refactor(auth-ui): i18n, security fixes, type safety across auth components

- Add locale prop (de/en) to PasswordStrength, ChangePassword, SecurityOnboarding, AuditLog, AuthGate tier screen - Add 13 new i18n keys to LoginTranslations for 2FA, lockout, magic link - Fix date formatting to use locale in AuditLog - Rewrite ForgotPasswordPage to Tailwind (matching Login/Register) - Fix HTML injection in ForgotPasswordPage (remove @html with email) - Guard DEV credentials behind isDevMode check in LoginPage - Extend AuthResult type with twoFactorRedirect and retryAfter - Remove as any casts in LoginPage - Replace scoped CSS with Tailwind in AuthGate tier-denied screen Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-20 10:33:40 +02:00 · 2026-03-31 13:41:53 +02:00 · 2026-03-31 13:41:53 +02:00 · 3b54d4d48e
commit 3b54d4d48e
parent c3bee2607b
8 changed files with 517 additions and 363 deletions
--- a/packages/shared-auth-ui/src/components/AuditLog.svelte
+++ b/packages/shared-auth-ui/src/components/AuditLog.svelte
@ -13,9 +13,16 @@
 		onRefresh: () => Promise<void>;
 		loading?: boolean;
 		primaryColor?: string;
+		locale?: 'de' | 'en';
 	}

-	let { events, onRefresh, loading = false, primaryColor = '#6366f1' }: Props = $props();
+	let {
+		events,
+		onRefresh,
+		loading = false,
+		primaryColor = '#6366f1',
+		locale = 'de',
+	}: Props = $props();

 	interface EventInfo {
 		label: string;
@ -23,41 +30,88 @@
 		badgeText: string;
 	}

