veza/veza-backend-api/migrations/971_security_advanced_v0133_down.sql at 6a675565e1ebfc81b25755085e48306cc5996b09 - senke/veza - Talas Project: Beyond coding. We Forge.

senke/veza

senke 6a675565e1 feat(v0.13.3): complete - Polish Sécurité Avancée

TASK-SECADV-001: WebAuthn/Passkeys (F022)
- WebAuthn credential model, service, handler
- Registration/authentication ceremony endpoints
- CRUD operations (list, rename, delete passkeys)
- Routes: GET/POST/PUT/DELETE /auth/passkeys/*

TASK-SECADV-002: Configurable password policy (F015)
- PasswordPolicyConfig with MinLength, MaxLength, RequireUpper/Lower/Number/Special
- NewPasswordValidatorWithPolicy constructor
- PasswordPolicyFromEnv() reads env vars (PASSWORD_MIN_LENGTH, etc.)
- All character class checks now respect policy configuration

TASK-SECADV-003: Géolocalisation connexions (F025)
- GeoIPResolver interface + GeoIPService implementation
- Country/city columns added to login_history table
- LoginHistoryService.Record() performs GeoIP lookup
- GetUserHistory returns geolocation data
- GET /auth/login-history endpoint

TASK-SECADV-004: Password expiration (F016)
- password_changed_at column on users table
- CheckPasswordExpiration() method on PasswordService
- All password change/reset methods now set password_changed_at
- NewPasswordServiceWithPolicy() supports expiration days config

Migration: 971_security_advanced_v0133.sql

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-13 10:09:01 +01:00

6 lines

243 B

SQL

Raw Blame History

 -- v0.13.3: Down migration
 ALTER TABLE users DROP COLUMN IF EXISTS password_changed_at;
 ALTER TABLE login_history DROP COLUMN IF EXISTS city;
 ALTER TABLE login_history DROP COLUMN IF EXISTS country;
 DROP TABLE IF EXISTS webauthn_credentials;