# ERP Enterprise Hardening Report

## Rate Limiting

- Implemented IP-based rate limiting middleware using Redis.
- Login endpoint limited to 5 requests per minute per IP.
- General API endpoints limited to 60 requests per minute per IP.

## Cookie-Based Authentication

- Added HttpOnly, Secure, SameSite=Strict cookie support for access tokens.
- Kept existing Authorization: Bearer header support for backward compatibility.
- Frontend API client now sends credentials with requests when available.

## Redis Integration

- Reused existing Redis client helper and added cache module.
- Implemented generic JSON cache helpers and integrated them for user profile caching.

## Session Invalidation

- Password change now deactivates all active sessions for the user.
- Logout endpoint can invalidate a single session by ID or all sessions for the current user.

## Worker Infrastructure

- Added worker module with task stubs for notifications, email, and report processing.
- Wired worker tasks into background startup pipeline without affecting current flows.

## Architecture Diagrams

- Updated master architecture to include Redis and rate limiting concerns.
- Deployment diagram highlights Redis cache and Axum backend.
- Middleware flow diagram represents maintenance and auth middleware chain.