Phase 1 now includes the permanent identity and access foundation for the MineCave Dashboard.
Staff can sign in using either a username or email address. Owners and administrators can create new dashboard users with assigned roles, while password recovery uses secure, single-use links that expire after one hour.
The Dashboard now includes configurable sender-name and sender-email settings for recovery messages, login throttling, session regeneration, CSRF protection, and a dedicated security audit log. Authentication events such as successful sign-ins, failed attempts, password resets, account creation, website-mode changes, and comment moderation are recorded for accountability.
This update extends the locked architecture and establishes the foundation for future permissions, two-factor authentication, and session-management features.
Leave a comment
Comments are reviewed before appearing publicly.
Approved comments