Unused s.requireNoAuth?

[kriive]

The requireNoAuth middleware should redirect users to the homepage if they are already logged.

wtf/http/server.go

Lines 111 to 116 in 05bc90c

	// Register unauthenticated routes.
	{
	r := s.router.PathPrefix("/").Subrouter()
	r.Use(s.requireNoAuth)
	s.registerAuthRoutes(r)
	}

But if they are required to be not logged, how can they issue a logout, since the route is protected by the requireNoAuth middleware?

wtf/http/auth.go

Lines 19 to 24 in 05bc90c

	func (s *Server) registerAuthRoutes(r *mux.Router) {
	r.HandleFunc("/login", s.handleLogin).Methods("GET")
	r.HandleFunc("/logout", s.handleLogout).Methods("DELETE")
	r.HandleFunc("/oauth/github", s.handleOAuthGitHub).Methods("GET")
	r.HandleFunc("/oauth/github/callback", s.handleOAuthGitHubCallback).Methods("GET")
	}

My guess is that the mux subrouter doesn't authenticate the user (note the s.router.PathPrefix("/") and not router.PathPrefix("/")), so the requireNoAuth always delegates to the next handler, thus no restrictions are actually in place.