Introduce ChangePasswordRequest DTO and a new ChangePassword endpoint in AuthController that validates input, changes the user's password via UserManager, updates the security stamp, signs out the user to invalidate sessions, and returns localized messages. Add a simple authorized AppUserController stub (GET /auth/user). Update the 404 view to resolve auth status via fetchCurrentUser, show a dynamic CTA/icon (Dashboard vs Home), auto-redirect after a short delay with proper timer cleanup, and adjust navigation behavior. Update codexInfo.md to document the 404 behavior change.
Introduce authentication API: add AuthController with login, logout and me endpoints using SignInManager/UserManager; add LoginRequest and CurrentUserResponse DTOs. Login enforces active users, updates UpdatedAt on success, and returns localized messages. Also change default seed admin password from "Hoard" to "HoardPassword".
Switch backend to serve the built SPA and static assets, add a minimal health endpoint, and clean up template code. Changes: added API/Controllers/HealthController.cs (GET /api/health -> 200), removed WeatherForecast controller and model, removed OpenAPI package reference and OpenAPI wiring from API.csproj/Program.cs, updated Program.cs to serve wwwroot with default files/static files and a SPA fallback that returns index.html for non-/api routes (/api/* returns 404), updated GUI/vite.config.ts to output build to API/wwwroot and clear the directory, added API/wwwroot to .gitignore, and updated codexInfo.md to document these changes. This enables the GUI build to be deployed directly into the API project and served as a single-page app.
Jonas