feat: implement production-ready features from improvement plan phase 2.5 & 2.6
Phase 2.5: Fix Foundation (CRITICAL) - Fixed 4 failing tests by adding cache attribute to mock_client fixture - Created comprehensive cache tests for Pages endpoint (test_pages_cache.py) - Added missing dependencies: pydantic[email] and aiohttp to core requirements - Updated requirements.txt with proper dependency versions - Achieved 82.67% test coverage with 454 passing tests Phase 2.6: Production Essentials - Implemented structured logging (wikijs/logging.py) * JSON and text log formatters * Configurable log levels and output destinations * Integration with client operations - Implemented metrics and telemetry (wikijs/metrics.py) * Request tracking with duration, status codes, errors * Latency percentiles (min, max, avg, p50, p95, p99) * Error rate calculation * Thread-safe metrics collection - Implemented rate limiting (wikijs/ratelimit.py) * Token bucket algorithm for request throttling * Per-endpoint rate limiting support * Configurable timeout handling * Burst capacity management - Created SECURITY.md policy * Vulnerability reporting procedures * Security best practices * Response timelines * Supported versions Documentation - Added comprehensive logging guide (docs/logging.md) - Added metrics and telemetry guide (docs/metrics.md) - Added rate limiting guide (docs/rate_limiting.md) - Updated README.md with production features section - Updated IMPROVEMENT_PLAN_2.md with completed checkboxes Testing - Created test suite for logging (tests/test_logging.py) - Created test suite for metrics (tests/test_metrics.py) - Created test suite for rate limiting (tests/test_ratelimit.py) - All 454 tests passing - Test coverage: 82.67% Breaking Changes: None Dependencies Added: pydantic[email], email-validator, dnspython 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Claude
111
SECURITY.md
Normal file
111
SECURITY.md
Normal file
@@ -0,0 +1,111 @@
|
||||
# Security Policy
|
||||
|
||||
## Supported Versions
|
||||
|
||||
| Version | Supported |
|
||||
| ------- | ------------------ |
|
||||
| 0.3.x | :white_check_mark: |
|
||||
| 0.2.x | :white_check_mark: |
|
||||
| 0.1.x | :x: |
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
**Please do not report security vulnerabilities through public GitHub issues.**
|
||||
|
||||
Instead, please report them via email to: **lmiranda@hotserv.cloud**
|
||||
|
||||
Include the following information:
|
||||
- Type of vulnerability
|
||||
- Full paths of affected source files
|
||||
- Location of affected source code (tag/branch/commit)
|
||||
- Step-by-step instructions to reproduce
|
||||
- Proof-of-concept or exploit code (if possible)
|
||||
- Impact of the issue
|
||||
|
||||
### Response Timeline
|
||||
|
||||
- **Initial Response**: Within 48 hours
|
||||
- **Status Update**: Within 7 days
|
||||
- **Fix Timeline**: Depends on severity
|
||||
- Critical: 7-14 days
|
||||
- High: 14-30 days
|
||||
- Medium: 30-60 days
|
||||
- Low: Best effort
|
||||
|
||||
## Security Best Practices
|
||||
|
||||
### API Keys
|
||||
- Never commit API keys to version control
|
||||
- Use environment variables for sensitive data
|
||||
- Rotate API keys regularly
|
||||
- Use separate keys for different environments
|
||||
|
||||
### SSL/TLS
|
||||
- Always use HTTPS for Wiki.js instances
|
||||
- Verify SSL certificates (verify_ssl=True)
|
||||
- Use modern TLS versions (1.2+)
|
||||
- Keep certificates up to date
|
||||
|
||||
### Dependencies
|
||||
- Keep dependencies updated
|
||||
- Monitor security advisories
|
||||
- Use pip-audit for vulnerability scanning
|
||||
- Review dependency changes before upgrading
|
||||
|
||||
### Authentication
|
||||
- Use JWT authentication for production
|
||||
- Implement token refresh mechanisms
|
||||
- Store tokens securely
|
||||
- Never log authentication credentials
|
||||
|
||||
### Input Validation
|
||||
- Always validate user input
|
||||
- Use type hints and Pydantic models
|
||||
- Sanitize data before processing
|
||||
- Check for injection vulnerabilities
|
||||
|
||||
## Disclosure Policy
|
||||
|
||||
Once a vulnerability is fixed:
|
||||
1. We will publish a security advisory
|
||||
2. Credit will be given to the reporter (if desired)
|
||||
3. Details will be disclosed responsibly
|
||||
4. Users will be notified through appropriate channels
|
||||
|
||||
## Security Features
|
||||
|
||||
### Built-in Security
|
||||
- Request validation using Pydantic
|
||||
- SSL certificate verification by default
|
||||
- Rate limiting to prevent abuse
|
||||
- Structured logging for audit trails
|
||||
- No hardcoded credentials
|
||||
|
||||
### Recommended Practices
|
||||
```python
|
||||
# Good: Use environment variables
|
||||
import os
|
||||
from wikijs import WikiJSClient
|
||||
|
||||
client = WikiJSClient(
|
||||
os.getenv("WIKIJS_URL"),
|
||||
auth=os.getenv("WIKIJS_API_KEY"),
|
||||
verify_ssl=True
|
||||
)
|
||||
|
||||
# Bad: Hardcoded credentials
|
||||
# client = WikiJSClient(
|
||||
# "https://wiki.example.com",
|
||||
# auth="my-secret-key" # DON'T DO THIS
|
||||
# )
|
||||
```
|
||||
|
||||
## Contact
|
||||
|
||||
For security concerns, contact:
|
||||
- **Email**: lmiranda@hotserv.cloud
|
||||
- **Repository**: https://gitea.hotserv.cloud/lmiranda/py-wikijs
|
||||
|
||||
## Acknowledgments
|
||||
|
||||
We appreciate the security researchers and contributors who help make this project more secure.
|
||||
Reference in New Issue
Block a user