mattnite
/
forgejo-tickets
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
56 Commits 1 Branch 0 Tags 231 KiB
Commit Graph

56 Commits

Author SHA1 Message Date
Matthew Knight 0982129bf1 Merge pull request 'Add periodic cleanup for expired email tokens' (#47) from fix/email-token-cleanup into main 
Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/47
 2026-02-18 00:24:50 +00:00
Matthew Knight dca569b278 Merge pull request 'Use session-based flash messages instead of query params' (#46) from fix/session-flash into main 
Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/46
 2026-02-18 00:24:02 +00:00
Matthew Knight 9449b271f5
Add periodic cleanup for expired email tokens 
Fixes #34
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 16:20:24 -08:00
Matthew Knight 8603b0bfb5
Use session-based flash messages instead of query params 
Fixes #33

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 16:19:06 -08:00
Matthew Knight 9e4eef294a Merge pull request 'Add security response headers' (#45) from fix/security-headers into main 
Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/45
 2026-02-18 00:17:41 +00:00
Matthew Knight 576d44427a Merge pull request 'Pin Mermaid.js version with SRI integrity hash' (#44) from fix/mermaid-sri into main 
Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/44
 2026-02-18 00:16:51 +00:00
Matthew Knight ec94d94453 Merge pull request 'Sanitize Content-Disposition filename in downloads' (#43) from fix/content-disposition-injection into main 
Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/43
 2026-02-18 00:14:50 +00:00
Matthew Knight fdcccce476 Merge pull request 'Validate proxy download URL host to prevent SSRF' (#42) from fix/ssrf-proxy-download into main 
Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/42
 2026-02-18 00:13:09 +00:00
Matthew Knight 5761872988
Pin Mermaid.js version with SRI integrity hash 
Fixes #27
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 16:12:25 -08:00
Matthew Knight f1b20edbe3 Merge pull request 'Require minimum 32-byte SESSION_SECRET' (#41) from fix/session-secret-validation into main 
Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/41
 2026-02-18 00:11:21 +00:00
Matthew Knight d33c138867 Merge pull request 'Escape user-supplied values in HTML email templates' (#40) from fix/email-html-injection into main 
Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/40
 2026-02-18 00:10:34 +00:00
Matthew Knight c56b803010
Validate proxy download URL host to prevent SSRF 
Fixes #26
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 16:07:31 -08:00
Matthew Knight 1af9d67525
Require minimum 32-byte SESSION_SECRET 
Fixes #20
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 16:03:05 -08:00
Matthew Knight 244e530d4a
Escape user-supplied values in HTML email templates 
Fixes #19

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 16:02:01 -08:00
Matthew Knight bcc912077d
Add security response headers 
Fixes #18

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 16:00:56 -08:00
Matthew Knight ace0c06362
Sanitize Content-Disposition filename in downloads 
Fixes #17

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 15:59:54 -08:00
Matthew Knight e3ef03ddcd Merge pull request 'Add rate limiting to authentication endpoints' (#39) from fix/auth-rate-limiting into main 
Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/39
 2026-02-17 23:59:36 +00:00
Matthew Knight 9b2a812d95
Add rate limiting to authentication endpoints 
Fixes #15

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 15:55:34 -08:00
Matthew Knight fc2a3880c4 Merge pull request 'Add CSRF protection to admin panel' (#38) from fix/admin-csrf into main 
Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/38
 2026-02-17 23:54:46 +00:00
Matthew Knight a0fa170a40 Merge pull request 'Set Secure flag on session cookie for HTTPS' (#37) from fix/session-secure-flag into main 
Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/37
 2026-02-17 23:54:40 +00:00
Matthew Knight af06f2203e Merge pull request 'Update dependencies and Go version to fix CVEs' (#36) from fix/dependency-vulns into main 
Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/36
 2026-02-17 23:54:34 +00:00
Matthew Knight 4a0af136d5
Add CSRF protection to admin panel 
Fixes #14

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 15:53:31 -08:00
Matthew Knight e6cd175c92
Set Secure flag on session cookie for HTTPS 
Fixes #9
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 15:50:18 -08:00
Matthew Knight 4b8ab0a3cb
Update dependencies and Go version to fix CVEs 
Fixes #10, Fixes #11, Fixes #12, Fixes #13, Fixes #35
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 15:49:23 -08:00
Matthew Knight 29cbe1a52b Merge pull request 'Fix cached session bug' (#8) from sso-fix into main 
Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/8
 2026-02-17 20:15:42 +00:00
Matthew Knight 4d95fddb1b
Fix cached session bug 2026-02-17 12:14:34 -08:00
Matthew Knight 1f3e1d3074 Merge pull request 'Use customer names in UI and tickets' (#6) from customer-full-name into main 
Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/6
 2026-02-16 23:14:54 +00:00
Matthew Knight b187ee2257 Use customer names in UI and tickets 2026-02-16 23:08:29 +00:00
Matthew Knight 0df41e08a0 Merge pull request 'Check for repo write permissions -- needed to create labels' (#5) from label-again into main 
Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/5
 2026-02-16 18:32:00 +00:00
Matthew Knight 57177b126c
Check for repo write permissions -- needed to create labels 2026-02-16 10:18:32 -08:00
Matthew Knight 6f2ceb214d Merge pull request 'Fix "customer" label not being assigned' (#4) from labels into main 
Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/4
 2026-02-16 17:15:51 +00:00
Matthew Knight f58f646b7d
Fix "customer" label not being assigned 2026-02-16 09:14:29 -08:00
Matthew Knight 94496b9fbb Merge pull request 'Drag and drop attachments' (#3) from drag-and-drop into main 
Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/3
 2026-02-16 08:59:10 +00:00
Matthew Knight acd9a03269
Drag and drop attachments 2026-02-16 00:58:04 -08:00
Matthew Knight 690850773e Merge pull request 'poke' (#2) from poke into main 
Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/2
 2026-02-16 08:08:16 +00:00
Matthew Knight 9b679f4ab2
poke 2026-02-16 00:07:00 -08:00
Matthew Knight 4fa62de794 CI and Deployment (#1) 
Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/1
 2026-02-16 07:37:00 +00:00
Matthew Knight c7bdb3b66e
JWT SSO 2026-02-15 09:12:19 -08:00
Matthew Knight 8dcf60c970
Footnotes 2026-02-15 00:27:01 -08:00
Matthew Knight da50fe4dde
Emojis and mermaid 2026-02-14 23:41:31 -08:00
Matthew Knight 02af677306
Fix attachments 2026-02-14 23:11:59 -08:00
Matthew Knight 7f1e554e40
Set label 2026-02-14 22:57:42 -08:00
Matthew Knight 210fa4ee2d
attachment fixes 2026-02-14 14:11:05 -08:00
Matthew Knight 0e52d7ef98
Render fixes 2026-02-14 13:33:19 -08:00
Matthew Knight d23aa87f75
More forgejo features 2026-02-14 12:59:32 -08:00
Matthew Knight 387810676b
customer label 2026-02-14 02:31:47 -08:00
Matthew Knight a932407748
Display names some more 2026-02-14 02:23:27 -08:00
Matthew Knight fee62fed53
better display 2026-02-14 02:17:09 -08:00
Matthew Knight cb21e0f6a2
Forgejo as the source of truth 2026-02-14 02:04:27 -08:00
Matthew Knight 2a21f6ba50
Sync comments 2026-02-14 01:26:58 -08:00