chore(deps): bump github.com/go-playground/validator/v10

Bumps the minor-patch group with 1 update: [github.com/go-playground/validator/v10](https://github.com/go-playground/validator).


Updates `github.com/go-playground/validator/v10` from 10.27.0 to 10.28.0
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](https://github.com/go-playground/validator/compare/v10.27.0...v10.28.0)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-version: 10.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

.env.example

@@ -1,33 +1,22 @@
 PORT=3000
 ADDRESS=0.0.0.0
-SECRET=app_secret
-SECRET_FILE=app_secret_file
 APP_URL=http://localhost:3000
 USERS=your_user_password_hash
 USERS_FILE=users_file
-COOKIE_SECURE=false
-GITHUB_CLIENT_ID=github_client_id
-GITHUB_CLIENT_SECRET=github_client_secret
-GITHUB_CLIENT_SECRET_FILE=github_client_secret_file
-GOOGLE_CLIENT_ID=google_client_id
-GOOGLE_CLIENT_SECRET=google_client_secret
-GOOGLE_CLIENT_SECRET_FILE=google_client_secret_file
-GENERIC_CLIENT_ID=generic_client_id
-GENERIC_CLIENT_SECRET=generic_client_secret
-GENERIC_CLIENT_SECRET_FILE=generic_client_secret_file
-GENERIC_SCOPES=generic_scopes
-GENERIC_AUTH_URL=generic_auth_url
-GENERIC_TOKEN_URL=generic_token_url
-GENERIC_USER_URL=generic_user_url
-DISABLE_CONTINUE=false
+SECURE_COOKIE=false
 OAUTH_WHITELIST=
 GENERIC_NAME=My OAuth
 SESSION_EXPIRY=7200
 LOGIN_TIMEOUT=300
 LOGIN_MAX_RETRIES=5
-LOG_LEVEL=0
+LOG_LEVEL=debug
 APP_TITLE=Tinyauth SSO
 FORGOT_PASSWORD_MESSAGE=Some message about resetting the password
 OAUTH_AUTO_REDIRECT=none
 BACKGROUND_IMAGE=some_image_url
-GENERIC_SKIP_SSL=false
+GENERIC_SKIP_SSL=false
+RESOURCES_DIR=/data/resources
+DATABASE_PATH=/data/tinyauth.db
+DISABLE_ANALYTICS=false
+DISABLE_RESOURCES=false
+TRUSTED_PROXIES=

.github/workflows/nightly.yml

@@ -80,7 +80,7 @@ jobs:
       - name: Build
         run: |
           cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/constants.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/constants.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64
+          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64
         env:
           CGO_ENABLED: 0
 
@@ -126,7 +126,7 @@ jobs:
       - name: Build
         run: |
           cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/constants.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/constants.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64
+          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64
         env:
           CGO_ENABLED: 0
 

.github/workflows/release.yml

@@ -58,7 +58,7 @@ jobs:
       - name: Build
         run: |
           cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/constants.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/constants.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64
+          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-amd64
         env:
           CGO_ENABLED: 0
 
@@ -101,7 +101,7 @@ jobs:
       - name: Build
         run: |
           cp -r frontend/dist internal/assets/dist
-          go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/constants.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/constants.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64
+          go build -ldflags "-s -w -X tinyauth/internal/config.Version=${{ needs.generate-metadata.outputs.VERSION }} -X tinyauth/internal/config.CommitHash=${{ needs.generate-metadata.outputs.COMMIT_HASH }} -X tinyauth/internal/config.BuildTimestamp=${{ needs.generate-metadata.outputs.BUILD_TIMESTAMP }}" -o tinyauth-arm64
         env:
           CGO_ENABLED: 0
 

.gitignore

@@ -23,4 +23,7 @@ secret*
 tmp
 
 # version files
-internal/assets/version
+internal/assets/version
+
+# data directory
+data

Dockerfile

@@ -1,5 +1,5 @@
 # Site builder
-FROM oven/bun:1.2.18-alpine AS frontend-builder
+FROM oven/bun:1.2.23-alpine AS frontend-builder
 
 WORKDIR /frontend
 
@@ -20,7 +20,7 @@ COPY ./frontend/vite.config.ts ./
 RUN bun run build
 
 # Builder
-FROM golang:1.24-alpine3.21 AS builder
+FROM golang:1.25-alpine3.21 AS builder
 
 ARG VERSION
 ARG COMMIT_HASH
@@ -38,7 +38,7 @@ COPY ./cmd ./cmd
 COPY ./internal ./internal
 COPY --from=frontend-builder /frontend/dist ./internal/assets/dist
 
-RUN CGO_ENABLED=0 go build -ldflags "-s -w -X tinyauth/internal/constants.Version=${VERSION} -X tinyauth/internal/constants.CommitHash=${COMMIT_HASH} -X tinyauth/internal/constants.BuildTimestamp=${BUILD_TIMESTAMP}" 
+RUN CGO_ENABLED=0 go build -ldflags "-s -w -X tinyauth/internal/config.Version=${VERSION} -X tinyauth/internal/config.CommitHash=${COMMIT_HASH} -X tinyauth/internal/config.BuildTimestamp=${BUILD_TIMESTAMP}" 
  
 # Runner
 FROM alpine:3.22 AS runner
@@ -51,4 +51,6 @@ COPY --from=builder /tinyauth/tinyauth ./
 
 EXPOSE 3000
 
+VOLUME ["/data"]
+
 ENTRYPOINT ["./tinyauth"]

Dockerfile.dev

@@ -1,4 +1,4 @@
-FROM golang:1.24-alpine3.21
+FROM golang:1.25-alpine3.21
 
 WORKDIR /tinyauth
 

air.toml

@@ -4,7 +4,7 @@ tmp_dir = "tmp"
 [build]
 pre_cmd = ["mkdir -p internal/assets/dist", "echo 'backend running' > internal/assets/dist/index.html", "go install github.com/go-delve/delve/cmd/dlv@v1.25.0"]
 cmd = "CGO_ENABLED=0 go build -gcflags=\"all=-N -l\" -o tmp/tinyauth ."
-bin = "/go/bin/dlv --listen :4000 --headless=true --api-version=2 --accept-multiclient --log=true exec tmp/tinyauth --continue"
+bin = "/go/bin/dlv --listen :4000 --headless=true --api-version=2 --accept-multiclient --log=true exec tmp/tinyauth --continue --check-go-version=false"
 include_ext = ["go"]
 exclude_dir = ["internal/assets/dist"]
 exclude_regex = [".*_test\\.go"]

cmd/root.go

@@ -1,20 +1,11 @@
 package cmd
 
 import (
-	"errors"
-	"fmt"
 	"strings"
 	totpCmd "tinyauth/cmd/totp"
 	userCmd "tinyauth/cmd/user"
-	"tinyauth/internal/auth"
-	"tinyauth/internal/constants"
-	"tinyauth/internal/docker"
-	"tinyauth/internal/handlers"
-	"tinyauth/internal/hooks"
-	"tinyauth/internal/ldap"
-	"tinyauth/internal/providers"
-	"tinyauth/internal/server"
-	"tinyauth/internal/types"
+	"tinyauth/internal/bootstrap"
+	"tinyauth/internal/config"
 	"tinyauth/internal/utils"
 
 	"github.com/go-playground/validator/v10"
@@ -29,147 +20,42 @@ var rootCmd = &cobra.Command{
 	Short: "The simplest way to protect your apps with a login screen.",
 	Long:  `Tinyauth is a simple authentication middleware that adds simple username/password login or OAuth with Google, Github and any generic OAuth provider to all of your docker apps.`,
 	Run: func(cmd *cobra.Command, args []string) {
-		var config types.Config
-		err := viper.Unmarshal(&config)
-		HandleError(err, "Failed to parse config")
+		var conf config.Config
 
-		// Check if secrets have a file associated with them
-		config.Secret = utils.GetSecret(config.Secret, config.SecretFile)
-		config.GithubClientSecret = utils.GetSecret(config.GithubClientSecret, config.GithubClientSecretFile)
-		config.GoogleClientSecret = utils.GetSecret(config.GoogleClientSecret, config.GoogleClientSecretFile)
-		config.GenericClientSecret = utils.GetSecret(config.GenericClientSecret, config.GenericClientSecretFile)
-
-		validator := validator.New()
-		err = validator.Struct(config)
-		HandleError(err, "Failed to validate config")
-
-		log.Logger = log.Level(zerolog.Level(config.LogLevel))
-		log.Info().Str("version", strings.TrimSpace(constants.Version)).Msg("Starting tinyauth")
-
-		log.Info().Msg("Parsing users")
-		users, err := utils.GetUsers(config.Users, config.UsersFile)
-		HandleError(err, "Failed to parse users")
-
-		log.Debug().Msg("Getting domain")
-		domain, err := utils.GetUpperDomain(config.AppURL)
-		HandleError(err, "Failed to get upper domain")
-		log.Info().Str("domain", domain).Msg("Using domain for cookie store")
-
-		cookieId := utils.GenerateIdentifier(strings.Split(domain, ".")[0])
-		sessionCookieName := fmt.Sprintf("%s-%s", constants.SessionCookieName, cookieId)
-		csrfCookieName := fmt.Sprintf("%s-%s", constants.CsrfCookieName, cookieId)
-		redirectCookieName := fmt.Sprintf("%s-%s", constants.RedirectCookieName, cookieId)
-
-		log.Debug().Msg("Deriving HMAC and encryption secrets")
-
-		hmacSecret, err := utils.DeriveKey(config.Secret, "hmac")
-		HandleError(err, "Failed to derive HMAC secret")
-
-		encryptionSecret, err := utils.DeriveKey(config.Secret, "encryption")
-		HandleError(err, "Failed to derive encryption secret")
-
-		// Split the config into service-specific sub-configs
-		oauthConfig := types.OAuthConfig{
-			GithubClientId:      config.GithubClientId,
-			GithubClientSecret:  config.GithubClientSecret,
-			GoogleClientId:      config.GoogleClientId,
-			GoogleClientSecret:  config.GoogleClientSecret,
-			GenericClientId:     config.GenericClientId,
-			GenericClientSecret: config.GenericClientSecret,
-			GenericScopes:       strings.Split(config.GenericScopes, ","),
-			GenericAuthURL:      config.GenericAuthURL,
-			GenericTokenURL:     config.GenericTokenURL,
-			GenericUserURL:      config.GenericUserURL,
-			GenericSkipSSL:      config.GenericSkipSSL,
-			AppURL:              config.AppURL,
+		err := viper.Unmarshal(&conf)
+		if err != nil {
+			log.Fatal().Err(err).Msg("Failed to parse config")
 		}
 
-		handlersConfig := types.HandlersConfig{
-			AppURL:                config.AppURL,
-			DisableContinue:       config.DisableContinue,
-			Title:                 config.Title,
-			GenericName:           config.GenericName,
-			CookieSecure:          config.CookieSecure,
-			Domain:                domain,
-			ForgotPasswordMessage: config.FogotPasswordMessage,
-			BackgroundImage:       config.BackgroundImage,
-			OAuthAutoRedirect:     config.OAuthAutoRedirect,
-			CsrfCookieName:        csrfCookieName,
-			RedirectCookieName:    redirectCookieName,
+		// Validate config
+		v := validator.New()
+
+		err = v.Struct(conf)
+		if err != nil {
+			log.Fatal().Err(err).Msg("Invalid config")
 		}
 
-		serverConfig := types.ServerConfig{
-			Port:    config.Port,
-			Address: config.Address,
+		log.Logger = log.Level(zerolog.Level(utils.GetLogLevel(conf.LogLevel)))
+		log.Info().Str("version", strings.TrimSpace(config.Version)).Msg("Starting tinyauth")
+
+		// Create bootstrap app
+		app := bootstrap.NewBootstrapApp(conf)
+
+		// Run
+		err = app.Setup()
+
+		if err != nil {
+			log.Fatal().Err(err).Msg("Failed to setup app")
 		}
 
-		authConfig := types.AuthConfig{
-			Users:             users,
-			OauthWhitelist:    config.OAuthWhitelist,
-			CookieSecure:      config.CookieSecure,
-			SessionExpiry:     config.SessionExpiry,
-			Domain:            domain,
-			LoginTimeout:      config.LoginTimeout,
-			LoginMaxRetries:   config.LoginMaxRetries,
-			SessionCookieName: sessionCookieName,
-			HMACSecret:        hmacSecret,
-			EncryptionSecret:  encryptionSecret,
-		}
-
-		hooksConfig := types.HooksConfig{
-			Domain: domain,
-		}
-
-		var ldapService *ldap.LDAP
-
-		if config.LdapAddress != "" {
-			log.Info().Msg("Using LDAP for authentication")
-			ldapConfig := types.LdapConfig{
-				Address:      config.LdapAddress,
-				BindDN:       config.LdapBindDN,
-				BindPassword: config.LdapBindPassword,
-				BaseDN:       config.LdapBaseDN,
-				Insecure:     config.LdapInsecure,
-				SearchFilter: config.LdapSearchFilter,
-			}
-			ldapService, err = ldap.NewLDAP(ldapConfig)
-			if err != nil {
-				log.Error().Err(err).Msg("Failed to initialize LDAP service, disabling LDAP authentication")
-				ldapService = nil
-			}
-		} else {
-			log.Info().Msg("LDAP not configured, using local users or OAuth")
-		}
-
-		// Check if we have a source of users
-		if len(users) == 0 && !utils.OAuthConfigured(config) && ldapService == nil {
-			HandleError(errors.New("err no users"), "Unable to find a source of users")
-		}
-
-		// Setup the services
-		docker, err := docker.NewDocker()
-		HandleError(err, "Failed to initialize docker")
-		auth := auth.NewAuth(authConfig, docker, ldapService)
-		providers := providers.NewProviders(oauthConfig)
-		hooks := hooks.NewHooks(hooksConfig, auth, providers)
-		handlers := handlers.NewHandlers(handlersConfig, auth, hooks, providers, docker)
-		srv, err := server.NewServer(serverConfig, handlers)
-		HandleError(err, "Failed to create server")
-
-		// Start up
-		err = srv.Start()
-		HandleError(err, "Failed to start server")
 	},
 }
 
 func Execute() {
+	rootCmd.FParseErrWhitelist.UnknownFlags = true
 	err := rootCmd.Execute()
-	HandleError(err, "Failed to execute root command")
-}
-
-func HandleError(err error, msg string) {
 	if err != nil {
-		log.Fatal().Err(err).Msg(msg)
+		log.Fatal().Err(err).Msg("Failed to execute command")
 	}
 }
 
@@ -179,85 +65,53 @@ func init() {
 
 	viper.AutomaticEnv()
 
-	rootCmd.Flags().Int("port", 3000, "Port to run the server on.")
-	rootCmd.Flags().String("address", "0.0.0.0", "Address to bind the server to.")
-	rootCmd.Flags().String("secret", "", "Secret to use for the cookie.")
-	rootCmd.Flags().String("secret-file", "", "Path to a file containing the secret.")
-	rootCmd.Flags().String("app-url", "", "The tinyauth URL.")
-	rootCmd.Flags().String("users", "", "Comma separated list of users in the format username:hash.")
-	rootCmd.Flags().String("users-file", "", "Path to a file containing users in the format username:hash.")
-	rootCmd.Flags().Bool("cookie-secure", false, "Send cookie over secure connection only.")
-	rootCmd.Flags().String("github-client-id", "", "Github OAuth client ID.")
-	rootCmd.Flags().String("github-client-secret", "", "Github OAuth client secret.")
-	rootCmd.Flags().String("github-client-secret-file", "", "Github OAuth client secret file.")
-	rootCmd.Flags().String("google-client-id", "", "Google OAuth client ID.")
-	rootCmd.Flags().String("google-client-secret", "", "Google OAuth client secret.")
-	rootCmd.Flags().String("google-client-secret-file", "", "Google OAuth client secret file.")
-	rootCmd.Flags().String("generic-client-id", "", "Generic OAuth client ID.")
-	rootCmd.Flags().String("generic-client-secret", "", "Generic OAuth client secret.")
-	rootCmd.Flags().String("generic-client-secret-file", "", "Generic OAuth client secret file.")
-	rootCmd.Flags().String("generic-scopes", "", "Generic OAuth scopes.")
-	rootCmd.Flags().String("generic-auth-url", "", "Generic OAuth auth URL.")
-	rootCmd.Flags().String("generic-token-url", "", "Generic OAuth token URL.")
-	rootCmd.Flags().String("generic-user-url", "", "Generic OAuth user info URL.")
-	rootCmd.Flags().String("generic-name", "Generic", "Generic OAuth provider name.")
-	rootCmd.Flags().Bool("generic-skip-ssl", false, "Skip SSL verification for the generic OAuth provider.")
-	rootCmd.Flags().Bool("disable-continue", false, "Disable continue screen and redirect to app directly.")
-	rootCmd.Flags().String("oauth-whitelist", "", "Comma separated list of email addresses to whitelist when using OAuth.")
-	rootCmd.Flags().String("oauth-auto-redirect", "none", "Auto redirect to the specified OAuth provider if configured. (available providers: github, google, generic)")
-	rootCmd.Flags().Int("session-expiry", 86400, "Session (cookie) expiration time in seconds.")
-	rootCmd.Flags().Int("login-timeout", 300, "Login timeout in seconds after max retries reached (0 to disable).")
-	rootCmd.Flags().Int("login-max-retries", 5, "Maximum login attempts before timeout (0 to disable).")
-	rootCmd.Flags().Int("log-level", 1, "Log level.")
-	rootCmd.Flags().String("app-title", "Tinyauth", "Title of the app.")
-	rootCmd.Flags().String("forgot-password-message", "", "Message to show on the forgot password page.")
-	rootCmd.Flags().String("background-image", "/background.jpg", "Background image URL for the login page.")
-	rootCmd.Flags().String("ldap-address", "", "LDAP server address (e.g. ldap://localhost:389).")
-	rootCmd.Flags().String("ldap-bind-dn", "", "LDAP bind DN (e.g. uid=user,dc=example,dc=com).")
-	rootCmd.Flags().String("ldap-bind-password", "", "LDAP bind password.")
-	rootCmd.Flags().String("ldap-base-dn", "", "LDAP base DN (e.g. dc=example,dc=com).")
-	rootCmd.Flags().Bool("ldap-insecure", false, "Skip certificate verification for the LDAP server.")
-	rootCmd.Flags().String("ldap-search-filter", "(uid=%s)", "LDAP search filter for user lookup.")
+	configOptions := []struct {
+		name        string
+		defaultVal  any
+		description string
+	}{
+		{"port", 3000, "Port to run the server on."},
+		{"address", "0.0.0.0", "Address to bind the server to."},
+		{"app-url", "", "The Tinyauth URL."},
+		{"users", "", "Comma separated list of users in the format username:hash."},
+		{"users-file", "", "Path to a file containing users in the format username:hash."},
+		{"secure-cookie", false, "Send cookie over secure connection only."},
+		{"oauth-whitelist", "", "Comma separated list of email addresses to whitelist when using OAuth."},
+		{"oauth-auto-redirect", "none", "Auto redirect to the specified OAuth provider if configured. (available providers: github, google, generic)"},
+		{"session-expiry", 86400, "Session (cookie) expiration time in seconds."},
+		{"login-timeout", 300, "Login timeout in seconds after max retries reached (0 to disable)."},
+		{"login-max-retries", 5, "Maximum login attempts before timeout (0 to disable)."},
+		{"log-level", "info", "Log level."},
+		{"app-title", "Tinyauth", "Title of the app."},
+		{"forgot-password-message", "", "Message to show on the forgot password page."},
+		{"background-image", "/background.jpg", "Background image URL for the login page."},
+		{"ldap-address", "", "LDAP server address (e.g. ldap://localhost:389)."},
+		{"ldap-bind-dn", "", "LDAP bind DN (e.g. uid=user,dc=example,dc=com)."},
+		{"ldap-bind-password", "", "LDAP bind password."},
+		{"ldap-base-dn", "", "LDAP base DN (e.g. dc=example,dc=com)."},
+		{"ldap-insecure", false, "Skip certificate verification for the LDAP server."},
+		{"ldap-search-filter", "(uid=%s)", "LDAP search filter for user lookup."},
+		{"resources-dir", "/data/resources", "Path to a directory containing custom resources (e.g. background image)."},
+		{"database-path", "/data/tinyauth.db", "Path to the Sqlite database file."},
+		{"trusted-proxies", "", "Comma separated list of trusted proxies (IP addresses or CIDRs) for correct client IP detection."},
+		{"disable-analytics", false, "Disable anonymous version collection."},
+		{"disable-resources", false, "Disable the resources server."},
+	}
 
-	viper.BindEnv("port", "PORT")
-	viper.BindEnv("address", "ADDRESS")
-	viper.BindEnv("secret", "SECRET")
-	viper.BindEnv("secret-file", "SECRET_FILE")
-	viper.BindEnv("app-url", "APP_URL")
-	viper.BindEnv("users", "USERS")
-	viper.BindEnv("users-file", "USERS_FILE")
-	viper.BindEnv("cookie-secure", "COOKIE_SECURE")
-	viper.BindEnv("github-client-id", "GITHUB_CLIENT_ID")
-	viper.BindEnv("github-client-secret", "GITHUB_CLIENT_SECRET")
-	viper.BindEnv("github-client-secret-file", "GITHUB_CLIENT_SECRET_FILE")
-	viper.BindEnv("google-client-id", "GOOGLE_CLIENT_ID")
-	viper.BindEnv("google-client-secret", "GOOGLE_CLIENT_SECRET")
-	viper.BindEnv("google-client-secret-file", "GOOGLE_CLIENT_SECRET_FILE")
-	viper.BindEnv("generic-client-id", "GENERIC_CLIENT_ID")
-	viper.BindEnv("generic-client-secret", "GENERIC_CLIENT_SECRET")
-	viper.BindEnv("generic-client-secret-file", "GENERIC_CLIENT_SECRET_FILE")
-	viper.BindEnv("generic-scopes", "GENERIC_SCOPES")
-	viper.BindEnv("generic-auth-url", "GENERIC_AUTH_URL")
-	viper.BindEnv("generic-token-url", "GENERIC_TOKEN_URL")
-	viper.BindEnv("generic-user-url", "GENERIC_USER_URL")
-	viper.BindEnv("generic-name", "GENERIC_NAME")
-	viper.BindEnv("generic-skip-ssl", "GENERIC_SKIP_SSL")
-	viper.BindEnv("disable-continue", "DISABLE_CONTINUE")
-	viper.BindEnv("oauth-whitelist", "OAUTH_WHITELIST")
-	viper.BindEnv("oauth-auto-redirect", "OAUTH_AUTO_REDIRECT")
-	viper.BindEnv("session-expiry", "SESSION_EXPIRY")
-	viper.BindEnv("log-level", "LOG_LEVEL")
-	viper.BindEnv("app-title", "APP_TITLE")
-	viper.BindEnv("login-timeout", "LOGIN_TIMEOUT")
-	viper.BindEnv("login-max-retries", "LOGIN_MAX_RETRIES")
-	viper.BindEnv("forgot-password-message", "FORGOT_PASSWORD_MESSAGE")
-	viper.BindEnv("background-image", "BACKGROUND_IMAGE")
-	viper.BindEnv("ldap-address", "LDAP_ADDRESS")
-	viper.BindEnv("ldap-bind-dn", "LDAP_BIND_DN")
-	viper.BindEnv("ldap-bind-password", "LDAP_BIND_PASSWORD")
-	viper.BindEnv("ldap-base-dn", "LDAP_BASE_DN")
-	viper.BindEnv("ldap-insecure", "LDAP_INSECURE")
-	viper.BindEnv("ldap-search-filter", "LDAP_SEARCH_FILTER")
+	for _, opt := range configOptions {
+		switch v := opt.defaultVal.(type) {
+		case bool:
+			rootCmd.Flags().Bool(opt.name, v, opt.description)
+		case int:
+			rootCmd.Flags().Int(opt.name, v, opt.description)
+		case string:
+			rootCmd.Flags().String(opt.name, v, opt.description)
+		}
+
+		// Create uppercase env var name
+		envVar := strings.ReplaceAll(strings.ToUpper(opt.name), "-", "_")
+		viper.BindEnv(opt.name, envVar)
+	}
 
 	viper.BindPFlags(rootCmd.Flags())
 }

cmd/user/verify/verify.go

@@ -70,7 +70,7 @@ var VerifyCmd = &cobra.Command{
 
 		err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(iPassword))
 		if err != nil {
-			log.Fatal().Msg("Ppassword is incorrect")
+			log.Fatal().Msg("Password is incorrect")
 		}
 
 		if user.TotpSecret == "" {

cmd/version.go

@@ -2,7 +2,7 @@ package cmd
 
 import (
 	"fmt"
-	"tinyauth/internal/constants"
+	"tinyauth/internal/config"
 
 	"github.com/spf13/cobra"
 )
@@ -12,9 +12,9 @@ var versionCmd = &cobra.Command{
 	Short: "Print the version number of Tinyauth",
 	Long:  `All software has versions. This is Tinyauth's`,
 	Run: func(cmd *cobra.Command, args []string) {
-		fmt.Printf("Version: %s\n", constants.Version)
-		fmt.Printf("Commit Hash: %s\n", constants.CommitHash)
-		fmt.Printf("Build Timestamp: %s\n", constants.BuildTimestamp)
+		fmt.Printf("Version: %s\n", config.Version)
+		fmt.Printf("Commit Hash: %s\n", config.CommitHash)
+		fmt.Printf("Build Timestamp: %s\n", config.BuildTimestamp)
 	},
 }
 

docker-compose.dev.yml

@@ -13,8 +13,8 @@ services:
     image: traefik/whoami:latest
     labels:
       traefik.enable: true
-      traefik.http.routers.nginx.rule: Host(`whoami.example.com`)
-      traefik.http.routers.nginx.middlewares: tinyauth
+      traefik.http.routers.whoami.rule: Host(`whoami.example.com`)
+      traefik.http.routers.whoami.middlewares: tinyauth
 
   tinyauth-frontend:
     container_name: tinyauth-frontend
@@ -34,12 +34,17 @@ services:
     build:
       context: .
       dockerfile: Dockerfile.dev
+      args:
+        - VERSION=development
+        - COMMIT_HASH=development
+        - BUILD_TIMESTAMP=000-00-00T00:00:00Z
     env_file: .env
     volumes:
       - ./internal:/tinyauth/internal
       - ./cmd:/tinyauth/cmd
       - ./main.go:/tinyauth/main.go
       - /var/run/docker.sock:/var/run/docker.sock
+      - ./data:/data
     ports:
       - 3000:3000
       - 4000:4000

docker-compose.example.yml

@@ -13,16 +13,17 @@ services:
     image: traefik/whoami:latest
     labels:
       traefik.enable: true
-      traefik.http.routers.nginx.rule: Host(`whoami.example.com`)
-      traefik.http.routers.nginx.middlewares: tinyauth
+      traefik.http.routers.whoami.rule: Host(`whoami.example.com`)
+      traefik.http.routers.whoami.middlewares: tinyauth
 
   tinyauth:
     container_name: tinyauth
     image: ghcr.io/steveiliop56/tinyauth:v3
     environment:
-      - SECRET=some-random-32-chars-string
       - APP_URL=https://tinyauth.example.com
       - USERS=user:$$2a$$10$$UdLYoJ5lgPsC0RKqYH/jMua7zIn0g9kPqWmhYayJYLaZQ/FTmH2/u # user:password
+    volumes:
+      - ./data:/data
     labels:
       traefik.enable: true
       traefik.http.routers.tinyauth.rule: Host(`tinyauth.example.com`)

frontend/bun.lock

@@ -4,69 +4,68 @@
     "": {
       "name": "tinyauth-shadcn",
       "dependencies": {
-        "@hookform/resolvers": "^5.1.1",
+        "@hookform/resolvers": "^5.2.2",
         "@radix-ui/react-label": "^2.1.7",
-        "@radix-ui/react-select": "^2.2.5",
+        "@radix-ui/react-select": "^2.2.6",
         "@radix-ui/react-separator": "^1.1.7",
         "@radix-ui/react-slot": "^1.2.3",
-        "@tailwindcss/vite": "^4.1.11",
-        "@tanstack/react-query": "^5.83.0",
-        "axios": "^1.10.0",
+        "@tailwindcss/vite": "^4.1.14",
+        "@tanstack/react-query": "^5.90.2",
+        "axios": "^1.12.2",
         "class-variance-authority": "^0.7.1",
         "clsx": "^2.1.1",
-        "dompurify": "^3.2.6",
-        "i18next": "^25.3.2",
+        "i18next": "^25.5.3",
         "i18next-browser-languagedetector": "^8.2.0",
         "i18next-resources-to-backend": "^1.2.1",
         "input-otp": "^1.4.2",
-        "lucide-react": "^0.525.0",
+        "lucide-react": "^0.544.0",
         "next-themes": "^0.4.6",
-        "react": "^19.0.0",
-        "react-dom": "^19.0.0",
-        "react-hook-form": "^7.60.0",
-        "react-i18next": "^15.6.0",
+        "react": "^19.2.0",
+        "react-dom": "^19.2.0",
+        "react-hook-form": "^7.63.0",
+        "react-i18next": "^15.7.3",
         "react-markdown": "^10.1.0",
-        "react-router": "^7.6.3",
-        "sonner": "^2.0.6",
+        "react-router": "^7.9.3",
+        "sonner": "^2.0.7",
         "tailwind-merge": "^3.3.1",
-        "tailwindcss": "^4.1.11",
-        "zod": "^4.0.5",
+        "tailwindcss": "^4.1.14",
+        "zod": "^4.1.11",
       },
       "devDependencies": {
-        "@eslint/js": "^9.31.0",
-        "@tanstack/eslint-plugin-query": "^5.81.2",
-        "@types/node": "^24.0.14",
-        "@types/react": "^19.1.8",
-        "@types/react-dom": "^19.1.6",
-        "@vitejs/plugin-react": "^4.6.0",
-        "eslint": "^9.31.0",
+        "@eslint/js": "^9.36.0",
+        "@tanstack/eslint-plugin-query": "^5.91.0",
+        "@types/node": "^24.6.2",
+        "@types/react": "^19.2.0",
+        "@types/react-dom": "^19.2.0",
+        "@vitejs/plugin-react": "^5.0.4",
+        "eslint": "^9.36.0",
         "eslint-plugin-react-hooks": "^5.2.0",
-        "eslint-plugin-react-refresh": "^0.4.19",
-        "globals": "^16.3.0",
+        "eslint-plugin-react-refresh": "^0.4.23",
+        "globals": "^16.4.0",
         "prettier": "3.6.2",
-        "tw-animate-css": "^1.3.5",
-        "typescript": "~5.8.3",
-        "typescript-eslint": "^8.37.0",
-        "vite": "^7.0.4",
+        "tw-animate-css": "^1.4.0",
+        "typescript": "~5.9.3",
+        "typescript-eslint": "^8.45.0",
+        "vite": "^7.1.8",
       },
     },
   },
   "packages": {
-    "@ampproject/remapping": ["@ampproject/remapping@2.3.0", "", { "dependencies": { "@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw=="],
-
     "@babel/code-frame": ["@babel/code-frame@7.27.1", "", { "dependencies": { "@babel/helper-validator-identifier": "^7.27.1", "js-tokens": "^4.0.0", "picocolors": "^1.1.1" } }, "sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg=="],
 
     "@babel/compat-data": ["@babel/compat-data@7.27.2", "", {}, "sha512-TUtMJYRPyUb/9aU8f3K0mjmjf6M9N5Woshn2CS6nqJSeJtTtQcpLUXjGt9vbF8ZGff0El99sWkLgzwW3VXnxZQ=="],
 
-    "@babel/core": ["@babel/core@7.27.4", "", { "dependencies": { "@ampproject/remapping": "^2.2.0", "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.27.3", "@babel/helper-compilation-targets": "^7.27.2", "@babel/helper-module-transforms": "^7.27.3", "@babel/helpers": "^7.27.4", "@babel/parser": "^7.27.4", "@babel/template": "^7.27.2", "@babel/traverse": "^7.27.4", "@babel/types": "^7.27.3", "convert-source-map": "^2.0.0", "debug": "^4.1.0", "gensync": "^1.0.0-beta.2", "json5": "^2.2.3", "semver": "^6.3.1" } }, "sha512-bXYxrXFubeYdvB0NhD/NBB3Qi6aZeV20GOWVI47t2dkecCEoneR4NPVcb7abpXDEvejgrUfFtG6vG/zxAKmg+g=="],
+    "@babel/core": ["@babel/core@7.28.4", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.3", "@babel/helper-compilation-targets": "^7.27.2", "@babel/helper-module-transforms": "^7.28.3", "@babel/helpers": "^7.28.4", "@babel/parser": "^7.28.4", "@babel/template": "^7.27.2", "@babel/traverse": "^7.28.4", "@babel/types": "^7.28.4", "@jridgewell/remapping": "^2.3.5", "convert-source-map": "^2.0.0", "debug": "^4.1.0", "gensync": "^1.0.0-beta.2", "json5": "^2.2.3", "semver": "^6.3.1" } }, "sha512-2BCOP7TN8M+gVDj7/ht3hsaO/B/n5oDbiAyyvnRlNOs+u1o+JWNYTQrmpuNp1/Wq2gcFrI01JAW+paEKDMx/CA=="],
 
-    "@babel/generator": ["@babel/generator@7.27.5", "", { "dependencies": { "@babel/parser": "^7.27.5", "@babel/types": "^7.27.3", "@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/trace-mapping": "^0.3.25", "jsesc": "^3.0.2" } }, "sha512-ZGhA37l0e/g2s1Cnzdix0O3aLYm66eF8aufiVteOgnwxgnRP8GoyMj7VWsgWnQbVKXyge7hqrFh2K2TQM6t1Hw=="],
+    "@babel/generator": ["@babel/generator@7.28.3", "", { "dependencies": { "@babel/parser": "^7.28.3", "@babel/types": "^7.28.2", "@jridgewell/gen-mapping": "^0.3.12", "@jridgewell/trace-mapping": "^0.3.28", "jsesc": "^3.0.2" } }, "sha512-3lSpxGgvnmZznmBkCRnVREPUFJv2wrv9iAoFDvADJc0ypmdOxdUtcLeBgBJ6zE0PMeTKnxeQzyk0xTBq4Ep7zw=="],
 
     "@babel/helper-compilation-targets": ["@babel/helper-compilation-targets@7.27.2", "", { "dependencies": { "@babel/compat-data": "^7.27.2", "@babel/helper-validator-option": "^7.27.1", "browserslist": "^4.24.0", "lru-cache": "^5.1.1", "semver": "^6.3.1" } }, "sha512-2+1thGUUWWjLTYTHZWK1n8Yga0ijBz1XAhUXcKy81rd5g6yh7hGqMp45v7cadSbEHc9G3OTv45SyneRN3ps4DQ=="],
 
+    "@babel/helper-globals": ["@babel/helper-globals@7.28.0", "", {}, "sha512-+W6cISkXFa1jXsDEdYA8HeevQT/FULhxzR99pxphltZcVaugps53THCeiWA8SguxxpSp3gKPiuYfSWopkLQ4hw=="],
+
     "@babel/helper-module-imports": ["@babel/helper-module-imports@7.27.1", "", { "dependencies": { "@babel/traverse": "^7.27.1", "@babel/types": "^7.27.1" } }, "sha512-0gSFWUPNXNopqtIPQvlD5WgXYI5GY2kP2cCvoT8kczjbfcfuIljTbcWrulD1CIPIX2gt1wghbDy08yE1p+/r3w=="],
 
-    "@babel/helper-module-transforms": ["@babel/helper-module-transforms@7.27.3", "", { "dependencies": { "@babel/helper-module-imports": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1", "@babel/traverse": "^7.27.3" }, "peerDependencies": { "@babel/core": "^7.0.0" } }, "sha512-dSOvYwvyLsWBeIRyOeHXp5vPj5l1I011r52FM1+r1jCERv+aFXYk4whgQccYEGYxK2H3ZAIA8nuPkQ0HaUo3qg=="],
+    "@babel/helper-module-transforms": ["@babel/helper-module-transforms@7.28.3", "", { "dependencies": { "@babel/helper-module-imports": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1", "@babel/traverse": "^7.28.3" }, "peerDependencies": { "@babel/core": "^7.0.0" } }, "sha512-gytXUbs8k2sXS9PnQptz5o0QnpLL51SwASIORY6XaBKF88nsOT0Zw9szLqlSGQDP/4TljBAD5y98p2U1fqkdsw=="],
 
     "@babel/helper-plugin-utils": ["@babel/helper-plugin-utils@7.27.1", "", {}, "sha512-1gn1Up5YXka3YYAHGKpbideQ5Yjf1tDa9qYcgysz+cNCXukyLl6DjPXhD3VRwSb8c0J9tA4b2+rHEZtc6R0tlw=="],
 
@@ -76,9 +75,9 @@
 
     "@babel/helper-validator-option": ["@babel/helper-validator-option@7.27.1", "", {}, "sha512-YvjJow9FxbhFFKDSuFnVCe2WxXk1zWc22fFePVNEaWJEu8IrZVlda6N0uHwzZrUM1il7NC9Mlp4MaJYbYd9JSg=="],
 
-    "@babel/helpers": ["@babel/helpers@7.27.6", "", { "dependencies": { "@babel/template": "^7.27.2", "@babel/types": "^7.27.6" } }, "sha512-muE8Tt8M22638HU31A3CgfSUciwz1fhATfoVai05aPXGor//CdWDCbnlY1yvBPo07njuVOCNGCSp/GTt12lIug=="],
+    "@babel/helpers": ["@babel/helpers@7.28.4", "", { "dependencies": { "@babel/template": "^7.27.2", "@babel/types": "^7.28.4" } }, "sha512-HFN59MmQXGHVyYadKLVumYsA9dBFun/ldYxipEjzA4196jpLZd8UjEEBLkbEkvfYreDqJhZxYAWFPtrfhNpj4w=="],
 
-    "@babel/parser": ["@babel/parser@7.27.5", "", { "dependencies": { "@babel/types": "^7.27.3" }, "bin": "./bin/babel-parser.js" }, "sha512-OsQd175SxWkGlzbny8J3K8TnnDD0N3lrIUtB92xwyRpzaenGZhxDvxN/JgU00U3CDZNj9tPuDJ5H0WS4Nt3vKg=="],
+    "@babel/parser": ["@babel/parser@7.28.4", "", { "dependencies": { "@babel/types": "^7.28.4" }, "bin": "./bin/babel-parser.js" }, "sha512-yZbBqeM6TkpP9du/I2pUZnJsRMGGvOuIrhjzC1AwHwW+6he4mni6Bp/m8ijn0iOuZuPI2BfkCoSRunpyjnrQKg=="],
 
     "@babel/plugin-transform-react-jsx-self": ["@babel/plugin-transform-react-jsx-self@7.27.1", "", { "dependencies": { "@babel/helper-plugin-utils": "^7.27.1" }, "peerDependencies": { "@babel/core": "^7.0.0-0" } }, "sha512-6UzkCs+ejGdZ5mFFC/OCUrv028ab2fp1znZmCZjAOBKiBK2jXD1O+BPSfX8X2qjJ75fZBMSnQn3Rq2mrBJK2mw=="],
 
@@ -88,9 +87,9 @@
 
     "@babel/template": ["@babel/template@7.27.2", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/parser": "^7.27.2", "@babel/types": "^7.27.1" } }, "sha512-LPDZ85aEJyYSd18/DkjNh4/y1ntkE5KwUHWTiqgRxruuZL2F1yuHligVHLvcHY2vMHXttKFpJn6LwfI7cw7ODw=="],
 
-    "@babel/traverse": ["@babel/traverse@7.27.4", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.27.3", "@babel/parser": "^7.27.4", "@babel/template": "^7.27.2", "@babel/types": "^7.27.3", "debug": "^4.3.1", "globals": "^11.1.0" } }, "sha512-oNcu2QbHqts9BtOWJosOVJapWjBDSxGCpFvikNR5TGDYDQf3JwpIoMzIKrvfoti93cLfPJEG4tH9SPVeyCGgdA=="],
+    "@babel/traverse": ["@babel/traverse@7.28.4", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.3", "@babel/helper-globals": "^7.28.0", "@babel/parser": "^7.28.4", "@babel/template": "^7.27.2", "@babel/types": "^7.28.4", "debug": "^4.3.1" } }, "sha512-YEzuboP2qvQavAcjgQNVgsvHIDv6ZpwXvcvjmyySP2DIMuByS/6ioU5G9pYrWHM6T2YDfc7xga9iNzYOs12CFQ=="],
 
-    "@babel/types": ["@babel/types@7.27.6", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-ETyHEk2VHHvl9b9jZP5IHPavHYk57EhanlRRuae9XCpb/j5bDCbPPMOBfCWhnl/7EDJz0jEMCi/RhccCE8r1+Q=="],
+    "@babel/types": ["@babel/types@7.28.4", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-bkFqkLhh3pMBUQQkpVgWDWq/lqzc2678eUyDlTBhRqhCHFguYYGM0Efga7tYk4TogG/3x0EEl66/OQ+WGbWB/Q=="],
 
     "@esbuild/aix-ppc64": ["@esbuild/aix-ppc64@0.25.4", "", { "os": "aix", "cpu": "ppc64" }, "sha512-1VCICWypeQKhVbE9oW/sJaAmjLxhVqacdkvPLEjwlttjfwENRSClS8EjBz0KzRyFSCPDIkuXW34Je/vk7zdB7Q=="],
 
@@ -142,23 +141,23 @@
 
     "@esbuild/win32-x64": ["@esbuild/win32-x64@0.25.4", "", { "os": "win32", "cpu": "x64" }, "sha512-nOT2vZNw6hJ+z43oP1SPea/G/6AbN6X+bGNhNuq8NtRHy4wsMhw765IKLNmnjek7GvjWBYQ8Q5VBoYTFg9y1UQ=="],
 
-    "@eslint-community/eslint-utils": ["@eslint-community/eslint-utils@4.7.0", "", { "dependencies": { "eslint-visitor-keys": "^3.4.3" }, "peerDependencies": { "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0" } }, "sha512-dyybb3AcajC7uha6CvhdVRJqaKyn7w2YKqKyAN37NKYgZT36w+iRb0Dymmc5qEJ549c/S31cMMSFd75bteCpCw=="],
+    "@eslint-community/eslint-utils": ["@eslint-community/eslint-utils@4.9.0", "", { "dependencies": { "eslint-visitor-keys": "^3.4.3" }, "peerDependencies": { "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0" } }, "sha512-ayVFHdtZ+hsq1t2Dy24wCmGXGe4q9Gu3smhLYALJrr473ZH27MsnSL+LKUlimp4BWJqMDMLmPpx/Q9R3OAlL4g=="],
 
     "@eslint-community/regexpp": ["@eslint-community/regexpp@4.12.1", "", {}, "sha512-CCZCDJuduB9OUkFkY2IgppNZMi2lBQgD2qzwXkEia16cge2pijY/aXi96CJMquDMn3nJdlPV1A5KrJEXwfLNzQ=="],
 
     "@eslint/config-array": ["@eslint/config-array@0.21.0", "", { "dependencies": { "@eslint/object-schema": "^2.1.6", "debug": "^4.3.1", "minimatch": "^3.1.2" } }, "sha512-ENIdc4iLu0d93HeYirvKmrzshzofPw6VkZRKQGe9Nv46ZnWUzcF1xV01dcvEg/1wXUR61OmmlSfyeyO7EvjLxQ=="],
 
-    "@eslint/config-helpers": ["@eslint/config-helpers@0.3.0", "", {}, "sha512-ViuymvFmcJi04qdZeDc2whTHryouGcDlaxPqarTD0ZE10ISpxGUVZGZDx4w01upyIynL3iu6IXH2bS1NhclQMw=="],
+    "@eslint/config-helpers": ["@eslint/config-helpers@0.3.1", "", {}, "sha512-xR93k9WhrDYpXHORXpxVL5oHj3Era7wo6k/Wd8/IsQNnZUTzkGS29lyn3nAT05v6ltUuTFVCCYDEGfy2Or/sPA=="],
 
-    "@eslint/core": ["@eslint/core@0.15.1", "", { "dependencies": { "@types/json-schema": "^7.0.15" } }, "sha512-bkOp+iumZCCbt1K1CmWf0R9pM5yKpDv+ZXtvSyQpudrI9kuFLp+bM2WOPXImuD/ceQuaa8f5pj93Y7zyECIGNA=="],
+    "@eslint/core": ["@eslint/core@0.15.2", "", { "dependencies": { "@types/json-schema": "^7.0.15" } }, "sha512-78Md3/Rrxh83gCxoUc0EiciuOHsIITzLy53m3d9UyiW8y9Dj2D29FeETqyKA+BRK76tnTp6RXWb3pCay8Oyomg=="],
 
     "@eslint/eslintrc": ["@eslint/eslintrc@3.3.1", "", { "dependencies": { "ajv": "^6.12.4", "debug": "^4.3.2", "espree": "^10.0.1", "globals": "^14.0.0", "ignore": "^5.2.0", "import-fresh": "^3.2.1", "js-yaml": "^4.1.0", "minimatch": "^3.1.2", "strip-json-comments": "^3.1.1" } }, "sha512-gtF186CXhIl1p4pJNGZw8Yc6RlshoePRvE0X91oPGb3vZ8pM3qOS9W9NGPat9LziaBV7XrJWGylNQXkGcnM3IQ=="],
 
-    "@eslint/js": ["@eslint/js@9.31.0", "", {}, "sha512-LOm5OVt7D4qiKCqoiPbA7LWmI+tbw1VbTUowBcUMgQSuM6poJufkFkYDcQpo5KfgD39TnNySV26QjOh7VFpSyw=="],
+    "@eslint/js": ["@eslint/js@9.36.0", "", {}, "sha512-uhCbYtYynH30iZErszX78U+nR3pJU3RHGQ57NXy5QupD4SBVwDeU8TNBy+MjMngc1UyIW9noKqsRqfjQTBU2dw=="],
 
     "@eslint/object-schema": ["@eslint/object-schema@2.1.6", "", {}, "sha512-RBMg5FRL0I0gs51M/guSAj5/e14VQ4tpZnQNWwuDT66P14I43ItmPfIZRhO9fUVIPOAQXU47atlywZ/czoqFPA=="],
 
-    "@eslint/plugin-kit": ["@eslint/plugin-kit@0.3.1", "", { "dependencies": { "@eslint/core": "^0.14.0", "levn": "^0.4.1" } }, "sha512-0J+zgWxHN+xXONWIyPWKFMgVuJoZuGiIFu8yxk7RJjxkzpGmyja5wRFqZIVtjDVOQpV+Rw0iOAjYPE2eQyjr0w=="],
+    "@eslint/plugin-kit": ["@eslint/plugin-kit@0.3.5", "", { "dependencies": { "@eslint/core": "^0.15.2", "levn": "^0.4.1" } }, "sha512-Z5kJ+wU3oA7MMIqVR9tyZRtjYPr4OC004Q4Rw7pgOKUOKkJfZ3O24nz3WYfGRpMDNmcOi3TwQOmgm7B7Tpii0w=="],
 
     "@floating-ui/core": ["@floating-ui/core@1.7.0", "", { "dependencies": { "@floating-ui/utils": "^0.2.9" } }, "sha512-FRdBLykrPPA6P76GGGqlex/e7fbe0F1ykgxHYNXQsH/iTEtjMj/f9bpY5oQqbjt5VgZvgz/uKXbGuROijh3VLA=="],
 
@@ -168,7 +167,7 @@
 
     "@floating-ui/utils": ["@floating-ui/utils@0.2.9", "", {}, "sha512-MDWhGtE+eHw5JW7lq4qhc5yRLS11ERl1c7Z6Xd0a58DozHES6EnNNwUWbMiG4J9Cgj053Bhk8zvlhFYKVhULwg=="],
 
-    "@hookform/resolvers": ["@hookform/resolvers@5.1.1", "", { "dependencies": { "@standard-schema/utils": "^0.3.0" }, "peerDependencies": { "react-hook-form": "^7.55.0" } }, "sha512-J/NVING3LMAEvexJkyTLjruSm7aOFx7QX21pzkiJfMoNG0wl5aFEjLTl7ay7IQb9EWY6AkrBy7tHL2Alijpdcg=="],
+    "@hookform/resolvers": ["@hookform/resolvers@5.2.2", "", { "dependencies": { "@standard-schema/utils": "^0.3.0" }, "peerDependencies": { "react-hook-form": "^7.55.0" } }, "sha512-A/IxlMLShx3KjV/HeTcTfaMxdwy690+L/ZADoeaTltLx+CVuzkeVIPuybK3jrRfw7YZnmdKsVVHAlEPIAEUNlA=="],
 
     "@humanfs/core": ["@humanfs/core@0.19.1", "", {}, "sha512-5DyQ4+1JEUzejeK1JGICcideyfUbGixgS9jNgex5nqkW+cY7WZhxBigmieN5Qnw9ZosSNVC9KQKyb+GUaGyKUA=="],
 
@@ -180,15 +179,17 @@
 
     "@isaacs/fs-minipass": ["@isaacs/fs-minipass@4.0.1", "", { "dependencies": { "minipass": "^7.0.4" } }, "sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w=="],
 
-    "@jridgewell/gen-mapping": ["@jridgewell/gen-mapping@0.3.8", "", { "dependencies": { "@jridgewell/set-array": "^1.2.1", "@jridgewell/sourcemap-codec": "^1.4.10", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-imAbBGkb+ebQyxKgzv5Hu2nmROxoDOXHh80evxdoXNOrvAnVx7zimzc1Oo5h9RlfV4vPXaE2iM5pOFbvOCClWA=="],
+    "@jridgewell/gen-mapping": ["@jridgewell/gen-mapping@0.3.12", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.0", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-OuLGC46TjB5BbN1dH8JULVVZY4WTdkF7tV9Ys6wLL1rubZnCMstOhNHueU5bLCrnRuDhKPDM4g6sw4Bel5Gzqg=="],
+
+    "@jridgewell/remapping": ["@jridgewell/remapping@2.3.5", "", { "dependencies": { "@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-LI9u/+laYG4Ds1TDKSJW2YPrIlcVYOwi2fUC6xB43lueCjgxV4lffOCZCtYFiH6TNOX+tQKXx97T4IKHbhyHEQ=="],
 
     "@jridgewell/resolve-uri": ["@jridgewell/resolve-uri@3.1.2", "", {}, "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw=="],
 
     "@jridgewell/set-array": ["@jridgewell/set-array@1.2.1", "", {}, "sha512-R8gLRTZeyp03ymzP/6Lil/28tGeGEzhx1q2k703KGWRAI1VdvPIXdG70VJc2pAMw3NA6JKL5hhFu1sJX0Mnn/A=="],
 
-    "@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],
+    "@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.5", "", {}, "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og=="],
 
-    "@jridgewell/trace-mapping": ["@jridgewell/trace-mapping@0.3.25", "", { "dependencies": { "@jridgewell/resolve-uri": "^3.1.0", "@jridgewell/sourcemap-codec": "^1.4.14" } }, "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ=="],
+    "@jridgewell/trace-mapping": ["@jridgewell/trace-mapping@0.3.29", "", { "dependencies": { "@jridgewell/resolve-uri": "^3.1.0", "@jridgewell/sourcemap-codec": "^1.4.14" } }, "sha512-uw6guiW/gcAGPDhLmd77/6lW8QLeiV5RUTsAX46Db6oLhGaVj4lhnPwb184s1bkc8kdVg/+h988dro8GRDpmYQ=="],
 
     "@nodelib/fs.scandir": ["@nodelib/fs.scandir@2.1.5", "", { "dependencies": { "@nodelib/fs.stat": "2.0.5", "run-parallel": "^1.1.9" } }, "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g=="],
 
@@ -198,7 +199,7 @@
 
     "@radix-ui/number": ["@radix-ui/number@1.1.1", "", {}, "sha512-MkKCwxlXTgz6CFoJx3pCwn07GKp36+aZyu/u2Ln2VrA5DcdyCZkASEDBTd8x5whTQQL5CiYf4prXKLcgQdv29g=="],
 
-    "@radix-ui/primitive": ["@radix-ui/primitive@1.1.2", "", {}, "sha512-XnbHrrprsNqZKQhStrSwgRUQzoCI1glLzdw79xiZPoofhGICeZRSQ3dIxAKH1gb3OHfNf4d6f+vAv3kil2eggA=="],
+    "@radix-ui/primitive": ["@radix-ui/primitive@1.1.3", "", {}, "sha512-JTF99U/6XIjCBo0wqkU5sK10glYe27MRRsfwoiq5zzOEZLHU3A3KCMa5X/azekYRCJ0HlwI0crAXS/5dEHTzDg=="],
 
     "@radix-ui/react-arrow": ["@radix-ui/react-arrow@1.1.7", "", { "dependencies": { "@radix-ui/react-primitive": "2.1.3" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-F+M1tLhO+mlQaOWspE8Wstg+z6PwxwRd8oQ8IXceWz92kfAmalTRf0EjrouQeo7QssEPfCn05B4Ihs1K9WQ/7w=="],
 
@@ -210,9 +211,9 @@
 
     "@radix-ui/react-direction": ["@radix-ui/react-direction@1.1.1", "", { "peerDependencies": { "@types/react": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react"] }, "sha512-1UEWRX6jnOA2y4H5WczZ44gOOjTEmlqv1uNW4GAJEO5+bauCBhv8snY65Iw5/VOS/ghKN9gr2KjnLKxrsvoMVw=="],
 
-    "@radix-ui/react-dismissable-layer": ["@radix-ui/react-dismissable-layer@1.1.10", "", { "dependencies": { "@radix-ui/primitive": "1.1.2", "@radix-ui/react-compose-refs": "1.1.2", "@radix-ui/react-primitive": "2.1.3", "@radix-ui/react-use-callback-ref": "1.1.1", "@radix-ui/react-use-escape-keydown": "1.1.1" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-IM1zzRV4W3HtVgftdQiiOmA0AdJlCtMLe00FXaHwgt3rAnNsIyDqshvkIW3hj/iu5hu8ERP7KIYki6NkqDxAwQ=="],
+    "@radix-ui/react-dismissable-layer": ["@radix-ui/react-dismissable-layer@1.1.11", "", { "dependencies": { "@radix-ui/primitive": "1.1.3", "@radix-ui/react-compose-refs": "1.1.2", "@radix-ui/react-primitive": "2.1.3", "@radix-ui/react-use-callback-ref": "1.1.1", "@radix-ui/react-use-escape-keydown": "1.1.1" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-Nqcp+t5cTB8BinFkZgXiMJniQH0PsUt2k51FUhbdfeKvc4ACcG2uQniY/8+h1Yv6Kza4Q7lD7PQV0z0oicE0Mg=="],
 
-    "@radix-ui/react-focus-guards": ["@radix-ui/react-focus-guards@1.1.2", "", { "peerDependencies": { "@types/react": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react"] }, "sha512-fyjAACV62oPV925xFCrH8DR5xWhg9KYtJT4s3u54jxp+L/hbpTY2kIeEFFbFe+a/HCE94zGQMZLIpVTPVZDhaA=="],
+    "@radix-ui/react-focus-guards": ["@radix-ui/react-focus-guards@1.1.3", "", { "peerDependencies": { "@types/react": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react"] }, "sha512-0rFg/Rj2Q62NCm62jZw0QX7a3sz6QCQU0LpZdNrJX8byRGaGVTqbrW9jAoIAHyMQqsNpeZ81YgSizOt5WXq0Pw=="],
 
     "@radix-ui/react-focus-scope": ["@radix-ui/react-focus-scope@1.1.7", "", { "dependencies": { "@radix-ui/react-compose-refs": "1.1.2", "@radix-ui/react-primitive": "2.1.3", "@radix-ui/react-use-callback-ref": "1.1.1" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-t2ODlkXBQyn7jkl6TNaw/MtVEVvIGelJDCG41Okq/KwUsJBwQ4XVZsHAVUkK4mBv3ewiAS3PGuUWuY2BoK4ZUw=="],
 
@@ -220,13 +221,13 @@
 
     "@radix-ui/react-label": ["@radix-ui/react-label@2.1.7", "", { "dependencies": { "@radix-ui/react-primitive": "2.1.3" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-YT1GqPSL8kJn20djelMX7/cTRp/Y9w5IZHvfxQTVHrOqa2yMl7i/UfMqKRU5V7mEyKTrUVgJXhNQPVCG8PBLoQ=="],
 
