Restrict instance domain in single_instance mode

2 files changed, 7 insertions, 3 deletions

diff --git a/service/client.go b/service/client.go
index 3affd57..e4ab8cb 100644
--- a/service/client.go
+++ b/service/client.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/base64"
 	"encoding/json"
+	"errors"
 	"net/http"
 	"strings"
 	"time"
@@ -68,7 +69,7 @@ func (c *client) redirect(url string) {
 	c.w.WriteHeader(http.StatusFound)
 }
 
-func (c *client) authenticate(t int) (err error) {
+func (c *client) authenticate(t int, instance string) (err error) {
 	csrf := c.r.FormValue("csrf_token")
 	ref := c.r.URL.RequestURI()
 	defer func() {
@@ -98,6 +99,9 @@ func (c *client) authenticate(t int) (err error) {
 		return err
 	}
 	c.s = sess
+	if len(instance) > 0 && c.s.Instance != instance {
+		return errors.New("invalid instance")
+	}
 	c.Client = mastodon.NewClient(&mastodon.Config{
 		Server:       "https://" + c.s.Instance,
 		ClientID:     c.s.ClientID,
diff --git a/service/transport.go b/service/transport.go
index dcf2990..17dfca2 100644
--- a/service/transport.go
+++ b/service/transport.go
@@ -64,7 +64,7 @@ func NewHandler(s *service, verbose bool, staticDir string) http.Handler {
 			}
 			c.w.Header().Add("Content-Type", ct)
 
-			err = c.authenticate(at)
+			err = c.authenticate(at, s.instance)
 			if err != nil {
 				writeError(c, err, rt, req.Method == http.MethodGet)
 				return
@@ -79,7 +79,7 @@ func NewHandler(s *service, verbose bool, staticDir string) http.Handler {
 	}
 
 	rootPage := handle(func(c *client) error {
-		err := c.authenticate(SESSION)
+		err := c.authenticate(SESSION, "")
 		if err != nil {
 			if err == errInvalidSession {
 				c.redirect("/signin")