senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2415 commits 37 branches 94 tags 1.5 GiB
Commit graph

11 commits

Author SHA1 Message Date
senke
6a675565e1 feat(v0.13.3): complete - Polish Sécurité Avancée 
TASK-SECADV-001: WebAuthn/Passkeys (F022)
- WebAuthn credential model, service, handler
- Registration/authentication ceremony endpoints
- CRUD operations (list, rename, delete passkeys)
- Routes: GET/POST/PUT/DELETE /auth/passkeys/*

TASK-SECADV-002: Configurable password policy (F015)
- PasswordPolicyConfig with MinLength, MaxLength, RequireUpper/Lower/Number/Special
- NewPasswordValidatorWithPolicy constructor
- PasswordPolicyFromEnv() reads env vars (PASSWORD_MIN_LENGTH, etc.)
- All character class checks now respect policy configuration

TASK-SECADV-003: Géolocalisation connexions (F025)
- GeoIPResolver interface + GeoIPService implementation
- Country/city columns added to login_history table
- LoginHistoryService.Record() performs GeoIP lookup
- GetUserHistory returns geolocation data
- GET /auth/login-history endpoint

TASK-SECADV-004: Password expiration (F016)
- password_changed_at column on users table
- CheckPasswordExpiration() method on PasswordService
- All password change/reset methods now set password_changed_at
- NewPasswordServiceWithPolicy() supports expiration days config

Migration: 971_security_advanced_v0133.sql

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-13 10:09:01 +01:00
senke
2ed2bb9dcf v0.9.4 2026-03-05 23:03:43 +01:00
senke
f14574322c fix(security): add SSRF protection for webhook URL registration 
SEC-07: Strengthened ValidateWebhookURL to require HTTPS only (was
allowing HTTP). Private IP ranges, localhost, and cloud metadata
endpoints remain blocked.
 2026-02-22 17:31:10 +01:00
senke
ed7c4b4402 security(webhooks): extract SSRF validation to internal/validators/url_validator 2026-02-14 18:24:39 +01:00
senke
76d95ecfb4 incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
senke
0e7b6fede1 [T0-002] fix(rust): Corriger erreurs compilation Rust 
- Conflit SQLx résolu (alignement sur version 0.7)
- build.rs configurés pour protoc dans chat/stream servers
- API Prometheus migrée vers HistogramOpts
- Traits Display/Debug corrigés (String au lieu de &dyn Display)
- API TOTP corrigée (totp-rs 5.4 avec Secret::Encoded)
- Layers tracing-subscriber corrigés (types conditionnels)
- VezaError/VezaResult exportés dans lib.rs
- TransactionProvider simplifié (retour void au lieu de Box<dyn>)
- VezaConfig contraint Serialize pour to_json()

Files: veza-common/Cargo.toml, veza-common/src/*.rs, veza-chat-server/Cargo.toml, veza-chat-server/build.rs, veza-stream-server/Cargo.toml, veza-stream-server/build.rs, VEZA_ROADMAP.json
Hours: 8 estimated, 3 actual
 2026-01-04 01:44:20 +01:00
senke
02cfdd8f43 [FIX] PROD-009: Corriger validation mot de passe - ne rejeter que si exactement un mot commun 2026-01-04 01:44:18 +01:00
senke
fe7cf7fc04 [BE-SVC-020] be-svc: Implement request validation improvements 
- Enhanced error messages in validator with more descriptive and contextual messages
- Added custom validations: slug, phone, date_iso, not_empty
- Created QueryParamValidation middleware for query parameter validation
- Support for validation rules: numeric, integer, min, max, oneof, email, uuid, url
- Improved error messages for all validation tags (40+ tags supported)
- Comprehensive unit tests for query parameter validation
- Better error context and user-friendly messages

Phase: PHASE-6
Priority: P2
Progress: 116/267 (43.45%)
 2025-12-24 17:09:54 +01:00
senke
616a0ebc9c [BE-SEC-006] security: Implement comprehensive password strength validation 
- Enhanced PasswordValidator with additional security checks:
  * Maximum length validation (128 characters)
  * Common password detection (password, 123456, qwerty, etc.)
  * Repetitive pattern detection (aaaa, 1111, etc.)
  * Sequential pattern detection (1234, abcd, qwerty, etc.)
- Added ValidatePasswordChange method to ensure new password is
  sufficiently different from old password (similarity check)
- Updated PasswordService to use enhanced validator consistently
- Replaced utils.ValidatePasswordStrength with validators.PasswordValidator
- All password operations now use the same comprehensive validation rules

Phase: PHASE-4
Priority: P1
Progress: 8/267 (3.0%)
 2025-12-24 12:08:03 +01:00
okinrev
1e4f7b1756 STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
okinrev
2425c15b09 adding initial backend API (Go) 2025-12-03 20:29:37 +01:00