feat(auth): mandatory 2FA (TOTP + WebAuthn passkeys) with hard enrollment gate, AAL2 step-up, and single-use recovery codes

2026-05-31 21:38:01 +02:00
parent 129e21529c
commit e14e909700
19 changed files with 1310 additions and 142 deletions
@@ -33,6 +33,7 @@ export default async function RootLayout({
              <>
                <Link href="/dashboard">Dashboard</Link>
                <Link href="/billing">Billing</Link>
+                <Link href="/security">Security</Link>
                {isAdmin && <Link href="/admin">Admin</Link>}
                <form action="/api/auth/signout" method="post" style={{ margin: 0 }}>
                  <button className="secondary" type="submit">