fix: further coderabbit suggestions

fix: coderabbit suggestions
fix: use correct api path in login mutation
2025-10-29 05:05:42 +00:00 · 2025-08-26 14:49:55 +03:00 · 2025-08-26 14:31:09 +03:00 · 2025-08-26 13:21:36 +03:00 · 2025-08-26 13:17:10 +03:00 · 2025-08-26 12:45:24 +03:00
48 changed files with 856 additions and 1191 deletions
--- a/.env.example
+++ b/.env.example
@@ -1,5 +1,7 @@
 PORT=3000
 ADDRESS=0.0.0.0
 SECRET=app_secret
 SECRET_FILE=app_secret_file
 APP_URL=http://localhost:3000
 USERS=your_user_password_hash
 USERS_FILE=users_file
@@ -28,6 +30,4 @@ APP_TITLE=Tinyauth SSO
 FORGOT_PASSWORD_MESSAGE=Some message about resetting the password
 OAUTH_AUTO_REDIRECT=none
 BACKGROUND_IMAGE=some_image_url
-GENERIC_SKIP_SSL=false
+GENERIC_SKIP_SSL=false
 RESOURCES_DIR=/data/resources
 DATABASE_PATH=/data/tinyauth.db
--- a/4
+++ b/4
@@ -1,5 +1,5 @@
 # Site builder
-FROM oven/bun:1.2.21-alpine AS frontend-builder
+FROM oven/bun:1.2.20-alpine AS frontend-builder
 WORKDIR /frontend
@@ -51,6 +51,4 @@ COPY --from=builder /tinyauth/tinyauth ./
 EXPOSE 3000
 VOLUME ["/data"]
 ENTRYPOINT ["./tinyauth"]
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -28,6 +28,7 @@ var rootCmd = &cobra.Command{
 		}
 		// Check if secrets have a file associated with them
 		conf.Secret = utils.GetSecret(conf.Secret, conf.SecretFile)
 		conf.GithubClientSecret = utils.GetSecret(conf.GithubClientSecret, conf.GithubClientSecretFile)
 		conf.GoogleClientSecret = utils.GetSecret(conf.GoogleClientSecret, conf.GoogleClientSecretFile)
 		conf.GenericClientSecret = utils.GetSecret(conf.GenericClientSecret, conf.GenericClientSecretFile)
@@ -76,6 +77,8 @@ func init() {
 	}{
 		{"port", 3000, "Port to run the server on."},
 		{"address", "0.0.0.0", "Address to bind the server to."},
 		{"secret", "", "Secret to use for the cookie."},
 		{"secret-file", "", "Path to a file containing the secret."},
 		{"app-url", "", "The Tinyauth URL."},
 		{"users", "", "Comma separated list of users in the format username:hash."},
 		{"users-file", "", "Path to a file containing users in the format username:hash."},
@@ -95,6 +98,7 @@ func init() {
 		{"generic-user-url", "", "Generic OAuth user info URL."},
 		{"generic-name", "Generic", "Generic OAuth provider name."},
 		{"generic-skip-ssl", false, "Skip SSL verification for the generic OAuth provider."},
 		{"disable-continue", false, "Disable continue screen and redirect to app directly."},
 		{"oauth-whitelist", "", "Comma separated list of email addresses to whitelist when using OAuth."},
 		{"oauth-auto-redirect", "none", "Auto redirect to the specified OAuth provider if configured. (available providers: github, google, generic)"},
 		{"session-expiry", 86400, "Session (cookie) expiration time in seconds."},
@@ -111,7 +115,6 @@ func init() {
 		{"ldap-insecure", false, "Skip certificate verification for the LDAP server."},
 		{"ldap-search-filter", "(uid=%s)", "LDAP search filter for user lookup."},
 		{"resources-dir", "/data/resources", "Path to a directory containing custom resources (e.g. background image)."},
 		{"database-path", "/data/tinyauth.db", "Path to the Sqlite database file."},
 	}
 	for _, opt := range configOptions {
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@@ -40,7 +40,6 @@ services:
      - ./cmd:/tinyauth/cmd
      - ./main.go:/tinyauth/main.go
      - /var/run/docker.sock:/var/run/docker.sock
      - ./data:/data
    ports:
      - 3000:3000
      - 4000:4000
--- a/docker-compose.example.yml
+++ b/docker-compose.example.yml
@@ -20,10 +20,9 @@ services:
    container_name: tinyauth
    image: ghcr.io/steveiliop56/tinyauth:v3
    environment:
      - SECRET=some-random-32-chars-string
      - APP_URL=https://tinyauth.example.com
      - USERS=user:$$2a$$10$$UdLYoJ5lgPsC0RKqYH/jMua7zIn0g9kPqWmhYayJYLaZQ/FTmH2/u # user:password
    volumes:
      - ./data:/data
    labels:
      traefik.enable: true
      traefik.http.routers.tinyauth.rule: Host(`tinyauth.example.com`)
--- a/frontend/bun.lock
+++ b/frontend/bun.lock
@@ -6,47 +6,48 @@
      "dependencies": {
        "@hookform/resolvers": "^5.2.1",
        "@radix-ui/react-label": "^2.1.7",
-        "@radix-ui/react-select": "^2.2.6",
+        "@radix-ui/react-select": "^2.2.5",
        "@radix-ui/react-separator": "^1.1.7",
        "@radix-ui/react-slot": "^1.2.3",
-        "@tailwindcss/vite": "^4.1.12",
+        "@tailwindcss/vite": "^4.1.11",
-        "@tanstack/react-query": "^5.85.5",
+        "@tanstack/react-query": "^5.84.1",
        "axios": "^1.11.0",
        "class-variance-authority": "^0.7.1",
        "clsx": "^2.1.1",
-        "i18next": "^25.4.2",
+        "dompurify": "^3.2.6",
        "i18next": "^25.3.2",
        "i18next-browser-languagedetector": "^8.2.0",
        "i18next-resources-to-backend": "^1.2.1",
        "input-otp": "^1.4.2",
-        "lucide-react": "^0.541.0",
+        "lucide-react": "^0.539.0",
        "next-themes": "^0.4.6",
        "react": "^19.1.1",
        "react-dom": "^19.1.1",
        "react-hook-form": "^7.62.0",
-        "react-i18next": "^15.7.2",
+        "react-i18next": "^15.6.1",
        "react-markdown": "^10.1.0",
-        "react-router": "^7.8.2",
+        "react-router": "^7.8.0",
        "sonner": "^2.0.7",
        "tailwind-merge": "^3.3.1",
-        "tailwindcss": "^4.1.12",
+        "tailwindcss": "^4.1.11",
-        "zod": "^4.1.3",
+        "zod": "^4.0.15",
      },
      "devDependencies": {
-        "@eslint/js": "^9.34.0",
+        "@eslint/js": "^9.32.0",
        "@tanstack/eslint-plugin-query": "^5.83.1",
-        "@types/node": "^24.3.0",
+        "@types/node": "^24.2.0",
-        "@types/react": "^19.1.11",
+        "@types/react": "^19.1.9",
-        "@types/react-dom": "^19.1.8",
+        "@types/react-dom": "^19.1.7",
-        "@vitejs/plugin-react": "^5.0.1",
+        "@vitejs/plugin-react": "^5.0.0",
-        "eslint": "^9.34.0",
+        "eslint": "^9.32.0",
        "eslint-plugin-react-hooks": "^5.2.0",
        "eslint-plugin-react-refresh": "^0.4.19",
        "globals": "^16.3.0",
        "prettier": "3.6.2",
-        "tw-animate-css": "^1.3.7",
+        "tw-animate-css": "^1.3.6",
        "typescript": "~5.9.2",
-        "typescript-eslint": "^8.41.0",
+        "typescript-eslint": "^8.39.0",
-        "vite": "^7.1.3",
+        "vite": "^7.1.1",
      },
    },
  },
@@ -57,9 +58,9 @@
    "@babel/compat-data": ["@babel/compat-data@7.27.2", "", {}, "sha512-TUtMJYRPyUb/9aU8f3K0mjmjf6M9N5Woshn2CS6nqJSeJtTtQcpLUXjGt9vbF8ZGff0El99sWkLgzwW3VXnxZQ=="],
-    "@babel/core": ["@babel/core@7.28.3", "", { "dependencies": { "@ampproject/remapping": "^2.2.0", "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.3", "@babel/helper-compilation-targets": "^7.27.2", "@babel/helper-module-transforms": "^7.28.3", "@babel/helpers": "^7.28.3", "@babel/parser": "^7.28.3", "@babel/template": "^7.27.2", "@babel/traverse": "^7.28.3", "@babel/types": "^7.28.2", "convert-source-map": "^2.0.0", "debug": "^4.1.0", "gensync": "^1.0.0-beta.2", "json5": "^2.2.3", "semver": "^6.3.1" } }, "sha512-yDBHV9kQNcr2/sUr9jghVyz9C3Y5G2zUM2H2lo+9mKv4sFgbA8s8Z9t8D1jiTkGoO/NoIfKMyKWr4s6CN23ZwQ=="],
+    "@babel/core": ["@babel/core@7.28.0", "", { "dependencies": { "@ampproject/remapping": "^2.2.0", "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.0", "@babel/helper-compilation-targets": "^7.27.2", "@babel/helper-module-transforms": "^7.27.3", "@babel/helpers": "^7.27.6", "@babel/parser": "^7.28.0", "@babel/template": "^7.27.2", "@babel/traverse": "^7.28.0", "@babel/types": "^7.28.0", "convert-source-map": "^2.0.0", "debug": "^4.1.0", "gensync": "^1.0.0-beta.2", "json5": "^2.2.3", "semver": "^6.3.1" } }, "sha512-UlLAnTPrFdNGoFtbSXwcGFQBtQZJCNjaN6hQNP3UPvuNXT1i82N26KL3dZeIpNalWywr9IuQuncaAfUaS1g6sQ=="],
-    "@babel/generator": ["@babel/generator@7.28.3", "", { "dependencies": { "@babel/parser": "^7.28.3", "@babel/types": "^7.28.2", "@jridgewell/gen-mapping": "^0.3.12", "@jridgewell/trace-mapping": "^0.3.28", "jsesc": "^3.0.2" } }, "sha512-3lSpxGgvnmZznmBkCRnVREPUFJv2wrv9iAoFDvADJc0ypmdOxdUtcLeBgBJ6zE0PMeTKnxeQzyk0xTBq4Ep7zw=="],
+    "@babel/generator": ["@babel/generator@7.28.0", "", { "dependencies": { "@babel/parser": "^7.28.0", "@babel/types": "^7.28.0", "@jridgewell/gen-mapping": "^0.3.12", "@jridgewell/trace-mapping": "^0.3.28", "jsesc": "^3.0.2" } }, "sha512-lJjzvrbEeWrhB4P3QBsH7tey117PjLZnDbLiQEKjQ/fNJTjuq4HSqgFA+UNSwZT8D7dxxbnuSBMsa1lrWzKlQg=="],
    "@babel/helper-compilation-targets": ["@babel/helper-compilation-targets@7.27.2", "", { "dependencies": { "@babel/compat-data": "^7.27.2", "@babel/helper-validator-option": "^7.27.1", "browserslist": "^4.24.0", "lru-cache": "^5.1.1", "semver": "^6.3.1" } }, "sha512-2+1thGUUWWjLTYTHZWK1n8Yga0ijBz1XAhUXcKy81rd5g6yh7hGqMp45v7cadSbEHc9G3OTv45SyneRN3ps4DQ=="],
@@ -67,7 +68,7 @@
    "@babel/helper-module-imports": ["@babel/helper-module-imports@7.27.1", "", { "dependencies": { "@babel/traverse": "^7.27.1", "@babel/types": "^7.27.1" } }, "sha512-0gSFWUPNXNopqtIPQvlD5WgXYI5GY2kP2cCvoT8kczjbfcfuIljTbcWrulD1CIPIX2gt1wghbDy08yE1p+/r3w=="],
-    "@babel/helper-module-transforms": ["@babel/helper-module-transforms@7.28.3", "", { "dependencies": { "@babel/helper-module-imports": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1", "@babel/traverse": "^7.28.3" }, "peerDependencies": { "@babel/core": "^7.0.0" } }, "sha512-gytXUbs8k2sXS9PnQptz5o0QnpLL51SwASIORY6XaBKF88nsOT0Zw9szLqlSGQDP/4TljBAD5y98p2U1fqkdsw=="],
+    "@babel/helper-module-transforms": ["@babel/helper-module-transforms@7.27.3", "", { "dependencies": { "@babel/helper-module-imports": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1", "@babel/traverse": "^7.27.3" }, "peerDependencies": { "@babel/core": "^7.0.0" } }, "sha512-dSOvYwvyLsWBeIRyOeHXp5vPj5l1I011r52FM1+r1jCERv+aFXYk4whgQccYEGYxK2H3ZAIA8nuPkQ0HaUo3qg=="],
    "@babel/helper-plugin-utils": ["@babel/helper-plugin-utils@7.27.1", "", {}, "sha512-1gn1Up5YXka3YYAHGKpbideQ5Yjf1tDa9qYcgysz+cNCXukyLl6DjPXhD3VRwSb8c0J9tA4b2+rHEZtc6R0tlw=="],
@@ -77,9 +78,9 @@
    "@babel/helper-validator-option": ["@babel/helper-validator-option@7.27.1", "", {}, "sha512-YvjJow9FxbhFFKDSuFnVCe2WxXk1zWc22fFePVNEaWJEu8IrZVlda6N0uHwzZrUM1il7NC9Mlp4MaJYbYd9JSg=="],
-    "@babel/helpers": ["@babel/helpers@7.28.3", "", { "dependencies": { "@babel/template": "^7.27.2", "@babel/types": "^7.28.2" } }, "sha512-PTNtvUQihsAsDHMOP5pfobP8C6CM4JWXmP8DrEIt46c3r2bf87Ua1zoqevsMo9g+tWDwgWrFP5EIxuBx5RudAw=="],
+    "@babel/helpers": ["@babel/helpers@7.27.6", "", { "dependencies": { "@babel/template": "^7.27.2", "@babel/types": "^7.27.6" } }, "sha512-muE8Tt8M22638HU31A3CgfSUciwz1fhATfoVai05aPXGor//CdWDCbnlY1yvBPo07njuVOCNGCSp/GTt12lIug=="],
-    "@babel/parser": ["@babel/parser@7.28.3", "", { "dependencies": { "@babel/types": "^7.28.2" }, "bin": "./bin/babel-parser.js" }, "sha512-7+Ey1mAgYqFAx2h0RuoxcQT5+MlG3GTV0TQrgr7/ZliKsm/MNDxVVutlWaziMq7wJNAz8MTqz55XLpWvva6StA=="],
+    "@babel/parser": ["@babel/parser@7.28.0", "", { "dependencies": { "@babel/types": "^7.28.0" }, "bin": "./bin/babel-parser.js" }, "sha512-jVZGvOxOuNSsuQuLRTh13nU0AogFlw32w/MT+LV6D3sP5WdbW61E77RnkbaO2dUvmPAYrBDJXGn5gGS6tH4j8g=="],
    "@babel/plugin-transform-react-jsx-self": ["@babel/plugin-transform-react-jsx-self@7.27.1", "", { "dependencies": { "@babel/helper-plugin-utils": "^7.27.1" }, "peerDependencies": { "@babel/core": "^7.0.0-0" } }, "sha512-6UzkCs+ejGdZ5mFFC/OCUrv028ab2fp1znZmCZjAOBKiBK2jXD1O+BPSfX8X2qjJ75fZBMSnQn3Rq2mrBJK2mw=="],
@@ -89,9 +90,9 @@
    "@babel/template": ["@babel/template@7.27.2", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/parser": "^7.27.2", "@babel/types": "^7.27.1" } }, "sha512-LPDZ85aEJyYSd18/DkjNh4/y1ntkE5KwUHWTiqgRxruuZL2F1yuHligVHLvcHY2vMHXttKFpJn6LwfI7cw7ODw=="],
-    "@babel/traverse": ["@babel/traverse@7.28.3", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.3", "@babel/helper-globals": "^7.28.0", "@babel/parser": "^7.28.3", "@babel/template": "^7.27.2", "@babel/types": "^7.28.2", "debug": "^4.3.1" } }, "sha512-7w4kZYHneL3A6NP2nxzHvT3HCZ7puDZZjFMqDpBPECub79sTtSO5CGXDkKrTQq8ksAwfD/XI2MRFX23njdDaIQ=="],
+    "@babel/traverse": ["@babel/traverse@7.28.0", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.0", "@babel/helper-globals": "^7.28.0", "@babel/parser": "^7.28.0", "@babel/template": "^7.27.2", "@babel/types": "^7.28.0", "debug": "^4.3.1" } }, "sha512-mGe7UK5wWyh0bKRfupsUchrQGqvDbZDbKJw+kcRGSmdHVYrv+ltd0pnpDTVpiTqnaBru9iEvA8pz8W46v0Amwg=="],
-    "@babel/types": ["@babel/types@7.28.2", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-ruv7Ae4J5dUYULmeXw1gmb7rYRz57OWCPM57pHojnLq/3Z1CK2lNSLTCVjxVk1F/TZHwOZZrOWi0ur95BbLxNQ=="],
+    "@babel/types": ["@babel/types@7.28.1", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-x0LvFTekgSX+83TI28Y9wYPUfzrnl2aT5+5QLnO6v7mSJYtEEevuDRN0F0uSHRk1G1IWZC43o00Y0xDDrpBGPQ=="],
    "@esbuild/aix-ppc64": ["@esbuild/aix-ppc64@0.25.4", "", { "os": "aix", "cpu": "ppc64" }, "sha512-1VCICWypeQKhVbE9oW/sJaAmjLxhVqacdkvPLEjwlttjfwENRSClS8EjBz0KzRyFSCPDIkuXW34Je/vk7zdB7Q=="],
@@ -149,17 +150,17 @@
    "@eslint/config-array": ["@eslint/config-array@0.21.0", "", { "dependencies": { "@eslint/object-schema": "^2.1.6", "debug": "^4.3.1", "minimatch": "^3.1.2" } }, "sha512-ENIdc4iLu0d93HeYirvKmrzshzofPw6VkZRKQGe9Nv46ZnWUzcF1xV01dcvEg/1wXUR61OmmlSfyeyO7EvjLxQ=="],
-    "@eslint/config-helpers": ["@eslint/config-helpers@0.3.1", "", {}, "sha512-xR93k9WhrDYpXHORXpxVL5oHj3Era7wo6k/Wd8/IsQNnZUTzkGS29lyn3nAT05v6ltUuTFVCCYDEGfy2Or/sPA=="],
+    "@eslint/config-helpers": ["@eslint/config-helpers@0.3.0", "", {}, "sha512-ViuymvFmcJi04qdZeDc2whTHryouGcDlaxPqarTD0ZE10ISpxGUVZGZDx4w01upyIynL3iu6IXH2bS1NhclQMw=="],
-    "@eslint/core": ["@eslint/core@0.15.2", "", { "dependencies": { "@types/json-schema": "^7.0.15" } }, "sha512-78Md3/Rrxh83gCxoUc0EiciuOHsIITzLy53m3d9UyiW8y9Dj2D29FeETqyKA+BRK76tnTp6RXWb3pCay8Oyomg=="],
+    "@eslint/core": ["@eslint/core@0.15.1", "", { "dependencies": { "@types/json-schema": "^7.0.15" } }, "sha512-bkOp+iumZCCbt1K1CmWf0R9pM5yKpDv+ZXtvSyQpudrI9kuFLp+bM2WOPXImuD/ceQuaa8f5pj93Y7zyECIGNA=="],
    "@eslint/eslintrc": ["@eslint/eslintrc@3.3.1", "", { "dependencies": { "ajv": "^6.12.4", "debug": "^4.3.2", "espree": "^10.0.1", "globals": "^14.0.0", "ignore": "^5.2.0", "import-fresh": "^3.2.1", "js-yaml": "^4.1.0", "minimatch": "^3.1.2", "strip-json-comments": "^3.1.1" } }, "sha512-gtF186CXhIl1p4pJNGZw8Yc6RlshoePRvE0X91oPGb3vZ8pM3qOS9W9NGPat9LziaBV7XrJWGylNQXkGcnM3IQ=="],
-    "@eslint/js": ["@eslint/js@9.34.0", "", {}, "sha512-EoyvqQnBNsV1CWaEJ559rxXL4c8V92gxirbawSmVUOWXlsRxxQXl6LmCpdUblgxgSkDIqKnhzba2SjRTI/A5Rw=="],
+    "@eslint/js": ["@eslint/js@9.32.0", "", {}, "sha512-BBpRFZK3eX6uMLKz8WxFOBIFFcGFJ/g8XuwjTHCqHROSIsopI+ddn/d5Cfh36+7+e5edVS8dbSHnBNhrLEX0zg=="],
    "@eslint/object-schema": ["@eslint/object-schema@2.1.6", "", {}, "sha512-RBMg5FRL0I0gs51M/guSAj5/e14VQ4tpZnQNWwuDT66P14I43ItmPfIZRhO9fUVIPOAQXU47atlywZ/czoqFPA=="],
-    "@eslint/plugin-kit": ["@eslint/plugin-kit@0.3.5", "", { "dependencies": { "@eslint/core": "^0.15.2", "levn": "^0.4.1" } }, "sha512-Z5kJ+wU3oA7MMIqVR9tyZRtjYPr4OC004Q4Rw7pgOKUOKkJfZ3O24nz3WYfGRpMDNmcOi3TwQOmgm7B7Tpii0w=="],
+    "@eslint/plugin-kit": ["@eslint/plugin-kit@0.3.4", "", { "dependencies": { "@eslint/core": "^0.15.1", "levn": "^0.4.1" } }, "sha512-Ul5l+lHEcw3L5+k8POx6r74mxEYKG5kOb6Xpy2gCRW6zweT6TEhAf8vhxGgjhqrd/VO/Dirhsb+1hNpD1ue9hw=="],
    "@floating-ui/core": ["@floating-ui/core@1.7.0", "", { "dependencies": { "@floating-ui/utils": "^0.2.9" } }, "sha512-FRdBLykrPPA6P76GGGqlex/e7fbe0F1ykgxHYNXQsH/iTEtjMj/f9bpY5oQqbjt5VgZvgz/uKXbGuROijh3VLA=="],
@@ -183,8 +184,6 @@
    "@jridgewell/gen-mapping": ["@jridgewell/gen-mapping@0.3.8", "", { "dependencies": { "@jridgewell/set-array": "^1.2.1", "@jridgewell/sourcemap-codec": "^1.4.10", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-imAbBGkb+ebQyxKgzv5Hu2nmROxoDOXHh80evxdoXNOrvAnVx7zimzc1Oo5h9RlfV4vPXaE2iM5pOFbvOCClWA=="],
    "@jridgewell/remapping": ["@jridgewell/remapping@2.3.5", "", { "dependencies": { "@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-LI9u/+laYG4Ds1TDKSJW2YPrIlcVYOwi2fUC6xB43lueCjgxV4lffOCZCtYFiH6TNOX+tQKXx97T4IKHbhyHEQ=="],
    "@jridgewell/resolve-uri": ["@jridgewell/resolve-uri@3.1.2", "", {}, "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw=="],
    "@jridgewell/set-array": ["@jridgewell/set-array@1.2.1", "", {}, "sha512-R8gLRTZeyp03ymzP/6Lil/28tGeGEzhx1q2k703KGWRAI1VdvPIXdG70VJc2pAMw3NA6JKL5hhFu1sJX0Mnn/A=="],
@@ -201,7 +200,7 @@
    "@radix-ui/number": ["@radix-ui/number@1.1.1", "", {}, "sha512-MkKCwxlXTgz6CFoJx3pCwn07GKp36+aZyu/u2Ln2VrA5DcdyCZkASEDBTd8x5whTQQL5CiYf4prXKLcgQdv29g=="],
-    "@radix-ui/primitive": ["@radix-ui/primitive@1.1.3", "", {}, "sha512-JTF99U/6XIjCBo0wqkU5sK10glYe27MRRsfwoiq5zzOEZLHU3A3KCMa5X/azekYRCJ0HlwI0crAXS/5dEHTzDg=="],
+    "@radix-ui/primitive": ["@radix-ui/primitive@1.1.2", "", {}, "sha512-XnbHrrprsNqZKQhStrSwgRUQzoCI1glLzdw79xiZPoofhGICeZRSQ3dIxAKH1gb3OHfNf4d6f+vAv3kil2eggA=="],
    "@radix-ui/react-arrow": ["@radix-ui/react-arrow@1.1.7", "", { "dependencies": { "@radix-ui/react-primitive": "2.1.3" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-F+M1tLhO+mlQaOWspE8Wstg+z6PwxwRd8oQ8IXceWz92kfAmalTRf0EjrouQeo7QssEPfCn05B4Ihs1K9WQ/7w=="],
@@ -213,9 +212,9 @@
    "@radix-ui/react-direction": ["@radix-ui/react-direction@1.1.1", "", { "peerDependencies": { "@types/react": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react"] }, "sha512-1UEWRX6jnOA2y4H5WczZ44gOOjTEmlqv1uNW4GAJEO5+bauCBhv8snY65Iw5/VOS/ghKN9gr2KjnLKxrsvoMVw=="],
-    "@radix-ui/react-dismissable-layer": ["@radix-ui/react-dismissable-layer@1.1.11", "", { "dependencies": { "@radix-ui/primitive": "1.1.3", "@radix-ui/react-compose-refs": "1.1.2", "@radix-ui/react-primitive": "2.1.3", "@radix-ui/react-use-callback-ref": "1.1.1", "@radix-ui/react-use-escape-keydown": "1.1.1" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-Nqcp+t5cTB8BinFkZgXiMJniQH0PsUt2k51FUhbdfeKvc4ACcG2uQniY/8+h1Yv6Kza4Q7lD7PQV0z0oicE0Mg=="],
+    "@radix-ui/react-dismissable-layer": ["@radix-ui/react-dismissable-layer@1.1.10", "", { "dependencies": { "@radix-ui/primitive": "1.1.2", "@radix-ui/react-compose-refs": "1.1.2", "@radix-ui/react-primitive": "2.1.3", "@radix-ui/react-use-callback-ref": "1.1.1", "@radix-ui/react-use-escape-keydown": "1.1.1" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-IM1zzRV4W3HtVgftdQiiOmA0AdJlCtMLe00FXaHwgt3rAnNsIyDqshvkIW3hj/iu5hu8ERP7KIYki6NkqDxAwQ=="],
-    "@radix-ui/react-focus-guards": ["@radix-ui/react-focus-guards@1.1.3", "", { "peerDependencies": { "@types/react": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react"] }, "sha512-0rFg/Rj2Q62NCm62jZw0QX7a3sz6QCQU0LpZdNrJX8byRGaGVTqbrW9jAoIAHyMQqsNpeZ81YgSizOt5WXq0Pw=="],
+    "@radix-ui/react-focus-guards": ["@radix-ui/react-focus-guards@1.1.2", "", { "peerDependencies": { "@types/react": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react"] }, "sha512-fyjAACV62oPV925xFCrH8DR5xWhg9KYtJT4s3u54jxp+L/hbpTY2kIeEFFbFe+a/HCE94zGQMZLIpVTPVZDhaA=="],
    "@radix-ui/react-focus-scope": ["@radix-ui/react-focus-scope@1.1.7", "", { "dependencies": { "@radix-ui/react-compose-refs": "1.1.2", "@radix-ui/react-primitive": "2.1.3", "@radix-ui/react-use-callback-ref": "1.1.1" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-t2ODlkXBQyn7jkl6TNaw/MtVEVvIGelJDCG41Okq/KwUsJBwQ4XVZsHAVUkK4mBv3ewiAS3PGuUWuY2BoK4ZUw=="],
@@ -223,13 +222,13 @@
    "@radix-ui/react-label": ["@radix-ui/react-label@2.1.7", "", { "dependencies": { "@radix-ui/react-primitive": "2.1.3" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-YT1GqPSL8kJn20djelMX7/cTRp/Y9w5IZHvfxQTVHrOqa2yMl7i/UfMqKRU5V7mEyKTrUVgJXhNQPVCG8PBLoQ=="],
-    "@radix-ui/react-popper": ["@radix-ui/react-popper@1.2.8", "", { "dependencies": { "@floating-ui/react-dom": "^2.0.0", "@radix-ui/react-arrow": "1.1.7", "@radix-ui/react-compose-refs": "1.1.2", "@radix-ui/react-context": "1.1.2", "@radix-ui/react-primitive": "2.1.3", "@radix-ui/react-use-callback-ref": "1.1.1", "@radix-ui/react-use-layout-effect": "1.1.1", "@radix-ui/react-use-rect": "1.1.1", "@radix-ui/react-use-size": "1.1.1", "@radix-ui/rect": "1.1.1" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-0NJQ4LFFUuWkE7Oxf0htBKS6zLkkjBH+hM1uk7Ng705ReR8m/uelduy1DBo0PyBXPKVnBA6YBlU94MBGXrSBCw=="],
+    "@radix-ui/react-popper": ["@radix-ui/react-popper@1.2.7", "", { "dependencies": { "@floating-ui/react-dom": "^2.0.0", "@radix-ui/react-arrow": "1.1.7", "@radix-ui/react-compose-refs": "1.1.2", "@radix-ui/react-context": "1.1.2", "@radix-ui/react-primitive": "2.1.3", "@radix-ui/react-use-callback-ref": "1.1.1", "@radix-ui/react-use-layout-effect": "1.1.1", "@radix-ui/react-use-rect": "1.1.1", "@radix-ui/react-use-size": "1.1.1", "@radix-ui/rect": "1.1.1" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-IUFAccz1JyKcf/RjB552PlWwxjeCJB8/4KxT7EhBHOJM+mN7LdW+B3kacJXILm32xawcMMjb2i0cIZpo+f9kiQ=="],
    "@radix-ui/react-portal": ["@radix-ui/react-portal@1.1.9", "", { "dependencies": { "@radix-ui/react-primitive": "2.1.3", "@radix-ui/react-use-layout-effect": "1.1.1" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-bpIxvq03if6UNwXZ+HTK71JLh4APvnXntDc6XOX8UVq4XQOVl7lwok0AvIl+b8zgCw3fSaVTZMpAPPagXbKmHQ=="],
    "@radix-ui/react-primitive": ["@radix-ui/react-primitive@2.1.3", "", { "dependencies": { "@radix-ui/react-slot": "1.2.3" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-m9gTwRkhy2lvCPe6QJp4d3G1TYEUHn/FzJUtq9MjH46an1wJU+GdoGC5VLof8RX8Ft/DlpshApkhswDLZzHIcQ=="],
-    "@radix-ui/react-select": ["@radix-ui/react-select@2.2.6", "", { "dependencies": { "@radix-ui/number": "1.1.1", "@radix-ui/primitive": "1.1.3", "@radix-ui/react-collection": "1.1.7", "@radix-ui/react-compose-refs": "1.1.2", "@radix-ui/react-context": "1.1.2", "@radix-ui/react-direction": "1.1.1", "@radix-ui/react-dismissable-layer": "1.1.11", "@radix-ui/react-focus-guards": "1.1.3", "@radix-ui/react-focus-scope": "1.1.7", "@radix-ui/react-id": "1.1.1", "@radix-ui/react-popper": "1.2.8", "@radix-ui/react-portal": "1.1.9", "@radix-ui/react-primitive": "2.1.3", "@radix-ui/react-slot": "1.2.3", "@radix-ui/react-use-callback-ref": "1.1.1", "@radix-ui/react-use-controllable-state": "1.2.2", "@radix-ui/react-use-layout-effect": "1.1.1", "@radix-ui/react-use-previous": "1.1.1", "@radix-ui/react-visually-hidden": "1.2.3", "aria-hidden": "^1.2.4", "react-remove-scroll": "^2.6.3" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-I30RydO+bnn2PQztvo25tswPH+wFBjehVGtmagkU78yMdwTwVf12wnAOF+AeP8S2N8xD+5UPbGhkUfPyvT+mwQ=="],
+    "@radix-ui/react-select": ["@radix-ui/react-select@2.2.5", "", { "dependencies": { "@radix-ui/number": "1.1.1", "@radix-ui/primitive": "1.1.2", "@radix-ui/react-collection": "1.1.7", "@radix-ui/react-compose-refs": "1.1.2", "@radix-ui/react-context": "1.1.2", "@radix-ui/react-direction": "1.1.1", "@radix-ui/react-dismissable-layer": "1.1.10", "@radix-ui/react-focus-guards": "1.1.2", "@radix-ui/react-focus-scope": "1.1.7", "@radix-ui/react-id": "1.1.1", "@radix-ui/react-popper": "1.2.7", "@radix-ui/react-portal": "1.1.9", "@radix-ui/react-primitive": "2.1.3", "@radix-ui/react-slot": "1.2.3", "@radix-ui/react-use-callback-ref": "1.1.1", "@radix-ui/react-use-controllable-state": "1.2.2", "@radix-ui/react-use-layout-effect": "1.1.1", "@radix-ui/react-use-previous": "1.1.1", "@radix-ui/react-visually-hidden": "1.2.3", "aria-hidden": "^1.2.4", "react-remove-scroll": "^2.6.3" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-HnMTdXEVuuyzx63ME0ut4+sEMYW6oouHWNGUZc7ddvUWIcfCva/AMoqEW/3wnEllriMWBa0RHspCYnfCWJQYmA=="],
    "@radix-ui/react-separator": ["@radix-ui/react-separator@1.1.7", "", { "dependencies": { "@radix-ui/react-primitive": "2.1.3" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-0HEb8R9E8A+jZjvmFCy/J4xhbXy3TV+9XSnGJ3KvTtjlIUy/YQ/p6UYZvi7YbeoeXdyU9+Y3scizK6hkY37baA=="],
@@ -255,7 +254,7 @@
    "@radix-ui/rect": ["@radix-ui/rect@1.1.1", "", {}, "sha512-HPwpGIzkl28mWyZqG52jiqDJ12waP11Pa1lGoiyUkIEuMLBP0oeK/C89esbXrxsky5we7dfd8U58nm0SgAWpVw=="],
-    "@rolldown/pluginutils": ["@rolldown/pluginutils@1.0.0-beta.32", "", {}, "sha512-QReCdvxiUZAPkvp1xpAg62IeNzykOFA6syH2CnClif4YmALN1XKpB39XneL80008UbtMShthSVDKmrx05N1q/g=="],
+    "@rolldown/pluginutils": ["@rolldown/pluginutils@1.0.0-beta.30", "", {}, "sha512-whXaSoNUFiyDAjkUF8OBpOm77Szdbk5lGNqFe6CbVbJFrhCCPinCbRA3NjawwlNHla1No7xvXXh+CpSxnPfUEw=="],
    "@rollup/rollup-android-arm-eabi": ["@rollup/rollup-android-arm-eabi@4.46.2", "", { "os": "android", "cpu": "arm" }, "sha512-Zj3Hl6sN34xJtMv7Anwb5Gu01yujyE/cLBDB2gnHTAHaWS1Z38L7kuSG+oAh0giZMqG060f/YBStXtMH6FvPMA=="],
