1 files changed, 55 insertions, 0 deletions

diff --git a/pkg/webui/sessions.go b/pkg/webui/sessions.go
new file mode 100644
index 0000000..6d492d5
--- /dev/null
+++ b/pkg/webui/sessions.go
@@ -0,0 +1,55 @@
+package webui
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"git.adyxax.org/adyxax/tfstated/pkg/database"
+	"git.adyxax.org/adyxax/tfstated/pkg/model"
+)
+
+const cookieName = "tfstated"
+
+func sessionsMiddleware(db *database.DB) func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			cookie, err := r.Cookie(cookieName)
+			if err != nil && !errors.Is(err, http.ErrNoCookie) {
+				errorResponse(w, http.StatusInternalServerError, fmt.Errorf("failed to get request cookie \"%s\": %w", cookieName, err))
+				return
+			}
+			if err == nil {
+				if len(cookie.Value) != 36 {
+					http.SetCookie(w, &http.Cookie{
+						Name:     cookieName,
+						Value:    "",
+						Quoted:   false,
+						Path:     "/",
+						MaxAge:   0, // remove invalid cookie
+						HttpOnly: true,
+						SameSite: http.SameSiteStrictMode,
+						Secure:   true,
+					})
+				} else {
+					session, err := db.LoadSessionById(cookie.Value)
+					if err != nil {
+						errorResponse(w, http.StatusInternalServerError, err)
+						return
+					}
+					if !session.IsExpired() {
+						if err := db.TouchSession(cookie.Value); err != nil {
+							errorResponse(w, http.StatusInternalServerError, err)
+							return
+						}
+						ctx := context.WithValue(r.Context(), model.SessionContextKey{}, session)
+						next.ServeHTTP(w, r.WithContext(ctx))
+						return
+					}
+				}
+			}
+			next.ServeHTTP(w, r)
+		})
+	}
+}