diff --git a/src/server/auth/middleware.go b/src/server/auth/middleware.go index 946bcf0..4e1599e 100644 --- a/src/server/auth/middleware.go +++ b/src/server/auth/middleware.go @@ -4,7 +4,6 @@ import ( "net/http" "strings" - "github.com/nkanaev/yarr/src/assets" "github.com/nkanaev/yarr/src/server/router" "github.com/nkanaev/yarr/src/storage" ) @@ -26,34 +25,7 @@ func (m *Middleware) Handler(c *router.Context) { } if IsAuthenticated(c.Req, m.Username, m.Password) { c.Next() - return - } - - rootUrl := m.BasePath + "/" - - if c.Req.URL.Path != rootUrl { + } else { c.Out.WriteHeader(http.StatusUnauthorized) - return } - - if c.Req.Method == "POST" { - username := c.Req.FormValue("username") - password := c.Req.FormValue("password") - if StringsEqual(username, m.Username) && StringsEqual(password, m.Password) { - Authenticate(c.Out, m.Username, m.Password, m.BasePath) - c.Redirect(rootUrl) - return - } else { - c.HTML(http.StatusOK, assets.Templates().Lookup("login.html"), map[string]any{ - "username": username, - "hasError": true, - "settings": m.DB.GetSettings().Map(), - }) - return - } - } - c.HTML(http.StatusOK, assets.Templates().Lookup("login.html"), map[string]any{ - "hasError": false, - "settings": m.DB.GetSettings().Map(), - }) } diff --git a/src/server/routes.go b/src/server/routes.go index 2a438e9..c13a9d4 100644 --- a/src/server/routes.go +++ b/src/server/routes.go @@ -34,7 +34,7 @@ func (s *Server) handler() http.Handler { BasePath: s.BasePath, Username: s.Username, Password: s.Password, - Public: []string{"/static", "/fever", "/manifest.json"}, + Public: []string{"/", "/login", "/static", "/fever", "/manifest.json"}, DB: s.db, } r.Use(a.Handler) @@ -57,6 +57,7 @@ func (s *Server) handler() http.Handler { r.For("/opml/import", s.handleOPMLImport) r.For("/opml/export", s.handleOPMLExport) r.For("/page", s.handlePageCrawl) + r.For("/login", s.handleLogin) r.For("/logout", s.handleLogout) r.For("/fever/", s.handleFever) @@ -64,9 +65,24 @@ func (s *Server) handler() http.Handler { } func (s *Server) handleIndex(c *router.Context) { + isAuthenticated := false + if s.Username == "" && s.Password == "" { + isAuthenticated = true + } else { + isAuthenticated = auth.IsAuthenticated(c.Req, s.Username, s.Password) + } + + settings := s.db.GetSettings() + if !isAuthenticated { + settings = model.Settings{ + Language: settings.Language, + ThemeName: settings.ThemeName, + } + } + c.HTML(http.StatusOK, assets.Templates().Lookup("index.html"), map[string]any{ - "settings": s.db.GetSettings().Map(), - "authenticated": s.Username != "" && s.Password != "", + "settings": settings.Map(), + "authenticated": isAuthenticated, }) } @@ -555,6 +571,22 @@ func (s *Server) handlePageCrawl(c *router.Context) { }) } +func (s *Server) handleLogin(c *router.Context) { + if c.Req.Method == "POST" { + username := c.Req.FormValue("username") + password := c.Req.FormValue("password") + if auth.StringsEqual(username, s.Username) && auth.StringsEqual(password, s.Password) { + auth.Authenticate(c.Out, s.Username, s.Password, s.BasePath) + return + } else { + c.Out.WriteHeader(http.StatusUnauthorized) + return + } + } else { + c.Out.WriteHeader(http.StatusMethodNotAllowed) + } +} + func (s *Server) handleLogout(c *router.Context) { auth.Logout(c.Out, s.BasePath) c.Out.WriteHeader(http.StatusNoContent)