fix!: bug where it was possible to send text unauthenticated

abyss.go

@@ -100,12 +100,4 @@ func setupHandlers(mux *http.ServeMux, app *Application) {
 	mux.HandleFunc("/token", BasicAuth(app.createTokenHandler, app))
 
 	mux.HandleFunc("/files/", app.fileHandler)
-
-	if app.authUpload == "yes" {
-		mux.HandleFunc("/upload", BasicAuth(app.uploadHandler, app))
-		slog.Warn("text uploading will be restricted")
-	} else {
-		mux.HandleFunc("/upload", app.uploadHandler)
-		slog.Warn("text uploading will NOT be restricted")
-	}
 }

handlers.go

@@ -137,7 +137,11 @@ func (app *Application) lastUploadedHandler(w http.ResponseWriter, r *http.Reque
 
 func (app *Application) uploadHandler(w http.ResponseWriter, r *http.Request) {
 	if contentType := r.Header.Get("Content-Type"); contentType == "application/x-www-form-urlencoded" {
-		app.formHandler(w, r)
+		if app.authUpload == "yes" {
+			BasicAuth(app.formHandler, app)(w, r)
+		} else {
+			app.formHandler(w, r)
+		}
 	} else if strings.Split(contentType, ";")[0] == "multipart/form-data" {
 		app.curlHandler(w, r)
 	} else {

static/index.html

@@ -20,7 +20,7 @@
         </a>
     </div>
 
-    <form action="/upload" method="POST">
+    <form action="/" method="POST">
         <textarea name="content" placeholder="Enter your content here..."></textarea>
         <br />
         <button type="submit">upload</button>