wrongmove

viktor/wrongmove

Fork 0

Commit graph

Author	SHA1	Message	Date
Viktor Barzin	492921424e	Add security regression tests for all hardening fixes - New: test_security_headers.py — verify all headers present, HSTS conditional on HTTPS - New: test_passkey_error_handling.py — generic vs user-facing error messages - New: test_poi_validation.py — field length and coordinate range constraints - Extend test_rate_limiter.py — client IP depth selection, in-memory fallback enforcement - Extend test_models.py — sqm range validation - Extend test_task_service.py — IDOR 404, ownership 200, traceback suppression in production	2026-02-08 19:42:53 +00:00
Viktor Barzin	87b5bd8676	Add API rate limiting, metrics guard, and audit middleware Per-user rate limits via Redis sliding window, IP-restricted /metrics endpoint, audit logging of all requests, CORS tightening, and export caps on listing/geojson endpoints.	2026-02-08 00:45:43 +00:00

Author

SHA1

Message

Date

Viktor Barzin

492921424e

Add security regression tests for all hardening fixes

- New: test_security_headers.py — verify all headers present, HSTS conditional on HTTPS
- New: test_passkey_error_handling.py — generic vs user-facing error messages
- New: test_poi_validation.py — field length and coordinate range constraints
- Extend test_rate_limiter.py — client IP depth selection, in-memory fallback enforcement
- Extend test_models.py — sqm range validation
- Extend test_task_service.py — IDOR 404, ownership 200, traceback suppression in production

2026-02-08 19:42:53 +00:00

Viktor Barzin

87b5bd8676

Add API rate limiting, metrics guard, and audit middleware

Per-user rate limits via Redis sliding window, IP-restricted /metrics
endpoint, audit logging of all requests, CORS tightening, and export
caps on listing/geojson endpoints.

2026-02-08 00:45:43 +00:00

2 commits