30 dépôts
Utilities for encoding and encrypting web cookies to ensure data privacy and integrity.
Distinguishing note: Focuses on cookie-specific security rather than general session management.
Explore 30 awesome GitHub repositories matching security & cryptography · Cookie Security. Refine with filters or upvote what's useful.
The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral
Enforces secure attributes and storage practices to prevent unauthorized session cookie access.
Hono is a lightweight web framework built on Web Standard APIs that executes across JavaScript runtimes including Cloudflare Workers, Deno, Bun, and Node.js.
Ensures cookie data integrity by applying cryptographic signatures using HMAC SHA-256.
Next-auth is an authentication library and identity framework used to manage user sign-in and session state across web applications. It provides a system for handling user identity through OAuth, OpenID Connect, and passwordless sign-in flows. The project features a multi-provider framework that integrates third-party identity services and custom directory backends. It supports passwordless authentication via email magic links or hardware keys and utilizes a database-agnostic storage layer to persist authentication states across different database types or in-memory. Security is managed thro
Secures session identifiers using encrypted payload data and restrictive cookie security flags.
This project provides a comprehensive implementation of the WebSocket protocol, enabling persistent, bidirectional communication between clients and servers. It handles the low-level complexities of the protocol, including the initial HTTP upgrade handshake and the encapsulation of data into discrete binary frames. By managing these connections, it allows applications to exchange data instantly without the overhead associated with repeated standard request cycles. The library distinguishes itself through its focus on high-frequency message exchange and concurrent connection management. It uti
Protects client-side data by encoding and encrypting cookie values to prevent tampering.
This project is a request router and web framework for the Go programming language. It provides a toolkit for matching incoming HTTP network requests to specific handler functions by evaluating criteria such as URL paths, request methods, headers, and hostnames. The framework distinguishes itself through its flexible matching capabilities, which include support for regular expressions and dynamic variable extraction from URL segments. It allows developers to organize routes into logical hierarchies, share common path prefixes, and maintain a central registry of named routes to facilitate prog
Provides secure cookie handling with authentication and encryption to prevent tampering and unauthorized access.
Elysia is a high-performance TypeScript web framework designed for building type-safe backend services. It provides a modular, plugin-based architecture that allows developers to compose server logic, middleware, and validation schemas into scalable application instances. By leveraging native web standards, the framework ensures portability across diverse JavaScript runtimes, including Node.js, Deno, and various edge computing environments. The framework distinguishes itself through its focus on end-to-end type safety, automatically synchronizing request and response definitions between the s
Secures cookies by appending cryptographic hashes to verify authenticity and prevent tampering.
node-lessons is a comprehensive Node.js programming course and instructional guide. It provides a collection of guided lessons and code examples designed to teach the fundamentals of the Node.js runtime and server-side JavaScript development. The project serves as a practical guide for building web servers and backend applications, specifically covering the implementation of HTTP servers, request routing, and middleware chains. It includes specialized instructional material on managing asynchronous JavaScript workflows through promises and flow control, as well as guides for integrating NoSQL
Implements cryptographic signatures on cookies to detect and prevent client-side data tampering.
Quarkus is a Kubernetes-native Java framework designed for building high-performance, memory-efficient applications. It utilizes ahead-of-time native compilation to transform Java code into standalone, optimized binaries that eliminate the need for a virtual machine, enabling rapid startup and reduced memory consumption. By performing code augmentation during the build phase, it shifts heavy processing tasks away from runtime, ensuring that applications are optimized for cloud-native environments. The framework distinguishes itself through a unified approach to reactive and imperative program
Appends SameSite security attributes to cookies to mitigate cross-site request forgery risks.
node-http-proxy is a Node.js HTTP proxy library used for forwarding requests to target servers. It functions as reverse proxy middleware capable of mapping incoming routes to target destinations and transforming request and response data streams. The library includes a WebSocket proxy gateway that upgrades standard HTTP connections into bidirectional streams between clients and backend servers. It also provides a response transformer for modifying bodies, location headers, and cookie domains. The project covers traffic routing management via rule-based translation tables and secure connectio
Modifies location hostnames, protocols, and cookie domains in responses to ensure correct client routing.
node-http-proxy is a Node.js HTTP proxy library and toolkit used to create programmable reverse proxies, load balancers, and traffic routers. It functions as a system for forwarding HTTP and WebSocket traffic from clients to backend target servers. The project provides capabilities for translating incoming request paths into backend addresses using programmable matching rules. It supports the creation of bidirectional tunnels to facilitate real-time communication via WebSocket proxying. The library covers the modification of request and response headers, including the rewriting of cookies an
Updates hostnames, protocols, and cookie domains in response headers to maintain session consistency.
Revel is a full-stack web framework and toolkit for building applications with the Go language. It implements a model-view-controller architecture to separate business logic from user interface rendering, providing a comprehensive system for routing, parameter binding, and session management. The project distinguishes itself with a high-productivity development environment featuring automatic code compilation and hot-reloading, which refreshes the application state and templates upon file changes without requiring manual restarts. It also employs reflection-based parameter binding to automati
Appends cryptographic signatures to browser cookies using a secret key to ensure session data integrity.
This project is a Node.js HTTP reverse proxy middleware designed to route incoming HTTP and WebSocket traffic to target backend services. It functions as a dynamic routing engine and API gateway tool, providing the capability to consolidate multiple backend services behind a single entry point. The middleware features a WebSocket proxy bridge that manages protocol upgrade handshakes to maintain persistent bidirectional communication. It also includes a request and response transformer used to intercept and modify headers, bodies, and URL paths during transit. The system provides broad traffi
Adjusts domain and path settings within set-cookie headers to maintain routing consistency in proxied environments.
livego is a live streaming server written in Go that receives live video streams and broadcasts them to viewers in real time. It functions as a multi-protocol video gateway, serving as a backend for ingesting video and redistributing it through RTMP, HLS, and HTTP-FLV protocols. The server features dynamic protocol transmuxing to convert ingested streams into different formats for device compatibility and low-latency playback. It provides secure stream access and ingestion by validating unique channel keys and using security tokens. The system includes capabilities for encrypted stream deliv
Verifies unique channel keys and security tokens to prevent unauthorized video ingestion or playback.
