commit 1ff6a0f380620a9ad3ca0024aade11db13aa8eb4
parent 440523ef40d95cddfa8e9f9269c88d2efd467230
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Wed, 14 Dec 2022 20:05:46 -0500
cleanup
Diffstat:
1 file changed, 49 insertions(+), 41 deletions(-)
diff --git a/pkg/web/handlers/handlers.go b/pkg/web/handlers/handlers.go
@@ -110,39 +110,52 @@ func HomeHandler(c echo.Context) error {
return firstUseHandler(c)
}
+ // If we're logged in, render the home page
user := c.Get("authUser").(*database.User)
- if user == nil {
- if config.ProtectHome.IsTrue() {
- if c.Request().Method == http.MethodPost {
- return c.NoContent(http.StatusNotFound)
- }
- captchaQuery := c.QueryParam("captcha")
- loginQuery := c.QueryParam("login")
- signupQuery := c.QueryParam("signup")
- if captchaQuery != "" {
- if len(captchaQuery) > 6 || len(loginQuery) > 1 || len(signupQuery) > 1 ||
- !govalidator.IsASCII(captchaQuery) || !govalidator.IsASCII(loginQuery) || !govalidator.IsASCII(signupQuery) {
- time.Sleep(utils.RandSec(3, 7))
- return c.NoContent(http.StatusOK)
- }
- redirectTo := "/login/" + captchaQuery
- if signupQuery == "1" {
- redirectTo = "/signup/" + captchaQuery
- }
- time.Sleep(utils.RandSec(1, 2))
- return c.Redirect(http.StatusFound, redirectTo)
- }
- loginLink, found := tempLoginCache.Get("login_link")
- if !found {
- loginLink.ID, loginLink.Img = captcha.NewWithParams(captcha.Params{Store: tempLoginStore})
- loginLink.ValidUntil = time.Now().Add(3 * time.Minute)
- tempLoginCache.Set("login_link", loginLink, 3*time.Minute)
- }
+ if user != nil {
+ return c.Render(http.StatusOK, "home", nil)
+ }
+
+ // If we protect the home page, render the special login page with time based captcha for login URL discovery
+ if config.ProtectHome.IsTrue() {
+ return protectHomeHandler(c)
+ }
+
+ // Otherwise, render the normal login page
+ return loginHandler(c)
+}
- time.Sleep(utils.RandSec(1, 2))
- bufTmp := make([]byte, 0, 1024*4)
- buf := bytes.NewBuffer(bufTmp)
- buf.Write([]byte(`<!DOCTYPE html><html lang="en"><head>
+func protectHomeHandler(c echo.Context) error {
+ if c.Request().Method == http.MethodPost {
+ return c.NoContent(http.StatusNotFound)
+ }
+ captchaQuery := c.QueryParam("captcha")
+ loginQuery := c.QueryParam("login")
+ signupQuery := c.QueryParam("signup")
+ if captchaQuery != "" {
+ if len(captchaQuery) > 6 || len(loginQuery) > 1 || len(signupQuery) > 1 ||
+ !govalidator.IsASCII(captchaQuery) || !govalidator.IsASCII(loginQuery) || !govalidator.IsASCII(signupQuery) {
+ time.Sleep(utils.RandSec(3, 7))
+ return c.NoContent(http.StatusOK)
+ }
+ redirectTo := "/login/" + captchaQuery
+ if signupQuery == "1" {
+ redirectTo = "/signup/" + captchaQuery
+ }
+ time.Sleep(utils.RandSec(1, 2))
+ return c.Redirect(http.StatusFound, redirectTo)
+ }
+ loginLink, found := tempLoginCache.Get("login_link")
+ if !found {
+ loginLink.ID, loginLink.Img = captcha.NewWithParams(captcha.Params{Store: tempLoginStore})
+ loginLink.ValidUntil = time.Now().Add(3 * time.Minute)
+ tempLoginCache.Set("login_link", loginLink, 3*time.Minute)
+ }
+
+ time.Sleep(utils.RandSec(1, 2))
+ bufTmp := make([]byte, 0, 1024*4)
+ buf := bytes.NewBuffer(bufTmp)
+ buf.Write([]byte(`<!DOCTYPE html><html lang="en"><head>
<link href="/public/img/favicon.ico" rel="icon" type="image/x-icon" />
<meta charset="UTF-8" />
<meta name="author" content="n0tr1v">
@@ -171,12 +184,12 @@ func HomeHandler(c echo.Context) error {
To register go to <code>/signup/XXXXXX</code><br />
(replace X by the numbers in the image)<br />
Link valid for <strong>`))
- buf.Write([]byte(utils.ShortDur(time.Until(loginLink.ValidUntil))))
- buf.Write([]byte(`</strong>
+ buf.Write([]byte(utils.ShortDur(time.Until(loginLink.ValidUntil))))
+ buf.Write([]byte(`</strong>
</p>
<img src="data:image/png;base64,`))
- buf.Write([]byte(loginLink.Img))
- buf.Write([]byte(`" style="background-color: hsl(0, 0%, 90%);" class="captcha-img" />
+ buf.Write([]byte(loginLink.Img))
+ buf.Write([]byte(`" style="background-color: hsl(0, 0%, 90%);" class="captcha-img" />
<form method="get">
<input type="text" name="captcha" maxlength="6" autofocus />
<button name="login" value="1" type="submit">Login</button>
@@ -188,12 +201,7 @@ func HomeHandler(c echo.Context) error {
</body>
</html>`))
- return c.HTMLBlob(http.StatusOK, buf.Bytes())
- }
- return loginHandler(c)
- }
-
- return c.Render(http.StatusOK, "home", nil)
+ return c.HTMLBlob(http.StatusOK, buf.Bytes())
}
// partialAuthCache keep track of partial auth token -> user id.
