fix(i18n): correct German site terminology

Updates the German translation to use "Standort" (site) instead of "Seite" (page) for consistency with the site context.
fix(i18n): correct German translation strings
2026-02-01 07:39:09 +00:00 · 2026-01-29 10:01:30 -08:00 · 2026-01-29 10:01:30 -08:00 · 2026-01-28 15:03:31 -08:00 · 2026-01-24 11:55:32 -08:00 · 2026-01-24 11:47:17 -08:00
6 changed files with 85 additions and 46 deletions
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -482,14 +482,77 @@ jobs:
                      echo "==> cosign sign (key) --recursive ${REF}"
                      cosign sign --key env://COSIGN_PRIVATE_KEY --recursive "${REF}"
                      # Retry wrapper for verification to handle registry propagation delays
                      retry_verify() {
                        local cmd="$1"
                        local attempts=6
                        local delay=5
                        local i=1
                        until eval "$cmd"; do
                          if [ $i -ge $attempts ]; then
                            echo "Verification failed after $attempts attempts"
                            return 1
                          fi
                          echo "Verification not yet available. Retry $i/$attempts after ${delay}s..."
                          sleep $delay
                          i=$((i+1))
                          delay=$((delay*2))
                          # Cap the delay to avoid very long waits
                          if [ $delay -gt 60 ]; then delay=60; fi
                        done
                        return 0
                      }
                      echo "==> cosign verify (public key) ${REF}"
-                      cosign verify --key env://COSIGN_PUBLIC_KEY "${REF}" -o text
+                      if retry_verify "cosign verify --key env://COSIGN_PUBLIC_KEY '${REF}' -o text"; then
                        VERIFIED_INDEX=true
                      else
                        VERIFIED_INDEX=false
                      fi
                      echo "==> cosign verify (keyless policy) ${REF}"
-                      cosign verify \
+                      if retry_verify "cosign verify --certificate-oidc-issuer '${issuer}' --certificate-identity-regexp '${id_regex}' '${REF}' -o text"; then
-                        --certificate-oidc-issuer "${issuer}" \
+                        VERIFIED_INDEX_KEYLESS=true
-                        --certificate-identity-regexp "${id_regex}" \
+                      else
-                        "${REF}" -o text
+                        VERIFIED_INDEX_KEYLESS=false
                      fi
                      # If index verification fails, attempt to verify child platform manifests
                      if [ "${VERIFIED_INDEX}" != "true" ] || [ "${VERIFIED_INDEX_KEYLESS}" != "true" ]; then
                        echo "Index verification not available; attempting child manifest verification for ${BASE_IMAGE}:${IMAGE_TAG}"
                        CHILD_VERIFIED=false
                        for ARCH in arm64 amd64; do
                          CHILD_TAG="${IMAGE_TAG}-${ARCH}"
                          echo "Resolving child digest for ${BASE_IMAGE}:${CHILD_TAG}"
                          CHILD_DIGEST="$(skopeo inspect --retry-times 3 docker://${BASE_IMAGE}:${CHILD_TAG} | jq -r '.Digest' || true)"
                          if [ -n "${CHILD_DIGEST}" ] && [ "${CHILD_DIGEST}" != "null" ]; then
                            CHILD_REF="${BASE_IMAGE}@${CHILD_DIGEST}"
                            echo "==> cosign verify (public key) child ${CHILD_REF}"
                            if retry_verify "cosign verify --key env://COSIGN_PUBLIC_KEY '${CHILD_REF}' -o text"; then
                              CHILD_VERIFIED=true
                              echo "Public key verification succeeded for child ${CHILD_REF}"
                            else
                              echo "Public key verification failed for child ${CHILD_REF}"
                            fi
