cpolis/cmd/frontend/sessions.go

169 lines
4.4 KiB
Go
Raw Normal View History

package frontend
2024-03-03 09:16:49 +01:00
import (
"context"
"errors"
2024-03-03 13:56:49 +01:00
"fmt"
2024-03-03 09:16:49 +01:00
"html/template"
"log"
"net/http"
"time"
2024-03-03 09:16:49 +01:00
"github.com/google/uuid"
b "streifling.com/jason/cpolis/cmd/backend"
2024-03-03 09:16:49 +01:00
)
type Session struct {
ctx context.Context
cancel context.CancelFunc
cookie *http.Cookie
User *b.User
Article *b.Article
}
2024-03-03 13:56:49 +01:00
func newSession(w http.ResponseWriter, c *b.Config, sessionExpiryChan chan<- string, user *b.User) *Session {
sessionID := uuid.New().String()
expires := time.Now().Add(time.Hour * time.Duration(c.CookieExpiryHours))
ctx, cancel := context.WithDeadline(context.Background(), expires)
session := &Session{
ctx: ctx,
cancel: cancel,
cookie: &http.Cookie{
Name: "cpolis_session",
Value: sessionID,
Expires: expires,
Path: "/",
HttpOnly: true,
Secure: true,
SameSite: http.SameSiteStrictMode,
},
User: user,
2024-03-03 13:56:49 +01:00
}
go func() {
<-session.ctx.Done()
sessionExpiryChan <- session.cookie.Value
session.cookie.Expires = time.Now()
http.SetCookie(w, session.cookie)
}()
return session
}
func StartSessions() (map[string]*Session, chan string) {
sessions := make(map[string]*Session)
sessionExpiryChan := make(chan string)
go func() {
for sessionID := range sessionExpiryChan {
delete(sessions, sessionID)
}
}()
return sessions, sessionExpiryChan
2024-03-03 13:56:49 +01:00
}
// ManageSession is used for verifying that the user is logged in and returns
// their session and an error. It also handles cases where the user is not
// logged in.
func ManageSession(w http.ResponseWriter, r *http.Request, c *b.Config, s map[string]*Session) (*Session, error) {
tmpl, tmplErr := template.ParseFiles(c.WebDir+"/templates/index.html", c.WebDir+"/templates/login.html")
2025-01-14 21:27:24 +01:00
cookie, err := r.Cookie("cpolis_session")
if err != nil {
if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil {
return nil, fmt.Errorf("error executing template: %v", err)
}
return nil, errors.New("no cookie set")
}
session, ok := s[cookie.Value]
if !ok {
cookie.Expires = time.Now()
http.SetCookie(w, cookie)
if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil {
return nil, fmt.Errorf("error executing template: %v", err)
2024-03-03 09:16:49 +01:00
}
return nil, errors.New("session does not exist")
2024-03-03 09:16:49 +01:00
}
session.cookie.Expires = time.Now().Add(time.Hour * time.Duration(c.CookieExpiryHours))
2025-01-14 21:27:24 +01:00
http.SetCookie(w, session.cookie)
return session, nil
2024-03-03 09:16:49 +01:00
}
func Login(c *b.Config, db *b.DB, s map[string]*Session, sessionExpiryChan chan string) http.HandlerFunc {
2024-03-03 09:16:49 +01:00
return func(w http.ResponseWriter, r *http.Request) {
userName := r.PostFormValue("username")
password := r.PostFormValue("password")
id := db.GetID(userName)
if id == 0 {
http.Error(w, fmt.Sprintf("no such user: %v", userName), http.StatusBadRequest)
2024-03-03 09:16:49 +01:00
return
}
if err := db.CheckPassword(id, password); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
user, err := db.GetUser(c, id)
2024-03-03 09:16:49 +01:00
if err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
session := newSession(w, c, sessionExpiryChan, user)
s[session.cookie.Value] = session
http.SetCookie(w, session.cookie)
2024-03-03 09:16:49 +01:00
tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
2024-10-27 13:58:19 +01:00
if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
2024-03-03 09:16:49 +01:00
}
}
2024-03-12 20:27:39 +01:00
func Logout(c *b.Config, s map[string]*Session) http.HandlerFunc {
2024-03-12 20:27:39 +01:00
return func(w http.ResponseWriter, r *http.Request) {
tmpl, tmplErr := template.ParseFiles(c.WebDir + "/templates/login.html")
2025-01-14 21:27:24 +01:00
cookie, err := r.Cookie("cpolis_session")
if err != nil {
if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
}
cookie.Expires = time.Now()
http.SetCookie(w, cookie)
session, ok := s[cookie.Value]
if !ok {
if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
}
session.cancel()
if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil {
log.Println(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
}
}