From 6c301cff0c2d781b65f715c504a2b442c3881c9b Mon Sep 17 00:00:00 2001
From: jabuxas <jabuxas@proton.me>
Date: Sat, 2 Nov 2024 01:34:52 -0300
Subject: [PATCH] fix!: bug where it was possible to send text unauthenticated

---
 abyss.go          | 8 --------
 handlers.go       | 6 +++++-
 static/index.html | 2 +-
 3 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/abyss.go b/abyss.go
index f723add..77ee45c 100644
--- a/abyss.go
+++ b/abyss.go
@@ -100,12 +100,4 @@ func setupHandlers(mux *http.ServeMux, app *Application) {
 	mux.HandleFunc("/token", BasicAuth(app.createTokenHandler, app))
 
 	mux.HandleFunc("/files/", app.fileHandler)
-
-	if app.authUpload == "yes" {
-		mux.HandleFunc("/upload", BasicAuth(app.uploadHandler, app))
-		slog.Warn("text uploading will be restricted")
-	} else {
-		mux.HandleFunc("/upload", app.uploadHandler)
-		slog.Warn("text uploading will NOT be restricted")
-	}
 }
diff --git a/handlers.go b/handlers.go
index aba198d..2afeb89 100644
--- a/handlers.go
+++ b/handlers.go
@@ -137,7 +137,11 @@ func (app *Application) lastUploadedHandler(w http.ResponseWriter, r *http.Reque
 
 func (app *Application) uploadHandler(w http.ResponseWriter, r *http.Request) {
 	if contentType := r.Header.Get("Content-Type"); contentType == "application/x-www-form-urlencoded" {
-		app.formHandler(w, r)
+		if app.authUpload == "yes" {
+			BasicAuth(app.formHandler, app)(w, r)
+		} else {
+			app.formHandler(w, r)
+		}
 	} else if strings.Split(contentType, ";")[0] == "multipart/form-data" {
 		app.curlHandler(w, r)
 	} else {
diff --git a/static/index.html b/static/index.html
index bc96bae..83f609b 100644
--- a/static/index.html
+++ b/static/index.html
@@ -20,7 +20,7 @@
         </a>
     </div>
 
-    <form action="/upload" method="POST">
+    <form action="/" method="POST">
         <textarea name="content" placeholder="Enter your content here..."></textarea>
         <br />
         <button type="submit">upload</button>