Commit message (Collapse) | Author | Age | Lines | |
---|---|---|---|---|
* | authentication: use hidden form instead of referer | Jason A. Donenfeld | 2014-01-16 | -79/+121 |
| | | | | | | | This also gives us some CSRF protection. Note that we make use of the hmac to protect the redirect value. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | |||
* | auth: add basic authentication filter framework | Jason A. Donenfeld | 2014-01-16 | -0/+225 |
This leverages the new lua support. See filters/simple-authentication.lua for explaination of how this works. There is also additional documentation in cgitrc.5.txt. Though this is a cookie-based approach, cgit's caching mechanism is preserved for authenticated pages. Very plugable and extendable depending on user needs. The sample script uses an HMAC-SHA1 based cookie to store the currently logged in user, with an expiration date. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> |