feat: Enhance security and fix bugs in authentication

- Update the minimum access token length from 16 to 32 - Prevent spam by introducing policies and detecting user agents - Add an authorization header to the login response - Use base64 to decode the session secret and generate a random one if not set
2025-11-11 02:43:44 +08:00 · 2024-03-05 13:07:07 +00:00
parent bcd5cf3d5f
commit ba9b258a4b
4 changed files with 37 additions and 6 deletions
--- a/controller/user.go
+++ b/controller/user.go
@@ -76,6 +76,12 @@ func setupLogin(user *model.User, c *gin.Context) {
 		})
 		return
 	}
+
+	// set auth header
+	// c.Set("id", user.Id)
+	// GenerateAccessToken(c)
+	// c.Header("Authorization", user.AccessToken)
+
 	cleanUser := model.User{
 		Id:          user.Id,
 		Username:    user.Username,