diff options
Diffstat (limited to 'main.go')
| -rw-r--r-- | main.go | 57 |
1 files changed, 48 insertions, 9 deletions
@@ -29,6 +29,9 @@ var db *sql.DB const baseDocDir string = "docs" +const NOTFOUND string = "Not found" +const UNAUTH string = "Unauthorized" + type Doc struct { Name string Size string @@ -213,18 +216,25 @@ func humanize(i int64) string { } func index(w http.ResponseWriter, r *http.Request) { - if r.URL.Path != "/" { - w.WriteHeader(http.StatusNotFound) - serveLogin(w, r, "Page not found") - return - } u, err := checkSession(w, r) if u != nil && err == nil { + userImpersonation := r.URL.Query().Get("user") + if r.URL.Path != "/" { + data := struct { + Msg string + UserImpersonation string + }{ + NOTFOUND, + userImpersonation, + } + w.WriteHeader(http.StatusNotFound) + serveTemplate(w, r, data, "templates/msg.html") + return + } username := u.Username if u.IsAdmin { - name := r.URL.Query().Get("user") - if name != "" { - username = name + if userImpersonation != "" { + username = userImpersonation } } userDocPath := filepath.Join(baseDocDir, username) @@ -262,7 +272,6 @@ func index(w http.ResponseWriter, r *http.Request) { }) } flasherr := consumeFlash(w, r, "error") - userImpersonation := r.URL.Query().Get("user") data := struct { Docs []Doc Error string @@ -277,6 +286,11 @@ func index(w http.ResponseWriter, r *http.Request) { } else if err != nil { log.Println(err) } + if r.URL.Path != "/" { + w.WriteHeader(http.StatusNotFound) + serveLogin(w, r, "") + return + } unauthorized(w, r) } @@ -284,6 +298,16 @@ func admin(w http.ResponseWriter, r *http.Request) { u, err := checkSession(w, r) if u != nil && err == nil && u.IsAdmin { serveTemplate(w, r, nil, "templates/admin.html") + } else if u!= nil && !u.IsAdmin { + data := struct { + Msg string + UserImpersonation string + }{ + UNAUTH, + "", + } + w.WriteHeader(http.StatusUnauthorized) + serveTemplate(w, r, data, "templates/msg.html") } else if err != nil { //sendError(w, r, err.Error(), http.StatusInternalServerError) log.Println(err) @@ -308,6 +332,16 @@ func adminUsers(w http.ResponseWriter, r *http.Request) { users, "", }, "templates/admin/users.html") + } else if u!= nil && !u.IsAdmin { + data := struct { + Msg string + UserImpersonation string + }{ + UNAUTH, + "", + } + w.WriteHeader(http.StatusUnauthorized) + serveTemplate(w, r, data, "templates/msg.html") } else if err != nil { //sendError(w, r, err.Error(), http.StatusInternalServerError) log.Println(err) @@ -410,6 +444,11 @@ func logout(w http.ResponseWriter, r *http.Request) { } func login(w http.ResponseWriter, r *http.Request) { + u, err := checkSession(w, r) + if u != nil && err == nil { + http.Redirect(w, r, "/", http.StatusSeeOther) + return + } switch r.Method { case http.MethodGet: serveLogin(w, r, "") |