-    "@radix-ui/react-popper": ["@radix-ui/react-popper@1.2.7", "", { "dependencies": { "@floating-ui/react-dom": "^2.0.0", "@radix-ui/react-arrow": "1.1.7", "@radix-ui/react-compose-refs": "1.1.2", "@radix-ui/react-context": "1.1.2", "@radix-ui/react-primitive": "2.1.3", "@radix-ui/react-use-callback-ref": "1.1.1", "@radix-ui/react-use-layout-effect": "1.1.1", "@radix-ui/react-use-rect": "1.1.1", "@radix-ui/react-use-size": "1.1.1", "@radix-ui/rect": "1.1.1" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-IUFAccz1JyKcf/RjB552PlWwxjeCJB8/4KxT7EhBHOJM+mN7LdW+B3kacJXILm32xawcMMjb2i0cIZpo+f9kiQ=="],
+    "@radix-ui/react-popper": ["@radix-ui/react-popper@1.2.8", "", { "dependencies": { "@floating-ui/react-dom": "^2.0.0", "@radix-ui/react-arrow": "1.1.7", "@radix-ui/react-compose-refs": "1.1.2", "@radix-ui/react-context": "1.1.2", "@radix-ui/react-primitive": "2.1.3", "@radix-ui/react-use-callback-ref": "1.1.1", "@radix-ui/react-use-layout-effect": "1.1.1", "@radix-ui/react-use-rect": "1.1.1", "@radix-ui/react-use-size": "1.1.1", "@radix-ui/rect": "1.1.1" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-0NJQ4LFFUuWkE7Oxf0htBKS6zLkkjBH+hM1uk7Ng705ReR8m/uelduy1DBo0PyBXPKVnBA6YBlU94MBGXrSBCw=="],
 
     "@radix-ui/react-portal": ["@radix-ui/react-portal@1.1.9", "", { "dependencies": { "@radix-ui/react-primitive": "2.1.3", "@radix-ui/react-use-layout-effect": "1.1.1" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-bpIxvq03if6UNwXZ+HTK71JLh4APvnXntDc6XOX8UVq4XQOVl7lwok0AvIl+b8zgCw3fSaVTZMpAPPagXbKmHQ=="],
 
     "@radix-ui/react-primitive": ["@radix-ui/react-primitive@2.1.3", "", { "dependencies": { "@radix-ui/react-slot": "1.2.3" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-m9gTwRkhy2lvCPe6QJp4d3G1TYEUHn/FzJUtq9MjH46an1wJU+GdoGC5VLof8RX8Ft/DlpshApkhswDLZzHIcQ=="],
 
-    "@radix-ui/react-select": ["@radix-ui/react-select@2.2.5", "", { "dependencies": { "@radix-ui/number": "1.1.1", "@radix-ui/primitive": "1.1.2", "@radix-ui/react-collection": "1.1.7", "@radix-ui/react-compose-refs": "1.1.2", "@radix-ui/react-context": "1.1.2", "@radix-ui/react-direction": "1.1.1", "@radix-ui/react-dismissable-layer": "1.1.10", "@radix-ui/react-focus-guards": "1.1.2", "@radix-ui/react-focus-scope": "1.1.7", "@radix-ui/react-id": "1.1.1", "@radix-ui/react-popper": "1.2.7", "@radix-ui/react-portal": "1.1.9", "@radix-ui/react-primitive": "2.1.3", "@radix-ui/react-slot": "1.2.3", "@radix-ui/react-use-callback-ref": "1.1.1", "@radix-ui/react-use-controllable-state": "1.2.2", "@radix-ui/react-use-layout-effect": "1.1.1", "@radix-ui/react-use-previous": "1.1.1", "@radix-ui/react-visually-hidden": "1.2.3", "aria-hidden": "^1.2.4", "react-remove-scroll": "^2.6.3" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-HnMTdXEVuuyzx63ME0ut4+sEMYW6oouHWNGUZc7ddvUWIcfCva/AMoqEW/3wnEllriMWBa0RHspCYnfCWJQYmA=="],
+    "@radix-ui/react-select": ["@radix-ui/react-select@2.2.6", "", { "dependencies": { "@radix-ui/number": "1.1.1", "@radix-ui/primitive": "1.1.3", "@radix-ui/react-collection": "1.1.7", "@radix-ui/react-compose-refs": "1.1.2", "@radix-ui/react-context": "1.1.2", "@radix-ui/react-direction": "1.1.1", "@radix-ui/react-dismissable-layer": "1.1.11", "@radix-ui/react-focus-guards": "1.1.3", "@radix-ui/react-focus-scope": "1.1.7", "@radix-ui/react-id": "1.1.1", "@radix-ui/react-popper": "1.2.8", "@radix-ui/react-portal": "1.1.9", "@radix-ui/react-primitive": "2.1.3", "@radix-ui/react-slot": "1.2.3", "@radix-ui/react-use-callback-ref": "1.1.1", "@radix-ui/react-use-controllable-state": "1.2.2", "@radix-ui/react-use-layout-effect": "1.1.1", "@radix-ui/react-use-previous": "1.1.1", "@radix-ui/react-visually-hidden": "1.2.3", "aria-hidden": "^1.2.4", "react-remove-scroll": "^2.6.3" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-I30RydO+bnn2PQztvo25tswPH+wFBjehVGtmagkU78yMdwTwVf12wnAOF+AeP8S2N8xD+5UPbGhkUfPyvT+mwQ=="],
 
     "@radix-ui/react-separator": ["@radix-ui/react-separator@1.1.7", "", { "dependencies": { "@radix-ui/react-primitive": "2.1.3" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-0HEb8R9E8A+jZjvmFCy/J4xhbXy3TV+9XSnGJ3KvTtjlIUy/YQ/p6UYZvi7YbeoeXdyU9+Y3scizK6hkY37baA=="],
 
@@ -252,85 +253,85 @@
 
     "@radix-ui/rect": ["@radix-ui/rect@1.1.1", "", {}, "sha512-HPwpGIzkl28mWyZqG52jiqDJ12waP11Pa1lGoiyUkIEuMLBP0oeK/C89esbXrxsky5we7dfd8U58nm0SgAWpVw=="],
 
-    "@rolldown/pluginutils": ["@rolldown/pluginutils@1.0.0-beta.19", "", {}, "sha512-3FL3mnMbPu0muGOCaKAhhFEYmqv9eTfPSJRJmANrCwtgK8VuxpsZDGK+m0LYAGoyO8+0j5uRe4PeyPDK1yA/hA=="],
+    "@rolldown/pluginutils": ["@rolldown/pluginutils@1.0.0-beta.38", "", {}, "sha512-N/ICGKleNhA5nc9XXQG/kkKHJ7S55u0x0XUJbbkmdCnFuoRkM1Il12q9q0eX19+M7KKUEPw/daUPIRnxhcxAIw=="],
 
-    "@rollup/rollup-android-arm-eabi": ["@rollup/rollup-android-arm-eabi@4.40.2", "", { "os": "android", "cpu": "arm" }, "sha512-JkdNEq+DFxZfUwxvB58tHMHBHVgX23ew41g1OQinthJ+ryhdRk67O31S7sYw8u2lTjHUPFxwar07BBt1KHp/hg=="],
+    "@rollup/rollup-android-arm-eabi": ["@rollup/rollup-android-arm-eabi@4.46.2", "", { "os": "android", "cpu": "arm" }, "sha512-Zj3Hl6sN34xJtMv7Anwb5Gu01yujyE/cLBDB2gnHTAHaWS1Z38L7kuSG+oAh0giZMqG060f/YBStXtMH6FvPMA=="],
 
-    "@rollup/rollup-android-arm64": ["@rollup/rollup-android-arm64@4.40.2", "", { "os": "android", "cpu": "arm64" }, "sha512-13unNoZ8NzUmnndhPTkWPWbX3vtHodYmy+I9kuLxN+F+l+x3LdVF7UCu8TWVMt1POHLh6oDHhnOA04n8oJZhBw=="],
+    "@rollup/rollup-android-arm64": ["@rollup/rollup-android-arm64@4.46.2", "", { "os": "android", "cpu": "arm64" }, "sha512-nTeCWY83kN64oQ5MGz3CgtPx8NSOhC5lWtsjTs+8JAJNLcP3QbLCtDDgUKQc/Ro/frpMq4SHUaHN6AMltcEoLQ=="],
 
-    "@rollup/rollup-darwin-arm64": ["@rollup/rollup-darwin-arm64@4.40.2", "", { "os": "darwin", "cpu": "arm64" }, "sha512-Gzf1Hn2Aoe8VZzevHostPX23U7N5+4D36WJNHK88NZHCJr7aVMG4fadqkIf72eqVPGjGc0HJHNuUaUcxiR+N/w=="],
+    "@rollup/rollup-darwin-arm64": ["@rollup/rollup-darwin-arm64@4.46.2", "", { "os": "darwin", "cpu": "arm64" }, "sha512-HV7bW2Fb/F5KPdM/9bApunQh68YVDU8sO8BvcW9OngQVN3HHHkw99wFupuUJfGR9pYLLAjcAOA6iO+evsbBaPQ=="],
 
-    "@rollup/rollup-darwin-x64": ["@rollup/rollup-darwin-x64@4.40.2", "", { "os": "darwin", "cpu": "x64" }, "sha512-47N4hxa01a4x6XnJoskMKTS8XZ0CZMd8YTbINbi+w03A2w4j1RTlnGHOz/P0+Bg1LaVL6ufZyNprSg+fW5nYQQ=="],
+    "@rollup/rollup-darwin-x64": ["@rollup/rollup-darwin-x64@4.46.2", "", { "os": "darwin", "cpu": "x64" }, "sha512-SSj8TlYV5nJixSsm/y3QXfhspSiLYP11zpfwp6G/YDXctf3Xkdnk4woJIF5VQe0of2OjzTt8EsxnJDCdHd2xMA=="],
 
-    "@rollup/rollup-freebsd-arm64": ["@rollup/rollup-freebsd-arm64@4.40.2", "", { "os": "freebsd", "cpu": "arm64" }, "sha512-8t6aL4MD+rXSHHZUR1z19+9OFJ2rl1wGKvckN47XFRVO+QL/dUSpKA2SLRo4vMg7ELA8pzGpC+W9OEd1Z/ZqoQ=="],
+    "@rollup/rollup-freebsd-arm64": ["@rollup/rollup-freebsd-arm64@4.46.2", "", { "os": "freebsd", "cpu": "arm64" }, "sha512-ZyrsG4TIT9xnOlLsSSi9w/X29tCbK1yegE49RYm3tu3wF1L/B6LVMqnEWyDB26d9Ecx9zrmXCiPmIabVuLmNSg=="],
 
-    "@rollup/rollup-freebsd-x64": ["@rollup/rollup-freebsd-x64@4.40.2", "", { "os": "freebsd", "cpu": "x64" }, "sha512-C+AyHBzfpsOEYRFjztcYUFsH4S7UsE9cDtHCtma5BK8+ydOZYgMmWg1d/4KBytQspJCld8ZIujFMAdKG1xyr4Q=="],
+    "@rollup/rollup-freebsd-x64": ["@rollup/rollup-freebsd-x64@4.46.2", "", { "os": "freebsd", "cpu": "x64" }, "sha512-pCgHFoOECwVCJ5GFq8+gR8SBKnMO+xe5UEqbemxBpCKYQddRQMgomv1104RnLSg7nNvgKy05sLsY51+OVRyiVw=="],
 
-    "@rollup/rollup-linux-arm-gnueabihf": ["@rollup/rollup-linux-arm-gnueabihf@4.40.2", "", { "os": "linux", "cpu": "arm" }, "sha512-de6TFZYIvJwRNjmW3+gaXiZ2DaWL5D5yGmSYzkdzjBDS3W+B9JQ48oZEsmMvemqjtAFzE16DIBLqd6IQQRuG9Q=="],
+    "@rollup/rollup-linux-arm-gnueabihf": ["@rollup/rollup-linux-arm-gnueabihf@4.46.2", "", { "os": "linux", "cpu": "arm" }, "sha512-EtP8aquZ0xQg0ETFcxUbU71MZlHaw9MChwrQzatiE8U/bvi5uv/oChExXC4mWhjiqK7azGJBqU0tt5H123SzVA=="],
 
-    "@rollup/rollup-linux-arm-musleabihf": ["@rollup/rollup-linux-arm-musleabihf@4.40.2", "", { "os": "linux", "cpu": "arm" }, "sha512-urjaEZubdIkacKc930hUDOfQPysezKla/O9qV+O89enqsqUmQm8Xj8O/vh0gHg4LYfv7Y7UsE3QjzLQzDYN1qg=="],
+    "@rollup/rollup-linux-arm-musleabihf": ["@rollup/rollup-linux-arm-musleabihf@4.46.2", "", { "os": "linux", "cpu": "arm" }, "sha512-qO7F7U3u1nfxYRPM8HqFtLd+raev2K137dsV08q/LRKRLEc7RsiDWihUnrINdsWQxPR9jqZ8DIIZ1zJJAm5PjQ=="],
 
-    "@rollup/rollup-linux-arm64-gnu": ["@rollup/rollup-linux-arm64-gnu@4.40.2", "", { "os": "linux", "cpu": "arm64" }, "sha512-KlE8IC0HFOC33taNt1zR8qNlBYHj31qGT1UqWqtvR/+NuCVhfufAq9fxO8BMFC22Wu0rxOwGVWxtCMvZVLmhQg=="],
+    "@rollup/rollup-linux-arm64-gnu": ["@rollup/rollup-linux-arm64-gnu@4.46.2", "", { "os": "linux", "cpu": "arm64" }, "sha512-3dRaqLfcOXYsfvw5xMrxAk9Lb1f395gkoBYzSFcc/scgRFptRXL9DOaDpMiehf9CO8ZDRJW2z45b6fpU5nwjng=="],
 
-    "@rollup/rollup-linux-arm64-musl": ["@rollup/rollup-linux-arm64-musl@4.40.2", "", { "os": "linux", "cpu": "arm64" }, "sha512-j8CgxvfM0kbnhu4XgjnCWJQyyBOeBI1Zq91Z850aUddUmPeQvuAy6OiMdPS46gNFgy8gN1xkYyLgwLYZG3rBOg=="],
+    "@rollup/rollup-linux-arm64-musl": ["@rollup/rollup-linux-arm64-musl@4.46.2", "", { "os": "linux", "cpu": "arm64" }, "sha512-fhHFTutA7SM+IrR6lIfiHskxmpmPTJUXpWIsBXpeEwNgZzZZSg/q4i6FU4J8qOGyJ0TR+wXBwx/L7Ho9z0+uDg=="],
 
-    "@rollup/rollup-linux-loongarch64-gnu": ["@rollup/rollup-linux-loongarch64-gnu@4.40.2", "", { "os": "linux", "cpu": "none" }, "sha512-Ybc/1qUampKuRF4tQXc7G7QY9YRyeVSykfK36Y5Qc5dmrIxwFhrOzqaVTNoZygqZ1ZieSWTibfFhQ5qK8jpWxw=="],
+    "@rollup/rollup-linux-loongarch64-gnu": ["@rollup/rollup-linux-loongarch64-gnu@4.46.2", "", { "os": "linux", "cpu": "none" }, "sha512-i7wfGFXu8x4+FRqPymzjD+Hyav8l95UIZ773j7J7zRYc3Xsxy2wIn4x+llpunexXe6laaO72iEjeeGyUFmjKeA=="],
 
-    "@rollup/rollup-linux-powerpc64le-gnu": ["@rollup/rollup-linux-powerpc64le-gnu@4.40.2", "", { "os": "linux", "cpu": "ppc64" }, "sha512-3FCIrnrt03CCsZqSYAOW/k9n625pjpuMzVfeI+ZBUSDT3MVIFDSPfSUgIl9FqUftxcUXInvFah79hE1c9abD+Q=="],
+    "@rollup/rollup-linux-ppc64-gnu": ["@rollup/rollup-linux-ppc64-gnu@4.46.2", "", { "os": "linux", "cpu": "ppc64" }, "sha512-B/l0dFcHVUnqcGZWKcWBSV2PF01YUt0Rvlurci5P+neqY/yMKchGU8ullZvIv5e8Y1C6wOn+U03mrDylP5q9Yw=="],
 
-    "@rollup/rollup-linux-riscv64-gnu": ["@rollup/rollup-linux-riscv64-gnu@4.40.2", "", { "os": "linux", "cpu": "none" }, "sha512-QNU7BFHEvHMp2ESSY3SozIkBPaPBDTsfVNGx3Xhv+TdvWXFGOSH2NJvhD1zKAT6AyuuErJgbdvaJhYVhVqrWTg=="],
+    "@rollup/rollup-linux-riscv64-gnu": ["@rollup/rollup-linux-riscv64-gnu@4.46.2", "", { "os": "linux", "cpu": "none" }, "sha512-32k4ENb5ygtkMwPMucAb8MtV8olkPT03oiTxJbgkJa7lJ7dZMr0GCFJlyvy+K8iq7F/iuOr41ZdUHaOiqyR3iQ=="],
 
-    "@rollup/rollup-linux-riscv64-musl": ["@rollup/rollup-linux-riscv64-musl@4.40.2", "", { "os": "linux", "cpu": "none" }, "sha512-5W6vNYkhgfh7URiXTO1E9a0cy4fSgfE4+Hl5agb/U1sa0kjOLMLC1wObxwKxecE17j0URxuTrYZZME4/VH57Hg=="],
+    "@rollup/rollup-linux-riscv64-musl": ["@rollup/rollup-linux-riscv64-musl@4.46.2", "", { "os": "linux", "cpu": "none" }, "sha512-t5B2loThlFEauloaQkZg9gxV05BYeITLvLkWOkRXogP4qHXLkWSbSHKM9S6H1schf/0YGP/qNKtiISlxvfmmZw=="],
 
-    "@rollup/rollup-linux-s390x-gnu": ["@rollup/rollup-linux-s390x-gnu@4.40.2", "", { "os": "linux", "cpu": "s390x" }, "sha512-B7LKIz+0+p348JoAL4X/YxGx9zOx3sR+o6Hj15Y3aaApNfAshK8+mWZEf759DXfRLeL2vg5LYJBB7DdcleYCoQ=="],
+    "@rollup/rollup-linux-s390x-gnu": ["@rollup/rollup-linux-s390x-gnu@4.46.2", "", { "os": "linux", "cpu": "s390x" }, "sha512-YKjekwTEKgbB7n17gmODSmJVUIvj8CX7q5442/CK80L8nqOUbMtf8b01QkG3jOqyr1rotrAnW6B/qiHwfcuWQA=="],
 
-    "@rollup/rollup-linux-x64-gnu": ["@rollup/rollup-linux-x64-gnu@4.40.2", "", { "os": "linux", "cpu": "x64" }, "sha512-lG7Xa+BmBNwpjmVUbmyKxdQJ3Q6whHjMjzQplOs5Z+Gj7mxPtWakGHqzMqNER68G67kmCX9qX57aRsW5V0VOng=="],
+    "@rollup/rollup-linux-x64-gnu": ["@rollup/rollup-linux-x64-gnu@4.46.2", "", { "os": "linux", "cpu": "x64" }, "sha512-Jj5a9RUoe5ra+MEyERkDKLwTXVu6s3aACP51nkfnK9wJTraCC8IMe3snOfALkrjTYd2G1ViE1hICj0fZ7ALBPA=="],
 
-    "@rollup/rollup-linux-x64-musl": ["@rollup/rollup-linux-x64-musl@4.40.2", "", { "os": "linux", "cpu": "x64" }, "sha512-tD46wKHd+KJvsmije4bUskNuvWKFcTOIM9tZ/RrmIvcXnbi0YK/cKS9FzFtAm7Oxi2EhV5N2OpfFB348vSQRXA=="],
+    "@rollup/rollup-linux-x64-musl": ["@rollup/rollup-linux-x64-musl@4.46.2", "", { "os": "linux", "cpu": "x64" }, "sha512-7kX69DIrBeD7yNp4A5b81izs8BqoZkCIaxQaOpumcJ1S/kmqNFjPhDu1LHeVXv0SexfHQv5cqHsxLOjETuqDuA=="],
 
-    "@rollup/rollup-win32-arm64-msvc": ["@rollup/rollup-win32-arm64-msvc@4.40.2", "", { "os": "win32", "cpu": "arm64" }, "sha512-Bjv/HG8RRWLNkXwQQemdsWw4Mg+IJ29LK+bJPW2SCzPKOUaMmPEppQlu/Fqk1d7+DX3V7JbFdbkh/NMmurT6Pg=="],
+    "@rollup/rollup-win32-arm64-msvc": ["@rollup/rollup-win32-arm64-msvc@4.46.2", "", { "os": "win32", "cpu": "arm64" }, "sha512-wiJWMIpeaak/jsbaq2HMh/rzZxHVW1rU6coyeNNpMwk5isiPjSTx0a4YLSlYDwBH/WBvLz+EtsNqQScZTLJy3g=="],
 
-    "@rollup/rollup-win32-ia32-msvc": ["@rollup/rollup-win32-ia32-msvc@4.40.2", "", { "os": "win32", "cpu": "ia32" }, "sha512-dt1llVSGEsGKvzeIO76HToiYPNPYPkmjhMHhP00T9S4rDern8P2ZWvWAQUEJ+R1UdMWJ/42i/QqJ2WV765GZcA=="],
+    "@rollup/rollup-win32-ia32-msvc": ["@rollup/rollup-win32-ia32-msvc@4.46.2", "", { "os": "win32", "cpu": "ia32" }, "sha512-gBgaUDESVzMgWZhcyjfs9QFK16D8K6QZpwAaVNJxYDLHWayOta4ZMjGm/vsAEy3hvlS2GosVFlBlP9/Wb85DqQ=="],
 
-    "@rollup/rollup-win32-x64-msvc": ["@rollup/rollup-win32-x64-msvc@4.40.2", "", { "os": "win32", "cpu": "x64" }, "sha512-bwspbWB04XJpeElvsp+DCylKfF4trJDa2Y9Go8O6A7YLX2LIKGcNK/CYImJN6ZP4DcuOHB4Utl3iCbnR62DudA=="],
+    "@rollup/rollup-win32-x64-msvc": ["@rollup/rollup-win32-x64-msvc@4.46.2", "", { "os": "win32", "cpu": "x64" }, "sha512-CvUo2ixeIQGtF6WvuB87XWqPQkoFAFqW+HUo/WzHwuHDvIwZCtjdWXoYCcr06iKGydiqTclC4jU/TNObC/xKZg=="],
 
     "@standard-schema/utils": ["@standard-schema/utils@0.3.0", "", {}, "sha512-e7Mew686owMaPJVNNLs55PUvgz371nKgwsc4vxE49zsODpJEnxgxRo2y/OKrqueavXgZNMDVj3DdHFlaSAeU8g=="],
 
-    "@tailwindcss/node": ["@tailwindcss/node@4.1.11", "", { "dependencies": { "@ampproject/remapping": "^2.3.0", "enhanced-resolve": "^5.18.1", "jiti": "^2.4.2", "lightningcss": "1.30.1", "magic-string": "^0.30.17", "source-map-js": "^1.2.1", "tailwindcss": "4.1.11" } }, "sha512-yzhzuGRmv5QyU9qLNg4GTlYI6STedBWRE7NjxP45CsFYYq9taI0zJXZBMqIC/c8fViNLhmrbpSFS57EoxUmD6Q=="],
+    "@tailwindcss/node": ["@tailwindcss/node@4.1.14", "", { "dependencies": { "@jridgewell/remapping": "^2.3.4", "enhanced-resolve": "^5.18.3", "jiti": "^2.6.0", "lightningcss": "1.30.1", "magic-string": "^0.30.19", "source-map-js": "^1.2.1", "tailwindcss": "4.1.14" } }, "sha512-hpz+8vFk3Ic2xssIA3e01R6jkmsAhvkQdXlEbRTk6S10xDAtiQiM3FyvZVGsucefq764euO/b8WUW9ysLdThHw=="],
 
-    "@tailwindcss/oxide": ["@tailwindcss/oxide@4.1.11", "", { "dependencies": { "detect-libc": "^2.0.4", "tar": "^7.4.3" }, "optionalDependencies": { "@tailwindcss/oxide-android-arm64": "4.1.11", "@tailwindcss/oxide-darwin-arm64": "4.1.11", "@tailwindcss/oxide-darwin-x64": "4.1.11", "@tailwindcss/oxide-freebsd-x64": "4.1.11", "@tailwindcss/oxide-linux-arm-gnueabihf": "4.1.11", "@tailwindcss/oxide-linux-arm64-gnu": "4.1.11", "@tailwindcss/oxide-linux-arm64-musl": "4.1.11", "@tailwindcss/oxide-linux-x64-gnu": "4.1.11", "@tailwindcss/oxide-linux-x64-musl": "4.1.11", "@tailwindcss/oxide-wasm32-wasi": "4.1.11", "@tailwindcss/oxide-win32-arm64-msvc": "4.1.11", "@tailwindcss/oxide-win32-x64-msvc": "4.1.11" } }, "sha512-Q69XzrtAhuyfHo+5/HMgr1lAiPP/G40OMFAnws7xcFEYqcypZmdW8eGXaOUIeOl1dzPJBPENXgbjsOyhg2nkrg=="],
+    "@tailwindcss/oxide": ["@tailwindcss/oxide@4.1.14", "", { "dependencies": { "detect-libc": "^2.0.4", "tar": "^7.5.1" }, "optionalDependencies": { "@tailwindcss/oxide-android-arm64": "4.1.14", "@tailwindcss/oxide-darwin-arm64": "4.1.14", "@tailwindcss/oxide-darwin-x64": "4.1.14", "@tailwindcss/oxide-freebsd-x64": "4.1.14", "@tailwindcss/oxide-linux-arm-gnueabihf": "4.1.14", "@tailwindcss/oxide-linux-arm64-gnu": "4.1.14", "@tailwindcss/oxide-linux-arm64-musl": "4.1.14", "@tailwindcss/oxide-linux-x64-gnu": "4.1.14", "@tailwindcss/oxide-linux-x64-musl": "4.1.14", "@tailwindcss/oxide-wasm32-wasi": "4.1.14", "@tailwindcss/oxide-win32-arm64-msvc": "4.1.14", "@tailwindcss/oxide-win32-x64-msvc": "4.1.14" } }, "sha512-23yx+VUbBwCg2x5XWdB8+1lkPajzLmALEfMb51zZUBYaYVPDQvBSD/WYDqiVyBIo2BZFa3yw1Rpy3G2Jp+K0dw=="],
 
-    "@tailwindcss/oxide-android-arm64": ["@tailwindcss/oxide-android-arm64@4.1.11", "", { "os": "android", "cpu": "arm64" }, "sha512-3IfFuATVRUMZZprEIx9OGDjG3Ou3jG4xQzNTvjDoKmU9JdmoCohQJ83MYd0GPnQIu89YoJqvMM0G3uqLRFtetg=="],
+    "@tailwindcss/oxide-android-arm64": ["@tailwindcss/oxide-android-arm64@4.1.14", "", { "os": "android", "cpu": "arm64" }, "sha512-a94ifZrGwMvbdeAxWoSuGcIl6/DOP5cdxagid7xJv6bwFp3oebp7y2ImYsnZBMTwjn5Ev5xESvS3FFYUGgPODQ=="],
 
-    "@tailwindcss/oxide-darwin-arm64": ["@tailwindcss/oxide-darwin-arm64@4.1.11", "", { "os": "darwin", "cpu": "arm64" }, "sha512-ESgStEOEsyg8J5YcMb1xl8WFOXfeBmrhAwGsFxxB2CxY9evy63+AtpbDLAyRkJnxLy2WsD1qF13E97uQyP1lfQ=="],
+    "@tailwindcss/oxide-darwin-arm64": ["@tailwindcss/oxide-darwin-arm64@4.1.14", "", { "os": "darwin", "cpu": "arm64" }, "sha512-HkFP/CqfSh09xCnrPJA7jud7hij5ahKyWomrC3oiO2U9i0UjP17o9pJbxUN0IJ471GTQQmzwhp0DEcpbp4MZTA=="],
 
-    "@tailwindcss/oxide-darwin-x64": ["@tailwindcss/oxide-darwin-x64@4.1.11", "", { "os": "darwin", "cpu": "x64" }, "sha512-EgnK8kRchgmgzG6jE10UQNaH9Mwi2n+yw1jWmof9Vyg2lpKNX2ioe7CJdf9M5f8V9uaQxInenZkOxnTVL3fhAw=="],
+    "@tailwindcss/oxide-darwin-x64": ["@tailwindcss/oxide-darwin-x64@4.1.14", "", { "os": "darwin", "cpu": "x64" }, "sha512-eVNaWmCgdLf5iv6Qd3s7JI5SEFBFRtfm6W0mphJYXgvnDEAZ5sZzqmI06bK6xo0IErDHdTA5/t7d4eTfWbWOFw=="],
 
-    "@tailwindcss/oxide-freebsd-x64": ["@tailwindcss/oxide-freebsd-x64@4.1.11", "", { "os": "freebsd", "cpu": "x64" }, "sha512-xdqKtbpHs7pQhIKmqVpxStnY1skuNh4CtbcyOHeX1YBE0hArj2romsFGb6yUmzkq/6M24nkxDqU8GYrKrz+UcA=="],
+    "@tailwindcss/oxide-freebsd-x64": ["@tailwindcss/oxide-freebsd-x64@4.1.14", "", { "os": "freebsd", "cpu": "x64" }, "sha512-QWLoRXNikEuqtNb0dhQN6wsSVVjX6dmUFzuuiL09ZeXju25dsei2uIPl71y2Ic6QbNBsB4scwBoFnlBfabHkEw=="],
 
-    "@tailwindcss/oxide-linux-arm-gnueabihf": ["@tailwindcss/oxide-linux-arm-gnueabihf@4.1.11", "", { "os": "linux", "cpu": "arm" }, "sha512-ryHQK2eyDYYMwB5wZL46uoxz2zzDZsFBwfjssgB7pzytAeCCa6glsiJGjhTEddq/4OsIjsLNMAiMlHNYnkEEeg=="],
+    "@tailwindcss/oxide-linux-arm-gnueabihf": ["@tailwindcss/oxide-linux-arm-gnueabihf@4.1.14", "", { "os": "linux", "cpu": "arm" }, "sha512-VB4gjQni9+F0VCASU+L8zSIyjrLLsy03sjcR3bM0V2g4SNamo0FakZFKyUQ96ZVwGK4CaJsc9zd/obQy74o0Fw=="],
 
-    "@tailwindcss/oxide-linux-arm64-gnu": ["@tailwindcss/oxide-linux-arm64-gnu@4.1.11", "", { "os": "linux", "cpu": "arm64" }, "sha512-mYwqheq4BXF83j/w75ewkPJmPZIqqP1nhoghS9D57CLjsh3Nfq0m4ftTotRYtGnZd3eCztgbSPJ9QhfC91gDZQ=="],
+    "@tailwindcss/oxide-linux-arm64-gnu": ["@tailwindcss/oxide-linux-arm64-gnu@4.1.14", "", { "os": "linux", "cpu": "arm64" }, "sha512-qaEy0dIZ6d9vyLnmeg24yzA8XuEAD9WjpM5nIM1sUgQ/Zv7cVkharPDQcmm/t/TvXoKo/0knI3me3AGfdx6w1w=="],
 
-    "@tailwindcss/oxide-linux-arm64-musl": ["@tailwindcss/oxide-linux-arm64-musl@4.1.11", "", { "os": "linux", "cpu": "arm64" }, "sha512-m/NVRFNGlEHJrNVk3O6I9ggVuNjXHIPoD6bqay/pubtYC9QIdAMpS+cswZQPBLvVvEF6GtSNONbDkZrjWZXYNQ=="],
+    "@tailwindcss/oxide-linux-arm64-musl": ["@tailwindcss/oxide-linux-arm64-musl@4.1.14", "", { "os": "linux", "cpu": "arm64" }, "sha512-ISZjT44s59O8xKsPEIesiIydMG/sCXoMBCqsphDm/WcbnuWLxxb+GcvSIIA5NjUw6F8Tex7s5/LM2yDy8RqYBQ=="],
 
-    "@tailwindcss/oxide-linux-x64-gnu": ["@tailwindcss/oxide-linux-x64-gnu@4.1.11", "", { "os": "linux", "cpu": "x64" }, "sha512-YW6sblI7xukSD2TdbbaeQVDysIm/UPJtObHJHKxDEcW2exAtY47j52f8jZXkqE1krdnkhCMGqP3dbniu1Te2Fg=="],
+    "@tailwindcss/oxide-linux-x64-gnu": ["@tailwindcss/oxide-linux-x64-gnu@4.1.14", "", { "os": "linux", "cpu": "x64" }, "sha512-02c6JhLPJj10L2caH4U0zF8Hji4dOeahmuMl23stk0MU1wfd1OraE7rOloidSF8W5JTHkFdVo/O7uRUJJnUAJg=="],
 
-    "@tailwindcss/oxide-linux-x64-musl": ["@tailwindcss/oxide-linux-x64-musl@4.1.11", "", { "os": "linux", "cpu": "x64" }, "sha512-e3C/RRhGunWYNC3aSF7exsQkdXzQ/M+aYuZHKnw4U7KQwTJotnWsGOIVih0s2qQzmEzOFIJ3+xt7iq67K/p56Q=="],
+    "@tailwindcss/oxide-linux-x64-musl": ["@tailwindcss/oxide-linux-x64-musl@4.1.14", "", { "os": "linux", "cpu": "x64" }, "sha512-TNGeLiN1XS66kQhxHG/7wMeQDOoL0S33x9BgmydbrWAb9Qw0KYdd8o1ifx4HOGDWhVmJ+Ul+JQ7lyknQFilO3Q=="],
 
-    "@tailwindcss/oxide-wasm32-wasi": ["@tailwindcss/oxide-wasm32-wasi@4.1.11", "", { "dependencies": { "@emnapi/core": "^1.4.3", "@emnapi/runtime": "^1.4.3", "@emnapi/wasi-threads": "^1.0.2", "@napi-rs/wasm-runtime": "^0.2.11", "@tybys/wasm-util": "^0.9.0", "tslib": "^2.8.0" }, "cpu": "none" }, "sha512-Xo1+/GU0JEN/C/dvcammKHzeM6NqKovG+6921MR6oadee5XPBaKOumrJCXvopJ/Qb5TH7LX/UAywbqrP4lax0g=="],
+    "@tailwindcss/oxide-wasm32-wasi": ["@tailwindcss/oxide-wasm32-wasi@4.1.14", "", { "dependencies": { "@emnapi/core": "^1.5.0", "@emnapi/runtime": "^1.5.0", "@emnapi/wasi-threads": "^1.1.0", "@napi-rs/wasm-runtime": "^1.0.5", "@tybys/wasm-util": "^0.10.1", "tslib": "^2.4.0" }, "cpu": "none" }, "sha512-uZYAsaW/jS/IYkd6EWPJKW/NlPNSkWkBlaeVBi/WsFQNP05/bzkebUL8FH1pdsqx4f2fH/bWFcUABOM9nfiJkQ=="],
 
-    "@tailwindcss/oxide-win32-arm64-msvc": ["@tailwindcss/oxide-win32-arm64-msvc@4.1.11", "", { "os": "win32", "cpu": "arm64" }, "sha512-UgKYx5PwEKrac3GPNPf6HVMNhUIGuUh4wlDFR2jYYdkX6pL/rn73zTq/4pzUm8fOjAn5L8zDeHp9iXmUGOXZ+w=="],
+    "@tailwindcss/oxide-win32-arm64-msvc": ["@tailwindcss/oxide-win32-arm64-msvc@4.1.14", "", { "os": "win32", "cpu": "arm64" }, "sha512-Az0RnnkcvRqsuoLH2Z4n3JfAef0wElgzHD5Aky/e+0tBUxUhIeIqFBTMNQvmMRSP15fWwmvjBxZ3Q8RhsDnxAA=="],
 
-    "@tailwindcss/oxide-win32-x64-msvc": ["@tailwindcss/oxide-win32-x64-msvc@4.1.11", "", { "os": "win32", "cpu": "x64" }, "sha512-YfHoggn1j0LK7wR82TOucWc5LDCguHnoS879idHekmmiR7g9HUtMw9MI0NHatS28u/Xlkfi9w5RJWgz2Dl+5Qg=="],
+    "@tailwindcss/oxide-win32-x64-msvc": ["@tailwindcss/oxide-win32-x64-msvc@4.1.14", "", { "os": "win32", "cpu": "x64" }, "sha512-ttblVGHgf68kEE4om1n/n44I0yGPkCPbLsqzjvybhpwa6mKKtgFfAzy6btc3HRmuW7nHe0OOrSeNP9sQmmH9XA=="],
 
-    "@tailwindcss/vite": ["@tailwindcss/vite@4.1.11", "", { "dependencies": { "@tailwindcss/node": "4.1.11", "@tailwindcss/oxide": "4.1.11", "tailwindcss": "4.1.11" }, "peerDependencies": { "vite": "^5.2.0 || ^6 || ^7" } }, "sha512-RHYhrR3hku0MJFRV+fN2gNbDNEh3dwKvY8XJvTxCSXeMOsCRSr+uKvDWQcbizrHgjML6ZmTE5OwMrl5wKcujCw=="],
+    "@tailwindcss/vite": ["@tailwindcss/vite@4.1.14", "", { "dependencies": { "@tailwindcss/node": "4.1.14", "@tailwindcss/oxide": "4.1.14", "tailwindcss": "4.1.14" }, "peerDependencies": { "vite": "^5.2.0 || ^6 || ^7" } }, "sha512-BoFUoU0XqgCUS1UXWhmDJroKKhNXeDzD7/XwabjkDIAbMnc4ULn5e2FuEuBbhZ6ENZoSYzKlzvZ44Yr6EUDUSA=="],
 
-    "@tanstack/eslint-plugin-query": ["@tanstack/eslint-plugin-query@5.81.2", "", { "dependencies": { "@typescript-eslint/utils": "^8.18.1" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0" } }, "sha512-h4k6P6fm5VhKP5NkK+0TTVpGGyKQdx6tk7NYYG7J7PkSu7ClpLgBihw7yzK8N3n5zPaF3IMyErxfoNiXWH/3/A=="],
+    "@tanstack/eslint-plugin-query": ["@tanstack/eslint-plugin-query@5.91.0", "", { "dependencies": { "@typescript-eslint/utils": "^8.44.1" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0" } }, "sha512-Kn6yWyRe3dIPf7NqyDMhcsTBz2Oh8jPSOpBdlnLQhGBJ6iTMBFYA4B1UreGJ/WdfzQskSMh5imcyWF+wqa/Q5g=="],
 
-    "@tanstack/query-core": ["@tanstack/query-core@5.83.0", "", {}, "sha512-0M8dA+amXUkyz5cVUm/B+zSk3xkQAcuXuz5/Q/LveT4ots2rBpPTZOzd7yJa2Utsf8D2Upl5KyjhHRY+9lB/XA=="],
+    "@tanstack/query-core": ["@tanstack/query-core@5.90.2", "", {}, "sha512-k/TcR3YalnzibscALLwxeiLUub6jN5EDLwKDiO7q5f4ICEoptJ+n9+7vcEFy5/x/i6Q+Lb/tXrsKCggf5uQJXQ=="],
 
-    "@tanstack/react-query": ["@tanstack/react-query@5.83.0", "", { "dependencies": { "@tanstack/query-core": "5.83.0" }, "peerDependencies": { "react": "^18 || ^19" } }, "sha512-/XGYhZ3foc5H0VM2jLSD/NyBRIOK4q9kfeml4+0x2DlL6xVuAcVEW+hTlTapAmejObg0i3eNqhkr2dT+eciwoQ=="],
+    "@tanstack/react-query": ["@tanstack/react-query@5.90.2", "", { "dependencies": { "@tanstack/query-core": "5.90.2" }, "peerDependencies": { "react": "^18 || ^19" } }, "sha512-CLABiR+h5PYfOWr/z+vWFt5VsOA2ekQeRQBFSKlcoW6Ndx/f8rfyVmq4LbgOM4GG2qtxAxjLYLOpCNTYm4uKzw=="],
 
     "@types/babel__core": ["@types/babel__core@7.20.5", "", { "dependencies": { "@babel/parser": "^7.20.7", "@babel/types": "^7.20.7", "@types/babel__generator": "*", "@types/babel__template": "*", "@types/babel__traverse": "*" } }, "sha512-qoQprZvz5wQFJwMDqeseRXWv3rqMvhgpbXFfVyWhbx9X47POIA6i/+dXefEmZKoAgOaTdaIgNSMqMIU61yRyzA=="],
 
@@ -342,7 +343,7 @@
 
     "@types/debug": ["@types/debug@4.1.12", "", { "dependencies": { "@types/ms": "*" } }, "sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ=="],
 
-    "@types/estree": ["@types/estree@1.0.7", "", {}, "sha512-w28IoSUCJpidD/TGviZwwMJckNESJZXFu7NBZ5YJ4mEUnNraUn9Pm8HSZm/jDF1pDWYKspWE7oVphigUPRakIQ=="],
+    "@types/estree": ["@types/estree@1.0.8", "", {}, "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w=="],
 
     "@types/estree-jsx": ["@types/estree-jsx@1.0.5", "", { "dependencies": { "@types/estree": "*" } }, "sha512-52CcUVNFyfb1A2ALocQw/Dd1BQFNmSdkuC3BkZ6iqhdMfQz7JWOFRuJFloOzjk+6WijU56m9oKXFAXc7o3Towg=="],
 
@@ -354,39 +355,37 @@
 
     "@types/ms": ["@types/ms@2.1.0", "", {}, "sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA=="],
 
-    "@types/node": ["@types/node@24.0.14", "", { "dependencies": { "undici-types": "~7.8.0" } }, "sha512-4zXMWD91vBLGRtHK3YbIoFMia+1nqEz72coM42C5ETjnNCa/heoj7NT1G67iAfOqMmcfhuCZ4uNpyz8EjlAejw=="],
+    "@types/node": ["@types/node@24.6.2", "", { "dependencies": { "undici-types": "~7.13.0" } }, "sha512-d2L25Y4j+W3ZlNAeMKcy7yDsK425ibcAOO2t7aPTz6gNMH0z2GThtwENCDc0d/Pw9wgyRqE5Px1wkV7naz8ang=="],
 
-    "@types/react": ["@types/react@19.1.8", "", { "dependencies": { "csstype": "^3.0.2" } }, "sha512-AwAfQ2Wa5bCx9WP8nZL2uMZWod7J7/JSplxbTmBQ5ms6QpqNYm672H0Vu9ZVKVngQ+ii4R/byguVEUZQyeg44g=="],
+    "@types/react": ["@types/react@19.2.0", "", { "dependencies": { "csstype": "^3.0.2" } }, "sha512-1LOH8xovvsKsCBq1wnT4ntDUdCJKmnEakhsuoUSy6ExlHCkGP2hqnatagYTgFk6oeL0VU31u7SNjunPN+GchtA=="],
 
-    "@types/react-dom": ["@types/react-dom@19.1.6", "", { "peerDependencies": { "@types/react": "^19.0.0" } }, "sha512-4hOiT/dwO8Ko0gV1m/TJZYk3y0KBnY9vzDh7W+DH17b2HFSOGgdj33dhihPeuy3l0q23+4e+hoXHV6hCC4dCXw=="],
-
-    "@types/trusted-types": ["@types/trusted-types@2.0.7", "", {}, "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw=="],
+    "@types/react-dom": ["@types/react-dom@19.2.0", "", { "peerDependencies": { "@types/react": "^19.2.0" } }, "sha512-brtBs0MnE9SMx7px208g39lRmC5uHZs96caOJfTjFcYSLHNamvaSMfJNagChVNkup2SdtOxKX1FDBkRSJe1ZAg=="],
 
     "@types/unist": ["@types/unist@3.0.3", "", {}, "sha512-ko/gIFJRv177XgZsZcBwnqJN5x/Gien8qNOn0D5bQU/zAzVf9Zt3BlcUiLqhV9y4ARk0GbT3tnUiPNgnTXzc/Q=="],
 
-    "@typescript-eslint/eslint-plugin": ["@typescript-eslint/eslint-plugin@8.37.0", "", { "dependencies": { "@eslint-community/regexpp": "^4.10.0", "@typescript-eslint/scope-manager": "8.37.0", "@typescript-eslint/type-utils": "8.37.0", "@typescript-eslint/utils": "8.37.0", "@typescript-eslint/visitor-keys": "8.37.0", "graphemer": "^1.4.0", "ignore": "^7.0.0", "natural-compare": "^1.4.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "@typescript-eslint/parser": "^8.37.0", "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <5.9.0" } }, "sha512-jsuVWeIkb6ggzB+wPCsR4e6loj+rM72ohW6IBn2C+5NCvfUVY8s33iFPySSVXqtm5Hu29Ne/9bnA0JmyLmgenA=="],
+    "@typescript-eslint/eslint-plugin": ["@typescript-eslint/eslint-plugin@8.45.0", "", { "dependencies": { "@eslint-community/regexpp": "^4.10.0", "@typescript-eslint/scope-manager": "8.45.0", "@typescript-eslint/type-utils": "8.45.0", "@typescript-eslint/utils": "8.45.0", "@typescript-eslint/visitor-keys": "8.45.0", "graphemer": "^1.4.0", "ignore": "^7.0.0", "natural-compare": "^1.4.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "@typescript-eslint/parser": "^8.45.0", "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-HC3y9CVuevvWCl/oyZuI47dOeDF9ztdMEfMH8/DW/Mhwa9cCLnK1oD7JoTVGW/u7kFzNZUKUoyJEqkaJh5y3Wg=="],
 
-    "@typescript-eslint/parser": ["@typescript-eslint/parser@8.37.0", "", { "dependencies": { "@typescript-eslint/scope-manager": "8.37.0", "@typescript-eslint/types": "8.37.0", "@typescript-eslint/typescript-estree": "8.37.0", "@typescript-eslint/visitor-keys": "8.37.0", "debug": "^4.3.4" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <5.9.0" } }, "sha512-kVIaQE9vrN9RLCQMQ3iyRlVJpTiDUY6woHGb30JDkfJErqrQEmtdWH3gV0PBAfGZgQXoqzXOO0T3K6ioApbbAA=="],
+    "@typescript-eslint/parser": ["@typescript-eslint/parser@8.45.0", "", { "dependencies": { "@typescript-eslint/scope-manager": "8.45.0", "@typescript-eslint/types": "8.45.0", "@typescript-eslint/typescript-estree": "8.45.0", "@typescript-eslint/visitor-keys": "8.45.0", "debug": "^4.3.4" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-TGf22kon8KW+DeKaUmOibKWktRY8b2NSAZNdtWh798COm1NWx8+xJ6iFBtk3IvLdv6+LGLJLRlyhrhEDZWargQ=="],
 
-    "@typescript-eslint/project-service": ["@typescript-eslint/project-service@8.37.0", "", { "dependencies": { "@typescript-eslint/tsconfig-utils": "^8.37.0", "@typescript-eslint/types": "^8.37.0", "debug": "^4.3.4" }, "peerDependencies": { "typescript": ">=4.8.4 <5.9.0" } }, "sha512-BIUXYsbkl5A1aJDdYJCBAo8rCEbAvdquQ8AnLb6z5Lp1u3x5PNgSSx9A/zqYc++Xnr/0DVpls8iQ2cJs/izTXA=="],
+    "@typescript-eslint/project-service": ["@typescript-eslint/project-service@8.45.0", "", { "dependencies": { "@typescript-eslint/tsconfig-utils": "^8.45.0", "@typescript-eslint/types": "^8.45.0", "debug": "^4.3.4" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-3pcVHwMG/iA8afdGLMuTibGR7pDsn9RjDev6CCB+naRsSYs2pns5QbinF4Xqw6YC/Sj3lMrm/Im0eMfaa61WUg=="],
 
-    "@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.34.1", "", { "dependencies": { "@typescript-eslint/types": "8.34.1", "@typescript-eslint/visitor-keys": "8.34.1" } }, "sha512-beu6o6QY4hJAgL1E8RaXNC071G4Kso2MGmJskCFQhRhg8VOH/FDbC8soP8NHN7e/Hdphwp8G8cE6OBzC8o41ZA=="],
+    "@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.45.0", "", { "dependencies": { "@typescript-eslint/types": "8.45.0", "@typescript-eslint/visitor-keys": "8.45.0" } }, "sha512-clmm8XSNj/1dGvJeO6VGH7EUSeA0FMs+5au/u3lrA3KfG8iJ4u8ym9/j2tTEoacAffdW1TVUzXO30W1JTJS7dA=="],
 
-    "@typescript-eslint/tsconfig-utils": ["@typescript-eslint/tsconfig-utils@8.37.0", "", { "peerDependencies": { "typescript": ">=4.8.4 <5.9.0" } }, "sha512-1/YHvAVTimMM9mmlPvTec9NP4bobA1RkDbMydxG8omqwJJLEW/Iy2C4adsAESIXU3WGLXFHSZUU+C9EoFWl4Zg=="],
+    "@typescript-eslint/tsconfig-utils": ["@typescript-eslint/tsconfig-utils@8.45.0", "", { "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-aFdr+c37sc+jqNMGhH+ajxPXwjv9UtFZk79k8pLoJ6p4y0snmYpPA52GuWHgt2ZF4gRRW6odsEj41uZLojDt5w=="],
 
-    "@typescript-eslint/type-utils": ["@typescript-eslint/type-utils@8.37.0", "", { "dependencies": { "@typescript-eslint/types": "8.37.0", "@typescript-eslint/typescript-estree": "8.37.0", "@typescript-eslint/utils": "8.37.0", "debug": "^4.3.4", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <5.9.0" } }, "sha512-SPkXWIkVZxhgwSwVq9rqj/4VFo7MnWwVaRNznfQDc/xPYHjXnPfLWn+4L6FF1cAz6e7dsqBeMawgl7QjUMj4Ow=="],
+    "@typescript-eslint/type-utils": ["@typescript-eslint/type-utils@8.45.0", "", { "dependencies": { "@typescript-eslint/types": "8.45.0", "@typescript-eslint/typescript-estree": "8.45.0", "@typescript-eslint/utils": "8.45.0", "debug": "^4.3.4", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-bpjepLlHceKgyMEPglAeULX1vixJDgaKocp0RVJ5u4wLJIMNuKtUXIczpJCPcn2waII0yuvks/5m5/h3ZQKs0A=="],
 
-    "@typescript-eslint/types": ["@typescript-eslint/types@8.34.1", "", {}, "sha512-rjLVbmE7HR18kDsjNIZQHxmv9RZwlgzavryL5Lnj2ujIRTeXlKtILHgRNmQ3j4daw7zd+mQgy+uyt6Zo6I0IGA=="],
+    "@typescript-eslint/types": ["@typescript-eslint/types@8.45.0", "", {}, "sha512-WugXLuOIq67BMgQInIxxnsSyRLFxdkJEJu8r4ngLR56q/4Q5LrbfkFRH27vMTjxEK8Pyz7QfzuZe/G15qQnVRA=="],
 
-    "@typescript-eslint/typescript-estree": ["@typescript-eslint/typescript-estree@8.37.0", "", { "dependencies": { "@typescript-eslint/project-service": "8.37.0", "@typescript-eslint/tsconfig-utils": "8.37.0", "@typescript-eslint/types": "8.37.0", "@typescript-eslint/visitor-keys": "8.37.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "typescript": ">=4.8.4 <5.9.0" } }, "sha512-zuWDMDuzMRbQOM+bHyU4/slw27bAUEcKSKKs3hcv2aNnc/tvE/h7w60dwVw8vnal2Pub6RT1T7BI8tFZ1fE+yg=="],
+    "@typescript-eslint/typescript-estree": ["@typescript-eslint/typescript-estree@8.45.0", "", { "dependencies": { "@typescript-eslint/project-service": "8.45.0", "@typescript-eslint/tsconfig-utils": "8.45.0", "@typescript-eslint/types": "8.45.0", "@typescript-eslint/visitor-keys": "8.45.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "typescript": ">=4.8.4 <6.0.0" } }, "sha512-GfE1NfVbLam6XQ0LcERKwdTTPlLvHvXXhOeUGC1OXi4eQBoyy1iVsW+uzJ/J9jtCz6/7GCQ9MtrQ0fml/jWCnA=="],
 
-    "@typescript-eslint/utils": ["@typescript-eslint/utils@8.34.1", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.34.1", "@typescript-eslint/types": "8.34.1", "@typescript-eslint/typescript-estree": "8.34.1" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <5.9.0" } }, "sha512-mqOwUdZ3KjtGk7xJJnLbHxTuWVn3GO2WZZuM+Slhkun4+qthLdXx32C8xIXbO1kfCECb3jIs3eoxK3eryk7aoQ=="],
+    "@typescript-eslint/utils": ["@typescript-eslint/utils@8.45.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.45.0", "@typescript-eslint/types": "8.45.0", "@typescript-eslint/typescript-estree": "8.45.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-bxi1ht+tLYg4+XV2knz/F7RVhU0k6VrSMc9sb8DQ6fyCTrGQLHfo7lDtN0QJjZjKkLA2ThrKuCdHEvLReqtIGg=="],
 
-    "@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.37.0", "", { "dependencies": { "@typescript-eslint/types": "8.37.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-YzfhzcTnZVPiLfP/oeKtDp2evwvHLMe0LOy7oe+hb9KKIumLNohYS9Hgp1ifwpu42YWxhZE8yieggz6JpqO/1w=="],
+    "@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.45.0", "", { "dependencies": { "@typescript-eslint/types": "8.45.0", "eslint-visitor-keys": "^4.2.1" } }, "sha512-qsaFBA3e09MIDAGFUrTk+dzqtfv1XPVz8t8d1f0ybTzrCY7BKiMC5cjrl1O/P7UmHsNyW90EYSkU/ZWpmXelag=="],
 
     "@ungap/structured-clone": ["@ungap/structured-clone@1.3.0", "", {}, "sha512-WmoN8qaIAo7WTYWbAZuG8PYEhn5fkz7dZrqTBZ7dtt//lL2Gwms1IcnQ5yHqjDfX8Ft5j4YzDM23f87zBfDe9g=="],
 
-    "@vitejs/plugin-react": ["@vitejs/plugin-react@4.6.0", "", { "dependencies": { "@babel/core": "^7.27.4", "@babel/plugin-transform-react-jsx-self": "^7.27.1", "@babel/plugin-transform-react-jsx-source": "^7.27.1", "@rolldown/pluginutils": "1.0.0-beta.19", "@types/babel__core": "^7.20.5", "react-refresh": "^0.17.0" }, "peerDependencies": { "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0-beta.0" } }, "sha512-5Kgff+m8e2PB+9j51eGHEpn5kUzRKH2Ry0qGoe8ItJg7pqnkPrYPkDQZGgGmTa0EGarHrkjLvOdU3b1fzI8otQ=="],
+    "@vitejs/plugin-react": ["@vitejs/plugin-react@5.0.4", "", { "dependencies": { "@babel/core": "^7.28.4", "@babel/plugin-transform-react-jsx-self": "^7.27.1", "@babel/plugin-transform-react-jsx-source": "^7.27.1", "@rolldown/pluginutils": "1.0.0-beta.38", "@types/babel__core": "^7.20.5", "react-refresh": "^0.17.0" }, "peerDependencies": { "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0" } }, "sha512-La0KD0vGkVkSk6K+piWDKRUyg8Rl5iAIKRMH0vMJI0Eg47bq1eOxmoObAaQG37WMW9MSyk7Cs8EIWwJC1PtzKA=="],
 
     "acorn": ["acorn@8.15.0", "", { "bin": { "acorn": "bin/acorn" } }, "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg=="],
 
@@ -402,7 +401,7 @@
 
     "asynckit": ["asynckit@0.4.0", "", {}, "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q=="],
 