@@ -299,41 +298,41 @@
    "@standard-schema/utils": ["@standard-schema/utils@0.3.0", "", {}, "sha512-e7Mew686owMaPJVNNLs55PUvgz371nKgwsc4vxE49zsODpJEnxgxRo2y/OKrqueavXgZNMDVj3DdHFlaSAeU8g=="],
-    "@tailwindcss/node": ["@tailwindcss/node@4.1.12", "", { "dependencies": { "@jridgewell/remapping": "^2.3.4", "enhanced-resolve": "^5.18.3", "jiti": "^2.5.1", "lightningcss": "1.30.1", "magic-string": "^0.30.17", "source-map-js": "^1.2.1", "tailwindcss": "4.1.12" } }, "sha512-3hm9brwvQkZFe++SBt+oLjo4OLDtkvlE8q2WalaD/7QWaeM7KEJbAiY/LJZUaCs7Xa8aUu4xy3uoyX4q54UVdQ=="],
+    "@tailwindcss/node": ["@tailwindcss/node@4.1.11", "", { "dependencies": { "@ampproject/remapping": "^2.3.0", "enhanced-resolve": "^5.18.1", "jiti": "^2.4.2", "lightningcss": "1.30.1", "magic-string": "^0.30.17", "source-map-js": "^1.2.1", "tailwindcss": "4.1.11" } }, "sha512-yzhzuGRmv5QyU9qLNg4GTlYI6STedBWRE7NjxP45CsFYYq9taI0zJXZBMqIC/c8fViNLhmrbpSFS57EoxUmD6Q=="],
-    "@tailwindcss/oxide": ["@tailwindcss/oxide@4.1.12", "", { "dependencies": { "detect-libc": "^2.0.4", "tar": "^7.4.3" }, "optionalDependencies": { "@tailwindcss/oxide-android-arm64": "4.1.12", "@tailwindcss/oxide-darwin-arm64": "4.1.12", "@tailwindcss/oxide-darwin-x64": "4.1.12", "@tailwindcss/oxide-freebsd-x64": "4.1.12", "@tailwindcss/oxide-linux-arm-gnueabihf": "4.1.12", "@tailwindcss/oxide-linux-arm64-gnu": "4.1.12", "@tailwindcss/oxide-linux-arm64-musl": "4.1.12", "@tailwindcss/oxide-linux-x64-gnu": "4.1.12", "@tailwindcss/oxide-linux-x64-musl": "4.1.12", "@tailwindcss/oxide-wasm32-wasi": "4.1.12", "@tailwindcss/oxide-win32-arm64-msvc": "4.1.12", "@tailwindcss/oxide-win32-x64-msvc": "4.1.12" } }, "sha512-gM5EoKHW/ukmlEtphNwaGx45fGoEmP10v51t9unv55voWh6WrOL19hfuIdo2FjxIaZzw776/BUQg7Pck++cIVw=="],
+    "@tailwindcss/oxide": ["@tailwindcss/oxide@4.1.11", "", { "dependencies": { "detect-libc": "^2.0.4", "tar": "^7.4.3" }, "optionalDependencies": { "@tailwindcss/oxide-android-arm64": "4.1.11", "@tailwindcss/oxide-darwin-arm64": "4.1.11", "@tailwindcss/oxide-darwin-x64": "4.1.11", "@tailwindcss/oxide-freebsd-x64": "4.1.11", "@tailwindcss/oxide-linux-arm-gnueabihf": "4.1.11", "@tailwindcss/oxide-linux-arm64-gnu": "4.1.11", "@tailwindcss/oxide-linux-arm64-musl": "4.1.11", "@tailwindcss/oxide-linux-x64-gnu": "4.1.11", "@tailwindcss/oxide-linux-x64-musl": "4.1.11", "@tailwindcss/oxide-wasm32-wasi": "4.1.11", "@tailwindcss/oxide-win32-arm64-msvc": "4.1.11", "@tailwindcss/oxide-win32-x64-msvc": "4.1.11" } }, "sha512-Q69XzrtAhuyfHo+5/HMgr1lAiPP/G40OMFAnws7xcFEYqcypZmdW8eGXaOUIeOl1dzPJBPENXgbjsOyhg2nkrg=="],
-    "@tailwindcss/oxide-android-arm64": ["@tailwindcss/oxide-android-arm64@4.1.12", "", { "os": "android", "cpu": "arm64" }, "sha512-oNY5pq+1gc4T6QVTsZKwZaGpBb2N1H1fsc1GD4o7yinFySqIuRZ2E4NvGasWc6PhYJwGK2+5YT1f9Tp80zUQZQ=="],
+    "@tailwindcss/oxide-android-arm64": ["@tailwindcss/oxide-android-arm64@4.1.11", "", { "os": "android", "cpu": "arm64" }, "sha512-3IfFuATVRUMZZprEIx9OGDjG3Ou3jG4xQzNTvjDoKmU9JdmoCohQJ83MYd0GPnQIu89YoJqvMM0G3uqLRFtetg=="],
-    "@tailwindcss/oxide-darwin-arm64": ["@tailwindcss/oxide-darwin-arm64@4.1.12", "", { "os": "darwin", "cpu": "arm64" }, "sha512-cq1qmq2HEtDV9HvZlTtrj671mCdGB93bVY6J29mwCyaMYCP/JaUBXxrQQQm7Qn33AXXASPUb2HFZlWiiHWFytw=="],
+    "@tailwindcss/oxide-darwin-arm64": ["@tailwindcss/oxide-darwin-arm64@4.1.11", "", { "os": "darwin", "cpu": "arm64" }, "sha512-ESgStEOEsyg8J5YcMb1xl8WFOXfeBmrhAwGsFxxB2CxY9evy63+AtpbDLAyRkJnxLy2WsD1qF13E97uQyP1lfQ=="],
-    "@tailwindcss/oxide-darwin-x64": ["@tailwindcss/oxide-darwin-x64@4.1.12", "", { "os": "darwin", "cpu": "x64" }, "sha512-6UCsIeFUcBfpangqlXay9Ffty9XhFH1QuUFn0WV83W8lGdX8cD5/+2ONLluALJD5+yJ7k8mVtwy3zMZmzEfbLg=="],
+    "@tailwindcss/oxide-darwin-x64": ["@tailwindcss/oxide-darwin-x64@4.1.11", "", { "os": "darwin", "cpu": "x64" }, "sha512-EgnK8kRchgmgzG6jE10UQNaH9Mwi2n+yw1jWmof9Vyg2lpKNX2ioe7CJdf9M5f8V9uaQxInenZkOxnTVL3fhAw=="],
-    "@tailwindcss/oxide-freebsd-x64": ["@tailwindcss/oxide-freebsd-x64@4.1.12", "", { "os": "freebsd", "cpu": "x64" }, "sha512-JOH/f7j6+nYXIrHobRYCtoArJdMJh5zy5lr0FV0Qu47MID/vqJAY3r/OElPzx1C/wdT1uS7cPq+xdYYelny1ww=="],
+    "@tailwindcss/oxide-freebsd-x64": ["@tailwindcss/oxide-freebsd-x64@4.1.11", "", { "os": "freebsd", "cpu": "x64" }, "sha512-xdqKtbpHs7pQhIKmqVpxStnY1skuNh4CtbcyOHeX1YBE0hArj2romsFGb6yUmzkq/6M24nkxDqU8GYrKrz+UcA=="],
-    "@tailwindcss/oxide-linux-arm-gnueabihf": ["@tailwindcss/oxide-linux-arm-gnueabihf@4.1.12", "", { "os": "linux", "cpu": "arm" }, "sha512-v4Ghvi9AU1SYgGr3/j38PD8PEe6bRfTnNSUE3YCMIRrrNigCFtHZ2TCm8142X8fcSqHBZBceDx+JlFJEfNg5zQ=="],
+    "@tailwindcss/oxide-linux-arm-gnueabihf": ["@tailwindcss/oxide-linux-arm-gnueabihf@4.1.11", "", { "os": "linux", "cpu": "arm" }, "sha512-ryHQK2eyDYYMwB5wZL46uoxz2zzDZsFBwfjssgB7pzytAeCCa6glsiJGjhTEddq/4OsIjsLNMAiMlHNYnkEEeg=="],
-    "@tailwindcss/oxide-linux-arm64-gnu": ["@tailwindcss/oxide-linux-arm64-gnu@4.1.12", "", { "os": "linux", "cpu": "arm64" }, "sha512-YP5s1LmetL9UsvVAKusHSyPlzSRqYyRB0f+Kl/xcYQSPLEw/BvGfxzbH+ihUciePDjiXwHh+p+qbSP3SlJw+6g=="],
+    "@tailwindcss/oxide-linux-arm64-gnu": ["@tailwindcss/oxide-linux-arm64-gnu@4.1.11", "", { "os": "linux", "cpu": "arm64" }, "sha512-mYwqheq4BXF83j/w75ewkPJmPZIqqP1nhoghS9D57CLjsh3Nfq0m4ftTotRYtGnZd3eCztgbSPJ9QhfC91gDZQ=="],
-    "@tailwindcss/oxide-linux-arm64-musl": ["@tailwindcss/oxide-linux-arm64-musl@4.1.12", "", { "os": "linux", "cpu": "arm64" }, "sha512-V8pAM3s8gsrXcCv6kCHSuwyb/gPsd863iT+v1PGXC4fSL/OJqsKhfK//v8P+w9ThKIoqNbEnsZqNy+WDnwQqCA=="],
+    "@tailwindcss/oxide-linux-arm64-musl": ["@tailwindcss/oxide-linux-arm64-musl@4.1.11", "", { "os": "linux", "cpu": "arm64" }, "sha512-m/NVRFNGlEHJrNVk3O6I9ggVuNjXHIPoD6bqay/pubtYC9QIdAMpS+cswZQPBLvVvEF6GtSNONbDkZrjWZXYNQ=="],
-    "@tailwindcss/oxide-linux-x64-gnu": ["@tailwindcss/oxide-linux-x64-gnu@4.1.12", "", { "os": "linux", "cpu": "x64" }, "sha512-xYfqYLjvm2UQ3TZggTGrwxjYaLB62b1Wiysw/YE3Yqbh86sOMoTn0feF98PonP7LtjsWOWcXEbGqDL7zv0uW8Q=="],
+    "@tailwindcss/oxide-linux-x64-gnu": ["@tailwindcss/oxide-linux-x64-gnu@4.1.11", "", { "os": "linux", "cpu": "x64" }, "sha512-YW6sblI7xukSD2TdbbaeQVDysIm/UPJtObHJHKxDEcW2exAtY47j52f8jZXkqE1krdnkhCMGqP3dbniu1Te2Fg=="],
-    "@tailwindcss/oxide-linux-x64-musl": ["@tailwindcss/oxide-linux-x64-musl@4.1.12", "", { "os": "linux", "cpu": "x64" }, "sha512-ha0pHPamN+fWZY7GCzz5rKunlv9L5R8kdh+YNvP5awe3LtuXb5nRi/H27GeL2U+TdhDOptU7T6Is7mdwh5Ar3A=="],
+    "@tailwindcss/oxide-linux-x64-musl": ["@tailwindcss/oxide-linux-x64-musl@4.1.11", "", { "os": "linux", "cpu": "x64" }, "sha512-e3C/RRhGunWYNC3aSF7exsQkdXzQ/M+aYuZHKnw4U7KQwTJotnWsGOIVih0s2qQzmEzOFIJ3+xt7iq67K/p56Q=="],
-    "@tailwindcss/oxide-wasm32-wasi": ["@tailwindcss/oxide-wasm32-wasi@4.1.12", "", { "dependencies": { "@emnapi/core": "^1.4.5", "@emnapi/runtime": "^1.4.5", "@emnapi/wasi-threads": "^1.0.4", "@napi-rs/wasm-runtime": "^0.2.12", "@tybys/wasm-util": "^0.10.0", "tslib": "^2.8.0" }, "cpu": "none" }, "sha512-4tSyu3dW+ktzdEpuk6g49KdEangu3eCYoqPhWNsZgUhyegEda3M9rG0/j1GV/JjVVsj+lG7jWAyrTlLzd/WEBg=="],
+    "@tailwindcss/oxide-wasm32-wasi": ["@tailwindcss/oxide-wasm32-wasi@4.1.11", "", { "dependencies": { "@emnapi/core": "^1.4.3", "@emnapi/runtime": "^1.4.3", "@emnapi/wasi-threads": "^1.0.2", "@napi-rs/wasm-runtime": "^0.2.11", "@tybys/wasm-util": "^0.9.0", "tslib": "^2.8.0" }, "cpu": "none" }, "sha512-Xo1+/GU0JEN/C/dvcammKHzeM6NqKovG+6921MR6oadee5XPBaKOumrJCXvopJ/Qb5TH7LX/UAywbqrP4lax0g=="],
-    "@tailwindcss/oxide-win32-arm64-msvc": ["@tailwindcss/oxide-win32-arm64-msvc@4.1.12", "", { "os": "win32", "cpu": "arm64" }, "sha512-iGLyD/cVP724+FGtMWslhcFyg4xyYyM+5F4hGvKA7eifPkXHRAUDFaimu53fpNg9X8dfP75pXx/zFt/jlNF+lg=="],
+    "@tailwindcss/oxide-win32-arm64-msvc": ["@tailwindcss/oxide-win32-arm64-msvc@4.1.11", "", { "os": "win32", "cpu": "arm64" }, "sha512-UgKYx5PwEKrac3GPNPf6HVMNhUIGuUh4wlDFR2jYYdkX6pL/rn73zTq/4pzUm8fOjAn5L8zDeHp9iXmUGOXZ+w=="],
-    "@tailwindcss/oxide-win32-x64-msvc": ["@tailwindcss/oxide-win32-x64-msvc@4.1.12", "", { "os": "win32", "cpu": "x64" }, "sha512-NKIh5rzw6CpEodv/++r0hGLlfgT/gFN+5WNdZtvh6wpU2BpGNgdjvj6H2oFc8nCM839QM1YOhjpgbAONUb4IxA=="],
+    "@tailwindcss/oxide-win32-x64-msvc": ["@tailwindcss/oxide-win32-x64-msvc@4.1.11", "", { "os": "win32", "cpu": "x64" }, "sha512-YfHoggn1j0LK7wR82TOucWc5LDCguHnoS879idHekmmiR7g9HUtMw9MI0NHatS28u/Xlkfi9w5RJWgz2Dl+5Qg=="],
-    "@tailwindcss/vite": ["@tailwindcss/vite@4.1.12", "", { "dependencies": { "@tailwindcss/node": "4.1.12", "@tailwindcss/oxide": "4.1.12", "tailwindcss": "4.1.12" }, "peerDependencies": { "vite": "^5.2.0 || ^6 || ^7" } }, "sha512-4pt0AMFDx7gzIrAOIYgYP0KCBuKWqyW8ayrdiLEjoJTT4pKTjrzG/e4uzWtTLDziC+66R9wbUqZBccJalSE5vQ=="],
+    "@tailwindcss/vite": ["@tailwindcss/vite@4.1.11", "", { "dependencies": { "@tailwindcss/node": "4.1.11", "@tailwindcss/oxide": "4.1.11", "tailwindcss": "4.1.11" }, "peerDependencies": { "vite": "^5.2.0 || ^6 || ^7" } }, "sha512-RHYhrR3hku0MJFRV+fN2gNbDNEh3dwKvY8XJvTxCSXeMOsCRSr+uKvDWQcbizrHgjML6ZmTE5OwMrl5wKcujCw=="],
    "@tanstack/eslint-plugin-query": ["@tanstack/eslint-plugin-query@5.83.1", "", { "dependencies": { "@typescript-eslint/utils": "^8.37.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0" } }, "sha512-tdkpPFfzkTksN9BIlT/qjixSAtKrsW6PUVRwdKWaOcag7DrD1vpki3UzzdfMQGDRGeg1Ue1Dg+rcl5FJGembNg=="],
-    "@tanstack/query-core": ["@tanstack/query-core@5.85.5", "", {}, "sha512-KO0WTob4JEApv69iYp1eGvfMSUkgw//IpMnq+//cORBzXf0smyRwPLrUvEe5qtAEGjwZTXrjxg+oJNP/C00t6w=="],
+    "@tanstack/query-core": ["@tanstack/query-core@5.83.1", "", {}, "sha512-OG69LQgT7jSp+5pPuCfzltq/+7l2xoweggjme9vlbCPa/d7D7zaqv5vN/S82SzSYZ4EDLTxNO1PWrv49RAS64Q=="],
-    "@tanstack/react-query": ["@tanstack/react-query@5.85.5", "", { "dependencies": { "@tanstack/query-core": "5.85.5" }, "peerDependencies": { "react": "^18 || ^19" } }, "sha512-/X4EFNcnPiSs8wM2v+b6DqS5mmGeuJQvxBglmDxl6ZQb5V26ouD2SJYAcC3VjbNwqhY2zjxVD15rDA5nGbMn3A=="],
+    "@tanstack/react-query": ["@tanstack/react-query@5.84.1", "", { "dependencies": { "@tanstack/query-core": "5.83.1" }, "peerDependencies": { "react": "^18 || ^19" } }, "sha512-zo7EUygcWJMQfFNWDSG7CBhy8irje/XY0RDVKKV4IQJAysb+ZJkkJPcnQi+KboyGUgT+SQebRFoTqLuTtfoDLw=="],
    "@types/babel__core": ["@types/babel__core@7.20.5", "", { "dependencies": { "@babel/parser": "^7.20.7", "@babel/types": "^7.20.7", "@types/babel__generator": "*", "@types/babel__template": "*", "@types/babel__traverse": "*" } }, "sha512-qoQprZvz5wQFJwMDqeseRXWv3rqMvhgpbXFfVyWhbx9X47POIA6i/+dXefEmZKoAgOaTdaIgNSMqMIU61yRyzA=="],
@@ -345,7 +344,7 @@
    "@types/debug": ["@types/debug@4.1.12", "", { "dependencies": { "@types/ms": "*" } }, "sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ=="],
-    "@types/estree": ["@types/estree@1.0.8", "", {}, "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w=="],
+    "@types/estree": ["@types/estree@1.0.7", "", {}, "sha512-w28IoSUCJpidD/TGviZwwMJckNESJZXFu7NBZ5YJ4mEUnNraUn9Pm8HSZm/jDF1pDWYKspWE7oVphigUPRakIQ=="],
    "@types/estree-jsx": ["@types/estree-jsx@1.0.5", "", { "dependencies": { "@types/estree": "*" } }, "sha512-52CcUVNFyfb1A2ALocQw/Dd1BQFNmSdkuC3BkZ6iqhdMfQz7JWOFRuJFloOzjk+6WijU56m9oKXFAXc7o3Towg=="],
@@ -357,37 +356,39 @@
    "@types/ms": ["@types/ms@2.1.0", "", {}, "sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA=="],
-    "@types/node": ["@types/node@24.3.0", "", { "dependencies": { "undici-types": "~7.10.0" } }, "sha512-aPTXCrfwnDLj4VvXrm+UUCQjNEvJgNA8s5F1cvwQU+3KNltTOkBm1j30uNLyqqPNe7gE3KFzImYoZEfLhp4Yow=="],
+    "@types/node": ["@types/node@24.2.0", "", { "dependencies": { "undici-types": "~7.10.0" } }, "sha512-3xyG3pMCq3oYCNg7/ZP+E1ooTaGB4cG8JWRsqqOYQdbWNY4zbaV0Ennrd7stjiJEFZCaybcIgpTjJWHRfBSIDw=="],
-    "@types/react": ["@types/react@19.1.11", "", { "dependencies": { "csstype": "^3.0.2" } }, "sha512-lr3jdBw/BGj49Eps7EvqlUaoeA0xpj3pc0RoJkHpYaCHkVK7i28dKyImLQb3JVlqs3aYSXf7qYuWOW/fgZnTXQ=="],
+    "@types/react": ["@types/react@19.1.9", "", { "dependencies": { "csstype": "^3.0.2" } }, "sha512-WmdoynAX8Stew/36uTSVMcLJJ1KRh6L3IZRx1PZ7qJtBqT3dYTgyDTx8H1qoRghErydW7xw9mSJ3wS//tCRpFA=="],
-    "@types/react-dom": ["@types/react-dom@19.1.8", "", { "peerDependencies": { "@types/react": "^19.0.0" } }, "sha512-xG7xaBMJCpcK0RpN8jDbAACQo54ycO6h4dSSmgv8+fu6ZIAdANkx/WsawASUjVXYfy+J9AbUpRMNNEsXCDfDBQ=="],
+    "@types/react-dom": ["@types/react-dom@19.1.7", "", { "peerDependencies": { "@types/react": "^19.0.0" } }, "sha512-i5ZzwYpqjmrKenzkoLM2Ibzt6mAsM7pxB6BCIouEVVmgiqaMj1TjaK7hnA36hbW5aZv20kx7Lw6hWzPWg0Rurw=="],
    "@types/trusted-types": ["@types/trusted-types@2.0.7", "", {}, "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw=="],
    "@types/unist": ["@types/unist@3.0.3", "", {}, "sha512-ko/gIFJRv177XgZsZcBwnqJN5x/Gien8qNOn0D5bQU/zAzVf9Zt3BlcUiLqhV9y4ARk0GbT3tnUiPNgnTXzc/Q=="],
-    "@typescript-eslint/eslint-plugin": ["@typescript-eslint/eslint-plugin@8.41.0", "", { "dependencies": { "@eslint-community/regexpp": "^4.10.0", "@typescript-eslint/scope-manager": "8.41.0", "@typescript-eslint/type-utils": "8.41.0", "@typescript-eslint/utils": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0", "graphemer": "^1.4.0", "ignore": "^7.0.0", "natural-compare": "^1.4.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "@typescript-eslint/parser": "^8.41.0", "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-8fz6oa6wEKZrhXWro/S3n2eRJqlRcIa6SlDh59FXJ5Wp5XRZ8B9ixpJDcjadHq47hMx0u+HW6SNa6LjJQ6NLtw=="],
+    "@typescript-eslint/eslint-plugin": ["@typescript-eslint/eslint-plugin@8.39.0", "", { "dependencies": { "@eslint-community/regexpp": "^4.10.0", "@typescript-eslint/scope-manager": "8.39.0", "@typescript-eslint/type-utils": "8.39.0", "@typescript-eslint/utils": "8.39.0", "@typescript-eslint/visitor-keys": "8.39.0", "graphemer": "^1.4.0", "ignore": "^7.0.0", "natural-compare": "^1.4.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "@typescript-eslint/parser": "^8.39.0", "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-bhEz6OZeUR+O/6yx9Jk6ohX6H9JSFTaiY0v9/PuKT3oGK0rn0jNplLmyFUGV+a9gfYnVNwGDwS/UkLIuXNb2Rw=="],
-    "@typescript-eslint/parser": ["@typescript-eslint/parser@8.41.0", "", { "dependencies": { "@typescript-eslint/scope-manager": "8.41.0", "@typescript-eslint/types": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0", "debug": "^4.3.4" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-gTtSdWX9xiMPA/7MV9STjJOOYtWwIJIYxkQxnSV1U3xcE+mnJSH3f6zI0RYP+ew66WSlZ5ed+h0VCxsvdC1jJg=="],
+    "@typescript-eslint/parser": ["@typescript-eslint/parser@8.39.0", "", { "dependencies": { "@typescript-eslint/scope-manager": "8.39.0", "@typescript-eslint/types": "8.39.0", "@typescript-eslint/typescript-estree": "8.39.0", "@typescript-eslint/visitor-keys": "8.39.0", "debug": "^4.3.4" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-g3WpVQHngx0aLXn6kfIYCZxM6rRJlWzEkVpqEFLT3SgEDsp9cpCbxxgwnE504q4H+ruSDh/VGS6nqZIDynP+vg=="],
-    "@typescript-eslint/project-service": ["@typescript-eslint/project-service@8.41.0", "", { "dependencies": { "@typescript-eslint/tsconfig-utils": "^8.41.0", "@typescript-eslint/types": "^8.41.0", "debug": "^4.3.4" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-b8V9SdGBQzQdjJ/IO3eDifGpDBJfvrNTp2QD9P2BeqWTGrRibgfgIlBSw6z3b6R7dPzg752tOs4u/7yCLxksSQ=="],
+    "@typescript-eslint/project-service": ["@typescript-eslint/project-service@8.39.0", "", { "dependencies": { "@typescript-eslint/tsconfig-utils": "^8.39.0", "@typescript-eslint/types": "^8.39.0", "debug": "^4.3.4" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-CTzJqaSq30V/Z2Og9jogzZt8lJRR5TKlAdXmWgdu4hgcC9Kww5flQ+xFvMxIBWVNdxJO7OifgdOK4PokMIWPew=="],
    "@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.38.0", "", { "dependencies": { "@typescript-eslint/types": "8.38.0", "@typescript-eslint/visitor-keys": "8.38.0" } }, "sha512-WJw3AVlFFcdT9Ri1xs/lg8LwDqgekWXWhH3iAF+1ZM+QPd7oxQ6jvtW/JPwzAScxitILUIFs0/AnQ/UWHzbATQ=="],
-    "@typescript-eslint/tsconfig-utils": ["@typescript-eslint/tsconfig-utils@8.41.0", "", { "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-TDhxYFPUYRFxFhuU5hTIJk+auzM/wKvWgoNYOPcOf6i4ReYlOoYN8q1dV5kOTjNQNJgzWN3TUUQMtlLOcUgdUw=="],
+    "@typescript-eslint/tsconfig-utils": ["@typescript-eslint/tsconfig-utils@8.39.0", "", { "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-Fd3/QjmFV2sKmvv3Mrj8r6N8CryYiCS8Wdb/6/rgOXAWGcFuc+VkQuG28uk/4kVNVZBQuuDHEDUpo/pQ32zsIQ=="],
-    "@typescript-eslint/type-utils": ["@typescript-eslint/type-utils@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0", "@typescript-eslint/utils": "8.41.0", "debug": "^4.3.4", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-63qt1h91vg3KsjVVonFJWjgSK7pZHSQFKH6uwqxAH9bBrsyRhO6ONoKyXxyVBzG1lJnFAJcKAcxLS54N1ee1OQ=="],
+    "@typescript-eslint/type-utils": ["@typescript-eslint/type-utils@8.39.0", "", { "dependencies": { "@typescript-eslint/types": "8.39.0", "@typescript-eslint/typescript-estree": "8.39.0", "@typescript-eslint/utils": "8.39.0", "debug": "^4.3.4", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-6B3z0c1DXVT2vYA9+z9axjtc09rqKUPRmijD5m9iv8iQpHBRYRMBcgxSiKTZKm6FwWw1/cI4v6em35OsKCiN5Q=="],
    "@typescript-eslint/types": ["@typescript-eslint/types@8.38.0", "", {}, "sha512-wzkUfX3plUqij4YwWaJyqhiPE5UCRVlFpKn1oCRn2O1bJ592XxWJj8ROQ3JD5MYXLORW84063z3tZTb/cs4Tyw=="],
-    "@typescript-eslint/typescript-estree": ["@typescript-eslint/typescript-estree@8.41.0", "", { "dependencies": { "@typescript-eslint/project-service": "8.41.0", "@typescript-eslint/tsconfig-utils": "8.41.0", "@typescript-eslint/types": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-D43UwUYJmGhuwHfY7MtNKRZMmfd8+p/eNSfFe6tH5mbVDto+VQCayeAt35rOx3Cs6wxD16DQtIKw/YXxt5E0UQ=="],
+    "@typescript-eslint/typescript-estree": ["@typescript-eslint/typescript-estree@8.39.0", "", { "dependencies": { "@typescript-eslint/project-service": "8.39.0", "@typescript-eslint/tsconfig-utils": "8.39.0", "@typescript-eslint/types": "8.39.0", "@typescript-eslint/visitor-keys": "8.39.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-ndWdiflRMvfIgQRpckQQLiB5qAKQ7w++V4LlCHwp62eym1HLB/kw7D9f2e8ytONls/jt89TEasgvb+VwnRprsw=="],
    "@typescript-eslint/utils": ["@typescript-eslint/utils@8.38.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.38.0", "@typescript-eslint/types": "8.38.0", "@typescript-eslint/typescript-estree": "8.38.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <5.9.0" } }, "sha512-hHcMA86Hgt+ijJlrD8fX0j1j8w4C92zue/8LOPAFioIno+W0+L7KqE8QZKCcPGc/92Vs9x36w/4MPTJhqXdyvg=="],
-    "@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-+GeGMebMCy0elMNg67LRNoVnUFPIm37iu5CmHESVx56/9Jsfdpsvbv605DQ81Pi/x11IdKUsS5nzgTYbCQU9fg=="],
+    "@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.39.0", "", { "dependencies": { "@typescript-eslint/types": "8.39.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-ldgiJ+VAhQCfIjeOgu8Kj5nSxds0ktPOSO9p4+0VDH2R2pLvQraaM5Oen2d7NxzMCm+Sn/vJT+mv2H5u6b/3fA=="],
    "@ungap/structured-clone": ["@ungap/structured-clone@1.3.0", "", {}, "sha512-WmoN8qaIAo7WTYWbAZuG8PYEhn5fkz7dZrqTBZ7dtt//lL2Gwms1IcnQ5yHqjDfX8Ft5j4YzDM23f87zBfDe9g=="],
-    "@vitejs/plugin-react": ["@vitejs/plugin-react@5.0.1", "", { "dependencies": { "@babel/core": "^7.28.3", "@babel/plugin-transform-react-jsx-self": "^7.27.1", "@babel/plugin-transform-react-jsx-source": "^7.27.1", "@rolldown/pluginutils": "1.0.0-beta.32", "@types/babel__core": "^7.20.5", "react-refresh": "^0.17.0" }, "peerDependencies": { "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0" } }, "sha512-DE4UNaBXwtVoDJ0ccBdLVjFTWL70NRuWNCxEieTI3lrq9ORB9aOCQEKstwDXBl87NvFdbqh/p7eINGyj0BthJA=="],
+    "@vitejs/plugin-react": ["@vitejs/plugin-react@5.0.0", "", { "dependencies": { "@babel/core": "^7.28.0", "@babel/plugin-transform-react-jsx-self": "^7.27.1", "@babel/plugin-transform-react-jsx-source": "^7.27.1", "@rolldown/pluginutils": "1.0.0-beta.30", "@types/babel__core": "^7.20.5", "react-refresh": "^0.17.0" }, "peerDependencies": { "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0" } }, "sha512-Jx9JfsTa05bYkS9xo0hkofp2dCmp1blrKjw9JONs5BTHOvJCgLbaPSuZLGSVJW6u2qe0tc4eevY0+gSNNi0YCw=="],
    "acorn": ["acorn@8.15.0", "", { "bin": { "acorn": "bin/acorn" } }, "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg=="],
@@ -473,11 +474,13 @@
    "devlop": ["devlop@1.1.0", "", { "dependencies": { "dequal": "^2.0.0" } }, "sha512-RWmIqhcFf1lRYBvNmr7qTNuyCt/7/ns2jbpp1+PalgE/rDQcBT0fioSMUpJ93irlUhC5hrg4cYqe6U+0ImW0rA=="],
    "dompurify": ["dompurify@3.2.6", "", { "optionalDependencies": { "@types/trusted-types": "^2.0.7" } }, "sha512-/2GogDQlohXPZe6D6NOgQvXLPSYBqIWMnZ8zzOhn09REE4eyAzb+Hed3jhoM9OkuaJ8P6ZGTTVWQKAi8ieIzfQ=="],
    "dunder-proto": ["dunder-proto@1.0.1", "", { "dependencies": { "call-bind-apply-helpers": "^1.0.1", "es-errors": "^1.3.0", "gopd": "^1.2.0" } }, "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A=="],
    "electron-to-chromium": ["electron-to-chromium@1.5.151", "", {}, "sha512-Rl6uugut2l9sLojjS4H4SAr3A4IgACMLgpuEMPYCVcKydzfyPrn5absNRju38IhQOf/NwjJY8OGWjlteqYeBCA=="],
-    "enhanced-resolve": ["enhanced-resolve@5.18.3", "", { "dependencies": { "graceful-fs": "^4.2.4", "tapable": "^2.2.0" } }, "sha512-d4lC8xfavMeBjzGr2vECC3fsGXziXZQyJxD868h2M/mBI3PwAuODxAkLkq5HYuvrPYcUtiLzsTo8U3PgX3Ocww=="],
+    "enhanced-resolve": ["enhanced-resolve@5.18.1", "", { "dependencies": { "graceful-fs": "^4.2.4", "tapable": "^2.2.0" } }, "sha512-ZSW3ma5GkcQBIpwZTSRAI8N71Uuwgs93IezB7mf7R60tC8ZbJideoDNKjHn2O9KIlx6rkGTTEk1xUCK2E1Y2Yg=="],
    "es-define-property": ["es-define-property@1.0.1", "", {}, "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g=="],
@@ -493,7 +496,7 @@
    "escape-string-regexp": ["escape-string-regexp@4.0.0", "", {}, "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA=="],
-    "eslint": ["eslint@9.34.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.12.1", "@eslint/config-array": "^0.21.0", "@eslint/config-helpers": "^0.3.1", "@eslint/core": "^0.15.2", "@eslint/eslintrc": "^3.3.1", "@eslint/js": "9.34.0", "@eslint/plugin-kit": "^0.3.5", "@humanfs/node": "^0.16.6", "@humanwhocodes/module-importer": "^1.0.1", "@humanwhocodes/retry": "^0.4.2", "@types/estree": "^1.0.6", "@types/json-schema": "^7.0.15", "ajv": "^6.12.4", "chalk": "^4.0.0", "cross-spawn": "^7.0.6", "debug": "^4.3.2", "escape-string-regexp": "^4.0.0", "eslint-scope": "^8.4.0", "eslint-visitor-keys": "^4.2.1", "espree": "^10.4.0", "esquery": "^1.5.0", "esutils": "^2.0.2", "fast-deep-equal": "^3.1.3", "file-entry-cache": "^8.0.0", "find-up": "^5.0.0", "glob-parent": "^6.0.2", "ignore": "^5.2.0", "imurmurhash": "^0.1.4", "is-glob": "^4.0.0", "json-stable-stringify-without-jsonify": "^1.0.1", "lodash.merge": "^4.6.2", "minimatch": "^3.1.2", "natural-compare": "^1.4.0", "optionator": "^0.9.3" }, "peerDependencies": { "jiti": "*" }, "optionalPeers": ["jiti"], "bin": { "eslint": "bin/eslint.js" } }, "sha512-RNCHRX5EwdrESy3Jc9o8ie8Bog+PeYvvSR8sDGoZxNFTvZ4dlxUB3WzQ3bQMztFrSRODGrLLj8g6OFuGY/aiQg=="],
+    "eslint": ["eslint@9.32.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.12.1", "@eslint/config-array": "^0.21.0", "@eslint/config-helpers": "^0.3.0", "@eslint/core": "^0.15.0", "@eslint/eslintrc": "^3.3.1", "@eslint/js": "9.32.0", "@eslint/plugin-kit": "^0.3.4", "@humanfs/node": "^0.16.6", "@humanwhocodes/module-importer": "^1.0.1", "@humanwhocodes/retry": "^0.4.2", "@types/estree": "^1.0.6", "@types/json-schema": "^7.0.15", "ajv": "^6.12.4", "chalk": "^4.0.0", "cross-spawn": "^7.0.6", "debug": "^4.3.2", "escape-string-regexp": "^4.0.0", "eslint-scope": "^8.4.0", "eslint-visitor-keys": "^4.2.1", "espree": "^10.4.0", "esquery": "^1.5.0", "esutils": "^2.0.2", "fast-deep-equal": "^3.1.3", "file-entry-cache": "^8.0.0", "find-up": "^5.0.0", "glob-parent": "^6.0.2", "ignore": "^5.2.0", "imurmurhash": "^0.1.4", "is-glob": "^4.0.0", "json-stable-stringify-without-jsonify": "^1.0.1", "lodash.merge": "^4.6.2", "minimatch": "^3.1.2", "natural-compare": "^1.4.0", "optionator": "^0.9.3" }, "peerDependencies": { "jiti": "*" }, "optionalPeers": ["jiti"], "bin": { "eslint": "bin/eslint.js" } }, "sha512-LSehfdpgMeWcTZkWZVIJl+tkZ2nuSkyyB9C27MZqFWXuph7DvaowgcTvKqxvpLW1JZIk8PN7hFY3Rj9LQ7m7lg=="],
    "eslint-plugin-react-hooks": ["eslint-plugin-react-hooks@5.2.0", "", { "peerDependencies": { "eslint": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-0 || ^9.0.0" } }, "sha512-+f15FfK64YQwZdJNELETdn5ibXEUQmW1DZL6KXhNnc2heoy/sg9VJJeT7n8TlMWouzWqSWavFkIhHyIbIAEapg=="],
@@ -527,7 +530,7 @@
