| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
Previously 404 pages did not set the viewport meta tag,
which made the links very hard to click on mobile.
|
|
|
|
Because of the ? the toml library was attempting to
deserialize Option<Identities>, which apparently fails with:
"invalid type: map, expected option".
|
|
|
|
The function made sense when we had Lua shebangs but now that they
have been removed, the function doesn't make much sense anymore.
|
|
|
|
Now that we have Lua templating, which is more flexible,
it doesn't make sense to keep Lua shebangs around.
|
|
|
|
|
|
Now that we have Lua scripting we don't need iframes anymore.
|
|
|
|
The new chrono version by default pulls in iana-time-zone,
which pulls in a bunch of WASM crates we don't need.
|
|
We are vendoring the rlua_serde crate because it currently depends on
rlua 0.17, which is outdated and my attempts to contact the crate author
were bounced by Yandex for somehow looking like spam.
|
|
|
|
Since adding the rlua dependency I can no longer execute gitpad built on
my developer machine on my server, since it fails with:
gitpad2: /lib/x86_64-linux-gnu/libm.so.6: version `GLIBC_2.29' not found (required by gitpad2)
As it turns out an easy workaround is to statically link MUSL
(by passing --target x86_64-unknown-linux-musl to cargo build).
The openssl-sys dependency (pulled in by git2) however failed to build
for MUSL. Since we don't need it the simplest solution is to just drop it.
|
|
Inspired by the Scribunto extension for MediaWiki.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
When viewing the user directory of another user the
request is intercepted beforehand by parse_url_path.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Previously the Origin header was only checked if you specified an origin
with --origin on startup and when you didn't we just printed a warning
that this might make you vulnerable to CSRF attacks.
I implemented it this way since I wanted GitPad to be runnable without
any command-line options, but such warnings are of course suboptimal
for security since they can simply be ignored.
This commit changes this behavior so that the Origin header is always
checked for POST requests. If you just run "gitpad" the enforced origin
defaults to http://127.0.0.1:<port>. Additionally this commit also
enforces an exact Host header (extracted from the Origin) to prevent DNS
rebinding attacks.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Embedding remote files can leak info via the Referer header.
Also changes child-src to frame-src since it has a higher precedence.
(https://www.w3.org/TR/CSP3/#changes-from-level-2)
|
|
Previously the Page struct contained references to the Controller and
the http::request::Parts, so that page.render() could call
controller.user_info_html(parts). This commit removes these references
from the Page struct, so that it can implement Default in the future.
The Context struct needs to be moved around since it contains
git2::Repository, which isn't Send. Previously the Context struct also
contained the http::request::Parts, so they were moved along.
This commit extracts Parts out of the Context struct, so that our
service function can access Parts after invoking our build_request
method, allowing us to easily log request details for errors in the
future.
|
|
In multi-user mode if Alice attempts to access /~bob/ she would get an
Unauthorized error since branches are private. To improve the UX we
instead already showed Alice a list of which files Bob has shared with
her. Previously this was achieved with an before_return_error hook
in the Controller trait.
While this worked fine, it wasn't elegant, since it required passing
the Context struct in all Unauthorized errors, so that the
before_return_error hook could access the context.
This commit refactors the code to intercept requests to paths like
/~bob/ before the regular request handling instead of afterwards.
While this could have been implemented in the before_route hook, this
would have required either invoking parse_url_path a second time or
passing the Result of parse_url_path, both of which would be akward.
Therefore this commit also merges before_route into parse_url_path.
|
