Circular dependancy issue when working on hardening
This commit is contained in:
@@ -3,6 +3,7 @@ package handlers
|
||||
import (
|
||||
"html/template"
|
||||
"net/http"
|
||||
"synlotto-website/helpers"
|
||||
"synlotto-website/models"
|
||||
|
||||
"github.com/gorilla/csrf"
|
||||
@@ -15,8 +16,18 @@ func Login(w http.ResponseWriter, r *http.Request) {
|
||||
"templates/account/login.html",
|
||||
))
|
||||
|
||||
session, _ := helpers.GetSession(w, r)
|
||||
|
||||
var flash string
|
||||
if f, ok := session.Values["flash"].(string); ok {
|
||||
flash = f
|
||||
delete(session.Values, "flash")
|
||||
session.Save(r, w)
|
||||
}
|
||||
|
||||
tmpl.ExecuteTemplate(w, "layout", map[string]interface{}{
|
||||
"csrfField": csrf.TemplateField(r),
|
||||
"Flash": flash,
|
||||
})
|
||||
return
|
||||
}
|
||||
@@ -30,19 +41,30 @@ func Login(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
session, _ := GetSession(w, r)
|
||||
session.Values["user_id"] = user.Id
|
||||
session, err := helpers.GetSession(w, r)
|
||||
if err != nil {
|
||||
http.Error(w, "Session error", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
session.Options.MaxAge = -1
|
||||
session.Save(r, w)
|
||||
|
||||
newSession, _ := helpers.GetSession(w, r)
|
||||
newSession.Values["user_id"] = user.Id
|
||||
newSession.Save(r, w)
|
||||
|
||||
http.Redirect(w, r, "/", http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func Logout(w http.ResponseWriter, r *http.Request) {
|
||||
session, _ := GetSession(w, r)
|
||||
|
||||
session, _ := helpers.GetSession(w, r)
|
||||
session.Options.MaxAge = -1
|
||||
session.Save(r, w)
|
||||
|
||||
newSession, _ := helpers.GetSession(w, r)
|
||||
newSession.Values["flash"] = "You’ve been logged out"
|
||||
newSession.Save(r, w)
|
||||
|
||||
http.Redirect(w, r, "/login", http.StatusSeeOther)
|
||||
}
|
||||
|
||||
|
||||
@@ -40,7 +40,6 @@ func Home(db *sql.DB) http.HandlerFunc {
|
||||
continue
|
||||
}
|
||||
|
||||
// ✅ Add sorted ball list
|
||||
res.SortedBalls = []int{
|
||||
res.Ball1, res.Ball2, res.Ball3, res.Ball4, res.Ball5,
|
||||
}
|
||||
|
||||
@@ -3,27 +3,11 @@ package handlers
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"github.com/gorilla/sessions"
|
||||
"synlotto-website/helpers"
|
||||
)
|
||||
|
||||
var store = sessions.NewCookieStore([]byte("super-secret-key")) // ToDo: Make global
|
||||
|
||||
func init() {
|
||||
store.Options = &sessions.Options{
|
||||
Path: "/",
|
||||
MaxAge: 86400 * 1,
|
||||
HttpOnly: true,
|
||||
Secure: true,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
}
|
||||
}
|
||||
|
||||
func GetSession(w http.ResponseWriter, r *http.Request) (*sessions.Session, error) {
|
||||
return store.Get(r, "session-name")
|
||||
}
|
||||
|
||||
func GetCurrentUserID(r *http.Request) (int, bool) {
|
||||
session, err := GetSession(nil, r)
|
||||
session, err := helpers.GetSession(nil, r)
|
||||
if err != nil {
|
||||
return 0, false
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user