma-separated list of allowed paths." yaml:"allow"`
+	Allow string
-	Block string `description:"Comma-separated list of blocked paths." yaml:"block"`
+	Block string
 }
 // Flags
 type Providers struct {
 	Providers map[string]OAuthServiceConfig
 }
 // API server
--- a/internal/controller/context_controller.go
+++ b/internal/controller/context_controller.go
@@ -3,8 +3,7 @@ package controller
 import (
 	"fmt"
 	"net/url"
-
+	"tinyauth/internal/utils"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"github.com/gin-gonic/gin"
 	"github.com/rs/zerolog/log"
@@ -21,7 +20,6 @@ type UserContextResponse struct {
 	OAuth       bool   `json:"oauth"`
 	TotpPending bool   `json:"totpPending"`
 	OAuthName   string `json:"oauthName"`
 	OAuthSub    string `json:"oauthSub"`
 }
 type AppContextResponse struct {
@@ -90,7 +88,6 @@ func (controller *ContextController) userContextHandler(c *gin.Context) {
 		OAuth:       context.OAuth,
 		TotpPending: context.TotpPending,
 		OAuthName:   context.OAuthName,
 		OAuthSub:    context.OAuthSub,
 	}
 	if err != nil {
--- a/internal/controller/context_controller_test.go
+++ b/internal/controller/context_controller_test.go
@@ -4,9 +4,8 @@ import (
 	"encoding/json"
 	"net/http/httptest"
 	"testing"
-
+	"tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/config"
+	"tinyauth/internal/controller"
 	"github.com/steveiliop56/tinyauth/internal/controller"
 	"github.com/gin-gonic/gin"
 	"gotest.tools/v3/assert"
@@ -44,7 +43,6 @@ var userContext = config.UserContext{
 	TotpPending: false,
 	OAuthGroups: "",
 	TotpEnabled: false,
 	OAuthSub:    "",
 }
 func setupContextController(middlewares *[]gin.HandlerFunc) (*gin.Engine, *httptest.ResponseRecorder) {
--- a/internal/controller/oauth_controller.go
+++ b/internal/controller/oauth_controller.go
@@ -5,10 +5,9 @@ import (
 	"net/http"
 	"strings"
 	"time"
-
+	"tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/config"
+	"tinyauth/internal/service"
-	"github.com/steveiliop56/tinyauth/internal/service"
+	"tinyauth/internal/utils"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"github.com/gin-gonic/gin"
 	"github.com/google/go-querystring/query"
@@ -197,7 +196,6 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 		Provider:    req.Provider,
 		OAuthGroups: utils.CoalesceToString(user.Groups),
 		OAuthName:   service.GetName(),
 		OAuthSub:    user.Sub,
 	}
 	log.Trace().Interface("session_cookie", sessionCookie).Msg("Creating session cookie")
--- a/internal/controller/proxy_controller.go
+++ b/internal/controller/proxy_controller.go
@@ -3,20 +3,16 @@ package controller
 import (
 	"fmt"
 	"net/http"
 	"slices"
 	"strings"
-
+	"tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/config"
+	"tinyauth/internal/service"
-	"github.com/steveiliop56/tinyauth/internal/service"
+	"tinyauth/internal/utils"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"github.com/gin-gonic/gin"
 	"github.com/google/go-querystring/query"
 	"github.com/rs/zerolog/log"
 )
 var SupportedProxies = []string{"nginx", "traefik", "caddy", "envoy"}
 type Proxy struct {
 	Proxy string `uri:"proxy" binding:"required"`
 }
@@ -43,8 +39,7 @@ func NewProxyController(config ProxyControllerConfig, router *gin.RouterGroup, a
 func (controller *ProxyController) SetupRoutes() {
 	proxyGroup := controller.router.Group("/auth")
-	// There is a later check to control allowed methods per proxy
+	proxyGroup.GET("/:proxy", controller.proxyHandler)
 	proxyGroup.Any("/:proxy", controller.proxyHandler)
 }
 func (controller *ProxyController) proxyHandler(c *gin.Context) {
@@ -60,7 +55,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		return
 	}
-	if !slices.Contains(SupportedProxies, req.Proxy) {
+	if req.Proxy != "nginx" && req.Proxy != "traefik" && req.Proxy != "caddy" {
 		log.Warn().Str("proxy", req.Proxy).Msg("Invalid proxy")
 		c.JSON(400, gin.H{
 			"status":  400,
@@ -69,19 +64,6 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		return
 	}
 	// Only allow GET for non-envoy proxies.
 	// Envoy uses the original client method for the external auth request
 	// so we allow Any standard HTTP method for /api/auth/envoy
 	if req.Proxy != "envoy" && c.Request.Method != http.MethodGet {
 		log.Warn().Str("method", c.Request.Method).Msg("Invalid method for proxy")
 		c.Header("Allow", "GET")
 		c.JSON(405, gin.H{
 			"status":  405,
 			"message": "Method Not Allowed",
 		})
 		return
 	}
 	isBrowser := strings.Contains(c.Request.Header.Get("Accept"), "text/html")
 	if isBrowser {
@@ -179,9 +161,9 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 	}
 	if userContext.IsLoggedIn {
-		userAllowed := controller.auth.IsUserAllowed(c, userContext, acls)
+		appAllowed := controller.auth.IsResourceAllowed(c, userContext, acls)
-		if !userAllowed {
+		if !appAllowed {
 			log.Warn().Str("user", userContext.Username).Str("resource", strings.Split(host, ".")[0]).Msg("User not allowed to access resource")
 			if req.Proxy == "nginx" || !isBrowser {
@@ -252,7 +234,6 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		c.Header("Remote-Name", utils.SanitizeHeader(userContext.Name))
 		c.Header("Remote-Email", utils.SanitizeHeader(userContext.Email))
 		c.Header("Remote-Groups", utils.SanitizeHeader(userContext.OAuthGroups))
 		c.Header("Remote-Sub", utils.SanitizeHeader(userContext.OAuthSub))
 		controller.setHeaders(c, acls)
--- a/internal/controller/proxy_controller_test.go
+++ b/internal/controller/proxy_controller_test.go
@@ -3,12 +3,9 @@ package controller_test
 import (
 	"net/http/httptest"
 	"testing"
-
+	"tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/bootstrap"
+	"tinyauth/internal/controller"
-	"github.com/steveiliop56/tinyauth/internal/config"
+	"tinyauth/internal/service"
 	"github.com/steveiliop56/tinyauth/internal/controller"
 	"github.com/steveiliop56/tinyauth/internal/repository"
 	"github.com/steveiliop56/tinyauth/internal/service"
 	"github.com/gin-gonic/gin"
 	"gotest.tools/v3/assert"
@@ -28,16 +25,14 @@ func setupProxyController(t *testing.T, middlewares *[]gin.HandlerFunc) (*gin.En
 	group := router.Group("/api")
 	recorder := httptest.NewRecorder()
 	// Mock app
 	app := bootstrap.NewBootstrapApp(config.Config{})
 	// Database
-	db, err := app.SetupDatabase(":memory:")
+	databaseService := service.NewDatabaseService(service.DatabaseServiceConfig{
 		DatabasePath: "/tmp/tinyauth_test.db",
 	})
-	assert.NilError(t, err)
+	assert.NilError(t, databaseService.Init())
-	// Queries
+	database := databaseService.GetDatabase()
 	queries := repository.New(db)
 	// Docker
 	dockerService := service.NewDockerService()
@@ -45,7 +40,7 @@ func setupProxyController(t *testing.T, middlewares *[]gin.HandlerFunc) (*gin.En
 	assert.NilError(t, dockerService.Init())
 	// Access controls
-	accessControlsService := service.NewAccessControlsService(dockerService, map[string]config.App{})
+	accessControlsService := service.NewAccessControlsService(dockerService)
 	assert.NilError(t, accessControlsService.Init())
@@ -57,15 +52,14 @@ func setupProxyController(t *testing.T, middlewares *[]gin.HandlerFunc) (*gin.En
 				Password: "$2a$10$ne6z693sTgzT3ePoQ05PgOecUHnBjM7sSNj6M.l5CLUP.f6NyCnt.", // test
 			},
 		},
-		OauthWhitelist:     []string{},
+		OauthWhitelist:    "",
-		SessionExpiry:      3600,
+		SessionExpiry:     3600,
-		SessionMaxLifetime: 0,
+		SecureCookie:      false,
-		SecureCookie:       false,
+		CookieDomain:      "localhost",
-		CookieDomain:       "localhost",
+		LoginTimeout:      300,
-		LoginTimeout:       300,
+		LoginMaxRetries:   3,
-		LoginMaxRetries:    3,
+		SessionCookieName: "tinyauth-session",
-		SessionCookieName:  "tinyauth-session",
+	}, dockerService, nil, database)
 	}, dockerService, nil, queries)
 	// Controller
 	ctrl := controller.NewProxyController(controller.ProxyControllerConfig{
@@ -86,14 +80,6 @@ func TestProxyHandler(t *testing.T) {
 	assert.Equal(t, 400, recorder.Code)
 	// Test invalid method for non-envoy proxy