    "fastq": ["fastq@1.19.1", "", { "dependencies": { "reusify": "^1.0.4" } }, "sha512-GwLTyxkCXjXbxqIhTsMI2Nui8huMPtnxg7krajPJAjnEG/iiOS7i+zCtWGZR9G0NBKbXKh6X9m9UIsYX/N6vvQ=="],
-    "fdir": ["fdir@6.5.0", "", { "peerDependencies": { "picomatch": "^3 || ^4" }, "optionalPeers": ["picomatch"] }, "sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg=="],
+    "fdir": ["fdir@6.4.6", "", { "peerDependencies": { "picomatch": "^3 || ^4" }, "optionalPeers": ["picomatch"] }, "sha512-hiFoqpyZcfNm1yc4u8oWCf9A2c4D3QjCrks3zmoVKVxpQRzmPNar1hUJcBG2RQHvEVGDN+Jm81ZheVLAQMK6+w=="],
    "file-entry-cache": ["file-entry-cache@8.0.0", "", { "dependencies": { "flat-cache": "^4.0.0" } }, "sha512-XXTUwCvisa5oacNGRP9SfNtYBNAMi+RPwBFmblZEF7N7swHYQS6/Zfk7SRwx4D5j3CH211YNRco1DEMNVfZCnQ=="],
@@ -581,7 +584,7 @@
    "html-url-attributes": ["html-url-attributes@3.0.1", "", {}, "sha512-ol6UPyBWqsrO6EJySPz2O7ZSr856WDrEzM5zMqp+FJJLGMW35cLYmmZnl0vztAZxRUoNZJFTCohfjuIJ8I4QBQ=="],
-    "i18next": ["i18next@25.4.2", "", { "dependencies": { "@babel/runtime": "^7.27.6" }, "peerDependencies": { "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-gD4T25a6ovNXsfXY1TwHXXXLnD/K2t99jyYMCSimSCBnBRJVQr5j+VAaU83RJCPzrTGhVQ6dqIga66xO2rtd5g=="],
+    "i18next": ["i18next@25.3.2", "", { "dependencies": { "@babel/runtime": "^7.27.6" }, "peerDependencies": { "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-JSnbZDxRVbphc5jiptxr3o2zocy5dEqpVm9qCGdJwRNO+9saUJS0/u4LnM/13C23fUEWxAylPqKU/NpMV/IjqA=="],
    "i18next-browser-languagedetector": ["i18next-browser-languagedetector@8.2.0", "", { "dependencies": { "@babel/runtime": "^7.23.2" } }, "sha512-P+3zEKLnOF0qmiesW383vsLdtQVyKtCNA9cjSoKCppTKPQVfKd2W8hbVo5ZhNJKDqeM7BOcvNoKJOjpHh4Js9g=="],
@@ -665,7 +668,7 @@
    "lru-cache": ["lru-cache@5.1.1", "", { "dependencies": { "yallist": "^3.0.2" } }, "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w=="],
-    "lucide-react": ["lucide-react@0.541.0", "", { "peerDependencies": { "react": "^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-s0Vircsu5WaGv2KoJZ5+SoxiAJ3UXV5KqEM3eIFDHaHkcLIFdIWgXtZ412+Gh02UsdS7Was+jvEpBvPCWQISlg=="],
+    "lucide-react": ["lucide-react@0.539.0", "", { "peerDependencies": { "react": "^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-VVISr+VF2krO91FeuCrm1rSOLACQUYVy7NQkzrOty52Y8TlTPcXcMdQFj9bYzBgXbWCiywlwSZ3Z8u6a+6bMlg=="],
    "magic-string": ["magic-string@0.30.17", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.0" } }, "sha512-sNPKHvyjVf7gyjwS4xGTaW/mCnF8wnjtifKBEhxfZ7E/S8tQ0rssrwGNn6q8JH/ohItJfSQp9mBtQYuTlH5QnA=="],
@@ -793,7 +796,7 @@
    "react-hook-form": ["react-hook-form@7.62.0", "", { "peerDependencies": { "react": "^16.8.0 || ^17 || ^18 || ^19" } }, "sha512-7KWFejc98xqG/F4bAxpL41NB3o1nnvQO1RWZT3TqRZYL8RryQETGfEdVnJN2fy1crCiBLLjkRBVK05j24FxJGA=="],
-    "react-i18next": ["react-i18next@15.7.2", "", { "dependencies": { "@babel/runtime": "^7.27.6", "html-parse-stringify": "^3.0.1" }, "peerDependencies": { "i18next": ">= 25.4.1", "react": ">= 16.8.0", "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-xJxq7ibnhUlMvd82lNC4te1GxGUMoM1A05KKyqoqsBXVZtEvZg/fz/fnVzdlY/hhQ3SpP/79qCocZOtICGhd3g=="],
+    "react-i18next": ["react-i18next@15.6.1", "", { "dependencies": { "@babel/runtime": "^7.27.6", "html-parse-stringify": "^3.0.1" }, "peerDependencies": { "i18next": ">= 23.2.3", "react": ">= 16.8.0", "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-uGrzSsOUUe2sDBG/+FJq2J1MM+Y4368/QW8OLEKSFvnDflHBbZhSd1u3UkW0Z06rMhZmnB/AQrhCpYfE5/5XNg=="],
    "react-markdown": ["react-markdown@10.1.0", "", { "dependencies": { "@types/hast": "^3.0.0", "@types/mdast": "^4.0.0", "devlop": "^1.0.0", "hast-util-to-jsx-runtime": "^2.0.0", "html-url-attributes": "^3.0.0", "mdast-util-to-hast": "^13.0.0", "remark-parse": "^11.0.0", "remark-rehype": "^11.0.0", "unified": "^11.0.0", "unist-util-visit": "^5.0.0", "vfile": "^6.0.0" }, "peerDependencies": { "@types/react": ">=18", "react": ">=18" } }, "sha512-qKxVopLT/TyA6BX3Ue5NwabOsAzm0Q7kAPwq6L+wWDwisYs7R8vZ0nRXqq6rkueboxpkjvLGU9fWifiX/ZZFxQ=="],
@@ -803,7 +806,7 @@
    "react-remove-scroll-bar": ["react-remove-scroll-bar@2.3.8", "", { "dependencies": { "react-style-singleton": "^2.2.2", "tslib": "^2.0.0" }, "peerDependencies": { "@types/react": "*", "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" }, "optionalPeers": ["@types/react"] }, "sha512-9r+yi9+mgU33AKcj6IbT9oRCO78WriSj6t/cF8DWBZJ9aOGPOTEDvdUDz1FwKim7QXWwmHqtdHnRJfhAxEG46Q=="],
-    "react-router": ["react-router@7.8.2", "", { "dependencies": { "cookie": "^1.0.1", "set-cookie-parser": "^2.6.0" }, "peerDependencies": { "react": ">=18", "react-dom": ">=18" }, "optionalPeers": ["react-dom"] }, "sha512-7M2fR1JbIZ/jFWqelpvSZx+7vd7UlBTfdZqf6OSdF9g6+sfdqJDAWcak6ervbHph200ePlu+7G8LdoiC3ReyAQ=="],
+    "react-router": ["react-router@7.8.0", "", { "dependencies": { "cookie": "^1.0.1", "set-cookie-parser": "^2.6.0" }, "peerDependencies": { "react": ">=18", "react-dom": ">=18" }, "optionalPeers": ["react-dom"] }, "sha512-r15M3+LHKgM4SOapNmsH3smAizWds1vJ0Z9C4mWaKnT9/wD7+d/0jYcj6LmOvonkrO4Rgdyp4KQ/29gWN2i1eg=="],
    "react-style-singleton": ["react-style-singleton@2.2.3", "", { "dependencies": { "get-nonce": "^1.0.0", "tslib": "^2.0.0" }, "peerDependencies": { "@types/react": "*", "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react"] }, "sha512-b6jSvxvVnyptAiLjbkWLE/lOnR4lfTtDAl+eUC7RZy+QQWc6wRzIV2CE6xBuMmDxc2qIihtDCZD5NPOFl7fRBQ=="],
@@ -847,7 +850,7 @@
    "tailwind-merge": ["tailwind-merge@3.3.1", "", {}, "sha512-gBXpgUm/3rp1lMZZrM/w7D8GKqshif0zAymAhbCyIt8KMe+0v9DQ7cdYLR4FHH/cKpdTXb+A/tKKU3eolfsI+g=="],
-    "tailwindcss": ["tailwindcss@4.1.12", "", {}, "sha512-DzFtxOi+7NsFf7DBtI3BJsynR+0Yp6etH+nRPTbpWnS2pZBaSksv/JGctNwSWzbFjp0vxSqknaUylseZqMDGrA=="],
+    "tailwindcss": ["tailwindcss@4.1.11", "", {}, "sha512-2E9TBm6MDD/xKYe+dvJZAmg3yxIEDNRc0jwlNyDg/4Fil2QcSLjFKGVff0lAf1jjeaArlG/M75Ey/EYr/OJtBA=="],
    "tapable": ["tapable@2.2.1", "", {}, "sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ=="],
@@ -865,13 +868,13 @@
    "tslib": ["tslib@2.8.1", "", {}, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],
-    "tw-animate-css": ["tw-animate-css@1.3.7", "", {}, "sha512-lvLb3hTIpB5oGsk8JmLoAjeCHV58nKa2zHYn8yWOoG5JJusH3bhJlF2DLAZ/5NmJ+jyH3ssiAx/2KmbhavJy/A=="],
+    "tw-animate-css": ["tw-animate-css@1.3.6", "", {}, "sha512-9dy0R9UsYEGmgf26L8UcHiLmSFTHa9+D7+dAt/G/sF5dCnPePZbfgDYinc7/UzAM7g/baVrmS6m9yEpU46d+LA=="],
    "type-check": ["type-check@0.4.0", "", { "dependencies": { "prelude-ls": "^1.2.1" } }, "sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew=="],
    "typescript": ["typescript@5.9.2", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-CWBzXQrc/qOkhidw1OzBTQuYRbfyxDXJMVJ1XNwUHGROVmuaeiEm3OslpZ1RV96d7SKKjZKrSJu3+t/xlw3R9A=="],
-    "typescript-eslint": ["typescript-eslint@8.41.0", "", { "dependencies": { "@typescript-eslint/eslint-plugin": "8.41.0", "@typescript-eslint/parser": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0", "@typescript-eslint/utils": "8.41.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-n66rzs5OBXW3SFSnZHr2T685q1i4ODm2nulFJhMZBotaTavsS8TrI3d7bDlRSs9yWo7HmyWrN9qDu14Qv7Y0Dw=="],
+    "typescript-eslint": ["typescript-eslint@8.39.0", "", { "dependencies": { "@typescript-eslint/eslint-plugin": "8.39.0", "@typescript-eslint/parser": "8.39.0", "@typescript-eslint/typescript-estree": "8.39.0", "@typescript-eslint/utils": "8.39.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-lH8FvtdtzcHJCkMOKnN73LIn6SLTpoojgJqDAxPm1jCR14eWSGPX8ul/gggBdPMk/d5+u9V854vTYQ8T5jF/1Q=="],
    "undici-types": ["undici-types@7.10.0", "", {}, "sha512-t5Fy/nfn+14LuOc2KNYg75vZqClpAiqscVvMygNnlsHBFpSXdJaYtXMcdNLpl/Qvc3P2cB3s6lOV51nqsFq4ag=="],
@@ -899,7 +902,7 @@
    "vfile-message": ["vfile-message@4.0.2", "", { "dependencies": { "@types/unist": "^3.0.0", "unist-util-stringify-position": "^4.0.0" } }, "sha512-jRDZ1IMLttGj41KcZvlrYAaI3CfqpLpfpf+Mfig13viT6NKvRzWZ+lXz0Y5D60w6uJIBAOGq9mSHf0gktF0duw=="],
-    "vite": ["vite@7.1.3", "", { "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.5.0", "picomatch": "^4.0.3", "postcss": "^8.5.6", "rollup": "^4.43.0", "tinyglobby": "^0.2.14" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "jiti": ">=1.21.0", "less": "^4.0.0", "lightningcss": "^1.21.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-OOUi5zjkDxYrKhTV3V7iKsoS37VUM7v40+HuwEmcrsf11Cdx9y3DIr2Px6liIcZFwt3XSRpQvFpL3WVy7ApkGw=="],
+    "vite": ["vite@7.1.1", "", { "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.4.6", "picomatch": "^4.0.3", "postcss": "^8.5.6", "rollup": "^4.43.0", "tinyglobby": "^0.2.14" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "jiti": ">=1.21.0", "less": "^4.0.0", "lightningcss": "^1.21.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-yJ+Mp7OyV+4S+afWo+QyoL9jFWD11QFH0i5i7JypnfTcA1rmgxCbiA8WwAICDEtZ1Z1hzrVhN8R8rGTqkTY8ZQ=="],
    "void-elements": ["void-elements@3.1.0", "", {}, "sha512-Dhxzh5HZuiHQhbvTW9AMetFfBHDMYpo23Uo9btPXgdYP+3T5S+p+jgNy7spra+veYhBP2dCSgxR/i2Y02h5/6w=="],
@@ -911,7 +914,7 @@
    "yocto-queue": ["yocto-queue@0.1.0", "", {}, "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q=="],
-    "zod": ["zod@4.1.3", "", {}, "sha512-1neef4bMce1hNTrxvHVKxWjKfGDn0oAli3Wy1Uwb7TRO1+wEwoZUZNP1NXIEESybOBiFnBOhI6a4m6tCLE8dog=="],
+    "zod": ["zod@4.0.15", "", {}, "sha512-2IVHb9h4Mt6+UXkyMs0XbfICUh1eUrlJJAOupBHUhLRnKkruawyDddYRCs0Eizt900ntIMk9/4RksYl+FgSpcQ=="],
    "zwitch": ["zwitch@2.0.4", "", {}, "sha512-bXE4cR/kVZhKZX/RjPEflHaKVhUVl85noU3v6b8apfQEc1x4A+zBxjZ4lN8LqGd6WZ3dl98pY4o717VFmoPp+A=="],
@@ -923,6 +926,10 @@
    "@babel/helper-module-imports/@babel/types": ["@babel/types@7.27.1", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-+EzkxvLNfiUeKMgy/3luqfsCWFRXLb7U6wNQTk60tovuckwB15B191tJWvpp4HjiQWdJkCxO3Wbvc6jlk3Xb2Q=="],
    "@babel/helper-module-transforms/@babel/traverse": ["@babel/traverse@7.27.4", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.27.3", "@babel/parser": "^7.27.4", "@babel/template": "^7.27.2", "@babel/types": "^7.27.3", "debug": "^4.3.1", "globals": "^11.1.0" } }, "sha512-oNcu2QbHqts9BtOWJosOVJapWjBDSxGCpFvikNR5TGDYDQf3JwpIoMzIKrvfoti93cLfPJEG4tH9SPVeyCGgdA=="],
    "@babel/helpers/@babel/types": ["@babel/types@7.27.6", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-ETyHEk2VHHvl9b9jZP5IHPavHYk57EhanlRRuae9XCpb/j5bDCbPPMOBfCWhnl/7EDJz0jEMCi/RhccCE8r1+Q=="],
    "@babel/template/@babel/parser": ["@babel/parser@7.27.2", "", { "dependencies": { "@babel/types": "^7.27.1" }, "bin": "./bin/babel-parser.js" }, "sha512-QYLs8299NA7WM/bZAdp+CviYYkVoYXlDW2rzliy3chxd1PQjej7JORuMJDJXJUb9g0TT+B99EwaVLKmX+sPXWw=="],
    "@babel/template/@babel/types": ["@babel/types@7.27.1", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-+EzkxvLNfiUeKMgy/3luqfsCWFRXLb7U6wNQTk60tovuckwB15B191tJWvpp4HjiQWdJkCxO3Wbvc6jlk3Xb2Q=="],
@@ -935,21 +942,15 @@
    "@humanfs/node/@humanwhocodes/retry": ["@humanwhocodes/retry@0.3.1", "", {}, "sha512-JBxkERygn7Bv/GbN5Rv8Ul6LVknS+5Bp6RgDC/O8gEBU/yeH5Ui5C/OlWrTb6qct7LjjfT6Re2NxB0ln0yYybA=="],
-    "@jridgewell/remapping/@jridgewell/gen-mapping": ["@jridgewell/gen-mapping@0.3.12", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.0", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-OuLGC46TjB5BbN1dH8JULVVZY4WTdkF7tV9Ys6wLL1rubZnCMstOhNHueU5bLCrnRuDhKPDM4g6sw4Bel5Gzqg=="],
+    "@tailwindcss/oxide-wasm32-wasi/@emnapi/core": ["@emnapi/core@1.4.3", "", { "dependencies": { "@emnapi/wasi-threads": "1.0.2", "tslib": "^2.4.0" }, "bundled": true }, "sha512-4m62DuCE07lw01soJwPiBGC0nAww0Q+RY70VZ+n49yDIO13yyinhbWCeNnaob0lakDtWQzSdtNWzJeOJt2ma+g=="],
-    "@jridgewell/remapping/@jridgewell/trace-mapping": ["@jridgewell/trace-mapping@0.3.29", "", { "dependencies": { "@jridgewell/resolve-uri": "^3.1.0", "@jridgewell/sourcemap-codec": "^1.4.14" } }, "sha512-uw6guiW/gcAGPDhLmd77/6lW8QLeiV5RUTsAX46Db6oLhGaVj4lhnPwb184s1bkc8kdVg/+h988dro8GRDpmYQ=="],
+    "@tailwindcss/oxide-wasm32-wasi/@emnapi/runtime": ["@emnapi/runtime@1.4.3", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-pBPWdu6MLKROBX05wSNKcNb++m5Er+KQ9QkB+WVM+pW2Kx9hoSrVTnu3BdkI5eBLZoKu/J6mW/B6i6bJB2ytXQ=="],
-    "@tailwindcss/node/jiti": ["jiti@2.5.1", "", { "bin": { "jiti": "lib/jiti-cli.mjs" } }, "sha512-twQoecYPiVA5K/h6SxtORw/Bs3ar+mLUtoPSc7iMXzQzK8d7eJ/R09wmTwAjiamETn1cXYPGfNnu7DMoHgu12w=="],
+    "@tailwindcss/oxide-wasm32-wasi/@emnapi/wasi-threads": ["@emnapi/wasi-threads@1.0.2", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-5n3nTJblwRi8LlXkJ9eBzu+kZR8Yxcc7ubakyQTFzPMtIhFpUBRbsnc2Dv88IZDIbCDlBiWrknhB4Lsz7mg6BA=="],
-    "@tailwindcss/oxide-wasm32-wasi/@emnapi/core": ["@emnapi/core@1.4.5", "", { "dependencies": { "@emnapi/wasi-threads": "1.0.4", "tslib": "^2.4.0" }, "bundled": true }, "sha512-XsLw1dEOpkSX/WucdqUhPWP7hDxSvZiY+fsUC14h+FtQ2Ifni4znbBt8punRX+Uj2JG/uDb8nEHVKvrVlvdZ5Q=="],
+    "@tailwindcss/oxide-wasm32-wasi/@napi-rs/wasm-runtime": ["@napi-rs/wasm-runtime@0.2.11", "", { "dependencies": { "@emnapi/core": "^1.4.3", "@emnapi/runtime": "^1.4.3", "@tybys/wasm-util": "^0.9.0" }, "bundled": true }, "sha512-9DPkXtvHydrcOsopiYpUgPHpmj0HWZKMUnL2dZqpvC42lsratuBG06V5ipyno0fUek5VlFsNQ+AcFATSrJXgMA=="],
-    "@tailwindcss/oxide-wasm32-wasi/@emnapi/runtime": ["@emnapi/runtime@1.4.5", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-++LApOtY0pEEz1zrd9vy1/zXVaVJJ/EbAF3u0fXIzPJEDtnITsBGbbK0EkM72amhl/R5b+5xx0Y/QhcVOpuulg=="],
+    "@tailwindcss/oxide-wasm32-wasi/@tybys/wasm-util": ["@tybys/wasm-util@0.9.0", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-6+7nlbMVX/PVDCwaIQ8nTOPveOcFLSt8GcXdx8hD0bt39uWxYT88uXzqTd4fTvqta7oeUJqudepapKNt2DYJFw=="],
    "@tailwindcss/oxide-wasm32-wasi/@emnapi/wasi-threads": ["@emnapi/wasi-threads@1.0.4", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-PJR+bOmMOPH8AtcTGAyYNiuJ3/Fcoj2XN/gBEWzDIKh254XO+mM9XoXHk5GNEhodxeMznbg7BlRojVbKN+gC6g=="],
    "@tailwindcss/oxide-wasm32-wasi/@napi-rs/wasm-runtime": ["@napi-rs/wasm-runtime@0.2.12", "", { "dependencies": { "@emnapi/core": "^1.4.3", "@emnapi/runtime": "^1.4.3", "@tybys/wasm-util": "^0.10.0" }, "bundled": true }, "sha512-ZVWUcfwY4E/yPitQJl481FjFo3K22D6qF0DuFH6Y/nbnE11GY5uguDxZMGXPQ8WQ0128MXQD7TnfHyK4oWoIJQ=="],
    "@tailwindcss/oxide-wasm32-wasi/@tybys/wasm-util": ["@tybys/wasm-util@0.10.0", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-VyyPYFlOMNylG45GoAe0xDoLwWuowvf92F9kySqzYh8vmYm7D2u4iUJKa1tOUpS70Ku13ASrOkS4ScXFsTaCNQ=="],
    "@tailwindcss/oxide-wasm32-wasi/tslib": ["tslib@2.8.1", "", { "bundled": true }, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],
@@ -965,27 +966,25 @@
    "@types/babel__traverse/@babel/types": ["@babel/types@7.27.1", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-+EzkxvLNfiUeKMgy/3luqfsCWFRXLb7U6wNQTk60tovuckwB15B191tJWvpp4HjiQWdJkCxO3Wbvc6jlk3Xb2Q=="],
-    "@types/estree-jsx/@types/estree": ["@types/estree@1.0.7", "", {}, "sha512-w28IoSUCJpidD/TGviZwwMJckNESJZXFu7NBZ5YJ4mEUnNraUn9Pm8HSZm/jDF1pDWYKspWE7oVphigUPRakIQ=="],
+    "@typescript-eslint/eslint-plugin/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.39.0", "", { "dependencies": { "@typescript-eslint/types": "8.39.0", "@typescript-eslint/visitor-keys": "8.39.0" } }, "sha512-8QOzff9UKxOh6npZQ/4FQu4mjdOCGSdO3p44ww0hk8Vu+IGbg0tB/H1LcTARRDzGCC8pDGbh2rissBuuoPgH8A=="],
-    "@typescript-eslint/eslint-plugin/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0" } }, "sha512-n6m05bXn/Cd6DZDGyrpXrELCPVaTnLdPToyhBoFkLIMznRUQUEQdSp96s/pcWSQdqOhrgR1mzJ+yItK7T+WPMQ=="],
+    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils": ["@typescript-eslint/utils@8.39.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.39.0", "@typescript-eslint/types": "8.39.0", "@typescript-eslint/typescript-estree": "8.39.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-4GVSvNA0Vx1Ktwvf4sFE+exxJ3QGUorQG1/A5mRfRNZtkBT2xrA/BCO2H0eALx/PnvCS6/vmYwRdDA41EoffkQ=="],
    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils": ["@typescript-eslint/utils@8.41.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.41.0", "@typescript-eslint/types": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-udbCVstxZ5jiPIXrdH+BZWnPatjlYwJuJkDA4Tbo3WyYLh8NvB+h/bKeSZHDOFKfphsZYJQqaFtLeXEqurQn1A=="],
    "@typescript-eslint/eslint-plugin/ignore": ["ignore@7.0.4", "", {}, "sha512-gJzzk+PQNznz8ysRrC0aOkBNVRBDtE1n53IqyqEf3PXrYwomFs5q4pGMizBMJF+ykh03insJ27hB8gSrD2Hn8A=="],
-    "@typescript-eslint/parser/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0" } }, "sha512-n6m05bXn/Cd6DZDGyrpXrELCPVaTnLdPToyhBoFkLIMznRUQUEQdSp96s/pcWSQdqOhrgR1mzJ+yItK7T+WPMQ=="],
+    "@typescript-eslint/parser/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.39.0", "", { "dependencies": { "@typescript-eslint/types": "8.39.0", "@typescript-eslint/visitor-keys": "8.39.0" } }, "sha512-8QOzff9UKxOh6npZQ/4FQu4mjdOCGSdO3p44ww0hk8Vu+IGbg0tB/H1LcTARRDzGCC8pDGbh2rissBuuoPgH8A=="],
-    "@typescript-eslint/parser/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "@typescript-eslint/parser/@typescript-eslint/types": ["@typescript-eslint/types@8.39.0", "", {}, "sha512-ArDdaOllnCj3yn/lzKn9s0pBQYmmyme/v1HbGIGB0GB/knFI3fWMHloC+oYTJW46tVbYnGKTMDK4ah1sC2v0Kg=="],
-    "@typescript-eslint/project-service/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "@typescript-eslint/project-service/@typescript-eslint/types": ["@typescript-eslint/types@8.39.0", "", {}, "sha512-ArDdaOllnCj3yn/lzKn9s0pBQYmmyme/v1HbGIGB0GB/knFI3fWMHloC+oYTJW46tVbYnGKTMDK4ah1sC2v0Kg=="],
    "@typescript-eslint/scope-manager/@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.38.0", "", { "dependencies": { "@typescript-eslint/types": "8.38.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-pWrTcoFNWuwHlA9CvlfSsGWs14JxfN1TH25zM5L7o0pRLhsoZkDnTsXfQRJBEWJoV5DL0jf+Z+sxiud+K0mq1g=="],
-    "@typescript-eslint/type-utils/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "@typescript-eslint/type-utils/@typescript-eslint/types": ["@typescript-eslint/types@8.39.0", "", {}, "sha512-ArDdaOllnCj3yn/lzKn9s0pBQYmmyme/v1HbGIGB0GB/knFI3fWMHloC+oYTJW46tVbYnGKTMDK4ah1sC2v0Kg=="],
-    "@typescript-eslint/type-utils/@typescript-eslint/utils": ["@typescript-eslint/utils@8.41.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.41.0", "@typescript-eslint/types": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-udbCVstxZ5jiPIXrdH+BZWnPatjlYwJuJkDA4Tbo3WyYLh8NvB+h/bKeSZHDOFKfphsZYJQqaFtLeXEqurQn1A=="],
+    "@typescript-eslint/type-utils/@typescript-eslint/utils": ["@typescript-eslint/utils@8.39.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.39.0", "@typescript-eslint/types": "8.39.0", "@typescript-eslint/typescript-estree": "8.39.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-4GVSvNA0Vx1Ktwvf4sFE+exxJ3QGUorQG1/A5mRfRNZtkBT2xrA/BCO2H0eALx/PnvCS6/vmYwRdDA41EoffkQ=="],
-    "@typescript-eslint/typescript-estree/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "@typescript-eslint/typescript-estree/@typescript-eslint/types": ["@typescript-eslint/types@8.39.0", "", {}, "sha512-ArDdaOllnCj3yn/lzKn9s0pBQYmmyme/v1HbGIGB0GB/knFI3fWMHloC+oYTJW46tVbYnGKTMDK4ah1sC2v0Kg=="],
    "@typescript-eslint/typescript-estree/minimatch": ["minimatch@9.0.5", "", { "dependencies": { "brace-expansion": "^2.0.1" } }, "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow=="],
@@ -993,12 +992,10 @@
    "@typescript-eslint/utils/@typescript-eslint/typescript-estree": ["@typescript-eslint/typescript-estree@8.38.0", "", { "dependencies": { "@typescript-eslint/project-service": "8.38.0", "@typescript-eslint/tsconfig-utils": "8.38.0", "@typescript-eslint/types": "8.38.0", "@typescript-eslint/visitor-keys": "8.38.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "typescript": ">=4.8.4 <5.9.0" } }, "sha512-fooELKcAKzxux6fA6pxOflpNS0jc+nOQEEOipXFNjSlBS6fqrJOVY/whSn70SScHrcJ2LDsxWrneFoWYSVfqhQ=="],
-    "@typescript-eslint/visitor-keys/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "@typescript-eslint/visitor-keys/@typescript-eslint/types": ["@typescript-eslint/types@8.39.0", "", {}, "sha512-ArDdaOllnCj3yn/lzKn9s0pBQYmmyme/v1HbGIGB0GB/knFI3fWMHloC+oYTJW46tVbYnGKTMDK4ah1sC2v0Kg=="],
    "fast-glob/glob-parent": ["glob-parent@5.1.2", "", { "dependencies": { "is-glob": "^4.0.1" } }, "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow=="],
    "hast-util-to-jsx-runtime/@types/estree": ["@types/estree@1.0.7", "", {}, "sha512-w28IoSUCJpidD/TGviZwwMJckNESJZXFu7NBZ5YJ4mEUnNraUn9Pm8HSZm/jDF1pDWYKspWE7oVphigUPRakIQ=="],
    "i18next-browser-languagedetector/@babel/runtime": ["@babel/runtime@7.27.1", "", {}, "sha512-1x3D2xEk2fRo3PAhwQwu5UubzgiVWSXTBfWpVd2Mx2AzRqJuDJCsgaDVZ7HB5iGzDW1Hl1sWN2mFyKjmR9uAog=="],
    "i18next-resources-to-backend/@babel/runtime": ["@babel/runtime@7.27.1", "", {}, "sha512-1x3D2xEk2fRo3PAhwQwu5UubzgiVWSXTBfWpVd2Mx2AzRqJuDJCsgaDVZ7HB5iGzDW1Hl1sWN2mFyKjmR9uAog=="],
@@ -1009,11 +1006,11 @@
    "parse-entities/@types/unist": ["@types/unist@2.0.11", "", {}, "sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA=="],
-    "tinyglobby/fdir": ["fdir@6.4.6", "", { "peerDependencies": { "picomatch": "^3 || ^4" }, "optionalPeers": ["picomatch"] }, "sha512-hiFoqpyZcfNm1yc4u8oWCf9A2c4D3QjCrks3zmoVKVxpQRzmPNar1hUJcBG2RQHvEVGDN+Jm81ZheVLAQMK6+w=="],
+    "rollup/@types/estree": ["@types/estree@1.0.8", "", {}, "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w=="],
    "tinyglobby/picomatch": ["picomatch@4.0.2", "", {}, "sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg=="],
-    "typescript-eslint/@typescript-eslint/utils": ["@typescript-eslint/utils@8.41.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.41.0", "@typescript-eslint/types": "8.41.0", "@typescript-eslint/typescript-estree": "8.41.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-udbCVstxZ5jiPIXrdH+BZWnPatjlYwJuJkDA4Tbo3WyYLh8NvB+h/bKeSZHDOFKfphsZYJQqaFtLeXEqurQn1A=="],
+    "typescript-eslint/@typescript-eslint/utils": ["@typescript-eslint/utils@8.39.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.39.0", "@typescript-eslint/types": "8.39.0", "@typescript-eslint/typescript-estree": "8.39.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-4GVSvNA0Vx1Ktwvf4sFE+exxJ3QGUorQG1/A5mRfRNZtkBT2xrA/BCO2H0eALx/PnvCS6/vmYwRdDA41EoffkQ=="],
    "@babel/helper-module-imports/@babel/traverse/@babel/generator": ["@babel/generator@7.27.1", "", { "dependencies": { "@babel/parser": "^7.27.1", "@babel/types": "^7.27.1", "@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/trace-mapping": "^0.3.25", "jsesc": "^3.0.2" } }, "sha512-UnJfnIpc/+JO0/+KRVQNGU+y5taA5vCbwN8+azkX6beii/ZF+enZJSOKo11ZSzGJjlNfJHfQtmQT8H+9TXPG2w=="],
@@ -1021,15 +1018,33 @@
    "@babel/helper-module-imports/@babel/traverse/globals": ["globals@11.12.0", "", {}, "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA=="],
    "@babel/helper-module-transforms/@babel/traverse/@babel/generator": ["@babel/generator@7.27.5", "", { "dependencies": { "@babel/parser": "^7.27.5", "@babel/types": "^7.27.3", "@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/trace-mapping": "^0.3.25", "jsesc": "^3.0.2" } }, "sha512-ZGhA37l0e/g2s1Cnzdix0O3aLYm66eF8aufiVteOgnwxgnRP8GoyMj7VWsgWnQbVKXyge7hqrFh2K2TQM6t1Hw=="],
    "@babel/helper-module-transforms/@babel/traverse/@babel/parser": ["@babel/parser@7.27.5", "", { "dependencies": { "@babel/types": "^7.27.3" }, "bin": "./bin/babel-parser.js" }, "sha512-OsQd175SxWkGlzbny8J3K8TnnDD0N3lrIUtB92xwyRpzaenGZhxDvxN/JgU00U3CDZNj9tPuDJ5H0WS4Nt3vKg=="],
    "@babel/helper-module-transforms/@babel/traverse/@babel/types": ["@babel/types@7.27.6", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-ETyHEk2VHHvl9b9jZP5IHPavHYk57EhanlRRuae9XCpb/j5bDCbPPMOBfCWhnl/7EDJz0jEMCi/RhccCE8r1+Q=="],
    "@babel/helper-module-transforms/@babel/traverse/globals": ["globals@11.12.0", "", {}, "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA=="],
    "@eslint/eslintrc/espree/acorn": ["acorn@8.14.1", "", { "bin": { "acorn": "bin/acorn" } }, "sha512-OvQ/2pUDKmgfCg++xsTX1wGxfTaszcHVcTctW4UJB4hibJx2HXxxO5UmVgyjMa+ZDsiaf5wWLXYpRWMmBI0QHg=="],
    "@eslint/eslintrc/espree/eslint-visitor-keys": ["eslint-visitor-keys@4.2.0", "", {}, "sha512-UyLnSehNt62FFhSwjZlHmeokpRK59rcz29j+F1/aDgbkbRTk7wIc9XzdoasMUbRNKDM0qQt/+BJ4BrpFeABemw=="],
-    "@typescript-eslint/eslint-plugin/@typescript-eslint/scope-manager/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "@tailwindcss/oxide-wasm32-wasi/@emnapi/core/@emnapi/wasi-threads": ["@emnapi/wasi-threads@1.0.2", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-5n3nTJblwRi8LlXkJ9eBzu+kZR8Yxcc7ubakyQTFzPMtIhFpUBRbsnc2Dv88IZDIbCDlBiWrknhB4Lsz7mg6BA=="],
