dkforest

A forum and chat platform (onion)
git clone https://git.dasho.dev/n0tr1v/dkforest.git
Log | Files | Refs | LICENSE
commit f0d0593575b4f01b4ce1fee85dd1707f11d712f7
parent 7efdc276c6cedbba76f0e25932ff335f57b46452
Author: n0tr1v <n0tr1v@protonmail.com>
Date:   Thu, 10 Nov 2022 15:20:05 -0800

only admins can access debug endpoints

Diffstat:

Mpkg/web/web.go | 2+-


1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/web/web.go b/pkg/web/web.go
@@ -104,7 +104,6 @@ func getMainServer() echo.HandlerFunc {
 	maybeAuthGroup.GET("/u/:username/pgp", handlers.PublicUserProfilePGPHandler, middlewares.GenericRateLimitMiddleware(time.Second, 2))
 	maybeAuthGroup.GET("/t/:threadUUID", handlers.ThreadHandler, middlewares.GenericRateLimitMiddleware(time.Second, 2))
 	authGroup := e.Group("", middlewares.IsAuthMiddleware, middlewares.ForceCaptchaMiddleware)
-	authGroup.GET("/debug/*", wrapHandler(http.DefaultServeMux))
 	authGroup.GET("/sse/:topics", SSEHandler)
 	authGroup.GET("/public/css/meta.css", handlers.MetaCss)
 	authGroup.GET("/public/img/signal/:signal/:data", handlers.SignalCss1)
@@ -234,6 +233,7 @@ func getMainServer() echo.HandlerFunc {
 	moderatorGroup.GET("/settings/invitations", handlers.SettingsInvitationsHandler)
 	moderatorGroup.POST("/settings/invitations", handlers.SettingsInvitationsHandler)
 	adminGroup := e.Group("", middlewares.IsAdminMiddleware)
+	adminGroup.GET("/debug/*", wrapHandler(http.DefaultServeMux))
 	adminGroup.GET("/admin", handlers.AdminHandler)
 	adminGroup.POST("/admin", handlers.AdminHandler)
 	adminGroup.GET("/admin/ignored", handlers.IgnoredHandler)