Kharec/goyco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
358 Commits 1 Branch 0 Tags
7c525e71cb49409250fd6ea1aeae1c629d4fbbdf
Commit Graph

30 Commits

Author SHA1 Message Date
Kharec 7c525e71cb test(middleware): encoded SQL query triggers suspicious activity log 2026-05-06 20:13:56 +02:00
Kharec 620798577e test(middleware): cache LRU, SHA-256 keys, prefix invalidation 2026-05-06 20:13:56 +02:00
Kharec abaf46e624 test(middleware): CSP config and removed XSS auditor header 2026-05-06 20:13:56 +02:00
Kharec 61875201f9 fix(middleware): configurable Swagger CSP, log CSP nonce errors, drop X-XSS-Protection 2026-05-06 20:13:56 +02:00
Kharec d668567dc5 test(middleware): GetUserIDFromContext returns nil or pointer 2026-05-06 20:13:56 +02:00
Kharec 102f1d8400 fix(middleware): decode URL before suspicious SQL/XSS probes 2026-05-06 20:13:56 +02:00
Kharec 98985db537 fix(middleware): rate-limit key uses optional user ID pointer 2026-05-06 20:13:56 +02:00
Kharec be64e7c8d2 fix(middleware): SHA-256 keys, LRU cache, and prefix-scoped invalidation 2026-05-06 20:13:56 +02:00
Kharec dccf85e038 fix(middleware): return *uint from GetUserIDFromContext for nil when unauthenticated 2026-05-06 20:07:41 +02:00
Kharec 4e188eb8d5 test(middleware): expect CSRF cookie readable by script for header submit 2026-05-06 20:07:35 +02:00
Kharec 2adf72c138 fix(middleware): set CSRF cookie HttpOnly false for double-submit from JS 2026-05-06 20:07:00 +02:00
Kharec add60ad3c2 test(middleware): CORS wildcard+credentials panic and trimmed env origins 2026-05-06 20:06:55 +02:00
Kharec 89131331a6 fix(middleware): validate CORS origins and reject wildcard with credentials 2026-05-06 20:06:53 +02:00
Kharec 0baf7053fc test(middleware): lock rapid-request tracker reset in TestIsRapidRequest 2026-05-06 16:47:46 +02:00
Kharec 5d145613d2 fix(middleware): add mutex for rapid-request counter 2026-05-06 16:47:35 +02:00
Kharec 12db6409ce test: cover CSRF skip behavior for Bearer vs cookie auth 2026-04-23 13:34:51 +02:00
Kharec 5fc208c9da fix: only skip CSRF for /api/ routes with Bearer tokens 2026-04-23 13:34:43 +02:00
Kharec ab17ff8b79 test: verify DecompressionMiddleware enforces size limit 2026-04-23 13:26:15 +02:00
Kharec 8990f5afb7 fix: cap decompressed request body side to prevent DoS 2026-04-23 13:26:03 +02:00
Kharec de9b544afb refactor(cors): deduplicate origin validation and header logic without behavior change 2026-03-06 15:37:44 +01:00
Kharec 85882bae14 refactor: go fix ftw 2026-02-19 17:37:42 +01:00
Kharec 9017816812 refactor: export IsHTTPS function for shared use 2025-12-26 17:40:31 +01:00
Kharec 027df4f60c test: add security header preservation tests for cache 2025-12-26 17:33:25 +01:00
Kharec 77886ddef5 fix: preserve security headers on cache hits 2025-12-26 17:33:12 +01:00
Kharec fc23cbd6fd test: verify CSRF rejects requests with only cookie token 2025-12-26 17:28:58 +01:00
Kharec 0802b9dd9d fix: GetCSRFToken() shouldn't fall back to the cookie 2025-12-26 17:28:10 +01:00
Kharec b83f8c2228 fix: update ValidationMiddleware to return a JSON error response when JSON decoding fails 2025-11-23 21:42:27 +01:00
Kharec 458e25cf79 fix: modify compression middleware to pass through redirects immediately without buffering 2025-11-23 14:48:59 +01:00
Kharec e2e5d42035 feat: add SetValidatedDTOInContext to support test helper functions 2025-11-23 14:22:59 +01:00
Kharec 71a031342b To gitea and beyond, let's go(-yco) 2025-11-10 19:12:09 +01:00