senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/veza-backend-api/internal
History
senke af1e57b418 [BE-SEC-007] security: Implement account lockout after failed login attempts 
- Created AccountLockoutService to track failed login attempts
- Accounts are locked after 5 failed attempts within 15 minutes
- Lockout duration: 30 minutes (auto-unlock)
- Service uses Redis for persistence (fail-open if Redis unavailable)
- Integrated into AuthService Login method:
  * Check account lockout status before login
  * Record failed attempts (even for non-existent users to prevent enumeration)
  * Reset failed attempts counter on successful login
  * Auto-unlock expired accounts
- Added SetAccountLockoutService method to AuthService
- Service initialized in router when Redis is available

Phase: PHASE-4
Priority: P1
Progress: 9/267 (3.4%)
2025-12-24 12:10:41 +01:00
..
api [BE-SEC-007] security: Implement account lockout after failed login attempts 2025-12-24 12:10:41 +01:00
common refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
config stabilizing apps/web: THIRD BATCH - FIXED Playwright 2025-12-21 18:55:51 -05:00
core [BE-SEC-007] security: Implement account lockout after failed login attempts 2025-12-24 12:10:41 +01:00
database stabilizing apps/web: THIRD BATCH - FIXED Playwright 2025-12-21 18:55:51 -05:00
dto [BE-API-001] api: Implement 2FA endpoints (setup, verify, disable) 2025-12-23 01:40:28 +01:00
email STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
errors refactor(marketplace): enforce unified api response envelope 2025-12-06 17:39:04 +01:00
eventbus adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
features adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
handlers [BE-API-040] api: Implement user list endpoint 2025-12-24 11:59:56 +01:00
infrastructure STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
interfaces adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
jobs STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
logging adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
metrics stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
middleware [BE-SEC-005] security: Implement rate limiting for authentication endpoints 2025-12-24 12:05:35 +01:00
models stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
monitoring stabilizing veza-backend-api: P1 & P2 2025-12-16 13:34:08 -05:00
repositories [BE-API-011] be-api: Implement conversation participants endpoints 2025-12-23 10:49:17 +01:00
repository adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
response stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
security adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
services [BE-SEC-007] security: Implement account lockout after failed login attempts 2025-12-24 12:10:41 +01:00
testutils stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
types adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
utils P0 UUID Phase A: migrations + backend Go UUID refactor 2025-12-04 02:15:48 +01:00
validators [BE-SEC-006] security: Implement comprehensive password strength validation 2025-12-24 12:08:03 +01:00
workers stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00