Restrict instance domain in single_instance mode

This commit is contained in:
r 2023-09-18 10:07:54 +00:00
parent ad38855261
commit e50f12b615
2 changed files with 7 additions and 3 deletions

View file

@ -4,6 +4,7 @@ import (
"context" "context"
"encoding/base64" "encoding/base64"
"encoding/json" "encoding/json"
"errors"
"net/http" "net/http"
"strings" "strings"
"time" "time"
@ -68,7 +69,7 @@ func (c *client) redirect(url string) {
c.w.WriteHeader(http.StatusFound) c.w.WriteHeader(http.StatusFound)
} }
func (c *client) authenticate(t int) (err error) { func (c *client) authenticate(t int, instance string) (err error) {
csrf := c.r.FormValue("csrf_token") csrf := c.r.FormValue("csrf_token")
ref := c.r.URL.RequestURI() ref := c.r.URL.RequestURI()
defer func() { defer func() {
@ -98,6 +99,9 @@ func (c *client) authenticate(t int) (err error) {
return err return err
} }
c.s = sess c.s = sess
if len(instance) > 0 && c.s.Instance != instance {
return errors.New("invalid instance")
}
c.Client = mastodon.NewClient(&mastodon.Config{ c.Client = mastodon.NewClient(&mastodon.Config{
Server: "https://" + c.s.Instance, Server: "https://" + c.s.Instance,
ClientID: c.s.ClientID, ClientID: c.s.ClientID,

View file

@ -64,7 +64,7 @@ func NewHandler(s *service, verbose bool, staticDir string) http.Handler {
} }
c.w.Header().Add("Content-Type", ct) c.w.Header().Add("Content-Type", ct)
err = c.authenticate(at) err = c.authenticate(at, s.instance)
if err != nil { if err != nil {
writeError(c, err, rt, req.Method == http.MethodGet) writeError(c, err, rt, req.Method == http.MethodGet)
return return
@ -79,7 +79,7 @@ func NewHandler(s *service, verbose bool, staticDir string) http.Handler {
} }
rootPage := handle(func(c *client) error { rootPage := handle(func(c *client) error {
err := c.authenticate(SESSION) err := c.authenticate(SESSION, "")
if err != nil { if err != nil {
if err == errInvalidSession { if err == errInvalidSession {
c.redirect("/signin") c.redirect("/signin")