fix: resolve 7 audit issues - webhook tokens, cookie security, avatar save, TUI fallback, dead code, valkey default

This commit is contained in:
2026-06-30 13:29:34 -04:00
parent 6f43e4f3a0
commit 2caedc172b
9 changed files with 41 additions and 103 deletions
+12 -5
View File
@@ -21,16 +21,23 @@ func RunAuth(api *APIClient) (string, error) {
email, _ := reader.ReadString('\n')
email = strings.TrimSpace(email)
var password string
fmt.Print(" Password: ")
pwBytes, err := term.ReadPassword(int(syscall.Stdin))
if err != nil {
// Fallback to plain read
fmt.Scanln(&email)
return "", fmt.Errorf("read password: %w", err)
var pwLine string
fmt.Scanln(&pwLine)
password = strings.TrimSpace(pwLine)
fmt.Println()
if password == "" {
return "", fmt.Errorf("read password: %w", err)
}
} else {
fmt.Println() // newline after password
password = strings.TrimSpace(string(pwBytes))
}
fmt.Println() // newline after password
password := strings.TrimSpace(string(pwBytes))
if email == "" || password == "" {
return "", fmt.Errorf("email and password are required")