Dev

.env

@@ -18,3 +18,6 @@ JWT_REFRESH_TOKEN_EXP=604800
 REDIS_ADDR=localhost:6379
 REDIS_PASSWORD=
 REDIS_DB=0
+
+SECURITY_ENABLE_CORS=true
+#SECURITY_ALLOWED_ORIGINS=https://hellop.com,test.com

LEARNING_ROADMAP.md

@@ -36,15 +36,16 @@
 
 **Implementation Tasks:**
 
-- [ ] Add `password_hash` to users table (migration)
-- [ ] Create password hashing utility
-- [ ] Implement JWT token generation and validation
-- [ ] Create `/auth/register` endpoint
-- [ ] Create `/auth/login` endpoint
-- [ ] Create `/auth/refresh` endpoint (refresh token rotation)
-- [ ] Add JWT middleware to protect todo routes
-- [ ] Implement user ownership (users can only CRUD their own todos)
-- [ ] Add password strength validation
+- [x] Add `password_hash` to users table (migration)
+- [x] Create password hashing utility
+- [x] Implement JWT token generation and validation
+- [x] Create `/auth/register` endpoint
+- [x] Create `/auth/login` endpoint
+- [x] Create `/auth/refresh` endpoint (refresh token rotation)
+- [x] Add JWT middleware to protect todo routes
+- [x] Implement user ownership (users can only CRUD their own todos)
+- [x] Add password strength validation
+- [x] Ensure OWASP Top 10 security best practices are implemented
 - [ ] Implement rate limiting on auth endpoints (prevent brute force)
 
 **Why this first:** Almost every real application needs authentication. It touches all layers (API → Service → Database) and teaches security fundamentals.
@@ -94,8 +95,8 @@
 
 - [ ] Add `/health` endpoint (liveness probe)
 - [ ] Add `/ready` endpoint (readiness probe - checks DB, Redis, etc.)
-- [ ] Implement graceful shutdown handler
-- [ ] Add timeout for in-flight requests
+- [x] Implement graceful shutdown handler
+- [x] Add timeout for in-flight requests
 - [ ] Test shutdown behavior with active connections
 - [ ] Add startup probe logic
 

Makefile

@@ -16,6 +16,11 @@ help:
 	@echo "🗄️  Database:"
 	@echo "  migrate-up     - Run database migrations"
 	@echo "  migrate-down   - Rollback database migrations"
+	@echo "  migrate-down-last - Rollback last database migration"
+	@echo "  migrate-up-last - Run last database migration"
+	@echo "  migrate-up-to - Run database migrations up to a specific version"
+	@echo "  migrate-down-to - Rollback database migrations down to a specific version"
+	@echo "  migrate-version - Show current database migration version"
 	@echo "  migrate-status - Show migration status"
 	@echo "  migrate-fix    - Fix dirty migration (usage: make migrate-fix version=N)"
 	@echo "  migrate-reset  - Reset migration tracking (keeps data)"
@@ -91,6 +96,18 @@ migrate-up:
 migrate-down:
 	migrate -path internal/data/migrations -database "$(DB_URL)" down
 
+migrate-down-last:
+	migrate -path internal/data/migrations -database "$(DB_URL)" down 1
+
+migrate-up-last:
+	migrate -path internal/data/migrations -database "$(DB_URL)" up 1
+
+migrate-up-to:
+	migrate -path internal/data/migrations -database "$(DB_URL)" up $(version)
+
+migrate-down-to:
+	migrate -path internal/data/migrations -database "$(DB_URL)" down $(version)
+
 migrate-force:
 	migrate -path internal/data/migrations -database "$(DB_URL)" force $(version)