olemd/favoritter
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
favoritter/internal/store
History
Ole-Morten Duesund 395b1b7523 fix: address security and quality issues from code review 
Security fixes:
- Fix XSS in Atom feed: escape user-supplied URLs in HTML content
- Wrap signup request approval in a transaction to prevent
  partial state on crash (user created but request still pending)
- Stop leaking internal error messages to admin UI
- Add request body size limit on API import endpoint
- Log SetMustResetPassword errors instead of silently discarding

Correctness fixes:
- Handle errors from API fave update/delete instead of returning
  success on failure
- Use actual data timestamp for feed <updated> instead of
  time.Now() (improves HTTP caching)
- Replace hardcoded 10000 export limit with named constant
  (maxExportFaves = 100000)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 16:19:44 +02:00
..
fave.go feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation 2026-03-29 15:55:22 +02:00
fave_test.go feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation 2026-03-29 15:55:22 +02:00
session.go feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation 2026-03-29 15:55:22 +02:00
settings.go feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation 2026-03-29 15:55:22 +02:00
signup_request.go fix: address security and quality issues from code review 2026-03-29 16:19:44 +02:00
tag.go feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation 2026-03-29 15:55:22 +02:00
tag_test.go feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation 2026-03-29 15:55:22 +02:00
user.go feat: add admin panel with user, tag, and signup management 2026-03-29 16:09:30 +02:00
user_test.go feat: implement Phase 1 (auth) and Phase 2 (faves CRUD) foundation 2026-03-29 15:55:22 +02:00