aboutsummaryrefslogtreecommitdiffhomepage
path: root/backend/main.go
AgeCommit message (Collapse)Author
2026-02-14feat(backend): update dependenciesnsfisis
2026-02-13feat(auth): store JWT in HTTP-only cookie instead of JS-accessible cookiensfisis
Prevent XSS-based token theft by making the JWT inaccessible to JavaScript. The backend now sets/clears the cookie via Set-Cookie headers, and the frontend retrieves user info from /api/me instead of decoding the JWT directly. - Add JWTCookieMiddleware to parse cookie and inject claims into context - Add /me and /logout endpoints to OpenAPI spec and handlers - Update PostLogin to return user object + Set-Cookie header - Replace Authorization header auth with cookie-based auth throughout - Rewrite frontend auth to use /api/me instead of jwt-decode - Remove jwt-decode dependency - Configure CORS with credentials for local dev Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13feat(auth): add login rate limiting per IPnsfisis
Prevent brute-force attacks by limiting POST /login to 5 requests per minute per IP address using golang.org/x/time/rate. Unused entries are cleaned up after 10 minutes of inactivity. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13refactor: rename module/package namensfisis
2025-08-17feat: update "PHPerKaigi" to "iOSDC Japan"nsfisis
2025-08-14feat(backend,frontend): Replace hard-coded base path with environment variablensfisis
2025-03-17refactor(backend): remove unused fieldnsfisis
2025-03-11refactor(backend): remove unnecessary commentsnsfisis
2025-03-08websocket to pollingnsfisis
2025-03-04change base pathnsfisis
2025-03-04update go package namesnsfisis
2024-08-18feat(backend): do not define local-only routes in prod envnsfisis
2024-08-18feat(backend): forward all unknown requests to app server in local envnsfisis
2024-08-17feat(backend): fetch user icon from forteensfisis
2024-08-10fix(backend): fix base path of login/logout pages on local envnsfisis
2024-08-10feat: prepend base pathnsfisis
2024-08-08feat(backend/worker): enable `revive` in `golangci-lint`nsfisis
2024-08-08feat(backend/worker): enable `stylecheck` in `golangci-lint`nsfisis
2024-08-08feat(backend/woerker): enable `errcheck` in `golangci-lint`nsfisis
2024-08-08refactor(backend): move ownership of channel to send task resultsnsfisis
2024-08-05feat: show execution result in play pagensfisis
2024-08-05feat(backend): implement task queue processornsfisis
2024-08-05feat: implement task queuensfisis
2024-08-04feat: authenticate users in admin pagesnsfisis
2024-08-04feat(backend): add /logout to /admin/dashboardnsfisis
2024-08-04feat(backend): serve /admin/* pages from api-servernsfisis
2024-08-01refactor(backend): `Id` to `ID` in echo path paramsnsfisis
2024-08-01refactor(backend): wrap ApiHandler with user authenticationnsfisis
2024-08-01feat: change procedure of game startingnsfisis
2024-07-31feat: "iOSDC 2024" to "iOSDC Japan 2024"nsfisis
2024-07-29feat(backend): partially implement gamingnsfisis
2024-07-29feat(backend): use connection poolnsfisis
2024-07-28refactor(backend): move game-related code to game modulensfisis
2024-07-28refactor(backend): move config-related code to config.gonsfisis
2024-07-28chore(backend): rename root modulensfisis
2024-07-28refactor: remove /api/ prefix from openapi.yamlnsfisis
2024-07-28feat(backend): user Logger and Recover middlewarensfisis
2024-07-28feat(backend): handle JWT validation manuallynsfisis
2024-07-28backend: openapinsfisis
2024-07-27backend: jwtnsfisis
2024-07-27organize dockerfiles and compose.yamlnsfisis
2024-07-22backend: replace raw net/http with echonsfisis
2024-07-22change go module namensfisis
2024-07-22user loginnsfisis
2024-07-21add sqldef and sqlcnsfisis
2024-07-21remove racing pagesnsfisis
2024-07-21react routernsfisis
2024-07-19initial commitnsfisis
generated by cgit v1.3.1 (git 2.54.0) at 2026-06-07 21:16:39 +0000