LearnPython is a programming tutorial consisting of a collection of practical code examples used to demonstrate Python language features and programming patterns. It serves as a comprehensive learning resource that implements core language concepts through functional code. The project provides specialized guides and samples covering several key domains. These include asynchronous network programming with event loops and coroutines, data visualization using numerical datasets for 2D and 3D plots, and web scraping for fetching content and automating login flows. It also features instructions on
Implements token-based validation to restrict access to specific API resources.
Mindoc is a self-hosted documentation portal and API documentation management system built as a Golang web application. It serves as a markdown documentation engine for authoring, organizing, and sharing technical interface documentation and database dictionaries. The system persists project data and user accounts using MySQL or SQLite databases. The platform distinguishes itself by integrating diagrams-as-code rendering via Mermaid syntax, allowing flowcharts, sequence diagrams, and Gantt charts to be generated directly from text. It supports a flexible content pipeline that combines markdow
Protects private project spaces by requiring unique security tokens for unauthorized or external access.
WVP-GB28181-Pro is a video surveillance platform built around the GB28181 standard, functioning as a streaming media server that manages GB28181-compliant cameras and NVRs. It also serves as a JT/T 808 vehicle gateway, bridging JT/T 808 and JT/T 1078 vehicle devices into the surveillance network, and acts as a multi-protocol video aggregator that unifies GB28181, JT/T 808, JT/T 1078, and ONVIF protocols under a single management interface. The platform supports NAT traversal for connecting devices across different network segments and ingests video from GB28181, ONVIF, and RTSP sources, output
Requires a signed token validated before media delivery to prevent unauthorized stream access.
This project is a learning guide and collection of study notes designed to teach Node.js backend development. It provides a comprehensive core API reference and practical demonstrations for implementing server-side logic, network programming, and system APIs. The guide specifically covers advanced technical domains including process management for scaling applications via clusters and child processes, as well as network programming for building TCP, UDP, and HTTP services. It also includes detailed instructional material on security implementation, focusing on cryptographic hashing and encryp
Implements cryptographic signature appending to cookies to prevent client-side tampering and ensure integrity.
ZeroByte is a backup management platform built around the Restic backup engine, providing encrypted, deduplicated, and compressed snapshots across multiple storage backends. It offers a web interface for scheduling, monitoring, and managing backup operations, with support for cron-based job scheduling and configurable retention policies that automatically prune older snapshots. The platform distinguishes itself through comprehensive multi-protocol volume mounting, allowing backup ingestion from NFS, SMB, WebDAV, SFTP, and rclone-backed sources alongside local directories. It includes a snapsh
Configures secure cookie attributes for the web interface based on BASE_URL.
Oak est un framework de middleware HTTP multi-runtime et un serveur web conçu pour fonctionner sur Deno, Node.js, Bun et Cloudflare Workers. Il fournit un système unifié pour construire des API et des serveurs web en utilisant une chaîne séquentielle de fonctions middleware et un moteur de routage hiérarchique qui mappe les chemins d'URL aux gestionnaires via une structure d'arbre imbriquée. Le framework inclut un adaptateur serverless agnostique au runtime qui traduit divers événements de fournisseurs cloud en une interface standard de requête et de réponse. Il dispose également d'une implémentation dédiée de serveur WebSocket pour une communication bidirectionnelle en temps réel et un gestionnaire de session web qui utilise la signature de cookies asynchrone et le stockage persistant. Le projet couvre un large éventail de capacités serveur, incluant le service de fichiers statiques, la négociation de contenu et l'analyse de données multipart. Sa surface de sécurité et d'observabilité inclut des outils pour valider les JSON Web Tokens, configurer les en-têtes de sécurité, journaliser le trafic HTTP et simuler des requêtes d'application à des fins de test.
Implements cryptographic signing for cookies to ensure session data integrity and prevent client-side tampering.
Mercure est un courtier de messages basé sur HTTP et un serveur pub/sub en temps réel qui route les mises à jour de données asynchrones vers des abonnés autorisés. Il fonctionne comme un hub centralisé qui reçoit des données via des requêtes HTTP standard et les diffuse aux clients web en utilisant le protocole Server-Sent Events. Le projet se distingue en remplaçant les WebSockets par une connexion HTTP unidirectionnelle, tirant parti de HTTP/2 et HTTP/3 pour une livraison multiplexée à faible latence. Il implémente une couche de contrôle d'accès sécurisée utilisant JSON Web Tokens (JWT) et JSON Web Signatures (JWS) pour valider l'identité des éditeurs et des abonnés, et prend en charge le chiffrement de bout en bout des charges utiles via JSON Web Encryption (JWE). Le système couvre le clustering haute disponibilité et la mise à l'échelle horizontale pour les architectures pilotées par les événements, y compris la récupération de l'historique des événements pour réconcilier les mises à jour manquées après les déconnexions des clients. Sa surface opérationnelle inclut la surveillance des performances, le suivi de la présence des clients et la limitation des requêtes (throttling). Le hub peut être déployé en tant que binaire auto-hébergé, au sein d'environnements conteneurisés comme Kubernetes, ou via un service de provisionnement géré.
Authorizes publishers and subscribers by validating signed tokens provided via headers, cookies, or query parameters.