surtur
4d10510f5b
go: always defer adding headers
continuous-integration/drone/push Build is passing
2023-09-10 14:16:57 +02:00
surtur
882b7dfd28
go: add more logs on unauthorised access
...
continuous-integration/drone/push Build is passing
* log details about unauthorised access
* return semantically correct 403 (instead of 401) on unauthorised access
* allow read-only admin access to "hibp breach details" endpoint
2023-09-10 14:12:13 +02:00
surtur
35435da9a6
head.tmpl,go: set description+lang, rm meta CSP
continuous-integration/drone/push Build is passing
2023-09-10 12:47:35 +02:00
surtur
96c0b53493
go,tmpl: implement+activate validator
...
continuous-integration/drone/push Build is passing
also ad initial password change:
* switch the password field type to `password`
* add a field for repeated password
2023-09-08 22:56:17 +02:00
surtur
1d159e4f64
go,tmpl: unify handling of CSP
continuous-integration/drone/push Build is passing
2023-09-08 17:48:51 +02:00
surtur
73915fcd98
fix(go): resolve signin/logout issues for all time
...
continuous-integration/drone/push Build is passing
affects:
* app/settings
* app/server
* handlers
* signin
* signup
* logout
* home
* middleware
2023-09-08 17:22:20 +02:00
surtur
83f0ec7e15
fix(go): set correct cookie params
continuous-integration/drone/push Build is passing
2023-09-04 21:02:06 +02:00
surtur
e10fdc5042
go: update last_login for users w/ finished setup
continuous-integration/drone/push Build is passing
2023-09-04 20:02:21 +02:00
surtur
1b2d860beb
fix(go,tmpl): solve the Chromium/Safari logout...
...
continuous-integration/drone/push Build is passing
...issue by deleting the session cookie after successful password change
and forcing the user to re-authenticate.
additionally, split the InitialPasswordChange func into separate "GET"
and "POST" variants.
2023-09-04 19:21:01 +02:00
surtur
fcea85e54b
go(sessionMiddleware): render err page on 401
continuous-integration/drone/push Build is passing
2023-09-04 15:31:11 +02:00
surtur
fa1253a675
fix(go): set logout cache-control header+add check
continuous-integration/drone/push Build is passing
2023-09-04 15:22:17 +02:00
surtur
5527caa3a8
fix(go): prevent panic on manage/api-keys
continuous-integration/drone/push Build is passing
2023-09-04 15:12:58 +02:00
surtur
5d494fca8d
go,tmpl(api-keys): add tooltips, disable buttons
continuous-integration/drone/push Build is passing
2023-09-04 15:00:41 +02:00
surtur
b1e2168023
fix(go,tmpl): require minlength on username/passwd
continuous-integration/drone/push Build is passing
2023-09-04 12:21:58 +02:00
surtur
fd2916e73e
fix(go): show LastLogin on `Manage Users` page
continuous-integration/drone/push Build is passing
2023-09-04 11:33:50 +02:00
surtur
f4bd798821
fix(go): reject empty/same passwd on init change
continuous-integration/drone/push Build is passing
2023-09-04 11:28:23 +02:00
surtur
6b45213649
go: add user onboarding, HIBP search functionality
...
continuous-integration/drone/push Build is passing
* add user onboarding workflow
* fix user editing (no edits of passwords of regular users after
onboarding)
* refresh HIBP breach cache in DB on app start-up
* display HIBP breach details
* fix request scheduling to prevent panics (this still needs some love..)