-    "axios": ["axios@1.10.0", "", { "dependencies": { "follow-redirects": "^1.15.6", "form-data": "^4.0.0", "proxy-from-env": "^1.1.0" } }, "sha512-/1xYAC4MP/HEG+3duIhFr4ZQXR4sQXOIe+o6sdqzeykGLx6Upp/1p8MHqhINOvGeP7xyNHe7tsiJByc4SSVUxw=="],
+    "axios": ["axios@1.12.2", "", { "dependencies": { "follow-redirects": "^1.15.6", "form-data": "^4.0.4", "proxy-from-env": "^1.1.0" } }, "sha512-vMJzPewAlRyOgxV2dU0Cuz2O8zzzx9VYtbJOaBgXFeLc4IV/Eg50n4LowmehOOR61S8ZMpc2K5Sa7g6A4jfkUw=="],
 
     "bail": ["bail@2.0.2", "", {}, "sha512-0xO6mYd7JB2YesxDKplafRpsiOzPt9V02ddPCLbY1xYGPOX24NTyN50qnUxgCPcSoYMhKpAuBTjQoRZCAkUDRw=="],
 
@@ -472,13 +471,11 @@
 
     "devlop": ["devlop@1.1.0", "", { "dependencies": { "dequal": "^2.0.0" } }, "sha512-RWmIqhcFf1lRYBvNmr7qTNuyCt/7/ns2jbpp1+PalgE/rDQcBT0fioSMUpJ93irlUhC5hrg4cYqe6U+0ImW0rA=="],
 
-    "dompurify": ["dompurify@3.2.6", "", { "optionalDependencies": { "@types/trusted-types": "^2.0.7" } }, "sha512-/2GogDQlohXPZe6D6NOgQvXLPSYBqIWMnZ8zzOhn09REE4eyAzb+Hed3jhoM9OkuaJ8P6ZGTTVWQKAi8ieIzfQ=="],
-
     "dunder-proto": ["dunder-proto@1.0.1", "", { "dependencies": { "call-bind-apply-helpers": "^1.0.1", "es-errors": "^1.3.0", "gopd": "^1.2.0" } }, "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A=="],
 
     "electron-to-chromium": ["electron-to-chromium@1.5.151", "", {}, "sha512-Rl6uugut2l9sLojjS4H4SAr3A4IgACMLgpuEMPYCVcKydzfyPrn5absNRju38IhQOf/NwjJY8OGWjlteqYeBCA=="],
 
-    "enhanced-resolve": ["enhanced-resolve@5.18.1", "", { "dependencies": { "graceful-fs": "^4.2.4", "tapable": "^2.2.0" } }, "sha512-ZSW3ma5GkcQBIpwZTSRAI8N71Uuwgs93IezB7mf7R60tC8ZbJideoDNKjHn2O9KIlx6rkGTTEk1xUCK2E1Y2Yg=="],
+    "enhanced-resolve": ["enhanced-resolve@5.18.3", "", { "dependencies": { "graceful-fs": "^4.2.4", "tapable": "^2.2.0" } }, "sha512-d4lC8xfavMeBjzGr2vECC3fsGXziXZQyJxD868h2M/mBI3PwAuODxAkLkq5HYuvrPYcUtiLzsTo8U3PgX3Ocww=="],
 
     "es-define-property": ["es-define-property@1.0.1", "", {}, "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g=="],
 
@@ -494,11 +491,11 @@
 
     "escape-string-regexp": ["escape-string-regexp@4.0.0", "", {}, "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA=="],
 
-    "eslint": ["eslint@9.31.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.12.1", "@eslint/config-array": "^0.21.0", "@eslint/config-helpers": "^0.3.0", "@eslint/core": "^0.15.0", "@eslint/eslintrc": "^3.3.1", "@eslint/js": "9.31.0", "@eslint/plugin-kit": "^0.3.1", "@humanfs/node": "^0.16.6", "@humanwhocodes/module-importer": "^1.0.1", "@humanwhocodes/retry": "^0.4.2", "@types/estree": "^1.0.6", "@types/json-schema": "^7.0.15", "ajv": "^6.12.4", "chalk": "^4.0.0", "cross-spawn": "^7.0.6", "debug": "^4.3.2", "escape-string-regexp": "^4.0.0", "eslint-scope": "^8.4.0", "eslint-visitor-keys": "^4.2.1", "espree": "^10.4.0", "esquery": "^1.5.0", "esutils": "^2.0.2", "fast-deep-equal": "^3.1.3", "file-entry-cache": "^8.0.0", "find-up": "^5.0.0", "glob-parent": "^6.0.2", "ignore": "^5.2.0", "imurmurhash": "^0.1.4", "is-glob": "^4.0.0", "json-stable-stringify-without-jsonify": "^1.0.1", "lodash.merge": "^4.6.2", "minimatch": "^3.1.2", "natural-compare": "^1.4.0", "optionator": "^0.9.3" }, "peerDependencies": { "jiti": "*" }, "optionalPeers": ["jiti"], "bin": { "eslint": "bin/eslint.js" } }, "sha512-QldCVh/ztyKJJZLr4jXNUByx3gR+TDYZCRXEktiZoUR3PGy4qCmSbkxcIle8GEwGpb5JBZazlaJ/CxLidXdEbQ=="],
+    "eslint": ["eslint@9.36.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.8.0", "@eslint-community/regexpp": "^4.12.1", "@eslint/config-array": "^0.21.0", "@eslint/config-helpers": "^0.3.1", "@eslint/core": "^0.15.2", "@eslint/eslintrc": "^3.3.1", "@eslint/js": "9.36.0", "@eslint/plugin-kit": "^0.3.5", "@humanfs/node": "^0.16.6", "@humanwhocodes/module-importer": "^1.0.1", "@humanwhocodes/retry": "^0.4.2", "@types/estree": "^1.0.6", "@types/json-schema": "^7.0.15", "ajv": "^6.12.4", "chalk": "^4.0.0", "cross-spawn": "^7.0.6", "debug": "^4.3.2", "escape-string-regexp": "^4.0.0", "eslint-scope": "^8.4.0", "eslint-visitor-keys": "^4.2.1", "espree": "^10.4.0", "esquery": "^1.5.0", "esutils": "^2.0.2", "fast-deep-equal": "^3.1.3", "file-entry-cache": "^8.0.0", "find-up": "^5.0.0", "glob-parent": "^6.0.2", "ignore": "^5.2.0", "imurmurhash": "^0.1.4", "is-glob": "^4.0.0", "json-stable-stringify-without-jsonify": "^1.0.1", "lodash.merge": "^4.6.2", "minimatch": "^3.1.2", "natural-compare": "^1.4.0", "optionator": "^0.9.3" }, "peerDependencies": { "jiti": "*" }, "optionalPeers": ["jiti"], "bin": { "eslint": "bin/eslint.js" } }, "sha512-hB4FIzXovouYzwzECDcUkJ4OcfOEkXTv2zRY6B9bkwjx/cprAq0uvm1nl7zvQ0/TsUk0zQiN4uPfJpB9m+rPMQ=="],
 
     "eslint-plugin-react-hooks": ["eslint-plugin-react-hooks@5.2.0", "", { "peerDependencies": { "eslint": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-0 || ^9.0.0" } }, "sha512-+f15FfK64YQwZdJNELETdn5ibXEUQmW1DZL6KXhNnc2heoy/sg9VJJeT7n8TlMWouzWqSWavFkIhHyIbIAEapg=="],
 
-    "eslint-plugin-react-refresh": ["eslint-plugin-react-refresh@0.4.20", "", { "peerDependencies": { "eslint": ">=8.40" } }, "sha512-XpbHQ2q5gUF8BGOX4dHe+71qoirYMhApEPZ7sfhF/dNnOF1UXnCMGZf79SFTBO7Bz5YEIT4TMieSlJBWhP9WBA=="],
+    "eslint-plugin-react-refresh": ["eslint-plugin-react-refresh@0.4.23", "", { "peerDependencies": { "eslint": ">=8.40" } }, "sha512-G4j+rv0NmbIR45kni5xJOrYvCtyD3/7LjpVH8MPPcudXDcNu8gv+4ATTDXTtbRR8rTCM5HxECvCSsRmxKnWDsA=="],
 
     "eslint-scope": ["eslint-scope@8.4.0", "", { "dependencies": { "esrecurse": "^4.3.0", "estraverse": "^5.2.0" } }, "sha512-sNXOfKCn74rt8RICKMvJS7XKV/Xk9kA7DyJr8mJik3S7Cwgy3qlkkmyS2uQB3jiJg6VNdZd/pDBJu0nvG2NlTg=="],
 
@@ -528,7 +525,7 @@
 
     "fastq": ["fastq@1.19.1", "", { "dependencies": { "reusify": "^1.0.4" } }, "sha512-GwLTyxkCXjXbxqIhTsMI2Nui8huMPtnxg7krajPJAjnEG/iiOS7i+zCtWGZR9G0NBKbXKh6X9m9UIsYX/N6vvQ=="],
 
-    "fdir": ["fdir@6.4.6", "", { "peerDependencies": { "picomatch": "^3 || ^4" }, "optionalPeers": ["picomatch"] }, "sha512-hiFoqpyZcfNm1yc4u8oWCf9A2c4D3QjCrks3zmoVKVxpQRzmPNar1hUJcBG2RQHvEVGDN+Jm81ZheVLAQMK6+w=="],
+    "fdir": ["fdir@6.5.0", "", { "peerDependencies": { "picomatch": "^3 || ^4" }, "optionalPeers": ["picomatch"] }, "sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg=="],
 
     "file-entry-cache": ["file-entry-cache@8.0.0", "", { "dependencies": { "flat-cache": "^4.0.0" } }, "sha512-XXTUwCvisa5oacNGRP9SfNtYBNAMi+RPwBFmblZEF7N7swHYQS6/Zfk7SRwx4D5j3CH211YNRco1DEMNVfZCnQ=="],
 
@@ -542,7 +539,7 @@
 
     "follow-redirects": ["follow-redirects@1.15.9", "", {}, "sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ=="],
 
-    "form-data": ["form-data@4.0.2", "", { "dependencies": { "asynckit": "^0.4.0", "combined-stream": "^1.0.8", "es-set-tostringtag": "^2.1.0", "mime-types": "^2.1.12" } }, "sha512-hGfm/slu0ZabnNt4oaRZ6uREyfCj6P4fT/n6A1rGV+Z0VdGXjfOhVUpkn6qVQONHGIFwmveGXyDs75+nr6FM8w=="],
+    "form-data": ["form-data@4.0.4", "", { "dependencies": { "asynckit": "^0.4.0", "combined-stream": "^1.0.8", "es-set-tostringtag": "^2.1.0", "hasown": "^2.0.2", "mime-types": "^2.1.12" } }, "sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow=="],
 
     "fsevents": ["fsevents@2.3.3", "", { "os": "darwin" }, "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw=="],
 
@@ -558,7 +555,7 @@
 
     "glob-parent": ["glob-parent@6.0.2", "", { "dependencies": { "is-glob": "^4.0.3" } }, "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A=="],
 
-    "globals": ["globals@16.3.0", "", {}, "sha512-bqWEnJ1Nt3neqx2q5SFfGS8r/ahumIakg3HcwtNlrVlwXIeNumWn/c7Pn/wKzGhf6SaW6H6uWXLqC30STCMchQ=="],
+    "globals": ["globals@16.4.0", "", {}, "sha512-ob/2LcVVaVGCYN+r14cnwnoDPUufjiYgSqRhiFD0Q1iI4Odora5RE8Iv1D24hAz5oMophRGkGz+yuvQmmUMnMw=="],
 
     "gopd": ["gopd@1.2.0", "", {}, "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg=="],
 
@@ -582,7 +579,7 @@
 
     "html-url-attributes": ["html-url-attributes@3.0.1", "", {}, "sha512-ol6UPyBWqsrO6EJySPz2O7ZSr856WDrEzM5zMqp+FJJLGMW35cLYmmZnl0vztAZxRUoNZJFTCohfjuIJ8I4QBQ=="],
 
-    "i18next": ["i18next@25.3.2", "", { "dependencies": { "@babel/runtime": "^7.27.6" }, "peerDependencies": { "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-JSnbZDxRVbphc5jiptxr3o2zocy5dEqpVm9qCGdJwRNO+9saUJS0/u4LnM/13C23fUEWxAylPqKU/NpMV/IjqA=="],
+    "i18next": ["i18next@25.5.3", "", { "dependencies": { "@babel/runtime": "^7.27.6" }, "peerDependencies": { "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-joFqorDeQ6YpIXni944upwnuHBf5IoPMuqAchGVeQLdWC2JOjxgM9V8UGLhNIIH/Q8QleRxIi0BSRQehSrDLcg=="],
 
     "i18next-browser-languagedetector": ["i18next-browser-languagedetector@8.2.0", "", { "dependencies": { "@babel/runtime": "^7.23.2" } }, "sha512-P+3zEKLnOF0qmiesW383vsLdtQVyKtCNA9cjSoKCppTKPQVfKd2W8hbVo5ZhNJKDqeM7BOcvNoKJOjpHh4Js9g=="],
 
@@ -666,9 +663,9 @@
 
     "lru-cache": ["lru-cache@5.1.1", "", { "dependencies": { "yallist": "^3.0.2" } }, "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w=="],
 
-    "lucide-react": ["lucide-react@0.525.0", "", { "peerDependencies": { "react": "^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-Tm1txJ2OkymCGkvwoHt33Y2JpN5xucVq1slHcgE6Lk0WjDfjgKWor5CdVER8U6DvcfMwh4M8XxmpTiyzfmfDYQ=="],
+    "lucide-react": ["lucide-react@0.544.0", "", { "peerDependencies": { "react": "^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-t5tS44bqd825zAW45UQxpG2CvcC4urOwn2TrwSH8u+MjeE+1NnWl6QqeQ/6NdjMqdOygyiT9p3Ev0p1NJykxjw=="],
 
-    "magic-string": ["magic-string@0.30.17", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.0" } }, "sha512-sNPKHvyjVf7gyjwS4xGTaW/mCnF8wnjtifKBEhxfZ7E/S8tQ0rssrwGNn6q8JH/ohItJfSQp9mBtQYuTlH5QnA=="],
+    "magic-string": ["magic-string@0.30.19", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.5" } }, "sha512-2N21sPY9Ws53PZvsEpVtNuSW+ScYbQdp4b9qUaL+9QkHUrGFKo56Lg9Emg5s9V/qrtNBmiR01sYhUOwu3H+VOw=="],
 
     "math-intrinsics": ["math-intrinsics@1.1.0", "", {}, "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g=="],
 
@@ -742,9 +739,7 @@
 
     "minipass": ["minipass@7.1.2", "", {}, "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw=="],
 
-    "minizlib": ["minizlib@3.0.2", "", { "dependencies": { "minipass": "^7.1.2" } }, "sha512-oG62iEk+CYt5Xj2YqI5Xi9xWUeZhDI8jjQmC5oThVH5JGCTgIjr7ciJDzC7MBzYd//WvR1OTmP5Q38Q8ShQtVA=="],
-
-    "mkdirp": ["mkdirp@3.0.1", "", { "bin": { "mkdirp": "dist/cjs/src/bin.js" } }, "sha512-+NsyUUAZDmo6YVHzL/stxSu3t9YS1iljliy3BSDrXJ/dkn1KYdmtZODGGjLcc9XLgVVpH4KshHB8XmZgMhaBXg=="],
+    "minizlib": ["minizlib@3.1.0", "", { "dependencies": { "minipass": "^7.1.2" } }, "sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw=="],
 
     "ms": ["ms@2.1.3", "", {}, "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="],
 
@@ -772,7 +767,7 @@
 
     "picocolors": ["picocolors@1.1.1", "", {}, "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA=="],
 
-    "picomatch": ["picomatch@4.0.2", "", {}, "sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg=="],
+    "picomatch": ["picomatch@4.0.3", "", {}, "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q=="],
 
     "postcss": ["postcss@8.5.6", "", { "dependencies": { "nanoid": "^3.3.11", "picocolors": "^1.1.1", "source-map-js": "^1.2.1" } }, "sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg=="],
 
@@ -788,13 +783,13 @@
 
     "queue-microtask": ["queue-microtask@1.2.3", "", {}, "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A=="],
 
-    "react": ["react@19.1.0", "", {}, "sha512-FS+XFBNvn3GTAWq26joslQgWNoFu08F4kl0J4CgdNKADkdSGXQyTCnKteIAJy96Br6YbpEU1LSzV5dYtjMkMDg=="],
+    "react": ["react@19.2.0", "", {}, "sha512-tmbWg6W31tQLeB5cdIBOicJDJRR2KzXsV7uSK9iNfLWQ5bIZfxuPEHp7M8wiHyHnn0DD1i7w3Zmin0FtkrwoCQ=="],
 
-    "react-dom": ["react-dom@19.1.0", "", { "dependencies": { "scheduler": "^0.26.0" }, "peerDependencies": { "react": "^19.1.0" } }, "sha512-Xs1hdnE+DyKgeHJeJznQmYMIBG3TKIHJJT95Q58nHLSrElKlGQqDTR2HQ9fx5CN/Gk6Vh/kupBTDLU11/nDk/g=="],
+    "react-dom": ["react-dom@19.2.0", "", { "dependencies": { "scheduler": "^0.27.0" }, "peerDependencies": { "react": "^19.2.0" } }, "sha512-UlbRu4cAiGaIewkPyiRGJk0imDN2T3JjieT6spoL2UeSf5od4n5LB/mQ4ejmxhCFT1tYe8IvaFulzynWovsEFQ=="],
 
-    "react-hook-form": ["react-hook-form@7.60.0", "", { "peerDependencies": { "react": "^16.8.0 || ^17 || ^18 || ^19" } }, "sha512-SBrYOvMbDB7cV8ZfNpaiLcgjH/a1c7aK0lK+aNigpf4xWLO8q+o4tcvVurv3c4EOyzn/3dCsYt4GKD42VvJ/+A=="],
+    "react-hook-form": ["react-hook-form@7.63.0", "", { "peerDependencies": { "react": "^16.8.0 || ^17 || ^18 || ^19" } }, "sha512-ZwueDMvUeucovM2VjkCf7zIHcs1aAlDimZu2Hvel5C5907gUzMpm4xCrQXtRzCvsBqFjonB4m3x4LzCFI1ZKWA=="],
 
-    "react-i18next": ["react-i18next@15.6.0", "", { "dependencies": { "@babel/runtime": "^7.27.6", "html-parse-stringify": "^3.0.1" }, "peerDependencies": { "i18next": ">= 23.2.3", "react": ">= 16.8.0", "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-W135dB0rDfiFmbMipC17nOhGdttO5mzH8BivY+2ybsQBbXvxWIwl3cmeH3T9d+YPBSJu/ouyJKFJTtkK7rJofw=="],
+    "react-i18next": ["react-i18next@15.7.3", "", { "dependencies": { "@babel/runtime": "^7.27.6", "html-parse-stringify": "^3.0.1" }, "peerDependencies": { "i18next": ">= 25.4.1", "react": ">= 16.8.0", "typescript": "^5" }, "optionalPeers": ["typescript"] }, "sha512-AANws4tOE+QSq/IeMF/ncoHlMNZaVLxpa5uUGW1wjike68elVYr0018L9xYoqBr1OFO7G7boDPrbn0HpMCJxTw=="],
 
     "react-markdown": ["react-markdown@10.1.0", "", { "dependencies": { "@types/hast": "^3.0.0", "@types/mdast": "^4.0.0", "devlop": "^1.0.0", "hast-util-to-jsx-runtime": "^2.0.0", "html-url-attributes": "^3.0.0", "mdast-util-to-hast": "^13.0.0", "remark-parse": "^11.0.0", "remark-rehype": "^11.0.0", "unified": "^11.0.0", "unist-util-visit": "^5.0.0", "vfile": "^6.0.0" }, "peerDependencies": { "@types/react": ">=18", "react": ">=18" } }, "sha512-qKxVopLT/TyA6BX3Ue5NwabOsAzm0Q7kAPwq6L+wWDwisYs7R8vZ0nRXqq6rkueboxpkjvLGU9fWifiX/ZZFxQ=="],
 
@@ -804,7 +799,7 @@
 
     "react-remove-scroll-bar": ["react-remove-scroll-bar@2.3.8", "", { "dependencies": { "react-style-singleton": "^2.2.2", "tslib": "^2.0.0" }, "peerDependencies": { "@types/react": "*", "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" }, "optionalPeers": ["@types/react"] }, "sha512-9r+yi9+mgU33AKcj6IbT9oRCO78WriSj6t/cF8DWBZJ9aOGPOTEDvdUDz1FwKim7QXWwmHqtdHnRJfhAxEG46Q=="],
 
-    "react-router": ["react-router@7.6.3", "", { "dependencies": { "cookie": "^1.0.1", "set-cookie-parser": "^2.6.0" }, "peerDependencies": { "react": ">=18", "react-dom": ">=18" }, "optionalPeers": ["react-dom"] }, "sha512-zf45LZp5skDC6I3jDLXQUu0u26jtuP4lEGbc7BbdyxenBN1vJSTA18czM2D+h5qyMBuMrD+9uB+mU37HIoKGRA=="],
+    "react-router": ["react-router@7.9.3", "", { "dependencies": { "cookie": "^1.0.1", "set-cookie-parser": "^2.6.0" }, "peerDependencies": { "react": ">=18", "react-dom": ">=18" }, "optionalPeers": ["react-dom"] }, "sha512-4o2iWCFIwhI/eYAIL43+cjORXYn/aRQPgtFRRZb3VzoyQ5Uej0Bmqj7437L97N9NJW4wnicSwLOLS+yCXfAPgg=="],
 
     "react-style-singleton": ["react-style-singleton@2.2.3", "", { "dependencies": { "get-nonce": "^1.0.0", "tslib": "^2.0.0" }, "peerDependencies": { "@types/react": "*", "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react"] }, "sha512-b6jSvxvVnyptAiLjbkWLE/lOnR4lfTtDAl+eUC7RZy+QQWc6wRzIV2CE6xBuMmDxc2qIihtDCZD5NPOFl7fRBQ=="],
 
@@ -816,11 +811,11 @@
 
     "reusify": ["reusify@1.1.0", "", {}, "sha512-g6QUff04oZpHs0eG5p83rFLhHeV00ug/Yf9nZM6fLeUrPguBTkTQOdpAWWspMh55TZfVQDPaN3NQJfbVRAxdIw=="],
 
-    "rollup": ["rollup@4.40.2", "", { "dependencies": { "@types/estree": "1.0.7" }, "optionalDependencies": { "@rollup/rollup-android-arm-eabi": "4.40.2", "@rollup/rollup-android-arm64": "4.40.2", "@rollup/rollup-darwin-arm64": "4.40.2", "@rollup/rollup-darwin-x64": "4.40.2", "@rollup/rollup-freebsd-arm64": "4.40.2", "@rollup/rollup-freebsd-x64": "4.40.2", "@rollup/rollup-linux-arm-gnueabihf": "4.40.2", "@rollup/rollup-linux-arm-musleabihf": "4.40.2", "@rollup/rollup-linux-arm64-gnu": "4.40.2", "@rollup/rollup-linux-arm64-musl": "4.40.2", "@rollup/rollup-linux-loongarch64-gnu": "4.40.2", "@rollup/rollup-linux-powerpc64le-gnu": "4.40.2", "@rollup/rollup-linux-riscv64-gnu": "4.40.2", "@rollup/rollup-linux-riscv64-musl": "4.40.2", "@rollup/rollup-linux-s390x-gnu": "4.40.2", "@rollup/rollup-linux-x64-gnu": "4.40.2", "@rollup/rollup-linux-x64-musl": "4.40.2", "@rollup/rollup-win32-arm64-msvc": "4.40.2", "@rollup/rollup-win32-ia32-msvc": "4.40.2", "@rollup/rollup-win32-x64-msvc": "4.40.2", "fsevents": "~2.3.2" }, "bin": { "rollup": "dist/bin/rollup" } }, "sha512-tfUOg6DTP4rhQ3VjOO6B4wyrJnGOX85requAXvqYTHsOgb2TFJdZ3aWpT8W2kPoypSGP7dZUyzxJ9ee4buM5Fg=="],
+    "rollup": ["rollup@4.46.2", "", { "dependencies": { "@types/estree": "1.0.8" }, "optionalDependencies": { "@rollup/rollup-android-arm-eabi": "4.46.2", "@rollup/rollup-android-arm64": "4.46.2", "@rollup/rollup-darwin-arm64": "4.46.2", "@rollup/rollup-darwin-x64": "4.46.2", "@rollup/rollup-freebsd-arm64": "4.46.2", "@rollup/rollup-freebsd-x64": "4.46.2", "@rollup/rollup-linux-arm-gnueabihf": "4.46.2", "@rollup/rollup-linux-arm-musleabihf": "4.46.2", "@rollup/rollup-linux-arm64-gnu": "4.46.2", "@rollup/rollup-linux-arm64-musl": "4.46.2", "@rollup/rollup-linux-loongarch64-gnu": "4.46.2", "@rollup/rollup-linux-ppc64-gnu": "4.46.2", "@rollup/rollup-linux-riscv64-gnu": "4.46.2", "@rollup/rollup-linux-riscv64-musl": "4.46.2", "@rollup/rollup-linux-s390x-gnu": "4.46.2", "@rollup/rollup-linux-x64-gnu": "4.46.2", "@rollup/rollup-linux-x64-musl": "4.46.2", "@rollup/rollup-win32-arm64-msvc": "4.46.2", "@rollup/rollup-win32-ia32-msvc": "4.46.2", "@rollup/rollup-win32-x64-msvc": "4.46.2", "fsevents": "~2.3.2" }, "bin": { "rollup": "dist/bin/rollup" } }, "sha512-WMmLFI+Boh6xbop+OAGo9cQ3OgX9MIg7xOQjn+pTCwOkk+FNDAeAemXkJ3HzDJrVXleLOFVa1ipuc1AmEx1Dwg=="],
 
     "run-parallel": ["run-parallel@1.2.0", "", { "dependencies": { "queue-microtask": "^1.2.2" } }, "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA=="],
 
-    "scheduler": ["scheduler@0.26.0", "", {}, "sha512-NlHwttCI/l5gCPR3D1nNXtWABUmBwvZpEQiD4IXSbIDq8BzLIK/7Ir5gTFSGZDUu37K5cMNp0hFtzO38sC7gWA=="],
+    "scheduler": ["scheduler@0.27.0", "", {}, "sha512-eNv+WrVbKu1f3vbYJT/xtiF5syA5HPIMtf9IgY/nKg0sWqzAUEvqY/xm7OcZc/qafLx/iO9FgOmeSAp4v5ti/Q=="],
 
     "semver": ["semver@6.3.1", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA=="],
 
@@ -830,7 +825,7 @@
 
     "shebang-regex": ["shebang-regex@3.0.0", "", {}, "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A=="],
 
-    "sonner": ["sonner@2.0.6", "", { "peerDependencies": { "react": "^18.0.0 || ^19.0.0 || ^19.0.0-rc", "react-dom": "^18.0.0 || ^19.0.0 || ^19.0.0-rc" } }, "sha512-yHFhk8T/DK3YxjFQXIrcHT1rGEeTLliVzWbO0xN8GberVun2RiBnxAjXAYpZrqwEVHBG9asI/Li8TAAhN9m59Q=="],
+    "sonner": ["sonner@2.0.7", "", { "peerDependencies": { "react": "^18.0.0 || ^19.0.0 || ^19.0.0-rc", "react-dom": "^18.0.0 || ^19.0.0 || ^19.0.0-rc" } }, "sha512-W6ZN4p58k8aDKA4XPcx2hpIQXBRAgyiWVkYhT7CvK6D3iAu7xjvVyhQHg2/iaKJZ1XVJ4r7XuwGL+WGEK37i9w=="],
 
     "source-map-js": ["source-map-js@1.2.1", "", {}, "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA=="],
 
@@ -848,13 +843,13 @@
 
     "tailwind-merge": ["tailwind-merge@3.3.1", "", {}, "sha512-gBXpgUm/3rp1lMZZrM/w7D8GKqshif0zAymAhbCyIt8KMe+0v9DQ7cdYLR4FHH/cKpdTXb+A/tKKU3eolfsI+g=="],
 
-    "tailwindcss": ["tailwindcss@4.1.11", "", {}, "sha512-2E9TBm6MDD/xKYe+dvJZAmg3yxIEDNRc0jwlNyDg/4Fil2QcSLjFKGVff0lAf1jjeaArlG/M75Ey/EYr/OJtBA=="],
+    "tailwindcss": ["tailwindcss@4.1.14", "", {}, "sha512-b7pCxjGO98LnxVkKjaZSDeNuljC4ueKUddjENJOADtubtdo8llTaJy7HwBMeLNSSo2N5QIAgklslK1+Ir8r6CA=="],
 
     "tapable": ["tapable@2.2.1", "", {}, "sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ=="],
 
-    "tar": ["tar@7.4.3", "", { "dependencies": { "@isaacs/fs-minipass": "^4.0.0", "chownr": "^3.0.0", "minipass": "^7.1.2", "minizlib": "^3.0.1", "mkdirp": "^3.0.1", "yallist": "^5.0.0" } }, "sha512-5S7Va8hKfV7W5U6g3aYxXmlPoZVAwUMy9AOKyF2fVuZa2UD3qZjg578OrLRt8PcNN1PleVaL/5/yYATNL0ICUw=="],
+    "tar": ["tar@7.5.1", "", { "dependencies": { "@isaacs/fs-minipass": "^4.0.0", "chownr": "^3.0.0", "minipass": "^7.1.2", "minizlib": "^3.1.0", "yallist": "^5.0.0" } }, "sha512-nlGpxf+hv0v7GkWBK2V9spgactGOp0qvfWRxUMjqHyzrt3SgwE48DIv/FhqPHJYLHpgW1opq3nERbz5Anq7n1g=="],
 
-    "tinyglobby": ["tinyglobby@0.2.14", "", { "dependencies": { "fdir": "^6.4.4", "picomatch": "^4.0.2" } }, "sha512-tX5e7OM1HnYr2+a2C/4V0htOcSQcoSTH9KgJnVvNm5zm/cyEWKJ7j7YutsH9CxMdtOkkLFy2AHrMci9IM8IPZQ=="],
+    "tinyglobby": ["tinyglobby@0.2.15", "", { "dependencies": { "fdir": "^6.5.0", "picomatch": "^4.0.3" } }, "sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ=="],
 
     "to-regex-range": ["to-regex-range@5.0.1", "", { "dependencies": { "is-number": "^7.0.0" } }, "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ=="],
 
@@ -866,15 +861,15 @@
 
     "tslib": ["tslib@2.8.1", "", {}, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],
 
-    "tw-animate-css": ["tw-animate-css@1.3.5", "", {}, "sha512-t3u+0YNoloIhj1mMXs779P6MO9q3p3mvGn4k1n3nJPqJw/glZcuijG2qTSN4z4mgNRfW5ZC3aXJFLwDtiipZXA=="],
+    "tw-animate-css": ["tw-animate-css@1.4.0", "", {}, "sha512-7bziOlRqH0hJx80h/3mbicLW7o8qLsH5+RaLR2t+OHM3D0JlWGODQKQ4cxbK7WlvmUxpcj6Kgu6EKqjrGFe3QQ=="],
 
     "type-check": ["type-check@0.4.0", "", { "dependencies": { "prelude-ls": "^1.2.1" } }, "sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew=="],
 
-    "typescript": ["typescript@5.8.3", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-p1diW6TqL9L07nNxvRMM7hMMw4c5XOo/1ibL4aAIGmSAt9slTE1Xgw5KWuof2uTOvCg9BY7ZRi+GaF+7sfgPeQ=="],
+    "typescript": ["typescript@5.9.3", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw=="],
 
-    "typescript-eslint": ["typescript-eslint@8.37.0", "", { "dependencies": { "@typescript-eslint/eslint-plugin": "8.37.0", "@typescript-eslint/parser": "8.37.0", "@typescript-eslint/typescript-estree": "8.37.0", "@typescript-eslint/utils": "8.37.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <5.9.0" } }, "sha512-TnbEjzkE9EmcO0Q2zM+GE8NQLItNAJpMmED1BdgoBMYNdqMhzlbqfdSwiRlAzEK2pA9UzVW0gzaaIzXWg2BjfA=="],
+    "typescript-eslint": ["typescript-eslint@8.45.0", "", { "dependencies": { "@typescript-eslint/eslint-plugin": "8.45.0", "@typescript-eslint/parser": "8.45.0", "@typescript-eslint/typescript-estree": "8.45.0", "@typescript-eslint/utils": "8.45.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "sha512-qzDmZw/Z5beNLUrXfd0HIW6MzIaAV5WNDxmMs9/3ojGOpYavofgNAAD/nC6tGV2PczIi0iw8vot2eAe/sBn7zg=="],
 
-    "undici-types": ["undici-types@7.8.0", "", {}, "sha512-9UJ2xGDvQ43tYyVMpuHlsgApydB8ZKfVYTsLDhXkFL/6gfkp+U8xTGdh8pMJv1SpZna0zxG1DwsKZsreLbXBxw=="],
+    "undici-types": ["undici-types@7.13.0", "", {}, "sha512-Ov2Rr9Sx+fRgagJ5AX0qvItZG/JKKoBRAVITs1zk7IqZGTJUwgUr7qoYBpWwakpWilTZFM98rG/AFRocu10iIQ=="],
 
     "unified": ["unified@11.0.5", "", { "dependencies": { "@types/unist": "^3.0.0", "bail": "^2.0.0", "devlop": "^1.0.0", "extend": "^3.0.0", "is-plain-obj": "^4.0.0", "trough": "^2.0.0", "vfile": "^6.0.0" } }, "sha512-xKvGhPWw3k84Qjh8bI3ZeJjqnyadK+GEFtazSfZv/rKeTkTjOJho6mFqh2SM96iIcZokxiOpg78GazTSg8+KHA=="],
 
@@ -900,7 +895,7 @@
 
     "vfile-message": ["vfile-message@4.0.2", "", { "dependencies": { "@types/unist": "^3.0.0", "unist-util-stringify-position": "^4.0.0" } }, "sha512-jRDZ1IMLttGj41KcZvlrYAaI3CfqpLpfpf+Mfig13viT6NKvRzWZ+lXz0Y5D60w6uJIBAOGq9mSHf0gktF0duw=="],
 
-    "vite": ["vite@7.0.4", "", { "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.4.6", "picomatch": "^4.0.2", "postcss": "^8.5.6", "rollup": "^4.40.0", "tinyglobby": "^0.2.14" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "jiti": ">=1.21.0", "less": "^4.0.0", "lightningcss": "^1.21.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-SkaSguuS7nnmV7mfJ8l81JGBFV7Gvzp8IzgE8A8t23+AxuNX61Q5H1Tpz5efduSN7NHC8nQXD3sKQKZAu5mNEA=="],
+    "vite": ["vite@7.1.8", "", { "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.5.0", "picomatch": "^4.0.3", "postcss": "^8.5.6", "rollup": "^4.43.0", "tinyglobby": "^0.2.15" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "jiti": ">=1.21.0", "less": "^4.0.0", "lightningcss": "^1.21.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-oBXvfSHEOL8jF+R9Am7h59Up07kVVGH1NrFGFoEG6bPDZP3tGpQhvkBpy5x7U6+E6wZCu9OihsWgJqDbQIm8LQ=="],
 
     "void-elements": ["void-elements@3.1.0", "", {}, "sha512-Dhxzh5HZuiHQhbvTW9AMetFfBHDMYpo23Uo9btPXgdYP+3T5S+p+jgNy7spra+veYhBP2dCSgxR/i2Y02h5/6w=="],
 
@@ -912,39 +907,47 @@
 
     "yocto-queue": ["yocto-queue@0.1.0", "", {}, "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q=="],
 
-    "zod": ["zod@4.0.5", "", {}, "sha512-/5UuuRPStvHXu7RS+gmvRf4NXrNxpSllGwDnCBcJZtQsKrviYXm54yDGV2KYNLT5kq0lHGcl7lqWJLgSaG+tgA=="],
+    "zod": ["zod@4.1.11", "", {}, "sha512-WPsqwxITS2tzx1bzhIKsEs19ABD5vmCVa4xBo2tq/SrV4RNZtfws1EnCWQXM6yh8bD08a1idvkB5MZSBiZsjwg=="],
 
     "zwitch": ["zwitch@2.0.4", "", {}, "sha512-bXE4cR/kVZhKZX/RjPEflHaKVhUVl85noU3v6b8apfQEc1x4A+zBxjZ4lN8LqGd6WZ3dl98pY4o717VFmoPp+A=="],
 
+    "@babel/generator/@babel/parser": ["@babel/parser@7.28.3", "", { "dependencies": { "@babel/types": "^7.28.2" }, "bin": "./bin/babel-parser.js" }, "sha512-7+Ey1mAgYqFAx2h0RuoxcQT5+MlG3GTV0TQrgr7/ZliKsm/MNDxVVutlWaziMq7wJNAz8MTqz55XLpWvva6StA=="],
+
+    "@babel/generator/@babel/types": ["@babel/types@7.28.2", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-ruv7Ae4J5dUYULmeXw1gmb7rYRz57OWCPM57pHojnLq/3Z1CK2lNSLTCVjxVk1F/TZHwOZZrOWi0ur95BbLxNQ=="],
+
     "@babel/helper-module-imports/@babel/traverse": ["@babel/traverse@7.27.1", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.27.1", "@babel/parser": "^7.27.1", "@babel/template": "^7.27.1", "@babel/types": "^7.27.1", "debug": "^4.3.1", "globals": "^11.1.0" } }, "sha512-ZCYtZciz1IWJB4U61UPu4KEaqyfj+r5T1Q5mqPo+IBpcG9kHv30Z0aD8LXPgC1trYa6rK0orRyAhqUgk4MjmEg=="],
 
     "@babel/helper-module-imports/@babel/types": ["@babel/types@7.27.1", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-+EzkxvLNfiUeKMgy/3luqfsCWFRXLb7U6wNQTk60tovuckwB15B191tJWvpp4HjiQWdJkCxO3Wbvc6jlk3Xb2Q=="],
 
+    "@babel/helper-module-transforms/@babel/traverse": ["@babel/traverse@7.28.3", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.3", "@babel/helper-globals": "^7.28.0", "@babel/parser": "^7.28.3", "@babel/template": "^7.27.2", "@babel/types": "^7.28.2", "debug": "^4.3.1" } }, "sha512-7w4kZYHneL3A6NP2nxzHvT3HCZ7puDZZjFMqDpBPECub79sTtSO5CGXDkKrTQq8ksAwfD/XI2MRFX23njdDaIQ=="],
+
     "@babel/template/@babel/parser": ["@babel/parser@7.27.2", "", { "dependencies": { "@babel/types": "^7.27.1" }, "bin": "./bin/babel-parser.js" }, "sha512-QYLs8299NA7WM/bZAdp+CviYYkVoYXlDW2rzliy3chxd1PQjej7JORuMJDJXJUb9g0TT+B99EwaVLKmX+sPXWw=="],
 
     "@babel/template/@babel/types": ["@babel/types@7.27.1", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-+EzkxvLNfiUeKMgy/3luqfsCWFRXLb7U6wNQTk60tovuckwB15B191tJWvpp4HjiQWdJkCxO3Wbvc6jlk3Xb2Q=="],
 
-    "@babel/traverse/globals": ["globals@11.12.0", "", {}, "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA=="],
-
     "@eslint-community/eslint-utils/eslint-visitor-keys": ["eslint-visitor-keys@3.4.3", "", {}, "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag=="],
 
     "@eslint/eslintrc/espree": ["espree@10.3.0", "", { "dependencies": { "acorn": "^8.14.0", "acorn-jsx": "^5.3.2", "eslint-visitor-keys": "^4.2.0" } }, "sha512-0QYC8b24HWY8zjRnDTL6RiHfDbAWn63qb4LMj1Z4b076A4une81+z03Kg7l7mn/48PUTqoLptSXez8oknU8Clg=="],
 
     "@eslint/eslintrc/globals": ["globals@14.0.0", "", {}, "sha512-oahGvuMGQlPw/ivIYBjVSrWAfWLBeku5tpPE2fOPLi+WHffIWbuh2tCjhyQhTBPMf5E9jDEH4FOmTYgYwbKwtQ=="],
 
-    "@eslint/plugin-kit/@eslint/core": ["@eslint/core@0.14.0", "", { "dependencies": { "@types/json-schema": "^7.0.15" } }, "sha512-qIbV0/JZr7iSDjqAc60IqbLdsj9GDt16xQtWD+B78d/HAlvysGdZZ6rpJHGAc2T0FQx1X6thsSPdnoiGKdNtdg=="],
-
     "@humanfs/node/@humanwhocodes/retry": ["@humanwhocodes/retry@0.3.1", "", {}, "sha512-JBxkERygn7Bv/GbN5Rv8Ul6LVknS+5Bp6RgDC/O8gEBU/yeH5Ui5C/OlWrTb6qct7LjjfT6Re2NxB0ln0yYybA=="],
 
-    "@tailwindcss/oxide-wasm32-wasi/@emnapi/core": ["@emnapi/core@1.4.3", "", { "dependencies": { "@emnapi/wasi-threads": "1.0.2", "tslib": "^2.4.0" }, "bundled": true }, "sha512-4m62DuCE07lw01soJwPiBGC0nAww0Q+RY70VZ+n49yDIO13yyinhbWCeNnaob0lakDtWQzSdtNWzJeOJt2ma+g=="],
+    "@jridgewell/gen-mapping/@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],
 
-    "@tailwindcss/oxide-wasm32-wasi/@emnapi/runtime": ["@emnapi/runtime@1.4.3", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-pBPWdu6MLKROBX05wSNKcNb++m5Er+KQ9QkB+WVM+pW2Kx9hoSrVTnu3BdkI5eBLZoKu/J6mW/B6i6bJB2ytXQ=="],
+    "@jridgewell/trace-mapping/@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],
 
-    "@tailwindcss/oxide-wasm32-wasi/@emnapi/wasi-threads": ["@emnapi/wasi-threads@1.0.2", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-5n3nTJblwRi8LlXkJ9eBzu+kZR8Yxcc7ubakyQTFzPMtIhFpUBRbsnc2Dv88IZDIbCDlBiWrknhB4Lsz7mg6BA=="],
+    "@tailwindcss/node/jiti": ["jiti@2.6.1", "", { "bin": { "jiti": "lib/jiti-cli.mjs" } }, "sha512-ekilCSN1jwRvIbgeg/57YFh8qQDNbwDb9xT/qu2DAHbFFZUicIl4ygVaAvzveMhMVr3LnpSKTNnwt8PoOfmKhQ=="],
 
-    "@tailwindcss/oxide-wasm32-wasi/@napi-rs/wasm-runtime": ["@napi-rs/wasm-runtime@0.2.11", "", { "dependencies": { "@emnapi/core": "^1.4.3", "@emnapi/runtime": "^1.4.3", "@tybys/wasm-util": "^0.9.0" }, "bundled": true }, "sha512-9DPkXtvHydrcOsopiYpUgPHpmj0HWZKMUnL2dZqpvC42lsratuBG06V5ipyno0fUek5VlFsNQ+AcFATSrJXgMA=="],
+    "@tailwindcss/oxide-wasm32-wasi/@emnapi/core": ["@emnapi/core@1.5.0", "", { "dependencies": { "@emnapi/wasi-threads": "1.1.0", "tslib": "^2.4.0" }, "bundled": true }, "sha512-sbP8GzB1WDzacS8fgNPpHlp6C9VZe+SJP3F90W9rLemaQj2PzIuTEl1qDOYQf58YIpyjViI24y9aPWCjEzY2cg=="],
 
-    "@tailwindcss/oxide-wasm32-wasi/@tybys/wasm-util": ["@tybys/wasm-util@0.9.0", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-6+7nlbMVX/PVDCwaIQ8nTOPveOcFLSt8GcXdx8hD0bt39uWxYT88uXzqTd4fTvqta7oeUJqudepapKNt2DYJFw=="],
+    "@tailwindcss/oxide-wasm32-wasi/@emnapi/runtime": ["@emnapi/runtime@1.5.0", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-97/BJ3iXHww3djw6hYIfErCZFee7qCtrneuLa20UXFCOTCfBM2cvQHjWJ2EG0s0MtdNwInarqCTz35i4wWXHsQ=="],
+
+    "@tailwindcss/oxide-wasm32-wasi/@emnapi/wasi-threads": ["@emnapi/wasi-threads@1.1.0", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-WI0DdZ8xFSbgMjR1sFsKABJ/C5OnRrjT06JXbZKexJGrDuPTzZdDYfFlsgcCXCyf+suG5QU2e/y1Wo2V/OapLQ=="],
+
+    "@tailwindcss/oxide-wasm32-wasi/@napi-rs/wasm-runtime": ["@napi-rs/wasm-runtime@1.0.5", "", { "dependencies": { "@emnapi/core": "^1.5.0", "@emnapi/runtime": "^1.5.0", "@tybys/wasm-util": "^0.10.1" }, "bundled": true }, "sha512-TBr9Cf9onSAS2LQ2+QHx6XcC6h9+RIzJgbqG3++9TUZSH204AwEy5jg3BTQ0VATsyoGj4ee49tN/y6rvaOOtcg=="],
+
+    "@tailwindcss/oxide-wasm32-wasi/@tybys/wasm-util": ["@tybys/wasm-util@0.10.1", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-9tTaPJLSiejZKx+Bmog4uSubteqTvFrVrURwkmHixBo0G4seD0zUxp98E1DzUBJxLQ3NPwXrGKDiVjwx/DpPsg=="],
 
     "@tailwindcss/oxide-wasm32-wasi/tslib": ["tslib@2.8.1", "", { "bundled": true }, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],
 
@@ -960,36 +963,18 @@
 
     "@types/babel__traverse/@babel/types": ["@babel/types@7.27.1", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-+EzkxvLNfiUeKMgy/3luqfsCWFRXLb7U6wNQTk60tovuckwB15B191tJWvpp4HjiQWdJkCxO3Wbvc6jlk3Xb2Q=="],
 
-    "@typescript-eslint/eslint-plugin/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.37.0", "", { "dependencies": { "@typescript-eslint/types": "8.37.0", "@typescript-eslint/visitor-keys": "8.37.0" } }, "sha512-0vGq0yiU1gbjKob2q691ybTg9JX6ShiVXAAfm2jGf3q0hdP6/BruaFjL/ManAR/lj05AvYCH+5bbVo0VtzmjOA=="],
-
-    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils": ["@typescript-eslint/utils@8.37.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.37.0", "@typescript-eslint/types": "8.37.0", "@typescript-eslint/typescript-estree": "8.37.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <5.9.0" } }, "sha512-TSFvkIW6gGjN2p6zbXo20FzCABbyUAuq6tBvNRGsKdsSQ6a7rnV6ADfZ7f4iI3lIiXc4F4WWvtUfDw9CJ9pO5A=="],
+    "@types/estree-jsx/@types/estree": ["@types/estree@1.0.7", "", {}, "sha512-w28IoSUCJpidD/TGviZwwMJckNESJZXFu7NBZ5YJ4mEUnNraUn9Pm8HSZm/jDF1pDWYKspWE7oVphigUPRakIQ=="],
 
     "@typescript-eslint/eslint-plugin/ignore": ["ignore@7.0.4", "", {}, "sha512-gJzzk+PQNznz8ysRrC0aOkBNVRBDtE1n53IqyqEf3PXrYwomFs5q4pGMizBMJF+ykh03insJ27hB8gSrD2Hn8A=="],
 
-    "@typescript-eslint/parser/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.37.0", "", { "dependencies": { "@typescript-eslint/types": "8.37.0", "@typescript-eslint/visitor-keys": "8.37.0" } }, "sha512-0vGq0yiU1gbjKob2q691ybTg9JX6ShiVXAAfm2jGf3q0hdP6/BruaFjL/ManAR/lj05AvYCH+5bbVo0VtzmjOA=="],
-
-    "@typescript-eslint/parser/@typescript-eslint/types": ["@typescript-eslint/types@8.37.0", "", {}, "sha512-ax0nv7PUF9NOVPs+lmQ7yIE7IQmAf8LGcXbMvHX5Gm+YJUYNAl340XkGnrimxZ0elXyoQJuN5sbg6C4evKA4SQ=="],
-
-    "@typescript-eslint/project-service/@typescript-eslint/types": ["@typescript-eslint/types@8.37.0", "", {}, "sha512-ax0nv7PUF9NOVPs+lmQ7yIE7IQmAf8LGcXbMvHX5Gm+YJUYNAl340XkGnrimxZ0elXyoQJuN5sbg6C4evKA4SQ=="],
-
-    "@typescript-eslint/scope-manager/@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.34.1", "", { "dependencies": { "@typescript-eslint/types": "8.34.1", "eslint-visitor-keys": "^4.2.1" } }, "sha512-xoh5rJ+tgsRKoXnkBPFRLZ7rjKM0AfVbC68UZ/ECXoDbfggb9RbEySN359acY1vS3qZ0jVTVWzbtfapwm5ztxw=="],
-
-    "@typescript-eslint/type-utils/@typescript-eslint/types": ["@typescript-eslint/types@8.37.0", "", {}, "sha512-ax0nv7PUF9NOVPs+lmQ7yIE7IQmAf8LGcXbMvHX5Gm+YJUYNAl340XkGnrimxZ0elXyoQJuN5sbg6C4evKA4SQ=="],
-
-    "@typescript-eslint/type-utils/@typescript-eslint/utils": ["@typescript-eslint/utils@8.37.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.37.0", "@typescript-eslint/types": "8.37.0", "@typescript-eslint/typescript-estree": "8.37.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <5.9.0" } }, "sha512-TSFvkIW6gGjN2p6zbXo20FzCABbyUAuq6tBvNRGsKdsSQ6a7rnV6ADfZ7f4iI3lIiXc4F4WWvtUfDw9CJ9pO5A=="],
-
-    "@typescript-eslint/typescript-estree/@typescript-eslint/types": ["@typescript-eslint/types@8.37.0", "", {}, "sha512-ax0nv7PUF9NOVPs+lmQ7yIE7IQmAf8LGcXbMvHX5Gm+YJUYNAl340XkGnrimxZ0elXyoQJuN5sbg6C4evKA4SQ=="],
-
     "@typescript-eslint/typescript-estree/minimatch": ["minimatch@9.0.5", "", { "dependencies": { "brace-expansion": "^2.0.1" } }, "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow=="],
 
     "@typescript-eslint/typescript-estree/semver": ["semver@7.7.1", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA=="],
 
-    "@typescript-eslint/utils/@typescript-eslint/typescript-estree": ["@typescript-eslint/typescript-estree@8.34.1", "", { "dependencies": { "@typescript-eslint/project-service": "8.34.1", "@typescript-eslint/tsconfig-utils": "8.34.1", "@typescript-eslint/types": "8.34.1", "@typescript-eslint/visitor-keys": "8.34.1", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", "ts-api-utils": "^2.1.0" }, "peerDependencies": { "typescript": ">=4.8.4 <5.9.0" } }, "sha512-rjCNqqYPuMUF5ODD+hWBNmOitjBWghkGKJg6hiCHzUvXRy6rK22Jd3rwbP2Xi+R7oYVvIKhokHVhH41BxPV5mA=="],
-
-    "@typescript-eslint/visitor-keys/@typescript-eslint/types": ["@typescript-eslint/types@8.37.0", "", {}, "sha512-ax0nv7PUF9NOVPs+lmQ7yIE7IQmAf8LGcXbMvHX5Gm+YJUYNAl340XkGnrimxZ0elXyoQJuN5sbg6C4evKA4SQ=="],
-
     "fast-glob/glob-parent": ["glob-parent@5.1.2", "", { "dependencies": { "is-glob": "^4.0.1" } }, "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow=="],
 
+    "hast-util-to-jsx-runtime/@types/estree": ["@types/estree@1.0.7", "", {}, "sha512-w28IoSUCJpidD/TGviZwwMJckNESJZXFu7NBZ5YJ4mEUnNraUn9Pm8HSZm/jDF1pDWYKspWE7oVphigUPRakIQ=="],
+
     "i18next-browser-languagedetector/@babel/runtime": ["@babel/runtime@7.27.1", "", {}, "sha512-1x3D2xEk2fRo3PAhwQwu5UubzgiVWSXTBfWpVd2Mx2AzRqJuDJCsgaDVZ7HB5iGzDW1Hl1sWN2mFyKjmR9uAog=="],
 
     "i18next-resources-to-backend/@babel/runtime": ["@babel/runtime@7.27.1", "", {}, "sha512-1x3D2xEk2fRo3PAhwQwu5UubzgiVWSXTBfWpVd2Mx2AzRqJuDJCsgaDVZ7HB5iGzDW1Hl1sWN2mFyKjmR9uAog=="],
@@ -1000,52 +985,28 @@
 
     "parse-entities/@types/unist": ["@types/unist@2.0.11", "", {}, "sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA=="],
 
-    "typescript-eslint/@typescript-eslint/utils": ["@typescript-eslint/utils@8.37.0", "", { "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", "@typescript-eslint/scope-manager": "8.37.0", "@typescript-eslint/types": "8.37.0", "@typescript-eslint/typescript-estree": "8.37.0" }, "peerDependencies": { "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <5.9.0" } }, "sha512-TSFvkIW6gGjN2p6zbXo20FzCABbyUAuq6tBvNRGsKdsSQ6a7rnV6ADfZ7f4iI3lIiXc4F4WWvtUfDw9CJ9pO5A=="],
-
     "@babel/helper-module-imports/@babel/traverse/@babel/generator": ["@babel/generator@7.27.1", "", { "dependencies": { "@babel/parser": "^7.27.1", "@babel/types": "^7.27.1", "@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/trace-mapping": "^0.3.25", "jsesc": "^3.0.2" } }, "sha512-UnJfnIpc/+JO0/+KRVQNGU+y5taA5vCbwN8+azkX6beii/ZF+enZJSOKo11ZSzGJjlNfJHfQtmQT8H+9TXPG2w=="],
 
     "@babel/helper-module-imports/@babel/traverse/@babel/parser": ["@babel/parser@7.27.2", "", { "dependencies": { "@babel/types": "^7.27.1" }, "bin": "./bin/babel-parser.js" }, "sha512-QYLs8299NA7WM/bZAdp+CviYYkVoYXlDW2rzliy3chxd1PQjej7JORuMJDJXJUb9g0TT+B99EwaVLKmX+sPXWw=="],
 
     "@babel/helper-module-imports/@babel/traverse/globals": ["globals@11.12.0", "", {}, "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA=="],
 
+    "@babel/helper-module-transforms/@babel/traverse/@babel/parser": ["@babel/parser@7.28.3", "", { "dependencies": { "@babel/types": "^7.28.2" }, "bin": "./bin/babel-parser.js" }, "sha512-7+Ey1mAgYqFAx2h0RuoxcQT5+MlG3GTV0TQrgr7/ZliKsm/MNDxVVutlWaziMq7wJNAz8MTqz55XLpWvva6StA=="],
+
+    "@babel/helper-module-transforms/@babel/traverse/@babel/types": ["@babel/types@7.28.2", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-ruv7Ae4J5dUYULmeXw1gmb7rYRz57OWCPM57pHojnLq/3Z1CK2lNSLTCVjxVk1F/TZHwOZZrOWi0ur95BbLxNQ=="],
+
     "@eslint/eslintrc/espree/acorn": ["acorn@8.14.1", "", { "bin": { "acorn": "bin/acorn" } }, "sha512-OvQ/2pUDKmgfCg++xsTX1wGxfTaszcHVcTctW4UJB4hibJx2HXxxO5UmVgyjMa+ZDsiaf5wWLXYpRWMmBI0QHg=="],
 
     "@eslint/eslintrc/espree/eslint-visitor-keys": ["eslint-visitor-keys@4.2.0", "", {}, "sha512-UyLnSehNt62FFhSwjZlHmeokpRK59rcz29j+F1/aDgbkbRTk7wIc9XzdoasMUbRNKDM0qQt/+BJ4BrpFeABemw=="],
 
