senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/veza-backend-api/internal/api
History
senke 078e512770 [BE-SEC-004] security: Implement CSRF protection for all state-changing endpoints 
- Created applyCSRFProtection helper function to apply CSRF middleware
- Applied CSRF protection to all protected routes with POST/PUT/DELETE:
  * Users routes (PUT, POST, DELETE)
  * Tracks routes (POST, PUT, DELETE)
  * Playlists routes (POST, PUT, DELETE)
  * Chat routes (POST)
  * Auth protected routes (POST logout, 2FA)
  * Roles routes (GET only, no state-changing)
  * Marketplace routes (POST)
  * Webhooks routes (POST, DELETE)
  * Comments routes (POST, DELETE)
- CSRF token endpoint (/csrf-token) remains accessible without CSRF check
- Middleware validates X-CSRF-Token header for all state-changing requests
- Protection only applies when Redis is available

Phase: PHASE-4
Priority: P1
Progress: 6/267 (2.2%)
2025-12-24 12:03:27 +01:00
..
admin adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
chat adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
collaboration adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
contest adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
education adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
graphql adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
grpc adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
handlers STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
listing adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
message adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
offer adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
production_challenge adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
room adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
search adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
shared_resources adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
sound_design_contest adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
tag adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
track adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
user refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
voting_system adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
websocket adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
api_manager.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
router.go [BE-SEC-004] security: Implement CSRF protection for all state-changing endpoints 2025-12-24 12:03:27 +01:00