* fix middleware auth
* add TODOs
* update head.tmpl
* reword some error messages
2023-08-24 18:43:24 +02:00
surtur
ab93161867
go,tmpl: allow conditionally disabling the sign-up
continuous-integration/drone/push Build is passing
2023-08-16 15:07:10 +02:00
surtur
01907c349f
fix: stop looking for the CSRF token logout GET
continuous-integration/drone/push Build is passing
2023-08-15 18:35:49 +02:00
surtur
f0bda26e8c
handlers: add helper newPage func w/ pre-filling
continuous-integration/drone/push Build is passing
2023-08-15 18:33:48 +02:00
surtur
1c67191c09
feat: implement user deletion
continuous-integration/drone/push Build is passing
2023-08-07 21:29:30 +02:00
surtur
c8a48cd526
go(logout): redir to /home if valid session exists
continuous-integration/drone/push Build is passing
2023-08-07 14:21:48 +02:00
surtur
81ca7d8ec1
go,tmpl: add a way to manage API keys [wip]
continuous-integration/drone/push Build is passing
2023-08-05 22:13:43 +02:00
surtur
536b5909c8
go,tmpl: use CSRF token in relevant places
continuous-integration/drone/push Build is passing
2023-08-05 21:43:45 +02:00
surtur
eb555cfcad
go: add + use sessionMaxAge
continuous-integration/drone/push Build is failing
2023-08-04 18:28:56 +02:00
leo
31e86833aa
MiddlewareSession: simplify logic
continuous-integration/drone/push Build is passing
2023-06-04 12:07:07 +02:00
leo
3cacea8c1f
signin.go: change login failed msg
continuous-integration/drone/push Build is passing
2023-06-04 11:57:47 +02:00
leo
ce383b5818
refactor: mv ctx to a later point
continuous-integration/drone/push Build is passing
2023-06-04 11:36:07 +02:00
leo
afc97407f6
healthz: use proper JSON
continuous-integration/drone/push Build is passing
2023-06-04 11:32:57 +02:00
leo
5f8548958f
go: add usr updating [wip]
continuous-integration/drone/push Build is passing
2023-06-02 20:00:14 +02:00
leo
32aa8d8852
go: add+enable compression middleware
continuous-integration/drone/push Build is passing
2023-05-31 22:42:50 +02:00
leo
ffc9b74c75
go: add a simple caching middleware for assets
continuous-integration/drone/push Build is passing
2023-05-31 22:29:52 +02:00
leo
dbd0e9d01d
go: implement session auth middleware
...
continuous-integration/drone/push Build is passing
* simplify protection of endpoints
* role discernment still occures in respective handlers
* db client needs to be passed into handlers as a global var now
2023-05-30 23:50:37 +02:00
leo
1f11b71341
user-mgmt: clear err messages + page rendering
continuous-integration/drone/push Build is passing
2023-05-30 21:08:34 +02:00
leo
ae5c4f1dd4
go,tmpl: add usr details listing
...
continuous-integration/drone/push Build is passing
* add tmpl
* add handler for route /manage/user/:id
* add convenience helper func
* handle not found/invalid uuid errors
2023-05-29 22:42:18 +02:00
leo
e2a29fa692
handlers,tmpl: render+log signin better errors
continuous-integration/drone/push Build is passing
2023-05-28 22:47:10 +02:00
leo
e0a7656b2b
handlers(types): add validation
continuous-integration/drone/push Build is passing
2023-05-28 18:57:37 +02:00
leo
547f6e7b3c
add user creation
continuous-integration/drone/push Build is passing
2023-05-22 06:47:33 +02:00
leo
97ea29d043
add user listing
continuous-integration/drone/push Build is passing
2023-05-22 03:22:58 +02:00
leo
3a2f85f683
feat: add license headers (+spdx id)
continuous-integration/drone/push Build is passing
2023-05-20 20:15:57 +02:00
leo
be1709794a
fix(session panic): check if nil before use
continuous-integration/drone/push Build is passing
2023-05-16 13:49:02 +02:00
leo
695039e882
handlers(echo): use c.Bind in sign{in,up}
continuous-integration/drone/push Build is passing
2023-05-15 23:57:38 +02:00
leo
31ab083f8a
handlers: add health-check endpoints
continuous-integration/drone/push Build is passing
2023-05-13 22:33:38 +02:00
leo
b77c2fe941
handlers: add func addHeaders
continuous-integration/drone/push Build is passing
2023-05-11 23:50:40 +02:00
leo
1fb7479d8e
slogger: rename Logger to Slogger
continuous-integration/drone/push Build is passing
2023-05-11 17:06:20 +02:00
leo
a385b194b9
handlers/home: render success with StatusOK
continuous-integration/drone/push Build is passing
2023-05-11 05:07:53 +02:00
leo
468e20da0a
handlers/index: refactor to use c.Render
continuous-integration/drone/push Build is passing
2023-05-11 05:01:19 +02:00
leo
f80e06078a
handlers/home: redirect w/ 303 instead of 301
continuous-integration/drone/push Build is passing
2023-05-11 04:55:56 +02:00
leo
847d4aab22
handlers: rename helper.go -> error.go
continuous-integration/drone/push Build is passing
2023-05-11 04:54:31 +02:00
leo
122ea638c9
go: refactor template rendering
...
continuous-integration/drone/push Build is passing
* create pkg 'modules/template'
* move template rendering code from 'handlers' to 'modules/template'
* update call sites
* walk the 'templates' dir to discover nested hierarchies
* solidify LiveMode handling (vs embedded assets)
* break out funcMap to it's own file
* general clean-up
2023-05-11 04:32:39 +02:00
surtur