lywsvip/server
1
0
Fork 0
mirror of https://github.com/gotify/server.git synced 2026-05-06 21:42:07 +08:00
Code Issues Packages Projects Releases Wiki Activity
834 Commits 19 Branches 69 Tags
master
Commit Graph

63 Commits

Author SHA1 Message Date
Jannis Mattheis
ef36e7538d fix: /client:elevate to /client/:id/elevate 2026-04-26 12:41:02 +02:00
Jannis Mattheis
a8744482c6 fix: enforce elevated authentication 2026-04-19 19:24:18 +02:00
Jannis Mattheis
c256025b9f fix: return client id and elevatedUntil on /current/user 2026-04-19 19:24:18 +02:00
Jannis Mattheis
58677b32ef fix: add client elevatedUntil 2026-04-19 19:22:31 +02:00
Jannis Mattheis
d432900486 fix: logout to /auth/logout and swagger docs 
With session elevation, we cannot use DELETE /client as this requires
elevation. It should be possible to logout without an elevated session.

This makes the logout endpoint public api to be used by the android app.
 2026-04-19 18:00:16 +02:00
Jannis Mattheis
8dbb0c80dd fix: increase api version 2026-04-11 18:53:48 +02:00
Jannis Mattheis
6d53859b77 feat: add external oidc flow 
Add two new endpoints for native app OIDC authentication using the
PKCE relay pattern (similar to Vaultwarden's SSO implementation):

- POST /auth/oidc/external/authorize - accepts a PKCE code_challenge
from the client, forwards it to the IdP, and returns the authorize URL
- POST /auth/oidc/external/token - accepts the auth code and
code_verifier, relays them to the IdP for token exchange, and returns
a gotify client token

The server never generates its own PKCE pair for this flow. It then relays
the client's code_challenge to the IdP during authorization and the
code_verifier during token exchange. The IdP validates the binding.
Pending auth sessions are stored in memory with a 10-minute TTL.

CSRF protection is provided by the state parameter, which contains a
cryptographically random nonce and is validated on the token exchange.
The state is single-use (deleted from the pending session map on lookup),
preventing replay attacks. Even without single-use enforcement, replay
would be harmless since the IdP's authorization code can only be
exchanged once.
 2026-04-11 18:53:48 +02:00
Jannis Mattheis
f130ebe194 fix: add /gotifyconfig endpoint 2026-04-11 18:53:48 +02:00
Jannis Mattheis
cfaddfe255 feat: oidc 2026-04-11 18:53:48 +02:00
Jannis Mattheis
6f8f03f293 fix: docs indention 2026-04-11 18:53:48 +02:00
Jannis Mattheis
278b873b5b feat: add sort_key to backend 2026-01-24 13:28:40 +01:00
Jannis Mattheis
9592cc95c9 fix: update go-swagger 2023-09-16 21:06:54 +02:00
eternal-flame-AD
7bf80ee6f1 Add last used to client & application 2023-08-06 12:30:22 +02:00
chrispruitt
72bd8c8ba6 Add default message priority for applications 
Co-authored-by: Jannis Mattheis <contact@jmattheis.de>
 2023-07-19 18:15:01 +00:00
饺子w (Yumechi)
aedc3e2ba6 Migrate from packr to go:embed (#581) 2023-07-15 08:32:31 +00:00
Helmut K. C. Tessarek
5cd2d5411f Add delete application image endpoint 2023-05-28 13:59:49 +00:00
mateuscelio
f3d121bd61 Adds ClientParams strcut to handle creation and update params 2023-04-28 16:11:40 +02:00
Jannis Mattheis
9d4e37aa87 Fix swagger-ui style 2023-01-10 19:14:41 +01:00
Jannis Mattheis
501aa95347 Update swagger (Fix XSS in swagger-ui) 
GHSA-3244-8mff-w398
https://www.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-account-takeovers/
 2023-01-10 18:21:38 +01:00
mateuscelio
0fb584d7f7 Update docs 2022-12-03 10:45:07 +01:00
Jannis Mattheis
fcd9b88bb7 Fix required mismatch in update & create user 
This shouldn't break the api.
 2022-09-10 16:47:22 +02:00
mateuscelio
f16ce59e6c Prevent setting id while inserting / updating applications 2022-07-24 08:48:14 +00:00
pigpig
c172590b92 Add registration 
Can be enabled via the registration config flag. (disabled per default)

