v1.0.4: Security hardening - rate limiting, middleware, HSTS, password strength, anti-enumeration

2026-02-21 18:55:10 +01:00
parent b75bf9bb30
commit 8ef2cbe68e
15 changed files with 289 additions and 14 deletions
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@@ -64,12 +64,12 @@ export async function login(
  }) as any)

  if (!user) {
-    return { success: false, error: 'Benutzer nicht gefunden' }
+    return { success: false, error: 'E-Mail oder Passwort falsch' }
  }

  const isValidPassword = await bcrypt.compare(password, user.password)
  if (!isValidPassword) {
-    return { success: false, error: 'Ungültiges Passwort' }
+    return { success: false, error: 'E-Mail oder Passwort falsch' }
  }

  // Track email verification status (allow login regardless)