greg/rss-reader
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
739406336b
rss-reader/TODO.md
Greg Shuflin bfbb458c4e TODO file
2025-02-03 18:21:06 -08:00

979 B
Raw Blame History

TODO List

Security Improvements

Make Server Secret Configurable

Currently, the server secret used for cookie encryption is not configurable and uses Rocket's default. We should:

  • Add a configuration option for the server secret
  • Allow it to be set via environment variable or config file
  • Generate and persist a random secret on first run if none is provided
  • Add documentation about the security implications of the secret

Improve Session Management

Current session management is basic and needs improvement:

  • Replace simple user_id cookie with a proper session system
  • Add session expiry and renewal logic
  • Store sessions in the database with proper cleanup
  • Add ability to revoke sessions
  • Consider adding "remember me" functionality
  • Add session tracking (last used, IP, user agent, etc.)

Reference: Current basic implementation in user.rs with the comment:

// TODO there should be a more complicated notion of a session