a2nr e4c68b2894 feat(security): implement anonymous access with rate limiting and secure proxy, harden authentication and implement session protection ... Implements multiple layers of security to address high-risk session and authentication vulnerabilities identified in the security review: - Allow code compilation (C, Python, Arduino) for anonymous users. - Enforce a 1-request-per-2-minutes rate limit for anonymous IPs. - Implement a global anonymous compilation queue with 20 concurrent slots. - Proxy Velxio (Arduino) compilation through Flask to prevent API hijacking. - Exempt authenticated users (tokens/cookies) from all rate limits. - Fix networking and DNS resolution in podman-compose. - Fix Svelte a11y warnings and trailing slash routing issues. - Cookie Security: Added dynamic 'secure' flag support via COOKIE_SECURE env variable for HTTPS/Tailscale Funnel compatibility. - Rate Limiting: Integrated Flask-Limiter on /login (50 req/min) to prevent API abuse while accommodating shared school networks (NAT). - Tarpitting: Added 1.5s artificial delay on failed logins to neutralize automated brute-force tools without blocking legitimate users. - Session Invalidation: Implemented an in-memory token blacklist on logout to ensure session tokens cannot be reused. - Documentation: Updated technical docs and proposal status to reflect the current security architecture. Ref: @elemes/proposal.md (Poin 6.1, 6.2, 6.3)		2026-04-22 12:57:54 +07:00
..
__init__.py	refactor to make it better	2026-03-25 09:39:51 +07:00
lesson_service.py	feat: add evaluation configuration support in lesson content and API	2026-04-16 11:12:23 +07:00
token_service.py	feat(security): implement anonymous access with rate limiting and secure proxy, harden authentication and implement session protection	2026-04-22 12:57:54 +07:00