cgitsb

crtxcr/cgitsb

Çatalla 0

İşleme Grafiği

Yazar	SHA1	Mesaj	Tarih
Jason A. Donenfeld	b826537cb4	authentication: use hidden form instead of referer This also gives us some CSRF protection. Note that we make use of the hmac to protect the redirect value. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>	2014-01-16 12:13:39 +01:00
Jason A. Donenfeld	d6e9200cc3	auth: add basic authentication filter framework This leverages the new lua support. See filters/simple-authentication.lua for explaination of how this works. There is also additional documentation in cgitrc.5.txt. Though this is a cookie-based approach, cgit's caching mechanism is preserved for authenticated pages. Very plugable and extendable depending on user needs. The sample script uses an HMAC-SHA1 based cookie to store the currently logged in user, with an expiration date. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>	2014-01-16 02:28:12 +01:00

Yazar

SHA1

Mesaj

Tarih

Jason A. Donenfeld

b826537cb4

authentication: use hidden form instead of referer

This also gives us some CSRF protection. Note that we make use of the
hmac to protect the redirect value.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

2014-01-16 12:13:39 +01:00

Jason A. Donenfeld

d6e9200cc3

auth: add basic authentication filter framework

This leverages the new lua support. See
filters/simple-authentication.lua for explaination of how this works.
There is also additional documentation in cgitrc.5.txt.

Though this is a cookie-based approach, cgit's caching mechanism is
preserved for authenticated pages.

Very plugable and extendable depending on user needs.

The sample script uses an HMAC-SHA1 based cookie to store the
currently logged in user, with an expiration date.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

2014-01-16 02:28:12 +01:00

2 İşleme