mirror of
https://github.com/Alexander-D-Karpov/webring.git
synced 2026-03-16 22:07:41 +03:00
bf62b8f427
* major changes
Introduce full user system and approval workflow
——————————————————————————————————————————
Login & sessions
Telegram one‑click login (/login → /auth/telegram) with HMAC verification
New users and sessions tables; telegram_id now optional, TTL‑based cleanup job
Secure session_id cookie (configurable TTL and Secure/SameSite flags)
User dashboard (/user)
Lists the member’s sites and their uptime status
Forms to submit new site or update requests; validation and slug/url sanitisation
View pending requests with change diff
Request storage
update_requests table captures create/update ops as JSONB “changed_fields”
Admin review
/admin/requests interface to approve / reject queued requests
Approval auto‑creates sites (with ordered display_order) or patches existing ones, then refreshes favicon
Super‑admin panel
/admin/setup lists all users, toggle is_admin and forcibly logs them out
Notifications
On every new request, all admins with a Telegram ID receive a Markdown summary via bot API
Public UI tweaks
Header shows login/logout, role‑aware links and call‑to‑action cards
/submit page creates a queued request
Config & env
Added TELEGRAM_BOT_TOKEN, TELEGRAM_BOT_USERNAME, SESSION_TTL_HOURS, SESSION_SECURE_COOKIE
.env.template updated accordingly
Migrations 004–010
Users, sessions, foreign key on sites, display_order, update_requests, telegram_id nullability
BREAKING CHANGE
Environment must supply Telegram bot credentials
Database must be migrated; existing “dashboard” auth remains but admin routes are now session‑protected where applicable
35 lines
943 B
YAML
35 lines
943 B
YAML
version: 2
|
|
|
|
secret_scanning:
|
|
# Paths to exclude from scanning
|
|
ignored_paths:
|
|
- '**/.env.template'
|
|
- '**/.env.example'
|
|
- '**/testdata/**'
|
|
- '**/test/**'
|
|
- '**/*_test.go'
|
|
- 'docs/**'
|
|
|
|
# Specific detectors to ignore
|
|
ignored_detectors:
|
|
- generic_high_entropy_secret
|
|
|
|
ignored_patterns:
|
|
- name: "Template environment variables"
|
|
pattern: 'your_bot_token|your_bot_username|example\.com'
|
|
|
|
- name: "Localhost database strings"
|
|
pattern: 'postgres://postgres:postgres@localhost'
|
|
|
|
- name: "Test credentials"
|
|
pattern: 'testuser|testpass|test_.*'
|
|
|
|
additional_config:
|
|
high_entropy_threshold: 4.5
|
|
ignored_matches:
|
|
- match: 'TELEGRAM_BOT_TOKEN=your_bot_token'
|
|
reason: "Template placeholder"
|
|
- match: 'TELEGRAM_BOT_USERNAME=your_bot_username'
|
|
reason: "Template placeholder"
|
|
- match: 'postgres://postgres:postgres@localhost'
|
|
reason: "Local development database" |