fix: route delete through user router

This commit is contained in:
2026-04-22 21:39:28 +02:00
parent 9cd43d9c4c
commit 1b68fd2f2a
2 changed files with 4 additions and 5 deletions

View File

@@ -89,7 +89,7 @@ func (h *Handler) HandleAddUserForm(w http.ResponseWriter, r *http.Request) {
func (h *Handler) HandleDeleteUserRouter(w http.ResponseWriter, r *http.Request) {
path := r.URL.Path
path = strings.TrimPrefix(path, "/admin/users/delete/")
if path == "" {
writeInlineError(w, "Invalid user ID")
return
@@ -130,6 +130,8 @@ func (h *Handler) HandleDeleteUserRouter(w http.ResponseWriter, r *http.Request)
func (h *Handler) HandleUserRouter(w http.ResponseWriter, r *http.Request) {
path := r.URL.Path
switch {
case strings.HasSuffix(path, "/delete"):
h.HandleDeleteUserRouter(w, r)
case strings.HasSuffix(path, "/watchlist"):
h.HandleUserWatchlist(w, r)
case strings.HasSuffix(path, "/continue-watching"):
@@ -225,4 +227,4 @@ func GetImpersonatedUserID(r *http.Request) string {
}
return impersonateID
}
}

View File

@@ -108,9 +108,6 @@ func NewRouter(cfg Config) http.Handler {
// Admin Endpoints (protected by admin middleware in route handlers)
mux.Handle("/admin", middleware.RequireAdmin(http.HandlerFunc(adminHandler.HandleAdminPage)))
mux.Handle("/admin/users", middleware.RequireAdmin(http.HandlerFunc(adminHandler.HandleAddUserForm)))
mux.HandleFunc("/admin/users/delete", func(w http.ResponseWriter, r *http.Request) {
middleware.RequireAdmin(http.HandlerFunc(adminHandler.HandleDeleteUserRouter)).ServeHTTP(w, r)
})
mux.Handle("/admin/users/", middleware.RequireAdmin(http.HandlerFunc(adminHandler.HandleUserRouter)))
// Wrap mux with global CSRF origin verification and auth checking,