Ho Ngoc Hai be0deddeed fix(security): harden auth — rate limiting, admin audit logging, JWT aud/iss ...

- Add @Throttle (5 req/hour per IP) on register, login, refresh endpoints
- Add audit logging in RolesGuard for failed admin access attempts (userId, role, IP, action)
- Add audience ('goodgo-api') and issuer ('goodgo-platform') claims to JWT tokens
- Validate aud/iss in JwtStrategy to prevent cross-service token reuse

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-08 06:17:02 +07:00

..

src

fix(security): harden auth — rate limiting, admin audit logging, JWT aud/iss

2026-04-08 06:17:02 +07:00

Dockerfile

feat(deploy): add production Dockerfiles and CI/CD pipeline

2026-04-08 04:03:27 +07:00

nest-cli.json

feat: scaffold monorepo with Turborepo + NestJS + Next.js

2026-04-07 23:52:33 +07:00

package.json

feat(security): add CSRF double-submit cookie protection

2026-04-08 05:03:24 +07:00

tsconfig.json

feat(shared): add shared module with domain primitives, infrastructure services, and utils

2026-04-08 00:07:27 +07:00

vitest.config.ts

feat(auth): implement Auth module with register, login, JWT, guards, and CQRS

2026-04-08 00:24:42 +07:00

vitest.integration.config.ts

feat(auth): implement Auth module with register, login, JWT, guards, and CQRS

2026-04-08 00:24:42 +07:00