root
/
threadr.lostcave.ddnss.de
3
1
Fork 2
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity
1,221 Commits
3 Branches
0 Tags
16 MiB
Commit Graph

9 Commits (f4bc5c925cdfc0f9dc96062558eb866e635df6b4)

Author SHA1 Message Date
Joca f4bc5c925c
Remove CSRF, add password change, admin user management 
Stripped all CSRF token generation, injection, and validation since it
breaks behind Apache reverse proxy. Removed handlers/csrf.go, stripped
CSRFToken from PageData, removed validateCSRFToken from all POST handlers,
and cleaned up hidden inputs and JS CSRF references.

Added self-service password change at /password/ with current-password
verification and bcrypt update. New Password link in navbar.

Extended admin panel with user management: lists all users with join dates
and allows admins to delete other users (self-deletion blocked). Added
GetAllUsers() and DeleteUser() to models.

Co-authored-by: CommandCodeBot <noreply@commandcode.ai>
 2026-05-09 20:02:41 -03:00
Joca a5a2e7063a
Add admin-controlled signup toggle and hide signup links. 2026-04-19 14:03:24 -03:00
Joca 48363ccef9
Add CSRF checks to signup. 2026-03-06 14:51:14 -03:00
Joca 6e6eba2ca1
Fix accept cookie button and reestyle the reply button 2026-02-23 20:38:03 -03:00
Joca 69a62f0ad5
Handlers: Add password confirmation validation to signup 
- Server-side validation for password confirmation field
- Display error message if passwords don't match
- Complements client-side validation added in previous commit
 2026-01-15 22:39:58 -03:00
Joca 6b6ca1d85d Fix cookie banner 2025-06-15 02:41:19 +02:00
Joca de1f442082 Refactor signup and login handlers, add auto table creation 2025-06-15 02:40:40 +02:00
Joca 484f435ff2 Fix up user register 2025-06-15 02:39:35 +02:00
Joca eee9540bdc Initial Commit 2025-06-15 02:37:02 +02:00