Production hardening: security, resilience, observability, and compliance

Password complexity: custom validator requiring uppercase, lowercase, digit (min 8 chars) Token expiry: 90-day token lifetime with refresh endpoint (60-90 day renewal window) Health check: /api/health/ now pings Postgres + Redis, returns 503 on failure Audit logging: async audit_log table for auth events (login, register, delete, etc.) Circuit breaker: APNs/FCM push sends wrapped with 5-failure threshold, 30s recovery FK indexes: 27 missing foreign key indexes across all tables (migration 017) CSP header: default-src 'none'; frame-ancestors 'none' Gzip compression: level 5 with media endpoint skipper Prometheus metrics: /metrics endpoint using existing monitoring service External timeouts: 15s push, 30s SMTP, context timeouts on all external calls Migrations: 016 (token created_at), 017 (FK indexes), 018 (audit_log) Tests: circuit breaker (15), audit service (8), token refresh (7), health (4), middleware expiry (5), validator (new)
2026-03-26 14:05:28 -05:00
parent 4abc57535e
commit b679f28e55
30 changed files with 2077 additions and 47 deletions
--- a/migrations/016_authtoken_created_at.up.sql
+++ b/migrations/016_authtoken_created_at.up.sql
@@ -0,0 +1,6 @@
+-- Ensure created column exists on user_authtoken (Django already creates it,
+-- but this migration guarantees it for fresh Go-only deployments).
+ALTER TABLE user_authtoken ADD COLUMN IF NOT EXISTS created TIMESTAMP WITH TIME ZONE DEFAULT NOW();
+
+-- Backfill any rows that may have a NULL created timestamp.
+UPDATE user_authtoken SET created = NOW() WHERE created IS NULL;