feat: enhance logging for authentication events

src/config.py

@@ -258,6 +258,9 @@ def override_config_from_env(config: Config = None):
             try:
                 field_type = config.__dataclass_fields__[field].type
                 env_value = os.environ[env_var]
+                # If password is overridden, it's no longer auto-generated
+                if field == "dashboard_password":
+                    config.dashboard_password_generated = False
                 if field_type == int:
                     setattr(config, field, int(env_value))
                 elif field_type == float:

src/routes/api.py

@@ -73,6 +73,7 @@ async def authenticate(request: Request, body: AuthRequest):
     if hmac.compare_digest(body.fingerprint, expected):
         # Success — clear failed attempts
         _auth_attempts.pop(ip, None)
+        get_app_logger().info(f"[AUTH] Successful login from {ip}")
         token = secrets.token_hex(32)
         _auth_tokens.add(token)
         response = JSONResponse(content={"authenticated": True})
@@ -85,6 +86,7 @@ async def authenticate(request: Request, body: AuthRequest):
         return response
 
     # Failed attempt — track and possibly lock out
+    get_app_logger().warning(f"[AUTH] Failed login attempt from {ip}")
     if not record:
         record = {"attempts": 0, "locked_until": 0, "lockouts": 0}
         _auth_attempts[ip] = record