+	const eventLabelsDE: Record<string, { label: string; badgeText: string }> = {
+		login_success: { label: 'Anmeldung erfolgreich', badgeText: '' },
+		login_failure: { label: 'Anmeldung fehlgeschlagen', badgeText: '' },
+		register: { label: 'Konto erstellt', badgeText: 'Neu' },
+		logout: { label: 'Abgemeldet', badgeText: '' },
+		password_changed: { label: 'Passwort geändert', badgeText: '' },
+		password_reset_requested: { label: 'Passwort-Reset angefordert', badgeText: '' },
+		password_reset_completed: { label: 'Passwort zurückgesetzt', badgeText: '' },
+		passkey_registered: { label: 'Passkey registriert', badgeText: '' },
+		passkey_login_success: { label: 'Passkey-Anmeldung', badgeText: '' },
+		passkey_deleted: { label: 'Passkey gelöscht', badgeText: '' },
+		two_factor_enabled: { label: '2FA aktiviert', badgeText: '' },
+		two_factor_disabled: { label: '2FA deaktiviert', badgeText: '' },
+		account_locked: { label: 'Konto gesperrt', badgeText: '' },
+		account_deleted: { label: 'Konto gelöscht', badgeText: '' },
+		sso_token_exchange: { label: 'SSO-Anmeldung', badgeText: '' },
+	};
+
+	const eventLabelsEN: Record<string, { label: string; badgeText: string }> = {
+		login_success: { label: 'Login successful', badgeText: '' },
+		login_failure: { label: 'Login failed', badgeText: '' },
+		register: { label: 'Account created', badgeText: 'New' },
+		logout: { label: 'Logged out', badgeText: '' },
+		password_changed: { label: 'Password changed', badgeText: '' },
+		password_reset_requested: { label: 'Password reset requested', badgeText: '' },
+		password_reset_completed: { label: 'Password reset', badgeText: '' },
+		passkey_registered: { label: 'Passkey registered', badgeText: '' },
+		passkey_login_success: { label: 'Passkey login', badgeText: '' },
+		passkey_deleted: { label: 'Passkey deleted', badgeText: '' },
+		two_factor_enabled: { label: '2FA enabled', badgeText: '' },
+		two_factor_disabled: { label: '2FA disabled', badgeText: '' },
+		account_locked: { label: 'Account locked', badgeText: '' },
+		account_deleted: { label: 'Account deleted', badgeText: '' },
+		sso_token_exchange: { label: 'SSO login', badgeText: '' },
+	};
+
+	const badgeClasses: Record<string, string> = {
+		login_success: 'badge-success',
+		login_failure: 'badge-danger',
+		register: 'badge-info',
+		logout: 'badge-neutral',
+		password_changed: 'badge-warning',
+		password_reset_requested: 'badge-warning',
+		password_reset_completed: 'badge-warning',
+		passkey_registered: 'badge-warning',
+		passkey_login_success: 'badge-success',
+		passkey_deleted: 'badge-danger',
+		two_factor_enabled: 'badge-success',
+		two_factor_disabled: 'badge-warning',
+		account_locked: 'badge-danger',
+		account_deleted: 'badge-danger',
+		sso_token_exchange: 'badge-success',
+	};
+
+	const auditTextsDE = {
+		title: 'Sicherheitsprotokoll',
+		subtitle: 'Letzte Aktivitäten deines Kontos',
+		refresh: 'Aktualisieren',
+		empty: 'Keine Sicherheitsereignisse vorhanden.',
+		today: 'Heute',
+		yesterday: 'Gestern',
+	};
+
+	const auditTextsEN = {
+		title: 'Security Log',
+		subtitle: 'Recent activity on your account',
+		refresh: 'Refresh',
+		empty: 'No security events found.',
+		today: 'Today',
+		yesterday: 'Yesterday',
+	};
+
+	const txt = $derived(locale === 'en' ? auditTextsEN : auditTextsDE);
+
 	function getEventInfo(eventType: string): EventInfo {
-		switch (eventType) {
-			case 'login_success':
-				return { label: 'Anmeldung erfolgreich', badgeClass: 'badge-success', badgeText: '' };
-			case 'login_failure':
-				return { label: 'Anmeldung fehlgeschlagen', badgeClass: 'badge-danger', badgeText: '' };
-			case 'register':
-				return { label: 'Konto erstellt', badgeClass: 'badge-info', badgeText: 'Neu' };
-			case 'logout':
-				return { label: 'Abgemeldet', badgeClass: 'badge-neutral', badgeText: '' };
-			case 'password_changed':
-				return { label: 'Passwort geändert', badgeClass: 'badge-warning', badgeText: '' };
-			case 'password_reset_requested':
-				return { label: 'Passwort-Reset angefordert', badgeClass: 'badge-warning', badgeText: '' };
-			case 'password_reset_completed':
-				return { label: 'Passwort zurückgesetzt', badgeClass: 'badge-warning', badgeText: '' };
-			case 'passkey_registered':
-				return { label: 'Passkey registriert', badgeClass: 'badge-warning', badgeText: '' };
-			case 'passkey_login_success':
-				return { label: 'Passkey-Anmeldung', badgeClass: 'badge-success', badgeText: '' };
-			case 'passkey_deleted':
-				return { label: 'Passkey gelöscht', badgeClass: 'badge-danger', badgeText: '' };
-			case 'two_factor_enabled':
-				return { label: '2FA aktiviert', badgeClass: 'badge-success', badgeText: '' };
-			case 'two_factor_disabled':
-				return { label: '2FA deaktiviert', badgeClass: 'badge-warning', badgeText: '' };
-			case 'account_locked':
-				return { label: 'Konto gesperrt', badgeClass: 'badge-danger', badgeText: '' };
-			case 'account_deleted':
-				return { label: 'Konto gelöscht', badgeClass: 'badge-danger', badgeText: '' };
-			case 'sso_token_exchange':
-				return { label: 'SSO-Anmeldung', badgeClass: 'badge-success', badgeText: '' };
-			default:
-				return { label: eventType, badgeClass: 'badge-neutral', badgeText: '' };
+		const labels = locale === 'en' ? eventLabelsEN : eventLabelsDE;
+		const info = labels[eventType];
+		const badgeClass = badgeClasses[eventType] || 'badge-neutral';
+		if (info) {
+			return { label: info.label, badgeClass, badgeText: info.badgeText };
 		}
+		return { label: eventType, badgeClass: 'badge-neutral', badgeText: '' };
 	}

 	function formatDate(dateStr: string): string {
@ -65,18 +119,19 @@
 		const now = new Date();
 		const diffMs = now.getTime() - date.getTime();
 		const diffDays = Math.floor(diffMs / (1000 * 60 * 60 * 24));
+		const dateLocale = locale === 'en' ? 'en-US' : 'de-DE';

