vvill.dev / caddy-atproto-auth
Caddy module to require at-proto authentication and restrict routes to DIDs
3
Fork 0

Configure Feed

Select the types of activity you want to include in your feed.

feat: make login and logout paths configurable in gate

author
Will Garrison date (Mar 7, 2026, 11:34 PM -0800) commit 2ff82ba8 parent 699e6d1e
+30 -4
+4
README.md
··· 100 100 # Path to a custom HTML template for the "Access Denied" page. 101 101 forbidden_template /path/to/forbidden.html 102 102 } 103 + 104 + # Standalone Mode Path Configuration (Optional) 105 + # login_path /auth/login 106 + # logout_path /auth/logout 103 107 } 104 108 105 109 reverse_proxy localhost:8080
+26 -4
gate.go
··· 31 31 PortalURL string `json:"portal_url,omitempty"` // URL of the central auth portal if NOT in standalone mode 32 32 UI ui.Config `json:"ui,omitempty"` // Custom UI configuration 33 33 34 + // Paths configuration 35 + LoginPath string `json:"login_path,omitempty"` 36 + LogoutPath string `json:"logout_path,omitempty"` 37 + 34 38 // Dependencies 35 39 app *App 36 40 resolver *resolver.Resolver ··· 87 91 g.oauth = mgr 88 92 } 89 93 94 + // Defaults for paths 95 + if g.LoginPath == "" { 96 + g.LoginPath = "/login" 97 + } 98 + if g.LogoutPath == "" { 99 + g.LogoutPath = "/logout" 100 + } 101 + 90 102 return nil 91 103 } 92 104 ··· 115 127 return d.ArgErr() 116 128 } 117 129 g.PortalURL = d.Val() 130 + case "login_path": 131 + if !d.NextArg() { 132 + return d.ArgErr() 133 + } 134 + g.LoginPath = d.Val() 135 + case "logout_path": 136 + if !d.NextArg() { 137 + return d.ArgErr() 138 + } 139 + g.LogoutPath = d.Val() 118 140 case "ui": 119 141 for nesting := d.Nesting(); d.NextBlock(nesting); { 120 142 switch d.Val() { ··· 159 181 w.Header().Set("Content-Type", "application/json") 160 182 return json.NewEncoder(w).Encode(meta) 161 183 } 162 - if r.URL.Path == "/logout" { 184 + if r.URL.Path == g.LogoutPath { 163 185 // Invalidate credential if session exists 164 186 sess, err := g.sessions.VerifyCookie(r) 165 187 if err == nil || err == session.ErrExpired { ··· 173 195 174 196 // Clear session cookie 175 197 http.SetCookie(w, g.sessions.ClearCookie(g.Domain)) 176 - http.Redirect(w, r, "/login", http.StatusFound) 198 + http.Redirect(w, r, g.LoginPath, http.StatusFound) 177 199 return nil 178 200 } 179 201 ··· 280 302 // Let's implement a simple /login handler in Gate if oauth is enabled. 281 303 282 304 if g.oauth != nil { 283 - if r.URL.Path == "/login" { 305 + if r.URL.Path == g.LoginPath { 284 306 if r.Method == "POST" { 285 307 handle := r.FormValue("handle") 286 308 // Strip leading @ if present ··· 318 340 return nil 319 341 } 320 342 // Redirect to /login 321 - http.Redirect(w, r, "/login", http.StatusFound) 343 + http.Redirect(w, r, g.LoginPath, http.StatusFound) 322 344 return nil 323 345 } 324 346