mirror of
https://github.com/Memo-2023/mana-monorepo.git
synced 2026-05-20 19:46:41 +02:00
f7df8e97aa
1. SecurityEventsService: Centralized audit logging for all auth events (login, register, logout, password changes, API key operations, SSO token exchange, etc.). Fire-and-forget pattern ensures auth flows are never blocked by logging failures. 2. AccountLockoutService: Locks accounts after 5 failed login attempts within 15 minutes. 30-minute lockout duration. Fails open on DB errors. Clears attempts on successful login. Email-not-verified does not count as a failed attempt. 3. API Key validation endpoint secured with rate limiting (10 req/min per IP via ThrottlerGuard) and audit logging. Key prefixes logged for forensics, never full keys. New schema: auth.login_attempts table for tracking failed logins. 174 tests passing across all auth and security modules. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
9 lines
319 B
TypeScript
9 lines
319 B
TypeScript
export * from './api-keys.schema';
|
|
export * from './auth.schema';
|
|
export * from './credits.schema';
|
|
export * from './feedback.schema';
|
|
export * from './gifts.schema';
|
|
export * from './login-attempts.schema';
|
|
export * from './organizations.schema';
|
|
export * from './subscriptions.schema';
|
|
export * from './tags.schema';
|