benya/Messenger
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement security hardening, notification pipeline, and CI test suite
All checks were successful
CI / test (push) Successful in 9m2s
Details

Browse Source 
Security hardening:

- Added IP/user rate limiting with Redis-backed counters and fail-open behavior.

- Added message anti-spam controls (per-chat rate + duplicate cooldown).

- Implemented refresh token rotation with JTI tracking and revoke support.

Notification pipeline:

- Added Celery app and async notification tasks for mention/offline delivery.

- Added Redis-based presence tracking and integrated it into realtime connect/disconnect.

- Added notification dispatch from message flow and notifications listing endpoint.

Quality gates and CI:

- Added pytest async integration tests for auth and chat/message lifecycle.

- Added pytest config, test fixtures, and GitHub Actions CI workflow.

- Fixed bcrypt/passlib compatibility by pinning bcrypt version.

- Documented worker and quality-gate commands in README.
This commit is contained in:
Alex
2026-03-07 21:46:30 +03:00
parent a879ba7b50
commit 85631b566a
29 changed files with 723 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/utils/security.py
View File

@@ -1,5 +1,6 @@
from datetime import datetime, timedelta, timezone
from secrets import token_urlsafe
from uuid import uuid4
from jose import JWTError, jwt
from passlib.context import CryptContext
@@ -18,9 +19,11 @@ def verify_password(password: str, hashed_password: str) -> bool:
return pwd_context.verify(password, hashed_password)
def _create_token(subject: str, token_type: str, expires_delta: timedelta) -> str:
def _create_token(subject: str, token_type: str, expires_delta: timedelta, jti: str | None = None) -> str:
now = datetime.now(timezone.utc)
expire = datetime.now(timezone.utc) + expires_delta
payload = {"sub": subject, "type": token_type, "exp": expire}
payload = {"sub": subject, "type": token_type, "exp": expire, "iat": now}
payload["jti"] = jti or str(uuid4())
return jwt.encode(payload, settings.secret_key, algorithm=settings.jwt_algorithm)
@@ -32,11 +35,12 @@ def create_access_token(subject: str) -> str:
)
def create_refresh_token(subject: str) -> str:
def create_refresh_token(subject: str, *, jti: str | None = None) -> str:
return _create_token(
subject=subject,
token_type="refresh",
expires_delta=timedelta(days=settings.refresh_token_expire_days),
jti=jti,
)