Skip to content

Harden setup login throttling#78

Merged
chrysb merged 1 commit into
mainfrom
codex/login-throttle-hardening
May 26, 2026
Merged

Harden setup login throttling#78
chrysb merged 1 commit into
mainfrom
codex/login-throttle-hardening

Conversation

@chrysb

@chrysb chrysb commented May 16, 2026

Copy link
Copy Markdown
Owner

Summary

  • persist setup login throttle state in a new SQLite-backed auth DB
  • add a global login failure bucket so rotated client keys still hit lockout
  • stop using raw X-Forwarded-For as the fallback client key
  • add focused coverage for restart persistence, global throttling, and client key fallback behavior

Tests

  • npm test -- tests/server/login-throttle.test.js tests/server/auth-db.test.js tests/server/routes-auth.test.js tests/server/helpers.test.js
  • npm test -- tests/server

@chrysb chrysb merged commit 0d2e9dc into main May 26, 2026
1 check passed
@chrysb chrysb deleted the codex/login-throttle-hardening branch May 26, 2026 05:18
cursor Bot pushed a commit to diazMelgarejo/AlphaClaw that referenced this pull request Jun 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant