subspacecommunity · lifehome · Jun 20, 2021 · Jun 20, 2021 · Jun 20, 2021 · Jun 20, 2021
diff --git a/README.md b/README.md
@@ -99,7 +99,7 @@ $ subspace --http-host subspace.example.com
 |      flag       | default | description                                                                                                               |
 | :-------------: | :-----: | :------------------------------------------------------------------------------------------------------------------------ |
 |   `http-host`   |         | REQUIRED: The host to listen on and set cookies for                                                                       |
-|   `backlink`    |   `/`   | OPTIONAL: The page to set the home button to                                                                              |
+|   `subdir`    |   ``   | OPTIONAL: The subdirectory that runs `subspace` |
 |    `datadir`    | `/data` | OPTIONAL: The directory to store data such as the WireGuard configuration files                                           |
 |     `debug`     |         | OPTIONAL: Place subspace into debug mode for verbose log output                                                           |
 |   `http-addr`   |  `:80`  | OPTIONAL: HTTP listen address                                                                                             |
@@ -125,7 +125,7 @@ $ subspace --http-host subspace.example.com
 | `SUBSPACE_IPV4_NAT_ENABLED` | `true`              | Whether to enable NAT routing for IPv4                                                                                                               |
 | `SUBSPACE_IPV6_NAT_ENABLED` | `true`              | Whether to enable NAT routing for IPv6                                                                                                               |
 | `SUBSPACE_THEME`            | `green`             | The theme to use, please refer to [semantic-ui](https://semantic-ui.com/usage/theming.html) for accepted colors                                      |
-| `SUBSPACE_BACKLINK`         | `/`                 | The page to set the home button to                                                                                                                   |
+| `SUBSPACE_URL_SUBDIRECTORY`         | ``                 | The subdirectory that runs `subspace` |
 | `SUBSPACE_DISABLE_DNS`      | `false`             | Whether to disable DNS so the client uses their own configured DNS server(s). Consider disabling DNS server, if supporting international VPN clients |
 
 ### Run as a Docker container

diff --git a/cmd/subspace/assets.go b/cmd/subspace/assets.go
@@ -1,7 +1,7 @@
 package main
 
 import (
-	_ "github.com/jteeuwen/go-bindata"
+	_ "github.com/kevinburke/go-bindata"
 )
 
 //go:generate go run github.com/jteeuwen/go-bindata/go-bindata --pkg main static/... templates/... email/...
diff --git a/cmd/subspace/handlers.go b/cmd/subspace/handlers.go
@@ -36,7 +36,7 @@ func getEnv(key, fallback string) string {
 func ssoHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
 	session, err := samlSP.Session.GetSession(r)
 	if session != nil {
-		http.Redirect(w, r, "/", http.StatusFound)
+		http.Redirect(w, r, subdir, http.StatusFound)
 		return
 	}
 	if err == samlsp.ErrNoSession {
@@ -120,7 +120,7 @@ func wireguardConfigHandler(w *Web) {
 
 func configureHandler(w *Web) {
 	if config.FindInfo().Configured {
-		w.Redirect("/?error=configured")
+		w.Redirect(subdir + "?error=configured")
 		return
 	}
 
@@ -134,13 +134,13 @@ func configureHandler(w *Web) {
 	password := w.r.FormValue("password")
 
 	if !validEmail.MatchString(email) || !validPassword.MatchString(password) || email != emailConfirm {
-		w.Redirect("/configure?error=invalid")
+		w.Redirect(subdir + "/configure?error=invalid")
 		return
 	}
 
 	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 	if err != nil {
-		w.Redirect("/forgot?error=bcrypt")
+		w.Redirect(subdir + "/forgot?error=bcrypt")
 		return
 	}
 	config.UpdateInfo(func(i *Info) error {
@@ -154,7 +154,7 @@ func configureHandler(w *Web) {
 		Error(w.w, err)
 		return
 	}
-	w.Redirect("/settings?success=configured")
+	w.Redirect(subdir + "/settings?success=configured")
 }
 
 func forgotHandler(w *Web) {
@@ -168,20 +168,20 @@ func forgotHandler(w *Web) {
 	password := w.r.FormValue("password")
 
 	if email != "" && !validEmail.MatchString(email) {
-		w.Redirect("/forgot?error=invalid")
+		w.Redirect(subdir + "/forgot?error=invalid")
 		return
 	}
 	if secret != "" && !validString.MatchString(secret) {
-		w.Redirect("/forgot?error=invalid")
+		w.Redirect(subdir + "/forgot?error=invalid")
 		return
 	}
 	if email != "" && secret != "" && !validPassword.MatchString(password) {
-		w.Redirect("/forgot?error=invalid&email=%s&secret=%s", email, secret)
+		w.Redirect(subdir + "/forgot?error=invalid&email=%s&secret=%s", email, secret)
 		return
 	}
 
 	if email != config.FindInfo().Email {
-		w.Redirect("/forgot?error=invalid")
+		w.Redirect(subdir + "/forgot?error=invalid")
 		return
 	}
 
