mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-04-28 11:30:15 +00:00
12a5a98117
SSE Broadcaster: - Add per-client mutex to prevent concurrent writes to ResponseWriter - Fix data race in cleanupLoop reading LastActive without synchronization - Update LastActive in SendHeartbeat so clients aren't incorrectly pruned after 5 minutes of idle heartbeat traffic Alert Acknowledgements: - Extract authenticated user from X-Authenticated-User header instead of hardcoding 'admin' or trusting request body's User field - Prevents audit log spoofing and ensures accurate user attribution Security Status Endpoint: - Remove ?token= query param validation from public /api/security/status - Prevents endpoint from acting as a token validity oracle for attackers - Authentication still works via session cookies and X-API-Token header |
||
|---|---|---|
| .. | ||
| adapter_installsh.go | ||
| adapter_installsh_exec_test.go | ||
| adapter_installsh_execute_test.go | ||
| adapter_installsh_extra_test.go | ||
| adapter_installsh_helpers_test.go | ||
| adapter_installsh_more_test.go | ||
| adapter_installsh_test.go | ||
| history.go | ||
| history_test.go | ||
| manager.go | ||
| manager_additional_test.go | ||
| manager_applyupdate_test.go | ||
| manager_check_updates_test.go | ||
| manager_checksum_test.go | ||
| manager_fileops_test.go | ||
| manager_more_test.go | ||
| manager_sse_helpers_test.go | ||
| manager_test.go | ||
| mock_updater.go | ||
| mock_updater_additional_test.go | ||
| mock_updater_test.go | ||
| queue.go | ||
| queue_test.go | ||
| sse.go | ||
| sse_test.go | ||
| updater.go | ||
| updater_test.go | ||
| version.go | ||
| version_additional_test.go | ||
| version_test.go | ||