2ebbc88c0a
user list, user create w/ endpoints, misc
2026-03-04 22:46:46 +01:00
de6ea0d913
handle unique constraint on users.handle properly, misc
2026-03-04 19:31:55 +01:00
f253ff1157
unify DB errors
2026-03-03 17:59:38 +01:00
da5300b713
switch logging over to log & env_logger crate
2026-03-02 15:52:18 +01:00
f6a9807794
unuseds & cargo clippy
2026-03-01 23:59:42 +01:00
e60172527c
change handle endpoint & why was changepassword a GET?
2026-03-01 14:53:54 +01:00
b2a80ffa58
setpassword endpoint, misc
2026-03-01 00:31:15 +01:00
c8d15f8c6b
session revoking, perm, DatabaseError (partially)
2026-02-28 23:27:56 +01:00
94dcc1816d
permissions stub wo/ DB model
2026-02-28 13:16:22 +01:00
ea3dd17261
the most insignificant change you could imagine lowkey
2026-02-28 01:42:58 +01:00
f754e47221
centralize Argon2 setup
2026-02-28 00:23:15 +01:00
b6a211bbcf
login & logout
2026-02-27 23:46:37 +01:00
969401658f
login endpoint
2026-02-26 00:39:33 +01:00
ba3b3413d0
quote&line stub
2026-02-25 21:38:01 +01:00
edc8ea1598
allow 2-letter, 24-letter tags
2026-02-25 17:14:43 +01:00
11476f7c5b
implement tags
2026-02-25 02:45:42 +01:00
5a92740785
mitigate sidechannel timing attack for basic auth
...
Information on whether a user with a given handle exists or not could be
collected by checking the difference between response times of
auth-required endpoints with and without a real handle being passed into
Basic auth. This is because the time-expensive password hash would only
be computed for users that exist, lengthening the response time. In
local testing, this was a difference of 8ms vs. 35-60ms.
A hash is now computed even if a user with the requested handle doesn't
exist, mitigating the issue and leaving only negligible differences
inbetween all response times, from which no information can be obtained.
2026-02-24 14:49:30 +01:00
f6feec2469
make get_user_by_id return canonical handle
2026-02-24 02:20:01 +01:00
fcf43dc0bc
case-insensitive UserHandles
2026-02-24 02:06:24 +01:00
1e7866a293
fight unuseds, sessions endpoint
2026-02-24 01:42:19 +01:00
ee7ed48144
CompositeError, UserAuthRequired, /users/self & users/:id, misc
2026-02-24 00:55:19 +01:00
085764f06a
basic HTTP server
2026-02-23 13:17:09 +01:00
b31c85647e
remove obsolete auth module
2026-02-23 10:24:13 +01:00
e11ba79b37
dumb typo
2026-02-23 02:22:30 +01:00
52b70d4ee9
a whole lot of preem User/Session/Auth work
2026-02-23 02:17:49 +01:00
7a62819d9c
UserHandle newtype, Users & boilerplate
2026-02-22 14:53:40 +01:00
53f9e40477
first pass db schema & deps
2026-02-20 21:33:41 +01:00
