From 490738810bd1e41e2927883cfd0e156755f87bbe Mon Sep 17 00:00:00 2001 From: Simon Martens Date: Mon, 19 Jan 2026 17:21:02 +0100 Subject: [PATCH] BUGFIX: new user creation --- controllers/user_management_access.go | 4 +-- dbmodels/queries.go | 6 ++--- middleware/authenticated.go | 39 +++++++++++++-------------- 3 files changed, 23 insertions(+), 26 deletions(-) diff --git a/controllers/user_management_access.go b/controllers/user_management_access.go index 53d57ee..b00e9cc 100644 --- a/controllers/user_management_access.go +++ b/controllers/user_management_access.go @@ -71,7 +71,7 @@ func (p *UserManagementAccessPage) GET(engine *templating.Engine, app core.App) // TODO: check if access token exists, if not generate data := make(map[string]any) data["role"] = role - data["access_url"] = "https://musenalm.de" + path_access + "?token=" + access_token.Token() + data["access_url"] = e.Request.Host + path_access + "?token=" + access_token.Token() data["relative_url"] = path_access + "?token=" + access_token.Token() data["validUntil"] = access_token.Expires().Time().Local().Format("02.01.2006 15:04") @@ -117,7 +117,7 @@ func (p *UserManagementAccessPage) POST(engine *templating.Engine, app core.App) data := make(map[string]any) data["role"] = role - data["access_url"] = "https://musenalm.de" + path_access + "?token=" + token.Token() + data["access_url"] = e.Request.Host + path_access + "?token=" + token.Token() data["relative_url"] = path_access + "?token=" + token.Token() data["validUntil"] = token.Expires().Time().Format("02.01.2006 15:04") data["csrf_token"] = req.Session().Token diff --git a/dbmodels/queries.go b/dbmodels/queries.go index 61a3874..df492fe 100644 --- a/dbmodels/queries.go +++ b/dbmodels/queries.go @@ -187,13 +187,13 @@ func Images_KeyPrefix(app core.App, prefix string) ([]*Image, error) { } func AccessTokens_Token(app core.App, token string) (*AccessToken, error) { - t := HashStringSHA256(token) - return TableByField[*AccessToken]( + ret, err := TableByField[AccessToken]( app, ACCESS_TOKENS_TABLE, ACCESS_TOKENS_TOKEN_FIELD, - t, + token, ) + return &ret, err } func Users_Email(app core.App, email string) (*User, error) { diff --git a/middleware/authenticated.go b/middleware/authenticated.go index 93fe3bd..0ed64fa 100644 --- a/middleware/authenticated.go +++ b/middleware/authenticated.go @@ -25,6 +25,24 @@ func Authenticated(app core.App) func(*core.RequestEvent) error { return e.Next() } + token := e.Request.URL.Query().Get("token") + if token != "" { + a, err := dbmodels.AccessTokens_Token(app, token) + if err != nil { + slog.Error("Failed to find access token", "token", token, "error", err) + } else { + if a.User() != "" { + u, err := dbmodels.Users_ID(app, a.User()) + if err != nil { + slog.Error("Failed to find access token user", "user", a.User(), "error", err) + } else { + e.Set("access_token_user", u.Fixed()) + } + } + e.Set("access_token", a.Fixed()) + } + } + cookie, err := e.Request.Cookie(dbmodels.SESSION_COOKIE_NAME) if err != nil { return e.Next() @@ -73,27 +91,6 @@ func Authenticated(app core.App) func(*core.RequestEvent) error { e.Set("user", user) e.Set("session", session) - token := e.Request.URL.Query().Get("token") - if token != "" { - a, err := dbmodels.AccessTokens_Token(app, token) - if err != nil { - slog.Error("Failed to find access token", "token", token, "error", err) - return e.Next() - } - - if a.User() != "" { - u, err := dbmodels.Users_ID(app, a.User()) - if err != nil { - slog.Error("Failed to find access token user", "user", a.User(), "error", err) - return e.Next() - } - - e.Set("access_token_user", u.Fixed()) - } - - e.Set("access_token", a.Fixed()) - } - return e.Next() } }