 	recorder = httptest.NewRecorder()
 	req = httptest.NewRequest("POST", "/api/auth/traefik", nil)
 	router.ServeHTTP(recorder, req)
 	assert.Equal(t, 405, recorder.Code)
 	assert.Equal(t, "GET", recorder.Header().Get("Allow"))
 	// Test logged out user (traefik/caddy)
 	recorder = httptest.NewRecorder()
 	req = httptest.NewRequest("GET", "/api/auth/traefik", nil)
@@ -106,30 +92,6 @@ func TestProxyHandler(t *testing.T) {
 	assert.Equal(t, 307, recorder.Code)
 	assert.Equal(t, "http://localhost:8080/login?redirect_uri=https%3A%2F%2Fexample.com%2Fsomepath", recorder.Header().Get("Location"))
 	// Test logged out user (envoy - POST method)
 	recorder = httptest.NewRecorder()
 	req = httptest.NewRequest("POST", "/api/auth/envoy", nil)
 	req.Header.Set("X-Forwarded-Proto", "https")
 	req.Header.Set("X-Forwarded-Host", "example.com")
 	req.Header.Set("X-Forwarded-Uri", "/somepath")
 	req.Header.Set("Accept", "text/html")
 	router.ServeHTTP(recorder, req)
 	assert.Equal(t, 307, recorder.Code)
 	assert.Equal(t, "http://localhost:8080/login?redirect_uri=https%3A%2F%2Fexample.com%2Fsomepath", recorder.Header().Get("Location"))
 	// Test logged out user (envoy - DELETE method)
 	recorder = httptest.NewRecorder()
 	req = httptest.NewRequest("DELETE", "/api/auth/envoy", nil)
 	req.Header.Set("X-Forwarded-Proto", "https")
 	req.Header.Set("X-Forwarded-Host", "example.com")
 	req.Header.Set("X-Forwarded-Uri", "/somepath")
 	req.Header.Set("Accept", "text/html")
 	router.ServeHTTP(recorder, req)
 	assert.Equal(t, 307, recorder.Code)
 	assert.Equal(t, "http://localhost:8080/login?redirect_uri=https%3A%2F%2Fexample.com%2Fsomepath", recorder.Header().Get("Location"))
 	// Test logged out user (nginx)
 	recorder = httptest.NewRecorder()
 	req = httptest.NewRequest("GET", "/api/auth/nginx", nil)
--- a/internal/controller/resources_controller_test.go
+++ b/internal/controller/resources_controller_test.go
@@ -4,8 +4,7 @@ import (
 	"net/http/httptest"
 	"os"
 	"testing"
-
+	"tinyauth/internal/controller"
 	"github.com/steveiliop56/tinyauth/internal/controller"
 	"github.com/gin-gonic/gin"
 	"gotest.tools/v3/assert"
--- a/internal/controller/user_controller.go
+++ b/internal/controller/user_controller.go
@@ -3,11 +3,9 @@ package controller
 import (
 	"fmt"
 	"strings"
-	"time"
+	"tinyauth/internal/config"
-
+	"tinyauth/internal/service"
-	"github.com/steveiliop56/tinyauth/internal/config"
+	"tinyauth/internal/utils"
 	"github.com/steveiliop56/tinyauth/internal/service"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"github.com/gin-gonic/gin"
 	"github.com/pquerna/otp/totp"
@@ -61,17 +59,23 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 		return
 	}
-	log.Debug().Str("username", req.Username).Msg("Login attempt")
+	clientIP := c.ClientIP()
-	isLocked, remaining := controller.auth.IsAccountLocked(req.Username)
+	rateIdentifier := req.Username
 	if rateIdentifier == "" {
 		rateIdentifier = clientIP
 	}
 	log.Debug().Str("username", req.Username).Str("ip", clientIP).Msg("Login attempt")
 	isLocked, remainingTime := controller.auth.IsAccountLocked(rateIdentifier)
 	if isLocked {
-		log.Warn().Str("username", req.Username).Msg("Account is locked due to too many failed login attempts")
+		log.Warn().Str("username", req.Username).Str("ip", clientIP).Msg("Account is locked due to too many failed login attempts")
 		c.Writer.Header().Add("x-tinyauth-lock-locked", "true")
 		c.Writer.Header().Add("x-tinyauth-lock-reset", time.Now().Add(time.Duration(remaining)*time.Second).Format(time.RFC3339))
 		c.JSON(429, gin.H{
 			"status":  429,
-			"message": fmt.Sprintf("Too many failed login attempts. Try again in %d seconds", remaining),
+			"message": fmt.Sprintf("Too many failed login attempts. Try again in %d seconds", remainingTime),
 		})
 		return
 	}
@@ -79,8 +83,8 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 	userSearch := controller.auth.SearchUser(req.Username)
 	if userSearch.Type == "unknown" {
-		log.Warn().Str("username", req.Username).Msg("User not found")
+		log.Warn().Str("username", req.Username).Str("ip", clientIP).Msg("User not found")
-		controller.auth.RecordLoginAttempt(req.Username, false)
+		controller.auth.RecordLoginAttempt(rateIdentifier, false)
 		c.JSON(401, gin.H{
 			"status":  401,
 			"message": "Unauthorized",
@@ -89,8 +93,8 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 	}
 	if !controller.auth.VerifyUser(userSearch, req.Password) {
-		log.Warn().Str("username", req.Username).Msg("Invalid password")
+		log.Warn().Str("username", req.Username).Str("ip", clientIP).Msg("Invalid password")
-		controller.auth.RecordLoginAttempt(req.Username, false)
+		controller.auth.RecordLoginAttempt(rateIdentifier, false)
 		c.JSON(401, gin.H{
 			"status":  401,
 			"message": "Unauthorized",
@@ -98,9 +102,9 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 		return
 	}
-	log.Info().Str("username", req.Username).Msg("Login successful")
+	log.Info().Str("username", req.Username).Str("ip", clientIP).Msg("Login successful")
-	controller.auth.RecordLoginAttempt(req.Username, true)
+	controller.auth.RecordLoginAttempt(rateIdentifier, true)
 	if userSearch.Type == "local" {
 		user := controller.auth.GetLocalUser(userSearch.Username)
@@ -204,17 +208,23 @@ func (controller *UserController) totpHandler(c *gin.Context) {
 		return
 	}
-	log.Debug().Str("username", context.Username).Msg("TOTP verification attempt")
+	clientIP := c.ClientIP()
-	isLocked, remaining := controller.auth.IsAccountLocked(context.Username)
+	rateIdentifier := context.Username
 	if rateIdentifier == "" {
 		rateIdentifier = clientIP
 	}
 	log.Debug().Str("username", context.Username).Str("ip", clientIP).Msg("TOTP verification attempt")
 	isLocked, remainingTime := controller.auth.IsAccountLocked(rateIdentifier)
 	if isLocked {
-		log.Warn().Str("username", context.Username).Msg("Account is locked due to too many failed TOTP attempts")
+		log.Warn().Str("username", context.Username).Str("ip", clientIP).Msg("Account is locked due to too many failed TOTP attempts")
 		c.Writer.Header().Add("x-tinyauth-lock-locked", "true")
 		c.Writer.Header().Add("x-tinyauth-lock-reset", time.Now().Add(time.Duration(remaining)*time.Second).Format(time.RFC3339))
 		c.JSON(429, gin.H{
 			"status":  429,
-			"message": fmt.Sprintf("Too many failed TOTP attempts. Try again in %d seconds", remaining),
+			"message": fmt.Sprintf("Too many failed TOTP attempts. Try again in %d seconds", remainingTime),
 		})
 		return
 	}
@@ -224,8 +234,8 @@ func (controller *UserController) totpHandler(c *gin.Context) {
 	ok := totp.Validate(req.Code, user.TotpSecret)
 	if !ok {
-		log.Warn().Str("username", context.Username).Msg("Invalid TOTP code")
+		log.Warn().Str("username", context.Username).Str("ip", clientIP).Msg("Invalid TOTP code")
-		controller.auth.RecordLoginAttempt(context.Username, false)
+		controller.auth.RecordLoginAttempt(rateIdentifier, false)
 		c.JSON(401, gin.H{
 			"status":  401,
 			"message": "Unauthorized",
@@ -233,9 +243,9 @@ func (controller *UserController) totpHandler(c *gin.Context) {
 		return
 	}
-	log.Info().Str("username", context.Username).Msg("TOTP verification successful")
+	log.Info().Str("username", context.Username).Str("ip", clientIP).Msg("TOTP verification successful")
-	controller.auth.RecordLoginAttempt(context.Username, true)
+	controller.auth.RecordLoginAttempt(rateIdentifier, true)
 	sessionCookie := config.SessionCookie{
 		Username: user.Username,
--- a/internal/controller/user_controller_test.go
+++ b/internal/controller/user_controller_test.go
@@ -7,12 +7,9 @@ import (
 	"strings"
 	"testing"
 	"time"
-
+	"tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/bootstrap"
+	"tinyauth/internal/controller"
-	"github.com/steveiliop56/tinyauth/internal/config"
+	"tinyauth/internal/service"
 	"github.com/steveiliop56/tinyauth/internal/controller"
 	"github.com/steveiliop56/tinyauth/internal/repository"
 	"github.com/steveiliop56/tinyauth/internal/service"