-		const timeStr = date.toLocaleTimeString('de-DE', {
+		const timeStr = date.toLocaleTimeString(dateLocale, {
 			hour: '2-digit',
 			minute: '2-digit',
 		});

 		if (diffDays === 0) {
-			return `Heute, ${timeStr}`;
+			return `${txt.today}, ${timeStr}`;
 		} else if (diffDays === 1) {
-			return `Gestern, ${timeStr}`;
+			return `${txt.yesterday}, ${timeStr}`;
 		} else {
-			const dateFormatted = date.toLocaleDateString('de-DE', {
+			const dateFormatted = date.toLocaleDateString(dateLocale, {
 				day: '2-digit',
 				month: '2-digit',
 				year: 'numeric',
@ -124,8 +179,8 @@
 				</svg>
 			</div>
 			<div>
-				<h3 class="audit-title">Sicherheitsprotokoll</h3>
-				<p class="audit-subtitle">Letzte Aktivitäten deines Kontos</p>
+				<h3 class="audit-title">{txt.title}</h3>
+				<p class="audit-subtitle">{txt.subtitle}</p>
 			</div>
 		</div>
 		<button
@ -133,7 +188,7 @@
 			class="refresh-button"
 			onclick={onRefresh}
 			disabled={loading}
-			aria-label="Aktualisieren"
+			aria-label={txt.refresh}
 		>
 			<svg
 				class="refresh-icon"
@ -157,7 +212,7 @@
 			<div class="loading-spinner"></div>
 		</div>
 	{:else if events.length === 0}
-		<p class="empty-state">Keine Sicherheitsereignisse vorhanden.</p>
+		<p class="empty-state">{txt.empty}</p>
 	{:else}
 		<div class="event-list">
 			{#each events as event (event.id)}
--- a/packages/shared-auth-ui/src/components/AuthGate.svelte
+++ b/packages/shared-auth-ui/src/components/AuthGate.svelte
@ -40,6 +40,8 @@
 		requiredTier?: AccessTier;
 		/** App name shown on the access denied screen */
 		appName?: string;
+		/** Locale for tier-denied screen (default: 'de') */
+		locale?: 'de' | 'en';
 		/** Callback invoked after auth is confirmed, before children are rendered.
 		 *  Use this for loading app-specific data (projects, calendars, etc.) */
 		onReady?: () => void | Promise<void>;
@ -55,6 +57,7 @@
 		allowGuest = false,
 		requiredTier,
 		appName,
+		locale = 'de',
 		onReady,
 		goto: gotoFn,
 		children,
@ -91,8 +94,9 @@
 		if (requiredTier && authStore.isAuthenticated && authStore.user) {
 			const userTier = authStore.user.tier || 'public';
 			if (!hasAppAccess(userTier, requiredTier)) {
-				userTierLabel = ACCESS_TIER_LABELS['de'][userTier as AccessTier] || userTier;
-				requiredTierLabel = ACCESS_TIER_LABELS['de'][requiredTier] || requiredTier;
+				const labels = ACCESS_TIER_LABELS[locale] || ACCESS_TIER_LABELS['de'];
+				userTierLabel = labels[userTier as AccessTier] || userTier;
+				requiredTierLabel = labels[requiredTier] || requiredTier;
 				tierDenied = true;
 				return;
 			}
@ -107,28 +111,57 @@
 </script>

