3x-ui/web/service/tgbot_test.go at ee063c9bfec34491028ce3ae644e9df7f0566f21 - Alex-Devera/3x-ui - Forgejo: Beyond coding. We Forge.

Alex-Devera/3x-ui

mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-06-07 05:34:17 +00:00

farhadh ee063c9bfe

Implement CSRF protection and security hardening across the application

- Added CSRF token handling in axios requests and HTML templates.
- Introduced CSRF middleware to validate tokens for unsafe HTTP methods.
- Implemented login limiter to prevent brute-force attacks.
- Enhanced security headers in middleware for improved response security.
- Updated login notification to include safe metadata without passwords.
- Added tests for CSRF middleware and login limiter functionality.

2026-05-07 10:23:30 +02:00

13 lines

261 B

Go

Raw Blame History

 package service
 import (
 	"reflect"
 	"testing"
 )
 func TestLoginAttemptDoesNotCarryPassword(t *testing.T) {
 	typ := reflect.TypeOf(LoginAttempt{})
 	if _, ok := typ.FieldByName("Password"); ok {
 		t.Fatal("LoginAttempt must not carry attempted passwords")
 	}
 }