You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#800 - EncryptionService: replace SHA-256 with scrypt KDF
- Use crypto.scryptSync(secret, salt, 32) for AES-256 key derivation
- Require ENCRYPTION_SALT env var at startup (fails fast if missing)
- Add ENCRYPTION_SALT to .env.example with generation instructions
- Add unit tests verifying scrypt is used (not SHA-256)
#803 - AuthService logout: blacklist the current access token
- Add jti claim to access token payload in generateTokens()
- Update logout(userId, accessToken?) to decode and blacklist the JTI
with TTL equal to remaining token lifetime
- Update AuthController.logout to extract Bearer token and pass it
- Add tests covering JTI blacklisting and graceful fallback
#804 - GDPR erasure: cascade-delete financial records and active sessions
- Wrap erasure in a TypeORM DataSource transaction
- Anonymize payments, enrollments, audit_logs, notifications inside tx
- Revoke active sessions before transaction (fast path)
- Update GdprModule to import TypeOrmModule (provides DataSource)
- Add tests: cascade anonymization, NotFoundException, idempotency
#806 - FraudDetectionService: configurable thresholds + behavioral signals
- Introduce FraudSignalProvider interface for pluggable signal sources
- IpRateSignalProvider, NewDeviceSignalProvider, LargeTransactionSignalProvider
- VelocitySignalProvider: flag users exceeding N purchases/hour
- GeoAnomalySignalProvider: flag purchase country != registration country
- All thresholds configurable via ConfigService env vars (FRAUD_*)
- Unit tests for each provider independently + aggregate service
Closes#800, Closes#803, Closes#804, Closes#806
0 commit comments