f3d121bd61
Adds ClientParams strcut to handle creation and update params
2023-04-28 16:11:40 +02:00
33d86e41c2
Only serve image files on ./image
...
This is an addition to the existing XSS fix in the previous commit.
2022-12-29 12:46:41 +01:00
925fb7e2c9
Fix file upload XSS
...
The application image file upload allowed authenticated users to upload
malious .html files. Opening such a file like
https://push.gotify.net/image/ViaxrjzNowdgL-xnEfVV-Ggv5.html
would allow the attacker to execute client side scripts.
The application image upload will now only allow the upload of files
with the following extensions: .gif, .png, .jpg and .jpeg.
2022-12-28 20:13:35 +01:00
0fb584d7f7
Update docs
2022-12-03 10:45:07 +01:00
fcd9b88bb7
Fix required mismatch in update & create user
...
This shouldn't break the api.
2022-09-10 16:47:22 +02:00
f16ce59e6c
Prevent setting id while inserting / updating applications
2022-07-24 08:48:14 +00:00
c172590b92
Add registration
...
Can be enabled via the registration config flag. (disabled per default)
Fixes gotify/server#395
Co-authored-by: pigpig <pigpig@pig.pig>
Co-authored-by: Karmanyaah Malhotra <32671690+karmanyaahm@users.noreply.github.com>
Co-authored-by: Jannis Mattheis <contact@jmattheis.de>
2021-08-04 19:39:43 +02:00
3454dcd602
Use golangci-lint
2020-11-01 10:47:02 +01:00
909eeff406
Make keepalive period configurable
2020-09-10 16:22:04 +00:00
923030cf44
Update "github.com/go-yaml/yaml" import path to "gopkg.in/yaml.v2" as recommended per the project's documentation
2020-08-20 20:25:37 +02:00
d45e0da6a8
Allow delete for > uint32 ids
...
For ids uint is used, this is platform specific and either uint32
or uint64. The parsing for parameters in the api expected the ids to
have 32bit size.
I thought about changing all our ids to int64 but we sadly have one uint
usage in the plugin api:
b0e2eca8e3/plugin.go (L13-L14)
2020-07-01 19:44:06 +02:00
757fa17d26
Use int64 as input
2020-06-24 18:32:35 +02:00
a9249bbd28
Don't use id provided from POST /message api
2020-06-23 18:39:43 +02:00
7b90b8a8f5
Use v2 in package path
2020-05-08 10:43:17 +02:00
0a7a5cd619
Add logging to websocket errors
2019-11-28 21:39:47 +01:00
81c4a73df3
Add health api
2019-08-16 09:28:57 +02:00
67493c643e
Return 500 server error on database failures ( #191 )
2019-05-25 08:37:24 +02:00
e32359ed15
Add update client api and dialog ( #164 )
2019-03-16 11:18:51 +01:00
efcf4ad13d
Use crypto/rand for token generation ( #161 )
2019-03-16 11:10:28 +01:00
178c76f410
Fix websocket allowed origin ( #150 )
2019-03-14 18:16:24 +01:00
5c5965f2fd
Log web socket errors
2019-03-07 18:29:46 +01:00
2fa395cb84
Prevent removing last admin ( #130 )
2019-02-26 18:46:42 +01:00
ec5b1f8c30
Support reverse proxy with path rewrite ( #127 )
2019-02-13 18:47:48 +01:00
a1204a57f8
Fix id in plugins
2019-02-09 13:26:02 +01:00
e5b24f4c92
Add plugin feature
...
Fixed database migration
Added a plugin system based on the go plugin package
2019-02-09 12:52:01 +01:00
de09aae987
add extras to message model
2019-02-02 13:06:30 +01:00
68b160997d
Format all go files
2019-01-01 23:34:42 +01:00
b5b2f19dc2
[ #23 ] Fix check same origin function
2018-12-12 21:30:59 +01:00
ec2c3da9d4
Add summary for updateApp and uploadImg api
2018-11-24 11:31:32 +01:00
76ca344b77
Make security more compact
2018-11-24 11:31:32 +01:00
9e7859c36c
Add missing bad request / not found definitions
2018-11-24 11:31:32 +01:00
dfb71dabbc
Make produce/consumes more compact
2018-11-24 11:31:32 +01:00
c841e1cd24
Move swagger comments to api
2018-11-24 11:31:32 +01:00
4a6863eda2
[ #69 ] add end-point for update application name and description
2018-11-23 21:39:07 +01:00
ee723918f9
Add once test
2018-11-22 20:59:29 +01:00
79e1dc9c9a
Prevent deadlock on stream.Close()
...
GR = goroutine
[GR#1] http server gets closed
[GR#2] client.NotifyClose() will be executed
[GR#2] client.once.Do will be executed (lock's client.once.m)
[GR#1] stream.Close will be executed (lock's stream.lock)
[GR#1] client.Close will be executed (waits for client.once.m)
[GR#2] stream.remove will be executed (waits for stream.lock)
GR#1 holds lock stream.lock and waits for client.once.m
GR#2 holds lock client.once.m and waits for stream.lock
We prevent the deadlock with releasing the client.once.m lock earlier.
2018-11-22 20:59:29 +01:00
a992bc1506
Prevent possible race condition on SetPingHandler
...
conn.ReadMessage and conn.SetPingHandler are executed
in different goroutines.
2018-11-22 20:59:29 +01:00
0ca18b817c
[ #71 ] Make title in message not necessary field
2018-11-14 20:05:24 +01:00
80eec6ae3a
Remove monkey dependency
2018-11-06 21:38:15 +01:00
39a3d46607
[ #34 ] Adjust message api to be paged
2018-04-13 18:56:11 +02:00
1262f43846
Close web socket connection on delete user
2018-04-02 12:35:16 +02:00
6954fb5adf
Close web socket connection on delete client
2018-04-02 12:35:16 +02:00
13d9350f6d
Delete image on update and delete application & check for existing name
2018-03-31 18:44:49 +02:00
61d5fc59a7
Add UploadApplicationImage API
2018-03-31 18:44:49 +02:00
a6ff23944d
Remove unused method
2018-03-25 19:33:29 +02:00
0f2e7cf5e2
Use gofmt -s
2018-03-25 19:33:29 +02:00
317bb1cb3e
Remove mock & Use database util in user api
2018-03-25 19:33:29 +02:00
b9b98f0ce9
Remove mock & Use database util in token api
2018-03-25 19:33:29 +02:00
785aa7e5b3
Remove mock & Use database util in message api
2018-03-25 19:33:29 +02:00
203791c63b
Move password into own package to prevent package cycle
2018-03-25 19:33:29 +02:00
mateuscelio