Complete task 4 backend security architecture docs
This commit is contained in:
@@ -350,6 +350,16 @@ High-risk admin actions require re-authentication. Upon successful re-authentica
|
||||
8. Frontend retries the original high-risk action.
|
||||
9. The action proceeds.
|
||||
|
||||
### Traceability to Authorization Matrix
|
||||
|
||||
This matrix maps to:
|
||||
|
||||
- `AUTH-R025` (`POST /api/auth/step-up`) for the step-up API entry point.
|
||||
- `AUTH-R026` (`GET /api/auth/sessions`), `AUTH-R027` (`POST /api/auth/revoke-session`), `AUTH-R028` (`POST /api/auth/revoke-all-sessions`) for session controls.
|
||||
- `APV-R001`, `APV-R002`, `APV-R003` for approval queue + confirm/reject workflow.
|
||||
|
||||
Status: these rows are marked **Not implemented** in the matrix while this ADR remains in planning/rollout state.
|
||||
|
||||
### Two-person approval flow
|
||||
|
||||
For actions requiring two-person approval:
|
||||
@@ -659,19 +669,19 @@ If any migration step causes issues:
|
||||
|
||||
| Threat | Document |
|
||||
|---|---|
|
||||
| T01 (fake payment proof) | [[Payment Provider Adapter Spec]] (future) |
|
||||
| T02 (webhook replay) | [[Webhook Security Spec]] (future) |
|
||||
| T03 (arbitrary socket room join) | Realtime Authorization Spec (future) |
|
||||
| T05 (double payout) | [[Funds Ledger Specification]] (future) |
|
||||
| T06 (dispute bypass) | Escrow State Machine (future) |
|
||||
| T01 (fake payment proof) | [[Funds Ledger and Escrow State Machine Specification]], [[Payment Provider Adapter Spec]] |
|
||||
| T02 (webhook replay) | [[Webhook Security Spec]] |
|
||||
| T03 (arbitrary socket room join) | [[Realtime Authorization Spec]] |
|
||||
| T05 (double payout) | [[Funds Ledger and Escrow State Machine Specification]] |
|
||||
| T06 (dispute bypass) | [[Funds Ledger and Escrow State Machine Specification]] |
|
||||
| T07 (email abuse) | Rate limiting implementation |
|
||||
| T08 (AI cost abuse) | Rate limiting + auth implementation |
|
||||
| T09 (admin privilege escalation) | [[Authorization Matrix]] + step-up auth (this ADR) |
|
||||
| T09 (admin privilege escalation) | [[Authorization Matrix - REST and Socket.IO]] + step-up auth (this ADR) |
|
||||
| T11 (unauthenticated payment endpoints) | Auth middleware implementation |
|
||||
| T12 (rate limit bypass) | Rate limiting implementation |
|
||||
| T14 (supply-chain) | [[Secure Build and Supply-Chain Policy]] |
|
||||
| T16 (deep-link tampering) | Telegram initData verification |
|
||||
| T17 (provider outage) | Operational runbooks |
|
||||
| T17 (provider outage) | [[Backend Funds Migration and Operational Runbooks]] |
|
||||
| T18 (insider manipulation) | Multi-sig wallet + funds ledger + two-person approval (this ADR) |
|
||||
| T19 (price manipulation) | Offer status enforcement |
|
||||
| T20 (delivery brute force) | Rate limiting + code entropy |
|
||||
|
||||
Reference in New Issue
Block a user