txeo/cv-site
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add origin validation and rate limiting for PDF endpoint

Browse Source 
Security enhancements:
- Implement origin/referer validation middleware
- Add rate limiting (3 requests/min per IP)
- Default to production domain (juan.andres.morenorub.io)
- Verify all protection mechanisms working correctly

Documentation updates:
- Update README to reflect personal portfolio nature
- Remove template encouragement from README
- Add verification status to API-PROTECTION.md
- Document ALLOWED_ORIGINS configuration in .env.example

Cleanup:
- Remove templates.backup/ folder
- Remove old test screenshots
This commit is contained in:
juanatsap
2025-11-09 14:13:22 +00:00
parent 24b2401519
commit ea6ccf9cdd
9 changed files with 40 additions and 609 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+13 -12
View File
@@ -3,19 +3,18 @@
[![Go Version](https://img.shields.io/badge/Go-1.21%2B-00ADD8?logo=go)](https://go.dev/)
[![HTMX](https://img.shields.io/badge/HTMX-1.9.10-3366CC)](https://htmx.org/)
[![License](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)
[![Template](https://img.shields.io/badge/Use-Template-blue.svg)](#-customization)
**Modern, minimal curriculum vitae website** for Juan Andrés Moreno Rubio built with **Go** and **HTMX**.
A professional, bilingual CV site with server-side PDF generation, HTMX interactivity, and a clean paper design aesthetic. Perfect template for developers looking to create their own CV website with modern tech and minimal JavaScript.
A professional, bilingual CV site with server-side PDF generation, HTMX interactivity, and a clean paper design aesthetic. Built as a personal portfolio project showcasing production-grade Go and HTMX development.
## 📌 Project Status
**This is a portfolio/showcase project** demonstrating production-grade Go and HTMX development.
**This is a personal portfolio project** demonstrating production-grade Go and HTMX development.
**Template Usage:** Feel free to fork and customize this CV template for your own use following the [CUSTOMIZATION.md](CUSTOMIZATION.md) guide.
**Open Source:** The code is MIT licensed and available for educational purposes. While you may use it as reference or inspiration, this repository is maintained as my personal CV site and may be modified without notice.
**Contributions:** This is a personal CV project and is feature-complete. I'm not actively seeking contributions, but you're welcome to use this as a template for your own CV! If you find a critical security vulnerability, please follow the [SECURITY.md](SECURITY.md) process.
**Contributions:** This is a personal CV project and is feature-complete. I'm not seeking contributions. If you find a critical security vulnerability, please follow the [SECURITY.md](SECURITY.md) process.
## 📑 Table of Contents
@@ -43,7 +42,7 @@ A professional, bilingual CV site with server-side PDF generation, HTMX interact
-**JSON-Based Content** - Easy to update without touching code
-**AI Development Section** - Showcases modern AI-assisted development skills
-**Fast & Lightweight** - Go backend with chromedp for PDF generation
-**Security Hardened** - CSP headers, XSS protection, secure defaults
-**Security Hardened** - CSP headers, XSS protection, origin validation, rate limiting
-**Production Ready** - Systemd service, CI/CD workflows, deployment guides
-**Developer Friendly** - Hot reload, clear code structure, comprehensive Makefile
@@ -57,21 +56,23 @@ A professional, bilingual CV site with server-side PDF generation, HTMX interact
- Clean paper aesthetic on gray background
- Print-friendly layouts
**Note:** This is a personal CV site template. Fork it and customize the JSON files with your own information!
**Note:** This is my personal CV site. The code is open source for learning and reference purposes.
## 📋 Quick Start
## 📋 Running Locally
If you want to explore the code or run it locally:
### Prerequisites
- **Go 1.21+** installed
- **Chrome/Chromium** (for PDF generation)
- **Make** (optional, recommended for easier development)
- **Make** (optional, for easier development)
### Installation & Run
### Local Development
\`\`\`bash
# Clone the repository
git clone https://github.com/yourusername/cv.git
# Download the code
git clone https://github.com/txemac/cv.git
cd cv
# Option 1: Using Make (recommended)