Unused s.requireNoAuth?

The requireNoAuth middleware should redirect users to the homepage if they are already logged.

Lines 111 to 116 in 05bc90c

    
           // Register unauthenticated routes. 
        
           { 
        
           	r := s.router.PathPrefix("/").Subrouter() 
        
           	r.Use(s.requireNoAuth) 
        
           	s.registerAuthRoutes(r) 
        
           }

But if they are required to be not logged, how can they issue a logout, since the route is protected by the requireNoAuth middleware?

wtf/http/auth.go

Lines 19 to 24 in 05bc90c

    
           func (s *Server) registerAuthRoutes(r *mux.Router) { 
        
           	r.HandleFunc("/login", s.handleLogin).Methods("GET") 
        
           	r.HandleFunc("/logout", s.handleLogout).Methods("DELETE") 
        
           	r.HandleFunc("/oauth/github", s.handleOAuthGitHub).Methods("GET") 
        
           	r.HandleFunc("/oauth/github/callback", s.handleOAuthGitHubCallback).Methods("GET") 
        
           }

My guess is that the mux subrouter doesn't authenticate the user (note the s.router.PathPrefix("/") and not router.PathPrefix("/")), so the requireNoAuth always delegates to the next handler, thus no restrictions are actually in place.

	// Register unauthenticated routes.
	{
	r := s.router.PathPrefix("/").Subrouter()
	r.Use(s.requireNoAuth)
	s.registerAuthRoutes(r)
	}

	func (s Server) registerAuthRoutes(r mux.Router) {
	r.HandleFunc("/login", s.handleLogin).Methods("GET")
	r.HandleFunc("/logout", s.handleLogout).Methods("DELETE")
	r.HandleFunc("/oauth/github", s.handleOAuthGitHub).Methods("GET")
	r.HandleFunc("/oauth/github/callback", s.handleOAuthGitHubCallback).Methods("GET")
	}