feat(auth): implement strict and secure user registration

This commit is contained in:
2026-04-08 15:37:32 +02:00
parent fd9aca9ffc
commit 91e10560a6
8 changed files with 304 additions and 11 deletions

View File

@@ -61,8 +61,8 @@ func RequireAuth(next http.Handler) http.Handler {
// RequireGlobalAuth ensures that a valid user is in the context for all routes except login and static
func RequireGlobalAuth(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Allow unauthenticated access to login, search, and static files
if r.URL.Path == "/login" || strings.HasPrefix(r.URL.Path, "/static/") ||
// Allow unauthenticated access to login, register, search, and static files
if r.URL.Path == "/login" || r.URL.Path == "/register" || strings.HasPrefix(r.URL.Path, "/static/") ||
r.URL.Path == "/search" || r.URL.Path == "/api/search" || r.URL.Path == "/api/search-quick" ||
r.URL.Path == "/" {
next.ServeHTTP(w, r)