Aegis Lab is a security research project focused on modern authentication, secure session management, and login risk control for web applications.
The project provides a practical backend implementation for studying and validating advanced authentication mechanisms in a controlled environment. It is built with Go, Hertz, GORM, PostgreSQL, Redis, and a RESTful monolithic MVC architecture.
This repository is designed for secure login research, implementation validation, and authentication architecture experimentation. It explores how multiple security controls can work together to protect browser-based login flows, user sessions, and sensitive account operations.
- RSA-encrypted request payloads for sensitive API operations
- HttpOnly cookie-based access and refresh token management
- JWT validation with key ID support
- Refresh token rotation and reuse detection
- CSRF protection for authenticated write operations
- Replay attack prevention with nonce validation
- Device binding with FingerprintJS-based device identifiers
- CAPTCHA protection for registration and login flows
- TOTP-based multi-factor authentication with QR code enrollment
- Step-up verification for sensitive account actions
- Security audit logging for login, MFA, password, and session events
- Redis-backed security state management
- PostgreSQL persistence with GORM models
- Trusted reverse proxy header handling
- CORS, security headers, request metadata, timestamp checks, and rate limiting
- Docker-based local development environment
AegisAuth Lab is intended for research and engineering validation. It is not a production identity provider and should not be used to process real user data without additional security review, compliance assessment, operational hardening, monitoring, and infrastructure-level HTTPS enforcement.
The project follows a simple monolithic MVC flow:
router -> controller -> service -> models/database