-    "@tailwindcss/oxide-wasm32-wasi/@emnapi/core/@emnapi/wasi-threads": ["@emnapi/wasi-threads@1.0.2", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-5n3nTJblwRi8LlXkJ9eBzu+kZR8Yxcc7ubakyQTFzPMtIhFpUBRbsnc2Dv88IZDIbCDlBiWrknhB4Lsz7mg6BA=="],
-
-    "@tailwindcss/oxide-wasm32-wasi/@emnapi/core/tslib": ["tslib@2.8.1", "", { "bundled": true }, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],
-
-    "@tailwindcss/oxide-wasm32-wasi/@emnapi/runtime/tslib": ["tslib@2.8.1", "", { "bundled": true }, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],
-
-    "@tailwindcss/oxide-wasm32-wasi/@emnapi/wasi-threads/tslib": ["tslib@2.8.1", "", { "bundled": true }, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],
-
-    "@tailwindcss/oxide-wasm32-wasi/@tybys/wasm-util/tslib": ["tslib@2.8.1", "", { "bundled": true }, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],
-
-    "@typescript-eslint/eslint-plugin/@typescript-eslint/scope-manager/@typescript-eslint/types": ["@typescript-eslint/types@8.37.0", "", {}, "sha512-ax0nv7PUF9NOVPs+lmQ7yIE7IQmAf8LGcXbMvHX5Gm+YJUYNAl340XkGnrimxZ0elXyoQJuN5sbg6C4evKA4SQ=="],
-
-    "@typescript-eslint/eslint-plugin/@typescript-eslint/utils/@typescript-eslint/types": ["@typescript-eslint/types@8.37.0", "", {}, "sha512-ax0nv7PUF9NOVPs+lmQ7yIE7IQmAf8LGcXbMvHX5Gm+YJUYNAl340XkGnrimxZ0elXyoQJuN5sbg6C4evKA4SQ=="],
-
-    "@typescript-eslint/type-utils/@typescript-eslint/utils/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.37.0", "", { "dependencies": { "@typescript-eslint/types": "8.37.0", "@typescript-eslint/visitor-keys": "8.37.0" } }, "sha512-0vGq0yiU1gbjKob2q691ybTg9JX6ShiVXAAfm2jGf3q0hdP6/BruaFjL/ManAR/lj05AvYCH+5bbVo0VtzmjOA=="],
-
     "@typescript-eslint/typescript-estree/minimatch/brace-expansion": ["brace-expansion@2.0.1", "", { "dependencies": { "balanced-match": "^1.0.0" } }, "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA=="],
 
-    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/@typescript-eslint/project-service": ["@typescript-eslint/project-service@8.34.1", "", { "dependencies": { "@typescript-eslint/tsconfig-utils": "^8.34.1", "@typescript-eslint/types": "^8.34.1", "debug": "^4.3.4" }, "peerDependencies": { "typescript": ">=4.8.4 <5.9.0" } }, "sha512-nuHlOmFZfuRwLJKDGQOVc0xnQrAmuq1Mj/ISou5044y1ajGNp2BNliIqp7F2LPQ5sForz8lempMFCovfeS1XoA=="],
+    "@babel/helper-module-imports/@babel/traverse/@babel/generator/@jridgewell/gen-mapping": ["@jridgewell/gen-mapping@0.3.8", "", { "dependencies": { "@jridgewell/set-array": "^1.2.1", "@jridgewell/sourcemap-codec": "^1.4.10", "@jridgewell/trace-mapping": "^0.3.24" } }, "sha512-imAbBGkb+ebQyxKgzv5Hu2nmROxoDOXHh80evxdoXNOrvAnVx7zimzc1Oo5h9RlfV4vPXaE2iM5pOFbvOCClWA=="],
 
-    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/@typescript-eslint/tsconfig-utils": ["@typescript-eslint/tsconfig-utils@8.34.1", "", { "peerDependencies": { "typescript": ">=4.8.4 <5.9.0" } }, "sha512-K4Sjdo4/xF9NEeA2khOb7Y5nY6NSXBnod87uniVYW9kHP+hNlDV8trUSFeynA2uxWam4gIWgWoygPrv9VMWrYg=="],
+    "@babel/helper-module-imports/@babel/traverse/@babel/generator/@jridgewell/trace-mapping": ["@jridgewell/trace-mapping@0.3.25", "", { "dependencies": { "@jridgewell/resolve-uri": "^3.1.0", "@jridgewell/sourcemap-codec": "^1.4.14" } }, "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ=="],
 
-    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.34.1", "", { "dependencies": { "@typescript-eslint/types": "8.34.1", "eslint-visitor-keys": "^4.2.1" } }, "sha512-xoh5rJ+tgsRKoXnkBPFRLZ7rjKM0AfVbC68UZ/ECXoDbfggb9RbEySN359acY1vS3qZ0jVTVWzbtfapwm5ztxw=="],
+    "@babel/helper-module-imports/@babel/traverse/@babel/generator/@jridgewell/gen-mapping/@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],
 
-    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/minimatch": ["minimatch@9.0.5", "", { "dependencies": { "brace-expansion": "^2.0.1" } }, "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow=="],
-
-    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/semver": ["semver@7.7.1", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA=="],
-
-    "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/scope-manager": ["@typescript-eslint/scope-manager@8.37.0", "", { "dependencies": { "@typescript-eslint/types": "8.37.0", "@typescript-eslint/visitor-keys": "8.37.0" } }, "sha512-0vGq0yiU1gbjKob2q691ybTg9JX6ShiVXAAfm2jGf3q0hdP6/BruaFjL/ManAR/lj05AvYCH+5bbVo0VtzmjOA=="],
-
-    "typescript-eslint/@typescript-eslint/utils/@typescript-eslint/types": ["@typescript-eslint/types@8.37.0", "", {}, "sha512-ax0nv7PUF9NOVPs+lmQ7yIE7IQmAf8LGcXbMvHX5Gm+YJUYNAl340XkGnrimxZ0elXyoQJuN5sbg6C4evKA4SQ=="],
-
-    "@tailwindcss/oxide-wasm32-wasi/@emnapi/core/@emnapi/wasi-threads/tslib": ["tslib@2.8.1", "", { "bundled": true }, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],
-
-    "@typescript-eslint/utils/@typescript-eslint/typescript-estree/minimatch/brace-expansion": ["brace-expansion@2.0.1", "", { "dependencies": { "balanced-match": "^1.0.0" } }, "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA=="],
+    "@babel/helper-module-imports/@babel/traverse/@babel/generator/@jridgewell/trace-mapping/@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.0", "", {}, "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="],
   }
 }

frontend/index.html

@@ -8,6 +8,7 @@
     <link rel="shortcut icon" href="/favicon.ico" />
     <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
     <meta name="apple-mobile-web-app-title" content="Tinyauth" />
+    <meta name="robots" content="none" />
     <link rel="manifest" href="/site.webmanifest" />
     <title>Tinyauth</title>
   </head>

frontend/package.json

@@ -10,49 +10,48 @@
     "preview": "vite preview"
   },
   "dependencies": {
-    "@hookform/resolvers": "^5.1.1",
+    "@hookform/resolvers": "^5.2.2",
     "@radix-ui/react-label": "^2.1.7",
-    "@radix-ui/react-select": "^2.2.5",
+    "@radix-ui/react-select": "^2.2.6",
     "@radix-ui/react-separator": "^1.1.7",
     "@radix-ui/react-slot": "^1.2.3",
-    "@tailwindcss/vite": "^4.1.11",
-    "@tanstack/react-query": "^5.83.0",
-    "axios": "^1.10.0",
+    "@tailwindcss/vite": "^4.1.14",
+    "@tanstack/react-query": "^5.90.2",
+    "axios": "^1.12.2",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
-    "dompurify": "^3.2.6",
-    "i18next": "^25.3.2",
+    "i18next": "^25.5.3",
     "i18next-browser-languagedetector": "^8.2.0",
     "i18next-resources-to-backend": "^1.2.1",
     "input-otp": "^1.4.2",
-    "lucide-react": "^0.525.0",
+    "lucide-react": "^0.544.0",
     "next-themes": "^0.4.6",
-    "react": "^19.0.0",
-    "react-dom": "^19.0.0",
-    "react-hook-form": "^7.60.0",
-    "react-i18next": "^15.6.0",
+    "react": "^19.2.0",
+    "react-dom": "^19.2.0",
+    "react-hook-form": "^7.63.0",
+    "react-i18next": "^15.7.3",
     "react-markdown": "^10.1.0",
-    "react-router": "^7.6.3",
-    "sonner": "^2.0.6",
+    "react-router": "^7.9.3",
+    "sonner": "^2.0.7",
     "tailwind-merge": "^3.3.1",
-    "tailwindcss": "^4.1.11",
-    "zod": "^4.0.5"
+    "tailwindcss": "^4.1.14",
+    "zod": "^4.1.11"
   },
   "devDependencies": {
-    "@eslint/js": "^9.31.0",
-    "@tanstack/eslint-plugin-query": "^5.81.2",
-    "@types/node": "^24.0.14",
-    "@types/react": "^19.1.8",
-    "@types/react-dom": "^19.1.6",
-    "@vitejs/plugin-react": "^4.6.0",
-    "eslint": "^9.31.0",
+    "@eslint/js": "^9.36.0",
+    "@tanstack/eslint-plugin-query": "^5.91.0",
+    "@types/node": "^24.6.2",
+    "@types/react": "^19.2.0",
+    "@types/react-dom": "^19.2.0",
+    "@vitejs/plugin-react": "^5.0.4",
+    "eslint": "^9.36.0",
     "eslint-plugin-react-hooks": "^5.2.0",
-    "eslint-plugin-react-refresh": "^0.4.19",
-    "globals": "^16.3.0",
+    "eslint-plugin-react-refresh": "^0.4.23",
+    "globals": "^16.4.0",
     "prettier": "3.6.2",
-    "tw-animate-css": "^1.3.5",
-    "typescript": "~5.8.3",
-    "typescript-eslint": "^8.37.0",
-    "vite": "^7.0.4"
+    "tw-animate-css": "^1.4.0",
+    "typescript": "~5.9.3",
+    "typescript-eslint": "^8.45.0",
+    "vite": "^7.1.8"
   }
 }

frontend/src/App.tsx

@@ -5,8 +5,8 @@ export const App = () => {
   const { isLoggedIn } = useUserContext();
 
   if (isLoggedIn) {
-    return <Navigate to="/logout" />;
+    return <Navigate to="/logout" replace />;
   }
 
-  return <Navigate to="/login" />;
+  return <Navigate to="/login" replace />;
 };

frontend/src/components/auth/totp-form.tsx

@@ -44,6 +44,7 @@ export const TotpForm = (props: Props) => {
                   disabled={loading}
                   {...field}
                   autoComplete="one-time-code"
+                  autoFocus
                 >
                   <InputOTPGroup>
                     <InputOTPSlot index={0} />

frontend/src/components/domain-warning/domain-warning.tsx

@@ -0,0 +1,56 @@
+import {
+  Card,
+  CardDescription,
+  CardFooter,
+  CardHeader,
+  CardTitle,
+} from "../ui/card";
+import { Button } from "../ui/button";
+import { Trans, useTranslation } from "react-i18next";
+import { useLocation } from "react-router";
+
+interface Props {
+  onClick: () => void;
+  appUrl: string;
+  currentUrl: string;
+}
+
+export const DomainWarning = (props: Props) => {
+  const { onClick, appUrl, currentUrl } = props;
+  const { t } = useTranslation();
+  const { search } = useLocation();
+
+  const searchParams = new URLSearchParams(search);
+  const redirectUri = searchParams.get("redirect_uri");
+
+  return (
+    <Card role="alert" aria-live="assertive" className="min-w-xs sm:min-w-sm">
+      <CardHeader>
+        <CardTitle className="text-3xl">{t("domainWarningTitle")}</CardTitle>
+        <CardDescription>
+          <Trans
+            t={t}
+            i18nKey="domainWarningSubtitle"
+            values={{ appUrl, currentUrl }}
+            components={{ code: <code /> }}
+          />
+        </CardDescription>
+      </CardHeader>
+      <CardFooter className="flex flex-col items-stretch gap-2">
+        <Button onClick={onClick} variant="warning">
+          {t("ignoreTitle")}
+        </Button>
+        <Button
+          onClick={() =>
+            window.location.assign(
+              `${appUrl}/login?redirect_uri=${encodeURIComponent(redirectUri || "")}`,
+            )
+          }
+          variant="outline"
+        >
+          {t("goToCorrectDomainTitle")}
+        </Button>
+      </CardFooter>
+    </Card>
+  );
+};

frontend/src/components/icons/microsoft.tsx

@@ -0,0 +1,18 @@
+import type { SVGProps } from "react";
+
+export function MicrosoftIcon(props: SVGProps<SVGSVGElement>) {
+  return (
+    <svg
+      xmlns="http://www.w3.org/2000/svg"
+      width="2em"
+      height="2em"
+      viewBox="0 0 256 256"
+      {...props}
+    >
+      <path fill="#f1511b" d="M121.666 121.666H0V0h121.666z"></path>
+      <path fill="#80cc28" d="M256 121.666H134.335V0H256z"></path>
+      <path fill="#00adef" d="M121.663 256.002H0V134.336h121.663z"></path>
+      <path fill="#fbbc09" d="M256 256.002H134.335V134.336H256z"></path>
+    </svg>
+  );
+}

frontend/src/components/icons/oauth.tsx

@@ -1,6 +1,6 @@
 import type { SVGProps } from "react";
 
-export function GenericIcon(props: SVGProps<SVGSVGElement>) {
+export function OAuthIcon(props: SVGProps<SVGSVGElement>) {
   return (
     <svg
       xmlns="http://www.w3.org/2000/svg"

frontend/src/components/icons/pocket-id.tsx

@@ -0,0 +1,20 @@
+import type { SVGProps } from "react";
+
+export function PocketIDIcon(props: SVGProps<SVGSVGElement>) {
+  return (
+    <svg
+      xmlns="http://www.w3.org/2000/svg"
+      xmlSpace="preserve"
+      width={512}
+      height={512}
+      viewBox="0 0 512 512"
+      {...props}
+    >
+      <circle cx="256" cy="256" r="256" />
+      <path
+        d="M268.6 102.4c64.4 0 116.8 52.4 116.8 116.7 0 25.3-8 49.4-23 69.6-14.8 19.9-35 34.3-58.4 41.7l-6.5 2-15.5-76.2 4.3-2c14-6.7 23-21.1 23-36.6 0-22.4-18.2-40.6-40.6-40.6S228 195.2 228 217.6c0 15.5 9 29.8 23 36.6l4.2 2-25 153.4h-69.5V102.4z"
+        className="fill-white"
+      />
+    </svg>
+  );
+}

frontend/src/components/icons/tailscale.tsx

@@ -0,0 +1,26 @@
+import type { SVGProps } from "react";
+
+export function TailscaleIcon(props: SVGProps<SVGSVGElement>) {
+  return (
+    <svg
+      xmlns="http://www.w3.org/2000/svg"
+      xmlSpace="preserve"
+      width={512}
+      height={512}
+      viewBox="0 0 512 512"
+      {...props}
+    >
+      <path
+        className="opacity-80"
+        fill="currentColor"
+        d="M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9m191.6 0c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m189.2-193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"
+      />
+
+      <path
+        d="M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8m0 384.3c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512m191.6-384.3c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8m0 384.3c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"
+        className="opacity-20"
+        fill="currentColor"
+      />
+    </svg>
+  );
+}

frontend/src/components/layout/layout.tsx

@@ -1,8 +1,10 @@
 import { useAppContext } from "@/context/app-context";
 import { LanguageSelector } from "../language/language";
 import { Outlet } from "react-router";
+import { useCallback, useState } from "react";
+import { DomainWarning } from "../domain-warning/domain-warning";
 
-export const Layout = () => {
+const BaseLayout = ({ children }: { children: React.ReactNode }) => {
   const { backgroundImage } = useAppContext();
 
   return (
@@ -15,7 +17,38 @@ export const Layout = () => {
       }}
     >
       <LanguageSelector />
-      <Outlet />
+      {children}
     </div>
   );
 };
+
+export const Layout = () => {
+  const { appUrl } = useAppContext();
+  const [ignoreDomainWarning, setIgnoreDomainWarning] = useState(() => {
+    return window.sessionStorage.getItem("ignoreDomainWarning") === "true";
+  });
+  const currentUrl = window.location.origin;
+
+  const handleIgnore = useCallback(() => {
+    window.sessionStorage.setItem("ignoreDomainWarning", "true");
+    setIgnoreDomainWarning(true);
+  }, [setIgnoreDomainWarning]);
+
+  if (!ignoreDomainWarning && appUrl !== currentUrl) {
+    return (
+      <BaseLayout>
+        <DomainWarning
+          appUrl={appUrl}
+          currentUrl={currentUrl}
+          onClick={() => handleIgnore()}
+        />
+      </BaseLayout>
+    );
+  }
+
+  return (
+    <BaseLayout>
+      <Outlet />
+    </BaseLayout>
+  );
+};

frontend/src/components/ui/button.tsx

@@ -22,7 +22,7 @@ const buttonVariants = cva(
           "hover:bg-accent hover:text-accent-foreground dark:hover:bg-accent/50",
         link: "text-primary underline-offset-4 hover:underline",
         warning:
-          "bg-amber-500 text-white shadow-xs hover:bg-amber-400 focus-visible:ring-amber-200/20 dark:focus-visible:ring-amber-400/40 dark:bg-amber-600",
+          "bg-amber-500 text-white shadow-xs hover:bg-amber-400 focus-visible:ring-amber-200/20 dark:focus-visible:ring-amber-400/40",
       },
       size: {
         default: "h-9 px-4 py-2 has-[>svg]:px-3",

frontend/src/context/app-context.tsx

@@ -15,7 +15,7 @@ export const AppContextProvider = ({
 }) => {
   const { isFetching, data, error } = useSuspenseQuery({
     queryKey: ["app"],
-    queryFn: () => axios.get("/api/app").then((res) => res.data),
+    queryFn: () => axios.get("/api/context/app").then((res) => res.data),
   });
 
   if (error && !isFetching) {

frontend/src/context/user-context.tsx

@@ -15,7 +15,7 @@ export const UserContextProvider = ({
 }) => {
   const { isFetching, data, error } = useSuspenseQuery({
     queryKey: ["user"],
-    queryFn: () => axios.get("/api/user").then((res) => res.data),
+    queryFn: () => axios.get("/api/context/user").then((res) => res.data),
   });
 
   if (error && !isFetching) {

frontend/src/index.css

@@ -156,7 +156,7 @@ ul {
 }
 
 code {
-  @apply relative rounded bg-muted px-[0.2rem] py-[0.1rem] font-mono text-sm font-semibold;
+  @apply relative rounded bg-muted px-[0.2rem] py-[0.1rem] font-mono text-sm font-semibold break-all;
 }
 
 .lead {

frontend/src/lib/i18n/locales/af-ZA.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "Failed to get OAuth URL",
     "loginOauthSuccessTitle": "Redirecting",
     "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "Continue",
     "continueRedirectingTitle": "Redirecting...",
     "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
+    "continueRedirectManually": "Redirect me manually",
     "continueInsecureRedirectTitle": "Insecure redirect",
     "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "Failed to log out",
     "logoutFailSubtitle": "Please try again",
     "logoutSuccessTitle": "Logged out",
@@ -44,12 +47,16 @@
     "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
     "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
     "unauthorizedButton": "Try again",
-    "untrustedRedirectTitle": "Untrusted redirect",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
     "cancelTitle": "Cancel",
     "forgotPasswordTitle": "Forgot your password?",
     "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
     "errorTitle": "An error occurred",
     "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "fieldRequired": "This field is required",
+    "invalidInput": "Invalid input",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/ar-SA.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "أخفق الحصول على رابط OAuth",
     "loginOauthSuccessTitle": "إعادة توجيه",
     "loginOauthSuccessSubtitle": "إعادة توجيه إلى مزود OAuth الخاص بك",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "متابعة",
     "continueRedirectingTitle": "إعادة توجيه...",
     "continueRedirectingSubtitle": "يجب إعادة توجيهك إلى التطبيق قريبا",
-    "continueInvalidRedirectTitle": "إعادة توجيه غير صالحة",
-    "continueInvalidRedirectSubtitle": "رابط إعادة التوجيه غير صالح",
+    "continueRedirectManually": "Redirect me manually",
     "continueInsecureRedirectTitle": "إعادة توجيه غير آمنة",
     "continueInsecureRedirectSubtitle": "أنت تحاول إعادة التوجيه من <code>https</code> إلى <code>http</code>، هل أنت متأكد أنك تريد المتابعة؟",
-    "continueTitle": "متابعة",
-    "continueSubtitle": "انقر الزر للمتابعة إلى التطبيق الخاص بك.",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "فشل تسجيل الخروج",
     "logoutFailSubtitle": "يرجى إعادة المحاولة",
     "logoutSuccessTitle": "تم تسجيل الخروج",
@@ -44,12 +47,16 @@
     "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
     "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
     "unauthorizedButton": "حاول مجددا",
-    "untrustedRedirectTitle": "إعادة توجيه غير موثوقة",
-    "untrustedRedirectSubtitle": "أنت تحاول إعادة التوجيه إلى نطاق لا يتطابق مع النطاق المكون الخاص بك (<code>{{domain}}</code>). هل أنت متأكد من أنك تريد المتابعة؟",
     "cancelTitle": "إلغاء",
     "forgotPasswordTitle": "نسيت كلمة المرور؟",
     "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
     "errorTitle": "حدث خطأ",
     "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "fieldRequired": "This field is required",
+    "invalidInput": "Invalid input",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "تجاهل",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/ca-ES.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "Failed to get OAuth URL",
     "loginOauthSuccessTitle": "Redirecting",
     "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "Continue",
     "continueRedirectingTitle": "Redirecting...",
     "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
+    "continueRedirectManually": "Redirect me manually",
     "continueInsecureRedirectTitle": "Insecure redirect",
     "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "Failed to log out",
     "logoutFailSubtitle": "Please try again",
     "logoutSuccessTitle": "Logged out",
@@ -44,12 +47,16 @@
     "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
     "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
     "unauthorizedButton": "Try again",
-    "untrustedRedirectTitle": "Untrusted redirect",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
     "cancelTitle": "Cancel",
     "forgotPasswordTitle": "Forgot your password?",
     "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
     "errorTitle": "An error occurred",
     "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "fieldRequired": "This field is required",
+    "invalidInput": "Invalid input",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/cs-CZ.json

@@ -1,55 +1,62 @@
 {
-    "loginTitle": "Welcome back, login with",
-    "loginTitleSimple": "Welcome back, please login",
-    "loginDivider": "Or",
-    "loginUsername": "Username",
-    "loginPassword": "Password",
-    "loginSubmit": "Login",
-    "loginFailTitle": "Failed to log in",
-    "loginFailSubtitle": "Please check your username and password",
-    "loginFailRateLimit": "You failed to login too many times. Please try again later",
-    "loginSuccessTitle": "Logged in",
-    "loginSuccessSubtitle": "Welcome back!",
-    "loginOauthFailTitle": "An error occurred",
-    "loginOauthFailSubtitle": "Failed to get OAuth URL",
-    "loginOauthSuccessTitle": "Redirecting",
-    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
-    "continueRedirectingTitle": "Redirecting...",
-    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
-    "continueInsecureRedirectTitle": "Insecure redirect",
-    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
-    "continueSubtitle": "Click the button to continue to your app.",
-    "logoutFailTitle": "Failed to log out",
-    "logoutFailSubtitle": "Please try again",
-    "logoutSuccessTitle": "Logged out",
-    "logoutSuccessSubtitle": "You have been logged out",
-    "logoutTitle": "Logout",
-    "logoutUsernameSubtitle": "You are currently logged in as <code>{{username}}</code>. Click the button below to logout.",
-    "logoutOauthSubtitle": "You are currently logged in as <code>{{username}}</code> using the {{provider}} OAuth provider. Click the button below to logout.",
-    "notFoundTitle": "Page not found",
-    "notFoundSubtitle": "The page you are looking for does not exist.",
-    "notFoundButton": "Go home",
-    "totpFailTitle": "Failed to verify code",
-    "totpFailSubtitle": "Please check your code and try again",
-    "totpSuccessTitle": "Verified",
-    "totpSuccessSubtitle": "Redirecting to your app",
-    "totpTitle": "Enter your TOTP code",
-    "totpSubtitle": "Please enter the code from your authenticator app.",
-    "unauthorizedTitle": "Unauthorized",
-    "unauthorizedResourceSubtitle": "The user with username <code>{{username}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
-    "unauthorizedLoginSubtitle": "The user with username <code>{{username}}</code> is not authorized to login.",
-    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
-    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
-    "unauthorizedButton": "Try again",
-    "untrustedRedirectTitle": "Untrusted redirect",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
-    "cancelTitle": "Cancel",
-    "forgotPasswordTitle": "Forgot your password?",
-    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
-    "errorTitle": "An error occurred",
-    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "loginTitle": "Vítejte zpět, přihlaste se pomocí",
+    "loginTitleSimple": "Vítejte zpět, přihlaste se prosím",
+    "loginDivider": "Nebo",
+    "loginUsername": "Uživatelské jméno",
+    "loginPassword": "Heslo",
+    "loginSubmit": "Přihlásit",
+    "loginFailTitle": "Přihlášení se nezdařilo",
+    "loginFailSubtitle": "Zkontrolujte prosím své uživatelské jméno a heslo",
+    "loginFailRateLimit": "Přiliš mnoho neúspěšných pokusů přihlášení. Zkuste to prosím později",
+    "loginSuccessTitle": "Přihlášen",
+    "loginSuccessSubtitle": "Vítejte zpět!",
+    "loginOauthFailTitle": "Došlo k chybě",
+    "loginOauthFailSubtitle": "Nepodařilo se získat OAuth URL",
+    "loginOauthSuccessTitle": "Přesměrování",
+    "loginOauthSuccessSubtitle": "Přesměrování k poskytovateli OAuth",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "Pokračovat",
+    "continueRedirectingTitle": "Přesměrování...",
+    "continueRedirectingSubtitle": "Brzy budete přesměrováni do aplikace",
+    "continueRedirectManually": "Redirect me manually",
+    "continueInsecureRedirectTitle": "Nezabezpečené přesměrování",
+    "continueInsecureRedirectSubtitle": "Pokoušíte se přesměrovat z <code>https</code> na <code>http</code>, které není bezpečné. Opravdu chcete pokračovat?",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
+    "logoutFailTitle": "Odhlášení se nezdařilo",
+    "logoutFailSubtitle": "Zkuste to prosím znovu",
+    "logoutSuccessTitle": "Odhlášen",
+    "logoutSuccessSubtitle": "Byl jste odhlášen",
+    "logoutTitle": "Odhlásit",
+    "logoutUsernameSubtitle": "Jste přihlášen jako <code>{{username}}</code>. Pro odhlášení klikněte na tlačítko níže.",
+    "logoutOauthSubtitle": "Jste přihlášen jako <code>{{username}}</code> pomocí {{provider}} poskytovatele OAuth. Pro odhlášení klikněte na tlačítko níže.",
+    "notFoundTitle": "Stránka nenalezena",
+    "notFoundSubtitle": "Stránka, kterou hledáte, neexistuje.",
+    "notFoundButton": "Jít domů",
+    "totpFailTitle": "Nepodařilo se ověřit kód",
+    "totpFailSubtitle": "Zkontrolujte prosím kód a zkuste to znovu",
+    "totpSuccessTitle": "Ověřeno",
+    "totpSuccessSubtitle": "Přesměrování do aplikace",
+    "totpTitle": "Zadejte TOTP kód",
+    "totpSubtitle": "Zadejte prosím kód z ověřovací aplikace.",
+    "unauthorizedTitle": "Nepovoleno",
+    "unauthorizedResourceSubtitle": "Uživatel s uživatelským jménem <code>{{username}}</code> není oprávněn k přístupu ke zdroji <code>{{resource}}</code>.",
+    "unauthorizedLoginSubtitle": "Uživatel s uživatelským jménem <code>{{username}}</code> není oprávněn k přihlášení.",
+    "unauthorizedGroupsSubtitle": "Uživatel s uživatelským jménem <code>{{username}}</code> není ve skupině potřebné k přístupu ke zdroji <code>{{resource}}</code>.",
+    "unauthorizedIpSubtitle": "Vaše IP adresa <code>{{ip}}</code> není oprávněna k přístupu ke zdroji <code>{{resource}}</code>.",
+    "unauthorizedButton": "Zkusit znovu",
+    "cancelTitle": "Zrušit",
+    "forgotPasswordTitle": "Zapomněli jste heslo?",
+    "failedToFetchProvidersTitle": "Nepodařilo se načíst poskytovatele ověřování. Zkontrolujte prosím konfiguraci.",
+    "errorTitle": "Došlo k chybě",
+    "errorSubtitle": "Nastala chyba při pokusu o provedení této akce. Pro více informací prosím zkontrolujte konzolu.",
+    "forgotPasswordMessage": "Heslo můžete obnovit změnou proměnné `USERS`.",
+    "fieldRequired": "Toto pole je povinné",
+    "invalidInput": "Neplatný údaj",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/da-DK.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "Kunne ikke hente OAuth-URL",
     "loginOauthSuccessTitle": "Omdirigerer",
     "loginOauthSuccessSubtitle": "Omdirigerer til din OAuth-udbyder",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "Fortsæt",
     "continueRedirectingTitle": "Omdirigerer...",
     "continueRedirectingSubtitle": "Du bør blive omdirigeret til appen snart",
-    "continueInvalidRedirectTitle": "Ugyldig omdirigering",
-    "continueInvalidRedirectSubtitle": "Omdirigerings-URL'en er ugyldig",
+    "continueRedirectManually": "Redirect me manually",
     "continueInsecureRedirectTitle": "Usikker omdirigering",
     "continueInsecureRedirectSubtitle": "Du forsøger at omdirigere fra <code>https</code> til <code>http</code>, som ikke er sikker. Er du sikker på, at du vil fortsætte?",
-    "continueTitle": "Fortsæt",
-    "continueSubtitle": "Klik på knappen for at fortsætte til din app.",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "Log ud mislykkedes",
     "logoutFailSubtitle": "Prøv venligst igen",
     "logoutSuccessTitle": "Logget ud",
@@ -44,12 +47,16 @@
     "unauthorizedGroupsSubtitle": "Brugeren med brugernavnet <code>{{username}}</code> er ikke i de grupper, som ressourcen <code>{{resource}}</code> kræver.",
     "unauthorizedIpSubtitle": "Din IP adresse <code>{{ip}}</code> er ikke autoriseret til at tilgå ressourcen <code>{{resource}}</code>.",
     "unauthorizedButton": "Prøv igen",
-    "untrustedRedirectTitle": "Usikker omdirigering",
-    "untrustedRedirectSubtitle": "Du forsøger at omdirigere til et domæne, der ikke matcher dit konfigurerede domæne (<code>{{domain}}</code>). Er du sikker på, at du vil fortsætte?",
     "cancelTitle": "Annuller",
     "forgotPasswordTitle": "Glemt din adgangskode?",
     "failedToFetchProvidersTitle": "Kunne ikke indlæse godkendelsesudbydere. Tjek venligst din konfiguration.",
     "errorTitle": "Der opstod en fejl",
     "errorSubtitle": "Der opstod en fejl under forsøget på at udføre denne handling. Tjek venligst konsollen for mere information.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "fieldRequired": "This field is required",
+    "invalidInput": "Invalid input",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/de-DE.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "Fehler beim Abrufen der OAuth-URL",
     "loginOauthSuccessTitle": "Leite weiter",
     "loginOauthSuccessSubtitle": "Weiterleitung zu Ihrem OAuth-Provider",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "Weiter",
     "continueRedirectingTitle": "Leite weiter...",
     "continueRedirectingSubtitle": "Sie sollten in Kürze zur App weitergeleitet werden",
-    "continueInvalidRedirectTitle": "Ungültige Weiterleitung",
-    "continueInvalidRedirectSubtitle": "Die Weiterleitungs-URL ist ungültig",
+    "continueRedirectManually": "Redirect me manually",
     "continueInsecureRedirectTitle": "Unsichere Weiterleitung",
     "continueInsecureRedirectSubtitle": "Sie versuchen von <code>https</code> auf <code>http</code> weiterzuleiten, was unsicher ist. Sind Sie sicher, dass Sie fortfahren möchten?",
-    "continueTitle": "Weiter",
-    "continueSubtitle": "Klicken Sie auf den Button, um zur App zu gelangen.",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "Abmelden fehlgeschlagen",
     "logoutFailSubtitle": "Bitte versuchen Sie es erneut",
     "logoutSuccessTitle": "Abgemeldet",
@@ -31,7 +34,7 @@
     "logoutOauthSubtitle": "Sie sind derzeit als <code>{{username}}</code> über den OAuth-Anbieter {{provider}} angemeldet. Klicken Sie auf den Button unten, um sich abzumelden.",
     "notFoundTitle": "Seite nicht gefunden",
     "notFoundSubtitle": "Die gesuchte Seite existiert nicht.",
-    "notFoundButton": "Nach Hause",
+    "notFoundButton": "Zurück",
     "totpFailTitle": "Fehler beim Verifizieren des Codes",
     "totpFailSubtitle": "Bitte überprüfen Sie Ihren Code und versuchen Sie es erneut",
     "totpSuccessTitle": "Verifiziert",
@@ -44,12 +47,16 @@
     "unauthorizedGroupsSubtitle": "Der Benutzer mit Benutzername <code>{{username}}</code> ist nicht in den Gruppen, die von der Ressource <code>{{resource}}</code> benötigt werden.",
     "unauthorizedIpSubtitle": "Ihre IP-Adresse <code>{{ip}}</code> ist nicht berechtigt, auf die Ressource <code>{{resource}}</code> zuzugreifen.",
     "unauthorizedButton": "Erneut versuchen",
-    "untrustedRedirectTitle": "Nicht vertrauenswürdige Weiterleitung",
-    "untrustedRedirectSubtitle": "Sie versuchen auf eine Domain umzuleiten, die nicht mit Ihrer konfigurierten Domain übereinstimmt (<code>{{domain}}</code>). Sind Sie sicher, dass Sie fortfahren möchten?",
     "cancelTitle": "Abbrechen",
     "forgotPasswordTitle": "Passwort vergessen?",
     "failedToFetchProvidersTitle": "Fehler beim Laden der Authentifizierungsanbieter. Bitte überprüfen Sie Ihre Konfiguration.",
     "errorTitle": "Ein Fehler ist aufgetreten",
     "errorSubtitle": "Beim Versuch, diese Aktion auszuführen, ist ein Fehler aufgetreten. Bitte überprüfen Sie die Konsole für weitere Informationen.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "forgotPasswordMessage": "Das Passwort kann durch Änderung der 'USERS' Variable zurückgesetzt werden.",
+    "fieldRequired": "Dieses Feld ist notwendig",
+    "invalidInput": "Ungültige Eingabe",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/el-GR.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "Αποτυχία λήψης OAuth URL",
     "loginOauthSuccessTitle": "Ανακατεύθυνση",
     "loginOauthSuccessSubtitle": "Ανακατεύθυνση στον πάροχο OAuth σας",
+    "loginOauthAutoRedirectTitle": "Αυτόματη Ανακατεύθυνση OAuth",
+    "loginOauthAutoRedirectSubtitle": "Θα ανακατευθυνθείτε αυτόματα στον πάροχο OAuth σας για να επαληθευτείτε.",
+    "loginOauthAutoRedirectButton": "Ανακατεύθυνση τώρα",
+    "continueTitle": "Συνέχεια",
     "continueRedirectingTitle": "Ανακατεύθυνση...",
     "continueRedirectingSubtitle": "Θα πρέπει να μεταφερθείτε σύντομα στην εφαρμογή σας",
-    "continueInvalidRedirectTitle": "Μη έγκυρη ανακατεύθυνση",
-    "continueInvalidRedirectSubtitle": "Το URL ανακατεύθυνσης δεν είναι έγκυρο",
+    "continueRedirectManually": "Χειροκίνητη ανακατεύθυνση",
     "continueInsecureRedirectTitle": "Μη ασφαλής ανακατεύθυνση",
     "continueInsecureRedirectSubtitle": "Προσπαθείτε να ανακατευθύνετε από <code>https</code> σε <code>http</code> το οποίο δεν είναι ασφαλές. Είστε σίγουροι ότι θέλετε να συνεχίσετε;",
-    "continueTitle": "Συνέχεια",
-    "continueSubtitle": "Κάντε κλικ στο κουμπί για να συνεχίσετε στην εφαρμογή σας.",
+    "continueUntrustedRedirectTitle": "Μη έμπιστη ανακατεύθυνση",
+    "continueUntrustedRedirectSubtitle": "Προσπαθείτε να ανακατευθύνετε σε ένα domain που δεν ταιριάζει με το ρυθμισμένο domain σας (<code>{{cookieDomain}}</code>). Είστε βέβαιοι ότι θέλετε να συνεχίσετε;",
     "logoutFailTitle": "Αποτυχία αποσύνδεσης",
     "logoutFailSubtitle": "Παρακαλώ δοκιμάστε ξανά",
     "logoutSuccessTitle": "Αποσυνδεδεμένος",
@@ -44,12 +47,16 @@
     "unauthorizedGroupsSubtitle": "Ο χρήστης με όνομα χρήστη <code>{{username}}</code> δεν είναι στις ομάδες που απαιτούνται από τον πόρο <code>{{resource}}</code>.",
     "unauthorizedIpSubtitle": "Η διεύθυνση IP σας <code>{{ip}}</code> δεν είναι εξουσιοδοτημένη να έχει πρόσβαση στον πόρο <code>{{resource}}</code>.",
     "unauthorizedButton": "Προσπαθήστε ξανά",
-    "untrustedRedirectTitle": "Μη έμπιστη ανακατεύθυνση",
-    "untrustedRedirectSubtitle": "Προσπαθείτε να ανακατευθύνετε σε ένα domain που δεν ταιριάζει με τον ρυθμισμένο domain σας (<code>{{domain}}</code>). Είστε βέβαιοι ότι θέλετε να συνεχίσετε;",
     "cancelTitle": "Ακύρωση",
     "forgotPasswordTitle": "Ξεχάσατε το συνθηματικό σας;",
     "failedToFetchProvidersTitle": "Αποτυχία φόρτωσης παρόχων πιστοποίησης. Παρακαλώ ελέγξτε τις ρυθμίσεις σας.",
     "errorTitle": "Παρουσιάστηκε ένα σφάλμα",
     "errorSubtitle": "Παρουσιάστηκε σφάλμα κατά την προσπάθεια εκτέλεσης αυτής της ενέργειας. Ελέγξτε την κονσόλα για περισσότερες πληροφορίες.",
-    "forgotPasswordMessage": "Μπορείτε να επαναφέρετε τον κωδικό πρόσβασής σας αλλάζοντας τη μεταβλητή περιβάλλοντος `USERS`."
+    "forgotPasswordMessage": "Μπορείτε να επαναφέρετε τον κωδικό πρόσβασής σας αλλάζοντας τη μεταβλητή περιβάλλοντος `USERS`.",
+    "fieldRequired": "Αυτό το πεδίο είναι υποχρεωτικό",
+    "invalidInput": "Μη έγκυρη καταχώρηση",
+    "domainWarningTitle": "Μη έγκυρο domain",
+    "domainWarningSubtitle": "Αυτή η εφαρμογή έχει ρυθμιστεί για πρόσβαση από <code>{{appUrl}}</code>, αλλά <code>{{currentUrl}}</code> χρησιμοποιείται. Αν συνεχίσετε, μπορεί να αντιμετωπίσετε προβλήματα με την ταυτοποίηση.",
+    "ignoreTitle": "Παράβλεψη",
+    "goToCorrectDomainTitle": "Μεταβείτε στο σωστό domain"
 }

frontend/src/lib/i18n/locales/en-US.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "Failed to get OAuth URL",
     "loginOauthSuccessTitle": "Redirecting",
     "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "Continue",
     "continueRedirectingTitle": "Redirecting...",
     "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
+    "continueRedirectManually": "Redirect me manually",
     "continueInsecureRedirectTitle": "Insecure redirect",
     "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "Failed to log out",
     "logoutFailSubtitle": "Please try again",
     "logoutSuccessTitle": "Logged out",
@@ -44,8 +47,6 @@
     "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
     "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
     "unauthorizedButton": "Try again",
-    "untrustedRedirectTitle": "Untrusted redirect",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
     "cancelTitle": "Cancel",
     "forgotPasswordTitle": "Forgot your password?",
     "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
@@ -53,5 +54,9 @@
     "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
     "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
     "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Invalid input",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/en.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "Failed to get OAuth URL",
     "loginOauthSuccessTitle": "Redirecting",
     "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "Continue",
     "continueRedirectingTitle": "Redirecting...",
     "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
+    "continueRedirectManually": "Redirect me manually",
     "continueInsecureRedirectTitle": "Insecure redirect",
     "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "Failed to log out",
     "logoutFailSubtitle": "Please try again",
     "logoutSuccessTitle": "Logged out",
@@ -44,8 +47,6 @@
     "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
     "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
     "unauthorizedButton": "Try again",
-    "untrustedRedirectTitle": "Untrusted redirect",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
     "cancelTitle": "Cancel",
     "forgotPasswordTitle": "Forgot your password?",
     "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
@@ -53,5 +54,9 @@
     "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
     "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
     "fieldRequired": "This field is required",
-    "invalidInput": "Invalid input"
+    "invalidInput": "Invalid input",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/es-ES.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "Error al obtener la URL de OAuth",
     "loginOauthSuccessTitle": "Redireccionando",
     "loginOauthSuccessSubtitle": "Redireccionando a tu proveedor de OAuth",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "Continuar",
     "continueRedirectingTitle": "Redireccionando...",
     "continueRedirectingSubtitle": "Pronto será redirigido a la aplicación",
-    "continueInvalidRedirectTitle": "Redirección inválida",
-    "continueInvalidRedirectSubtitle": "La URL de redirección es inválida",
+    "continueRedirectManually": "Redirect me manually",
     "continueInsecureRedirectTitle": "Redirección insegura",
     "continueInsecureRedirectSubtitle": "Está intentando redirigir desde <code>https</code> a <code>http</code> lo cual no es seguro. ¿Está seguro que desea continuar?",
-    "continueTitle": "Continuar",
-    "continueSubtitle": "Haga clic en el botón para continuar hacia su aplicación.",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "Fallo al cerrar sesión",
     "logoutFailSubtitle": "Por favor intente nuevamente",
     "logoutSuccessTitle": "Sesión cerrada",
@@ -44,12 +47,16 @@
     "unauthorizedGroupsSubtitle": "El usuario con nombre de usuario <code>{{username}}</code> no está en los grupos requeridos por el recurso <code>{{resource}}</code>.",
     "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
     "unauthorizedButton": "Inténtelo de nuevo",
-    "untrustedRedirectTitle": "Redirección no confiable",
-    "untrustedRedirectSubtitle": "Está intentando redirigir a un dominio que no coincide con su dominio configurado (<code>{{domain}}</code>). ¿Está seguro que desea continuar?",
     "cancelTitle": "Cancelar",
     "forgotPasswordTitle": "¿Olvidó su contraseña?",
     "failedToFetchProvidersTitle": "Error al cargar los proveedores de autenticación. Por favor revise su configuración.",
     "errorTitle": "Ha ocurrido un error",
     "errorSubtitle": "Ocurrió un error mientras se trataba de realizar esta acción. Por favor, revise la consola para más información.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "fieldRequired": "This field is required",
+    "invalidInput": "Invalid input",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/fi-FI.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "Failed to get OAuth URL",
     "loginOauthSuccessTitle": "Redirecting",
     "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "Continue",
     "continueRedirectingTitle": "Redirecting...",
     "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
+    "continueRedirectManually": "Redirect me manually",
     "continueInsecureRedirectTitle": "Insecure redirect",
     "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "Failed to log out",
     "logoutFailSubtitle": "Please try again",
     "logoutSuccessTitle": "Logged out",
@@ -44,12 +47,16 @@
     "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
     "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
     "unauthorizedButton": "Try again",
-    "untrustedRedirectTitle": "Untrusted redirect",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
     "cancelTitle": "Cancel",
     "forgotPasswordTitle": "Forgot your password?",
     "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
     "errorTitle": "An error occurred",
     "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "fieldRequired": "This field is required",
+    "invalidInput": "Invalid input",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/fr-FR.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "Impossible d'obtenir l'URL OAuth",
     "loginOauthSuccessTitle": "Redirection",
     "loginOauthSuccessSubtitle": "Redirection vers votre fournisseur OAuth",
+    "loginOauthAutoRedirectTitle": "Redirection automatique OAuth",
+    "loginOauthAutoRedirectSubtitle": "Vous allez être automatiquement redirigé vers votre fournisseur OAuth pour vous authentifier.",
+    "loginOauthAutoRedirectButton": "Rediriger",
+    "continueTitle": "Continuer",
     "continueRedirectingTitle": "Redirection...",
     "continueRedirectingSubtitle": "Vous devriez être redirigé vers l'application bientôt",
-    "continueInvalidRedirectTitle": "Redirection invalide",
-    "continueInvalidRedirectSubtitle": "L'URL de redirection est invalide",
+    "continueRedirectManually": "Redirection manuelle",
     "continueInsecureRedirectTitle": "Redirection non sécurisée",
     "continueInsecureRedirectSubtitle": "Vous tentez de rediriger de <code>https</code> vers <code>http</code>, ce qui n'est pas sécurisé. Êtes-vous sûr de vouloir continuer ?",
-    "continueTitle": "Continuer",
-    "continueSubtitle": "Cliquez sur le bouton pour continuer vers votre application.",
+    "continueUntrustedRedirectTitle": "Redirection non sécurisée",
+    "continueUntrustedRedirectSubtitle": "Vous essayez de rediriger vers un domaine qui ne correspond pas à votre domaine configuré (<code>{{cookieDomain}}</code>). Êtes-vous sûr de vouloir continuer ?",
     "logoutFailTitle": "Échec de la déconnexion",
     "logoutFailSubtitle": "Veuillez réessayer",
     "logoutSuccessTitle": "Déconnecté",
@@ -38,18 +41,22 @@
     "totpSuccessSubtitle": "Redirection vers votre application",
     "totpTitle": "Saisissez votre code TOTP",
     "totpSubtitle": "Veuillez saisir le code de votre application d'authentification.",
-    "unauthorizedTitle": "Unauthorized",
+    "unauthorizedTitle": "Non autorisé",
     "unauthorizedResourceSubtitle": "L'utilisateur avec le nom d'utilisateur <code>{{username}}</code> n'est pas autorisé à accéder à la ressource <code>{{resource}}</code>.",
     "unauthorizedLoginSubtitle": "L'utilisateur avec le nom d'utilisateur <code>{{username}}</code> n'est pas autorisé à se connecter.",
     "unauthorizedGroupsSubtitle": "L'utilisateur avec le nom d'utilisateur <code>{{username}}</code> n'appartient pas aux groupes requis par la ressource <code>{{resource}}</code>.",
     "unauthorizedIpSubtitle": "Votre adresse IP <code>{{ip}}</code> n'est pas autorisée à accéder à la ressource <code>{{resource}}</code>.",
     "unauthorizedButton": "Réessayer",
-    "untrustedRedirectTitle": "Redirection non fiable",
-    "untrustedRedirectSubtitle": "Vous tentez de rediriger vers un domaine qui ne correspond pas à votre domaine configuré (<code>{{domain}}</code>). Êtes-vous sûr de vouloir continuer ?",
     "cancelTitle": "Annuler",
     "forgotPasswordTitle": "Mot de passe oublié ?",
     "failedToFetchProvidersTitle": "Échec du chargement des fournisseurs d'authentification. Veuillez vérifier votre configuration.",
     "errorTitle": "Une erreur est survenue",
     "errorSubtitle": "Une erreur est survenue lors de l'exécution de cette action. Veuillez consulter la console pour plus d'informations.",
-    "forgotPasswordMessage": "Vous pouvez réinitialiser votre mot de passe en modifiant la variable d'environnement `USERS`."
+    "forgotPasswordMessage": "Vous pouvez réinitialiser votre mot de passe en modifiant la variable d'environnement `USERS`.",
+    "fieldRequired": "Ce champ est obligatoire",
+    "invalidInput": "Saisie non valide",
+    "domainWarningTitle": "Domaine invalide",
+    "domainWarningSubtitle": "Cette instance est configurée pour être accédée depuis <code>{{appUrl}}</code>, mais <code>{{currentUrl}}</code> est utilisé. Si vous continuez, vous pourriez rencontrer des problèmes d'authentification.",
+    "ignoreTitle": "Ignorer",
+    "goToCorrectDomainTitle": "Aller au bon domaine"
 }

frontend/src/lib/i18n/locales/he-IL.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "Failed to get OAuth URL",
     "loginOauthSuccessTitle": "Redirecting",
     "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "Continue",
     "continueRedirectingTitle": "Redirecting...",
     "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
+    "continueRedirectManually": "Redirect me manually",
     "continueInsecureRedirectTitle": "Insecure redirect",
     "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "Failed to log out",
     "logoutFailSubtitle": "Please try again",
     "logoutSuccessTitle": "Logged out",
@@ -44,12 +47,16 @@
     "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
     "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
     "unauthorizedButton": "Try again",
-    "untrustedRedirectTitle": "Untrusted redirect",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
     "cancelTitle": "Cancel",
     "forgotPasswordTitle": "Forgot your password?",
     "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
     "errorTitle": "An error occurred",
     "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "fieldRequired": "This field is required",
+    "invalidInput": "Invalid input",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/hu-HU.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "Failed to get OAuth URL",
     "loginOauthSuccessTitle": "Redirecting",
     "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "Continue",
     "continueRedirectingTitle": "Redirecting...",
     "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
+    "continueRedirectManually": "Redirect me manually",
     "continueInsecureRedirectTitle": "Insecure redirect",
     "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "Failed to log out",
     "logoutFailSubtitle": "Please try again",
     "logoutSuccessTitle": "Logged out",
@@ -44,12 +47,16 @@
     "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
     "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
     "unauthorizedButton": "Try again",
-    "untrustedRedirectTitle": "Untrusted redirect",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
     "cancelTitle": "Cancel",
     "forgotPasswordTitle": "Forgot your password?",
     "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
     "errorTitle": "An error occurred",
     "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "fieldRequired": "This field is required",
+    "invalidInput": "Invalid input",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/it-IT.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "Failed to get OAuth URL",
     "loginOauthSuccessTitle": "Redirecting",
     "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "Continue",
     "continueRedirectingTitle": "Redirecting...",
     "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
+    "continueRedirectManually": "Redirect me manually",
     "continueInsecureRedirectTitle": "Insecure redirect",
     "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "Failed to log out",
     "logoutFailSubtitle": "Please try again",
     "logoutSuccessTitle": "Logged out",
@@ -44,12 +47,16 @@
     "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
     "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
     "unauthorizedButton": "Try again",
-    "untrustedRedirectTitle": "Untrusted redirect",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
     "cancelTitle": "Cancel",
     "forgotPasswordTitle": "Forgot your password?",
     "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
     "errorTitle": "An error occurred",
     "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "fieldRequired": "This field is required",
+    "invalidInput": "Invalid input",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/ja-JP.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "Failed to get OAuth URL",
     "loginOauthSuccessTitle": "Redirecting",
     "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "Continue",
     "continueRedirectingTitle": "Redirecting...",
     "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
+    "continueRedirectManually": "Redirect me manually",
     "continueInsecureRedirectTitle": "Insecure redirect",
     "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "Failed to log out",
     "logoutFailSubtitle": "Please try again",
     "logoutSuccessTitle": "Logged out",
@@ -44,12 +47,16 @@
     "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
     "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
     "unauthorizedButton": "Try again",
-    "untrustedRedirectTitle": "Untrusted redirect",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
     "cancelTitle": "Cancel",
     "forgotPasswordTitle": "Forgot your password?",
     "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
     "errorTitle": "An error occurred",
     "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "fieldRequired": "This field is required",
+    "invalidInput": "Invalid input",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/ko-KR.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "Failed to get OAuth URL",
     "loginOauthSuccessTitle": "Redirecting",
     "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "Continue",
     "continueRedirectingTitle": "Redirecting...",
     "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
+    "continueRedirectManually": "Redirect me manually",
     "continueInsecureRedirectTitle": "Insecure redirect",
     "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "Failed to log out",
     "logoutFailSubtitle": "Please try again",
     "logoutSuccessTitle": "Logged out",
@@ -44,12 +47,16 @@
     "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
     "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
     "unauthorizedButton": "Try again",
-    "untrustedRedirectTitle": "Untrusted redirect",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
     "cancelTitle": "Cancel",
     "forgotPasswordTitle": "Forgot your password?",
     "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
     "errorTitle": "An error occurred",
     "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "fieldRequired": "This field is required",
+    "invalidInput": "Invalid input",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/nl-NL.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "Fout bij het ophalen van OAuth URL",
     "loginOauthSuccessTitle": "Omleiden",
     "loginOauthSuccessSubtitle": "Omleiden naar je OAuth provider",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "Ga verder",
     "continueRedirectingTitle": "Omleiden...",
     "continueRedirectingSubtitle": "Je wordt naar de app doorgestuurd",
-    "continueInvalidRedirectTitle": "Ongeldige omleiding",
-    "continueInvalidRedirectSubtitle": "De omleidings-URL is ongeldig",
+    "continueRedirectManually": "Redirect me manually",
     "continueInsecureRedirectTitle": "Onveilige doorverwijzing",
     "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Ga verder",
-    "continueSubtitle": "Klik op de knop om door te gaan naar de app.",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "Afmelden mislukt",
     "logoutFailSubtitle": "Probeer het opnieuw",
     "logoutSuccessTitle": "Afgemeld",
@@ -44,12 +47,16 @@
     "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
     "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
     "unauthorizedButton": "Opnieuw proberen",
-    "untrustedRedirectTitle": "Untrusted redirect",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
     "cancelTitle": "Cancel",
     "forgotPasswordTitle": "Forgot your password?",
     "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
     "errorTitle": "An error occurred",
     "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "fieldRequired": "This field is required",
+    "invalidInput": "Invalid input",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/no-NO.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "Failed to get OAuth URL",
     "loginOauthSuccessTitle": "Redirecting",
     "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "Continue",
     "continueRedirectingTitle": "Redirecting...",
     "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
+    "continueRedirectManually": "Redirect me manually",
     "continueInsecureRedirectTitle": "Insecure redirect",
     "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "Failed to log out",
     "logoutFailSubtitle": "Please try again",
     "logoutSuccessTitle": "Logged out",
@@ -44,12 +47,16 @@
     "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
     "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
     "unauthorizedButton": "Try again",
-    "untrustedRedirectTitle": "Untrusted redirect",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
     "cancelTitle": "Cancel",
     "forgotPasswordTitle": "Forgot your password?",
     "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
     "errorTitle": "An error occurred",
     "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "fieldRequired": "This field is required",
+    "invalidInput": "Invalid input",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/pl-PL.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "Nie udało się uzyskać adresu URL OAuth",
     "loginOauthSuccessTitle": "Przekierowywanie",
     "loginOauthSuccessSubtitle": "Przekierowywanie do Twojego dostawcy OAuth",
+    "loginOauthAutoRedirectTitle": "Automatyczne przekierowanie OAuth",
+    "loginOauthAutoRedirectSubtitle": "Nastąpi automatyczne przekierowanie do dostawcy OAuth w celu uwierzytelnienia.",
+    "loginOauthAutoRedirectButton": "Przekieruj teraz",
+    "continueTitle": "Kontynuuj",
     "continueRedirectingTitle": "Przekierowywanie...",
     "continueRedirectingSubtitle": "Wkrótce powinieneś zostać przekierowany do aplikacji",
-    "continueInvalidRedirectTitle": "Nieprawidłowe przekierowanie",
-    "continueInvalidRedirectSubtitle": "Adres przekierowania jest nieprawidłowy",
+    "continueRedirectManually": "Przekieruj mnie ręcznie",
     "continueInsecureRedirectTitle": "Niezabezpieczone przekierowanie",
     "continueInsecureRedirectSubtitle": "Próbujesz przekierować z <code>https</code> do <code>http</code>, co nie jest bezpieczne. Czy na pewno chcesz kontynuować?",
-    "continueTitle": "Kontynuuj",
-    "continueSubtitle": "Kliknij przycisk, aby przejść do aplikacji.",
+    "continueUntrustedRedirectTitle": "Niezaufane przekierowanie",
+    "continueUntrustedRedirectSubtitle": "Próbujesz przekierować do domeny, która nie pasuje do skonfigurowanej domeny (<code>{{cookieDomain}}</code>). Czy na pewno chcesz kontynuować?",
     "logoutFailTitle": "Nie udało się wylogować",
     "logoutFailSubtitle": "Spróbuj ponownie",
     "logoutSuccessTitle": "Wylogowano",
@@ -44,12 +47,16 @@
     "unauthorizedGroupsSubtitle": "Użytkownik o nazwie <code>{{username}}</code> nie należy do grup wymaganych przez zasób <code>{{resource}}</code>.",
     "unauthorizedIpSubtitle": "Twój adres IP <code>{{ip}}</code> nie ma autoryzacji do dostępu do zasobu <code>{{resource}}</code>.",
     "unauthorizedButton": "Spróbuj ponownie",
-    "untrustedRedirectTitle": "Niezaufane przekierowanie",
-    "untrustedRedirectSubtitle": "Próbujesz przekierować do domeny, która nie pasuje do Twojej skonfigurowanej domeny (<code>{{domain}}</code>). Czy na pewno chcesz kontynuować?",
     "cancelTitle": "Anuluj",
     "forgotPasswordTitle": "Nie pamiętasz hasła?",
     "failedToFetchProvidersTitle": "Nie udało się załadować dostawców uwierzytelniania. Sprawdź swoją konfigurację.",
     "errorTitle": "Wystąpił błąd",
     "errorSubtitle": "Wystąpił błąd podczas próby wykonania tej czynności. Sprawdź konsolę, aby uzyskać więcej informacji.",
-    "forgotPasswordMessage": "Możesz zresetować hasło, zmieniając zmienną środowiskową `USERS`."
+    "forgotPasswordMessage": "Możesz zresetować hasło, zmieniając zmienną środowiskową `USERS`.",
+    "fieldRequired": "To pole jest wymagane",
+    "invalidInput": "Nieprawidłowe dane wejściowe",
+    "domainWarningTitle": "Nieprawidłowa domena",
+    "domainWarningSubtitle": "Ta instancja jest skonfigurowana do uzyskania dostępu z <code>{{appUrl}}</code>, ale <code>{{currentUrl}}</code> jest w użyciu. Jeśli będziesz kontynuować, mogą wystąpić problemy z uwierzytelnianiem.",
+    "ignoreTitle": "Zignoruj",
+    "goToCorrectDomainTitle": "Przejdź do prawidłowej domeny"
 }

