Unused s.requireNoAuth?
kriive opened this issue · 0 comments
kriive commented
The requireNoAuth
middleware should redirect users to the homepage if they are already logged.
Lines 111 to 116 in 05bc90c
But if they are required to be not logged, how can they issue a logout, since the route is protected by the requireNoAuth
middleware?
Lines 19 to 24 in 05bc90c
My guess is that the mux subrouter doesn't authenticate the user (note the s.router.PathPrefix("/")
and not router.PathPrefix("/")
), so the requireNoAuth
always delegates to the next handler, thus no restrictions are actually in place.