diff options
author | Tuomo Ala-Vannesluoma <tuomoav@gmail.com> | 2018-06-20 22:05:46 +0300 |
---|---|---|
committer | Tuomo Ala-Vannesluoma <tuomoav@gmail.com> | 2018-06-30 22:51:43 +0300 |
commit | 01be853119e87fe56e25901e0c95d92e869f8d52 (patch) | |
tree | 94ec96af820fc709baa307239506d5e688313748 /app.go | |
parent | a74388ede02f148bb4c39feaed0aff11821ae517 (diff) |
Refactor logic to avoid existence leak
Diffstat (limited to 'app.go')
-rw-r--r-- | app.go | 16 |
1 files changed, 14 insertions, 2 deletions
@@ -94,6 +94,19 @@ func (a *theApp) getHostAndDomain(r *http.Request) (host string, domain *domain. return host, a.domain(host) } +func (a *theApp) checkAuthenticationIfNotExists(domain *domain.D, w http.ResponseWriter, r *http.Request) bool { + if domain == nil { + // To avoid user knowing if pages exist, we will force user to login and authorize pages + if a.Auth.CheckAuthenticationWithoutProject(w, r) { + return true + } + // User is authenticated, show the 404 + httperrors.Serve404(w) + return true + } + return false +} + func (a *theApp) tryAuxiliaryHandlers(w http.ResponseWriter, r *http.Request, https bool, host string, domain *domain.D) bool { // short circuit content serving to check for a status page if r.RequestURI == a.appConfig.StatusPath { @@ -118,8 +131,7 @@ func (a *theApp) tryAuxiliaryHandlers(w http.ResponseWriter, r *http.Request, ht return true } - if domain == nil { - httperrors.Serve404(w) + if a.checkAuthenticationIfNotExists(domain, w, r) { return true } |