update security

admin/admin.go

@@ -11,7 +11,7 @@ import (
 var adminTemplate *template.Template
 var balanceTemplate *template.Template
 var router = http.NewServeMux()
-var Handler = adminMW(router)
+var Handler = AdminMW(router)
 
 type Between struct {
 	User     *homepage.User
@@ -40,7 +40,7 @@ func init() {
 	router.HandleFunc("/", handler)
 }
 
-func adminMW(h http.Handler) http.Handler {
+func AdminMW(h http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		admin, err := homepage.GetUserInfoBySession(r)
 		if err != nil {

k8s/values.yaml

@@ -7,5 +7,5 @@ POSTGRES: "${POSTGRES}"
 POSTGRES_PASS: "${POSTGRES_PASS}"
 POSTGRES_USER: "${POSTGRES_USER}"
 POSTGRES_DB: "${POSTGRES_DB}"
-Tag: "v1.6.3"
+Tag: "v1.6.4"
 REGISTRY_CONF: "${REGISTRY_CONF}"

main.go

@@ -34,7 +34,7 @@ func main() {
 	mux.HandleFunc("/logout/", auth.LogoutHandler)
 	mux.Handle("/theme/", http.StripPrefix("/theme", http.HandlerFunc(homepage.ThemeHandler)))
 	mux.Handle("/new/", http.StripPrefix("/new", http.HandlerFunc(homepage.NewHandler)))
-	mux.HandleFunc("/topup/", topup.TopupHandler)
+	mux.Handle("/topup/", topup.Handler)
 	//mux.HandleFunc("/topup/api/", topup.PayPalHandler)
 	mux.Handle("/metrics", promhttp.Handler())
 	mux.Handle("/metrics/", promhttp.Handler())

topup/topup.go

 package topup
 
 import (
+	"git.sch.bme.hu/disappointment-industries/becskasszasch/admin"
 	"git.sch.bme.hu/disappointment-industries/becskasszasch/auth"
 	"git.sch.bme.hu/disappointment-industries/becskasszasch/db"
 	"git.sch.bme.hu/disappointment-industries/becskasszasch/helpers"
@@ -28,7 +29,9 @@ func init() {
 	}
 }
 
-func TopupHandler(w http.ResponseWriter, r *http.Request) {
+var Handler = admin.AdminMW(http.HandlerFunc(topupHandler))
+
+func topupHandler(w http.ResponseWriter, r *http.Request) {
 	s := auth.GetFullSession(r)
 	if r.Method != "POST" {