added target redirect

This commit is contained in:
Rudis Muiznieks 2024-04-28 15:30:10 -05:00
parent 189ac61cd7
commit 70f7954f61
Signed by: rudism
GPG key ID: CABF2F86EF7884F9
2 changed files with 28 additions and 13 deletions

View file

@ -30,10 +30,6 @@ public static class Program {
var app = Initialize(args);
app.UseSession();
app.MapGet("/favicon.ico", () => Results.File(Convert.FromBase64String(
$"AAABAAEAEBAAAAAAAABoBQAAFgAAACgAAAAQAAAAIAAAAAEACAAAAAAAAAEAAAAAAAAAAAAAAAEAAAAAAAD///8{new string('A', 1788)}="),
contentType: "image/x-icon"));
app.MapGet("/auth/check", async (context) => {
var token = context.Request.Cookies[COOKIE_NAME];
if (!TokenIsValid(token)) {
@ -75,10 +71,10 @@ public static class Program {
return Task.CompletedTask;
});
app.MapPost("/auth", async (context) => {
app.MapPost("/auth/password", async (context) => {
if (context.Request.Form.TryGetValue("password", out var reqPassword)
&& !string.IsNullOrEmpty(s_password)
&& string.Equals(reqPassword, s_password, StringComparison.Ordinal)) {
&& string.Equals(reqPassword.FirstOrDefault(), s_password, StringComparison.Ordinal)) {
var cookieOpts = new CookieOptions {
Path = "/",
Secure = true,
@ -96,7 +92,12 @@ public static class Program {
COOKIE_NAME,
GenerateToken(connection),
cookieOpts);
await context.Response.WriteAsJsonAsync(new { status = "ok" });
if (!context.Request.Form.TryGetValue("target", out var target)
|| string.IsNullOrEmpty(target.FirstOrDefault())) {
target = [];
}
context.Response.Redirect(target.FirstOrDefault() ?? "/");
} else {
context.Response.StatusCode = 401;
await context.Response.WriteAsJsonAsync(new { error = "bad password" });

View file

@ -2,10 +2,24 @@
<html lang='en'>
<head>
<title>RDSM.ca Login</title>
<body>
<form action='/auth' method='post'>
<input type='password' name='password' />
<input type='submit' value='Login' />
</form>
</body>
<script>
function getParameterByName(name) {
name = name.replace(/[\[]/, "\\[").replace(/[\]]/, "\\]");
var regex = new RegExp("[\\?&]" + name + "=([^&#]*)"),
results = regex.exec(location.search);
return results === null ? "" : decodeURIComponent(results[1].replace(/\+/g, " "));
}
document.addEventListener("DOMContentLoaded", function() {
document.getElementById('target').value = getParameterByName('target');
});
</script>
</head>
<body>
<form action='/auth/password' method='post'>
<input type='password' name='password' />
<input type='hidden' name='target' id='target' />
<input type='submit' value='Login' />
</form>
</body>
</html>