TheCloud/anubis
1
0
Fork 0
mirror of https://github.com/TecharoHQ/anubis.git synced 2025-08-03 17:59:24 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix(lib): use correct URL for path checker in PassChallenge (#347)

Browse Source 
Otherwise, `r.URL.Path` was always `/.within.website/x/cmd/anubis/api/pass-challenge`
and this didn't match the path checker rules correctly,
which caused a failure when the difficulty of these rules was non-default.
This commit is contained in:
compilade 2025-04-23 22:13:11 -04:00 committed by GitHub
parent 2320ef4014
commit ce425a2c21
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/anubis.go
View File

@ -12,6 +12,7 @@ import (
"math" "math"
"net" "net"
"net/http" "net/http"
"net/url"
"os" "os"
"strconv" "strconv"
"strings" "strings"
@ -423,6 +424,16 @@ func (s *Server) PassChallenge(w http.ResponseWriter, r *http.Request) {
"x-real-ip", r.Header.Get("X-Real-Ip"), "x-real-ip", r.Header.Get("X-Real-Ip"),
) )
redir := r.FormValue("redir")
redirURL, err := url.ParseRequestURI(redir)
if err != nil {
lg.Error("invalid redirect", "err", err)
templ.Handler(web.Base("Oh noes!", web.ErrorPage("invalid redirect", s.opts.WebmasterEmail)), templ.WithStatus(http.StatusInternalServerError)).ServeHTTP(w, r)
return
}
// used by the path checker rule
r.URL = redirURL
cr, rule, err := s.check(r) cr, rule, err := s.check(r)
if err != nil { if err != nil {
lg.Error("check failed", "err", err) lg.Error("check failed", "err", err)
@ -459,7 +470,6 @@ func (s *Server) PassChallenge(w http.ResponseWriter, r *http.Request) {
timeTaken.Observe(elapsedTime) timeTaken.Observe(elapsedTime)
response := r.FormValue("response") response := r.FormValue("response")
redir := r.FormValue("redir")
challenge := s.challengeFor(r, rule.Challenge.Difficulty) challenge := s.challengeFor(r, rule.Challenge.Difficulty)