frontend/src/lib/i18n/locales/pt-BR.json

@@ -1,34 +1,37 @@
 {
     "loginTitle": "Bem-vindo de volta, acesse com",
-    "loginTitleSimple": "Welcome back, please login",
-    "loginDivider": "Or",
+    "loginTitleSimple": "Bem-vindo de volta, faça o login",
+    "loginDivider": "Ou",
     "loginUsername": "Nome de usuário",
     "loginPassword": "Senha",
     "loginSubmit": "Entrar",
     "loginFailTitle": "Falha ao iniciar sessão",
     "loginFailSubtitle": "Por favor, verifique seu usuário e senha",
-    "loginFailRateLimit": "You failed to login too many times. Please try again later",
+    "loginFailRateLimit": "Você falhou em iniciar sessão muitas vezes, por favor tente novamente mais tarde",
     "loginSuccessTitle": "Sessão Iniciada",
     "loginSuccessSubtitle": "Bem-vindo de volta!",
-    "loginOauthFailTitle": "An error occurred",
+    "loginOauthFailTitle": "Ocorreu um erro",
     "loginOauthFailSubtitle": "Falha ao obter URL de OAuth",
     "loginOauthSuccessTitle": "Redirecionando",
     "loginOauthSuccessSubtitle": "Redirecionando para seu provedor OAuth",
+    "loginOauthAutoRedirectTitle": "Redirecionamento automático do OAuth",
+    "loginOauthAutoRedirectSubtitle": "Você será automaticamente redirecionado para seu provedor OAuth para autenticar.",
+    "loginOauthAutoRedirectButton": "Redirecionar agora",
+    "continueTitle": "Continuar",
     "continueRedirectingTitle": "Redirecionando...",
     "continueRedirectingSubtitle": "Você deve ser redirecionado para o aplicativo em breve",
-    "continueInvalidRedirectTitle": "Redirecionamento inválido",
-    "continueInvalidRedirectSubtitle": "O endereço de redirecionamento é inválido",
+    "continueRedirectManually": "Redirecionar-me manualmente",
     "continueInsecureRedirectTitle": "Redirecionamento inseguro",
-    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continuar",
-    "continueSubtitle": "Clique no botão para continuar para o seu aplicativo.",
+    "continueInsecureRedirectSubtitle": "Você está tentando redirecionar de <Code>https</Code> para <Code>http</Code>, você tem certeza que deseja continuar?",
+    "continueUntrustedRedirectTitle": "Redirecionamento não confiável",
+    "continueUntrustedRedirectSubtitle": "Você está tentando redirecionar para um domínio que não corresponde ao seu domínio configurado (<code>{{cookieDomain}}</code>). Tem certeza que deseja continuar?",
     "logoutFailTitle": "Falha ao encerrar sessão",
     "logoutFailSubtitle": "Por favor, tente novamente",
     "logoutSuccessTitle": "Sessão encerrada",
     "logoutSuccessSubtitle": "Você foi desconectado",
     "logoutTitle": "Sair",
-    "logoutUsernameSubtitle": "You are currently logged in as <code>{{username}}</code>. Click the button below to logout.",
-    "logoutOauthSubtitle": "You are currently logged in as <code>{{username}}</code> using the {{provider}} OAuth provider. Click the button below to logout.",
+    "logoutUsernameSubtitle": "Você está atualmente logado como <Code>{{username}}</Code>, clique no botão abaixo para sair.",
+    "logoutOauthSubtitle": "Você está atualmente logado como <Code>{{username}}</Code> usando o provedor {{provider}} OAuth, clique no botão abaixo para sair.",
     "notFoundTitle": "Página não encontrada",
     "notFoundSubtitle": "A página que você está procurando não existe.",
     "notFoundButton": "Voltar para a tela inicial",
@@ -37,19 +40,23 @@
     "totpSuccessTitle": "Verificado",
     "totpSuccessSubtitle": "Redirecionando para o seu aplicativo",
     "totpTitle": "Insira o seu código TOTP",
-    "totpSubtitle": "Please enter the code from your authenticator app.",
+    "totpSubtitle": "Por favor, insira o código do seu aplicativo de autenticação.",
     "unauthorizedTitle": "Não autorizado",
-    "unauthorizedResourceSubtitle": "The user with username <code>{{username}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
-    "unauthorizedLoginSubtitle": "The user with username <code>{{username}}</code> is not authorized to login.",
-    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
-    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
+    "unauthorizedResourceSubtitle": "O usuário com nome de usuário <code>{{username}}</code> não está autorizado a acessar o recurso <code>{{resource}}</code>.",
+    "unauthorizedLoginSubtitle": "O usuário com o nome <code>{{username}}</code> não está autorizado a acessar.",
+    "unauthorizedGroupsSubtitle": "O usuário  <code>{{username}}</code> não está autorizado a acessar o recurso <code>{{resource}}</code>.",
+    "unauthorizedIpSubtitle": "Seu endereço IP <code>{{ip}}</code> não está autorizado a acessar o recurso <code>{{resource}}</code>.",
     "unauthorizedButton": "Tentar novamente",
-    "untrustedRedirectTitle": "Redirecionamento não confiável",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
     "cancelTitle": "Cancelar",
     "forgotPasswordTitle": "Esqueceu sua senha?",
-    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
-    "errorTitle": "An error occurred",
-    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "failedToFetchProvidersTitle": "Falha ao carregar provedores de autenticação. Verifique sua configuração.",
+    "errorTitle": "Ocorreu um erro",
+    "errorSubtitle": "Ocorreu um erro ao tentar executar esta ação. Por favor, verifique o console para mais informações.",
+    "forgotPasswordMessage": "Você pode redefinir sua senha alterando a variável de ambiente `USERS`.",
+    "fieldRequired": "Este campo é obrigatório",
+    "invalidInput": "Entrada Inválida",
+    "domainWarningTitle": "Domínio inválido",
+    "domainWarningSubtitle": "Esta instância está configurada para ser acessada de <code>{{appUrl}}</code>, mas <code>{{currentUrl}}</code> está sendo usado. Se você continuar, você pode encontrar problemas com a autenticação.",
+    "ignoreTitle": "Ignorar",
+    "goToCorrectDomainTitle": "Ir para o domínio correto"
 }

frontend/src/lib/i18n/locales/pt-PT.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "Failed to get OAuth URL",
     "loginOauthSuccessTitle": "Redirecting",
     "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "Continue",
     "continueRedirectingTitle": "Redirecting...",
     "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
+    "continueRedirectManually": "Redirect me manually",
     "continueInsecureRedirectTitle": "Insecure redirect",
     "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "Failed to log out",
     "logoutFailSubtitle": "Please try again",
     "logoutSuccessTitle": "Logged out",
@@ -44,12 +47,16 @@
     "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
     "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
     "unauthorizedButton": "Try again",
-    "untrustedRedirectTitle": "Untrusted redirect",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
     "cancelTitle": "Cancel",
     "forgotPasswordTitle": "Forgot your password?",
     "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
     "errorTitle": "An error occurred",
     "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "fieldRequired": "This field is required",
+    "invalidInput": "Invalid input",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/ro-RO.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "Failed to get OAuth URL",
     "loginOauthSuccessTitle": "Redirecting",
     "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "Continue",
     "continueRedirectingTitle": "Redirecting...",
     "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
+    "continueRedirectManually": "Redirect me manually",
     "continueInsecureRedirectTitle": "Insecure redirect",
     "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "Failed to log out",
     "logoutFailSubtitle": "Please try again",
     "logoutSuccessTitle": "Logged out",
@@ -44,12 +47,16 @@
     "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
     "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
     "unauthorizedButton": "Try again",
-    "untrustedRedirectTitle": "Untrusted redirect",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
     "cancelTitle": "Cancel",
     "forgotPasswordTitle": "Forgot your password?",
     "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
     "errorTitle": "An error occurred",
     "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "fieldRequired": "This field is required",
+    "invalidInput": "Invalid input",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/ru-RU.json

@@ -1,6 +1,6 @@
 {
     "loginTitle": "С возвращением, войти с",
-    "loginTitleSimple": "Вход",
+    "loginTitleSimple": "С возвращением, пожалуйста войдите",
     "loginDivider": "Или",
     "loginUsername": "Имя пользователя",
     "loginPassword": "Пароль",
@@ -8,24 +8,27 @@
     "loginFailTitle": "Вход не удался",
     "loginFailSubtitle": "Проверьте имя пользователя и пароль",
     "loginFailRateLimit": "Слишком много ошибок входа. Попробуйте позже",
-    "loginSuccessTitle": "Вы вошли",
+    "loginSuccessTitle": "Вход выполнен",
     "loginSuccessSubtitle": "С возвращением!",
     "loginOauthFailTitle": "Произошла ошибка",
-    "loginOauthFailSubtitle": "Не удалось получить OAuth URL",
+    "loginOauthFailSubtitle": "Не удалось получить ссылку OAuth",
     "loginOauthSuccessTitle": "Перенаправление",
     "loginOauthSuccessSubtitle": "Перенаправление к поставщику OAuth",
+    "loginOauthAutoRedirectTitle": "OAuth автоматическое перенаправление",
+    "loginOauthAutoRedirectSubtitle": "Вы будете автоматически перенаправлены для авторизации у вашего поставщика OAuth.",
+    "loginOauthAutoRedirectButton": "Перенаправить сейчас",
+    "continueTitle": "Продолжить",
     "continueRedirectingTitle": "Перенаправление...",
     "continueRedirectingSubtitle": "Скоро вы будете перенаправлены в приложение",
-    "continueInvalidRedirectTitle": "Неверное перенаправление",
-    "continueInvalidRedirectSubtitle": "URL перенаправления недействителен",
+    "continueRedirectManually": "Перенаправить вручную",
     "continueInsecureRedirectTitle": "Небезопасное перенаправление",
     "continueInsecureRedirectSubtitle": "Попытка перенаправления с <code>https</code> на <code>http</code>, уверены, что хотите продолжить?",
-    "continueTitle": "Продолжить",
-    "continueSubtitle": "Нажмите на кнопку, чтобы перейти к приложению.",
+    "continueUntrustedRedirectTitle": "Недоверенное перенаправление",
+    "continueUntrustedRedirectSubtitle": "Вы пытаетесь перенаправить на домен, который не соответствует вашему настроенному домену (<code>{{cookieDomain}}</code>). Вы уверены, что хотите продолжить?",
     "logoutFailTitle": "Не удалось выйти",
     "logoutFailSubtitle": "Попробуйте ещё раз",
     "logoutSuccessTitle": "Выход",
-    "logoutSuccessSubtitle": "Вы вышли из системы",
+    "logoutSuccessSubtitle": "Вы вышли",
     "logoutTitle": "Выйти",
     "logoutUsernameSubtitle": "Вход выполнен как <code>{{username}}</code>, нажмите на кнопку ниже, чтобы выйти.",
     "logoutOauthSubtitle": "Вход выполнен как <code>{{username}}</code> с использованием {{provider}} OAuth, нажмите кнопку ниже, чтобы выйти.",
@@ -37,19 +40,23 @@
     "totpSuccessTitle": "Подтверждён",
     "totpSuccessSubtitle": "Перенаправление в приложение",
     "totpTitle": "Введите код TOTP",
-    "totpSubtitle": "Пожалуйста, введите код из вашего приложения — аутентификатора.",
-    "unauthorizedTitle": "Доступ запрещен",
-    "unauthorizedResourceSubtitle": "Пользователю <code>{{username}}</code> не разрешен доступ к <code>{{resource}}</code>.",
-    "unauthorizedLoginSubtitle": "Пользователю <code>{{username}}</code> не разрешен вход.",
-    "unauthorizedGroupsSubtitle": "Пользователь <code>{{username}}</code> не состоит в группах, которым разрешен доступ к <code>{{resource}}</code>.",
-    "unauthorizedIpSubtitle": "Ваш IP адрес <code>{{ip}}</code> не авторизован для доступа к ресурсу <code>{{resource}}</code>.",
+    "totpSubtitle": "Пожалуйста, введите код из вашего приложения авторизации.",
+    "unauthorizedTitle": "Доступ запрещён",
+    "unauthorizedResourceSubtitle": "Пользователю <code>{{username}}</code> не разрешён доступ к <code>{{resource}}</code>.",
+    "unauthorizedLoginSubtitle": "Пользователю <code>{{username}}</code> не разрешён вход.",
+    "unauthorizedGroupsSubtitle": "Пользователь <code>{{username}}</code> не состоит в группах, которым разрешён доступ к <code>{{resource}}</code>.",
+    "unauthorizedIpSubtitle": "Вашему IP-адресу <code>{{ip}}</code> не разрешён доступ к ресурсу <code>{{resource}}</code>.",
     "unauthorizedButton": "Повторить",
-    "untrustedRedirectTitle": "Ненадежное перенаправление",
-    "untrustedRedirectSubtitle": "Попытка перенаправить на домен, который не соответствует вашему заданному домену (<code>{{domain}}</code>). Уверены, что хотите продолжить?",
     "cancelTitle": "Отмена",
     "forgotPasswordTitle": "Забыли пароль?",
-    "failedToFetchProvidersTitle": "Не удалось загрузить провайдеров аутентификации. Пожалуйста, проверьте конфигурацию.",
+    "failedToFetchProvidersTitle": "Не удалось загрузить поставщика авторизации. Пожалуйста, проверьте конфигурацию.",
     "errorTitle": "Произошла ошибка",
     "errorSubtitle": "Произошла ошибка при попытке выполнить это действие. Проверьте консоль для дополнительной информации.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "forgotPasswordMessage": "Вы можете сбросить свой пароль, изменив переменную окружения `USERS`.",
+    "fieldRequired": "Это поле является обязательным",
+    "invalidInput": "Недопустимый ввод",
+    "domainWarningTitle": "Неверный домен",
+    "domainWarningSubtitle": "Этот экземпляр настроен на доступ к нему из <code>{{appUrl}}</code>, но <code>{{currentUrl}}</code> в настоящее время используется. Если вы продолжите, то могут возникнуть проблемы с авторизацией.",
+    "ignoreTitle": "Игнорировать",
+    "goToCorrectDomainTitle": "Перейти к правильному домену"
 }

frontend/src/lib/i18n/locales/sr-SP.json

@@ -1,55 +1,62 @@
 {
-    "loginTitle": "Welcome back, login with",
-    "loginTitleSimple": "Welcome back, please login",
-    "loginDivider": "Or",
-    "loginUsername": "Username",
-    "loginPassword": "Password",
-    "loginSubmit": "Login",
-    "loginFailTitle": "Failed to log in",
-    "loginFailSubtitle": "Please check your username and password",
-    "loginFailRateLimit": "You failed to login too many times. Please try again later",
-    "loginSuccessTitle": "Logged in",
-    "loginSuccessSubtitle": "Welcome back!",
-    "loginOauthFailTitle": "An error occurred",
-    "loginOauthFailSubtitle": "Failed to get OAuth URL",
-    "loginOauthSuccessTitle": "Redirecting",
-    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
-    "continueRedirectingTitle": "Redirecting...",
-    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
-    "continueInsecureRedirectTitle": "Insecure redirect",
-    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
-    "continueSubtitle": "Click the button to continue to your app.",
-    "logoutFailTitle": "Failed to log out",
-    "logoutFailSubtitle": "Please try again",
-    "logoutSuccessTitle": "Logged out",
-    "logoutSuccessSubtitle": "You have been logged out",
-    "logoutTitle": "Logout",
-    "logoutUsernameSubtitle": "You are currently logged in as <code>{{username}}</code>. Click the button below to logout.",
-    "logoutOauthSubtitle": "You are currently logged in as <code>{{username}}</code> using the {{provider}} OAuth provider. Click the button below to logout.",
-    "notFoundTitle": "Page not found",
-    "notFoundSubtitle": "The page you are looking for does not exist.",
-    "notFoundButton": "Go home",
-    "totpFailTitle": "Failed to verify code",
-    "totpFailSubtitle": "Please check your code and try again",
-    "totpSuccessTitle": "Verified",
-    "totpSuccessSubtitle": "Redirecting to your app",
-    "totpTitle": "Enter your TOTP code",
-    "totpSubtitle": "Please enter the code from your authenticator app.",
-    "unauthorizedTitle": "Unauthorized",
-    "unauthorizedResourceSubtitle": "The user with username <code>{{username}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
-    "unauthorizedLoginSubtitle": "The user with username <code>{{username}}</code> is not authorized to login.",
-    "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
-    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
-    "unauthorizedButton": "Try again",
-    "untrustedRedirectTitle": "Untrusted redirect",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
-    "cancelTitle": "Cancel",
-    "forgotPasswordTitle": "Forgot your password?",
-    "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
-    "errorTitle": "An error occurred",
-    "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "loginTitle": "Добродошли назад, пријавите се са",
+    "loginTitleSimple": "Добродошли назад, молим вас пријавите се",
+    "loginDivider": "Или",
+    "loginUsername": "Корисничко име",
+    "loginPassword": "Лозинка",
+    "loginSubmit": "Пријава",
+    "loginFailTitle": "Неуспешна пријава",
+    "loginFailSubtitle": "Молим вас проверите ваше корисничко име и лозинку",
+    "loginFailRateLimit": "Нисте успели да се пријавите превише пута. Молим вас покушајте касније",
+    "loginSuccessTitle": "Пријављени",
+    "loginSuccessSubtitle": "Добродошли назад!",
+    "loginOauthFailTitle": "Појавила се грешка",
+    "loginOauthFailSubtitle": "Неуспело преузимање OAuth адресе",
+    "loginOauthSuccessTitle": "Преусмеравање",
+    "loginOauthSuccessSubtitle": "Преусмеравање на вашег OAuth провајдера",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "Настави",
+    "continueRedirectingTitle": "Преусмеравање...",
+    "continueRedirectingSubtitle": "Требали би сте ускоро да будете преусмерени на апликацију",
+    "continueRedirectManually": "Redirect me manually",
+    "continueInsecureRedirectTitle": "Небезбедно преусмеравање",
+    "continueInsecureRedirectSubtitle": "Покушавате да преусмерите са <code>https</code> на <code>http</code> што није безбедно. Да ли желите да наставите?",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
+    "logoutFailTitle": "Неуспешно одјављивање",
+    "logoutFailSubtitle": "Молим вас покушајте поново",
+    "logoutSuccessTitle": "Одјављени",
+    "logoutSuccessSubtitle": "Одјављени сте",
+    "logoutTitle": "Одјава",
+    "logoutUsernameSubtitle": "Тренутно сте пријављени као <code>{{username}}</code>. Кликните на дугме испод да се одјавите.",
+    "logoutOauthSubtitle": "Тренутно сте пријављени као <code>{{username}}</code> користећи {{provider}} OAuth провајдера. Кликните на дугме испод да се одјавите.",
+    "notFoundTitle": "Страница није пронађена",
+    "notFoundSubtitle": "Страница коју тражите не постоји.",
+    "notFoundButton": "На почетак",
+    "totpFailTitle": "Неуспело потврђивање кода",
+    "totpFailSubtitle": "Молим вас проверите ваш код и покушајте поново",
+    "totpSuccessTitle": "Потврђен",
+    "totpSuccessSubtitle": "Преусмеравање на вашу апликацију",
+    "totpTitle": "Унесите ваш TOTP код",
+    "totpSubtitle": "Молим вас унесите код из ваше апликације за аутентификацију.",
+    "unauthorizedTitle": "Неауторизован",
+    "unauthorizedResourceSubtitle": "Корисник са корисничким именом <code>{{username}}</code> није ауторизован да приступи ресурсу <code>{{resource}}</code>.",
+    "unauthorizedLoginSubtitle": "Корисник са корисничким именом <code>{{username}}</code> није ауторизован за пријављивање.",
+    "unauthorizedGroupsSubtitle": "Корисник са корисничким именом <code>{{username}}</code> није у групама које захтева ресурс <code>{{resource}}</code>.",
+    "unauthorizedIpSubtitle": "Ваша IP адреса <code>{{ip}}</code> није ауторизована да приступи ресурсу <code>{{resource}}</code>.",
+    "unauthorizedButton": "Покушајте поново",
+    "cancelTitle": "Поништи",
+    "forgotPasswordTitle": "Заборавили сте лозинку?",
+    "failedToFetchProvidersTitle": "Није успело учитавање провајдера аутентификације. Молим вас проверите ваша подешавања.",
+    "errorTitle": "Појавила се грешка",
+    "errorSubtitle": "Појавила се грешка при покушају извршавања ове радње. Молим вас проверите конзолу за додатне информације.",
+    "forgotPasswordMessage": "Можете поништити вашу лозинку променом `USERS` променљиве окружења.",
+    "fieldRequired": "This field is required",
+    "invalidInput": "Invalid input",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/sv-SE.json

@@ -1,32 +1,35 @@
 {
-    "loginTitle": "Welcome back, login with",
-    "loginTitleSimple": "Welcome back, please login",
-    "loginDivider": "Or",
-    "loginUsername": "Username",
-    "loginPassword": "Password",
-    "loginSubmit": "Login",
-    "loginFailTitle": "Failed to log in",
-    "loginFailSubtitle": "Please check your username and password",
-    "loginFailRateLimit": "You failed to login too many times. Please try again later",
-    "loginSuccessTitle": "Logged in",
-    "loginSuccessSubtitle": "Welcome back!",
-    "loginOauthFailTitle": "An error occurred",
-    "loginOauthFailSubtitle": "Failed to get OAuth URL",
-    "loginOauthSuccessTitle": "Redirecting",
-    "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
-    "continueRedirectingTitle": "Redirecting...",
-    "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
-    "continueInsecureRedirectTitle": "Insecure redirect",
-    "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
-    "continueSubtitle": "Click the button to continue to your app.",
-    "logoutFailTitle": "Failed to log out",
-    "logoutFailSubtitle": "Please try again",
-    "logoutSuccessTitle": "Logged out",
-    "logoutSuccessSubtitle": "You have been logged out",
-    "logoutTitle": "Logout",
+    "loginTitle": "Välkommen tillbaka, logga in med",
+    "loginTitleSimple": "Välkommen tillbaka, logga in",
+    "loginDivider": "Eller",
+    "loginUsername": "Användarnamn",
+    "loginPassword": "Lösenord",
+    "loginSubmit": "Logga in",
+    "loginFailTitle": "Kunde inte logga in",
+    "loginFailSubtitle": "Kontrollera ditt användarnamn och lösenord",
+    "loginFailRateLimit": "Du misslyckades med att logga in för många gånger. Försök igen senare",
+    "loginSuccessTitle": "Inloggad",
+    "loginSuccessSubtitle": "Välkommen tillbaka!",
+    "loginOauthFailTitle": "Ett fel har uppstått",
+    "loginOauthFailSubtitle": "Kunde inte hämta OAuth URL",
+    "loginOauthSuccessTitle": "Omdirigerar",
+    "loginOauthSuccessSubtitle": "Omdirigera till din OAuth leverantör",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "Fortsätt",
+    "continueRedirectingTitle": "Omdirigerar...",
+    "continueRedirectingSubtitle": "Du bör omdirigeras till appen snart",
+    "continueRedirectManually": "Redirect me manually",
+    "continueInsecureRedirectTitle": "Osäker omdirigering",
+    "continueInsecureRedirectSubtitle": "Du försöker omdirigera från <code>https</code> till <code>http</code> som inte är säker. Är du säker på att du vill fortsätta?",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
+    "logoutFailTitle": "Kunde inte logga ut.",
+    "logoutFailSubtitle": "Vänligen försök igen",
+    "logoutSuccessTitle": "Utloggad",
+    "logoutSuccessSubtitle": "Du har blivit utloggad",
+    "logoutTitle": "Logga ut",
     "logoutUsernameSubtitle": "You are currently logged in as <code>{{username}}</code>. Click the button below to logout.",
     "logoutOauthSubtitle": "You are currently logged in as <code>{{username}}</code> using the {{provider}} OAuth provider. Click the button below to logout.",
     "notFoundTitle": "Page not found",
@@ -38,18 +41,22 @@
     "totpSuccessSubtitle": "Redirecting to your app",
     "totpTitle": "Enter your TOTP code",
     "totpSubtitle": "Please enter the code from your authenticator app.",
-    "unauthorizedTitle": "Unauthorized",
+    "unauthorizedTitle": "Obehörig",
     "unauthorizedResourceSubtitle": "The user with username <code>{{username}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
     "unauthorizedLoginSubtitle": "The user with username <code>{{username}}</code> is not authorized to login.",
     "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
     "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
     "unauthorizedButton": "Try again",
-    "untrustedRedirectTitle": "Untrusted redirect",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
     "cancelTitle": "Cancel",
     "forgotPasswordTitle": "Forgot your password?",
     "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
     "errorTitle": "An error occurred",
     "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "fieldRequired": "This field is required",
+    "invalidInput": "Invalid input",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/tr-TR.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "Failed to get OAuth URL",
     "loginOauthSuccessTitle": "Yönlendiriliyor",
     "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "Devam et",
     "continueRedirectingTitle": "Yönlendiriliyor...",
     "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
+    "continueRedirectManually": "Redirect me manually",
     "continueInsecureRedirectTitle": "Insecure redirect",
     "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Devam et",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "Failed to log out",
     "logoutFailSubtitle": "Lütfen tekrar deneyin",
     "logoutSuccessTitle": "Çıkış yapıldı",
@@ -44,12 +47,16 @@
     "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
     "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
     "unauthorizedButton": "Try again",
-    "untrustedRedirectTitle": "Untrusted redirect",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
     "cancelTitle": "İptal",
     "forgotPasswordTitle": "Forgot your password?",
     "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
     "errorTitle": "An error occurred",
     "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "fieldRequired": "This field is required",
+    "invalidInput": "Invalid input",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/uk-UA.json

@@ -1,5 +1,5 @@
 {
-    "loginTitle": "Welcome back, login with",
+    "loginTitle": "З поверненням, увійдіть через",
     "loginTitleSimple": "Welcome back, please login",
     "loginDivider": "Or",
     "loginUsername": "Username",
@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "Failed to get OAuth URL",
     "loginOauthSuccessTitle": "Redirecting",
     "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "Continue",
     "continueRedirectingTitle": "Redirecting...",
     "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
+    "continueRedirectManually": "Redirect me manually",
     "continueInsecureRedirectTitle": "Insecure redirect",
     "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "Failed to log out",
     "logoutFailSubtitle": "Please try again",
     "logoutSuccessTitle": "Logged out",
@@ -44,12 +47,16 @@
     "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
     "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
     "unauthorizedButton": "Try again",
-    "untrustedRedirectTitle": "Untrusted redirect",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
     "cancelTitle": "Cancel",
     "forgotPasswordTitle": "Forgot your password?",
     "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
     "errorTitle": "An error occurred",
     "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "fieldRequired": "This field is required",
+    "invalidInput": "Invalid input",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/vi-VN.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "Failed to get OAuth URL",
     "loginOauthSuccessTitle": "Redirecting",
     "loginOauthSuccessSubtitle": "Redirecting to your OAuth provider",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "Continue",
     "continueRedirectingTitle": "Redirecting...",
     "continueRedirectingSubtitle": "You should be redirected to the app soon",
-    "continueInvalidRedirectTitle": "Invalid redirect",
-    "continueInvalidRedirectSubtitle": "The redirect URL is invalid",
+    "continueRedirectManually": "Redirect me manually",
     "continueInsecureRedirectTitle": "Insecure redirect",
     "continueInsecureRedirectSubtitle": "You are trying to redirect from <code>https</code> to <code>http</code> which is not secure. Are you sure you want to continue?",
-    "continueTitle": "Continue",
-    "continueSubtitle": "Click the button to continue to your app.",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "Failed to log out",
     "logoutFailSubtitle": "Please try again",
     "logoutSuccessTitle": "Logged out",
@@ -44,12 +47,16 @@
     "unauthorizedGroupsSubtitle": "The user with username <code>{{username}}</code> is not in the groups required by the resource <code>{{resource}}</code>.",
     "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
     "unauthorizedButton": "Try again",
-    "untrustedRedirectTitle": "Untrusted redirect",
-    "untrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{domain}}</code>). Are you sure you want to continue?",
     "cancelTitle": "Cancel",
     "forgotPasswordTitle": "Forgot your password?",
     "failedToFetchProvidersTitle": "Failed to load authentication providers. Please check your configuration.",
     "errorTitle": "An error occurred",
     "errorSubtitle": "An error occurred while trying to perform this action. Please check the console for more information.",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "fieldRequired": "This field is required",
+    "invalidInput": "Invalid input",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/lib/i18n/locales/zh-CN.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "获取 OAuth URL 失败",
     "loginOauthSuccessTitle": "重定向中",
     "loginOauthSuccessSubtitle": "重定向到您的 OAuth 提供商",
+    "loginOauthAutoRedirectTitle": "OAuth自动重定向",
+    "loginOauthAutoRedirectSubtitle": "您将被自动重定向到您的 OAuth 提供商进行身份验证。",
+    "loginOauthAutoRedirectButton": "立即跳转",
+    "continueTitle": "继续",
     "continueRedirectingTitle": "正在重定向……",
     "continueRedirectingSubtitle": "您应该很快被重定向到应用",
-    "continueInvalidRedirectTitle": "无效的重定向",
-    "continueInvalidRedirectSubtitle": "重定向URL无效",
+    "continueRedirectManually": "请手动跳转",
     "continueInsecureRedirectTitle": "不安全的重定向",
     "continueInsecureRedirectSubtitle": "您正在尝试从<code>https</code>重定向到<code>http</code>可能存在风险。您确定要继续吗？",
-    "continueTitle": "继续",
-    "continueSubtitle": "点击按钮以继续您的应用。",
+    "continueUntrustedRedirectTitle": "不可信的重定向",
+    "continueUntrustedRedirectSubtitle": "您尝试跳转的域名与配置的域名（<code>{{cookieDomain}}</code>）不匹配。是否继续？",
     "logoutFailTitle": "注销失败",
     "logoutFailSubtitle": "请重试",
     "logoutSuccessTitle": "已登出",
@@ -30,7 +33,7 @@
     "logoutUsernameSubtitle": "您当前登录用户为<code>{{username}}</code>。点击下方按钮注销。",
     "logoutOauthSubtitle": "您当前以<code>{{username}}</code>登录，使用的是{{provider}} OAuth 提供商。点击下方按钮注销。",
     "notFoundTitle": "无法找到页面",
-    "notFoundSubtitle": "您正在查找的页面不存在。",
+    "notFoundSubtitle": "您访问的页面不存在。",
     "notFoundButton": "回到主页",
     "totpFailTitle": "无法验证代码",
     "totpFailSubtitle": "请检查您的代码并重试",
@@ -42,14 +45,18 @@
     "unauthorizedResourceSubtitle": "用户名为<code>{{username}}</code>的用户无权访问资源<code>{{resource}}</code>。",
     "unauthorizedLoginSubtitle": "用户名为<code>{{username}}</code>的用户无权登录。",
     "unauthorizedGroupsSubtitle": "用户名为<code>{{username}}</code>的用户不在资源<code>{{resource}}</code>所需的组中。",
-    "unauthorizedIpSubtitle": "Your IP address <code>{{ip}}</code> is not authorized to access the resource <code>{{resource}}</code>.",
+    "unauthorizedIpSubtitle": "用户 <code>{{ip}}</code> 无权访问资源 <code>{{resource}}</code>。",
     "unauthorizedButton": "重试",
-    "untrustedRedirectTitle": "不可信的重定向",
-    "untrustedRedirectSubtitle": "您正在尝试重定向到一个与您已配置的域名 (<code>{{domain}}</code>) 不匹配的域名。您确定要继续吗？",
     "cancelTitle": "取消",
     "forgotPasswordTitle": "忘记密码？",
     "failedToFetchProvidersTitle": "加载身份验证提供程序失败，请检查您的配置。",
     "errorTitle": "发生了错误",
     "errorSubtitle": "执行此操作时发生错误，请检查控制台以获取更多信息。",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "forgotPasswordMessage": "您可以通过更改 `USERS ` 环境变量重置您的密码。",
+    "fieldRequired": "必添字段",
+    "invalidInput": "无效的输入",
+    "domainWarningTitle": "无效域名",
+    "domainWarningSubtitle": "当前实例配置的访问地址为 <code>{{appUrl}}</code>，但您正在使用 <code>{{currentUrl}}</code>。若继续操作，可能会遇到身份验证问题。",
+    "ignoreTitle": "忽略",
+    "goToCorrectDomainTitle": "转到正确的域名"
 }

frontend/src/lib/i18n/locales/zh-TW.json

@@ -14,14 +14,17 @@
     "loginOauthFailSubtitle": "無法取得 OAuth 網址",
     "loginOauthSuccessTitle": "重新導向中",
     "loginOauthSuccessSubtitle": "正在將您重新導向至 OAuth 供應商",
-    "continueRedirectingTitle": "重新導向中...",
+    "loginOauthAutoRedirectTitle": "OAuth Auto Redirect",
+    "loginOauthAutoRedirectSubtitle": "You will be automatically redirected to your OAuth provider to authenticate.",
+    "loginOauthAutoRedirectButton": "Redirect now",
+    "continueTitle": "繼續",
+    "continueRedirectingTitle": "重新導向中……",
     "continueRedirectingSubtitle": "您即將被重新導向至應用程式",
-    "continueInvalidRedirectTitle": "無效的重新導向",
-    "continueInvalidRedirectSubtitle": "重新導向的網址無效",
+    "continueRedirectManually": "Redirect me manually",
     "continueInsecureRedirectTitle": "不安全的重新導向",
     "continueInsecureRedirectSubtitle": "您正嘗試從安全的 <code>https</code> 重新導向至不安全的 <code>http</code>。您確定要繼續嗎？",
-    "continueTitle": "繼續",
-    "continueSubtitle": "點擊按鈕以繼續前往您的應用程式。",
+    "continueUntrustedRedirectTitle": "Untrusted redirect",
+    "continueUntrustedRedirectSubtitle": "You are trying to redirect to a domain that does not match your configured domain (<code>{{cookieDomain}}</code>). Are you sure you want to continue?",
     "logoutFailTitle": "登出失敗",
     "logoutFailSubtitle": "請再試一次",
     "logoutSuccessTitle": "登出成功",
@@ -44,12 +47,16 @@
     "unauthorizedGroupsSubtitle": "使用者 <code>{{username}}</code> 不在存取資源 <code>{{resource}}</code> 所需的群組中。",
     "unauthorizedIpSubtitle": "您的 IP 位址 <code>{{ip}}</code> 未被授權存取資源 <code>{{resource}}</code>。",
     "unauthorizedButton": "再試一次",
-    "untrustedRedirectTitle": "不受信任的重新導向",
-    "untrustedRedirectSubtitle": "您正嘗試重新導向至的網域與您設定的網域 (<code>{{domain}}</code>) 不符。您確定要繼續嗎？",
     "cancelTitle": "取消",
     "forgotPasswordTitle": "忘記密碼？",
     "failedToFetchProvidersTitle": "載入驗證供應商失敗。請檢查您的設定。",
     "errorTitle": "發生錯誤",
     "errorSubtitle": "執行此操作時發生錯誤。請檢查主控台以獲取更多資訊。",
-    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable."
+    "forgotPasswordMessage": "You can reset your password by changing the `USERS` environment variable.",
+    "fieldRequired": "This field is required",
+    "invalidInput": "Invalid input",
+    "domainWarningTitle": "Invalid Domain",
+    "domainWarningSubtitle": "This instance is configured to be accessed from <code>{{appUrl}}</code>, but <code>{{currentUrl}}</code> is being used. If you proceed, you may encounter issues with authentication.",
+    "ignoreTitle": "Ignore",
+    "goToCorrectDomainTitle": "Go to correct domain"
 }

frontend/src/pages/continue-page.tsx

@@ -11,60 +11,101 @@ import { useUserContext } from "@/context/user-context";
 import { isValidUrl } from "@/lib/utils";
 import { Trans, useTranslation } from "react-i18next";
 import { Navigate, useLocation, useNavigate } from "react-router";
-import DOMPurify from "dompurify";
-import { useState } from "react";
+import { useEffect, useState } from "react";
 
 export const ContinuePage = () => {
+  const { cookieDomain } = useAppContext();
   const { isLoggedIn } = useUserContext();
-
-  if (!isLoggedIn) {
-    return <Navigate to="/login" />;
-  }
-
-  const { domain, disableContinue } = useAppContext();
   const { search } = useLocation();
-  const [loading, setLoading] = useState(false);
-
-  const searchParams = new URLSearchParams(search);
-  const redirectURI = searchParams.get("redirect_uri");
-
-  if (!redirectURI) {
-    return <Navigate to="/logout" />;
-  }
-
-  if (!isValidUrl(DOMPurify.sanitize(redirectURI))) {
-    return <Navigate to="/logout" />;
-  }
-
-  const handleRedirect = () => {
-    setLoading(true);
-    window.location.href = DOMPurify.sanitize(redirectURI);
-  }
-
-  if (disableContinue) {
-    handleRedirect();
-  }
-
   const { t } = useTranslation();
   const navigate = useNavigate();
 
-  const url = new URL(redirectURI);
+  const [loading, setLoading] = useState(false);
+  const [showRedirectButton, setShowRedirectButton] = useState(false);
 
-  if (!(url.hostname == domain) && !url.hostname.endsWith(`.${domain}`)) {
+  const searchParams = new URLSearchParams(search);
+  const redirectUri = searchParams.get("redirect_uri");
+
+  const isValidRedirectUri =
+    redirectUri !== null ? isValidUrl(redirectUri) : false;
+  const redirectUriObj = isValidRedirectUri
+    ? new URL(redirectUri as string)
+    : null;
+  const isTrustedRedirectUri =
+    redirectUriObj !== null
+      ? redirectUriObj.hostname === cookieDomain ||
+        redirectUriObj.hostname.endsWith(`.${cookieDomain}`)
+      : false;
+  const isAllowedRedirectProto =
+    redirectUriObj !== null
+      ? redirectUriObj.protocol === "https:" ||
+        redirectUriObj.protocol === "http:"
+      : false;
+  const isHttpsDowngrade =
+    redirectUriObj !== null
+      ? redirectUriObj.protocol === "http:" &&
+        window.location.protocol === "https:"
+      : false;
+
+  const handleRedirect = () => {
+    setLoading(true);
+    window.location.assign(redirectUriObj!.toString());
+  };
+
+  useEffect(() => {
+    if (
+      !isLoggedIn ||
+      !isValidRedirectUri ||
+      !isTrustedRedirectUri ||
+      !isAllowedRedirectProto ||
+      isHttpsDowngrade
+    ) {
+      return;
+    }
+
+    const auto = setTimeout(() => {
+      handleRedirect();
+    }, 100);
+
+    const reveal = setTimeout(() => {
+      setLoading(false);
+      setShowRedirectButton(true);
+    }, 5000);
+
+    return () => {
+      clearTimeout(auto);
+      clearTimeout(reveal);
+    };
+  }, []);
+
+  if (!isLoggedIn) {
     return (
-      <Card className="min-w-xs sm:min-w-sm">
+      <Navigate
+        to={`/login?redirect_uri=${encodeURIComponent(redirectUri || "")}`}
+        replace
+      />
+    );
+  }
+
+  if (!isValidRedirectUri || !isAllowedRedirectProto) {
+    return <Navigate to="/logout" replace />;
+  }
+
+  if (!isTrustedRedirectUri) {
+    return (
+      <Card role="alert" aria-live="assertive" className="min-w-xs sm:min-w-sm">
         <CardHeader>
           <CardTitle className="text-3xl">
-            {t("untrustedRedirectTitle")}
+            {t("continueUntrustedRedirectTitle")}
           </CardTitle>
           <CardDescription>
             <Trans
-              i18nKey="untrustedRedirectSubtitle"
+              i18nKey="continueUntrustedRedirectSubtitle"
               t={t}
               components={{
                 code: <code />,
               }}
-              values={{ domain }}
+              values={{ cookieDomain }}
             />
           </CardDescription>
         </CardHeader>
@@ -76,7 +117,11 @@ export const ContinuePage = () => {
           >
             {t("continueTitle")}
           </Button>
-          <Button onClick={() => navigate("/logout")} variant="outline" disabled={loading}>
+          <Button
+            onClick={() => navigate("/logout")}
+            variant="outline"
+            disabled={loading}
+          >
             {t("cancelTitle")}
           </Button>
         </CardFooter>
@@ -84,9 +129,9 @@ export const ContinuePage = () => {
     );
   }
 
-  if (url.protocol === "http:" && window.location.protocol === "https:") {
+  if (isHttpsDowngrade) {
     return (
-      <Card className="min-w-xs sm:min-w-sm">
+      <Card role="alert" aria-live="assertive" className="min-w-xs sm:min-w-sm">
         <CardHeader>
           <CardTitle className="text-3xl">
             {t("continueInsecureRedirectTitle")}
@@ -102,14 +147,14 @@ export const ContinuePage = () => {
           </CardDescription>
         </CardHeader>
         <CardFooter className="flex flex-col items-stretch gap-2">
-          <Button
-            onClick={handleRedirect}
-            loading={loading}
-            variant="warning"
-          >
+          <Button onClick={handleRedirect} loading={loading} variant="warning">
             {t("continueTitle")}
           </Button>
-          <Button onClick={() => navigate("/logout")} variant="outline" disabled={loading}>
+          <Button
+            onClick={() => navigate("/logout")}
+            variant="outline"
+            disabled={loading}
+          >
             {t("cancelTitle")}
           </Button>
         </CardFooter>
@@ -120,17 +165,18 @@ export const ContinuePage = () => {
   return (
     <Card className="min-w-xs sm:min-w-sm">
       <CardHeader>
-        <CardTitle className="text-3xl">{t("continueTitle")}</CardTitle>
-        <CardDescription>{t("continueSubtitle")}</CardDescription>
+        <CardTitle className="text-3xl">
+          {t("continueRedirectingTitle")}
+        </CardTitle>
+        <CardDescription>{t("continueRedirectingSubtitle")}</CardDescription>
       </CardHeader>
-      <CardFooter className="flex flex-col items-stretch">
-        <Button
-          onClick={handleRedirect}
-          loading={loading}
-        >
-          {t("continueTitle")}
-        </Button>
-      </CardFooter>
+      {showRedirectButton && (
+        <CardFooter className="flex flex-col items-stretch">
+          <Button onClick={handleRedirect}>
+            {t("continueRedirectManually")}
+          </Button>
+        </CardFooter>
+      )}
     </Card>
   );
 };

frontend/src/pages/login-page.tsx

@@ -1,13 +1,18 @@
 import { LoginForm } from "@/components/auth/login-form";
-import { GenericIcon } from "@/components/icons/generic";
 import { GithubIcon } from "@/components/icons/github";
 import { GoogleIcon } from "@/components/icons/google";
+import { MicrosoftIcon } from "@/components/icons/microsoft";
+import { OAuthIcon } from "@/components/icons/oauth";
+import { PocketIDIcon } from "@/components/icons/pocket-id";
+import { TailscaleIcon } from "@/components/icons/tailscale";
+import { Button } from "@/components/ui/button";
 import {
   Card,
   CardHeader,
   CardTitle,
   CardDescription,
   CardContent,
+  CardFooter,
 } from "@/components/ui/card";
 import { OAuthButton } from "@/components/ui/oauth-button";
 import { SeperatorWithChildren } from "@/components/ui/separator";
@@ -17,30 +22,40 @@ import { useIsMounted } from "@/lib/hooks/use-is-mounted";
 import { LoginSchema } from "@/schemas/login-schema";
 import { useMutation } from "@tanstack/react-query";
 import axios, { AxiosError } from "axios";
-import { useEffect } from "react";
+import { useEffect, useRef, useState } from "react";
 import { useTranslation } from "react-i18next";
 import { Navigate, useLocation } from "react-router";
 import { toast } from "sonner";
 
+const iconMap: Record<string, React.ReactNode> = {
+  google: <GoogleIcon />,
+  github: <GithubIcon />,
+  tailscale: <TailscaleIcon />,
+  microsoft: <MicrosoftIcon />,
+  pocketid: <PocketIDIcon />,
+};
+
 export const LoginPage = () => {
   const { isLoggedIn } = useUserContext();
-
-  if (isLoggedIn) {
-    return <Navigate to="/logout" />;
-  }
-
-  const { configuredProviders, title, oauthAutoRedirect, genericName } = useAppContext();
+  const { providers, title, oauthAutoRedirect } = useAppContext();
   const { search } = useLocation();
   const { t } = useTranslation();
   const isMounted = useIsMounted();
+  const [oauthAutoRedirectHandover, setOauthAutoRedirectHandover] =
+    useState(false);
+  const [showRedirectButton, setShowRedirectButton] = useState(false);
+
+  const redirectTimer = useRef<number | null>(null);
+  const redirectButtonTimer = useRef<number | null>(null);
 
   const searchParams = new URLSearchParams(search);
   const redirectUri = searchParams.get("redirect_uri");
 
-  const oauthConfigured =
-    configuredProviders.filter((provider) => provider !== "username").length >
-    0;
-  const userAuthConfigured = configuredProviders.includes("username");
+  const oauthProviders = providers.filter(
+    (provider) => provider.id !== "username",
+  );
+  const userAuthConfigured =
+    providers.find((provider) => provider.id === "username") !== undefined;
 
   const oauthMutation = useMutation({
     mutationFn: (provider: string) =>
@@ -53,11 +68,12 @@ export const LoginPage = () => {
         description: t("loginOauthSuccessSubtitle"),
       });
 
-      setTimeout(() => {
-        window.location.href = data.data.url;
+      redirectTimer.current = window.setTimeout(() => {
+        window.location.replace(data.data.url);
       }, 500);
     },
     onError: () => {
+      setOauthAutoRedirectHandover(false);
       toast.error(t("loginOauthFailTitle"), {
         description: t("loginOauthFailSubtitle"),
       });
@@ -65,7 +81,7 @@ export const LoginPage = () => {
   });
 
   const loginMutation = useMutation({
-    mutationFn: (values: LoginSchema) => axios.post("/api/login", values),
+    mutationFn: (values: LoginSchema) => axios.post("/api/user/login", values),
     mutationKey: ["login"],
     onSuccess: (data) => {
       if (data.data.totpPending) {
@@ -79,7 +95,7 @@ export const LoginPage = () => {
         description: t("loginSuccessSubtitle"),
       });
 
-      setTimeout(() => {
+      redirectTimer.current = window.setTimeout(() => {
         window.location.replace(
           `/continue?redirect_uri=${encodeURIComponent(redirectUri ?? "")}`,
         );
@@ -98,61 +114,99 @@ export const LoginPage = () => {
   useEffect(() => {
     if (isMounted()) {
       if (
-        oauthConfigured &&
-        configuredProviders.includes(oauthAutoRedirect) &&
+        oauthProviders.length !== 0 &&
+        providers.find((provider) => provider.id === oauthAutoRedirect) &&
+        !isLoggedIn &&
         redirectUri
       ) {
+        setOauthAutoRedirectHandover(true);
         oauthMutation.mutate(oauthAutoRedirect);
+        redirectButtonTimer.current = window.setTimeout(() => {
+          setShowRedirectButton(true);
+        }, 5000);
       }
     }
   }, []);
 
+  useEffect(
+    () => () => {
+      if (redirectTimer.current) clearTimeout(redirectTimer.current);
+      if (redirectButtonTimer.current)
+        clearTimeout(redirectButtonTimer.current);
+    },
+    [],
+  );
+
+  if (isLoggedIn && redirectUri) {
+    return (
+      <Navigate
+        to={`/continue?redirect_uri=${encodeURIComponent(redirectUri)}`}
+        replace
+      />
+    );
+  }
+
+  if (isLoggedIn) {
+    return <Navigate to="/logout" replace />;
+  }
+
+  if (oauthAutoRedirectHandover) {
+    return (
+      <Card className="min-w-xs sm:min-w-sm">
+        <CardHeader>
+          <CardTitle className="text-3xl">
+            {t("loginOauthAutoRedirectTitle")}
+          </CardTitle>
+          <CardDescription>
+            {t("loginOauthAutoRedirectSubtitle")}
+          </CardDescription>
+        </CardHeader>
+        {showRedirectButton && (
+          <CardFooter className="flex flex-col items-stretch">
+            <Button
+              onClick={() => {
+                window.location.replace(oauthMutation.data?.data.url);
+              }}
+            >
+              {t("loginOauthAutoRedirectButton")}
+            </Button>
+          </CardFooter>
+        )}
+      </Card>
+    );
+  }
   return (
     <Card className="min-w-xs sm:min-w-sm">
       <CardHeader>
         <CardTitle className="text-center text-3xl">{title}</CardTitle>
-        {configuredProviders.length > 0 && (
+        {providers.length > 0 && (
           <CardDescription className="text-center">
-            {oauthConfigured ? t("loginTitle") : t("loginTitleSimple")}
+            {oauthProviders.length !== 0
+              ? t("loginTitle")
+              : t("loginTitleSimple")}
           </CardDescription>
         )}
       </CardHeader>
       <CardContent className="flex flex-col gap-4">
-        {oauthConfigured && (
+        {oauthProviders.length !== 0 && (
           <div className="flex flex-col gap-2 items-center justify-center">
-            {configuredProviders.includes("google") && (
+            {oauthProviders.map((provider) => (
               <OAuthButton
-                title="Google"
-                icon={<GoogleIcon />}
+                key={provider.id}
+                title={provider.name}
+                icon={iconMap[provider.id] ?? <OAuthIcon />}
                 className="w-full"
-                onClick={() => oauthMutation.mutate("google")}
-                loading={oauthMutation.isPending && oauthMutation.variables === "google"}
+                onClick={() => oauthMutation.mutate(provider.id)}
+                loading={
+                  oauthMutation.isPending &&
+                  oauthMutation.variables === provider.id
+                }
                 disabled={oauthMutation.isPending || loginMutation.isPending}
               />
-            )}
-            {configuredProviders.includes("github") && (
-              <OAuthButton
-                title="Github"
-                icon={<GithubIcon />}
-                className="w-full"
-                onClick={() => oauthMutation.mutate("github")}
-                loading={oauthMutation.isPending && oauthMutation.variables === "github"}
-                disabled={oauthMutation.isPending || loginMutation.isPending}
-              />
-            )}
-            {configuredProviders.includes("generic") && (
-              <OAuthButton
-                title={genericName}
-                icon={<GenericIcon />}
-                className="w-full"
-                onClick={() => oauthMutation.mutate("generic")}
-                loading={oauthMutation.isPending && oauthMutation.variables === "generic"}
-                disabled={oauthMutation.isPending || loginMutation.isPending}
-              />
-            )}
+            ))}
           </div>
         )}
-        {userAuthConfigured && oauthConfigured && (
+        {userAuthConfigured && oauthProviders.length !== 0 && (
           <SeperatorWithChildren>{t("loginDivider")}</SeperatorWithChildren>
         )}
         {userAuthConfigured && (
@@ -161,7 +215,7 @@ export const LoginPage = () => {
             loading={loginMutation.isPending || oauthMutation.isPending}
           />
         )}
-        {configuredProviders.length == 0 && (
+        {providers.length == 0 && (
           <p className="text-center text-red-600 max-w-sm">
             {t("failedToFetchProvidersTitle")}
           </p>

frontend/src/pages/logout-page.tsx

@@ -6,35 +6,30 @@ import {
   CardHeader,
   CardTitle,
 } from "@/components/ui/card";
-import { useAppContext } from "@/context/app-context";
 import { useUserContext } from "@/context/user-context";
-import { capitalize } from "@/lib/utils";
 import { useMutation } from "@tanstack/react-query";
 import axios from "axios";
+import { useEffect, useRef } from "react";
 import { Trans, useTranslation } from "react-i18next";
 import { Navigate } from "react-router";
 import { toast } from "sonner";
 
 export const LogoutPage = () => {
-  const { provider, username, isLoggedIn, email } = useUserContext();
-
-  if (!isLoggedIn) {
-    return <Navigate to="/login" />;
-  }
-
-  const { genericName } = useAppContext();
+  const { provider, username, isLoggedIn, email, oauthName } = useUserContext();
   const { t } = useTranslation();
 
+  const redirectTimer = useRef<number | null>(null);
+
   const logoutMutation = useMutation({
-    mutationFn: () => axios.post("/api/logout"),
+    mutationFn: () => axios.post("/api/user/logout"),
     mutationKey: ["logout"],
     onSuccess: () => {
       toast.success(t("logoutSuccessTitle"), {
         description: t("logoutSuccessSubtitle"),
       });
 
-      setTimeout(async () => {
-        window.location.replace("/login");
+      redirectTimer.current = window.setTimeout(() => {
+        window.location.assign("/login");
       }, 500);
     },
     onError: () => {
@@ -44,6 +39,17 @@ export const LogoutPage = () => {
     },
   });
 
+  useEffect(
+    () => () => {
+      if (redirectTimer.current) clearTimeout(redirectTimer.current);
+    },
+    [],
+  );
+
+  if (!isLoggedIn) {
+    return <Navigate to="/login" replace />;
+  }
+
   return (
     <Card className="min-w-xs sm:min-w-sm">
       <CardHeader>
@@ -58,8 +64,7 @@ export const LogoutPage = () => {
               }}
               values={{
                 username: email,
-                provider:
-                  provider === "generic" ? genericName : capitalize(provider),
+                provider: oauthName,
               }}
             />
           ) : (

frontend/src/pages/totp-page.tsx

@@ -12,34 +12,31 @@ import { useUserContext } from "@/context/user-context";
 import { TotpSchema } from "@/schemas/totp-schema";
 import { useMutation } from "@tanstack/react-query";
 import axios from "axios";
-import { useId } from "react";
+import { useEffect, useId, useRef } from "react";
 import { useTranslation } from "react-i18next";
 import { Navigate, useLocation } from "react-router";
 import { toast } from "sonner";
 
 export const TotpPage = () => {
   const { totpPending } = useUserContext();
-
-  if (!totpPending) {
-    return <Navigate to="/" />;
-  }
-
   const { t } = useTranslation();
   const { search } = useLocation();
   const formId = useId();
 
