package main import ( "context" "encoding/gob" "log" "net/http" "os" "github.com/gorilla/securecookie" "github.com/gorilla/sessions" ) const ( sessionCookie = "sessionKeks" sessionContextKey = "_session" dataKey = "data" ) func init() { gob.Register(SessionData{}) } type Session struct { *SessionData s *sessions.Session } type SessionData struct { UserID int32 Authenticated bool } func (s *Session) Save(w http.ResponseWriter, r *http.Request) { s.s.Values[dataKey] = *s.SessionData if err := s.s.Save(r, w); err != nil { log.Panic("Storing session: ", err) } } func (s *Session) MaxAge(maxAge int) { s.s.Options.MaxAge = maxAge } func (s *Session) Invalidate() { s.MaxAge(-1) s.Authenticated = false } func session(r *http.Request) Session { s := r.Context().Value(sessionContextKey).(*sessions.Session) s.Options.HttpOnly = true sd, ok := s.Values[dataKey].(SessionData) if !ok { sd = SessionData{} } return Session{&sd, s} } func sessionHandler(next http.Handler) http.Handler { var key []byte if envKey := os.Getenv("GOSTEN_SECRET"); len(envKey) >= 32 { key = []byte(envKey) } else { key = securecookie.GenerateRandomKey(32) } sessionStore := sessions.NewCookieStore(key) return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { session, _ := sessionStore.Get(r, sessionCookie) ctx := context.WithValue(r.Context(), sessionContextKey, session) next.ServeHTTP(w, r.WithContext(ctx)) }) }