MiddlewareSession: simplify logic

handlers/middleware.go

@@ -19,86 +19,76 @@ import (
 func MiddlewareSession(next echo.HandlerFunc) echo.HandlerFunc {
 	return func(c echo.Context) error {
 		sess, _ := session.Get(setting.SessionCookieName(), c)
-		if sess == nil {
-			c.Logger().Info("No session found, unauthorised.")
 
-			// return a 404 instead of 401 to not disclose the existence of
-			// resources for unauthenticated users with no past sessions.
-			return echo.NewHTTPError(http.StatusNotFound).SetInternal(ErrNoSession)
-		}
+		var username string
 
-		uname := sess.Values["username"]
-		if uname == nil {
-			c.Logger().Debugf("%d - %s", http.StatusUnauthorized, "seassion expired or invalid")
-			// return echo.NewHTTPError(http.StatusUnauthorized).SetInternal(ErrSessionExpired)
-			return renderErrorPage(
-				c,
-				http.StatusUnauthorized,
-				http.StatusText(http.StatusUnauthorized),
-				ErrSessionExpired.Error(),
+		uname, ok := sess.Values["username"].(string)
+
+		if ok {
+			username = uname
+
+			log.Info("gorilla session", "username", username)
+
+			refreshSession(
+				sess,
+				"/",
+				// setting.SessionMaxAge,
+				86400,
+				true,
+				c.Request().URL.Scheme == "https", //nolint:goconst
+				http.SameSiteStrictMode,
 			)
+
+			if err := sess.Save(c.Request(), c.Response()); err != nil {
+				c.Logger().Error("failed to save session")
+
+				return renderErrorPage(
+					c,
+					http.StatusInternalServerError,
+					http.StatusText(http.StatusInternalServerError)+" (make sure you've got cookies enabled)",
+					err.Error(),
+				)
+			}
+
+			c.Set("sess", sess)
+
+			var u moduser.User
+
+			ctx := context.WithValue(context.Background(), moduser.CtxKey{}, slogger)
+			if usr, err := moduser.QueryUser(ctx, dbclient, username); err == nil && usr != nil {
+				u.ID = usr.ID
+				u.Username = usr.Username
+				u.IsAdmin = usr.IsAdmin
+				u.CreatedAt = usr.CreatedAt
+				u.IsActive = usr.IsActive
+				u.IsLoggedIn = true
+			} else {
+				c.Logger().Error(http.StatusText(http.StatusInternalServerError) + " - " + err.Error())
+
+				return renderErrorPage(
+					c,
+					http.StatusInternalServerError,
+					http.StatusText(http.StatusInternalServerError),
+					err.Error(),
+				)
+			}
+
+			c.Set("sloggerCtx", ctx)
+			c.Set("sessUsr", u)
+
+			return next(c)
 		}
 
-		username, ok := sess.Values["username"].(string)
-		if !ok {
-			return renderErrorPage(
-				c,
-				http.StatusUnauthorized,
-				http.StatusText(http.StatusUnauthorized),
-				"username was nil",
-			)
+		if !sess.IsNew {
+			c.Logger().Debugf("%d - %s", http.StatusUnauthorized, "you need to log in")
 		}
 
-		log.Info("gorilla session", "username", username)
-
-		refreshSession(
-			sess,
-			"/",
-			// setting.SessionMaxAge,
-			86400,
-			true,
-			c.Request().URL.Scheme == "https", //nolint:goconst
-			http.SameSiteStrictMode,
+		return renderErrorPage(
+			c,
+			http.StatusUnauthorized,
+			http.StatusText(http.StatusUnauthorized),
+			ErrNoSession.Error(),
 		)
-
-		if err := sess.Save(c.Request(), c.Response()); err != nil {
-			c.Logger().Error("failed to save session")
-
-			return renderErrorPage(
-				c,
-				http.StatusInternalServerError,
-				http.StatusText(http.StatusInternalServerError)+" (make sure you've got cookies enabled)",
-				err.Error(),
-			)
-		}
-
-		c.Set("sess", sess)
-
-		var u moduser.User
-
-		ctx := context.WithValue(context.Background(), moduser.CtxKey{}, slogger)
-		if usr, err := moduser.QueryUser(ctx, dbclient, username); err == nil && usr != nil {
-			u.ID = usr.ID
-			u.Username = usr.Username
-			u.IsAdmin = usr.IsAdmin
-			u.CreatedAt = usr.CreatedAt
-			u.IsActive = usr.IsActive
-			u.IsLoggedIn = true
-		} else {
-			c.Logger().Error(http.StatusText(http.StatusInternalServerError) + " - " + err.Error())
-
-			return renderErrorPage(
-				c,
-				http.StatusInternalServerError,
-				http.StatusText(http.StatusInternalServerError),
-				err.Error(),
-			)
-		}
-
-		c.Set("sloggerCtx", ctx)
-		c.Set("sessUsr", u)
-
-		return next(c)
 	}
 }