@@ -203,18 +203,18 @@ func forgotHandler(w *Web) {
 			}
 		}()
 
-		w.Redirect("/forgot?success=forgot")
+		w.Redirect(subdir + "/forgot?success=forgot")
 		return
 	}
 
 	if secret != config.FindInfo().Secret {
-		w.Redirect("/forgot?error=invalid")
+		w.Redirect(subdir + "/forgot?error=invalid")
 		return
 	}
 
 	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 	if err != nil {
-		w.Redirect("/forgot?error=bcrypt")
+		w.Redirect(subdir + "/forgot?error=bcrypt")
 		return
 	}
 	config.UpdateInfo(func(i *Info) error {
@@ -227,12 +227,12 @@ func forgotHandler(w *Web) {
 		Error(w.w, err)
 		return
 	}
-	w.Redirect("/")
+	w.Redirect(subdir)
 }
 
 func signoutHandler(w *Web) {
 	w.SignoutSession()
-	w.Redirect("/signin")
+	w.Redirect(subdir + "/signin")
 }
 
 func signinHandler(w *Web) {
@@ -246,18 +246,18 @@ func signinHandler(w *Web) {
 	passcode := w.r.FormValue("totp")
 
 	if email != config.FindInfo().Email {
-		w.Redirect("/signin?error=invalid")
+		w.Redirect(subdir + "/signin?error=invalid")
 		return
 	}
 
 	if err := bcrypt.CompareHashAndPassword(config.FindInfo().Password, []byte(password)); err != nil {
-		w.Redirect("/signin?error=invalid")
+		w.Redirect(subdir + "/signin?error=invalid")
 		return
 	}
 
 	if config.FindInfo().TotpKey != "" && !totp.Validate(passcode, config.FindInfo().TotpKey) {
 		// Totp has been configured and the provided code doesn't match
-		w.Redirect("/signin?error=invalid")
+		w.Redirect(subdir + "/signin?error=invalid")
 		return
 	}
 
@@ -266,7 +266,7 @@ func signinHandler(w *Web) {
 		return
 	}
 
-	w.Redirect("/")
+	w.Redirect(subdir)
 }
 
 func totpQRHandler(w *Web) {
@@ -277,7 +277,7 @@ func totpQRHandler(w *Web) {
 
 	if config.Info.TotpKey != "" {
 		// TOTP is already configured, don't allow the current one to be leaked
-		w.Redirect("/")
+		w.Redirect(subdir + "/")
 		return
 	}
 
@@ -322,7 +322,7 @@ func userEditHandler(w *Web) {
 	}
 
 	if w.User.ID == user.ID {
-		w.Redirect("/user/edit/%s", user.ID)
+		w.Redirect(subdir + "/user/edit/%s", user.ID)
 		return
 	}
 
@@ -333,7 +333,7 @@ func userEditHandler(w *Web) {
 		return nil
 	})
 
-	w.Redirect("/user/edit/%s?success=edituser", user.ID)
+	w.Redirect(subdir + "/user/edit/%s?success=edituser", user.ID)
 }
 
 func userDeleteHandler(w *Web) {
@@ -351,7 +351,7 @@ func userDeleteHandler(w *Web) {
 		return
 	}
 	if w.User.ID == user.ID {
-		w.Redirect("/user/edit/%s?error=deleteuser", user.ID)
+		w.Redirect(subdir + "/user/edit/%s?error=deleteuser", user.ID)
 		return
 	}
 
@@ -364,7 +364,7 @@ func userDeleteHandler(w *Web) {
 	for _, profile := range config.ListProfilesByUser(user.ID) {
 		if err := deleteProfile(profile); err != nil {
 			logger.Errorf("delete profile failed: %s", err)
-			w.Redirect("/profile/delete?error=deleteprofile")
+			w.Redirect(subdir + "/profile/delete?error=deleteprofile")
 			return
 		}
 	}
@@ -373,7 +373,7 @@ func userDeleteHandler(w *Web) {
 		Error(w.w, err)
 		return
 	}
-	w.Redirect("/?success=deleteuser")
+	w.Redirect(subdir + "?success=deleteuser")
 }
 
 func profileAddHandler(w *Web) {
@@ -391,7 +391,7 @@ func profileAddHandler(w *Web) {
 	}
 
 	if name == "" {
-		w.Redirect("/?error=profilename")
+		w.Redirect(subdir + "?error=profilename")
 		return
 	}
 
