about summary refs log tree commit diff
path: root/filters/simple-authentication.lua (follow)
Commit message (Collapse)AuthorAge
* auth: have cgit calculate login addressJason A. Donenfeld2014-01-16
| | | | | | | This way we're sure to use virtual root, or any other strangeness encountered. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth: lua string comparisons are time invariantJason A. Donenfeld2014-01-16
| | | | | | By default, strings are compared by hash, so we can remove this comment. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* authentication: use hidden form instead of refererJason A. Donenfeld2014-01-16
| | | | | | | This also gives us some CSRF protection. Note that we make use of the hmac to protect the redirect value. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth: add basic authentication filter frameworkJason A. Donenfeld2014-01-16
This leverages the new lua support. See filters/simple-authentication.lua for explaination of how this works. There is also additional documentation in cgitrc.5.txt. Though this is a cookie-based approach, cgit's caching mechanism is preserved for authenticated pages. Very plugable and extendable depending on user needs. The sample script uses an HMAC-SHA1 based cookie to store the currently logged in user, with an expiration date. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-02-22 05:57:47 +0000
akefile?id=2b34181c8af58b3183c66eb91c272902e6297664&follow=1'>Link with -lcursesJune McEnroe Turns out that NetBSD has its own curses implementation and I'm all for not linking GNU software <3 2018-07-22Fix scheme indentationJune McEnroe 2018-07-16Add -m option to glitchJune McEnroe 2018-07-16malloc deflate buffer in glitchJune McEnroe 2018-07-16malloc the deflate buffer in pngoJune McEnroe The stack is a baby. 2018-07-05Add shed bloodJune McEnroe