Sicherheit & Robustheit härten
- SQLite-DSN: busy_timeout(5000) + WAL + foreign_keys gegen SQLITE_BUSY - uid ist nie 0 mehr (0 = Sentinel für gelöscht/anonym), Retry bei Kollision - scanEntries gibt Scan-Fehler zurück statt Zeilen still zu überspringen - Session-timeout serverseitig auf 30 Tage gedeckelt (clientgesteuert) - Bild-Upload: Dimensionen vor Decode prüfen (Decompression-Bomb-Schutz) - Secure-Cookie via TLS-Erkennung (r.TLS / X-Forwarded-Proto) - Rate-Limit (httprate, 20/min/IP) auf Login & Registrierung - Vote nur auf existierende Beiträge (keine Waisen-Votes) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -79,7 +79,16 @@ func handleLogin(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
now := time.Now().Unix()
|
||||
// timeout ist clientgesteuert -> serverseitig deckeln, damit niemand eine
|
||||
// quasi-unbegrenzte Session anlegen kann. Default 1 Tag, Maximum 30 Tage.
|
||||
timeoutSec, _ := strconv.ParseInt(r.FormValue("timeout"), 10, 64)
|
||||
const maxTimeout = 30 * 86400
|
||||
if timeoutSec <= 0 {
|
||||
timeoutSec = 86400
|
||||
}
|
||||
if timeoutSec > maxTimeout {
|
||||
timeoutSec = maxTimeout
|
||||
}
|
||||
expires := now + timeoutSec
|
||||
|
||||
token, err := newToken()
|
||||
@@ -104,6 +113,7 @@ func handleLogin(w http.ResponseWriter, r *http.Request) {
|
||||
Expires: time.Unix(expires, 0),
|
||||
Path: "/",
|
||||
HttpOnly: true,
|
||||
Secure: isHTTPS(r),
|
||||
SameSite: http.SameSiteLaxMode,
|
||||
})
|
||||
writeJSON(w, http.StatusOK, map[string]string{"status": "ok"})
|
||||
@@ -114,11 +124,14 @@ func handleLogout(w http.ResponseWriter, r *http.Request) {
|
||||
db.Exec(`DELETE FROM session WHERE value = ?`, s.Value)
|
||||
}
|
||||
http.SetCookie(w, &http.Cookie{
|
||||
Name: "session",
|
||||
Value: "",
|
||||
Path: "/",
|
||||
Expires: time.Unix(0, 0),
|
||||
MaxAge: -1,
|
||||
Name: "session",
|
||||
Value: "",
|
||||
Path: "/",
|
||||
Expires: time.Unix(0, 0),
|
||||
MaxAge: -1,
|
||||
HttpOnly: true,
|
||||
Secure: isHTTPS(r),
|
||||
SameSite: http.SameSiteLaxMode,
|
||||
})
|
||||
writeJSON(w, http.StatusOK, map[string]string{"status": "ok"})
|
||||
}
|
||||
@@ -184,6 +197,13 @@ func sanitizeUsername(u string) string {
|
||||
return u
|
||||
}
|
||||
|
||||
// isHTTPS erkennt, ob die Anfrage über TLS kam — direkt oder über einen
|
||||
// TLS-terminierenden Reverse-Proxy (X-Forwarded-Proto). Steuert das Secure-Flag,
|
||||
// ohne lokale Tests über http zu brechen.
|
||||
func isHTTPS(r *http.Request) bool {
|
||||
return r.TLS != nil || r.Header.Get("X-Forwarded-Proto") == "https"
|
||||
}
|
||||
|
||||
func newToken() (string, error) {
|
||||
b := make([]byte, 32)
|
||||
if _, err := crand.Read(b); err != nil {
|
||||
|
||||
Reference in New Issue
Block a user