 {#if tierDenied}
-	<div class="tier-denied">
-		<div class="tier-denied-card">
+	<div
+		class="flex items-center justify-center min-h-screen p-6"
+		style:background-color="hsl(var(--background, 0 0% 100%))"
+	>
+		<div
+			class="max-w-96 w-full text-center py-10 px-8 rounded-2xl border shadow-sm"
+			style:border-color="hsl(var(--border, 0 0% 90%))"
+			style:background-color="hsl(var(--card, 0 0% 100%))"
+		>
 			{#if appName}
-				<h1 class="tier-denied-title">{appName}</h1>
+				<h1 class="text-xl font-bold mb-4" style:color="hsl(var(--foreground, 0 0% 9%))">
+					{appName}
+				</h1>
 			{/if}
-			<div class="tier-denied-icon">🔒</div>
-			<p class="tier-denied-message">
-				Diese App ist aktuell in der geschlossenen <strong>{requiredTierLabel}</strong>-Phase.
+			<div class="text-5xl mb-4">🔒</div>
+			<p
+				class="text-[0.9375rem] leading-relaxed mb-6"
+				style:color="hsl(var(--muted-foreground, 0 0% 45%))"
+			>
+				{locale === 'en'
+					? `This app is currently in closed `
+					: `Diese App ist aktuell in der geschlossenen `}<strong>{requiredTierLabel}</strong
+				>{locale === 'en' ? ' phase.' : '-Phase.'}
 			</p>
-			<div class="tier-denied-info">
-				<div class="tier-row">
-					<span class="tier-label">Dein Zugang:</span>
-					<span class="tier-value">{userTierLabel}</span>
+			<div
+				class="flex flex-col gap-2 p-4 rounded-xl mb-6"
+				style:background-color="hsl(var(--muted, 0 0% 96%))"
+			>
+				<div class="flex justify-between items-center text-sm">
+					<span style:color="hsl(var(--muted-foreground, 0 0% 45%))"
+						>{locale === 'en' ? 'Your access:' : 'Dein Zugang:'}</span
+					>
+					<span class="font-semibold" style:color="hsl(var(--foreground, 0 0% 9%))"
+						>{userTierLabel}</span
+					>
 				</div>
-				<div class="tier-row">
-					<span class="tier-label">Benötigt:</span>
-					<span class="tier-value tier-required">{requiredTierLabel}</span>
+				<div class="flex justify-between items-center text-sm">
+					<span style:color="hsl(var(--muted-foreground, 0 0% 45%))"
+						>{locale === 'en' ? 'Required:' : 'Benötigt:'}</span
+					>
+					<span class="font-semibold text-violet-500">{requiredTierLabel}</span>
 				</div>
 			</div>
-			<div class="tier-denied-actions">
-				<button class="tier-btn-primary" onclick={goHome}> Zur Übersicht </button>
-			</div>
+			<button
+				class="w-full py-2.5 px-4 rounded-lg border-none text-sm font-medium cursor-pointer transition-opacity hover:opacity-90"
+				style:background-color="hsl(var(--primary, 239 84% 67%))"
+				style:color="hsl(var(--primary-foreground, 0 0% 100%))"
+				onclick={goHome}
+			>
+				{locale === 'en' ? 'Back to overview' : 'Zur Übersicht'}
+			</button>
 		</div>
 	</div>
 {:else if !ready}
@ -138,97 +171,3 @@
 {:else}
 	{@render children()}
 {/if}
-
-<style>
-	.tier-denied {
-		display: flex;
-		align-items: center;
-		justify-content: center;
-		min-height: 100vh;
-		background: hsl(var(--background, 0 0% 100%));
-		padding: 1.5rem;
-	}
-
-	.tier-denied-card {
-		max-width: 24rem;
-		width: 100%;
-		text-align: center;
-		padding: 2.5rem 2rem;
-		border-radius: 1rem;
-		border: 1px solid hsl(var(--border, 0 0% 90%));
-		background: hsl(var(--card, 0 0% 100%));
-		box-shadow: 0 4px 24px rgba(0, 0, 0, 0.06);
-	}
-
-	.tier-denied-title {
-		font-size: 1.25rem;
-		font-weight: 700;
-		color: hsl(var(--foreground, 0 0% 9%));
-		margin: 0 0 1rem;
-	}
-
-	.tier-denied-icon {
-		font-size: 3rem;
-		margin-bottom: 1rem;
-	}
-
-	.tier-denied-message {
-		font-size: 0.9375rem;
-		color: hsl(var(--muted-foreground, 0 0% 45%));
-		margin: 0 0 1.5rem;
-		line-height: 1.5;
-	}
-
-	.tier-denied-info {
-		display: flex;
-		flex-direction: column;
-		gap: 0.5rem;
-		padding: 1rem;
-		border-radius: 0.75rem;
-		background: hsl(var(--muted, 0 0% 96%));
-		margin-bottom: 1.5rem;
-	}
-
-	.tier-row {
-		display: flex;
-		justify-content: space-between;
-		align-items: center;
-		font-size: 0.875rem;
-	}
-
-	.tier-label {
-		color: hsl(var(--muted-foreground, 0 0% 45%));
-	}
-
-	.tier-value {
-		font-weight: 600;
-		color: hsl(var(--foreground, 0 0% 9%));
-	}
-
-	.tier-required {
-		color: #8b5cf6;
-	}
-
-	.tier-denied-actions {
-		display: flex;
-		flex-direction: column;
-		gap: 0.75rem;
-	}
-
-	.tier-btn-primary {
-		width: 100%;
-		padding: 0.625rem 1rem;
-		border-radius: 0.5rem;
-		border: none;
-		background: hsl(var(--primary, 239 84% 67%));
-		color: hsl(var(--primary-foreground, 0 0% 100%));
-		font-size: 0.875rem;
-		font-weight: 500;
-		cursor: pointer;
-		transition: opacity 0.15s;
-	}
-
-	.tier-btn-primary:hover {
-		opacity: 0.9;
-	}
-</style>
--- a/packages/shared-auth-ui/src/components/ChangePassword.svelte
+++ b/packages/shared-auth-ui/src/components/ChangePassword.svelte
@ -8,9 +8,42 @@
 			newPassword: string
 		) => Promise<{ success: boolean; error?: string }>;
 		primaryColor?: string;
+		locale?: 'de' | 'en';
 	}

