From b50e5a381e5fe4b53a693bb86aa36a2f80f48841 Mon Sep 17 00:00:00 2001 From: Viacheslav Evseev Date: Thu, 22 Feb 2024 05:53:55 +0300 Subject: [PATCH 1/2] isolate web pages auth logic --- server/web/auth/auth.go | 7 +------ server/web/pages/route.go | 15 +++++++++++++-- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/server/web/auth/auth.go b/server/web/auth/auth.go index b125f39..3a03650 100644 --- a/server/web/auth/auth.go +++ b/server/web/auth/auth.go @@ -6,7 +6,6 @@ import ( "net/http" "os" "path/filepath" - "slices" "unsafe" "github.com/gin-gonic/gin" @@ -69,15 +68,11 @@ func BasicAuth(accounts gin.Accounts) gin.HandlerFunc { } } -func CheckAuth(exclude ...string) gin.HandlerFunc { +func CheckAuth() gin.HandlerFunc { return func(c *gin.Context) { if !settings.HttpAuth { return } - - if slices.Contains(exclude, c.FullPath()) { - return - } if _, ok := c.Get(gin.AuthUserKey); ok { return diff --git a/server/web/pages/route.go b/server/web/pages/route.go index 4649ad8..d0dfc53 100644 --- a/server/web/pages/route.go +++ b/server/web/pages/route.go @@ -1,6 +1,8 @@ package pages import ( + "slices" + "github.com/anacrolix/torrent/metainfo" "github.com/gin-gonic/gin" @@ -11,9 +13,18 @@ import ( ) func SetupRoute(route gin.IRouter) { - authorized := route.Group("/", auth.CheckAuth("/site.webmanifest")) + authorized := route.Group("/", auth.CheckAuth()) - template.RouteWebPages(authorized) + webPagesAuth := route.Group("/", func() gin.HandlerFunc { + return func(c *gin.Context) { + if slices.Contains([]string{"/site.webmanifest"}, c.FullPath()) { + return + } + auth.CheckAuth()(c) + } + }()) + + template.RouteWebPages(webPagesAuth) authorized.GET("/stat", statPage) authorized.GET("/magnets", getTorrents) } From c774bbd69ae3737c7dcb1a7ffe8a349c04b10e50 Mon Sep 17 00:00:00 2001 From: Viacheslav Evseev Date: Thu, 22 Feb 2024 06:01:01 +0300 Subject: [PATCH 2/2] remove `not_auth` from swagger docs --- server/docs/docs.go | 7 ------- server/docs/swagger.json | 7 ------- server/docs/swagger.yaml | 5 ----- 3 files changed, 19 deletions(-) diff --git a/server/docs/docs.go b/server/docs/docs.go index 1b10d1d..ad7ff29 100644 --- a/server/docs/docs.go +++ b/server/docs/docs.go @@ -475,13 +475,6 @@ const docTemplate = `{ "name": "poster", "in": "query", "required": true - }, - { - "type": "string", - "description": "Stream / playlist without authentication", - "name": "not_auth", - "in": "query", - "required": true } ], "responses": { diff --git a/server/docs/swagger.json b/server/docs/swagger.json index ca920d0..454c1e7 100644 --- a/server/docs/swagger.json +++ b/server/docs/swagger.json @@ -468,13 +468,6 @@ "name": "poster", "in": "query", "required": true - }, - { - "type": "string", - "description": "Stream / playlist without authentication", - "name": "not_auth", - "in": "query", - "required": true } ], "responses": { diff --git a/server/docs/swagger.yaml b/server/docs/swagger.yaml index 61c0876..79174d1 100644 --- a/server/docs/swagger.yaml +++ b/server/docs/swagger.yaml @@ -606,11 +606,6 @@ paths: name: poster required: true type: string - - description: Stream / playlist without authentication - in: query - name: poster - required: true - type: string produces: - application/octet-stream responses: