Admins can now load the public site and their dashboard while coming-soon
mode is on, instead of being redirected to /coming-soon for everything
outside /admin/*.
Members (and pre-registrants) hitting wiki.ghostguild.org were getting bounced
to /coming-soon with a "Pre-Register" link, even when the OIDC flow was
working correctly.
- Allowlist /auth/oidc-error, /auth/logout-confirm, /auth/logout-success,
and /verify in the coming-soon middleware so OIDC errors and main-site
magic links stop redirecting to the pre-register page.
- Raise OIDC Interaction TTL from 10m to 15m so it outlives the magic-link
JWT and legitimate members don't hit expired-interaction errors when they
click the email a few minutes late.
- Differentiate the "email isn't a registered member" response on the wiki
login route and show a dedicated "Not a member yet" state with a
pre-register link and contact email, instead of the misleading
"Check your inbox" that silently failed.
Coming-soon page now shows a magic link login form for unauthenticated
visitors and a wiki link + sign out for logged-in members. The
coming-soon middleware allows /admin routes through (still protected by
admin middleware). A /login redirect page ensures invite email links work.
Remove auth bypass from coming-soon middleware so no one can access
the in-development site in production. Remove unused login button
from coming-soon page since wiki has its own OIDC login flow.
Add JWT-verified session check to coming-soon middleware so logged-in
members can access the full site. Add member login link and modal to
the coming-soon page so members can sign in before launch.