 	"github.com/gin-gonic/gin"
 	"github.com/pquerna/otp/totp"
@@ -36,16 +33,14 @@ func setupUserController(t *testing.T, middlewares *[]gin.HandlerFunc) (*gin.Eng
 	group := router.Group("/api")
 	recorder := httptest.NewRecorder()
 	// Mock app
 	app := bootstrap.NewBootstrapApp(config.Config{})
 	// Database
-	db, err := app.SetupDatabase(":memory:")
+	databaseService := service.NewDatabaseService(service.DatabaseServiceConfig{
 		DatabasePath: "/tmp/tinyauth_test.db",
 	})
-	assert.NilError(t, err)
+	assert.NilError(t, databaseService.Init())
-	// Queries
+	database := databaseService.GetDatabase()
 	queries := repository.New(db)
 	// Auth service
 	authService := service.NewAuthService(service.AuthServiceConfig{
@@ -60,15 +55,14 @@ func setupUserController(t *testing.T, middlewares *[]gin.HandlerFunc) (*gin.Eng
 				TotpSecret: totpSecret,
 			},
 		},
-		OauthWhitelist:     []string{},
+		OauthWhitelist:    "",
-		SessionExpiry:      3600,
+		SessionExpiry:     3600,
-		SessionMaxLifetime: 0,
+		SecureCookie:      false,
-		SecureCookie:       false,
+		CookieDomain:      "localhost",
-		CookieDomain:       "localhost",
+		LoginTimeout:      300,
-		LoginTimeout:       300,
+		LoginMaxRetries:   3,
-		LoginMaxRetries:    3,
+		SessionCookieName: "tinyauth-session",
-		SessionCookieName:  "tinyauth-session",
+	}, nil, nil, database)
 	}, nil, nil, queries)
 	// Controller
 	ctrl := controller.NewUserController(controller.UserControllerConfig{
--- a/internal/middleware/context_middleware.go
+++ b/internal/middleware/context_middleware.go
@@ -3,11 +3,9 @@ package middleware
 import (
 	"fmt"
 	"strings"
-	"time"
+	"tinyauth/internal/config"
-
+	"tinyauth/internal/service"
-	"github.com/steveiliop56/tinyauth/internal/config"
+	"tinyauth/internal/utils"
 	"github.com/steveiliop56/tinyauth/internal/service"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"github.com/gin-gonic/gin"
 	"github.com/rs/zerolog/log"
@@ -67,7 +65,6 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 				goto basic
 			}
 			m.auth.RefreshSessionCookie(c)
 			c.Set("context", &config.UserContext{
 				Username:   cookie.Username,
 				Name:       cookie.Name,
@@ -92,7 +89,6 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 				goto basic
 			}
 			m.auth.RefreshSessionCookie(c)
 			c.Set("context", &config.UserContext{
 				Username:    cookie.Username,
 				Name:        cookie.Name,
@@ -100,7 +96,6 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 				Provider:    cookie.Provider,
 				OAuthGroups: cookie.OAuthGroups,
 				OAuthName:   cookie.OAuthName,
 				OAuthSub:    cookie.OAuthSub,
 				IsLoggedIn:  true,
 				OAuth:       true,
 			})
@@ -117,34 +112,20 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 			return
 		}
 		locked, remaining := m.auth.IsAccountLocked(basic.Username)
 		if locked {
 			log.Debug().Msgf("Account for user %s is locked for %d seconds, denying auth", basic.Username, remaining)
 			c.Writer.Header().Add("x-tinyauth-lock-locked", "true")
 			c.Writer.Header().Add("x-tinyauth-lock-reset", time.Now().Add(time.Duration(remaining)*time.Second).Format(time.RFC3339))
 			c.Next()
 			return
 		}
 		userSearch := m.auth.SearchUser(basic.Username)
 		if userSearch.Type == "unknown" || userSearch.Type == "error" {
 			m.auth.RecordLoginAttempt(basic.Username, false)
 			log.Debug().Msg("User from basic auth not found")
 			c.Next()
 			return
 		}
 		if !m.auth.VerifyUser(userSearch, basic.Password) {
 			m.auth.RecordLoginAttempt(basic.Username, false)
 			log.Debug().Msg("Invalid password for basic auth user")
 			c.Next()
 			return
 		}
 		m.auth.RecordLoginAttempt(basic.Username, true)
 		switch userSearch.Type {
 		case "local":
 			log.Debug().Msg("Basic auth user is local")
--- a/internal/middleware/ui_middleware.go
+++ b/internal/middleware/ui_middleware.go
@@ -7,8 +7,7 @@ import (
 	"os"
 	"strings"
 	"time"
-
+	"tinyauth/internal/assets"
 	"github.com/steveiliop56/tinyauth/internal/assets"
 	"github.com/gin-gonic/gin"
 )
--- a/internal/model/session_model.go
+++ b/internal/model/session_model.go
@@ -0,0 +1,13 @@
 package model
 type Session struct {
 	UUID        string `gorm:"column:uuid;primaryKey"`
 	Username    string `gorm:"column:username"`
 	Email       string `gorm:"column:email"`
 	Name        string `gorm:"column:name"`
 	Provider    string `gorm:"column:provider"`
 	TOTPPending bool   `gorm:"column:totp_pending"`
 	OAuthGroups string `gorm:"column:oauth_groups"`
 	Expiry      int64  `gorm:"column:expiry"`
 	OAuthName   string `gorm:"column:oauth_name"`
 }
--- a/internal/repository/db.go
+++ b/internal/repository/db.go
@@ -1,31 +0,0 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
 //   sqlc v1.30.0
 package repository
 import (
 	"context"
 	"database/sql"
 )
 type DBTX interface {
 	ExecContext(context.Context, string, ...interface{}) (sql.Result, error)
 	PrepareContext(context.Context, string) (*sql.Stmt, error)
 	QueryContext(context.Context, string, ...interface{}) (*sql.Rows, error)
 	QueryRowContext(context.Context, string, ...interface{}) *sql.Row
 }
 func New(db DBTX) *Queries {
 	return &Queries{db: db}
 }
 type Queries struct {
 	db DBTX
 }
 func (q *Queries) WithTx(tx *sql.Tx) *Queries {
 	return &Queries{
 		db: tx,
 	}
 }
--- a/internal/repository/models.go
+++ b/internal/repository/models.go
@@ -1,19 +0,0 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
 //   sqlc v1.30.0
 package repository
 type Session struct {
 	UUID        string
 	Username    string
 	Email       string
 	Name        string
 	Provider    string
 	TotpPending bool
 	OAuthGroups string
 	Expiry      int64
 	CreatedAt   int64
 	OAuthName   string
 	OAuthSub    string
 }
--- a/internal/repository/queries.sql.go
+++ b/internal/repository/queries.sql.go
@@ -1,176 +0,0 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
 //   sqlc v1.30.0
 // source: queries.sql
 package repository
 import (
 	"context"
 )
 const createSession = `-- name: CreateSession :one
 INSERT INTO sessions (
    "uuid",
    "username",
    "email",
    "name",
    "provider",
    "totp_pending",
    "oauth_groups",
    "expiry",
    "created_at",
    "oauth_name",
    "oauth_sub"
 ) VALUES (
    ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?
 )
 RETURNING uuid, username, email, name, provider, totp_pending, oauth_groups, expiry, created_at, oauth_name, oauth_sub
 `
 type CreateSessionParams struct {
 	UUID        string
 	Username    string
 	Email       string
 	Name        string
 	Provider    string
 	TotpPending bool
 	OAuthGroups string
 	Expiry      int64
 	CreatedAt   int64
 	OAuthName   string
 	OAuthSub    string
 }
 func (q *Queries) CreateSession(ctx context.Context, arg CreateSessionParams) (Session, error) {
 	row := q.db.QueryRowContext(ctx, createSession,
 		arg.UUID,
 		arg.Username,
 		arg.Email,
 		arg.Name,
 		arg.Provider,
 		arg.TotpPending,
 		arg.OAuthGroups,
 		arg.Expiry,
 		arg.CreatedAt,
 		arg.OAuthName,
 		arg.OAuthSub,
 	)
 	var i Session
 	err := row.Scan(
 		&i.UUID,
 		&i.Username,
 		&i.Email,
 		&i.Name,
 		&i.Provider,
 		&i.TotpPending,
 		&i.OAuthGroups,
 		&i.Expiry,
 		&i.CreatedAt,
 		&i.OAuthName,
 		&i.OAuthSub,
 	)
 	return i, err
 }
 const deleteExpiredSessions = `-- name: DeleteExpiredSessions :exec
 DELETE FROM "sessions"
 WHERE "expiry" < ?
 `
 func (q *Queries) DeleteExpiredSessions(ctx context.Context, expiry int64) error {
 	_, err := q.db.ExecContext(ctx, deleteExpiredSessions, expiry)
 	return err
 }
 const deleteSession = `-- name: DeleteSession :exec
 DELETE FROM "sessions"
 WHERE "uuid" = ?
 `
 func (q *Queries) DeleteSession(ctx context.Context, uuid string) error {
 	_, err := q.db.ExecContext(ctx, deleteSession, uuid)
 	return err
 }
 const getSession = `-- name: GetSession :one
 SELECT uuid, username, email, name, provider, totp_pending, oauth_groups, expiry, created_at, oauth_name, oauth_sub FROM "sessions"
 WHERE "uuid" = ?
