Return 403 on session denial rather than redirect
This commit is contained in:
parent
7f1ba6222d
commit
d81546658a
|
@ -57,13 +57,13 @@ func (h *Handler) SessionAuth(next http.Handler) http.Handler {
|
||||||
session, err := r.Cookie("session")
|
session, err := r.Cookie("session")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
http.Redirect(w, r, "/api/v1/auth/redirect", http.StatusTemporaryRedirect)
|
http.Error(w, err.Error(), http.StatusForbidden)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
user, err := h.store.SessionUser(session.Value)
|
user, err := h.store.SessionUser(session.Value)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
http.Redirect(w, r, "/api/v1/auth/redirect", http.StatusTemporaryRedirect)
|
http.Error(w, err.Error(), http.StatusForbidden)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
ctx := context.WithValue(r.Context(), "user", user)
|
ctx := context.WithValue(r.Context(), "user", user)
|
||||||
|
|
Loading…
Reference in a new issue