diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/sessions/middleware.go | 23 | ||||
| -rw-r--r-- | src/sessions/sessions.go | 46 | ||||
| -rw-r--r-- | src/user/routes.go | 12 |
3 files changed, 56 insertions, 25 deletions
diff --git a/src/sessions/middleware.go b/src/sessions/middleware.go index 238047e..c1d0528 100644 --- a/src/sessions/middleware.go +++ b/src/sessions/middleware.go @@ -7,19 +7,20 @@ import ( func SetSession(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // is there a session_token cookie? scookie, err := r.Cookie("session_token") if err != nil || scookie.Value == "" { // no session value or cookie next.ServeHTTP(w, r) } cvalue := scookie.Value - vsession, ok := Sessions[cvalue] + vsession, ok := GetSession(cvalue) if !ok { // no session next.ServeHTTP(w, r) } // set session - ctx := context.WithValue(r.Context(), SessionCtxKey("session"), vsession) + ctx := context.WithValue(r.Context(), SessionCtxKey("session"), vsession.Id()) next.ServeHTTP(w, r.WithContext(ctx)) }) } @@ -27,10 +28,22 @@ func SetSession(next http.Handler) http.Handler { func GuestSession(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // if SessionKey does not exist then this is a valid guest request - if _, ok := r.Context().Value(SessionCtxKey("session")).(session); !ok { + if _, ok := r.Context().Value(SessionCtxKey("session")); !ok { next.ServeHTTP(w, r) } - // else redirect to `/` as this is an auth session - http.Redirect(w, r, "/", http.StatusSeeOther) + // else redirect to `/u/me` as this is an auth session + http.Redirect(w, r, "/u/me", http.StatusSeeOther) + }) +} + +func AuthSession(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // if session key not exists, then this is a guest session request redirect to login page + if _, ok := r.Context().Value(SessionCtxKey("session")); !ok { + http.Redirect(w, r, "/login", http.StatusSeeOther) + } + + // else this is a valid auth session request + next.ServeHTTP(w, r) }) } diff --git a/src/sessions/sessions.go b/src/sessions/sessions.go index d2acab6..34fe91c 100644 --- a/src/sessions/sessions.go +++ b/src/sessions/sessions.go @@ -2,22 +2,24 @@ package sessions import ( "net/http" + "sync" "github.com/google/uuid" ) -type SessionMgr struct { - key string - Values map[string]string -} +type sessionvalues map[string]any -type session map[string]any +type Session struct { + id string + values sessionvalues + mu *sync.Mutex +} type SessionCtxKey string -var sessions map[string]session +var _sessions map[string]Session -func (sm *SessionMgr) NewSession(w http.ResponseWriter, r http.Request) { +func NewSession(w http.ResponseWriter, values map[string]any) Session { token := uuid.NewString() // set secure cookie in http.ResponseWriter @@ -27,9 +29,33 @@ func (sm *SessionMgr) NewSession(w http.ResponseWriter, r http.Request) { Value: token, }) - sessions[token] = session{ - "username": username, + // create session and store + s := Session{ + id: token, + values: sessionvalues(values), } - // set request context + _sessions[token] = s + return s +} + +func GetSession(id string) (Session, bool) { + s, ok := _sessions[id] + return s, ok +} + +func (s *Session) Id() string { + return s.id +} + +func (s *Session) Get(key string) interface{} { + s.mu.Lock() + defer s.mu.Unlock() + return s.values[key] +} +func (s *Session) Set(key string, value interface{}) bool { + s.mu.Lock() + defer s.mu.Unlock() + s.values[key] = value + return true } diff --git a/src/user/routes.go b/src/user/routes.go index 636daa6..f82cbdc 100644 --- a/src/user/routes.go +++ b/src/user/routes.go @@ -41,6 +41,7 @@ var Routes = server.Routes{ Path: "/u/me", AuthRequired: true, HandlerFunc: Show, + Middlewares: server.NewMiddlewares(sessions.AuthSession), }, } @@ -80,7 +81,7 @@ func Store(s *server.Server) http.HandlerFunc { } // Send email validation // Create cookie session - sessions.Store(w, user.Username) + sessions.NewSession(w, map[string]interface{}{"uid": user.Id, "username": user.Username}) // Redirect to user profile http.Redirect(w, r, "/u/me", http.StatusSeeOther) } @@ -98,15 +99,6 @@ func Authenticate(s *server.Server) http.HandlerFunc { func Show(s *server.Server) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - token, err := r.Cookie("session_token") - if err != nil { - s.Ui.Render(w, "user/login", &struct{ Message string }{"You are not logged in! Missing Cookie"}) - } - session, ok := sessions.NewSession(w, r, token.Value) - if !ok { - s.Ui.Render(w, "user/login", &struct{ Message string }{"You are not logged in! With Session."}) - } - s.Ui.Render(w, "user/me", &struct{ Message, Username string }{"Congrats on getting this far!", session.Username()}) } } |