 `
 func (q *Queries) GetSession(ctx context.Context, uuid string) (Session, error) {
 	row := q.db.QueryRowContext(ctx, getSession, uuid)
 	var i Session
 	err := row.Scan(
 		&i.UUID,
 		&i.Username,
 		&i.Email,
 		&i.Name,
 		&i.Provider,
 		&i.TotpPending,
 		&i.OAuthGroups,
 		&i.Expiry,
 		&i.CreatedAt,
 		&i.OAuthName,
 		&i.OAuthSub,
 	)
 	return i, err
 }
 const updateSession = `-- name: UpdateSession :one
 UPDATE "sessions" SET
    "username" = ?,
    "email" = ?,
    "name" = ?,
    "provider" = ?,
    "totp_pending" = ?,
    "oauth_groups" = ?,
    "expiry" = ?,
    "oauth_name" = ?,
    "oauth_sub" = ?
 WHERE "uuid" = ?
 RETURNING uuid, username, email, name, provider, totp_pending, oauth_groups, expiry, created_at, oauth_name, oauth_sub
 `
 type UpdateSessionParams struct {
 	Username    string
 	Email       string
 	Name        string
 	Provider    string
 	TotpPending bool
 	OAuthGroups string
 	Expiry      int64
 	OAuthName   string
 	OAuthSub    string
 	UUID        string
 }
 func (q *Queries) UpdateSession(ctx context.Context, arg UpdateSessionParams) (Session, error) {
 	row := q.db.QueryRowContext(ctx, updateSession,
 		arg.Username,
 		arg.Email,
 		arg.Name,
 		arg.Provider,
 		arg.TotpPending,
 		arg.OAuthGroups,
 		arg.Expiry,
 		arg.OAuthName,
 		arg.OAuthSub,
 		arg.UUID,
 	)
 	var i Session
 	err := row.Scan(
 		&i.UUID,
 		&i.Username,
 		&i.Email,
 		&i.Name,
 		&i.Provider,
 		&i.TotpPending,
 		&i.OAuthGroups,
 		&i.Expiry,
 		&i.CreatedAt,
 		&i.OAuthName,
 		&i.OAuthSub,
 	)
 	return i, err
 }
--- a/internal/service/access_controls_service.go
+++ b/internal/service/access_controls_service.go
@@ -1,54 +1,122 @@
 package service
 import (
-	"errors"
+	"tinyauth/internal/config"
 	"strings"
 	"github.com/rs/zerolog/log"
 	"github.com/steveiliop56/tinyauth/internal/config"
 )
 /*
 Environment variable/flag based ACLs are disabled until v5 due to a technical challenge
 with the current parsing logic.
 The current parser works for simple OAuth provider configs like:
 - PROVIDERS_MY_AMAZING_PROVIDER_CLIENT_ID
 However, it breaks down when handling nested structs required for ACLs. The custom parsing
 solution that worked for v4 OAuth providers is incompatible with the ACL parsing logic,
 making the codebase unmaintainable and fragile.
 A solution is being considered for v5 that would standardize the format to something like:
 - TINYAUTH_PROVIDERS_GOOGLE_CLIENTSECRET
 - TINYAUTH_APPS_MYAPP_CONFIG_DOMAIN
 This would allow the Traefik parser to handle everything consistently, but requires a
 config migration. Until this is resolved, environment-based ACLs are disabled and only
 Docker label-based ACLs are supported.
 See: https://discord.com/channels/1337450123600465984/1337459086270271538/1434986689935179838 for more information
 */
 type AccessControlsService struct {
 	docker *DockerService
-	static map[string]config.App
+	// envACLs config.Apps
 }
-func NewAccessControlsService(docker *DockerService, static map[string]config.App) *AccessControlsService {
+func NewAccessControlsService(docker *DockerService) *AccessControlsService {
 	return &AccessControlsService{
 		docker: docker,
 		static: static,
 	}
 }
 func (acls *AccessControlsService) Init() error {
-	return nil // No initialization needed
+	// acls.envACLs = config.Apps{}
 	// env := os.Environ()
 	// appEnvVars := []string{}
 	// for _, e := range env {
 	// 	if strings.HasPrefix(e, "TINYAUTH_APPS_") {
 	// 		appEnvVars = append(appEnvVars, e)
 	// 	}
 	// }
 	// err := acls.loadEnvACLs(appEnvVars)
 	// if err != nil {
 	// 	return err
 	// }
 	// return nil
 	return nil
 }
-func (acls *AccessControlsService) lookupStaticACLs(domain string) (config.App, error) {
+// func (acls *AccessControlsService) loadEnvACLs(appEnvVars []string) error {
-	for app, config := range acls.static {
+// 	if len(appEnvVars) == 0 {
-		if config.Config.Domain == domain {
+// 		return nil
-			log.Debug().Str("name", app).Msg("Found matching container by domain")
+// 	}
 			return config, nil
 		}
-		if strings.SplitN(domain, ".", 2)[0] == app {
+// 	envAcls := map[string]string{}
 			log.Debug().Str("name", app).Msg("Found matching container by app name")
 			return config, nil
 		}
 	}
 	return config.App{}, errors.New("no results")
 }
-func (acls *AccessControlsService) GetAccessControls(domain string) (config.App, error) {
+// 	for _, e := range appEnvVars {
-	// First check in the static config
+// 		parts := strings.SplitN(e, "=", 2)
-	app, err := acls.lookupStaticACLs(domain)
+// 		if len(parts) != 2 {
 // 			continue
 // 		}
-	if err == nil {
+// 		key := parts[0]
-		log.Debug().Msg("Using ACls from static configuration")
+// 		key = strings.ToLower(key)
-		return app, nil
+// 		key = strings.ReplaceAll(key, "_", ".")
-	}
+// 		value := parts[1]
 // 		envAcls[key] = value
 // 	}
 // 	apps, err := decoders.DecodeLabels(envAcls)
 // 	if err != nil {
 // 		return err
 // 	}
 // 	acls.envACLs = apps
 // 	return nil
 // }
 // func (acls *AccessControlsService) lookupEnvACLs(appDomain string) *config.App {
 // 	if len(acls.envACLs.Apps) == 0 {
 // 		return nil
 // 	}
 // 	for appName, appACLs := range acls.envACLs.Apps {
 // 		if appACLs.Config.Domain == appDomain {
 // 			return &appACLs
 // 		}
 // 		if strings.SplitN(appDomain, ".", 2)[0] == appName {
 // 			return &appACLs
 // 		}
 // 	}
 // 	return nil
 // }
 func (acls *AccessControlsService) GetAccessControls(appDomain string) (config.App, error) {
 	// First check environment variables
 	// envACLs := acls.lookupEnvACLs(appDomain)
 	// if envACLs != nil {
 	// 	log.Debug().Str("domain", appDomain).Msg("Found matching access controls in environment variables")
 	// 	return *envACLs, nil
 	// }
 	// Fallback to Docker labels
-	log.Debug().Msg("Falling back to Docker labels for ACLs")
+	return acls.docker.GetLabels(appDomain)
 	return acls.docker.GetLabels(domain)
 }
--- a/internal/service/auth_service.go
+++ b/internal/service/auth_service.go
@@ -1,22 +1,22 @@
 package service
 import (
-	"database/sql"
+	"context"
 	"errors"
 	"fmt"
 	"regexp"
 	"strings"
 	"sync"
 	"time"
-
+	"tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/config"
+	"tinyauth/internal/model"
-	"github.com/steveiliop56/tinyauth/internal/repository"
+	"tinyauth/internal/utils"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
 	"github.com/rs/zerolog/log"
 	"golang.org/x/crypto/bcrypt"
 	"gorm.io/gorm"
 )
 type LoginAttempt struct {
@@ -26,16 +26,14 @@ type LoginAttempt struct {
 }
 type AuthServiceConfig struct {
-	Users              []config.User
+	Users             []config.User
-	OauthWhitelist     []string
+	OauthWhitelist    string
-	SessionExpiry      int
+	SessionExpiry     int
-	SessionMaxLifetime int
+	SecureCookie      bool
-	SecureCookie       bool
+	CookieDomain      string
-	CookieDomain       string
+	LoginTimeout      int
-	LoginTimeout       int
+	LoginMaxRetries   int
-	LoginMaxRetries    int
+	SessionCookieName string
 	SessionCookieName  string
 	IP                 config.IPConfig
 }
 type AuthService struct {
@@ -44,20 +42,22 @@ type AuthService struct {
 	loginAttempts map[string]*LoginAttempt
 	loginMutex    sync.RWMutex
 	ldap          *LdapService
-	queries       *repository.Queries
+	database      *gorm.DB
 	ctx           context.Context
 }
-func NewAuthService(config AuthServiceConfig, docker *DockerService, ldap *LdapService, queries *repository.Queries) *AuthService {
+func NewAuthService(config AuthServiceConfig, docker *DockerService, ldap *LdapService, database *gorm.DB) *AuthService {
 	return &AuthService{
 		config:        config,
 		docker:        docker,
 		loginAttempts: make(map[string]*LoginAttempt),
 		ldap:          ldap,
-		queries:       queries,
+		database:      database,
 	}
 }
 func (auth *AuthService) Init() error {
 	auth.ctx = context.Background()
 	return nil
 }
