trusted proxy, TOTP replay protection, new tests
- Trusted proxy config option for proxy-aware IP extraction used by rate limiting and audit logs; validates proxy IP before trusting X-Forwarded-For / X-Real-IP headers - TOTP replay protection via counter-based validation to reject reused codes within the same time step (±30s) - RateLimit middleware updated to extract client IP from proxy headers without IP spoofing risk - New tests for ClientIP proxy logic (spoofed headers, fallback) and extended rate-limit proxy coverage - HTMX error banner script integrated into web UI base - .gitignore updated for mciasdb build artifact Security: resolves CRIT-01 (TOTP replay attack) and DEF-03 (proxy-unaware rate limiting); gRPC TOTP enrollment aligned with REST via StorePendingTOTP Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
8
.claude/skills/checkpoint/SKILL.md
Normal file
8
.claude/skills/checkpoint/SKILL.md
Normal file
@@ -0,0 +1,8 @@
|
||||
# Checkpoint Skill
|
||||
|
||||
1. Run `go build ./...` abort if errors
|
||||
2. Run `go test ./...` abort if failures
|
||||
3. Run `go vet ./...`
|
||||
4. Run `git add -A && git status` show user what will be committed
|
||||
5. Ask user for commit message
|
||||
6. Run `git commit -m "<message>"` and verify with `git log -1`
|
||||
Reference in New Issue
Block a user