log sessions.Save()

2019-06-27 13:32:58 +01:00
parent 65bdda4cc2
commit ea9ddc71f6
4 changed files with 28 additions and 15 deletions
--- a/server/handler/handler_admin.go
+++ b/server/handler/handler_admin.go
@@ -21,14 +21,14 @@ func (c *Controller) ServeLoginDo(w http.ResponseWriter, r *http.Request) {
 	password := r.FormValue("password")
 	if username == "" || password == "" {
 		session.AddFlash("please provide both a username and password")
-		session.Save(r, w)
+		sessionLogSave(w, r, session)
 		http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther)
 		return
 	}
 	user := c.GetUserFromName(username)
 	if user == nil || password != user.Password {
 		session.AddFlash("invalid username / password")
-		session.Save(r, w)
+		sessionLogSave(w, r, session)
 		http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther)
 		return
 	}
@@ -36,14 +36,14 @@ func (c *Controller) ServeLoginDo(w http.ResponseWriter, r *http.Request) {
 	// are wrapped with WithUserSession() which will get the name from the
 	// session and put the row into the request context.
 	session.Values["user"] = user.Name
-	session.Save(r, w)
+	sessionLogSave(w, r, session)
 	http.Redirect(w, r, "/admin/home", http.StatusSeeOther)
 }

 func (c *Controller) ServeLogout(w http.ResponseWriter, r *http.Request) {
 	session := r.Context().Value(contextSessionKey).(*sessions.Session)
 	session.Options.MaxAge = -1
-	session.Save(r, w)
+	sessionLogSave(w, r, session)
 	http.Redirect(w, r, "/admin/login", http.StatusSeeOther)
 }

@@ -85,7 +85,7 @@ func (c *Controller) ServeChangeOwnPasswordDo(w http.ResponseWriter, r *http.Req
 	err := validatePasswords(passwordOne, passwordTwo)
 	if err != nil {
 		session.AddFlash(err.Error())
-		session.Save(r, w)
+		sessionLogSave(w, r, session)
 		http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther)
 		return
 	}
@@ -109,7 +109,7 @@ func (c *Controller) ServeLinkLastFMDo(w http.ResponseWriter, r *http.Request) {
 	session := r.Context().Value(contextSessionKey).(*sessions.Session)
 	if err != nil {
 		session.AddFlash(err.Error())
-		session.Save(r, w)
+		sessionLogSave(w, r, session)
 		http.Redirect(w, r, "/admin/home", http.StatusSeeOther)
 		return
 	}
@@ -158,7 +158,7 @@ func (c *Controller) ServeChangePasswordDo(w http.ResponseWriter, r *http.Reques
 	err := validatePasswords(passwordOne, passwordTwo)
 	if err != nil {
 		session.AddFlash(err.Error())
-		session.Save(r, w)
+		sessionLogSave(w, r, session)
 		http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther)
 		return
 	}
@@ -207,7 +207,7 @@ func (c *Controller) ServeCreateUserDo(w http.ResponseWriter, r *http.Request) {
 	err := validateUsername(username)
 	if err != nil {
 		session.AddFlash(err.Error())
-		session.Save(r, w)
+		sessionLogSave(w, r, session)
 		http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther)
 		return
 	}
@@ -216,7 +216,7 @@ func (c *Controller) ServeCreateUserDo(w http.ResponseWriter, r *http.Request) {
 	err = validatePasswords(passwordOne, passwordTwo)
 	if err != nil {
 		session.AddFlash(err.Error())
-		session.Save(r, w)
+		sessionLogSave(w, r, session)
 		http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther)
 		return
 	}
@@ -229,7 +229,7 @@ func (c *Controller) ServeCreateUserDo(w http.ResponseWriter, r *http.Request) {
 		session.AddFlash(fmt.Sprintf(
 			"could not create user `%s`: %v", username, err,
 		))
-		session.Save(r, w)
+		sessionLogSave(w, r, session)
 		http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther)
 		return
 	}
@@ -250,7 +250,7 @@ func (c *Controller) ServeUpdateLastFMAPIKeyDo(w http.ResponseWriter, r *http.Re
 	err := validateAPIKey(apiKey, secret)
 	if err != nil {
 		session.AddFlash(err.Error())
-		session.Save(r, w)
+		sessionLogSave(w, r, session)
 		http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther)
 		return
 	}
--- a/server/handler/handler_admin_utils.go
+++ b/server/handler/handler_admin_utils.go
@@ -1,5 +1,12 @@
 package handler

+import (
+	"log"
+	"net/http"
+
+	"github.com/gorilla/sessions"
+)
+
 func firstExisting(or string, strings ...string) string {
 	for _, s := range strings {
 		if s != "" {
@@ -8,3 +15,9 @@ func firstExisting(or string, strings ...string) string {
 	}
 	return or
 }
+
+func sessionLogSave(w http.ResponseWriter, r *http.Request, s *sessions.Session) {
+	if err := s.Save(r, w); err != nil {
+		log.Printf("error saving session: %v\n", err)
+	}
+}
--- a/server/handler/middleware_admin.go
+++ b/server/handler/middleware_admin.go
@@ -26,7 +26,7 @@ func (c *Controller) WithUserSession(next http.HandlerFunc) http.HandlerFunc {
 		username, ok := session.Values["user"].(string)
 		if !ok {
 			session.AddFlash("you are not authenticated")
-			session.Save(r, w)
+			sessionLogSave(w, r, session)
 			http.Redirect(w, r, "/admin/login", http.StatusSeeOther)
 			return
 		}
@@ -36,7 +36,7 @@ func (c *Controller) WithUserSession(next http.HandlerFunc) http.HandlerFunc {
 			// the username in the client's session no longer relates to a
 			// user in the database (maybe the user was deleted)
 			session.Options.MaxAge = -1
-			session.Save(r, w)
+			sessionLogSave(w, r, session)
 			http.Redirect(w, r, "/admin/login", http.StatusSeeOther)
 			return
 		}
@@ -53,7 +53,7 @@ func (c *Controller) WithAdminSession(next http.HandlerFunc) http.HandlerFunc {
 		user := r.Context().Value(contextUserKey).(*model.User)
 		if !user.IsAdmin {
 			session.AddFlash("you are not an admin")
-			session.Save(r, w)
+			sessionLogSave(w, r, session)
 			http.Redirect(w, r, "/admin/login", http.StatusSeeOther)
 			return
 		}
--- a/server/handler/respond_admin.go
+++ b/server/handler/respond_admin.go
@@ -31,7 +31,7 @@ func renderTemplate(w http.ResponseWriter, r *http.Request,
 		data = &templateData{}
 	}
 	data.Flashes = session.Flashes()
-	session.Save(r, w)
+	sessionLogSave(w, r, session)
 	user, ok := r.Context().Value(contextUserKey).(*model.User)
 	if ok {
 		data.User = user