olemd/favoritter
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
favoritter/internal/middleware/resetguard.go
Ole-Morten Duesund 2cbbb20278 feat: add profiles, public views, settings, and code quality fixes 
Phase 3 — Profiles & Public Views:
- Public profile page (/u/{username}) with OG meta tags
- User settings page (display name, bio, visibility, default privacy)
- Avatar upload with image processing
- Password change from settings (verifies current password)
- Home page shows public fave feed for logged-in users
- Must-reset-password guard redirects to /reset-password
- Profile visibility: public (full) or limited (username only)

Code quality improvements from /simplify review:
- Fix signup request persistence bug (was silently discarding data)
- Fix health check to use configured listen address, not hardcoded :8080
- Add rate limiter cleanup goroutine (was leaking memory)
- Extract shared helpers: ClearSessionCookie, IsSecureRequest, scanTags,
  scanUserFrom (scanner interface), SignupRequestStore
- Replace hand-rolled joinPlaceholders with strings.Join
- Remove dead _method hidden field, redundant devMode field
- Simplify rate-limited route registration (remove double-mux)
- Log previously-swallowed errors (session delete, image delete)
- Stop leaking internal error messages to users in image upload

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 16:01:41 +02:00

33 lines
939 B
Go
Raw Permalink Blame History

// SPDX-License-Identifier: AGPL-3.0-or-later
package middleware
import (
"net/http"
"strings"
)
// MustResetPasswordGuard redirects users who must reset their password
// to the reset page. Allows through: static assets, health, logout,
// and the reset-password page itself.
func MustResetPasswordGuard(basePath string) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
user := UserFromContext(r.Context())
if user != nil && user.MustResetPassword {
path := r.URL.Path
// Allow these paths through without redirect.
if path == "/reset-password" ||
path == "/logout" ||
path == "/health" ||
strings.HasPrefix(path, "/static/") {
next.ServeHTTP(w, r)
return
}
http.Redirect(w, r, basePath+"/reset-password", http.StatusSeeOther)
return
}
next.ServeHTTP(w, r)
})
}
}
Reference in a new issue View git blame Copy permalink