Merge branch 'hotfix/basic'
continuous-integration/drone/push Build is passing Details

This commit is contained in:
Maxim Lebedev 2023-01-17 00:42:20 +06:00
commit 6af54a2c8d
Signed by: toby3d
GPG Key ID: 1F14E25B7C119FC5
1 changed files with 6 additions and 5 deletions

View File

@ -51,7 +51,7 @@ func (h *Handler) Handler() http.Handler {
Skipper: func(w http.ResponseWriter, r *http.Request) bool { Skipper: func(w http.ResponseWriter, r *http.Request) bool {
head, _ := urlutil.ShiftPath(r.URL.Path) head, _ := urlutil.ShiftPath(r.URL.Path)
return r.Method == http.MethodPost && head == "" return head == ""
}, },
CookieMaxAge: 0, CookieMaxAge: 0,
CookieSameSite: http.SameSiteStrictMode, CookieSameSite: http.SameSiteStrictMode,
@ -68,9 +68,11 @@ func (h *Handler) Handler() http.Handler {
Skipper: func(w http.ResponseWriter, r *http.Request) bool { Skipper: func(w http.ResponseWriter, r *http.Request) bool {
head, _ := urlutil.ShiftPath(r.URL.Path) head, _ := urlutil.ShiftPath(r.URL.Path)
return r.Method != http.MethodPost || head != "verify" return r.Method != http.MethodPost ||
head != "verify" ||
r.PostFormValue("authorize") == "deny"
}, },
Validator: func(w http.ResponseWriter, r *http.Request, login, password string) (bool, error) { Validator: func(_ http.ResponseWriter, _ *http.Request, login, password string) (bool, error) {
userMatch := subtle.ConstantTimeCompare([]byte(login), userMatch := subtle.ConstantTimeCompare([]byte(login),
[]byte(h.config.IndieAuth.Username)) []byte(h.config.IndieAuth.Username))
passMatch := subtle.ConstantTimeCompare([]byte(password), passMatch := subtle.ConstantTimeCompare([]byte(password),
@ -83,8 +85,7 @@ func (h *Handler) Handler() http.Handler {
} }
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
var head string head, _ := urlutil.ShiftPath(r.URL.Path)
head, r.URL.Path = urlutil.ShiftPath(r.URL.Path)
switch r.Method { switch r.Method {
default: default: