redirects to login when not authorized

2021-12-10 18:56:41 +01:00 · 2021-12-10 18:56:41 +01:00 · 5f97675216
commit 5f97675216
parent 44b2dfc6d1
10 changed files with 20 additions and 20 deletions
--- a/web/handler/admin_show.go
+++ b/web/handler/admin_show.go
@ -10,11 +10,11 @@ func (h *Handler) showAdminView(w http.ResponseWriter, r *http.Request) {
 	protectClickJacking(w)
 	username, err := h.getUser(r)
 	if err != nil {
-		unauthorized(w)
+		unauthorized(w, r)
 		return
 	}
 	if username != "m15o" {
-		unauthorized(w)
+		unauthorized(w, r)
 		return
 	}
 	users, err := h.storage.InactiveUsers()
@ -31,11 +31,11 @@ func (h *Handler) activateUser(w http.ResponseWriter, r *http.Request) {
 	protectClickJacking(w)
 	username, err := h.getUser(r)
 	if err != nil {
-		unauthorized(w)
+		unauthorized(w, r)
 		return
 	}
 	if username != "m15o" {
-		unauthorized(w)
+		unauthorized(w, r)
 		return
 	}
 	name := r.URL.Query().Get("name")
@ -50,11 +50,11 @@ func (h *Handler) deleteUser(w http.ResponseWriter, r *http.Request) {
 	protectClickJacking(w)
 	username, err := h.getUser(r)
 	if err != nil {
-		unauthorized(w)
+		unauthorized(w, r)
 		return
 	}
 	if username != "m15o" {
-		unauthorized(w)
+		unauthorized(w, r)
 		return
 	}
 	name := r.URL.Query().Get("name")
--- a/web/handler/handler.go
+++ b/web/handler/handler.go
@ -19,8 +19,8 @@ func notFound(w http.ResponseWriter) {
 	http.Error(w, "Page Not Found", http.StatusNotFound)
 }

-func unauthorized(w http.ResponseWriter) {
-	http.Error(w, "Unauthorized", http.StatusUnauthorized)
+func unauthorized(w http.ResponseWriter, r *http.Request) {
+	http.Redirect(w, r, fmt.Sprintf("/login"), http.StatusFound)
 }

 type Handler struct {
--- a/web/handler/settings_show.go
+++ b/web/handler/settings_show.go
@ -6,12 +6,12 @@ func (h *Handler) showSettingsView(w http.ResponseWriter, r *http.Request) {
 	protectClickJacking(w)
 	username, err := h.getUser(r)
 	if err != nil {
-		unauthorized(w)
+		unauthorized(w, r)
 		return
 	}
 	user, err := h.storage.UserByName(username)
 	if err != nil {
-		unauthorized(w)
+		unauthorized(w, r)
 		return
 	}
 	session, err := h.sess.Store.Get(r, "status")
--- a/web/handler/settings_update.go
+++ b/web/handler/settings_update.go
@ -9,7 +9,7 @@ import (
 func (h *Handler) updateSettings(w http.ResponseWriter, r *http.Request) {
 	user, err := h.getUser(r)
 	if err != nil {
-		unauthorized(w)
+		unauthorized(w, r)
 		return
 	}
 	f := form.NewSettingsForm(r)
--- a/web/handler/status_create.go
+++ b/web/handler/status_create.go
@ -9,7 +9,7 @@ func (h *Handler) showNewStatusView(w http.ResponseWriter, r *http.Request) {
 	protectClickJacking(w)
 	_, err := h.getUser(r)
 	if err != nil {
-		unauthorized(w)
+		unauthorized(w, r)
 		return
 	}
 	h.view("create_status").Execute(w, map[string]interface{}{"status": &model.Status{}})
--- a/web/handler/status_edit.go
+++ b/web/handler/status_edit.go
@ -22,7 +22,7 @@ func (h *Handler) showEditStatusView(w http.ResponseWriter, r *http.Request) {
 	protectClickJacking(w)
 	user, err := h.getUser(r)
 	if err != nil {
-		unauthorized(w)
+		unauthorized(w, r)
 		return
 	}
 	id, err := strconv.ParseInt(r.URL.Query().Get("id"), 10, 64)
@ -36,7 +36,7 @@ func (h *Handler) showEditStatusView(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	if user != status.User {
-		unauthorized(w)
+		unauthorized(w, r)
 		return
 	}
 	session, err := h.sess.Store.Get(r, "status")
--- a/web/handler/status_remove.go
+++ b/web/handler/status_remove.go
@ -9,7 +9,7 @@ func (h *Handler) handleRemoveStatus(w http.ResponseWriter, r *http.Request) {
 	protectClickJacking(w)
 	user, err := h.getUser(r)
 	if err != nil {
-		unauthorized(w)
+		unauthorized(w, r)
 		return
 	}
 	id, err := strconv.ParseInt(r.URL.Query().Get("id"), 10, 64)
@ -23,7 +23,7 @@ func (h *Handler) handleRemoveStatus(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	if user != status.User {
-		unauthorized(w)
+		unauthorized(w, r)
 		return
 	}
 	switch r.Method {
--- a/web/handler/status_save.go
+++ b/web/handler/status_save.go
@ -9,7 +9,7 @@ import (
 func (h *Handler) saveStatus(w http.ResponseWriter, r *http.Request) {
 	user, err := h.getUser(r)
 	if err != nil {
-		unauthorized(w)
+		unauthorized(w, r)
 		return
 	}
 	f := form.NewStatusForm(r)
--- a/web/handler/status_update.go
+++ b/web/handler/status_update.go
@ -10,7 +10,7 @@ import (
 func (h *Handler) updateStatus(w http.ResponseWriter, r *http.Request) {
 	user, err := h.getUser(r)
 	if err != nil {
-		unauthorized(w)
+		unauthorized(w, r)
 		return
 	}
 	id, err := strconv.ParseInt(r.URL.Query().Get("id"), 10, 64)
@ -25,7 +25,7 @@ func (h *Handler) updateStatus(w http.ResponseWriter, r *http.Request) {
 	}

 	if user != status.User {
-		unauthorized(w)
+		unauthorized(w, r)
 		return
 	}
 	f := form.NewStatusForm(r)
--- a/web/handler/user_show.go
+++ b/web/handler/user_show.go
@ -26,7 +26,7 @@ import (
 func (h *Handler) showManageView(w http.ResponseWriter, r *http.Request) {
 	logged, err := h.sess.Get(r)
 	if err != nil {
-		unauthorized(w)
+		unauthorized(w, r)
 		return
 	}
 	var page int64 = 0