From 9982fb51755206762befb82e80fe813bc9735533 Mon Sep 17 00:00:00 2001
From: Daniel Heath <daniel@heath.cc>
Date: Wed, 7 Feb 2018 15:09:01 +1100
Subject: [PATCH] Auth doesn't stop you publishing stuff

---
 handlers.go | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/handlers.go b/handlers.go
index a80f1e3..f026618 100755
--- a/handlers.go
+++ b/handlers.go
@@ -56,7 +56,28 @@ func serve(
 	store := sessions.NewCookieStore([]byte(secret))
 	router.Use(sessions.Sessions("mysession", store))
 	if secretCode != "" {
-		router.Use(secretRequired.RequiresSecretAccessCode(secretCode, "/login/"))
+		cfg := &secretRequired.Config{
+			Secret: secretCode,
+			Path:   "/login/",
+			RequireAuth: func(c *gin.Context) bool {
+				page := c.Param("page")
+				cmd := c.Param("command")
+
+				if page == "sitemap.xml" || page == "favicon.ico" || page == "static" {
+					return false // no auth for sitemap
+				}
+
+				if page != "" && cmd == "/read" {
+					p := Open(page)
+					fmt.Printf("p: '%+v'\n", p)
+					if p != nil && p.IsPublished {
+						return false // Published pages don't require auth.
+					}
+				}
+				return true
+			},
+		}
+		router.Use(cfg.Middleware)
 	}
 
 	// router.Use(static.Serve("/static/", static.LocalFile("./static", true)))