lerko
93c5b638cf
Replace string equality checks on cluster secret with crypto/subtle.ConstantTimeCompare to prevent timing attacks. Add http.MaxBytesReader (1MB) to all POST endpoints that decode JSON bodies. Change Start() to return *http.Server for graceful shutdown support. Replace log.Fatalf with log.Printf in HTTP server goroutine.