From 17af6e1a5017285b680a7d0a1dace1e1a1612ab9 Mon Sep 17 00:00:00 2001
From: Alexander Kavon <hawk@alexkavon.com>
Date: Thu, 30 Nov 2023 20:10:41 -0500
Subject: fixed login/create templates to point to correct endpoints, updated
 func names to be more idiomatic, reference Session objects to save memory,
 logout/session.Destroy method

---
 src/sessions/middleware.go | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

(limited to 'src/sessions/middleware.go')

diff --git a/src/sessions/middleware.go b/src/sessions/middleware.go
index 6bb3b15..6ae34ac 100644
--- a/src/sessions/middleware.go
+++ b/src/sessions/middleware.go
@@ -5,22 +5,25 @@ import (
 	"net/http"
 )
 
-func SetSession(next http.Handler) http.Handler {
+func StartSession(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// is there a session_token cookie?
 		scookie, err := r.Cookie("session_token")
 		if err != nil || scookie.Value == "" {
 			// no session value or cookie
 			next.ServeHTTP(w, r)
+			return
 		}
+		// check for existing session
 		cvalue := scookie.Value
 		vsession, ok := GetSession(cvalue)
 		if !ok {
 			// no session
 			next.ServeHTTP(w, r)
+			return
 		}
 		// set session
-		ctx := context.WithValue(r.Context(), SessionCtxKey("session"), vsession.Id())
+		ctx := context.WithValue(r.Context(), SessionCtxKey("session"), vsession)
 		next.ServeHTTP(w, r.WithContext(ctx))
 	})
 }
@@ -30,6 +33,7 @@ func GuestSession(next http.Handler) http.Handler {
 		// if SessionKey does exist then redirect to `/u/me` as this is an auth session
 		if v := r.Context().Value(SessionCtxKey("session")); v != nil {
 			http.Redirect(w, r, "/u/me", http.StatusSeeOther)
+			return
 		}
 		// else this is a valid guest request
 		next.ServeHTTP(w, r)
@@ -40,10 +44,11 @@ func AuthSession(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// if session key exists then this is a valid auth request
 		if v := r.Context().Value(SessionCtxKey("session")); v != nil {
-			http.Redirect(w, r, "/login", http.StatusSeeOther)
+			next.ServeHTTP(w, r)
+			return
 		}
 
 		// else this is a guest session request, redirect to login
-		http.Redirect(w, r, "/login", http.StatusSeeOther)
+		http.Redirect(w, r, "/u/auth", http.StatusSeeOther)
 	})
 }
-- 
cgit v1.2.3