Make start on session management

2025-07-30 09:35:01 +01:00 · 2025-07-30 09:35:01 +01:00 · 17dd20478d
commit 17dd20478d
parent 352d9555ba
4 changed files with 65 additions and 7 deletions
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@ -1,6 +1,7 @@
 package main

 import (
+	"crypto/rand"
 	"flag"
 	"log"
 	"net"
@ -16,6 +17,8 @@ import (
 func main() {
 	var confFile string

+	cache := make(map[string]string, 20)
+
 	flag.StringVar(&confFile, "c", "/etc/gonotes/conf.toml", "Specify path to config file.")
 	flag.Parse()

@ -33,8 +36,28 @@ func main() {

 	etag := middleware.NewETag("static", cacheExpiration)

+	if !conf.Conf.Production {
+		router.HandleFunc("/login/", func(w http.ResponseWriter, r *http.Request) {
+			user := r.FormValue("user")
+			log.Printf("Trying to log in %s", user)
+
+			sessionID := rand.Text()
+			cache[sessionID] = user
+
+			// TODO: omg remove this
+			log.Printf("Session id is %s", sessionID)
+
+			cookie := http.Cookie{
+				Name: "id", Value: sessionID, MaxAge: 3600,
+				Secure: true, HttpOnly: true, Path: "/",
+			}
+			http.SetCookie(w, &cookie)
+			http.Redirect(w, r, "/notes/", http.StatusFound)
+		})
+	}
+
 	router.Handle("/", middleware.LoggingMiddleware(http.RedirectHandler("/notes/", http.StatusFound)))
-	router.Handle("/notes/", middleware.LoggingMiddleware(http.StripPrefix("/notes", notesRouter)))
+	router.Handle("/notes/", middleware.SessionMiddleware(cache, middleware.LoggingMiddleware(http.StripPrefix("/notes", notesRouter))))
 	router.Handle(
 		"/static/",
 		middleware.LoggingMiddleware(
--- a/go.mod
+++ b/go.mod
@ -1,6 +1,6 @@
 module forgejo.gwairfelin.com/max/gonotes

-go 1.23.5
+go 1.24.5

 require github.com/yuin/goldmark v1.7.8

--- a/internal/conf/conf.go
+++ b/internal/conf/conf.go
@ -54,11 +54,12 @@ func (asset *Asset) fetchIfNotExists(staticPath string) {
 }

 type Config struct {
-	Address   string
-	Protocol  string
-	Extension string
-	NotesDir  string
-	LogAccess bool
+	Address    string
+	Protocol   string
+	Extension  string
+	NotesDir   string
+	LogAccess  bool
+	Production bool
 }

 var (
--- a/internal/middleware/session.go
+++ b/internal/middleware/session.go
@ -0,0 +1,34 @@
+// Middleware to deal with sessions
+package middleware
+
+import (
+	"context"
+	"log"
+	"net/http"
+)
+
+func SessionMiddleware(cache map[string]string, next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		sessionCookie, err := r.Cookie("id")
+		// No session yet
+		if err != nil {
+			http.Redirect(w, r, "/login/", http.StatusUnauthorized)
+			return
+		}
+
+		user, ok := cache[sessionCookie.Value]
+
+		// Session expired
+		if !ok {
+			http.Redirect(w, r, "/login/", http.StatusUnauthorized)
+			return
+		}
+
+		log.Printf("User is %s", user)
+
+		ctx := r.Context()
+		ctx = context.WithValue(ctx, "user", user)
+
+		next.ServeHTTP(w, r.WithContext(ctx))
+	})
+}