1 files changed, 30 insertions, 4 deletions

diff --git a/main.go b/main.go
index 1194c50..1eacfa9 100644
--- a/main.go
+++ b/main.go
@@ -24,10 +24,13 @@ var db *sql.DB
 
 const baseDocDir string = "docs"
 
+// Use uuid for session ids to prevent spoofing session cookies
 var sessionIds sync.Map
 
 type Doc struct {
 	Name string
+	Size string
+	ModTime string
 	Link string
 }
 
@@ -73,7 +76,12 @@ func checkSession(w http.ResponseWriter, r *http.Request) (*User, error) {
 		return nil, err
 	}
 	if sessionId, ok := sessionIds.Load(user.User.User); !ok || sessionId != user.SessionId {
-		return nil, errors.New("Invalid session ID")
+		http.SetCookie(w, &http.Cookie{
+			Name: "session",
+			Value: "",
+			MaxAge: -1,
+		})
+		return nil, nil
 	}
 	return &user.User, nil
 }
@@ -97,6 +105,17 @@ func sendInvalidMethod(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusMethodNotAllowed)
 }
 
+func humanize(i int64) string {
+	var sizes [4]string = [4]string {"O", "K", "M", "G"}
+	j := i
+	s := 0
+	for j > 1024 && s < len(sizes) {
+		j = j / 1024.0
+		s++
+	}
+	return fmt.Sprintf("%v%s", j, sizes[s])
+}
+
 func index(w http.ResponseWriter, r *http.Request) {
 	u, err := checkSession(w, r)
 	if u != nil && err == nil {
@@ -122,8 +141,15 @@ func index(w http.ResponseWriter, r *http.Request) {
 			return info1.ModTime().After(info2.ModTime())
 		})
 		for _, file := range files {
+			info, err := file.Info()
+			if err != nil {
+				sendError(w, r, err.Error(), http.StatusInternalServerError)
+				return
+			}
 			docs = append(docs, Doc {
 				file.Name(),
+				humanize(info.Size()),
+				info.ModTime().Format("2006-01-02"),
 				path.Join(baseDocDir, u.User, file.Name()),
 			})
 		}
@@ -138,7 +164,7 @@ func index(w http.ResponseWriter, r *http.Request) {
 		sendError(w, r, err.Error(), http.StatusInternalServerError)
 		return
 	}
-	serveTemplate(w, r, "templates/index.html", nil)
+	http.Redirect(w, r, "/login", http.StatusSeeOther)
 }
 
 func admin(w http.ResponseWriter, r *http.Request) {
@@ -319,7 +345,7 @@ func handleFileServer(dir, prefix string) http.HandlerFunc {
 				return
 			}
 		}
-		sendError(w, r, "Unauthorized", http.StatusUnauthorized)
+		http.Redirect(w, r, "/login", http.StatusSeeOther)
 	}
 }
 
@@ -357,7 +383,7 @@ func upload(w http.ResponseWriter, r *http.Request) {
 			}
 			http.Redirect(w, r, "/", http.StatusSeeOther)
 		} else {
-			sendError(w, r, "Unauthorized", http.StatusUnauthorized)
+			http.Redirect(w, r, "/login", http.StatusSeeOther)
 		}
 	default:
 		sendInvalidMethod(w, r)