chore: update version to 1.1.0 and improve two-factor provider validation

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "nodewarden",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "nodewarden",
-      "version": "1.0.0",
+      "version": "1.1.0",
       "license": "LGPL-3.0",
       "devDependencies": {
         "@cloudflare/workers-types": "^4.20260131.0",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodewarden",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "Minimal Bitwarden-compatible server running on Cloudflare Workers",
   "author": "shuaiplus",
   "license": "LGPL-3.0",

src/handlers/identity.ts

@@ -113,7 +113,8 @@ export async function handleToken(request: Request, env: Env): Promise<Response>
     // Optional 2FA: enabled only when TOTP_SECRET is configured in Workers env.
     let trustedTwoFactorTokenToReturn: string | undefined;
     if (isTotpEnabled(env.TOTP_SECRET)) {
-      if (twoFactorProvider !== undefined && String(twoFactorProvider) !== '0') {
+      const normalizedTwoFactorProvider = String(twoFactorProvider ?? '').trim();
+      if (normalizedTwoFactorProvider !== '' && normalizedTwoFactorProvider !== '0') {
         return identityErrorResponse('Unsupported two-factor provider', 'invalid_grant', 400);
       }
 

src/services/storage.ts

@@ -122,7 +122,7 @@ export class StorageService {
   // --- Database initialization ---
   // Strategy:
   // - Run only once per isolate.
-  // - Execute idempotent schema SQL on first DB use in each isolate.
+  // - Execute idempotent schema SQL on first request in each isolate.
   // - Keep statements idempotent so updates are safe.
   async initializeDatabase(): Promise<void> {
     if (StorageService.schemaVerified) return;