redirects to login when not authorized
This commit is contained in:
m15o
parent
44b2dfc6d1
commit
5f97675216
10 changed files with 20 additions and 20 deletions
|
|
@ -10,11 +10,11 @@ func (h *Handler) showAdminView(w http.ResponseWriter, r *http.Request) {
|
||||||
protectClickJacking(w)
|
protectClickJacking(w)
|
||||||
username, err := h.getUser(r)
|
username, err := h.getUser(r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
unauthorized(w)
|
unauthorized(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if username != "m15o" {
|
if username != "m15o" {
|
||||||
unauthorized(w)
|
unauthorized(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
users, err := h.storage.InactiveUsers()
|
users, err := h.storage.InactiveUsers()
|
||||||
|
|
@ -31,11 +31,11 @@ func (h *Handler) activateUser(w http.ResponseWriter, r *http.Request) {
|
||||||
protectClickJacking(w)
|
protectClickJacking(w)
|
||||||
username, err := h.getUser(r)
|
username, err := h.getUser(r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
unauthorized(w)
|
unauthorized(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if username != "m15o" {
|
if username != "m15o" {
|
||||||
unauthorized(w)
|
unauthorized(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
name := r.URL.Query().Get("name")
|
name := r.URL.Query().Get("name")
|
||||||
|
|
@ -50,11 +50,11 @@ func (h *Handler) deleteUser(w http.ResponseWriter, r *http.Request) {
|
||||||
protectClickJacking(w)
|
protectClickJacking(w)
|
||||||
username, err := h.getUser(r)
|
username, err := h.getUser(r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
unauthorized(w)
|
unauthorized(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if username != "m15o" {
|
if username != "m15o" {
|
||||||
unauthorized(w)
|
unauthorized(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
name := r.URL.Query().Get("name")
|
name := r.URL.Query().Get("name")
|
||||||
|
|
|
||||||
|
|
@ -19,8 +19,8 @@ func notFound(w http.ResponseWriter) {
|
||||||
http.Error(w, "Page Not Found", http.StatusNotFound)
|
http.Error(w, "Page Not Found", http.StatusNotFound)
|
||||||
}
|
}
|
||||||
|
|
||||||
func unauthorized(w http.ResponseWriter) {
|
func unauthorized(w http.ResponseWriter, r *http.Request) {
|
||||||
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
http.Redirect(w, r, fmt.Sprintf("/login"), http.StatusFound)
|
||||||
}
|
}
|
||||||
|
|
||||||
type Handler struct {
|
type Handler struct {
|
||||||
|
|
|
||||||
|
|
@ -6,12 +6,12 @@ func (h *Handler) showSettingsView(w http.ResponseWriter, r *http.Request) {
|
||||||
protectClickJacking(w)
|
protectClickJacking(w)
|
||||||
username, err := h.getUser(r)
|
username, err := h.getUser(r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
unauthorized(w)
|
unauthorized(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
user, err := h.storage.UserByName(username)
|
user, err := h.storage.UserByName(username)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
unauthorized(w)
|
unauthorized(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
session, err := h.sess.Store.Get(r, "status")
|
session, err := h.sess.Store.Get(r, "status")
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ import (
|
||||||
func (h *Handler) updateSettings(w http.ResponseWriter, r *http.Request) {
|
func (h *Handler) updateSettings(w http.ResponseWriter, r *http.Request) {
|
||||||
user, err := h.getUser(r)
|
user, err := h.getUser(r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
unauthorized(w)
|
unauthorized(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
f := form.NewSettingsForm(r)
|
f := form.NewSettingsForm(r)
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ func (h *Handler) showNewStatusView(w http.ResponseWriter, r *http.Request) {
|
||||||
protectClickJacking(w)
|
protectClickJacking(w)
|
||||||
_, err := h.getUser(r)
|
_, err := h.getUser(r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
unauthorized(w)
|
unauthorized(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
h.view("create_status").Execute(w, map[string]interface{}{"status": &model.Status{}})
|
h.view("create_status").Execute(w, map[string]interface{}{"status": &model.Status{}})
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,7 @@ func (h *Handler) showEditStatusView(w http.ResponseWriter, r *http.Request) {
|
||||||
protectClickJacking(w)
|
protectClickJacking(w)
|
||||||
user, err := h.getUser(r)
|
user, err := h.getUser(r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
unauthorized(w)
|
unauthorized(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
id, err := strconv.ParseInt(r.URL.Query().Get("id"), 10, 64)
|
id, err := strconv.ParseInt(r.URL.Query().Get("id"), 10, 64)
|
||||||
|
|
@ -36,7 +36,7 @@ func (h *Handler) showEditStatusView(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if user != status.User {
|
if user != status.User {
|
||||||
unauthorized(w)
|
unauthorized(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
session, err := h.sess.Store.Get(r, "status")
|
session, err := h.sess.Store.Get(r, "status")
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ func (h *Handler) handleRemoveStatus(w http.ResponseWriter, r *http.Request) {
|
||||||
protectClickJacking(w)
|
protectClickJacking(w)
|
||||||
user, err := h.getUser(r)
|
user, err := h.getUser(r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
unauthorized(w)
|
unauthorized(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
id, err := strconv.ParseInt(r.URL.Query().Get("id"), 10, 64)
|
id, err := strconv.ParseInt(r.URL.Query().Get("id"), 10, 64)
|
||||||
|
|
@ -23,7 +23,7 @@ func (h *Handler) handleRemoveStatus(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if user != status.User {
|
if user != status.User {
|
||||||
unauthorized(w)
|
unauthorized(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
switch r.Method {
|
switch r.Method {
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ import (
|
||||||
func (h *Handler) saveStatus(w http.ResponseWriter, r *http.Request) {
|
func (h *Handler) saveStatus(w http.ResponseWriter, r *http.Request) {
|
||||||
user, err := h.getUser(r)
|
user, err := h.getUser(r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
unauthorized(w)
|
unauthorized(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
f := form.NewStatusForm(r)
|
f := form.NewStatusForm(r)
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ import (
|
||||||
func (h *Handler) updateStatus(w http.ResponseWriter, r *http.Request) {
|
func (h *Handler) updateStatus(w http.ResponseWriter, r *http.Request) {
|
||||||
user, err := h.getUser(r)
|
user, err := h.getUser(r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
unauthorized(w)
|
unauthorized(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
id, err := strconv.ParseInt(r.URL.Query().Get("id"), 10, 64)
|
id, err := strconv.ParseInt(r.URL.Query().Get("id"), 10, 64)
|
||||||
|
|
@ -25,7 +25,7 @@ func (h *Handler) updateStatus(w http.ResponseWriter, r *http.Request) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if user != status.User {
|
if user != status.User {
|
||||||
unauthorized(w)
|
unauthorized(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
f := form.NewStatusForm(r)
|
f := form.NewStatusForm(r)
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,7 @@ import (
|
||||||
func (h *Handler) showManageView(w http.ResponseWriter, r *http.Request) {
|
func (h *Handler) showManageView(w http.ResponseWriter, r *http.Request) {
|
||||||
logged, err := h.sess.Get(r)
|
logged, err := h.sess.Get(r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
unauthorized(w)
|
unauthorized(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
var page int64 = 0
|
var page int64 = 0
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue