Till JS 0dfd603892 feat(auth): rate limit feedback, audit log UI, and E2E tests ... Rate-limiting feedback: - LoginPage detects 429/account-locked errors and shows countdown timer - Submit button disabled during cooldown period Audit log: - GET /auth/security-events endpoint (JWT-protected) in auth controller - getSecurityEvents() in BetterAuthService + shared-auth client - AuditLog component with event type labels, relative dates, UA parsing - Integrated in ManaCore settings page E2E tests (passkey-2fa.e2e-spec.ts): - Passkey registration/authentication flow tests - Auth guard enforcement (protected vs public endpoints) - 2FA passthrough route existence tests - Edge cases (cross-user access, missing fields, token shape) CSRF note: Already covered by Better Auth (SameSite + HttpOnly + Trusted Origins). Token refresh already has 4-retry + offline detection. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>		2026-03-26 21:58:56 +01:00
..
adapters	fix(shared-auth): add UUID fallback for HTTP contexts	2025-12-05 04:26:34 +01:00
clients	feat(contacts): integrate contacts into Todo and Calendar apps	2025-12-11 18:14:35 +01:00
core	feat(auth): rate limit feedback, audit log UI, and E2E tests	2026-03-26 21:58:56 +01:00
events	feat(auth): add session expired banner when token refresh fails	2026-03-24 21:24:28 +01:00
interceptors	refactor(shared-auth): single fetch interceptor for multiple URLs	2026-03-24 20:26:03 +01:00
types	feat(auth): add WebAuthn/Passkey support across all apps	2026-03-26 10:30:03 +01:00
index.ts	feat(auth): add session expired banner when token refresh fails	2026-03-24 21:24:28 +01:00