feat: add password reset, SMTP settings, and Add Account button
Password reset: users with a registered email can request a reset link from the login screen. A one-hour signed token is emailed via SMTP; clicking the link opens a set-new-password form. Tokens are hashed (SHA-256) before storage and invalidated after use. SMTP settings: admin-only panel in the Users modal lets admins configure host, port, encryption, credentials, and from address. Settings persisted in a new key-value settings table. The SMTP password is never returned to the client. Users: email field added to the create/edit form and stored in a new users.email column. Email is used for password reset lookup. Add Account: admins now have a + button in the header that opens the existing setup wizard to add additional checking accounts. Schema: adds password_reset_tokens and settings tables with automatic runtime migrations for existing databases.
This commit is contained in:
@@ -58,6 +58,9 @@ app.use('/api', requireAuth);
|
||||
// ── User management (admin only) ──────────────────────────────────────────────
|
||||
app.use('/api/users', require('./routes/users'));
|
||||
|
||||
// ── App settings (admin only) ─────────────────────────────────────────────────
|
||||
app.use('/api/settings', require('./routes/settings'));
|
||||
|
||||
// ── Check routes ──────────────────────────────────────────────────────────────
|
||||
app.use('/api/checks', require('./routes/checks'));
|
||||
|
||||
|
||||
Reference in New Issue
Block a user