@@ -103,7 +103,7 @@ func (auth *AuthService) VerifyUser(search config.UserSearch, password string) b
 				return false
 			}
-			err = auth.ldap.BindService(true)
+			err = auth.ldap.Bind(auth.ldap.Config.BindDN, auth.ldap.Config.BindPassword)
 			if err != nil {
 				log.Error().Err(err).Msg("Failed to rebind with service account after user authentication")
 				return false
@@ -187,7 +187,7 @@ func (auth *AuthService) RecordLoginAttempt(identifier string, success bool) {
 }
 func (auth *AuthService) IsEmailWhitelisted(email string) bool {
-	return utils.CheckFilter(strings.Join(auth.config.OauthWhitelist, ","), email)
+	return utils.CheckFilter(auth.config.OauthWhitelist, email)
 }
 func (auth *AuthService) CreateSessionCookie(c *gin.Context, data *config.SessionCookie) error {
@@ -205,21 +205,19 @@ func (auth *AuthService) CreateSessionCookie(c *gin.Context, data *config.Sessio
 		expiry = auth.config.SessionExpiry
 	}
-	session := repository.CreateSessionParams{
+	session := model.Session{
 		UUID:        uuid.String(),
 		Username:    data.Username,
 		Email:       data.Email,
 		Name:        data.Name,
 		Provider:    data.Provider,
-		TotpPending: data.TotpPending,
+		TOTPPending: data.TotpPending,
 		OAuthGroups: data.OAuthGroups,
 		Expiry:      time.Now().Add(time.Duration(expiry) * time.Second).Unix(),
 		CreatedAt:   time.Now().Unix(),
 		OAuthName:   data.OAuthName,
 		OAuthSub:    data.OAuthSub,
 	}
-	_, err = auth.queries.CreateSession(c, session)
+	err = gorm.G[model.Session](auth.database).Create(auth.ctx, &session)
 	if err != nil {
 		return err
@@ -230,58 +228,6 @@ func (auth *AuthService) CreateSessionCookie(c *gin.Context, data *config.Sessio
 	return nil
 }
 func (auth *AuthService) RefreshSessionCookie(c *gin.Context) error {
 	cookie, err := c.Cookie(auth.config.SessionCookieName)
 	if err != nil {
 		return err
 	}
 	session, err := auth.queries.GetSession(c, cookie)
 	if err != nil {
 		return err
 	}
 	currentTime := time.Now().Unix()
 	var refreshThreshold int64
 	if auth.config.SessionExpiry <= int(time.Hour.Seconds()) {
 		refreshThreshold = int64(auth.config.SessionExpiry / 2)
 	} else {
 		refreshThreshold = int64(time.Hour.Seconds())
 	}
 	if session.Expiry-currentTime > refreshThreshold {
 		return nil
 	}
 	newExpiry := session.Expiry + refreshThreshold
 	_, err = auth.queries.UpdateSession(c, repository.UpdateSessionParams{
 		Username:    session.Username,
 		Email:       session.Email,
 		Name:        session.Name,
 		Provider:    session.Provider,
 		TotpPending: session.TotpPending,
 		OAuthGroups: session.OAuthGroups,
 		Expiry:      newExpiry,
 		OAuthName:   session.OAuthName,
 		OAuthSub:    session.OAuthSub,
 		UUID:        session.UUID,
 	})
 	if err != nil {
 		return err
 	}
 	c.SetCookie(auth.config.SessionCookieName, cookie, int(newExpiry-currentTime), "/", fmt.Sprintf(".%s", auth.config.CookieDomain), auth.config.SecureCookie, true)
 	log.Trace().Str("username", session.Username).Msg("Session cookie refreshed")
 	return nil
 }
 func (auth *AuthService) DeleteSessionCookie(c *gin.Context) error {
 	cookie, err := c.Cookie(auth.config.SessionCookieName)
@@ -289,7 +235,7 @@ func (auth *AuthService) DeleteSessionCookie(c *gin.Context) error {
 		return err
 	}
-	err = auth.queries.DeleteSession(c, cookie)
+	_, err = gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).Delete(auth.ctx)
 	if err != nil {
 		return err
@@ -307,29 +253,20 @@ func (auth *AuthService) GetSessionCookie(c *gin.Context) (config.SessionCookie,
 		return config.SessionCookie{}, err
 	}
-	session, err := auth.queries.GetSession(c, cookie)
+	session, err := gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).First(auth.ctx)
 	if err != nil {
 		if errors.Is(err, sql.ErrNoRows) {
 			return config.SessionCookie{}, fmt.Errorf("session not found")
 		}
 		return config.SessionCookie{}, err
 	}
 	if errors.Is(err, gorm.ErrRecordNotFound) {
 		return config.SessionCookie{}, fmt.Errorf("session not found")
 	}
 	currentTime := time.Now().Unix()
 	if auth.config.SessionMaxLifetime != 0 && session.CreatedAt != 0 {
 		if currentTime-session.CreatedAt > int64(auth.config.SessionMaxLifetime) {
 			err = auth.queries.DeleteSession(c, cookie)
 			if err != nil {
 				log.Error().Err(err).Msg("Failed to delete session exceeding max lifetime")
 			}
 			return config.SessionCookie{}, fmt.Errorf("session expired due to max lifetime exceeded")
 		}
 	}
 	if currentTime > session.Expiry {
-		err = auth.queries.DeleteSession(c, cookie)
+		_, err = gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).Delete(auth.ctx)
 		if err != nil {
 			log.Error().Err(err).Msg("Failed to delete expired session")
 		}
@@ -342,10 +279,9 @@ func (auth *AuthService) GetSessionCookie(c *gin.Context) (config.SessionCookie,
 		Email:       session.Email,
 		Name:        session.Name,
 		Provider:    session.Provider,
-		TotpPending: session.TotpPending,
+		TotpPending: session.TOTPPending,
 		OAuthGroups: session.OAuthGroups,
 		OAuthName:   session.OAuthName,
 		OAuthSub:    session.OAuthSub,
 	}, nil
 }
@@ -353,7 +289,7 @@ func (auth *AuthService) UserAuthConfigured() bool {
 	return len(auth.config.Users) > 0 || auth.ldap != nil
 }
-func (auth *AuthService) IsUserAllowed(c *gin.Context, context config.UserContext, acls config.App) bool {
+func (auth *AuthService) IsResourceAllowed(c *gin.Context, context config.UserContext, acls config.App) bool {
 	if context.OAuth {
 		log.Debug().Msg("Checking OAuth whitelist")
 		return utils.CheckFilter(acls.OAuth.Whitelist, context.Email)
@@ -436,11 +372,7 @@ func (auth *AuthService) GetBasicAuth(c *gin.Context) *config.User {
 }
 func (auth *AuthService) CheckIP(acls config.AppIP, ip string) bool {
-	// Merge the global and app IP filter
+	for _, blocked := range acls.Block {
 	blockedIps := append(auth.config.IP.Block, acls.Block...)
 	allowedIPs := append(auth.config.IP.Allow, acls.Allow...)
 	for _, blocked := range blockedIps {
 		res, err := utils.FilterIP(blocked, ip)
 		if err != nil {
 			log.Warn().Err(err).Str("item", blocked).Msg("Invalid IP/CIDR in block list")
@@ -452,7 +384,7 @@ func (auth *AuthService) CheckIP(acls config.AppIP, ip string) bool {
 		}
 	}
-	for _, allowed := range allowedIPs {
+	for _, allowed := range acls.Allow {
 		res, err := utils.FilterIP(allowed, ip)
 		if err != nil {
 			log.Warn().Err(err).Str("item", allowed).Msg("Invalid IP/CIDR in allow list")
@@ -464,7 +396,7 @@ func (auth *AuthService) CheckIP(acls config.AppIP, ip string) bool {
 		}
 	}
-	if len(allowedIPs) > 0 {
+	if len(acls.Allow) > 0 {
 		log.Debug().Str("ip", ip).Msg("IP not in allow list, denying access")
 		return false
 	}
--- a/internal/service/database_service.go
+++ b/internal/service/database_service.go
@@ -0,0 +1,91 @@
 package service
 import (
 	"database/sql"
 	"fmt"
 	"os"
 	"path/filepath"
 	"tinyauth/internal/assets"
 	"github.com/glebarez/sqlite"
 	"github.com/golang-migrate/migrate/v4"
 	sqliteMigrate "github.com/golang-migrate/migrate/v4/database/sqlite3"
 	"github.com/golang-migrate/migrate/v4/source/iofs"
 	"gorm.io/gorm"
 )
 type DatabaseServiceConfig struct {
 	DatabasePath string
 }
 type DatabaseService struct {
 	config   DatabaseServiceConfig
 	database *gorm.DB
 }
 func NewDatabaseService(config DatabaseServiceConfig) *DatabaseService {
 	return &DatabaseService{
 		config: config,
 	}
 }
 func (ds *DatabaseService) Init() error {
 	dbPath := ds.config.DatabasePath
 	if dbPath == "" {
 		dbPath = "/data/tinyauth.db"
 	}
 	dir := filepath.Dir(dbPath)
 	if err := os.MkdirAll(dir, 0755); err != nil {
 		return fmt.Errorf("failed to create database directory %s: %w", dir, err)
 	}
 	gormDB, err := gorm.Open(sqlite.Open(dbPath), &gorm.Config{})
 	if err != nil {
 		return err
 	}
 	sqlDB, err := gormDB.DB()
 	if err != nil {
 		return err
 	}
 	sqlDB.SetMaxOpenConns(1)
 	err = ds.migrateDatabase(sqlDB)
 	if err != nil && err != migrate.ErrNoChange {
