Till JS f7df8e97aa feat(auth): add audit logging, account lockout, and API key rate limiting ... 1. SecurityEventsService: Centralized audit logging for all auth events (login, register, logout, password changes, API key operations, SSO token exchange, etc.). Fire-and-forget pattern ensures auth flows are never blocked by logging failures. 2. AccountLockoutService: Locks accounts after 5 failed login attempts within 15 minutes. 30-minute lockout duration. Fails open on DB errors. Clears attempts on successful login. Email-not-verified does not count as a failed attempt. 3. API Key validation endpoint secured with rate limiting (10 req/min per IP via ThrottlerGuard) and audit logging. Key prefixes logged for forensics, never full keys. New schema: auth.login_attempts table for tracking failed logins. 174 tests passing across all auth and security modules. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>		2026-03-19 22:09:58 +01:00
..
migrations	♻️ refactor(credits): simplify credit system by removing free credits and B2B	2026-02-16 11:54:32 +01:00
schema	feat(auth): add audit logging, account lockout, and API key rate limiting	2026-03-19 22:09:58 +01:00
seeds	💳 feat(stripe): add ManaCore unified subscription plans	2026-02-16 11:43:04 +01:00
connection.ts	style: auto-format codebase with Prettier	2025-11-27 18:33:16 +01:00
migrate.ts	✨ feat(db): add production-safe migration system with advisory locks	2025-12-09 02:13:11 +01:00
seed-dev-user.ts	fix(seed): use simple password for test user (encoding issues with special chars)	2026-02-01 05:13:42 +01:00