- Lock accounts for 15 minutes after 5 consecutive failed login attempts
- Send urgent ntfy notification when an account is locked
- Send high-priority ntfy notification on login attempt against a locked account
- Auto-reset lockout on expiry; reset counter on successful login
- Add v2.4 migration for failed_login_attempts and locked_until columns
- Add ALLOWED_ORIGINS and SECURE_COOKIES to .env.example
- Update README: lockout row in security table, new ntfy events
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sends alerts on admin login, new registrations, user disable/delete, and
impersonation. NTFY_URL and NTFY_TOKEN are optional — leave blank to disable.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds a green footer (matching nav colour) to all authenticated pages
with a "Created by: CHNS.tech" link and a styled BMC button. CSP updated
to allow buymeacoffee CDN domains.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Removed standalone History page (history.html); full collection history
(date filter, edit, delete, totals footer) is now embedded in the Log
Eggs page below the log form
- Removed History nav link from all pages
- Reordered dashboard stat cards: egg counts → averages → Flock Size →
cost cards
- Egg count and average cards now use green; Flock Size card uses orange
- Updated README to reflect removed History page, merged log/history
feature, dashboard card changes, and project structure
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Rename app from Eggtracker to Yolkbook throughout
- Add JWT-based authentication (python-jose, passlib/bcrypt)
- Add users table; all data tables gain user_id FK for full data isolation
- Super admin credentials sourced from ADMIN_USERNAME/ADMIN_PASSWORD env vars,
synced on every startup; orphaned rows auto-assigned to admin post-migration
- Login page with self-registration; JWT stored in localStorage (30-day expiry)
- Admin panel (/admin): list users, reset passwords, disable/enable, delete,
and impersonate (Login As) with Return to Admin banner
- Settings modal (gear icon in nav): timezone selector and change password
- Timezone stored per-user; stats date windows computed in user's timezone;
date input setToday() respects user timezone via Intl API
- migrate_v2.sql for existing single-user installs
- Auto-migration adds timezone column to users on startup
- Updated README with full setup, auth, admin, and migration docs
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
