Restrict authenticated requests to /~~ and /~/as paths

base/arvo/eyre.hoon

@@ -422,7 +422,7 @@
       =.  p.p.pul  |(p.p.pul ?=(hoke r.p.pul))
       =+  her=(host-to-ship r.p.pul)
       ?:  |(?=(~ her) =(our u.her))
-        (handle pul q.+.kyz [p.heq maf s.heq])
+        (handle pul [q.+.kyz anon] [p.heq maf s.heq])
       =+  han=(sham hen)
       =.  pox  (~(put by pox) han hen)
       (ames-gram u.her [%get ~] han +.kyz)
@@ -671,7 +671,7 @@
   ::
   ++  handle
     |=  $:  [hat=hart pok=pork quy=quay]                ::  purl, parsed url
-            cip=clip                                    ::  client ip
+            [cip=clip him=ship]                         ::  client ip, ship
             [mef=meth maf=math bod=(unit octs)]         ::  method/headers/body
         ==
     =<  apex
@@ -930,8 +930,7 @@
           %mess
         :-  %|
         =^  orx  ..ya   ?:(is-anon new-view:for-client [(need grab-oryx) ..ya])
-        =+  vew=(ire-ix (oryx-to-ixor orx))
-        =+  [him=him.vew cay=[%json !>(`json`s.hem)]]
+        =+  [vew=(ire-ix (oryx-to-ixor orx)) cay=[%json !>(`json`s.hem)]]
         ?:  ?=(%json q.hem)  ((teba new-mess.vew) p.hem r.hem cay)
         %+  pass-note  [%to (oryx-to-ixor orx) (scot %p p.p.hem) q.p.hem r.hem]
         (ford-req root-beak [%cast q.hem %done ~ cay])
@@ -989,7 +988,7 @@
           %get
         ~|  aute/ham
         ?:  |(=(anon him.ham) (~(has in aut.yac) him.ham))
-          process(pok rem.ham, ..ya abet.yac(him him.ham))
+          process(him him.ham, pok rem.ham)
         ?.  =(our him.ham)
           [%| ((teba foreign-auth.yac) him.ham hat rem.ham quy)]
         (show-login-page ~)
@@ -1028,7 +1027,7 @@
         (new-ya (rsh 3 1 (scot %p (end 6 1 ney))))
       ~|  bad-cookie/u.lig
       =+  cyz=(~(got by wup) u.lig)
-      ~(. ya u.lig cyz(cug ~))
+      ~(. ya u.lig cyz(him him, cug ~))
     ::
     ++  new-ya  |=(ses=hole ~(. ya ses (new-cyst ses)))
     ++  new-cyst