BanGUI/backend/app/utils at c3cd1574dc9447892135a34199a73a80185da139 - BanGUI - Gitea: Git with a cup of tea

lukas.pupkalipinski/BanGUI

Files

History

Lukas c3cd1574dc fix(auth): invalidate session cache on login

Stale sessions from a stolen device could be reused up to the cache
TTL after a legitimate user re-logs in, because login never cleared
the existing cache entry.

Changes:
- Add invalidate_by_user(user_id) to SessionCache protocol
- InMemorySessionCache maintains a user_id -> set[token] index to
  support O(1) invalidation of all sessions for a given user
- NoOpSessionCache stub updated for API compatibility
- auth_service.login() now returns the Session object alongside
  signed_token and expires_at
- login router calls session_cache.invalidate_by_user(session.id)
  immediately after successful authentication

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

2026-05-03 20:51:51 +02:00

..

__init__.py

feat: Stage 1 — backend and frontend scaffolding

2026-02-28 21:15:01 +01:00

async_utils.py

TASK-028: Add exception logging to fire-and-forget asyncio.create_task()

2026-04-26 15:17:30 +02:00

client_ip.py

Normalise IP addresses across backend

2026-05-03 18:19:41 +02:00

conffile_parser.py

Move conffile_parser from services to utils

2026-03-22 14:24:24 +01:00

config_file_utils.py

refactor(ban_service): extract _bans_by_country_load_data helper

2026-05-03 17:00:34 +02:00

config_parser.py

Standardize async offloading behind shared executor helper

2026-04-11 20:40:08 +02:00

config_writer.py

fix: replace broad except Exception with specific exception types

2026-05-03 00:54:44 +02:00

constants.py

refactor(backend): clean up jail service, add error handling service

2026-05-03 17:40:37 +02:00

correlation.py

Update observability docs and task utilities

2026-05-03 11:52:09 +02:00

external_logging.py

fix: handle socket close errors properly in PapertrailLogHandler

2026-05-03 12:25:14 +02:00

fail2ban_client.py

fix: handle socket close errors properly in PapertrailLogHandler

2026-05-03 12:25:14 +02:00

fail2ban_db_utils.py

Add fail2ban DB index management and socket-based path resolution

2026-05-03 12:17:31 +02:00

fail2ban_response.py

refactor: Extract fail2ban response utilities into shared module

2026-04-23 15:11:21 +02:00

ip_utils.py

refactor(backend): clean up models setup, improve ip utils, add adr docs

2026-05-03 18:04:45 +02:00

jail_config.py

Fix blocklist-import bantime, unify filter bar, and improve config navigation

2026-03-17 11:31:46 +01:00

jail_socket.py

Refactor backend services and jail configuration

2026-04-25 18:34:03 +02:00

log_sanitizer.py

Update observability docs and task utilities

2026-05-03 11:52:09 +02:00

metrics.py

Add Application Performance Monitoring (APM) with Prometheus metrics

2026-05-01 18:33:14 +02:00

pagination.py

Refactor pagination with cursor-based support and standardized response format

2026-05-01 17:54:05 +02:00

path_utils.py

TASK-020: Fix log_target security vulnerability (defense in depth)

2026-04-26 14:23:56 +02:00

rate_limiter.py

Normalise IP addresses across backend

2026-05-03 18:19:41 +02:00

regex_validator.py

fix(regex_validator): add ReDoS detection via regexploit

2026-05-03 00:05:33 +02:00

runtime_state.py

feat: enforce single-worker at startup

2026-05-03 20:33:23 +02:00

scheduler_lock.py

Fix HIGH priority issues: unbounded queries, rate limiting, health checks

2026-05-01 21:47:36 +02:00

session_cache.py

fix(auth): invalidate session cache on login

2026-05-03 20:51:51 +02:00

setup_state.py

Move runtime application state into a dedicated runtime state manager

2026-04-10 19:07:35 +02:00

setup_utils.py

Remove repository import from setup_utils and move password-hash helper to setup service

2026-04-17 15:38:41 +02:00

time_utils.py

Fix pagination metadata return structure and test assertions

2026-05-01 15:42:05 +02:00