starred/godoxy-yusing
1
0
Fork 0
mirror of https://github.com/yusing/godoxy.git synced 2026-04-25 01:38:30 +02:00
Code Issues 18 Packages Projects Releases 10 Wiki Activity

fix(auth): enforce HTML acceptance in OIDC login handler

Browse Source
This commit is contained in:
yusing
2025-12-22 10:35:43 +08:00
parent 1fb1ee0279
commit 736985b79d
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
internal/auth/oidc.go
View File

@@ -231,6 +231,11 @@ func (auth *OIDCProvider) HandleAuth(w http.ResponseWriter, r *http.Request) {
var rateLimit = rate.NewLimiter(rate.Every(time.Second), 1) var rateLimit = rate.NewLimiter(rate.Every(time.Second), 1)
func (auth *OIDCProvider) LoginHandler(w http.ResponseWriter, r *http.Request) { func (auth *OIDCProvider) LoginHandler(w http.ResponseWriter, r *http.Request) {
if !httputils.GetAccept(r.Header).AcceptHTML() {
http.Error(w, "authentication is required", http.StatusForbidden)
return
}
// check for session token // check for session token
sessionToken, err := r.Cookie(auth.getAppScopedCookieName(CookieOauthSessionToken)) sessionToken, err := r.Cookie(auth.getAppScopedCookieName(CookieOauthSessionToken))
if err == nil { // session token exists if err == nil { // session token exists