From 2cd60e60d180c1ce6750729c576397272f9c636b Mon Sep 17 00:00:00 2001
From: Dima Krasner <dima@dimakrasner.com>
Date: Sat, 14 Dec 2024 15:12:40 +0200
Subject: [PATCH] fix nil deref when posting without authentication

---
 front/dm.go      | 10 ++++++++++
 front/post.go    |  5 -----
 front/reply.go   |  5 +++++
 front/say.go     | 10 ++++++++++
 front/whisper.go | 10 ++++++++++
 5 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/front/dm.go b/front/dm.go
index aeb4d23f..e56fdef7 100644
--- a/front/dm.go
+++ b/front/dm.go
@@ -22,6 +22,11 @@ import (
 )
 
 func (h *Handler) dm(w text.Writer, r *Request, args ...string) {
+	if r.User == nil {
+		w.Redirect("/users")
+		return
+	}
+
 	to := ap.Audience{}
 	cc := ap.Audience{}
 
@@ -31,6 +36,11 @@ func (h *Handler) dm(w text.Writer, r *Request, args ...string) {
 }
 
 func (h *Handler) uploadDM(w text.Writer, r *Request, args ...string) {
+	if r.User == nil {
+		w.Redirect("/users")
+		return
+	}
+
 	to := ap.Audience{}
 	cc := ap.Audience{}
 
diff --git a/front/post.go b/front/post.go
index fe303610..493a813c 100644
--- a/front/post.go
+++ b/front/post.go
@@ -43,11 +43,6 @@ var (
 )
 
 func (h *Handler) post(w text.Writer, r *Request, oldNote *ap.Object, inReplyTo *ap.Object, to ap.Audience, cc ap.Audience, audience string, readInput inputFunc) {
-	if r.User == nil {
-		w.Redirect("/users")
-		return
-	}
-
 	now := ap.Time{Time: time.Now()}
 
 	if oldNote == nil {
diff --git a/front/reply.go b/front/reply.go
index c82c4c8a..ad1536ab 100644
--- a/front/reply.go
+++ b/front/reply.go
@@ -24,6 +24,11 @@ import (
 )
 
 func (h *Handler) doReply(w text.Writer, r *Request, args []string, readInput inputFunc) {
+	if r.User == nil {
+		w.Redirect("/users")
+		return
+	}
+
 	postID := "https://" + args[1]
 
 	var note ap.Object
diff --git a/front/say.go b/front/say.go
index c9bf8d46..ee8ba769 100644
--- a/front/say.go
+++ b/front/say.go
@@ -22,6 +22,11 @@ import (
 )
 
 func (h *Handler) say(w text.Writer, r *Request, args ...string) {
+	if r.User == nil {
+		w.Redirect("/users")
+		return
+	}
+
 	to := ap.Audience{}
 	cc := ap.Audience{}
 
@@ -34,6 +39,11 @@ func (h *Handler) say(w text.Writer, r *Request, args ...string) {
 }
 
 func (h *Handler) uploadSay(w text.Writer, r *Request, args ...string) {
+	if r.User == nil {
+		w.Redirect("/users")
+		return
+	}
+
 	to := ap.Audience{}
 	cc := ap.Audience{}
 
diff --git a/front/whisper.go b/front/whisper.go
index 379f1281..2de4592d 100644
--- a/front/whisper.go
+++ b/front/whisper.go
@@ -22,6 +22,11 @@ import (
 )
 
 func (h *Handler) whisper(w text.Writer, r *Request, args ...string) {
+	if r.User == nil {
+		w.Redirect("/users")
+		return
+	}
+
 	to := ap.Audience{}
 	cc := ap.Audience{}
 
@@ -33,6 +38,11 @@ func (h *Handler) whisper(w text.Writer, r *Request, args ...string) {
 }
 
 func (h *Handler) uploadWhisper(w text.Writer, r *Request, args ...string) {
+	if r.User == nil {
+		w.Redirect("/users")
+		return
+	}
+
 	to := ap.Audience{}
 	cc := ap.Audience{}