big restructure

This commit is contained in:
2026-02-11 19:28:12 +01:00
parent cd59ccd99b
commit 3eb9cc0ac4
209 changed files with 5101 additions and 2459 deletions

View File

@@ -405,7 +405,9 @@ can('users.view');
```
web/css/
├── base/
── variables.css # CSS-Variablen
── variables.base.css # CSS-Variablen (Basis + Light/Dark)
│ ├── variables.theme-dark-green.css # Theme-Overrides
│ └── variables.contrast.css # High-Contrast Overrides
├── layout/
│ ├── app-shell.css # Haupt-Layout
│ ├── app-topbar.css # Header

24
docs/todo-2fa.md Normal file
View File

@@ -0,0 +1,24 @@
# TODO: 2FA (TOTP) Integration
Goal: Add optional TOTP-based 2FA for users (admin-managed, later self-managed).
Proposed library:
- Start with a lightweight TOTP library (e.g. remotemerge/totp-php) or a more established one (e.g. spomky-labs/otphp).
Data model:
- users: totp_secret (encrypted), totp_enabled (tinyint), totp_verified_at (nullable)
- user_backup_codes: user_id, code_hash, created_at, used_at (nullable)
Admin user edit flow:
- Enable 2FA: generate secret + show QR (otpauth URI).
- Verify code to activate.
- Generate backup codes (show once).
Login flow:
- After password: prompt TOTP if totp_enabled.
- Rate-limit attempts.
Security notes:
- Encrypt secret at rest.
- Accept small time drift (+/- 1 step).
- Default to SHA-1 for compatibility.