benya/Messenger
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
446 Commits 1 Branch 0 Tags
main
Commit Graph

9 Commits

Author SHA1 Message Date
benya
fb812c9a39 auth(2fa): add one-time recovery codes with regenerate/status APIs
All checks were successful
CI / test (push) Successful in 40s
Details
2026-03-08 19:16:15 +03:00
benya
1c9855b34c auth: force disconnect realtime on revoke-all sessions
All checks were successful
CI / test (push) Successful in 26s
Details
2026-03-08 19:04:23 +03:00
benya
76cc5e0f12 privacy/security: add PM privacy levels and improve session visibility
All checks were successful
CI / test (push) Successful in 24s
Details
2026-03-08 14:26:19 +03:00
benya
9b3b404993 p0: harden realtime reconciliation and revoke-all token invalidation
All checks were successful
CI / test (push) Successful in 23s
Details
2026-03-08 14:04:11 +03:00
benya
79baadb522 feat(auth,privacy,web): step-by-step login, privacy settings persistence, TOTP QR, and API docs
Some checks failed
CI / test (push) Failing after 22s
Details
2026-03-08 12:09:53 +03:00
benya
27d3340a37 feat(auth): add TOTP 2FA setup and login verification
Some checks failed
CI / test (push) Failing after 21s
Details 
- add user twofa fields and migration

- add 2FA setup/enable/disable endpoints

- enforce OTP on login when 2FA enabled

- add web login OTP field and settings UI
 2026-03-08 11:43:51 +03:00
benya
e685a38be6 feat(auth): add active sessions management
Some checks failed
CI / test (push) Failing after 33s
Details 
- store refresh session metadata in redis (ip/user-agent/created_at)

- add auth APIs: list sessions, revoke one, revoke all

- add web privacy UI for active sessions
 2026-03-08 11:41:03 +03:00
benya
85631b566a Implement security hardening, notification pipeline, and CI test suite
All checks were successful
CI / test (push) Successful in 9m2s
Details 
Security hardening:

- Added IP/user rate limiting with Redis-backed counters and fail-open behavior.

- Added message anti-spam controls (per-chat rate + duplicate cooldown).

- Implemented refresh token rotation with JTI tracking and revoke support.

Notification pipeline:

- Added Celery app and async notification tasks for mention/offline delivery.

- Added Redis-based presence tracking and integrated it into realtime connect/disconnect.

- Added notification dispatch from message flow and notifications listing endpoint.

Quality gates and CI:

- Added pytest async integration tests for auth and chat/message lifecycle.

- Added pytest config, test fixtures, and GitHub Actions CI workflow.

- Fixed bcrypt/passlib compatibility by pinning bcrypt version.

- Documented worker and quality-gate commands in README.
 2026-03-07 21:46:30 +03:00
benya
a879ba7b50 first commit 2026-03-07 21:31:38 +03:00