Git/mgeeky-decode-spam-headers
1
0
Fork 0
mirror of https://github.com/mgeeky/decode-spam-headers.git synced 2026-02-22 13:33:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

MAESTRO: verify captcha bypass token expiry

Browse Source
This commit is contained in:
Mariusz Banach
2026-02-18 04:24:13 +01:00
parent 1b37520e25
commit 640a536bdb
2 changed files with 25 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Auto Run Docs/SpecKit-web-header-analyzer-Phase-08-Security-Operations.md
View File

@@ -40,7 +40,7 @@ This phase protects the analysis service from abuse with per-IP rate limiting an
- [x] `pytest backend/tests/api/test_rate_limiter.py backend/tests/api/test_captcha.py backend/tests/api/test_health.py` all pass
- [x] All vitest tests pass: `npx vitest run src/__tests__/CaptchaChallenge.test.tsx`
- [x] Exceeding rate limit returns HTTP 429 with Retry-After header and CAPTCHA challenge
- [ ] Solving CAPTCHA returns HMAC-signed bypass token (5-minute expiry)
- [x] Solving CAPTCHA returns HMAC-signed bypass token (5-minute expiry)
- [ ] Bypass token exempts IP from rate limiting on subsequent requests
- [ ] `GET /api/health` returns `{status, version, uptime, scannerCount}`
- [x] All routers and CORS middleware are registered in `main.py`