rnsrk/wisski-cloud-distillery
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Require access to Still via method

Browse source 
This commit adds a safeguard to accessing the still from a specific
component by requiring access via the component.GetStill method.
This commit is contained in:
Tom Wiesing 2024-04-08 22:39:32 +02:00
parent 81fa84c244
commit 8235ea9105
No known key found for this signature in database
63 changed files with 288 additions and 197 deletions
Download patch file Download diff file Expand all files Collapse all files

5
internal/dis/component/auth/panel/tokens.go
View file

@ -5,6 +5,7 @@ import (
"html/template"
"net/http"
"github.com/FAU-CDI/wisski-distillery/internal/dis/component"
"github.com/FAU-CDI/wisski-distillery/internal/dis/component/auth"
"github.com/FAU-CDI/wisski-distillery/internal/dis/component/server/assets"
"github.com/FAU-CDI/wisski-distillery/internal/dis/component/server/templating"
@ -52,7 +53,7 @@ func (panel *UserPanel) tokensRoute(ctx context.Context) http.Handler {
return tc, err
}
tc.Domain = template.URL(panel.Config.HTTP.JoinPath().String())
tc.Domain = template.URL(component.GetStill(panel).Config.HTTP.JoinPath().String())
// get the tokens
tc.Tokens, err = panel.dependencies.Tokens.Tokens(r.Context(), user.User.User)
@ -178,7 +179,7 @@ func (panel *UserPanel) tokensAddRoute(ctx context.Context) http.Handler {
// render the created context
return panel.dependencies.Handling.WriteHTML(
tplDone.Context(r, TokenCreateContext{
Domain: template.URL(panel.Config.HTTP.JoinPath().String()),
Domain: template.URL(component.GetStill(panel).Config.HTTP.JoinPath().String()),
Token: tok,
}),
nil,