diff options
| author | compilade <git@compilade.net> | 2025-04-23 22:13:11 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-04-24 02:13:11 +0000 |
| commit | ce425a2c21adaa4f5b21fd6d3f45e404bbe4337c (patch) | |
| tree | f8dd01472bb231a1394cfd3ba5344acbd12a1e39 | |
| parent | 2320ef401497d34e9f4f77fd34dbd919300062a0 (diff) | |
| download | anubis-ce425a2c21adaa4f5b21fd6d3f45e404bbe4337c.tar.xz anubis-ce425a2c21adaa4f5b21fd6d3f45e404bbe4337c.zip | |
fix(lib): use correct URL for path checker in PassChallenge (#347)
Otherwise, `r.URL.Path` was always `/.within.website/x/cmd/anubis/api/pass-challenge`
and this didn't match the path checker rules correctly,
which caused a failure when the difficulty of these rules was non-default.
| -rw-r--r-- | lib/anubis.go | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/lib/anubis.go b/lib/anubis.go index 7892b15..f6445fb 100644 --- a/lib/anubis.go +++ b/lib/anubis.go @@ -12,6 +12,7 @@ import ( "math" "net" "net/http" + "net/url" "os" "strconv" "strings" @@ -423,6 +424,16 @@ func (s *Server) PassChallenge(w http.ResponseWriter, r *http.Request) { "x-real-ip", r.Header.Get("X-Real-Ip"), ) + redir := r.FormValue("redir") + redirURL, err := url.ParseRequestURI(redir) + if err != nil { + lg.Error("invalid redirect", "err", err) + templ.Handler(web.Base("Oh noes!", web.ErrorPage("invalid redirect", s.opts.WebmasterEmail)), templ.WithStatus(http.StatusInternalServerError)).ServeHTTP(w, r) + return + } + // used by the path checker rule + r.URL = redirURL + cr, rule, err := s.check(r) if err != nil { lg.Error("check failed", "err", err) @@ -459,7 +470,6 @@ func (s *Server) PassChallenge(w http.ResponseWriter, r *http.Request) { timeTaken.Observe(elapsedTime) response := r.FormValue("response") - redir := r.FormValue("redir") challenge := s.challengeFor(r, rule.Challenge.Difficulty) |