HackMD/lib
Sheogorath 70df29790a
Add token based security feature
In the current setup users could be tricked into deleting their data by
providing a malicious link like `[click me](/me/delete)`. This commit
prevents such an easy attack and need the user's deleteToken to get his
data deleted. In case someone requests his deletion by email you can
also ask him for this token.

We can add a GUI that shows it later on.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-25 18:26:06 +02:00
..
config Revert "Workaround Google API problems" 2018-05-16 01:31:50 +02:00
migrations Add token based security feature 2018-05-25 18:26:06 +02:00
models Add token based security feature 2018-05-25 18:26:06 +02:00
ot Change config to camel case with backwards compatibility 2018-03-25 19:08:14 +02:00
web Add token based security feature 2018-05-25 18:26:06 +02:00
workers refactor: Remove require extension filename 2017-05-08 19:29:06 +08:00
csp.js Fix CSP for disqus and Google Analytics 2018-03-30 16:33:52 +02:00
history.js Improve history migration performance 2018-03-10 16:51:00 +08:00
letter-avatars.js Move letter-avatars into own request 2018-04-17 19:06:59 +02:00
logger.js refactor(logger): Refactor logger.js 2017-05-08 19:24:37 +08:00
realtime.js Fix requests for deleted users 2018-05-25 16:15:18 +02:00
response.js Add token based security feature 2018-05-25 18:26:06 +02:00
utils.js switch to __dirname 2017-06-02 11:34:35 +01:00