Backend:
- Fix migrations 037-041 to use UUID v7 (uuid_generate_v7)
- Fix CORS defaults to include localhost:8963
- Fix FRONTEND_URL default to localhost:8963
- Update superadmin password hash with pepper
- Add PASSWORD_PEPPER environment variable
Frontend:
- Replace mockJobs with real API calls in home page
- Replace mockNotifications with notificationsApi in context
- Replace mockApplications with applicationsApi in dashboard
- Fix register/user page to call real registerCandidate API
- Fix hardcoded values in backoffice and messages pages
Auth:
- Support both HTTPOnly cookie and Bearer token authentication
- Login returns token + sets HTTPOnly cookie
- Logout clears HTTPOnly cookie
- Token valid for 24h
- Add tests for SanitizeEmail, SanitizeDescription, DefaultSanitizer
- Add AuthMiddleware and RequireRole tests
- Add admin_handlers_test.go and location_handlers_test.go
- Expand application_service_test.go with more methods
- impl(frontend): server-side pagination for jobs listing
- impl(frontend): standardized api error handling and sonner integration
- test(frontend): added unit tests for JobCard
- impl(backend): added SanitizeMiddleware for XSS protection
- test(backend): added table-driven tests for JobService
- docs: updated READMES, created ROADMAP.md and DATABASE.md
- fix(routing): redirected landing page buttons to /jobs
- Allow 'unsafe-inline' and 'unsafe-eval' scripts on /docs routes
- Swagger UI requires inline scripts to function properly
- Keep strict CSP for all other API routes
