GitHub/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-06-07 21:04:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implement CSRF protection and security hardening across the application (#4179)

Browse Source 
* Implement CSRF protection and security hardening across the application

- Added CSRF token handling in axios requests and HTML templates.
- Introduced CSRF middleware to validate tokens for unsafe HTTP methods.
- Implemented login limiter to prevent brute-force attacks.
- Enhanced security headers in middleware for improved response security.
- Updated login notification to include safe metadata without passwords.
- Added tests for CSRF middleware and login limiter functionality.

* fix
This commit is contained in:
Farhad H. P. Shirvan
2026-05-07 23:36:11 +02:00
committed by GitHub
parent a1b2382877
commit 10ebc6cbdc
28 changed files with 525 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
web/controller/xui.go
View File

@@ -1,6 +1,8 @@
package controller
import (
"github.com/mhsanaei/3x-ui/v2/web/middleware"
"github.com/gin-gonic/gin"
)
@@ -23,6 +25,7 @@ func NewXUIController(g *gin.RouterGroup) *XUIController {
func (a *XUIController) initRouter(g *gin.RouterGroup) {
g = g.Group("/panel")
g.Use(a.checkLogin)
g.Use(middleware.CSRFMiddleware())
g.GET("/", a.index)
g.GET("/inbounds", a.inbounds)