🔐 Security hardening: auth, rate limiting, brute force protection
- Add comprehensive security package with:
- API Key generation and validation (SHA256 hash)
- Password policy enforcement (min 12 chars, complexity)
- Rate limiting with presets (auth, api, ingest, export)
- Brute force protection (5 attempts, 15min lockout)
- Security headers middleware
- IP whitelisting
- Audit logging structure
- Secure token generation
- Enhanced auth middleware:
- JWT + API Key dual authentication
- Token revocation via Redis
- Scope-based authorization
- Role-based access control
- Updated installer with:
- Interactive setup for client customization
- Auto-generated secure credentials
- Docker all-in-one image
- Agent installer script
- Added documentation:
- SECURITY.md - Complete security guide
- INSTALL.md - Installation guide
- .env.example - Configuration reference
bigtux
a94809c812