Leisuretimedock/blessing-skin-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,402 Commits 10 Branches 89 Tags 24 MiB
7717a1f93f
Commit Graph

92 Commits

Author SHA1 Message Date
shhzhang
3d42aab16d [Security] Dynamic Email Verification & Password Reset Links 
**Problem**
1. **Static Signature Vulnerability**:
   - Email verification links used a static signature algorithm (same link for lifetime), allowing account hijacking if links were leaked.
   - *Worst-case scenario*: Compromised AppKey + leaked link → full-site account under danger.
2. **Overly Long Reset Window**:
   - Password reset links remained valid for 1 hour, enabling attackers to hijack accounts if intercepted.
   - *Worst-case scenario*: Compromised AppKey + leaked link → full-site account account take over.

 **Solution**
- **Email Verification**:
  - Replaced static signatures with **HMAC-SHA256 + timestamp + nonce**.
  - Links are now **one-time-use** and expire immediately after verification.
- **Password Reset**:
  - Reduced validity window from 1h → **5 minutes**.
  - Added rate limiting to prevent brute-force attacks.

 **Impact**
- **Closed Communities**: Critical for real-name systems (e.g., gaming, enterprise).
- **AppKey Leak Mitigation**: Even with leaked AppKey, intercepted links are now useless.

The commit message is translated by Deepseek due to my poor English.
 2026-01-24 23:16:39 +08:00
Pig Fang
7e04f72292
support dark mode UI 2021-06-06 14:27:21 +08:00
Pig Fang
6226784b10
apply php-cs-fixer fixes 2021-05-04 18:17:45 +08:00
Pig Fang
eae6ff887c
remove "tymon/jwt-auth" package 2021-01-30 16:43:14 +08:00
Pig Fang
311b0690fc
upgrade Laravel to 8 2020-10-14 11:56:34 +08:00
Pig Fang
9c5945235c
update type definition 2020-06-28 16:14:56 +08:00
Pig Fang
b9a40af92d add more fillable fields on models 2020-06-06 15:48:43 +08:00
Pig Fang
291efe730f rewrite reports management page with React 2020-05-15 11:05:04 +08:00
Pig Fang
94642a7cd7 tweak 2020-05-14 09:30:20 +08:00
Pig Fang
3e1a10a461 rewrite users management page with React 2020-05-13 18:12:01 +08:00
Pig Fang
00eaa15cf2 add PHPDoc 2020-04-19 19:36:39 +08:00
Pig Fang
dcd48a086c fix notifying failed plugin 2020-03-10 15:12:03 +08:00
Pig Fang
0eb7d50d1c upgrade to Laravel 7 2020-03-09 12:29:00 +08:00
Pig Fang
6ead313999 Apply php-cs-fixer 2019-12-14 11:10:37 +08:00
Pig Fang
98522a5cce
Apply fixes from StyleCI (#96) 
[ci skip] [skip ci]
 2019-09-07 11:00:35 +08:00
Pig Fang
63ac1c11dd Revert 2019-08-24 10:22:26 +08:00
Pig Fang
372c7768d0
Apply fixes from StyleCI (#93) 
[ci skip] [skip ci]
 2019-08-15 23:27:29 +08:00
Pig Fang
eae0c07ff6 Simplify code 2019-08-08 15:37:38 +08:00
Pig Fang
dcf7300499 Perform type cast before returning value 2019-08-08 15:23:37 +08:00
Pig Fang
9209febd96 Don't convert remember_token field 2019-08-08 14:31:03 +08:00
Pig Fang
d9262c055c Convert SQL query of user model 
Automatically, for data integration.
 2019-08-08 11:55:22 +08:00
Pig Fang
3f4837bb35 Refactor user model 2019-07-30 15:12:31 +08:00
Pig Fang
67bcfc65a5 Refactor user model 2019-07-30 14:29:02 +08:00
Pig Fang
7a7cc2ddd9 Notifications 2019-07-03 16:19:13 +08:00
Pig Fang
7224b32c8f Add more tests 2019-04-27 23:20:42 +08:00
Pig Fang
e2c125648f Support OAuth2 2019-04-25 23:24:24 +08:00
Pig Fang
6507f2699f Support JWT authentication 2019-04-23 10:05:58 +08:00
Pig Fang
8eb174a6dc
Apply fixes from StyleCI (#35) 2019-04-19 19:36:36 +08:00
Pig Fang
53b305393c Remove unused model scope 2019-04-07 23:03:00 +08:00
Pig Fang
3b55adc445 Rename variables 2019-04-03 10:12:51 +08:00
Pig Fang
cd1efcdcfc Hide vital fields 2019-03-23 17:40:02 +08:00
Pig Fang
b4ef665848 Refactor 2019-03-23 00:20:28 +08:00
Pig Fang
aec3fe4a87 Support limiting single player 2019-03-22 21:40:12 +08:00
Pig Fang
1afa36e8e9
Apply fixes from StyleCI (#18) [skip ci] 
This pull request applies code style fixes from an analysis carried out by [StyleCI](https://github.styleci.io).

---

For more information, click [here](https://github.styleci.io/analyses/zYNYDd).
 2019-03-15 00:03:54 +08:00
Pig Fang
5915b3ec17 Reimplementing closet 2019-03-14 23:55:49 +08:00
Pig Fang
3cf19d8656
Apply fixes from StyleCI (#11) 
This pull request applies code style fixes from an analysis carried out by [StyleCI](https://github.styleci.io).

---

For more information, click [here](https://github.styleci.io/analyses/8wKwbZ).
 2019-03-02 22:58:37 +08:00
Pig Fang
e528547b89
Laravel 5.8 (#5) 2019-02-27 23:44:50 +08:00
Pig Fang
0d4f34770e fix tests 2019-02-17 20:12:42 +08:00
Pig Fang
46e7ef256d simplify 2019-02-17 09:11:57 +08:00
Pig Fang
2305a80102 Remove Utils class 2018-08-17 22:54:26 +08:00
Pig Fang
b5468cc143 Support email verification 2018-08-17 12:32:44 +08:00
Pig Fang
fdf618b2be Use Laravel's auth system and use another captcha generator 2018-07-20 14:42:43 +08:00
Pig Fang
389de2aa84 Refactor 2018-07-19 10:33:28 +08:00
Pig Fang
fa1c780786 Rename method on User model 2018-07-19 10:31:44 +08:00
printempw
5e00131db4 Fix tests for SQLite database 2018-02-23 10:22:11 +08:00
printempw
6a977b6de4 Add support for SQLite database 2018-02-22 21:38:23 +08:00
printempw
dd3f645e80 Adjust code style due to my OCD 2018-02-16 17:31:10 +08:00
Pig Fang
776a0a67ae test(model): add tests for "User" model 2017-12-27 18:40:16 +08:00
Pig Fang
99aee71cc8 Add tests for UserController 2017-11-18 13:25:08 +08:00
Pig Fang
ed27972608 Add tests for ClosetController 2017-11-04 20:25:54 +08:00