| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2025-05-11 | refactor: use same cookie names as envoy plugin | mo khan | |
| 2025-05-11 | feat: read HMAC_SESSION_SECRET env variable | mo khan | |
| 2025-05-09 | refactor: delegate to WriteCookie to validate cookie | mo khan | |
| 2025-05-09 | feat: attempt to sign cookies on staging/production | mo khan | |
| 2025-05-08 | refactor: move html render to data transfer object | mo khan | |
| 2025-05-08 | feat: use a cookie prefix to lock down the session cookie | mo khan | |
| > __Host-: If a cookie name has this prefix, it's accepted in a > Set-Cookie header only if it's also marked with the Secure attribute, > was sent from a secure origin, does not include a Domain attribute, > and has the Path attribute set to /. In other words, the cookie is > domain-locked. https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies#cookie_prefixes | |||
| 2025-05-08 | chore: add link to signed cookie issue | mo khan | |
| 2025-05-08 | fix: temporarily disable signed cookies in staging/production | mo khan | |
| 2025-05-07 | feat: fallback to unsigned value | mo khan | |
| 2025-05-07 | feat: check if cookie is valid | mo khan | |
| 2025-05-07 | feat: digitally sign and verify cookie using randomly generated key | mo khan | |
| 2025-05-07 | refactor: move test server to oidc package | mo khan | |
| 2025-05-07 | refactor: extract helper to log errors consistently | mo khan | |
| 2025-05-07 | refactor: inline options variable | mo khan | |
| 2025-05-07 | refactor: move cookie to web package | mo khan | |
| 2025-05-07 | refactor: delegate to cookie package | mo khan | |
| 2025-04-30 | fix: strict same site mode breaks redirects | mo khan | |
| 2025-04-30 | fix: adjust cookie expiration calculation | mo khan | |
| 2025-04-30 | test: add test for each cookie option | mo khan | |
| 2025-04-30 | refactor: delegate to cookie.Reset to overload with options | mo khan | |
| 2025-04-30 | test: add test for resetting a cookie | mo khan | |
| 2025-04-30 | test: ensure tests work offline | mo khan | |
| 2025-04-30 | refactor: delegate to x package | mo khan | |
| 2025-04-30 | refactor: using existing helpers | mo khan | |
| 2025-04-30 | feat: extract other cookie options | mo khan | |
| 2025-04-30 | fix: prepend default option | mo khan | |
| 2025-04-30 | refactor: extract generic function to create and initialize any type | mo khan | |
| 2025-04-30 | refactor: extract Option[T] and cleaner API for creating cookies | mo khan | |
| 2025-04-30 | refactor: extract cookie options | mo khan | |
| 2025-04-30 | fix: the CSRF cookie needs to have a same site lax mode | mo khan | |
| 2025-04-30 | fix: disable secure cookies in development mode | mo khan | |
| 2025-04-29 | feat: use same site strict mode | mo khan | |
| > Strict causes the browser to only send the cookie in response to > requests originating from the cookie's origin site. This should be > used when you have cookies relating to functionality that will > always be behind an initial navigation, such as authentication or > storing shopping cart information. https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies#controlling_third-party_cookies_with_samesite | |||
| 2025-04-29 | Use secure and http flag on cookies everywhere | mo khan | |
| > A cookie with the Secure attribute is only sent to the server with > an encrypted request over the HTTPS protocol. It's never sent with > unsecured HTTP (except on localhost), which means man-in-the-middle > attackers can't access it easily. Insecure sites (with http: in the > URL) can't set cookies with the Secure attribute. However, don't > assume that Secure prevents all access to sensitive information in > cookies. For example, someone with access to the client's hard disk > (or JavaScript if the HttpOnly attribute isn't set) can read and > modify the information. https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies#block_access_to_your_cookies | |||
| 2025-04-29 | feat: ensure cookie is not accessible to js and one transmitted over tls in ↵ | mo khan | |
| production | |||
| 2025-04-28 | feat: redirect to login page when session is established | mo khan | |
| 2025-04-28 | feat: generate a nonce to validate the OAuth callback | mo khan | |
| 2025-04-28 | test: temporarily disable http and secure flags | mo khan | |
| 2025-04-28 | feat: add logout endpoint | mo khan | |
| 2025-04-28 | feat: do not allow js to access cookie | mo khan | |
| 2025-04-28 | refactor: extract method to validate id token | mo khan | |
| 2025-04-28 | refactor: move types to separate files | mo khan | |
| 2025-04-25 | refactor: move key pacakge to cfg | mo khan | |
| 2025-04-25 | refactor: move db and mountable to app | mo khan | |
| 2025-04-25 | refactor: move domain package into app | mo khan | |
| 2025-04-25 | refactor: move Repository interface to domain | mo khan | |
| 2025-04-25 | feat: display author information | mo khan | |
| 2025-04-25 | feat: record the author | mo khan | |
| 2025-04-25 | refactor: move id and entity to domain package | mo khan | |
| 2025-04-24 | feat: add middleware to require a logged in user | mo khan | |
| 2025-04-23 | docs: add an example ID Token | mo khan | |
 |
index : gitlab/sparkled.git | |
| GitLab CI/CD utilities | git |
| summaryrefslogtreecommitdiff |