Archives
/
cgit
mirror of https://git.zx2c4.com/cgit/
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,311 Commits
16 Branches
43 Tags
37 MiB
ch/for-jason
ch/highlight-line
ch/log-commit-message
ch/dynamic-aging
ch/about-link
ch/default-pages
jd/zx2c4-deployment
master
wiki
jd/render-filter
lf/for-jason
jk/collapsible-sections
rm/namespace
lf/filter
lh/grep
lh/pretty-blob-view
v1.2.3
v1.2.2
v1.2.1
v1.2
v1.1
v1.0
v0.12
v0.11.2
v0.11.1
v0.11.0
v0.10.2
v0.10.1
v0.10
v0.9.2
v0.9.1
v0.9.0.3
v0.9.0.2
v0.9.0.1
v0.9
v0.8.3.5
v0.8.3.4
v0.8.3.3
v0.8.3.2
v0.8.3.1
v0.8.3
v0.8.2.2
v0.8.2.1
v0.8.2
v0.8.1.1
v0.8.1
v0.8
v0.7.2
v0.7.1
v0.7
v0.6.3
v0.6.2
v0.6.1
v0.6
v0.5
v0.4
v0.3
v0.2
v0.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '03de473354'
${ noResults }
Commit Graph

7 Commits (03de473354dc8c17a3b23a973b5cc67752ad20cb)

Author SHA1 Message Date
Jason A. Donenfeld ecd6b7230c simple-authentication.lua: tie secure cookies to field names 9 years ago
Jason A. Donenfeld aa6d5b105d simple-authentication: style 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 11 years ago
Jason A. Donenfeld 9dde6d38e9 auth: document tweakables in lua script 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 11 years ago
Jason A. Donenfeld a431326e8f auth: have cgit calculate login address 
This way we're sure to use virtual root, or any other strangeness
encountered.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 11 years ago
Jason A. Donenfeld df00ab1096 auth: lua string comparisons are time invariant 
By default, strings are compared by hash, so we can remove this comment.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 11 years ago
Jason A. Donenfeld b826537cb4 authentication: use hidden form instead of referer 
This also gives us some CSRF protection. Note that we make use of the
hmac to protect the redirect value.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 11 years ago
Jason A. Donenfeld d6e9200cc3 auth: add basic authentication filter framework 
This leverages the new lua support. See
filters/simple-authentication.lua for explaination of how this works.
There is also additional documentation in cgitrc.5.txt.

Though this is a cookie-based approach, cgit's caching mechanism is
preserved for authenticated pages.

Very plugable and extendable depending on user needs.

The sample script uses an HMAC-SHA1 based cookie to store the
currently logged in user, with an expiration date.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 11 years ago