Restrict access to routes when not logged in (i.e., no active session)

internal/webserver/handler_messages.go

@@ -29,7 +29,10 @@ func (t MessageData) FocusedTweetID() scraper.TweetID {
 func (app *Application) Messages(w http.ResponseWriter, r *http.Request) {
 	app.traceLog.Printf("'Messages' handler (path: %q)", r.URL.Path)
 
-	// TODO: what if no active user?
+	if app.ActiveUser.ID == 0 {
+		app.error_401(w)
+		return
+	}
 
 	chat_view := app.Profile.GetChatRoomsPreview(app.ActiveUser.ID)
 	if strings.Trim(r.URL.Path, "/") != "" {

internal/webserver/response_helpers.go

@@ -61,6 +61,10 @@ func (app *Application) error_400_with_message(w http.ResponseWriter, msg string
 	http.Error(w, fmt.Sprintf("Bad Request\n\n%s", msg), 400)
 }
 
+func (app *Application) error_401(w http.ResponseWriter) {
+	http.Error(w, "Please log in or set an active session", 401)
+}
+
 func (app *Application) error_404(w http.ResponseWriter) {
 	http.Error(w, "Not Found", 404)
 }

internal/webserver/tpl/includes/nav_sidebar.tpl

@@ -25,12 +25,14 @@
           <span>Notifications</span>
         </li>
       </a>
-      <a class="unstyled-link" href="/messages">
-        <li class="quick-link">
-          <img class="svg-icon" src="/static/icons/messages.svg" />
-          <span>Messages</span>
-        </li>
-      </a>
+      {{if (not (eq (active_user).Handle "[nobody]"))}}
+        <a class="unstyled-link" href="/messages">
+          <li class="quick-link">
+            <img class="svg-icon" src="/static/icons/messages.svg" />
+            <span>Messages</span>
+          </li>
+        </a>
+      {{end}}
       <a class="unstyled-link" href="/lists">
         <li class="quick-link">
           <img class="svg-icon" src="/static/icons/lists.svg" />