adjusted session store to only require library and returnable session object

author: Alexander Kavon <hawk@alexkavon.com> 2023-11-30 05:21:38 -0500
committer: Alexander Kavon <hawk@alexkavon.com> 2023-11-30 05:21:38 -0500
commit: ec1f49a98765800481608394af3feb5a5221110c (patch)
tree: a9e1843c7b79a5c111d5fb18c7c336068479eb55 /src
parent: 218cd643550ed00d26b6e9772d8a64875b5abf2e (diff)
3 files changed, 56 insertions, 25 deletions
diff --git a/src/sessions/middleware.go b/src/sessions/middleware.go
index 238047e..c1d0528 100644
--- a/src/sessions/middleware.go
+++ b/src/sessions/middleware.go
@@ -7,19 +7,20 @@ import (
 
 func SetSession(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// is there a session_token cookie?
 		scookie, err := r.Cookie("session_token")
 		if err != nil || scookie.Value == "" {
 			// no session value or cookie
 			next.ServeHTTP(w, r)
 		}
 		cvalue := scookie.Value
-		vsession, ok := Sessions[cvalue]
+		vsession, ok := GetSession(cvalue)
 		if !ok {
 			// no session
 			next.ServeHTTP(w, r)
 		}
 		// set session
-		ctx := context.WithValue(r.Context(), SessionCtxKey("session"), vsession)
+		ctx := context.WithValue(r.Context(), SessionCtxKey("session"), vsession.Id())
 		next.ServeHTTP(w, r.WithContext(ctx))
 	})
 }
@@ -27,10 +28,22 @@ func SetSession(next http.Handler) http.Handler {
 func GuestSession(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// if SessionKey does not exist then this is a valid guest request
-		if _, ok := r.Context().Value(SessionCtxKey("session")).(session); !ok {
+		if _, ok := r.Context().Value(SessionCtxKey("session")); !ok {
 			next.ServeHTTP(w, r)
 		}
-		// else redirect to `/` as this is an auth session
-		http.Redirect(w, r, "/", http.StatusSeeOther)
+		// else redirect to `/u/me` as this is an auth session
+		http.Redirect(w, r, "/u/me", http.StatusSeeOther)
+	})
+}
+
+func AuthSession(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// if session key not exists, then this is a guest session request redirect to login page
+		if _, ok := r.Context().Value(SessionCtxKey("session")); !ok {
+			http.Redirect(w, r, "/login", http.StatusSeeOther)
+		}
+
+		// else this is a valid auth session request
+		next.ServeHTTP(w, r)
 	})
 }
diff --git a/src/sessions/sessions.go b/src/sessions/sessions.go
index d2acab6..34fe91c 100644
--- a/src/sessions/sessions.go
+++ b/src/sessions/sessions.go
@@ -2,22 +2,24 @@ package sessions
 
 import (
 	"net/http"
+	"sync"
 
 	"github.com/google/uuid"
 )
 
-type SessionMgr struct {
-	key    string
-	Values map[string]string
-}
+type sessionvalues map[string]any
 
-type session map[string]any
+type Session struct {
+	id     string
+	values sessionvalues
+	mu     *sync.Mutex
+}
 
 type SessionCtxKey string
 
-var sessions map[string]session
+var _sessions map[string]Session
 
-func (sm *SessionMgr) NewSession(w http.ResponseWriter, r http.Request) {
+func NewSession(w http.ResponseWriter, values map[string]any) Session {
 	token := uuid.NewString()
 
 	// set secure cookie in http.ResponseWriter
@@ -27,9 +29,33 @@ func (sm *SessionMgr) NewSession(w http.ResponseWriter, r http.Request) {
 		Value: token,
 	})
 
-	sessions[token] = session{
-		"username": username,
+	// create session and store
+	s := Session{
+		id:     token,
+		values: sessionvalues(values),
 	}
-	// set request context
+	_sessions[token] = s
+	return s
+}
+
+func GetSession(id string) (Session, bool) {
+	s, ok := _sessions[id]
+	return s, ok
+}
+
+func (s *Session) Id() string {
+	return s.id
+}
+
+func (s *Session) Get(key string) interface{} {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	return s.values[key]
+}
 
+func (s *Session) Set(key string, value interface{}) bool {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	s.values[key] = value
+	return true
 }
diff --git a/src/user/routes.go b/src/user/routes.go
index 636daa6..f82cbdc 100644
--- a/src/user/routes.go
+++ b/src/user/routes.go
@@ -41,6 +41,7 @@ var Routes = server.Routes{
 		Path:         "/u/me",
 		AuthRequired: true,
 		HandlerFunc:  Show,
+		Middlewares:  server.NewMiddlewares(sessions.AuthSession),
 	},
 }
 
@@ -80,7 +81,7 @@ func Store(s *server.Server) http.HandlerFunc {
 		}
 		// Send email validation
 		// Create cookie session
-		sessions.Store(w, user.Username)
+		sessions.NewSession(w, map[string]interface{}{"uid": user.Id, "username": user.Username})
 		// Redirect to user profile
 		http.Redirect(w, r, "/u/me", http.StatusSeeOther)
 	}
@@ -98,15 +99,6 @@ func Authenticate(s *server.Server) http.HandlerFunc {
 
 func Show(s *server.Server) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		token, err := r.Cookie("session_token")
-		if err != nil {
-			s.Ui.Render(w, "user/login", &struct{ Message string }{"You are not logged in! Missing Cookie"})
-		}
-		session, ok := sessions.NewSession(w, r, token.Value)
-		if !ok {
-			s.Ui.Render(w, "user/login", &struct{ Message string }{"You are not logged in! With Session."})
-		}
-
 		s.Ui.Render(w, "user/me", &struct{ Message, Username string }{"Congrats on getting this far!", session.Username()})
 	}
 }
author	Alexander Kavon <hawk@alexkavon.com>	2023-11-30 05:21:38 -0500
committer	Alexander Kavon <hawk@alexkavon.com>	2023-11-30 05:21:38 -0500
commit	ec1f49a98765800481608394af3feb5a5221110c (patch)
tree	a9e1843c7b79a5c111d5fb18c7c336068479eb55 /src
parent	218cd643550ed00d26b6e9772d8a64875b5abf2e (diff)