 		return err
 	}
 	ds.database = gormDB
 	return nil
 }
 func (ds *DatabaseService) migrateDatabase(sqlDB *sql.DB) error {
 	data, err := iofs.New(assets.Migrations, "migrations")
 	if err != nil {
 		return err
 	}
 	target, err := sqliteMigrate.WithInstance(sqlDB, &sqliteMigrate.Config{})
 	if err != nil {
 		return err
 	}
 	migrator, err := migrate.NewWithInstance("iofs", data, "tinyauth", target)
 	if err != nil {
 		return err
 	}
 	return migrator.Up()
 }
 func (ds *DatabaseService) GetDatabase() *gorm.DB {
 	return ds.database
 }
--- a/internal/service/docker_service.go
+++ b/internal/service/docker_service.go
@@ -3,9 +3,8 @@ package service
 import (
 	"context"
 	"strings"
-
+	"tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/config"
+	"tinyauth/internal/utils/decoders"
 	"github.com/steveiliop56/tinyauth/internal/utils/decoders"
 	container "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/client"
--- a/internal/service/generic_oauth_service.go
+++ b/internal/service/generic_oauth_service.go
@@ -10,8 +10,7 @@ import (
 	"io"
 	"net/http"
 	"time"
-
+	"tinyauth/internal/config"
 	"github.com/steveiliop56/tinyauth/internal/config"
 	"github.com/rs/zerolog/log"
 	"golang.org/x/oauth2"
@@ -55,7 +54,6 @@ func (generic *GenericOAuthService) Init() error {
 	httpClient := &http.Client{
 		Transport: transport,
 		Timeout:   30 * time.Second,
 	}
 	ctx := context.Background()
--- a/internal/service/github_oauth_service.go
+++ b/internal/service/github_oauth_service.go
@@ -9,10 +9,8 @@ import (
 	"fmt"
 	"io"
 	"net/http"
 	"strconv"
 	"time"
-
+	"tinyauth/internal/config"
 	"github.com/steveiliop56/tinyauth/internal/config"
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/endpoints"
@@ -28,7 +26,6 @@ type GithubEmailResponse []struct {
 type GithubUserInfoResponse struct {
 	Login string `json:"login"`
 	Name  string `json:"name"`
 	ID    int    `json:"id"`
 }
 type GithubOAuthService struct {
@@ -53,9 +50,7 @@ func NewGithubOAuthService(config config.OAuthServiceConfig) *GithubOAuthService
 }
 func (github *GithubOAuthService) Init() error {
-	httpClient := &http.Client{
+	httpClient := &http.Client{}
 		Timeout: 30 * time.Second,
 	}
 	ctx := context.Background()
 	ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
 	github.context = ctx
@@ -174,7 +169,6 @@ func (github *GithubOAuthService) Userinfo() (config.Claims, error) {
 	user.PreferredUsername = userInfo.Login
 	user.Name = userInfo.Name
 	user.Sub = strconv.Itoa(userInfo.ID)
 	return user, nil
 }
--- a/internal/service/google_oauth_service.go
+++ b/internal/service/google_oauth_service.go
@@ -10,14 +10,18 @@ import (
 	"net/http"
 	"strings"
 	"time"
-
+	"tinyauth/internal/config"
 	"github.com/steveiliop56/tinyauth/internal/config"
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/endpoints"
 )
-var GoogleOAuthScopes = []string{"openid", "email", "profile"}
+var GoogleOAuthScopes = []string{"https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/userinfo.profile"}
 type GoogleUserInfoResponse struct {
 	Email string `json:"email"`
 	Name  string `json:"name"`
 }
 type GoogleOAuthService struct {
 	config   oauth2.Config
@@ -41,9 +45,7 @@ func NewGoogleOAuthService(config config.OAuthServiceConfig) *GoogleOAuthService
 }
 func (google *GoogleOAuthService) Init() error {
-	httpClient := &http.Client{
+	httpClient := &http.Client{}
 		Timeout: 30 * time.Second,
 	}
 	ctx := context.Background()
 	ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
 	google.context = ctx
@@ -86,7 +88,7 @@ func (google *GoogleOAuthService) Userinfo() (config.Claims, error) {
 	client := google.config.Client(google.context, google.token)
-	res, err := client.Get("https://openidconnect.googleapis.com/v1/userinfo")
+	res, err := client.Get("https://www.googleapis.com/userinfo/v2/me")
 	if err != nil {
 		return config.Claims{}, err
 	}
@@ -101,12 +103,16 @@ func (google *GoogleOAuthService) Userinfo() (config.Claims, error) {
 		return config.Claims{}, err
 	}
-	err = json.Unmarshal(body, &user)
+	var userInfo GoogleUserInfoResponse
 	err = json.Unmarshal(body, &userInfo)
 	if err != nil {
 		return config.Claims{}, err
 	}
-	user.PreferredUsername = strings.SplitN(user.Email, "@", 2)[0]
+	user.PreferredUsername = strings.Split(userInfo.Email, "@")[0]
 	user.Name = userInfo.Name
 	user.Email = userInfo.Email
 	return user, nil
 }
--- a/internal/service/ldap_service.go
+++ b/internal/service/ldap_service.go
@@ -19,44 +19,21 @@ type LdapServiceConfig struct {
 	BaseDN       string
 	Insecure     bool
 	SearchFilter string
 	AuthCert     string
 	AuthKey      string
 }
 type LdapService struct {
-	config LdapServiceConfig
+	Config LdapServiceConfig // exported so as the auth service can use it
 	conn   *ldapgo.Conn
 	mutex  sync.RWMutex
 	cert   *tls.Certificate
 }
 func NewLdapService(config LdapServiceConfig) *LdapService {
 	return &LdapService{
-		config: config,
+		Config: config,
 	}
 }
 func (ldap *LdapService) Init() error {
 	// Check whether authentication with client certificate is possible
 	if ldap.config.AuthCert != "" && ldap.config.AuthKey != "" {
 		cert, err := tls.LoadX509KeyPair(ldap.config.AuthCert, ldap.config.AuthKey)
 		if err != nil {
 			return fmt.Errorf("failed to initialize LDAP with mTLS authentication: %w", err)
 		}
 		ldap.cert = &cert
 		log.Info().Msg("Using LDAP with mTLS authentication")
 		// TODO: Add optional extra CA certificates, instead of `InsecureSkipVerify`
 		/*
 			caCert, _ := ioutil.ReadFile(*caFile)
 			caCertPool := x509.NewCertPool()
 			caCertPool.AppendCertsFromPEM(caCert)
 			tlsConfig := &tls.Config{
 						...
 			RootCAs:      caCertPool,
 			}
 		*/
 	}
 	_, err := ldap.connect()
 	if err != nil {
 		return fmt.Errorf("failed to connect to LDAP server: %w", err)
@@ -83,46 +60,31 @@ func (ldap *LdapService) connect() (*ldapgo.Conn, error) {
 	ldap.mutex.Lock()
 	defer ldap.mutex.Unlock()
-	var conn *ldapgo.Conn
+	conn, err := ldapgo.DialURL(ldap.Config.Address, ldapgo.DialWithTLSConfig(&tls.Config{
-	var err error
+		InsecureSkipVerify: ldap.Config.Insecure,
-
+		MinVersion:         tls.VersionTLS12,
-	// TODO: There's also STARTTLS (or SASL)-based mTLS authentication
+	}))
 	// scenario, where we first connect to plain text port (389) and
 	// continue with a STARTTLS negotiation:
 	// 1. conn = ldap.DialURL("ldap://ldap.example.com:389")
 	// 2. conn.StartTLS(tlsConfig)
 	// 3. conn.externalBind()
 	if ldap.cert != nil {
 		conn, err = ldapgo.DialURL(ldap.config.Address, ldapgo.DialWithTLSConfig(&tls.Config{
 			MinVersion:   tls.VersionTLS12,
 			Certificates: []tls.Certificate{*ldap.cert},
 		}))
 	} else {
 		conn, err = ldapgo.DialURL(ldap.config.Address, ldapgo.DialWithTLSConfig(&tls.Config{
 			InsecureSkipVerify: ldap.config.Insecure,
 			MinVersion:         tls.VersionTLS12,
 		}))
 	}
 	if err != nil {
 		return nil, err
 	}
 	err = conn.Bind(ldap.Config.BindDN, ldap.Config.BindPassword)
 	if err != nil {
 		return nil, err
 	}
 	// Set and return the connection
 	ldap.conn = conn
-
+	return conn, nil
 	err = ldap.BindService(false)
 	if err != nil {
 		return nil, err
 	}
 	return ldap.conn, nil
 }
 func (ldap *LdapService) Search(username string) (string, error) {
 	// Escape the username to prevent LDAP injection
 	escapedUsername := ldapgo.EscapeFilter(username)
-	filter := fmt.Sprintf(ldap.config.SearchFilter, escapedUsername)
+	filter := fmt.Sprintf(ldap.Config.SearchFilter, escapedUsername)
 	searchRequest := ldapgo.NewSearchRequest(
-		ldap.config.BaseDN,
+		ldap.Config.BaseDN,
 		ldapgo.ScopeWholeSubtree, ldapgo.NeverDerefAliases, 0, 0, false,
 		filter,
 		[]string{"dn"},
@@ -145,19 +107,6 @@ func (ldap *LdapService) Search(username string) (string, error) {
 	return userDN, nil
 }
 func (ldap *LdapService) BindService(rebind bool) error {
 	// Locks must not be used for initial binding attempt
 	if rebind {
 		ldap.mutex.Lock()
