From 2d7e2e379ba8e365d5f9871bf6d359b10aca970f Mon Sep 17 00:00:00 2001
From: sentriz <senan@senan.xyz>
Date: Thu, 25 Apr 2019 14:40:35 +0100
Subject: [PATCH] ensure user in session exists

---
 handler/middleware.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/handler/middleware.go b/handler/middleware.go
index f571143..94822a7 100644
--- a/handler/middleware.go
+++ b/handler/middleware.go
@@ -123,6 +123,14 @@ func (c *Controller) WithUserSession(next http.HandlerFunc) http.HandlerFunc {
 		}
 		// take username from sesion and add the user row
 		user := c.GetUserFromName(username)
+		if user.ID == 0 {
+			// the username in the client's session no longer relates to a
+			// user in the database (maybe the user was deleted)
+			session.Options.MaxAge = -1
+			session.Save(r, w)
+			http.Redirect(w, r, "/admin/login", http.StatusSeeOther)
+			return
+		}
 		withUser := context.WithValue(r.Context(), "user", user)
 		next.ServeHTTP(w, r.WithContext(withUser))
 	}