fix: coderabbit suggestions

2025-10-28 20:55:42 +00:00 · 2025-08-26 14:31:09 +03:00
parent d3c40bb366
commit a5e1ae096b
19 changed files with 178 additions and 47 deletions
--- a/internal/controller/user_controller.go
+++ b/internal/controller/user_controller.go
@@ -112,7 +112,7 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 		if user.TotpSecret != "" {
 			log.Debug().Str("username", req.Username).Msg("User has TOTP enabled, requiring TOTP verification")

-			controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
+			err := controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
 				Username:    user.Username,
 				Name:        utils.Capitalize(req.Username),
 				Email:       fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.Config.Domain),
@@ -120,6 +120,15 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 				TotpPending: true,
 			})

+			if err != nil {
+				log.Error().Err(err).Msg("Failed to create session cookie")
+				c.JSON(500, gin.H{
+					"status":  500,
+					"message": "Internal Server Error",
+				})
+				return
+			}
+
 			c.JSON(200, gin.H{
 				"status":      200,
 				"message":     "TOTP required",
@@ -129,13 +138,22 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 		}
 	}

-	controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
+	err = controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
 		Username: req.Username,
 		Name:     utils.Capitalize(req.Username),
 		Email:    fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.Config.Domain),
 		Provider: "username",
 	})

+	if err != nil {
+		log.Error().Err(err).Msg("Failed to create session cookie")
+		c.JSON(500, gin.H{
+			"status":  500,
+			"message": "Internal Server Error",
+		})
+		return
+	}
+
 	c.JSON(200, gin.H{
 		"status":  200,
 		"message": "Login successful",
@@ -144,7 +162,9 @@ func (controller *UserController) loginHandler(c *gin.Context) {

 func (controller *UserController) logoutHandler(c *gin.Context) {
 	log.Debug().Msg("Logout request received")
+
 	controller.Auth.DeleteSessionCookie(c)
+
 	c.JSON(200, gin.H{
 		"status":  200,
 		"message": "Logout successful",
@@ -175,8 +195,8 @@ func (controller *UserController) totpHandler(c *gin.Context) {
 		return
 	}

-	if !context.IsLoggedIn {
-		log.Warn().Msg("TOTP attempt without being logged in")
+	if !context.TotpPending {
+		log.Warn().Msg("TOTP attempt without a pending TOTP session")
 		c.JSON(401, gin.H{
 			"status":  401,
 			"message": "Unauthorized",
@@ -223,13 +243,22 @@ func (controller *UserController) totpHandler(c *gin.Context) {

 	controller.Auth.RecordLoginAttempt(rateIdentifier, true)

-	controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
+	err = controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
 		Username: user.Username,
 		Name:     utils.Capitalize(user.Username),
 		Email:    fmt.Sprintf("%s@%s", strings.ToLower(user.Username), controller.Config.Domain),
 		Provider: "username",
 	})

+	if err != nil {
+		log.Error().Err(err).Msg("Failed to create session cookie")
+		c.JSON(500, gin.H{
+			"status":  500,
+			"message": "Internal Server Error",
+		})
+		return
+	}
+
 	c.JSON(200, gin.H{
 		"status":  200,
 		"message": "Login successful",