YetAnotherToDoList/server
2024-02-02 21:23:32 +01:00
..
auth add doc for auth-flow, server security & conf file 2023-11-17 15:29:44 +01:00
handleDevTools.go add chi-router, auth middleware & user roles. 2023-11-05 17:42:14 +01:00
handleDevTools.mock.go add chi-router, auth middleware & user roles. 2023-11-05 17:42:14 +01:00
handleFrontend.go add chi-router, auth middleware & user roles. 2023-11-05 17:42:14 +01:00
handleFrontend.mock.go add chi-router, auth middleware & user roles. 2023-11-05 17:42:14 +01:00
main.go add hasPrivilege & asUser directive, fix nil dereference in UpdateUser, add & rephrase error messages 2024-02-02 21:23:32 +01:00
README.md add doc for auth-flow, server security & conf file 2023-11-17 15:29:44 +01:00

Server

SSL/TLS

You can generate a self-signed certificate for testing like this:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout keyFile.key -out certFile.crt

Or obtain a signed certificate from let's encrypt.

CSRF

CSRF should not be possible because we check for the Authorization http header (instead of cookies) when accessing protected recourses.

Because of this, CRIME/BREACH http attacks should also be not possible.

XSS

We rely on Vue.js's ability to escape user-input in templates.