-    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "@tailwindcss/oxide-wasm32-wasi/@emnapi/core/tslib": ["tslib@2.8.1", "", { "bundled": true }, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],
-    "@typescript-eslint/type-utils/@typescript-eslint/utils/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0" } }, "sha512-n6m05bXn/Cd6DZDGyrpXrELCPVaTnLdPToyhBoFkLIMznRUQUEQdSp96s/pcWSQdqOhrgR1mzJ+yItK7T+WPMQ=="],
+    "@tailwindcss/oxide-wasm32-wasi/@emnapi/runtime/tslib": ["tslib@2.8.1", "", { "bundled": true }, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],
    "@tailwindcss/oxide-wasm32-wasi/@emnapi/wasi-threads/tslib": ["tslib@2.8.1", "", { "bundled": true }, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],
    "@tailwindcss/oxide-wasm32-wasi/@tybys/wasm-util/tslib": ["tslib@2.8.1", "", { "bundled": true }, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],
    "@typescript-eslint/eslint-plugin/@typescript-eslint/scope-manager/@typescript-eslint/types": ["@typescript-eslint/types@8.39.0", "", {}, "sha512-ArDdaOllnCj3yn/lzKn9s0pBQYmmyme/v1HbGIGB0GB/knFI3fWMHloC+oYTJW46tVbYnGKTMDK4ah1sC2v0Kg=="],
    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils/@typescript-eslint/types": ["@typescript-eslint/types@8.39.0", "", {}, "sha512-ArDdaOllnCj3yn/lzKn9s0pBQYmmyme/v1HbGIGB0GB/knFI3fWMHloC+oYTJW46tVbYnGKTMDK4ah1sC2v0Kg=="],
    "@typescript-eslint/type-utils/@typescript-eslint/utils/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.39.0", "", { "dependencies": { "@typescript-eslint/types": "8.39.0", "@typescript-eslint/visitor-keys": "8.39.0" } }, "sha512-8QOzff9UKxOh6npZQ/4FQu4mjdOCGSdO3p44ww0hk8Vu+IGbg0tB/H1LcTARRDzGCC8pDGbh2rissBuuoPgH8A=="],
    "@typescript-eslint/typescript-estree/minimatch/brace-expansion": ["brace-expansion@2.0.1", "", { "dependencies": { "balanced-match": "^1.0.0" } }, "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA=="],
@@ -1043,9 +1058,11 @@
    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/semver": ["semver@7.7.1", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA=="],
-    "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.41.0", "", { "dependencies": { "@typescript-eslint/types": "8.41.0", "@typescript-eslint/visitor-keys": "8.41.0" } }, "sha512-n6m05bXn/Cd6DZDGyrpXrELCPVaTnLdPToyhBoFkLIMznRUQUEQdSp96s/pcWSQdqOhrgR1mzJ+yItK7T+WPMQ=="],
+    "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.39.0", "", { "dependencies": { "@typescript-eslint/types": "8.39.0", "@typescript-eslint/visitor-keys": "8.39.0" } }, "sha512-8QOzff9UKxOh6npZQ/4FQu4mjdOCGSdO3p44ww0hk8Vu+IGbg0tB/H1LcTARRDzGCC8pDGbh2rissBuuoPgH8A=="],
-    "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/types": ["@typescript-eslint/types@8.41.0", "", {}, "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag=="],
+    "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/types": ["@typescript-eslint/types@8.39.0", "", {}, "sha512-ArDdaOllnCj3yn/lzKn9s0pBQYmmyme/v1HbGIGB0GB/knFI3fWMHloC+oYTJW46tVbYnGKTMDK4ah1sC2v0Kg=="],
    "@tailwindcss/oxide-wasm32-wasi/@emnapi/core/@emnapi/wasi-threads/tslib": ["tslib@2.8.1", "", { "bundled": true }, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],
    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/minimatch/brace-expansion": ["brace-expansion@2.0.1", "", { "dependencies": { "balanced-match": "^1.0.0" } }, "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA=="],
  }
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -12,46 +12,47 @@
  "dependencies": {
    "@hookform/resolvers": "^5.2.1",
    "@radix-ui/react-label": "^2.1.7",
-    "@radix-ui/react-select": "^2.2.6",
+    "@radix-ui/react-select": "^2.2.5",
    "@radix-ui/react-separator": "^1.1.7",
    "@radix-ui/react-slot": "^1.2.3",
-    "@tailwindcss/vite": "^4.1.12",
+    "@tailwindcss/vite": "^4.1.11",
-    "@tanstack/react-query": "^5.85.5",
+    "@tanstack/react-query": "^5.84.1",
    "axios": "^1.11.0",
    "class-variance-authority": "^0.7.1",
    "clsx": "^2.1.1",
-    "i18next": "^25.4.2",
+    "dompurify": "^3.2.6",
    "i18next": "^25.3.2",
    "i18next-browser-languagedetector": "^8.2.0",
    "i18next-resources-to-backend": "^1.2.1",
    "input-otp": "^1.4.2",
-    "lucide-react": "^0.541.0",
+    "lucide-react": "^0.539.0",
    "next-themes": "^0.4.6",
    "react": "^19.1.1",
    "react-dom": "^19.1.1",
    "react-hook-form": "^7.62.0",
-    "react-i18next": "^15.7.2",
+    "react-i18next": "^15.6.1",
    "react-markdown": "^10.1.0",
-    "react-router": "^7.8.2",
+    "react-router": "^7.8.0",
    "sonner": "^2.0.7",
    "tailwind-merge": "^3.3.1",
-    "tailwindcss": "^4.1.12",
+    "tailwindcss": "^4.1.11",
-    "zod": "^4.1.3"
+    "zod": "^4.0.15"
  },
  "devDependencies": {
-    "@eslint/js": "^9.34.0",
+    "@eslint/js": "^9.32.0",
    "@tanstack/eslint-plugin-query": "^5.83.1",
-    "@types/node": "^24.3.0",
+    "@types/node": "^24.2.0",
-    "@types/react": "^19.1.11",
+    "@types/react": "^19.1.9",
-    "@types/react-dom": "^19.1.8",
+    "@types/react-dom": "^19.1.7",
-    "@vitejs/plugin-react": "^5.0.1",
+    "@vitejs/plugin-react": "^5.0.0",
-    "eslint": "^9.34.0",
+    "eslint": "^9.32.0",
    "eslint-plugin-react-hooks": "^5.2.0",
    "eslint-plugin-react-refresh": "^0.4.19",
    "globals": "^16.3.0",
    "prettier": "3.6.2",
-    "tw-animate-css": "^1.3.7",
+    "tw-animate-css": "^1.3.6",
    "typescript": "~5.9.2",
-    "typescript-eslint": "^8.41.0",
+    "typescript-eslint": "^8.39.0",
-    "vite": "^7.1.3"
+    "vite": "^7.1.1"
  }
 }
--- a/frontend/src/App.tsx
+++ b/frontend/src/App.tsx
@@ -5,8 +5,8 @@ export const App = () => {
  const { isLoggedIn } = useUserContext();
  if (isLoggedIn) {
-    return <Navigate to="/logout" replace />;
+    return <Navigate to="/logout" />;
  }
-  return <Navigate to="/login" replace />;
+  return <Navigate to="/login" />;
 };
--- a/frontend/src/components/domain-warning/domain-warning.tsx
+++ b/frontend/src/components/domain-warning/domain-warning.tsx
@@ -1,56 +0,0 @@
 import {
  Card,
  CardDescription,
  CardFooter,
  CardHeader,
  CardTitle,
 } from "../ui/card";
 import { Button } from "../ui/button";
 import { Trans, useTranslation } from "react-i18next";
 import { useLocation } from "react-router";
 interface Props {
  onClick: () => void;
  appUrl: string;
  currentUrl: string;
 }
 export const DomainWarning = (props: Props) => {
  const { onClick, appUrl, currentUrl } = props;
  const { t } = useTranslation();
  const { search } = useLocation();
  const searchParams = new URLSearchParams(search);
  const redirectUri = searchParams.get("redirect_uri");
  return (
    <Card role="alert" aria-live="assertive" className="min-w-xs sm:min-w-sm">
      <CardHeader>
        <CardTitle className="text-3xl">{t("domainWarningTitle")}</CardTitle>
        <CardDescription>
          <Trans
            t={t}
            i18nKey="domainWarningSubtitle"
            values={{ appUrl, currentUrl }}
            components={{ code: <code /> }}
          />
        </CardDescription>
      </CardHeader>
      <CardFooter className="flex flex-col items-stretch gap-2">
        <Button onClick={onClick} variant="warning">
          {t("ignoreTitle")}
        </Button>
        <Button
          onClick={() =>
            window.location.assign(
              `${appUrl}/login?redirect_uri=${encodeURIComponent(redirectUri || "")}`,
            )
          }
          variant="outline"
        >
          {t("goToCorrectDomainTitle")}
        </Button>
      </CardFooter>
    </Card>
  );
 };
--- a/frontend/src/components/layout/layout.tsx
+++ b/frontend/src/components/layout/layout.tsx
@@ -1,10 +1,8 @@
 import { useAppContext } from "@/context/app-context";
 import { LanguageSelector } from "../language/language";
 import { Outlet } from "react-router";
 import { useCallback, useState } from "react";
 import { DomainWarning } from "../domain-warning/domain-warning";
-const BaseLayout = ({ children }: { children: React.ReactNode }) => {
+export const Layout = () => {
  const { backgroundImage } = useAppContext();
  return (
@@ -17,38 +15,7 @@ const BaseLayout = ({ children }: { children: React.ReactNode }) => {
      }}
    >
      <LanguageSelector />
-      {children}
+      <Outlet />
    </div>
  );
 };
 export const Layout = () => {
  const { appUrl } = useAppContext();
  const [ignoreDomainWarning, setIgnoreDomainWarning] = useState(() => {
    return window.sessionStorage.getItem("ignoreDomainWarning") === "true";
  });
  const currentUrl = window.location.origin;
  const handleIgnore = useCallback(() => {
    window.sessionStorage.setItem("ignoreDomainWarning", "true");
    setIgnoreDomainWarning(true);
  }, [setIgnoreDomainWarning]);
  if (!ignoreDomainWarning && appUrl !== currentUrl) {
    return (
      <BaseLayout>
        <DomainWarning
          appUrl={appUrl}
          currentUrl={currentUrl}
          onClick={() => handleIgnore()}
        />
      </BaseLayout>
    );
  }
  return (
    <BaseLayout>
      <Outlet />
    </BaseLayout>
  );
 };
--- a/frontend/src/components/ui/button.tsx
+++ b/frontend/src/components/ui/button.tsx
@@ -22,7 +22,7 @@ const buttonVariants = cva(
          "hover:bg-accent hover:text-accent-foreground dark:hover:bg-accent/50",
        link: "text-primary underline-offset-4 hover:underline",
        warning:
-          "bg-amber-500 text-white shadow-xs hover:bg-amber-400 focus-visible:ring-amber-200/20 dark:focus-visible:ring-amber-400/40",
+          "bg-amber-500 text-white shadow-xs hover:bg-amber-400 focus-visible:ring-amber-200/20 dark:focus-visible:ring-amber-400/40 dark:bg-amber-600",
      },
      size: {
        default: "h-9 px-4 py-2 has-[>svg]:px-3",
--- a/frontend/src/index.css
+++ b/frontend/src/index.css
@@ -156,7 +156,7 @@ ul {
 }
 code {
-  @apply relative rounded bg-muted px-[0.2rem] py-[0.1rem] font-mono text-sm font-semibold break-all;
+  @apply relative rounded bg-muted px-[0.2rem] py-[0.1rem] font-mono text-sm font-semibold;
 }
 .lead {
--- a/frontend/src/lib/i18n/locales/en-US.json
+++ b/frontend/src/lib/i18n/locales/en-US.json
@@ -14,14 +14,14 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueRedirectManually": "Redirect me manually",
+    "continueInvalidRedirectTitle": "Invalid redirect",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueTitle": "Continue",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{rootDomain}}</code>). Are you sure you want to continue?",
+    "continueSubtitle": "Click the button to continue to your app.",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -44,6 +44,8 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
@@ -51,9 +53,5 @@
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/lib/i18n/locales/en.json
+++ b/frontend/src/lib/i18n/locales/en.json
@@ -14,14 +14,14 @@
    "loginOauthFailSubtitle": "Failed to get OAuth URL",
    "loginOauthSuccessTitle": "Redirecting",
    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
    "continueTitle": "Continue",
    "continueRedirectingTitle": "Redirecting...",
    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueRedirectManually": "Redirect me manually",
+    "continueInvalidRedirectTitle": "Invalid redirect",
    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
    "continueInsecureRedirectTitle": "Insecure redirect",
    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueTitle": "Continue",
-    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{rootDomain}}</code>). Are you sure you want to continue?",
+    "continueSubtitle": "Click the button to continue to your app.",
    "logoutFailTitle": "Failed to log out",
    "logoutFailSubtitle": "Please try again",
    "logoutSuccessTitle": "Logged out",
@@ -44,6 +44,8 @@
    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
    "unauthorizedButton": "Try again",
    "untrustedRedirectTitle": "Untrusted redirect",
    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
    "cancelTitle": "Cancel",
    "forgotPasswordTitle": "Forgot your password?",
    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
@@ -51,9 +53,5 @@
    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
    "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input",
+    "invalidInput": "Invalid input"
    "domainWarningTitle": "Invalid Domain",
    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
    "ignoreTitle": "Ignore",
    "goToCorrectDomainTitle": "Go to correct domain"
 }
--- a/frontend/src/pages/continue-page.tsx
+++ b/frontend/src/pages/continue-page.tsx
@@ -11,101 +11,60 @@ import { useUserContext } from "@/context/user-context";
 import { isValidUrl } from "@/lib/utils";
 import { Trans, useTranslation } from "react-i18next";
 import { Navigate, useLocation, useNavigate } from "react-router";
-import { useEffect, useState } from "react";
+import DOMPurify from "dompurify";
 import { useState } from "react";
 export const ContinuePage = () => {
  const { rootDomain } = useAppContext();
  const { isLoggedIn } = useUserContext();
  const { search } = useLocation();
  const { t } = useTranslation();
  const navigate = useNavigate();
  if (!isLoggedIn) {
    return <Navigate to="/login" />;
  }
  const { domain, disableContinue } = useAppContext();
  const { search } = useLocation();
  const [loading, setLoading] = useState(false);
  const [showRedirectButton, setShowRedirectButton] = useState(false);
  const searchParams = new URLSearchParams(search);
-  const redirectUri = searchParams.get("redirect_uri");
+  const redirectURI = searchParams.get("redirect_uri");
-  const isValidRedirectUri =
+  if (!redirectURI) {
-    redirectUri !== null ? isValidUrl(redirectUri) : false;
+    return <Navigate to="/logout" />;
-  const redirectUriObj = isValidRedirectUri
+  }
-    ? new URL(redirectUri as string)
+
-    : null;
+  if (!isValidUrl(DOMPurify.sanitize(redirectURI))) {
-  const isTrustedRedirectUri =
+    return <Navigate to="/logout" />;
-    redirectUriObj !== null
+  }
      ? redirectUriObj.hostname === rootDomain ||
        redirectUriObj.hostname.endsWith(`.${rootDomain}`)
      : false;
  const isAllowedRedirectProto =
    redirectUriObj !== null
      ? redirectUriObj.protocol === "https:" ||
        redirectUriObj.protocol === "http:"
      : false;
  const isHttpsDowngrade =
    redirectUriObj !== null
      ? redirectUriObj.protocol === "http:" &&
        window.location.protocol === "https:"
      : false;
  const handleRedirect = () => {
    setLoading(true);
-    window.location.assign(redirectUriObj!.toString());
+    window.location.href = DOMPurify.sanitize(redirectURI);
  };
  useEffect(() => {
    if (
      !isLoggedIn ||
      !isValidRedirectUri ||
      !isTrustedRedirectUri ||
      !isAllowedRedirectProto ||
      isHttpsDowngrade
    ) {
      return;
    }
    const auto = setTimeout(() => {
      handleRedirect();
    }, 100);
    const reveal = setTimeout(() => {
      setLoading(false);
      setShowRedirectButton(true);
    }, 1000);
    return () => {
      clearTimeout(auto);
      clearTimeout(reveal);
    };
  }, []);
  if (!isLoggedIn) {
    return (
      <Navigate
        to={`/login?redirect_uri=${encodeURIComponent(redirectUri || "")}`}
        replace
      />
    );
  }
-  if (!isValidRedirectUri || !isAllowedRedirectProto) {
+  if (disableContinue) {
-    return <Navigate to="/logout" replace />;
+    handleRedirect();
  }
-  if (!isTrustedRedirectUri) {
+  const { t } = useTranslation();
  const navigate = useNavigate();
  const url = new URL(redirectURI);
  if (!(url.hostname == domain) && !url.hostname.endsWith(`.${domain}`)) {
    return (
-      <Card role="alert" aria-live="assertive" className="min-w-xs sm:min-w-sm">
+      <Card className="min-w-xs sm:min-w-sm">
        <CardHeader>
          <CardTitle className="text-3xl">
-            {t("continueUntrustedRedirectTitle")}
+            {t("untrustedRedirectTitle")}
          </CardTitle>
          <CardDescription>
            <Trans
-              i18nKey="continueUntrustedRedirectSubtitle"
+              i18nKey="untrustedRedirectSubtitle"
              t={t}
              components={{
                code: <code />,
              }}
-              values={{ rootDomain }}
+              values={{ domain }}
            />
          </CardDescription>
        </CardHeader>
@@ -117,11 +76,7 @@ export const ContinuePage = () => {
          >
            {t("continueTitle")}
          </Button>
-          <Button
+          <Button onClick={() => navigate("/logout")} variant="outline" disabled={loading}>
            onClick={() => navigate("/logout")}
            variant="outline"
            disabled={loading}
          >
            {t("cancelTitle")}
          </Button>
        </CardFooter>
@@ -129,9 +84,9 @@ export const ContinuePage = () => {
    );
  }
-  if (isHttpsDowngrade) {
+  if (url.protocol === "http:" && window.location.protocol === "https:") {
    return (
-      <Card role="alert" aria-live="assertive" className="min-w-xs sm:min-w-sm">
+      <Card className="min-w-xs sm:min-w-sm">
        <CardHeader>
          <CardTitle className="text-3xl">
            {t("continueInsecureRedirectTitle")}
@@ -147,14 +102,14 @@ export const ContinuePage = () => {
          </CardDescription>
        </CardHeader>
        <CardFooter className="flex flex-col items-stretch gap-2">
-          <Button onClick={handleRedirect} loading={loading} variant="warning">
+          <Button
            onClick={handleRedirect}
            loading={loading}
            variant="warning"
          >
            {t("continueTitle")}
          </Button>
-          <Button
+          <Button onClick={() => navigate("/logout")} variant="outline" disabled={loading}>
            onClick={() => navigate("/logout")}
            variant="outline"
            disabled={loading}
          >
            {t("cancelTitle")}
          </Button>
        </CardFooter>
@@ -165,18 +120,17 @@ export const ContinuePage = () => {
  return (
    <Card className="min-w-xs sm:min-w-sm">
      <CardHeader>
-        <CardTitle className="text-3xl">
+        <CardTitle className="text-3xl">{t("continueTitle")}</CardTitle>
-          {t("continueRedirectingTitle")}
+        <CardDescription>{t("continueSubtitle")}</CardDescription>
        </CardTitle>
        <CardDescription>{t("continueRedirectingSubtitle")}</CardDescription>
      </CardHeader>
-      {showRedirectButton && (
+      <CardFooter className="flex flex-col items-stretch">
-        <CardFooter className="flex flex-col items-stretch">
+        <Button
-          <Button onClick={handleRedirect}>
+          onClick={handleRedirect}
-            {t("continueRedirectManually")}
+          loading={loading}
-          </Button>
+        >
-        </CardFooter>
+          {t("continueTitle")}
-      )}
+        </Button>
      </CardFooter>
    </Card>
  );
 };
--- a/frontend/src/pages/login-page.tsx
+++ b/frontend/src/pages/login-page.tsx
@@ -17,21 +17,23 @@ import { useIsMounted } from "@/lib/hooks/use-is-mounted";
 import { LoginSchema } from "@/schemas/login-schema";
 import { useMutation } from "@tanstack/react-query";
 import axios, { AxiosError } from "axios";
-import { useEffect, useRef } from "react";
+import { useEffect } from "react";
 import { useTranslation } from "react-i18next";
 import { Navigate, useLocation } from "react-router";
 import { toast } from "sonner";
 export const LoginPage = () => {
  const { isLoggedIn } = useUserContext();
-  const { configuredProviders, title, oauthAutoRedirect, genericName } =
+
-    useAppContext();
+  if (isLoggedIn) {
    return <Navigate to="/logout" />;
  }
  const { configuredProviders, title, oauthAutoRedirect, genericName } = useAppContext();
  const { search } = useLocation();
  const { t } = useTranslation();
  const isMounted = useIsMounted();
  const redirectTimer = useRef<number | null>(null);
  const searchParams = new URLSearchParams(search);
  const redirectUri = searchParams.get("redirect_uri");
@@ -51,8 +53,8 @@ export const LoginPage = () => {
        description: t("loginOauthSuccessSubtitle"),
      });
-      redirectTimer.current = window.setTimeout(() => {
+      setTimeout(() => {
-        window.location.replace(data.data.url);
+        window.location.href = data.data.url;
      }, 500);
    },
    onError: () => {
@@ -77,7 +79,7 @@ export const LoginPage = () => {
        description: t("loginSuccessSubtitle"),
      });
-      redirectTimer.current = window.setTimeout(() => {
+      setTimeout(() => {
        window.location.replace(
          `/continue?redirect_uri=${encodeURIComponent(redirectUri ?? "")}`,
        );
@@ -98,7 +100,6 @@ export const LoginPage = () => {
      if (
        oauthConfigured &&
        configuredProviders.includes(oauthAutoRedirect) &&
        !isLoggedIn &&
        redirectUri
      ) {
        oauthMutation.mutate(oauthAutoRedirect);
@@ -106,26 +107,6 @@ export const LoginPage = () => {
    }
  }, []);
  useEffect(
    () => () => {
      if (redirectTimer.current) clearTimeout(redirectTimer.current);
    },
    [],
  );
  if (isLoggedIn && redirectUri) {
    return (
      <Navigate
        to={`/continue?redirect_uri=${encodeURIComponent(redirectUri)}`}
        replace
      />
    );
  }
  if (isLoggedIn) {
    return <Navigate to="/logout" replace />;
  }
  return (
    <Card className="min-w-xs sm:min-w-sm">
      <CardHeader>
@@ -145,10 +126,7 @@ export const LoginPage = () => {
                icon={<GoogleIcon />}
                className="w-full"
                onClick={() => oauthMutation.mutate("google")}
-                loading={
+                loading={oauthMutation.isPending && oauthMutation.variables === "google"}
                  oauthMutation.isPending &&
                  oauthMutation.variables === "google"
                }
                disabled={oauthMutation.isPending || loginMutation.isPending}
              />
            )}
@@ -158,10 +136,7 @@ export const LoginPage = () => {
                icon={<GithubIcon />}
                className="w-full"
                onClick={() => oauthMutation.mutate("github")}
-                loading={
+                loading={oauthMutation.isPending && oauthMutation.variables === "github"}
                  oauthMutation.isPending &&
                  oauthMutation.variables === "github"
                }
                disabled={oauthMutation.isPending || loginMutation.isPending}
              />
            )}
@@ -171,10 +146,7 @@ export const LoginPage = () => {
                icon={<GenericIcon />}
                className="w-full"
                onClick={() => oauthMutation.mutate("generic")}
-                loading={
+                loading={oauthMutation.isPending && oauthMutation.variables === "generic"}
                  oauthMutation.isPending &&
                  oauthMutation.variables === "generic"
                }
                disabled={oauthMutation.isPending || loginMutation.isPending}
              />
            )}
--- a/frontend/src/pages/logout-page.tsx
+++ b/frontend/src/pages/logout-page.tsx
@@ -11,18 +11,20 @@ import { useUserContext } from "@/context/user-context";
 import { capitalize } from "@/lib/utils";
 import { useMutation } from "@tanstack/react-query";
 import axios from "axios";
 import { useEffect, useRef } from "react";
 import { Trans, useTranslation } from "react-i18next";
 import { Navigate } from "react-router";
 import { toast } from "sonner";
 export const LogoutPage = () => {
  const { provider, username, isLoggedIn, email } = useUserContext();
  if (!isLoggedIn) {
    return <Navigate to="/login" />;
  }
  const { genericName } = useAppContext();
  const { t } = useTranslation();
  const redirectTimer = useRef<number | null>(null);
  const logoutMutation = useMutation({
    mutationFn: () => axios.post("/api/user/logout"),
    mutationKey: ["logout"],
@@ -31,8 +33,8 @@ export const LogoutPage = () => {
        description: t("logoutSuccessSubtitle"),
      });
-      redirectTimer.current = window.setTimeout(() => {
+      setTimeout(async () => {
-        window.location.assign("/login");
+        window.location.replace("/login");
      }, 500);
    },
    onError: () => {
@@ -42,17 +44,6 @@ export const LogoutPage = () => {
    },
  });
  useEffect(
    () => () => {
      if (redirectTimer.current) clearTimeout(redirectTimer.current);
    },
    [],
  );
  if (!isLoggedIn) {
    return <Navigate to="/login" replace />;
  }
  return (
    <Card className="min-w-xs sm:min-w-sm">
      <CardHeader>
