commento/api/domain_delete.go
Adhityaa ef0f45527a everywhere: use different session cookie names
If the user is hosting the dashboard in the same domain as
their blog (with a nginx suburi, for example), the two session
cookies clash; logging into one service logs you out of the other.
With this patch, both have separate names.

Fixes https://gitlab.com/commento/commento-ce/issues/49
2018-06-20 08:59:55 +05:30

103 lines
2.0 KiB
Go

package main
import (
"net/http"
)
func domainDelete(domain string) error {
if domain == "" {
return errorMissingField
}
statement := `
DELETE FROM
domains
WHERE domain = $1;
`
_, err := db.Exec(statement, domain)
if err != nil {
return errorNoSuchDomain
}
statement = `
DELETE FROM votes
USING comments
WHERE comments.commentHex = votes.commentHex AND comments.domain = $1;
`
_, err = db.Exec(statement, domain)
if err != nil {
logger.Errorf("cannot delete votes: %v", err)
return errorInternal
}
statement = `
DELETE FROM views
WHERE views.domain = $1;
`
_, err = db.Exec(statement, domain)
if err != nil {
logger.Errorf("cannot delete views: %v", err)
return errorInternal
}
statement = `
DELETE FROM moderators
WHERE moderators.domain = $1;
`
_, err = db.Exec(statement, domain)
if err != nil {
logger.Errorf("cannot delete domain moderators: %v", err)
return errorInternal
}
statement = `
DELETE FROM comments
WHERE comments.domain = $1;
`
_, err = db.Exec(statement, domain)
if err != nil {
logger.Errorf(statement, domain)
return errorInternal
}
return nil
}
func domainDeleteHandler(w http.ResponseWriter, r *http.Request) {
type request struct {
OwnerToken *string `json:"ownerToken"`
Domain *string `json:"domain"`
}
var x request
if err := unmarshalBody(r, &x); err != nil {
writeBody(w, response{"success": false, "message": err.Error()})
return
}
o, err := ownerGetByOwnerToken(*x.OwnerToken)
if err != nil {
writeBody(w, response{"success": false, "message": err.Error()})
return
}
domain := stripDomain(*x.Domain)
isOwner, err := domainOwnershipVerify(o.OwnerHex, domain)
if err != nil {
writeBody(w, response{"success": false, "message": err.Error()})
return
}
if !isOwner {
writeBody(w, response{"success": false, "message": errorNotAuthorised.Error()})
return
}
if err = domainDelete(*x.Domain); err != nil {
writeBody(w, response{"success": false, "message": err.Error()})
return
}
writeBody(w, response{"success": true})
}