diff --git a/server/handler/handler_admin.go b/server/handler/handler_admin.go index 26748dd..293a174 100644 --- a/server/handler/handler_admin.go +++ b/server/handler/handler_admin.go @@ -21,14 +21,14 @@ func (c *Controller) ServeLoginDo(w http.ResponseWriter, r *http.Request) { password := r.FormValue("password") if username == "" || password == "" { session.AddFlash("please provide both a username and password") - session.Save(r, w) + sessionLogSave(w, r, session) http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther) return } user := c.GetUserFromName(username) if user == nil || password != user.Password { session.AddFlash("invalid username / password") - session.Save(r, w) + sessionLogSave(w, r, session) http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther) return } @@ -36,14 +36,14 @@ func (c *Controller) ServeLoginDo(w http.ResponseWriter, r *http.Request) { // are wrapped with WithUserSession() which will get the name from the // session and put the row into the request context. session.Values["user"] = user.Name - session.Save(r, w) + sessionLogSave(w, r, session) http.Redirect(w, r, "/admin/home", http.StatusSeeOther) } func (c *Controller) ServeLogout(w http.ResponseWriter, r *http.Request) { session := r.Context().Value(contextSessionKey).(*sessions.Session) session.Options.MaxAge = -1 - session.Save(r, w) + sessionLogSave(w, r, session) http.Redirect(w, r, "/admin/login", http.StatusSeeOther) } @@ -85,7 +85,7 @@ func (c *Controller) ServeChangeOwnPasswordDo(w http.ResponseWriter, r *http.Req err := validatePasswords(passwordOne, passwordTwo) if err != nil { session.AddFlash(err.Error()) - session.Save(r, w) + sessionLogSave(w, r, session) http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther) return } @@ -109,7 +109,7 @@ func (c *Controller) ServeLinkLastFMDo(w http.ResponseWriter, r *http.Request) { session := r.Context().Value(contextSessionKey).(*sessions.Session) if err != nil { session.AddFlash(err.Error()) - session.Save(r, w) + sessionLogSave(w, r, session) http.Redirect(w, r, "/admin/home", http.StatusSeeOther) return } @@ -158,7 +158,7 @@ func (c *Controller) ServeChangePasswordDo(w http.ResponseWriter, r *http.Reques err := validatePasswords(passwordOne, passwordTwo) if err != nil { session.AddFlash(err.Error()) - session.Save(r, w) + sessionLogSave(w, r, session) http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther) return } @@ -207,7 +207,7 @@ func (c *Controller) ServeCreateUserDo(w http.ResponseWriter, r *http.Request) { err := validateUsername(username) if err != nil { session.AddFlash(err.Error()) - session.Save(r, w) + sessionLogSave(w, r, session) http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther) return } @@ -216,7 +216,7 @@ func (c *Controller) ServeCreateUserDo(w http.ResponseWriter, r *http.Request) { err = validatePasswords(passwordOne, passwordTwo) if err != nil { session.AddFlash(err.Error()) - session.Save(r, w) + sessionLogSave(w, r, session) http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther) return } @@ -229,7 +229,7 @@ func (c *Controller) ServeCreateUserDo(w http.ResponseWriter, r *http.Request) { session.AddFlash(fmt.Sprintf( "could not create user `%s`: %v", username, err, )) - session.Save(r, w) + sessionLogSave(w, r, session) http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther) return } @@ -250,7 +250,7 @@ func (c *Controller) ServeUpdateLastFMAPIKeyDo(w http.ResponseWriter, r *http.Re err := validateAPIKey(apiKey, secret) if err != nil { session.AddFlash(err.Error()) - session.Save(r, w) + sessionLogSave(w, r, session) http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther) return } diff --git a/server/handler/handler_admin_utils.go b/server/handler/handler_admin_utils.go index fb80e35..003d00f 100644 --- a/server/handler/handler_admin_utils.go +++ b/server/handler/handler_admin_utils.go @@ -1,5 +1,12 @@ package handler +import ( + "log" + "net/http" + + "github.com/gorilla/sessions" +) + func firstExisting(or string, strings ...string) string { for _, s := range strings { if s != "" { @@ -8,3 +15,9 @@ func firstExisting(or string, strings ...string) string { } return or } + +func sessionLogSave(w http.ResponseWriter, r *http.Request, s *sessions.Session) { + if err := s.Save(r, w); err != nil { + log.Printf("error saving session: %v\n", err) + } +} diff --git a/server/handler/middleware_admin.go b/server/handler/middleware_admin.go index 2e79dc8..8558edb 100644 --- a/server/handler/middleware_admin.go +++ b/server/handler/middleware_admin.go @@ -26,7 +26,7 @@ func (c *Controller) WithUserSession(next http.HandlerFunc) http.HandlerFunc { username, ok := session.Values["user"].(string) if !ok { session.AddFlash("you are not authenticated") - session.Save(r, w) + sessionLogSave(w, r, session) http.Redirect(w, r, "/admin/login", http.StatusSeeOther) return } @@ -36,7 +36,7 @@ func (c *Controller) WithUserSession(next http.HandlerFunc) http.HandlerFunc { // the username in the client's session no longer relates to a // user in the database (maybe the user was deleted) session.Options.MaxAge = -1 - session.Save(r, w) + sessionLogSave(w, r, session) http.Redirect(w, r, "/admin/login", http.StatusSeeOther) return } @@ -53,7 +53,7 @@ func (c *Controller) WithAdminSession(next http.HandlerFunc) http.HandlerFunc { user := r.Context().Value(contextUserKey).(*model.User) if !user.IsAdmin { session.AddFlash("you are not an admin") - session.Save(r, w) + sessionLogSave(w, r, session) http.Redirect(w, r, "/admin/login", http.StatusSeeOther) return } diff --git a/server/handler/respond_admin.go b/server/handler/respond_admin.go index abd1121..d109c1f 100644 --- a/server/handler/respond_admin.go +++ b/server/handler/respond_admin.go @@ -31,7 +31,7 @@ func renderTemplate(w http.ResponseWriter, r *http.Request, data = &templateData{} } data.Flashes = session.Flashes() - session.Save(r, w) + sessionLogSave(w, r, session) user, ok := r.Context().Value(contextUserKey).(*model.User) if ok { data.User = user