From 8893354f0542c77b998a1a87ce6a31fa79290f6d Mon Sep 17 00:00:00 2001
From: mleku <me@mleku.dev>
Date: Fri, 6 Dec 2024 08:10:08 +0000
Subject: [PATCH] make setting owners implicitly enable auth required

---
 cmd/realy/app/implementation.go | 2 +-
 realy/config/config.go          | 2 +-
 realy/handleAdmin.go            | 2 ++
 realy/handleEvent.go            | 3 +++
 realy/version                   | 2 +-
 5 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/cmd/realy/app/implementation.go b/cmd/realy/app/implementation.go
index 873bf92..647f924 100644
--- a/cmd/realy/app/implementation.go
+++ b/cmd/realy/app/implementation.go
@@ -356,7 +356,7 @@ func (r *Relay) CheckOwnerLists(c cx) {
 	}
 }
 
-func (r *Relay) AuthEnabled() bo { return r.C.AuthRequired }
+func (r *Relay) AuthEnabled() bo { return r.C.AuthRequired || len(r.C.Owners) > 0 }
 
 // ServiceUrl returns the address of the relay to send back in auth responses.
 // If auth is disabled this returns an empty string.
diff --git a/realy/config/config.go b/realy/config/config.go
index d7d3fb7..ceb7d55 100644
--- a/realy/config/config.go
+++ b/realy/config/config.go
@@ -123,7 +123,7 @@ out:
 // environment variable key/value pair list, one per line. Note you must dereference a pointer
 // type to use this. This allows the composition of the config in this file with an extended
 // form with a customized variant of realy to produce correct environment variables both read
-// and write.
+// and write, including replacing the default values and descriptions when printing the usage.
 func EnvKV(cfg any) (m KVSlice) {
 	t := reflect.TypeOf(cfg)
 	for i := 0; i < t.NumField(); i++ {
diff --git a/realy/handleAdmin.go b/realy/handleAdmin.go
index fba540e..38268c2 100644
--- a/realy/handleAdmin.go
+++ b/realy/handleAdmin.go
@@ -15,6 +15,7 @@ import (
 
 func (s *Server) auth(r *http.Request) (authed bo) {
 	if s.adminUser == "" || s.adminPass == "" {
+		log.W.Ln("admin user and/or password not set")
 		// disallow this if it hasn't been configured, the default values are empty.
 		return
 	}
@@ -32,6 +33,7 @@ func (s *Server) auth(r *http.Request) (authed bo) {
 			return true
 		}
 	}
+	log.W.Ln("admin user failed to auth")
 	return
 }
 
diff --git a/realy/handleEvent.go b/realy/handleEvent.go
index 9fbdb28..ceaa45c 100644
--- a/realy/handleEvent.go
+++ b/realy/handleEvent.go
@@ -20,6 +20,9 @@ import (
 )
 
 func (s *Server) handleEvent(c cx, ws *web.Socket, req by, sto store.I) (msg by) {
+	if ws.AuthRequested() && len(ws.Authed()) == 0 {
+		return by("auth has been requested, awaiting authentication response")
+	}
 	log.T.F("handleEvent %s %s", ws.RealRemote(), req)
 	var err er
 	var ok bo
diff --git a/realy/version b/realy/version
index 917b30e..89cc0ea 100644
--- a/realy/version
+++ b/realy/version
@@ -1 +1 @@
-v1.2.37
\ No newline at end of file
+v1.2.38
\ No newline at end of file