senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
2226 commits 37 branches 94 tags 1.5 GiB
Commit graph

2 commits

Author SHA1 Message Date
senke
b0a46040f1 feat(v0.12.6.2): enforce MFA for admin/moderator + align refresh token TTL to 7 days
Some checks failed
Backend API CI / test-unit (push) Failing after 0s
Details
Backend API CI / test-integration (push) Failing after 0s
Details 
TASK-SFIX-001: MFA enforcement for privileged roles
- Add RequireMFA() middleware, TwoFactorChecker interface, SetTwoFactorChecker()
- Apply to all 3 admin route groups (platform, moderation, core)
- Returns 403 "mfa_setup_required" if admin/moderator without 2FA
- Regular users bypass the check
- Ref: ORIGIN_SECURITY_FRAMEWORK.md Rule 5

TASK-SFIX-002: Refresh token TTL alignment
- jwt_service.go: RefreshTokenTTL 14d→7d, RememberMeRefreshTokenTTL 30d→7d
- handlers/auth.go: Cookie max-age and session expiresIn → 7d across
  Login, LoginWith2FA, Register, Refresh handlers
- middleware/auth.go: Session auto-refresh default 30d→7d
- Ref: ORIGIN_SECURITY_FRAMEWORK.md Rule 4

TASK-SFIX-003: 5 unit tests — all PASS
- TestRequireMFA_AdminWithoutMFA, TestRequireMFA_AdminWithMFA
- TestRequireMFA_RegularUserNotAffected
- TestRefreshTokenTTL_Is7Days, TestAccessTokenTTL_Is5Minutes

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-12 06:53:27 +01:00
senke
f68405a52e feat(v0.11.3): F421-F424 admin platform handler and routes 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-10 18:19:45 +01:00