SynLotto/website
1
0
Fork 0
Code Issues 19 Pull Requests Actions Packages Projects 5 Releases Wiki Activity

Massive refactor!

Browse Source
This commit is contained in:
Ross Healy
2025-04-22 23:26:11 +01:00
parent 05bb05d45c
commit 5c3a847900
42 changed files with 597 additions and 301 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
storage/admin.go
View File

@@ -5,16 +5,18 @@ import (
"log"
"net/http"
"synlotto-website/helpers"
securityHelpers "synlotto-website/helpers/security"
templateHelpers "synlotto-website/helpers/template"
"synlotto-website/middleware"
)
func AdminOnly(db *sql.DB, next http.HandlerFunc) http.HandlerFunc {
return middleware.Auth(true)(func(w http.ResponseWriter, r *http.Request) {
userID, ok := helpers.GetCurrentUserID(r)
if !ok || !helpers.IsAdmin(db, userID) {
userID, ok := securityHelpers.GetCurrentUserID(r)
if !ok || !securityHelpers.IsAdmin(db, userID) {
log.Printf("⛔️ Unauthorized admin attempt: user_id=%v, IP=%s, Path=%s", userID, r.RemoteAddr, r.URL.Path)
helpers.RenderError(w, r, http.StatusForbidden)
templateHelpers.RenderError(w, r, http.StatusForbidden)
return
}
@@ -36,5 +38,3 @@ func AdminOnly(db *sql.DB, next http.HandlerFunc) http.HandlerFunc {
next(w, r)
})
}
// ToDo need to look into audit/access log tables and consolidate