feat(api): add support for local management password validation and spoofed IP rejection

- Introduced `newTestServerWithOptions` to customize server initialization in tests.
- Added `TestManagementLocalPasswordRejectsSpoofedForwardedFor` to validate security against spoofed `X-Forwarded-For` headers.
- Enabled default WebSocket authentication (`ws-auth`) in `config.example.yaml`.
- Disabled trusted proxy headers in Gin engine with appropriate logging to enhance security.

This commit is contained in:

Luis Pater

2026-05-18 01:22:45 +08:00

parent 9ef99aa766

commit 605adaa3c2

4 changed files with 30 additions and 2 deletions

CLAUDE.md

View File

				`@@ -0,0 +1 @@`
				`@AGENTS.md`