diff options
| author | nsfisis <nsfisis@gmail.com> | 2025-12-30 22:08:47 +0900 |
|---|---|---|
| committer | nsfisis <nsfisis@gmail.com> | 2025-12-30 22:08:47 +0900 |
| commit | c2eb7513834eeb5adfa53fff897f585de87e4821 (patch) | |
| tree | 9e914051ca67e2f9e1fa301119bdec398ec9e55f /docs | |
| parent | b839cae49efd4b9d35c2868a4137101a4d71bd7f (diff) | |
| download | kioku-c2eb7513834eeb5adfa53fff897f585de87e4821.tar.gz kioku-c2eb7513834eeb5adfa53fff897f585de87e4821.tar.zst kioku-c2eb7513834eeb5adfa53fff897f585de87e4821.zip | |
feat(security): add rate limiting and CORS middleware
- Add rate limiting to login endpoint (5 requests/minute per IP)
- Configure CORS middleware with environment-based origin control
- Expose rate limit headers in CORS for client visibility
- Update hono to 4.11.3 for rate limiter peer dependency
🤖 Generated with [Claude Code](https://claude.ai/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/dev/roadmap.md | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/docs/dev/roadmap.md b/docs/dev/roadmap.md index 38ef3be..d877d78 100644 --- a/docs/dev/roadmap.md +++ b/docs/dev/roadmap.md @@ -193,8 +193,8 @@ Smaller features first to enable early MVP validation. **Goal**: Address security vulnerabilities identified in code review ### High Priority -- [ ] Add rate limiting to login endpoint (brute force protection) -- [ ] Configure CORS middleware +- [x] Add rate limiting to login endpoint (brute force protection) +- [x] Configure CORS middleware ### Medium Priority - [ ] Fix card update authorization in sync push (verify existing card ownership) |