alee/golfgame
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
dfb3397dcb
golfgame/server/middleware
History
adlee-was-taken 6461a7f0c7 Add metered open signups, per-IP limits, and auth security hardening 
Enables public beta signup metering: DAILY_OPEN_SIGNUPS env var controls
how many users can register without an invite code per day (0=disabled,
-1=unlimited, N=daily cap). Invite codes always bypass the limit.

Also adds per-IP signup throttling (DAILY_SIGNUPS_PER_IP, default 3/day)
and fail-closed rate limiting on auth endpoints when Redis is down.

Client dynamically fetches /api/auth/signup-info to show invite field
as optional with remaining slots when open signups are enabled.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-24 14:28:28 -05:00
..
__init__.py Huge v2 uplift, now deployable with real user management and tooling! 2026-01-27 11:32:15 -05:00
ratelimit.py Add metered open signups, per-IP limits, and auth security hardening 2026-02-24 14:28:28 -05:00
request_id.py Huge v2 uplift, now deployable with real user management and tooling! 2026-01-27 11:32:15 -05:00
security.py Allow ws:// in production CSP for pre-SSL WebSocket connections 2026-02-21 20:30:29 -05:00