From 6092976727ba3ad8684a2e1bf569ce601e99c71d Mon Sep 17 00:00:00 2001
From: WeebDataHoarder <57538841+WeebDataHoarder@users.noreply.github.com>
Date: Tue, 1 Apr 2025 15:11:57 +0200
Subject: [PATCH] Allow skipping http challenge if cookie is not set

---
 policy.yml |  2 ++
 state.go   | 10 ++++++++++
 2 files changed, 12 insertions(+)

diff --git a/policy.yml b/policy.yml
index ae99189..6d8c9bb 100644
--- a/policy.yml
+++ b/policy.yml
@@ -126,6 +126,7 @@ challenges:
     # url: http://gitea:3000/repo/search
     # url: http://gitea:3000/notifications/new
     parameters:
+      http-cookie: i_like_gitea
       http-method: GET
       http-code: 200
 
@@ -145,6 +146,7 @@ conditions:
     - 'path.startsWith("/repo-avatars/")'
     - 'path.startsWith("/avatars/")'
     - 'path.startsWith("/avatar/")'
+    - 'path.startsWith("/attachments/")'
   is-git-ua:
     - 'userAgent.startsWith("git/")'
     - 'userAgent.startsWith("go-git")'
diff --git a/state.go b/state.go
index 3d92f3d..857f26a 100644
--- a/state.go
+++ b/state.go
@@ -118,6 +118,8 @@ func NewState(policy Policy, packagePath string, backend http.Handler) (state *S
 			}
 		}
 
+		slog.Debug("loaded network prefixes", "network", k, "count", ranger.Len())
+
 		state.Networks[k] = ranger
 	}
 
@@ -166,8 +168,16 @@ func NewState(policy Policy, packagePath string, backend http.Handler) (state *S
 				httpCode = http.StatusOK
 			}
 
+			expectedCookie := p.Parameters["http-cookie"]
+
 			//todo
 			c.Challenge = func(w http.ResponseWriter, r *http.Request, key []byte, expiry time.Time) ChallengeResult {
+				if expectedCookie != "" {
+					if cookie, err := r.Cookie(expectedCookie); err != nil || cookie == nil || cookie.Expires.Before(time.Now()) {
+						// skip check if we don't have cookie or it's expired
+						return ChallengeResultContinue
+					}
+				}
 				request, err := http.NewRequest(method, *p.Url, nil)
 				if err != nil {
 					return ChallengeResultContinue