anders-pub/markdown-hub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security hardening

Browse Source 
- JWT: validate signing algorithm (prevent alg confusion)
- Login: rate limiting (10 attempts per 5 min per IP)
- Request body: 10MB size limit (prevent DoS)
- WebSocket: require JWT auth (token query param or cookie)
- Daemon endpoints: require admin role (not just any user)
- io.LimitReader on all request body decoding
This commit is contained in:
Anders Holck
2026-05-26 22:51:33 +02:00
parent 2de92b0375
commit 4f3113199b
5 changed files with 90 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cmd/server/main.go
+3 -1
View File
@@ -37,7 +37,9 @@ func main() {
// Collab WebSocket hub
hub := collab.NewHub(database)
mux := http.NewServeMux()
mux.Handle("/ws/collab/", http.HandlerFunc(hub.HandleWebSocket))
mux.Handle("/ws/collab/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
hub.HandleWebSocket(w, r, secret)
}))
mux.Handle("/", router)
fmt.Printf("MarkdownHub listening on :%s\n", port)