upaas

History

user 956a06beb3 All checks were successful Check / check (pull_request) Successful in 12m25s Details fix: add CSRF protection to API v1 routes (closes #112 ) Add APICSRFProtection middleware that requires X-Requested-With header on all state-changing (non-GET/HEAD/OPTIONS) API requests. This prevents CSRF attacks since browsers won't send custom headers in cross-origin simple requests (form posts, navigations). Changes: - Add APICSRFProtection() middleware in internal/middleware/middleware.go - Apply middleware to /api/v1 route group in routes.go - Add X-Requested-With to CORS allowed headers - Add unit tests for the middleware (csrf_test.go) - Add integration tests for CSRF rejection/allowance (api_test.go) - Update existing API tests to include the required header		2026-02-20 05:34:25 -08:00
..
config	fix: resolve all lint issues on main branch	2026-02-20 02:39:18 -08:00
database	fix: remove undeployed api_tokens migrations (006 + 007)	2026-02-16 00:34:02 -08:00
docker	fix: resolve all lint issues on main branch	2026-02-20 02:39:18 -08:00
globals	Initial commit with server startup infrastructure	2025-12-29 15:46:03 +07:00
handlers	fix: add CSRF protection to API v1 routes (closes #112 )	2026-02-20 05:34:25 -08:00
healthcheck	Initial commit with server startup infrastructure	2025-12-29 15:46:03 +07:00
logger	Initial commit with server startup infrastructure	2025-12-29 15:46:03 +07:00
middleware	fix: add CSRF protection to API v1 routes (closes #112 )	2026-02-20 05:34:25 -08:00
models	Revert "Merge pull request 'feat: add Gitea Actions CI for make check (closes #96 )' (#98 ) from feat/ci-make-check into main"	2026-02-19 20:36:22 -08:00
server	fix: add CSRF protection to API v1 routes (closes #112 )	2026-02-20 05:34:25 -08:00
service	fix: resolve all lint issues on main branch	2026-02-20 02:39:18 -08:00
ssh	fix: resolve all lint issues on main branch	2026-02-20 02:39:18 -08:00