From c00645432b7cf86713e28730648af94a1e1b47f7 Mon Sep 17 00:00:00 2001
From: Jason Streifling <jason@streifling.com>
Date: Fri, 4 Oct 2024 10:35:32 +0200
Subject: [PATCH] Correctly handle errors from getSession

---
 cmd/frontend/articles.go | 30 ++++++++++++++++++++++++++++++
 cmd/frontend/issues.go   |  4 ++++
 cmd/frontend/pdf.go      |  2 ++
 cmd/frontend/sessions.go | 11 ++++++++++-
 cmd/frontend/tags.go     |  4 ++++
 cmd/frontend/users.go    | 16 ++++++++++++++++
 6 files changed, 66 insertions(+), 1 deletion(-)

diff --git a/cmd/frontend/articles.go b/cmd/frontend/articles.go
index 5653ef2..f376399 100644
--- a/cmd/frontend/articles.go
+++ b/cmd/frontend/articles.go
@@ -33,6 +33,8 @@ func WriteArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		session, err := getSession(w, r, c, s)
 		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -64,6 +66,8 @@ func SubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		session, err := getSession(w, r, c, s)
 		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -136,6 +140,8 @@ func ResubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		session, err := getSession(w, r, c, s)
 		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -198,6 +204,8 @@ func ResubmitArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 func ShowUnpublishedUnrejectedAndPublishedRejectedArticles(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		if _, err := getSession(w, r, c, s); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -241,6 +249,8 @@ func ShowRejectedArticles(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerF
 	return func(w http.ResponseWriter, r *http.Request) {
 		session, err := getSession(w, r, c, s)
 		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -276,6 +286,8 @@ func ShowRejectedArticles(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerF
 func ReviewRejectedArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		if _, err := getSession(w, r, c, s); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -337,6 +349,8 @@ func PublishArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		session, err := getSession(w, r, c, s)
 		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -426,6 +440,8 @@ func RejectArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		session, err := getSession(w, r, c, s)
 		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -455,6 +471,8 @@ func RejectArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 func ShowCurrentArticles(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		if _, err := getSession(w, r, c, s); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -477,6 +495,8 @@ func ShowCurrentArticles(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFu
 func UploadArticleImage(c *b.Config, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		if _, err := getSession(w, r, c, s); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -504,6 +524,8 @@ func UploadArticleImage(c *b.Config, s *b.CookieStore) http.HandlerFunc {
 func ShowPublishedArticles(c *b.Config, db *b.DB, s *b.CookieStore, action string) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		if _, err := getSession(w, r, c, s); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -539,6 +561,8 @@ func ShowPublishedArticles(c *b.Config, db *b.DB, s *b.CookieStore, action strin
 func ReviewArticle(c *b.Config, db *b.DB, s *b.CookieStore, action, title, button string) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		if _, err := getSession(w, r, c, s); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -615,6 +639,8 @@ func DeleteArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		session, err := getSession(w, r, c, s)
 		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -663,6 +689,8 @@ func AllowEditArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc
 	return func(w http.ResponseWriter, r *http.Request) {
 		session, err := getSession(w, r, c, s)
 		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -718,6 +746,8 @@ func AllowEditArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc
 func EditArticle(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		if _, err := getSession(w, r, c, s); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
diff --git a/cmd/frontend/issues.go b/cmd/frontend/issues.go
index 2ae6cbd..bc37616 100644
--- a/cmd/frontend/issues.go
+++ b/cmd/frontend/issues.go
@@ -17,6 +17,8 @@ func PublishLatestIssue(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFun
 	return func(w http.ResponseWriter, r *http.Request) {
 		session, err := getSession(w, r, c, s)
 		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -144,6 +146,8 @@ func UploadIssueImage(c *b.Config, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		session, err := getSession(w, r, c, s)
 		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
diff --git a/cmd/frontend/pdf.go b/cmd/frontend/pdf.go
index ac9176a..5c22204 100644
--- a/cmd/frontend/pdf.go
+++ b/cmd/frontend/pdf.go
@@ -15,6 +15,8 @@ import (
 func UploadPDF(c *b.Config, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		if _, err := getSession(w, r, c, s); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
diff --git a/cmd/frontend/sessions.go b/cmd/frontend/sessions.go
index e204a76..f698564 100644
--- a/cmd/frontend/sessions.go
+++ b/cmd/frontend/sessions.go
@@ -67,7 +67,12 @@ func HomePage(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 				return
 			}
 		} else {
-			session, _ := s.Get(r, "cookie")
+			session, err := getSession(w, r, c, s)
+			if err != nil {
+				log.Println(err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
 			if auth, ok := session.Values["authenticated"].(bool); auth && ok {
 				files[1] = c.WebDir + "/templates/hub.html"
 				tmpl, err := template.ParseFiles(files...)
@@ -132,6 +137,8 @@ func Logout(c *b.Config, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		session, err := getSession(w, r, c, s)
 		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -155,6 +162,8 @@ func ShowHub(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		session, err := getSession(w, r, c, s)
 		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
diff --git a/cmd/frontend/tags.go b/cmd/frontend/tags.go
index d3ad6a6..d7235e5 100644
--- a/cmd/frontend/tags.go
+++ b/cmd/frontend/tags.go
@@ -11,6 +11,8 @@ import (
 func CreateTag(c *b.Config, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		if _, err := getSession(w, r, c, s); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -27,6 +29,8 @@ func AddTag(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		session, err := getSession(w, r, c, s)
 		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
diff --git a/cmd/frontend/users.go b/cmd/frontend/users.go
index fba214f..36a2780 100644
--- a/cmd/frontend/users.go
+++ b/cmd/frontend/users.go
@@ -33,6 +33,8 @@ func checkUserStrings(user *b.User) (string, int, bool) {
 func CreateUser(c *b.Config, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		if _, err := getSession(w, r, c, s); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -49,6 +51,8 @@ func AddUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		session, err := getSession(w, r, c, s)
 		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -137,6 +141,8 @@ func EditSelf(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		session, err := getSession(w, r, c, s)
 		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -160,6 +166,8 @@ func UpdateSelf(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		session, err := getSession(w, r, c, s)
 		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -342,6 +350,8 @@ func ShowAllUsers(c *b.Config, db *b.DB, s *b.CookieStore, action string) http.H
 	return func(w http.ResponseWriter, r *http.Request) {
 		session, err := getSession(w, r, c, s)
 		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -371,6 +381,8 @@ func ShowAllUsers(c *b.Config, db *b.DB, s *b.CookieStore, action string) http.H
 func EditUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		if _, err := getSession(w, r, c, s); err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -401,6 +413,8 @@ func UpdateUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		session, err := getSession(w, r, c, s)
 		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -503,6 +517,8 @@ func DeleteUser(c *b.Config, db *b.DB, s *b.CookieStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		session, err := getSession(w, r, c, s)
 		if err != nil {
+			log.Println(err)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}