@@ -403,14 +403,14 @@ func profileAddHandler(w *Web) {
 	}
 
 	if len(config.ListProfiles()) >= maxProfiles {
-		w.Redirect("/?error=addprofile")
+		w.Redirect(subdir + "?error=addprofile")
 		return
 	}
 
 	profile, err := config.AddProfile(userID, name, platform)
 	if err != nil {
 		logger.Warn(err)
-		w.Redirect("/?error=addprofile")
+		w.Redirect(subdir + "?error=addprofile")
 		return
 	}
 
@@ -527,11 +527,11 @@ WGCLIENT
 		f, _ := os.Create("/tmp/error.txt")
 		errstr := fmt.Sprintln(err)
 		f.WriteString(errstr)
-		w.Redirect("/?error=addprofile")
+		w.Redirect(subdir + "?error=addprofile")
 		return
 	}
 
-	w.Redirect("/profile/connect/%s?success=addprofile", profile.ID)
+	w.Redirect(subdir + "/profile/connect/%s?success=addprofile", profile.ID)
 }
 
 func profileConnectHandler(w *Web) {
@@ -570,14 +570,14 @@ func profileDeleteHandler(w *Web) {
 	}
 	if err := deleteProfile(profile); err != nil {
 		logger.Errorf("delete profile failed: %s", err)
-		w.Redirect("/profile/delete?error=deleteprofile")
+		w.Redirect(subdir + "/profile/delete?error=deleteprofile")
 		return
 	}
-	if w.Admin {
-		w.Redirect("/user/edit/%s?success=deleteprofile", profile.UserID)
+	if len(profile.UserID) > 0 && w.Admin {
+		w.Redirect(subdir + "/user/edit/%s?success=deleteprofile", profile.UserID)
 		return
 	}
-	w.Redirect("/?success=deleteprofile")
+	w.Redirect(subdir + "?success=deleteprofile")
 }
 
 func indexHandler(w *Web) {
@@ -623,26 +623,26 @@ func settingsHandler(w *Web) {
 	if len(samlMetadata) > 0 {
 		if err := configureSAML(); err != nil {
 			logger.Warnf("configuring SAML failed: %s", err)
-			w.Redirect("/settings?error=saml")
+			w.Redirect(subdir + "/settings?error=saml")
 		}
 	} else {
 		samlSP = nil
 	}
 
 	if currentPassword != "" || newPassword != "" {
 		if !validPassword.MatchString(newPassword) {
-			w.Redirect("/settings?error=invalid")
+			w.Redirect(subdir + "/settings?error=invalid")
 			return
 		}
 
 		if err := bcrypt.CompareHashAndPassword(config.FindInfo().Password, []byte(currentPassword)); err != nil {
-			w.Redirect("/settings?error=invalid")
+			w.Redirect(subdir + "/settings?error=invalid")
 			return
 		}
 
 		hashedPassword, err := bcrypt.GenerateFromPassword([]byte(newPassword), bcrypt.DefaultCost)
 		if err != nil {
-			w.Redirect("/settings?error=bcrypt")
+			w.Redirect(subdir + "/settings?error=bcrypt")
 			return
 		}
 
@@ -655,24 +655,24 @@ func settingsHandler(w *Web) {
 	if resetTotp == "true" {
 		err := config.ResetTotp()
 		if err != nil {
-			w.Redirect("/settings?error=totp")
+			w.Redirect(subdir + "/settings?error=totp")
 			return
 		}
 
-		w.Redirect("/settings?success=totp")
+		w.Redirect(subdir + "/settings?success=totp")
 		return
 	}
 
 	if config.Info.TotpKey == "" && totpCode != "" {
 		if !totp.Validate(totpCode, tempTotpKey.Secret()) {
-			w.Redirect("/settings?error=totp")
+			w.Redirect(subdir + "/settings?error=totp")
 			return
 		}
 		config.Info.TotpKey = tempTotpKey.Secret()
 		config.save()
 	}
 
-	w.Redirect("/settings?success=settings")
+	w.Redirect(subdir + "/settings?success=settings")
 }
 
 func helpHandler(w *Web) {