added target redirect

2024-04-28 15:30:10 -05:00 · 2024-04-28 15:30:10 -05:00 · 70f7954f61
parent 189ac61cd7
commit 70f7954f61
2 changed files with 28 additions and 13 deletions
--- a/src/Program.cs
+++ b/src/Program.cs
@ -30,10 +30,6 @@ public static class Program {
    var app = Initialize(args);
    app.UseSession();

-    app.MapGet("/favicon.ico", () => Results.File(Convert.FromBase64String(
-        $"AAABAAEAEBAAAAAAAABoBQAAFgAAACgAAAAQAAAAIAAAAAEACAAAAAAAAAEAAAAAAAAAAAAAAAEAAAAAAAD///8{new string('A', 1788)}="),
-        contentType: "image/x-icon"));
-
    app.MapGet("/auth/check", async (context) => {
      var token = context.Request.Cookies[COOKIE_NAME];
      if (!TokenIsValid(token)) {
@ -75,10 +71,10 @@ public static class Program {
      return Task.CompletedTask;
    });

-    app.MapPost("/auth", async (context) => {
+    app.MapPost("/auth/password", async (context) => {
      if (context.Request.Form.TryGetValue("password", out var reqPassword)
          && !string.IsNullOrEmpty(s_password)
-          && string.Equals(reqPassword, s_password, StringComparison.Ordinal)) {
+          && string.Equals(reqPassword.FirstOrDefault(), s_password, StringComparison.Ordinal)) {
        var cookieOpts = new CookieOptions {
          Path = "/",
          Secure = true,
@ -96,7 +92,12 @@ public static class Program {
            COOKIE_NAME,
            GenerateToken(connection),
            cookieOpts);
-        await context.Response.WriteAsJsonAsync(new { status = "ok" });
+        if (!context.Request.Form.TryGetValue("target", out var target)
+            || string.IsNullOrEmpty(target.FirstOrDefault())) {
+          target = [];
+        }
+
+        context.Response.Redirect(target.FirstOrDefault() ?? "/");
      } else {
        context.Response.StatusCode = 401;
        await context.Response.WriteAsJsonAsync(new { error = "bad password" });
--- a/src/login.html
+++ b/src/login.html
@ -2,10 +2,24 @@
 <html lang='en'>
  <head>
    <title>RDSM.ca Login</title>
-<body>
-  <form action='/auth' method='post'>
-    <input type='password' name='password' />
-    <input type='submit' value='Login' />
-  </form>
-</body>
+    <script>
+      function getParameterByName(name) {
+        name = name.replace(/[\[]/, "\\[").replace(/[\]]/, "\\]");
+        var regex = new RegExp("[\\?&]" + name + "=([^&#]*)"),
+        results = regex.exec(location.search);
+        return results === null ? "" : decodeURIComponent(results[1].replace(/\+/g, " "));
+      }
+
+      document.addEventListener("DOMContentLoaded", function() {
+        document.getElementById('target').value = getParameterByName('target');
+      });
+    </script>
+  </head>
+  <body>
+    <form action='/auth/password' method='post'>
+      <input type='password' name='password' />
+      <input type='hidden' name='target' id='target' />
+      <input type='submit' value='Login' />
+    </form>
+  </body>
 </html>