• Add JWT algorithm configuration with validation (HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512)
• Implement BasicAuthentication class with proper 401 error responses
• Add rate limiting for auth endpoints (10/min, 100/hour, 1000/day default)
• Fix JWT expiration configuration not being passed to authentication instances
• Add JWT claim validation to prevent overwriting reserved 'exp' claim
• Consolidate Basic auth parsing in _login.py module
• Add comprehensive test suite covering all auth scenarios
• Update YAML configuration support for JWT algorithm and expiration
• Fix typing issues in auth modules
• Add proper error response differentiation (401 for auth failures, 403 for permissions)

BREAKING CHANGE: JWTAuthentication constructor now accepts optional parameters:

• expiration: Override default 3600s token lifetime
• algorithm: Override default HS256 algorithm
• secret_key: Custom secret (defaults to LIGHTAPI_JWT_SECRET)

Security enhancements:

• Rate limiting prevents brute force attacks on login endpoints
• Basic auth returns proper WWW-Authenticate header semantics
• JWT algorithm validation prevents insecure configurations

Summary by CodeRabbit

• New Features

  • Automatic /auth/login and /auth/token endpoints for JWT and Basic auth; LightApi accepts a login_validator callable and customizable auth path
  • BasicAuthentication option and configurable JWT expiration, algorithm, and extra claims
  • In-memory rate limiter for auth endpoints

• Documentation

  • Added README and YAML examples describing auth endpoints, validator callable, and JWT settings

• Tests

  • Comprehensive tests covering login/token flows, JWT/Basic scenarios, error cases, and YAML config handling