fixed viewing invisible releases with admin session
This commit is contained in:
parent
1efe52a8cb
commit
70825ae875
GPG key ID:
CF99829C92678188
5 changed files with 46 additions and 36 deletions
|
|
@ -2,6 +2,10 @@ package controller
|
|||
|
||||
import (
|
||||
"database/sql"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"arimelody-web/model"
|
||||
|
|
@ -11,6 +15,30 @@ import (
|
|||
|
||||
const TOKEN_LEN = 64
|
||||
|
||||
func GetSessionFromRequest(db *sqlx.DB, r *http.Request) (*model.Session, error) {
|
||||
sessionCookie, err := r.Cookie(model.COOKIE_TOKEN)
|
||||
if err != nil && err != http.ErrNoCookie {
|
||||
return nil, errors.New(fmt.Sprintf("Failed to retrieve session cookie: %v", err))
|
||||
}
|
||||
|
||||
var session *model.Session
|
||||
|
||||
if sessionCookie != nil {
|
||||
// fetch existing session
|
||||
session, err = GetSession(db, sessionCookie.Value)
|
||||
|
||||
if err != nil && !strings.Contains(err.Error(), "no rows") {
|
||||
return nil, errors.New(fmt.Sprintf("Failed to retrieve session: %v", err))
|
||||
}
|
||||
|
||||
if session != nil {
|
||||
// TODO: consider running security checks here (i.e. user agent mismatches)
|
||||
}
|
||||
}
|
||||
|
||||
return session, nil
|
||||
}
|
||||
|
||||
func CreateSession(db *sqlx.DB, userAgent string) (*model.Session, error) {
|
||||
tokenString := GenerateAlnumString(TOKEN_LEN)
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue