From 24c2071fcaa8065d450dae78a80a671697f0e873 Mon Sep 17 00:00:00 2001 From: René 'Necoro' Neumann Date: Wed, 14 Feb 2024 00:23:02 +0100 Subject: Restructure: Move auth and session to their own files Make auth handling nicer. --- session.go | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 session.go (limited to 'session.go') diff --git a/session.go b/session.go new file mode 100644 index 0000000..f495cdd --- /dev/null +++ b/session.go @@ -0,0 +1,70 @@ +package main + +import ( + "context" + "encoding/gob" + "log" + "net/http" + + "github.com/gorilla/securecookie" + "github.com/gorilla/sessions" +) + +const ( + sessionCookie = "sessionKeks" + sessionContextKey = "_session" + dataKey = "data" +) + +var sessionStore sessions.Store + +func init() { + gob.Register(SessionData{}) + sessionStore = sessions.NewCookieStore(securecookie.GenerateRandomKey(32)) +} + +type Session struct { + *SessionData + s *sessions.Session +} + +type SessionData struct { + UserID int64 + Authenticated bool +} + +func (s *Session) Save(w http.ResponseWriter, r *http.Request) { + s.s.Values[dataKey] = *s.SessionData + if err := s.s.Save(r, w); err != nil { + log.Panic("Storing session: ", err) + } +} + +func (s *Session) MaxAge(maxAge int) { + s.s.Options.MaxAge = maxAge +} + +func (s *Session) Invalidate() { + s.MaxAge(-1) + s.Authenticated = false +} + +func session(r *http.Request) Session { + s := r.Context().Value(sessionContextKey).(*sessions.Session) + s.Options.HttpOnly = true + + sd, ok := s.Values[dataKey].(SessionData) + if !ok { + sd = SessionData{} + } + return Session{&sd, s} +} + +func sessionHandler(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + session, _ := sessionStore.Get(r, sessionCookie) + + ctx := context.WithValue(r.Context(), sessionContextKey, session) + next.ServeHTTP(w, r.WithContext(ctx)) + }) +} -- cgit v1.2.3-70-g09d2