simon/ifb-schulapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fe33058ae641c227406563b765a66d8460ccb289
ifb-schulapp/src
T
History
Simon fe33058ae6 feat: password reset via email 
- Add password_resets table: single-use tokens with 1h expiry.
- Add POST /api/forgot-password: sends reset link if account exists and is verified (always returns ok to prevent enumeration).
- Add POST /api/reset-password: validates token, updates password, invalidates all open reset tokens for that user in one transaction.
- Add /reset-password page with password strength meter and confirm field.
- Add "Passwort vergessen?" flow on login page.
- Factor shared email template into mailer helper, add sendPasswordResetMail.
- Rate limits: 5 forgot-requests/hour per IP, 10 reset attempts/15min per IP.
2026-04-18 01:36:26 +02:00
..
auth.js
harden security: enforce JWT_SECRET, helmet, CSP, stricter rate limits
2026-04-17 23:40:27 +02:00
db.js
feat: password reset via email
2026-04-18 01:36:26 +02:00
files.js
harden security: enforce JWT_SECRET, helmet, CSP, stricter rate limits
2026-04-17 23:40:27 +02:00
mailer.js
feat: password reset via email
2026-04-18 01:36:26 +02:00
routes.js
feat: password reset via email
2026-04-18 01:36:26 +02:00
teacher.js
harden security: enforce JWT_SECRET, helmet, CSP, stricter rate limits
2026-04-17 23:40:27 +02:00