Changed default security rule to permit all requests instead of requiring authentication. Adjusted `SecurityConfig` to ensure open access for all endpoints.
Replaced `PermissionClaim` enum with an OpenAPI-defined schema `PermissionClaimDto` for consistency across frontend and backend. Refactored authentication flow to utilize `AuthService` on the frontend, consolidating JWT handling logic. Removed redundant methods like `saveJwt` and integrated robust permission management throughout the application.
Added JWT-based login dialog with form validation and secure token handling on the frontend. Updated backend with role-based access control, privilege management, and refined security configurations. Extended database schema for user privileges and permissions.
Introduced a secure login flow using JWTs with dynamically generated RSA key pairs stored in the database. Updated relevant APIs, database schema, and services to support login codes, JWT encoding, and secret validation.
Introduced a new API endpoint to fetch all punishment history for a specified UUID. Updated existing schemas, controllers, and mappers to support this functionality. Adjusted login endpoints to improve request handling and streamlined frontend form setup for appeals.
Introduced a `@RateLimit` annotation to enforce limits on the `addLogin` and `login` methods in `LoginController`. This restricts the number of requests per minute to improve security and prevent abuse.
Introduced @RateLimit annotations to enforce request limits on the AppealController. The overall controller has a global limit of 30 requests per hour, while specific methods for Discord and Minecraft appeals are limited to 3 requests per hour. This aims to prevent abuse and improve system reliability.
Introduces initial structure for appeal and login forms in both the frontend and backend. New controllers, APIs, and components were created, but functionality has not been fully implemented yet. This serves as a foundation for future development of these features.
Changed the rate limit from 30 requests per minute to 30 requests per 10 seconds. This ensures a smoother request flow and prevents excessive delays for frequent API users.
This commit introduces a new `DetailsComponent` for displaying detailed punishment data and establishes a route to view punishment history by ID and type. It also updates the API to support fetching individual punishment records and refines database mappings for improved data handling.
Introduced WebConfig to configure resource handling in the backend. This ensures SPA fallback by serving `index.html` for non-existent paths, improving routing for client-side applications.
Introduced new API paths and backend logic to retrieve total punishment counts based on user search queries using names or UUIDs. Updated the frontend to utilize these endpoints and display the total search results dynamically.
Added `Access-Control-Expose-Headers` to rate limit responses to expose retry-related headers for easier accessibility on the client side. Changed the rate limit time unit in `HistoryApiController` from seconds to minutes for more reasonable throttling.
Updated pagination buttons with new styles and class name (`historyPageButton`) for consistency and improved UX. Modified backend rate limit interval from 1 minute to 1 second for faster request handling.
Removed redundant rate-limit response headers and improved query methods for fetching punishment history. Refactored methods to handle cases where partial names are empty and added escaping for underscores in search names.
Introduced a rate-limiting feature using Spring AOP and a custom `RateLimit` annotation. Includes `InMemoryRateLimiterService`, `RateLimitAspect`, and related classes for controlling request limits. Applied rate limiting to specific API controllers to enhance system stability and prevent abuse.
akastijn
Teriuihi
