From 5f976752166b0b66840911b330b65735737d37ec Mon Sep 17 00:00:00 2001 From: m15o Date: Fri, 10 Dec 2021 18:56:41 +0100 Subject: [PATCH] redirects to login when not authorized --- web/handler/admin_show.go | 12 ++++++------ web/handler/handler.go | 4 ++-- web/handler/settings_show.go | 4 ++-- web/handler/settings_update.go | 2 +- web/handler/status_create.go | 2 +- web/handler/status_edit.go | 4 ++-- web/handler/status_remove.go | 4 ++-- web/handler/status_save.go | 2 +- web/handler/status_update.go | 4 ++-- web/handler/user_show.go | 2 +- 10 files changed, 20 insertions(+), 20 deletions(-) diff --git a/web/handler/admin_show.go b/web/handler/admin_show.go index 9a6655e..75dd845 100644 --- a/web/handler/admin_show.go +++ b/web/handler/admin_show.go @@ -10,11 +10,11 @@ func (h *Handler) showAdminView(w http.ResponseWriter, r *http.Request) { protectClickJacking(w) username, err := h.getUser(r) if err != nil { - unauthorized(w) + unauthorized(w, r) return } if username != "m15o" { - unauthorized(w) + unauthorized(w, r) return } users, err := h.storage.InactiveUsers() @@ -31,11 +31,11 @@ func (h *Handler) activateUser(w http.ResponseWriter, r *http.Request) { protectClickJacking(w) username, err := h.getUser(r) if err != nil { - unauthorized(w) + unauthorized(w, r) return } if username != "m15o" { - unauthorized(w) + unauthorized(w, r) return } name := r.URL.Query().Get("name") @@ -50,11 +50,11 @@ func (h *Handler) deleteUser(w http.ResponseWriter, r *http.Request) { protectClickJacking(w) username, err := h.getUser(r) if err != nil { - unauthorized(w) + unauthorized(w, r) return } if username != "m15o" { - unauthorized(w) + unauthorized(w, r) return } name := r.URL.Query().Get("name") diff --git a/web/handler/handler.go b/web/handler/handler.go index 874a794..6eaf24e 100644 --- a/web/handler/handler.go +++ b/web/handler/handler.go @@ -19,8 +19,8 @@ func notFound(w http.ResponseWriter) { http.Error(w, "Page Not Found", http.StatusNotFound) } -func unauthorized(w http.ResponseWriter) { - http.Error(w, "Unauthorized", http.StatusUnauthorized) +func unauthorized(w http.ResponseWriter, r *http.Request) { + http.Redirect(w, r, fmt.Sprintf("/login"), http.StatusFound) } type Handler struct { diff --git a/web/handler/settings_show.go b/web/handler/settings_show.go index b578c05..420c267 100644 --- a/web/handler/settings_show.go +++ b/web/handler/settings_show.go @@ -6,12 +6,12 @@ func (h *Handler) showSettingsView(w http.ResponseWriter, r *http.Request) { protectClickJacking(w) username, err := h.getUser(r) if err != nil { - unauthorized(w) + unauthorized(w, r) return } user, err := h.storage.UserByName(username) if err != nil { - unauthorized(w) + unauthorized(w, r) return } session, err := h.sess.Store.Get(r, "status") diff --git a/web/handler/settings_update.go b/web/handler/settings_update.go index c927cf6..caab6ec 100644 --- a/web/handler/settings_update.go +++ b/web/handler/settings_update.go @@ -9,7 +9,7 @@ import ( func (h *Handler) updateSettings(w http.ResponseWriter, r *http.Request) { user, err := h.getUser(r) if err != nil { - unauthorized(w) + unauthorized(w, r) return } f := form.NewSettingsForm(r) diff --git a/web/handler/status_create.go b/web/handler/status_create.go index 281f3f7..8ace2a5 100644 --- a/web/handler/status_create.go +++ b/web/handler/status_create.go @@ -9,7 +9,7 @@ func (h *Handler) showNewStatusView(w http.ResponseWriter, r *http.Request) { protectClickJacking(w) _, err := h.getUser(r) if err != nil { - unauthorized(w) + unauthorized(w, r) return } h.view("create_status").Execute(w, map[string]interface{}{"status": &model.Status{}}) diff --git a/web/handler/status_edit.go b/web/handler/status_edit.go index 7a70eff..a3c4212 100644 --- a/web/handler/status_edit.go +++ b/web/handler/status_edit.go @@ -22,7 +22,7 @@ func (h *Handler) showEditStatusView(w http.ResponseWriter, r *http.Request) { protectClickJacking(w) user, err := h.getUser(r) if err != nil { - unauthorized(w) + unauthorized(w, r) return } id, err := strconv.ParseInt(r.URL.Query().Get("id"), 10, 64) @@ -36,7 +36,7 @@ func (h *Handler) showEditStatusView(w http.ResponseWriter, r *http.Request) { return } if user != status.User { - unauthorized(w) + unauthorized(w, r) return } session, err := h.sess.Store.Get(r, "status") diff --git a/web/handler/status_remove.go b/web/handler/status_remove.go index 5c498a1..a48b6d3 100644 --- a/web/handler/status_remove.go +++ b/web/handler/status_remove.go @@ -9,7 +9,7 @@ func (h *Handler) handleRemoveStatus(w http.ResponseWriter, r *http.Request) { protectClickJacking(w) user, err := h.getUser(r) if err != nil { - unauthorized(w) + unauthorized(w, r) return } id, err := strconv.ParseInt(r.URL.Query().Get("id"), 10, 64) @@ -23,7 +23,7 @@ func (h *Handler) handleRemoveStatus(w http.ResponseWriter, r *http.Request) { return } if user != status.User { - unauthorized(w) + unauthorized(w, r) return } switch r.Method { diff --git a/web/handler/status_save.go b/web/handler/status_save.go index 2c74731..2ccfd01 100644 --- a/web/handler/status_save.go +++ b/web/handler/status_save.go @@ -9,7 +9,7 @@ import ( func (h *Handler) saveStatus(w http.ResponseWriter, r *http.Request) { user, err := h.getUser(r) if err != nil { - unauthorized(w) + unauthorized(w, r) return } f := form.NewStatusForm(r) diff --git a/web/handler/status_update.go b/web/handler/status_update.go index 6453a01..293c7db 100644 --- a/web/handler/status_update.go +++ b/web/handler/status_update.go @@ -10,7 +10,7 @@ import ( func (h *Handler) updateStatus(w http.ResponseWriter, r *http.Request) { user, err := h.getUser(r) if err != nil { - unauthorized(w) + unauthorized(w, r) return } id, err := strconv.ParseInt(r.URL.Query().Get("id"), 10, 64) @@ -25,7 +25,7 @@ func (h *Handler) updateStatus(w http.ResponseWriter, r *http.Request) { } if user != status.User { - unauthorized(w) + unauthorized(w, r) return } f := form.NewStatusForm(r) diff --git a/web/handler/user_show.go b/web/handler/user_show.go index f87fc94..78ceb98 100644 --- a/web/handler/user_show.go +++ b/web/handler/user_show.go @@ -26,7 +26,7 @@ import ( func (h *Handler) showManageView(w http.ResponseWriter, r *http.Request) { logged, err := h.sess.Get(r) if err != nil { - unauthorized(w) + unauthorized(w, r) return } var page int64 = 0