Kyle Isom
ec7c966ad2
- Trusted proxy config option for proxy-aware IP extraction used by rate limiting and audit logs; validates proxy IP before trusting X-Forwarded-For / X-Real-IP headers - TOTP replay protection via counter-based validation to reject reused codes within the same time step (±30s) - RateLimit middleware updated to extract client IP from proxy headers without IP spoofing risk - New tests for ClientIP proxy logic (spoofed headers, fallback) and extended rate-limit proxy coverage - HTMX error banner script integrated into web UI base - .gitignore updated for mciasdb build artifact Security: resolves CRIT-01 (TOTP replay attack) and DEF-03 (proxy-unaware rate limiting); gRPC TOTP enrollment aligned with REST via StorePendingTOTP Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
10 lines
583 B
SQL
10 lines
583 B
SQL
-- Add last_totp_counter to track the most recently accepted TOTP counter value
|
|
-- per account. This is used to prevent TOTP replay attacks within the ±1
|
|
-- time-step validity window. NULL means no TOTP code has ever been accepted
|
|
-- for this account (fresh enrollment or TOTP not yet used).
|
|
--
|
|
-- Security (CRIT-01): RFC 6238 §5.2 recommends recording the last OTP counter
|
|
-- used and rejecting codes that do not advance it, eliminating the ~90-second
|
|
-- replay window that would otherwise be exploitable.
|
|
ALTER TABLE accounts ADD COLUMN last_totp_counter INTEGER DEFAULT NULL;
|