From 8bd53b74bbb826312263d77326f2d8740c99924a Mon Sep 17 00:00:00 2001 From: Ben Sima Date: Wed, 8 Apr 2020 12:03:44 -0700 Subject: Finish the request after guarding This prevents and further code from being executed. I think this was happening so posted messages were still going on the que even though I said they weren't. I really need some tests. --- Run/Que/Server.hs | 2 ++ 1 file changed, 2 insertions(+) (limited to 'Run') diff --git a/Run/Que/Server.hs b/Run/Que/Server.hs index 146a16a..5973ec2 100644 --- a/Run/Que/Server.hs +++ b/Run/Que/Server.hs @@ -131,6 +131,7 @@ routes = do when ("_" == ns && authkey /= adminkey) <| Scotty.status Http.methodNotAllowed405 >> Scotty.text "not allowed: _ is a reserved namespace" + >> Scotty.finish guardNs ns ["pub", "_"] -- passed all auth checks app . modify <| upsertNamespace ns @@ -148,6 +149,7 @@ guardNs ns whitelist = when (not <| ns `elem` whitelist) <| do <| "not allowed: use 'pub' namespace or signup to protect '" <> ns <> "' at https://que.run" + Scotty.finish -- | recover from a scotty-thrown exception. (!:) -- cgit v1.2.3