Harden auth login against brute-force and refresh security docs

2026-03-01 18:24:26 -03:00
parent 9cbbd80f47
commit 4c27fd6483
12 changed files with 715 additions and 3 deletions
--- a/backend/app/core/config.py
+++ b/backend/app/core/config.py
@@ -29,6 +29,10 @@ class Settings(BaseSettings):
    auth_password_pbkdf2_iterations: int = 390000
    auth_session_token_bytes: int = 32
    auth_session_pepper: str = ""
+    auth_login_failure_limit: int = 5
+    auth_login_failure_window_seconds: int = 900
+    auth_login_lockout_base_seconds: int = 30
+    auth_login_lockout_max_seconds: int = 900
    storage_root: Path = Path("/data/storage")
    upload_chunk_size: int = 4 * 1024 * 1024
    max_upload_files_per_request: int = 50