Restrict instance domain in single_instance mode

This commit is contained in:
r 2023-09-18 10:07:54 +00:00
parent ad38855261
commit e50f12b615
2 changed files with 7 additions and 3 deletions

View file

@ -4,6 +4,7 @@ import (
"context"
"encoding/base64"
"encoding/json"
"errors"
"net/http"
"strings"
"time"
@ -68,7 +69,7 @@ func (c *client) redirect(url string) {
c.w.WriteHeader(http.StatusFound)
}
func (c *client) authenticate(t int) (err error) {
func (c *client) authenticate(t int, instance string) (err error) {
csrf := c.r.FormValue("csrf_token")
ref := c.r.URL.RequestURI()
defer func() {
@ -98,6 +99,9 @@ func (c *client) authenticate(t int) (err error) {
return err
}
c.s = sess
if len(instance) > 0 && c.s.Instance != instance {
return errors.New("invalid instance")
}
c.Client = mastodon.NewClient(&mastodon.Config{
Server: "https://" + c.s.Instance,
ClientID: c.s.ClientID,

View file

@ -64,7 +64,7 @@ func NewHandler(s *service, verbose bool, staticDir string) http.Handler {
}
c.w.Header().Add("Content-Type", ct)
err = c.authenticate(at)
err = c.authenticate(at, s.instance)
if err != nil {
writeError(c, err, rt, req.Method == http.MethodGet)
return
@ -79,7 +79,7 @@ func NewHandler(s *service, verbose bool, staticDir string) http.Handler {
}
rootPage := handle(func(c *client) error {
err := c.authenticate(SESSION)
err := c.authenticate(SESSION, "")
if err != nil {
if err == errInvalidSession {
c.redirect("/signin")