Fix redirection bugs

mlacorte · Nov 17, 2021 · 43df008 · 43df008
1 parent 59174ff
commit 43df008
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 14 deletions.
diff --git a/cmd/handlers.go b/cmd/handlers.go
@@ -39,7 +39,9 @@ var (
 
 // registerHandlers registers HTTP handlers.
 func initHTTPHandlers(e *echo.Echo, app *App) {
-	e.Pre(middleware.HTTPSRedirect())
+	if app.constants.ForceSSL {
+		e.Pre(middleware.HTTPSRedirect())
+	}
 
 	// Group of private handlers with BasicAuth.
 	var g *echo.Group
@@ -201,6 +203,8 @@ func basicAuth(username, password string, c echo.Context) (bool, error) {
 		roleCookie := new(http.Cookie)
 		roleCookie.Name = "role"
 		roleCookie.Value = role
+		roleCookie.Path = "/"
+		roleCookie.SameSite = http.SameSiteLaxMode
 		c.SetCookie(roleCookie)
 	}
 

diff --git a/cmd/init.go b/cmd/init.go
@@ -70,6 +70,7 @@ type constants struct {
 		Exportable         map[string]bool `koanf:"-"`
 		DomainBlocklist    map[string]bool `koanf:"-"`
 	} `koanf:"privacy"`
+	ForceSSL        bool   `koanf:"force_ssl"`
 	AdminUsername   []byte `koanf:"admin_username"`
 	AdminPassword   []byte `koanf:"admin_password"`
 	Editor1Username []byte `koanf:"editor1_username"`
@@ -333,6 +334,8 @@ func initConstants() *constants {
 	c.BounceSESEnabled = ko.Bool("bounce.ses_enabled")
 	c.BounceSendgridEnabled = ko.Bool("bounce.sendgrid_enabled")
 
+	c.Accounts = make(map[[32]byte]string)
+
 	for _, account := range []account{
 		{username: c.AdminUsername, password: c.AdminPassword, role: "admin"},
 		{username: c.Editor1Username, password: c.Editor1Password, role: "editor"},

diff --git a/frontend/src/App.vue b/frontend/src/App.vue
@@ -150,6 +150,10 @@ export default Vue.extend({
 
   watch: {
     $route(to) {
+      if (to.meta.admin && !this.$root.role.admin) {
+        this.$router.replace({ path: '/' });
+      }
+
       // Set the current route name to true for active+expanded keys in the
       // menu to pick up.
       this.activeItem = { [to.name]: true };

diff --git a/frontend/src/main.js b/frontend/src/main.js
@@ -30,7 +30,7 @@ new Vue({
 
   data: {
     isLoaded: false,
-    role: { [this.$cookies.get('role')]: true },
+    role: { [VueCookies.get('role')]: true },
   },
 
   methods: {

diff --git a/frontend/src/router/index.js b/frontend/src/router/index.js
@@ -20,49 +20,49 @@ const routes = [
   {
     path: '/lists',
     name: 'lists',
-    meta: { title: 'Lists', group: 'lists' },
+    meta: { title: 'Lists', group: 'lists', admin: true },
     component: () => import(/* webpackChunkName: "main" */ '../views/Lists.vue'),
   },
   {
     path: '/lists/forms',
     name: 'forms',
-    meta: { title: 'Forms', group: 'lists' },
+    meta: { title: 'Forms', group: 'lists', admin: true },
     component: () => import(/* webpackChunkName: "main" */ '../views/Forms.vue'),
   },
   {
     path: '/lists/:id',
     name: 'lists',
-    meta: { title: 'Lists', group: 'lists' },
+    meta: { title: 'Lists', group: 'lists', admin: true },
     component: () => import(/* webpackChunkName: "main" */ '../views/Lists.vue'),
   },
   {
     path: '/subscribers',
     name: 'subscribers',
-    meta: { title: 'Subscribers', group: 'subscribers' },
+    meta: { title: 'Subscribers', group: 'subscribers', admin: true },
     component: () => import(/* webpackChunkName: "main" */ '../views/Subscribers.vue'),
   },
   {
     path: '/subscribers/import',
     name: 'import',
-    meta: { title: 'Import subscribers', group: 'subscribers' },
+    meta: { title: 'Import subscribers', group: 'subscribers', admin: true },
     component: () => import(/* webpackChunkName: "main" */ '../views/Import.vue'),
   },
   {
     path: '/subscribers/bounces',
     name: 'bounces',
-    meta: { title: 'Bounces', group: 'subscribers' },
+    meta: { title: 'Bounces', group: 'subscribers', admin: true },
     component: () => import(/* webpackChunkName: "main" */ '../views/Bounces.vue'),
   },
   {
     path: '/subscribers/lists/:listID',
     name: 'subscribers_list',
-    meta: { title: 'Subscribers', group: 'subscribers' },
+    meta: { title: 'Subscribers', group: 'subscribers', admin: true },
     component: () => import(/* webpackChunkName: "main" */ '../views/Subscribers.vue'),
   },
   {
     path: '/subscribers/:id',
     name: 'subscriber',
-    meta: { title: 'Subscribers', group: 'subscribers' },
+    meta: { title: 'Subscribers', group: 'subscribers', admin: true },
     component: () => import(/* webpackChunkName: "main" */ '../views/Subscribers.vue'),
   },
   {
@@ -74,13 +74,13 @@ const routes = [
   {
     path: '/campaigns/media',
     name: 'media',
-    meta: { title: 'Media', group: 'campaigns' },
+    meta: { title: 'Media', group: 'campaigns', admin: true },
     component: () => import(/* webpackChunkName: "main" */ '../views/Media.vue'),
   },
   {
     path: '/campaigns/templates',
     name: 'templates',
-    meta: { title: 'Templates', group: 'campaigns' },
+    meta: { title: 'Templates', group: 'campaigns', admin: true },
     component: () => import(/* webpackChunkName: "main" */ '../views/Templates.vue'),
   },
   {
@@ -98,13 +98,13 @@ const routes = [
   {
     path: '/settings',
     name: 'settings',
-    meta: { title: 'Settings', group: 'settings' },
+    meta: { title: 'Settings', group: 'settings', admin: true },
     component: () => import(/* webpackChunkName: "main" */ '../views/Settings.vue'),
   },
   {
     path: '/settings/logs',
     name: 'logs',
-    meta: { title: 'Logs', group: 'settings' },
+    meta: { title: 'Logs', group: 'settings', admin: true },
     component: () => import(/* webpackChunkName: "main" */ '../views/Logs.vue'),
   },
 ];