Restrict instance domain in single_instance mode
This commit is contained in:
parent
ad38855261
commit
e50f12b615
|
@ -4,6 +4,7 @@ import (
|
||||||
"context"
|
"context"
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
@ -68,7 +69,7 @@ func (c *client) redirect(url string) {
|
||||||
c.w.WriteHeader(http.StatusFound)
|
c.w.WriteHeader(http.StatusFound)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *client) authenticate(t int) (err error) {
|
func (c *client) authenticate(t int, instance string) (err error) {
|
||||||
csrf := c.r.FormValue("csrf_token")
|
csrf := c.r.FormValue("csrf_token")
|
||||||
ref := c.r.URL.RequestURI()
|
ref := c.r.URL.RequestURI()
|
||||||
defer func() {
|
defer func() {
|
||||||
|
@ -98,6 +99,9 @@ func (c *client) authenticate(t int) (err error) {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
c.s = sess
|
c.s = sess
|
||||||
|
if len(instance) > 0 && c.s.Instance != instance {
|
||||||
|
return errors.New("invalid instance")
|
||||||
|
}
|
||||||
c.Client = mastodon.NewClient(&mastodon.Config{
|
c.Client = mastodon.NewClient(&mastodon.Config{
|
||||||
Server: "https://" + c.s.Instance,
|
Server: "https://" + c.s.Instance,
|
||||||
ClientID: c.s.ClientID,
|
ClientID: c.s.ClientID,
|
||||||
|
|
|
@ -64,7 +64,7 @@ func NewHandler(s *service, verbose bool, staticDir string) http.Handler {
|
||||||
}
|
}
|
||||||
c.w.Header().Add("Content-Type", ct)
|
c.w.Header().Add("Content-Type", ct)
|
||||||
|
|
||||||
err = c.authenticate(at)
|
err = c.authenticate(at, s.instance)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
writeError(c, err, rt, req.Method == http.MethodGet)
|
writeError(c, err, rt, req.Method == http.MethodGet)
|
||||||
return
|
return
|
||||||
|
@ -79,7 +79,7 @@ func NewHandler(s *service, verbose bool, staticDir string) http.Handler {
|
||||||
}
|
}
|
||||||
|
|
||||||
rootPage := handle(func(c *client) error {
|
rootPage := handle(func(c *client) error {
|
||||||
err := c.authenticate(SESSION)
|
err := c.authenticate(SESSION, "")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if err == errInvalidSession {
|
if err == errInvalidSession {
|
||||||
c.redirect("/signin")
|
c.redirect("/signin")
|
||||||
|
|
Loading…
Reference in New Issue