Allow skipping http challenge if cookie is not set
This commit is contained in:
WeebDataHoarder
@@ -126,6 +126,7 @@ challenges:
|
||||
# url: http://gitea:3000/repo/search
|
||||
# url: http://gitea:3000/notifications/new
|
||||
parameters:
|
||||
http-cookie: i_like_gitea
|
||||
http-method: GET
|
||||
http-code: 200
|
||||
|
||||
@@ -145,6 +146,7 @@ conditions:
|
||||
- 'path.startsWith("/repo-avatars/")'
|
||||
- 'path.startsWith("/avatars/")'
|
||||
- 'path.startsWith("/avatar/")'
|
||||
- 'path.startsWith("/attachments/")'
|
||||
is-git-ua:
|
||||
- 'userAgent.startsWith("git/")'
|
||||
- 'userAgent.startsWith("go-git")'
|
||||
|
||||
10
state.go
10
state.go
@@ -118,6 +118,8 @@ func NewState(policy Policy, packagePath string, backend http.Handler) (state *S
|
||||
}
|
||||
}
|
||||
|
||||
slog.Debug("loaded network prefixes", "network", k, "count", ranger.Len())
|
||||
|
||||
state.Networks[k] = ranger
|
||||
}
|
||||
|
||||
@@ -166,8 +168,16 @@ func NewState(policy Policy, packagePath string, backend http.Handler) (state *S
|
||||
httpCode = http.StatusOK
|
||||
}
|
||||
|
||||
expectedCookie := p.Parameters["http-cookie"]
|
||||
|
||||
//todo
|
||||
c.Challenge = func(w http.ResponseWriter, r *http.Request, key []byte, expiry time.Time) ChallengeResult {
|
||||
if expectedCookie != "" {
|
||||
if cookie, err := r.Cookie(expectedCookie); err != nil || cookie == nil || cookie.Expires.Before(time.Now()) {
|
||||
// skip check if we don't have cookie or it's expired
|
||||
return ChallengeResultContinue
|
||||
}
|
||||
}
|
||||
request, err := http.NewRequest(method, *p.Url, nil)
|
||||
if err != nil {
|
||||
return ChallengeResultContinue
|
||||
|
||||
Reference in New Issue
Block a user