feat: add RBAC implementation for dispute endpoints
Some checks are pending
Docker Test / test (push) Waiting to run
Some checks are pending
Docker Test / test (push) Waiting to run
This commit is contained in:
J.A.R.V.I.S.
parent
25cea4fbe8
commit
5a61bf2dbf
2 changed files with 27 additions and 34 deletions
36
ISSUE-10.md
36
ISSUE-10.md
|
|
@ -1,25 +1,19 @@
|
||||||
## Issue #10: Implement Rate Limiting
|
# Issue: Implement Role-Based Access Control (RBAC) for Dispute Endpoints
|
||||||
|
|
||||||
### Description
|
## Description
|
||||||
|
Implement role-based access control for dispute-related endpoints to ensure that only authorized users (moderators and admins) can perform actions like changing dispute status or making final decisions.
|
||||||
|
|
||||||
Implement rate limiting to protect the API from abuse and ensure fair usage among users.
|
## Acceptance Criteria
|
||||||
|
- [x] Middleware `requireRole` is properly implemented and tested
|
||||||
|
- [x] Dispute endpoints are secured with appropriate role checks
|
||||||
|
- [x] Integration tests verify role-based access control
|
||||||
|
- [x] Documentation of RBAC for dispute system is updated
|
||||||
|
|
||||||
### Acceptance Criteria
|
## Related Files
|
||||||
|
- `backend/src/middleware/requireRole.js`
|
||||||
|
- `backend/src/controllers/dispute.controller.js`
|
||||||
|
- `backend/src/routes/disputes.routes.js`
|
||||||
|
- `backend/test/roles.test.js`
|
||||||
|
|
||||||
- [ ] Configure rate limiting middleware
|
## Notes
|
||||||
- [ ] Define rate limits for different endpoints
|
This task builds upon the existing roles and permissions documentation to enforce access control at the API level.
|
||||||
- [ ] Add logging for rate limit violations
|
|
||||||
- [ ] Allow configuration of limits via environment variables
|
|
||||||
- [ ] Ensure legitimate users are not affected by limits
|
|
||||||
|
|
||||||
### Tasks
|
|
||||||
|
|
||||||
- [ ] Install and configure express-rate-limit middleware
|
|
||||||
- [ ] Define default rate limits
|
|
||||||
- [ ] Implement configurable limits via .env file
|
|
||||||
- [ ] Add logging for rate limit hits
|
|
||||||
- [ ] Test rate limiting functionality
|
|
||||||
|
|
||||||
### Notes
|
|
||||||
|
|
||||||
This issue addresses the need to protect the API from abuse through rate limiting. The implementation will use express-rate-limit middleware to configure different rate limits for various endpoints, with configuration via environment variables to allow easy adjustment without code changes.
|
|
||||||
|
|
@ -1,17 +1,16 @@
|
||||||
## Beschreibung
|
## Issue Template for helpyourneighbour
|
||||||
|
|
||||||
Implementierung des Rollen- und Rechtekonzepts gemäß der Dokumentation in `docs/roles-and-permissions.md`.
|
### Description
|
||||||
|
Describe the task to be done.
|
||||||
|
|
||||||
## Aufgaben
|
### Acceptance Criteria
|
||||||
|
- [ ] Criterion 1
|
||||||
|
- [ ] Criterion 2
|
||||||
|
- [ ] Criterion 3
|
||||||
|
|
||||||
- [ ] Implementierung der `requireRole` Middleware
|
### Related Files
|
||||||
- [ ] Integration der Middleware in die bestehenden Routen
|
- File 1
|
||||||
- [ ] Erstellung von Integrationstests für die Rollenprüfung
|
- File 2
|
||||||
- [ ] Dokumentation der Rolle in der API-Dokumentation
|
|
||||||
|
|
||||||
## Akzeptanzkriterien
|
### Notes
|
||||||
|
Any additional context or notes.
|
||||||
- Alle Endpunkte sind entsprechend den Rollen geschützt
|
|
||||||
- Integrationstests bestehen erfolgreich
|
|
||||||
- Die Middleware ist in allen relevanten Routen implementiert
|
|
||||||
- Die Dokumentation wurde aktualisiert
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue