cpolis/cmd/frontend/sessions.go

package frontend

import (
	"context"
	"errors"
	"fmt"
	"html/template"
	"log"
	"net/http"
	"time"

	"github.com/google/uuid"
	b "streifling.com/jason/cpolis/cmd/backend"
)

type Session struct {
	ctx     context.Context
	cancel  context.CancelFunc
	cookie  *http.Cookie
	User    *b.User
	Article *b.Article
}

func newSession(w http.ResponseWriter, c *b.Config, sessionExpiryChan chan<- string, user *b.User) *Session {
	sessionID := uuid.New().String()
	expires := time.Now().Add(time.Hour * time.Duration(c.CookieExpiryHours))
	ctx, cancel := context.WithDeadline(context.Background(), expires)

	session := &Session{
		ctx:    ctx,
		cancel: cancel,
		cookie: &http.Cookie{
			Name:     "cpolis_session",
			Value:    sessionID,
			Expires:  expires,
			Path:     "/",
			HttpOnly: true,
			Secure:   true,
			SameSite: http.SameSiteStrictMode,
		},
		User: user,
	}

	go func() {
		<-session.ctx.Done()
		sessionExpiryChan <- session.cookie.Value
		session.cookie.Expires = time.Now()
		http.SetCookie(w, session.cookie)
	}()

	return session
}

func StartSessions() (map[string]*Session, chan string) {
	sessions := make(map[string]*Session)
	sessionExpiryChan := make(chan string)

	go func() {
		for sessionID := range sessionExpiryChan {
			delete(sessions, sessionID)
		}
	}()

	return sessions, sessionExpiryChan
}

// ManageSession is used for verifying that the user is logged in and returns
// their session and an error. It also handles cases where the user is not
// logged in.
func ManageSession(w http.ResponseWriter, r *http.Request, c *b.Config, s map[string]*Session) (*Session, error) {
	tmpl, tmplErr := template.ParseFiles(c.WebDir+"/templates/index.html", c.WebDir+"/templates/login.html")

	cookie, err := r.Cookie("session_id")
	if err != nil {
		if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil {
			return nil, fmt.Errorf("error executing template: %v", err)
		}

		return nil, errors.New("no cookie set")
	}

	session, ok := s[cookie.Value]
	if !ok {
		cookie.Expires = time.Now()
		http.SetCookie(w, cookie)

		if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil {
			return nil, fmt.Errorf("error executing template: %v", err)
		}

		return nil, errors.New("session does not exist")
	}

	session.cookie.Expires = time.Now().Add(time.Hour * time.Duration(c.CookieExpiryHours))
	http.SetCookie(w, cookie)

	return session, nil
}

func Login(c *b.Config, db *b.DB, s map[string]*Session, sessionExpiryChan chan string) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		userName := r.PostFormValue("username")
		password := r.PostFormValue("password")

		id := db.GetID(userName)
		if id == 0 {
			http.Error(w, fmt.Sprintf("no such user: %v", userName), http.StatusBadRequest)
			return
		}

		if err := db.CheckPassword(id, password); err != nil {
			log.Println(err)
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}

		user, err := db.GetUser(c, id)
		if err != nil {
			log.Println(err)
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}

		session := newSession(w, c, sessionExpiryChan, user)
		s[session.cookie.Value] = session
		http.SetCookie(w, session.cookie)

		tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")
		if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user); err != nil {
			log.Println(err)
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}
	}
}

func Logout(c *b.Config, s map[string]*Session) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		tmpl, tmplErr := template.ParseFiles(c.WebDir + "/templates/login.html")

		cookie, err := r.Cookie("session_id")
		if err != nil {
			if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil {
				log.Println(err)
				http.Error(w, err.Error(), http.StatusInternalServerError)
				return
			}
		}
		cookie.Expires = time.Now()
		http.SetCookie(w, cookie)

		session, ok := s[cookie.Value]
		if !ok {
			if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil {
				log.Println(err)
				http.Error(w, err.Error(), http.StatusInternalServerError)
				return
			}
		}
		session.cancel()

		if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil {
			log.Println(err)
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}
	}
}
Change structure of code tor frontend and backend one 2024-07-13 13:58:36 +02:00			`package frontend`
Initial sessions implementation 2024-03-03 09:16:49 +01:00
			`import (`
Initial version of native session management 2025-01-14 20:53:49 +01:00			`"context"`
			`"errors"`
Added partial support for tags 2024-03-03 13:56:49 +01:00			`"fmt"`
Initial sessions implementation 2024-03-03 09:16:49 +01:00			`"html/template"`
			`"log"`
			`"net/http"`
Initial version of native session management 2025-01-14 20:53:49 +01:00			`"time"`
Initial sessions implementation 2024-03-03 09:16:49 +01:00
Initial version of native session management 2025-01-14 20:53:49 +01:00			`"github.com/google/uuid"`
Shorten lines by referencing frontend as f and backend as b 2024-07-13 14:09:11 +02:00			`b "streifling.com/jason/cpolis/cmd/backend"`
Initial sessions implementation 2024-03-03 09:16:49 +01:00			`)`