Fixes gotify/server#395

Co-authored-by: pigpig <pigpig@pig.pig>
Co-authored-by: Karmanyaah Malhotra <32671690+karmanyaahm@users.noreply.github.com>
Co-authored-by: Jannis Mattheis <contact@jmattheis.de>
 2021-08-04 19:39:43 +02:00
Jannis Mattheis
757fa17d26 Use int64 as input 2020-06-24 18:32:35 +02:00
Jannis Mattheis
348f96b891 Use int64 instead of uint64 
uint64 isn't a valid swagger format.
https://swagger.io/specification/v2/#dataTypeFormat
 2020-06-24 18:21:04 +02:00
Jannis Mattheis
415dd862f8 Update swagger 2020-05-08 10:43:17 +02:00
Jannis Mattheis
7b90b8a8f5 Use v2 in package path 2020-05-08 10:43:17 +02:00
Jannis Mattheis
0863aba9cb Update packr/v2 2020-03-07 20:15:25 +01:00
Jannis Mattheis
81c4a73df3 Add health api 2019-08-16 09:28:57 +02:00
Noa Amran
44f4ff31cb Fix typos 
Closes #197
 2019-06-27 19:04:48 +02:00
Jannis Mattheis
e9bbe17fa4 Allow markdown in messages (#180) 2019-03-30 11:08:51 +01:00
GianOrtiz
e32359ed15 Add update client api and dialog (#164) 2019-03-16 11:18:51 +01:00
Jannis Mattheis
1d04753296 Update swagger spec 2019-03-01 19:37:31 +01:00
饺子w
ec5b1f8c30 Support reverse proxy with path rewrite (#127) 2019-02-13 18:47:48 +01:00
Jannis Mattheis
a1204a57f8 Fix id in plugins 2019-02-09 13:26:02 +01:00
eternal-flame-AD
e5b24f4c92 Add plugin feature 
Fixed database migration
Added a plugin system based on the go plugin package
 2019-02-09 12:52:01 +01:00
eternal-flame-AD
de09aae987 add extras to message model 2019-02-02 13:06:30 +01:00
Jannis Mattheis
25576e2ed1 Remove packed swagger ui, use cdnjs instead 2019-01-21 19:28:07 +01:00
Jannis Mattheis
19811dafb2 Correctly fill swagger host field 2019-01-03 16:13:32 +01:00
Jannis Mattheis
68b160997d Format all go files 2019-01-01 23:34:42 +01:00
Jannis Mattheis
ec2c3da9d4 Add summary for updateApp and uploadImg api 2018-11-24 11:31:32 +01:00
Jannis Mattheis
9e7859c36c Add missing bad request / not found definitions 2018-11-24 11:31:32 +01:00
Eugene Gavrilov
4a6863eda2 [#69] add end-point for update application name and description 2018-11-23 21:39:07 +01:00
Eugene Gavrilov
0ca18b817c [#71] Make title in message not necessary field 2018-11-14 20:05:24 +01:00
Jannis Mattheis
b58062f508 Fix swagger definition 2018-06-03 10:49:53 +02:00
Jannis Mattheis
caef4ff74f [#34] Update update api documentation & Increase api version 2018-04-13 18:56:11 +02:00
Jannis Mattheis
dcc8ea6b4c Increment API version 2018-03-31 18:44:49 +02:00
Jannis Mattheis
ab7cc7d1e0 Add UploadApplicationImage API to router 2018-03-31 18:44:49 +02:00
Jannis Mattheis
b738115b72 Add Image property to model.Application 2018-03-31 18:44:49 +02:00
Jannis Mattheis
0f2e7cf5e2 Use gofmt -s 2018-03-25 19:33:29 +02:00