From e50f12b6158ffae6b0b59f2902798ae86d263b5d Mon Sep 17 00:00:00 2001
From: r <r@freesoftwareextremist.com>
Date: Mon, 18 Sep 2023 10:07:54 +0000
Subject: Restrict instance domain in single_instance mode

---
 service/client.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'service/client.go')

diff --git a/service/client.go b/service/client.go
index 3affd57..e4ab8cb 100644
--- a/service/client.go
+++ b/service/client.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/base64"
 	"encoding/json"
+	"errors"
 	"net/http"
 	"strings"
 	"time"
@@ -68,7 +69,7 @@ func (c *client) redirect(url string) {
 	c.w.WriteHeader(http.StatusFound)
 }
 
-func (c *client) authenticate(t int) (err error) {
+func (c *client) authenticate(t int, instance string) (err error) {
 	csrf := c.r.FormValue("csrf_token")
 	ref := c.r.URL.RequestURI()
 	defer func() {
@@ -98,6 +99,9 @@ func (c *client) authenticate(t int) (err error) {
 		return err
 	}
 	c.s = sess
+	if len(instance) > 0 && c.s.Instance != instance {
+		return errors.New("invalid instance")
+	}
 	c.Client = mastodon.NewClient(&mastodon.Config{
 		Server:       "https://" + c.s.Instance,
 		ClientID:     c.s.ClientID,
-- 
cgit v1.2.3