From 9b7509461340fa977b4f50a746d541bc167ca586 Mon Sep 17 00:00:00 2001
From: Roberto Hidalgo <un@rob.mx>
Date: Tue, 3 Jan 2023 22:51:35 -0600
Subject: [PATCH] even furhter sigh

---
 internal/auth/auth.go           | 11 ++++-------
 internal/server/server.go       |  4 +---
 internal/server/static/admin.js |  2 ++
 3 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/internal/auth/auth.go b/internal/auth/auth.go
index 67ada4e..b7e7c14 100644
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -21,14 +21,11 @@ var _db db.Session
 var _wan *webauthn.WebAuthn
 var _sess *scs.SessionManager
 
-func Initialize(wan *webauthn.WebAuthn, db db.Session) {
-	sessionManager := scs.New()
-	sessionManager.Lifetime = 5 * time.Minute
+func Route(wan *webauthn.WebAuthn, db db.Session, router http.Handler) http.Handler {
 	_db = db
 	_wan = wan
-}
-
-func Route(router http.Handler) http.Handler {
+	_sess = scs.New()
+	_sess.Lifetime = 5 * time.Minute
 	return _sess.LoadAndSave(router)
 }
 
@@ -47,7 +44,7 @@ func LoginHandler(w http.ResponseWriter, req *http.Request, ps httprouter.Params
 	password := req.FormValue("password")
 
 	user := &user.User{}
-	if err := _db.Get(user, db.Cond{"name": username}); err != nil {
+	if err := _db.Get(user, db.Cond{"handle": username}); err != nil {
 		err := &errors.InvalidCredentials{Status: http.StatusForbidden, Reason: fmt.Sprintf("User not found for name: %s (%s)", username, err)}
 		err.Log()
 		http.Error(w, err.Error(), err.Code())
diff --git a/internal/server/server.go b/internal/server/server.go
index b11abdf..4312f47 100644
--- a/internal/server/server.go
+++ b/internal/server/server.go
@@ -191,8 +191,6 @@ func Initialize(config *Config) (http.Handler, error) {
 		return nil, err
 	}
 
-	auth.Initialize(wan, _db)
-
 	serverRoot, err := fs.Sub(staticFiles, "static")
 	if err != nil {
 		log.Fatal(err)
@@ -216,7 +214,7 @@ func Initialize(config *Config) (http.Handler, error) {
 	router.POST("/api/user/:id", allowCORS(auth.RequireAdmin(auth.Enforce2FA(updateUser))))
 	router.DELETE("/api/user/:id", allowCORS(auth.RequireAdmin(auth.Enforce2FA(deleteUser))))
 
-	return auth.Route(router), nil
+	return auth.Route(wan, _db, router), nil
 }
 
 func renderTemplate(template []byte) httprouter.Handle {
diff --git a/internal/server/static/admin.js b/internal/server/static/admin.js
index 426327f..b0b9057 100644
--- a/internal/server/static/admin.js
+++ b/internal/server/static/admin.js
@@ -1,3 +1,5 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright © 2022 Roberto Hidalgo <nidito@un.rob.mx>
 import * as webauthn from "./webauthn.js"
 
 const host = document.location.protocol + "//" + document.location.host