 		defer ldap.mutex.Unlock()
 	}
 	if ldap.cert != nil {
 		return ldap.conn.ExternalBind()
 	}
 	return ldap.conn.Bind(ldap.config.BindDN, ldap.config.BindPassword)
 }
 func (ldap *LdapService) Bind(userDN string, password string) error {
 	ldap.mutex.Lock()
 	defer ldap.mutex.Unlock()
--- a/internal/service/oauth_broker_service.go
+++ b/internal/service/oauth_broker_service.go
@@ -2,8 +2,7 @@ package service
 import (
 	"errors"
-
+	"tinyauth/internal/config"
 	"github.com/steveiliop56/tinyauth/internal/config"
 	"github.com/rs/zerolog/log"
 	"golang.org/x/exp/slices"
--- a/internal/utils/app_utils.go
+++ b/internal/utils/app_utils.go
@@ -5,8 +5,7 @@ import (
 	"net"
 	"net/url"
 	"strings"
-
+	"tinyauth/internal/config"
 	"github.com/steveiliop56/tinyauth/internal/config"
 	"github.com/gin-gonic/gin"
 	"github.com/weppos/publicsuffix-go/publicsuffix"
--- a/internal/utils/app_utils_test.go
+++ b/internal/utils/app_utils_test.go
@@ -2,9 +2,8 @@ package utils_test
 import (
 	"testing"
-
+	"tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/config"
+	"tinyauth/internal/utils"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"github.com/gin-gonic/gin"
 	"gotest.tools/v3/assert"
--- a/internal/utils/decoders/label_decoder_test.go
+++ b/internal/utils/decoders/label_decoder_test.go
@@ -2,9 +2,8 @@ package decoders_test
 import (
 	"testing"
-
+	"tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/config"
+	"tinyauth/internal/utils/decoders"
 	"github.com/steveiliop56/tinyauth/internal/utils/decoders"
 	"gotest.tools/v3/assert"
 )
--- a/internal/utils/label_utils_test.go
+++ b/internal/utils/label_utils_test.go
@@ -2,8 +2,7 @@ package utils_test
 import (
 	"testing"
-
+	"tinyauth/internal/utils"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"gotest.tools/v3/assert"
 )
--- a/internal/utils/loaders/loader_env.go
+++ b/internal/utils/loaders/loader_env.go
@@ -3,8 +3,7 @@ package loaders
 import (
 	"fmt"
 	"os"
-
+	"tinyauth/internal/config"
 	"github.com/steveiliop56/tinyauth/internal/config"
 	"github.com/traefik/paerser/cli"
 	"github.com/traefik/paerser/env"
--- a/internal/utils/loaders/loader_file.go
+++ b/internal/utils/loaders/loader_file.go
@@ -1,35 +0,0 @@
 package loaders
 import (
 	"github.com/rs/zerolog/log"
 	"github.com/traefik/paerser/cli"
 	"github.com/traefik/paerser/file"
 	"github.com/traefik/paerser/flag"
 )
 type FileLoader struct{}
 func (f *FileLoader) Load(args []string, cmd *cli.Command) (bool, error) {
 	flags, err := flag.Parse(args, cmd.Configuration)
 	if err != nil {
 		return false, err
 	}
 	// I guess we are using traefik as the root name
 	configFileFlag := "traefik.experimental.configFile"
 	if _, ok := flags[configFileFlag]; !ok {
 		return false, nil
 	}
 	log.Warn().Msg("Using experimental file config loader, this feature is experimental and may change or be removed in future releases")
 	err = file.Decode(flags[configFileFlag], cmd.Configuration)
 	if err != nil {
 		return false, err
 	}
 	return true, nil
 }
--- a/internal/utils/security_utils_test.go
+++ b/internal/utils/security_utils_test.go
@@ -3,8 +3,7 @@ package utils_test
 import (
 	"os"
 	"testing"
-
+	"tinyauth/internal/utils"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"gotest.tools/v3/assert"
 )
--- a/internal/utils/string_utils_test.go
+++ b/internal/utils/string_utils_test.go
@@ -2,8 +2,7 @@ package utils_test
 import (
 	"testing"
-
+	"tinyauth/internal/utils"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"gotest.tools/v3/assert"
 )
--- a/internal/utils/user_utils.go
+++ b/internal/utils/user_utils.go
@@ -3,18 +3,25 @@ package utils
 import (
 	"errors"
 	"strings"
-
+	"tinyauth/internal/config"
 	"github.com/steveiliop56/tinyauth/internal/config"
 )
-func ParseUsers(usersStr []string) ([]config.User, error) {
+func ParseUsers(users string) ([]config.User, error) {
-	var users []config.User
+	var usersParsed []config.User
-	if len(usersStr) == 0 {
+	users = strings.TrimSpace(users)
 	if users == "" {
 		return []config.User{}, nil
 	}
-	for _, user := range usersStr {
+	userList := strings.Split(users, ",")
 	if len(userList) == 0 {
 		return []config.User{}, errors.New("invalid user format")
 	}
 	for _, user := range userList {
 		if strings.TrimSpace(user) == "" {
 			continue
 		}
@@ -22,71 +29,64 @@ func ParseUsers(usersStr []string) ([]config.User, error) {
 		if err != nil {
 			return []config.User{}, err
 		}
-		users = append(users, parsed)
+		usersParsed = append(usersParsed, parsed)
 	}
-	return users, nil
+	return usersParsed, nil
 }
-func GetUsers(usersCfg []string, usersPath string) ([]config.User, error) {
+func GetUsers(conf string, file string) ([]config.User, error) {
-	var usersStr []string
+	var users string
-	if len(usersCfg) == 0 && usersPath == "" {
+	if conf == "" && file == "" {
 		return []config.User{}, nil
 	}
-	if len(usersCfg) > 0 {
+	if conf != "" {
-		usersStr = append(usersStr, usersCfg...)
+		users += conf
 	}
-	if usersPath != "" {
+	if file != "" {
-		contents, err := ReadFile(usersPath)
+		contents, err := ReadFile(file)
 		if err != nil {
 			return []config.User{}, err
 		}
-
+		if users != "" {
-		lines := strings.SplitSeq(contents, "\n")
+			users += ","
 		for line := range lines {
 			lineTrimmed := strings.TrimSpace(line)
 			if lineTrimmed == "" {
 				continue
 			}
 			usersStr = append(usersStr, lineTrimmed)
 		}
 		users += ParseFileToLine(contents)
 	}
-	return ParseUsers(usersStr)
+	return ParseUsers(users)
 }
-func ParseUser(userStr string) (config.User, error) {
+func ParseUser(user string) (config.User, error) {
-	if strings.Contains(userStr, "$$") {
+	if strings.Contains(user, "$$") {
-		userStr = strings.ReplaceAll(userStr, "$$", "$")
+		user = strings.ReplaceAll(user, "$$", "$")
 	}
-	parts := strings.SplitN(userStr, ":", 4)
+	userSplit := strings.Split(user, ":")
-	if len(parts) < 2 || len(parts) > 3 {
+	if len(userSplit) < 2 || len(userSplit) > 3 {
 		return config.User{}, errors.New("invalid user format")
 	}
-	for i, part := range parts {
+	for _, userPart := range userSplit {
-		trimmed := strings.TrimSpace(part)
+		if strings.TrimSpace(userPart) == "" {
 		if trimmed == "" {
 			return config.User{}, errors.New("invalid user format")
 		}
 		parts[i] = trimmed
 	}
-	user := config.User{
+	if len(userSplit) == 2 {
-		Username: parts[0],
+		return config.User{
-		Password: parts[1],
+			Username: strings.TrimSpace(userSplit[0]),
 			Password: strings.TrimSpace(userSplit[1]),
 		}, nil
 	}
-	if len(parts) == 3 {
+	return config.User{
-		user.TotpSecret = parts[2]
+		Username:   strings.TrimSpace(userSplit[0]),
-	}
+		Password:   strings.TrimSpace(userSplit[1]),
-
+		TotpSecret: strings.TrimSpace(userSplit[2]),
-	return user, nil
+	}, nil
 }
--- a/internal/utils/user_utils_test.go
+++ b/internal/utils/user_utils_test.go
@@ -3,8 +3,7 @@ package utils_test
 import (
 	"os"
 	"testing"
-
+	"tinyauth/internal/utils"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"gotest.tools/v3/assert"
 )
@@ -22,7 +21,7 @@ func TestGetUsers(t *testing.T) {
 	defer os.Remove("/tmp/tinyauth_users_test.txt")
 	// Test file
-	users, err := utils.GetUsers([]string{}, "/tmp/tinyauth_users_test.txt")
+	users, err := utils.GetUsers("", "/tmp/tinyauth_users_test.txt")
 	assert.NilError(t, err)
@@ -34,7 +33,7 @@ func TestGetUsers(t *testing.T) {
 	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[1].Password)
 	// Test config
-	users, err = utils.GetUsers([]string{"user3:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", "user4:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G"}, "")
+	users, err = utils.GetUsers("user3:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G,user4:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", "")
 	assert.NilError(t, err)
@@ -46,7 +45,7 @@ func TestGetUsers(t *testing.T) {
 	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[1].Password)
