From be45ed886b4cedb4ba41095dd692a30d33d420f3 Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <brad@danga.com>
Date: Sat, 10 Dec 2011 17:18:19 -0800
Subject: [PATCH] require auth for ui, search, jsonsign, sync handlers

Change-Id: I2fec6688af87344c09fbe9099bded230efa745c7
---
 .last_go_version                          |  2 +-
 lib/go/camli/serverconfig/serverconfig.go | 16 +++++++++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/.last_go_version b/.last_go_version
index 6a1b50053..743e380bd 100644
--- a/.last_go_version
+++ b/.last_go_version
@@ -1 +1 @@
-6g version release.r60.3 9959
+6g version release.r60.3 9516
diff --git a/lib/go/camli/serverconfig/serverconfig.go b/lib/go/camli/serverconfig/serverconfig.go
index 2d2249187..2dba67604 100644
--- a/lib/go/camli/serverconfig/serverconfig.go
+++ b/lib/go/camli/serverconfig/serverconfig.go
@@ -256,7 +256,21 @@ func (hl *handlerLoader) setupHandler(prefix string) {
 			h.prefix, h.htype, err)
 	}
 	hl.handler[prefix] = hh
-	hl.installer.Handle(prefix, &httputil.PrefixHandler{prefix, hh})
+	var wrappedHandler http.Handler = &httputil.PrefixHandler{prefix, hh}
+	if handerTypeWantsAuth(h.htype) {
+		wrappedHandler = auth.Handler{wrappedHandler}
+	}
+	hl.installer.Handle(prefix, wrappedHandler)
+}
+
+func handerTypeWantsAuth(handlerType string) bool {
+	// TODO(bradfitz): ask the handler instead? This is a bit of a
+	// weird spot for this policy maybe?
+	switch handlerType {
+	case "ui", "search", "jsonsign", "sync":
+		return true
+	}
+	return false
 }
 
 type Config struct {