fixed login/create templates to point to correct endpoints, updated func names to be more idiomatic, reference Session objects to save memory, logout/session.Destroy method

2 files changed, 35 insertions, 16 deletions

diff --git a/src/sessions/middleware.go b/src/sessions/middleware.go
index 6bb3b15..6ae34ac 100644
--- a/src/sessions/middleware.go
+++ b/src/sessions/middleware.go
@@ -5,22 +5,25 @@ import (
 	"net/http"
 )
 
-func SetSession(next http.Handler) http.Handler {
+func StartSession(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// is there a session_token cookie?
 		scookie, err := r.Cookie("session_token")
 		if err != nil || scookie.Value == "" {
 			// no session value or cookie
 			next.ServeHTTP(w, r)
+			return
 		}
+		// check for existing session
 		cvalue := scookie.Value
 		vsession, ok := GetSession(cvalue)
 		if !ok {
 			// no session
 			next.ServeHTTP(w, r)
+			return
 		}
 		// set session
-		ctx := context.WithValue(r.Context(), SessionCtxKey("session"), vsession.Id())
+		ctx := context.WithValue(r.Context(), SessionCtxKey("session"), vsession)
 		next.ServeHTTP(w, r.WithContext(ctx))
 	})
 }
@@ -30,6 +33,7 @@ func GuestSession(next http.Handler) http.Handler {
 		// if SessionKey does exist then redirect to `/u/me` as this is an auth session
 		if v := r.Context().Value(SessionCtxKey("session")); v != nil {
 			http.Redirect(w, r, "/u/me", http.StatusSeeOther)
+			return
 		}
 		// else this is a valid guest request
 		next.ServeHTTP(w, r)
@@ -40,10 +44,11 @@ func AuthSession(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// if session key exists then this is a valid auth request
 		if v := r.Context().Value(SessionCtxKey("session")); v != nil {
-			http.Redirect(w, r, "/login", http.StatusSeeOther)
+			next.ServeHTTP(w, r)
+			return
 		}
 
 		// else this is a guest session request, redirect to login
-		http.Redirect(w, r, "/login", http.StatusSeeOther)
+		http.Redirect(w, r, "/u/auth", http.StatusSeeOther)
 	})
 }
diff --git a/src/sessions/sessions.go b/src/sessions/sessions.go
index 34fe91c..0124c51 100644
--- a/src/sessions/sessions.go
+++ b/src/sessions/sessions.go
@@ -7,19 +7,23 @@ import (
 	"github.com/google/uuid"
 )
 
-type sessionvalues map[string]any
+type SessionValues map[string]any
 
 type Session struct {
 	id     string
-	values sessionvalues
-	mu     *sync.Mutex
+	values SessionValues
+	lock   *sync.Mutex
 }
 
 type SessionCtxKey string
 
-var _sessions map[string]Session
+var _sessions map[string]*Session
 
-func NewSession(w http.ResponseWriter, values map[string]any) Session {
+func InitStore() {
+	_sessions = map[string]*Session{}
+}
+
+func NewSession(w http.ResponseWriter, values map[string]any) *Session {
 	token := uuid.NewString()
 
 	// set secure cookie in http.ResponseWriter
@@ -30,15 +34,16 @@ func NewSession(w http.ResponseWriter, values map[string]any) Session {
 	})
 
 	// create session and store
-	s := Session{
+	s := &Session{
 		id:     token,
-		values: sessionvalues(values),
+		values: SessionValues(values),
+		lock:   &sync.Mutex{},
 	}
 	_sessions[token] = s
 	return s
 }
 
-func GetSession(id string) (Session, bool) {
+func GetSession(id string) (*Session, bool) {
 	s, ok := _sessions[id]
 	return s, ok
 }
@@ -48,14 +53,23 @@ func (s *Session) Id() string {
 }
 
 func (s *Session) Get(key string) interface{} {
-	s.mu.Lock()
-	defer s.mu.Unlock()
+	s.lock.Lock()
+	defer s.lock.Unlock()
 	return s.values[key]
 }
 
 func (s *Session) Set(key string, value interface{}) bool {
-	s.mu.Lock()
-	defer s.mu.Unlock()
+	s.lock.Lock()
+	defer s.lock.Unlock()
 	s.values[key] = value
+	_sessions[s.id] = s
 	return true
 }
+
+func (s *Session) Destroy(w http.ResponseWriter) {
+	delete(_sessions, s.id)
+	http.SetCookie(w, &http.Cookie{
+		Name:  "session_token",
+		Value: "",
+	})
+}