mirror of
https://github.com/octoleo/syncthing.git
synced 2024-12-22 10:58:57 +00:00
aa901790b9
This adds a "token manager" which handles storing and checking expired tokens, used for both sessions and CSRF tokens. It removes the old, corresponding functionality for CSRFs which saved things in a file. The result is less crap in the state directory, and active login sessions now survive a Syncthing restart (this really annoyed me). It also adds a boolean on login to create a longer-lived session cookie, which is now possible and useful. Thus we can remain logged in over browser restarts, which was also annoying... :) <img width="1001" alt="Screenshot 2023-12-12 at 09 56 34" src="https://github.com/syncthing/syncthing/assets/125426/55cb20c8-78fc-453e-825d-655b94c8623b"> Best viewed with whitespace-insensitive diff, as a bunch of the auth functions became methods instead of closures which changed indentation. |
||
---|---|---|
.. | ||
auto | ||
testdata | ||
.gitignore | ||
api_auth_test.go | ||
api_auth.go | ||
api_csrf.go | ||
api_statics.go | ||
api_test.go | ||
api.go | ||
confighandler.go | ||
debug.go | ||
mocked_config_test.go | ||
support_bundle.go | ||
tokenmanager.go | ||
tokenset.pb.go |