Implements multiple layers of security to address high-risk session
and authentication vulnerabilities identified in the security review:
- Allow code compilation (C, Python, Arduino) for anonymous users.
- Enforce a 1-request-per-2-minutes rate limit for anonymous IPs.
- Implement a global anonymous compilation queue with 20 concurrent slots.
- Proxy Velxio (Arduino) compilation through Flask to prevent API hijacking.
- Exempt authenticated users (tokens/cookies) from all rate limits.
- Fix networking and DNS resolution in podman-compose.
- Fix Svelte a11y warnings and trailing slash routing issues.
- Cookie Security: Added dynamic 'secure' flag support via COOKIE_SECURE
env variable for HTTPS/Tailscale Funnel compatibility.
- Rate Limiting: Integrated Flask-Limiter on /login (50 req/min) to
prevent API abuse while accommodating shared school networks (NAT).
- Tarpitting: Added 1.5s artificial delay on failed logins to neutralize
automated brute-force tools without blocking legitimate users.
- Session Invalidation: Implemented an in-memory token blacklist on
logout to ensure session tokens cannot be reused.
- Documentation: Updated technical docs and proposal status to reflect
the current security architecture.
Ref: @elemes/proposal.md (Poin 6.1, 6.2, 6.3)
- Menambahkan service 'compiler-worker' terpisah untuk isolasi eksekusi kode C/Python.
- Mengintegrasikan gVisor (runsc) pada worker untuk mencegah RCE pada level kernel.
- Menggunakan Gunicorn (4 workers) pada compiler-worker untuk mendukung concurrency.
- Menambahkan otentikasi token wajib pada endpoint /compile dan laporan progres.
- Memperketat CORS policy menggunakan environment variable ORIGIN.
- Menerapkan secure_filename pada rute pelajaran untuk mencegah Path Traversal.
- Mengubah volume mounting backend utama menjadi Read-Only (:ro) untuk perlindungan data.
- Memperbarui proposal.md dan .env.example dengan standar keamanan terbaru.
a2nr