claude 73f67d1342 Protect FileDownloadController with reCAPTCHA v3 and rate limiting ...

- Require captchaToken query param on initial (non-range) download requests
- Range requests (HTTP resume) bypass captcha — they are continuations of an already-validated download
- Add download rate limit policy: 5 requests / 1 min per IP (configured in .env)
- Inject ICaptchaVerifier; action name is file_download

UI change required: execute grecaptcha.execute(siteKey, {action: 'file_download'})
before triggering the download and append ?captchaToken=<token> to the URL.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-06-01 20:37:44 +03:00

..

Clients/Api/Contracts

Add internet job search feature (cv-search-job)

2026-05-22 17:56:23 +03:00

Controllers

Protect FileDownloadController with reCAPTCHA v3 and rate limiting

2026-06-01 20:37:44 +03:00

Properties

Changes

2026-05-14 14:12:29 +03:00

Services

Update email templates to HTML format and fix EmailApiEmailSender

2026-06-01 19:16:02 +03:00

api.csproj

refactor(data): rename email-api-data to email-data for consistent naming

2026-05-29 09:51:03 +03:00

appsettings.json

Add EmailApi configuration to api and cv-search-job services

2026-05-28 15:47:08 +03:00

CLAUDE.md

Add internet job search feature (cv-search-job)

2026-05-22 17:56:23 +03:00

Dockerfile

fix(docker): update Dockerfile references from email-api-data to email-data

2026-05-29 10:05:35 +03:00

Program.cs

Rename EmailApiDbContext to EmailDbContext and EmailTemplates table to Templates

2026-06-01 16:21:32 +03:00