HolgerHatGarKeineNode 6bb7d93d1d feat(auth): require signed NIP-42 event for Nostr login ...

Closes a security flaw where the server trusted any pubkey the client
sent. The frontend now signs a per-session, time-bound challenge
(kind-22242 event) that the backend verifies with swentel/nostr-php
before establishing the session.

- NostrAuth: issueChallenge() + loginWithSignedEvent() with full
  schnorr/id verification, TTL window, and idempotent re-entry for
  concurrent Livewire listeners.
- auth-button: mounts a fresh challenge, exposes it via data-attribute
  + requestNostrChallenge() fallback, renders a full-viewport AAA-style
  loading overlay while the wallet signs.
- NostrSessionGuard: override logout() to drop the cookie-jar dep so
  programmatic logout works in any context.

2026-05-20 01:09:20 +02:00

..

components

🎨 UI: Add vote ribbon for board members to highlight pending voting decisions

2026-05-18 22:15:26 +02:00

errors

feat: Add error handling for relay server response and custom error pages

2024-09-29 19:51:13 +02:00

flux

🎨 Modularize and refactor CSS: restructure styles into theme.css, base.css, utilities.css, and component-specific files (flux-overrides.css, custom.css, leaflet.css) to improve maintainability and align with the Einundzwanzig Design System.

2026-01-23 23:16:09 +01:00

layouts

feat(auth): require signed NIP-42 event for Nostr login

2026-05-20 01:09:20 +02:00

livewire

feat(auth): require signed NIP-42 event for Nostr login

2026-05-20 01:09:20 +02:00

pages

🗑️ Remove election-related blade files no longer in use

2026-01-17 23:26:05 +01:00

partials

✨ Add rich Markdown normalization and paste handling.

2026-04-08 17:34:55 +01:00

vendor

🗑 Remove stevebauman/purify and inline HTML sanitization, simplifying Markdown rendering.

2026-04-05 19:34:25 +01:00