alihan/dozzle-monitor-container
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes security error with invalid session

Browse Source
This commit is contained in:
Amir Raminfar
2021-04-11 13:53:16 -07:00
parent c89e70d697
commit 2bbbb5f7a5
2 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
web/auth.go
View File

@@ -27,8 +27,7 @@ func initializeAuth(h *handler) {
func authorizationRequired(f http.HandlerFunc) http.Handler {
if secured {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
session, _ := store.Get(r, sessionName)
if session.IsNew {
if isAuthorized(r) {
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
} else {
@@ -40,7 +39,7 @@ func authorizationRequired(f http.HandlerFunc) http.Handler {
}
}
func (h *handler) isAuthorized(r *http.Request) bool {
func isAuthorized(r *http.Request) bool {
if !secured {
return true
}
@@ -59,7 +58,7 @@ func (h *handler) isAuthorized(r *http.Request) bool {
}
func (h *handler) isAuthorizationNeeded(r *http.Request) bool {
return secured && !h.isAuthorized(r)
return secured && !isAuthorized(r)
}
func (h *handler) validateCredentials(w http.ResponseWriter, r *http.Request) {

2
web/routes.go
View File

@@ -82,7 +82,7 @@ func (h *handler) index(w http.ResponseWriter, req *http.Request) {
if err == nil && req.URL.Path != "" && req.URL.Path != "/" {
fileServer.ServeHTTP(w, req)
} else {
if !h.isAuthorized(req) && req.URL.Path != "login" {
if !isAuthorized(req) && req.URL.Path != "login" {
http.Redirect(w, req, h.config.Base+"login", http.StatusTemporaryRedirect)
return
}