Merge various bug fixes and updates to documentation (new case studies) #739
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…gging - Enable email verification to prevent authorization bypass (wk0) - Wrap invite acceptance in Prisma transaction to prevent race conditions - Add explicit null check for user lookup - Add security audit logging for all invite acceptance outcomes - Extract IP/user-agent in API route for audit trail - Add comprehensive test suite (8 tests)
Implement database-backed rate limiting for critical endpoints to prevent abuse: - POST /api/users/register: 5 requests/IP/hour, 3 requests/email/hour - POST /api/invites/[token]/accept: 20 requests/IP/hour, 10 requests/user/hour Changes: - Add RateLimitAttempt model to Prisma schema with appropriate indices - Create reusable rate-limit-service.ts following password-reset pattern - Return HTTP 429 with Retry-After header when rate limited - Log security audit events for blocked requests - Add comprehensive unit tests (17 tests) Closes: AssurancePlatform-qxo
Refactor authentication code to use constant-time operations, preventing timing side-channel attacks that could allow session state enumeration. Changes: - Add timing-safe utilities (isTimestampValid, addTimingNoise) - Refactor isValidSession() to eliminate early returns - Refactor JWT callback expiry check to use constant-time validation - Refactor validateRefreshToken() with timing noise after DB lookup - Add unit tests for timing-safe utilities Resolves: AssurancePlatform-ceo
ones
- Restore original detailed content for 4 existing case studies that was
lost during Docusaurus to Nextra migration (from commit 37fd317)
- Add new case study: Equitable Personalised Pharmaceutical Formulation System
(Fairness focus - pharmaceutical/healthcare domain)
- Add new case study: Transparent Clinical GenAI System with Legacy Data
(Transparency focus - healthcare AI/data governance domain)
- Update image paths from /img/ to /images/
- Add hero images for both new case studies
Resolves: AssurancePlatform-op3
… lib/schemas/, validation helpers in lib/validation/server-action.ts, and ActionResult type. Updated actions/assurance-cases.ts, actions/case-studies.ts, and actions/capture.ts with Zod validation. Updated all callers to handle ActionResult. Deleted low-value capture.test.ts. Remaining test failures are pre-existing issues unrelated to this change.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.