senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/veza-backend-api/internal/middleware
History
senke e4dd09a909
Some checks failed
Backend API CI / test-unit (push) Failing after 0s
Details
Backend API CI / test-integration (push) Failing after 0s
Details
feat(v0.13.0): conformité features partielles — CAPTCHA, password history, login history, SMS 2FA 
TASK-CONF-001: SMS 2FA service (sms_2fa_service.go) — SMSProvider interface,
  rate limiting (3/h), 6-digit codes, 5min expiry, LogSMSProvider for dev.
TASK-CONF-002: CAPTCHA service (captcha_service.go) — Cloudflare Turnstile
  verification with fail-open + RequireCaptcha middleware. 11 tests.
TASK-CONF-003: Auth features completed:
  - F014 password history (password_history_service.go) — checks last 5 hashes,
    integrated into PasswordService.ChangePassword. 3 tests.
  - F024 login history (login_history_service.go) — Record, GetUserHistory,
    CountRecentFailures for security auditing.
  - F010/F013/F018/F021/F026 verified already implemented.
TASK-CONF-004: F075 ClamAV verified implemented. F080 watermark deferred (P4).
TASK-CONF-005: ADR-005 handler architecture documented (keep dual, migrate forward).
TASK-CONF-006: Frontend 0 TODO/FIXME, backend 1 — criteria met.

Migration: 970_password_login_history_v0130.sql (password_history, login_history,
sms_verification_codes tables).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 09:31:50 +01:00
..
audit.go feat(audit): HTTP audit middleware for auto-logging POST/PUT/DELETE 2026-02-25 19:48:03 +01:00
audit_test.go feat(audit): HTTP audit middleware for auto-logging POST/PUT/DELETE 2026-02-25 19:48:03 +01:00
auth.go feat(v0.12.6.2): enforce MFA for admin/moderator + align refresh token TTL to 7 days 2026-03-12 06:53:27 +01:00
auth_middleware_test.go fix(v0.12.6.1): remediate 2 CRITICAL + 10 HIGH + 1 MEDIUM pentest findings 2026-03-12 05:40:53 +01:00
cache_headers.go feat(v0.12.4): Redis response cache and CDN cache headers middleware 2026-03-11 09:57:06 +01:00
cache_headers_test.go feat(v0.12.4): Redis response cache and CDN cache headers middleware 2026-03-11 09:57:06 +01:00
captcha.go feat(v0.13.0): conformité features partielles — CAPTCHA, password history, login history, SMS 2FA 2026-03-12 09:31:50 +01:00
captcha_test.go feat(v0.13.0): conformité features partielles — CAPTCHA, password history, login history, SMS 2FA 2026-03-12 09:31:50 +01:00
ccpa.go feat(compliance): CCPA Do Not Sell middleware and opt-out endpoint 2026-02-25 19:49:25 +01:00
ccpa_test.go test(v0.803): unit tests for CCPA, reports, announcements, feature flags 2026-02-25 20:02:24 +01:00
context_propagation.go incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
cors.go refactor(backend): replace 40 fmt.Printf calls with zap structured logging 2026-02-22 17:44:38 +01:00
cors_test.go chore(v0.102): consolidate remaining changes — docs, frontend, backend 2026-02-20 13:02:12 +01:00
csrf.go v0.9.8 2026-03-06 19:13:16 +01:00
csrf_integration_test.go incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
endpoint_limiter.go v0.9.4 2026-03-05 23:03:43 +01:00
error_handler.go incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
error_handler_metrics_test.go refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
error_handler_structured_test.go refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
error_handler_test.go refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
general.go [INT-020] int: Add API endpoint deprecation strategy 2025-12-25 15:51:14 +01:00
maintenance.go feat(admin): maintenance mode middleware with 503 responses 2026-02-25 19:54:22 +01:00
maintenance_test.go feat(admin): maintenance mode middleware with 503 responses 2026-02-25 19:54:22 +01:00
metrics.go fix(backend-tests): enable room_handler_test and resolve metric collisions 2025-12-06 12:53:15 +01:00
metrics_protection.go fix(v0.12.6.1): remediate remaining 15 MEDIUM + LOW pentest findings 2026-03-12 06:13:38 +01:00
metrics_protection_test.go v0.9.2 2026-03-05 19:27:34 +01:00
metrics_test.go report generation and future tasks selection 2025-12-08 19:57:54 +01:00
mfa_enforcement_test.go feat(v0.12.6.2): enforce MFA for admin/moderator + align refresh token TTL to 7 days 2026-03-12 06:53:27 +01:00
monitoring.go incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
ownership_integration_test.go incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
playlist_permission.go stabilizing apps/web: THIRD BATCH - FIXED Playwright 2025-12-21 18:55:51 -05:00
playlist_permission_test.go stabilizing apps/web: THIRD BATCH - FIXED Playwright 2025-12-21 18:55:51 -05:00
rate_limit_login_test.go chore(v0.102): consolidate remaining changes — docs, frontend, backend 2026-02-20 13:02:12 +01:00
rate_limiter.go v0.9.4 2026-03-05 23:03:43 +01:00
rate_limiting_integration_test.go incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
ratelimit.go release(v0.903): Vault - ORDER BY whitelist, rate limiter, VERSION sync, chat-server cleanup, Go 1.24 2026-02-27 09:43:25 +01:00
ratelimit_redis.go v0.9.8 2026-03-06 19:13:16 +01:00
ratelimit_test.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
rbac_auth_middleware_test.go feat(security): v0.901 Ironclad - fix 5 critical/high vulnerabilities 2026-02-26 19:34:45 +01:00
rbac_middleware.go stabilizing apps/web: THIRD BATCH - FIXED Playwright 2025-12-21 18:55:51 -05:00
rbac_middleware_test.go [T0-002] fix(rust): Corriger erreurs compilation Rust 2026-01-04 01:44:20 +01:00
recovery.go stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
recovery_env_test.go stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
recovery_test.go stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
request_id.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
request_id_test.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
request_logger.go v0.9.8 2026-03-06 19:13:16 +01:00
request_logger_test.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
response_cache.go feat(v0.12.4): Redis response cache and CDN cache headers middleware 2026-03-11 09:57:06 +01:00
response_cache_test.go feat(v0.12.4): Redis response cache and CDN cache headers middleware 2026-03-11 09:57:06 +01:00
security_headers.go fix(v0.12.6.1): remediate remaining 15 MEDIUM + LOW pentest findings 2026-03-12 06:13:38 +01:00
security_headers_test.go [FE-PAGE-001] fe-page: Complete Dashboard page implementation 2025-12-24 12:35:38 +01:00
sentry_recover.go STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
stream_callback_auth.go Phase 2 stabilisation: code mort, Modal→Dialog, feature flags, tests, router split, Rust legacy 2026-02-14 17:23:32 +01:00
timeout.go refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
timeout_goroutine_test.go refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
timeout_test.go refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
tracing.go [BE-SVC-018] be-svc: Implement request tracing 2025-12-24 17:05:32 +01:00
tracing_test.go [T0-002] fix(rust): Corriger erreurs compilation Rust 2026-01-04 01:44:20 +01:00
upload_rate_limit_test.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
user_rate_limiter.go v0.9.8 2026-03-06 19:13:16 +01:00
validation.go v0.9.4 2026-03-05 23:03:43 +01:00
validation_test.go incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
versioning.go v0.9.8 2026-03-06 19:13:16 +01:00
webhook_api_key.go incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00