NoLog.cz/decide.nolog.cz
6
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
476 commits 1 branch 0 tags 22 MiB
Commit graph

12 commits

Author SHA1 Message Date
jelhan
dec12d81a7 move legacy support to api 2015-10-17 15:44:27 +02:00
jelhan
38eecd64ff PHP 7 is right: an empty string is not a valid JSON 2015-08-23 19:04:58 +02:00
jelhan
b9bef69977 user has to proof that he knows encryption key when he participates 
Therefore sha256 hash of encryption key is validated against one which is stored
on server on poll creation.
This one is transfered as X-Croodle-Proof-Key-Knowledge HTTP HEADER.

Prevents an attacker of transmitting data with wrong encryption key, which
would cause decryption errors for legit users.
 2015-08-23 18:56:41 +02:00
jelhan
6ed0cc367a reimplement expiration date in new api models 2015-08-23 06:18:05 +02:00
jelhan
09c8310bb6 rewritten API models 2015-08-22 23:47:31 +02:00
jelhan
1bcee719d1 user id has to be unique 2015-08-19 15:30:33 +02:00
jelhan
450a78255d expiration date should also be encrypted on get; 
therefore we have to duplicate it in store:
* encrypted for to serve for clients (encryptedExpirationDate)
* unencrypted for server to check if it's exceeded (serverExpirationDate)
serverExpirationDate should never be send to client
 2015-08-18 21:53:52 +02:00
jelhan
2ad55da50c create tmp data dir for tests if it does not exist 2015-08-01 21:37:15 +02:00
jelhan
200b25be5d Fix: .gitignore where to strict for codeception 2015-08-01 21:30:14 +02:00
jelhan
e94ee685ea tests for api using codeception 2015-08-01 21:05:22 +02:00
jelhan
d1c8646bda rewritten api using Slim Framework 2015-08-01 18:42:48 +02:00
jelhan
fe878c61ba move api into own directory 2015-07-31 23:26:46 +02:00