Kharec/goyco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • f7d43def1c chore: ignore SECURITY_AUDIT.md and stop tracking it main Kharec 2026-05-06 20:14:33 +02:00
  • d891b33b57 docs(SECURITY_AUDIT): mark Phase 2–4 remediation complete Kharec 2026-05-06 20:13:56 +02:00
  • 60daeddbe4 docs: proxy HSTS trust, middleware order, and Swagger gating Kharec 2026-05-06 20:13:56 +02:00
  • 537a7e3759 docs(.env.example): document SWAGGER_ENABLED for production Swagger Kharec 2026-05-06 20:13:56 +02:00
  • 194884293f test(e2e): align security header checks with CSP-only XSS defense Kharec 2026-05-06 20:13:56 +02:00
  • 0fbb6f4a88 test(integration): drop deprecated X-XSS-Protection expectation Kharec 2026-05-06 20:13:56 +02:00
  • b3f6f5b15e test(handlers): RequireAuth distinguishes missing context from user id zero Kharec 2026-05-06 20:13:56 +02:00
  • 2ede636bd6 test(server): Swagger hidden in production unless SWAGGER_ENABLED Kharec 2026-05-06 20:13:56 +02:00
  • 7c525e71cb test(middleware): encoded SQL query triggers suspicious activity log Kharec 2026-05-06 20:13:56 +02:00
  • 620798577e test(middleware): cache LRU, SHA-256 keys, prefix invalidation Kharec 2026-05-06 20:13:56 +02:00
  • b41d3bb20c fix(server): gate Swagger by env and pass cache invalidation prefixes Kharec 2026-05-06 20:13:56 +02:00
  • abaf46e624 test(middleware): CSP config and removed XSS auditor header Kharec 2026-05-06 20:13:56 +02:00
  • 61875201f9 fix(middleware): configurable Swagger CSP, log CSP nonce errors, drop X-XSS-Protection Kharec 2026-05-06 20:13:56 +02:00
  • d668567dc5 test(middleware): GetUserIDFromContext returns nil or pointer Kharec 2026-05-06 20:13:56 +02:00
  • 102f1d8400 fix(middleware): decode URL before suspicious SQL/XSS probes Kharec 2026-05-06 20:13:56 +02:00
  • 98985db537 fix(middleware): rate-limit key uses optional user ID pointer Kharec 2026-05-06 20:13:56 +02:00
  • be64e7c8d2 fix(middleware): SHA-256 keys, LRU cache, and prefix-scoped invalidation Kharec 2026-05-06 20:13:56 +02:00
  • 1aa256c6a8 fix(handlers): RequireAuth and VoteContext use optional user ID pointer Kharec 2026-05-06 20:07:47 +02:00
  • dccf85e038 fix(middleware): return *uint from GetUserIDFromContext for nil when unauthenticated Kharec 2026-05-06 20:07:41 +02:00
  • 4e188eb8d5 test(middleware): expect CSRF cookie readable by script for header submit Kharec 2026-05-06 20:07:35 +02:00
  • 2adf72c138 fix(middleware): set CSRF cookie HttpOnly false for double-submit from JS Kharec 2026-05-06 20:07:00 +02:00
  • add60ad3c2 test(middleware): CORS wildcard+credentials panic and trimmed env origins Kharec 2026-05-06 20:06:55 +02:00
  • 89131331a6 fix(middleware): validate CORS origins and reject wildcard with credentials Kharec 2026-05-06 20:06:53 +02:00
  • 0baf7053fc test(middleware): lock rapid-request tracker reset in TestIsRapidRequest Kharec 2026-05-06 16:47:46 +02:00
  • 5d145613d2 fix(middleware): add mutex for rapid-request counter Kharec 2026-05-06 16:47:35 +02:00
  • 12db6409ce test: cover CSRF skip behavior for Bearer vs cookie auth Kharec 2026-04-23 13:34:51 +02:00
  • 5fc208c9da fix: only skip CSRF for /api/ routes with Bearer tokens Kharec 2026-04-23 13:34:43 +02:00
  • ab17ff8b79 test: verify DecompressionMiddleware enforces size limit Kharec 2026-04-23 13:26:15 +02:00
