From 512d5e928aa0e0eab0adce07ea117ddd85253735 Mon Sep 17 00:00:00 2001
From: Catherine <whitequark@whitequark.org>
Date: Fri, 19 Sep 2025 00:29:03 +0000
Subject: [PATCH] Clearly indicate insecure mode at startup.

---
 src/auth.go | 6 +++++-
 src/main.go | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/auth.go b/src/auth.go
index 7a910fd..015aa3f 100644
--- a/src/auth.go
+++ b/src/auth.go
@@ -31,6 +31,10 @@ func IsUnauthorized(err error) bool {
 	return false
 }
 
+func InsecureMode() bool {
+	return os.Getenv("INSECURE") == "very"
+}
+
 func GetHost(r *http.Request) string {
 	// FIXME: handle IDNA
 	host, _, err := net.SplitHostPort(r.Host)
@@ -180,7 +184,7 @@ func authorizeWildcardMatch(r *http.Request) ([]string, error) {
 func authorizeRequest(r *http.Request, allowWildcard bool) ([]string, error) {
 	causes := []error{AuthError{http.StatusUnauthorized, "unauthorized"}}
 
-	if os.Getenv("INSECURE") == "very" {
+	if InsecureMode() {
 		log.Println("auth: INSECURE mode: allow any")
 		return nil, nil // for testing only
 	}
diff --git a/src/main.go b/src/main.go
index c61b7d3..00c7ee2 100644
--- a/src/main.go
+++ b/src/main.go
@@ -100,7 +100,11 @@ func main() {
 		memlimit.WithRatio(0.9),
 	)
 
-	log.Println("ready")
+	if InsecureMode() {
+		log.Println("ready (INSECURE)")
+	} else {
+		log.Println("ready")
+	}
 
 	go serveHandler("pages", config.Listen.Pages, ServePages)