sneak/upaas
1
0
Fork 0
Code Issues 14 Pull Requests 2 Actions Packages Projects Releases Wiki Activity
956a06beb3
upaas/internal/handlers
History
user 956a06beb3
All checks were successful
Check / check (pull_request) Successful in 12m25s
Details
fix: add CSRF protection to API v1 routes (closes #112) 
Add APICSRFProtection middleware that requires X-Requested-With header
on all state-changing (non-GET/HEAD/OPTIONS) API requests. This prevents
CSRF attacks since browsers won't send custom headers in cross-origin
simple requests (form posts, navigations).

Changes:
- Add APICSRFProtection() middleware in internal/middleware/middleware.go
- Apply middleware to /api/v1 route group in routes.go
- Add X-Requested-With to CORS allowed headers
- Add unit tests for the middleware (csrf_test.go)
- Add integration tests for CSRF rejection/allowance (api_test.go)
- Update existing API tests to include the required header
2026-02-20 05:34:25 -08:00
..
api_test.go fix: add CSRF protection to API v1 routes (closes #112) 2026-02-20 05:34:25 -08:00
api.go fix: resolve lint issues in handlers and middleware 2026-02-20 03:35:44 -08:00
app_name_validation_test.go Add server-side app name validation (closes #37) 2026-02-15 22:06:08 -08:00
app_name_validation.go Add server-side app name validation (closes #37) 2026-02-15 22:06:08 -08:00
app.go fix: HandleVolumeAdd validates host and container paths (closes #107) 2026-02-20 03:33:19 -08:00
auth.go fix: buffer template execution to prevent corrupt HTML responses (closes #42) 2026-02-15 22:04:09 -08:00
dashboard.go fix: buffer template execution to prevent corrupt HTML responses (closes #42) 2026-02-15 22:04:09 -08:00
export_test.go fix: resolve lint issues in handlers and middleware 2026-02-20 03:35:44 -08:00
handlers_test.go fix: resolve lint issues in handlers and middleware 2026-02-20 03:35:44 -08:00
handlers.go fix: buffer template execution to prevent corrupt HTML responses (closes #42) 2026-02-15 22:04:09 -08:00
healthcheck.go Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
port_validation_test.go fix: resolve all golangci-lint issues 2026-02-15 21:55:24 -08:00
render_template_test.go fix: buffer template execution to prevent corrupt HTML responses (closes #42) 2026-02-15 22:04:09 -08:00
repo_url_validation_test.go fix: resolve lint issues in handlers and middleware 2026-02-20 03:35:44 -08:00
repo_url_validation.go fix: resolve lint issues in handlers and middleware 2026-02-20 03:35:44 -08:00
sanitize_test.go feat: sanitize container log output beyond Content-Type 2026-02-20 02:54:16 -08:00
sanitize.go feat: sanitize container log output beyond Content-Type 2026-02-20 02:54:16 -08:00
setup.go fix: buffer template execution to prevent corrupt HTML responses (closes #42) 2026-02-15 22:04:09 -08:00
tail_validation_test.go refactor: export SanitizeTail and DefaultLogTail directly instead of wrapping 2026-02-15 22:14:12 -08:00
volume_validation_test.go feat: edit existing env vars, labels, and volume mounts 2026-02-16 00:26:07 -08:00
webhook.go fix: limit webhook request body size to 1MB to prevent DoS (closes #1) 2026-02-08 12:02:06 -08:00