me/gin-gonic-prepack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
36 Commits 1 Branch 0 Tags
acd23c2f45a89ea718ba5a7cb979214060224dc4
Commit Graph

20 Commits

Author SHA1 Message Date
🐙PiperYxzzy
2ada2b5936 Rate limits should be per-method, not per-resource string. 2022-10-12 22:43:05 +02:00
🐙PiperYxzzy
2922793427 Updating Config to a more protected access paradigm 2022-08-14 13:37:15 +02:00
🐙PiperYxzzy
9cc37b0d0d Upgrades to Config 
* Added config file and config tests
* Configs per stack can be set up depending on their config/STACK folder
and tested appropriately to add config redundancy
 2022-08-14 13:24:59 +02:00
🐙PiperYxzzy
b198814aa7 Updating logs from fmt to package log 2022-08-06 23:35:42 +02:00
🐙PiperYxzzy
cb40ac8cd1 Reduce time taken by rate limit tests from a 1sec bucket to a 10ms bucket granularity 2022-08-06 20:10:04 +02:00
🐙PiperYxzzy
74538d6f23 Assorted small changes: name fix, adding comments, cookie domain fix 2022-08-06 19:59:08 +02:00
🐙PiperYxzzy
1dc0e18773 Upgrades to rate limiting 
* Added extensive behaviour tests
* Added regex capabilities
 2022-08-05 16:51:19 +02:00
🐙PiperYxzzy
10a28f4e89 Swagger tweak, removing manually built postman build 2022-05-29 19:32:00 +02:00
🐙PiperYxzzy
403cc51e12 Tweaking ping titles and body constructs 2022-05-05 23:25:15 +02:00
🐙PiperYxzzy
99402ebdf0 Adding swagger annotations to core 2022-05-05 23:11:24 +02:00
🐙PiperYxzzy
65c9309f43 Simple rate-limiting added 2022-05-04 20:36:35 +02:00
🐙PiperYxzzy
c190ac9c0d Admin create & login working 2022-05-03 19:09:38 +02:00
🐙PiperYxzzy
66c35e7e4a Adding admin creation, conf and other items 
* Config now added, accessible via config.Config
* Admin can now be generated via a randomized URL if there are no admins
in the system
* Added a shared floor to login attempts to block enumeration attacks
 2022-05-03 18:52:01 +02:00
🐙PiperYxzzy
3c1970698b Adding documentation 2022-05-01 22:57:21 +02:00
🐙PiperYxzzy
dbdd4cb650 Adding Live 2fa capacity 
* Some requests may be sensitive enough to require a secondary
two-factor authorization on the spot
* Examples: changing password, changing email address, viewing API
tokens etc
* This creates a core handler that can attach to any Auth-able method
which will require a "twofactorcode" query param before processing
 2022-05-01 22:34:07 +02:00
🐙PiperYxzzy
6e7b30be0a Added test suites for all current models 2022-05-01 20:49:03 +02:00
🐙PiperYxzzy
6c567cd58c Verify and password reset 
* Users can now request a password reset and reset with their token
 2022-05-01 19:20:47 +02:00
🐙PiperYxzzy
5903d52755 Restrict the cookie to the /adm and /sec paths appropriately 2022-05-01 13:37:01 +02:00
🐙PiperYxzzy
0af09dcc01 Fix signup risk of enumeration to test emails 
* Now, if a known email is used, it will still return the same result
* If a known email is used, we will ping the email address to know that
there was a signup attempt
 2022-05-01 13:25:09 +02:00
🐙PiperYxzzy
8ab45e2401 Login, JWT and auth overstructure 
* Signup -> Login -> JWT-Doot flow now works for users
* Administrators cannot currently sign up for obvious reasons
* Segmented the main.go methods into a core controller package
 2022-05-01 12:31:41 +02:00