threadr.lostcave.ddnss.de

History

Joca 9138dfe650 Remove CSRF, add password change, admin user management Stripped all CSRF token generation, injection, and validation since it breaks behind Apache reverse proxy. Removed handlers/csrf.go, stripped CSRFToken from PageData, removed validateCSRFToken from all POST handlers, and cleaned up hidden inputs and JS CSRF references. Added self-service password change at /password/ with current-password verification and bcrypt update. New Password link in navbar. Extended admin panel with user management: lists all users with join dates and allows admins to delete other users (self-deletion blocked). Added GetAllUsers() and DeleteUser() to models.	2026-05-13 18:01:03 -03:00
..
cookie_banner.html	Initial Commit	2025-06-15 02:37:02 +02:00
navbar.html	Remove CSRF, add password change, admin user management	2026-05-13 18:01:03 -03:00

Remove CSRF, add password change, admin user management

Stripped all CSRF token generation, injection, and validation since it
breaks behind Apache reverse proxy. Removed handlers/csrf.go, stripped
CSRFToken from PageData, removed validateCSRFToken from all POST handlers,
and cleaned up hidden inputs and JS CSRF references.

Added self-service password change at /password/ with current-password
verification and bcrypt update. New Password link in navbar.

Extended admin panel with user management: lists all users with join dates
and allows admins to delete other users (self-deletion blocked). Added
GetAllUsers() and DeleteUser() to models.

2026-05-13 18:01:03 -03:00

cookie_banner.html

Initial Commit

2025-06-15 02:37:02 +02:00

navbar.html

Remove CSRF, add password change, admin user management

2026-05-13 18:01:03 -03:00