+  const redirectTimer = useRef<number | null>(null);
+
   const searchParams = new URLSearchParams(search);
   const redirectUri = searchParams.get("redirect_uri");
 
   const totpMutation = useMutation({
-    mutationFn: (values: TotpSchema) => axios.post("/api/totp", values),
+    mutationFn: (values: TotpSchema) => axios.post("/api/user/totp", values),
     mutationKey: ["totp"],
     onSuccess: () => {
       toast.success(t("totpSuccessTitle"), {
         description: t("totpSuccessSubtitle"),
       });
 
-      setTimeout(() => {
+      redirectTimer.current = window.setTimeout(() => {
         window.location.replace(
           `/continue?redirect_uri=${encodeURIComponent(redirectUri ?? "")}`,
         );
@@ -52,6 +49,17 @@ export const TotpPage = () => {
     },
   });
 
+  useEffect(
+    () => () => {
+      if (redirectTimer.current) clearTimeout(redirectTimer.current);
+    },
+    [],
+  );
+
+  if (!totpPending) {
+    return <Navigate to="/" replace />;
+  }
+
   return (
     <Card className="min-w-xs sm:min-w-sm">
       <CardHeader>

frontend/src/pages/unauthorized-page.tsx

@@ -12,6 +12,10 @@ import { Navigate, useLocation, useNavigate } from "react-router";
 
 export const UnauthorizedPage = () => {
   const { search } = useLocation();
+  const { t } = useTranslation();
+  const navigate = useNavigate();
+
+  const [loading, setLoading] = useState(false);
 
   const searchParams = new URLSearchParams(search);
   const username = searchParams.get("username");
@@ -19,19 +23,15 @@ export const UnauthorizedPage = () => {
   const groupErr = searchParams.get("groupErr");
   const ip = searchParams.get("ip");
 
-  if (!username && !ip) {
-    return <Navigate to="/" />;
-  }
-
-  const { t } = useTranslation();
-  const navigate = useNavigate();
-  const [loading, setLoading] = useState(false);
-
   const handleRedirect = () => {
     setLoading(true);
     navigate("/login");
   };
 
+  if (!username && !ip) {
+    return <Navigate to="/" />;
+  }
+
   let i18nKey = "unauthorizedLoginSubtitle";
 
   if (resource) {

frontend/src/schemas/app-context-schema.ts

@@ -1,14 +1,19 @@
 import { z } from "zod";
 
+export const providerSchema = z.object({
+  id: z.string(),
+  name: z.string(),
+  oauth: z.boolean(),
+});
+
 export const appContextSchema = z.object({
-  configuredProviders: z.array(z.string()),
-  disableContinue: z.boolean(),
+  providers: z.array(providerSchema),
   title: z.string(),
-  genericName: z.string(),
-  domain: z.string(),
+  appUrl: z.string(),
+  cookieDomain: z.string(),
   forgotPasswordMessage: z.string(),
-  oauthAutoRedirect: z.enum(["none", "github", "google", "generic"]),
   backgroundImage: z.string(),
+  oauthAutoRedirect: z.string(),
 });
 
 export type AppContextSchema = z.infer<typeof appContextSchema>;

frontend/src/schemas/user-context-schema.ts

@@ -8,6 +8,7 @@ export const userContextSchema = z.object({
   provider: z.string(),
   oauth: z.boolean(),
   totpPending: z.boolean(),
+  oauthName: z.string(),
 });
 
 export type UserContextSchema = z.infer<typeof userContextSchema>;

frontend/vite.config.ts

@@ -19,6 +19,11 @@ export default defineConfig({
         changeOrigin: true,
         rewrite: (path) => path.replace(/^\/api/, ""),
       },
+      "/resources": {
+        target: "http://tinyauth-backend:3000/resources",
+        changeOrigin: true,
+        rewrite: (path) => path.replace(/^\/resources/, ""),
+      },
     },
     allowedHosts: true,
   },

go.mod

@@ -1,49 +1,75 @@
 module tinyauth
 
-go 1.23.2
+go 1.24.0
+
+toolchain go1.24.3
 
 require (
-	github.com/gin-gonic/gin v1.10.1
-	github.com/go-playground/validator/v10 v10.27.0
+	github.com/cenkalti/backoff/v5 v5.0.3
+	github.com/gin-gonic/gin v1.11.0
+	github.com/glebarez/sqlite v1.11.0
+	github.com/go-playground/validator/v10 v10.28.0
+	github.com/golang-migrate/migrate/v4 v4.19.0
 	github.com/google/go-querystring v1.1.0
 	github.com/google/uuid v1.6.0
 	github.com/mdp/qrterminal/v3 v3.2.1
 	github.com/rs/zerolog v1.34.0
-	github.com/spf13/cobra v1.9.1
-	github.com/spf13/viper v1.20.1
+	github.com/spf13/cobra v1.10.1
+	github.com/spf13/viper v1.21.0
 	github.com/traefik/paerser v0.2.2
-	golang.org/x/crypto v0.40.0
+	github.com/weppos/publicsuffix-go v0.50.0
+	golang.org/x/crypto v0.42.0
+	golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b
+	gorm.io/gorm v1.31.0
+	gotest.tools/v3 v3.5.2
 )
 
 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
-	github.com/cenkalti/backoff/v5 v5.0.2 // indirect
 	github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc // indirect
 	github.com/charmbracelet/x/cellbuf v0.0.13 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
+	github.com/glebarez/go-sqlite v1.21.2 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
-	github.com/go-viper/mapstructure/v2 v2.3.0 // indirect
+	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
+	github.com/goccy/go-yaml v1.18.0 // indirect
+	github.com/google/go-cmp v0.7.0 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/jinzhu/inflection v1.0.0 // indirect
+	github.com/jinzhu/now v1.1.5 // indirect
+	github.com/mattn/go-sqlite3 v1.14.32 // indirect
 	github.com/moby/sys/atomicwriter v0.1.0 // indirect
 	github.com/moby/term v0.5.2 // indirect
-	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/ncruces/go-strftime v0.1.9 // indirect
+	github.com/quic-go/qpack v0.5.1 // indirect
+	github.com/quic-go/quic-go v0.54.0 // indirect
+	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.34.0 // indirect
-	golang.org/x/term v0.33.0 // indirect
-	gotest.tools/v3 v3.5.2 // indirect
+	go.uber.org/mock v0.5.0 // indirect
+	go.yaml.in/yaml/v3 v3.0.4 // indirect
+	golang.org/x/mod v0.27.0 // indirect
+	golang.org/x/term v0.35.0 // indirect
+	golang.org/x/tools v0.36.0 // indirect
+	modernc.org/libc v1.66.3 // indirect
+	modernc.org/mathutil v1.7.1 // indirect
+	modernc.org/memory v1.11.0 // indirect
+	modernc.org/sqlite v1.38.2 // indirect
 	rsc.io/qr v0.2.0 // indirect
 )
 
 require (
-	github.com/Microsoft/go-winio v0.4.14 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/atotto/clipboard v0.1.4 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/boombuler/barcode v1.0.2 // indirect
-	github.com/bytedance/sonic v1.12.7 // indirect
-	github.com/bytedance/sonic/loader v0.2.3 // indirect
+	github.com/bytedance/sonic v1.14.0 // indirect
+	github.com/bytedance/sonic/loader v0.3.0 // indirect
 	github.com/catppuccin/go v0.3.0 // indirect
 	github.com/charmbracelet/bubbles v0.21.0 // indirect
 	github.com/charmbracelet/bubbletea v1.3.4 // indirect
@@ -52,32 +78,28 @@ require (
 	github.com/charmbracelet/x/ansi v0.8.0 // indirect
 	github.com/charmbracelet/x/exp/strings v0.0.0-20240722160745-212f7b056ed0 // indirect
 	github.com/charmbracelet/x/term v0.2.1 // indirect
-	github.com/cloudwego/base64x v0.1.4 // indirect
+	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
-	github.com/docker/docker v28.3.2+incompatible
+	github.com/docker/docker v28.5.0+incompatible
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/fsnotify/fsnotify v1.8.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
-	github.com/gin-contrib/sse v1.0.0 // indirect
-	github.com/go-ldap/ldap/v3 v3.4.11
-	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/fsnotify/fsnotify v1.9.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.10 // indirect
+	github.com/gin-contrib/sse v1.1.0 // indirect
+	github.com/go-ldap/ldap/v3 v3.4.12
+	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/goccy/go-json v0.10.4 // indirect
-	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/gorilla/securecookie v1.1.2 // indirect
-	github.com/gorilla/sessions v1.4.0
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.9 // indirect
+	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
-	github.com/magiconair/properties v1.8.10
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-localereader v0.0.1 // indirect
@@ -91,30 +113,27 @@ require (
 	github.com/muesli/termenv v0.16.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
-	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pquerna/otp v1.5.0
 	github.com/rivo/uniseg v0.4.7 // indirect
-	github.com/sagikazarmark/locafero v0.7.0 // indirect
-	github.com/sourcegraph/conc v0.3.0 // indirect
-	github.com/spf13/afero v1.12.0 // indirect
-	github.com/spf13/cast v1.7.1 // indirect
-	github.com/spf13/pflag v1.0.6 // indirect
+	github.com/sagikazarmark/locafero v0.11.0 // indirect
+	github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 // indirect
+	github.com/spf13/afero v1.15.0 // indirect
+	github.com/spf13/cast v1.10.0 // indirect
+	github.com/spf13/pflag v1.0.10 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
-	github.com/ugorji/go/codec v1.2.12 // indirect
+	github.com/ugorji/go/codec v1.3.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
-	go.opentelemetry.io/otel v1.34.0 // indirect
-	go.opentelemetry.io/otel/metric v1.34.0 // indirect
-	go.opentelemetry.io/otel/trace v1.34.0 // indirect
-	go.uber.org/atomic v1.9.0 // indirect
-	go.uber.org/multierr v1.9.0 // indirect
-	golang.org/x/arch v0.13.0 // indirect
-	golang.org/x/net v0.41.0 // indirect
-	golang.org/x/oauth2 v0.30.0
-	golang.org/x/sync v0.16.0 // indirect
-	golang.org/x/sys v0.34.0 // indirect
-	golang.org/x/text v0.27.0 // indirect
-	google.golang.org/protobuf v1.36.3 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
+	go.opentelemetry.io/otel v1.37.0 // indirect
+	go.opentelemetry.io/otel/metric v1.37.0 // indirect
+	go.opentelemetry.io/otel/trace v1.37.0 // indirect
+	golang.org/x/arch v0.20.0 // indirect
+	golang.org/x/net v0.44.0 // indirect
+	golang.org/x/oauth2 v0.31.0
+	golang.org/x/sync v0.17.0 // indirect
+	golang.org/x/sys v0.36.0 // indirect
+	golang.org/x/text v0.29.0 // indirect
+	google.golang.org/protobuf v1.36.9 // indirect
 )

go.sum

@@ -4,10 +4,10 @@ github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
-github.com/Microsoft/go-winio v0.4.14 h1:+hMXMk01us9KgxGb7ftKQt2Xpf5hH/yky+TDA+qxleU=
-github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
-github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI=
-github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
+github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
+github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
+github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e h1:4dAU9FXIyQktpoUAgOJK3OTFc/xug0PCXYCqU0FgDKI=
+github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
 github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4=
 github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI=
 github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=
@@ -17,17 +17,16 @@ github.com/aymanbagabas/go-udiff v0.2.0/go.mod h1:RE4Ex0qsGkTAJoQdQQCA0uG+nAzJO/
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/boombuler/barcode v1.0.2 h1:79yrbttoZrLGkL/oOI8hBrUKucwOL0oOjUgEguGMcJ4=
 github.com/boombuler/barcode v1.0.2/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
-github.com/bytedance/sonic v1.12.7 h1:CQU8pxOy9HToxhndH0Kx/S1qU/CuS9GnKYrGioDcU1Q=
-github.com/bytedance/sonic v1.12.7/go.mod h1:tnbal4mxOMju17EGfknm2XyYcpyCnIROYOEYuemj13I=
-github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
-github.com/bytedance/sonic/loader v0.2.3 h1:yctD0Q3v2NOGfSWPLPvG2ggA2kV6TS6s4wioyEqssH0=
-github.com/bytedance/sonic/loader v0.2.3/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
+github.com/bytedance/sonic v1.14.0 h1:/OfKt8HFw0kh2rj8N0F6C/qPGRESq0BbaNZgcNXXzQQ=
+github.com/bytedance/sonic v1.14.0/go.mod h1:WoEbx8WTcFJfzCe0hbmyTGrfjt8PzNEBdxlNUO24NhA=
+github.com/bytedance/sonic/loader v0.3.0 h1:dskwH8edlzNMctoruo8FPTJDF3vLtDT0sXZwvZJyqeA=
+github.com/bytedance/sonic/loader v0.3.0/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
 github.com/catppuccin/go v0.3.0 h1:d+0/YicIq+hSTo5oPuRi5kOpqkVA5tAsU6dNhvRu+aY=
 github.com/catppuccin/go v0.3.0/go.mod h1:8IHJuMGaUUjQM82qBrGNBv7LFq6JI3NnQCF6MOlZjpc=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
-github.com/cenkalti/backoff/v5 v5.0.2 h1:rIfFVxEf1QsI7E1ZHfp/B4DF/6QBAUhmgkxc0H7Zss8=
-github.com/cenkalti/backoff/v5 v5.0.2/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
+github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=
+github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
 github.com/charmbracelet/bubbles v0.21.0 h1:9TdC97SdRVg/1aaXNVWfFH3nnLAwOXr8Fn6u6mfQdFs=
 github.com/charmbracelet/bubbles v0.21.0/go.mod h1:HF+v6QUR4HkEpz62dx7ym2xc71/KBHg+zKwJtMw+qtg=
 github.com/charmbracelet/bubbletea v1.3.4 h1:kCg7B+jSCFPLYRA52SDZjr51kG/fMUEoPoZrkaDHyoI=
@@ -56,9 +55,8 @@ github.com/charmbracelet/x/termios v0.1.1 h1:o3Q2bT8eqzGnGPOYheoYS8eEleT5ZVNYNy8
 github.com/charmbracelet/x/termios v0.1.1/go.mod h1:rB7fnv1TgOPOyyKRJ9o+AsTU/vK5WHJ2ivHeut/Pcwo=
 github.com/charmbracelet/x/xpty v0.1.2 h1:Pqmu4TEJ8KeA9uSkISKMU3f+C1F6OGBn8ABuGlqCbtI=
 github.com/charmbracelet/x/xpty v0.1.2/go.mod h1:XK2Z0id5rtLWcpeNiMYBccNNBrP2IJnzHI0Lq13Xzq4=
-github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
-github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
-github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
+github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=
+github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU=
 github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
 github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
 github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
@@ -74,8 +72,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/docker v28.3.2+incompatible h1:wn66NJ6pWB1vBZIilP8G3qQPqHy5XymfYn5vsqeA5oA=
-github.com/docker/docker v28.3.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v28.5.0+incompatible h1:ZdSQoRUE9XxhFI/B8YLvhnEFMmYN9Pp8Egd2qcaFk1E=
+github.com/docker/docker v28.5.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
 github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
@@ -88,21 +86,25 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
-github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
-github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
-github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
-github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
-github.com/gin-contrib/sse v1.0.0 h1:y3bT1mUWUxDpW4JLQg/HnTqV4rozuW4tC9eFKTxYI9E=
-github.com/gin-contrib/sse v1.0.0/go.mod h1:zNuFdwarAygJBht0NTKiSi3jRf6RbqeILZ9Sp6Slhe0=
-github.com/gin-gonic/gin v1.10.1 h1:T0ujvqyCSqRopADpgPgiTT63DUQVSfojyME59Ei63pQ=
-github.com/gin-gonic/gin v1.10.1/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
+github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
+github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
+github.com/gabriel-vasile/mimetype v1.4.10 h1:zyueNbySn/z8mJZHLt6IPw0KoZsiQNszIpU+bX4+ZK0=
+github.com/gabriel-vasile/mimetype v1.4.10/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
+github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=
+github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
+github.com/gin-gonic/gin v1.11.0 h1:OW/6PLjyusp2PPXtyxKHU0RbX6I/l28FTdDlae5ueWk=
+github.com/gin-gonic/gin v1.11.0/go.mod h1:+iq/FyxlGzII0KHiBGjuNn4UNENUlKbGlNmc+W50Dls=
+github.com/glebarez/go-sqlite v1.21.2 h1:3a6LFC4sKahUunAmynQKLZceZCOzUthkRkEAl9gAXWo=
+github.com/glebarez/go-sqlite v1.21.2/go.mod h1:sfxdZyhQjTM2Wry3gVYWaW072Ri1WMdWJi0k6+3382k=
+github.com/glebarez/sqlite v1.11.0 h1:wSG0irqzP6VurnMEpFGer5Li19RpIRi2qvQz++w0GMw=
+github.com/glebarez/sqlite v1.11.0/go.mod h1:h8/o8j5wiAsqSPoWELDUdJXhjAhsVliSn7bWZjOhrgQ=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
-github.com/go-ldap/ldap/v3 v3.4.11 h1:4k0Yxweg+a3OyBLjdYn5OKglv18JNvfDykSoI8bW0gU=
-github.com/go-ldap/ldap/v3 v3.4.11/go.mod h1:bY7t0FLK8OAVpp/vV6sSlpz3EQDGcQwc8pF0ujLgKvM=
+github.com/go-ldap/ldap/v3 v3.4.12 h1:1b81mv7MagXZ7+1r7cLTWmyuTqVqdwbtJSjC0DAp9s4=
+github.com/go-ldap/ldap/v3 v3.4.12/go.mod h1:+SPAGcTtOfmGsCb3h1RFiq4xpp4N636G75OEace8lNo=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
-github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
+github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
@@ -111,31 +113,34 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.27.0 h1:w8+XrWVMhGkxOaaowyKH35gFydVHOvC0/uWoy2Fzwn4=
-github.com/go-playground/validator/v10 v10.27.0/go.mod h1:I5QpIEbmr8On7W0TktmJAumgzX4CA1XNl4ZmDuVHKKo=
-github.com/go-viper/mapstructure/v2 v2.3.0 h1:27XbWsHIqhbdR5TIC911OfYvgSaW93HM+dX7970Q7jk=
-github.com/go-viper/mapstructure/v2 v2.3.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
+github.com/go-playground/validator/v10 v10.28.0 h1:Q7ibns33JjyW48gHkuFT91qX48KG0ktULL6FgHdG688=
+github.com/go-playground/validator/v10 v10.28.0/go.mod h1:GoI6I1SjPBh9p7ykNE/yj3fFYbyDOpwMn5KXd+m2hUU=
+github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs=
+github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
 github.com/goccy/go-json v0.10.4 h1:JSwxQzIqKfmFX1swYPpUThQZp/Ka4wzJdK0LWVytLPM=
 github.com/goccy/go-json v0.10.4/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw=
+github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
-github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang-migrate/migrate/v4 v4.19.0 h1:RcjOnCGz3Or6HQYEJ/EEVLfWnmw9KnoigPSjzhCuaSE=
+github.com/golang-migrate/migrate/v4 v4.19.0/go.mod h1:9dyEcu+hO+G9hPSw8AIg50yg622pXJsoHItQnDGZkI0=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
-github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
-github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17kjQEVQ1XRhq2/JR1M3sGqeJoxs=
+github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
-github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
-github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ=
-github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1 h1:VNqngBF40hVlDloBruUehVYC3ArSgIyScOAyMRqBxRg=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1/go.mod h1:RBRO7fro65R6tjKzYgLAFo0t1QEXY1Dp+i/bvpRiqiQ=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
+github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
+github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
@@ -152,25 +157,24 @@ github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh6
 github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs=
 github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY=
 github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
+github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
+github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
+github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
+github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY=
-github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8=
-github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
+github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
+github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
+github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY=
 github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
-github.com/magiconair/properties v1.8.10 h1:s31yESBquKXCV9a/ScB3ESkOjUYYv+X0rg8SYxI99mE=
-github.com/magiconair/properties v1.8.10/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
 github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
@@ -182,6 +186,8 @@ github.com/mattn/go-localereader v0.0.1 h1:ygSAOl7ZXTx4RdPYinUpg6W99U8jWvWi9Ye2J
 github.com/mattn/go-localereader v0.0.1/go.mod h1:8fBrzywKY7BI3czFoHkuzRoWE9C+EiG4R1k4Cjx5p88=
 github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
 github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mattn/go-sqlite3 v1.14.32 h1:JD12Ag3oLy1zQA+BNn74xRgaBbdhbNIDYvQUEuuErjs=
+github.com/mattn/go-sqlite3 v1.14.32/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/mdp/qrterminal/v3 v3.2.1 h1:6+yQjiiOsSuXT5n9/m60E54vdgFsw0zhADHhHLrFet4=
 github.com/mdp/qrterminal/v3 v3.2.1/go.mod h1:jOTmXvnBsMy5xqLniO0R++Jmjs2sTm9dFSuQ5kpz/SU=
 github.com/mitchellh/hashstructure/v2 v2.0.2 h1:vGKWl0YJqUNxE8d+h8f6NJLcCJrgbhC4NcD46KavDd4=
@@ -207,19 +213,26 @@ github.com/muesli/cancelreader v0.2.2 h1:3I4Kt4BQjOR54NavqnDogx/MIoWBFa0StPA8ELU
 github.com/muesli/cancelreader v0.2.2/go.mod h1:3XuTXfFS2VjM+HTLZY9Ak0l6eUKfijIfMUZ4EgX0QYo=
 github.com/muesli/termenv v0.16.0 h1:S5AlUN9dENB57rsbnkPyfdGuWIlkmzJjbFf0Tf5FWUc=
 github.com/muesli/termenv v0.16.0/go.mod h1:ZRfOIKPFDYQoDFF4Olj7/QJbW60Ol/kL1pU3VfY/Cnk=
+github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
+github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
 github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
-github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
-github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
+github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pquerna/otp v1.5.0 h1:NMMR+WrmaqXU4EzdGJEE1aUUI0AMRzsp96fFFWNPwxs=
 github.com/pquerna/otp v1.5.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
+github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
+github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
+github.com/quic-go/quic-go v0.54.0 h1:6s1YB9QotYI6Ospeiguknbp2Znb/jZYjZLRXn9kMQBg=
+github.com/quic-go/quic-go v0.54.0/go.mod h1:e68ZEaCdyviluZmy44P6Iey98v/Wfz6HCjQEm+l8zTY=
+github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
+github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
@@ -229,139 +242,139 @@ github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
 github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
 github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/sagikazarmark/locafero v0.7.0 h1:5MqpDsTGNDhY8sGp0Aowyf0qKsPrhewaLSsFaodPcyo=
-github.com/sagikazarmark/locafero v0.7.0/go.mod h1:2za3Cg5rMaTMoG/2Ulr9AwtFaIppKXTRYnozin4aB5k=
-github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
+github.com/sagikazarmark/locafero v0.11.0 h1:1iurJgmM9G3PA/I+wWYIOw/5SyBtxapeHDcg+AAIFXc=
+github.com/sagikazarmark/locafero v0.11.0/go.mod h1:nVIGvgyzw595SUSUE6tvCp3YYTeHs15MvlmU87WwIik=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
-github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
-github.com/spf13/afero v1.12.0 h1:UcOPyRBYczmFn6yvphxkn9ZEOY65cpwGKb5mL36mrqs=
-github.com/spf13/afero v1.12.0/go.mod h1:ZTlWwG4/ahT8W7T0WQ5uYmjI9duaLQGy3Q2OAl4sk/4=
-github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y=
-github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
-github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
-github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
-github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
-github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.20.1 h1:ZMi+z/lvLyPSCoNtFCpqjy0S4kPbirhpTMwl8BkW9X4=
-github.com/spf13/viper v1.20.1/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4=
+github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 h1:+jumHNA0Wrelhe64i8F6HNlS8pkoyMv5sreGx2Ry5Rw=
+github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8/go.mod h1:3n1Cwaq1E1/1lhQhtRK2ts/ZwZEhjcQeJQ1RuC6Q/8U=
+github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I=
+github.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg=
+github.com/spf13/cast v1.10.0 h1:h2x0u2shc1QuLHfxi+cTJvs30+ZAHOGRic8uyGTDWxY=
+github.com/spf13/cast v1.10.0/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo=
+github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s=
+github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0=
+github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
+github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/viper v1.21.0 h1:x5S+0EU27Lbphp4UKm1C+1oQO+rKx36vfCoaVebLFSU=
+github.com/spf13/viper v1.21.0/go.mod h1:P0lhsswPGWD/1lZJ9ny3fYnVqxiegrlNrEmgLjbTCAY=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
-github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
 github.com/traefik/paerser v0.2.2 h1:cpzW/ZrQrBh3mdwD/jnp6aXASiUFKOVr6ldP+keJTcQ=
 github.com/traefik/paerser v0.2.2/go.mod h1:7BBDd4FANoVgaTZG+yh26jI6CA2nds7D/4VTEdIsh24=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
-github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
-github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
+github.com/ugorji/go/codec v1.3.0 h1:Qd2W2sQawAfG8XSvzwhBeoGq71zXOC/Q1E9y/wUcsUA=
+github.com/ugorji/go/codec v1.3.0/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
+github.com/weppos/publicsuffix-go v0.50.0 h1:M178k6l8cnh9T1c1cStkhytVxdk5zPd6gGZf8ySIuVo=
+github.com/weppos/publicsuffix-go v0.50.0/go.mod h1:VXhClBYMlDrUsome4pOTpe68Ui0p6iQRAbyHQD1yKoU=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
-github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
 go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8=
-go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY=
-go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI=
+go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ=
+go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 h1:OeNbIYk/2C15ckl7glBlOBp5+WlYsOElzTNmiPW/x60=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0/go.mod h1:7Bept48yIeqxP2OZ9/AqIpYS94h2or0aB4FypJTc8ZM=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0 h1:BEj3SPM81McUZHYjRS5pEgNgnmzGJ5tRpU5krWnV8Bs=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0/go.mod h1:9cKLGBDzI/F3NoHLQGm4ZrYdIHsvGt6ej6hUowxY0J4=
-go.opentelemetry.io/otel/metric v1.34.0 h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ=
-go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE=
+go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE=
+go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E=
 go.opentelemetry.io/otel/sdk v1.34.0 h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A=
 go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU=
-go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k=
-go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE=
+go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4=
+go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0=
 go.opentelemetry.io/proto/otlp v1.5.0 h1:xJvq7gMzB31/d406fB8U5CBdyQGw4P399D1aQWU/3i4=
 go.opentelemetry.io/proto/otlp v1.5.0/go.mod h1:keN8WnHxOy8PG0rQZjJJ5A2ebUoafqWp0eVQ4yIXvJ4=
-go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
-go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI=
-go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ=
-golang.org/x/arch v0.13.0 h1:KCkqVVV1kGg0X87TFysjCJ8MxtZEIU4Ja/yXGeoECdA=
-golang.org/x/arch v0.13.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM=
-golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY=
-golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
-golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
-golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw=
-golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA=
-golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
-golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
-golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU=
+go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM=
+go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
+go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
+golang.org/x/arch v0.20.0 h1:dx1zTU0MAE98U+TQ8BLl7XsJbgze2WnNKF/8tGp/Q6c=
+golang.org/x/arch v0.20.0/go.mod h1:bdwinDaKcfZUGpH09BB7ZmOfhalA8lQdzl62l8gGWsk=
+golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
+golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
+golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b h1:M2rDM6z3Fhozi9O7NWsxAkg/yqS/lQJ6PmkyIV3YP+o=
+golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b/go.mod h1:3//PLf8L/X+8b4vuAfHzxeRUl04Adcb341+IGKfnqS8=
+golang.org/x/mod v0.27.0 h1:kb+q2PyFnEADO2IEF935ehFUXlWiNjJWtRNgBLSfbxQ=
+golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc=
+golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I=
+golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
+golang.org/x/oauth2 v0.31.0 h1:8Fq0yVZLh4j4YA47vHKFTa9Ew5XIrCP8LC6UeNZnLxo=
+golang.org/x/oauth2 v0.31.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
+golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
+golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
-golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/term v0.33.0 h1:NuFncQrRcaRvVmgRkvM3j/F00gWIAlcmlB8ACEKmGIg=
-golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4=
-golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU=
-golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg=
-golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
+golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/term v0.35.0 h1:bZBVKBudEyhRcajGcNc3jIfWPqV4y/Kt2XcoigOWtDQ=
+golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA=
+golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
+golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/tools v0.36.0 h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg=
+golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk=
+google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y=
 google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f h1:gap6+3Gk41EItBuyi4XX/bp4oqJ3UwuIMl25yGinuAA=
 google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f/go.mod h1:Ic02D47M+zbarjYYUlK57y316f2MoN0gjAwI3f2S95o=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f h1:OxYkA3wjPsZyBylwymxSHa7ViiW1Sml4ToBrncvFehI=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f/go.mod h1:+2Yz8+CLJbIfL9z73EW45avw8Lmge3xVElCP9zEKi50=
 google.golang.org/grpc v1.69.4 h1:MF5TftSMkd8GLw/m0KM6V8CMOCY6NZ1NQDPGFgbTt4A=
 google.golang.org/grpc v1.69.4/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4=
-google.golang.org/protobuf v1.36.3 h1:82DV7MYdb8anAVi3qge1wSnMDrnKK7ebr+I0hHRN1BU=
-google.golang.org/protobuf v1.36.3/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.9 h1:w2gp2mA27hUeUzj9Ex9FBjsBm40zfaDtEWow293U7Iw=
+google.golang.org/protobuf v1.36.9/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gorm.io/gorm v1.31.0 h1:0VlycGreVhK7RF/Bwt51Fk8v0xLiiiFdbGDPIZQ7mJY=
+gorm.io/gorm v1.31.0/go.mod h1:XyQVbO2k6YkOis7C2437jSit3SsDK72s7n7rsSHd+Gs=
 gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
 gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
-nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
+modernc.org/cc/v4 v4.26.2 h1:991HMkLjJzYBIfha6ECZdjrIYz2/1ayr+FL8GN+CNzM=
+modernc.org/cc/v4 v4.26.2/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
+modernc.org/ccgo/v4 v4.28.0 h1:rjznn6WWehKq7dG4JtLRKxb52Ecv8OUGah8+Z/SfpNU=
+modernc.org/ccgo/v4 v4.28.0/go.mod h1:JygV3+9AV6SmPhDasu4JgquwU81XAKLd3OKTUDNOiKE=
+modernc.org/fileutil v1.3.8 h1:qtzNm7ED75pd1C7WgAGcK4edm4fvhtBsEiI/0NQ54YM=
+modernc.org/fileutil v1.3.8/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc=
+modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI=
+modernc.org/gc/v2 v2.6.5/go.mod h1:YgIahr1ypgfe7chRuJi2gD7DBQiKSLMPgBQe9oIiito=
+modernc.org/goabi0 v0.2.0 h1:HvEowk7LxcPd0eq6mVOAEMai46V+i7Jrj13t4AzuNks=
+modernc.org/goabi0 v0.2.0/go.mod h1:CEFRnnJhKvWT1c1JTI3Avm+tgOWbkOu5oPA8eH8LnMI=
+modernc.org/libc v1.66.3 h1:cfCbjTUcdsKyyZZfEUKfoHcP3S0Wkvz3jgSzByEWVCQ=
+modernc.org/libc v1.66.3/go.mod h1:XD9zO8kt59cANKvHPXpx7yS2ELPheAey0vjIuZOhOU8=
+modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
+modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
+modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI=
+modernc.org/memory v1.11.0/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw=
+modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
+modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
+modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
+modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
+modernc.org/sqlite v1.38.2 h1:Aclu7+tgjgcQVShZqim41Bbw9Cho0y/7WzYptXqkEek=
+modernc.org/sqlite v1.38.2/go.mod h1:cPTJYSlgg3Sfg046yBShXENNtPrWrDX8bsbAQBzgQ5E=
+modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
+modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
+modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
+modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
 rsc.io/qr v0.2.0 h1:6vBLea5/NRMVTz8V66gipeLycZMl/+UlFmk8DvqQ6WY=
 rsc.io/qr v0.2.0/go.mod h1:IF+uZjkb9fqyeF/4tlBoynqmQxUoPfWEKh921coOuXs=

internal/assets/assets.go

@@ -4,7 +4,12 @@ import (
 	"embed"
 )
 
-// UI assets
+// Frontend
 //
 //go:embed dist
-var Assets embed.FS
+var FrontendAssets embed.FS
+
+// Migrations
+//
+//go:embed migrations/*.sql
+var Migrations embed.FS

internal/assets/migrations/000001_init_sqlite.down.sql

@@ -0,0 +1 @@
+DROP TABLE IF EXISTS "sessions";

internal/assets/migrations/000001_init_sqlite.up.sql

@@ -0,0 +1,10 @@
+CREATE TABLE IF NOT EXISTS "sessions" (
+    "uuid" TEXT NOT NULL PRIMARY KEY UNIQUE,
+    "username" TEXT NOT NULL,
+    "email" TEXT NOT NULL,
+    "name" TEXT NOT NULL,
+    "provider" TEXT NOT NULL,
+    "totp_pending" BOOLEAN NOT NULL,
+    "oauth_groups" TEXT NULL,
+    "expiry" INTEGER NOT NULL
+);

internal/assets/migrations/000002_oauth_name.down.sql

@@ -0,0 +1 @@
+ALTER TABLE "sessions" DROP COLUMN "oauth_name";

internal/assets/migrations/000002_oauth_name.up.sql

@@ -0,0 +1,10 @@
+ALTER TABLE "sessions" ADD COLUMN "oauth_name" TEXT;
+
+UPDATE "sessions"
+SET "oauth_name" = CASE
+  WHEN LOWER("provider") = 'github' THEN 'GitHub'
+  WHEN LOWER("provider") = 'google' THEN 'Google'
+  ELSE UPPER(SUBSTR("provider", 1, 1)) || SUBSTR("provider", 2)
+END
+WHERE "oauth_name" IS NULL AND "provider" IS NOT NULL;
+

internal/auth/auth.go

@@ -1,452 +0,0 @@
-package auth
-
-import (
-	"fmt"
-	"regexp"
-	"strings"
-	"sync"
-	"time"
-	"tinyauth/internal/docker"
-	"tinyauth/internal/ldap"
-	"tinyauth/internal/types"
-	"tinyauth/internal/utils"
-
-	"github.com/gin-gonic/gin"
-	"github.com/gorilla/sessions"
-	"github.com/rs/zerolog/log"
-	"golang.org/x/crypto/bcrypt"
-)
-
-type Auth struct {
-	Config        types.AuthConfig
-	Docker        *docker.Docker
-	LoginAttempts map[string]*types.LoginAttempt
-	LoginMutex    sync.RWMutex
-	Store         *sessions.CookieStore
-	LDAP          *ldap.LDAP
-}
-
-func NewAuth(config types.AuthConfig, docker *docker.Docker, ldap *ldap.LDAP) *Auth {
-	// Setup cookie store and create the auth service
-	store := sessions.NewCookieStore([]byte(config.HMACSecret), []byte(config.EncryptionSecret))
-	store.Options = &sessions.Options{
-		Path:     "/",
-		MaxAge:   config.SessionExpiry,
-		Secure:   config.CookieSecure,
-		HttpOnly: true,
-		Domain:   fmt.Sprintf(".%s", config.Domain),
-	}
-	return &Auth{
-		Config:        config,
-		Docker:        docker,
-		LoginAttempts: make(map[string]*types.LoginAttempt),
-		Store:         store,
-		LDAP:          ldap,
-	}
-}
-
-func (auth *Auth) GetSession(c *gin.Context) (*sessions.Session, error) {
-	session, err := auth.Store.Get(c.Request, auth.Config.SessionCookieName)
-
-	// If there was an error getting the session, it might be invalid so let's clear it and retry
-	if err != nil {
-		log.Error().Err(err).Msg("Invalid session, clearing cookie and retrying")
-		c.SetCookie(auth.Config.SessionCookieName, "", -1, "/", fmt.Sprintf(".%s", auth.Config.Domain), auth.Config.CookieSecure, true)
-		session, err = auth.Store.Get(c.Request, auth.Config.SessionCookieName)
-		if err != nil {
-			log.Error().Err(err).Msg("Failed to get session")
-			return nil, err
-		}
-	}
-
-	return session, nil
-}
-
-func (auth *Auth) SearchUser(username string) types.UserSearch {
-	log.Debug().Str("username", username).Msg("Searching for user")
-
-	// Check local users first
-	if auth.GetLocalUser(username).Username != "" {
-		log.Debug().Str("username", username).Msg("Found local user")
-		return types.UserSearch{
-			Username: username,
-			Type:     "local",
-		}
-	}
-
-	// If no user found, check LDAP
-	if auth.LDAP != nil {
-		log.Debug().Str("username", username).Msg("Checking LDAP for user")
-		userDN, err := auth.LDAP.Search(username)
-		if err != nil {
-			log.Warn().Err(err).Str("username", username).Msg("Failed to find user in LDAP")
-			return types.UserSearch{}
-		}
-		return types.UserSearch{
-			Username: userDN,
-			Type:     "ldap",
-		}
-	}
-
-	return types.UserSearch{
-		Type: "unknown",
-	}
-}
-
-func (auth *Auth) VerifyUser(search types.UserSearch, password string) bool {
-	// Authenticate the user based on the type
-	switch search.Type {
-	case "local":
-		// If local user, get the user and check the password
-		user := auth.GetLocalUser(search.Username)
-		return auth.CheckPassword(user, password)
-	case "ldap":
-		// If LDAP is configured, bind to the LDAP server with the user DN and password
-		if auth.LDAP != nil {
-			log.Debug().Str("username", search.Username).Msg("Binding to LDAP for user authentication")
-
-			err := auth.LDAP.Bind(search.Username, password)
-			if err != nil {
-				log.Warn().Err(err).Str("username", search.Username).Msg("Failed to bind to LDAP")
-				return false
-			}
-
-			// Rebind with the service account to reset the connection
-			err = auth.LDAP.Bind(auth.LDAP.Config.BindDN, auth.LDAP.Config.BindPassword)
-			if err != nil {
-				log.Error().Err(err).Msg("Failed to rebind with service account after user authentication")
-				return false
-			}
-
-			log.Debug().Str("username", search.Username).Msg("LDAP authentication successful")
-			return true
-		}
-	default:
-		log.Warn().Str("type", search.Type).Msg("Unknown user type for authentication")
-		return false
-	}
-
-	// If no user found or authentication failed, return false
-	log.Warn().Str("username", search.Username).Msg("User authentication failed")
-	return false
-}
-
-func (auth *Auth) GetLocalUser(username string) types.User {
-	// Loop through users and return the user if the username matches
-	log.Debug().Str("username", username).Msg("Searching for local user")
-
-	for _, user := range auth.Config.Users {
-		if user.Username == username {
-			return user
-		}
-	}
-
-	// If no user found, return an empty user
-	log.Warn().Str("username", username).Msg("Local user not found")
-	return types.User{}
-}
-
-func (auth *Auth) CheckPassword(user types.User, password string) bool {
-	return bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password)) == nil
-}
-
-func (auth *Auth) IsAccountLocked(identifier string) (bool, int) {
-	auth.LoginMutex.RLock()
-	defer auth.LoginMutex.RUnlock()
-
-	// Return false if rate limiting is not configured
-	if auth.Config.LoginMaxRetries <= 0 || auth.Config.LoginTimeout <= 0 {
-		return false, 0
-	}
-
-	// Check if the identifier exists in the map
-	attempt, exists := auth.LoginAttempts[identifier]
-	if !exists {
-		return false, 0
-	}
-
-	// If account is locked, check if lock time has expired
-	if attempt.LockedUntil.After(time.Now()) {
-		// Calculate remaining lockout time in seconds
-		remaining := int(time.Until(attempt.LockedUntil).Seconds())
-		return true, remaining
-	}
-
-	// Lock has expired
-	return false, 0
-}
-
-func (auth *Auth) RecordLoginAttempt(identifier string, success bool) {
-	// Skip if rate limiting is not configured
-	if auth.Config.LoginMaxRetries <= 0 || auth.Config.LoginTimeout <= 0 {
-		return
-	}
-
-	auth.LoginMutex.Lock()
-	defer auth.LoginMutex.Unlock()
-
-	// Get current attempt record or create a new one
-	attempt, exists := auth.LoginAttempts[identifier]
-	if !exists {
-		attempt = &types.LoginAttempt{}
-		auth.LoginAttempts[identifier] = attempt
-	}
-
-	// Update last attempt time
-	attempt.LastAttempt = time.Now()
-
-	// If successful login, reset failed attempts
-	if success {
-		attempt.FailedAttempts = 0
-		attempt.LockedUntil = time.Time{} // Reset lock time
-		return
-	}
-
-	// Increment failed attempts
-	attempt.FailedAttempts++
-
-	// If max retries reached, lock the account
-	if attempt.FailedAttempts >= auth.Config.LoginMaxRetries {
-		attempt.LockedUntil = time.Now().Add(time.Duration(auth.Config.LoginTimeout) * time.Second)
-		log.Warn().Str("identifier", identifier).Int("timeout", auth.Config.LoginTimeout).Msg("Account locked due to too many failed login attempts")
-	}
-}
-
-func (auth *Auth) EmailWhitelisted(email string) bool {
-	return utils.CheckFilter(auth.Config.OauthWhitelist, email)
-}
-
-func (auth *Auth) CreateSessionCookie(c *gin.Context, data *types.SessionCookie) error {
-	log.Debug().Msg("Creating session cookie")
-
-	session, err := auth.GetSession(c)
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to get session")
-		return err
-	}
-
-	log.Debug().Msg("Setting session cookie")
-
-	var sessionExpiry int
-
-	if data.TotpPending {
-		sessionExpiry = 3600
-	} else {
-		sessionExpiry = auth.Config.SessionExpiry
-	}
-
-	session.Values["username"] = data.Username
-	session.Values["name"] = data.Name
-	session.Values["email"] = data.Email
-	session.Values["provider"] = data.Provider
-	session.Values["expiry"] = time.Now().Add(time.Duration(sessionExpiry) * time.Second).Unix()
-	session.Values["totpPending"] = data.TotpPending
-	session.Values["oauthGroups"] = data.OAuthGroups
-
-	err = session.Save(c.Request, c.Writer)
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to save session")
-		return err
-	}
-
-	return nil
-}
-
-func (auth *Auth) DeleteSessionCookie(c *gin.Context) error {
-	log.Debug().Msg("Deleting session cookie")
-
-	session, err := auth.GetSession(c)
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to get session")
-		return err
-	}
-
-	// Delete all values in the session
-	for key := range session.Values {
-		delete(session.Values, key)
-	}
-
-	err = session.Save(c.Request, c.Writer)
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to save session")
-		return err
-	}
-
-	return nil
-}
-
-func (auth *Auth) GetSessionCookie(c *gin.Context) (types.SessionCookie, error) {
-	log.Debug().Msg("Getting session cookie")
-
-	session, err := auth.GetSession(c)
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to get session")
-		return types.SessionCookie{}, err
-	}
-
-	log.Debug().Msg("Got session")
-
-	username, usernameOk := session.Values["username"].(string)
-	email, emailOk := session.Values["email"].(string)
-	name, nameOk := session.Values["name"].(string)
-	provider, providerOK := session.Values["provider"].(string)
-	expiry, expiryOk := session.Values["expiry"].(int64)
-	totpPending, totpPendingOk := session.Values["totpPending"].(bool)
-	oauthGroups, oauthGroupsOk := session.Values["oauthGroups"].(string)
-
-	// If any data is missing, delete the session cookie
-	if !usernameOk || !providerOK || !expiryOk || !totpPendingOk || !emailOk || !nameOk || !oauthGroupsOk {
-		log.Warn().Msg("Session cookie is invalid")
-		auth.DeleteSessionCookie(c)
-		return types.SessionCookie{}, nil
-	}
-
-	// If the session cookie has expired, delete it
-	if time.Now().Unix() > expiry {
-		log.Warn().Msg("Session cookie expired")
-		auth.DeleteSessionCookie(c)
-		return types.SessionCookie{}, nil
-	}
-
-	log.Debug().Str("username", username).Str("provider", provider).Int64("expiry", expiry).Bool("totpPending", totpPending).Str("name", name).Str("email", email).Str("oauthGroups", oauthGroups).Msg("Parsed cookie")
-	return types.SessionCookie{
-		Username:    username,
-		Name:        name,
-		Email:       email,
-		Provider:    provider,
-		TotpPending: totpPending,
-		OAuthGroups: oauthGroups,
-	}, nil
-}
-
-func (auth *Auth) UserAuthConfigured() bool {
-	// If there are users or LDAP is configured, return true
-	return len(auth.Config.Users) > 0 || auth.LDAP != nil
-}
-
-func (auth *Auth) ResourceAllowed(c *gin.Context, context types.UserContext, labels types.Labels) bool {
-	if context.OAuth {
-		log.Debug().Msg("Checking OAuth whitelist")
-		return utils.CheckFilter(labels.OAuth.Whitelist, context.Email)
-	}
-
-	log.Debug().Msg("Checking users")
-	return utils.CheckFilter(labels.Users, context.Username)
-}
-
-func (auth *Auth) OAuthGroup(c *gin.Context, context types.UserContext, labels types.Labels) bool {
-	if labels.OAuth.Groups == "" {
-		return true
-	}
-
-	// Check if we are using the generic oauth provider
-	if context.Provider != "generic" {
-		log.Debug().Msg("Not using generic provider, skipping group check")
-		return true
-	}
-
-	// Split the groups by comma (no need to parse since they are from the API response)
-	oauthGroups := strings.Split(context.OAuthGroups, ",")
-
-	// For every group check if it is in the required groups
-	for _, group := range oauthGroups {
-		if utils.CheckFilter(labels.OAuth.Groups, group) {
-			log.Debug().Str("group", group).Msg("Group is in required groups")
-			return true
-		}
-	}
-
-	// No groups matched
-	log.Debug().Msg("No groups matched")
-	return false
-}
-
-func (auth *Auth) AuthEnabled(uri string, labels types.Labels) (bool, error) {
-	// If the label is empty, auth is enabled
-	if labels.Allowed == "" {
-		return true, nil
-	}
-
-	// Compile regex
-	regex, err := regexp.Compile(labels.Allowed)
-
-	// If there is an error, invalid regex, auth enabled
-	if err != nil {
-		log.Error().Err(err).Msg("Invalid regex")
-		return true, err
-	}
-
-	// If the regex matches the URI, auth is not enabled
-	if regex.MatchString(uri) {
-		return false, nil
-	}
-
-	// Auth enabled
-	return true, nil
-}
-
-func (auth *Auth) GetBasicAuth(c *gin.Context) *types.User {
-	username, password, ok := c.Request.BasicAuth()
-	if !ok {
-		return nil
-	}
-	return &types.User{
-		Username: username,
-		Password: password,
-	}
-}
-
-func (auth *Auth) CheckIP(labels types.Labels, ip string) bool {
-	// Check if the IP is in block list
-	for _, blocked := range labels.IP.Block {
-		res, err := utils.FilterIP(blocked, ip)
-		if err != nil {
-			log.Error().Err(err).Str("item", blocked).Msg("Invalid IP/CIDR in block list")
-			continue
-		}
-		if res {
-			log.Warn().Str("ip", ip).Str("item", blocked).Msg("IP is in blocked list, denying access")
-			return false
-		}
-	}
-
-	// For every IP in the allow list, check if the IP matches
-	for _, allowed := range labels.IP.Allow {
-		res, err := utils.FilterIP(allowed, ip)
-		if err != nil {
-			log.Error().Err(err).Str("item", allowed).Msg("Invalid IP/CIDR in allow list")
-			continue
-		}
-		if res {
-			log.Debug().Str("ip", ip).Str("item", allowed).Msg("IP is in allowed list, allowing access")
-			return true
-		}
-	}
-
-	// If not in allowed range and allowed range is not empty, deny access
-	if len(labels.IP.Allow) > 0 {
-		log.Warn().Str("ip", ip).Msg("IP not in allow list, denying access")
-		return false
-	}
-
-	log.Debug().Str("ip", ip).Msg("IP not in allow or block list, allowing by default")
-	return true
-}
-
-func (auth *Auth) BypassedIP(labels types.Labels, ip string) bool {
-	// For every IP in the bypass list, check if the IP matches
-	for _, bypassed := range labels.IP.Bypass {
-		res, err := utils.FilterIP(bypassed, ip)
-		if err != nil {
-			log.Error().Err(err).Str("item", bypassed).Msg("Invalid IP/CIDR in bypass list")
-			continue
-		}
-		if res {
-			log.Debug().Str("ip", ip).Str("item", bypassed).Msg("IP is in bypass list, allowing access")
-			return true
-		}
-	}
-
-	log.Debug().Str("ip", ip).Msg("IP not in bypass list, continuing with authentication")
-	return false
-}

internal/auth/auth_test.go

@@ -1,146 +0,0 @@
-package auth_test
-
-import (
-	"testing"
-	"time"
-	"tinyauth/internal/auth"
-	"tinyauth/internal/types"
-)
-
-var config = types.AuthConfig{
-	Users:          types.Users{},
-	OauthWhitelist: "",
-	SessionExpiry:  3600,
-}
-
-func TestLoginRateLimiting(t *testing.T) {
-	// Initialize a new auth service with 3 max retries and 5 seconds timeout
-	config.LoginMaxRetries = 3
-	config.LoginTimeout = 5
-	authService := auth.NewAuth(config, nil, nil)
-
-	// Test identifier
-	identifier := "test_user"
-
-	// Test successful login - should not lock account
-	t.Log("Testing successful login")
-
-	authService.RecordLoginAttempt(identifier, true)
-	locked, _ := authService.IsAccountLocked(identifier)
-
-	if locked {
-		t.Fatalf("Account should not be locked after successful login")
-	}
-
-	// Test 2 failed attempts - should not lock account yet
-	t.Log("Testing 2 failed login attempts")
-
-	authService.RecordLoginAttempt(identifier, false)
-	authService.RecordLoginAttempt(identifier, false)
-	locked, _ = authService.IsAccountLocked(identifier)
-
-	if locked {
-		t.Fatalf("Account should not be locked after only 2 failed attempts")
-	}
-
-	// Add one more failed attempt (total 3) - should lock account with maxRetries=3
-	t.Log("Testing 3 failed login attempts")
-	authService.RecordLoginAttempt(identifier, false)
-	locked, remainingTime := authService.IsAccountLocked(identifier)
-
-	if !locked {
-		t.Fatalf("Account should be locked after reaching max retries")
-	}
-	if remainingTime <= 0 || remainingTime > 5 {
-		t.Fatalf("Expected remaining time between 1-5 seconds, got %d", remainingTime)
-	}
-
-	// Test reset after waiting for timeout - use 1 second timeout for fast testing
-	t.Log("Testing unlocking after timeout")
-
-	// Reinitialize auth service with a shorter timeout for testing
-	config.LoginTimeout = 1
-	config.LoginMaxRetries = 3
-	authService = auth.NewAuth(config, nil, nil)
-
-	// Add enough failed attempts to lock the account
-	for i := 0; i < 3; i++ {
-		authService.RecordLoginAttempt(identifier, false)
-	}
-
-	// Verify it's locked
-	locked, _ = authService.IsAccountLocked(identifier)
-	if !locked {
-		t.Fatalf("Account should be locked initially")
-	}
-
-	// Wait a bit and verify it gets unlocked after timeout
-	time.Sleep(1500 * time.Millisecond) // Wait longer than the timeout
-	locked, _ = authService.IsAccountLocked(identifier)
-
-	if locked {
-		t.Fatalf("Account should be unlocked after timeout period")
-	}
-
-	// Test disabled rate limiting
-	t.Log("Testing disabled rate limiting")
-	config.LoginMaxRetries = 0
-	config.LoginTimeout = 0
-	authService = auth.NewAuth(config, nil, nil)
-
-	for i := 0; i < 10; i++ {
-		authService.RecordLoginAttempt(identifier, false)
-	}
-
-	locked, _ = authService.IsAccountLocked(identifier)
-	if locked {
-		t.Fatalf("Account should not be locked when rate limiting is disabled")
-	}
-}
-
-func TestConcurrentLoginAttempts(t *testing.T) {
-	// Initialize a new auth service with 2 max retries and 5 seconds timeout
-	config.LoginMaxRetries = 2
-	config.LoginTimeout = 5
-	authService := auth.NewAuth(config, nil, nil)
-
-	// Test multiple identifiers
-	identifiers := []string{"user1", "user2", "user3"}
-
-	// Test that locking one identifier doesn't affect others
-	t.Log("Testing multiple identifiers")
-
-	// Add enough failed attempts to lock first user (2 attempts with maxRetries=2)
-	authService.RecordLoginAttempt(identifiers[0], false)
-	authService.RecordLoginAttempt(identifiers[0], false)
-
-	// Check if first user is locked
-	locked, _ := authService.IsAccountLocked(identifiers[0])
-	if !locked {
-		t.Fatalf("User1 should be locked after reaching max retries")
-	}
-
-	// Check that other users are not affected
-	for i := 1; i < len(identifiers); i++ {
-		locked, _ := authService.IsAccountLocked(identifiers[i])
-		if locked {
-			t.Fatalf("User%d should not be locked", i+1)
-		}
-	}
-
-	// Test successful login after failed attempts (but before lock)
-	t.Log("Testing successful login after failed attempts but before lock")
-
-	// One failed attempt for user2
-	authService.RecordLoginAttempt(identifiers[1], false)
-
-	// Successful login should reset the counter
-	authService.RecordLoginAttempt(identifiers[1], true)
-
-	// Now try a failed login again - should not be locked as counter was reset
-	authService.RecordLoginAttempt(identifiers[1], false)
-	locked, _ = authService.IsAccountLocked(identifiers[1])
-	if locked {
-		t.Fatalf("User2 should not be locked after successful login reset")
-	}
-}

