Till JS 0dfd603892 feat(auth): rate limit feedback, audit log UI, and E2E tests ... Rate-limiting feedback: - LoginPage detects 429/account-locked errors and shows countdown timer - Submit button disabled during cooldown period Audit log: - GET /auth/security-events endpoint (JWT-protected) in auth controller - getSecurityEvents() in BetterAuthService + shared-auth client - AuditLog component with event type labels, relative dates, UA parsing - Integrated in ManaCore settings page E2E tests (passkey-2fa.e2e-spec.ts): - Passkey registration/authentication flow tests - Auth guard enforcement (protected vs public endpoints) - 2FA passthrough route existence tests - Edge cases (cross-user access, missing fields, token shape) CSRF note: Already covered by Better Auth (SameSite + HttpOnly + Trusted Origins). Token refresh already has 4-retry + offline detection. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>		2026-03-26 21:58:56 +01:00
..
AuditLog.svelte	feat(auth): rate limit feedback, audit log UI, and E2E tests	2026-03-26 21:58:56 +01:00
AuthGate.svelte	refactor(auth): centralize appReady pattern into AuthGate component	2026-03-25 08:30:31 +01:00
AuthGateModal.svelte	♻️ refactor: centralize AuthGateModal in shared-auth-ui	2026-01-29 15:03:52 +01:00
ChangePassword.svelte	feat(auth): UX improvements for passkeys, 2FA, and password management	2026-03-26 21:15:09 +01:00
GuestWelcomeModal.svelte	✨ feat(shared-auth-ui): add GuestWelcomeModal for guest onboarding	2026-01-27 16:57:14 +01:00
PasskeyManager.svelte	feat(auth): add PasskeyManager component and production config	2026-03-26 10:49:57 +01:00
SecurityOnboarding.svelte	feat(auth): UX improvements for passkeys, 2FA, and password management	2026-03-26 21:15:09 +01:00
SessionExpiredBanner.svelte	feat(auth): add session expired banner when token refresh fails	2026-03-24 21:24:28 +01:00
TwoFactorSetup.svelte	feat(auth): UX improvements for passkeys, 2FA, and password management	2026-03-26 21:15:09 +01:00