2 reviews available. Pick one to view its diff and explanations side by side.
Adds a Card tool that renders a configurable list of cards (image, title, subtitle, link) in a sidebar panel. Card data lives in mission config and rides the existing save/load path; the only new backend surface is an admin-gated image-upload route, exposed in the Configure UI through a new "upload" field type.
Adds an in-memory token-bucket limiter and applies it to /auth/login. The goal is to slow down credential-stuffing attacks without affecting legitimate users. The limiter is intentionally simple — a single-process in-memory dict — because we only need short-term throttling and we already shed traffic at the load balancer for sustained abuse.