GoldenFishX 6647dc9bc8 fix(auth): remove username leak from public /api/auth/status endpoint (#1055) ...

The authStatus() controller previously returned the first users
username to unauthenticated clients. The frontend never used this
value — `fetchAuthStatus()` in LoginView.vue discards the return
value entirely. Remove the field to prevent username enumeration.

Changes:
- server: drop `username` from authStatus response body
- server: remove unused `findFirstUser` import
- client: remove `username` from AuthStatus interface

2026-05-27 11:25:29 +08:00

..

public

Add skill recommendations page content (#892)

2026-05-21 12:23:08 +08:00

src

fix(auth): remove username leak from public /api/auth/status endpoint (#1055)

2026-05-27 11:25:29 +08:00

index.html

fix: Windows/Termux compatibility, comic theme fonts, and UI fixes (#630)

2026-05-11 20:08:13 +08:00