summaryrefslogtreecommitdiff
path: root/system/admin/server.go
diff options
context:
space:
mode:
Diffstat (limited to 'system/admin/server.go')
-rw-r--r--system/admin/server.go8
1 files changed, 6 insertions, 2 deletions
diff --git a/system/admin/server.go b/system/admin/server.go
index 5d93d84..75b48f6 100644
--- a/system/admin/server.go
+++ b/system/admin/server.go
@@ -18,6 +18,10 @@ func Run() {
http.HandleFunc("/admin/login", loginHandler)
http.HandleFunc("/admin/logout", logoutHandler)
+ http.HandleFunc("/admin/recover", forgotPasswordHandler)
+ http.HandleFunc("/admin/recover/key", recoveryKeyHandler)
+ http.HandleFunc("/admin/recover/edit", recoveryEditHandler)
+
http.HandleFunc("/admin/configure", user.Auth(configHandler))
http.HandleFunc("/admin/configure/users", user.Auth(configUsersHandler))
http.HandleFunc("/admin/configure/users/edit", user.Auth(configUsersEditHandler))
@@ -37,11 +41,11 @@ func Run() {
}
staticDir := filepath.Join(pwd, "cmd", "ponzu", "vendor", "github.com", "bosssauce", "ponzu", "system")
- http.Handle("/admin/static/", CacheControl(http.FileServer(http.Dir(staticDir))))
+ http.Handle("/admin/static/", CacheControl(http.FileServer(restrict(http.Dir(staticDir)))))
// API path needs to be registered within server package so that it is handled
// even if the API server is not running. Otherwise, images/files uploaded
// through the editor will not load within the admin system.
uploadsDir := filepath.Join(pwd, "uploads")
- http.Handle("/api/uploads/", CacheControl(http.StripPrefix("/api/uploads/", http.FileServer(http.Dir(uploadsDir)))))
+ http.Handle("/api/uploads/", CacheControl(http.StripPrefix("/api/uploads/", http.FileServer(restrict(http.Dir(uploadsDir))))))
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 00:42:05 +0000