Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: adding captcha and user_id logs #64

Merged
merged 7 commits into from
Jan 30, 2024
Merged

feat: adding captcha and user_id logs #64

merged 7 commits into from
Jan 30, 2024

Conversation

nicolasauler
Copy link
Owner

@nicolasauler nicolasauler commented Jan 29, 2024
edited

Added user_id manually whenever auth_session is used (by subscribing to the axum_login tracing).
Closes #63

Added captcha, by using Friendly Captcha, to public routes.
Solutions are verified.
Closes #20

Add security job as requirement to shuttle deploy job.

TODO:

@nicolasauler
Adding friendly captcha.
367dda1 
obs: needed to make full page reloads for captcha to work, so changed
public endpoints flow.
TODO: CSP customization so that scripts work
@nicolasauler
Added tracing subscriber to axum-login, goal is to log user_id of
dafcf08 
requests, when available.
Also, added security job as requirement for shuttle deploy in circleci.
@nicolasauler
Just stashing current tracing changes.
a5137f5 
TODO: trace user_id
@nicolasauler
Adding user_id to log whenever auth_session is passed into function.
756cd18 
But I did this manually... maybe create a middleware, idk.
@nicolasauler
Just running cargo update
52fbc57
@nicolasauler nicolasauler self-assigned this Jan 29, 2024
This was referenced Jan 29, 2024
Closed
Closed
Closed
Closed
Closed
@nicolasauler
Copy link
Owner Author

In this PR, I kind of reverted the behaviour of updating only parts of the page and implemented full page refreshes for the captcha widget to be reset.
However, I recently found out in the documentation (https://docs.friendlycaptcha.com/#/widget_api?id=attribute-api-html-tags) that with friendlyChallenge.autoWidget.reset();, the widget can be reset without having to refresh the page.
Maybe alter the behaviour of the app in the future to use that.
But here in the early stages is more whatever.

@nicolasauler
Added Friendly Captcha.
109ec8c 
Began http security headers organization.
Settings nonces for each http request.
@nicolasauler
Replicate this structure for every request: which sucks btw!
d395743 
But this way nonce is set for every http request...
@nicolasauler nicolasauler mentioned this pull request Jan 30, 2024
Closed
@nicolasauler nicolasauler merged commit 96a6181 into main Jan 30, 2024
4 checks passed
@nicolasauler nicolasauler deleted the captcha branch January 30, 2024 21:10
@nicolasauler nicolasauler mentioned this pull request Jan 30, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@nicolasauler nicolasauler

Labels
None yet
Projects
None yet
Milestone
0.2 - Expenses overview with manual o...
Development

Successfully merging this pull request may close these issues.

audit: add user_id to requests log in tracing feat: add captcha
1 participant
@nicolasauler