Skip to content

refactor(services): extract auth module and isolate server rate limiter#1624

Merged
OneStepAt4time merged 3 commits intodevelopfrom
fix/1614-auth-service
Apr 10, 2026
Merged

refactor(services): extract auth module and isolate server rate limiter#1624
OneStepAt4time merged 3 commits intodevelopfrom
fix/1614-auth-service

Conversation

@OneStepAt4time
Copy link
Copy Markdown
Owner

@OneStepAt4time OneStepAt4time commented Apr 10, 2026

Summary

Implements issue #1614 by extracting auth concerns into a dedicated service module and isolating route rate-limiter logic from server.ts.

What changed

  • Added src/services/auth/ package:
    • AuthManager.ts (migrated auth implementation from src/auth.ts)
    • RateLimiter.ts (extracted IP + auth-failure rate limiting from server.ts)
    • ypes.ts (auth domain types)
    • index.ts (public exports)
  • Updated src/server.ts:
    • imports auth from services/auth
    • replaces in-file rate-limit helpers with RateLimiter instance
    • keeps existing behavior and limits unchanged
  • Updated src/ws-terminal.ts type import to new auth service entrypoint
  • Kept src/auth.ts as compatibility re-export to avoid breaking legacy imports/tests
  • Added src/tests/auth-rate-limiter.test.ts for extracted limiter behavior
  • Updated docs/architecture.md to document new auth service structure

Validation

pm run build ✅

px tsc --noEmit ✅

pm test ✅

  • Additional targeted suites for auth/server paths passed:
    • auth core tests
    • auth verify endpoint
    • batch rate-limit route
    • ws-terminal tests

Closes #1614

@OneStepAt4time OneStepAt4time self-assigned this Apr 10, 2026
@OneStepAt4time OneStepAt4time added the approved-minor-bump Approved for minor version bump (feat: PRs) label Apr 10, 2026
@OneStepAt4time
refactor(services): extract auth service and server rate limiter
b8a6d1f 
Move auth implementation into src/services/auth, introduce shared RateLimiter, and keep src/auth.ts as compatibility re-export.

Refs: #1614

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@OneStepAt4time OneStepAt4time force-pushed the fix/1614-auth-service branch from 114d8ff to b8a6d1f Compare April 10, 2026 21:06
OneStepAt4time and others added 2 commits April 10, 2026 23:11
@OneStepAt4time
fix: close CodeQL missing rate-limiting alerts on auth paths
f5bf7fc 
Apply IP throttling to hook-secret, metrics-token, SSE-token auth success paths, and the public /v1/auth/verify endpoint so all authorization flows are covered.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@OneStepAt4time
refactor: restore server auth rate-limit helper wrappers
2c853c6 
Reintroduced checkIpRateLimit/checkAuthFailRateLimit helper functions as delegates to the extracted RateLimiter service so server auth flow callsites remain consistent while preserving the auth-service extraction.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@OneStepAt4time OneStepAt4time merged commit c973b58 into develop Apr 10, 2026
10 checks passed
@OneStepAt4time OneStepAt4time deleted the fix/1614-auth-service branch April 10, 2026 21:19
This was referenced Apr 10, 2026
Merged
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@OneStepAt4time OneStepAt4time

Labels

approved-minor-bump Approved for minor version bump (feat: PRs)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@OneStepAt4time