MHSanaei b97ff40ad6 feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs ... Replace the single regenerable API token with a named-token list: - New ApiToken model + service with constant-time auth matching - Seeder migrates the legacy `apiToken` setting into a "default" row - Security tab gets create/enable/delete UI; api-docs page links to it - Dedicated "API Tokens" section in the in-panel docs URL anchors now reflect the active tab/section on Settings, Xray, and API Docs pages, so deep links like `/panel/settings#security` work. Translations for the 8 new SecurityTab strings added across all locales.		2026-05-13 16:34:31 +02:00
..
controller	feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs	2026-05-13 16:34:31 +02:00
entity	Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275)	2026-05-13 12:52:52 +02:00
global	Refactor code and fix linter warnings (#3627)	2026-01-05 05:54:56 +01:00
job	Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275)	2026-05-13 12:52:52 +02:00
locale	v3	2026-05-10 02:13:42 +02:00
middleware	Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275)	2026-05-13 12:52:52 +02:00
network	docs: add comments for all functions	2025-09-20 09:35:50 +02:00
runtime	fix: strip main-panel TLS cert file paths when sending inbound to remote node (#4339)	2026-05-13 14:47:09 +02:00
service	feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs	2026-05-13 16:34:31 +02:00
session	Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275)	2026-05-13 12:52:52 +02:00
translation	feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs	2026-05-13 16:34:31 +02:00
websocket	feat(nodes): traffic-writer queue, full-mirror sync, WS event fixes	2026-05-10 16:25:23 +02:00
web.go	Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275)	2026-05-13 12:52:52 +02:00