senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/veza-backend-api/internal/middleware
History
senke b47fa21331 feat(v0.12.8): documentation & API publique — rate limiting, scopes, OpenAPI 
- API key rate limiting middleware (1000 reads/h, 200 writes/h par clé)
  — tracking séparé read/write, par API key ID (pas par IP)
  — headers X-RateLimit-Limit/Remaining/Reset sur chaque réponse
- API key scope enforcement middleware (read → GET, write → POST/PUT/DELETE)
  — admin scope permet tout, CSRF skip pour API key auth
- OpenAPI spec: ajout securityDefinition ApiKeyAuth (X-API-Key header)
- Swagger annotations: ajout ApiKeyAuth dans cmd/api/main.go
- Wiring dans router.go: middlewares appliqués sur tout le groupe /api/v1
- Tests: 10 tests (5 rate limiter + 5 scope enforcement), tous PASS

Backend existant déjà en place (pré-v0.12.8):
- Swagger UI (gin-swagger + frontend SwaggerUIDoc component)
- API key CRUD (create/list/delete + X-API-Key auth dans AuthMiddleware)
- Developer Dashboard frontend (API keys, webhooks, playground)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 18:44:09 +01:00
..
api_key_rate_limiter.go feat(v0.12.8): documentation & API publique — rate limiting, scopes, OpenAPI 2026-03-12 18:44:09 +01:00
api_key_rate_limiter_test.go feat(v0.12.8): documentation & API publique — rate limiting, scopes, OpenAPI 2026-03-12 18:44:09 +01:00
api_key_scope.go feat(v0.12.8): documentation & API publique — rate limiting, scopes, OpenAPI 2026-03-12 18:44:09 +01:00
api_key_scope_test.go feat(v0.12.8): documentation & API publique — rate limiting, scopes, OpenAPI 2026-03-12 18:44:09 +01:00
audit.go feat(audit): HTTP audit middleware for auto-logging POST/PUT/DELETE 2026-02-25 19:48:03 +01:00
audit_test.go feat(audit): HTTP audit middleware for auto-logging POST/PUT/DELETE 2026-02-25 19:48:03 +01:00
auth.go feat(v0.12.6.2): enforce MFA for admin/moderator + align refresh token TTL to 7 days 2026-03-12 06:53:27 +01:00
auth_middleware_test.go fix(v0.12.6.1): remediate 2 CRITICAL + 10 HIGH + 1 MEDIUM pentest findings 2026-03-12 05:40:53 +01:00
cache_headers.go feat(v0.12.4): Redis response cache and CDN cache headers middleware 2026-03-11 09:57:06 +01:00
cache_headers_test.go feat(v0.12.4): Redis response cache and CDN cache headers middleware 2026-03-11 09:57:06 +01:00
captcha.go feat(v0.13.0): conformité features partielles — CAPTCHA, password history, login history, SMS 2FA 2026-03-12 09:31:50 +01:00
captcha_test.go feat(v0.13.0): conformité features partielles — CAPTCHA, password history, login history, SMS 2FA 2026-03-12 09:31:50 +01:00
ccpa.go feat(compliance): CCPA Do Not Sell middleware and opt-out endpoint 2026-02-25 19:49:25 +01:00
ccpa_test.go test(v0.803): unit tests for CCPA, reports, announcements, feature flags 2026-02-25 20:02:24 +01:00
context_propagation.go incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
cors.go refactor(backend): replace 40 fmt.Printf calls with zap structured logging 2026-02-22 17:44:38 +01:00
cors_test.go chore(v0.102): consolidate remaining changes — docs, frontend, backend 2026-02-20 13:02:12 +01:00
csrf.go v0.9.8 2026-03-06 19:13:16 +01:00
csrf_integration_test.go incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
endpoint_limiter.go v0.9.4 2026-03-05 23:03:43 +01:00
error_handler.go incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
error_handler_metrics_test.go refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
error_handler_structured_test.go refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
error_handler_test.go refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
general.go [INT-020] int: Add API endpoint deprecation strategy 2025-12-25 15:51:14 +01:00
maintenance.go feat(admin): maintenance mode middleware with 503 responses 2026-02-25 19:54:22 +01:00
