Restrict instance domain in single_instance mode

2024-11-22 03:51:28 +00:00 · 2023-09-18 10:07:54 +00:00 · 2023-09-18 10:07:54 +00:00 · e50f12b615
parent ad38855261
commit e50f12b615
2 changed files with 7 additions and 3 deletions
--- a/service/client.go
+++ b/service/client.go
@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/base64"
 	"encoding/json"
 	"errors"
 	"net/http"
 	"strings"
 	"time"
@ -68,7 +69,7 @@ func (c *client) redirect(url string) {
 	c.w.WriteHeader(http.StatusFound)
 }
-func (c *client) authenticate(t int) (err error) {
+func (c *client) authenticate(t int, instance string) (err error) {
 	csrf := c.r.FormValue("csrf_token")
 	ref := c.r.URL.RequestURI()
 	defer func() {
@ -98,6 +99,9 @@ func (c *client) authenticate(t int) (err error) {
 		return err
 	}
 	c.s = sess
 	if len(instance) > 0 && c.s.Instance != instance {
 		return errors.New("invalid instance")
 	}
 	c.Client = mastodon.NewClient(&mastodon.Config{
 		Server:       "https://" + c.s.Instance,
 		ClientID:     c.s.ClientID,
--- a/service/transport.go
+++ b/service/transport.go
@ -64,7 +64,7 @@ func NewHandler(s *service, verbose bool, staticDir string) http.Handler {
 			}
 			c.w.Header().Add("Content-Type", ct)
-			err = c.authenticate(at)
+			err = c.authenticate(at, s.instance)
 			if err != nil {
 				writeError(c, err, rt, req.Method == http.MethodGet)
 				return
@ -79,7 +79,7 @@ func NewHandler(s *service, verbose bool, staticDir string) http.Handler {
 	}
 	rootPage := handle(func(c *client) error {
-		err := c.authenticate(SESSION)
+		err := c.authenticate(SESSION, "")
 		if err != nil {
 			if err == errInvalidSession {
 				c.redirect("/signin")