Kharec/goyco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
366 Commits 1 Branch 0 Tags
f7d43def1c221cbaec328f6bde4b7d9c689b7614
Commit Graph

233 Commits

Author SHA1 Message Date
Kharec 194884293f test(e2e): align security header checks with CSP-only XSS defense 2026-05-06 20:13:56 +02:00
Kharec 0fbb6f4a88 test(integration): drop deprecated X-XSS-Protection expectation 2026-05-06 20:13:56 +02:00
Kharec b3f6f5b15e test(handlers): RequireAuth distinguishes missing context from user id zero 2026-05-06 20:13:56 +02:00
Kharec 2ede636bd6 test(server): Swagger hidden in production unless SWAGGER_ENABLED 2026-05-06 20:13:56 +02:00
Kharec 7c525e71cb test(middleware): encoded SQL query triggers suspicious activity log 2026-05-06 20:13:56 +02:00
Kharec 620798577e test(middleware): cache LRU, SHA-256 keys, prefix invalidation 2026-05-06 20:13:56 +02:00
Kharec b41d3bb20c fix(server): gate Swagger by env and pass cache invalidation prefixes 2026-05-06 20:13:56 +02:00
Kharec abaf46e624 test(middleware): CSP config and removed XSS auditor header 2026-05-06 20:13:56 +02:00
Kharec 61875201f9 fix(middleware): configurable Swagger CSP, log CSP nonce errors, drop X-XSS-Protection 2026-05-06 20:13:56 +02:00
Kharec d668567dc5 test(middleware): GetUserIDFromContext returns nil or pointer 2026-05-06 20:13:56 +02:00
Kharec 102f1d8400 fix(middleware): decode URL before suspicious SQL/XSS probes 2026-05-06 20:13:56 +02:00
Kharec 98985db537 fix(middleware): rate-limit key uses optional user ID pointer 2026-05-06 20:13:56 +02:00
Kharec be64e7c8d2 fix(middleware): SHA-256 keys, LRU cache, and prefix-scoped invalidation 2026-05-06 20:13:56 +02:00
Kharec 1aa256c6a8 fix(handlers): RequireAuth and VoteContext use optional user ID pointer 2026-05-06 20:07:47 +02:00
Kharec dccf85e038 fix(middleware): return *uint from GetUserIDFromContext for nil when unauthenticated 2026-05-06 20:07:41 +02:00
Kharec 4e188eb8d5 test(middleware): expect CSRF cookie readable by script for header submit 2026-05-06 20:07:35 +02:00
Kharec 2adf72c138 fix(middleware): set CSRF cookie HttpOnly false for double-submit from JS 2026-05-06 20:07:00 +02:00
Kharec add60ad3c2 test(middleware): CORS wildcard+credentials panic and trimmed env origins 2026-05-06 20:06:55 +02:00
Kharec 89131331a6 fix(middleware): validate CORS origins and reject wildcard with credentials 2026-05-06 20:06:53 +02:00
Kharec 0baf7053fc test(middleware): lock rapid-request tracker reset in TestIsRapidRequest 2026-05-06 16:47:46 +02:00
Kharec 5d145613d2 fix(middleware): add mutex for rapid-request counter 2026-05-06 16:47:35 +02:00
Kharec 12db6409ce test: cover CSRF skip behavior for Bearer vs cookie auth 2026-04-23 13:34:51 +02:00
Kharec 5fc208c9da fix: only skip CSRF for /api/ routes with Bearer tokens 2026-04-23 13:34:43 +02:00
Kharec ab17ff8b79 test: verify DecompressionMiddleware enforces size limit 2026-04-23 13:26:15 +02:00
Kharec 8990f5afb7 fix: cap decompressed request body side to prevent DoS 2026-04-23 13:26:03 +02:00
Kharec d6321e775a test(integration): update DB monitoring health assertion to match nested services payload 2026-03-06 15:37:53 +01:00
Kharec de9b544afb refactor(cors): deduplicate origin validation and header logic without behavior change 2026-03-06 15:37:44 +01:00
Kharec c31eb2f3df test(e2e): make middleware tests assertion-driven and deterministic 2026-02-23 07:11:22 +01:00
Kharec de08878de7 test(e2e): add middleware-enabled test context and server config toggles 2026-02-23 07:11:17 +01:00
Kharec f0e8da51d0 feat(server): allow cacheable paths to be configured in router 2026-02-23 07:11:14 +01:00
Kharec 85882bae14 refactor: go fix ftw 2026-02-19 17:37:42 +01:00
Kharec 9185ffa6b5 test(server): mock title fetcher in router tests to remove network dependency 2026-02-19 17:37:31 +01:00
Kharec 986b4e9388 refactor: modernize code using go fix 2026-02-19 17:31:06 +01:00
Kharec 31ef30c941 test(health): expect unhealthy for SMTP connection failures 2026-02-16 08:43:46 +01:00
Kharec d4a89325e0 fix(health): mark SMTP connection/bootstrap failures as unhealthy 2026-02-16 08:43:33 +01:00
Kharec 4eb0a6360f test(health): cover SMTP unhealthy aggregation behavior 2026-02-16 08:43:14 +01:00
Kharec 040b9148de fix(health): treat SMTP unhealthy as degraded at app level 2026-02-16 08:43:01 +01:00
Kharec 9e81ddfdfa fix: don't reinvent the wheel 2026-02-15 12:05:25 +01:00
Kharec b3b7c1d527 test: health check now supports smtp so we test it 2026-02-15 12:04:06 +01:00
Kharec 4c1caa44dd refactor: smtp tests 2026-02-15 12:03:55 +01:00
Kharec 70bfb54acf refactor: use new health package 2026-02-15 11:56:19 +01:00
Kharec a3ed6685de feat: design a separate package for health check 2026-02-15 11:56:12 +01:00
Kharec 4d2018b20a test(e2e): split auth tests, remove sleep/retry skips, and dedupe security coverage 2026-02-10 17:19:00 +01:00
Kharec 65109a787c feat: use GetVersion() 2026-01-26 22:17:14 +01:00
Kharec 75f1406edf feat: use a getter 2026-01-26 22:17:02 +01:00
Kharec 11dc9b507f feat: bump version to 0.1.1 2026-01-19 21:07:39 +01:00
Kharec e6a44d830e fix: avoid repeated string concatenation 2026-01-14 17:05:20 +01:00
Kharec 5413737491 test: match validation error casing with json tags 2026-01-12 22:49:40 +01:00
Kharec 5f605e45c7 test: align title validation errors with json tags 2026-01-12 22:49:30 +01:00
Kharec e5779183ff test: cover json tag display and whitespace required case 2026-01-12 22:49:17 +01:00