Thanks for your great work on Omnigollum.
While using it, I've just noticed that if you specify protected_routes for Omnigollum in Gollum's config.rb as such:
:protected_routes => [
'/private/*',
'/private'],
Then if you go to e.g. https://mywiki.com/private the authorization prompt is shown as expected. However, there seems to be an easy way to override this:
I'm by no means a Ruby developer, so I'm not too sure what's going on behind the scenes. protected_routes is processed here: https://github.com/arr2036/omnigollum/blob/master/lib/omnigollum.rb#L311
Something I tried was to modify the route, so that it's converted to downcase. While that works for that particular case, then unauthenticated users cannot access the open parts of the site that use capital letters, e.g. mywiki.com/Home. So no, the workaround does not quite work:
# Pre-empt protected routes
options[:protected_routes].each {|route| app.before(route.downcase!) {user_auth unless user_authed?}}
I'm sure there are better and cleverer ways to fix this.
Thanks.
Thanks for your great work on Omnigollum.
While using it, I've just noticed that if you specify
protected_routesfor Omnigollum in Gollum'sconfig.rbas such:Then if you go to e.g. https://mywiki.com/private the authorization prompt is shown as expected. However, there seems to be an easy way to override this:
I'm by no means a Ruby developer, so I'm not too sure what's going on behind the scenes.
protected_routesis processed here: https://github.com/arr2036/omnigollum/blob/master/lib/omnigollum.rb#L311Something I tried was to modify the route, so that it's converted to downcase. While that works for that particular case, then unauthenticated users cannot access the open parts of the site that use capital letters, e.g. mywiki.com/Home. So no, the workaround does not quite work:
I'm sure there are better and cleverer ways to fix this.
Thanks.