1
75%
master: 75%

Ran 25 Aug 2025 08:15PM UTC

Files 22

Run time 1s

Badge

Embed ▾

Committed 25 Aug 2025 08:14PM UTC coverage: 73.898% (+0.08%) from 73.815%

Job # 17219646860.1

Build Type

push

github

Committed by

web-flow

Commit Message

feat: add brute-force protection to login endpoint (#46)

Implement rate limiting for login attempts to prevent brute-force attacks as
recommended by Gemini security review.

Security improvements:
- Rate limit login attempts to 5 per minute per IP address using tollbooth
- Applied via middleware chain for clean architecture
- Custom error message for rate limit violations
- Comprehensive test coverage with 429 status code verification

Technical details:
- Added github.com/didip/tollbooth/v8 dependency
- Configured rate limiter: 5.0/60.0 requests per second with burst=5
- Applied to POST /login route via router.With() middleware
- Updated documentation with brute-force protection info

Test improvements:
- Added TestServer_LoginRateLimiting with rate limit verification
- Fixed HTTPS logout test with proper CSRF headers and unique IPs
- All authentication tests pass with 88.9% coverage

Addresses Gemini's #1 critical security recommendation while maintaining
clean code architecture and comprehensive test coverage.

Run Details

2112 of 2858 relevant lines covered (73.9%)

24.1 hits per line

umputun / cronn / 17219646860 / 1
75%
master: 75%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 17219646860.1

umputun / cronn / 17219646860 / 1 75% master: 75%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 17219646860.1

umputun / cronn / 17219646860 / 1
75%
master: 75%

README BADGES
x