-	let { onChangePassword, primaryColor = '#6366f1' }: Props = $props();
+	let { onChangePassword, primaryColor = '#6366f1', locale = 'de' }: Props = $props();
+
+	const textsDE = {
+		title: 'Passwort ändern',
+		successMessage: 'Passwort erfolgreich geändert.',
+		currentPasswordLabel: 'Aktuelles Passwort',
+		newPasswordLabel: 'Neues Passwort',
+		confirmPasswordLabel: 'Neues Passwort bestätigen',
+		hidePassword: 'Passwort verbergen',
+		showPassword: 'Passwort anzeigen',
+		minChars: 'Mindestens 8 Zeichen',
+		passwordsMismatch: 'Passwörter stimmen nicht überein',
+		submitting: 'Wird geändert...',
+		submit: 'Passwort ändern',
+		defaultError: 'Fehler beim Ändern des Passworts',
+	};
+
+	const textsEN = {
+		title: 'Change Password',
+		successMessage: 'Password changed successfully.',
+		currentPasswordLabel: 'Current Password',
+		newPasswordLabel: 'New Password',
+		confirmPasswordLabel: 'Confirm New Password',
+		hidePassword: 'Hide password',
+		showPassword: 'Show password',
+		minChars: 'At least 8 characters',
+		passwordsMismatch: 'Passwords do not match',
+		submitting: 'Changing...',
+		submit: 'Change Password',
+		defaultError: 'Error changing password',
+	};
+
+	const txt = $derived(locale === 'en' ? textsEN : textsDE);

 	let currentPassword = $state('');
 	let newPassword = $state('');
@ -53,17 +86,17 @@
 			reset();
 			setTimeout(() => (success = false), 4000);
 		} else {
-			error = result.error || 'Fehler beim Ändern des Passworts';
+			error = result.error || txt.defaultError;
 		}
 	}
 </script>

 <div class="change-password">
-	<h3 class="section-title">Passwort ändern</h3>
+	<h3 class="section-title">{txt.title}</h3>

 	{#if success}
 		<div class="success-message" role="status">
-			<p>Passwort erfolgreich geändert.</p>
+			<p>{txt.successMessage}</p>
 		</div>
 	{/if}

@ -80,7 +113,7 @@
 		}}
 	>
 		<div class="input-group">
-			<label for="current-password" class="input-label">Aktuelles Passwort</label>
+			<label for="current-password" class="input-label">{txt.currentPasswordLabel}</label>
 			<div class="input-wrapper">
 				<input
 					id="current-password"
@ -95,7 +128,7 @@
 					type="button"
 					onclick={() => (showCurrentPassword = !showCurrentPassword)}
 					class="password-toggle"
-					aria-label={showCurrentPassword ? 'Passwort verbergen' : 'Passwort anzeigen'}
+					aria-label={showCurrentPassword ? txt.hidePassword : txt.showPassword}
 				>
 					{#if showCurrentPassword}
 						<EyeSlash size={18} />
@ -107,7 +140,7 @@
 		</div>

