upaas

sneak/upaas

Fork 0

Commit Graph

Author	SHA1	Message	Date
clawbot	66661d1b1d	Add rate limiting to login endpoint to prevent brute force Apply per-IP rate limiting (5 attempts/minute) to POST /login using golang.org/x/time/rate. Returns 429 Too Many Requests when exceeded. Closes #12	2026-02-15 21:01:11 -08:00
clawbot	b1dc8fcc4e	Add CSRF protection to state-changing POST endpoints Add gorilla/csrf middleware to protect all HTML-serving routes against cross-site request forgery attacks. The webhook endpoint is excluded since it uses secret-based authentication. Changes: - Add gorilla/csrf v1.7.3 dependency - Add CSRF() middleware method using session secret as key - Apply CSRF middleware to all HTML route groups in routes.go - Pass CSRF token to all templates via addGlobals helper - Add {{ .CSRFField }} / {{ $.CSRFField }} hidden inputs to all forms Closes #11	2026-02-15 14:17:55 -08:00
sneak	3f9d83c436	Initial commit with server startup infrastructure Core infrastructure: - Uber fx dependency injection - Chi router with middleware stack - SQLite database with embedded migrations - Embedded templates and static assets - Structured logging with slog Features implemented: - Authentication (login, logout, session management, argon2id hashing) - App management (create, edit, delete, list) - Deployment pipeline (clone, build, deploy, health check) - Webhook processing for Gitea - Notifications (ntfy, Slack) - Environment variables, labels, volumes per app - SSH key generation for deploy keys Server startup: - Server.Run() starts HTTP server on configured port - Server.Shutdown() for graceful shutdown - SetupRoutes() wires all handlers with chi router	2025-12-29 15:46:03 +07:00

Author

SHA1

Message

Date

clawbot

66661d1b1d

Add rate limiting to login endpoint to prevent brute force

Apply per-IP rate limiting (5 attempts/minute) to POST /login using
golang.org/x/time/rate. Returns 429 Too Many Requests when exceeded.

Closes #12

2026-02-15 21:01:11 -08:00

clawbot

b1dc8fcc4e

Add CSRF protection to state-changing POST endpoints

Add gorilla/csrf middleware to protect all HTML-serving routes against
cross-site request forgery attacks. The webhook endpoint is excluded
since it uses secret-based authentication.

Changes:
- Add gorilla/csrf v1.7.3 dependency
- Add CSRF() middleware method using session secret as key
- Apply CSRF middleware to all HTML route groups in routes.go
- Pass CSRF token to all templates via addGlobals helper
- Add {{ .CSRFField }} / {{ $.CSRFField }} hidden inputs to all forms

Closes #11

2026-02-15 14:17:55 -08:00

sneak

3f9d83c436

Initial commit with server startup infrastructure

Core infrastructure:
- Uber fx dependency injection
- Chi router with middleware stack
- SQLite database with embedded migrations
- Embedded templates and static assets
- Structured logging with slog

Features implemented:
- Authentication (login, logout, session management, argon2id hashing)
- App management (create, edit, delete, list)
- Deployment pipeline (clone, build, deploy, health check)
- Webhook processing for Gitea
- Notifications (ntfy, Slack)
- Environment variables, labels, volumes per app
- SSH key generation for deploy keys

Server startup:
- Server.Run() starts HTTP server on configured port
- Server.Shutdown() for graceful shutdown
- SetupRoutes() wires all handlers with chi router

2025-12-29 15:46:03 +07:00

3 Commits