From 5615e3530a182f47a3c5708ad1470a056ca51219 Mon Sep 17 00:00:00 2001
From: Josh Rickmar <jrick@conformal.com>
Date: Tue, 19 Aug 2014 08:03:06 -0500
Subject: [PATCH] Check websocket RPC auth for every method.

Previously, the createencryptedwallet and stop requests did not check
that the client had successfully authenticated to the server.  This
change moves the check outside of the select statement for these
special cased handlers (previously run from the default case) so an
auth check will occur even if a request method does not match either
of these two.
---
 rpcserver.go | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/rpcserver.go b/rpcserver.go
index bd5e806..4cad56d 100644
--- a/rpcserver.go
+++ b/rpcserver.go
@@ -761,8 +761,7 @@ out:
 				continue
 			}
 
-			switch raw.Method {
-			case "authenticate":
+			if raw.Method == "authenticate" {
 				if wsc.authenticated || s.invalidAuth(request) {
 					// Disconnect immediately.
 					break out
@@ -778,7 +777,15 @@ out:
 				if err != nil {
 					break out
 				}
+				continue
+			}
 
+			if !wsc.authenticated {
+				// Disconnect immediately.
+				break out
+			}
+
+			switch raw.Method {
 			case "createencryptedwallet":
 				result, err := s.handleCreateEncryptedWallet(request)
 				resp := makeResponse(raw.ID, result, err)
@@ -807,10 +814,6 @@ out:
 				}
 
 			default:
-				if !wsc.authenticated {
-					// Disconnect immediately.
-					break out
-				}
 				f := s.HandlerClosure(raw.Method)
 				wsc.wg.Add(1)
 				go func(request []byte, raw *rawRequest) {