Skip to content

Update README.md#957

Open
Blaqkenny wants to merge 2 commits into
rinafcode:mainfrom
Blaqkenny:Fix-rinafcode
Open

Update README.md#957
Blaqkenny wants to merge 2 commits into
rinafcode:mainfrom
Blaqkenny:Fix-rinafcode

Conversation

@Blaqkenny

Copy link
Copy Markdown

Closes #799
Closes #805
Closes #798
Closes #801

@Blaqkenny Blaqkenny marked this pull request as draft June 30, 2026 08:05
…code#801, rinafcode#798, rinafcode#799

- rinafcode#805: External moderation provider (OpenAI) behind EnhancedCircuitBreakerService with a keyword-filter fallback so Unicode homoglyph bypass is no longer trivially exploitable. New files: src/moderation/safety/external-moderation.provider.ts, src/moderation/safety/openai-moderation.adapter.ts.

- rinafcode#801: Plaintext password reset / email verification tokens replaced with SHA-256 hashes via the new AuthTokensService; raw tokens are delivered to the caller (email) and never persisted. Token lookups hash the user-supplied value before comparison (constant-time).

- rinafcode#798: ThreatDetectionService counters migrated from in-process LRUCache to Redis (INCR + first-call EXPIRE) so failed-attempt counts survive pod restarts and aggregate correctly across horizontally-scaled replicas. Threshold, window, and key prefix now configurable via ConfigService; service fails OPEN on Redis errors.

- rinafcode#799: OAuth provider access / refresh tokens on the User entity are now encrypted at rest via EncryptionService (AES-256-GCM) before persistence. Storage format `enc:<JSON(IEncryptedPayload)>`; symmetric getDecryptedAccessToken / getDecryptedRefreshToken / getDecryptedProviderTokens helpers added.

- Includes two TypeORM migrations:
    - 1783000000000-clear-plaintext-auth-tokens: clears legacy plaintext passwordResetToken / emailVerificationToken rows (rinafcode#801).
    - 1783000000001-reencrypt-oauth-provider-tokens: idempotently re-encrypts plaintext providerAccessToken / providerRefreshToken rows via ENCRYPTION_SECRET (rinafcode#799); throws if the secret is missing.

Refs: rinafcode#805, rinafcode#801, rinafcode#798, rinafcode#799
@drips-wave

drips-wave Bot commented Jun 30, 2026

Copy link
Copy Markdown

@Blaqkenny Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@Blaqkenny Blaqkenny marked this pull request as ready for review June 30, 2026 11:04
@RUKAYAT-CODER

Copy link
Copy Markdown
Contributor

Great job so far

There’s just one blocker — the workflow is failing. Could you take a look and fix it so all checks pass?
You could pull from the main to get the changes before pushing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

2 participants