- Introduced a new utility function `getClientHeaders` to extract real client IP and user agent from requests.
- Updated authentication routes to utilize the new utility for improved header management.
- Refactored `getClientInfo` method in AuthController to support additional proxy headers.
- Added lastUsedAt timestamp to the TrustedDevice model for tracking device usage.
- Implemented new endpoints for retrieving and removing trusted devices.
- Updated AuthService to manage trusted devices, including methods for getting and removing devices.
- Enhanced the user interface to support trusted device management, including modals for removing devices.
- Added translations for new messages related to trusted devices in multiple languages.
implement remember device option for two-factor authentication
add trusted device service to manage device trust
update login flow to check for trusted devices
- Added two-factor authentication support to the login process, enhancing security for user accounts.
- Introduced new routes and services for managing 2FA setup, verification, and backup codes.
- Updated user model to include fields for 2FA status and backup codes.
- Enhanced login and profile pages to accommodate 2FA input and management.
- Added translations for 2FA-related messages in multiple languages.
- Integrated QR code generation for 2FA setup, improving user experience during authentication.
- Updated the Husky pre-push hook to validate all applications (web, docs, and server) before pushing changes, improving code quality checks.
- Modified ESLint configurations for the docs app to include additional ignored directories, ensuring cleaner linting results.
- Refactored the HomePage component in the docs app to improve structure and readability, while reintroducing the Highlight component for better content presentation.
- Added a .prettierignore file in the server app to exclude specific directories from formatting, enhancing development workflow.
- Updated various import statements across multiple files for consistency and clarity.
- Updated imports for environment variables in auth and email services to ensure consistency.
- Improved error handling in user routes to provide more specific responses for unauthorized access and internal server errors.
- Introduced the SECURE_SITE environment variable to control cookie security settings based on deployment context.
- Updated Dockerfile to log SECURE_SITE status during application startup.
- Enhanced documentation with a new guide on reverse proxy configuration, detailing the use of SECURE_SITE for secure cookie handling.
- Adjusted authentication and email services to utilize SECURE_SITE for secure connections.
- Updated frontend components to set cookie security based on the current protocol.
- Removed FRONTEND_URL validation from environment schema.
- Updated AuthController to include origin in password reset requests.
- Modified RequestPasswordResetSchema to require origin.
- Adjusted AuthService and EmailService to handle origin for password reset emails.
- Updated frontend hook to pass origin when requesting password reset.
