lundberg/porchlight
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
162 commits 1 branch 0 tags 882 KiB
Commit graph

7 commits

Author SHA1 Message Date
Johan Lundberg
c7550cbf09
fix(security): lock down signing-key file permissions 
Private JWK files were written under the default umask (observed 0664 — group
and world readable). Create the key directory 0700, chmod private key files
(private_jwks.json, token_jwks.json) to 0600 after they are written, and
refuse to start if a pre-existing private key is group/world accessible.

Tests now use an isolated per-test key directory.

Refs: porchlight-91i

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-08 15:21:27 +02:00
Johan Lundberg
d4acb46cf5
feat: add rate limiting middleware for authentication endpoints 
Add slowapi-based rate limiting: 5/min on password login, 10/min on
WebAuthn login. Includes shared rate limiter reset fixture for tests.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-31 15:23:51 +02:00
Johan Lundberg
f648422227
test: update all tests to include CSRF tokens 2026-02-19 14:19:47 +01:00
Johan Lundberg
d1f2b39cb6
feat: wire CSRF middleware and harden session cookie 2026-02-19 13:45:58 +01:00
Johan Lundberg
7cb1adbd06
update all imports in test files: fastapi_oidc_op → porchlight 2026-02-16 15:34:53 +01:00
Johan Lundberg
a45604ff2f
feat: add lifespan integration and dependency injection 2026-02-13 13:59:59 +01:00
Johan Lundberg
6a8b41cd38
feat: add app factory with health endpoint and test infrastructure 2026-02-12 15:09:27 +01:00