added target redirect

This commit is contained in:
Rudis Muiznieks 2024-04-28 15:30:10 -05:00
parent 189ac61cd7
commit 70f7954f61
Signed by: rudism
GPG Key ID: CABF2F86EF7884F9
2 changed files with 28 additions and 13 deletions

View File

@ -30,10 +30,6 @@ public static class Program {
var app = Initialize(args); var app = Initialize(args);
app.UseSession(); app.UseSession();
app.MapGet("/favicon.ico", () => Results.File(Convert.FromBase64String(
$"AAABAAEAEBAAAAAAAABoBQAAFgAAACgAAAAQAAAAIAAAAAEACAAAAAAAAAEAAAAAAAAAAAAAAAEAAAAAAAD///8{new string('A', 1788)}="),
contentType: "image/x-icon"));
app.MapGet("/auth/check", async (context) => { app.MapGet("/auth/check", async (context) => {
var token = context.Request.Cookies[COOKIE_NAME]; var token = context.Request.Cookies[COOKIE_NAME];
if (!TokenIsValid(token)) { if (!TokenIsValid(token)) {
@ -75,10 +71,10 @@ public static class Program {
return Task.CompletedTask; return Task.CompletedTask;
}); });
app.MapPost("/auth", async (context) => { app.MapPost("/auth/password", async (context) => {
if (context.Request.Form.TryGetValue("password", out var reqPassword) if (context.Request.Form.TryGetValue("password", out var reqPassword)
&& !string.IsNullOrEmpty(s_password) && !string.IsNullOrEmpty(s_password)
&& string.Equals(reqPassword, s_password, StringComparison.Ordinal)) { && string.Equals(reqPassword.FirstOrDefault(), s_password, StringComparison.Ordinal)) {
var cookieOpts = new CookieOptions { var cookieOpts = new CookieOptions {
Path = "/", Path = "/",
Secure = true, Secure = true,
@ -96,7 +92,12 @@ public static class Program {
COOKIE_NAME, COOKIE_NAME,
GenerateToken(connection), GenerateToken(connection),
cookieOpts); cookieOpts);
await context.Response.WriteAsJsonAsync(new { status = "ok" }); if (!context.Request.Form.TryGetValue("target", out var target)
|| string.IsNullOrEmpty(target.FirstOrDefault())) {
target = [];
}
context.Response.Redirect(target.FirstOrDefault() ?? "/");
} else { } else {
context.Response.StatusCode = 401; context.Response.StatusCode = 401;
await context.Response.WriteAsJsonAsync(new { error = "bad password" }); await context.Response.WriteAsJsonAsync(new { error = "bad password" });

View File

@ -2,10 +2,24 @@
<html lang='en'> <html lang='en'>
<head> <head>
<title>RDSM.ca Login</title> <title>RDSM.ca Login</title>
<body> <script>
<form action='/auth' method='post'> function getParameterByName(name) {
<input type='password' name='password' /> name = name.replace(/[\[]/, "\\[").replace(/[\]]/, "\\]");
<input type='submit' value='Login' /> var regex = new RegExp("[\\?&]" + name + "=([^&#]*)"),
</form> results = regex.exec(location.search);
</body> return results === null ? "" : decodeURIComponent(results[1].replace(/\+/g, " "));
}
document.addEventListener("DOMContentLoaded", function() {
document.getElementById('target').value = getParameterByName('target');
});
</script>
</head>
<body>
<form action='/auth/password' method='post'>
<input type='password' name='password' />
<input type='hidden' name='target' id='target' />
<input type='submit' value='Login' />
</form>
</body>
</html> </html>