                            echo "==> cosign verify (keyless policy) child ${CHILD_REF}"
                            if retry_verify "cosign verify --certificate-oidc-issuer '${issuer}' --certificate-identity-regexp '${id_regex}' '${CHILD_REF}' -o text"; then
                              CHILD_VERIFIED=true
                              echo "Keyless verification succeeded for child ${CHILD_REF}"
                            else
                              echo "Keyless verification failed for child ${CHILD_REF}"
                            fi
                          else
                            echo "No child digest found for ${BASE_IMAGE}:${CHILD_TAG}; skipping"
                          fi
                        done
                        if [ "${CHILD_VERIFIED}" != "true" ]; then
                          echo "Failed to verify index and no child manifests verified for ${BASE_IMAGE}:${IMAGE_TAG}"
                          exit 10
                        fi
                      fi
                      echo "✓ Successfully signed and verified ${BASE_IMAGE}:${IMAGE_TAG}"
                    done
--- a/messages/de-DE.json
+++ b/messages/de-DE.json
@@ -97,7 +97,7 @@
    "siteGeneralDescription": "Allgemeine Einstellungen für diesen Standort konfigurieren",
    "siteSettingDescription": "Standorteinstellungen konfigurieren",
    "siteSetting": "{siteName} Einstellungen",
-    "siteNewtTunnel": "Neuer Standort (empfohlen)",
+    "siteNewtTunnel": "Newt Standort (empfohlen)",
    "siteNewtTunnelDescription": "Einfachster Weg, einen Einstiegspunkt in jedes Netzwerk zu erstellen. Keine zusätzliche Einrichtung.",
    "siteWg": "Einfacher WireGuard Tunnel",
    "siteWgDescription": "Verwende jeden WireGuard-Client, um einen Tunnel einzurichten. Manuelles NAT-Setup erforderlich.",
@@ -107,7 +107,7 @@
    "siteSeeAll": "Alle Standorte anzeigen",
    "siteTunnelDescription": "Legen Sie fest, wie Sie sich mit dem Standort verbinden möchten",
    "siteNewtCredentials": "Zugangsdaten",
-    "siteNewtCredentialsDescription": "So wird sich die Seite mit dem Server authentifizieren",
+    "siteNewtCredentialsDescription": "So wird sich der Standort mit dem Server authentifizieren",
    "remoteNodeCredentialsDescription": "So wird sich der entfernte Node mit dem Server authentifizieren",
    "siteCredentialsSave": "Anmeldedaten speichern",
    "siteCredentialsSaveDescription": "Du kannst das nur einmal sehen. Stelle sicher, dass du es an einen sicheren Ort kopierst.",
@@ -2503,7 +2503,7 @@
    "deviceModel": "Gerätemodell",
    "serialNumber": "Seriennummer",
    "hostname": "Hostname",
-    "firstSeen": "Erster Blick",
+    "firstSeen": "Zuerst gesehen",
    "lastSeen": "Zuletzt gesehen",
    "biometricsEnabled": "Biometrie aktiviert",
    "diskEncrypted": "Festplatte verschlüsselt",
--- a/server/private/routers/loginPage/upsertLoginPageBranding.ts
+++ b/server/private/routers/loginPage/upsertLoginPageBranding.ts
@@ -78,7 +78,7 @@ export async function upsertLoginPageBranding(
    next: NextFunction
 ): Promise<any> {
    try {
-        const parsedBody = bodySchema.safeParse(req.body);
+        const parsedBody = await bodySchema.safeParseAsync(req.body);
        if (!parsedBody.success) {
            return next(
                createHttpError(
--- a/server/routers/client/archiveClient.ts
+++ b/server/routers/client/archiveClient.ts
@@ -9,9 +9,6 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { rebuildClientAssociationsFromClient } from "@server/lib/rebuildClientAssociations";
 import { sendTerminateClient } from "./terminate";
 import { OlmErrorCodes } from "../olm/error";
 const archiveClientSchema = z.strictObject({
    clientId: z.string().transform(Number).pipe(z.int().positive())
@@ -77,9 +74,6 @@ export async function archiveClient(
                .update(clients)
                .set({ archived: true })
                .where(eq(clients.clientId, clientId));
            // Rebuild associations to clean up related data
