besaid.zone / core
forked from tangled.org/core
Monorepo for Tangled
fork atom

protect more routets

oppi.li f6f63fe1 a23c12c7

options
unified split
Changed files
+19 -7
appview
auth
auth.go
state
middleware.go
state.go
+1 -2
appview/auth/auth.go
··· 140 140 clientSession.Values[appview.SessionPds] = pdsEndpoint 141 141 clientSession.Values[appview.SessionAccessJwt] = atSessionish.GetAccessJwt() 142 142 clientSession.Values[appview.SessionRefreshJwt] = atSessionish.GetRefreshJwt() 143 - clientSession.Values[appview.SessionExpiry] = time.Now().Add(time.Minute * 15).Format(time.RFC3339) 143 + clientSession.Values[appview.SessionExpiry] = time.Now().Add(time.Second * 5).Format(time.RFC3339) 144 144 clientSession.Values[appview.SessionAuthenticated] = true 145 145 return clientSession.Save(r, w) 146 146 } 147 147 148 148 func (a *Auth) AuthorizedClient(r *http.Request) (*xrpc.Client, error) { 149 149 clientSession, err := a.Store.Get(r, "appview-session") 150 - 151 150 if err != nil || clientSession.IsNew { 152 151 return nil, err 153 152 }
+16 -4
appview/state/middleware.go
··· 21 21 func AuthMiddleware(s *State) Middleware { 22 22 return func(next http.Handler) http.Handler { 23 23 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 24 - session, _ := s.auth.Store.Get(r, appview.SessionName) 24 + session, err := s.auth.GetSession(r) 25 + if session.IsNew || err != nil { 26 + log.Printf("not logged in, redirecting") 27 + http.Redirect(w, r, "/login", http.StatusTemporaryRedirect) 28 + return 29 + } 30 + 25 31 authorized, ok := session.Values[appview.SessionAuthenticated].(bool) 26 32 if !ok || !authorized { 27 33 log.Printf("not logged in, redirecting") ··· 38 44 http.Redirect(w, r, "/login", http.StatusTemporaryRedirect) 39 45 return 40 46 } 41 - pdsUrl := session.Values[appview.SessionPds].(string) 42 - did := session.Values[appview.SessionDid].(string) 43 - refreshJwt := session.Values[appview.SessionRefreshJwt].(string) 47 + pdsUrl, ok1 := session.Values[appview.SessionPds].(string) 48 + did, ok2 := session.Values[appview.SessionDid].(string) 49 + refreshJwt, ok3 := session.Values[appview.SessionRefreshJwt].(string) 50 + 51 + if !ok1 || !ok2 || !ok3 { 52 + log.Println("invalid expiry time", err) 53 + http.Redirect(w, r, "/login", http.StatusTemporaryRedirect) 54 + return 55 + } 44 56 45 57 if time.Now().After(expiry) { 46 58 log.Println("token expired, refreshing ...")
+2 -1
appview/state/state.go
··· 836 836 837 837 // settings routes, needs auth 838 838 r.Group(func(r chi.Router) { 839 + r.Use(AuthMiddleware(s)) 839 840 r.With(RepoPermissionMiddleware(s, "repo:settings")).Route("/settings", func(r chi.Router) { 840 841 r.Get("/", s.RepoSettings) 841 842 r.With(RepoPermissionMiddleware(s, "repo:invite")).Put("/collaborator", s.AddCollaborator) ··· 858 859 859 860 r.Get("/", s.Timeline) 860 861 861 - r.Get("/logout", s.Logout) 862 + r.With(AuthMiddleware(s)).Get("/logout", s.Logout) 862 863 863 864 r.Route("/login", func(r chi.Router) { 864 865 r.Get("/", s.Login)