fix(lib): use correct URL for path checker in PassChallenge (#347)

Otherwise, `r.URL.Path` was always `/.within.website/x/cmd/anubis/api/pass-challenge` and this didn't match the path checker rules correctly, which caused a failure when the difficulty of these rules was non-default.
2025-08-03 17:59:24 -04:00 · 2025-04-23 22:13:11 -04:00 · 2025-04-23 22:13:11 -04:00 · ce425a2c21
commit ce425a2c21
parent 2320ef4014
1 changed files with 11 additions and 1 deletions
--- a/lib/anubis.go
+++ b/lib/anubis.go
@ -12,6 +12,7 @@ import (
 	"math"
 	"net"
 	"net/http"
+	"net/url"
 	"os"
 	"strconv"
 	"strings"
@ -423,6 +424,16 @@ func (s *Server) PassChallenge(w http.ResponseWriter, r *http.Request) {
 		"x-real-ip", r.Header.Get("X-Real-Ip"),
 	)

+	redir := r.FormValue("redir")
+	redirURL, err := url.ParseRequestURI(redir)
+	if err != nil {
+		lg.Error("invalid redirect", "err", err)
+		templ.Handler(web.Base("Oh noes!", web.ErrorPage("invalid redirect", s.opts.WebmasterEmail)), templ.WithStatus(http.StatusInternalServerError)).ServeHTTP(w, r)
+		return
+	}
+	// used by the path checker rule
+	r.URL = redirURL
+
 	cr, rule, err := s.check(r)
 	if err != nil {
 		lg.Error("check failed", "err", err)
@ -459,7 +470,6 @@ func (s *Server) PassChallenge(w http.ResponseWriter, r *http.Request) {
 	timeTaken.Observe(elapsedTime)

 	response := r.FormValue("response")
-	redir := r.FormValue("redir")

 	challenge := s.challengeFor(r, rule.Challenge.Difficulty)