azcomputerguru/guru-connect
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
bfcdbb5379604313f12ffb9bb22e409b443e4361
guru-connect/server/migrations/006_widen_support_code.sql
Mike Swanson bfcdbb5379
Some checks failed
Build and Test / Build Server (Linux) (push) Failing after 6m12s
Details
Build and Test / Build Agent (Windows) (push) Successful in 6m43s
Details
Build and Test / Security Audit (push) Successful in 4m23s
Details
Build and Test / Build Summary (push) Has been skipped
Details
feat(server): v2 secure-session-core Task 4 - rate limit + single-use codes 
SPEC-002 Phase 1 Task 4 (the final keystone task), code-reviewed APPROVED.
Closes the audit's reusable-code HIGH and rate-limiting-disabled HIGH.

- Rebuilt rate limiting as a self-contained in-memory per-IP limiter (replaces
  the non-compiling tower_governor; removed that dep). Fixed-window caps wired
  to login (8/min), change-password (5/min), code-validate (15/min) -> 429;
  per-IP lockout after 10 consecutive failed code validations (15-min cooldown).
- Single-use support codes: atomic consume on first agent bind (in-memory
  Pending->Connected under write lock + DB conditional UPDATE), rejecting a
  second presenter; validate/preview does not consume.
- Widened code format: XXX-XXX-XXX, 31-char unambiguous alphabet (no 0/O/1/I/L),
  CSPRNG + rejection sampling, ~44.6 bits (replaces 6-digit numeric); migration
  006 widens the code columns to TEXT.

Completes the keystone (Tasks 1-4): every audit CRITICAL + HIGH in the secure
auth/session core is now addressed. Known follow-up todos (not blocking): (1)
trusted-proxy client-IP extraction (NPM-on-loopback collapses clients to
127.0.0.1); (2) multi-instance fail-closed DB single-use gate. Not
cargo-check-verified locally - build-host/CI verification follows this commit.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-29 21:04:54 -07:00

22 lines
973 B
SQL
Raw Blame History

-- Migration: 006_widen_support_code.sql
-- Purpose: v2 Task 4 — widen the support-code column to hold the new
-- higher-entropy human-readable code.
--
-- v1 generated a 6-digit numeric code; the column was VARCHAR(10) (001). Task 4
-- replaces it with a grouped base32-style code `XXX-XXX-XXX` (9 symbols + 2
-- hyphens = 11 chars), which does NOT fit in VARCHAR(10). Widen to TEXT so the
-- column can hold the new code (and any future longer format) without truncation.
--
-- connect_sessions.support_code (also VARCHAR(10) in 001) stores the same value
-- on a support session record, so it is widened too.
--
-- Idempotent: ALTER ... TYPE TEXT is a no-op if the column is already TEXT.
-- Applied on server startup by sqlx::migrate!(); never pre-applied via psql.
-- See .claude/standards/gururmm/sqlx-migrations.md.
ALTER TABLE connect_support_codes
ALTER COLUMN code TYPE TEXT;
ALTER TABLE connect_sessions
ALTER COLUMN support_code TYPE TEXT;
Reference in New Issue View Git Blame Copy Permalink