feat(security): add phase8 hardening with rate limits, audit logs, and auth-first simulator flow

2026-01-24 18:45:00 +00:00
parent 6d6c77f77e
commit f6d66c3650
11 changed files with 355 additions and 5 deletions
--- a/Backend/drizzle/0011_security_audit_logs.sql
+++ b/Backend/drizzle/0011_security_audit_logs.sql
@@ -0,0 +1,14 @@
+CREATE TABLE "audit_logs" (
+  "id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL,
+  "owner_user_id" uuid NOT NULL,
+  "actor_device_id" uuid,
+  "action" varchar(128) NOT NULL,
+  "target_type" varchar(64) NOT NULL,
+  "target_id" varchar(255) NOT NULL,
+  "metadata" jsonb DEFAULT 'null'::jsonb,
+  "ip_address" text,
+  "created_at" timestamp with time zone DEFAULT now() NOT NULL
+);
+--> statement-breakpoint
+ALTER TABLE "audit_logs" ADD CONSTRAINT "audit_logs_owner_user_id_users_id_fk" FOREIGN KEY ("owner_user_id") REFERENCES "public"."users"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "audit_logs" ADD CONSTRAINT "audit_logs_actor_device_id_devices_id_fk" FOREIGN KEY ("actor_device_id") REFERENCES "public"."devices"("id") ON DELETE no action ON UPDATE no action;