syncthing/lib/api
Jakob Borg aa901790b9
lib/api: Save session & CSRF tokens to database, add option to stay logged in (fixes #9151) (#9284)
This adds a "token manager" which handles storing and checking expired
tokens, used for both sessions and CSRF tokens. It removes the old,
corresponding functionality for CSRFs which saved things in a file. The
result is less crap in the state directory, and active login sessions
now survive a Syncthing restart (this really annoyed me).

It also adds a boolean on login to create a longer-lived session cookie,
which is now possible and useful. Thus we can remain logged in over
browser restarts, which was also annoying... :)

<img width="1001" alt="Screenshot 2023-12-12 at 09 56 34"
src="https://github.com/syncthing/syncthing/assets/125426/55cb20c8-78fc-453e-825d-655b94c8623b">

Best viewed with whitespace-insensitive diff, as a bunch of the auth
functions became methods instead of closures which changed indentation.
2024-01-04 10:07:12 +00:00
..
auto all: Remove usage of deprecated io/ioutil (#7971) 2021-11-22 08:59:47 +01:00
testdata cmd/syncthing, lib/api: Separate api/gui into own package (ref #4085) (#5529) 2019-03-26 19:53:58 +00:00
.gitignore lib/api: Ignore that one file that always shows up in git status 2020-03-07 11:46:54 +01:00
api_auth_test.go lib/api: Save session & CSRF tokens to database, add option to stay logged in (fixes #9151) (#9284) 2024-01-04 10:07:12 +00:00
api_auth.go lib/api: Save session & CSRF tokens to database, add option to stay logged in (fixes #9151) (#9284) 2024-01-04 10:07:12 +00:00
api_csrf.go lib/api: Save session & CSRF tokens to database, add option to stay logged in (fixes #9151) (#9284) 2024-01-04 10:07:12 +00:00
api_statics.go lib/api: Fix inverted logic in string comparison 2022-07-28 21:51:14 +02:00
api_test.go lib/api: Save session & CSRF tokens to database, add option to stay logged in (fixes #9151) (#9284) 2024-01-04 10:07:12 +00:00
api.go lib/api: Save session & CSRF tokens to database, add option to stay logged in (fixes #9151) (#9284) 2024-01-04 10:07:12 +00:00
confighandler.go lib/config: Accept pre-hashed password (fixes #9123) (#9124) 2023-09-24 19:23:49 +02:00
debug.go all, lib/logger: Refactor SetDebug calls (#6054) 2019-10-04 13:03:34 +02:00
mocked_config_test.go lib: Use counterfeiter to mock interfaces in tests (#7375) 2021-03-03 08:53:50 +01:00
support_bundle.go cmd/syncthing, lib/api: Separate api/gui into own package (ref #4085) (#5529) 2019-03-26 19:53:58 +00:00
tokenmanager.go lib/api: Save session & CSRF tokens to database, add option to stay logged in (fixes #9151) (#9284) 2024-01-04 10:07:12 +00:00
tokenset.pb.go lib/api: Save session & CSRF tokens to database, add option to stay logged in (fixes #9151) (#9284) 2024-01-04 10:07:12 +00:00