4 Commits (master)

Author	SHA1	Message	Date
a2nr	e4c68b2894	feat(security): implement anonymous access with rate limiting and secure proxy, harden authentication and implement session protection ... Implements multiple layers of security to address high-risk session and authentication vulnerabilities identified in the security review: - Allow code compilation (C, Python, Arduino) for anonymous users. - Enforce a 1-request-per-2-minutes rate limit for anonymous IPs. - Implement a global anonymous compilation queue with 20 concurrent slots. - Proxy Velxio (Arduino) compilation through Flask to prevent API hijacking. - Exempt authenticated users (tokens/cookies) from all rate limits. - Fix networking and DNS resolution in podman-compose. - Fix Svelte a11y warnings and trailing slash routing issues. - Cookie Security: Added dynamic 'secure' flag support via COOKIE_SECURE env variable for HTTPS/Tailscale Funnel compatibility. - Rate Limiting: Integrated Flask-Limiter on /login (50 req/min) to prevent API abuse while accommodating shared school networks (NAT). - Tarpitting: Added 1.5s artificial delay on failed logins to neutralize automated brute-force tools without blocking legitimate users. - Session Invalidation: Implemented an in-memory token blacklist on logout to ensure session tokens cannot be reused. - Documentation: Updated technical docs and proposal status to reflect the current security architecture. Ref: @elemes/proposal.md (Poin 6.1, 6.2, 6.3)	2026-04-22 12:57:54 +07:00
a2nr	10548b1f51	feat: add Arduino lesson support, documentation, and load testing utilities with improved CLI feedback	2026-04-11 08:39:57 +07:00
a2nr	d59eae3bd0	update cara menampilkan available leasson tergantung dari home.md, menampilkan tombol review code apabila leasson telah complete	2026-01-18 22:40:31 +07:00
a2nr	e13e9df64f	update proper locust test	2026-01-03 10:17:20 +07:00