From a1a18af0163ddcb0e34edd3339b355268eb19220 Mon Sep 17 00:00:00 2001
From: Arthur Lu <root@tronnet.net>
Date: Fri, 27 Mar 2026 23:02:36 +0000
Subject: [PATCH] fix issue with proxmox session binding

---
 app/main.go       |  5 ++++-
 app/operations.go |  2 ++
 app/pve/pve.go    | 10 ++++++++--
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/app/main.go b/app/main.go
index f71103a..066dfdb 100644
--- a/app/main.go
+++ b/app/main.go
@@ -90,6 +90,7 @@ func Run(configPath *string) {
 	})
 
 	router.DELETE("/ticket", func(c *gin.Context) {
+		// get session uuid from session cookie
 		session := sessions.Default(c)
 		SessionUUID := session.Get("SessionUUID")
 		if SessionUUID == nil {
@@ -97,8 +98,10 @@ func Run(configPath *string) {
 			return
 		}
 		uuid := SessionUUID.(string)
+
+		// delete uuid entry from user sessions
 		delete(UserSessions, uuid)
-		session.Options(sessions.Options{MaxAge: -1}) // set max age to -1 so it is deleted
+		session.Options(sessions.Options{MaxAge: -1}) // set max age to -1 so session cookie is deleted
 		session.Save()
 		c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
 	})
diff --git a/app/operations.go b/app/operations.go
index 2fa42d5..2d0973e 100644
--- a/app/operations.go
+++ b/app/operations.go
@@ -5,9 +5,11 @@ import (
 )
 
 func NewPool(backends *Backends, poolname string) (int, error) {
+	// only pve backend handles pools
 	return backends.pve.NewPool(poolname)
 }
 func DelPool(backends *Backends, poolname string) (int, error) {
+	// only pve backend handles pools
 	return backends.pve.DelPool(poolname)
 }
 
diff --git a/app/pve/pve.go b/app/pve/pve.go
index dd9afbe..e94f461 100644
--- a/app/pve/pve.go
+++ b/app/pve/pve.go
@@ -29,11 +29,17 @@ func NewClientFromCredentials(config common.PVEConfig, username common.Username,
 
 	client := proxmox.NewClient(config.URL,
 		proxmox.WithHTTPClient(&HTTPClient),
-		proxmox.WithCredentials(&proxmox.Credentials{Username: username.ToString(), Password: password}),
+		proxmox.WithCredentials(&proxmox.Credentials{Username: username.UserID, Realm: username.Realm, Password: password}),
 	)
 
-	// todo this should return an error code if the binding failed (ie fetch version to check if the auth was actually ok)
+	// check that the user is authenticated because proxmox.NewClient does not return an error
+	// version route is accessible to any authenticated user
+	_, err := client.Version(context.Background())
+	if err != nil { // could not get version so therefore the user is not authenticated
+		return nil, http.StatusUnauthorized, err
+	}
 
+	// todo this should return an error code if the binding failed (ie fetch version to check if the auth was actually ok)
 	return &ProxmoxClient{config: &config, client: client}, http.StatusOK, nil
 }