--- a/frontend/src/pages/totp-page.tsx
+++ b/frontend/src/pages/totp-page.tsx
@@ -12,19 +12,22 @@ import { useUserContext } from "@/context/user-context";
 import { TotpSchema } from "@/schemas/totp-schema";
 import { useMutation } from "@tanstack/react-query";
 import axios from "axios";
-import { useEffect, useId, useRef } from "react";
+import { useId } from "react";
 import { useTranslation } from "react-i18next";
 import { Navigate, useLocation } from "react-router";
 import { toast } from "sonner";
 export const TotpPage = () => {
  const { totpPending } = useUserContext();
  if (!totpPending) {
    return <Navigate to="/" />;
  }
  const { t } = useTranslation();
  const { search } = useLocation();
  const formId = useId();
  const redirectTimer = useRef<number | null>(null);
  const searchParams = new URLSearchParams(search);
  const redirectUri = searchParams.get("redirect_uri");
@@ -36,7 +39,7 @@ export const TotpPage = () => {
        description: t("totpSuccessSubtitle"),
      });
-      redirectTimer.current = window.setTimeout(() => {
+      setTimeout(() => {
        window.location.replace(
          `/continue?redirect_uri=${encodeURIComponent(redirectUri ?? "")}`,
        );
@@ -49,17 +52,6 @@ export const TotpPage = () => {
    },
  });
  useEffect(
    () => () => {
      if (redirectTimer.current) clearTimeout(redirectTimer.current);
    },
    [],
  );
  if (!totpPending) {
    return <Navigate to="/" replace />;
  }
  return (
    <Card className="min-w-xs sm:min-w-sm">
      <CardHeader>
--- a/frontend/src/pages/unauthorized-page.tsx
+++ b/frontend/src/pages/unauthorized-page.tsx
@@ -12,10 +12,6 @@ import { Navigate, useLocation, useNavigate } from "react-router";
 export const UnauthorizedPage = () => {
  const { search } = useLocation();
  const { t } = useTranslation();
  const navigate = useNavigate();
  const [loading, setLoading] = useState(false);
  const searchParams = new URLSearchParams(search);
  const username = searchParams.get("username");
@@ -23,15 +19,19 @@ export const UnauthorizedPage = () => {
  const groupErr = searchParams.get("groupErr");
  const ip = searchParams.get("ip");
  if (!username && !ip) {
    return <Navigate to="/" />;
  }
  const { t } = useTranslation();
  const navigate = useNavigate();
  const [loading, setLoading] = useState(false);
  const handleRedirect = () => {
    setLoading(true);
    navigate("/login");
  };
  if (!username && !ip) {
    return <Navigate to="/" />;
  }
  let i18nKey = "unauthorizedLoginSubtitle";
  if (resource) {
--- a/frontend/src/schemas/app-context-schema.ts
+++ b/frontend/src/schemas/app-context-schema.ts
@@ -2,10 +2,10 @@ import { z } from "zod";
 export const appContextSchema = z.object({
  configuredProviders: z.array(z.string()),
  disableContinue: z.boolean(),
  title: z.string(),
  genericName: z.string(),
-  appUrl: z.string(),
+  domain: z.string(),
  rootDomain: z.string(),
  forgotPasswordMessage: z.string(),
  oauthAutoRedirect: z.enum(["none", "github", "google", "generic"]),
  backgroundImage: z.string(),
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,6 @@ require (
 	github.com/cenkalti/backoff/v5 v5.0.3
 	github.com/gin-gonic/gin v1.10.1
 	github.com/go-playground/validator/v10 v10.27.0
 	github.com/golang-migrate/migrate/v4 v4.18.3
 	github.com/google/go-querystring v1.1.0
 	github.com/google/uuid v1.6.0
 	github.com/mdp/qrterminal/v3 v3.2.1
@@ -15,9 +14,6 @@ require (
 	github.com/spf13/viper v1.20.1
 	github.com/traefik/paerser v0.2.2
 	golang.org/x/crypto v0.41.0
 	gorm.io/driver/sqlite v1.6.0
 	gorm.io/gorm v1.30.1
 	modernc.org/sqlite v1.38.2
 )
 require (
@@ -27,34 +23,22 @@ require (
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/glebarez/go-sqlite v1.21.2 // indirect
 	github.com/glebarez/sqlite v1.11.0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
-	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
+	github.com/go-viper/mapstructure/v2 v2.3.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/mattn/go-sqlite3 v1.14.32 // indirect
 	github.com/moby/sys/atomicwriter v0.1.0 // indirect
 	github.com/moby/term v0.5.2 // indirect
-	github.com/ncruces/go-strftime v0.1.9 // indirect
+	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.34.0 // indirect
 	golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
 	golang.org/x/term v0.34.0 // indirect
 	gotest.tools/v3 v3.5.2 // indirect
 	modernc.org/libc v1.66.3 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
 	modernc.org/memory v1.11.0 // indirect
 	rsc.io/qr v0.2.0 // indirect
 )
 require (
-	github.com/Microsoft/go-winio v0.6.2 // indirect
+	github.com/Microsoft/go-winio v0.4.14 // indirect
 	github.com/atotto/clipboard v0.1.4 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/boombuler/barcode v1.0.2 // indirect
@@ -84,6 +68,7 @@ require (
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator v9.31.0+incompatible
 	github.com/goccy/go-json v0.10.4 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
@@ -93,6 +78,7 @@ require (
 	github.com/klauspost/cpuid/v2 v2.2.9 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 	github.com/magiconair/properties v1.8.10
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-localereader v0.0.1 // indirect
--- a/go.sum
+++ b/go.sum
@@ -4,8 +4,8 @@ github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
-github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
+github.com/Microsoft/go-winio v0.4.14 h1:+hMXMk01us9KgxGb7ftKQt2Xpf5hH/yky+TDA+qxleU=
-github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
+github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
 github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI=
 github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
 github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4=
@@ -96,10 +96,6 @@ github.com/gin-contrib/sse v1.0.0 h1:y3bT1mUWUxDpW4JLQg/HnTqV4rozuW4tC9eFKTxYI9E
 github.com/gin-contrib/sse v1.0.0/go.mod h1:zNuFdwarAygJBht0NTKiSi3jRf6RbqeILZ9Sp6Slhe0=
 github.com/gin-gonic/gin v1.10.1 h1:T0ujvqyCSqRopADpgPgiTT63DUQVSfojyME59Ei63pQ=
 github.com/gin-gonic/gin v1.10.1/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
 github.com/glebarez/go-sqlite v1.21.2 h1:3a6LFC4sKahUunAmynQKLZceZCOzUthkRkEAl9gAXWo=
 github.com/glebarez/go-sqlite v1.21.2/go.mod h1:sfxdZyhQjTM2Wry3gVYWaW072Ri1WMdWJi0k6+3382k=
 github.com/glebarez/sqlite v1.11.0 h1:wSG0irqzP6VurnMEpFGer5Li19RpIRi2qvQz++w0GMw=
 github.com/glebarez/sqlite v1.11.0/go.mod h1:h8/o8j5wiAsqSPoWELDUdJXhjAhsVliSn7bWZjOhrgQ=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-ldap/ldap/v3 v3.4.11 h1:4k0Yxweg+a3OyBLjdYn5OKglv18JNvfDykSoI8bW0gU=
@@ -115,17 +111,17 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
 github.com/go-playground/validator v9.31.0+incompatible h1:UA72EPEogEnq76ehGdEDp4Mit+3FDh548oRqwVgNsHA=
 github.com/go-playground/validator v9.31.0+incompatible/go.mod h1:yrEkQXlcI+PugkyDjY2bRrL/UBU4f3rvrgkN3V8JEig=
 github.com/go-playground/validator/v10 v10.27.0 h1:w8+XrWVMhGkxOaaowyKH35gFydVHOvC0/uWoy2Fzwn4=
 github.com/go-playground/validator/v10 v10.27.0/go.mod h1:I5QpIEbmr8On7W0TktmJAumgzX4CA1XNl4ZmDuVHKKo=
-github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs=
+github.com/go-viper/mapstructure/v2 v2.3.0 h1:27XbWsHIqhbdR5TIC911OfYvgSaW93HM+dX7970Q7jk=
-github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
+github.com/go-viper/mapstructure/v2 v2.3.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
 github.com/goccy/go-json v0.10.4 h1:JSwxQzIqKfmFX1swYPpUThQZp/Ka4wzJdK0LWVytLPM=
 github.com/goccy/go-json v0.10.4/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-migrate/migrate/v4 v4.18.3 h1:EYGkoOsvgHHfm5U/naS1RP/6PL/Xv3S4B/swMiAmDLs=
 github.com/golang-migrate/migrate/v4 v4.18.3/go.mod h1:99BKpIi6ruaaXRM1A77eqZ+FWPQ3cfRa+ZVy5bmWMaY=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
@@ -134,8 +130,6 @@ github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17kjQEVQ1XRhq2/JR1M3sGqeJoxs=
 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
@@ -144,11 +138,6 @@ github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzq
 github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1 h1:VNqngBF40hVlDloBruUehVYC3ArSgIyScOAyMRqBxRg=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1/go.mod h1:RBRO7fro65R6tjKzYgLAFo0t1QEXY1Dp+i/bvpRiqiQ=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
@@ -165,10 +154,6 @@ github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh6
 github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs=
 github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY=
 github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
 github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
@@ -177,16 +162,17 @@ github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa02
 github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY=
 github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY=
 github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
 github.com/magiconair/properties v1.8.10 h1:s31yESBquKXCV9a/ScB3ESkOjUYYv+X0rg8SYxI99mE=
 github.com/magiconair/properties v1.8.10/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
 github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
@@ -198,8 +184,6 @@ github.com/mattn/go-localereader v0.0.1 h1:ygSAOl7ZXTx4RdPYinUpg6W99U8jWvWi9Ye2J
 github.com/mattn/go-localereader v0.0.1/go.mod h1:8fBrzywKY7BI3czFoHkuzRoWE9C+EiG4R1k4Cjx5p88=
 github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
 github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-sqlite3 v1.14.32 h1:JD12Ag3oLy1zQA+BNn74xRgaBbdhbNIDYvQUEuuErjs=
 github.com/mattn/go-sqlite3 v1.14.32/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/mdp/qrterminal/v3 v3.2.1 h1:6+yQjiiOsSuXT5n9/m60E54vdgFsw0zhADHhHLrFet4=
 github.com/mdp/qrterminal/v3 v3.2.1/go.mod h1:jOTmXvnBsMy5xqLniO0R++Jmjs2sTm9dFSuQ5kpz/SU=
 github.com/mitchellh/hashstructure/v2 v2.0.2 h1:vGKWl0YJqUNxE8d+h8f6NJLcCJrgbhC4NcD46KavDd4=
@@ -225,22 +209,19 @@ github.com/muesli/cancelreader v0.2.2 h1:3I4Kt4BQjOR54NavqnDogx/MIoWBFa0StPA8ELU
 github.com/muesli/cancelreader v0.2.2/go.mod h1:3XuTXfFS2VjM+HTLZY9Ak0l6eUKfijIfMUZ4EgX0QYo=
 github.com/muesli/termenv v0.16.0 h1:S5AlUN9dENB57rsbnkPyfdGuWIlkmzJjbFf0Tf5FWUc=
 github.com/muesli/termenv v0.16.0/go.mod h1:ZRfOIKPFDYQoDFF4Olj7/QJbW60Ol/kL1pU3VfY/Cnk=
 github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
 github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
 github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
 github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
 github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pquerna/otp v1.5.0 h1:NMMR+WrmaqXU4EzdGJEE1aUUI0AMRzsp96fFFWNPwxs=
 github.com/pquerna/otp v1.5.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
@@ -252,6 +233,7 @@ github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sagikazarmark/locafero v0.7.0 h1:5MqpDsTGNDhY8sGp0Aowyf0qKsPrhewaLSsFaodPcyo=
 github.com/sagikazarmark/locafero v0.7.0/go.mod h1:2za3Cg5rMaTMoG/2Ulr9AwtFaIppKXTRYnozin4aB5k=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
@@ -267,9 +249,11 @@ github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
 github.com/spf13/viper v1.20.1 h1:ZMi+z/lvLyPSCoNtFCpqjy0S4kPbirhpTMwl8BkW9X4=
 github.com/spf13/viper v1.20.1/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
@@ -319,12 +303,10 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
 golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
-golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b h1:M2rDM6z3Fhozi9O7NWsxAkg/yqS/lQJ6PmkyIV3YP+o=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
-golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b/go.mod h1:3//PLf8L/X+8b4vuAfHzxeRUl04Adcb341+IGKfnqS8=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg=
 golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -338,8 +320,10 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
 golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -359,8 +343,6 @@ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGm
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0=
 golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -380,38 +362,8 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EV
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gorm.io/driver/sqlite v1.6.0 h1:WHRRrIiulaPiPFmDcod6prc4l2VGVWHz80KspNsxSfQ=
 gorm.io/driver/sqlite v1.6.0/go.mod h1:AO9V1qIQddBESngQUKWL9yoH93HIeA1X6V633rBwyT8=
 gorm.io/gorm v1.30.1 h1:lSHg33jJTBxs2mgJRfRZeLDG+WZaHYCk3Wtfl6Ngzo4=
 gorm.io/gorm v1.30.1/go.mod h1:8Z33v652h4//uMA76KjeDH8mJXPm1QNCYrMeatR0DOE=
 gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
 gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
 modernc.org/cc/v4 v4.26.2 h1:991HMkLjJzYBIfha6ECZdjrIYz2/1ayr+FL8GN+CNzM=
 modernc.org/cc/v4 v4.26.2/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
 modernc.org/ccgo/v4 v4.28.0 h1:rjznn6WWehKq7dG4JtLRKxb52Ecv8OUGah8+Z/SfpNU=
 modernc.org/ccgo/v4 v4.28.0/go.mod h1:JygV3+9AV6SmPhDasu4JgquwU81XAKLd3OKTUDNOiKE=
 modernc.org/fileutil v1.3.8 h1:qtzNm7ED75pd1C7WgAGcK4edm4fvhtBsEiI/0NQ54YM=
 modernc.org/fileutil v1.3.8/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc=
 modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI=
 modernc.org/gc/v2 v2.6.5/go.mod h1:YgIahr1ypgfe7chRuJi2gD7DBQiKSLMPgBQe9oIiito=
 modernc.org/goabi0 v0.2.0 h1:HvEowk7LxcPd0eq6mVOAEMai46V+i7Jrj13t4AzuNks=
 modernc.org/goabi0 v0.2.0/go.mod h1:CEFRnnJhKvWT1c1JTI3Avm+tgOWbkOu5oPA8eH8LnMI=
 modernc.org/libc v1.66.3 h1:cfCbjTUcdsKyyZZfEUKfoHcP3S0Wkvz3jgSzByEWVCQ=
 modernc.org/libc v1.66.3/go.mod h1:XD9zO8kt59cANKvHPXpx7yS2ELPheAey0vjIuZOhOU8=
 modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
 modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
 modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI=
 modernc.org/memory v1.11.0/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw=
 modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
 modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
 modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
 modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
 modernc.org/sqlite v1.38.2 h1:Aclu7+tgjgcQVShZqim41Bbw9Cho0y/7WzYptXqkEek=
 modernc.org/sqlite v1.38.2/go.mod h1:cPTJYSlgg3Sfg046yBShXENNtPrWrDX8bsbAQBzgQ5E=
 modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
 modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
 modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
 modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
 nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
 rsc.io/qr v0.2.0 h1:6vBLea5/NRMVTz8V66gipeLycZMl/+UlFmk8DvqQ6WY=
 rsc.io/qr v0.2.0/go.mod h1:IF+uZjkb9fqyeF/4tlBoynqmQxUoPfWEKh921coOuXs=
--- a/internal/assets/assets.go
+++ b/internal/assets/assets.go
@@ -4,12 +4,7 @@ import (
 	"embed"
 )
-// Frontend
+// Frontend assets
 //
 //go:embed dist
 var FrontendAssets embed.FS
 // Migrations
 //
 //go:embed migrations/*.sql
 var Migrations embed.FS
--- a/internal/assets/migrations/000001_init_sqlite.down.sql
+++ b/internal/assets/migrations/000001_init_sqlite.down.sql
@@ -1 +0,0 @@
 DROP TABLE IF EXISTS "sessions";
--- a/internal/assets/migrations/000001_init_sqlite.up.sql
+++ b/internal/assets/migrations/000001_init_sqlite.up.sql
@@ -1,10 +0,0 @@
 CREATE TABLE IF NOT EXISTS "sessions" (
    "uuid" TEXT NOT NULL PRIMARY KEY UNIQUE,
    "username" TEXT NOT NULL,
    "email" TEXT NOT NULL,
    "name" TEXT NOT NULL,
    "provider" TEXT NOT NULL,
    "totp_pending" BOOLEAN NOT NULL,
    "oauth_groups" TEXT NULL,
    "expiry" INTEGER NOT NULL
 );
--- a/internal/bootstrap/app_bootstrap.go
+++ b/internal/bootstrap/app_bootstrap.go
@@ -2,7 +2,6 @@ package bootstrap
 import (
 	"fmt"
 	"net/url"
 	"strings"
 	"tinyauth/internal/config"
 	"tinyauth/internal/controller"
@@ -45,30 +44,44 @@ func (app *BootstrapApp) Setup() error {
 		return err
 	}
-	// Get root domain
+	// Get domain
-	rootDomain, err := utils.GetRootDomain(app.Config.AppURL)
+	domain, err := utils.GetUpperDomain(app.Config.AppURL)
 	if err != nil {
 		return err
 	}
 	// Cookie names
-	appUrl, _ := url.Parse(app.Config.AppURL) // Already validated
+	cookieId := utils.GenerateIdentifier(strings.Split(domain, ".")[0])
 	cookieId := utils.GenerateIdentifier(appUrl.Hostname())
 	sessionCookieName := fmt.Sprintf("%s-%s", config.SessionCookieName, cookieId)
 	csrfCookieName := fmt.Sprintf("%s-%s", config.CSRFCookieName, cookieId)
 	redirectCookieName := fmt.Sprintf("%s-%s", config.RedirectCookieName, cookieId)
 	// Secrets
 	encryptionSecret, err := utils.DeriveKey(app.Config.Secret, "encryption")
 	if err != nil {
 		return err
 	}
 	hmacSecret, err := utils.DeriveKey(app.Config.Secret, "hmac")
 	if err != nil {
 		return err
 	}
 	// Create configs
 	authConfig := service.AuthServiceConfig{
 		Users:             users,
 		OauthWhitelist:    app.Config.OAuthWhitelist,
 		SessionExpiry:     app.Config.SessionExpiry,
 		SecureCookie:      app.Config.SecureCookie,
-		RootDomain:        rootDomain,
+		Domain:            domain,
 		LoginTimeout:      app.Config.LoginTimeout,
 		LoginMaxRetries:   app.Config.LoginMaxRetries,
 		SessionCookieName: sessionCookieName,
 		HMACSecret:        hmacSecret,
 		EncryptionSecret:  encryptionSecret,
 	}
 	// Setup services
@@ -94,24 +107,8 @@ func (app *BootstrapApp) Setup() error {
 		}
 	}
 	// Bootstrap database
 	databaseService := service.NewDatabaseService(service.DatabaseServiceConfig{
 		DatabasePath: app.Config.DatabasePath,
 	})
 	log.Debug().Str("service", fmt.Sprintf("%T", databaseService)).Msg("Initializing service")
 	err = databaseService.Init()
 	if err != nil {
 		return fmt.Errorf("failed to initialize database service: %w", err)
 	}
 	database := databaseService.GetDatabase()
 	// Create services
 	dockerService := service.NewDockerService()
-	authService := service.NewAuthService(authConfig, dockerService, ldapService, database)
+	authService := service.NewAuthService(authConfig, dockerService, ldapService)
 	oauthBrokerService := service.NewOAuthBrokerService(app.getOAuthBrokerConfig())
 	// Initialize services
@@ -155,7 +152,7 @@ func (app *BootstrapApp) Setup() error {
 	var middlewares []Middleware
 	contextMiddleware := middleware.NewContextMiddleware(middleware.ContextMiddlewareConfig{
-		RootDomain: rootDomain,
+		Domain: domain,
 	}, authService, oauthBrokerService)
 	uiMiddleware := middleware.NewUIMiddleware()
@@ -179,11 +176,11 @@ func (app *BootstrapApp) Setup() error {
 	// Create controllers
 	contextController := controller.NewContextController(controller.ContextControllerConfig{
 		ConfiguredProviders:   configuredProviders,
 		DisableContinue:       app.Config.DisableContinue,
 		Title:                 app.Config.Title,
 		GenericName:           app.Config.GenericName,
-		AppURL:                app.Config.AppURL,
+		Domain:                domain,
-		RootDomain:            rootDomain,
+		ForgotPasswordMessage: app.Config.FogotPasswordMessage,
 		ForgotPasswordMessage: app.Config.ForgotPasswordMessage,
 		BackgroundImage:       app.Config.BackgroundImage,
 		OAuthAutoRedirect:     app.Config.OAuthAutoRedirect,
 	}, apiRouter)
@@ -193,7 +190,7 @@ func (app *BootstrapApp) Setup() error {
 		SecureCookie:       app.Config.SecureCookie,
 		CSRFCookieName:     csrfCookieName,
 		RedirectCookieName: redirectCookieName,
-		RootDomain:         rootDomain,
+		Domain:             domain,
 	}, apiRouter, authService, oauthBrokerService)
 	proxyController := controller.NewProxyController(controller.ProxyControllerConfig{
@@ -201,7 +198,7 @@ func (app *BootstrapApp) Setup() error {
 	}, apiRouter, dockerService, authService)
 	userController := controller.NewUserController(controller.UserControllerConfig{
-		RootDomain: rootDomain,
+		Domain: domain,
 	}, apiRouter, authService)
 	resourcesController := controller.NewResourcesController(controller.ResourcesControllerConfig{
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -1,22 +1,25 @@
 package config
-// Version information, set at build time
+type Claims struct {
 	Name              string `json:"name"`
 	Email             string `json:"email"`
 	PreferredUsername string `json:"preferred_username"`
 	Groups            any    `json:"groups"`
 }
 var Version = "development"
 var CommitHash = "n/a"
 var BuildTimestamp = "n/a"
 // Cookie name templates
 var SessionCookieName = "tinyauth-session"
 var CSRFCookieName = "tinyauth-csrf"
 var RedirectCookieName = "tinyauth-redirect"
 // Main app config
 type Config struct {
 	Port                    int    `mapstructure:"port" validate:"required"`
 	Address                 string `validate:"required,ip4_addr" mapstructure:"address"`
 	Secret                  string `validate:"required,len=32" mapstructure:"secret"`
 	SecretFile              string `mapstructure:"secret-file"`
 	AppURL                  string `validate:"required,url" mapstructure:"app-url"`
 	Users                   string `mapstructure:"users"`
 	UsersFile               string `mapstructure:"users-file"`
@@ -36,6 +39,7 @@ type Config struct {
 	GenericUserURL          string `mapstructure:"generic-user-url"`
 	GenericName             string `mapstructure:"generic-name"`
 	GenericSkipSSL          bool   `mapstructure:"generic-skip-ssl"`
 	DisableContinue         bool   `mapstructure:"disable-continue"`
 	OAuthWhitelist          string `mapstructure:"oauth-whitelist"`
 	OAuthAutoRedirect       string `mapstructure:"oauth-auto-redirect" validate:"oneof=none github google generic"`
 	SessionExpiry           int    `mapstructure:"session-expiry"`
@@ -43,7 +47,7 @@ type Config struct {
 	Title                   string `mapstructure:"app-title"`
 	LoginTimeout            int    `mapstructure:"login-timeout"`
 	LoginMaxRetries         int    `mapstructure:"login-max-retries"`
-	ForgotPasswordMessage   string `mapstructure:"forgot-password-message"`
+	FogotPasswordMessage    string `mapstructure:"forgot-password-message"`
 	BackgroundImage         string `mapstructure:"background-image" validate:"required"`
 	LdapAddress             string `mapstructure:"ldap-address"`
 	LdapBindDN              string `mapstructure:"ldap-bind-dn"`
@@ -52,16 +56,37 @@ type Config struct {
 	LdapInsecure            bool   `mapstructure:"ldap-insecure"`
 	LdapSearchFilter        string `mapstructure:"ldap-search-filter"`
 	ResourcesDir            string `mapstructure:"resources-dir"`
 	DatabasePath            string `mapstructure:"database-path" validate:"required"`
 }
-// OAuth/OIDC config
+type OAuthLabels struct {
 	Whitelist string
 	Groups    string
 }
-type Claims struct {
+type BasicLabels struct {
-	Name              string `json:"name"`
+	Username string
-	Email             string `json:"email"`
+	Password PasswordLabels
-	PreferredUsername string `json:"preferred_username"`
+}
-	Groups            any    `json:"groups"`
+
 type PasswordLabels struct {
 	Plain string
 	File  string
 }
 type IPLabels struct {
 	Allow  []string
 	Block  []string
 	Bypass []string
 }
 type Labels struct {
 	Users   string
 	Allowed string
 	Headers []string
 	Domain  []string
 	Basic   BasicLabels
 	OAuth   OAuthLabels
 	IP      IPLabels
 }
 type OAuthServiceConfig struct {
@@ -75,8 +100,6 @@ type OAuthServiceConfig struct {
 	InsecureSkipVerify bool
 }
 // User/session related stuff
 type User struct {
 	Username   string
 	Password   string
@@ -89,7 +112,6 @@ type UserSearch struct {
 }
 type SessionCookie struct {
 	UUID        string
 	Username    string
 	Name        string
 	Email       string
@@ -110,8 +132,6 @@ type UserContext struct {
 	TotpEnabled bool
 }
 // API responses and queries
 type UnauthorizedQuery struct {
 	Username string `url:"username"`
 	Resource string `url:"resource"`
@@ -122,54 +142,3 @@ type UnauthorizedQuery struct {
 type RedirectQuery struct {
 	RedirectURI string `url:"redirect_uri"`
 }
 // Labels
 type Labels struct {
 	Apps map[string]AppLabels
 }
 type AppLabels struct {
 	Config   ConfigLabels
 	Users    UsersLabels
 	OAuth    OAuthLabels
 	IP       IPLabels
 	Response ResponseLabels
 	Path     PathLabels
 }
 type ConfigLabels struct {
 	Domain string
 }
 type UsersLabels struct {
 	Allow string
 	Block string
 }
 type OAuthLabels struct {
 	Whitelist string
 	Groups    string
 }
 type IPLabels struct {
 	Allow  []string
 	Block  []string
 	Bypass []string
 }
 type ResponseLabels struct {
 	Headers   []string
 	BasicAuth BasicAuthLabels
 }
 type BasicAuthLabels struct {
 	Username     string
 	Password     string
