|
|
ace8c79051
|
test(auth): cover single-session revoke behavior
CI / test (push) Has started running
|
2026-03-08 20:10:30 +03:00 |
|
|
|
fb812c9a39
|
auth(2fa): add one-time recovery codes with regenerate/status APIs
CI / test (push) Successful in 40s
|
2026-03-08 19:16:15 +03:00 |
|
|
|
d069ff1121
|
auth(2fa): block setup after enable to avoid secret reissue
CI / test (push) Successful in 43s
|
2026-03-08 19:07:20 +03:00 |
|
|
|
1c9855b34c
|
auth: force disconnect realtime on revoke-all sessions
CI / test (push) Successful in 26s
|
2026-03-08 19:04:23 +03:00 |
|
|
|
76cc5e0f12
|
privacy/security: add PM privacy levels and improve session visibility
CI / test (push) Successful in 24s
|
2026-03-08 14:26:19 +03:00 |
|
|
|
fc7a9cc3a6
|
test+web: fix test suite and remove redundant privacy checkbox
CI / test (push) Successful in 25s
|
2026-03-08 12:16:21 +03:00 |
|
|
|
85631b566a
|
Implement security hardening, notification pipeline, and CI test suite
CI / test (push) Successful in 9m2s
Security hardening:
- Added IP/user rate limiting with Redis-backed counters and fail-open behavior.
- Added message anti-spam controls (per-chat rate + duplicate cooldown).
- Implemented refresh token rotation with JTI tracking and revoke support.
Notification pipeline:
- Added Celery app and async notification tasks for mention/offline delivery.
- Added Redis-based presence tracking and integrated it into realtime connect/disconnect.
- Added notification dispatch from message flow and notifications listing endpoint.
Quality gates and CI:
- Added pytest async integration tests for auth and chat/message lifecycle.
- Added pytest config, test fixtures, and GitHub Actions CI workflow.
- Fixed bcrypt/passlib compatibility by pinning bcrypt version.
- Documented worker and quality-gate commands in README.
|
2026-03-07 21:46:30 +03:00 |
|
