fixed viewing invisible releases with admin session

2025-01-27 00:27:03 +00:00 · 2025-01-27 00:27:03 +00:00 · 70825ae875
commit 70825ae875
parent 1efe52a8cb
5 changed files with 46 additions and 36 deletions
--- a/admin/http.go
+++ b/admin/http.go
@ -477,30 +477,13 @@ func staticHandler() http.Handler {

 func enforceSession(app *model.AppState, next http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-        sessionCookie, err := r.Cookie(model.COOKIE_TOKEN)
-        if err != nil && err != http.ErrNoCookie {
-            fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session cookie: %v\n", err)
+        session, err := controller.GetSessionFromRequest(app.DB, r)
+        if err != nil {
+            fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session: %v\n", err)
            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
            return
        }

-        var session *model.Session
-
-        if sessionCookie != nil {
-            // fetch existing session
-            session, err = controller.GetSession(app.DB, sessionCookie.Value)
-
-            if err != nil && !strings.Contains(err.Error(), "no rows") {
-                fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session: %v\n", err)
-                http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-                return
-            }
-
-            if session != nil {
-                // TODO: consider running security checks here (i.e. user agent mismatches)
-            }
-        }
-
        if session == nil {
            // create a new session
            session, err = controller.CreateSession(app.DB, r.UserAgent())