internal/bootstrap/app_bootstrap.go

@@ -0,0 +1,341 @@
+package bootstrap
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/url"
+	"os"
+	"strings"
+	"time"
+	"tinyauth/internal/config"
+	"tinyauth/internal/controller"
+	"tinyauth/internal/middleware"
+	"tinyauth/internal/service"
+	"tinyauth/internal/utils"
+
+	"github.com/gin-gonic/gin"
+	"github.com/rs/zerolog/log"
+)
+
+type Controller interface {
+	SetupRoutes()
+}
+
+type Middleware interface {
+	Middleware() gin.HandlerFunc
+	Init() error
+}
+
+type Service interface {
+	Init() error
+}
+
+type BootstrapApp struct {
+	config config.Config
+	uuid   string
+}
+
+func NewBootstrapApp(config config.Config) *BootstrapApp {
+	return &BootstrapApp{
+		config: config,
+	}
+}
+
+func (app *BootstrapApp) Setup() error {
+	// Parse users
+	users, err := utils.GetUsers(app.config.Users, app.config.UsersFile)
+
+	if err != nil {
+		return err
+	}
+
+	// Get OAuth configs
+	oauthProviders, err := utils.GetOAuthProvidersConfig(os.Environ(), os.Args, app.config.AppURL)
+
+	if err != nil {
+		return err
+	}
+
+	// Get cookie domain
+	cookieDomain, err := utils.GetCookieDomain(app.config.AppURL)
+
+	if err != nil {
+		return err
+	}
+
+	// Cookie names
+	appUrl, _ := url.Parse(app.config.AppURL) // Already validated
+	uuid := utils.GenerateUUID(appUrl.Hostname())
+	app.uuid = uuid
+	cookieId := strings.Split(uuid, "-")[0]
+	sessionCookieName := fmt.Sprintf("%s-%s", config.SessionCookieName, cookieId)
+	csrfCookieName := fmt.Sprintf("%s-%s", config.CSRFCookieName, cookieId)
+	redirectCookieName := fmt.Sprintf("%s-%s", config.RedirectCookieName, cookieId)
+
+	// Create configs
+	authConfig := service.AuthServiceConfig{
+		Users:             users,
+		OauthWhitelist:    app.config.OAuthWhitelist,
+		SessionExpiry:     app.config.SessionExpiry,
+		SecureCookie:      app.config.SecureCookie,
+		CookieDomain:      cookieDomain,
+		LoginTimeout:      app.config.LoginTimeout,
+		LoginMaxRetries:   app.config.LoginMaxRetries,
+		SessionCookieName: sessionCookieName,
+	}
+
+	// Setup services
+	var ldapService *service.LdapService
+
+	if app.config.LdapAddress != "" {
+		ldapConfig := service.LdapServiceConfig{
+			Address:      app.config.LdapAddress,
+			BindDN:       app.config.LdapBindDN,
+			BindPassword: app.config.LdapBindPassword,
+			BaseDN:       app.config.LdapBaseDN,
+			Insecure:     app.config.LdapInsecure,
+			SearchFilter: app.config.LdapSearchFilter,
+		}
+
+		ldapService = service.NewLdapService(ldapConfig)
+
+		err := ldapService.Init()
+
+		if err != nil {
+			log.Warn().Err(err).Msg("Failed to initialize LDAP service, continuing without LDAP")
+			ldapService = nil
+		}
+	}
+
+	// Bootstrap database
+	databaseService := service.NewDatabaseService(service.DatabaseServiceConfig{
+		DatabasePath: app.config.DatabasePath,
+	})
+
+	log.Debug().Str("service", fmt.Sprintf("%T", databaseService)).Msg("Initializing service")
+
+	err = databaseService.Init()
+
+	if err != nil {
+		return fmt.Errorf("failed to initialize database service: %w", err)
+	}
+
+	database := databaseService.GetDatabase()
+
+	// Create services
+	dockerService := service.NewDockerService()
+	authService := service.NewAuthService(authConfig, dockerService, ldapService, database)
+	oauthBrokerService := service.NewOAuthBrokerService(oauthProviders)
+
+	// Initialize services
+	services := []Service{
+		dockerService,
+		authService,
+		oauthBrokerService,
+	}
+
+	for _, svc := range services {
+		if svc != nil {
+			log.Debug().Str("service", fmt.Sprintf("%T", svc)).Msg("Initializing service")
+			err := svc.Init()
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	// Configured providers
+	configuredProviders := make([]controller.Provider, 0)
+
+	for id, provider := range oauthProviders {
+		if id == "" {
+			continue
+		}
+
+		if provider.Name == "" {
+			if name, ok := config.OverrideProviders[id]; ok {
+				provider.Name = name
+			} else {
+				provider.Name = utils.Capitalize(id)
+			}
+		}
+
+		configuredProviders = append(configuredProviders, controller.Provider{
+			Name:  provider.Name,
+			ID:    id,
+			OAuth: true,
+		})
+	}
+
+	if authService.UserAuthConfigured() || ldapService != nil {
+		configuredProviders = append(configuredProviders, controller.Provider{
+			Name:  "Username",
+			ID:    "username",
+			OAuth: false,
+		})
+	}
+
+	log.Debug().Interface("providers", configuredProviders).Msg("Authentication providers")
+
+	if len(configuredProviders) == 0 {
+		return fmt.Errorf("no authentication providers configured")
+	}
+
+	// Create engine
+	if config.Version != "development" {
+		gin.SetMode(gin.ReleaseMode)
+	}
+
+	engine := gin.New()
+
+	if len(app.config.TrustedProxies) > 0 {
+		err := engine.SetTrustedProxies(strings.Split(app.config.TrustedProxies, ","))
+
+		if err != nil {
+			return fmt.Errorf("failed to set trusted proxies: %w", err)
+		}
+	}
+
+	// Create middlewares
+	var middlewares []Middleware
+
+	contextMiddleware := middleware.NewContextMiddleware(middleware.ContextMiddlewareConfig{
+		CookieDomain: cookieDomain,
+	}, authService, oauthBrokerService)
+
+	uiMiddleware := middleware.NewUIMiddleware()
+	zerologMiddleware := middleware.NewZerologMiddleware()
+
+	middlewares = append(middlewares, contextMiddleware, uiMiddleware, zerologMiddleware)
+
+	for _, middleware := range middlewares {
+		log.Debug().Str("middleware", fmt.Sprintf("%T", middleware)).Msg("Initializing middleware")
+		err := middleware.Init()
+		if err != nil {
+			return fmt.Errorf("failed to initialize middleware %T: %w", middleware, err)
+		}
+		engine.Use(middleware.Middleware())
+	}
+
+	// Create routers
+	mainRouter := engine.Group("")
+	apiRouter := engine.Group("/api")
+
+	// Create controllers
+	contextController := controller.NewContextController(controller.ContextControllerConfig{
+		Providers:             configuredProviders,
+		Title:                 app.config.Title,
+		AppURL:                app.config.AppURL,
+		CookieDomain:          cookieDomain,
+		ForgotPasswordMessage: app.config.ForgotPasswordMessage,
+		BackgroundImage:       app.config.BackgroundImage,
+		OAuthAutoRedirect:     app.config.OAuthAutoRedirect,
+	}, apiRouter)
+
+	oauthController := controller.NewOAuthController(controller.OAuthControllerConfig{
+		AppURL:             app.config.AppURL,
+		SecureCookie:       app.config.SecureCookie,
+		CSRFCookieName:     csrfCookieName,
+		RedirectCookieName: redirectCookieName,
+		CookieDomain:       cookieDomain,
+	}, apiRouter, authService, oauthBrokerService)
+
+	proxyController := controller.NewProxyController(controller.ProxyControllerConfig{
+		AppURL: app.config.AppURL,
+	}, apiRouter, dockerService, authService)
+
+	userController := controller.NewUserController(controller.UserControllerConfig{
+		CookieDomain: cookieDomain,
+	}, apiRouter, authService)
+
+	resourcesController := controller.NewResourcesController(controller.ResourcesControllerConfig{
+		ResourcesDir:      app.config.ResourcesDir,
+		ResourcesDisabled: app.config.DisableResources,
+	}, mainRouter)
+
+	healthController := controller.NewHealthController(apiRouter)
+
+	// Setup routes
+	controller := []Controller{
+		contextController,
+		oauthController,
+		proxyController,
+		userController,
+		healthController,
+		resourcesController,
+	}
+
+	for _, ctrl := range controller {
+		log.Debug().Msgf("Setting up %T controller", ctrl)
+		ctrl.SetupRoutes()
+	}
+
+	// If analytics are not disabled, start heartbeat
+	if !app.config.DisableAnalytics {
+		log.Debug().Msg("Starting heartbeat routine")
+		go app.heartbeat()
+	}
+
+	// Start server
+	address := fmt.Sprintf("%s:%d", app.config.Address, app.config.Port)
+	log.Info().Msgf("Starting server on %s", address)
+	if err := engine.Run(address); err != nil {
+		log.Fatal().Err(err).Msg("Failed to start server")
+	}
+
+	return nil
+}
+
+func (app *BootstrapApp) heartbeat() {
+	ticker := time.NewTicker(time.Duration(12) * time.Hour)
+	defer ticker.Stop()
+
+	type heartbeat struct {
+		UUID    string `json:"uuid"`
+		Version string `json:"version"`
+	}
+
+	var body heartbeat
+
+	body.UUID = app.uuid
+	body.Version = config.Version
+
+	bodyJson, err := json.Marshal(body)
+
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to marshal heartbeat body")
+		return
+	}
+
+	client := &http.Client{}
+
+	heartbeatURL := config.ApiServer + "/v1/instances/heartbeat"
+
+	for ; true; <-ticker.C {
+		log.Debug().Msg("Sending heartbeat")
+
+		req, err := http.NewRequest(http.MethodPost, heartbeatURL, bytes.NewReader(bodyJson))
+
+		if err != nil {
+			log.Error().Err(err).Msg("Failed to create heartbeat request")
+			continue
+		}
+
+		req.Header.Add("Content-Type", "application/json")
+
+		res, err := client.Do(req)
+
+		if err != nil {
+			log.Error().Err(err).Msg("Failed to send heartbeat")
+			continue
+		}
+
+		res.Body.Close()
+
+		if res.StatusCode != 200 && res.StatusCode != 201 {
+			log.Debug().Str("status", res.Status).Msg("Heartbeat returned non-200/201 status")
+		}
+	}
+}

internal/config/config.go

@@ -0,0 +1,182 @@
+package config
+
+// Version information, set at build time
+
+var Version = "development"
+var CommitHash = "development"
+var BuildTimestamp = "0000-00-00T00:00:00Z"
+
+// Cookie name templates
+
+var SessionCookieName = "tinyauth-session"
+var CSRFCookieName = "tinyauth-csrf"
+var RedirectCookieName = "tinyauth-redirect"
+
+// Main app config
+
+type Config struct {
+	Port                  int    `mapstructure:"port" validate:"required"`
+	Address               string `validate:"required,ip4_addr" mapstructure:"address"`
+	AppURL                string `validate:"required,url" mapstructure:"app-url"`
+	Users                 string `mapstructure:"users"`
+	UsersFile             string `mapstructure:"users-file"`
+	SecureCookie          bool   `mapstructure:"secure-cookie"`
+	OAuthWhitelist        string `mapstructure:"oauth-whitelist"`
+	OAuthAutoRedirect     string `mapstructure:"oauth-auto-redirect"`
+	SessionExpiry         int    `mapstructure:"session-expiry"`
+	LogLevel              string `mapstructure:"log-level" validate:"oneof=trace debug info warn error fatal panic"`
+	Title                 string `mapstructure:"app-title"`
+	LoginTimeout          int    `mapstructure:"login-timeout"`
+	LoginMaxRetries       int    `mapstructure:"login-max-retries"`
+	ForgotPasswordMessage string `mapstructure:"forgot-password-message"`
+	BackgroundImage       string `mapstructure:"background-image" validate:"required"`
+	LdapAddress           string `mapstructure:"ldap-address"`
+	LdapBindDN            string `mapstructure:"ldap-bind-dn"`
+	LdapBindPassword      string `mapstructure:"ldap-bind-password"`
+	LdapBaseDN            string `mapstructure:"ldap-base-dn"`
+	LdapInsecure          bool   `mapstructure:"ldap-insecure"`
+	LdapSearchFilter      string `mapstructure:"ldap-search-filter"`
+	ResourcesDir          string `mapstructure:"resources-dir"`
+	DatabasePath          string `mapstructure:"database-path" validate:"required"`
+	TrustedProxies        string `mapstructure:"trusted-proxies"`
+	DisableAnalytics      bool   `mapstructure:"disable-analytics"`
+	DisableResources      bool   `mapstructure:"disable-resources"`
+}
+
+// OAuth/OIDC config
+
+type Claims struct {
+	Name              string `json:"name"`
+	Email             string `json:"email"`
+	PreferredUsername string `json:"preferred_username"`
+	Groups            any    `json:"groups"`
+}
+
+type OAuthServiceConfig struct {
+	ClientID           string   `key:"client-id"`
+	ClientSecret       string   `key:"client-secret"`
+	ClientSecretFile   string   `key:"client-secret-file"`
+	Scopes             []string `key:"scopes"`
+	RedirectURL        string   `key:"redirect-url"`
+	AuthURL            string   `key:"auth-url"`
+	TokenURL           string   `key:"token-url"`
+	UserinfoURL        string   `key:"user-info-url"`
+	InsecureSkipVerify bool     `key:"insecure-skip-verify"`
+	Name               string   `key:"name"`
+}
+
+var OverrideProviders = map[string]string{
+	"google": "Google",
+	"github": "GitHub",
+}
+
+// User/session related stuff
+
+type User struct {
+	Username   string
+	Password   string
+	TotpSecret string
+}
+
+type UserSearch struct {
+	Username string
+	Type     string // local, ldap or unknown
+}
+
+type SessionCookie struct {
+	UUID        string
+	Username    string
+	Name        string
+	Email       string
+	Provider    string
+	TotpPending bool
+	OAuthGroups string
+	OAuthName   string
+}
+
+type UserContext struct {
+	Username    string
+	Name        string
+	Email       string
+	IsLoggedIn  bool
+	OAuth       bool
+	Provider    string
+	TotpPending bool
+	OAuthGroups string
+	TotpEnabled bool
+	OAuthName   string
+}
+
+// API responses and queries
+
+type UnauthorizedQuery struct {
+	Username string `url:"username"`
+	Resource string `url:"resource"`
+	GroupErr bool   `url:"groupErr"`
+	IP       string `url:"ip"`
+}
+
+type RedirectQuery struct {
+	RedirectURI string `url:"redirect_uri"`
+}
+
+// Labels
+
+type Apps struct {
+	Apps map[string]App
+}
+
+type App struct {
+	Config   AppConfig
+	Users    AppUsers
+	OAuth    AppOAuth
+	IP       AppIP
+	Response AppResponse
+	Path     AppPath
+}
+
+type AppConfig struct {
+	Domain string
+}
+
+type AppUsers struct {
+	Allow string
+	Block string
+}
+
+type AppOAuth struct {
+	Whitelist string
+	Groups    string
+}
+
+type AppIP struct {
+	Allow  []string
+	Block  []string
+	Bypass []string
+}
+
+type AppResponse struct {
+	Headers   []string
+	BasicAuth AppBasicAuth
+}
+
+type AppBasicAuth struct {
+	Username     string
+	Password     string
+	PasswordFile string
+}
+
+type AppPath struct {
+	Allow string
+	Block string
+}
+
+// Flags
+
+type Providers struct {
+	Providers map[string]OAuthServiceConfig
+}
+
+// API server
+
+var ApiServer = "https://api.tinyauth.app"

internal/constants/constants.go

@@ -1,19 +0,0 @@
-package constants
-
-// Claims are the OIDC supported claims (prefered username is included for convinience)
-type Claims struct {
-	Name              string `json:"name"`
-	Email             string `json:"email"`
-	PreferredUsername string `json:"preferred_username"`
-	Groups            any    `json:"groups"`
-}
-
-// Version information
-var Version = "development"
-var CommitHash = "n/a"
-var BuildTimestamp = "n/a"
-
-// Base cookie names
-var SessionCookieName = "tinyauth-session"
-var CsrfCookieName = "tinyauth-csrf"
-var RedirectCookieName = "tinyauth-redirect"

internal/controller/context_controller.go

@@ -0,0 +1,113 @@
+package controller
+
+import (
+	"fmt"
+	"net/url"
+	"tinyauth/internal/utils"
+
+	"github.com/gin-gonic/gin"
+	"github.com/rs/zerolog/log"
+)
+
+type UserContextResponse struct {
+	Status      int    `json:"status"`
+	Message     string `json:"message"`
+	IsLoggedIn  bool   `json:"isLoggedIn"`
+	Username    string `json:"username"`
+	Name        string `json:"name"`
+	Email       string `json:"email"`
+	Provider    string `json:"provider"`
+	OAuth       bool   `json:"oauth"`
+	TotpPending bool   `json:"totpPending"`
+	OAuthName   string `json:"oauthName"`
+}
+
+type AppContextResponse struct {
+	Status                int        `json:"status"`
+	Message               string     `json:"message"`
+	Providers             []Provider `json:"providers"`
+	Title                 string     `json:"title"`
+	AppURL                string     `json:"appUrl"`
+	CookieDomain          string     `json:"cookieDomain"`
+	ForgotPasswordMessage string     `json:"forgotPasswordMessage"`
+	BackgroundImage       string     `json:"backgroundImage"`
+	OAuthAutoRedirect     string     `json:"oauthAutoRedirect"`
+}
+
+type Provider struct {
+	Name  string `json:"name"`
+	ID    string `json:"id"`
+	OAuth bool   `json:"oauth"`
+}
+
+type ContextControllerConfig struct {
+	Providers             []Provider
+	Title                 string
+	AppURL                string
+	CookieDomain          string
+	ForgotPasswordMessage string
+	BackgroundImage       string
+	OAuthAutoRedirect     string
+}
+
+type ContextController struct {
+	config ContextControllerConfig
+	router *gin.RouterGroup
+}
+
+func NewContextController(config ContextControllerConfig, router *gin.RouterGroup) *ContextController {
+	return &ContextController{
+		config: config,
+		router: router,
+	}
+}
+
+func (controller *ContextController) SetupRoutes() {
+	contextGroup := controller.router.Group("/context")
+	contextGroup.GET("/user", controller.userContextHandler)
+	contextGroup.GET("/app", controller.appContextHandler)
+}
+
+func (controller *ContextController) userContextHandler(c *gin.Context) {
+	context, err := utils.GetContext(c)
+
+	userContext := UserContextResponse{
+		Status:      200,
+		Message:     "Success",
+		IsLoggedIn:  context.IsLoggedIn,
+		Username:    context.Username,
+		Name:        context.Name,
+		Email:       context.Email,
+		Provider:    context.Provider,
+		OAuth:       context.OAuth,
+		TotpPending: context.TotpPending,
+		OAuthName:   context.OAuthName,
+	}
+
+	if err != nil {
+		log.Debug().Err(err).Msg("No user context found in request")
+		userContext.Status = 401
+		userContext.Message = "Unauthorized"
+		userContext.IsLoggedIn = false
+		c.JSON(200, userContext)
+		return
+	}
+
+	c.JSON(200, userContext)
+}
+
+func (controller *ContextController) appContextHandler(c *gin.Context) {
+	appUrl, _ := url.Parse(controller.config.AppURL) // no need to check error, validated on startup
+
+	c.JSON(200, AppContextResponse{
+		Status:                200,
+		Message:               "Success",
+		Providers:             controller.config.Providers,
+		Title:                 controller.config.Title,
+		AppURL:                fmt.Sprintf("%s://%s", appUrl.Scheme, appUrl.Host),
+		CookieDomain:          controller.config.CookieDomain,
+		ForgotPasswordMessage: controller.config.ForgotPasswordMessage,
+		BackgroundImage:       controller.config.BackgroundImage,
+		OAuthAutoRedirect:     controller.config.OAuthAutoRedirect,
+	})
+}

internal/controller/context_controller_test.go

@@ -0,0 +1,144 @@
+package controller_test
+
+import (
+	"encoding/json"
+	"net/http/httptest"
+	"testing"
+	"tinyauth/internal/config"
+	"tinyauth/internal/controller"
+
+	"github.com/gin-gonic/gin"
+	"gotest.tools/v3/assert"
+)
+
+var controllerCfg = controller.ContextControllerConfig{
+	Providers: []controller.Provider{
+		{
+			Name:  "Username",
+			ID:    "username",
+			OAuth: false,
+		},
+		{
+			Name:  "Google",
+			ID:    "google",
+			OAuth: true,
+		},
+	},
+	Title:                 "Test App",
+	AppURL:                "http://localhost:8080",
+	CookieDomain:          "localhost",
+	ForgotPasswordMessage: "Contact admin to reset your password.",
+	BackgroundImage:       "/assets/bg.jpg",
+	OAuthAutoRedirect:     "google",
+}
+
+var userContext = config.UserContext{
+	Username:    "testuser",
+	Name:        "testuser",
+	Email:       "test@example.com",
+	IsLoggedIn:  true,
+	OAuth:       false,
+	Provider:    "username",
+	TotpPending: false,
+	OAuthGroups: "",
+	TotpEnabled: false,
+}
+
+func setupContextController(middlewares *[]gin.HandlerFunc) (*gin.Engine, *httptest.ResponseRecorder) {
+	// Setup
+	gin.SetMode(gin.TestMode)
+	router := gin.Default()
+	recorder := httptest.NewRecorder()
+
+	if middlewares != nil {
+		for _, m := range *middlewares {
+			router.Use(m)
+		}
+	}
+
+	group := router.Group("/api")
+
+	ctrl := controller.NewContextController(controllerCfg, group)
+	ctrl.SetupRoutes()
+
+	return router, recorder
+}
+
+func TestAppContextHandler(t *testing.T) {
+	expectedRes := controller.AppContextResponse{
+		Status:                200,
+		Message:               "Success",
+		Providers:             controllerCfg.Providers,
+		Title:                 controllerCfg.Title,
+		AppURL:                controllerCfg.AppURL,
+		CookieDomain:          controllerCfg.CookieDomain,
+		ForgotPasswordMessage: controllerCfg.ForgotPasswordMessage,
+		BackgroundImage:       controllerCfg.BackgroundImage,
+		OAuthAutoRedirect:     controllerCfg.OAuthAutoRedirect,
+	}
+
+	router, recorder := setupContextController(nil)
+	req := httptest.NewRequest("GET", "/api/context/app", nil)
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 200, recorder.Code)
+
+	var ctrlRes controller.AppContextResponse
+
+	err := json.Unmarshal(recorder.Body.Bytes(), &ctrlRes)
+
+	assert.NilError(t, err)
+	assert.DeepEqual(t, expectedRes, ctrlRes)
+}
+
+func TestUserContextHandler(t *testing.T) {
+	expectedRes := controller.UserContextResponse{
+		Status:      200,
+		Message:     "Success",
+		IsLoggedIn:  userContext.IsLoggedIn,
+		Username:    userContext.Username,
+		Name:        userContext.Name,
+		Email:       userContext.Email,
+		Provider:    userContext.Provider,
+		OAuth:       userContext.OAuth,
+		TotpPending: userContext.TotpPending,
+	}
+
+	// Test with context
+	router, recorder := setupContextController(&[]gin.HandlerFunc{
+		func(c *gin.Context) {
+			c.Set("context", &userContext)
+			c.Next()
+		},
+	})
+
+	req := httptest.NewRequest("GET", "/api/context/user", nil)
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 200, recorder.Code)
+
+	var ctrlRes controller.UserContextResponse
+
+	err := json.Unmarshal(recorder.Body.Bytes(), &ctrlRes)
+
+	assert.NilError(t, err)
+	assert.DeepEqual(t, expectedRes, ctrlRes)
+
+	// Test no context
+	expectedRes = controller.UserContextResponse{
+		Status:     401,
+		Message:    "Unauthorized",
+		IsLoggedIn: false,
+	}
+
+	router, recorder = setupContextController(nil)
+	req = httptest.NewRequest("GET", "/api/context/user", nil)
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 200, recorder.Code)
+
+	err = json.Unmarshal(recorder.Body.Bytes(), &ctrlRes)
+
+	assert.NilError(t, err)
+	assert.DeepEqual(t, expectedRes, ctrlRes)
+}

internal/controller/health_controller.go

@@ -0,0 +1,25 @@
+package controller
+
+import "github.com/gin-gonic/gin"
+
+type HealthController struct {
+	router *gin.RouterGroup
+}
+
+func NewHealthController(router *gin.RouterGroup) *HealthController {
+	return &HealthController{
+		router: router,
+	}
+}
+
+func (controller *HealthController) SetupRoutes() {
+	controller.router.GET("/health", controller.healthHandler)
+	controller.router.HEAD("/health", controller.healthHandler)
+}
+
+func (controller *HealthController) healthHandler(c *gin.Context) {
+	c.JSON(200, gin.H{
+		"status":  "ok",
+		"message": "Healthy",
+	})
+}

internal/controller/oauth_controller.go

@@ -0,0 +1,218 @@
+package controller
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+	"tinyauth/internal/config"
+	"tinyauth/internal/service"
+	"tinyauth/internal/utils"
+
+	"github.com/gin-gonic/gin"
+	"github.com/google/go-querystring/query"
+	"github.com/rs/zerolog/log"
+)
+
+type OAuthRequest struct {
+	Provider string `uri:"provider" binding:"required"`
+}
+
+type OAuthControllerConfig struct {
+	CSRFCookieName     string
+	RedirectCookieName string
+	SecureCookie       bool
+	AppURL             string
+	CookieDomain       string
+}
+
+type OAuthController struct {
+	config OAuthControllerConfig
+	router *gin.RouterGroup
+	auth   *service.AuthService
+	broker *service.OAuthBrokerService
+}
+
+func NewOAuthController(config OAuthControllerConfig, router *gin.RouterGroup, auth *service.AuthService, broker *service.OAuthBrokerService) *OAuthController {
+	return &OAuthController{
+		config: config,
+		router: router,
+		auth:   auth,
+		broker: broker,
+	}
+}
+
+func (controller *OAuthController) SetupRoutes() {
+	oauthGroup := controller.router.Group("/oauth")
+	oauthGroup.GET("/url/:provider", controller.oauthURLHandler)
+	oauthGroup.GET("/callback/:provider", controller.oauthCallbackHandler)
+}
+
+func (controller *OAuthController) oauthURLHandler(c *gin.Context) {
+	var req OAuthRequest
+
+	err := c.BindUri(&req)
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to bind URI")
+		c.JSON(400, gin.H{
+			"status":  400,
+			"message": "Bad Request",
+		})
+		return
+	}
+
+	service, exists := controller.broker.GetService(req.Provider)
+
+	if !exists {
+		log.Warn().Msgf("OAuth provider not found: %s", req.Provider)
+		c.JSON(404, gin.H{
+			"status":  404,
+			"message": "Not Found",
+		})
+		return
+	}
+
+	state := service.GenerateState()
+	authURL := service.GetAuthURL(state)
+	c.SetCookie(controller.config.CSRFCookieName, state, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
+
+	redirectURI := c.Query("redirect_uri")
+
+	if redirectURI != "" && utils.IsRedirectSafe(redirectURI, controller.config.CookieDomain) {
+		log.Debug().Msg("Setting redirect URI cookie")
+		c.SetCookie(controller.config.RedirectCookieName, redirectURI, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
+	}
+
+	c.JSON(200, gin.H{
+		"status":  200,
+		"message": "OK",
+		"url":     authURL,
+	})
+}
+
+func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
+	var req OAuthRequest
+
+	err := c.BindUri(&req)
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to bind URI")
+		c.JSON(400, gin.H{
+			"status":  400,
+			"message": "Bad Request",
+		})
+		return
+	}
+
+	state := c.Query("state")
+	csrfCookie, err := c.Cookie(controller.config.CSRFCookieName)
+
+	if err != nil || state != csrfCookie {
+		log.Warn().Err(err).Msg("CSRF token mismatch or cookie missing")
+		c.SetCookie(controller.config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+		return
+	}
+
+	c.SetCookie(controller.config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
+
+	code := c.Query("code")
+	service, exists := controller.broker.GetService(req.Provider)
+
+	if !exists {
+		log.Warn().Msgf("OAuth provider not found: %s", req.Provider)
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+		return
+	}
+
+	err = service.VerifyCode(code)
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to verify OAuth code")
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+		return
+	}
+
+	user, err := controller.broker.GetUser(req.Provider)
+
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to get user from OAuth provider")
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+		return
+	}
+
+	if user.Email == "" {
+		log.Error().Msg("OAuth provider did not return an email")
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+		return
+	}
+
+	if !controller.auth.IsEmailWhitelisted(user.Email) {
+		queries, err := query.Values(config.UnauthorizedQuery{
+			Username: user.Email,
+		})
+
+		if err != nil {
+			log.Error().Err(err).Msg("Failed to encode unauthorized query")
+			c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+			return
+		}
+
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.config.AppURL, queries.Encode()))
+		return
+	}
+
+	var name string
+
+	if user.Name != "" {
+		log.Debug().Msg("Using name from OAuth provider")
+		name = user.Name
+	} else {
+		log.Debug().Msg("No name from OAuth provider, using pseudo name")
+		name = fmt.Sprintf("%s (%s)", utils.Capitalize(strings.Split(user.Email, "@")[0]), strings.Split(user.Email, "@")[1])
+	}
+
+	var username string
+
+	if user.PreferredUsername != "" {
+		log.Debug().Msg("Using preferred username from OAuth provider")
+		username = user.PreferredUsername
+	} else {
+		log.Debug().Msg("No preferred username from OAuth provider, using pseudo username")
+		username = strings.Replace(user.Email, "@", "_", -1)
+	}
+
+	err = controller.auth.CreateSessionCookie(c, &config.SessionCookie{
+		Username:    username,
+		Name:        name,
+		Email:       user.Email,
+		Provider:    req.Provider,
+		OAuthGroups: utils.CoalesceToString(user.Groups),
+		OAuthName:   service.GetName(),
+	})
+
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to create session cookie")
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+		return
+	}
+
+	redirectURI, err := c.Cookie(controller.config.RedirectCookieName)
+
+	if err != nil || !utils.IsRedirectSafe(redirectURI, controller.config.CookieDomain) {
+		log.Debug().Msg("No redirect URI cookie found, redirecting to app root")
+		c.Redirect(http.StatusTemporaryRedirect, controller.config.AppURL)
+		return
+	}
+
+	queries, err := query.Values(config.RedirectQuery{
+		RedirectURI: redirectURI,
+	})
+
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to encode redirect URI query")
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+		return
+	}
+
+	c.SetCookie(controller.config.RedirectCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
+	c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/continue?%s", controller.config.AppURL, queries.Encode()))
+}

internal/controller/proxy_controller.go

@@ -0,0 +1,291 @@
+package controller
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+	"tinyauth/internal/config"
+	"tinyauth/internal/service"
+	"tinyauth/internal/utils"
+
+	"github.com/gin-gonic/gin"
+	"github.com/google/go-querystring/query"
+	"github.com/rs/zerolog/log"
+)
+
+type Proxy struct {
+	Proxy string `uri:"proxy" binding:"required"`
+}
+
+type ProxyControllerConfig struct {
+	AppURL string
+}
+
+type ProxyController struct {
+	config ProxyControllerConfig
+	router *gin.RouterGroup
+	docker *service.DockerService
+	auth   *service.AuthService
+}
+
+func NewProxyController(config ProxyControllerConfig, router *gin.RouterGroup, docker *service.DockerService, auth *service.AuthService) *ProxyController {
+	return &ProxyController{
+		config: config,
+		router: router,
+		docker: docker,
+		auth:   auth,
+	}
+}
+
+func (controller *ProxyController) SetupRoutes() {
+	proxyGroup := controller.router.Group("/auth")
+	proxyGroup.GET("/:proxy", controller.proxyHandler)
+}
+
+func (controller *ProxyController) proxyHandler(c *gin.Context) {
+	var req Proxy
+
+	err := c.BindUri(&req)
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to bind URI")
+		c.JSON(400, gin.H{
+			"status":  400,
+			"message": "Bad Request",
+		})
+		return
+	}
+
+	if req.Proxy != "nginx" && req.Proxy != "traefik" && req.Proxy != "caddy" {
+		log.Warn().Str("proxy", req.Proxy).Msg("Invalid proxy")
+		c.JSON(400, gin.H{
+			"status":  400,
+			"message": "Bad Request",
+		})
+		return
+	}
+
+	isBrowser := strings.Contains(c.Request.Header.Get("Accept"), "text/html")
+
+	if isBrowser {
+		log.Debug().Msg("Request identified as (most likely) coming from a browser")
+	} else {
+		log.Debug().Msg("Request identified as (most likely) coming from a non-browser client")
+	}
+
+	uri := c.Request.Header.Get("X-Forwarded-Uri")
+	proto := c.Request.Header.Get("X-Forwarded-Proto")
+	host := c.Request.Header.Get("X-Forwarded-Host")
+
+	labels, err := controller.docker.GetLabels(host)
+
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to get labels from Docker")
+		controller.handleError(c, req, isBrowser)
+		return
+	}
+
+	clientIP := c.ClientIP()
+
+	if controller.auth.IsBypassedIP(labels.IP, clientIP) {
+		controller.setHeaders(c, labels)
+		c.JSON(200, gin.H{
+			"status":  200,
+			"message": "Authenticated",
+		})
+		return
+	}
+
+	authEnabled, err := controller.auth.IsAuthEnabled(uri, labels.Path)
+
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to check if auth is enabled for resource")
+		controller.handleError(c, req, isBrowser)
+		return
+	}
+
+	if !authEnabled {
+		log.Debug().Msg("Authentication disabled for resource, allowing access")
+		controller.setHeaders(c, labels)
+		c.JSON(200, gin.H{
+			"status":  200,
+			"message": "Authenticated",
+		})
+		return
+	}
+
+	if !controller.auth.CheckIP(labels.IP, clientIP) {
+		if req.Proxy == "nginx" || !isBrowser {
+			c.JSON(401, gin.H{
+				"status":  401,
+				"message": "Unauthorized",
+			})
+			return
+		}
+
+		queries, err := query.Values(config.UnauthorizedQuery{
+			Resource: strings.Split(host, ".")[0],
+			IP:       clientIP,
+		})
+
+		if err != nil {
+			log.Error().Err(err).Msg("Failed to encode unauthorized query")
+			c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+			return
+		}
+
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.config.AppURL, queries.Encode()))
+		return
+	}
+
+	var userContext config.UserContext
+
+	context, err := utils.GetContext(c)
+
+	if err != nil {
+		log.Debug().Msg("No user context found in request, treating as not logged in")
+		userContext = config.UserContext{
+			IsLoggedIn: false,
+		}
+	} else {
+		userContext = context
+	}
+
+	if userContext.Provider == "basic" && userContext.TotpEnabled {
+		log.Debug().Msg("User has TOTP enabled, denying basic auth access")
+		userContext.IsLoggedIn = false
+	}
+
+	if userContext.IsLoggedIn {
+		appAllowed := controller.auth.IsResourceAllowed(c, userContext, labels)
+
+		if !appAllowed {
+			log.Warn().Str("user", userContext.Username).Str("resource", strings.Split(host, ".")[0]).Msg("User not allowed to access resource")
+
+			if req.Proxy == "nginx" || !isBrowser {
+				c.JSON(403, gin.H{
+					"status":  403,
+					"message": "Forbidden",
+				})
+				return
+			}
+
+			queries, err := query.Values(config.UnauthorizedQuery{
+				Resource: strings.Split(host, ".")[0],
+			})
+
+			if err != nil {
+				log.Error().Err(err).Msg("Failed to encode unauthorized query")
+				c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+				return
+			}
+
+			if userContext.OAuth {
+				queries.Set("username", userContext.Email)
+			} else {
+				queries.Set("username", userContext.Username)
+			}
+
+			c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.config.AppURL, queries.Encode()))
+			return
+		}
+
+		if userContext.OAuth {
+			groupOK := controller.auth.IsInOAuthGroup(c, userContext, labels.OAuth.Groups)
+
+			if !groupOK {
+				log.Warn().Str("user", userContext.Username).Str("resource", strings.Split(host, ".")[0]).Msg("User OAuth groups do not match resource requirements")
+
+				if req.Proxy == "nginx" || !isBrowser {
+					c.JSON(403, gin.H{
+						"status":  403,
+						"message": "Forbidden",
+					})
+					return
+				}
+
+				queries, err := query.Values(config.UnauthorizedQuery{
+					Resource: strings.Split(host, ".")[0],
+					GroupErr: true,
+				})
+
+				if err != nil {
+					log.Error().Err(err).Msg("Failed to encode unauthorized query")
+					c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+					return
+				}
+
+				if userContext.OAuth {
+					queries.Set("username", userContext.Email)
+				} else {
+					queries.Set("username", userContext.Username)
+				}
+
+				c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.config.AppURL, queries.Encode()))
+				return
+			}
+		}
+
+		c.Header("Remote-User", utils.SanitizeHeader(userContext.Username))
+		c.Header("Remote-Name", utils.SanitizeHeader(userContext.Name))
+		c.Header("Remote-Email", utils.SanitizeHeader(userContext.Email))
+		c.Header("Remote-Groups", utils.SanitizeHeader(userContext.OAuthGroups))
+
+		controller.setHeaders(c, labels)
+
+		c.JSON(200, gin.H{
+			"status":  200,
+			"message": "Authenticated",
+		})
+		return
+	}
+
+	if req.Proxy == "nginx" || !isBrowser {
+		c.JSON(401, gin.H{
+			"status":  401,
+			"message": "Unauthorized",
+		})
+		return
+	}
+
+	queries, err := query.Values(config.RedirectQuery{
+		RedirectURI: fmt.Sprintf("%s://%s%s", proto, host, uri),
+	})
+
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to encode redirect URI query")
+		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+		return
+	}
+
+	c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/login?%s", controller.config.AppURL, queries.Encode()))
+}
+
+func (controller *ProxyController) setHeaders(c *gin.Context, labels config.App) {
+	c.Header("Authorization", c.Request.Header.Get("Authorization"))
+
+	headers := utils.ParseHeaders(labels.Response.Headers)
+
+	for key, value := range headers {
+		log.Debug().Str("header", key).Msg("Setting header")
+		c.Header(key, value)
+	}
+
+	basicPassword := utils.GetSecret(labels.Response.BasicAuth.Password, labels.Response.BasicAuth.PasswordFile)
+
+	if labels.Response.BasicAuth.Username != "" && basicPassword != "" {
+		log.Debug().Str("username", labels.Response.BasicAuth.Username).Msg("Setting basic auth header")
+		c.Header("Authorization", fmt.Sprintf("Basic %s", utils.GetBasicAuth(labels.Response.BasicAuth.Username, basicPassword)))
+	}
+}
+
+func (controller *ProxyController) handleError(c *gin.Context, req Proxy, isBrowser bool) {
+	if req.Proxy == "nginx" || !isBrowser {
+		c.JSON(500, gin.H{
+			"status":  500,
+			"message": "Internal Server Error",
+		})
+		return
+	}
+
+	c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
+}

internal/controller/proxy_controller_test.go

@@ -0,0 +1,164 @@
+package controller_test
+
+import (
+	"net/http/httptest"
+	"testing"
+	"tinyauth/internal/config"
+	"tinyauth/internal/controller"
+	"tinyauth/internal/service"
+
+	"github.com/gin-gonic/gin"
+	"gotest.tools/v3/assert"
+)
+
+func setupProxyController(t *testing.T, middlewares *[]gin.HandlerFunc) (*gin.Engine, *httptest.ResponseRecorder, *service.AuthService) {
+	// Setup
+	gin.SetMode(gin.TestMode)
+	router := gin.Default()
+
+	if middlewares != nil {
+		for _, m := range *middlewares {
+			router.Use(m)
+		}
+	}
+
+	group := router.Group("/api")
+	recorder := httptest.NewRecorder()
+
+	// Database
+	databaseService := service.NewDatabaseService(service.DatabaseServiceConfig{
+		DatabasePath: "/tmp/tinyauth_test.db",
+	})
+
+	assert.NilError(t, databaseService.Init())
+
+	database := databaseService.GetDatabase()
+
+	// Docker
+	dockerService := service.NewDockerService()
+
+	assert.NilError(t, dockerService.Init())
+
+	// Auth service
+	authService := service.NewAuthService(service.AuthServiceConfig{
+		Users: []config.User{
+			{
+				Username: "testuser",
+				Password: "$2a$10$ne6z693sTgzT3ePoQ05PgOecUHnBjM7sSNj6M.l5CLUP.f6NyCnt.", // test
+			},
+		},
+		OauthWhitelist:    "",
+		SessionExpiry:     3600,
+		SecureCookie:      false,
+		CookieDomain:      "localhost",
+		LoginTimeout:      300,
+		LoginMaxRetries:   3,
+		SessionCookieName: "tinyauth-session",
+	}, dockerService, nil, database)
+
+	// Controller
+	ctrl := controller.NewProxyController(controller.ProxyControllerConfig{
+		AppURL: "http://localhost:8080",
+	}, group, dockerService, authService)
+	ctrl.SetupRoutes()
+
+	return router, recorder, authService
+}
+
+func TestProxyHandler(t *testing.T) {
+	// Setup
+	router, recorder, authService := setupProxyController(t, nil)
+
+	// Test invalid proxy
+	req := httptest.NewRequest("GET", "/api/auth/invalidproxy", nil)
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 400, recorder.Code)
+
+	// Test logged out user (traefik/caddy)
+	recorder = httptest.NewRecorder()
+	req = httptest.NewRequest("GET", "/api/auth/traefik", nil)
+	req.Header.Set("X-Forwarded-Proto", "https")
+	req.Header.Set("X-Forwarded-Host", "example.com")
+	req.Header.Set("X-Forwarded-Uri", "/somepath")
+	req.Header.Set("Accept", "text/html")
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 307, recorder.Code)
+	assert.Equal(t, "http://localhost:8080/login?redirect_uri=https%3A%2F%2Fexample.com%2Fsomepath", recorder.Header().Get("Location"))
+
+	// Test logged out user (nginx)
+	recorder = httptest.NewRecorder()
+	req = httptest.NewRequest("GET", "/api/auth/nginx", nil)
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 401, recorder.Code)
+
+	// Test logged in user
+	c := gin.CreateTestContextOnly(recorder, router)
+
+	err := authService.CreateSessionCookie(c, &config.SessionCookie{
+		Username:    "testuser",
+		Name:        "testuser",
+		Email:       "testuser@example.com",
+		Provider:    "username",
+		TotpPending: false,
+		OAuthGroups: "",
+	})
+
+	assert.NilError(t, err)
+
+	cookie := c.Writer.Header().Get("Set-Cookie")
+
+	router, recorder, _ = setupProxyController(t, &[]gin.HandlerFunc{
+		func(c *gin.Context) {
+			c.Set("context", &config.UserContext{
+				Username:    "testuser",
+				Name:        "testuser",
+				Email:       "testuser@example.com",
+				IsLoggedIn:  true,
+				OAuth:       false,
+				Provider:    "username",
+				TotpPending: false,
+				OAuthGroups: "",
+				TotpEnabled: false,
+			})
+			c.Next()
+		},
+	})
+
+	req = httptest.NewRequest("GET", "/api/auth/traefik", nil)
+	req.Header.Set("Cookie", cookie)
+	req.Header.Set("Accept", "text/html")
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 200, recorder.Code)
+
+	assert.Equal(t, "testuser", recorder.Header().Get("Remote-User"))
+	assert.Equal(t, "testuser", recorder.Header().Get("Remote-Name"))
+	assert.Equal(t, "testuser@example.com", recorder.Header().Get("Remote-Email"))
+
+	// Ensure basic auth is disabled for TOTP enabled users
+	router, recorder, _ = setupProxyController(t, &[]gin.HandlerFunc{
+		func(c *gin.Context) {
+			c.Set("context", &config.UserContext{
+				Username:    "testuser",
+				Name:        "testuser",
+				Email:       "testuser@example.com",
+				IsLoggedIn:  true,
+				OAuth:       false,
+				Provider:    "basic",
+				TotpPending: false,
+				OAuthGroups: "",
+				TotpEnabled: true,
+			})
+			c.Next()
+		},
+	})
+
+	req = httptest.NewRequest("GET", "/api/auth/traefik", nil)
+	req.SetBasicAuth("testuser", "test")
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 401, recorder.Code)
+}

internal/controller/resources_controller.go

@@ -0,0 +1,50 @@
+package controller
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+)
+
+type ResourcesControllerConfig struct {
+	ResourcesDir      string
+	ResourcesDisabled bool
+}
+
+type ResourcesController struct {
+	config     ResourcesControllerConfig
+	router     *gin.RouterGroup
+	fileServer http.Handler
+}
+
+func NewResourcesController(config ResourcesControllerConfig, router *gin.RouterGroup) *ResourcesController {
+	fileServer := http.StripPrefix("/resources", http.FileServer(http.Dir(config.ResourcesDir)))
+
+	return &ResourcesController{
+		config:     config,
+		router:     router,
+		fileServer: fileServer,
+	}
+}
+
+func (controller *ResourcesController) SetupRoutes() {
+	controller.router.GET("/resources/*resource", controller.resourcesHandler)
+}
+
+func (controller *ResourcesController) resourcesHandler(c *gin.Context) {
+	if controller.config.ResourcesDir == "" {
+		c.JSON(404, gin.H{
+			"status":  404,
+			"message": "Resources not found",
+		})
+		return
+	}
+	if controller.config.ResourcesDisabled {
+		c.JSON(403, gin.H{
+			"status":  403,
+			"message": "Resources are disabled",
+		})
+		return
+	}
+	controller.fileServer.ServeHTTP(c.Writer, c.Request)
+}

internal/controller/resources_controller_test.go

@@ -0,0 +1,57 @@
+package controller_test
+
+import (
+	"net/http/httptest"
+	"os"
+	"testing"
+	"tinyauth/internal/controller"
+
+	"github.com/gin-gonic/gin"
+	"gotest.tools/v3/assert"
+)
+
+func TestResourcesHandler(t *testing.T) {
+	// Setup
+	gin.SetMode(gin.TestMode)
+	router := gin.New()
+	group := router.Group("/")
+
+	ctrl := controller.NewResourcesController(controller.ResourcesControllerConfig{
+		ResourcesDir: "/tmp/tinyauth",
+	}, group)
+	ctrl.SetupRoutes()
+
+	// Create test data
+	err := os.Mkdir("/tmp/tinyauth", 0755)
+	assert.NilError(t, err)
+	defer os.RemoveAll("/tmp/tinyauth")
+
+	file, err := os.Create("/tmp/tinyauth/test.txt")
+	assert.NilError(t, err)
+
+	_, err = file.WriteString("This is a test file.")
+	assert.NilError(t, err)
+	file.Close()
+
+	// Test existing file
+	req := httptest.NewRequest("GET", "/resources/test.txt", nil)
+	recorder := httptest.NewRecorder()
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 200, recorder.Code)
+	assert.Equal(t, "This is a test file.", recorder.Body.String())
+
+	// Test non-existing file
+	req = httptest.NewRequest("GET", "/resources/nonexistent.txt", nil)
+	recorder = httptest.NewRecorder()
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 404, recorder.Code)
+
+	// Test directory traversal attack
+	req = httptest.NewRequest("GET", "/resources/../etc/passwd", nil)
+	recorder = httptest.NewRecorder()
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 404, recorder.Code)
+}

internal/controller/user_controller.go

@@ -0,0 +1,266 @@
+package controller
+
+import (
+	"fmt"
+	"strings"
+	"tinyauth/internal/config"
+	"tinyauth/internal/service"
+	"tinyauth/internal/utils"
+
+	"github.com/gin-gonic/gin"
+	"github.com/pquerna/otp/totp"
+	"github.com/rs/zerolog/log"
+)
+
+type LoginRequest struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+}
+
+type TotpRequest struct {
+	Code string `json:"code"`
+}
+
+type UserControllerConfig struct {
+	CookieDomain string
+}
+
+type UserController struct {
+	config UserControllerConfig
+	router *gin.RouterGroup
+	auth   *service.AuthService
+}
+
+func NewUserController(config UserControllerConfig, router *gin.RouterGroup, auth *service.AuthService) *UserController {
+	return &UserController{
+		config: config,
+		router: router,
+		auth:   auth,
+	}
+}
+
+func (controller *UserController) SetupRoutes() {
+	userGroup := controller.router.Group("/user")
+	userGroup.POST("/login", controller.loginHandler)
+	userGroup.POST("/logout", controller.logoutHandler)
+	userGroup.POST("/totp", controller.totpHandler)
+}
+
+func (controller *UserController) loginHandler(c *gin.Context) {
+	var req LoginRequest
+
+	err := c.ShouldBindJSON(&req)
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to bind JSON")
+		c.JSON(400, gin.H{
+			"status":  400,
+			"message": "Bad Request",
+		})
+		return
+	}
+
+	clientIP := c.ClientIP()
+
+	rateIdentifier := req.Username
+
+	if rateIdentifier == "" {
+		rateIdentifier = clientIP
+	}
+
+	log.Debug().Str("username", req.Username).Str("ip", clientIP).Msg("Login attempt")
+
+	isLocked, remainingTime := controller.auth.IsAccountLocked(rateIdentifier)
+
+	if isLocked {
+		log.Warn().Str("username", req.Username).Str("ip", clientIP).Msg("Account is locked due to too many failed login attempts")
+		c.JSON(429, gin.H{
+			"status":  429,
+			"message": fmt.Sprintf("Too many failed login attempts. Try again in %d seconds", remainingTime),
+		})
+		return
+	}
+
+	userSearch := controller.auth.SearchUser(req.Username)
+
+	if userSearch.Type == "unknown" {
+		log.Warn().Str("username", req.Username).Str("ip", clientIP).Msg("User not found")
+		controller.auth.RecordLoginAttempt(rateIdentifier, false)
+		c.JSON(401, gin.H{
+			"status":  401,
+			"message": "Unauthorized",
+		})
+		return
+	}
+
+	if !controller.auth.VerifyUser(userSearch, req.Password) {
+		log.Warn().Str("username", req.Username).Str("ip", clientIP).Msg("Invalid password")
+		controller.auth.RecordLoginAttempt(rateIdentifier, false)
+		c.JSON(401, gin.H{
+			"status":  401,
+			"message": "Unauthorized",
+		})
+		return
+	}
+
+	log.Info().Str("username", req.Username).Str("ip", clientIP).Msg("Login successful")
+
+	controller.auth.RecordLoginAttempt(rateIdentifier, true)
+
+	if userSearch.Type == "local" {
+		user := controller.auth.GetLocalUser(userSearch.Username)
+
+		if user.TotpSecret != "" {
+			log.Debug().Str("username", req.Username).Msg("User has TOTP enabled, requiring TOTP verification")
+
+			err := controller.auth.CreateSessionCookie(c, &config.SessionCookie{
+				Username:    user.Username,
+				Name:        utils.Capitalize(req.Username),
+				Email:       fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.config.CookieDomain),
+				Provider:    "username",
+				TotpPending: true,
+			})
+
+			if err != nil {
+				log.Error().Err(err).Msg("Failed to create session cookie")
+				c.JSON(500, gin.H{
+					"status":  500,
+					"message": "Internal Server Error",
+				})
+				return
+			}
+
+			c.JSON(200, gin.H{
+				"status":      200,
+				"message":     "TOTP required",
+				"totpPending": true,
+			})
+			return
+		}
+	}
+
+	err = controller.auth.CreateSessionCookie(c, &config.SessionCookie{
+		Username: req.Username,
+		Name:     utils.Capitalize(req.Username),
+		Email:    fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.config.CookieDomain),
+		Provider: "username",
+	})
+
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to create session cookie")
+		c.JSON(500, gin.H{
+			"status":  500,
+			"message": "Internal Server Error",
+		})
+		return
+	}
+
+	c.JSON(200, gin.H{
+		"status":  200,
+		"message": "Login successful",
+	})
+}
+
+func (controller *UserController) logoutHandler(c *gin.Context) {
+	log.Debug().Msg("Logout request received")
+
+	controller.auth.DeleteSessionCookie(c)
+
+	c.JSON(200, gin.H{
+		"status":  200,
+		"message": "Logout successful",
+	})
+}
+
+func (controller *UserController) totpHandler(c *gin.Context) {
+	var req TotpRequest
+
+	err := c.ShouldBindJSON(&req)
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to bind JSON")
+		c.JSON(400, gin.H{
+			"status":  400,
+			"message": "Bad Request",
+		})
+		return
+	}
+
+	context, err := utils.GetContext(c)
+
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to get user context")
+		c.JSON(500, gin.H{
+			"status":  500,
+			"message": "Internal Server Error",
+		})
+		return
+	}
+
+	if !context.TotpPending {
+		log.Warn().Msg("TOTP attempt without a pending TOTP session")
+		c.JSON(401, gin.H{
+			"status":  401,
+			"message": "Unauthorized",
+		})
+		return
+	}
+
+	clientIP := c.ClientIP()
+
+	rateIdentifier := context.Username
+
+	if rateIdentifier == "" {
+		rateIdentifier = clientIP
+	}
+
+	log.Debug().Str("username", context.Username).Str("ip", clientIP).Msg("TOTP verification attempt")
+
+	isLocked, remainingTime := controller.auth.IsAccountLocked(rateIdentifier)
+
+	if isLocked {
+		log.Warn().Str("username", context.Username).Str("ip", clientIP).Msg("Account is locked due to too many failed TOTP attempts")
+		c.JSON(429, gin.H{
+			"status":  429,
+			"message": fmt.Sprintf("Too many failed TOTP attempts. Try again in %d seconds", remainingTime),
+		})
+		return
+	}
+
+	user := controller.auth.GetLocalUser(context.Username)
+
+	ok := totp.Validate(req.Code, user.TotpSecret)
+
+	if !ok {
+		log.Warn().Str("username", context.Username).Str("ip", clientIP).Msg("Invalid TOTP code")
+		controller.auth.RecordLoginAttempt(rateIdentifier, false)
+		c.JSON(401, gin.H{
+			"status":  401,
+			"message": "Unauthorized",
+		})
+		return
+	}
+
+	log.Info().Str("username", context.Username).Str("ip", clientIP).Msg("TOTP verification successful")
+
+	controller.auth.RecordLoginAttempt(rateIdentifier, true)
+
+	err = controller.auth.CreateSessionCookie(c, &config.SessionCookie{
+		Username: user.Username,
+		Name:     utils.Capitalize(user.Username),
+		Email:    fmt.Sprintf("%s@%s", strings.ToLower(user.Username), controller.config.CookieDomain),
+		Provider: "username",
+	})
+
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to create session cookie")
+		c.JSON(500, gin.H{
+			"status":  500,
+			"message": "Internal Server Error",
+		})
+		return
+	}
+
+	c.JSON(200, gin.H{
+		"status":  200,
+		"message": "Login successful",
+	})
+}

