Skip to content

feat(security): login anomaly detection & suspicious activity alerts#441

Open
lalalic wants to merge 1 commit intorohitdash08:mainfrom
lalalic:feat/login-anomaly
Open

feat(security): login anomaly detection & suspicious activity alerts#441
lalalic wants to merge 1 commit intorohitdash08:mainfrom
lalalic:feat/login-anomaly

Conversation

@lalalic
Copy link

@lalalic lalalic commented Mar 15, 2026

Login Anomaly Detection & Suspicious Activity Alerts

Implements issue #124 — real-time login anomaly detection with risk scoring and automated security alerts.

Features

  • Multi-signal risk scoring — new IP (0.3), new device (0.25), unusual time (0.15), rapid attempts (0.4), failed streaks (0.5)
  • Automatic alert generation — security alerts created when risk >= 0.5
  • Alert management — acknowledge individual or bulk, filterable by status
  • Login history — full event log with device/location metadata, filterable by type
  • Statistics dashboard — login counts, unique IPs/devices, risk distribution

Implementation

Component Details
Migration 032_login_anomaly.sql — login_events + security_alerts tables
Models LoginEvent + SecurityAlert
Service login_anomaly.py — risk analysis, event recording, alert lifecycle, stats
Routes 6 endpoints under /security/*
Tests 37 passing tests
Docs docs/login-anomaly.md

API Endpoints

Method Endpoint Description
POST /security/record Record login event with anomaly check
GET /security/history Login event history
GET /security/alerts Security alerts
POST /security/alerts/:id/acknowledge Acknowledge alert
POST /security/alerts/acknowledge-all Bulk acknowledge
GET /security/stats Login statistics

Stats

  • 1,206 lines added across 9 files
  • 37 tests — all passing
  • Zero external dependencies added

Closes #124

@lalalic
feat(security): add login anomaly detection & suspicious activity alerts
75f082b 
Implements issue rohitdash08#124 — detect unusual login behavior and alert users.

Changes:
- Add login_events and security_alerts migrations (032_login_anomaly.sql)
- Add LoginEvent and SecurityAlert models
- Add login anomaly service with risk scoring, anomaly detection,
  auto-alert generation, history tracking, and statistics
- Add 6 REST endpoints under /security/*
- Add 37 passing tests
- Add documentation
@lalalic lalalic requested a review from rohitdash08 as a code owner March 15, 2026 12:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rohitdash08 rohitdash08 Awaiting requested review from rohitdash08 rohitdash08 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Login anomaly detection & suspicious activity alerts

1 participant

@lalalic