pcmt/handlers/logout.go
surtur 536b5909c8
All checks were successful
continuous-integration/drone/push Build is passing
go,tmpl: use CSRF token in relevant places
2023-08-05 21:43:45 +02:00

66 lines
1.3 KiB
Go

// Copyright 2023 wanderer <a_mirre at utb dot cz>
// SPDX-License-Identifier: AGPL-3.0-only
package handlers
import (
"net/http"
"github.com/labstack/echo-contrib/session"
"github.com/labstack/echo/v4"
)
func Logout() echo.HandlerFunc {
return func(c echo.Context) error {
addHeaders(c)
csrf := c.Get("csrf").(string)
switch {
case c.Request().Method == "POST":
sess, _ := session.Get(setting.SessionCookieName(), c)
if sess != nil {
log.Infof("max-age before logout: %d", sess.Options.MaxAge)
sess.Options.MaxAge = -1
if username := sess.Values["username"]; username != nil {
sess.Values["username"] = ""
}
err := sess.Save(c.Request(), c.Response())
if err != nil {
c.Logger().Error("could not delete session cookie")
}
}
return c.Redirect(http.StatusMovedPermanently, "/logout")
case c.Request().Method == "GET":
err := c.Render(
http.StatusOK,
"logout.tmpl",
page{
AppName: setting.AppName(),
AppVer: appver,
Title: "Logout",
CSRF: csrf,
DevelMode: setting.IsDevel(),
Current: "logout",
},
)
if err != nil {
c.Logger().Errorf("error: %q", err)
return renderErrorPage(
c,
http.StatusInternalServerError,
http.StatusText(http.StatusInternalServerError),
err.Error(),
)
}
}
return nil
}
}