Initial version of native session management 2025-01-14 20:53:49 +01:00			`type Session struct {`
			`ctx context.Context`
			`cancel context.CancelFunc`
			`cookie *http.Cookie`
			`User *b.User`
			`Article *b.Article`
			`}`
Added partial support for tags 2024-03-03 13:56:49 +01:00
Initial version of native session management 2025-01-14 20:53:49 +01:00			`func newSession(w http.ResponseWriter, c b.Config, sessionExpiryChan chan<- string, user b.User) *Session {`
			`sessionID := uuid.New().String()`
			`expires := time.Now().Add(time.Hour * time.Duration(c.CookieExpiryHours))`
			`ctx, cancel := context.WithDeadline(context.Background(), expires)`

			`session := &Session{`
			`ctx: ctx,`
			`cancel: cancel,`
			`cookie: &http.Cookie{`
			`Name: "cpolis_session",`
			`Value: sessionID,`
			`Expires: expires,`
			`Path: "/",`
			`HttpOnly: true,`
			`Secure: true,`
			`SameSite: http.SameSiteStrictMode,`
			`},`
			`User: user,`
Added partial support for tags 2024-03-03 13:56:49 +01:00			`}`

Initial version of native session management 2025-01-14 20:53:49 +01:00			`go func() {`
			`<-session.ctx.Done()`
			`sessionExpiryChan <- session.cookie.Value`
			`session.cookie.Expires = time.Now()`
			`http.SetCookie(w, session.cookie)`
			`}()`

			`return session`
			`}`

			`func StartSessions() (map[string]*Session, chan string) {`
			`sessions := make(map[string]*Session)`
			`sessionExpiryChan := make(chan string)`

			`go func() {`
			`for sessionID := range sessionExpiryChan {`
			`delete(sessions, sessionID)`
			`}`
			`}()`

			`return sessions, sessionExpiryChan`
Added partial support for tags 2024-03-03 13:56:49 +01:00			`}`

Initial version of native session management 2025-01-14 20:53:49 +01:00			`// ManageSession is used for verifying that the user is logged in and returns`
			`// their session and an error. It also handles cases where the user is not`
			`// logged in.`
			`func ManageSession(w http.ResponseWriter, r http.Request, c b.Config, s map[string]Session) (Session, error) {`
Moved getSession to frontend/sessions.go 2024-09-28 13:22:53 +02:00			`tmpl, tmplErr := template.ParseFiles(c.WebDir+"/templates/index.html", c.WebDir+"/templates/login.html")`

Initial version of native session management 2025-01-14 20:53:49 +01:00			`cookie, err := r.Cookie("session_id")`
Moved getSession to frontend/sessions.go 2024-09-28 13:22:53 +02:00			`if err != nil {`
Initial version of native session management 2025-01-14 20:53:49 +01:00			`if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil {`
Check for errors when executing templates 2024-10-04 10:21:56 +02:00			`return nil, fmt.Errorf("error executing template: %v", err)`
			`}`
Moved getSession to frontend/sessions.go 2024-09-28 13:22:53 +02:00
Initial version of native session management 2025-01-14 20:53:49 +01:00			`return nil, errors.New("no cookie set")`
Moved getSession to frontend/sessions.go 2024-09-28 13:22:53 +02:00			`}`

Initial version of native session management 2025-01-14 20:53:49 +01:00			`session, ok := s[cookie.Value]`
			`if !ok {`
			`cookie.Expires = time.Now()`
			`http.SetCookie(w, cookie)`
Moved getSession to frontend/sessions.go 2024-09-28 13:22:53 +02:00
Initial version of native session management 2025-01-14 20:53:49 +01:00			`if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil {`
			`return nil, fmt.Errorf("error executing template: %v", err)`
Initial sessions implementation 2024-03-03 09:16:49 +01:00			`}`

Initial version of native session management 2025-01-14 20:53:49 +01:00			`return nil, errors.New("session does not exist")`
Initial sessions implementation 2024-03-03 09:16:49 +01:00			`}`
Initial version of native session management 2025-01-14 20:53:49 +01:00
			`session.cookie.Expires = time.Now().Add(time.Hour * time.Duration(c.CookieExpiryHours))`
			`http.SetCookie(w, cookie)`

