ef0f45527a
If the user is hosting the dashboard in the same domain as their blog (with a nginx suburi, for example), the two session cookies clash; logging into one service logs you out of the other. With this patch, both have separate names. Fixes https://gitlab.com/commento/commento-ce/issues/49
63 lines
1.4 KiB
Go
63 lines
1.4 KiB
Go
package main
|
|
|
|
import (
|
|
"net/http"
|
|
)
|
|
|
|
func domainModeratorDelete(domain string, email string) error {
|
|
if domain == "" || email == "" {
|
|
return errorMissingConfig
|
|
}
|
|
|
|
statement := `
|
|
DELETE FROM moderators
|
|
WHERE domain=$1 AND email=$2;
|
|
`
|
|
_, err := db.Exec(statement, domain, email)
|
|
if err != nil {
|
|
logger.Errorf("cannot delete moderator: %v", err)
|
|
return errorInternal
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func domainModeratorDeleteHandler(w http.ResponseWriter, r *http.Request) {
|
|
type request struct {
|
|
OwnerToken *string `json:"ownerToken"`
|
|
Domain *string `json:"domain"`
|
|
Email *string `json:"email"`
|
|
}
|
|
|
|
var x request
|
|
if err := unmarshalBody(r, &x); err != nil {
|
|
writeBody(w, response{"success": false, "message": err.Error()})
|
|
return
|
|
}
|
|
|
|
o, err := ownerGetByOwnerToken(*x.OwnerToken)
|
|
if err != nil {
|
|
writeBody(w, response{"success": false, "message": err.Error()})
|
|
return
|
|
}
|
|
|
|
domain := stripDomain(*x.Domain)
|
|
authorised, err := domainOwnershipVerify(o.OwnerHex, domain)
|
|
if err != nil {
|
|
writeBody(w, response{"success": false, "message": err.Error()})
|
|
return
|
|
}
|
|
|
|
if !authorised {
|
|
writeBody(w, response{"success": false, "message": errorNotAuthorised.Error()})
|
|
return
|
|
}
|
|
|
|
if err = domainModeratorDelete(domain, *x.Email); err != nil {
|
|
writeBody(w, response{"success": false, "message": err.Error()})
|
|
return
|
|
}
|
|
|
|
writeBody(w, response{"success": true})
|
|
}
|