everywhere: use different session cookie names

If the user is hosting the dashboard in the same domain as their blog (with a nginx suburi, for example), the two session cookies clash; logging into one service logs you out of the other. With this patch, both have separate names. Fixes https://gitlab.com/commento/commento-ce/issues/49
2018-06-20 08:59:55 +05:30
parent 76a286d884
commit ef0f45527a
45 changed files with 189 additions and 282 deletions
--- a/api/owner_self.go
+++ b/api/owner_self.go
@@ -4,18 +4,9 @@ import (
 	"net/http"
 )

-func ownerSelf(session string) (bool, owner) {
-	o, err := ownerGetBySession(session)
-	if err != nil {
-		return false, owner{}
-	}
-
-	return true, o
-}
-
 func ownerSelfHandler(w http.ResponseWriter, r *http.Request) {
 	type request struct {
-		Session *string `json:"session"`
+		OwnerToken *string `json:"ownerToken"`
 	}

 	var x request
@@ -24,7 +15,16 @@ func ownerSelfHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	loggedIn, o := ownerSelf(*x.Session)
+	o, err := ownerGetByOwnerToken(*x.OwnerToken)
+	if err == errorNoSuchToken {
+		writeBody(w, response{"success": true, "loggedIn": false})
+		return
+	}

-	writeBody(w, response{"success": true, "loggedIn": loggedIn, "owner": o})
+	if err != nil {
+		writeBody(w, response{"success": false, "message": err.Error()})
+		return
+	}
+
+	writeBody(w, response{"success": true, "loggedIn": true, "owner": o})
 }