mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-05-10 20:25:41 +00:00
35b51c3a77
Security Improvements: - Add comprehensive CSRF protection for state-changing operations - Implement rate limiting (500 req/min general, 10/min for auth) - Add account lockout after 5 failed login attempts - Secure session management with HttpOnly cookies - Add security headers (CSP, X-Frame-Options, etc.) - Implement audit logging for security events - Session invalidation on password change API Token UX Improvements: - Always show API token to authenticated users (no longer hide after generation) - Add ability to view existing token anytime from Settings - Fix clipboard copy with HTTP fallback Authentication Flow Fixes: - Fix WebSocket initialization to occur after auth check - Fix CSRF validation to handle server restarts gracefully - Adjust rate limiting to exclude high-frequency endpoints - Fix authentication check to use session cookies properly Documentation Updates: - Document all security features comprehensively - Update API documentation with CSRF usage examples - Add security feature details to README
24 lines
591 B
Modula-2
24 lines
591 B
Modula-2
module github.com/rcourtman/pulse-go-rewrite
|
|
|
|
go 1.23.0
|
|
|
|
toolchain go1.23.4
|
|
|
|
require (
|
|
github.com/gorilla/websocket v1.5.3
|
|
github.com/joho/godotenv v1.5.1
|
|
github.com/rs/zerolog v1.34.0
|
|
github.com/spf13/cobra v1.9.1
|
|
golang.org/x/crypto v0.41.0
|
|
golang.org/x/term v0.34.0
|
|
gopkg.in/yaml.v3 v3.0.1
|
|
)
|
|
|
|
require (
|
|
github.com/inconshreveable/mousetrap v1.1.0 // indirect
|
|
github.com/mattn/go-colorable v0.1.14 // indirect
|
|
github.com/mattn/go-isatty v0.0.20 // indirect
|
|
github.com/spf13/pflag v1.0.7 // indirect
|
|
golang.org/x/sys v0.35.0 // indirect
|
|
golang.org/x/time v0.12.0 // indirect
|
|
)
|