This is a simple forum where you can share posts and discuss topics with others.
Features:
- Create and share posts
- Edit and delete your posts
- Comment on posts
- Vote on posts and comments
- Filter posts by categories
- Change your password
make allTry running
make helpto see what else is available. (Makeis not a package.)
And go to localhost:4001 in your browser.
- Build the image:
docker build -t go-forum-sqlite .- Create the necessary tables:
sqlite3 data/db.sqlite < data/init.sqlThe database name is –
db.sqlite. Usesqlite3 ./data/db.sqliteto run queries withsqlite3.
- Run the container:
docker run -d -p 4001:4001 -v "$(pwd)/data:/app/data" --name go_forum go-forum-sqliteAnd go to localhost:4001 in your browser.
You can see the post created by you and the posts you liked on account page after you log in.
Some additional functionality as password update and post edit/delete is implemented. Moreover, I added pagination for scalability and faster load times. Although not relevant to audit, the backend handles some of the critical vulnerabilities when making custom request. For instance, creating likes for non-existent posts, or editing someone else's posts.
I personally think that these must be handled, and I will check for it if I get to audit Forum. However, other non-mutating request that result in 505 Server Error that can be seen only by sending custom requests, in my opinion, are okay.
Besides that, personally, I think the single-session behavior required by audit is unreasonable. No website in my experience has this behavior.
- The look of the website is inspired by hackernews.
- Session manager is inspired by Alex Edwards's scs package.
- Special thanks to all the people that helped to test this project and make it better.
@byesbols