From 3ba8e3ef70fdb96ff8d15400a004ce5dd70c1ada Mon Sep 17 00:00:00 2001
From: Alessio <me@playfulpachyderm.com>
Date: Sun, 24 Dec 2023 14:09:46 -0600
Subject: [PATCH] Restrict access to  routes when not logged in (i.e., no
 active session)

---
 internal/webserver/handler_messages.go          |  5 ++++-
 internal/webserver/response_helpers.go          |  4 ++++
 internal/webserver/tpl/includes/nav_sidebar.tpl | 14 ++++++++------
 3 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/internal/webserver/handler_messages.go b/internal/webserver/handler_messages.go
index 5d5d548..aef3cbf 100644
--- a/internal/webserver/handler_messages.go
+++ b/internal/webserver/handler_messages.go
@@ -29,7 +29,10 @@ func (t MessageData) FocusedTweetID() scraper.TweetID {
 func (app *Application) Messages(w http.ResponseWriter, r *http.Request) {
 	app.traceLog.Printf("'Messages' handler (path: %q)", r.URL.Path)
 
-	// TODO: what if no active user?
+	if app.ActiveUser.ID == 0 {
+		app.error_401(w)
+		return
+	}
 
 	chat_view := app.Profile.GetChatRoomsPreview(app.ActiveUser.ID)
 	if strings.Trim(r.URL.Path, "/") != "" {
diff --git a/internal/webserver/response_helpers.go b/internal/webserver/response_helpers.go
index 2c0b2a2..b0e6adb 100644
--- a/internal/webserver/response_helpers.go
+++ b/internal/webserver/response_helpers.go
@@ -61,6 +61,10 @@ func (app *Application) error_400_with_message(w http.ResponseWriter, msg string
 	http.Error(w, fmt.Sprintf("Bad Request\n\n%s", msg), 400)
 }
 
+func (app *Application) error_401(w http.ResponseWriter) {
+	http.Error(w, "Please log in or set an active session", 401)
+}
+
 func (app *Application) error_404(w http.ResponseWriter) {
 	http.Error(w, "Not Found", 404)
 }
diff --git a/internal/webserver/tpl/includes/nav_sidebar.tpl b/internal/webserver/tpl/includes/nav_sidebar.tpl
index fcf1800..d35d1a4 100644
--- a/internal/webserver/tpl/includes/nav_sidebar.tpl
+++ b/internal/webserver/tpl/includes/nav_sidebar.tpl
@@ -25,12 +25,14 @@
           <span>Notifications</span>
         </li>
       </a>
-      <a class="unstyled-link" href="/messages">
-        <li class="quick-link">
-          <img class="svg-icon" src="/static/icons/messages.svg" />
-          <span>Messages</span>
-        </li>
-      </a>
+      {{if (not (eq (active_user).Handle "[nobody]"))}}
+        <a class="unstyled-link" href="/messages">
+          <li class="quick-link">
+            <img class="svg-icon" src="/static/icons/messages.svg" />
+            <span>Messages</span>
+          </li>
+        </a>
+      {{end}}
       <a class="unstyled-link" href="/lists">
         <li class="quick-link">
           <img class="svg-icon" src="/static/icons/lists.svg" />