2 files changed, 45 insertions, 23 deletions

diff --git a/imgs.go b/imgs.go
index 4ee448b..4e614e9 100644
--- a/imgs.go
+++ b/imgs.go
@@ -102,8 +102,7 @@ func imgs(w http.ResponseWriter, r *http.Request) {
 	} else if err != nil {
 		log.Println(err)
 	}
-	sendFlash(w, r, "redirect", r.URL.String())
-	http.Redirect(w, r, "/login", http.StatusSeeOther)
+	unauthorized(w, r)
 }
 
 func extractImgsGlob(userDocPath string) ([]Doc, error) {
diff --git a/main.go b/main.go
index 8992fd2..9105e84 100644
--- a/main.go
+++ b/main.go
@@ -171,6 +171,25 @@ func sendError(w http.ResponseWriter, r *http.Request, s string, status int) {
 	//}
 }
 
+func serveLogin(w http.ResponseWriter, r *http.Request, errorMsg string) {
+	err := errorMsg
+	if errorMsg == "" {
+		err = consumeFlash(w, r, "error")
+	}
+	data := struct {
+		Error string
+	}{
+		err,
+	}
+	serveTemplate(w, r, data, "templates/login.html")
+}
+
+func unauthorized(w http.ResponseWriter, r *http.Request) {
+	sendFlash(w, r, "redirect", r.URL.String())
+	w.WriteHeader(http.StatusUnauthorized)
+	serveLogin(w, r, "")
+}
+
 func sendInvalidMethod(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusMethodNotAllowed)
 }
@@ -187,6 +206,11 @@ func humanize(i int64) string {
 }
 
 func index(w http.ResponseWriter, r *http.Request) {
+	if r.URL.Path != "/" {
+		w.WriteHeader(http.StatusNotFound)
+		serveLogin(w, r, "Page not found")
+		return
+	}
 	u, err := checkSession(w, r)
 	if u != nil && err == nil {
 		username := u.Username
@@ -246,8 +270,7 @@ func index(w http.ResponseWriter, r *http.Request) {
 	} else if err != nil {
 		log.Println(err)
 	}
-	sendFlash(w, r, "redirect", r.URL.String())
-	http.Redirect(w, r, "/login", http.StatusSeeOther)
+	unauthorized(w, r)
 }
 
 func admin(w http.ResponseWriter, r *http.Request) {
@@ -255,9 +278,11 @@ func admin(w http.ResponseWriter, r *http.Request) {
 	if u != nil && err == nil && u.IsAdmin {
 		serveTemplate(w, r, nil, "templates/admin.html")
 	} else if err != nil {
-		sendError(w, r, err.Error(), http.StatusInternalServerError)
+		//sendError(w, r, err.Error(), http.StatusInternalServerError)
+		log.Println(err)
+		unauthorized(w, r)
 	} else {
-		sendError(w, r, "Unauthorized", http.StatusUnauthorized)
+		unauthorized(w, r)
 	}
 }
 
@@ -271,13 +296,18 @@ func adminUsers(w http.ResponseWriter, r *http.Request) {
 		}
 		serveTemplate(w, r, struct {
 			Users []User
+			UserImpersonation string
 		}{
 			users,
+			"",
 		}, "templates/admin/users.html")
 	} else if err != nil {
-		sendError(w, r, err.Error(), http.StatusInternalServerError)
+		//sendError(w, r, err.Error(), http.StatusInternalServerError)
+		log.Println(err)
+		unauthorized(w, r)
 	} else {
-		sendError(w, r, "Unauthorized", http.StatusUnauthorized)
+		//sendError(w, r, "Unauthorized", http.StatusUnauthorized)
+		unauthorized(w, r)
 	}
 }
 
@@ -365,7 +395,7 @@ func logout(w http.ResponseWriter, r *http.Request) {
 				MaxAge: -1,
 			})
 		}
-		http.Redirect(w, r, "/", http.StatusSeeOther)
+		http.Redirect(w, r, "/login", http.StatusSeeOther)
 	default:
 		sendInvalidMethod(w, r)
 	}
@@ -374,27 +404,20 @@ func logout(w http.ResponseWriter, r *http.Request) {
 func login(w http.ResponseWriter, r *http.Request) {
 	switch r.Method {
 	case http.MethodGet:
-		err := consumeFlash(w, r, "error")
-		data := struct {
-			Error string
-		}{
-			err,
-		}
-		serveTemplate(w, r, data, "templates/login.html")
+		serveLogin(w, r, "")
 	case http.MethodPost:
 		u := r.FormValue("user")
 		pass := r.FormValue("pass")
 		user, err := CheckUserPass(db, User{-1, u, "", pass, false})
 		if err != nil {
-			sendFlash(w, r, "error", fmt.Sprintf("Incorrect login credentials"))
-			http.Redirect(w, r, "/login", http.StatusSeeOther)
+			w.WriteHeader(http.StatusForbidden)
+			serveLogin(w, r, "Incorrect login credentials")
 			return
 		}
 		user.Pass = ""
 		jsonData, err := json.Marshal(user)
 		if err != nil {
-			sendFlash(w, r, "error", err.Error())
-			http.Redirect(w, r, "/login", http.StatusSeeOther)
+			sendError(w, r, err.Error(), http.StatusInternalServerError)
 			return
 		}
 		ciphertext := encrypt(jsonData)
@@ -429,7 +452,7 @@ func handleFileServer(dir, prefix string) http.HandlerFunc {
 				return
 			}
 		}
-		http.Redirect(w, r, "/login", http.StatusSeeOther)
+		unauthorized(w, r)
 	}
 }
 
@@ -499,7 +522,7 @@ func download(w http.ResponseWriter, r *http.Request) {
 			sendInvalidMethod(w, r)
 		}
 	} else {
-		http.Redirect(w, r, "/login", http.StatusSeeOther)
+		unauthorized(w, r)
 	}
 }
 
@@ -550,7 +573,7 @@ func upload(w http.ResponseWriter, r *http.Request) {
 				http.Redirect(w, r, "/", http.StatusSeeOther)
 			}
 		} else {
-			http.Redirect(w, r, "/login", http.StatusSeeOther)
+			unauthorized(w, r)
 		}
 	default:
 		sendInvalidMethod(w, r)