daxi20/AdGuardHome
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* auth: respond with 403 for API requests when not authenticated

Browse Source
This commit is contained in:
Simon Zolin
2020-01-21 12:58:55 +03:00
parent b5f95fefc8
commit 080e1dd74e
3 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
home/auth.go
View File

@@ -406,8 +406,13 @@ func optionalAuth(handler func(http.ResponseWriter, *http.Request)) func(http.Re
}
}
if !ok {
w.Header().Set("Location", "/login.html")
w.WriteHeader(http.StatusFound)
if r.URL.Path == "/" || r.URL.Path == "/index.html" {
w.Header().Set("Location", "/login.html")
w.WriteHeader(http.StatusFound)
} else {
w.WriteHeader(http.StatusForbidden)
_, _ = w.Write([]byte("Forbidden"))
}
return
}
}

1
home/home_test.go
View File

@@ -114,6 +114,7 @@ func TestHome(t *testing.T) {
assert.True(t, ioutil.WriteFile(fn, []byte(yamlConf), 0644) == nil)
fn, _ = filepath.Abs(fn)
config = configuration{} // the global variable is dirty because of the previous tests run
args := options{}
args.configFilename = fn
args.workDir = dir