mirror/ackify
1
0
Fork 0
mirror of https://github.com/btouchard/ackify.git synced 2026-05-24 02:11:12 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
8ca23ce736df7beec067cd084360b18771d5ca77
ackify/docs/en/README.md
T
Benjamin 68426bc882 feat: add PKCE support to OAuth2 flow for enhanced security 
- Implement PKCE (Proof Key for Code Exchange) with S256 method
- Add crypto/pkce module with code verifier and challenge generation
- Modify OAuth flow to include code_challenge in authorization requests
- Update HandleCallback to validate code_verifier during token exchange
- Extend session lifetime from 7 to 30 days
- Add comprehensive unit tests for PKCE functions
- Maintain backward compatibility with fallback for non-PKCE sessions
- Add detailed logging for OAuth flow with PKCE tracking

PKCE enhances security by preventing authorization code interception
attacks, as recommended by OAuth 2.1 and OIDC standards.

feat: add encrypted refresh token storage with automatic cleanup

- Add oauth_sessions table for storing encrypted refresh tokens
- Implement AES-256-GCM encryption for refresh tokens using cookie secret
- Create OAuth session repository with full CRUD operations
- Add SessionWorker for automatic cleanup of expired sessions
- Configure cleanup to run every 24h for sessions older than 37 days
- Modify OAuth flow to store refresh tokens after successful authentication
- Track client IP and user agent for session security validation
- Link OAuth sessions to user sessions via session ID
- Add comprehensive encryption tests with security validations
- Integrate SessionWorker into server lifecycle with graceful shutdown

This enables persistent OAuth sessions with secure token storage,
reducing the need for frequent re-authentication from 7 to 30 days.
2025-10-26 02:32:10 +02:00

42 lines
1.7 KiB
Markdown
Raw Blame History

# Ackify Documentation (English)
Complete documentation for Ackify - Proof of Read with cryptographic signatures.
🇫🇷 **[Version Française](../fr/)**
## Quick Start
- **[Getting Started](getting-started.md)** - Installation and first steps with Docker Compose
- **[Configuration](configuration.md)** - Environment variables and settings
## Features
- **[Cryptographic Signatures](features/signatures.md)** - Ed25519 signature flow
- **[Expected Signers](features/expected-signers.md)** - Tracking and email reminders
- **[Checksums](features/checksums.md)** - Document integrity verification
- **[Embedding](features/embedding.md)** - oEmbed, iframes, third-party integrations
- **[Internationalization](features/i18n.md)** - Multi-language support (fr, en, es, de, it)
## Advanced Configuration
- **[OAuth Providers](configuration/oauth-providers.md)** - Google, GitHub, GitLab, Custom
- **[Email Setup](configuration/email-setup.md)** - SMTP configuration for reminders
## Architecture & Development
- **[Architecture](architecture.md)** - Tech stack, project structure, Clean Architecture principles
- **[Database](database.md)** - PostgreSQL schema, migrations, constraints
- **[API Reference](api.md)** - REST endpoints, examples, OpenAPI
- **[Deployment](deployment.md)** - Production, security, monitoring
- **[Development](development.md)** - Dev setup, tests, contributing
## Integrations
- **[Google Docs](../integrations/google-doc/)** - Google Workspace integration
- More integrations coming...
## Support
- [GitHub Issues](https://github.com/btouchard/ackify-ce/issues) - Bugs and feature requests
- [GitHub Discussions](https://github.com/btouchard/ackify-ce/discussions) - Questions and discussions
Reference in New Issue View Git Blame Copy Permalink