Add session management

1 files changed, 81 insertions, 0 deletions

diff --git a/cmd/web/middleware/auth.go b/cmd/web/middleware/auth.go
new file mode 100644
index 0000000..b53980a
--- /dev/null
+++ b/cmd/web/middleware/auth.go
@@ -0,0 +1,81 @@
+package middleware
+
+import (
+	"database/sql"
+	"log"
+	"net/http"
+	"time"
+)
+
+type AuthMiddleware struct {
+	Err *log.Logger
+	Db *sql.DB
+}
+
+func (auth *AuthMiddleware) Resolve(next http.HandlerFunc) http.HandlerFunc {
+	return http.HandlerFunc(
+		func (w http.ResponseWriter, r *http.Request) {
+			cookie, err := r.Cookie("paterissa_session_token")
+			if err != nil {
+				w.WriteHeader(401)
+				w.Write([]byte("Unauthorized"))
+				return
+			}
+
+			stmt, err := auth.Db.Prepare("SELECT * FROM cookies WHERE content = $1;")
+			if err != nil {
+				cookie = &http.Cookie{
+					Name: "paterissa_session_token",
+					Value: "",
+					Path: "/",
+					MaxAge: -1,
+					HttpOnly: true,
+				}
+				http.SetCookie(w, cookie)
+
+				w.Write([]byte("Unauthorized"))
+				auth.Err.Printf("Could not retrieve cookie from DB: %v\n", err)
+				return
+			}
+			defer stmt.Close()
+
+			var id int
+			var content string
+			var userId int
+			var expiration time.Time
+
+			row := stmt.QueryRow(cookie.Value)
+			err = row.Scan(&id, &content, &userId, &expiration)
+			if err != nil {
+				cookie = &http.Cookie{
+					Name: "paterissa_session_token",
+					Value: "",
+					Path: "/",
+					MaxAge: -1,
+					HttpOnly: true,
+				}
+				http.SetCookie(w, cookie)
+
+				w.Write([]byte("Unauthorized"))
+				auth.Err.Printf("Could not retrieve cookie from DB: %v\n", err)
+				return
+			}
+
+			if time.Now().After(expiration) {
+				cookie = &http.Cookie{
+					Name: "paterissa_session_token",
+					Value: "",
+					Path: "/",
+					MaxAge: -1,
+					HttpOnly: true,
+				}
+				http.SetCookie(w, cookie)
+
+				w.Write([]byte("Expired"))
+				return
+			}
+
+			next.ServeHTTP(w, r)
+			return
+		})
+}