Return 403 on session denial rather than redirect
This commit is contained in:
parent
7f1ba6222d
commit
d81546658a
|
@ -57,13 +57,13 @@ func (h *Handler) SessionAuth(next http.Handler) http.Handler {
|
|||
session, err := r.Cookie("session")
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
http.Redirect(w, r, "/api/v1/auth/redirect", http.StatusTemporaryRedirect)
|
||||
http.Error(w, err.Error(), http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
user, err := h.store.SessionUser(session.Value)
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
http.Redirect(w, r, "/api/v1/auth/redirect", http.StatusTemporaryRedirect)
|
||||
http.Error(w, err.Error(), http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
ctx := context.WithValue(r.Context(), "user", user)
|
||||
|
|
Loading…
Reference in a new issue