 	PasswordFile string
 }
 type PathLabels struct {
 	Allow string
 	Block string
 }
--- a/internal/controller/context_controller.go
+++ b/internal/controller/context_controller.go
@@ -1,8 +1,6 @@
 package controller
 import (
 	"fmt"
 	"net/url"
 	"tinyauth/internal/utils"
 	"github.com/gin-gonic/gin"
@@ -17,7 +15,7 @@ type UserContextResponse struct {
 	Name        string `json:"name"`
 	Email       string `json:"email"`
 	Provider    string `json:"provider"`
-	OAuth       bool   `json:"oauth"`
+	Oauth       bool   `json:"oauth"`
 	TotpPending bool   `json:"totpPending"`
 }
@@ -25,10 +23,10 @@ type AppContextResponse struct {
 	Status                int      `json:"status"`
 	Message               string   `json:"message"`
 	ConfiguredProviders   []string `json:"configuredProviders"`
 	DisableContinue       bool     `json:"disableContinue"`
 	Title                 string   `json:"title"`
 	GenericName           string   `json:"genericName"`
-	AppURL                string   `json:"appUrl"`
+	Domain                string   `json:"domain"`
 	RootDomain            string   `json:"rootDomain"`
 	ForgotPasswordMessage string   `json:"forgotPasswordMessage"`
 	BackgroundImage       string   `json:"backgroundImage"`
 	OAuthAutoRedirect     string   `json:"oauthAutoRedirect"`
@@ -36,29 +34,29 @@ type AppContextResponse struct {
 type ContextControllerConfig struct {
 	ConfiguredProviders   []string
 	DisableContinue       bool
 	Title                 string
 	GenericName           string
-	AppURL                string
+	Domain                string
 	RootDomain            string
 	ForgotPasswordMessage string
 	BackgroundImage       string
 	OAuthAutoRedirect     string
 }
 type ContextController struct {
-	config ContextControllerConfig
+	Config ContextControllerConfig
-	router *gin.RouterGroup
+	Router *gin.RouterGroup
 }
 func NewContextController(config ContextControllerConfig, router *gin.RouterGroup) *ContextController {
 	return &ContextController{
-		config: config,
+		Config: config,
-		router: router,
+		Router: router,
 	}
 }
 func (controller *ContextController) SetupRoutes() {
-	contextGroup := controller.router.Group("/context")
+	contextGroup := controller.Router.Group("/context")
 	contextGroup.GET("/user", controller.userContextHandler)
 	contextGroup.GET("/app", controller.appContextHandler)
 }
@@ -74,7 +72,7 @@ func (controller *ContextController) userContextHandler(c *gin.Context) {
 		Name:        context.Name,
 		Email:       context.Email,
 		Provider:    context.Provider,
-		OAuth:       context.OAuth,
+		Oauth:       context.OAuth,
 		TotpPending: context.TotpPending,
 	}
@@ -91,18 +89,16 @@ func (controller *ContextController) userContextHandler(c *gin.Context) {
 }
 func (controller *ContextController) appContextHandler(c *gin.Context) {
 	appUrl, _ := url.Parse(controller.config.AppURL) // no need to check error, validated on startup
 	c.JSON(200, AppContextResponse{
 		Status:                200,
 		Message:               "Success",
-		ConfiguredProviders:   controller.config.ConfiguredProviders,
+		ConfiguredProviders:   controller.Config.ConfiguredProviders,
-		Title:                 controller.config.Title,
+		DisableContinue:       controller.Config.DisableContinue,
-		GenericName:           controller.config.GenericName,
+		Title:                 controller.Config.Title,
-		AppURL:                fmt.Sprintf("%s://%s", appUrl.Scheme, appUrl.Host),
+		GenericName:           controller.Config.GenericName,
-		RootDomain:            controller.config.RootDomain,
+		Domain:                controller.Config.Domain,
-		ForgotPasswordMessage: controller.config.ForgotPasswordMessage,
+		ForgotPasswordMessage: controller.Config.ForgotPasswordMessage,
-		BackgroundImage:       controller.config.BackgroundImage,
+		BackgroundImage:       controller.Config.BackgroundImage,
-		OAuthAutoRedirect:     controller.config.OAuthAutoRedirect,
+		OAuthAutoRedirect:     controller.Config.OAuthAutoRedirect,
 	})
 }
--- a/internal/controller/health_controller.go
+++ b/internal/controller/health_controller.go
@@ -3,18 +3,18 @@ package controller
 import "github.com/gin-gonic/gin"
 type HealthController struct {
-	router *gin.RouterGroup
+	Router *gin.RouterGroup
 }
 func NewHealthController(router *gin.RouterGroup) *HealthController {
 	return &HealthController{
-		router: router,
+		Router: router,
 	}
 }
 func (controller *HealthController) SetupRoutes() {
-	controller.router.GET("/health", controller.healthHandler)
+	controller.Router.GET("/health", controller.healthHandler)
-	controller.router.HEAD("/health", controller.healthHandler)
+	controller.Router.HEAD("/health", controller.healthHandler)
 }
 func (controller *HealthController) healthHandler(c *gin.Context) {
--- a/internal/controller/oauth_controller.go
+++ b/internal/controller/oauth_controller.go
@@ -23,27 +23,27 @@ type OAuthControllerConfig struct {
 	RedirectCookieName string
 	SecureCookie       bool
 	AppURL             string
-	RootDomain         string
+	Domain             string
 }
 type OAuthController struct {
-	config OAuthControllerConfig
+	Config OAuthControllerConfig
-	router *gin.RouterGroup
+	Router *gin.RouterGroup
-	auth   *service.AuthService
+	Auth   *service.AuthService
-	broker *service.OAuthBrokerService
+	Broker *service.OAuthBrokerService
 }
 func NewOAuthController(config OAuthControllerConfig, router *gin.RouterGroup, auth *service.AuthService, broker *service.OAuthBrokerService) *OAuthController {
 	return &OAuthController{
-		config: config,
+		Config: config,
-		router: router,
+		Router: router,
-		auth:   auth,
+		Auth:   auth,
-		broker: broker,
+		Broker: broker,
 	}
 }
 func (controller *OAuthController) SetupRoutes() {
-	oauthGroup := controller.router.Group("/oauth")
+	oauthGroup := controller.Router.Group("/oauth")
 	oauthGroup.GET("/url/:provider", controller.oauthURLHandler)
 	oauthGroup.GET("/callback/:provider", controller.oauthCallbackHandler)
 }
@@ -61,7 +61,7 @@ func (controller *OAuthController) oauthURLHandler(c *gin.Context) {
 		return
 	}
-	service, exists := controller.broker.GetService(req.Provider)
+	service, exists := controller.Broker.GetService(req.Provider)
 	if !exists {
 		log.Warn().Msgf("OAuth provider not found: %s", req.Provider)
@@ -74,13 +74,13 @@ func (controller *OAuthController) oauthURLHandler(c *gin.Context) {
 	state := service.GenerateState()
 	authURL := service.GetAuthURL(state)
-	c.SetCookie(controller.config.CSRFCookieName, state, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.config.RootDomain), controller.config.SecureCookie, true)
+	c.SetCookie(controller.Config.CSRFCookieName, state, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.Config.Domain), controller.Config.SecureCookie, true)
 	redirectURI := c.Query("redirect_uri")
-	if redirectURI != "" && utils.IsRedirectSafe(redirectURI, controller.config.RootDomain) {
+	if redirectURI != "" && utils.IsRedirectSafe(redirectURI, controller.Config.Domain) {
 		log.Debug().Msg("Setting redirect URI cookie")
-		c.SetCookie(controller.config.RedirectCookieName, redirectURI, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.config.RootDomain), controller.config.SecureCookie, true)
+		c.SetCookie(controller.Config.RedirectCookieName, redirectURI, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.Config.Domain), controller.Config.SecureCookie, true)
 	}
 	c.JSON(200, gin.H{
@@ -104,59 +104,58 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 	}
 	state := c.Query("state")
-	csrfCookie, err := c.Cookie(controller.config.CSRFCookieName)
+	csrfCookie, err := c.Cookie(controller.Config.CSRFCookieName)
 	if err != nil || state != csrfCookie {
 		log.Warn().Err(err).Msg("CSRF token mismatch or cookie missing")
-		c.SetCookie(controller.config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.RootDomain), controller.config.SecureCookie, true)
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
 		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
 		return
 	}
-	c.SetCookie(controller.config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.RootDomain), controller.config.SecureCookie, true)
+	c.SetCookie(controller.Config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.Config.Domain), controller.Config.SecureCookie, true)
 	code := c.Query("code")
-	service, exists := controller.broker.GetService(req.Provider)
+	service, exists := controller.Broker.GetService(req.Provider)
 	if !exists {
 		log.Warn().Msgf("OAuth provider not found: %s", req.Provider)
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
 		return
 	}
 	err = service.VerifyCode(code)
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to verify OAuth code")
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
 		return
 	}
-	user, err := controller.broker.GetUser(req.Provider)
+	user, err := controller.Broker.GetUser(req.Provider)
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to get user from OAuth provider")
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
 		return
 	}
 	if user.Email == "" {
 		log.Error().Msg("OAuth provider did not return an email")
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
 		return
 	}
-	if !controller.auth.IsEmailWhitelisted(user.Email) {
+	if !controller.Auth.EmailWhitelisted(user.Email) {
 		queries, err := query.Values(config.UnauthorizedQuery{
 			Username: user.Email,
 		})
 		if err != nil {
 			log.Error().Err(err).Msg("Failed to encode unauthorized query")
-			c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+			c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
 			return
 		}
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.config.AppURL, queries.Encode()))
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.Config.AppURL, queries.Encode()))
 		return
 	}
@@ -170,35 +169,19 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 		name = fmt.Sprintf("%s (%s)", utils.Capitalize(strings.Split(user.Email, "@")[0]), strings.Split(user.Email, "@")[1])
 	}
-	var username string
+	controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
-
+		Username:    user.Email,
 	if user.PreferredUsername != "" {
 		log.Debug().Msg("Using preferred username from OAuth provider")
 		username = user.PreferredUsername
 	} else {
 		log.Debug().Msg("No preferred username from OAuth provider, using pseudo username")
 		username = strings.Replace(user.Email, "@", "_", -1)
 	}
 	err = controller.auth.CreateSessionCookie(c, &config.SessionCookie{
 		Username:    username,
 		Name:        name,
 		Email:       user.Email,
 		Provider:    req.Provider,
 		OAuthGroups: utils.CoalesceToString(user.Groups),
 	})
-	if err != nil {
+	redirectURI, err := c.Cookie(controller.Config.RedirectCookieName)
 		log.Error().Err(err).Msg("Failed to create session cookie")
 		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
 		return
 	}
-	redirectURI, err := c.Cookie(controller.config.RedirectCookieName)
+	if err != nil || !utils.IsRedirectSafe(redirectURI, controller.Config.Domain) {
 	if err != nil || !utils.IsRedirectSafe(redirectURI, controller.config.RootDomain) {
 		log.Debug().Msg("No redirect URI cookie found, redirecting to app root")
-		c.Redirect(http.StatusTemporaryRedirect, controller.config.AppURL)
+		c.Redirect(http.StatusTemporaryRedirect, controller.Config.AppURL)
 		return
 	}
@@ -208,10 +191,10 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to encode redirect URI query")
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
 		return
 	}
-	c.SetCookie(controller.config.RedirectCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.RootDomain), controller.config.SecureCookie, true)
+	c.SetCookie(controller.Config.RedirectCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.Config.Domain), controller.Config.SecureCookie, true)
-	c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/continue?%s", controller.config.AppURL, queries.Encode()))
+	c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/continue?%s", controller.Config.AppURL, queries.Encode()))
 }
--- a/internal/controller/proxy_controller.go
+++ b/internal/controller/proxy_controller.go
@@ -22,23 +22,23 @@ type ProxyControllerConfig struct {
 }
 type ProxyController struct {
-	config ProxyControllerConfig
+	Config ProxyControllerConfig
-	router *gin.RouterGroup
+	Router *gin.RouterGroup
-	docker *service.DockerService
+	Docker *service.DockerService
-	auth   *service.AuthService
+	Auth   *service.AuthService
 }
 func NewProxyController(config ProxyControllerConfig, router *gin.RouterGroup, docker *service.DockerService, auth *service.AuthService) *ProxyController {
 	return &ProxyController{
-		config: config,
+		Config: config,
-		router: router,
+		Router: router,
-		docker: docker,
+		Docker: docker,
-		auth:   auth,
+		Auth:   auth,
 	}
 }
 func (controller *ProxyController) SetupRoutes() {
-	proxyGroup := controller.router.Group("/auth")
+	proxyGroup := controller.Router.Group("/auth")
 	proxyGroup.GET("/:proxy", controller.proxyHandler)
 }
@@ -67,18 +67,43 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 	proto := c.Request.Header.Get("X-Forwarded-Proto")
 	host := c.Request.Header.Get("X-Forwarded-Host")
-	labels, err := controller.docker.GetLabels(host)
+	hostWithoutPort := strings.Split(host, ":")[0]
 	id := strings.Split(hostWithoutPort, ".")[0]
 	labels, err := controller.Docker.GetLabels(id, hostWithoutPort)
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to get labels from Docker")
-		controller.handleError(c, req, isBrowser)
+
 		if req.Proxy == "nginx" || !isBrowser {
 			c.JSON(500, gin.H{
 				"status":  500,
 				"message": "Internal Server Error",
 			})
 			return
 		}
 		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
 		return
 	}
 	clientIP := c.ClientIP()
-	if controller.auth.IsBypassedIP(labels.IP, clientIP) {
+	if controller.Auth.BypassedIP(labels, clientIP) {
-		controller.setHeaders(c, labels)
+		c.Header("Authorization", c.Request.Header.Get("Authorization"))
 		headers := utils.ParseHeaders(labels.Headers)
 		for key, value := range headers {
 			log.Debug().Str("header", key).Msg("Setting header")
 			c.Header(key, value)
 		}
 		if labels.Basic.Username != "" && utils.GetSecret(labels.Basic.Password.Plain, labels.Basic.Password.File) != "" {
 			log.Debug().Str("username", labels.Basic.Username).Msg("Setting basic auth header")
 			c.Header("Authorization", fmt.Sprintf("Basic %s", utils.GetBasicAuth(labels.Basic.Username, utils.GetSecret(labels.Basic.Password.Plain, labels.Basic.Password.File))))
 		}
 		c.JSON(200, gin.H{
 			"status":  200,
 			"message": "Authenticated",
@@ -86,25 +111,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		return
 	}
-	authEnabled, err := controller.auth.IsAuthEnabled(uri, labels.Path)
+	if !controller.Auth.CheckIP(labels, clientIP) {
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to check if auth is enabled for resource")
 		controller.handleError(c, req, isBrowser)
 		return
 	}
 	if !authEnabled {
 		log.Debug().Msg("Authentication disabled for resource, allowing access")
 		controller.setHeaders(c, labels)
 		c.JSON(200, gin.H{
 			"status":  200,
 			"message": "Authenticated",
 		})
 		return
 	}
 	if !controller.auth.CheckIP(labels.IP, clientIP) {
 		if req.Proxy == "nginx" || !isBrowser {
 			c.JSON(401, gin.H{
 				"status":  401,
@@ -120,11 +127,52 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		if err != nil {
 			log.Error().Err(err).Msg("Failed to encode unauthorized query")
-			c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+			c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
 			return
 		}
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.config.AppURL, queries.Encode()))
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.Config.AppURL, queries.Encode()))
 		return
 	}
 	authEnabled, err := controller.Auth.AuthEnabled(uri, labels)
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to check if auth is enabled for resource")
 		if req.Proxy == "nginx" || !isBrowser {
 			c.JSON(500, gin.H{
 				"status":  500,
 				"message": "Internal Server Error",
 			})
 			return
 		}
 		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
 		return
 	}
 	if !authEnabled {
 		log.Debug().Msg("Authentication disabled for resource, allowing access")
 		c.Header("Authorization", c.Request.Header.Get("Authorization"))
 		headers := utils.ParseHeaders(labels.Headers)
 		for key, value := range headers {
 			log.Debug().Str("header", key).Msg("Setting header")
 			c.Header(key, value)
 		}
 		if labels.Basic.Username != "" && utils.GetSecret(labels.Basic.Password.Plain, labels.Basic.Password.File) != "" {
 			log.Debug().Str("username", labels.Basic.Username).Msg("Setting basic auth header")
 			c.Header("Authorization", fmt.Sprintf("Basic %s", utils.GetBasicAuth(labels.Basic.Username, utils.GetSecret(labels.Basic.Password.Plain, labels.Basic.Password.File))))
 		}
 		c.JSON(200, gin.H{
 			"status":  200,
 			"message": "Authenticated",
 		})
 		return
 	}
@@ -147,7 +195,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 	}
 	if userContext.IsLoggedIn {
-		appAllowed := controller.auth.IsResourceAllowed(c, userContext, labels)
+		appAllowed := controller.Auth.ResourceAllowed(c, userContext, labels)
 		if !appAllowed {
 			log.Warn().Str("user", userContext.Username).Str("resource", strings.Split(host, ".")[0]).Msg("User not allowed to access resource")
@@ -164,24 +212,24 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 				Resource: strings.Split(host, ".")[0],
 			})
 			if err != nil {
 				log.Error().Err(err).Msg("Failed to encode unauthorized query")
 				c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
 				return
 			}
 			if userContext.OAuth {
 				queries.Set("username", userContext.Email)
 			} else {
 				queries.Set("username", userContext.Username)
 			}
-			c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.config.AppURL, queries.Encode()))
+			if err != nil {
 				log.Error().Err(err).Msg("Failed to encode unauthorized query")
 				c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
 				return
 			}
 			c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.Config.AppURL, queries.Encode()))
 			return
 		}
 		if userContext.OAuth {
-			groupOK := controller.auth.IsInOAuthGroup(c, userContext, labels.OAuth.Groups)
+			groupOK := controller.Auth.OAuthGroup(c, userContext, labels)
 			if !groupOK {
 				log.Warn().Str("user", userContext.Username).Str("resource", strings.Split(host, ".")[0]).Msg("User OAuth groups do not match resource requirements")
@@ -199,29 +247,40 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 					GroupErr: true,
 				})
 				if err != nil {
 					log.Error().Err(err).Msg("Failed to encode unauthorized query")
 					c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
 					return
 				}
 				if userContext.OAuth {
 					queries.Set("username", userContext.Email)
 				} else {
 					queries.Set("username", userContext.Username)
 				}
-				c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.config.AppURL, queries.Encode()))
+				if err != nil {
 					log.Error().Err(err).Msg("Failed to encode unauthorized query")
 					c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
 					return
 				}
 				c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.Config.AppURL, queries.Encode()))
 				return
 			}
 		}
 		c.Header("Authorization", c.Request.Header.Get("Authorization"))
 		c.Header("Remote-User", utils.SanitizeHeader(userContext.Username))
 		c.Header("Remote-Name", utils.SanitizeHeader(userContext.Name))
 		c.Header("Remote-Email", utils.SanitizeHeader(userContext.Email))
 		c.Header("Remote-Groups", utils.SanitizeHeader(userContext.OAuthGroups))
-		controller.setHeaders(c, labels)
+		headers := utils.ParseHeaders(labels.Headers)
 		for key, value := range headers {
 			log.Debug().Str("header", key).Msg("Setting header")
 			c.Header(key, value)
 		}
 		if labels.Basic.Username != "" && utils.GetSecret(labels.Basic.Password.Plain, labels.Basic.Password.File) != "" {
 			log.Debug().Str("username", labels.Basic.Username).Msg("Setting basic auth header")
 			c.Header("Authorization", fmt.Sprintf("Basic %s", utils.GetBasicAuth(labels.Basic.Username, utils.GetSecret(labels.Basic.Password.Plain, labels.Basic.Password.File))))
 		}
 		c.JSON(200, gin.H{
 			"status":  200,
@@ -244,39 +303,9 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to encode redirect URI query")
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
 		return
 	}
-	c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/login?%s", controller.config.AppURL, queries.Encode()))
+	c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/login?%s", controller.Config.AppURL, queries.Encode()))
 }
 func (controller *ProxyController) setHeaders(c *gin.Context, labels config.AppLabels) {
 	c.Header("Authorization", c.Request.Header.Get("Authorization"))
 	headers := utils.ParseHeaders(labels.Response.Headers)
 	for key, value := range headers {
 		log.Debug().Str("header", key).Msg("Setting header")
 		c.Header(key, value)
 	}
 	basicPassword := utils.GetSecret(labels.Response.BasicAuth.Password, labels.Response.BasicAuth.PasswordFile)
 	if labels.Response.BasicAuth.Username != "" && basicPassword != "" {
 		log.Debug().Str("username", labels.Response.BasicAuth.Username).Msg("Setting basic auth header")
 		c.Header("Authorization", fmt.Sprintf("Basic %s", utils.GetBasicAuth(labels.Response.BasicAuth.Username, basicPassword)))
 	}
 }
 func (controller *ProxyController) handleError(c *gin.Context, req Proxy, isBrowser bool) {
 	if req.Proxy == "nginx" || !isBrowser {
 		c.JSON(500, gin.H{
 			"status":  500,
 			"message": "Internal Server Error",
 		})
 		return
 	}
 	c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
 }
--- a/internal/controller/resources_controller.go
+++ b/internal/controller/resources_controller.go
@@ -11,32 +11,32 @@ type ResourcesControllerConfig struct {
 }
 type ResourcesController struct {
-	config     ResourcesControllerConfig
+	Config     ResourcesControllerConfig
-	router     *gin.RouterGroup
+	Router     *gin.RouterGroup
-	fileServer http.Handler
+	FileServer http.Handler
 }
 func NewResourcesController(config ResourcesControllerConfig, router *gin.RouterGroup) *ResourcesController {
 	fileServer := http.StripPrefix("/resources", http.FileServer(http.Dir(config.ResourcesDir)))
 	return &ResourcesController{
-		config:     config,
+		Config:     config,
-		router:     router,
+		Router:     router,
-		fileServer: fileServer,
+		FileServer: fileServer,
 	}
 }
 func (controller *ResourcesController) SetupRoutes() {
-	controller.router.GET("/resources/*resource", controller.resourcesHandler)
+	controller.Router.GET("/resources/*resource", controller.resourcesHandler)
 }
 func (controller *ResourcesController) resourcesHandler(c *gin.Context) {
-	if controller.config.ResourcesDir == "" {
+	if controller.Config.ResourcesDir == "" {
 		c.JSON(404, gin.H{
 			"status":  404,
 			"message": "Resources not found",
 		})
 		return
 	}
-	controller.fileServer.ServeHTTP(c.Writer, c.Request)
+	controller.FileServer.ServeHTTP(c.Writer, c.Request)
 }
--- a/internal/controller/user_controller.go
+++ b/internal/controller/user_controller.go
@@ -22,25 +22,25 @@ type TotpRequest struct {
 }
 type UserControllerConfig struct {
-	RootDomain string
+	Domain string
 }
 type UserController struct {
-	config UserControllerConfig
+	Config UserControllerConfig
-	router *gin.RouterGroup
+	Router *gin.RouterGroup
-	auth   *service.AuthService
+	Auth   *service.AuthService
 }
 func NewUserController(config UserControllerConfig, router *gin.RouterGroup, auth *service.AuthService) *UserController {
 	return &UserController{
-		config: config,
+		Config: config,
-		router: router,
+		Router: router,
-		auth:   auth,
+		Auth:   auth,
 	}
 }
 func (controller *UserController) SetupRoutes() {
-	userGroup := controller.router.Group("/user")
+	userGroup := controller.Router.Group("/user")
 	userGroup.POST("/login", controller.loginHandler)
 	userGroup.POST("/logout", controller.logoutHandler)
 	userGroup.POST("/totp", controller.totpHandler)
@@ -69,7 +69,7 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 	log.Debug().Str("username", req.Username).Str("ip", clientIP).Msg("Login attempt")
-	isLocked, remainingTime := controller.auth.IsAccountLocked(rateIdentifier)
+	isLocked, remainingTime := controller.Auth.IsAccountLocked(rateIdentifier)
 	if isLocked {
