arch/minecraft-server-invites
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Return 403 on session denial rather than redirect

Browse source
This commit is contained in:
Gabriel Simmer 2022-07-05 18:15:34 +01:00
parent 7f1ba6222d
commit d81546658a
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
transport/http.go
View file

@ -57,13 +57,13 @@ func (h *Handler) SessionAuth(next http.Handler) http.Handler {
session, err := r.Cookie("session")
if err != nil {
log.Println(err)
http.Redirect(w, r, "/api/v1/auth/redirect", http.StatusTemporaryRedirect)
http.Error(w, err.Error(), http.StatusForbidden)
return
}
user, err := h.store.SessionUser(session.Value)
if err != nil {
log.Println(err)
http.Redirect(w, r, "/api/v1/auth/redirect", http.StatusTemporaryRedirect)
http.Error(w, err.Error(), http.StatusForbidden)
return
}
ctx := context.WithValue(r.Context(), "user", user)