Allow skipping http challenge if cookie is not set

2025-04-01 15:11:57 +02:00
parent 72dff2ce16
commit 6092976727
2 changed files with 12 additions and 0 deletions
--- a/policy.yml
+++ b/policy.yml
@@ -126,6 +126,7 @@ challenges:
    # url: http://gitea:3000/repo/search
    # url: http://gitea:3000/notifications/new
    parameters:
      http-cookie: i_like_gitea
      http-method: GET
      http-code: 200
@@ -145,6 +146,7 @@ conditions:
    - 'path.startsWith("/repo-avatars/")'
    - 'path.startsWith("/avatars/")'
    - 'path.startsWith("/avatar/")'
    - 'path.startsWith("/attachments/")'
  is-git-ua:
    - 'userAgent.startsWith("git/")'
    - 'userAgent.startsWith("go-git")'
--- a/state.go
+++ b/state.go
@@ -118,6 +118,8 @@ func NewState(policy Policy, packagePath string, backend http.Handler) (state *S
 			}
 		}
 		slog.Debug("loaded network prefixes", "network", k, "count", ranger.Len())
 		state.Networks[k] = ranger
 	}
@@ -166,8 +168,16 @@ func NewState(policy Policy, packagePath string, backend http.Handler) (state *S
 				httpCode = http.StatusOK
 			}
 			expectedCookie := p.Parameters["http-cookie"]
 			//todo
 			c.Challenge = func(w http.ResponseWriter, r *http.Request, key []byte, expiry time.Time) ChallengeResult {
 				if expectedCookie != "" {
 					if cookie, err := r.Cookie(expectedCookie); err != nil || cookie == nil || cookie.Expires.Before(time.Now()) {
 						// skip check if we don't have cookie or it's expired
 						return ChallengeResultContinue
 					}
 				}
 				request, err := http.NewRequest(method, *p.Url, nil)
 				if err != nil {
 					return ChallengeResultContinue