internal/controller/user_controller_test.go

@@ -0,0 +1,297 @@
+package controller_test
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+	"time"
+	"tinyauth/internal/config"
+	"tinyauth/internal/controller"
+	"tinyauth/internal/service"
+
+	"github.com/gin-gonic/gin"
+	"github.com/pquerna/otp/totp"
+	"gotest.tools/v3/assert"
+)
+
+var cookieValue string
+var totpSecret = "6WFZXPEZRK5MZHHYAFW4DAOUYQMCASBJ"
+
+func setupUserController(t *testing.T, middlewares *[]gin.HandlerFunc) (*gin.Engine, *httptest.ResponseRecorder) {
+	// Setup
+	gin.SetMode(gin.TestMode)
+	router := gin.Default()
+
+	if middlewares != nil {
+		for _, m := range *middlewares {
+			router.Use(m)
+		}
+	}
+
+	group := router.Group("/api")
+	recorder := httptest.NewRecorder()
+
+	// Database
+	databaseService := service.NewDatabaseService(service.DatabaseServiceConfig{
+		DatabasePath: "/tmp/tinyauth_test.db",
+	})
+
+	assert.NilError(t, databaseService.Init())
+
+	database := databaseService.GetDatabase()
+
+	// Auth service
+	authService := service.NewAuthService(service.AuthServiceConfig{
+		Users: []config.User{
+			{
+				Username: "testuser",
+				Password: "$2a$10$ne6z693sTgzT3ePoQ05PgOecUHnBjM7sSNj6M.l5CLUP.f6NyCnt.", // test
+			},
+			{
+				Username:   "totpuser",
+				Password:   "$2a$10$ne6z693sTgzT3ePoQ05PgOecUHnBjM7sSNj6M.l5CLUP.f6NyCnt.", // test
+				TotpSecret: totpSecret,
+			},
+		},
+		OauthWhitelist:    "",
+		SessionExpiry:     3600,
+		SecureCookie:      false,
+		CookieDomain:      "localhost",
+		LoginTimeout:      300,
+		LoginMaxRetries:   3,
+		SessionCookieName: "tinyauth-session",
+	}, nil, nil, database)
+
+	// Controller
+	ctrl := controller.NewUserController(controller.UserControllerConfig{
+		CookieDomain: "localhost",
+	}, group, authService)
+	ctrl.SetupRoutes()
+
+	return router, recorder
+}
+
+func TestLoginHandler(t *testing.T) {
+	// Setup
+	router, recorder := setupUserController(t, nil)
+
+	loginReq := controller.LoginRequest{
+		Username: "testuser",
+		Password: "test",
+	}
+
+	loginReqJson, err := json.Marshal(loginReq)
+	assert.NilError(t, err)
+
+	// Test
+	req := httptest.NewRequest("POST", "/api/user/login", strings.NewReader(string(loginReqJson)))
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 200, recorder.Code)
+
+	cookie := recorder.Result().Cookies()[0]
+
+	assert.Equal(t, "tinyauth-session", cookie.Name)
+	assert.Assert(t, cookie.Value != "")
+
+	cookieValue = cookie.Value
+
+	// Test invalid credentials
+	loginReq = controller.LoginRequest{
+		Username: "testuser",
+		Password: "invalid",
+	}
+
+	loginReqJson, err = json.Marshal(loginReq)
+	assert.NilError(t, err)
+
+	recorder = httptest.NewRecorder()
+	req = httptest.NewRequest("POST", "/api/user/login", strings.NewReader(string(loginReqJson)))
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 401, recorder.Code)
+
+	// Test totp required
+	loginReq = controller.LoginRequest{
+		Username: "totpuser",
+		Password: "test",
+	}
+
+	loginReqJson, err = json.Marshal(loginReq)
+	assert.NilError(t, err)
+
+	recorder = httptest.NewRecorder()
+	req = httptest.NewRequest("POST", "/api/user/login", strings.NewReader(string(loginReqJson)))
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 200, recorder.Code)
+
+	loginResJson, err := json.Marshal(map[string]any{
+		"message":     "TOTP required",
+		"status":      200,
+		"totpPending": true,
+	})
+
+	assert.NilError(t, err)
+	assert.Equal(t, string(loginResJson), recorder.Body.String())
+
+	// Test invalid json
+	recorder = httptest.NewRecorder()
+	req = httptest.NewRequest("POST", "/api/user/login", strings.NewReader("{invalid json}"))
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 400, recorder.Code)
+
+	// Test rate limiting
+	loginReq = controller.LoginRequest{
+		Username: "testuser",
+		Password: "invalid",
+	}
+
+	loginReqJson, err = json.Marshal(loginReq)
+	assert.NilError(t, err)
+
+	for range 5 {
+		recorder = httptest.NewRecorder()
+		req = httptest.NewRequest("POST", "/api/user/login", strings.NewReader(string(loginReqJson)))
+		router.ServeHTTP(recorder, req)
+	}
+
+	assert.Equal(t, 429, recorder.Code)
+}
+
+func TestLogoutHandler(t *testing.T) {
+	// Setup
+	router, recorder := setupUserController(t, nil)
+
+	// Test
+	req := httptest.NewRequest("POST", "/api/user/logout", nil)
+
+	req.AddCookie(&http.Cookie{
+		Name:  "tinyauth-session",
+		Value: cookieValue,
+	})
+
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 200, recorder.Code)
+
+	cookie := recorder.Result().Cookies()[0]
+
+	assert.Equal(t, "tinyauth-session", cookie.Name)
+	assert.Equal(t, "", cookie.Value)
+	assert.Equal(t, -1, cookie.MaxAge)
+}
+
+func TestTotpHandler(t *testing.T) {
+	// Setup
+	router, recorder := setupUserController(t, &[]gin.HandlerFunc{
+		func(c *gin.Context) {
+			c.Set("context", &config.UserContext{
+				Username:    "totpuser",
+				Name:        "totpuser",
+				Email:       "totpuser@example.com",
+				IsLoggedIn:  false,
+				OAuth:       false,
+				Provider:    "username",
+				TotpPending: true,
+				OAuthGroups: "",
+				TotpEnabled: true,
+			})
+			c.Next()
+		},
+	})
+
+	// Test
+	code, err := totp.GenerateCode(totpSecret, time.Now())
+
+	assert.NilError(t, err)
+
+	totpReq := controller.TotpRequest{
+		Code: code,
+	}
+
+	totpReqJson, err := json.Marshal(totpReq)
+	assert.NilError(t, err)
+
+	req := httptest.NewRequest("POST", "/api/user/totp", strings.NewReader(string(totpReqJson)))
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 200, recorder.Code)
+
+	cookie := recorder.Result().Cookies()[0]
+
+	assert.Equal(t, "tinyauth-session", cookie.Name)
+	assert.Assert(t, cookie.Value != "")
+
+	// Test invalid json
+	recorder = httptest.NewRecorder()
+	req = httptest.NewRequest("POST", "/api/user/totp", strings.NewReader("{invalid json}"))
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 400, recorder.Code)
+
+	// Test rate limiting
+	totpReq = controller.TotpRequest{
+		Code: "000000",
+	}
+
+	totpReqJson, err = json.Marshal(totpReq)
+	assert.NilError(t, err)
+
+	for range 5 {
+		recorder = httptest.NewRecorder()
+		req = httptest.NewRequest("POST", "/api/user/totp", strings.NewReader(string(totpReqJson)))
+		router.ServeHTTP(recorder, req)
+	}
+
+	assert.Equal(t, 429, recorder.Code)
+
+	// Test invalid code
+	router, recorder = setupUserController(t, &[]gin.HandlerFunc{
+		func(c *gin.Context) {
+			c.Set("context", &config.UserContext{
+				Username:    "totpuser",
+				Name:        "totpuser",
+				Email:       "totpuser@example.com",
+				IsLoggedIn:  false,
+				OAuth:       false,
+				Provider:    "username",
+				TotpPending: true,
+				OAuthGroups: "",
+				TotpEnabled: true,
+			})
+			c.Next()
+		},
+	})
+
+	req = httptest.NewRequest("POST", "/api/user/totp", strings.NewReader(string(totpReqJson)))
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 401, recorder.Code)
+
+	// Test no totp pending
+	router, recorder = setupUserController(t, &[]gin.HandlerFunc{
+		func(c *gin.Context) {
+			c.Set("context", &config.UserContext{
+				Username:    "totpuser",
+				Name:        "totpuser",
+				Email:       "totpuser@example.com",
+				IsLoggedIn:  false,
+				OAuth:       false,
+				Provider:    "username",
+				TotpPending: false,
+				OAuthGroups: "",
+				TotpEnabled: false,
+			})
+			c.Next()
+		},
+	})
+
+	req = httptest.NewRequest("POST", "/api/user/totp", strings.NewReader(string(totpReqJson)))
+	router.ServeHTTP(recorder, req)
+
+	assert.Equal(t, 401, recorder.Code)
+}

internal/docker/docker.go

@@ -1,102 +0,0 @@
-package docker
-
-import (
-	"context"
-	"strings"
-	"tinyauth/internal/types"
-	"tinyauth/internal/utils"
-
-	container "github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/client"
-	"github.com/rs/zerolog/log"
-)
-
-type Docker struct {
-	Client  *client.Client
-	Context context.Context
-}
-
-func NewDocker() (*Docker, error) {
-	client, err := client.NewClientWithOpts(client.FromEnv)
-	if err != nil {
-		return nil, err
-	}
-
-	ctx := context.Background()
-	client.NegotiateAPIVersion(ctx)
-
-	return &Docker{
-		Client:  client,
-		Context: ctx,
-	}, nil
-}
-
-func (docker *Docker) GetContainers() ([]container.Summary, error) {
-	containers, err := docker.Client.ContainerList(docker.Context, container.ListOptions{})
-	if err != nil {
-		return nil, err
-	}
-	return containers, nil
-}
-
-func (docker *Docker) InspectContainer(containerId string) (container.InspectResponse, error) {
-	inspect, err := docker.Client.ContainerInspect(docker.Context, containerId)
-	if err != nil {
-		return container.InspectResponse{}, err
-	}
-	return inspect, nil
-}
-
-func (docker *Docker) DockerConnected() bool {
-	_, err := docker.Client.Ping(docker.Context)
-	return err == nil
-}
-
-func (docker *Docker) GetLabels(app string, domain string) (types.Labels, error) {
-	isConnected := docker.DockerConnected()
-
-	if !isConnected {
-		log.Debug().Msg("Docker not connected, returning empty labels")
-		return types.Labels{}, nil
-	}
-
-	log.Debug().Msg("Getting containers")
-
-	containers, err := docker.GetContainers()
-	if err != nil {
-		log.Error().Err(err).Msg("Error getting containers")
-		return types.Labels{}, err
-	}
-
-	for _, container := range containers {
-		inspect, err := docker.InspectContainer(container.ID)
-		if err != nil {
-			log.Warn().Str("id", container.ID).Err(err).Msg("Error inspecting container, skipping")
-			continue
-		}
-
-		log.Debug().Str("id", inspect.ID).Msg("Getting labels for container")
-
-		labels, err := utils.GetLabels(inspect.Config.Labels)
-		if err != nil {
-			log.Warn().Str("id", container.ID).Err(err).Msg("Error getting container labels, skipping")
-			continue
-		}
-
-		// Check if the container matches the ID or domain
-		for _, lDomain := range labels.Domain {
-			if lDomain == domain {
-				log.Debug().Str("id", inspect.ID).Msg("Found matching container by domain")
-				return labels, nil
-			}
-		}
-
-		if strings.TrimPrefix(inspect.Name, "/") == app {
-			log.Debug().Str("id", inspect.ID).Msg("Found matching container by name")
-			return labels, nil
-		}
-	}
-
-	log.Debug().Msg("No matching container found, returning empty labels")
-	return types.Labels{}, nil
-}

internal/handlers/context.go

@@ -1,64 +0,0 @@
-package handlers
-
-import (
-	"tinyauth/internal/types"
-
-	"github.com/gin-gonic/gin"
-	"github.com/rs/zerolog/log"
-)
-
-func (h *Handlers) AppContextHandler(c *gin.Context) {
-	log.Debug().Msg("Getting app context")
-
-	// Get configured providers
-	configuredProviders := h.Providers.GetConfiguredProviders()
-
-	// We have username/password configured so add it to our providers
-	if h.Auth.UserAuthConfigured() {
-		configuredProviders = append(configuredProviders, "username")
-	}
-
-	// Return app context
-	appContext := types.AppContext{
-		Status:                200,
-		Message:               "OK",
-		ConfiguredProviders:   configuredProviders,
-		DisableContinue:       h.Config.DisableContinue,
-		Title:                 h.Config.Title,
-		GenericName:           h.Config.GenericName,
-		Domain:                h.Config.Domain,
-		ForgotPasswordMessage: h.Config.ForgotPasswordMessage,
-		BackgroundImage:       h.Config.BackgroundImage,
-		OAuthAutoRedirect:     h.Config.OAuthAutoRedirect,
-	}
-	c.JSON(200, appContext)
-}
-
-func (h *Handlers) UserContextHandler(c *gin.Context) {
-	log.Debug().Msg("Getting user context")
-
-	// Create user context using hooks
-	userContext := h.Hooks.UseUserContext(c)
-
-	userContextResponse := types.UserContextResponse{
-		Status:      200,
-		IsLoggedIn:  userContext.IsLoggedIn,
-		Username:    userContext.Username,
-		Name:        userContext.Name,
-		Email:       userContext.Email,
-		Provider:    userContext.Provider,
-		Oauth:       userContext.OAuth,
-		TotpPending: userContext.TotpPending,
-	}
-
-	// If we are not logged in we set the status to 401 else we set it to 200
-	if !userContext.IsLoggedIn {
-		log.Debug().Msg("Unauthorized")
-		userContextResponse.Message = "Unauthorized"
-	} else {
-		log.Debug().Interface("userContext", userContext).Msg("Authenticated")
-		userContextResponse.Message = "Authenticated"
-	}
-
-	c.JSON(200, userContextResponse)
-}

internal/handlers/handlers.go

@@ -1,36 +0,0 @@
-package handlers
-
-import (
-	"tinyauth/internal/auth"
-	"tinyauth/internal/docker"
-	"tinyauth/internal/hooks"
-	"tinyauth/internal/providers"
-	"tinyauth/internal/types"
-
-	"github.com/gin-gonic/gin"
-)
-
-type Handlers struct {
-	Config    types.HandlersConfig
-	Auth      *auth.Auth
-	Hooks     *hooks.Hooks
-	Providers *providers.Providers
-	Docker    *docker.Docker
-}
-
-func NewHandlers(config types.HandlersConfig, auth *auth.Auth, hooks *hooks.Hooks, providers *providers.Providers, docker *docker.Docker) *Handlers {
-	return &Handlers{
-		Config:    config,
-		Auth:      auth,
-		Hooks:     hooks,
-		Providers: providers,
-		Docker:    docker,
-	}
-}
-
-func (h *Handlers) HealthcheckHandler(c *gin.Context) {
-	c.JSON(200, gin.H{
-		"status":  200,
-		"message": "OK",
-	})
-}

internal/handlers/handlers_test.go

@@ -1,394 +0,0 @@
-package handlers_test
-
-import (
-	"encoding/json"
-	"io"
-	"net/http"
-	"net/http/httptest"
-	"reflect"
-	"strings"
-	"testing"
-	"time"
-	"tinyauth/internal/auth"
-	"tinyauth/internal/docker"
-	"tinyauth/internal/handlers"
-	"tinyauth/internal/hooks"
-	"tinyauth/internal/providers"
-	"tinyauth/internal/server"
-	"tinyauth/internal/types"
-
-	"github.com/magiconair/properties/assert"
-	"github.com/pquerna/otp/totp"
-)
-
-// Simple server config
-var serverConfig = types.ServerConfig{
-	Port:    8080,
-	Address: "0.0.0.0",
-}
-
-// Simple handlers config
-var handlersConfig = types.HandlersConfig{
-	AppURL:                "http://localhost:8080",
-	Domain:                "localhost",
-	DisableContinue:       false,
-	CookieSecure:          false,
-	Title:                 "Tinyauth",
-	GenericName:           "Generic",
-	ForgotPasswordMessage: "Message",
-	CsrfCookieName:        "tinyauth-csrf",
-	RedirectCookieName:    "tinyauth-redirect",
-	BackgroundImage:       "https://example.com/image.png",
-	OAuthAutoRedirect:     "none",
-}
-
-// Simple auth config
-var authConfig = types.AuthConfig{
-	Users:             types.Users{},
-	OauthWhitelist:    "",
-	HMACSecret:        "4bZ9K.*:;zH=,9zG!meUxu.B5-S[7.V.", // Complex on purpose
-	EncryptionSecret:  "\\:!R(u[Sbv6ZLm.7es)H|OqH4y}0u\\rj",
-	CookieSecure:      false,
-	SessionExpiry:     3600,
-	LoginTimeout:      0,
-	LoginMaxRetries:   0,
-	SessionCookieName: "tinyauth-session",
-	Domain:            "localhost",
-}
-
-// Simple hooks config
-var hooksConfig = types.HooksConfig{
-	Domain: "localhost",
-}
-
-// Cookie
-var cookie string
-
-// User
-var user = types.User{
-	Username: "user",
-	Password: "$2a$10$AvGHLTYv3xiRJ0xV9xs3XeVIlkGTygI9nqIamFYB5Xu.5.0UWF7B6", // pass
-}
-
-// Initialize the server for tests
-func getServer(t *testing.T) *server.Server {
-	// Create services
-	authConfig.Users = types.Users{
-		{
-			Username:   user.Username,
-			Password:   user.Password,
-			TotpSecret: user.TotpSecret,
-		},
-	}
-	docker, err := docker.NewDocker()
-	if err != nil {
-		t.Fatalf("Failed to create docker client: %v", err)
-	}
-	auth := auth.NewAuth(authConfig, nil, nil)
-	providers := providers.NewProviders(types.OAuthConfig{})
-	hooks := hooks.NewHooks(hooksConfig, auth, providers)
-	handlers := handlers.NewHandlers(handlersConfig, auth, hooks, providers, docker)
-
-	// Create server
-	srv, err := server.NewServer(serverConfig, handlers)
-	if err != nil {
-		t.Fatalf("Failed to create server: %v", err)
-	}
-
-	return srv
-}
-
-func TestLogin(t *testing.T) {
-	t.Log("Testing login")
-
-	srv := getServer(t)
-
-	recorder := httptest.NewRecorder()
-
-	user := types.LoginRequest{
-		Username: "user",
-		Password: "pass",
-	}
-
-	json, err := json.Marshal(user)
-	if err != nil {
-		t.Fatalf("Error marshalling json: %v", err)
-	}
-
-	req, err := http.NewRequest("POST", "/api/login", strings.NewReader(string(json)))
-	if err != nil {
-		t.Fatalf("Error creating request: %v", err)
-	}
-
-	srv.Router.ServeHTTP(recorder, req)
-	assert.Equal(t, recorder.Code, http.StatusOK)
-
-	cookies := recorder.Result().Cookies()
-
-	if len(cookies) == 0 {
-		t.Fatalf("Cookie not set")
-	}
-
-	// Set the cookie for further tests
-	cookie = cookies[0].Value
-}
-
-func TestAppContext(t *testing.T) {
-	// Refresh the cookie
-	TestLogin(t)
-
-	t.Log("Testing app context")
-
-	srv := getServer(t)
-
-	recorder := httptest.NewRecorder()
-
-	req, err := http.NewRequest("GET", "/api/app", nil)
-	if err != nil {
-		t.Fatalf("Error creating request: %v", err)
-	}
-
-	// Set the cookie from the previous test
-	req.AddCookie(&http.Cookie{
-		Name:  "tinyauth",
-		Value: cookie,
-	})
-
-	srv.Router.ServeHTTP(recorder, req)
-	assert.Equal(t, recorder.Code, http.StatusOK)
-
-	body, err := io.ReadAll(recorder.Body)
-	if err != nil {
-		t.Fatalf("Error getting body: %v", err)
-	}
-
-	var app types.AppContext
-
-	err = json.Unmarshal(body, &app)
-	if err != nil {
-		t.Fatalf("Error unmarshalling body: %v", err)
-	}
-
-	expected := types.AppContext{
-		Status:                200,
-		Message:               "OK",
-		ConfiguredProviders:   []string{"username"},
-		DisableContinue:       false,
-		Title:                 "Tinyauth",
-		GenericName:           "Generic",
-		ForgotPasswordMessage: "Message",
-		BackgroundImage:       "https://example.com/image.png",
-		OAuthAutoRedirect:     "none",
-		Domain:                "localhost",
-	}
-
-	// We should get the username back
-	if !reflect.DeepEqual(app, expected) {
-		t.Fatalf("Expected %v, got %v", expected, app)
-	}
-}
-
-func TestUserContext(t *testing.T) {
-	// Refresh the cookie
-	TestLogin(t)
-
-	t.Log("Testing user context")
-
-	srv := getServer(t)
-
-	recorder := httptest.NewRecorder()
-
-	req, err := http.NewRequest("GET", "/api/user", nil)
-	if err != nil {
-		t.Fatalf("Error creating request: %v", err)
-	}
-
-	req.AddCookie(&http.Cookie{
-		Name:  "tinyauth-session",
-		Value: cookie,
-	})
-
-	srv.Router.ServeHTTP(recorder, req)
-	assert.Equal(t, recorder.Code, http.StatusOK)
-
-	body, err := io.ReadAll(recorder.Body)
-	if err != nil {
-		t.Fatalf("Error getting body: %v", err)
-	}
-
-	type User struct {
-		Username string `json:"username"`
-	}
-
-	var user User
-
-	err = json.Unmarshal(body, &user)
-	if err != nil {
-		t.Fatalf("Error unmarshalling body: %v", err)
-	}
-
-	// We should get the user back
-	if user.Username != "user" {
-		t.Fatalf("Expected user, got %s", user.Username)
-	}
-}
-
-func TestLogout(t *testing.T) {
-	// Refresh the cookie
-	TestLogin(t)
-
-	t.Log("Testing logout")
-
-	srv := getServer(t)
-
-	recorder := httptest.NewRecorder()
-
-	req, err := http.NewRequest("POST", "/api/logout", nil)
-	if err != nil {
-		t.Fatalf("Error creating request: %v", err)
-	}
-
-	req.AddCookie(&http.Cookie{
-		Name:  "tinyauth-session",
-		Value: cookie,
-	})
-
-	srv.Router.ServeHTTP(recorder, req)
-	assert.Equal(t, recorder.Code, http.StatusOK)
-
-	// Check if the cookie is different (means the cookie is gone)
-	if recorder.Result().Cookies()[0].Value == cookie {
-		t.Fatalf("Cookie not flushed")
-	}
-}
-
-func TestAuth(t *testing.T) {
-	// Refresh the cookie
-	TestLogin(t)
-
-	t.Log("Testing auth endpoint")
-
-	srv := getServer(t)
-
-	recorder := httptest.NewRecorder()
-
-	req, err := http.NewRequest("GET", "/api/auth/traefik", nil)
-	if err != nil {
-		t.Fatalf("Error creating request: %v", err)
-	}
-
-	req.Header.Set("Accept", "text/html")
-
-	srv.Router.ServeHTTP(recorder, req)
-	assert.Equal(t, recorder.Code, http.StatusTemporaryRedirect)
-
-	recorder = httptest.NewRecorder()
-
-	req, err = http.NewRequest("GET", "/api/auth/traefik", nil)
-	if err != nil {
-		t.Fatalf("Error creating request: %v", err)
-	}
-
-	req.AddCookie(&http.Cookie{
-		Name:  "tinyauth-session",
-		Value: cookie,
-	})
-
-	srv.Router.ServeHTTP(recorder, req)
-	assert.Equal(t, recorder.Code, http.StatusOK)
-
-	recorder = httptest.NewRecorder()
-
-	req, err = http.NewRequest("GET", "/api/auth/nginx", nil)
-	if err != nil {
-		t.Fatalf("Error creating request: %v", err)
-	}
-
-	srv.Router.ServeHTTP(recorder, req)
-	assert.Equal(t, recorder.Code, http.StatusUnauthorized)
-
-	recorder = httptest.NewRecorder()
-
-	req, err = http.NewRequest("GET", "/api/auth/nginx", nil)
-	if err != nil {
-		t.Fatalf("Error creating request: %v", err)
-	}
-
-	req.AddCookie(&http.Cookie{
-		Name:  "tinyauth-session",
-		Value: cookie,
-	})
-
-	srv.Router.ServeHTTP(recorder, req)
-	assert.Equal(t, recorder.Code, http.StatusOK)
-}
-
-func TestTOTP(t *testing.T) {
-	t.Log("Testing TOTP")
-
-	key, err := totp.Generate(totp.GenerateOpts{
-		Issuer:      "Tinyauth",
-		AccountName: user.Username,
-	})
-	if err != nil {
-		t.Fatalf("Failed to generate TOTP secret: %v", err)
-	}
-
-	secret := key.Secret()
-
-	user.TotpSecret = secret
-
-	srv := getServer(t)
-
-	user := types.LoginRequest{
-		Username: "user",
-		Password: "pass",
-	}
-
-	loginJson, err := json.Marshal(user)
-	if err != nil {
-		t.Fatalf("Error marshalling json: %v", err)
-	}
-
-	recorder := httptest.NewRecorder()
-
-	req, err := http.NewRequest("POST", "/api/login", strings.NewReader(string(loginJson)))
-	if err != nil {
-		t.Fatalf("Error creating request: %v", err)
-	}
-
-	srv.Router.ServeHTTP(recorder, req)
-	assert.Equal(t, recorder.Code, http.StatusOK)
-
-	// Set the cookie for next test
-	cookie = recorder.Result().Cookies()[0].Value
-
-	code, err := totp.GenerateCode(secret, time.Now())
-	if err != nil {
-		t.Fatalf("Failed to generate TOTP code: %v", err)
-	}
-
-	totpRequest := types.TotpRequest{
-		Code: code,
-	}
-
-	totpJson, err := json.Marshal(totpRequest)
-	if err != nil {
-		t.Fatalf("Error marshalling TOTP request: %v", err)
-	}
-
-	recorder = httptest.NewRecorder()
-
-	req, err = http.NewRequest("POST", "/api/totp", strings.NewReader(string(totpJson)))
-	if err != nil {
-		t.Fatalf("Error creating request: %v", err)
-	}
-
-	req.AddCookie(&http.Cookie{
-		Name:  "tinyauth-session",
-		Value: cookie,
-	})
-
-	srv.Router.ServeHTTP(recorder, req)
-	assert.Equal(t, recorder.Code, http.StatusOK)
-}

internal/handlers/oauth.go

@@ -1,223 +0,0 @@
-package handlers
-
-import (
-	"fmt"
-	"net/http"
-	"strings"
-	"time"
-	"tinyauth/internal/types"
-	"tinyauth/internal/utils"
-
-	"github.com/gin-gonic/gin"
-	"github.com/google/go-querystring/query"
-	"github.com/rs/zerolog/log"
-)
-
-func (h *Handlers) OAuthURLHandler(c *gin.Context) {
-	var request types.OAuthRequest
-
-	err := c.BindUri(&request)
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to bind URI")
-		c.JSON(400, gin.H{
-			"status":  400,
-			"message": "Bad Request",
-		})
-		return
-	}
-
-	log.Debug().Msg("Got OAuth request")
-
-	// Check if provider exists
-	provider := h.Providers.GetProvider(request.Provider)
-
-	if provider == nil {
-		c.JSON(404, gin.H{
-			"status":  404,
-			"message": "Not Found",
-		})
-		return
-	}
-
-	log.Debug().Str("provider", request.Provider).Msg("Got provider")
-
-	// Create state
-	state := provider.GenerateState()
-
-	// Get auth URL
-	authURL := provider.GetAuthURL(state)
-
-	log.Debug().Msg("Got auth URL")
-
-	// Set CSRF cookie
-	c.SetCookie(h.Config.CsrfCookieName, state, int(time.Hour.Seconds()), "/", "", h.Config.CookieSecure, true)
-
-	// Get redirect URI
-	redirectURI := c.Query("redirect_uri")
-
-	// Set redirect cookie if redirect URI is provided
-	if redirectURI != "" {
-		log.Debug().Str("redirectURI", redirectURI).Msg("Setting redirect cookie")
-		c.SetCookie(h.Config.RedirectCookieName, redirectURI, int(time.Hour.Seconds()), "/", "", h.Config.CookieSecure, true)
-	}
-
-	// Return auth URL
-	c.JSON(200, gin.H{
-		"status":  200,
-		"message": "OK",
-		"url":     authURL,
-	})
-}
-
-func (h *Handlers) OAuthCallbackHandler(c *gin.Context) {
-	var providerName types.OAuthRequest
-
-	err := c.BindUri(&providerName)
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to bind URI")
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", h.Config.AppURL))
-		return
-	}
-
-	log.Debug().Interface("provider", providerName.Provider).Msg("Got provider name")
-
-	// Get state
-	state := c.Query("state")
-
-	// Get CSRF cookie
-	csrfCookie, err := c.Cookie(h.Config.CsrfCookieName)
-
-	if err != nil {
-		log.Debug().Msg("No CSRF cookie")
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", h.Config.AppURL))
-		return
-	}
-
-	log.Debug().Str("csrfCookie", csrfCookie).Msg("Got CSRF cookie")
-
-	// Check if CSRF cookie is valid
-	if csrfCookie != state {
-		log.Warn().Msg("Invalid CSRF cookie or CSRF cookie does not match with the state")
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", h.Config.AppURL))
-		return
-	}
-
-	// Clean up CSRF cookie
-	c.SetCookie(h.Config.CsrfCookieName, "", -1, "/", "", h.Config.CookieSecure, true)
-
-	// Get code
-	code := c.Query("code")
-
-	log.Debug().Msg("Got code")
-
-	// Get provider
-	provider := h.Providers.GetProvider(providerName.Provider)
-
-	if provider == nil {
-		c.Redirect(http.StatusTemporaryRedirect, "/not-found")
-		return
-	}
-
-	log.Debug().Str("provider", providerName.Provider).Msg("Got provider")
-
-	// Exchange token (authenticates user)
-	_, err = provider.ExchangeToken(code)
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to exchange token")
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", h.Config.AppURL))
-		return
-	}
-
-	log.Debug().Msg("Got token")
-
-	// Get user
-	user, err := h.Providers.GetUser(providerName.Provider)
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to get user")
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", h.Config.AppURL))
-		return
-	}
-
-	log.Debug().Msg("Got user")
-
-	// Check that email is not empty
-	if user.Email == "" {
-		log.Error().Msg("Email is empty")
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", h.Config.AppURL))
-		return
-	}
-
-	// Email is not whitelisted
-	if !h.Auth.EmailWhitelisted(user.Email) {
-		log.Warn().Str("email", user.Email).Msg("Email not whitelisted")
-		queries, err := query.Values(types.UnauthorizedQuery{
-			Username: user.Email,
-		})
-
-		if err != nil {
-			log.Error().Err(err).Msg("Failed to build queries")
-			c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", h.Config.AppURL))
-			return
-		}
-
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", h.Config.AppURL, queries.Encode()))
-	}
-
-	log.Debug().Msg("Email whitelisted")
-
-	// Get username
-	var username string
-
-	if user.PreferredUsername != "" {
-		username = user.PreferredUsername
-	} else {
-		username = fmt.Sprintf("%s_%s", strings.Split(user.Email, "@")[0], strings.Split(user.Email, "@")[1])
-	}
-
-	// Get name
-	var name string
-
-	if user.Name != "" {
-		name = user.Name
-	} else {
-		name = fmt.Sprintf("%s (%s)", utils.Capitalize(strings.Split(user.Email, "@")[0]), strings.Split(user.Email, "@")[1])
-	}
-
-	// Create session cookie
-	h.Auth.CreateSessionCookie(c, &types.SessionCookie{
-		Username:    username,
-		Name:        name,
-		Email:       user.Email,
-		Provider:    providerName.Provider,
-		OAuthGroups: utils.CoalesceToString(user.Groups),
-	})
-
-	// Check if we have a redirect URI
-	redirectCookie, err := c.Cookie(h.Config.RedirectCookieName)
-
-	if err != nil {
-		log.Debug().Msg("No redirect cookie")
-		c.Redirect(http.StatusTemporaryRedirect, h.Config.AppURL)
-		return
-	}
-
-	log.Debug().Str("redirectURI", redirectCookie).Msg("Got redirect URI")
-
-	queries, err := query.Values(types.LoginQuery{
-		RedirectURI: redirectCookie,
-	})
-
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to build queries")
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", h.Config.AppURL))
-		return
-	}
-
-	log.Debug().Msg("Got redirect query")
-
-	// Clean up redirect cookie
-	c.SetCookie(h.Config.RedirectCookieName, "", -1, "/", "", h.Config.CookieSecure, true)
-
-	// Redirect to continue with the redirect URI
-	c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/continue?%s", h.Config.AppURL, queries.Encode()))
-}

internal/handlers/proxy.go

@@ -1,282 +0,0 @@
-package handlers
-
-import (
-	"fmt"
-	"net/http"
-	"strings"
-	"tinyauth/internal/types"
-	"tinyauth/internal/utils"
-
-	"github.com/gin-gonic/gin"
-	"github.com/google/go-querystring/query"
-	"github.com/rs/zerolog/log"
-)
-
-func (h *Handlers) ProxyHandler(c *gin.Context) {
-	var proxy types.Proxy
-
-	err := c.BindUri(&proxy)
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to bind URI")
-		c.JSON(400, gin.H{
-			"status":  400,
-			"message": "Bad Request",
-		})
-		return
-	}
-
-	// Check if the request is coming from a browser (tools like curl/bruno use */* and they don't include the text/html)
-	isBrowser := strings.Contains(c.Request.Header.Get("Accept"), "text/html")
-
-	if isBrowser {
-		log.Debug().Msg("Request is most likely coming from a browser")
-	} else {
-		log.Debug().Msg("Request is most likely not coming from a browser")
-	}
-
-	log.Debug().Interface("proxy", proxy.Proxy).Msg("Got proxy")
-
-	uri := c.Request.Header.Get("X-Forwarded-Uri")
-	proto := c.Request.Header.Get("X-Forwarded-Proto")
-	host := c.Request.Header.Get("X-Forwarded-Host")
-
-	hostPortless := strings.Split(host, ":")[0] // *lol*
-	id := strings.Split(hostPortless, ".")[0]
-
-	labels, err := h.Docker.GetLabels(id, hostPortless)
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to get container labels")
-
-		if proxy.Proxy == "nginx" || !isBrowser {
-			c.JSON(500, gin.H{
-				"status":  500,
-				"message": "Internal Server Error",
-			})
-			return
-		}
-
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", h.Config.AppURL))
-		return
-	}
-
-	log.Debug().Interface("labels", labels).Msg("Got labels")
-
-	ip := c.ClientIP()
-
-	if h.Auth.BypassedIP(labels, ip) {
-		c.Header("Authorization", c.Request.Header.Get("Authorization"))
-
-		headersParsed := utils.ParseHeaders(labels.Headers)
-		for key, value := range headersParsed {
-			log.Debug().Str("key", key).Msg("Setting header")
-			c.Header(key, value)
-		}
-
-		if labels.Basic.Username != "" && utils.GetSecret(labels.Basic.Password.Plain, labels.Basic.Password.File) != "" {
-			log.Debug().Str("username", labels.Basic.Username).Msg("Setting basic auth headers")
-			c.Header("Authorization", fmt.Sprintf("Basic %s", utils.GetBasicAuth(labels.Basic.Username, utils.GetSecret(labels.Basic.Password.Plain, labels.Basic.Password.File))))
-		}
-
-		c.JSON(200, gin.H{
-			"status":  200,
-			"message": "Authenticated",
-		})
-		return
-	}
-
-	if !h.Auth.CheckIP(labels, ip) {
-		if proxy.Proxy == "nginx" || !isBrowser {
-			c.JSON(403, gin.H{
-				"status":  403,
-				"message": "Forbidden",
-			})
-			return
-		}
-
-		values := types.UnauthorizedQuery{
-			Resource: strings.Split(host, ".")[0],
-			IP:       ip,
-		}
-
-		queries, err := query.Values(values)
-		if err != nil {
-			log.Error().Err(err).Msg("Failed to build queries")
-			c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", h.Config.AppURL))
-			return
-		}
-
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", h.Config.AppURL, queries.Encode()))
-		return
-	}
-
-	authEnabled, err := h.Auth.AuthEnabled(uri, labels)
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to check if app is allowed")
-		if proxy.Proxy == "nginx" || !isBrowser {
-			c.JSON(500, gin.H{
-				"status":  500,
-				"message": "Internal Server Error",
-			})
-			return
-		}
-
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", h.Config.AppURL))
-		return
-	}
-
-	if !authEnabled {
-		c.Header("Authorization", c.Request.Header.Get("Authorization"))
-
-		headersParsed := utils.ParseHeaders(labels.Headers)
-		for key, value := range headersParsed {
-			log.Debug().Str("key", key).Msg("Setting header")
-			c.Header(key, value)
-		}
-
-		if labels.Basic.Username != "" && utils.GetSecret(labels.Basic.Password.Plain, labels.Basic.Password.File) != "" {
-			log.Debug().Str("username", labels.Basic.Username).Msg("Setting basic auth headers")
-			c.Header("Authorization", fmt.Sprintf("Basic %s", utils.GetBasicAuth(labels.Basic.Username, utils.GetSecret(labels.Basic.Password.Plain, labels.Basic.Password.File))))
-		}
-
-		c.JSON(200, gin.H{
-			"status":  200,
-			"message": "Authenticated",
-		})
-
-		return
-	}
-
-	userContext := h.Hooks.UseUserContext(c)
-
-	// If we are using basic auth, we need to check if the user has totp and if it does then disable basic auth
-	if userContext.Provider == "basic" && userContext.TotpEnabled {
-		log.Warn().Str("username", userContext.Username).Msg("User has totp enabled, disabling basic auth")
-		userContext.IsLoggedIn = false
-	}
-
-	if userContext.IsLoggedIn {
-		log.Debug().Msg("Authenticated")
-
-		// Check if user is allowed to access subdomain, if request is nginx.example.com the subdomain (resource) is nginx
-		appAllowed := h.Auth.ResourceAllowed(c, userContext, labels)
-
-		log.Debug().Bool("appAllowed", appAllowed).Msg("Checking if app is allowed")
-
-		if !appAllowed {
-			log.Warn().Str("username", userContext.Username).Str("host", host).Msg("User not allowed")
-
-			if proxy.Proxy == "nginx" || !isBrowser {
-				c.JSON(401, gin.H{
-					"status":  401,
-					"message": "Unauthorized",
-				})
-				return
-			}
-
-			values := types.UnauthorizedQuery{
-				Resource: strings.Split(host, ".")[0],
-			}
-
-			if userContext.OAuth {
-				values.Username = userContext.Email
-			} else {
-				values.Username = userContext.Username
-			}
-
-			queries, err := query.Values(values)
-			if err != nil {
-				log.Error().Err(err).Msg("Failed to build queries")
-				c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", h.Config.AppURL))
-				return
-			}
-
-			c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", h.Config.AppURL, queries.Encode()))
-			return
-		}
-
-		if userContext.OAuth {
-			groupOk := h.Auth.OAuthGroup(c, userContext, labels)
-
-			log.Debug().Bool("groupOk", groupOk).Msg("Checking if user is in required groups")
-
-			if !groupOk {
-				log.Warn().Str("username", userContext.Username).Str("host", host).Msg("User is not in required groups")
-				if proxy.Proxy == "nginx" || !isBrowser {
-					c.JSON(401, gin.H{
-						"status":  401,
-						"message": "Unauthorized",
-					})
-					return
-				}
-
-				values := types.UnauthorizedQuery{
-					Resource: strings.Split(host, ".")[0],
-					GroupErr: true,
-				}
-
-				if userContext.OAuth {
-					values.Username = userContext.Email
-				} else {
-					values.Username = userContext.Username
-				}
-
-				queries, err := query.Values(values)
-				if err != nil {
-					log.Error().Err(err).Msg("Failed to build queries")
-					c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", h.Config.AppURL))
-					return
-				}
-
-				c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", h.Config.AppURL, queries.Encode()))
-				return
-			}
-		}
-
-		c.Header("Authorization", c.Request.Header.Get("Authorization"))
-		c.Header("Remote-User", utils.SanitizeHeader(userContext.Username))
-		c.Header("Remote-Name", utils.SanitizeHeader(userContext.Name))
-		c.Header("Remote-Email", utils.SanitizeHeader(userContext.Email))
-		c.Header("Remote-Groups", utils.SanitizeHeader(userContext.OAuthGroups))
-
-		parsedHeaders := utils.ParseHeaders(labels.Headers)
-		for key, value := range parsedHeaders {
-			log.Debug().Str("key", key).Msg("Setting header")
-			c.Header(key, value)
-		}
-
-		if labels.Basic.Username != "" && utils.GetSecret(labels.Basic.Password.Plain, labels.Basic.Password.File) != "" {
-			log.Debug().Str("username", labels.Basic.Username).Msg("Setting basic auth headers")
-			c.Header("Authorization", fmt.Sprintf("Basic %s", utils.GetBasicAuth(labels.Basic.Username, utils.GetSecret(labels.Basic.Password.Plain, labels.Basic.Password.File))))
-		}
-
-		c.JSON(200, gin.H{
-			"status":  200,
-			"message": "Authenticated",
-		})
-		return
-	}
-
-	// The user is not logged in
-	log.Debug().Msg("Unauthorized")
-
-	if proxy.Proxy == "nginx" || !isBrowser {
-		c.JSON(401, gin.H{
-			"status":  401,
-			"message": "Unauthorized",
-		})
-		return
-	}
-
-	queries, err := query.Values(types.LoginQuery{
-		RedirectURI: fmt.Sprintf("%s://%s%s", proto, host, uri),
-	})
-
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to build queries")
-		c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", h.Config.AppURL))
-		return
-	}
-
-	log.Debug().Interface("redirect_uri", fmt.Sprintf("%s://%s%s", proto, host, uri)).Msg("Redirecting to login")
-	c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/login?%s", h.Config.AppURL, queries.Encode()))
-}

internal/handlers/user.go

@@ -1,197 +0,0 @@
-package handlers
-
-import (
-	"fmt"
-	"strings"
-	"tinyauth/internal/types"
-	"tinyauth/internal/utils"
-
-	"github.com/gin-gonic/gin"
-	"github.com/pquerna/otp/totp"
-	"github.com/rs/zerolog/log"
-)
-
-func (h *Handlers) LoginHandler(c *gin.Context) {
-	var login types.LoginRequest
-
-	err := c.BindJSON(&login)
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to bind JSON")
-		c.JSON(400, gin.H{
-			"status":  400,
-			"message": "Bad Request",
-		})
-		return
-	}
-
-	log.Debug().Msg("Got login request")
-
-	clientIP := c.ClientIP()
-
-	// Create an identifier for rate limiting (username or IP if username doesn't exist yet)
-	rateIdentifier := login.Username
-	if rateIdentifier == "" {
-		rateIdentifier = clientIP
-	}
-
-	// Check if the account is locked due to too many failed attempts
-	locked, remainingTime := h.Auth.IsAccountLocked(rateIdentifier)
-	if locked {
-		log.Warn().Str("identifier", rateIdentifier).Int("remaining_seconds", remainingTime).Msg("Account is locked due to too many failed login attempts")
-		c.JSON(429, gin.H{
-			"status":  429,
-			"message": fmt.Sprintf("Too many failed login attempts. Try again in %d seconds", remainingTime),
-		})
-		return
-	}
-
-	// Search for a user based on username
-	log.Debug().Interface("username", login.Username).Msg("Searching for user")
-
-	userSearch := h.Auth.SearchUser(login.Username)
-
-	// User does not exist
-	if userSearch.Type == "" {
-		log.Debug().Str("username", login.Username).Msg("User not found")
-		// Record failed login attempt
-		h.Auth.RecordLoginAttempt(rateIdentifier, false)
-		c.JSON(401, gin.H{
-			"status":  401,
-			"message": "Unauthorized",
-		})
-		return
-	}
-
-	log.Debug().Msg("Got user")
-
-	// Check if password is correct
-	if !h.Auth.VerifyUser(userSearch, login.Password) {
-		log.Debug().Str("username", login.Username).Msg("Password incorrect")
-		// Record failed login attempt
-		h.Auth.RecordLoginAttempt(rateIdentifier, false)
-		c.JSON(401, gin.H{
-			"status":  401,
-			"message": "Unauthorized",
-		})
-		return
-	}
-
-	log.Debug().Msg("Password correct, checking totp")
-
-	// Record successful login attempt (will reset failed attempt counter)
-	h.Auth.RecordLoginAttempt(rateIdentifier, true)
-
-	// Check if user is using TOTP
-	if userSearch.Type == "local" {
-		// Get local user
-		localUser := h.Auth.GetLocalUser(login.Username)
-
-		// Check if TOTP is enabled
-		if localUser.TotpSecret != "" {
-			log.Debug().Msg("Totp enabled")
-
-			// Set totp pending cookie
-			h.Auth.CreateSessionCookie(c, &types.SessionCookie{
-				Username:    login.Username,
-				Name:        utils.Capitalize(login.Username),
-				Email:       fmt.Sprintf("%s@%s", strings.ToLower(login.Username), h.Config.Domain),
-				Provider:    "username",
-				TotpPending: true,
-			})
-
-			// Return totp required
-			c.JSON(200, gin.H{
-				"status":      200,
-				"message":     "Waiting for totp",
-				"totpPending": true,
-			})
-			return
-		}
-	}
-
-	// Create session cookie with username as provider
-	h.Auth.CreateSessionCookie(c, &types.SessionCookie{
-		Username: login.Username,
-		Name:     utils.Capitalize(login.Username),
-		Email:    fmt.Sprintf("%s@%s", strings.ToLower(login.Username), h.Config.Domain),
-		Provider: "username",
-	})
-
-	// Return logged in
-	c.JSON(200, gin.H{
-		"status":      200,
-		"message":     "Logged in",
-		"totpPending": false,
-	})
-}
-
-func (h *Handlers) TOTPHandler(c *gin.Context) {
-	var totpReq types.TotpRequest
-
-	err := c.BindJSON(&totpReq)
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to bind JSON")
-		c.JSON(400, gin.H{
-			"status":  400,
-			"message": "Bad Request",
-		})
-		return
-	}
-
-	log.Debug().Msg("Checking totp")
-
-	// Get user context
-	userContext := h.Hooks.UseUserContext(c)
-
-	// Check if we have a user
-	if userContext.Username == "" {
-		log.Debug().Msg("No user context")
-		c.JSON(401, gin.H{
-			"status":  401,
-			"message": "Unauthorized",
-		})
-		return
-	}
-
-	// Get user
-	user := h.Auth.GetLocalUser(userContext.Username)
-
-	// Check if totp is correct
-	ok := totp.Validate(totpReq.Code, user.TotpSecret)
-
-	if !ok {
-		log.Debug().Msg("Totp incorrect")
-		c.JSON(401, gin.H{
-			"status":  401,
-			"message": "Unauthorized",
-		})
-		return
-	}
-
-	log.Debug().Msg("Totp correct")
-
-	// Create session cookie with username as provider
-	h.Auth.CreateSessionCookie(c, &types.SessionCookie{
-		Username: user.Username,
-		Name:     utils.Capitalize(user.Username),
-		Email:    fmt.Sprintf("%s@%s", strings.ToLower(user.Username), h.Config.Domain),
-		Provider: "username",
-	})
-
-	// Return logged in
-	c.JSON(200, gin.H{
-		"status":  200,
-		"message": "Logged in",
-	})
-}
-
-func (h *Handlers) LogoutHandler(c *gin.Context) {
-	log.Debug().Msg("Cleaning up redirect cookie")
-
-	h.Auth.DeleteSessionCookie(c)
-
-	c.JSON(200, gin.H{
-		"status":  200,
-		"message": "Logged out",
-	})
-}

internal/hooks/hooks.go

@@ -1,144 +0,0 @@
-package hooks
-
-import (
-	"fmt"
-	"strings"
-	"tinyauth/internal/auth"
-	"tinyauth/internal/oauth"
-	"tinyauth/internal/providers"
-	"tinyauth/internal/types"
-	"tinyauth/internal/utils"
-
-	"github.com/gin-gonic/gin"
-	"github.com/rs/zerolog/log"
-)
-
-type Hooks struct {
-	Config    types.HooksConfig
-	Auth      *auth.Auth
-	Providers *providers.Providers
-}
-
-func NewHooks(config types.HooksConfig, auth *auth.Auth, providers *providers.Providers) *Hooks {
-	return &Hooks{
-		Config:    config,
-		Auth:      auth,
-		Providers: providers,
-	}
-}
-
-func (hooks *Hooks) UseUserContext(c *gin.Context) types.UserContext {
-	cookie, err := hooks.Auth.GetSessionCookie(c)
-	var provider *oauth.OAuth
-
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to get session cookie")
-		goto basic
-	}
-
-	if cookie.TotpPending {
-		log.Debug().Msg("Totp pending")
-		return types.UserContext{
-			Username:    cookie.Username,
-			Name:        cookie.Name,
-			Email:       cookie.Email,
-			Provider:    cookie.Provider,
-			TotpPending: true,
-		}
-	}
-
-	if cookie.Provider == "username" {
-		log.Debug().Msg("Provider is username")
-
-		userSearch := hooks.Auth.SearchUser(cookie.Username)
-
-		if userSearch.Type == "unknown" {
-			log.Warn().Str("username", cookie.Username).Msg("User does not exist")
-			goto basic
-		}
-
-		log.Debug().Str("type", userSearch.Type).Msg("User exists")
-
-		return types.UserContext{
-			Username:   cookie.Username,
-			Name:       cookie.Name,
-			Email:      cookie.Email,
-			IsLoggedIn: true,
-			Provider:   "username",
-		}
-	}
-
-	log.Debug().Msg("Provider is not username")
-
-	provider = hooks.Providers.GetProvider(cookie.Provider)
-
-	if provider != nil {
-		log.Debug().Msg("Provider exists")
-
-		if !hooks.Auth.EmailWhitelisted(cookie.Email) {
-			log.Warn().Str("email", cookie.Email).Msg("Email is not whitelisted")
-			hooks.Auth.DeleteSessionCookie(c)
-			goto basic
-		}
-
-		log.Debug().Msg("Email is whitelisted")
-
-		return types.UserContext{
-			Username:    cookie.Username,
-			Name:        cookie.Name,
-			Email:       cookie.Email,
-			IsLoggedIn:  true,
-			OAuth:       true,
-			Provider:    cookie.Provider,
-			OAuthGroups: cookie.OAuthGroups,
-		}
-	}
-
-basic:
-	log.Debug().Msg("Trying basic auth")
-
-	basic := hooks.Auth.GetBasicAuth(c)
-
-	if basic != nil {
-		log.Debug().Msg("Got basic auth")
-
-		userSearch := hooks.Auth.SearchUser(basic.Username)
-
-		if userSearch.Type == "unkown" {
-			log.Error().Str("username", basic.Username).Msg("Basic auth user does not exist")
-			return types.UserContext{}
-		}
-
-		if !hooks.Auth.VerifyUser(userSearch, basic.Password) {
-			log.Error().Str("username", basic.Username).Msg("Basic auth user password incorrect")
-			return types.UserContext{}
-		}
-
-		if userSearch.Type == "ldap" {
-			log.Debug().Msg("User is LDAP")
-
-			return types.UserContext{
-				Username:    basic.Username,
-				Name:        utils.Capitalize(basic.Username),
-				Email:       fmt.Sprintf("%s@%s", strings.ToLower(basic.Username), hooks.Config.Domain),
-				IsLoggedIn:  true,
-				Provider:    "basic",
-				TotpEnabled: false,
-			}
-		}
-
-		user := hooks.Auth.GetLocalUser(basic.Username)
-
-		return types.UserContext{
-			Username:    basic.Username,
-			Name:        utils.Capitalize(basic.Username),
-			Email:       fmt.Sprintf("%s@%s", strings.ToLower(basic.Username), hooks.Config.Domain),
-			IsLoggedIn:  true,
-			Provider:    "basic",
-			TotpEnabled: user.TotpSecret != "",
-		}
-
-	}
-
-	return types.UserContext{}
-}

internal/middleware/context_middleware.go

@@ -0,0 +1,160 @@
+package middleware
+
+import (
+	"fmt"
+	"strings"
+	"tinyauth/internal/config"
+	"tinyauth/internal/service"
+	"tinyauth/internal/utils"
+
+	"github.com/gin-gonic/gin"
+	"github.com/rs/zerolog/log"
+)
+
+type ContextMiddlewareConfig struct {
+	CookieDomain string
+}
+
+type ContextMiddleware struct {
+	config ContextMiddlewareConfig
+	auth   *service.AuthService
+	broker *service.OAuthBrokerService
+}
+
+func NewContextMiddleware(config ContextMiddlewareConfig, auth *service.AuthService, broker *service.OAuthBrokerService) *ContextMiddleware {
+	return &ContextMiddleware{
+		config: config,
+		auth:   auth,
+		broker: broker,
+	}
+}
+
+func (m *ContextMiddleware) Init() error {
+	return nil
+}
+
+func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		cookie, err := m.auth.GetSessionCookie(c)
+
+		if err != nil {
+			log.Debug().Err(err).Msg("No valid session cookie found")
+			goto basic
+		}
+
+		if cookie.TotpPending {
+			c.Set("context", &config.UserContext{
+				Username:    cookie.Username,
+				Name:        cookie.Name,
+				Email:       cookie.Email,
+				Provider:    "username",
+				TotpPending: true,
+				TotpEnabled: true,
+			})
+			c.Next()
+			return
+		}
+
+		switch cookie.Provider {
+		case "username":
+			userSearch := m.auth.SearchUser(cookie.Username)
+
+			if userSearch.Type == "unknown" || userSearch.Type == "error" {
+				log.Debug().Msg("User from session cookie not found")
+				m.auth.DeleteSessionCookie(c)
+				goto basic
+			}
+
+			c.Set("context", &config.UserContext{
+				Username:   cookie.Username,
+				Name:       cookie.Name,
+				Email:      cookie.Email,
+				Provider:   "username",
+				IsLoggedIn: true,
+			})
+			c.Next()
+			return
+		default:
+			_, exists := m.broker.GetService(cookie.Provider)
+
+			if !exists {
+				log.Debug().Msg("OAuth provider from session cookie not found")
+				m.auth.DeleteSessionCookie(c)
+				goto basic
+			}
+
+			if !m.auth.IsEmailWhitelisted(cookie.Email) {
+				log.Debug().Msg("Email from session cookie not whitelisted")
+				m.auth.DeleteSessionCookie(c)
+				goto basic
+			}
+
+			c.Set("context", &config.UserContext{
+				Username:    cookie.Username,
+				Name:        cookie.Name,
+				Email:       cookie.Email,
+				Provider:    cookie.Provider,
+				OAuthGroups: cookie.OAuthGroups,
+				OAuthName:   cookie.OAuthName,
+				IsLoggedIn:  true,
+				OAuth:       true,
+			})
+			c.Next()
+			return
+		}
+
+	basic:
+		basic := m.auth.GetBasicAuth(c)
+
+		if basic == nil {
+			log.Debug().Msg("No basic auth provided")
+			c.Next()
+			return
+		}
+
+		userSearch := m.auth.SearchUser(basic.Username)
+
+		if userSearch.Type == "unknown" || userSearch.Type == "error" {
+			log.Debug().Msg("User from basic auth not found")
+			c.Next()
+			return
+		}
+
+		if !m.auth.VerifyUser(userSearch, basic.Password) {
+			log.Debug().Msg("Invalid password for basic auth user")
+			c.Next()
+			return
+		}
+
+		switch userSearch.Type {
+		case "local":
+			log.Debug().Msg("Basic auth user is local")
+
+			user := m.auth.GetLocalUser(basic.Username)
+
+			c.Set("context", &config.UserContext{
+				Username:    user.Username,
+				Name:        utils.Capitalize(user.Username),
+				Email:       fmt.Sprintf("%s@%s", strings.ToLower(user.Username), m.config.CookieDomain),
+				Provider:    "basic",
+				IsLoggedIn:  true,
+				TotpEnabled: user.TotpSecret != "",
+			})
+			c.Next()
+			return
+		case "ldap":
+			log.Debug().Msg("Basic auth user is LDAP")
+			c.Set("context", &config.UserContext{
+				Username:   basic.Username,
+				Name:       utils.Capitalize(basic.Username),
+				Email:      fmt.Sprintf("%s@%s", strings.ToLower(basic.Username), m.config.CookieDomain),
+				Provider:   "basic",
+				IsLoggedIn: true,
+			})
+			c.Next()
+			return
+		}
+
+		c.Next()
+	}
+}

internal/middleware/ui_middleware.go

@@ -0,0 +1,56 @@
+package middleware
+
+import (
+	"io/fs"
+	"net/http"
+	"os"
+	"strings"
+	"tinyauth/internal/assets"
+
+	"github.com/gin-gonic/gin"
+)
+
+type UIMiddleware struct {
+	uiFs         fs.FS
+	uiFileServer http.Handler
+}
+
+func NewUIMiddleware() *UIMiddleware {
+	return &UIMiddleware{}
+}
+
+func (m *UIMiddleware) Init() error {
+	ui, err := fs.Sub(assets.FrontendAssets, "dist")
+
+	if err != nil {
+		return err
+	}
+
+	m.uiFs = ui
+	m.uiFileServer = http.FileServer(http.FS(ui))
+
+	return nil
+}
+
+func (m *UIMiddleware) Middleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		switch strings.Split(c.Request.URL.Path, "/")[1] {
+		case "api":
+			c.Next()
+			return
+		case "resources":
+			c.Next()
+			return
+		default:
+			_, err := fs.Stat(m.uiFs, strings.TrimPrefix(c.Request.URL.Path, "/"))
+
+			if os.IsNotExist(err) {
+				c.Request.URL.Path = "/"
+			}
+
+			m.uiFileServer.ServeHTTP(c.Writer, c.Request)
+			c.Abort()
+			return
+		}
+	}
+}

internal/middleware/zerolog_middleware.go

@@ -0,0 +1,72 @@
+package middleware
+
+import (
+	"strings"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"github.com/rs/zerolog/log"
+)
+
+var (
+	loggerSkipPathsPrefix = []string{
+		"GET /api/health",
+		"HEAD /api/health",
+		"GET /favicon.ico",
+	}
+)
+
+type ZerologMiddleware struct{}
+
+func NewZerologMiddleware() *ZerologMiddleware {
+	return &ZerologMiddleware{}
+}
+
+func (m *ZerologMiddleware) Init() error {
+	return nil
+}
+
+func (m *ZerologMiddleware) logPath(path string) bool {
+	for _, prefix := range loggerSkipPathsPrefix {
+		if strings.HasPrefix(path, prefix) {
+			return false
+		}
+	}
+	return true
+}
+
+func (m *ZerologMiddleware) Middleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		tStart := time.Now()
+
+		c.Next()
+
+		code := c.Writer.Status()
+		address := c.Request.RemoteAddr
+		clientIP := c.ClientIP()
+		method := c.Request.Method
+		path := c.Request.URL.Path
+
+		latency := time.Since(tStart).String()
+
+		subLogger := log.With().Str("method", method).
+			Str("path", path).
+			Str("address", address).
+			Str("client_ip", clientIP).
+			Int("status", code).
+			Str("latency", latency).Logger()
+
+		if m.logPath(method + " " + path) {
+			switch {
+			case code >= 400 && code < 500:
+				subLogger.Warn().Msg("Client Error")
+			case code >= 500:
+				subLogger.Error().Msg("Server Error")
+			default:
+				subLogger.Info().Msg("Request")
+			}
+		} else {
+			subLogger.Debug().Msg("Request")
+		}
+	}
+}