threadr.lostcave.ddnss.de

Commit Graph

Author	SHA1	Message	Date
Joca	9138dfe650	Remove CSRF, add password change, admin user management Stripped all CSRF token generation, injection, and validation since it breaks behind Apache reverse proxy. Removed handlers/csrf.go, stripped CSRFToken from PageData, removed validateCSRFToken from all POST handlers, and cleaned up hidden inputs and JS CSRF references. Added self-service password change at /password/ with current-password verification and bcrypt update. New Password link in navbar. Extended admin panel with user management: lists all users with join dates and allows admins to delete other users (self-deletion blocked). Added GetAllUsers() and DeleteUser() to models.	2026-05-13 18:01:03 -03:00
Joca	7a5b0f8ca5	Add CSRF checks to chat.	2026-03-06 14:53:40 -03:00
Joca	5553a8af01	move inline css and js into proper files	2026-02-20 13:16:31 -03:00

Author

SHA1

Message

Date

Joca

9138dfe650

Remove CSRF, add password change, admin user management

Stripped all CSRF token generation, injection, and validation since it
breaks behind Apache reverse proxy. Removed handlers/csrf.go, stripped
CSRFToken from PageData, removed validateCSRFToken from all POST handlers,
and cleaned up hidden inputs and JS CSRF references.

Added self-service password change at /password/ with current-password
verification and bcrypt update. New Password link in navbar.

Extended admin panel with user management: lists all users with join dates
and allows admins to delete other users (self-deletion blocked). Added
GetAllUsers() and DeleteUser() to models.

2026-05-13 18:01:03 -03:00

Joca

7a5b0f8ca5

Add CSRF checks to chat.

2026-03-06 14:53:40 -03:00

Joca

5553a8af01

move inline css and js into proper files

2026-02-20 13:16:31 -03:00

3 Commits (9138dfe65011c402a40452ea4fab7eca457918fd)