aboutsummaryrefslogtreecommitdiff
path: root/service
diff options
context:
space:
mode:
authorr <r@freesoftwareextremist.com>2023-09-18 10:07:54 +0000
committerr <r@freesoftwareextremist.com>2023-09-18 10:07:54 +0000
commite50f12b6158ffae6b0b59f2902798ae86d263b5d (patch)
tree5bfbc397cec0e916779699d2932ee2afa6f8379d /service
parentad38855261dca802439922f71408e2b08e7c10ea (diff)
downloadbloat-e50f12b6158ffae6b0b59f2902798ae86d263b5d.tar.gz
bloat-e50f12b6158ffae6b0b59f2902798ae86d263b5d.zip
Restrict instance domain in single_instance mode
Diffstat (limited to 'service')
-rw-r--r--service/client.go6
-rw-r--r--service/transport.go4
2 files changed, 7 insertions, 3 deletions
diff --git a/service/client.go b/service/client.go
index 3affd57..e4ab8cb 100644
--- a/service/client.go
+++ b/service/client.go
@@ -4,6 +4,7 @@ import (
"context"
"encoding/base64"
"encoding/json"
+ "errors"
"net/http"
"strings"
"time"
@@ -68,7 +69,7 @@ func (c *client) redirect(url string) {
c.w.WriteHeader(http.StatusFound)
}
-func (c *client) authenticate(t int) (err error) {
+func (c *client) authenticate(t int, instance string) (err error) {
csrf := c.r.FormValue("csrf_token")
ref := c.r.URL.RequestURI()
defer func() {
@@ -98,6 +99,9 @@ func (c *client) authenticate(t int) (err error) {
return err
}
c.s = sess
+ if len(instance) > 0 && c.s.Instance != instance {
+ return errors.New("invalid instance")
+ }
c.Client = mastodon.NewClient(&mastodon.Config{
Server: "https://" + c.s.Instance,
ClientID: c.s.ClientID,
diff --git a/service/transport.go b/service/transport.go
index dcf2990..17dfca2 100644
--- a/service/transport.go
+++ b/service/transport.go
@@ -64,7 +64,7 @@ func NewHandler(s *service, verbose bool, staticDir string) http.Handler {
}
c.w.Header().Add("Content-Type", ct)
- err = c.authenticate(at)
+ err = c.authenticate(at, s.instance)
if err != nil {
writeError(c, err, rt, req.Method == http.MethodGet)
return
@@ -79,7 +79,7 @@ func NewHandler(s *service, verbose bool, staticDir string) http.Handler {
}
rootPage := handle(func(c *client) error {
- err := c.authenticate(SESSION)
+ err := c.authenticate(SESSION, "")
if err != nil {
if err == errInvalidSession {
c.redirect("/signin")