Kharec/goyco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
364 Commits 1 Branch 0 Tags
60daeddbe40d968d53c6fbef15b434264d1cec73
Commit Graph

364 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kharec 60daeddbe4 docs: proxy HSTS trust, middleware order, and Swagger gating 2026-05-06 20:13:56 +02:00
Kharec 537a7e3759 docs(.env.example): document SWAGGER_ENABLED for production Swagger 2026-05-06 20:13:56 +02:00
Kharec 194884293f test(e2e): align security header checks with CSP-only XSS defense 2026-05-06 20:13:56 +02:00
Kharec 0fbb6f4a88 test(integration): drop deprecated X-XSS-Protection expectation 2026-05-06 20:13:56 +02:00
Kharec b3f6f5b15e test(handlers): RequireAuth distinguishes missing context from user id zero 2026-05-06 20:13:56 +02:00
Kharec 2ede636bd6 test(server): Swagger hidden in production unless SWAGGER_ENABLED 2026-05-06 20:13:56 +02:00
Kharec 7c525e71cb test(middleware): encoded SQL query triggers suspicious activity log 2026-05-06 20:13:56 +02:00
Kharec 620798577e test(middleware): cache LRU, SHA-256 keys, prefix invalidation 2026-05-06 20:13:56 +02:00
Kharec b41d3bb20c fix(server): gate Swagger by env and pass cache invalidation prefixes 2026-05-06 20:13:56 +02:00
Kharec abaf46e624 test(middleware): CSP config and removed XSS auditor header 2026-05-06 20:13:56 +02:00
Kharec 61875201f9 fix(middleware): configurable Swagger CSP, log CSP nonce errors, drop X-XSS-Protection 2026-05-06 20:13:56 +02:00
Kharec d668567dc5 test(middleware): GetUserIDFromContext returns nil or pointer 2026-05-06 20:13:56 +02:00
Kharec 102f1d8400 fix(middleware): decode URL before suspicious SQL/XSS probes 2026-05-06 20:13:56 +02:00
Kharec 98985db537 fix(middleware): rate-limit key uses optional user ID pointer 2026-05-06 20:13:56 +02:00
Kharec be64e7c8d2 fix(middleware): SHA-256 keys, LRU cache, and prefix-scoped invalidation 2026-05-06 20:13:56 +02:00
Kharec 1aa256c6a8 fix(handlers): RequireAuth and VoteContext use optional user ID pointer 2026-05-06 20:07:47 +02:00
Kharec dccf85e038 fix(middleware): return *uint from GetUserIDFromContext for nil when unauthenticated 2026-05-06 20:07:41 +02:00
Kharec 4e188eb8d5 test(middleware): expect CSRF cookie readable by script for header submit 2026-05-06 20:07:35 +02:00
Kharec 2adf72c138 fix(middleware): set CSRF cookie HttpOnly false for double-submit from JS 2026-05-06 20:07:00 +02:00
Kharec add60ad3c2 test(middleware): CORS wildcard+credentials panic and trimmed env origins 2026-05-06 20:06:55 +02:00
Kharec 89131331a6 fix(middleware): validate CORS origins and reject wildcard with credentials 2026-05-06 20:06:53 +02:00
Kharec 0baf7053fc test(middleware): lock rapid-request tracker reset in TestIsRapidRequest 2026-05-06 16:47:46 +02:00
Kharec 5d145613d2 fix(middleware): add mutex for rapid-request counter 2026-05-06 16:47:35 +02:00
Kharec 12db6409ce test: cover CSRF skip behavior for Bearer vs cookie auth 2026-04-23 13:34:51 +02:00
Kharec 5fc208c9da fix: only skip CSRF for /api/ routes with Bearer tokens 2026-04-23 13:34:43 +02:00
Kharec ab17ff8b79 test: verify DecompressionMiddleware enforces size limit 2026-04-23 13:26:15 +02:00
Kharec 8990f5afb7 fix: cap decompressed request body side to prevent DoS 2026-04-23 13:26:03 +02:00
Kharec 8f255a4fe6 docs: update roadmap 2026-04-02 18:29:48 +02:00
Kharec d56ee03cdb fix: typo 2026-03-30 21:39:05 +02:00
Kharec e58ba1b8d1 chore: add title 2026-03-18 18:07:15 +01:00
Kharec 4ffc601723 fix: avoid mangle backslash 2026-03-11 07:22:51 +01:00
Kharec d6321e775a test(integration): update DB monitoring health assertion to match nested services payload 2026-03-06 15:37:53 +01:00
Kharec de9b544afb refactor(cors): deduplicate origin validation and header logic without behavior change 2026-03-06 15:37:44 +01:00
Kharec 19291b7f61 feat: update swagger 2026-03-05 11:39:24 +01:00
Kharec c31eb2f3df test(e2e): make middleware tests assertion-driven and deterministic 2026-02-23 07:11:22 +01:00
Kharec de08878de7 test(e2e): add middleware-enabled test context and server config toggles 2026-02-23 07:11:17 +01:00
Kharec f0e8da51d0 feat(server): allow cacheable paths to be configured in router 2026-02-23 07:11:14 +01:00
Kharec 85882bae14 refactor: go fix ftw 2026-02-19 17:37:42 +01:00
Kharec 9185ffa6b5 test(server): mock title fetcher in router tests to remove network dependency 2026-02-19 17:37:31 +01:00
Kharec 986b4e9388 refactor: modernize code using go fix 2026-02-19 17:31:06 +01:00
Kharec ac6e1ba80b refactor: modern code using go fix 2026-02-19 17:30:12 +01:00
Kharec 14da02bc3f refactor: use go fix 2026-02-19 17:29:44 +01:00
Kharec 31ef30c941 test(health): expect unhealthy for SMTP connection failures 2026-02-16 08:43:46 +01:00
Kharec d4a89325e0 fix(health): mark SMTP connection/bootstrap failures as unhealthy 2026-02-16 08:43:33 +01:00
Kharec 4eb0a6360f test(health): cover SMTP unhealthy aggregation behavior 2026-02-16 08:43:14 +01:00
Kharec 040b9148de fix(health): treat SMTP unhealthy as degraded at app level 2026-02-16 08:43:01 +01:00
Kharec 6e0dfabcff feat: health check now return json, definitely 2026-02-16 08:33:51 +01:00
Kharec 9e81ddfdfa fix: don't reinvent the wheel 2026-02-15 12:05:25 +01:00
Kharec b3b7c1d527 test: health check now supports smtp so we test it 2026-02-15 12:04:06 +01:00
Kharec 4c1caa44dd refactor: smtp tests 2026-02-15 12:03:55 +01:00