f8e7560d

By: Michael Lynch <git@mtlynch.io> 

Remove IsMagicLoginTokenValid and its TOCTOU check in loginConfirmGet

The GET handler validated the token before rendering the confirmation
page, but the POST handler re-validated atomically on submit. Between
the two requests the token could expire or be consumed, making the GET
check advisory at best. Removing it eliminates a store method and the
TOCTOU window.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Codeberg
Tree Timing
configuredevShellbackendbackend-devcheck-bashcheck-frontendcheck-go-formattingcheck-go-test-packagescheck-trailing-newlinecheck-trailing-whitespacediagramdocker-imagee2e-testsgo-testsimport-from-tinybeanslint-sqllittle-momentslittle-moments-devx86_64-linux

Agent Instructions

This page shows the dependency graph between runs in the suite.

For more instructions, fetch https://nix-ci.com/instructions .