Skip to content

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

Planned Features

  • Admin dashboard for user management
  • Client SDK (JavaScript/TypeScript)
  • Python client library
  • Multi-tenancy support
  • Advanced analytics

1.0.0 - 2024-10-19

Added - Core Features

Backend API Service

  • User registration with email/username validation
  • JWT-based authentication (access + refresh tokens)
  • Session management with Redis
  • Argon2id password hashing with worker pool optimization
  • Rate limiting on all sensitive endpoints
  • Comprehensive health check endpoints (liveness, readiness)
  • Audit logging for security events

Two-Factor Authentication

  • TOTP (Time-based One-Time Password)
  • QR code generation for Google Authenticator/Authy
  • 30-second time window with drift tolerance
  • Backup code generation (10 one-time use codes)
  • SMS 2FA via Twilio integration
  • Email 2FA via SMTP/Nodemailer
  • Trusted Devices (30-day device memory)
  • 2FA method management (enable, disable, list)

Third-Party Integration

  • API key management with scoped permissions
  • API key rotation and revocation
  • Webhook system with HMAC signatures
  • Event notifications (2FA enabled/verified/failed)
  • Webhook delivery tracking

Frontend Showcase

  • Next.js 15 with App Router and Turbopack
  • Dark mode optimized UI with Tailwind CSS
  • Complete 2FA setup wizard
  • TOTP QR code display
  • Backup codes generation
  • Trusted device management
  • User dashboard and settings

Testing & Quality

  • 186 total tests (unit + E2E)
  • 80%+ test coverage
  • PostgreSQL + Redis test services
  • Stress testing suite (500 concurrent users)

DevOps & CI/CD

  • Docker & Docker Compose for production
  • Development containers with hot-reload
  • GitHub Actions CI/CD pipelines
  • Backend tests with PostgreSQL/Redis services
  • Frontend build and type checking
  • Security scanning (CodeQL, Trivy, TruffleHog)
  • Automated deployment to production
  • Comprehensive deployment guides
  • Zero-budget deployment documentation

Documentation

  • Complete API documentation
  • Integration guides
  • Deployment guides (Docker, cloud platforms)
  • Contributing guidelines
  • Zero-budget deployment guide

Security

  • CSRF protection
  • Helmet security headers
  • Input validation and sanitization
  • SQL injection prevention (parameterized queries)
  • Rate limiting
  • Secure session management
  • HTTP-only cookies for refresh tokens

Infrastructure

  • PostgreSQL 14+ database with Prisma ORM
  • Redis 6+ for OTP storage and caching
  • BullMQ for async job processing
  • Piscina worker pool for CPU-intensive operations

Development Phases

Phase 1-4: Backend Foundation (Complete)

  • User authentication system
  • Password hashing and validation
  • JWT token management
  • Database schema and migrations

Phase 5: Showcase Frontend (Complete)

  • Next.js application
  • 2FA setup workflows
  • User dashboard
  • Settings management

Phase 6: Service Enhancements (Complete)

  • API key management
  • Webhook system
  • Health monitoring
  • Docker deployment
  • CI/CD pipelines
  • Comprehensive documentation

Phase 7: Admin Dashboard (Planned)

  • User management API
  • Audit logs viewer
  • Analytics and metrics
  • Usage monitoring

Phase 8: Client SDK (Planned)

  • NPM package (Ilia01/2fa-sdk)
  • React hooks library
  • Python client
  • Integration examples

Migration Guide

From Development to v1.0

  1. Update environment variables:
  2. Ensure all JWT secrets are set (64+ characters)
  3. Configure production DATABASE_URL

  4. Set CORS_ORIGINS for your domain

  5. Run database migrations:

    Bash
    npx prisma migrate deploy

  6. Update Docker images:

    Bash
    docker-compose pull
docker-compose up -d

  7. Verify deployment:

    Bash
    curl https://your-api.com/api/health

Breaking Changes

None - this is the initial release.

Known Issues

Free Tier Limitations

  • Free PostgreSQL databases may have connection limits (20-100)
  • Redis free tier limited to 10MB (Upstash)
  • Free hosting may have cold start delays

SMS 2FA

  • Requires paid Twilio account
  • Not available on zero-budget deployment

Contributors

Thanks to all contributors who helped build this project!

  • Project initialization and architecture
  • Backend API implementation
  • Frontend showcase application
  • Documentation and guides
  • Testing and quality assurance

Support