summaryrefslogtreecommitdiff
path: root/app/controllers
AgeCommit message (Collapse)Author
2025-04-30fix: the CSRF cookie needs to have a same site lax modemo khan
2025-04-29Use secure and http flag on cookies everywheremo khan
> A cookie with the Secure attribute is only sent to the server with > an encrypted request over the HTTPS protocol. It's never sent with > unsecured HTTP (except on localhost), which means man-in-the-middle > attackers can't access it easily. Insecure sites (with http: in the > URL) can't set cookies with the Secure attribute. However, don't > assume that Secure prevents all access to sensitive information in > cookies. For example, someone with access to the client's hard disk > (or JavaScript if the HttpOnly attribute isn't set) can read and > modify the information. https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies#block_access_to_your_cookies
2025-04-28feat: add a temporary endpoint to restore sparklesmo khan
2025-04-28test: add unit tests for the servicemo khan
2025-04-28feat: validate the csrf tokenmo khan
2025-04-28feat: redirect to login page when session is establishedmo khan
2025-04-28refactor: remove struct fields that were moved to service typemo khan
2025-04-28refactor: move token exchange into service classmo khan
2025-04-28refactor: extract a session service classmo khan
2025-04-28feat: generate a nonce to validate the OAuth callbackmo khan
2025-04-28feat: add logout endpointmo khan
2025-04-28refactor: remove unused template and actionmo khan
2025-04-28feat: use htmx to render partialsmo khan
2025-04-28fix: render 404 when not logged inmo khan
2025-04-25refactor: move key pacakge to cfgmo khan
2025-04-25feat: print error to describe token exchange issuemo khan
2025-04-25refactor: move db and mountable to appmo khan
2025-04-25refactor: move domain package into appmo khan
2025-04-25refactor: move Repository interface to domainmo khan
2025-04-25feat: record the author of the new sparklemo khan
2025-04-25docs: describe the session cookiemo khan
2025-04-24feat: connect require user middleware to dashboard controllermo khan
2025-04-22refactor: convert id token to user in mappermo khan
2025-04-22feat: add tiny vue.js app to list and add new sparklesmo khan
2025-04-21refactor: extract views package to render html templatesmo khan
2025-04-21refactor: convert Repository to Repository[T Entity]mo khan
2025-04-21refactor: rename middlewaremo khan
2025-04-21refactor: extract oidc.RawIDToken typemo khan
2025-04-17refactor: move html template to a separate filemo khan
2025-04-17refactor: introduce api to parse id token from multiple locationsmo khan
2025-04-17refactor: remove Key suffix from context keysmo khan
2025-04-17refactor: move context keys to key packagemo khan
2025-04-17chore: write error to logmo khan
2025-04-17test: validate the stored tokens in the session cookiemo khan
2025-04-17test: extract test helper to convert and verify raw id tokenmo khan
2025-04-17chore: write error to logmo khan
2025-04-17test: extract method to generate a valid authorization code grantmo khan
2025-04-17test: remove the test oidc servermo khan
2025-04-16refactor: verify the id token on every requestmo khan
2025-04-16feat: render a blank html page for the dashboardmo khan
2025-04-16feat: render an html page when a user is logged inmo khan
2025-04-15feat: connect a blank dashboard controllermo khan
2025-04-15feat: create session cookie tied to access tokenmo khan
2025-04-15feat: store tokens in sessio cookiemo khan
2025-04-15feat: store tokens in a session cookiemo khan
2025-04-14feat: exchange an authorization code grant for an access and id tokenmo khan
2025-04-14test: add placeholder for missing testsmo khan
2025-04-14refactor: do not explicitly set the 301 status codemo khan
2025-04-14feat: connect the sessions controller to oidc providermo khan
2025-04-14fix: add audience parametermo khan
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 03:10:53 +0000