Skip to content

feat(pam): implement rate-limit contract and identity lockout service#3

Open
klaudia-blazyczek-blurify wants to merge 1 commit into
devfrom
fix/pam-identity-lockout-persist
Open

feat(pam): implement rate-limit contract and identity lockout service#3
klaudia-blazyczek-blurify wants to merge 1 commit into
devfrom
fix/pam-identity-lockout-persist

Conversation

@klaudia-blazyczek-blurify

@klaudia-blazyczek-blurify klaudia-blazyczek-blurify commented Jul 10, 2026

Copy link
Copy Markdown
Collaborator

Summary

Add rate-limit adapter seam to PAM identity service for login brute-force defense. Introduces RATE_LIMIT_ADAPTER port; in-memory + Redis implementations; login router enforces lockout with exponential backoff and lockoutUntil timestamp in error. Operators can rebind to custom backend (Drizzle, external service) via DI.

Changes

  • packages/core/src/contracts/adapters/rate-limit.ts — New RateLimitAdapter interface with typed options (max attempts, time window, backoff curve)
  • packages/core/src/pam/identity/* — Guard login route with check(); compute lockout in service; throw error with lockoutUntil timestamp for client countdown
  • packages/core/src/server/kernel/rate-limiter.ts — In-memory backend for dev/test
  • packages/core/src/server/kernel/redis-rate-limiter.ts — Redis backend for production (operator binds in DI)
  • packages/core/src/pam/identity/__tests__/identity.service.test.ts — Unit tests: lockout trigger, expiry, backoff, success clears state

Acceptance criteria

  • Rate-limit adapter interface with typed options (max, windowMs, backoff exponent)
  • In-memory + Redis implementations; both tested
  • Login router blocks locked-out users before Zod validation
  • Failed attempts logged; lockout window computed server-side
  • Error response includes lockoutUntil ISO timestamp for UI countdown
  • Consumer can override default binding via ctx.provide(RATE_LIMIT_ADAPTER, customImpl)
  • No breaking changes to public PAM contracts or identity routes

Checklist

  • pnpm verify is green (typecheck + lint + boundaries + module-shape + tests)
  • pnpm verify:drift is green (no OpenAPI/catalog drift)
  • No cross-module direct imports (adapter in contracts/, impl in kernel, domain imports only contract)
  • No player data, secrets, or env vars in code (Redis config via DI token, not hardcoded)
  • AGENTS.md updated for identity module (new port documented)

Notes

None

@klaudia-blazyczek-blurify klaudia-blazyczek-blurify marked this pull request as ready for review July 10, 2026 12:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants