From 1f799efb15a80f5aedee975fe8b4af5415b1fd78 Mon Sep 17 00:00:00 2001
From: ivar <i@oiee.no>
Date: Tue, 31 Mar 2026 18:31:06 +0200
Subject: Fault if not able to authenticate user

---
 internal/admin/server.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'internal/admin/server.go')

diff --git a/internal/admin/server.go b/internal/admin/server.go
index 858d498..bad7e66 100644
--- a/internal/admin/server.go
+++ b/internal/admin/server.go
@@ -73,10 +73,10 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 // Returns true if the request is authorised (or if auth is disabled).
 func (s *Server) checkAuth(w http.ResponseWriter, r *http.Request) bool {
 	if s.AuthFile == "" {
-		return true
+		return false
 	}
 	if _, err := os.Stat(s.AuthFile); os.IsNotExist(err) {
-		return true // no passwords file → no auth required
+		return false
 	}
 	a := auth.New(s.AuthFile)
 	username, password, ok := r.BasicAuth()
@@ -107,10 +107,10 @@ func (s *Server) handleNew(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	s.render(w, "form", map[string]any{
-		"Title":   "New Post",
-		"Action":  "/admin/new",
-		"Post":    post{Date: time.Now().Format("2006-01-02")},
-		"IsNew":   true,
+		"Title":  "New Post",
+		"Action": "/admin/new",
+		"Post":   post{Date: time.Now().Format("2006-01-02")},
+		"IsNew":  true,
 	})
 }
 
-- 
cgit v1.3