			`return session, nil`
Initial sessions implementation 2024-03-03 09:16:49 +01:00			`}`

Initial version of native session management 2025-01-14 20:53:49 +01:00			`func Login(c b.Config, db b.DB, s map[string]*Session, sessionExpiryChan chan string) http.HandlerFunc {`
Initial sessions implementation 2024-03-03 09:16:49 +01:00			`return func(w http.ResponseWriter, r *http.Request) {`
			`userName := r.PostFormValue("username")`
			`password := r.PostFormValue("password")`

Show error messages in UI if something goes wrong 2024-10-04 16:06:33 +02:00			`id := db.GetID(userName)`
			`if id == 0 {`
Instead of having entire articles in the RSS feed, items now contain just a link 2024-08-30 21:20:29 +02:00			`http.Error(w, fmt.Sprintf("no such user: %v", userName), http.StatusBadRequest)`
Initial sessions implementation 2024-03-03 09:16:49 +01:00			`return`
			`}`

			`if err := db.CheckPassword(id, password); err != nil {`
			`log.Println(err)`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

Encrypt sensitive user data with aes256 2024-10-27 13:29:46 +01:00			`user, err := db.GetUser(c, id)`
Initial sessions implementation 2024-03-03 09:16:49 +01:00			`if err != nil {`
			`log.Println(err)`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

Initial version of native session management 2025-01-14 20:53:49 +01:00			`session := newSession(w, c, sessionExpiryChan, user)`
			`s[session.cookie.Value] = session`
			`http.SetCookie(w, session.cookie)`
Initial sessions implementation 2024-03-03 09:16:49 +01:00
Added ability to upload media and parse cli arguments 2024-03-29 09:07:17 +01:00			`tmpl, err := template.ParseFiles(c.WebDir + "/templates/hub.html")`
Make version part of config 2024-10-27 13:58:19 +01:00			`if err = template.Must(tmpl, err).ExecuteTemplate(w, "page-content", user); err != nil {`
Check for errors when executing templates 2024-10-04 10:21:56 +02:00			`log.Println(err)`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`
Initial sessions implementation 2024-03-03 09:16:49 +01:00			`}`
			`}`
Added logout 2024-03-12 20:27:39 +01:00
Initial version of native session management 2025-01-14 20:53:49 +01:00			`func Logout(c b.Config, s map[string]Session) http.HandlerFunc {`
Added logout 2024-03-12 20:27:39 +01:00			`return func(w http.ResponseWriter, r *http.Request) {`
Initial version of native session management 2025-01-14 20:53:49 +01:00			`tmpl, tmplErr := template.ParseFiles(c.WebDir + "/templates/login.html")`
Relocated ShowHub from articles.go to sessions.go because it has even less to do with articles than with sessions 2024-08-18 11:46:23 +02:00
Initial version of native session management 2025-01-14 20:53:49 +01:00			`cookie, err := r.Cookie("session_id")`
Relocated ShowHub from articles.go to sessions.go because it has even less to do with articles than with sessions 2024-08-18 11:46:23 +02:00			`if err != nil {`
Initial version of native session management 2025-01-14 20:53:49 +01:00			`if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil {`
			`log.Println(err)`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`
Relocated ShowHub from articles.go to sessions.go because it has even less to do with articles than with sessions 2024-08-18 11:46:23 +02:00			`}`
Initial version of native session management 2025-01-14 20:53:49 +01:00			`cookie.Expires = time.Now()`
			`http.SetCookie(w, cookie)`
Relocated ShowHub from articles.go to sessions.go because it has even less to do with articles than with sessions 2024-08-18 11:46:23 +02:00
Initial version of native session management 2025-01-14 20:53:49 +01:00			`session, ok := s[cookie.Value]`
			`if !ok {`
			`if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil {`
			`log.Println(err)`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`
Relocated ShowHub from articles.go to sessions.go because it has even less to do with articles than with sessions 2024-08-18 11:46:23 +02:00			`}`
Initial version of native session management 2025-01-14 20:53:49 +01:00			`session.cancel()`
Relocated ShowHub from articles.go to sessions.go because it has even less to do with articles than with sessions 2024-08-18 11:46:23 +02:00
Initial version of native session management 2025-01-14 20:53:49 +01:00			`if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil {`
Check for errors when executing templates 2024-10-04 10:21:56 +02:00			`log.Println(err)`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`
Relocated ShowHub from articles.go to sessions.go because it has even less to do with articles than with sessions 2024-08-18 11:46:23 +02:00			`}`
			`}`