feat(auth): enhance authentication system with login attempt tracking and configuration options
- Added a new `LoginAttempt` model to track login attempts, including rate limiting and lockout functionality. - Introduced environment variables for configuring login rate limits and maximum failures. - Updated the authentication middleware to handle login attempts and enforce rate limits. - Enhanced the user model with indexing for username and email for improved lookup performance. - Modified the `.env.example` file to include new optional authentication settings. - Updated integration tests to cover new login attempt features and authentication state management.
This commit is contained in:
Adrian Acala
@@ -3,6 +3,8 @@ PORT=8000
|
||||
NODE_ENV=production
|
||||
DATABASE_URL=file:/app/prisma/dev.db
|
||||
FRONTEND_URL=http://localhost:6767
|
||||
# Optional auth settings
|
||||
AUTH_ENABLED=true
|
||||
# Optional auth cookie settings: lax | strict | none
|
||||
AUTH_COOKIE_SAMESITE=lax
|
||||
# Optional auth bootstrap (creates initial admin)
|
||||
@@ -11,3 +13,6 @@ AUTH_EMAIL=admin@example.com
|
||||
# If not set, a random password is generated and logged
|
||||
AUTH_PASSWORD=
|
||||
AUTH_MIN_PASSWORD_LENGTH=7
|
||||
# Optional login throttling
|
||||
LOGIN_RATE_LIMIT_MAX=10
|
||||
LOGIN_MAX_FAILURES=5
|
||||
|
||||
Reference in New Issue
Block a user