unauth handler

auth/auth.go

@@ -52,6 +52,18 @@ func WsIsAuthenticated(conn *websocket.Conn, token string) bool {
 	}
 }
 
+// quick check if websocket is authed at all for unauth broadcast (not for actual auth)
+func WsAuthCheck(conn *websocket.Conn, token string) bool {
+	AuthenticatedClients.RLock()         // Acquire read lock
+	defer AuthenticatedClients.RUnlock() // Release read lock
+	for _, con := range AuthenticatedClients.Conn {
+		if val == con {
+			return true
+		}
+	}
+	return false
+}
+
 // this takes a bool for auth/unauth -- also persists to config
 func AddToAuthMap(conn *websocket.Conn, token map[string]string, authed bool) error {
 	tokenStr := token["token"]

ws/ws.go

@@ -139,6 +139,10 @@ func WsHandler(w http.ResponseWriter, r *http.Request) {
 			config.Logger.Warn(errmsg)
 		}
 	}
+	// default to unauth
+	if !auth.WsAuthCheck(conn) {
+		unauthHandler(conn, r)
+	}
 }
 
 // validate password and add to auth session map
@@ -168,6 +172,21 @@ func loginHandler(conn *websocket.Conn, msg []byte, payload structs.WsPayload) e
 	return nil
 }
 
+
+// broadcast the unauth payload
+func unauthHandler(conn *websocket.Conn, r *http.Request) {
+	blob := structs.UnauthBroadcast
+	blob.Type = "structure"
+	blob.AuthLevel = "unauthorized"
+	blob.Login = struct{
+		Remainder: 0
+	}
+	resp := json.Marshal(blob)
+	if err := conn.WriteMessage(websocket.TextMessage, respJson); err != nil {
+		config.Logger.Error(fmt.Sprintf("Error writing response: %v", err))
+	}
+}
+
 // client send:
 // {
 // 	"type": "verify",