From 1b68fd2f2a3ab002cd58fef5e0c79a0246735560 Mon Sep 17 00:00:00 2001 From: mkelvers Date: Wed, 22 Apr 2026 21:39:28 +0200 Subject: [PATCH] fix: route delete through user router --- api/admin/handler.go | 6 ++++-- internal/server/routes.go | 3 --- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/api/admin/handler.go b/api/admin/handler.go index 959b63a..549d997 100644 --- a/api/admin/handler.go +++ b/api/admin/handler.go @@ -89,7 +89,7 @@ func (h *Handler) HandleAddUserForm(w http.ResponseWriter, r *http.Request) { func (h *Handler) HandleDeleteUserRouter(w http.ResponseWriter, r *http.Request) { path := r.URL.Path path = strings.TrimPrefix(path, "/admin/users/delete/") - + if path == "" { writeInlineError(w, "Invalid user ID") return @@ -130,6 +130,8 @@ func (h *Handler) HandleDeleteUserRouter(w http.ResponseWriter, r *http.Request) func (h *Handler) HandleUserRouter(w http.ResponseWriter, r *http.Request) { path := r.URL.Path switch { + case strings.HasSuffix(path, "/delete"): + h.HandleDeleteUserRouter(w, r) case strings.HasSuffix(path, "/watchlist"): h.HandleUserWatchlist(w, r) case strings.HasSuffix(path, "/continue-watching"): @@ -225,4 +227,4 @@ func GetImpersonatedUserID(r *http.Request) string { } return impersonateID -} \ No newline at end of file +} diff --git a/internal/server/routes.go b/internal/server/routes.go index 4e1b8ee..1126459 100644 --- a/internal/server/routes.go +++ b/internal/server/routes.go @@ -108,9 +108,6 @@ func NewRouter(cfg Config) http.Handler { // Admin Endpoints (protected by admin middleware in route handlers) mux.Handle("/admin", middleware.RequireAdmin(http.HandlerFunc(adminHandler.HandleAdminPage))) mux.Handle("/admin/users", middleware.RequireAdmin(http.HandlerFunc(adminHandler.HandleAddUserForm))) - mux.HandleFunc("/admin/users/delete", func(w http.ResponseWriter, r *http.Request) { - middleware.RequireAdmin(http.HandlerFunc(adminHandler.HandleDeleteUserRouter)).ServeHTTP(w, r) - }) mux.Handle("/admin/users/", middleware.RequireAdmin(http.HandlerFunc(adminHandler.HandleUserRouter))) // Wrap mux with global CSRF origin verification and auth checking,