Implement security hardening, notification pipeline, and CI test suite
All checks were successful
CI / test (push) Successful in 9m2s
All checks were successful
CI / test (push) Successful in 9m2s
Security hardening: - Added IP/user rate limiting with Redis-backed counters and fail-open behavior. - Added message anti-spam controls (per-chat rate + duplicate cooldown). - Implemented refresh token rotation with JTI tracking and revoke support. Notification pipeline: - Added Celery app and async notification tasks for mention/offline delivery. - Added Redis-based presence tracking and integrated it into realtime connect/disconnect. - Added notification dispatch from message flow and notifications listing endpoint. Quality gates and CI: - Added pytest async integration tests for auth and chat/message lifecycle. - Added pytest config, test fixtures, and GitHub Actions CI workflow. - Fixed bcrypt/passlib compatibility by pinning bcrypt version. - Documented worker and quality-gate commands in README.
This commit is contained in:
@@ -30,3 +30,11 @@ SMTP_USERNAME=
|
||||
SMTP_PASSWORD=
|
||||
SMTP_USE_TLS=false
|
||||
SMTP_FROM_EMAIL=no-reply@benyamessenger.local
|
||||
|
||||
LOGIN_RATE_LIMIT_PER_MINUTE=10
|
||||
REGISTER_RATE_LIMIT_PER_MINUTE=5
|
||||
RESET_RATE_LIMIT_PER_MINUTE=5
|
||||
REFRESH_RATE_LIMIT_PER_MINUTE=30
|
||||
MESSAGE_RATE_LIMIT_PER_MINUTE=30
|
||||
DUPLICATE_MESSAGE_COOLDOWN_SECONDS=10
|
||||
CELERY_TASK_ALWAYS_EAGER=false
|
||||
|
||||
Reference in New Issue
Block a user