383201cacd
## v0.9.20260325_144654 ### Features - API Key Authentication System - Job Worker System - V2 Backup Versioning ### Bug Fixes - get_processor_results_by_job column mapping Co-authored-by: OpenCode
3.7 KiB
3.7 KiB
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog.
[Unreleased]
Added
- Gitea API token integration
- n8n API key integration
- API key caching with Moka
- Rate limiting for API key validation
- Constant-time hash comparison
- OpenAPI documentation with utoipa
[0.1.0] - 2026-03-21
Added
API Key Management System
- API key generation with secure random (UUID v4)
- SHA256 key hashing
- 5 key types: System, User, Service, Integration, Emergency
- Key expiration with configurable TTL
- Grace period for key rotation
Anomaly Detection
- High request rate detection (>1000/min)
- High error rate detection (>50%)
- Multiple IP detection (>5/hour)
- Unusual time activity detection
- Redis Pub/Sub for anomaly alerts
Rotation Mechanism
- Automatic rotation scheduling
- Manual rotation requests
- Forced rotation for security incidents
- Grace period management per key type:
- System: 72 hours
- User: 24 hours
- Service: 48 hours
- Integration: 24 hours
- Emergency: 0 hours (immediate)
PostgreSQL Integration
api_keystable for key storageapi_key_audit_logtable for audit trailapi_key_anomaliestable for anomaly records- Full CRUD operations for API keys
Redis Integration
- Anomaly alert Pub/Sub (
momentry:anomaly:alerts) - Key anomaly state tracking
- Real-time alert notifications
CLI Commands
momentry api-key create- Create new API keymomentry api-key list- List all API keysmomentry api-key validate- Validate an API keymomentry api-key revoke- Revoke an API keymomentry api-key rotate- Request key rotationmomentry api-key stats- Show statistics
Gitea Integration
- Create Gitea Personal Access Tokens
- List user tokens
- Delete tokens
- Local token tracking
- CLI commands:
momentry gitea createmomentry gitea listmomentry gitea deletemomentry gitea verify
n8n Integration
- Create n8n API keys
- List API keys
- Delete API keys
- Local key tracking
- CLI commands:
momentry n8n createmomentry n8n listmomentry n8n deletemomentry n8n verify
Security Features
- Constant-time hash comparison (subtle crate)
- Rate limiting for validation attempts
- IP-based lockout after failed attempts
- Configurable thresholds via environment variables
Performance Optimizations
- Moka-based API key validation cache
- Configurable TTL and capacity
- Reduced database queries for hot keys
Documentation
- API Key Management design document
- Redis user configuration guide
- Gitea token integration guide
- n8n API key integration guide
- Optimization plan with task codes
Environment Variables
API Key Configuration
CACHE_TTL_SECONDS=300 # Cache TTL (default: 300)
CACHE_MAX_CAPACITY=10000 # Max cache entries (default: 10000)
RATE_LIMIT_MAX_ATTEMPTS=5 # Max failed attempts (default: 5)
RATE_LIMIT_WINDOW_SECONDS=900 # Lockout duration (default: 900)
Service URLs
GITEA_URL=http://localhost:3000
N8N_URL=https://n8n.momentry.ddns.net
Database Schema
Tables Created
api_keys- API key storageapi_key_audit_log- Audit trailapi_key_anomalies- Anomaly recordsgitea_tokens- Gitea token trackingn8n_api_keys- n8n API key tracking
Dependencies Added
uuid- UUID generationsubtle- Constant-time comparisonmoka- Async cacheutoipa- OpenAPI documentationutoipa-swagger-ui- Swagger UI
Version History
| Version | Date | Description |
|---|---|---|
| 0.1.0 | 2026-03-21 | Initial release with API Key Management |