senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/veza-backend-api/internal/core
History
senke 44517da6f6 [BE-SEC-007] security: Implement account lockout after failed login attempts 
- Created AccountLockoutService to track failed login attempts
- Accounts are locked after 5 failed attempts within 15 minutes
- Lockout duration: 30 minutes (auto-unlock)
- Service uses Redis for persistence (fail-open if Redis unavailable)
- Integrated into AuthService Login method:
  * Check account lockout status before login
  * Record failed attempts (even for non-existent users to prevent enumeration)
  * Reset failed attempts counter on successful login
  * Auto-unlock expired accounts
- Added SetAccountLockoutService method to AuthService
- Service initialized in router when Redis is available

Phase: PHASE-4
Priority: P1
Progress: 9/267 (3.4%)
2025-12-24 12:10:41 +01:00
..
auth [BE-SEC-007] security: Implement account lockout after failed login attempts 2025-12-24 12:10:41 +01:00
collaboration adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
education adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
marketplace STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
social stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
track [BE-API-029] be-api: Implement shared track access endpoint validation 2025-12-24 11:45:27 +01:00