till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-17 17:29:41 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
managarten/services/mana-core-auth/src
History
Till JS f7df8e97aa feat(auth): add audit logging, account lockout, and API key rate limiting 
1. SecurityEventsService: Centralized audit logging for all auth events
   (login, register, logout, password changes, API key operations, SSO
   token exchange, etc.). Fire-and-forget pattern ensures auth flows
   are never blocked by logging failures.

2. AccountLockoutService: Locks accounts after 5 failed login attempts
   within 15 minutes. 30-minute lockout duration. Fails open on DB
   errors. Clears attempts on successful login. Email-not-verified
   does not count as a failed attempt.

3. API Key validation endpoint secured with rate limiting (10 req/min
   per IP via ThrottlerGuard) and audit logging. Key prefixes logged
   for forensics, never full keys.

New schema: auth.login_attempts table for tracking failed logins.
174 tests passing across all auth and security modules.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 22:09:58 +01:00
..
__tests__/utils ♻️ refactor(credits): simplify credit system by removing free credits and B2B 2026-02-16 11:54:32 +01:00
admin feat(gdpr): add DSGVO improvements for self-service data page 2026-02-13 13:43:23 +01:00
ai 🐛 fix(auth): remove type-only import of ConfigService in AiService 2025-12-04 19:08:37 +01:00
analytics fix(mana-core-auth): complete production readiness with test fixes 2026-02-01 14:18:58 +01:00
api-keys feat(auth): add audit logging, account lockout, and API key rate limiting 2026-03-19 22:09:58 +01:00
auth feat(auth): add audit logging, account lockout, and API key rate limiting 2026-03-19 22:09:58 +01:00
common ♻️ refactor(credits): simplify credit system by removing free credits and B2B 2026-02-16 11:54:32 +01:00
config ♻️ refactor(credits): simplify credit system by removing free credits and B2B 2026-02-16 11:54:32 +01:00
credits ♻️ refactor(credits): simplify credit system by removing free credits and B2B 2026-02-16 11:54:32 +01:00
db feat(auth): add audit logging, account lockout, and API key rate limiting 2026-03-19 22:09:58 +01:00
email feat(gdpr): add DSGVO improvements for self-service data page 2026-02-13 13:43:23 +01:00
feedback Fix wrong type 2025-12-04 23:25:25 +01:00
gifts ♻️ refactor(credits): simplify credit system by removing free credits and B2B 2026-02-16 11:54:32 +01:00
health 🐛 fix(matrix-mana-bot): resolve QEMU emulation failure in CI 2026-02-01 13:59:04 +01:00
me feat(gdpr): add DSGVO improvements for self-service data page 2026-02-13 13:43:23 +01:00
metrics feat(calendar): add Playwright E2E tests for web app 2026-03-17 13:08:09 +01:00
security feat(auth): add audit logging, account lockout, and API key rate limiting 2026-03-19 22:09:58 +01:00
settings feat(onboarding): add Matrix onboarding bot for profile setup 2026-02-14 12:42:41 +01:00
storage feat(auth): add avatar upload with S3/MinIO and subscription plans seed 2026-02-13 23:06:24 +01:00
stripe 💳 feat(stripe): add SEPA Direct Debit payment option 2026-02-16 12:05:19 +01:00
subscriptions 💳 feat(stripe): add SEPA Direct Debit payment option 2026-02-16 12:05:19 +01:00
tags feat: major update with network graphs, themes, todo extensions, and more 2025-12-10 02:37:46 +01:00
app.module.ts feat(auth): add audit logging, account lockout, and API key rate limiting 2026-03-19 22:09:58 +01:00
main.ts fix(auth): remove conflicting JSON body parser middleware 2026-02-16 14:30:06 +01:00