  • 8990f5afb7 fix: cap decompressed request body side to prevent DoS Kharec 2026-04-23 13:26:03 +02:00
  • 8f255a4fe6 docs: update roadmap Kharec 2026-04-02 18:29:48 +02:00
  • d56ee03cdb fix: typo Kharec 2026-03-30 21:39:05 +02:00
  • e58ba1b8d1 chore: add title Kharec 2026-03-18 18:07:15 +01:00
  • 4ffc601723 fix: avoid mangle backslash Kharec 2026-03-11 07:22:51 +01:00
  • d6321e775a test(integration): update DB monitoring health assertion to match nested services payload Kharec 2026-03-06 15:37:53 +01:00
  • de9b544afb refactor(cors): deduplicate origin validation and header logic without behavior change Kharec 2026-03-06 15:37:44 +01:00
  • 19291b7f61 feat: update swagger Kharec 2026-03-05 11:39:24 +01:00
  • c31eb2f3df test(e2e): make middleware tests assertion-driven and deterministic Kharec 2026-02-23 07:11:22 +01:00
  • de08878de7 test(e2e): add middleware-enabled test context and server config toggles Kharec 2026-02-23 07:11:17 +01:00
  • f0e8da51d0 feat(server): allow cacheable paths to be configured in router Kharec 2026-02-23 07:11:14 +01:00
  • 85882bae14 refactor: go fix ftw Kharec 2026-02-19 17:37:42 +01:00
  • 9185ffa6b5 test(server): mock title fetcher in router tests to remove network dependency Kharec 2026-02-19 17:37:31 +01:00
  • 986b4e9388 refactor: modernize code using go fix Kharec 2026-02-19 17:31:06 +01:00
  • ac6e1ba80b refactor: modern code using go fix Kharec 2026-02-19 17:30:12 +01:00
  • 14da02bc3f refactor: use go fix Kharec 2026-02-19 17:29:44 +01:00
  • 31ef30c941 test(health): expect unhealthy for SMTP connection failures Kharec 2026-02-16 08:43:46 +01:00
  • d4a89325e0 fix(health): mark SMTP connection/bootstrap failures as unhealthy Kharec 2026-02-16 08:43:33 +01:00
  • 4eb0a6360f test(health): cover SMTP unhealthy aggregation behavior Kharec 2026-02-16 08:43:14 +01:00
  • 040b9148de fix(health): treat SMTP unhealthy as degraded at app level Kharec 2026-02-16 08:43:01 +01:00
  • 6e0dfabcff feat: health check now return json, definitely Kharec 2026-02-16 08:33:51 +01:00
  • 9e81ddfdfa fix: don't reinvent the wheel Kharec 2026-02-15 12:05:25 +01:00
  • b3b7c1d527 test: health check now supports smtp so we test it Kharec 2026-02-15 12:04:06 +01:00
  • 4c1caa44dd refactor: smtp tests Kharec 2026-02-15 12:03:55 +01:00
  • 52c964abd2 docs: update readme Kharec 2026-02-15 12:00:33 +01:00
  • a854138eac feat: design a health subcommand Kharec 2026-02-15 11:59:16 +01:00
  • 70bfb54acf refactor: use new health package Kharec 2026-02-15 11:56:19 +01:00
  • a3ed6685de feat: design a separate package for health check Kharec 2026-02-15 11:56:12 +01:00
  • 8f30fe7412 docs: update readme Kharec 2026-02-14 12:32:29 +01:00
  • 1a051b594c fix: customize upvote ratio Kharec 2026-02-14 12:32:18 +01:00
  • 9718bcc79b docs: update readme Kharec 2026-02-13 07:48:53 +01:00
  • b1146b241c feat: upgrade to go 1.26 Kharec 2026-02-13 07:48:50 +01:00
  • 034bd8669e test: cover lock after seeding behavior Kharec 2026-02-10 17:37:38 +01:00
  • dc8a25d3b4 feat: lock seed user after seeding Kharec 2026-02-10 17:37:22 +01:00
  • 4d2018b20a test(e2e): split auth tests, remove sleep/retry skips, and dedupe security coverage Kharec 2026-02-10 17:19:00 +01:00
  • 65109a787c feat: use GetVersion() Kharec 2026-01-26 22:17:14 +01:00
