upaas

History

clawbot b1a6fd5fca fix: only trust proxy headers from RFC1918/loopback sources (closes #44 ) realIP() now parses RemoteAddr and checks if the source IP is in RFC1918 (10/8, 172.16/12, 192.168/16), loopback (127/8), or IPv6 ULA/loopback ranges before trusting X-Real-IP or X-Forwarded-For headers. Public source IPs have headers ignored (fail closed). This prevents attackers from spoofing X-Forwarded-For to bypass the login rate limiter.		2026-02-15 22:01:54 -08:00
..
config	Add deployment improvements and UI enhancements	2025-12-30 15:05:26 +07:00
database	fix: resolve all golangci-lint issues	2026-02-15 21:55:24 -08:00
docker	fix: resolve all golangci-lint issues	2026-02-15 21:55:24 -08:00
globals	Initial commit with server startup infrastructure	2025-12-29 15:46:03 +07:00
handlers	Merge pull request 'Fix all golangci-lint issues (closes #32 )' (#34 ) from clawbot/upaas:fix/lint-cleanup into main	2026-02-16 06:57:19 +01:00
healthcheck	Initial commit with server startup infrastructure	2025-12-29 15:46:03 +07:00
logger	Initial commit with server startup infrastructure	2025-12-29 15:46:03 +07:00
middleware	fix: only trust proxy headers from RFC1918/loopback sources (closes #44 )	2026-02-15 22:01:54 -08:00
models	fix: address noinlineerr lint warning	2026-02-15 21:43:00 -08:00
server	fix: add ownership verification on env var, label, volume, and port deletion	2026-02-15 21:02:46 -08:00
service	fix: resolve all golangci-lint issues	2026-02-15 21:55:24 -08:00
ssh	Initial commit with server startup infrastructure	2025-12-29 15:46:03 +07:00