 		log.Warn().Str("username", req.Username).Str("ip", clientIP).Msg("Account is locked due to too many failed login attempts")
@@ -80,11 +80,11 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 		return
 	}
-	userSearch := controller.auth.SearchUser(req.Username)
+	userSearch := controller.Auth.SearchUser(req.Username)
-	if userSearch.Type == "unknown" {
+	if userSearch.Type == "" {
 		log.Warn().Str("username", req.Username).Str("ip", clientIP).Msg("User not found")
-		controller.auth.RecordLoginAttempt(rateIdentifier, false)
+		controller.Auth.RecordLoginAttempt(rateIdentifier, false)
 		c.JSON(401, gin.H{
 			"status":  401,
 			"message": "Unauthorized",
@@ -92,9 +92,9 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 		return
 	}
-	if !controller.auth.VerifyUser(userSearch, req.Password) {
+	if !controller.Auth.VerifyUser(userSearch, req.Password) {
 		log.Warn().Str("username", req.Username).Str("ip", clientIP).Msg("Invalid password")
-		controller.auth.RecordLoginAttempt(rateIdentifier, false)
+		controller.Auth.RecordLoginAttempt(rateIdentifier, false)
 		c.JSON(401, gin.H{
 			"status":  401,
 			"message": "Unauthorized",
@@ -104,18 +104,18 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 	log.Info().Str("username", req.Username).Str("ip", clientIP).Msg("Login successful")
-	controller.auth.RecordLoginAttempt(rateIdentifier, true)
+	controller.Auth.RecordLoginAttempt(rateIdentifier, true)
 	if userSearch.Type == "local" {
-		user := controller.auth.GetLocalUser(userSearch.Username)
+		user := controller.Auth.GetLocalUser(userSearch.Username)
 		if user.TotpSecret != "" {
 			log.Debug().Str("username", req.Username).Msg("User has TOTP enabled, requiring TOTP verification")
-			err := controller.auth.CreateSessionCookie(c, &config.SessionCookie{
+			err := controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
 				Username:    user.Username,
 				Name:        utils.Capitalize(req.Username),
-				Email:       fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.config.RootDomain),
+				Email:       fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.Config.Domain),
 				Provider:    "username",
 				TotpPending: true,
 			})
@@ -138,10 +138,10 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 		}
 	}
-	err = controller.auth.CreateSessionCookie(c, &config.SessionCookie{
+	err = controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
 		Username: req.Username,
 		Name:     utils.Capitalize(req.Username),
-		Email:    fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.config.RootDomain),
+		Email:    fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.Config.Domain),
 		Provider: "username",
 	})
@@ -163,7 +163,7 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 func (controller *UserController) logoutHandler(c *gin.Context) {
 	log.Debug().Msg("Logout request received")
-	controller.auth.DeleteSessionCookie(c)
+	controller.Auth.DeleteSessionCookie(c)
 	c.JSON(200, gin.H{
 		"status":  200,
@@ -214,24 +214,24 @@ func (controller *UserController) totpHandler(c *gin.Context) {
 	log.Debug().Str("username", context.Username).Str("ip", clientIP).Msg("TOTP verification attempt")
-	isLocked, remainingTime := controller.auth.IsAccountLocked(rateIdentifier)
+	isLocked, remainingTime := controller.Auth.IsAccountLocked(rateIdentifier)
 	if isLocked {
 		log.Warn().Str("username", context.Username).Str("ip", clientIP).Msg("Account is locked due to too many failed TOTP attempts")
 		c.JSON(429, gin.H{
 			"status":  429,
-			"message": fmt.Sprintf("Too many failed TOTP attempts. Try again in %d seconds", remainingTime),
+			"message": fmt.Sprintf("Too many failed login attempts. Try again in %d seconds", remainingTime),
 		})
 		return
 	}
-	user := controller.auth.GetLocalUser(context.Username)
+	user := controller.Auth.GetLocalUser(context.Username)
 	ok := totp.Validate(req.Code, user.TotpSecret)
 	if !ok {
 		log.Warn().Str("username", context.Username).Str("ip", clientIP).Msg("Invalid TOTP code")
-		controller.auth.RecordLoginAttempt(rateIdentifier, false)
+		controller.Auth.RecordLoginAttempt(rateIdentifier, false)
 		c.JSON(401, gin.H{
 			"status":  401,
 			"message": "Unauthorized",
@@ -241,12 +241,12 @@ func (controller *UserController) totpHandler(c *gin.Context) {
 	log.Info().Str("username", context.Username).Str("ip", clientIP).Msg("TOTP verification successful")
-	controller.auth.RecordLoginAttempt(rateIdentifier, true)
+	controller.Auth.RecordLoginAttempt(rateIdentifier, true)
-	err = controller.auth.CreateSessionCookie(c, &config.SessionCookie{
+	err = controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
 		Username: user.Username,
 		Name:     utils.Capitalize(user.Username),
-		Email:    fmt.Sprintf("%s@%s", strings.ToLower(user.Username), controller.config.RootDomain),
+		Email:    fmt.Sprintf("%s@%s", strings.ToLower(user.Username), controller.Config.Domain),
 		Provider: "username",
 	})
--- a/internal/middleware/context_middleware.go
+++ b/internal/middleware/context_middleware.go
@@ -12,20 +12,20 @@ import (
 )
 type ContextMiddlewareConfig struct {
-	RootDomain string
+	Domain string
 }
 type ContextMiddleware struct {
-	config ContextMiddlewareConfig
+	Config ContextMiddlewareConfig
-	auth   *service.AuthService
+	Auth   *service.AuthService
-	broker *service.OAuthBrokerService
+	Broker *service.OAuthBrokerService
 }
 func NewContextMiddleware(config ContextMiddlewareConfig, auth *service.AuthService, broker *service.OAuthBrokerService) *ContextMiddleware {
 	return &ContextMiddleware{
-		config: config,
+		Config: config,
-		auth:   auth,
+		Auth:   auth,
-		broker: broker,
+		Broker: broker,
 	}
 }
@@ -35,7 +35,7 @@ func (m *ContextMiddleware) Init() error {
 func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		cookie, err := m.auth.GetSessionCookie(c)
+		cookie, err := m.Auth.GetSessionCookie(c)
 		if err != nil {
 			log.Debug().Err(err).Msg("No valid session cookie found")
@@ -57,11 +57,11 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 		switch cookie.Provider {
 		case "username":
-			userSearch := m.auth.SearchUser(cookie.Username)
+			userSearch := m.Auth.SearchUser(cookie.Username)
-			if userSearch.Type == "unknown" || userSearch.Type == "error" {
+			if userSearch.Type == "unknown" {
 				log.Debug().Msg("User from session cookie not found")
-				m.auth.DeleteSessionCookie(c)
+				m.Auth.DeleteSessionCookie(c)
 				goto basic
 			}
@@ -75,17 +75,17 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 			c.Next()
 			return
 		default:
-			_, exists := m.broker.GetService(cookie.Provider)
+			_, exists := m.Broker.GetService(cookie.Provider)
 			if !exists {
 				log.Debug().Msg("OAuth provider from session cookie not found")
-				m.auth.DeleteSessionCookie(c)
+				m.Auth.DeleteSessionCookie(c)
 				goto basic
 			}
-			if !m.auth.IsEmailWhitelisted(cookie.Email) {
+			if !m.Auth.EmailWhitelisted(cookie.Email) {
 				log.Debug().Msg("Email from session cookie not whitelisted")
-				m.auth.DeleteSessionCookie(c)
+				m.Auth.DeleteSessionCookie(c)
 				goto basic
 			}
@@ -103,7 +103,7 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 		}
 	basic:
-		basic := m.auth.GetBasicAuth(c)
+		basic := m.Auth.GetBasicAuth(c)
 		if basic == nil {
 			log.Debug().Msg("No basic auth provided")
@@ -111,15 +111,15 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 			return
 		}
-		userSearch := m.auth.SearchUser(basic.Username)
+		userSearch := m.Auth.SearchUser(basic.Username)
-		if userSearch.Type == "unknown" || userSearch.Type == "error" {
+		if userSearch.Type == "unknown" {
 			log.Debug().Msg("User from basic auth not found")
 			c.Next()
 			return
 		}
-		if !m.auth.VerifyUser(userSearch, basic.Password) {
+		if !m.Auth.VerifyUser(userSearch, basic.Password) {
 			log.Debug().Msg("Invalid password for basic auth user")
 			c.Next()
 			return
@@ -129,12 +129,12 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 		case "local":
 			log.Debug().Msg("Basic auth user is local")
-			user := m.auth.GetLocalUser(basic.Username)
+			user := m.Auth.GetLocalUser(basic.Username)
 			c.Set("context", &config.UserContext{
 				Username:    user.Username,
 				Name:        utils.Capitalize(user.Username),
-				Email:       fmt.Sprintf("%s@%s", strings.ToLower(user.Username), m.config.RootDomain),
+				Email:       fmt.Sprintf("%s@%s", strings.ToLower(user.Username), m.Config.Domain),
 				Provider:    "basic",
 				IsLoggedIn:  true,
 				TotpEnabled: user.TotpSecret != "",
@@ -146,7 +146,7 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 			c.Set("context", &config.UserContext{
 				Username:   basic.Username,
 				Name:       utils.Capitalize(basic.Username),
-				Email:      fmt.Sprintf("%s@%s", strings.ToLower(basic.Username), m.config.RootDomain),
+				Email:      fmt.Sprintf("%s@%s", strings.ToLower(basic.Username), m.Config.Domain),
 				Provider:   "basic",
 				IsLoggedIn: true,
 			})
--- a/internal/middleware/ui_middleware.go
+++ b/internal/middleware/ui_middleware.go
@@ -11,8 +11,8 @@ import (
 )
 type UIMiddleware struct {
-	uiFs         fs.FS
+	UIFS         fs.FS
-	uiFileServer http.Handler
+	UIFileServer http.Handler
 }
 func NewUIMiddleware() *UIMiddleware {
@@ -26,8 +26,8 @@ func (m *UIMiddleware) Init() error {
 		return err
 	}
-	m.uiFs = ui
+	m.UIFS = ui
-	m.uiFileServer = http.FileServer(http.FS(ui))
+	m.UIFileServer = http.FileServer(http.FS(ui))
 	return nil
 }
@@ -42,13 +42,13 @@ func (m *UIMiddleware) Middleware() gin.HandlerFunc {
 			c.Next()
 			return
 		default:
-			_, err := fs.Stat(m.uiFs, strings.TrimPrefix(c.Request.URL.Path, "/"))
+			_, err := fs.Stat(m.UIFS, strings.TrimPrefix(c.Request.URL.Path, "/"))
 			if os.IsNotExist(err) {
 				c.Request.URL.Path = "/"
 			}
-			m.uiFileServer.ServeHTTP(c.Writer, c.Request)
+			m.UIFileServer.ServeHTTP(c.Writer, c.Request)
 			c.Abort()
 			return
 		}
--- a/internal/middleware/zerolog_middleware.go
+++ b/internal/middleware/zerolog_middleware.go
@@ -49,24 +49,18 @@ func (m *ZerologMiddleware) Middleware() gin.HandlerFunc {
 		latency := time.Since(tStart).String()
-		subLogger := log.With().Str("method", method).
+		// logPath check if the path should be logged normally or with debug
 			Str("path", path).
 			Str("address", address).
 			Str("client_ip", clientIP).
 			Int("status", code).
 			Str("latency", latency).Logger()
 		if m.logPath(method + " " + path) {
 			switch {
-			case code >= 400 && code < 500:
+			case code >= 200 && code < 300:
-				subLogger.Warn().Msg("Client Error")
+				log.Info().Str("method", method).Str("path", path).Str("address", address).Str("clientIp", clientIP).Int("status", code).Str("latency", latency).Msg("Request")
-			case code >= 500:
+			case code >= 300 && code < 400:
-				subLogger.Error().Msg("Server Error")
+				log.Warn().Str("method", method).Str("path", path).Str("address", address).Str("clientIp", clientIP).Int("status", code).Str("latency", latency).Msg("Request")
-			default:
+			case code >= 400:
-				subLogger.Info().Msg("Request")
+				log.Error().Str("method", method).Str("path", path).Str("address", address).Str("clientIp", clientIP).Int("status", code).Str("latency", latency).Msg("Request")
 			}
 		} else {
-			subLogger.Debug().Msg("Request")
+			log.Debug().Str("method", method).Str("path", path).Str("address", address).Int("status", code).Str("latency", latency).Msg("Request")
 		}
 	}
 }
--- a/internal/model/session_model.go
+++ b/internal/model/session_model.go
@@ -1,12 +0,0 @@
 package model
 type Session struct {
 	UUID        string `gorm:"column:uuid;primaryKey"`
 	Username    string `gorm:"column:username"`
 	Email       string `gorm:"column:email"`
 	Name        string `gorm:"column:name"`
 	Provider    string `gorm:"column:provider"`
 	TOTPPending bool   `gorm:"column:totp_pending"`
 	OAuthGroups string `gorm:"column:oauth_groups"`
 	Expiry      int64  `gorm:"column:expiry"`
 }
--- a/internal/service/auth_service.go
+++ b/internal/service/auth_service.go
@@ -7,14 +7,12 @@ import (
 	"sync"
 	"time"
 	"tinyauth/internal/config"
 	"tinyauth/internal/model"
 	"tinyauth/internal/utils"
 	"github.com/gin-gonic/gin"
-	"github.com/google/uuid"
+	"github.com/gorilla/sessions"
 	"github.com/rs/zerolog/log"
 	"golang.org/x/crypto/bcrypt"
 	"gorm.io/gorm"
 )
 type LoginAttempt struct {
@@ -28,35 +26,62 @@ type AuthServiceConfig struct {
 	OauthWhitelist    string
 	SessionExpiry     int
 	SecureCookie      bool
-	RootDomain        string
+	Domain            string
 	LoginTimeout      int
 	LoginMaxRetries   int
 	SessionCookieName string
 	HMACSecret        string
 	EncryptionSecret  string
 }
 type AuthService struct {
-	config        AuthServiceConfig
+	Config        AuthServiceConfig
-	docker        *DockerService
+	Docker        *DockerService
-	loginAttempts map[string]*LoginAttempt
+	LoginAttempts map[string]*LoginAttempt
-	loginMutex    sync.RWMutex
+	LoginMutex    sync.RWMutex
-	ldap          *LdapService
+	Store         *sessions.CookieStore
-	database      *gorm.DB
+	LDAP          *LdapService
 }
-func NewAuthService(config AuthServiceConfig, docker *DockerService, ldap *LdapService, database *gorm.DB) *AuthService {
+func NewAuthService(config AuthServiceConfig, docker *DockerService, ldap *LdapService) *AuthService {
 	return &AuthService{
-		config:        config,
+		Config:        config,
-		docker:        docker,
+		Docker:        docker,
-		loginAttempts: make(map[string]*LoginAttempt),
+		LoginAttempts: make(map[string]*LoginAttempt),
-		ldap:          ldap,
+		LDAP:          ldap,
 		database:      database,
 	}
 }
 func (auth *AuthService) Init() error {
 	store := sessions.NewCookieStore([]byte(auth.Config.HMACSecret), []byte(auth.Config.EncryptionSecret))
 	store.Options = &sessions.Options{
 		Path:     "/",
 		MaxAge:   auth.Config.SessionExpiry,
 		Secure:   auth.Config.SecureCookie,
 		HttpOnly: true,
 		Domain:   fmt.Sprintf(".%s", auth.Config.Domain),
 	}
 	auth.Store = store
 	return nil
 }
 func (auth *AuthService) GetSession(c *gin.Context) (*sessions.Session, error) {
 	session, err := auth.Store.Get(c.Request, auth.Config.SessionCookieName)
 	// If there was an error getting the session, it might be invalid so let's clear it and retry
 	if err != nil {
 		log.Debug().Err(err).Msg("Error getting session, creating a new one")
 		c.SetCookie(auth.Config.SessionCookieName, "", -1, "/", fmt.Sprintf(".%s", auth.Config.Domain), auth.Config.SecureCookie, true)
 		session, err = auth.Store.New(c.Request, auth.Config.SessionCookieName)
 		if err != nil {
 			return nil, err
 		}
 	}
 	return session, nil
 }
 func (auth *AuthService) SearchUser(username string) config.UserSearch {
 	if auth.GetLocalUser(username).Username != "" {
 		return config.UserSearch{
@@ -65,14 +90,12 @@ func (auth *AuthService) SearchUser(username string) config.UserSearch {
 		}
 	}
-	if auth.ldap != nil {
+	if auth.LDAP != nil {
-		userDN, err := auth.ldap.Search(username)
+		userDN, err := auth.LDAP.Search(username)
 		if err != nil {
 			log.Warn().Err(err).Str("username", username).Msg("Failed to search for user in LDAP")
-			return config.UserSearch{
+			return config.UserSearch{}
 				Type: "error",
 			}
 		}
 		return config.UserSearch{
@@ -92,14 +115,14 @@ func (auth *AuthService) VerifyUser(search config.UserSearch, password string) b
 		user := auth.GetLocalUser(search.Username)
 		return auth.CheckPassword(user, password)
 	case "ldap":
-		if auth.ldap != nil {
+		if auth.LDAP != nil {
-			err := auth.ldap.Bind(search.Username, password)
+			err := auth.LDAP.Bind(search.Username, password)
 			if err != nil {
 				log.Warn().Err(err).Str("username", search.Username).Msg("Failed to bind to LDAP")
 				return false
 			}
-			err = auth.ldap.Bind(auth.ldap.Config.BindDN, auth.ldap.Config.BindPassword)
+			err = auth.LDAP.Bind(auth.LDAP.Config.BindDN, auth.LDAP.Config.BindPassword)
 			if err != nil {
 				log.Error().Err(err).Msg("Failed to rebind with service account after user authentication")
 				return false
@@ -117,7 +140,7 @@ func (auth *AuthService) VerifyUser(search config.UserSearch, password string) b
 }
 func (auth *AuthService) GetLocalUser(username string) config.User {
-	for _, user := range auth.config.Users {
+	for _, user := range auth.Config.Users {
 		if user.Username == username {
 			return user
 		}
@@ -132,178 +155,178 @@ func (auth *AuthService) CheckPassword(user config.User, password string) bool {
 }
 func (auth *AuthService) IsAccountLocked(identifier string) (bool, int) {
-	auth.loginMutex.RLock()
+	auth.LoginMutex.RLock()
-	defer auth.loginMutex.RUnlock()
+	defer auth.LoginMutex.RUnlock()
-	if auth.config.LoginMaxRetries <= 0 || auth.config.LoginTimeout <= 0 {
+	// Return false if rate limiting is not configured
 	if auth.Config.LoginMaxRetries <= 0 || auth.Config.LoginTimeout <= 0 {
 		return false, 0
 	}
-	attempt, exists := auth.loginAttempts[identifier]
+	// Check if the identifier exists in the map
 	attempt, exists := auth.LoginAttempts[identifier]
 	if !exists {
 		return false, 0
 	}
 	// If account is locked, check if lock time has expired
 	if attempt.LockedUntil.After(time.Now()) {
 		// Calculate remaining lockout time in seconds
 		remaining := int(time.Until(attempt.LockedUntil).Seconds())
 		return true, remaining
 	}
 	// Lock has expired
 	return false, 0
 }
 func (auth *AuthService) RecordLoginAttempt(identifier string, success bool) {
-	if auth.config.LoginMaxRetries <= 0 || auth.config.LoginTimeout <= 0 {
+	// Skip if rate limiting is not configured
 	if auth.Config.LoginMaxRetries <= 0 || auth.Config.LoginTimeout <= 0 {
 		return
 	}
-	auth.loginMutex.Lock()
+	auth.LoginMutex.Lock()
-	defer auth.loginMutex.Unlock()
+	defer auth.LoginMutex.Unlock()
-	attempt, exists := auth.loginAttempts[identifier]
+	// Get current attempt record or create a new one
 	attempt, exists := auth.LoginAttempts[identifier]
 	if !exists {
 		attempt = &LoginAttempt{}
-		auth.loginAttempts[identifier] = attempt
+		auth.LoginAttempts[identifier] = attempt
 	}
 	// Update last attempt time
 	attempt.LastAttempt = time.Now()
 	// If successful login, reset failed attempts
 	if success {
 		attempt.FailedAttempts = 0
 		attempt.LockedUntil = time.Time{} // Reset lock time
 		return
 	}
 	// Increment failed attempts
 	attempt.FailedAttempts++
-	if attempt.FailedAttempts >= auth.config.LoginMaxRetries {
+	// If max retries reached, lock the account
-		attempt.LockedUntil = time.Now().Add(time.Duration(auth.config.LoginTimeout) * time.Second)
+	if attempt.FailedAttempts >= auth.Config.LoginMaxRetries {
-		log.Warn().Str("identifier", identifier).Int("timeout", auth.config.LoginTimeout).Msg("Account locked due to too many failed login attempts")
+		attempt.LockedUntil = time.Now().Add(time.Duration(auth.Config.LoginTimeout) * time.Second)
 		log.Warn().Str("identifier", identifier).Int("timeout", auth.Config.LoginTimeout).Msg("Account locked due to too many failed login attempts")
 	}
 }
-func (auth *AuthService) IsEmailWhitelisted(email string) bool {
+func (auth *AuthService) EmailWhitelisted(email string) bool {
-	return utils.CheckFilter(auth.config.OauthWhitelist, email)
+	return utils.CheckFilter(auth.Config.OauthWhitelist, email)
 }
 func (auth *AuthService) CreateSessionCookie(c *gin.Context, data *config.SessionCookie) error {
-	uuid, err := uuid.NewRandom()
+	session, err := auth.GetSession(c)
 	if err != nil {
 		return err
 	}
-	var expiry int
+	var sessionExpiry int
 	if data.TotpPending {
-		expiry = 3600
+		sessionExpiry = 3600
 	} else {
-		expiry = auth.config.SessionExpiry
+		sessionExpiry = auth.Config.SessionExpiry
 	}
-	session := model.Session{
+	session.Values["username"] = data.Username
-		UUID:        uuid.String(),
+	session.Values["name"] = data.Name
-		Username:    data.Username,
+	session.Values["email"] = data.Email
-		Email:       data.Email,
+	session.Values["provider"] = data.Provider
-		Name:        data.Name,
+	session.Values["expiry"] = time.Now().Add(time.Duration(sessionExpiry) * time.Second).Unix()
-		Provider:    data.Provider,
+	session.Values["totpPending"] = data.TotpPending
-		TOTPPending: data.TotpPending,
+	session.Values["oauthGroups"] = data.OAuthGroups
 		OAuthGroups: data.OAuthGroups,
 		Expiry:      time.Now().Add(time.Duration(expiry) * time.Second).Unix(),
 	}
 	err = auth.database.Create(&session).Error
 	err = session.Save(c.Request, c.Writer)
 	if err != nil {
 		return err
 	}
 	c.SetCookie(auth.config.SessionCookieName, session.UUID, expiry, "/", fmt.Sprintf(".%s", auth.config.RootDomain), auth.config.SecureCookie, true)
 	return nil
 }
 func (auth *AuthService) DeleteSessionCookie(c *gin.Context) error {
-	cookie, err := c.Cookie(auth.config.SessionCookieName)
+	session, err := auth.GetSession(c)
 	if err != nil {
 		return err
 	}
-	res := auth.database.Unscoped().Where("uuid = ?", cookie).Delete(&model.Session{})
+	// Delete all values in the session
-
+	for key := range session.Values {
-	if res.Error != nil {
+		delete(session.Values, key)
 		return res.Error
 	}
-	c.SetCookie(auth.config.SessionCookieName, "", -1, "/", fmt.Sprintf(".%s", auth.config.RootDomain), auth.config.SecureCookie, true)
+	err = session.Save(c.Request, c.Writer)
 	if err != nil {
 		return err
 	}
 	// Clear the cookie in the browser
 	c.SetCookie(auth.Config.SessionCookieName, "", -1, "/", fmt.Sprintf(".%s", auth.Config.Domain), auth.Config.SecureCookie, true)
 	return nil
 }
 func (auth *AuthService) GetSessionCookie(c *gin.Context) (config.SessionCookie, error) {
-	cookie, err := c.Cookie(auth.config.SessionCookieName)
+	session, err := auth.GetSession(c)
 	if err != nil {
 		return config.SessionCookie{}, err
 	}
-	var session model.Session
+	username, usernameOk := session.Values["username"].(string)
 	email, emailOk := session.Values["email"].(string)
 	name, nameOk := session.Values["name"].(string)
 	provider, providerOK := session.Values["provider"].(string)
 	expiry, expiryOk := session.Values["expiry"].(int64)
 	totpPending, totpPendingOk := session.Values["totpPending"].(bool)
 	oauthGroups, oauthGroupsOk := session.Values["oauthGroups"].(string)
-	res := auth.database.Unscoped().Where("uuid = ?", cookie).First(&session)
+	// If any data is missing, delete the session cookie
-
+	if !usernameOk || !providerOK || !expiryOk || !totpPendingOk || !emailOk || !nameOk || !oauthGroupsOk {
-	if res.Error != nil {
+		log.Warn().Msg("Session cookie is invalid")
-		return config.SessionCookie{}, res.Error
+		auth.DeleteSessionCookie(c)
 		return config.SessionCookie{}, nil
 	}
-	if res.RowsAffected == 0 {
+	// If the session cookie has expired, delete it
-		return config.SessionCookie{}, fmt.Errorf("session not found")
+	if time.Now().Unix() > expiry {
-	}
+		log.Warn().Msg("Session cookie expired")
-
+		auth.DeleteSessionCookie(c)
-	currentTime := time.Now().Unix()
+		return config.SessionCookie{}, nil
 	if currentTime > session.Expiry {
 		res := auth.database.Unscoped().Where("uuid = ?", session.UUID).Delete(&model.Session{})
 		if res.Error != nil {
 			log.Error().Err(res.Error).Msg("Failed to delete expired session")
 		}
 		return config.SessionCookie{}, fmt.Errorf("session expired")
 	}
 	return config.SessionCookie{
-		UUID:        session.UUID,
+		Username:    username,
-		Username:    session.Username,
+		Name:        name,
-		Email:       session.Email,
+		Email:       email,
-		Name:        session.Name,
+		Provider:    provider,
-		Provider:    session.Provider,
+		TotpPending: totpPending,
-		TotpPending: session.TOTPPending,
+		OAuthGroups: oauthGroups,
 		OAuthGroups: session.OAuthGroups,
 	}, nil
 }
 func (auth *AuthService) UserAuthConfigured() bool {
-	return len(auth.config.Users) > 0 || auth.ldap != nil
+	// If there are users or LDAP is configured, return true
 	return len(auth.Config.Users) > 0 || auth.LDAP != nil
 }
-func (auth *AuthService) IsResourceAllowed(c *gin.Context, context config.UserContext, labels config.AppLabels) bool {
+func (auth *AuthService) ResourceAllowed(c *gin.Context, context config.UserContext, labels config.Labels) bool {
 	if context.OAuth {
 		log.Debug().Msg("Checking OAuth whitelist")
 		return utils.CheckFilter(labels.OAuth.Whitelist, context.Email)
 	}
 	if labels.Users.Block != "" {
 		log.Debug().Msg("Checking blocked users")
 		if utils.CheckFilter(labels.Users.Block, context.Username) {
 			return false
 		}
 	}
 	log.Debug().Msg("Checking users")
-	return utils.CheckFilter(labels.Users.Allow, context.Username)
