till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-24 02:36:41 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

feat(auth): rate limit feedback, audit log UI, and E2E tests

Browse source 
Rate-limiting feedback:
- LoginPage detects 429/account-locked errors and shows countdown timer
- Submit button disabled during cooldown period

Audit log:
- GET /auth/security-events endpoint (JWT-protected) in auth controller
- getSecurityEvents() in BetterAuthService + shared-auth client
- AuditLog component with event type labels, relative dates, UA parsing
- Integrated in ManaCore settings page

E2E tests (passkey-2fa.e2e-spec.ts):
- Passkey registration/authentication flow tests
- Auth guard enforcement (protected vs public endpoints)
- 2FA passthrough route existence tests
- Edge cases (cross-user access, missing fields, token shape)

CSRF note: Already covered by Better Auth (SameSite + HttpOnly +
Trusted Origins). Token refresh already has 4-retry + offline detection.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Till JS 2026-03-26 21:58:56 +01:00
parent 11ab265d55
commit 0dfd603892
9 changed files with 1061 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
packages/shared-auth-ui/src/index.ts
View file

@ -12,6 +12,7 @@ export { default as PasskeyManager } from './components/PasskeyManager.svelte';
export { default as TwoFactorSetup } from './components/TwoFactorSetup.svelte';
export { default as SecurityOnboarding } from './components/SecurityOnboarding.svelte';
export { default as ChangePassword } from './components/ChangePassword.svelte';
export { default as AuditLog } from './components/AuditLog.svelte';
// Utilities
export {