feat(api): rate-limit /auth/login + scaffold threat model
Adds slowapi two-bucket rate limit on /auth/login — 10 attempts per 5 minutes per-IP AND per-username, tripping either → 429. Per-IP catches botnets hitting one account; per-username catches distributed credential stuffing against one account. In-memory storage: dashboard API is single-process, Redis is disproportionate for v1. X-Forwarded-For is deliberately NOT trusted (spoofable); reverse-proxy deployments get one shared bucket per proxy IP. Logged in the threat model as accepted risk DA-08, to be revisited when a verified-proxy config lands. Also scaffolds development/THREAT_MODEL.md with STRIDE-per-element methodology, system-context DFD, and Dashboard↔API as the first fully worked component (7 sub-flows, ~50 threat entries). F1 Authn ships with 3 threats mitigated: rate limit (new), uniform 401 (verified already in place), bcrypt length clamp (verified already in place via Pydantic max_length=72).
This commit is contained in:
@@ -27,7 +27,8 @@ dependencies = [
|
||||
"cryptography>=46.0.7",
|
||||
"python-multipart>=0.0.20",
|
||||
"httpx>=0.28.1",
|
||||
"requests>=2.33.1"
|
||||
"requests>=2.33.1",
|
||||
"slowapi>=0.1.9"
|
||||
]
|
||||
|
||||
[project.optional-dependencies]
|
||||
@@ -58,6 +59,7 @@ dev = [
|
||||
"freezegun>=1.5.5",
|
||||
"schemathesis>=4.15.1",
|
||||
"pytest-xdist>=3.8.0",
|
||||
"pytest-timeout>=2.4.0",
|
||||
"flask>=3.1.3",
|
||||
"twisted>=25.5.0",
|
||||
"requests>=2.33.1",
|
||||
|
||||
Reference in New Issue
Block a user