Skip to content

DO-NOT-AUTO-MERGE: Rate-limit public auth endpoints#562

Merged
berntpopp merged 3 commits into
masterfrom
fix/535-auth-endpoint-rate-limit
Jul 12, 2026
Merged

DO-NOT-AUTO-MERGE: Rate-limit public auth endpoints#562
berntpopp merged 3 commits into
masterfrom
fix/535-auth-endpoint-rate-limit

Conversation

@berntpopp

Copy link
Copy Markdown
Owner

Summary

  • extract the hardened S6 caller-fingerprint/sliding-window implementation into a reusable bounded primitive
  • protect signup, authenticate, and password-reset request with independent fail-closed auth policy and 429/Retry-After
  • prevent auth credentials from entering normal or exception logs, including malformed unnamed JSON
  • preserve rightmost-untrusted XFF resolution, Traefik alias stripping, mount_endpoint(), and problem+json behavior

Verification

  • TDD RED→GREEN: N+1, independent clients, spoofed XFF, malformed config/CIDRs/decisions, retry-after, parser order, strict JSON shapes, bounded overflow, normal logging, exception logging
  • make test-api-fast: 6344 pass, 0 fail, 314 classified skips
  • make lint-api: 175 files, 0 findings
  • make code-quality-audit
  • base + Playwright Compose render
  • live Traefik proof: client A 400/400/429 with Retry-After: 60; network-distinct client B remained non-429
  • xhigh Codex review: 6 rounds; final APPROVE, no BLOCKER/HIGH

Closes #550
Refs #535

@berntpopp berntpopp merged commit 8fd4cd5 into master Jul 12, 2026
12 checks passed
@berntpopp berntpopp deleted the fix/535-auth-endpoint-rate-limit branch July 13, 2026 15:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Rate-limit public auth endpoints (signup / authenticate / password-reset)

1 participant