Move verification viewing to logged in only

auth.go

@@ -111,7 +111,7 @@ func genPassword(length int) string {
 }
 func sendPassword(user string, ipaddr string) {
 	defer log.PanicSafe()
-	str := genPassword(8)
+	str := genPassword(15)
 	log.LogInfo("sending password to %+v for %+v: %+v", ipaddr, user, str)
 	m, err := dg.GuildMember(config.GuildID, user)
 	if err != nil {

site-api.go

@@ -202,6 +202,15 @@ func getUser(w http.ResponseWriter, r *http.Request) {
 	fmt.Fprintf(w, string(ret))
 }
 
+func getVerification(w http.ResponseWriter, r *http.Request) {
+	loggedIn, _ := detectUser(r, "getVerification")
+	if !loggedIn {
+		notFoundPage(w, r)
+		return
+	}
+	http.ServeFile(w, r, r.URL.Path)
+}
+
 func runWeb() {
 	defer log.PanicSafe()
 	router := mux.NewRouter().StrictSlash(true)
@@ -212,12 +221,12 @@ func runWeb() {
 	router.HandleFunc("/api/login", tryLogin)
 	router.HandleFunc("/api/pending", getPending)
 	router.HandleFunc("/api/verifications", getVerifications)
+	router.HandleFunc("/api/image/", getVerification)
 	router.HandleFunc("/api/probations", getProbations)
 	router.HandleFunc("/api/passreq", reqPass)
 	router.HandleFunc("/api/user", getUser)
 	router.HandleFunc("/", greetUser)
 	router.PathPrefix("/static/").Handler(http.StripPrefix("/static/", http.FileServer(http.Dir("./static"))))
-	router.PathPrefix("/verifications/").Handler(http.StripPrefix("/verifications/", http.FileServer(http.Dir("./verifications"))))
 	log.LogInfo("Starting server")
 	log.LogErrorType(http.ListenAndServe(":8080", router))
 }