Untone
82668768d0
🔒 Implement comprehensive security and DDoS protection
### Security Features:
- **Rate Limiting**: Redis-based IP tracking with configurable limits
- General: 100 requests/minute (5min block)
- Upload: 10 requests/5min (10min block)
- Auth: 20 requests/15min (30min block)
- **Request Validation**: Path length, header count, suspicious patterns
- **Attack Detection**: Admin paths, script injections, bot patterns
- **Enhanced JWT**: Format validation, length checks, character filtering
- **IP Tracking**: X-Forwarded-For and X-Real-IP support
### Security Headers:
- X-Content-Type-Options: nosniff
- X-Frame-Options: DENY
- X-XSS-Protection: 1; mode=block
- Content-Security-Policy with strict rules
- Strict-Transport-Security with includeSubDomains
### CORS Hardening:
- Limited to specific domains: discours.io, new.discours.io
- Restricted methods: GET, POST, OPTIONS only
- Essential headers only
### Infrastructure:
- Security middleware for all requests
- Local cache + Redis for performance
- Comprehensive logging and monitoring
- Progressive blocking for repeat offenders
### Documentation:
- Complete security guide (docs/security.md)
- Configuration examples
- Incident response procedures
- Monitoring recommendations
Version bump to 0.6.0 for major security enhancement.
2025-09-02 11:40:43 +03:00
..
2025-09-02 10:46:51 +03:00
2025-09-01 20:36:15 +03:00
2025-08-02 00:18:09 +03:00
2025-08-02 00:18:09 +03:00
2025-09-01 20:36:15 +03:00
2025-09-01 20:36:15 +03:00
2025-09-01 22:52:33 +03:00
2025-09-02 10:46:51 +03:00
2025-09-01 20:36:15 +03:00
2025-09-02 10:46:51 +03:00
2025-09-02 11:40:43 +03:00
2025-08-12 15:59:51 +03:00
2025-09-01 20:36:15 +03:00
2025-09-02 10:46:51 +03:00
2025-09-02 10:46:51 +03:00