  • 75f1406edf feat: use a getter Kharec 2026-01-26 22:17:02 +01:00
  • 11dc9b507f feat: bump version to 0.1.1 Kharec 2026-01-19 21:07:39 +01:00
  • da616438e9 chore: update version in swagger Kharec 2026-01-19 21:07:30 +01:00
  • 7486865343 lint: remove duplicate string literals in seed tests Kharec 2026-01-19 16:43:51 +01:00
  • fd0fd8954a fix: close captureOutput pipe before read Kharec 2026-01-19 16:37:22 +01:00
  • 628db14f59 fix: avoid Update deadlock by unlocking before display Kharec 2026-01-19 16:37:15 +01:00
  • 7be196e4c3 test: move seed RNG to tests and add help/error cases Kharec 2026-01-19 16:37:01 +01:00
  • 2f4bd45efb feat: make seed transactional and sequential with helpers Kharec 2026-01-19 16:36:51 +01:00
  • 1b53c2b66b clean: get rid of parallel processor Kharec 2026-01-19 16:36:40 +01:00
  • 509e68f538 docs: review roadmap Kharec 2026-01-16 11:23:27 +01:00
  • e6a44d830e fix: avoid repeated string concatenation Kharec 2026-01-14 17:05:20 +01:00
  • fe396b7537 feat: scope help printer to root command run Kharec 2026-01-14 13:00:03 +01:00
  • 6eb04aa3c5 refactor: adapt test name Kharec 2026-01-14 12:59:14 +01:00
  • 517d4482c9 test: fuzz urfave command path Kharec 2026-01-13 07:58:08 +01:00
  • b6e2bf942a tests: drive cli via urfave root command Kharec 2026-01-13 07:57:48 +01:00
  • 9f1058ba81 tests: assert server fields and use urfave cli Kharec 2026-01-13 07:57:37 +01:00
  • 2bdbb29ae6 refactor: remove legacy dispatch Kharec 2026-01-13 07:57:26 +01:00
  • 9d243a0ed1 docs: mark cli migration as complete Kharec 2026-01-13 07:46:38 +01:00
  • 9c74828b8d tests: fuzz urfave command parsing Kharec 2026-01-13 07:46:30 +01:00
  • 9e78477eb5 tests: update cli help/json checks Kharec 2026-01-13 07:46:23 +01:00
  • a74980caa1 deps: add urfave/cli v3 checksums Kharec 2026-01-13 07:46:05 +01:00
  • 816f08a20a deps: add urfave/cli v3 Kharec 2026-01-13 07:45:53 +01:00
  • 0cec152486 feat: migrate cli to urfave/cli v3 Kharec 2026-01-13 07:44:38 +01:00
  • 5413737491 test: match validation error casing with json tags Kharec 2026-01-12 22:49:40 +01:00
  • 5f605e45c7 test: align title validation errors with json tags Kharec 2026-01-12 22:49:30 +01:00
  • e5779183ff test: cover json tag display and whitespace required case Kharec 2026-01-12 22:49:17 +01:00
  • 4814b64c2c refactor: improve validation messages and string handling Kharec 2026-01-12 22:49:08 +01:00
  • 45cad505d6 fix: break import cycle by inlining fuzz helpers Kharec 2026-01-12 22:40:12 +01:00
  • 7f52347854 fix: enable foreign keys before AutoMigrate in fuzz DB Kharec 2026-01-12 22:37:54 +01:00
  • 542913cbef fix: enable foreign key enforcement in fuzz DB Kharec 2026-01-12 22:36:46 +01:00
  • 2f964b0c79 fix: prevent schema drift in fuzz tests with AutoMigrate Kharec 2026-01-12 22:35:56 +01:00
  • 250ff79eeb test: update TestGetFuzzDB to expect new DB instances per call Kharec 2026-01-12 22:34:44 +01:00
  • 4dfe260953 fix: remove global sync.Once to prevent DB state leakage in fuzz tests Kharec 2026-01-12 22:34:36 +01:00
  • 49e6bb1e9d test: simplify pagination test loops Kharec 2026-01-12 12:26:26 +01:00
  • 5b0c6018c0 test: cover pagination Kharec 2026-01-12 12:24:50 +01:00
  • 3303d13f15 refactor: move TestApplyPagination to its own file Kharec 2026-01-12 12:24:42 +01:00