fb812c9a39
auth(2fa): add one-time recovery codes with regenerate/status APIs
CI / test (push) Successful in 40s
2026-03-08 19:16:15 +03:00
d069ff1121
auth(2fa): block setup after enable to avoid secret reissue
CI / test (push) Successful in 43s
2026-03-08 19:07:20 +03:00
76cc5e0f12
privacy/security: add PM privacy levels and improve session visibility
CI / test (push) Successful in 24s
2026-03-08 14:26:19 +03:00
9b3b404993
p0: harden realtime reconciliation and revoke-all token invalidation
CI / test (push) Successful in 23s
2026-03-08 14:04:11 +03:00
79baadb522
feat(auth,privacy,web): step-by-step login, privacy settings persistence, TOTP QR, and API docs
CI / test (push) Failing after 22s
2026-03-08 12:09:53 +03:00
27d3340a37
feat(auth): add TOTP 2FA setup and login verification
...
CI / test (push) Failing after 21s
- add user twofa fields and migration
- add 2FA setup/enable/disable endpoints
- enforce OTP on login when 2FA enabled
- add web login OTP field and settings UI
2026-03-08 11:43:51 +03:00
e685a38be6
feat(auth): add active sessions management
...
CI / test (push) Failing after 33s
- store refresh session metadata in redis (ip/user-agent/created_at)
- add auth APIs: list sessions, revoke one, revoke all
- add web privacy UI for active sessions
2026-03-08 11:41:03 +03:00
456595a576
feat: add user display profiles and fix web context menu UX
...
CI / test (push) Failing after 17s
backend:
- add required user name and optional bio fields
- extend auth/register and user schemas/services with name/bio
- add alembic migration 0006 with safe backfill name=username
- compute per-user chat display_title for private chats
- keep Saved Messages delete-for-all protections
web:
- registration now includes name
- add profile edit modal (name/username/bio/avatar url)
- show private chat names via display_title
- fix context menus to open near cursor with viewport clamping
- stabilize +/close floating button to remove visual jump
2026-03-08 00:57:02 +03:00
ab65a8b768
Implement real SMTP delivery and transactional email auth flow
...
CI / test (push) Successful in 21s
Email delivery:
- Replaced logging-only email sender with aiosmtplib SMTP implementation.
- Added provider mode switch via EMAIL_PROVIDER (log/smtp).
- Added TLS/SSL and timeout controls for SMTP transport.
Auth registration flow:
- Made register/resend/reset email flows transactional with rollback on delivery failure.
- Return 503 when verification/reset email cannot be delivered.
Configuration:
- Extended settings and env templates for EMAIL_PROVIDER, SMTP_USE_SSL, SMTP_TIMEOUT_SECONDS.
- Updated docker-compose environment mapping for new SMTP variables.
2026-03-07 22:24:22 +03:00
85631b566a
Implement security hardening, notification pipeline, and CI test suite
...
CI / test (push) Successful in 9m2s
Security hardening:
- Added IP/user rate limiting with Redis-backed counters and fail-open behavior.
- Added message anti-spam controls (per-chat rate + duplicate cooldown).
- Implemented refresh token rotation with JTI tracking and revoke support.
Notification pipeline:
- Added Celery app and async notification tasks for mention/offline delivery.
- Added Redis-based presence tracking and integrated it into realtime connect/disconnect.
- Added notification dispatch from message flow and notifications listing endpoint.
Quality gates and CI:
- Added pytest async integration tests for auth and chat/message lifecycle.
- Added pytest config, test fixtures, and GitHub Actions CI workflow.
- Fixed bcrypt/passlib compatibility by pinning bcrypt version.
- Documented worker and quality-gate commands in README.
2026-03-07 21:46:30 +03:00
a879ba7b50
first commit
2026-03-07 21:31:38 +03:00
