senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
1949 commits 37 branches 94 tags 1.5 GiB
Commit graph

5 commits

Author SHA1 Message Date
senke
32348bebce feat(developer): add API keys backend (Lot C) 
- Migration 082: api_keys table (user_id, name, prefix, hashed_key, scopes, last_used_at, expires_at)
- APIKey model, APIKeyService (Create, List, Delete, ValidateAPIKey)
- APIKeyHandler: GET/POST/DELETE /api/v1/developer/api-keys
- AuthMiddleware: X-API-Key and Bearer vza_* accepted as alternative to JWT
- CSRF: skip for API key auth (stateless)
- Key format: vza_ prefix, SHA-256 hashed storage
 2026-02-20 00:18:36 +01:00
senke
759154e660 fix(auth): add Redis lock for concurrent refresh token requests 2026-02-14 18:29:37 +01:00
senke
1ebbb06315 [FE-PAGE-015] fe-page: Add Analytics page 2025-12-25 11:25:06 +01:00
senke
f8aa42df20 [BE-TEST-017] be-test: Add security tests for authorization 
- Created comprehensive authorization test suite
- Tests verify unauthorized access is blocked (401/403)
- Tests cover: no token, invalid token, expired token
- Tests verify role-based access control (admin, creator, regular user)
- Tests verify ownership checks and admin override
- Tests verify token version mismatch protection

Phase: PHASE-5
Priority: P2
Progress: 138/267 (51.69%)
 2025-12-25 02:00:56 +01:00
senke
6e4a3578c9 [BE-TEST-016] be-test: Add security tests for injection attacks 
- Created comprehensive security test suite for SQL injection, XSS, and command injection
- Added 30+ SQL injection test payloads
- Added 50+ XSS test payloads
- Added 30+ command injection test payloads
- Tests verify GORM parameterized queries protection
- Tests verify input sanitization utilities
- Added README documentation for security tests

Phase: PHASE-5
Priority: P2
Progress: 137/267 (51.31%)
 2025-12-25 01:57:59 +01:00