style: lowercase all user-facing strings and add custom eslint rule

Comprehensive sweep of all user-facing text to enforce lowercase
convention, including acronyms (api, rest, http, opml, json, totp,
mfa, qr, hmac). Added asa-lowercase/lowercase-strings eslint rule
that reports uppercase in notify() calls, error messages, jsx text,
and checked attributes (placeholder, alt, title).

1 files changed, 5 insertions, 5 deletions

diff --git a/apps/web/lib/api-auth.ts b/apps/web/lib/api-auth.ts
index 309fbe9..3f819f2 100644
--- a/apps/web/lib/api-auth.ts
+++ b/apps/web/lib/api-auth.ts
@@ -19,14 +19,14 @@ export async function authenticateApiRequest(
     return {
       authenticated: false,
       status: 401,
-      error: "Missing or invalid Authorization header",
+      error: "missing or invalid authorization header",
     }
   }
 
   const apiKey = authorizationHeader.slice(7)
 
   if (!apiKey.startsWith("asn_")) {
-    return { authenticated: false, status: 401, error: "Invalid API key format" }
+    return { authenticated: false, status: 401, error: "invalid api key format" }
   }
 
   const keyHash = hashApiKey(apiKey)
@@ -40,7 +40,7 @@ export async function authenticateApiRequest(
     .single()
 
   if (!keyRow) {
-    return { authenticated: false, status: 401, error: "Invalid or revoked API key" }
+    return { authenticated: false, status: 401, error: "invalid or revoked api key" }
   }
 
   const { data: userProfile } = await adminClient
@@ -53,7 +53,7 @@ export async function authenticateApiRequest(
     return {
       authenticated: false,
       status: 403,
-      error: "API access requires the developer plan",
+      error: "api access requires the developer plan",
     }
   }
 
@@ -63,7 +63,7 @@ export async function authenticateApiRequest(
     return {
       authenticated: false,
       status: 429,
-      error: `Rate limit exceeded. ${rateLimitResult.remaining} requests remaining.`,
+      error: `rate limit exceeded. ${rateLimitResult.remaining} requests remaining.`,
     }
   }