eikendev
eikendev
Currently, notifications that are read on one client are not automatically read on other clients. This means, when working on a PC and reading the notifications, the mobile phone would...
If someone doesn't want to run PushBits behind a proxy, this feature enables them to still use HTTPS. Shouldn't be too difficult using Gin's [RunTLS](https://pkg.go.dev/github.com/gin-gonic/gin#Engine.RunTLS) function.
[Gotify](https://gotify.net/docs/more-pushmsg) and [Pushover](https://pushover.net/) both have a collection of examples for sending notifications with their product. It probably makes sense for us to showcase similar examples for PushBits.
Most importantly, we should enable authentication via, e.g., OAuth bearer tokens, and support 2FA.
Either we disallow this to happen completely, so a user is bound to its Matrix ID, or we kick the existing Matrix ID and invite the new one.
Having E2E in Matrix is nice, but to make it effective against active attackers requires that the keys are verified. As a first step, we need to implement an API...
I think most importantly, [authentication errors](https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#authentication-and-error-messages) should be generic. Also, usernames could be made [case-insensitive](https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#user-ids).
[PostgreSQL](https://www.postgresql.org/) is a great database, but I haven't found time to implement this yet.
Could leverage, e.g., [syft](https://github.com/anchore/syft).
Hi everyone, When I ran [sectxt](https://github.com/eikendev/sectxt) against securitytxt.org, I noticed that the [security.txt file](https://securitytxt.org/.well-known/security.txt) is not validated successfully. ``` $ curl -LSs https://raw.githubusercontent.com/securitytxt/securitytxt.org/master/.well-known/security.txt | hexyl ┌────────┬─────────────────────────┬─────────────────────────┬────────┬────────┐ │00000000│ 2d 2d 2d...