commento/api/domain_moderator_delete.go
Adhityaa ef0f45527a everywhere: use different session cookie names
If the user is hosting the dashboard in the same domain as
their blog (with a nginx suburi, for example), the two session
cookies clash; logging into one service logs you out of the other.
With this patch, both have separate names.

Fixes https://gitlab.com/commento/commento-ce/issues/49
2018-06-20 08:59:55 +05:30

63 lines
1.4 KiB
Go

package main
import (
"net/http"
)
func domainModeratorDelete(domain string, email string) error {
if domain == "" || email == "" {
return errorMissingConfig
}
statement := `
DELETE FROM moderators
WHERE domain=$1 AND email=$2;
`
_, err := db.Exec(statement, domain, email)
if err != nil {
logger.Errorf("cannot delete moderator: %v", err)
return errorInternal
}
return nil
}
func domainModeratorDeleteHandler(w http.ResponseWriter, r *http.Request) {
type request struct {
OwnerToken *string `json:"ownerToken"`
Domain *string `json:"domain"`
Email *string `json:"email"`
}
var x request
if err := unmarshalBody(r, &x); err != nil {
writeBody(w, response{"success": false, "message": err.Error()})
return
}
o, err := ownerGetByOwnerToken(*x.OwnerToken)
if err != nil {
writeBody(w, response{"success": false, "message": err.Error()})
return
}
domain := stripDomain(*x.Domain)
authorised, err := domainOwnershipVerify(o.OwnerHex, domain)
if err != nil {
writeBody(w, response{"success": false, "message": err.Error()})
return
}
if !authorised {
writeBody(w, response{"success": false, "message": errorNotAuthorised.Error()})
return
}
if err = domainModeratorDelete(domain, *x.Email); err != nil {
writeBody(w, response{"success": false, "message": err.Error()})
return
}
writeBody(w, response{"success": true})
}