MiauRizius/MiauInv
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

removed unnecessary comments

Browse Source
This commit is contained in:
miaurizius
2026-06-09 14:36:03 +02:00
parent 6d32ca13ca
commit 918b9a6b74
2 changed files with 1 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
auth/middleware.go
View File

@@ -15,8 +15,6 @@ func AuthMiddleware(secret []byte) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler { return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// WICHTIG: Wenn der User auf einer öffentlichen Seite ist,
// darf die Middleware KEINEN Auth-Zwang ausüben und nicht redirecten!
if r.URL.Path == "/login" || r.URL.Path == "/register" || r.URL.Path == "/" { if r.URL.Path == "/login" || r.URL.Path == "/register" || r.URL.Path == "/" {
next.ServeHTTP(w, r) next.ServeHTTP(w, r)
return return
@@ -50,14 +48,12 @@ func AuthMiddleware(secret []byte) func(http.Handler) http.Handler {
if strings.HasPrefix(r.URL.Path, "/api/") { if strings.HasPrefix(r.URL.Path, "/api/") {
http.Error(w, "Invalid token", http.StatusUnauthorized) http.Error(w, "Invalid token", http.StatusUnauthorized)
} else { } else {
// Falls das Cookie korrupt oder abgelaufen ist, löschen wir es direkt,
// damit das Frontend sauber merkt, dass es weg ist.
http.SetCookie(w, &http.Cookie{ http.SetCookie(w, &http.Cookie{
Name: "access_token", Name: "access_token",
Value: "", Value: "",
Path: "/", Path: "/",
MaxAge: -1, MaxAge: -1,
HttpOnly: false, // Erlaubt JS das Auslesen HttpOnly: false,
}) })
http.Redirect(w, r, "/login", http.StatusSeeOther) http.Redirect(w, r, "/login", http.StatusSeeOther)
} }

3
handlers/api.go
View File

@@ -573,7 +573,6 @@ func Associations(w http.ResponseWriter, r *http.Request) {
idStr := r.URL.Query().Get("id") idStr := r.URL.Query().Get("id")
projectIDStr := r.URL.Query().Get("project_id") projectIDStr := r.URL.Query().Get("project_id")
// Optionaler Filter: Alle Items für ein bestimmtes Projekt holen (?project_id=X)
if projectIDStr != "" { if projectIDStr != "" {
pID, _ := strconv.Atoi(projectIDStr) pID, _ := strconv.Atoi(projectIDStr)
rows, err := storage.DB.Query("SELECT id, item_id, project_id, quantity FROM project_items WHERE project_id = ?", pID) rows, err := storage.DB.Query("SELECT id, item_id, project_id, quantity FROM project_items WHERE project_id = ?", pID)
@@ -593,7 +592,6 @@ func Associations(w http.ResponseWriter, r *http.Request) {
return return
} }
// Einzelne Assoziation anhand der Tabellen-ID (?id=X)
if idStr != "" { if idStr != "" {
id, _ := strconv.Atoi(idStr) id, _ := strconv.Atoi(idStr)
var pi models.ProjectItem var pi models.ProjectItem
@@ -607,7 +605,6 @@ func Associations(w http.ResponseWriter, r *http.Request) {
return return
} }
// Gar kein Parameter -> Komplett-Dump aller Zuweisungen
rows, err := storage.DB.Query("SELECT id, item_id, project_id, quantity FROM project_items") rows, err := storage.DB.Query("SELECT id, item_id, project_id, quantity FROM project_items")
if err != nil { if err != nil {
http.Error(w, "Internal server error", http.StatusInternalServerError) http.Error(w, "Internal server error", http.StatusInternalServerError)