simonamor

diff -u Catalyst/Request.pm.orig Catalyst/Request.pm
--- Catalyst/Request.pm.orig    2020-10-06 10:17:47.549710876 +0100
+++ Catalyst/Request.pm   2020-10-06 10:17:31.352855930 +0100
@@ -130,6 +130,7 @@

     if($match) {
       my $fh = $self->body;
+      seek($fh,0,0);
       local $_ = $fh;
       return $self->data_handlers->{$match}->($fh, $self);

simonamor

package MyApp;

...

use Catalyst qw/
    ConfigLoader
    Static::Simple

    Authentication
    Authorization::Roles

simonamor

--- Catalyst/Plugin/Session/State/Cookie.pm.orig      2020-08-07 15:40:56.855643211 +0100
+++ Catalyst/Plugin/Session/State/Cookie.pm   2020-08-07 11:53:35.131890154 +0100
@@ -81,6 +81,10 @@
     $cookie->{httponly} = 1
         unless defined $cookie->{httponly}; # default = 1 (set httponly)

+    $cookie->{samesite} = $cfg->{cookie_samesite};
+    $cookie->{samesite} = "Lax"
+        unless defined $cookie->{ samesite}; # default = Lax
+

simonamor

[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
#After=mysqld.service
#After=postgresql.service
#After=memcached.service
#After=redis.service

[Service]

simonamor

Rate limit login attempts - after 3 failures, include a captcha

When prompting for the username/email address, provide the same response if the username exists as if it doesn't exist. "An email has been sent to x---@y----.--- with instructions" This prevents username enumeration.

Token generation - create a token, send it by email and store a HASHED version of the token (plain SHA-2 is sufficient) in the database.
Token should expire within 2 hours, perhaps only 30 minutes.

The email should include:
- a link to the password reset page to get a new token if the old one has expired
- the requestors IP address

simonamor

use DBIx::Class::DeploymentHandler;

# (removed standard Catalyst app module stuff)

# Start the application
__PACKAGE__->setup();

my $model = __PACKAGE__->model('DB');
my $dh = DBIx::Class::DeploymentHandler->new({
    schema => $model->schema,

simonamor

{
    package SomeResult;
    use strict;
    use warnings;
    use base 'DBIx::Class::Core';

    __PACKAGE__->table("foo");
    __PACKAGE__->add_columns(
        foo_id => {
            data_type => "integer",

simonamor

cpanm (App::cpanminus) 1.7040 on perl 5.020001 built for x86_64-linux
Work directory is /home/cat/.cpanm/work/1477423518.6044
You have make /usr/bin/make
You have LWP 6.15
You have /bin/tar: tar (GNU tar) 1.23
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

simonamor

package MyApp::Controller::Root;
use Moose;
use namespace::autoclean;

BEGIN { extends 'Catalyst::Controller' }

__PACKAGE__->config(namespace => '');

sub chain_root :Chained('/') :PathPart('') :CaptureArgs(0) {
  my ($self,$c) = @_;

simonamor

package MyApp::Base;

sub new {
    my $class = shift;
    my $self = { abc => "def", xyz => "123" };
    bless $self, $class;
    return $self;
}

sub get_abc {