Некорректное условие в auth.go
usmanec opened this issue · 1 comments
usmanec commented
TorrServer/server/web/auth/auth.go
Line 66 in 88a0db1
if strings.HasPrefix(c.FullPath(), "/stream") ||
strings.HasPrefix(c.FullPath(), "/play") ||
(strings.HasPrefix(c.FullPath(), "/playlist") && c.FullPath() != "/playlistall/all.m3u") {
c.Set("not_auth", true)
return
}
до (strings.HasPrefix(c.FullPath(), "/playlist") && c.FullPath() != "/playlistall/all.m3u"
никогда не дойдёт, т.к. отработает strings.HasPrefix(c.FullPath(), "/play")
соответственно /playlistall/all.m3u доступен без авторизации
на go не пишу поэтому сделал issues
варианты решения от меня
if strings.HasPrefix(c.FullPath(), "/stream") ||
(strings.HasPrefix(c.FullPath(), "/play") && !strings.HasPrefix(c.FullPath(), "/playlist")) ||
(strings.HasPrefix(c.FullPath(), "/playlist") && c.FullPath() != "/playlistall/all.m3u") {
c.Set("not_auth", true)
return
}
или
if strings.HasPrefix(c.FullPath(), "/stream") ||
(strings.HasPrefix(c.FullPath(), "/play") && c.FullPath() != "/playlistall/all.m3u") {
c.Set("not_auth", true)
return
}
tsynik commented
merged to master