From da0e33fb1b734f3793d4f4da02fd25ceca2075d9 Mon Sep 17 00:00:00 2001
From: Fritz Heiden <fritz.heiden@mailbox.org>
Date: Thu, 13 Mar 2025 20:50:11 +0100
Subject: [PATCH] fix: authenticator crashing when session token invalid

---
 server/authenticator.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/authenticator.go b/server/authenticator.go
index 65c97b2..ca13ee5 100644
--- a/server/authenticator.go
+++ b/server/authenticator.go
@@ -42,7 +42,7 @@ func (r *Authenticator) Authenticate(path string, exceptions []string) func(next
 				return err
 			}
 			session, error := r.userManager.GetSession(cookie.Value)
-			if error != nil {
+			if error != nil || session == nil {
 				SendError(401, context, fmt.Sprintf("session not found: %s", cookie.Value))
 				return fmt.Errorf("session not found: %s", cookie.Value)
 			}