mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix(#290): Secure identity verification endpoint
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Details
ci/woodpecker/pr/woodpecker Pipeline failed
Details

Browse Source 
Added @UseGuards(AuthGuard) and rate limiting (@Throttle) to
/api/v1/federation/identity/verify endpoint. Configured strict
rate limit (10 req/min) to prevent abuse of this previously
public endpoint. Added test to verify guards are applied.

Security improvement: Prevents unauthorized access and rate limit
abuse of identity verification endpoint.

Fixes #290

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-02-03 21:36:31 -06:00
parent 77d1d14e08
commit 1390da2e74
2 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
apps/api/src/federation/identity-linking.controller.spec.ts
View File

@@ -90,6 +90,15 @@ describe("IdentityLinkingController", () => {
});
describe("POST /identity/verify", () => {
it("should have AuthGuard and Throttle decorators applied", () => {
// Verify that the endpoint has proper guards and rate limiting
const verifyMetadata = Reflect.getMetadata(
"__guards__",
IdentityLinkingController.prototype.verifyIdentity
);
expect(verifyMetadata).toBeDefined();
});
it("should verify identity with valid request", async () => {
const dto: VerifyIdentityDto = {
localUserId: "local-user-id",