From d6814b516a5295b87bb1ad4828440510a827d863 Mon Sep 17 00:00:00 2001 From: Gabe Kangas Date: Sun, 5 Jun 2022 22:46:46 -0700 Subject: [PATCH] Require auth middleware only on GET requests --- controllers/auth/indieauth/server.go | 5 ++++- router/router.go | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/controllers/auth/indieauth/server.go b/controllers/auth/indieauth/server.go index 78c10a367..a994be6eb 100644 --- a/controllers/auth/indieauth/server.go +++ b/controllers/auth/indieauth/server.go @@ -6,13 +6,16 @@ import ( ia "github.com/owncast/owncast/auth/indieauth" "github.com/owncast/owncast/controllers" + "github.com/owncast/owncast/router/middleware" ) // HandleAuthEndpoint will handle the IndieAuth auth endpoint. func HandleAuthEndpoint(w http.ResponseWriter, r *http.Request) { if r.Method == http.MethodGet { // Require the GET request for IndieAuth to be behind admin login. - handleAuthEndpointGet(w, r) + f := middleware.RequireAdminAuth(handleAuthEndpointGet) + f(w, r) + return } else if r.Method == http.MethodPost { handleAuthEndpointPost(w, r) } else { diff --git a/router/router.go b/router/router.go index 1efbb5dd2..de5390a77 100644 --- a/router/router.go +++ b/router/router.go @@ -356,7 +356,7 @@ func Start() error { // Start auth flow http.HandleFunc("/api/auth/indieauth", middleware.RequireUserAccessToken(indieauth.StartAuthFlow)) http.HandleFunc("/api/auth/indieauth/callback", indieauth.HandleRedirect) - http.HandleFunc("/api/auth/provider/indieauth", middleware.RequireAdminAuth(indieauth.HandleAuthEndpoint)) + http.HandleFunc("/api/auth/provider/indieauth", indieauth.HandleAuthEndpoint) http.HandleFunc("/api/auth/fediverse", middleware.RequireUserAccessToken(fediverseauth.RegisterFediverseOTPRequest)) http.HandleFunc("/api/auth/fediverse/verify", fediverseauth.VerifyFediverseOTPRequest)