feat(web): redirect to login on expired cookie (#201)

* feat(web): redirect to login on expired cookie * refactor: simplify auth wrapper
2025-07-23 08:49:13 +00:00 · 2022-03-26 19:46:16 +01:00 · 2022-03-26 19:46:16 +01:00 · 2d3ab67604
commit 2d3ab67604
parent baac92cc25
4 changed files with 25 additions and 11 deletions
--- a/internal/http/auth.go
+++ b/internal/http/auth.go
@ -35,7 +35,7 @@ func newAuthHandler(encoder encoder, config domain.Config, cookieStore *sessions
 func (h authHandler) Routes(r chi.Router) {
 	r.Post("/login", h.login)
 	r.Post("/logout", h.logout)
-	r.Get("/test", h.test)
+	r.Get("/validate", h.validate)
 }

 func (h authHandler) login(w http.ResponseWriter, r *http.Request) {
@ -91,13 +91,13 @@ func (h authHandler) logout(w http.ResponseWriter, r *http.Request) {
 	h.encoder.StatusResponse(ctx, w, nil, http.StatusNoContent)
 }

-func (h authHandler) test(w http.ResponseWriter, r *http.Request) {
+func (h authHandler) validate(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	session, _ := h.cookieStore.Get(r, "user_session")

 	// Check if user is authenticated
 	if auth, ok := session.Values["authenticated"].(bool); !ok || !auth {
-		http.Error(w, "Forbidden", http.StatusForbidden)
+		http.Error(w, "Forbidden", http.StatusUnauthorized)
 		return
 	}

--- a/internal/http/middleware.go
+++ b/internal/http/middleware.go
@ -9,7 +9,7 @@ func (s Server) IsAuthenticated(next http.Handler) http.Handler {

 		// Check if user is authenticated
 		if auth, ok := session.Values["authenticated"].(bool); !ok || !auth {
-			http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
+			http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
 			return
 		}
 		next.ServeHTTP(w, r)