            await rebuildClientAssociationsFromClient(client, trx);
        });
        return response(res, {
--- a/server/routers/olm/archiveUserOlm.ts
+++ b/server/routers/olm/archiveUserOlm.ts
@@ -1,6 +1,6 @@
 import { NextFunction, Request, Response } from "express";
 import { db } from "@server/db";
-import { olms, clients } from "@server/db";
+import { olms } from "@server/db";
 import { eq } from "drizzle-orm";
 import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
@@ -8,9 +8,6 @@ import response from "@server/lib/response";
 import { z } from "zod";
 import { fromError } from "zod-validation-error";
 import logger from "@server/logger";
 import { rebuildClientAssociationsFromClient } from "@server/lib/rebuildClientAssociations";
 import { sendTerminateClient } from "../client/terminate";
 import { OlmErrorCodes } from "./error";
 const paramsSchema = z
    .object({
@@ -37,26 +34,7 @@ export async function archiveUserOlm(
        const { olmId } = parsedParams.data;
        // Archive the OLM and disconnect associated clients in a transaction
        await db.transaction(async (trx) => {
            // Find all clients associated with this OLM
            const associatedClients = await trx
                .select()
                .from(clients)
                .where(eq(clients.olmId, olmId));
            // Disconnect clients from the OLM (set olmId to null)
            for (const client of associatedClients) {
                await trx
                    .update(clients)
                    .set({ olmId: null })
                    .where(eq(clients.clientId, client.clientId));
                await rebuildClientAssociationsFromClient(client, trx);
                await sendTerminateClient(client.clientId, OlmErrorCodes.TERMINATED_ARCHIVED, olmId);
            }
            // Archive the OLM (set archived to true)
            await trx
                .update(olms)
                .set({ archived: true })
--- a/server/setup/ensureSetupToken.ts
+++ b/server/setup/ensureSetupToken.ts
@@ -64,16 +64,20 @@ export async function ensureSetupToken() {
                );
            }
-            if (existingToken?.token !== envSetupToken) {
+            if (existingToken) {
-                console.warn(
+                // Token exists in DB - update it if different
-                    "Overwriting existing token in DB since PANGOLIN_SETUP_TOKEN is set"
+                if (existingToken.token !== envSetupToken) {
-                );
+                    console.warn(
                        "Overwriting existing token in DB since PANGOLIN_SETUP_TOKEN is set"
                    );
-                await db
+                    await db
-                    .update(setupTokens)
+                        .update(setupTokens)
-                    .set({ token: envSetupToken })
+                        .set({ token: envSetupToken })
-                    .where(eq(setupTokens.tokenId, existingToken.tokenId));
+                        .where(eq(setupTokens.tokenId, existingToken.tokenId));
                }
            } else {
                // No existing token - insert new one
                const tokenId = generateId(15);
                await db.insert(setupTokens).values({
Author	SHA1	Message	Date
MoweME	b0566d3c6f	fix(i18n): correct German site terminology Updates the German translation to use "Standort" (site) instead of "Seite" (page) for consistency with the site context.	2026-01-29 10:01:30 -08:00
MoweME	5dda8c384f	fix(i18n): correct German translation strings Corrects mistranslation of device timestamp labels and fixes product name reference in site tunnel settings.	2026-01-29 10:01:30 -08:00
Owen	cb569ff14d	Properly insert PANGOLIN_SETUP_TOKEN into db Fixes #2361	2026-01-28 15:03:31 -08:00
Owen	37c4a7b690	Retry verify	2026-01-24 11:55:32 -08:00
Owen	b735e7c34d	Fix #2314	2026-01-24 11:47:17 -08:00
Owen	5f85c3b3b8	Remove extra rebuild command	2026-01-24 11:35:45 -08:00
miloschwartz	5d9cb9fa21	fix clear olmId from client on archive	2026-01-24 11:11:25 -08:00