diff options
author | r <r@freesoftwareextremist.com> | 2023-09-18 10:07:54 +0000 |
---|---|---|
committer | r <r@freesoftwareextremist.com> | 2023-09-18 10:07:54 +0000 |
commit | e50f12b6158ffae6b0b59f2902798ae86d263b5d (patch) | |
tree | 5bfbc397cec0e916779699d2932ee2afa6f8379d /service | |
parent | ad38855261dca802439922f71408e2b08e7c10ea (diff) | |
download | bloat-e50f12b6158ffae6b0b59f2902798ae86d263b5d.tar.gz bloat-e50f12b6158ffae6b0b59f2902798ae86d263b5d.zip |
Restrict instance domain in single_instance mode
Diffstat (limited to 'service')
-rw-r--r-- | service/client.go | 6 | ||||
-rw-r--r-- | service/transport.go | 4 |
2 files changed, 7 insertions, 3 deletions
diff --git a/service/client.go b/service/client.go index 3affd57..e4ab8cb 100644 --- a/service/client.go +++ b/service/client.go @@ -4,6 +4,7 @@ import ( "context" "encoding/base64" "encoding/json" + "errors" "net/http" "strings" "time" @@ -68,7 +69,7 @@ func (c *client) redirect(url string) { c.w.WriteHeader(http.StatusFound) } -func (c *client) authenticate(t int) (err error) { +func (c *client) authenticate(t int, instance string) (err error) { csrf := c.r.FormValue("csrf_token") ref := c.r.URL.RequestURI() defer func() { @@ -98,6 +99,9 @@ func (c *client) authenticate(t int) (err error) { return err } c.s = sess + if len(instance) > 0 && c.s.Instance != instance { + return errors.New("invalid instance") + } c.Client = mastodon.NewClient(&mastodon.Config{ Server: "https://" + c.s.Instance, ClientID: c.s.ClientID, diff --git a/service/transport.go b/service/transport.go index dcf2990..17dfca2 100644 --- a/service/transport.go +++ b/service/transport.go @@ -64,7 +64,7 @@ func NewHandler(s *service, verbose bool, staticDir string) http.Handler { } c.w.Header().Add("Content-Type", ct) - err = c.authenticate(at) + err = c.authenticate(at, s.instance) if err != nil { writeError(c, err, rt, req.Method == http.MethodGet) return @@ -79,7 +79,7 @@ func NewHandler(s *service, verbose bool, staticDir string) http.Handler { } rootPage := handle(func(c *client) error { - err := c.authenticate(SESSION) + err := c.authenticate(SESSION, "") if err != nil { if err == errInvalidSession { c.redirect("/signin") |