familienarchiv

Author	SHA1	Message	Date
Marcel	20fe5637c1	docs(arch): update security C4 diagram for CSRF + rate limiting Remove stale "CSRF is disabled pending #524" note; update secFilter description to reflect the enabled double-submit cookie pattern. Add LoginRateLimiter and RateLimitProperties components with their relationships to AuthService. Update frontend→secFilter rel to show X-XSRF-TOKEN header. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-19 09:23:01 +02:00
Marcel	9b21d6aee8	docs(c4): l3-security includes auth package and Spring Session JDBC Some checks failed CI / Unit & Component Tests (pull_request) Successful in 3m1s Details CI / OCR Service Tests (pull_request) Successful in 19s Details CI / Backend Unit Tests (pull_request) Successful in 2m57s Details CI / fail2ban Regex (pull_request) Successful in 42s Details CI / Semgrep Security Scan (pull_request) Successful in 19s Details CI / Compose Bucket Idempotency (pull_request) Successful in 1m3s Details CI / Unit & Component Tests (push) Successful in 3m3s Details CI / OCR Service Tests (push) Successful in 17s Details CI / Backend Unit Tests (push) Successful in 2m58s Details CI / fail2ban Regex (push) Successful in 42s Details CI / Semgrep Security Scan (push) Successful in 19s Details CI / Compose Bucket Idempotency (push) Successful in 58s Details nightly / deploy-staging (push) Failing after 3m35s Details Replace the stale Basic-Auth picture with the post-#523 model: AuthSessionController + AuthService (the new auth/ package), Spring Session JDBC (spring_session*, 8h idle timeout, fa_session cookie), and the ChangeSessionIdAuthenticationStrategy bean used by login to defend against session fixation. Addresses PR #612 / Markus M3. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-17 22:54:55 +02:00
Marcel	9387fcc17b	docs(c4): add L3 backend 3a security and 3b document management	2026-05-06 22:52:21 +02:00

3 Commits