| Commit message (Collapse) | Author |
|
This also gives us some CSRF protection. Note that we make use of the
hmac to protect the redirect value.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
This leverages the new lua support. See
filters/simple-authentication.lua for explaination of how this works.
There is also additional documentation in cgitrc.5.txt.
Though this is a cookie-based approach, cgit's caching mechanism is
preserved for authenticated pages.
Very plugable and extendable depending on user needs.
The sample script uses an HMAC-SHA1 based cookie to store the
currently logged in user, with an expiration date.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
* Rename the capitalize-* filters to dump.* since they also dump the
arguments.
* Add full argument validation to the email filters.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|