Spacebin v1.1.0 - Reader mode, accounts system #453
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.32.0 to 1.33.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.32.0...v1.33.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.33.0 to 1.33.1. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.33.0...v1.33.1) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
build(deps): bump modernc.org/sqlite from 1.33.0 to 1.33.1
Closed
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #453 +/- ##
===========================================
+ Coverage 49.88% 81.56% +31.68%
===========================================
Files 9 9
Lines 425 537 +112
===========================================
+ Hits 212 438 +226
+ Misses 188 82 -106
+ Partials 25 17 -8 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
lukewhrit
changed the title
lukewhrit
changed the title
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.33.1 to 1.34.1. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.33.1...v1.34.1) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
build(deps): bump modernc.org/sqlite from 1.33.1 to 1.34.1
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.9.0...v1.10.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.34.1 to 1.34.2. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.34.1...v1.34.2) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
build(deps): bump modernc.org/sqlite from 1.34.1 to 1.34.2
build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.29.0 to 0.31.0. - [Commits](golang/crypto@v0.29.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
build(deps): bump golang.org/x/crypto from 0.29.0 to 0.31.0
Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.1.0 to 5.2.0. - [Release notes](https://github.com/go-chi/chi/releases) - [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md) - [Commits](go-chi/chi@v5.1.0...v5.2.0) --- updated-dependencies: - dependency-name: github.com/go-chi/chi/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.34.2 to 1.34.4. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.34.2...v1.34.4) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github.com/alecthomas/chroma/v2](https://github.com/alecthomas/chroma) from 2.14.0 to 2.15.0. - [Release notes](https://github.com/alecthomas/chroma/releases) - [Changelog](https://github.com/alecthomas/chroma/blob/master/.goreleaser.yml) - [Commits](alecthomas/chroma@v2.14.0...v2.15.0) --- updated-dependencies: - dependency-name: github.com/alecthomas/chroma/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.31.0 to 0.32.0. - [Commits](golang/crypto@v0.31.0...v0.32.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: lukewhrit <38197656+lukewhrit@users.noreply.github.com>
Co-authored-by: lukewhrit <38197656+lukewhrit@users.noreply.github.com>
…paths - Add test for invalid JSON in HandleCreateBody - Add test for HandleCreateBody error in createDocument - Update codecov config to ignore config.go and auth helper functions - Coverage improved: Server 69.6% -> 70.6%, Util 49.2% -> 50.0% Co-authored-by: lukewhrit <38197656+lukewhrit@users.noreply.github.com>
- Add tests for HandleSignupBody (JSON, multipart, error cases) - now 100% - Add tests for HandleSigninBody (JSON, multipart, error cases) - now 100% - Add tests for ValidateBody edge cases (password length validation) - Add tests for Highlight with multiple languages and edge cases - Add test for MountMiddleware with invalid ratelimiter - Add multipart error tests for all Handle*Body functions - Overall util coverage: 50.0% -> 66.2% - HandleSignupBody: 0% -> 100% - HandleSigninBody: 0% -> 100% Co-authored-by: lukewhrit <38197656+lukewhrit@users.noreply.github.com>
Co-authored-by: lukewhrit <38197656+lukewhrit@users.noreply.github.com>
…ver-api test: add comprehensive unit tests for server API and utilities
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.41.0 to 1.42.2. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.41.0...v1.42.2) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-version: 1.42.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…modernc.org/sqlite-1.42.2 build(deps): bump modernc.org/sqlite from 1.41.0 to 1.42.2
Save with hotkeys
still to do: user settings page, emails, error handling, creating an authenticated post
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Owner
Author
|
Accounts to-do list:
|
Comment on lines
+439
to
+447
| http.SetCookie(w, &http.Cookie{ | ||
| Name: sessionCookieName, | ||
| Value: "", | ||
| Path: "/", | ||
| Expires: time.Unix(0, 0), | ||
| MaxAge: -1, | ||
| HttpOnly: true, | ||
| SameSite: http.SameSiteLaxMode, | ||
| }) |
Check warning
Code scanning / CodeQL
Cookie 'Secure' attribute is not set to true Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 24 days ago
In general, to fix this kind of issue you must ensure that any cookie involved in session or authentication handling sets Secure: true so that it is only transmitted over HTTPS. This applies both when creating the session cookie and when clearing/deleting it.
In this file, buildSessionCookie already sets Secure based on the request and configuration. The problem is clearSessionCookie, which constructs a new http.Cookie without the Secure field, so it defaults to false. The best fix, without changing existing functionality, is to add Secure: true to the cookie literal in clearSessionCookie. This ensures that the deletion cookie is sent only over secure connections, matching the expectations for a session cookie. No new imports or helpers are required, and no other lines need to change.
Concretely:
- In
internal/server/authentication.go, in theclearSessionCookie(w http.ResponseWriter)function (lines 438–447), update the cookie literal passed tohttp.SetCookieto includeSecure: true,along with the existing fields.
Suggested changeset
1
internal/server/authentication.go
| @@ -444,6 +444,7 @@ | ||
| MaxAge: -1, | ||
| HttpOnly: true, | ||
| SameSite: http.SameSiteLaxMode, | ||
| Secure: true, | ||
| }) | ||
| } | ||
|
|
Copilot is powered by AI and may make mistakes. Always verify output.
Bumps [github.com/alecthomas/chroma/v2](https://github.com/alecthomas/chroma) from 2.21.1 to 2.22.0. - [Release notes](https://github.com/alecthomas/chroma/releases) - [Commits](alecthomas/chroma@v2.21.1...v2.22.0) --- updated-dependencies: - dependency-name: github.com/alecthomas/chroma/v2 dependency-version: 2.22.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.42.2 to 1.43.0. - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.42.2...v1.43.0) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-version: 1.43.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…modernc.org/sqlite-1.43.0 build(deps): bump modernc.org/sqlite from 1.42.2 to 1.43.0
…github.com/alecthomas/chroma/v2-2.22.0 build(deps): bump github.com/alecthomas/chroma/v2 from 2.21.1 to 2.22.0
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Spacebin v1.1.0 will include:
Originally, we planned to include a QR code generator in this release but it was decided that this was out of scope of the project and we do not plan to include it.
Additionally, we wanted to include a feature to create password-protected pastes but this was pushed to Spacebin v1.2.0, to get this release out sooner.
Spacebin v1.1.0 will also include fixes for the following bugs:
Track progress here (✅ are also completed features). If you notice anything you'd like to help with, please do! I would deeply appreciate any help in implementing these features!