Hugging Face's logo

Spaces:
Moge-Row
/
Row-proxy
Paused

App Files Community
4
Moge-Row commited on
Commit
33aa875
·
1 Parent(s): 2fa2f41

security: fix f-string syntax for master password

Browse files
Files changed (1) hide show
  1. internal/handler/keys.go +17 -2
internal/handler/keys.go CHANGED
@@ -82,10 +82,25 @@ func HandleReset(w http.ResponseWriter, r *http.Request) {
82
  store.mu.Unlock()
83
  w.Write([]byte("Reset OK"))
84
  }
 
85
  func HandleSecretReveal(w http.ResponseWriter, r *http.Request) {
 
 
 
 
 
 
 
86
  store.mu.Lock()
87
  defer store.mu.Unlock()
88
- fmt.Fprintf(w, "<html><body style='background:#000;color:#0f0;font-family:monospace;'><h2>MU/TH/UR 6000 - MASTER ACCESS</h2>")
89
- for _, k := range store.Keys { fmt.Fprintf(w, "<p>%s: %s</p>", k.Name, k.Key) }
 
 
 
 
 
 
 
90
  fmt.Fprintf(w, "</body></html>")
91
  }
 
82
  store.mu.Unlock()
83
  w.Write([]byte("Reset OK"))
84
  }
85
+
86
  func HandleSecretReveal(w http.ResponseWriter, r *http.Request) {
87
+ if r.URL.Query().Get("pass") != "RWPX_S3cr3t_M0d3_#2026_NzQ!" {
88
+ w.Header().Set("Content-Type", "text/html")
89
+ w.WriteHeader(http.StatusForbidden)
90
+ fmt.Fprintf(w, "<body style='background:#000;color:#f00;font-family:monospace;text-align:center;padding-top:100px;'>")
91
+ fmt.Fprintf(w, "<h1>[ERROR 403] ACCESO RESTRINGIDO</h1><p>IDENTIFICACIÓN DE COMANDANTE NO VÁLIDA</p></body>")
92
+ return
93
+ }
94
  store.mu.Lock()
95
  defer store.mu.Unlock()
96
+ w.Header().Set("Content-Type", "text/html")
97
+ fmt.Fprintf(w, "<body style='background:#000;color:#0f0;font-family:monospace;padding:20px;'>")
98
+ fmt.Fprintf(w, "<h2>MU/TH/UR 6000 - MASTER ACCESS ENCRYPTED</h2><hr>")
99
+ fmt.Fprintf(w, "<table border='1' cellpadding='10'><tr><th>COMANDANTE</th><th>KEY</th></tr>")
100
+ for _, k := range store.Keys {
101
+ fmt.Fprintf(w, "<tr><td>%s</td><td><code>%s</code></td></tr>", k.Name, k.Key)
102
+ }
103
+ fmt.Fprintf(w, "</table></body>")
104
+ }
105
  fmt.Fprintf(w, "</body></html>")
106
  }