4 Commits

Author	SHA1	Message	Date
Jarek Kowalski	e57020fb70	test(repository): server testability refactoring (#2612) ... - removed repo.OpenAPIServer() which was only needed for testability - introduced servertesting package to replace it	2022-12-01 06:27:52 +00:00
Jarek Kowalski	98f3473b67	refactor(snapshots): extracted snapshotfs.Verifier component (#1921) ... * refactor(snapshots): extracted snapshotfs.Verifier component * refactor(repository): added tests for snapshotfs.Verifier, misc cleanups * fixed data race * fixed atomic alignment * nit	2022-05-02 04:03:28 +00:00
Jarek Kowalski	3d58566644	fix(security): prevent cross-site request forgery in the UI website (#1653) ... * fix(security): prevent cross-site request forgery in the UI website This fixes a [cross-site request forgery (CSRF)](https://en.wikipedia.org/wiki/Cross-site_request_forgery) vulnerability in self-hosted UI for Kopia server. The vulnerability allows potential attacker to make unauthorized API calls against a running Kopia server. It requires an attacker to trick the user into visiting a malicious website while also logged into a Kopia website. The vulnerability only affected self-hosted Kopia servers with UI. The following configurations were not vulnerable: * Kopia Repository Server without UI * KopiaUI (desktop app) * command-line usage of `kopia` All users are strongly recommended to upgrade at the earliest convenience. * pr feedback	2022-01-13 11:31:51 -08:00
Jarek Kowalski	5f04fad003	ui: major improvements to new snapshot flow (#1565) ... * ui: changed how PolicyEditor is instantiated via a route * server: added paths/resolve API * server: refresh affected source manager after policy change Also switched 15-second refresh cycle which is way too aggressive to 30-minute cycle (manual refresh button can be used if needed). * policy: allow overriding top-level policy for estimation * server: changed source create API to always require policy * ui: streamlined new snapshot and estimate flow * linter fix	2021-12-04 22:13:10 -08:00