+	return utils.CheckFilter(labels.Users, context.Username)
 }
-func (auth *AuthService) IsInOAuthGroup(c *gin.Context, context config.UserContext, requiredGroups string) bool {
+func (auth *AuthService) OAuthGroup(c *gin.Context, context config.UserContext, labels config.Labels) bool {
-	if requiredGroups == "" {
+	if labels.OAuth.Groups == "" {
 		return true
 	}
@@ -312,43 +335,39 @@ func (auth *AuthService) IsInOAuthGroup(c *gin.Context, context config.UserConte
 		return true
 	}
-	for _, userGroup := range strings.Split(context.OAuthGroups, ",") {
+	// Split the groups by comma (no need to parse since they are from the API response)
-		if utils.CheckFilter(requiredGroups, strings.TrimSpace(userGroup)) {
+	oauthGroups := strings.Split(context.OAuthGroups, ",")
 	// For every group check if it is in the required groups
 	for _, group := range oauthGroups {
 		if utils.CheckFilter(labels.OAuth.Groups, group) {
 			return true
 		}
 	}
 	// No groups matched
 	log.Debug().Msg("No groups matched")
 	return false
 }
-func (auth *AuthService) IsAuthEnabled(uri string, path config.PathLabels) (bool, error) {
+func (auth *AuthService) AuthEnabled(uri string, labels config.Labels) (bool, error) {
-	// Check for block list
+	// If the label is empty, auth is enabled
-	if path.Block != "" {
+	if labels.Allowed == "" {
-		regex, err := regexp.Compile(path.Block)
+		return true, nil
 		if err != nil {
 			return true, err
 		}
 		if !regex.MatchString(uri) {
 			return false, nil
 		}
 	}
-	// Check for allow list
+	regex, err := regexp.Compile(labels.Allowed)
 	if path.Allow != "" {
 		regex, err := regexp.Compile(path.Allow)
-		if err != nil {
+	if err != nil {
-			return true, err
+		return true, err
 		}
 		if regex.MatchString(uri) {
 			return false, nil
 		}
 	}
 	// If the regex matches the URI, auth is not enabled
 	if regex.MatchString(uri) {
 		return false, nil
 	}
 	// Auth enabled
 	return true, nil
 }
@@ -364,8 +383,9 @@ func (auth *AuthService) GetBasicAuth(c *gin.Context) *config.User {
 	}
 }
-func (auth *AuthService) CheckIP(labels config.IPLabels, ip string) bool {
+func (auth *AuthService) CheckIP(labels config.Labels, ip string) bool {
-	for _, blocked := range labels.Block {
+	// Check if the IP is in block list
 	for _, blocked := range labels.IP.Block {
 		res, err := utils.FilterIP(blocked, ip)
 		if err != nil {
 			log.Warn().Err(err).Str("item", blocked).Msg("Invalid IP/CIDR in block list")
@@ -377,7 +397,8 @@ func (auth *AuthService) CheckIP(labels config.IPLabels, ip string) bool {
 		}
 	}
-	for _, allowed := range labels.Allow {
+	// For every IP in the allow list, check if the IP matches
 	for _, allowed := range labels.IP.Allow {
 		res, err := utils.FilterIP(allowed, ip)
 		if err != nil {
 			log.Warn().Err(err).Str("item", allowed).Msg("Invalid IP/CIDR in allow list")
@@ -389,7 +410,8 @@ func (auth *AuthService) CheckIP(labels config.IPLabels, ip string) bool {
 		}
 	}
-	if len(labels.Allow) > 0 {
+	// If not in allowed range and allowed range is not empty, deny access
 	if len(labels.IP.Allow) > 0 {
 		log.Debug().Str("ip", ip).Msg("IP not in allow list, denying access")
 		return false
 	}
@@ -398,8 +420,9 @@ func (auth *AuthService) CheckIP(labels config.IPLabels, ip string) bool {
 	return true
 }
-func (auth *AuthService) IsBypassedIP(labels config.IPLabels, ip string) bool {
+func (auth *AuthService) BypassedIP(labels config.Labels, ip string) bool {
-	for _, bypassed := range labels.Bypass {
+	// For every IP in the bypass list, check if the IP matches
 	for _, bypassed := range labels.IP.Bypass {
 		res, err := utils.FilterIP(bypassed, ip)
 		if err != nil {
 			log.Warn().Err(err).Str("item", bypassed).Msg("Invalid IP/CIDR in bypass list")
--- a/internal/service/database_service.go
+++ b/internal/service/database_service.go
@@ -1,78 +0,0 @@
 package service
 import (
 	"database/sql"
 	"tinyauth/internal/assets"
 	"github.com/glebarez/sqlite"
 	"github.com/golang-migrate/migrate/v4"
 	sqliteMigrate "github.com/golang-migrate/migrate/v4/database/sqlite3"
 	"github.com/golang-migrate/migrate/v4/source/iofs"
 	"gorm.io/gorm"
 )
 type DatabaseServiceConfig struct {
 	DatabasePath string
 }
 type DatabaseService struct {
 	config   DatabaseServiceConfig
 	database *gorm.DB
 }
 func NewDatabaseService(config DatabaseServiceConfig) *DatabaseService {
 	return &DatabaseService{
 		config: config,
 	}
 }
 func (ds *DatabaseService) Init() error {
 	gormDB, err := gorm.Open(sqlite.Open(ds.config.DatabasePath), &gorm.Config{})
 	if err != nil {
 		return err
 	}
 	sqlDB, err := gormDB.DB()
 	if err != nil {
 		return err
 	}
 	sqlDB.SetMaxOpenConns(1)
 	err = ds.migrateDatabase(sqlDB)
 	if err != nil && err != migrate.ErrNoChange {
 		return err
 	}
 	ds.database = gormDB
 	return nil
 }
 func (ds *DatabaseService) migrateDatabase(sqlDB *sql.DB) error {
 	data, err := iofs.New(assets.Migrations, "migrations")
 	if err != nil {
 		return err
 	}
 	target, err := sqliteMigrate.WithInstance(sqlDB, &sqliteMigrate.Config{})
 	if err != nil {
 		return err
 	}
 	migrator, err := migrate.NewWithInstance("iofs", data, "tinyauth", target)
 	if err != nil {
 		return err
 	}
 	return migrator.Up()
 }
 func (ds *DatabaseService) GetDatabase() *gorm.DB {
 	return ds.database
 }
--- a/internal/service/docker_service.go
+++ b/internal/service/docker_service.go
@@ -6,14 +6,16 @@ import (
 	"tinyauth/internal/config"
 	"tinyauth/internal/utils"
 	"slices"
 	container "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/client"
 	"github.com/rs/zerolog/log"
 )
 type DockerService struct {
-	client  *client.Client
+	Client  *client.Client
-	context context.Context
+	Context context.Context
 }
 func NewDockerService() *DockerService {
@@ -29,13 +31,13 @@ func (docker *DockerService) Init() error {
 	ctx := context.Background()
 	client.NegotiateAPIVersion(ctx)
-	docker.client = client
+	docker.Client = client
-	docker.context = ctx
+	docker.Context = ctx
 	return nil
 }
 func (docker *DockerService) GetContainers() ([]container.Summary, error) {
-	containers, err := docker.client.ContainerList(docker.context, container.ListOptions{})
+	containers, err := docker.Client.ContainerList(docker.Context, container.ListOptions{})
 	if err != nil {
 		return nil, err
 	}
@@ -43,7 +45,7 @@ func (docker *DockerService) GetContainers() ([]container.Summary, error) {
 }
 func (docker *DockerService) InspectContainer(containerId string) (container.InspectResponse, error) {
-	inspect, err := docker.client.ContainerInspect(docker.context, containerId)
+	inspect, err := docker.Client.ContainerInspect(docker.Context, containerId)
 	if err != nil {
 		return container.InspectResponse{}, err
 	}
@@ -51,49 +53,48 @@ func (docker *DockerService) InspectContainer(containerId string) (container.Ins
 }
 func (docker *DockerService) DockerConnected() bool {
-	_, err := docker.client.Ping(docker.context)
+	_, err := docker.Client.Ping(docker.Context)
 	return err == nil
 }
-func (docker *DockerService) GetLabels(appDomain string) (config.AppLabels, error) {
+func (docker *DockerService) GetLabels(app string, domain string) (config.Labels, error) {
 	isConnected := docker.DockerConnected()
 	if !isConnected {
 		log.Debug().Msg("Docker not connected, returning empty labels")
-		return config.AppLabels{}, nil
+		return config.Labels{}, nil
 	}
 	containers, err := docker.GetContainers()
 	if err != nil {
-		return config.AppLabels{}, err
+		return config.Labels{}, err
 	}
-	for _, ctr := range containers {
+	for _, container := range containers {
-		inspect, err := docker.InspectContainer(ctr.ID)
+		inspect, err := docker.InspectContainer(container.ID)
 		if err != nil {
-			log.Warn().Str("id", ctr.ID).Err(err).Msg("Error inspecting container, skipping")
+			log.Warn().Str("id", container.ID).Err(err).Msg("Error inspecting container, skipping")
 			continue
 		}
 		labels, err := utils.GetLabels(inspect.Config.Labels)
 		if err != nil {
-			log.Warn().Str("id", ctr.ID).Err(err).Msg("Error getting container labels, skipping")
+			log.Warn().Str("id", container.ID).Err(err).Msg("Error getting container labels, skipping")
 			continue
 		}
-		for appName, appLabels := range labels.Apps {
+		// Check if the container matches the ID or domain
-			if appLabels.Config.Domain == appDomain {
+		if slices.Contains(labels.Domain, domain) {
-				log.Debug().Str("id", inspect.ID).Msg("Found matching container by domain")
+			log.Debug().Str("id", inspect.ID).Msg("Found matching container by domain")
-				return appLabels, nil
+			return labels, nil
-			}
+		}
-			if strings.TrimPrefix(inspect.Name, "/") == appName {
+		if strings.TrimPrefix(inspect.Name, "/") == app {
-				log.Debug().Str("id", inspect.ID).Msg("Found matching container by app name")
+			log.Debug().Str("id", inspect.ID).Msg("Found matching container by name")
-				return appLabels, nil
+			return labels, nil
 			}
 		}
 	}
 	log.Debug().Msg("No matching container found, returning empty labels")
-	return config.AppLabels{}, nil
+	return config.Labels{}, nil
 }
--- a/internal/service/generic_oauth_service.go
+++ b/internal/service/generic_oauth_service.go
@@ -16,17 +16,17 @@ import (
 )
 type GenericOAuthService struct {
-	config             oauth2.Config
+	Config             oauth2.Config
-	context            context.Context
+	Context            context.Context
-	token              *oauth2.Token
+	Token              *oauth2.Token
-	verifier           string
+	Verifier           string
-	insecureSkipVerify bool
+	InsecureSkipVerify bool
-	userinfoUrl        string
+	UserinfoURL        string
 }
 func NewGenericOAuthService(config config.OAuthServiceConfig) *GenericOAuthService {
 	return &GenericOAuthService{
-		config: oauth2.Config{
+		Config: oauth2.Config{
 			ClientID:     config.ClientID,
 			ClientSecret: config.ClientSecret,
 			RedirectURL:  config.RedirectURL,
@@ -36,15 +36,15 @@ func NewGenericOAuthService(config config.OAuthServiceConfig) *GenericOAuthServi
 				TokenURL: config.TokenURL,
 			},
 		},
-		insecureSkipVerify: config.InsecureSkipVerify,
+		InsecureSkipVerify: config.InsecureSkipVerify,
-		userinfoUrl:        config.UserinfoURL,
+		UserinfoURL:        config.UserinfoURL,
 	}
 }
 func (generic *GenericOAuthService) Init() error {
 	transport := &http.Transport{
 		TLSClientConfig: &tls.Config{
-			InsecureSkipVerify: generic.insecureSkipVerify,
+			InsecureSkipVerify: generic.InsecureSkipVerify,
 			MinVersion:         tls.VersionTLS12,
 		},
 	}
@@ -58,8 +58,8 @@ func (generic *GenericOAuthService) Init() error {
 	ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
 	verifier := oauth2.GenerateVerifier()
-	generic.context = ctx
+	generic.Context = ctx
-	generic.verifier = verifier
+	generic.Verifier = verifier
 	return nil
 }
@@ -74,26 +74,26 @@ func (generic *GenericOAuthService) GenerateState() string {
 }
 func (generic *GenericOAuthService) GetAuthURL(state string) string {
-	return generic.config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.S256ChallengeOption(generic.verifier))
+	return generic.Config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.S256ChallengeOption(generic.Verifier))
 }
 func (generic *GenericOAuthService) VerifyCode(code string) error {
-	token, err := generic.config.Exchange(generic.context, code, oauth2.VerifierOption(generic.verifier))
+	token, err := generic.Config.Exchange(generic.Context, code, oauth2.VerifierOption(generic.Verifier))
 	if err != nil {
 		return err
 	}
-	generic.token = token
+	generic.Token = token
 	return nil
 }
 func (generic *GenericOAuthService) Userinfo() (config.Claims, error) {
 	var user config.Claims
-	client := generic.config.Client(generic.context, generic.token)
+	client := generic.Config.Client(generic.Context, generic.Token)
-	res, err := client.Get(generic.userinfoUrl)
+	res, err := client.Get(generic.UserinfoURL)
 	if err != nil {
 		return user, err
 	}
--- a/internal/service/github_oauth_service.go
+++ b/internal/service/github_oauth_service.go
@@ -29,15 +29,15 @@ type GithubUserInfoResponse struct {
 }
 type GithubOAuthService struct {
-	config   oauth2.Config
+	Config   oauth2.Config
-	context  context.Context
+	Context  context.Context
-	token    *oauth2.Token
+	Token    *oauth2.Token
-	verifier string
+	Verifier string
 }
 func NewGithubOAuthService(config config.OAuthServiceConfig) *GithubOAuthService {
 	return &GithubOAuthService{
-		config: oauth2.Config{
+		Config: oauth2.Config{
 			ClientID:     config.ClientID,
 			ClientSecret: config.ClientSecret,
 			RedirectURL:  config.RedirectURL,
@@ -53,8 +53,8 @@ func (github *GithubOAuthService) Init() error {
 	ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
 	verifier := oauth2.GenerateVerifier()
-	github.context = ctx
+	github.Context = ctx
-	github.verifier = verifier
+	github.Verifier = verifier
 	return nil
 }
@@ -69,24 +69,24 @@ func (github *GithubOAuthService) GenerateState() string {
 }
 func (github *GithubOAuthService) GetAuthURL(state string) string {
-	return github.config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.S256ChallengeOption(github.verifier))
+	return github.Config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.S256ChallengeOption(github.Verifier))
 }
 func (github *GithubOAuthService) VerifyCode(code string) error {
-	token, err := github.config.Exchange(github.context, code, oauth2.VerifierOption(github.verifier))
+	token, err := github.Config.Exchange(github.Context, code, oauth2.VerifierOption(github.Verifier))
 	if err != nil {
 		return err
 	}
-	github.token = token
+	github.Token = token
 	return nil
 }
 func (github *GithubOAuthService) Userinfo() (config.Claims, error) {
 	var user config.Claims
-	client := github.config.Client(github.context, github.token)
+	client := github.Config.Client(github.Context, github.Token)
 	req, err := http.NewRequest("GET", "https://api.github.com/user", nil)
 	if err != nil {
--- a/internal/service/google_oauth_service.go
+++ b/internal/service/google_oauth_service.go
@@ -24,15 +24,15 @@ type GoogleUserInfoResponse struct {
 }
 type GoogleOAuthService struct {
-	config   oauth2.Config
+	Config   oauth2.Config
-	context  context.Context
+	Context  context.Context
-	token    *oauth2.Token
+	Token    *oauth2.Token
-	verifier string
+	Verifier string
 }
 func NewGoogleOAuthService(config config.OAuthServiceConfig) *GoogleOAuthService {
 	return &GoogleOAuthService{
-		config: oauth2.Config{
+		Config: oauth2.Config{
 			ClientID:     config.ClientID,
 			ClientSecret: config.ClientSecret,
 			RedirectURL:  config.RedirectURL,
@@ -48,8 +48,8 @@ func (google *GoogleOAuthService) Init() error {
 	ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
 	verifier := oauth2.GenerateVerifier()
-	google.context = ctx
+	google.Context = ctx
-	google.verifier = verifier
+	google.Verifier = verifier
 	return nil
 }
@@ -64,24 +64,24 @@ func (oauth *GoogleOAuthService) GenerateState() string {
 }
 func (google *GoogleOAuthService) GetAuthURL(state string) string {
-	return google.config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.S256ChallengeOption(google.verifier))
+	return google.Config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.S256ChallengeOption(google.Verifier))
 }
 func (google *GoogleOAuthService) VerifyCode(code string) error {
-	token, err := google.config.Exchange(google.context, code, oauth2.VerifierOption(google.verifier))
+	token, err := google.Config.Exchange(google.Context, code, oauth2.VerifierOption(google.Verifier))
 	if err != nil {
 		return err
 	}
-	google.token = token
+	google.Token = token
 	return nil
 }
 func (google *GoogleOAuthService) Userinfo() (config.Claims, error) {
 	var user config.Claims
-	client := google.config.Client(google.context, google.token)
+	client := google.Config.Client(google.Context, google.Token)
 	res, err := client.Get("https://www.googleapis.com/userinfo/v2/me")
 	if err != nil {
--- a/internal/service/ldap_service.go
+++ b/internal/service/ldap_service.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"crypto/tls"
 	"fmt"
 	"sync"
 	"time"
 	"github.com/cenkalti/backoff/v5"
@@ -22,9 +21,8 @@ type LdapServiceConfig struct {
 }
 type LdapService struct {
-	Config LdapServiceConfig // exported so as the auth service can use it
+	Config LdapServiceConfig
-	conn   *ldapgo.Conn
+	Conn   *ldapgo.Conn
 	mutex  sync.RWMutex
 }
 func NewLdapService(config LdapServiceConfig) *LdapService {
@@ -57,9 +55,6 @@ func (ldap *LdapService) Init() error {
 }
 func (ldap *LdapService) connect() (*ldapgo.Conn, error) {
 	ldap.mutex.Lock()
 	defer ldap.mutex.Unlock()
 	conn, err := ldapgo.DialURL(ldap.Config.Address, ldapgo.DialWithTLSConfig(&tls.Config{
 		InsecureSkipVerify: ldap.Config.Insecure,
 		MinVersion:         tls.VersionTLS12,
@@ -74,7 +69,7 @@ func (ldap *LdapService) connect() (*ldapgo.Conn, error) {
 	}
 	// Set and return the connection
-	ldap.conn = conn
+	ldap.Conn = conn
 	return conn, nil
 }
@@ -91,10 +86,7 @@ func (ldap *LdapService) Search(username string) (string, error) {
 		nil,
 	)
-	ldap.mutex.Lock()
+	searchResult, err := ldap.Conn.Search(searchRequest)
 	defer ldap.mutex.Unlock()
 	searchResult, err := ldap.conn.Search(searchRequest)
 	if err != nil {
 		return "", err
 	}
@@ -108,9 +100,7 @@ func (ldap *LdapService) Search(username string) (string, error) {
 }
 func (ldap *LdapService) Bind(userDN string, password string) error {
-	ldap.mutex.Lock()
+	err := ldap.Conn.Bind(userDN, password)
 	defer ldap.mutex.Unlock()
 	err := ldap.conn.Bind(userDN, password)
 	if err != nil {
 		return err
 	}
@@ -128,9 +118,7 @@ func (ldap *LdapService) heartbeat() error {
 		nil,
 	)
-	ldap.mutex.Lock()
+	_, err := ldap.Conn.Search(searchRequest)
 	defer ldap.mutex.Unlock()
 	_, err := ldap.conn.Search(searchRequest)
 	if err != nil {
 		return err
 	}
@@ -149,7 +137,7 @@ func (ldap *LdapService) reconnect() error {
 	exp.Reset()
 	operation := func() (*ldapgo.Conn, error) {
-		ldap.conn.Close()
+		ldap.Conn.Close()
 		conn, err := ldap.connect()
 		if err != nil {
 			return nil, err
--- a/internal/service/oauth_broker_service.go
+++ b/internal/service/oauth_broker_service.go
@@ -5,7 +5,6 @@ import (
 	"tinyauth/internal/config"
 	"github.com/rs/zerolog/log"
 	"golang.org/x/exp/slices"
 )
 type OAuthService interface {
@@ -17,60 +16,59 @@ type OAuthService interface {
 }
 type OAuthBrokerService struct {
-	services map[string]OAuthService
+	Services map[string]OAuthService
-	configs  map[string]config.OAuthServiceConfig
+	Configs  map[string]config.OAuthServiceConfig
 }
 func NewOAuthBrokerService(configs map[string]config.OAuthServiceConfig) *OAuthBrokerService {
 	return &OAuthBrokerService{
-		services: make(map[string]OAuthService),
+		Services: make(map[string]OAuthService),
-		configs:  configs,
+		Configs:  configs,
 	}
 }
 func (broker *OAuthBrokerService) Init() error {
-	for name, cfg := range broker.configs {
+	for name, cfg := range broker.Configs {
 		switch name {
 		case "github":
 			service := NewGithubOAuthService(cfg)
-			broker.services[name] = service
+			broker.Services[name] = service
 		case "google":
 			service := NewGoogleOAuthService(cfg)
-			broker.services[name] = service
+			broker.Services[name] = service
 		default:
 			service := NewGenericOAuthService(cfg)
-			broker.services[name] = service
+			broker.Services[name] = service
 		}
 	}
-	for name, service := range broker.services {
+	for name, service := range broker.Services {
 		err := service.Init()
 		if err != nil {
-			log.Error().Err(err).Msgf("Failed to initialize OAuth service: %T", name)
+			log.Error().Err(err).Msgf("Failed to initialize OAuth service: %s", name)
 			return err
 		}
-		log.Info().Msgf("Initialized OAuth service: %T", name)
+		log.Info().Msgf("Initialized OAuth service: %s", name)
 	}
 	return nil
 }
 func (broker *OAuthBrokerService) GetConfiguredServices() []string {
-	services := make([]string, 0, len(broker.services))
+	services := make([]string, 0, len(broker.Services))
-	for name := range broker.services {
+	for name := range broker.Services {
 		services = append(services, name)
 	}
 	slices.Sort(services)
 	return services
 }
 func (broker *OAuthBrokerService) GetService(name string) (OAuthService, bool) {
-	service, exists := broker.services[name]
+	service, exists := broker.Services[name]
 	return service, exists
 }
 func (broker *OAuthBrokerService) GetUser(service string) (config.Claims, error) {
-	oauthService, exists := broker.services[service]
+	oauthService, exists := broker.Services[service]
 	if !exists {
 		return config.Claims{}, errors.New("oauth service not found")
 	}
--- a/internal/utils/app_utils.go
+++ b/internal/utils/app_utils.go
@@ -12,8 +12,8 @@ import (
 	"github.com/rs/zerolog"
 )
-// Get root domain parses a hostname and returns the upper domain (e.g. sub1.sub2.domain.com -> sub2.domain.com)
+// Get upper domain parses a hostname and returns the upper domain (e.g. sub1.sub2.domain.com -> sub2.domain.com)
-func GetRootDomain(appUrl string) (string, error) {
+func GetUpperDomain(appUrl string) (string, error) {
 	appUrlParsed, err := url.Parse(appUrl)
 	if err != nil {
 		return "", err
@@ -88,7 +88,7 @@ func IsRedirectSafe(redirectURL string, domain string) bool {
 		return false
 	}
-	upper, err := GetRootDomain(redirectURL)
+	upper, err := GetUpperDomain(redirectURL)
 	if err != nil {
 		return false
--- a/internal/utils/label_utils.go
+++ b/internal/utils/label_utils.go
@@ -11,7 +11,7 @@ import (
 func GetLabels(labels map[string]string) (config.Labels, error) {
 	var labelsParsed config.Labels
-	err := parser.Decode(labels, &labelsParsed, "tinyauth", "tinyauth.apps")
+	err := parser.Decode(labels, &labelsParsed, "tinyauth", "tinyauth.users", "tinyauth.allowed", "tinyauth.headers", "tinyauth.domain", "tinyauth.basic", "tinyauth.oauth", "tinyauth.ip")
 	if err != nil {
 		return config.Labels{}, err
 	}
--- a/internal/utils/security_utils.go
+++ b/internal/utils/security_utils.go
@@ -1,13 +1,17 @@
 package utils
 import (
 	"bytes"
 	"crypto/sha256"
 	"encoding/base64"
 	"errors"
 	"io"
 	"net"
 	"regexp"
 	"strings"
 	"github.com/google/uuid"
 	"golang.org/x/crypto/hkdf"
 )
 func GetSecret(conf string, file string) string {
@@ -45,6 +49,24 @@ func GetBasicAuth(username string, password string) string {
 	return base64.StdEncoding.EncodeToString([]byte(auth))
 }
 func DeriveKey(secret string, info string) (string, error) {
 	hash := sha256.New
 	hkdf := hkdf.New(hash, []byte(secret), nil, []byte(info)) // I am not using a salt because I just want two different keys from one secret, maybe bad practice
 	key := make([]byte, 24)
 	_, err := io.ReadFull(hkdf, key)
 	if err != nil {
 		return "", err
 	}
 	if bytes.Equal(key, make([]byte, 24)) {
 		return "", errors.New("derived key is empty")
 	}
 	encodedKey := base64.StdEncoding.EncodeToString(key)
 	return encodedKey, nil
 }
 func FilterIP(filter string, ip string) (bool, error) {
 	ipAddr := net.ParseIP(ip)
Author	SHA1	Message	Date
Stavros	a1b6ecdd5d	fix: further coderabbit suggestions	2025-08-26 14:49:55 +03:00
Stavros	a5e1ae096b	fix: coderabbit suggestions	2025-08-26 14:31:09 +03:00
Stavros	d3c40bb366	fix: use correct api path in login mutation	2025-08-26 13:21:36 +03:00
Stavros	8435cbe434	fix: configure middlewares before groups	2025-08-26 13:17:10 +03:00
Stavros	77296daef3	feat: add some logging	2025-08-26 12:45:24 +03:00
Stavros	645c555cf0	refactor: move resource handling to a controller	2025-08-26 12:22:10 +03:00
Stavros	03af18fd15	fix: validate resource file paths in ui middleware	2025-08-25 22:31:57 +03:00
Stavros	cb8022af91	fix: fix typo in ui middleware	2025-08-25 22:25:17 +03:00
Stavros	304c920b7b	feat: allow customizability of resources dir	2025-08-25 22:20:00 +03:00
Stavros	6418cbe2ba	refactor: use more clear name for frontend assets	2025-08-25 22:16:26 +03:00
Stavros	04213836a1	refactor: split utils into smaller files	2025-08-25 22:13:53 +03:00
Stavros	659d3561e0	refactor: use a boostrap service to bootstrap the app	2025-08-25 22:03:06 +03:00
Stavros	dbadb096b4	feat: create oauth broker service	2025-08-25 19:33:52 +03:00
Stavros	44f35af3bf	refactor: move oauth providers into services (non-working)	2025-08-25 17:50:34 +03:00
Stavros	dfdc656145	refactor: use controller approach in handlers	2025-08-25 16:40:06 +03:00
Stavros	e1d8ce3cb5	refactor: use context fom middleware in handlers	2025-08-25 14:19:52 +03:00
Stavros	ace22acdb2	wip: add middlewares	2025-08-25 13:28:30 +03:00