89 lines
2.2 KiB
Go
89 lines
2.2 KiB
Go
package auth
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"github.com/gorilla/sessions"
|
|
)
|
|
|
|
const sessionName = "startpage_session"
|
|
const userIDKey = "user_id"
|
|
|
|
// CookieSessionStore implements SessionStore using gorilla/sessions
|
|
type CookieSessionStore struct {
|
|
store *sessions.CookieStore
|
|
}
|
|
|
|
// NewCookieSessionStore creates a new cookie-based session store
|
|
func NewCookieSessionStore(secretKey string, maxAge int) *CookieSessionStore {
|
|
store := sessions.NewCookieStore([]byte(secretKey))
|
|
store.Options = &sessions.Options{
|
|
Path: "/",
|
|
MaxAge: maxAge,
|
|
HttpOnly: true,
|
|
Secure: false, // Set to true in production with HTTPS
|
|
SameSite: http.SameSiteLaxMode,
|
|
}
|
|
|
|
return &CookieSessionStore{
|
|
store: store,
|
|
}
|
|
}
|
|
|
|
// CreateSession creates a new session for the user
|
|
func (s *CookieSessionStore) CreateSession(w http.ResponseWriter, r *http.Request, userID string) error {
|
|
session, err := s.store.Get(r, sessionName)
|
|
if err != nil {
|
|
// If there's an error getting the session, create a new one
|
|
session, _ = s.store.New(r, sessionName)
|
|
}
|
|
|
|
session.Values[userIDKey] = userID
|
|
|
|
if err := session.Save(r, w); err != nil {
|
|
return fmt.Errorf("failed to save session: %w", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// GetUserID retrieves the user ID from the session
|
|
func (s *CookieSessionStore) GetUserID(r *http.Request) (string, error) {
|
|
session, err := s.store.Get(r, sessionName)
|
|
if err != nil {
|
|
return "", fmt.Errorf("failed to get session: %w", err)
|
|
}
|
|
|
|
userID, ok := session.Values[userIDKey].(string)
|
|
if !ok || userID == "" {
|
|
return "", fmt.Errorf("user ID not found in session")
|
|
}
|
|
|
|
return userID, nil
|
|
}
|
|
|
|
// ValidateSession checks if a valid session exists for the request
|
|
func (s *CookieSessionStore) ValidateSession(r *http.Request) bool {
|
|
_, err := s.GetUserID(r)
|
|
return err == nil
|
|
}
|
|
|
|
// DestroySession destroys the user's session
|
|
func (s *CookieSessionStore) DestroySession(w http.ResponseWriter, r *http.Request) error {
|
|
session, err := s.store.Get(r, sessionName)
|
|
if err != nil {
|
|
// Session doesn't exist or is invalid, nothing to destroy
|
|
return nil
|
|
}
|
|
|
|
// Set MaxAge to -1 to delete the cookie
|
|
session.Options.MaxAge = -1
|
|
|
|
if err := session.Save(r, w); err != nil {
|
|
return fmt.Errorf("failed to destroy session: %w", err)
|
|
}
|
|
|
|
return nil
|
|
}
|