Skip to content

feat: Login anomaly detection and suspicious activity alerts (Issue #124)#767

Open
shaidshark wants to merge 2 commits intorohitdash08:mainfrom
shaidshark:feature/login-anomaly-detection
Open

feat: Login anomaly detection and suspicious activity alerts (Issue #124)#767
shaidshark wants to merge 2 commits intorohitdash08:mainfrom
shaidshark:feature/login-anomaly-detection

Conversation

@shaidshark
Copy link
Copy Markdown

@shaidshark shaidshark commented Apr 3, 2026

Implements Issue #124 — Login anomaly detection and suspicious activity alerts.

Features:

  • Track failed login attempts per user and per IP (Redis)
  • Detect excessive failures (10+/hour user, 20+/hour IP)
  • Detect multiple IP usage (5+ different IPs)
  • Severity levels: MEDIUM, HIGH, CRITICAL
  • Store anomaly events with timestamps

Endpoints:

  • GET /api/auth/anomalies — current user's anomalies
  • GET /api/auth/anomalies/all — admin view (requires is_admin JWT claim)

Integration:

  • Failed login in auth.py triggers anomaly recording
  • Successful login resets failure counter and tracks known IPs
  • IP sanitization to prevent injection

shaidshark added 2 commits April 3, 2026 13:05
@shaidshark
feat: login anomaly detection and suspicious activity alerts
a5f1e5b 
- Track failed login attempts per user and per IP (Redis)
- Detect excessive failures, multiple IP usage
- Store anomaly events with severity levels
- /api/auth/anomalies — user's own anomalies
- /api/auth/anomalies/all — admin view of all anomalies
- Successful login resets failure counter and tracks known IPs
- IP sanitization to prevent injection
@shaidshark
fix: address review findings for login anomaly detection
08a4477 
- Atomic Redis INCR+EXPIRE via Lua script (fixes race condition)
- DB-based admin check instead of JWT claim (fixes admin bypass)
- Implement daily failure threshold (MAX_FAILED_PER_DAY was unused)
- JSON serialization for anomaly storage
- Better code structure
@shaidshark
Copy link
Copy Markdown
Author

shaidshark commented Apr 3, 2026

Bounty submission — ready for review! All code review feedback from previous rounds has been addressed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rohitdash08 rohitdash08 Awaiting requested review from rohitdash08 rohitdash08 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@shaidshark