maintenance_test.go feat(admin): maintenance mode middleware with 503 responses 2026-02-25 19:54:22 +01:00
metrics.go fix(backend-tests): enable room_handler_test and resolve metric collisions 2025-12-06 12:53:15 +01:00
metrics_protection.go fix(v0.12.6.1): remediate remaining 15 MEDIUM + LOW pentest findings 2026-03-12 06:13:38 +01:00
metrics_protection_test.go v0.9.2 2026-03-05 19:27:34 +01:00
metrics_test.go report generation and future tasks selection 2025-12-08 19:57:54 +01:00
mfa_enforcement_test.go feat(v0.12.6.2): enforce MFA for admin/moderator + align refresh token TTL to 7 days 2026-03-12 06:53:27 +01:00
monitoring.go incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
ownership_integration_test.go incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
playlist_permission.go stabilizing apps/web: THIRD BATCH - FIXED Playwright 2025-12-21 18:55:51 -05:00
playlist_permission_test.go stabilizing apps/web: THIRD BATCH - FIXED Playwright 2025-12-21 18:55:51 -05:00
rate_limit_login_test.go chore(v0.102): consolidate remaining changes — docs, frontend, backend 2026-02-20 13:02:12 +01:00
rate_limiter.go v0.9.4 2026-03-05 23:03:43 +01:00
rate_limiting_integration_test.go incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
ratelimit.go release(v0.903): Vault - ORDER BY whitelist, rate limiter, VERSION sync, chat-server cleanup, Go 1.24 2026-02-27 09:43:25 +01:00
ratelimit_redis.go v0.9.8 2026-03-06 19:13:16 +01:00
ratelimit_test.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
rbac_auth_middleware_test.go feat(security): v0.901 Ironclad - fix 5 critical/high vulnerabilities 2026-02-26 19:34:45 +01:00
rbac_middleware.go stabilizing apps/web: THIRD BATCH - FIXED Playwright 2025-12-21 18:55:51 -05:00
rbac_middleware_test.go [T0-002] fix(rust): Corriger erreurs compilation Rust 2026-01-04 01:44:20 +01:00
recovery.go stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
recovery_env_test.go stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
recovery_test.go stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
request_id.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
request_id_test.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
request_logger.go v0.9.8 2026-03-06 19:13:16 +01:00
request_logger_test.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
response_cache.go feat(v0.12.4): Redis response cache and CDN cache headers middleware 2026-03-11 09:57:06 +01:00
response_cache_test.go feat(v0.12.4): Redis response cache and CDN cache headers middleware 2026-03-11 09:57:06 +01:00
security_headers.go fix(v0.12.6.1): remediate remaining 15 MEDIUM + LOW pentest findings 2026-03-12 06:13:38 +01:00
security_headers_test.go [FE-PAGE-001] fe-page: Complete Dashboard page implementation 2025-12-24 12:35:38 +01:00
sentry_recover.go STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
stream_callback_auth.go Phase 2 stabilisation: code mort, Modal→Dialog, feature flags, tests, router split, Rust legacy 2026-02-14 17:23:32 +01:00
timeout.go refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
timeout_goroutine_test.go refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
timeout_test.go refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
tracing.go [BE-SVC-018] be-svc: Implement request tracing 2025-12-24 17:05:32 +01:00
tracing_test.go [T0-002] fix(rust): Corriger erreurs compilation Rust 2026-01-04 01:44:20 +01:00
upload_rate_limit_test.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
user_rate_limiter.go v0.9.8 2026-03-06 19:13:16 +01:00
validation.go v0.9.4 2026-03-05 23:03:43 +01:00
validation_test.go incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
versioning.go v0.9.8 2026-03-06 19:13:16 +01:00
webhook_api_key.go incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00