threadr.lostcave.ddnss.de

Commit Graph

Author	SHA1	Message	Date
Joca	9138dfe650	Remove CSRF, add password change, admin user management Stripped all CSRF token generation, injection, and validation since it breaks behind Apache reverse proxy. Removed handlers/csrf.go, stripped CSRFToken from PageData, removed validateCSRFToken from all POST handlers, and cleaned up hidden inputs and JS CSRF references. Added self-service password change at /password/ with current-password verification and bcrypt update. New Password link in navbar. Extended admin panel with user management: lists all users with join dates and allows admins to delete other users (self-deletion blocked). Added GetAllUsers() and DeleteUser() to models.	2026-05-13 18:01:03 -03:00
Joca	a5a2e7063a	Add admin-controlled signup toggle and hide signup links.	2026-04-19 14:03:24 -03:00

Author

SHA1

Message

Date

Joca

9138dfe650

Remove CSRF, add password change, admin user management

Stripped all CSRF token generation, injection, and validation since it
breaks behind Apache reverse proxy. Removed handlers/csrf.go, stripped
CSRFToken from PageData, removed validateCSRFToken from all POST handlers,
and cleaned up hidden inputs and JS CSRF references.

Added self-service password change at /password/ with current-password
verification and bcrypt update. New Password link in navbar.

Extended admin panel with user management: lists all users with join dates
and allows admins to delete other users (self-deletion blocked). Added
GetAllUsers() and DeleteUser() to models.

2026-05-13 18:01:03 -03:00

Joca

a5a2e7063a

Add admin-controlled signup toggle and hide signup links.

2026-04-19 14:03:24 -03:00

2 Commits (jocadbz)