Gusted 1ce33aa38d fix: extend forgejo_auth_token table ... - Add a `purpose` column, this allows the `forgejo_auth_token` table to be used by other parts of Forgejo, while still enjoying the no-compromise architecture. - Remove the 'roll your own crypto' time limited code functions and migrate them to the `forgejo_auth_token` table. This migration ensures generated codes can only be used for their purpose and ensure they are invalidated after their usage by deleting it from the database, this also should help making auditing of the security code easier, as we're no longer trying to stuff a lot of data into a HMAC construction. -Helper functions are rewritten to ensure a safe-by-design approach to these tokens. - Add the `forgejo_auth_token` to dbconsistency doctor and add it to the `deleteUser` function. - TODO: Add cron job to delete expired authorization tokens. - Unit and integration tests added.		2024-11-15 10:59:36 +01:00
..
actions
activitypub
analyze
assetfs
auth
avatar
base
cache
charset
container
csv
emoji
eventsource
forgefed
generate
git
gitgraph
gitrepo
graceful
hcaptcha
highlight
hostmatcher
html
httpcache
httplib
indexer
issue/template
json
keying
label
lfs
log
markup
mcaptcha
metrics
migration
nosql
optional
options
packages
paginator
pprof
private
process
proxy
proxyprotocol
public
queue
recaptcha
references
regexplru
repository
secret
session
setting
sitemap
ssh
storage
structs
svg
sync
system
templates
test
testlogger
timeutil
translation
turnstile
typesniffer
updatechecker
uri
user
util
validation
web
webhook
zstd