root
/
threadr.lostcave.ddnss.de
3
1
Fork 2
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity
threadr.lostcave.ddnss.de/static
History
Joca f4bc5c925c
Remove CSRF, add password change, admin user management 
Stripped all CSRF token generation, injection, and validation since it
breaks behind Apache reverse proxy. Removed handlers/csrf.go, stripped
CSRFToken from PageData, removed validateCSRFToken from all POST handlers,
and cleaned up hidden inputs and JS CSRF references.

Added self-service password change at /password/ with current-password
verification and bcrypt update. New Password link in navbar.

Extended admin panel with user management: lists all users with join dates
and allows admins to delete other users (self-deletion blocked). Added
GetAllUsers() and DeleteUser() to models.

Co-authored-by: CommandCodeBot <noreply@commandcode.ai>
 		2026-05-09 20:02:41 -03:00
..
img Initial Commit 2025-06-15 02:37:02 +02:00
app.js split stuff so i can read better 2026-02-20 13:37:46 -03:00
chat.js Remove CSRF, add password change, admin user management 2026-05-09 20:02:41 -03:00
drafts.js split stuff so i can read better 2026-02-20 13:37:46 -03:00
forms.js split stuff so i can read better 2026-02-20 13:37:46 -03:00
likes.js Remove CSRF, add password change, admin user management 2026-05-09 20:02:41 -03:00
shortcuts.js split stuff so i can read better 2026-02-20 13:37:46 -03:00
style.css modify the classic board page heavily 2026-02-26 21:33:34 -03:00
validation.js split stuff so i can read better 2026-02-20 13:37:46 -03:00