Git/mgeeky-decode-spam-headers
1
0
Fork 0
mirror of https://github.com/mgeeky/decode-spam-headers.git synced 2026-02-22 05:23:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

MAESTRO: verify bypass token rate limit exemption

Browse Source
This commit is contained in:
Mariusz Banach
2026-02-18 04:25:45 +01:00
parent 640a536bdb
commit 890b14e9cc
2 changed files with 45 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Auto Run Docs/SpecKit-web-header-analyzer-Phase-08-Security-Operations.md
View File

@@ -41,7 +41,7 @@ This phase protects the analysis service from abuse with per-IP rate limiting an
- [x] All vitest tests pass: `npx vitest run src/__tests__/CaptchaChallenge.test.tsx`
- [x] Exceeding rate limit returns HTTP 429 with Retry-After header and CAPTCHA challenge
- [x] Solving CAPTCHA returns HMAC-signed bypass token (5-minute expiry)
- [ ] Bypass token exempts IP from rate limiting on subsequent requests
- [x] Bypass token exempts IP from rate limiting on subsequent requests
- [ ] `GET /api/health` returns `{status, version, uptime, scannerCount}`
- [x] All routers and CORS middleware are registered in `main.py`
- [ ] Application starts statelessly — no database, no session management