mirror of https://github.com/btouchard/ackify-ce.git synced 2026-01-28 09:08:42 -06:00

Files

Benjamin 68426bc882 feat: add PKCE support to OAuth2 flow for enhanced security

- Implement PKCE (Proof Key for Code Exchange) with S256 method
- Add crypto/pkce module with code verifier and challenge generation
- Modify OAuth flow to include code_challenge in authorization requests
- Update HandleCallback to validate code_verifier during token exchange
- Extend session lifetime from 7 to 30 days
- Add comprehensive unit tests for PKCE functions
- Maintain backward compatibility with fallback for non-PKCE sessions
- Add detailed logging for OAuth flow with PKCE tracking

PKCE enhances security by preventing authorization code interception
attacks, as recommended by OAuth 2.1 and OIDC standards.

feat: add encrypted refresh token storage with automatic cleanup

- Add oauth_sessions table for storing encrypted refresh tokens
- Implement AES-256-GCM encryption for refresh tokens using cookie secret
- Create OAuth session repository with full CRUD operations
- Add SessionWorker for automatic cleanup of expired sessions
- Configure cleanup to run every 24h for sessions older than 37 days
- Modify OAuth flow to store refresh tokens after successful authentication
- Track client IP and user agent for session security validation
- Link OAuth sessions to user sessions via session ID
- Add comprehensive encryption tests with security validations
- Integrate SessionWorker into server lifecycle with graceful shutdown

This enables persistent OAuth sessions with secure token storage,
reducing the need for frequent re-authentication from 7 to 30 days.

2025-10-26 02:32:10 +02:00

1.7 KiB

Raw Blame History

Ackify Documentation

Documentation complète pour Ackify - Proof of Read avec signatures cryptographiques.

Démarrage Rapide

Getting Started - Installation et premiers pas avec Docker Compose
Configuration - Variables d'environnement et paramétrage

Fonctionnalités

Signatures Cryptographiques - Flow de signature Ed25519
Expected Signers - Tracking et rappels email
Checksums - Vérification d'intégrité des documents
Embedding - oEmbed, iframes, intégrations tierces
Internationalisation - Support multilingue (fr, en, es, de, it)

Configuration Avancée

OAuth Providers - Google, GitHub, GitLab, Custom
Email Setup - Configuration SMTP pour les rappels

Architecture & Développement

Architecture - Stack technique, structure projet, principes Clean Architecture
Database - Schéma PostgreSQL, migrations, contraintes
API Reference - Endpoints REST, exemples, OpenAPI
Deployment - Production, sécurité, monitoring
Development - Setup développement, tests, contribution

Intégrations

Google Docs - Intégration avec Google Workspace
Plus d'intégrations à venir...

Support

GitHub Issues - Bugs et demandes de fonctionnalités
GitHub Discussions - Questions et discussions

1.7 KiB Raw Blame History