fix(security): redesign password reset tokens using crypto/rand with server-side storage

- Replace SHA512-based deterministic token with 32-byte crypto/rand token
- Store tokens server-side with 1-hour expiry and single-use semantics
- Remove genToken (previously broken due to time.Add immutability bug)
- Add CSRF double-submit cookie protection to change/lost/reset forms
- Remove token from form action URL (use hidden fields only, POST body)
- Add MailFrom field and SMTP_FROM env var for configurable sender address
- Add SMTP_PASSWORD_FILE env var for secure SMTP password loading
- Add PUBLIC_URL env var and --public-url flag for configurable reset link domain
- Use generic error messages in handlers to avoid information disclosure

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

This commit is contained in:

nemunaire

2026-03-06 14:44:29 +07:00

parent a2f368eb02

commit 57775bbf89

9 changed files with 193 additions and 83 deletions

									
										1

ldap.go
									
										View file
										
				@ -23,6 +23,7 @@ type LDAP struct {

					MailPort        int

					MailUser        string

					MailPassword    string

					MailFrom        string

				}

				func (l LDAP) Connect() (*LDAPConn, error) {

Rows
Columns

fix(security): redesign password reset tokens using crypto/rand with server-side storage

1 ldap.go Unescape Escape View file

1

ldap.go

View file