cgit-pink - web frontend for git

	Commit message (Collapse)	Author	Age
*	simple-authentication.lua: tie secure cookies to field names	Jason A. Donenfeld	2015-03-05
\|
*	simple-authentication: style	Jason A. Donenfeld	2014-01-23
\| \| \| \|	Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
*	auth: document tweakables in lua script	Jason A. Donenfeld	2014-01-17
\| \| \| \|	Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
*	auth: have cgit calculate login address	Jason A. Donenfeld	2014-01-16
\| \| \| \| \| \| \|	This way we're sure to use virtual root, or any other strangeness encountered. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
*	auth: lua string comparisons are time invariant	Jason A. Donenfeld	2014-01-16
\| \| \| \| \| \|	By default, strings are compared by hash, so we can remove this comment. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
*	authentication: use hidden form instead of referer	Jason A. Donenfeld	2014-01-16
\| \| \| \| \| \| \|	This also gives us some CSRF protection. Note that we make use of the hmac to protect the redirect value. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
*	auth: add basic authentication filter framework	Jason A. Donenfeld	2014-01-16
	This leverages the new lua support. See filters/simple-authentication.lua for explaination of how this works. There is also additional documentation in cgitrc.5.txt. Though this is a cookie-based approach, cgit's caching mechanism is preserved for authenticated pages. Very plugable and extendable depending on user needs. The sample script uses an HMAC-SHA1 based cookie to store the currently logged in user, with an expiration date. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>