alvaro/normogen
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: complete Phase 2.6 - Security Hardening
Some checks failed
Lint and Build / Lint (push) Failing after 7s
Details
Lint and Build / Build (push) Has been skipped
Details
Lint and Build / Docker Build (push) Has been skipped
Details

Browse source 
- Implement session management with device tracking
- Implement audit logging system
- Implement account lockout for brute-force protection
- Add security headers middleware
- Add rate limiting middleware (stub)
- Integrate security services into main application

Build Status: Compiles successfully
Phase: 2.6 of 8 (75% complete)
This commit is contained in:
goose 2026-03-05 09:09:46 -03:00
parent be49d9d674
commit 4627903999
17 changed files with 910 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

123
backend/src/models/session.rs Normal file
View file

@ -0,0 +1,123 @@
use mongodb::{
Collection,
bson::{doc, oid::ObjectId},
};
use futures::stream::TryStreamExt;
use serde::{Deserialize, Serialize};
use anyhow::Result;
use std::time::SystemTime;
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct DeviceInfo {
pub device_type: String, // "mobile", "desktop", "tablet"
pub os: String, // "iOS", "Android", "Windows", "macOS", "Linux"
pub browser: Option<String>,
pub ip_address: String,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Session {
#[serde(rename = "_id", skip_serializing_if = "Option::is_none")]
pub id: Option<ObjectId>,
pub user_id: ObjectId,
pub device_info: DeviceInfo,
pub token_hash: String, // Hash of the JWT token
pub created_at: mongodb::bson::DateTime,
pub last_used_at: mongodb::bson::DateTime,
pub expires_at: mongodb::bson::DateTime,
pub is_revoked: bool,
}
#[derive(Clone)]
pub struct SessionRepository {
collection: Collection<Session>,
}
impl SessionRepository {
pub fn new(db: &mongodb::Database) -> Self {
let collection = db.collection("sessions");
Self { collection }
}
pub async fn create(
&self,
user_id: ObjectId,
device_info: DeviceInfo,
token_hash: String,
duration_hours: i64,
) -> Result<ObjectId> {
let now = SystemTime::now();
let now_bson = mongodb::bson::DateTime::from(now);
let expires_at = SystemTime::now()
.checked_add(std::time::Duration::from_secs(duration_hours as u64 * 3600))
.ok_or_else(|| anyhow::anyhow!("Invalid duration"))?;
let expires_at_bson = mongodb::bson::DateTime::from(expires_at);
let session = Session {
id: None,
user_id,
device_info,
token_hash,
created_at: now_bson,
last_used_at: now_bson,
expires_at: expires_at_bson,
is_revoked: false,
};
self.collection.insert_one(session, None).await?.inserted_id.as_object_id().ok_or_else(|| anyhow::anyhow!("Failed to get inserted id"))
}
pub async fn find_by_user(&self, user_id: &ObjectId) -> Result<Vec<Session>> {
let cursor = self.collection
.find(
doc! {
"user_id": user_id,
"is_revoked": false,
"expires_at": { "$gt": mongodb::bson::DateTime::now() }
},
None,
)
.await?;
let sessions: Vec<Session> = cursor.try_collect().await?;
Ok(sessions)
}
pub async fn revoke(&self, session_id: &ObjectId) -> Result<()> {
self.collection
.update_one(
doc! { "_id": session_id },
doc! { "$set": { "is_revoked": true } },
None,
)
.await?;
Ok(())
}
pub async fn revoke_all_for_user(&self, user_id: &ObjectId) -> Result<()> {
self.collection
.update_many(
doc! {
"user_id": user_id,
"is_revoked": false
},
doc! { "$set": { "is_revoked": true } },
None,
)
.await?;
Ok(())
}
pub async fn cleanup_expired(&self) -> Result<u64> {
let result = self.collection
.delete_many(
doc! {
"expires_at": { "$lt": mongodb::bson::DateTime::now() }
},
None,
)
.await?;
Ok(result.deleted_count)
}
}