Added @UseGuards(AuthGuard) and rate limiting (@Throttle) to
/api/v1/federation/identity/verify endpoint. Configured strict
rate limit (10 req/min) to prevent abuse of this previously
public endpoint. Added test to verify guards are applied.
Security improvement: Prevents unauthorized access and rate limit
abuse of identity verification endpoint.
Fixes#290
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Modified decrypt() error handling to only log error type without
stack traces, error details, or encrypted content. Added test to
verify sensitive data is not exposed in logs.
Security improvement: Prevents leakage of encrypted data or partial
decryption results through error logs.
Fixes#289
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Changed modulusLength from 2048 to 4096 in generateKeypair() method
following NIST recommendations for long-term security. Added test to
verify generated keys meet the minimum size requirement.
Security improvement: RSA-4096 provides better protection against
future cryptographic attacks as computational power increases.
Fixes#288
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Move status validation from post-retrieval checks into Prisma WHERE
clauses. This prevents TOCTOU issues and ensures only ACTIVE
connections are retrieved. Removed redundant status checks after
retrieval in both query and command services.
Security improvement: Enforces status=ACTIVE in database query rather
than checking after retrieval, preventing race conditions.
Fixes#283
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
