Backups/Mango
1
0
Fork 0
mirror of https://github.com/hkalexling/Mango.git synced 2026-04-25 00:00:52 -04:00
Code Issues Projects Releases Wiki Activity

Tokens take precedence over default user setting

Browse Source
This commit is contained in:
Alex Ling
2020-12-30 11:12:56 +00:00
parent 85ad38c321
commit bd34b803f1
2 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/handlers/auth_handler.cr
+10 -3
View File
@@ -74,10 +74,17 @@ class AuthHandler < Kemal::Handler
end
if request_path_startswith env, ["/admin", "/api/admin", "/download"]
unless validate_token_admin(env) ||
Storage.default.username_is_admin Config.current.default_username
env.response.status_code = 403
# The token (if exists) takes precedence over the default user option.
# this is why we check the default username first before checking the
# token.
should_reject = true
if Storage.default.username_is_admin Config.current.default_username
should_reject = false
end
if env.session.string? "token"
should_reject = !validate_token_admin(env)
end
env.response.status_code = 403 if should_reject
end
call_next env