leonklingele
Repos
114
Followers
44
Following
56

Events

Created at 14 hours ago
started
Created at 15 hours ago
issue comment
middleware/requestid: mention that the default UUID generator exposes the number of requests made to the server

Here are some benchmarks: https://github.com/leonklingele/uuidbench#go-uuid-benchmark

It looks like switching to the construction mentioned above using Blake2s instead of SHA256 is a fast and secure alternative to UUIDv4.

Created at 17 hours ago
create branch
leonklingele create branch master
Created at 17 hours ago
create repository
leonklingele create repository
Created at 17 hours ago
opened issue
V3 🚀 Feature: Drop "XHR" func from Ctx interface

Feature Description

The new Ctx interface requires a XHR() bool func. This is a simple header lookup which I suppose is barely even used. As the interface is already quite overloaded, we should try to make it easier to satisfy by removing such simple functions.

Additional Context (optional)

No response

Code Snippet (optional)

No response

Checklist:

  • [X] I agree to follow Fiber's Code of Conduct.
  • [X] I have checked for existing issues that describe my suggestion prior to opening this one.
  • [X] I understand that improperly formatted feature requests may be closed without explanation.
Created at 17 hours ago
issue comment
middleware/requestid: mention that the default UUID generator exposes the number of requests made to the server

We could start off with a crypto-random seed — a byte slice — and hash it once more per request using a fast and secure (i.e. pre-image resistant) hashing function such as SHA256.

If performance is really crucial, we could even pre-generate the next couple of hashes so their calculation doesn’t block the request.

I’ll do some benchmarks on this.

Created at 1 day ago
pull request opened
UI/WebServerResources/js: escape CSS selector names

SOGo uses the name of calendar categories verbatim to construct a CSS selector without escaping characters such as "/". This patch ensures those selector names are properly escaped so calendar categories applied to a calendar event match the according selector and appear in the correct color.

This patch makes use of the CSS escape API which is supported by all major browsers. See https://caniuse.com/mdn-api_css_escape.

Also see https://mathiasbynens.be/notes/css-escapes.

Created at 3 days ago
pull request opened
UI: prevent double event creation in case of an event conflict

In case of an calendar event conflict the form submit button was not disabled on use, allowing it to be clicked again. This could have resulted in a double creation of the event.

Created at 3 days ago
create branch
leonklingele create branch escape-css-selectors
Created at 3 days ago

Fix OOM when having a lot of recurrence rules

We had a broken client that created calendar entries with a lot of recurrence rule (all of them FREQ=WEEKLY) and a lot of alarms. This led to SOGo going out of memory.

This patch works around that by filtering out duplicated rules as they yield the same date ranges and we only need to have them once.

feat(password-recovery): Improve password lost link style

i18n(nb_NO): Update Norwegian Bokmål translations

i18n(sr): Update Serbian translations

i18n(fr): Update French translations

i18n(da_DK): Update Danish translations

i18n(nb_NO): Update Norwegian Bokmål translations

feat(password-recovery): Fix undefined in URL when click on back button

feat(password-recovery): Improve documentation

fix(mail(js)): fix validation of email addresses

This fixes a js error that was introduced by 67ccf748edcec8d495de35f431d7d0f3cf35fc6e If applied, this fix allows users to copy and paste multiple email addresses into the recipient fields, e.g., from a excel file.

feat(password-recovery): Clean session cookies on password change

Merge pull request #328 from helsinki-systems/fix/mail-validation

fix(mail(js)): fix validation of email addresses

Merge pull request #327 from helsinki-systems/fix/duplicated-recurrence-rules

Fix OOM when having a lot of recurrence rules

feat(password-recovery): Avoid removing XSRF token cookie on passwordRecoveryCheck request

fix(calendar): Update c_startdate field when updating event. Fixes #4376

Removed useless comment in code

feat(password-recovery): Add loader for password recovery - when requests are slow, the UI does not display anything.

fix(eas) ensure Templates and Junk folder exits (fixes #5626)

fix(eas) use bare email address (fixes #5612)

Merge pull request #329 from tfux/5626

fix(eas) ensure Templates and Junk folder exits (fixes #5626)

Created at 3 days ago
create branch
leonklingele create branch prevent-double-event-creation
Created at 3 days ago
started
Created at 5 days ago
issue comment
app: do not use empty *net.IPNet in case of an error of "net.ParseCIDR"

See the individual commits for details.

Created at 5 days ago
pull request opened
app: do not use empty *net.IPNet in case of an error of "net.ParseCIDR"
Created at 5 days ago
create branch
leonklingele create branch fix-app-handleTrustedProxy
Created at 5 days ago
issue comment
V3: ctx: make Secure() also report whether a secure connection was established to a trusted proxy

@efectn is this still on your list?

Created at 5 days ago
Created at 5 days ago
pull request opened
go: update github.com/timakin/bodyclose to e39cf3fc478ef1a9b60e1bc08962376aa30310ef

This allows the linter to handle more cases which previously went undetected, e.g. https://github.com/timakin/bodyclose/commit/c933b9a779894a109e585f4385ebecd6bd3ede74

Created at 5 days ago
leonklingele create branch update-github.com/timakin/bodyclose
Created at 5 days ago
opened issue
v3 Request: immutable by default

Feature Description

The zero-allocation by default promise to me seems like a very dangerous choice, often causing unexpected side effects (it also has happened to be before). People unaware of the issue will most likely end up exposing sensitive data (such as user passwords and email addresses) to others.

For v3, I'd make fiber a bit slower but much safer and easier to use by renaming the config option Immutable to NonImmutable and let it be false by default.

Thoughts on this?

Additional Context (optional)

No response

Code Snippet (optional)

No response

Checklist:

  • [X] I agree to follow Fiber's Code of Conduct.
  • [X] I have checked for existing issues that describe my suggestion prior to opening this one.
  • [X] I understand that improperly formatted feature requests may be closed without explanation.
Created at 5 days ago
issue comment
middleware/requestid: mention that the default UUID generator exposes the number of requests made to the server

For v3, I'd make the utils.UUIDv4 generator the default. Personally, I'd recommend anyone to go for the more privacy-preserving option. Leaking the number of requests to me is quite a no-go and should not be the default choice here.

What do you think?

Created at 5 days ago
pull request opened
middleware/requestid: mention that the default UUID generator exposes the number of requests made to the server
Created at 5 days ago
create branch
leonklingele create branch middleware-requestid-better-privacy
Created at 5 days ago
started
Created at 1 week ago
started
Created at 1 week ago
started
Created at 1 week ago
leonklingele create branch go-mod-update-to-github.com/leonklingele/grouper-v1.1.1
Created at 1 week ago