Add comprehensive marketing website with landing page, features, pricing,
demo, SSH certificates, and security pages. Update index.html with enhanced
SEO metadata, Open Graph tags, and structured data for the Secuird brand.
Add comprehensive ZeroTier integration and access control:
- NetworksPage for managing ZeroTier portal networks
- DevicesPage for device registration and membership management
- AccessPage for approval workflows, session management, and kill switch
- Complete API client with TypeScript types for ZeroTier entities
- Navigation updates with ZeroTier section in sidebar
Added OIDC Web Page Flow
Admin can add/reset password
Admin can remove users'/members mfa/2fa, unlink account from oauth provider
Chore: Text changes (Forgot Pass, CA)
Add ensureValidRpId helper to validate and correct rp.id for WebAuthn
operations, preventing authentication failures when the configured rp.id
doesn't match the current hostname. Also add OAuthProvider type and fix
type casting in LoginPage.
- Store authentication tokens explicitly before setting user state in login
and TOTP verification flows to prevent race conditions
- Add 'credentials: include' to WebAuthn endpoints for proper session
cookie handling
- Add comprehensive debug logging throughout authentication flow to trace
token lifecycle and API requests
- Update WebAuthn completeLogin to use fetch directly instead of request
helper to properly handle session cookies
- Add allowedHosts configuration to Vite dev server
Ensure Authorization header is preserved and credentials are included across all API calls after login by updating the global request flow to always include the auth token and cookies, preventing API requests from failing due to missing authentication.
X-Lovable-Edit-ID: edt-e27762ef-c64c-401b-9944-0d5bcb8ea624
Ensure fetch requests always include credentials to maintain session cookies after login and TOTP flows.
X-Lovable-Edit-ID: edt-bd4a695e-663c-4919-a238-aa222a5c0609
Enhance login and security UI with WebAuthn passkey support:
- Implement WebAuthn API integration for registration, login, and credential management.
- Wire up begin/complete registration and login flows, including credential handling and status checks.
- Extend API client with webauthn endpoints, status, and credential management; adjust token handling for 401s.
- Update Login and Security pages to support passkey enrollment, removal, and display of passkeys.
- Add WebAuthn utilities and adjust existing components to work with new flows.
X-Lovable-Edit-ID: edt-5876d103-501a-44d9-b117-e671b9995451
- Implement TOTP prompts during login: if login returns requires_totp, show TOTP input and verify via /auth/totp/verify to complete authentication.
- Update API client to support TOTP flow, store tokens after successful TOTP verification.
- Wire AuthContext and LoginPage to handle TOTP challenge, returning requiresTotp from login and proceeding after verification.
- Preserve token on 401 for credential-related steps; clear only on true session-invalid responses.
X-Lovable-Edit-ID: edt-0672a4fb-c58a-4d0c-88dc-86bcee853964
Update TotpEnrollmentWizard to handle QR code data_uri gracefully by using enrollmentData.qr_code directly if it already starts with data:, otherwise prefix with data:image/png;base64,. This prevents invalid HTML and extra requests.
X-Lovable-Edit-ID: edt-779080b3-442d-4aeb-aaaf-e0e3c26b795d
Improve token management on 401 responses by introducing configurable token-clearing logic, apply it to sensitive endpoints (TOTP verify, disable, regenerator, and password change), and adjust me endpoint behavior to use explicit clear-token rules. Also preserve no-cache headers and add dev logs for 401 events.
X-Lovable-Edit-ID: edt-9528378f-7146-45e6-96d9-47c22492fd87
Enable real TOTP flow by integrating enroll/verify/backup codes API, updating TotpEnrollmentWizard and TotpRemoveDialog to use backend, and connect SecurityPage to live status. Replaces mock data with API calls, adds status refresh after enrollment, and wires removal to API with UI confirmations.
X-Lovable-Edit-ID: edt-3f2bb4a3-06ff-406a-bc2c-d4c70de452a1
Ensure all API requests include no-cache headers to avoid cached CORS issues. Added Cache-Control, Pragma headers and set fetch to no-store, so requests are not cached.
X-Lovable-Edit-ID: edt-17929842-67a4-4e77-8ea7-1e46d2ee30fc
- Add TOTP enrollment UI flow to SecurityPage via TotpEnrollmentWizard
- Integrate removal dialog TotpRemoveDialog with confirmation
- Update SecurityPage to reference new TOTP components and reflect enrollment state
- Implement wizard steps: setup, verify, backup-codes, and completion
- Show enabling status and removal option with confirmation when enrolled
X-Lovable-Edit-ID: edt-8f92b58a-f7e2-4820-9941-aeb31a19c58f
Add client-side validation in SecurityPage to alert when the new password matches the current password, preventing submission and showing an error.
X-Lovable-Edit-ID: edt-3a30092e-86a6-4d0a-892f-19ece7859cfe
JamesBhattarai
nexgen_mirrors
HawkveltGiteaAdmin
coryHawkvelt
gpt-engineer-app[bot]