Refactor logic to avoid existence leak

author: Tuomo Ala-Vannesluoma <tuomoav@gmail.com> 2018-06-20 22:05:46 +0300
committer: Tuomo Ala-Vannesluoma <tuomoav@gmail.com> 2018-06-30 22:51:43 +0300
commit: 01be853119e87fe56e25901e0c95d92e869f8d52 (patch)
tree: 94ec96af820fc709baa307239506d5e688313748 /app.go
parent: a74388ede02f148bb4c39feaed0aff11821ae517 (diff)
1 files changed, 14 insertions, 2 deletions
diff --git a/app.go b/app.go
index 68b3d85b..284a420c 100644
--- a/app.go
+++ b/app.go
@@ -94,6 +94,19 @@ func (a *theApp) getHostAndDomain(r *http.Request) (host string, domain *domain.
 	return host, a.domain(host)
 }
 
+func (a *theApp) checkAuthenticationIfNotExists(domain *domain.D, w http.ResponseWriter, r *http.Request) bool {
+	if domain == nil {
+		// To avoid user knowing if pages exist, we will force user to login and authorize pages
+		if a.Auth.CheckAuthenticationWithoutProject(w, r) {
+			return true
+		}
+		// User is authenticated, show the 404
+		httperrors.Serve404(w)
+		return true
+	}
+	return false
+}
+
 func (a *theApp) tryAuxiliaryHandlers(w http.ResponseWriter, r *http.Request, https bool, host string, domain *domain.D) bool {
 	// short circuit content serving to check for a status page
 	if r.RequestURI == a.appConfig.StatusPath {
@@ -118,8 +131,7 @@ func (a *theApp) tryAuxiliaryHandlers(w http.ResponseWriter, r *http.Request, ht
 		return true
 	}
 
-	if domain == nil {
-		httperrors.Serve404(w)
+	if a.checkAuthenticationIfNotExists(domain, w, r) {
 		return true
 	}
author	Tuomo Ala-Vannesluoma <tuomoav@gmail.com>	2018-06-20 22:05:46 +0300
committer	Tuomo Ala-Vannesluoma <tuomoav@gmail.com>	2018-06-30 22:51:43 +0300
commit	01be853119e87fe56e25901e0c95d92e869f8d52 (patch)
tree	94ec96af820fc709baa307239506d5e688313748 /app.go
parent	a74388ede02f148bb4c39feaed0aff11821ae517 (diff)