Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | *.go, tmpl/staff.html: Allow staff to export choices | Runxi Yu | 2024-10-09 | 1 | -1/+1 |
| | | | | Implements: https://todo.sr.ht/~runxiyu/cca/3 | ||||
* | *.go: Update comments | Runxi Yu | 2024-10-09 | 1 | -7/+0 |
| | |||||
* | err.go: Create, and unify some error definitions | Runxi Yu | 2024-10-08 | 1 | -19/+13 |
| | |||||
* | *.go: Limit to approximately 80 characters per line | Runxi Yu | 2024-10-06 | 1 | -20/+77 |
| | |||||
* | *: Overhaul structure again and embed everything | Runxi Yu | 2024-10-06 | 1 | -0/+374 |
| | | | | | | | | - Remove sub-Makefiles; recursive make is annoying - Just use one top-level Makefile that builds everything - Embed templates and minified static resources into the binary - Embed all compiled documentation into the binary and serve - Embed all source into the binary and serve | ||||
* | *.go: Move to backend | Runxi Yu | 2024-10-05 | 1 | -374/+0 |
| | | | | And adjust Makefiles, admin handbook, and lint.sh accordingly. | ||||
* | auth.go: Improve display of OAuth 2.0 errors | Runxi Yu | 2024-10-04 | 1 | -4/+17 |
| | | | | Implements: https://todo.sr.ht/~runxiyu/cca/9 | ||||
* | {auth,utils,ws}.go: randomBytes -> randomString | Runxi Yu | 2024-10-02 | 1 | -2/+2 |
| | |||||
* | {auth,db,wsm}.go: Make 23505 (uniqueness violation) a constant | Runxi Yu | 2024-10-01 | 1 | -1/+1 |
| | |||||
* | {auth,ws}.go: Remove unnecessary TODOs | Runxi Yu | 2024-10-01 | 1 | -5/+0 |
| | |||||
* | auth.go: Add TODO about INSERT | Runxi Yu | 2024-10-01 | 1 | -0/+7 |
| | |||||
* | utils.go, auth.go: Rename random to randomBytes | Runxi Yu | 2024-09-30 | 1 | -2/+2 |
| | |||||
* | *: Change license to AGPL-3.0-or-later | Runxi Yu | 2024-09-30 | 1 | -21/+11 |
| | |||||
* | auth.go, config.go, cca.scfg.example: Issue expiring cookies | Runxi Yu | 2024-09-30 | 1 | -2/+7 |
| | |||||
* | {auth,index,ws}.go, schema.sql: Move session cookie into the user table | Runxi Yu | 2024-09-30 | 1 | -19/+6 |
| | | | | | | | One user shall only have one session at a time. This reduces the possibility of strange race conditions and simplifies the code a lot. References: https://todo.sr.ht/~runxiyu/cca/4 | ||||
* | auth.go: Document why we use a hybrid auth flow | Runxi Yu | 2024-09-29 | 1 | -1/+12 |
| | |||||
* | *.go: Wrap errors | Runxi Yu | 2024-09-26 | 1 | -9/+9 |
| | |||||
* | auth.go: Use contexts in getAccessToken | Runxi Yu | 2024-09-26 | 1 | -3/+8 |
| | |||||
* | {auth,index,ws}.go: Add contexts for database calls | Runxi Yu | 2024-09-26 | 1 | -6/+7 |
| | |||||
* | auth.go: Close PostForm response body | Runxi Yu | 2024-09-24 | 1 | -0/+1 |
| | |||||
* | auth.go: Fix json tag, should be access_token not accessToken | Runxi Yu | 2024-09-24 | 1 | -1/+1 |
| | |||||
* | auth.go: Fix grant_type=authorization_code | Runxi Yu | 2024-09-24 | 1 | -1/+1 |
| | | | | I accidentally changed it to authorizationCode during linting | ||||
* | *.go: Linting | Runxi Yu | 2024-09-24 | 1 | -80/+80 |
| | |||||
* | {utils,auth,index,ws}.go: Handle errors in random number generation | Runxi Yu | 2024-09-24 | 1 | -4/+11 |
| | |||||
* | auth.go: Remove unnecessary fmt.Sprintf | Runxi Yu | 2024-09-23 | 1 | -1/+1 |
| | |||||
* | auth.go, ws.go: Update comments | Runxi Yu | 2024-09-23 | 1 | -2/+5 |
| | |||||
* | auth.go: Use && instead of nested if statement | Runxi Yu | 2024-09-11 | 1 | -14/+12 |
| | |||||
* | *.go: Shorter line lengths | Runxi Yu | 2024-09-09 | 1 | -3/+9 |
| | |||||
* | *.go: Add comments | Runxi Yu | 2024-09-09 | 1 | -2/+40 |
| | |||||
* | *.go: Simplify error messages and reformat | Runxi Yu | 2024-09-08 | 1 | -30/+29 |
| | |||||
* | auth.go: Expand staff departments | Runxi Yu | 2024-09-07 | 1 | -2/+2 |
| | |||||
* | *: Call Graph API for department information | Runxi Yu | 2024-09-07 | 1 | -9/+102 |
| | | | | | | | | | | | | I am using a hybrid flow with "id_token" for OpenID Connect and "code" for an Authorization Code. I would use "token" too but that doesn't seem to be supported for standard web-apps and could result in strange session-hijacking issues. We still need PKCE sometime in the future; however it's not a priority: the worst attack someone could pull off is to use a different user's Authorization Code and steal a Department, which probably isn't too big of a deal as the Authorization Code should be secret anyways. | ||||
* | *: Basic authentication and templates | Runxi Yu | 2024-09-07 | 1 | -0/+215 |
These are imported from FBFP and slightly modified to be specific to YKPS (while not being hard to port to other environments that use APIs that use OAUTH 2.0). Some code is also simplified. Database code still needs an audit, and things are not tested yet. |