alexei.dolgolyov/tiny-forge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
04c1411f5d047a65ec13f5f34f0129b2060122e2
tiny-forge/internal/auth
T
History
alexei.dolgolyov 98ee2bcd9a feat: auth system hardening with token revocation, password management, and error sanitization 
- Add token revocation with in-memory blacklist and periodic cleanup (SEC-M1)
- Add POST /api/auth/logout endpoint
- Fix OIDC auth_token cookie to HttpOnly with exchange endpoint (SEC-H3)
- Add password complexity validation (min 8 chars) (SEC-M2)
- Prevent admin self-deletion (SEC-M3)
- Add PUT /api/auth/users/{uid} for role/email updates (FUNC-M1)
- Add PUT /api/auth/users/{uid}/password for password changes (FUNC-H1)
- Sanitize error messages in auth handlers (SEC-M4)
2026-04-04 12:43:45 +03:00
..
local.go
feat: auth system hardening with token revocation, password management, and error sanitization
2026-04-04 12:43:45 +03:00
middleware.go
feat: auth system hardening with token revocation, password management, and error sanitization
2026-04-04 12:43:45 +03:00
models.go
fix: comprehensive security, performance, and quality hardening
2026-03-29 12:49:24 +03:00
oidc.go
feat(docker-watcher): phase 12 - hardening
2026-03-27 23:20:56 +03:00