vikunja/pkg/modules
kolaente 8ee069a2a3 feat: add session-based auth with refresh token rotation
- Login creates a server-side session and sets an HttpOnly refresh
  token cookie alongside the short-lived JWT
- POST /user/token/refresh exchanges the cookie for a new JWT and
  rotates the refresh token atomically
- POST /user/logout destroys the session and clears the cookie
- POST /user/token restricted to link share tokens only
- Session list (GET) and delete (DELETE) routes for /user/sessions
- All user sessions invalidated on password change and reset
- CORS configured to allow credentials for cross-origin cookies
- JWT 401 responses use structured error code 11 for client detection
- Refresh token cookie name constants annotated for gosec G101
2026-02-25 10:30:25 +01:00
..
auth feat: add session-based auth with refresh token rotation 2026-02-25 10:30:25 +01:00
avatar fix: use DelPrefix in upload avatar FlushCache to clear all cached sizes 2026-02-13 09:31:28 +01:00
background fix(backgrounds): stream unsplash download to temp file instead of memory 2026-02-08 15:31:25 +01:00
dump fix(dump): limit copy size to prevent decompression bombs 2026-02-08 15:31:25 +01:00
keyvalue feat: add keyvalue.Remember function 2025-07-17 16:19:13 +02:00
migration fix: treat archived TickTick tasks as done during import 2026-02-23 14:52:20 +01:00