From bd6e377e4326c2d6eb5cb0f67008e37faf8bd5fe Mon Sep 17 00:00:00 2001
From: Catherine <whitequark@whitequark.org>
Date: Thu, 18 Sep 2025 01:56:06 +0000
Subject: [PATCH] Allow explicit authorization to bypass wildcard URL
 restriction.

---
 src/pages.go | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/pages.go b/src/pages.go
index e722be5..8a7d282 100644
--- a/src/pages.go
+++ b/src/pages.go
@@ -217,12 +217,15 @@ func postPage(w http.ResponseWriter, r *http.Request) error {
 
 	allowRepoURL := ""
 	if slices.Equal(hostParts[1:], strings.Split(config.Wildcard.Domain, ".")) {
-		userName := hostParts[0]
-		repoName := projectName
-		if repoName == ".index" {
-			repoName = fmt.Sprintf(config.Wildcard.IndexRepo, userName)
+		// explicit authorization bypasses wildcard domain restrictions
+		if err := Authorize(w, r); err != nil {
+			userName := hostParts[0]
+			repoName := projectName
+			if repoName == ".index" {
+				repoName = fmt.Sprintf(config.Wildcard.IndexRepo, userName)
+			}
+			allowRepoURL = fmt.Sprintf(config.Wildcard.CloneURL, userName, repoName)
 		}
-		allowRepoURL = fmt.Sprintf(config.Wildcard.CloneURL, userName, repoName)
 	} else {
 		if err := Authorize(w, r); err != nil {
 			return err