ifb-schulapp

simon/ifb-schulapp

Fork 0

Commit Graph

Author	SHA1	Message	Date
Simon	6b54e3c813	feat: add PWA support (manifest, service worker, icons)	2026-04-22 22:28:17 +02:00
Simon	578dd4eab9	rebrand: Klassenportal, domain info1.ifb.lol, server status - Replace INFO1 brand with Klassenportal everywhere (titles, nav, emails, TOTP issuer, recovery codes) - Update domain from info1.simon0x.xyz to info1.ifb.lol - Remove E2EE claims (e2ee.js was deleted, claims were false) - Add GET /api/health endpoint (DB check + uptime) - Add live server status section to landing page - Fix README: domain, title, layout table	2026-04-22 21:31:03 +02:00
Simon	fe33058ae6	feat: password reset via email - Add password_resets table: single-use tokens with 1h expiry. - Add POST /api/forgot-password: sends reset link if account exists and is verified (always returns ok to prevent enumeration). - Add POST /api/reset-password: validates token, updates password, invalidates all open reset tokens for that user in one transaction. - Add /reset-password page with password strength meter and confirm field. - Add "Passwort vergessen?" flow on login page. - Factor shared email template into mailer helper, add sendPasswordResetMail. - Rate limits: 5 forgot-requests/hour per IP, 10 reset attempts/15min per IP.	2026-04-18 01:36:26 +02:00

Author

SHA1

Message

Date

Simon

6b54e3c813

feat: add PWA support (manifest, service worker, icons)

2026-04-22 22:28:17 +02:00

Simon

578dd4eab9

rebrand: Klassenportal, domain info1.ifb.lol, server status

- Replace INFO1 brand with Klassenportal everywhere (titles, nav,
  emails, TOTP issuer, recovery codes)
- Update domain from info1.simon0x.xyz to info1.ifb.lol
- Remove E2EE claims (e2ee.js was deleted, claims were false)
- Add GET /api/health endpoint (DB check + uptime)
- Add live server status section to landing page
- Fix README: domain, title, layout table

2026-04-22 21:31:03 +02:00

Simon

fe33058ae6

feat: password reset via email

- Add password_resets table: single-use tokens with 1h expiry.
- Add POST /api/forgot-password: sends reset link if account exists and is verified (always returns ok to prevent enumeration).
- Add POST /api/reset-password: validates token, updates password, invalidates all open reset tokens for that user in one transaction.
- Add /reset-password page with password strength meter and confirm field.
- Add "Passwort vergessen?" flow on login page.
- Factor shared email template into mailer helper, add sendPasswordResetMail.
- Rate limits: 5 forgot-requests/hour per IP, 10 reset attempts/15min per IP.

2026-04-18 01:36:26 +02:00

3 Commits