 	// Test both
-	users, err = utils.GetUsers([]string{"user5:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G"}, "/tmp/tinyauth_users_test.txt")
+	users, err = utils.GetUsers("user5:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", "/tmp/tinyauth_users_test.txt")
 	assert.NilError(t, err)
@@ -60,14 +59,14 @@ func TestGetUsers(t *testing.T) {
 	assert.Equal(t, "$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", users[2].Password)
 	// Test empty
-	users, err = utils.GetUsers([]string{}, "")
+	users, err = utils.GetUsers("", "")
 	assert.NilError(t, err)
 	assert.Equal(t, 0, len(users))
 	// Test non-existent file
-	users, err = utils.GetUsers([]string{}, "/tmp/non_existent_file.txt")
+	users, err = utils.GetUsers("", "/tmp/non_existent_file.txt")
 	assert.ErrorContains(t, err, "no such file or directory")
@@ -76,7 +75,7 @@ func TestGetUsers(t *testing.T) {
 func TestParseUsers(t *testing.T) {
 	// Valid users
-	users, err := utils.ParseUsers([]string{"user1:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G", "user2:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G:ABCDEF"}) // user2 has TOTP
+	users, err := utils.ParseUsers("user1:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G,user2:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G:ABCDEF") // user2 has TOTP
 	assert.NilError(t, err)
@@ -90,7 +89,7 @@ func TestParseUsers(t *testing.T) {
 	assert.Equal(t, "ABCDEF", users[1].TotpSecret)
 	// Valid weirdly spaced users
-	users, err = utils.ParseUsers([]string{"      user1:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G        ", "         user2:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G:ABCDEF                    "}) // Spacing is on purpose
+	users, err = utils.ParseUsers("      user1:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G        ,         user2:$2a$10$Mz5xhkfSJUtPWkzCd/TdaePh9CaXc5QcGII5wIMPLSR46eTwma30G:ABCDEF                    ") // Spacing is on purpose
 	assert.NilError(t, err)
 	assert.Equal(t, 2, len(users))
--- a/1
+++ b/1
--- a/patches/nested_maps.diff
+++ b/patches/nested_maps.diff
@@ -1,95 +0,0 @@
 diff --git a/env/env_test.go b/env/env_test.go
 index 7045569..365dc00 100644
 --- a/env/env_test.go
 +++ b/env/env_test.go
@@ -166,6 +166,38 @@ func TestDecode(t *testing.T) {
 				Foo: &struct{ Field string }{},
 			},
 		},
 +		{
 +			desc:    "map under the root key",
 +			environ: []string{"TRAEFIK_FOO_BAR_FOOBAR_BARFOO=foo"},
 +			element: &struct {
 +				Foo map[string]struct {
 +					Foobar struct {
 +						Barfoo string
 +					}
 +				}
 +			}{},
 +			expected: &struct {
 +				Foo map[string]struct {
 +					Foobar struct {
 +						Barfoo string
 +					}
 +				}
 +			}{
 +				Foo: map[string]struct {
 +					Foobar struct {
 +						Barfoo string
 +					}
 +				}{
 +					"bar": {
 +						Foobar: struct {
 +							Barfoo string
 +						}{
 +							Barfoo: "foo",
 +						},
 +					},
 +				},
 +			},
 +		},
 	}
 	for _, test := range testCases {
 diff --git a/parser/nodes_metadata.go b/parser/nodes_metadata.go
 index 36946c1..0279705 100644
 --- a/parser/nodes_metadata.go
 +++ b/parser/nodes_metadata.go
@@ -75,8 +75,13 @@ func (m metadata) add(rootType reflect.Type, node *Node) error {
 	node.Kind = fType.Kind()
 	node.Tag = field.Tag
 -	if fType.Kind() == reflect.Struct || fType.Kind() == reflect.Pointer && fType.Elem().Kind() == reflect.Struct ||
 -		fType.Kind() == reflect.Map {
 +	if node.Kind == reflect.String && len(node.Children) > 0 {
 +		fType = reflect.TypeOf(struct{}{})
 +		node.Kind = reflect.Struct
 +	}
 +
 +	if node.Kind == reflect.Struct || node.Kind == reflect.Pointer && fType.Elem().Kind() == reflect.Struct ||
 +		node.Kind == reflect.Map {
 		if len(node.Children) == 0 && !(field.Tag.Get(m.TagName) == TagLabelAllowEmpty || field.Tag.Get(m.TagName) == "-") {
 			return fmt.Errorf("%s cannot be a standalone element (type %s)", node.Name, fType)
 		}
@@ -90,11 +95,11 @@ func (m metadata) add(rootType reflect.Type, node *Node) error {
 		return nil
 	}
 -	if fType.Kind() == reflect.Struct || fType.Kind() == reflect.Pointer && fType.Elem().Kind() == reflect.Struct {
 +	if node.Kind == reflect.Struct || node.Kind == reflect.Pointer && fType.Elem().Kind() == reflect.Struct {
 		return m.browseChildren(fType, node)
 	}
 -	if fType.Kind() == reflect.Map {
 +	if node.Kind == reflect.Map {
 		if fType.Elem().Kind() == reflect.Interface {
 			addRawValue(node)
 			return nil
@@ -115,7 +120,7 @@ func (m metadata) add(rootType reflect.Type, node *Node) error {
 		return nil
 	}
 -	if fType.Kind() == reflect.Slice {
 +	if node.Kind == reflect.Slice {
 		if m.AllowSliceAsStruct && field.Tag.Get(TagLabelSliceAsStruct) != "" {
 			return m.browseChildren(fType.Elem(), node)
 		}
@@ -129,7 +134,7 @@ func (m metadata) add(rootType reflect.Type, node *Node) error {
 		return nil
 	}
 -	return fmt.Errorf("invalid node %s: %v", node.Name, fType.Kind())
 +	return fmt.Errorf("invalid node %s: %v", node.Name, node.Kind)
 }
 func (m metadata) findTypedField(rType reflect.Type, node *Node) (reflect.StructField, error) {
--- a/sql/queries.sql
+++ b/sql/queries.sql
@@ -1,43 +0,0 @@
 -- name: CreateSession :one
 INSERT INTO sessions (
    "uuid",
    "username",
    "email",
    "name",
    "provider",
    "totp_pending",
    "oauth_groups",
    "expiry",
    "created_at",
    "oauth_name",
    "oauth_sub"
 ) VALUES (
    ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?
 )
 RETURNING *;
 -- name: GetSession :one
 SELECT * FROM "sessions"
 WHERE "uuid" = ?;
 -- name: DeleteSession :exec
 DELETE FROM "sessions"
 WHERE "uuid" = ?;
 -- name: UpdateSession :one
 UPDATE "sessions" SET
    "username" = ?,
    "email" = ?,
    "name" = ?,
    "provider" = ?,
    "totp_pending" = ?,
    "oauth_groups" = ?,
    "expiry" = ?,
    "oauth_name" = ?,
    "oauth_sub" = ?
 WHERE "uuid" = ?
 RETURNING *;
 -- name: DeleteExpiredSessions :exec
 DELETE FROM "sessions"
 WHERE "expiry" < ?;
--- a/sql/schema.sql
+++ b/sql/schema.sql
@@ -1,13 +0,0 @@
 CREATE TABLE IF NOT EXISTS "sessions" (
    "uuid" TEXT NOT NULL PRIMARY KEY UNIQUE,
    "username" TEXT NOT NULL,
    "email" TEXT NOT NULL,
    "name" TEXT NOT NULL,
    "provider" TEXT NOT NULL,
    "totp_pending" BOOLEAN NOT NULL,
    "oauth_groups" TEXT NULL,
    "expiry" INTEGER NOT NULL,
    "created_at" INTEGER NOT NULL,
    "oauth_name" TEXT NULL,
    "oauth_sub" TEXT NULL
 );
--- a/sqlc.yml
+++ b/sqlc.yml
@@ -1,21 +0,0 @@
 version: "2"
 sql:
  - engine: "sqlite"
    queries: "sql/queries.sql"
    schema: "sql/schema.sql"
    gen:
      go:
        package: "repository"
        out: "internal/repository"
        rename:
          uuid: "UUID"
          oauth_groups: "OAuthGroups"
          oauth_name: "OAuthName"
          oauth_sub: "OAuthSub"
        overrides:
          - column: "sessions.oauth_groups"
            go_type: "string"
          - column: "sessions.oauth_name"
            go_type: "string"
          - column: "sessions.oauth_sub"
            go_type: "string"
Author	SHA1	Message	Date
Stavros	0374370b0c	fix: fix translations not loading	2025-12-17 23:36:01 +02:00
Stavros	7857dba57a	chore: remove unused code	2025-12-17 23:31:24 +02:00
Stavros	3e12721844	refactor: update build	2025-12-17 23:21:15 +02:00
Stavros	9c7a4af295	chore: update example env	2025-12-17 19:42:26 +02:00
Stavros	dba5580a7c	refactor: remove dependency on traefik	2025-12-17 18:30:43 +02:00
Stavros	e4e99f4805	feat: add initial implementation of a traefik like cli	2025-12-17 16:40:54 +02:00
Stavros	3555569a97	chore: add yaml config ref	2025-12-17 15:17:55 +02:00
		`@@ -1 +0,0 @@`
			`ALTER TABLE "sessions" DROP COLUMN "oauth_sub";`
		`@@ -1 +0,0 @@`
			`ALTER TABLE "sessions" ADD COLUMN "oauth_sub" TEXT;`
		`@@ -1 +0,0 @@`
			`ALTER TABLE "sessions" DROP COLUMN "created_at";`
		`@@ -1 +0,0 @@`
			`ALTER TABLE "sessions" ADD COLUMN "created_at" INTEGER NOT NULL DEFAULT 0;`