diff options
| author |  Frédéric Guillot <f@miniflux.net>
| 2020-09-27 13:18:51 -0700 |
|---|---|---|
| committer |  Frédéric Guillot <fred@miniflux.net>
| 2020-09-27 13:23:11 -0700 |
| commit | 065331c77fc4e55853833bf5964c29b866eaa40d (patch) | |
| tree | 331ff75ed729f0ef2681860ec8eb072da96c92d4 /api/middleware.go | |
| parent | 2b74c6779a342fdda4f29dcb9639b10ae6720f1a (diff) | |
| download | v2-065331c77fc4e55853833bf5964c29b866eaa40d.tar.gz v2-065331c77fc4e55853833bf5964c29b866eaa40d.tar.zst v2-065331c77fc4e55853833bf5964c29b866eaa40d.zip | |
api: avoid database lookup if empty credentials are provided
Diffstat (limited to 'api/middleware.go')
| -rw-r--r-- | api/middleware.go | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/api/middleware.go b/api/middleware.go index 1ddc08e0..23017863 100644 --- a/api/middleware.go +++ b/api/middleware.go @@ -89,6 +89,12 @@ func (m *middleware) basicAuth(next http.Handler) http.Handler { return } + if username == "" || password == "" { + logger.Error("[API][BasicAuth] [ClientIP=%s] Empty username or password", clientIP) + json.Unauthorized(w, r) + return + } + if err := m.store.CheckPassword(username, password); err != nil { logger.Error("[API][BasicAuth] [ClientIP=%s] Invalid username or password: %s", clientIP, username) json.Unauthorized(w, r) |