parent
929657fd34
commit
3bb5e735c6
GPG key ID:
F92E51B86E07177E
19 changed files with 173 additions and 123 deletions
|
|
@ -2,8 +2,10 @@ package webui
|
|||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"log/slog"
|
||||
"net/http"
|
||||
|
||||
"git.adyxax.org/adyxax/tfstated/pkg/database"
|
||||
|
|
@ -17,49 +19,59 @@ func sessionsMiddleware(db *database.DB) func(http.Handler) http.Handler {
|
|||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
cookie, err := r.Cookie(cookieName)
|
||||
if err != nil && !errors.Is(err, http.ErrNoCookie) {
|
||||
errorResponse(w, r, http.StatusInternalServerError, fmt.Errorf("failed to get request cookie \"%s\": %w", cookieName, err))
|
||||
errorResponse(w, r, http.StatusInternalServerError,
|
||||
fmt.Errorf("failed to get session cookie from request: %w", err))
|
||||
return
|
||||
}
|
||||
if err == nil {
|
||||
if len(cookie.Value) != 43 {
|
||||
unsetSesssionCookie(w)
|
||||
} else {
|
||||
if len(cookie.Value) == 43 {
|
||||
session, err := db.LoadSessionById(cookie.Value)
|
||||
if err != nil {
|
||||
errorResponse(w, r, http.StatusInternalServerError, err)
|
||||
errorResponse(w, r, http.StatusInternalServerError,
|
||||
fmt.Errorf("failed to load session by ID: %w", err))
|
||||
return
|
||||
}
|
||||
if session == nil {
|
||||
unsetSesssionCookie(w)
|
||||
} else if session.IsExpired() {
|
||||
unsetSesssionCookie(w)
|
||||
if err := db.DeleteSession(session); err != nil {
|
||||
errorResponse(w, r, http.StatusInternalServerError, err)
|
||||
if session != nil {
|
||||
if session.IsExpired() {
|
||||
if err := db.DeleteSession(session); err != nil {
|
||||
errorResponse(w, r, http.StatusInternalServerError,
|
||||
fmt.Errorf("failed to delete session: %w", err))
|
||||
return
|
||||
}
|
||||
} else {
|
||||
ctx := context.WithValue(r.Context(), model.SessionContextKey{}, session)
|
||||
var settings model.Settings
|
||||
if err := json.Unmarshal(session.Settings, &settings); err != nil {
|
||||
slog.Error("failed to unmarshal session settings", "err", err)
|
||||
}
|
||||
ctx = context.WithValue(ctx, model.SettingsContextKey{}, &settings)
|
||||
next.ServeHTTP(w, r.WithContext(ctx))
|
||||
return
|
||||
}
|
||||
} else {
|
||||
if err := db.TouchSession(cookie.Value); err != nil {
|
||||
errorResponse(w, r, http.StatusInternalServerError, err)
|
||||
return
|
||||
}
|
||||
ctx := context.WithValue(r.Context(), model.SessionContextKey{}, session)
|
||||
next.ServeHTTP(w, r.WithContext(ctx))
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
next.ServeHTTP(w, r)
|
||||
sessionId, err := db.CreateSession(nil, nil)
|
||||
if err != nil {
|
||||
errorResponse(w, r, http.StatusInternalServerError,
|
||||
fmt.Errorf("failed to create session: %w", err))
|
||||
return
|
||||
}
|
||||
setSessionCookie(w, sessionId)
|
||||
var settings model.Settings
|
||||
ctx := context.WithValue(r.Context(), model.SettingsContextKey{}, &settings)
|
||||
next.ServeHTTP(w, r.WithContext(ctx))
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func unsetSesssionCookie(w http.ResponseWriter) {
|
||||
func setSessionCookie(w http.ResponseWriter, sessionId string) {
|
||||
http.SetCookie(w, &http.Cookie{
|
||||
Name: cookieName,
|
||||
Value: "",
|
||||
Value: sessionId,
|
||||
Quoted: false,
|
||||
Path: "/",
|
||||
MaxAge: 0, // remove invalid cookie
|
||||
MaxAge: 12 * 3600, // 12 hours sessions
|
||||
HttpOnly: true,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
Secure: true,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue