syncthing/lib
Jakob Borg 439c6c5b7c
lib/api: Add cache busting for basic auth (ref #9208) (#9215)
This adds our short device ID to the basic auth realm. This has at least
two consequences:

- It is different from what's presented by another device on the same
address (e.g., if I use SSH forwards to different dives on the same
local address), preventing credentials for one from being sent to
another.

- It is different from what we did previously, meaning we avoid cached
credentials from old versions interfering with the new login flow.

I don't *think* there should be things that depend on our precise realm
string, so this shouldn't break any existing setups...

Sneakily this also changes the session cookie and CSRF name, because I
think `id.Short().String()` is nicer than `id.String()[:5]` and the
short ID is two characters longer. That's also not a problem...
2023-11-14 11:57:39 +01:00
..
api lib/api: Add cache busting for basic auth (ref #9208) (#9215) 2023-11-14 11:57:39 +01:00
assets lib/assets: MIME types, time formats (#8351) 2022-05-22 22:10:18 +02:00
beacon lib/beacon, lib/discover: Send IPv4 limited broadcast when address listing fails (fixes #1628) (#9087) 2023-09-12 14:28:17 +02:00
build lib/build: Next version is the Gold Grasshopper 2023-09-06 13:13:39 +02:00
config Hide log out button when auth is not enabled (#9158) 2023-10-15 14:10:41 +02:00
connections Update dependencies (#9129) 2023-09-25 21:45:57 +02:00
db all: Remove lib/util package (#9049) 2023-08-21 19:44:33 +02:00
dialer lib: Removal global connection registry (#8254) 2022-04-09 16:04:56 +02:00
discover lib/beacon, lib/discover: Send IPv4 limited broadcast when address listing fails (fixes #1628) (#9087) 2023-09-12 14:28:17 +02:00
events all: Add Prometheus-style metrics to expose some internal performance counters (fixes #5175) (#9003) 2023-08-04 19:57:30 +02:00
fs lib/fs: Ignore inode change time on Android (#9177) 2023-10-21 08:24:29 +02:00
httpcache cmd/stupgrades: Cache should apply to HEAD as well as GET 2023-02-22 12:22:52 +01:00
ignore all: Grand test refactor (fixes #8779, fixes #8799) 2023-05-09 10:01:57 +00:00
locations lib/location: Fix regression of timestamp handling (ref #9180) (#9185) 2023-10-26 07:41:02 +02:00
logger cmd/syncthing, lib/logger: Add date to default log format (fixes #8272) (#8273) 2022-04-15 07:46:14 +04:00
model lib/model: Verify versioning on configuration reload (fixes #9106) (#9154) 2023-10-07 04:09:51 +02:00
nat all: Unused parameter should be replaced by underscore (#8464) 2022-07-28 17:17:29 +02:00
netutil all: Remove lib/util package (#9049) 2023-08-21 19:44:33 +02:00
osutil lib/osutil, lib/upnp: Check FlagRunning (fixes #8767) (#9047) 2023-08-21 14:49:28 +00:00
pmp all: Remove lib/util package (#9049) 2023-08-21 19:44:33 +02:00
protocol lib/api: Add cache busting for basic auth (ref #9208) (#9215) 2023-11-14 11:57:39 +01:00
rand all: Remove unused method receivers (#8462) 2022-07-28 17:32:45 +02:00
rc all: Remove unused method receivers (#8462) 2022-07-28 17:32:45 +02:00
relay cmd/strelaysrv: Add optional auth token (fixes #3987) (#8561) 2022-10-01 20:41:02 +01:00
scanner all: Add Prometheus-style metrics to expose some internal performance counters (fixes #5175) (#9003) 2023-08-04 19:57:30 +02:00
semaphore all: Remove lib/util package (#9049) 2023-08-21 19:44:33 +02:00
sha256 all: Use crypt/rand through its buffered version, but not in benchmarks (#7420) 2021-03-02 19:17:20 +01:00
signature all: Use crypt/rand through its buffered version, but not in benchmarks (#7420) 2021-03-02 19:17:20 +01:00
sliceutil all: Support multiple device connections (fixes #141) (#8918) 2023-09-06 12:52:01 +02:00
stats all: Truncate some timestamps (fixes #7457) (#7459) 2021-03-12 10:35:10 +01:00
stringutil all: Remove lib/util package (#9049) 2023-08-21 19:44:33 +02:00
structutil all: Remove lib/util package (#9049) 2023-08-21 19:44:33 +02:00
stun all: Remove lib/util package (#9049) 2023-08-21 19:44:33 +02:00
svcutil all: Remove lib/util package (#9049) 2023-08-21 19:44:33 +02:00
sync all: Use new Go 1.19 atomic types (#8772) 2023-02-07 12:07:34 +01:00
syncthing all: Support multiple device connections (fixes #141) (#8918) 2023-09-06 12:52:01 +02:00
testutil all: Remove lib/util package (#9049) 2023-08-21 19:44:33 +02:00
tlsutil lib/tlsutil: Use crypto.Signer interface (#8526) 2022-09-09 14:22:38 +02:00
upgrade lib/upgrade: Enable HTTP/2 for upgrade checks (#9060) 2023-08-30 21:58:34 +02:00
upnp lib/beacon: Check FlagRunning (#9051) 2023-08-22 11:27:43 +02:00
ur all: Remove lib/util package (#9049) 2023-08-21 19:44:33 +02:00
versioner lib/versioner: Don't complain when folder is stopping (#9097) 2023-09-11 23:10:18 +02:00
watchaggregator lib/config: Allow sub-second watcher delay (fixes #7859) (#7864) 2023-03-18 08:50:38 +01:00
weakhash all: Remove usage of deprecated io/ioutil (#7971) 2021-11-22 08:59:47 +01:00