From 6cf65a8edd50d7556db184659740a2eed583357a Mon Sep 17 00:00:00 2001
From: ngoomie <nu@pinegrove.xyz>
Date: Fri, 23 Aug 2024 22:41:52 -0600
Subject: [PATCH] Session verification-related changes

---
 lib/CharmBoard.pm                         | 53 +++++++++++++----------
 lib/CharmBoard/Controller/Index.pm        |  4 ++
 templates/layouts/default/_header.html.ep |  4 +-
 3 files changed, 35 insertions(+), 26 deletions(-)

diff --git a/lib/CharmBoard.pm b/lib/CharmBoard.pm
index 5f789a0..f8365a7 100644
--- a/lib/CharmBoard.pm
+++ b/lib/CharmBoard.pm
@@ -106,36 +106,41 @@ sub startup {
   $self->helper(session_verify => sub {
     my $self = shift;
 
-    # get info from user's session cookie and store it in vars
-    my $_user_id = $self->session('user_id');
-    my $_session_key = $self->session('session_key');
-
     my $_validity = 1;
     my $_catch_error;
 
-    try {
-      # check to see if session with this id is present in db
-      ($self->schema->resultset('Session')->search
-        ({ 'session_key' => $_session_key })
-        ->get_column('session_key')->first)
-            or die;
+    # get info from user's session cookie and store it in vars
+    my $_user_id = $self->session('user_id');
+    my $_session_key = $self->session('session_key');
+    my $_is_auth = $self->session('is_auth');
 
-      # check to see if the current session key's user id matches
-      # that of the user id in the database
-      $_user_id == ($self->schema->resultset('Session')->
-        session_uid($_session_key))
-           or die;
-      
-      # check if session is still within valid time as recorded in
-      # the db
-      time < ($self->schema->resultset('Session')->
-        session_expiry($_session_key))
+    if ($_is_auth) {
+      try {
+        # check to see if session with this id is present in db
+        ($self->schema->resultset('Session')->search
+          ({ 'session_key' => $_session_key })
+          ->get_column('session_key')->first)
+              or die;
+
+        # check to see if the current session key's user id matches
+        # that of the user id in the database
+        $_user_id == ($self->schema->resultset('Session')->
+          session_uid($_session_key))
             or die;
-    } catch ($_catch_error) {
-      $_validity = undef;
-      $self->session_destroy;
+        
+        # check if session is still within valid time as recorded in
+        # the db
+        time < ($self->schema->resultset('Session')->
+          session_expiry($_session_key))
+              or die;
+      } catch ($_catch_error) {
+        $_validity = undef;
+        $self->session_destroy;
+      }
+    } else {
+      $_validity = 0;
     }
-    
+
     return $_validity;
   });
 
diff --git a/lib/CharmBoard/Controller/Index.pm b/lib/CharmBoard/Controller/Index.pm
index a36a47a..403ec8b 100644
--- a/lib/CharmBoard/Controller/Index.pm
+++ b/lib/CharmBoard/Controller/Index.pm
@@ -12,6 +12,10 @@ use Tree::Simple;
 sub index {
   my $self = shift;
 
+  if ($self->session_verify eq undef) {
+    $self->redirect_to('/')
+  }
+
   $self->render(
     template      => 'index',
     category_tree => $self->model('forums')->list_full
diff --git a/templates/layouts/default/_header.html.ep b/templates/layouts/default/_header.html.ep
index a9d37de..a59b778 100644
--- a/templates/layouts/default/_header.html.ep
+++ b/templates/layouts/default/_header.html.ep
@@ -2,8 +2,8 @@
 my $userControls;
 
 # TODO: once implemented, put username + profile link first
-if ($self->session('is_auth') == 1) {
-  my $username =
+if ($self->session('is_auth')) {
+  my $username = '';
   $userControls = "<a href=\"/logout\">logout</a>"}
 else {
     $userControls =