 		<div class="input-group">
-			<label for="new-password" class="input-label">Neues Passwort</label>
+			<label for="new-password" class="input-label">{txt.newPasswordLabel}</label>
 			<div class="input-wrapper">
 				<input
 					id="new-password"
@ -123,7 +156,7 @@
 					type="button"
 					onclick={() => (showNewPassword = !showNewPassword)}
 					class="password-toggle"
-					aria-label={showNewPassword ? 'Passwort verbergen' : 'Passwort anzeigen'}
+					aria-label={showNewPassword ? txt.hidePassword : txt.showPassword}
 				>
 					{#if showNewPassword}
 						<EyeSlash size={18} />
@ -133,16 +166,16 @@
 				</button>
 			</div>
 			{#if newPassword.length > 0 && !passwordLongEnough}
-				<p class="field-hint error">Mindestens 8 Zeichen</p>
+				<p class="field-hint error">{txt.minChars}</p>
 			{:else}
-				<p class="field-hint">Mindestens 8 Zeichen</p>
+				<p class="field-hint">{txt.minChars}</p>
 			{/if}
 		</div>

-		<PasswordStrength password={newPassword} {primaryColor} />
+		<PasswordStrength password={newPassword} {primaryColor} {locale} />

 		<div class="input-group">
-			<label for="confirm-password" class="input-label">Neues Passwort bestätigen</label>
+			<label for="confirm-password" class="input-label">{txt.confirmPasswordLabel}</label>
 			<div class="input-wrapper">
 				<input
 					id="confirm-password"
@ -158,7 +191,7 @@
 					type="button"
 					onclick={() => (showConfirmPassword = !showConfirmPassword)}
 					class="password-toggle"
-					aria-label={showConfirmPassword ? 'Passwort verbergen' : 'Passwort anzeigen'}
+					aria-label={showConfirmPassword ? txt.hidePassword : txt.showPassword}
 				>
 					{#if showConfirmPassword}
 						<EyeSlash size={18} />
@ -168,7 +201,7 @@
 				</button>
 			</div>
 			{#if confirmPassword.length > 0 && !passwordsMatch}
-				<p class="field-hint error">Passwörter stimmen nicht überein</p>
+				<p class="field-hint error">{txt.passwordsMismatch}</p>
 			{/if}
 		</div>

@ -179,7 +212,7 @@
 			style:background-color={primaryColor + '60'}
 			style:border-color={primaryColor}
 		>
-			{loading ? 'Wird geändert...' : 'Passwort ändern'}
+			{loading ? txt.submitting : txt.submit}
 		</button>
 	</form>
 </div>
--- a/packages/shared-auth-ui/src/components/PasswordStrength.svelte
+++ b/packages/shared-auth-ui/src/components/PasswordStrength.svelte
@ -5,9 +5,10 @@
 	interface Props {
 		password: string;
 		primaryColor?: string;
+		locale?: 'de' | 'en';
 	}

-	let { password, primaryColor = '#6366f1' }: Props = $props();
+	let { password, primaryColor = '#6366f1', locale = 'de' }: Props = $props();

 	let score = $state(0);
 	let feedback = $state('');
@ -29,7 +30,9 @@
 		initialized = true;
 	}

-	const labels = ['Sehr schwach', 'Schwach', 'OK', 'Stark', 'Sehr stark'];
+	const labelsDE = ['Sehr schwach', 'Schwach', 'OK', 'Stark', 'Sehr stark'];
+	const labelsEN = ['Very weak', 'Weak', 'OK', 'Strong', 'Very strong'];
+	const labels = $derived(locale === 'en' ? labelsEN : labelsDE);
 	const colors = ['#ef4444', '#f97316', '#eab308', '#84cc16', '#22c55e'];

 	$effect(() => {
--- a/packages/shared-auth-ui/src/components/SecurityOnboarding.svelte
+++ b/packages/shared-auth-ui/src/components/SecurityOnboarding.svelte
@ -4,9 +4,48 @@
 		onSkip: () => void;
 		passkeyAvailable: boolean;
 		primaryColor?: string;
+		locale?: 'de' | 'en';
 	}

