adyxax/tfstated
1
0
Fork 0
Code Issues 43 Pull requests Releases Packages Wiki Activity Actions

chore(webui): rewrite the web session code again while preparing for csrf tokens
All checks were successful
main / main (push) Successful in 7m12s
Details
main / publish (push) Has been skipped
Details
main / deploy (push) Has been skipped
Details

Browse source 
#60
This commit is contained in:
Julien Dessaux 2025-04-30 22:31:25 +02:00
parent 3bb5e735c6
commit 895615ad6e
Signed by: adyxax
GPG key ID: F92E51B86E07177E
20 changed files with 162 additions and 149 deletions
Download patch file Download diff file Expand all files Collapse all files

13
pkg/webui/admin.go
View file

@ -4,21 +4,14 @@ import (
"fmt"
"net/http"
"git.adyxax.org/adyxax/tfstated/pkg/database"
"git.adyxax.org/adyxax/tfstated/pkg/model"
)
func adminMiddleware(db *database.DB, requireLogin func(http.Handler) http.Handler) func(http.Handler) http.Handler {
func adminMiddleware(requireLogin func(http.Handler) http.Handler) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return requireLogin(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
account := r.Context().Value(model.AccountContextKey{})
if account == nil {
// this could happen if the account was deleted in the short
// time between retrieving the session and here
http.Redirect(w, r, "/login", http.StatusFound)
return
}
if !account.(*model.Account).IsAdmin {
session := r.Context().Value(model.SessionContextKey{}).(*model.Session)
if !session.Data.Account.IsAdmin {
errorResponse(w, r, http.StatusForbidden, fmt.Errorf("Only administrators can perform this request."))
return
}