Commit Graph

85 Commits

Author SHA1 Message Date
96c0b53493
go,tmpl: implement+activate validator
All checks were successful
continuous-integration/drone/push Build is passing
also ad initial password change:
* switch the password field type to `password`
* add a field for repeated password
2023-09-08 22:56:17 +02:00
1d159e4f64
go,tmpl: unify handling of CSP
All checks were successful
continuous-integration/drone/push Build is passing
2023-09-08 17:48:51 +02:00
73915fcd98
fix(go): resolve signin/logout issues for all time
All checks were successful
continuous-integration/drone/push Build is passing
affects:
* app/settings
* app/server
* handlers
    * signin
    * signup
    * logout
    * home
    * middleware
2023-09-08 17:22:20 +02:00
83f0ec7e15
fix(go): set correct cookie params
All checks were successful
continuous-integration/drone/push Build is passing
2023-09-04 21:02:06 +02:00
1b2d860beb
fix(go,tmpl): solve the Chromium/Safari logout...
All checks were successful
continuous-integration/drone/push Build is passing
...issue by deleting the session cookie after successful password change
and forcing the user to re-authenticate.

additionally, split the InitialPasswordChange func into separate "GET"
and "POST" variants.
2023-09-04 19:21:01 +02:00
5d494fca8d
go,tmpl(api-keys): add tooltips, disable buttons
All checks were successful
continuous-integration/drone/push Build is passing
2023-09-04 15:00:41 +02:00
010e54168a
go(app/server): skip logging /assets visits
All checks were successful
continuous-integration/drone/push Build is passing
2023-09-04 14:01:42 +02:00
6b45213649
go: add user onboarding, HIBP search functionality
All checks were successful
continuous-integration/drone/push Build is passing
* add user onboarding workflow
* fix user editing (no edits of passwords of regular users after
  onboarding)
* refresh HIBP breach cache in DB on app start-up
* display HIBP breach details
* fix request scheduling to prevent panics (this still needs some love..)
* fix middleware auth
* add TODOs
* update head.tmpl
* reword some error messages
2023-08-24 18:43:24 +02:00
f2025395b2
go: add basic hibp handling, requests scheduling
All checks were successful
continuous-integration/drone/push Build is passing
* change hibp schema's date field to string, as the date format would
  prevent direct unmarshaling. instead, marshal to string, convert later
* the scheduler is in place in order not to get throttled after going
  over API limit
* the scheduler detects when in testing mode and changes little bits of
  behaviour
* add tests for some basic requests
* run the requests scheduler as a background service during testing
2023-08-22 19:57:48 +02:00
e7849b5443
go: fix setting port from config
All checks were successful
continuous-integration/drone/push Build is passing
2023-08-20 23:01:27 +02:00
ab93161867
go,tmpl: allow conditionally disabling the sign-up
All checks were successful
continuous-integration/drone/push Build is passing
2023-08-16 15:07:10 +02:00
70af5cc86a
fix: repair broken routes
All checks were successful
continuous-integration/drone/push Build is passing
a follow up of:
7f87d0f2c2
1b64571429
2023-08-15 17:56:25 +02:00
7f87d0f2c2
routes: regroup, reorganise, break out csrf config
All checks were successful
continuous-integration/drone/push Build is passing
2023-08-13 16:44:40 +02:00
1b64571429
routes: group certain endpoints
All checks were successful
continuous-integration/drone/push Build is passing
2023-08-13 15:52:31 +02:00
e7be74d1eb
routes: add extra handling for signin/signup
All checks were successful
continuous-integration/drone/push Build is passing
2023-08-12 14:50:49 +02:00
1106359a3e
go(app/server.go): rename func
All checks were successful
continuous-integration/drone/push Build is passing
2023-08-11 23:18:54 +02:00
7b7d1b14a2
go(app): echoSettings.go -> server.go
All checks were successful
continuous-integration/drone/push Build is passing
2023-08-11 23:14:19 +02:00
1c67191c09
feat: implement user deletion
All checks were successful
continuous-integration/drone/push Build is passing
2023-08-07 21:29:30 +02:00
52dfe44080
go(logout): let only authorised users log out
All checks were successful
continuous-integration/drone/push Build is passing
2023-08-07 14:40:46 +02:00
81ca7d8ec1
go,tmpl: add a way to manage API keys [wip]
All checks were successful
continuous-integration/drone/push Build is passing
2023-08-05 22:13:43 +02:00
e941e73222
go(settings): expose default server timeouts
All checks were successful
continuous-integration/drone/push Build is passing
2023-08-05 14:25:34 +02:00
4ccec7857d
go(settings): improve function docs [skip ci] 2023-08-04 18:35:57 +02:00
094a478cf9
go(settings): add const defaults
All checks were successful
continuous-integration/drone/push Build is passing
2023-08-04 18:31:45 +02:00
eb555cfcad
go: add + use sessionMaxAge
Some checks failed
continuous-integration/drone/push Build is failing
2023-08-04 18:28:56 +02:00
2559092231
go: add getters for Session{Auth,Encr}IsHex
All checks were successful
continuous-integration/drone/push Build is passing
2023-08-04 18:13:23 +02:00
172703aab5
go: use '__Host' prefix with the csrf cookie
All checks were successful
continuous-integration/drone/push Build is passing
2023-08-04 17:26:51 +02:00
fb74533a96
go(settings): add domain fallback
All checks were successful
continuous-integration/drone/push Build is passing
2023-08-04 17:19:06 +02:00
118c34dac6
go: fix csrf issues
All checks were successful
continuous-integration/drone/push Build is passing
2023-08-03 14:49:21 +02:00
044ed583b9
go: set global default {read,write} timeouts
All checks were successful
continuous-integration/drone/push Build is passing
2023-08-03 14:40:04 +02:00
leo
5f8548958f
go: add usr updating [wip]
All checks were successful
continuous-integration/drone/push Build is passing
2023-06-02 20:00:14 +02:00
leo
32aa8d8852
go: add+enable compression middleware
All checks were successful
continuous-integration/drone/push Build is passing
2023-05-31 22:42:50 +02:00
leo
5cf5ba51bc
go: enable HEAD method for some routes
All checks were successful
continuous-integration/drone/push Build is passing
2023-05-31 22:32:25 +02:00
leo
ffc9b74c75
go: add a simple caching middleware for assets
All checks were successful
continuous-integration/drone/push Build is passing
2023-05-31 22:29:52 +02:00
leo
dbd0e9d01d
go: implement session auth middleware
All checks were successful
continuous-integration/drone/push Build is passing
* simplify protection of endpoints
* role discernment still occures in respective handlers
* db client needs to be passed into handlers as a global var now
2023-05-30 23:50:37 +02:00
leo
ae5c4f1dd4
go,tmpl: add usr details listing
All checks were successful
continuous-integration/drone/push Build is passing
* add tmpl
* add handler for route /manage/user/:id
* add convenience helper func
* handle not found/invalid uuid errors
2023-05-29 22:42:18 +02:00
leo
ff68a7dbe3
go: fix port default,flag handling
All checks were successful
continuous-integration/drone/push Build is passing
2023-05-23 16:37:33 +02:00
leo
547f6e7b3c
add user creation
All checks were successful
continuous-integration/drone/push Build is passing
2023-05-22 06:47:33 +02:00
leo
97ea29d043
add user listing
All checks were successful
continuous-integration/drone/push Build is passing
2023-05-22 03:22:58 +02:00
leo
6ce05ea74d
feat: add initial admin user creation
All checks were successful
continuous-integration/drone/push Build is passing
have the app create the initial admin user:
* if the db has not yet been set up
* if there are not users
* if the config value for Init.CreateAdmin is True
* if the admin password is not empty

default username, email values can be seen in modules/user/const.go
2023-05-21 18:50:41 +02:00
leo
9eb811169d
feat: bump configuration schema to 0.0.1-rc.2
All checks were successful
continuous-integration/drone/push Build is passing
this entails a couple of breaking changes due to schema evolution. once
the schema is stabilised, backward compatibility promise will be given.

* update config struct and accompanying scructs
* update tests
* update exampleConfig.dhall
* update local dev environment (devenv)
* make settings reflect the config schema changes
* make use of some settings/config updates
2023-05-21 12:44:18 +02:00
leo
3a2f85f683
feat: add license headers (+spdx id)
All checks were successful
continuous-integration/drone/push Build is passing
2023-05-20 20:15:57 +02:00
leo
72723d951d
go(refactor): clean up run.go
All checks were successful
continuous-integration/drone/push Build is passing
2023-05-17 20:40:24 +02:00
leo
31ab083f8a
handlers: add health-check endpoints
All checks were successful
continuous-integration/drone/push Build is passing
2023-05-13 22:33:38 +02:00
leo
fc4460d5e1
go: delete pertinent ENVs after loading settings
All checks were successful
continuous-integration/drone/push Build is passing
2023-05-12 22:43:36 +02:00
leo
e8ac4e39ce
modules/funcmap: add funcs to calculate SRI hashes
All checks were successful
continuous-integration/drone/push Build is passing
* correctly handle LiveMode resp. whether or not to set/read embeds
2023-05-12 00:11:23 +02:00
leo
1fb7479d8e
slogger: rename Logger to Slogger
All checks were successful
continuous-integration/drone/push Build is passing
2023-05-11 17:06:20 +02:00
leo
9bbfbe923e
app: set debug lvl also to gommon Echo logger
All checks were successful
continuous-integration/drone/push Build is passing
2023-05-11 04:48:24 +02:00
leo
741af20b6e
app: call logger consistently
All checks were successful
continuous-integration/drone/push Build is passing
2023-05-11 04:45:33 +02:00
leo
bef3cb228e
app(logger): restore the old behaviour
All checks were successful
continuous-integration/drone/push Build is passing
that is - have the Logger() method return pointer to the local (s)logger
2023-05-11 04:42:38 +02:00
leo
122ea638c9
go: refactor template rendering
All checks were successful
continuous-integration/drone/push Build is passing
* create pkg 'modules/template'
* move template rendering code from 'handlers' to 'modules/template'
* update call sites
* walk the 'templates' dir to discover nested hierarchies
* solidify LiveMode handling (vs embedded assets)
* break out funcMap to it's own file
* general clean-up
2023-05-11 04:32:39 +02:00