-	let { onSetupPasskey, onSkip, passkeyAvailable, primaryColor = '#6366f1' }: Props = $props();
+	let {
+		onSetupPasskey,
+		onSkip,
+		passkeyAvailable,
+		primaryColor = '#6366f1',
+		locale = 'de',
+	}: Props = $props();
+
+	const textsDE = {
+		passkeySetup: 'Passkey eingerichtet!',
+		passkeySetupDescription:
+			'Dein Konto ist jetzt mit einem Passkey gesichert. Du kannst dich ab sofort ohne Passwort anmelden.',
+		continue: 'Weiter',
+		secureYourAccount: 'Sichere dein Konto',
+		secureDescription: 'Schütze dein Konto mit zusätzlicher Sicherheit.',
+		setupPasskey: 'Passkey einrichten',
+		passkeyDescription: 'Anmelden ohne Passwort mit Touch ID, Face ID oder Windows Hello',
+		setupNow: 'Jetzt einrichten',
+		hint2fa: 'Du kannst 2FA jederzeit in den Einstellungen aktivieren.',
+		skip: 'Überspringen',
+		defaultError: 'Fehler beim Einrichten des Passkeys',
+	};
+
+	const textsEN = {
+		passkeySetup: 'Passkey set up!',
+		passkeySetupDescription:
+			'Your account is now secured with a passkey. You can sign in without a password from now on.',
+		continue: 'Continue',
+		secureYourAccount: 'Secure your account',
+		secureDescription: 'Protect your account with additional security.',
+		setupPasskey: 'Set up Passkey',
+		passkeyDescription: 'Sign in without a password using Touch ID, Face ID, or Windows Hello',
+		setupNow: 'Set up now',
+		hint2fa: 'You can enable 2FA at any time in Settings.',
+		skip: 'Skip',
+		defaultError: 'Error setting up passkey',
+	};
+
+	const txt = $derived(locale === 'en' ? textsEN : textsDE);

 	let loading = $state(false);
 	let error = $state<string | null>(null);
@ -23,7 +62,7 @@
 		if (result.success) {
 			success = true;
 		} else {
-			error = result.error || 'Fehler beim Einrichten des Passkeys';
+			error = result.error || txt.defaultError;
 		}
 	}
 </script>
@ -45,10 +84,9 @@
 					<polyline points="20 6 9 17 4 12" />
 				</svg>
 			</div>
-			<h2 class="onboarding-title">Passkey eingerichtet!</h2>
+			<h2 class="onboarding-title">{txt.passkeySetup}</h2>
 			<p class="onboarding-description">
-				Dein Konto ist jetzt mit einem Passkey gesichert. Du kannst dich ab sofort ohne Passwort
-				anmelden.
+				{txt.passkeySetupDescription}
 			</p>
 			<button
 				type="button"
@ -57,7 +95,7 @@
 				style:border-color={primaryColor}
 				onclick={onSkip}
 			>
-				Weiter
+				{txt.continue}
 			</button>
 		</div>
 	{:else}
@ -77,8 +115,8 @@
 					<path d="M7 11V7a5 5 0 0 1 10 0v4" />
 				</svg>
 			</div>
-			<h2 class="onboarding-title">Sichere dein Konto</h2>
-			<p class="onboarding-description">Schütze dein Konto mit zusätzlicher Sicherheit.</p>
+			<h2 class="onboarding-title">{txt.secureYourAccount}</h2>
+			<p class="onboarding-description">{txt.secureDescription}</p>

 			{#if error}
 				<div class="error-message" role="alert">
@ -104,9 +142,9 @@
 						</svg>
 					</div>
 					<div class="option-content">
-						<h3 class="option-title">Passkey einrichten</h3>
+						<h3 class="option-title">{txt.setupPasskey}</h3>
 						<p class="option-description">
-							Anmelden ohne Passwort mit Touch ID, Face ID oder Windows Hello
+							{txt.passkeyDescription}
 						</p>
 					</div>
 					<button
@ -117,14 +155,14 @@
 						disabled={loading}
 						onclick={handleSetupPasskey}
 					>
-						{loading ? '...' : 'Jetzt einrichten'}
+						{loading ? '...' : txt.setupNow}
 					</button>
 				</div>
 			{/if}

-			<p class="hint-text">Du kannst 2FA jederzeit in den Einstellungen aktivieren.</p>
+			<p class="hint-text">{txt.hint2fa}</p>

-			<button type="button" class="skip-button" onclick={onSkip}> Überspringen </button>
+			<button type="button" class="skip-button" onclick={onSkip}> {txt.skip} </button>
 		</div>
 	{/if}
 </div>