Fix panic on CSRF middleware failure

2022-09-26 19:46:05 -07:00 · 2022-09-26 19:46:05 -07:00 · 6dcb0c66e8
parent d66ba92f55
commit 6dcb0c66e8
2 changed files with 7 additions and 3 deletions
--- a/pkg/router/router.go
+++ b/pkg/router/router.go
@ -86,9 +86,9 @@ func New() http.Handler {
 	mux.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir(config.StaticPath))))

 	// Global middlewares.
-	withSession := middleware.Session(mux)
-	withCSRF := middleware.CSRF(withSession)
-	withRecovery := middleware.Recovery(withCSRF)
+	withCSRF := middleware.CSRF(mux)
+	withSession := middleware.Session(withCSRF)
+	withRecovery := middleware.Recovery(withSession)
 	withLogger := middleware.Logging(withRecovery)
 	return withLogger
 }
--- a/pkg/session/session.go
+++ b/pkg/session/session.go
@ -195,6 +195,10 @@ func ImpersonateUser(w http.ResponseWriter, r *http.Request, u *models.User, imp
 // Impersonated returns if the current session has an impersonator.
 func Impersonated(r *http.Request) bool {
 	sess := Get(r)
+	if sess == nil {
+		return false
+	}
+
 	return sess.Impersonator > 0
 }