b0esche/b0esche_cloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix JWTManager access in getUserAvatarHandler

Browse Source
This commit is contained in:
Leon Bösche
2026-01-29 21:19:15 +01:00
parent 7a3abe9fa2
commit cabb330966
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
go_cloud/internal/http/routes.go
View File

@@ -260,7 +260,7 @@ func NewRouter(cfg *config.Config, db *database.DB, jwtManager *jwt.Manager, aut
uploadUserAvatarHandler(w, req, db, auditLogger, cfg) uploadUserAvatarHandler(w, req, db, auditLogger, cfg)
}) })
r.Get("/user/avatar", func(w http.ResponseWriter, req *http.Request) { r.Get("/user/avatar", func(w http.ResponseWriter, req *http.Request) {
getUserAvatarHandler(w, req, db, cfg) getUserAvatarHandler(w, req, db, jwtManager, cfg)
}) })
r.Options("/user/avatar", func(w http.ResponseWriter, req *http.Request) { r.Options("/user/avatar", func(w http.ResponseWriter, req *http.Request) {
w.Header().Set("Access-Control-Allow-Origin", "*") w.Header().Set("Access-Control-Allow-Origin", "*")
@@ -4080,14 +4080,14 @@ func uploadUserAvatarHandler(w http.ResponseWriter, r *http.Request, db *databas
} }
// getUserAvatarHandler serves the user's avatar image // getUserAvatarHandler serves the user's avatar image
func getUserAvatarHandler(w http.ResponseWriter, r *http.Request, db *database.DB, cfg *config.Config) { func getUserAvatarHandler(w http.ResponseWriter, r *http.Request, db *database.DB, jwtManager *jwt.Manager, cfg *config.Config) {
tokenString := r.URL.Query().Get("token") tokenString := r.URL.Query().Get("token")
if tokenString == "" { if tokenString == "" {
errors.WriteError(w, errors.CodeUnauthenticated, "Unauthorized", http.StatusUnauthorized) errors.WriteError(w, errors.CodeUnauthenticated, "Unauthorized", http.StatusUnauthorized)
return return
} }
claims, err := cfg.JWTManager.ValidateToken(tokenString) claims, err := jwtManager.ValidateToken(tokenString)
if err != nil { if err != nil {
errors.WriteError(w, errors.CodeUnauthenticated, "Unauthorized", http.StatusUnauthorized) errors.WriteError(w, errors.CodeUnauthenticated, "Unauthorized", http.StatusUnauthorized)
return return