diff --git a/internal/handler/auth.go b/internal/handler/auth.go index 813bc205fc..096f2470c6 100644 --- a/internal/handler/auth.go +++ b/internal/handler/auth.go @@ -66,7 +66,7 @@ func (h *AuthHandler) AuthMiddleware() gin.HandlerFunc { } } - if *user.IsSuperuser { + if user.IsSuperuser != nil && *user.IsSuperuser { c.JSON(http.StatusForbidden, gin.H{ "code": common.CodeForbidden, "message": "Super user shouldn't access the URL", diff --git a/internal/service/heartbeat_sender.go b/internal/service/heartbeat_sender.go index 8e36d6ab0f..63709559fb 100644 --- a/internal/service/heartbeat_sender.go +++ b/internal/service/heartbeat_sender.go @@ -126,7 +126,11 @@ func (h *HeartbeatSender) SendHeartbeat() error { if err != nil { return err } - responseCode := common.ErrorCode(responseBody["code"].(float64)) + code, ok := responseBody["code"].(float64) + if !ok { + return fmt.Errorf("unexpected heartbeat response (status %d): missing or non-numeric \"code\" field", resp.StatusCode) + } + responseCode := common.ErrorCode(code) if responseCode != common.CodeLicenseValid { return errors.New(responseCode.Message()) }