mike/gashy
1
1
Fork 0
Code Issues Pull requests Releases 12 Packages Wiki Activity Actions
12 releases 12 tags
  • v0.6.0 90cfd1c201

    v0.6.0
    All checks were successful
    CI / validate-branch (push) Has been skipped
    Details
    CI / validate-release-pr (push) Has been skipped
    Details
    Publish / detect-release (push) Successful in 3s
    Details
    Publish / tag (push) Successful in 4s
    Details
    Publish / promote-release (push) Successful in 1s
    Details
    CI / build (push) Successful in 34s
    Details
    CI / security (push) Successful in 34s
    Details
    CI / lint (push) Successful in 2m2s
    Details
    CI / test (push) Successful in 2m17s
    Details
    Stable

    Gravity Bot released this 2026-02-23 03:04:29 +00:00 | 77 commits to main since this release

    v0.6.0 — Auth Expansion

    Traditional Username/Password Authentication

    • OP#1097: DB migration — auth_tokens, password hash, auth provider columns
    • OP#1098: Password hashing service and auth token helpers
    • OP#1101: Login flow — email/password, session creation, rate limiting
    • OP#1099: Registration flow — form, validation, account creation
    • OP#1100: Email confirmation flow
    • OP#1102: Password reset and magic sign-in link flows
    • OP#1103: Invite system — admin-generated signup links
    • OP#1104: Setup wizard — local auth option and admin bootstrap
    • OP#1201: Integration tests — Traditional Auth flows

    Multi-Provider OIDC Support

    • OP#1105: DB migration — oidc_providers table, user provider tracking
    • OP#1106: Refactor OIDCManager for multiple providers
    • OP#1108: Admin UI — OIDC provider CRUD management
    • OP#1107: Login page — multi-provider selection UI
    • OP#1109: Per-provider logout with end-session redirect
    • OP#1110: Setup wizard — multi-provider OIDC configuration
    • OP#1202: Integration tests — Multi-provider OIDC flows

    Real-Time Status Updates (SSE)

    • OP#1437: SSE hub and status broadcast
    • OP#1438: Status batch collector client JS

    Frontend Performance

    • OP#1440: Page prefetch on tab hover
    • OP#1441: Static caching and compression middleware
    • OP#1442: Page tabs, group highlight, page transitions

    Database Schema

    • OP#1444: visible_to_groups column and group-based filtering
    • OP#1445: Page transitions, toolbar config, dashboard transition migrations

    Performance Demo & Speedtest

    • OP#1447: Demo page infrastructure and test page CRUD
    • OP#1448: Speedtest runner with progressive scaling tests
    • OP#1449: Chart rendering library and speedtest template
    • OP#1450: Multi-tab browsing session test
    • OP#1451: Concurrent load test with server-side goroutines

    Security & Code Review Fixes

    • OP#1637: Gate demo write endpoints behind admin auth (CRITICAL)
    • OP#1638: Fix XSS in SSE status HTML builder and templ Raw() calls
    • OP#1639: Fix OIDC session data persistence after login
    • OP#1640: Convert magic login from GET to two-step POST flow
    • OP#1641: Make ProviderSetDefault atomic with single UPDATE
    • OP#1642: Fix seed script to match current schema
    • OP#1643: Fix open redirect via next parameter validation
    • OP#1644: Fix XSS in renderLoginError with html.EscapeString
    • OP#1645: Add per-email rate limit on magic link requests
    • OP#1646: Add cleanup goroutines for in-memory rate limit maps
    • OP#1647: Handle registration uniqueness constraint violation (TOCTOU)
    • OP#1648: Prevent OIDC provider deletion when users are linked
    • OP#1649: Sanitize setup error messages to prevent DB detail leaks
    • OP#1650: Add goose Down sections to migrations 00027 and 00028
    • OP#1651: Cache LoadSettings to avoid per-request DB query
    • OP#1652: Add EventSource cleanup on visibilitychange and beforeunload
    • OP#1653: Add TTL eviction to prefetch cache

    Install

    go get git.bros.ninja/mike/gashy@v0.6.0
    Downloads