shinchan-zhai
f28f0e340c
security: login rate limiting, fix health endpoint, harden error handling
- Fix health endpoint returning null time (use time.Now() instead of context value)
- Add LoginRateLimiter: 5 attempts per 15min window, 5min block on brute-force
- Apply rate limiting to login/register endpoints
- Move reset-password to authenticated routes (was unauthenticated — critical vuln)
- Limit response body sizes on proxy/external API calls (prevent memory exhaustion)
- Sanitize error messages in agent chat endpoint (don't leak internal errors)
- Record login success/failure for rate limiting tracking
2026-03-25 01:05:54 +08:00
..
2026-03-25 01:05:54 +08:00
2025-12-09 18:04:42 +08:00
2026-01-03 13:11:15 +08:00
2026-03-21 12:31:20 +08:00
2026-03-24 08:37:00 +08:00
2026-03-11 23:58:13 +08:00
2026-03-11 23:58:13 +08:00
2026-03-12 16:14:56 +08:00
2026-03-11 23:58:13 +08:00
2026-03-11 23:58:13 +08:00
2026-03-12 12:53:57 +08:00
2026-03-12 12:53:57 +08:00
2026-03-25 01:05:54 +08:00
2026-03-25 01:05:54 +08:00
2026-03-21 12:31:20 +08:00
2026-03-25 01:05:54 +08:00
2026-03-11 16:01:42 +08:00
2025-12-08 01:43:22 +08:00
2026-03-25 01:05:54 +08:00
2026-03-24 01:44:54 +08:00
2025-12-08 01:43:22 +08:00
2025-12-08 01:43:22 +08:00
2025-12-08 01:43:22 +08:00