pollo/lib/session.go

package lib

import (
	"database/sql"
	"encoding/hex"
	"encoding/json"
	"log"
	"net/http"
	"os"
	"time"

	"github.com/gorilla/sessions"
	"github.com/labstack/echo-contrib/session"
	"github.com/labstack/echo/v4"
)

type SessionData struct {
	SessionID string   `json:"sessionID"`
	UserID    string   `json:"userId"`
	Name      string   `json:"name"`
	Email     string   `json:"email"`
	Roles     []string `json:"roles"`
}

func InitSessionMiddleware() echo.MiddlewareFunc {
	authSecret := os.Getenv("AUTH_SECRET")
	if authSecret == "" {
		log.Fatal("AUTH_SECRET environment variable is not set.")
	}

	store := sessions.NewCookieStore([]byte(authSecret))
	return session.Middleware(store)
}

// Adjusted SetSessionCookie to include more user info
func SetSessionCookie(w http.ResponseWriter, name string, sessionData SessionData) error {
	// Create session in database
	expiresAt := time.Now().Add(48 * time.Hour) // Set expiration to 48 hours from now
	sessionID, err := CreateSession(GetDB(), sessionData.UserID, expiresAt)
	if err != nil {
		return err
	}

	sessionData.SessionID = sessionID

	// Serialize session data
	dataBytes, err := json.Marshal(sessionData)
	if err != nil {
		return err
	}

	// Encrypt serialized session data
	encryptedData, err := Encrypt(dataBytes)
	if err != nil {
		return err
	}

	// Set cookie with encrypted data
	http.SetCookie(w, &http.Cookie{
		Name:     name,
		Value:    encryptedData,
		Path:     "/",
		HttpOnly: true,
		Secure:   os.Getenv("DEVMODE") != "true",
		SameSite: http.SameSiteStrictMode,
		MaxAge:   3600, // 1 hour
	})

	return nil
}

// Adjusted GetSessionCookie to return SessionData
func GetSessionCookie(r *http.Request, name string) (*SessionData, error) {
	cookie, err := r.Cookie(name)
	if err != nil {
		return nil, err
	}

	// Decrypt the cookie value
	decryptedValue, err := Decrypt(cookie.Value)
	if err != nil {
		return nil, err
	}

	// Deserialize session data
	var sessionData SessionData
	err = json.Unmarshal([]byte(decryptedValue), &sessionData)
	if err != nil {
		return nil, err
	}

	return &sessionData, nil
}

// ClearSessionCookie clears the session cookie from the client's browser
func ClearSessionCookie(w http.ResponseWriter, name string) {
	http.SetCookie(w, &http.Cookie{
		Name:     name,
		Value:    "",
		Path:     "/",
		HttpOnly: true,
		Secure:   os.Getenv("DEVMODE") != "true",
		SameSite: http.SameSiteStrictMode,
		MaxAge:   -1, // This will delete the cookie
	})
}

// Checks if the user is signed in by checking the session cookie
func IsSignedIn(c echo.Context) bool {
	sessionData, err := GetSessionCookie(c.Request(), "session")
	if err != nil {
		log.Printf("Error retrieving session cookie: %v", err)
		return false
	}

	// Validate the session in the database
	validSessionData, err := ValidateSession(GetDB(), sessionData.SessionID)
	if err != nil || validSessionData == nil {
		log.Printf("Invalid session: %v", err)
		ClearSessionCookie(c.Response().Writer, "session")
		return false
	}

	return true
}

// GenerateSessionID generates a new session ID.
func GenerateSessionID() (string, error) {
	bytes, err := GenerateRandomBytes(16)
	if err != nil {
		return "", err
	}
	return hex.EncodeToString(bytes), nil
}

func CreateSession(db *sql.DB, userID string, expiresAt time.Time) (string, error) {
	sessionID := GenerateNewID("session")
	_, err := db.Exec(
		"INSERT INTO sessions (id, user_id, expires_at) VALUES (?, ?, ?)",
		sessionID, userID, expiresAt)
	if err != nil {
		return "", err
	}
	return sessionID, nil
}

func ValidateSession(db *sql.DB, sessionID string) (*SessionData, error) {
	var userID string
	var expiresAt time.Time
	err := db.QueryRow(
		"SELECT user_id, expires_at FROM sessions WHERE id = ? AND expires_at > datetime('now')",
		sessionID).Scan(&userID, &expiresAt)
	if err != nil {
		return nil, err
	}

	user, err := GetUserByID(db, userID)
	if err != nil {
		return nil, err
	}

	return &SessionData{
		SessionID: sessionID,
		UserID:    user.ID,
		Name:      user.Name,
		Email:     user.Email,
		Roles:     []string{"user"},
	}, nil
}

func DeleteSession(db *sql.DB, sessionID string) error {
	_, err := db.Exec(
		"DELETE FROM sessions WHERE id = ?",
		sessionID)
	return err
}
Go is amazing... 2024-06-27 21:23:51 -06:00			`package lib`

			`import (`
Fly time 2024-11-21 00:48:45 -06:00			`"database/sql"`
Go is amazing... 2024-06-27 21:23:51 -06:00			`"encoding/hex"`
Fixed cookie stuff 2024-06-28 00:35:58 -06:00			`"encoding/json"`
Go is amazing... 2024-06-27 21:23:51 -06:00			`"log"`
			`"net/http"`
			`"os"`
Session table work now 2024-09-16 13:46:25 -06:00			`"time"`
Go is amazing... 2024-06-27 21:23:51 -06:00
			`"github.com/gorilla/sessions"`
			`"github.com/labstack/echo-contrib/session"`
			`"github.com/labstack/echo/v4"`
			`)`

Fixed cookie stuff 2024-06-28 00:35:58 -06:00			`type SessionData struct {`
			SessionID string `json:"sessionID"`
			UserID string `json:"userId"`
Auth fixes 2024-06-28 09:11:03 -06:00			Name string `json:"name"`
Fixed cookie stuff 2024-06-28 00:35:58 -06:00			Email string `json:"email"`
			Roles []string `json:"roles"`
			`}`

Go is amazing... 2024-06-27 21:23:51 -06:00			`func InitSessionMiddleware() echo.MiddlewareFunc {`
			`authSecret := os.Getenv("AUTH_SECRET")`
			`if authSecret == "" {`
			`log.Fatal("AUTH_SECRET environment variable is not set.")`
			`}`

			`store := sessions.NewCookieStore([]byte(authSecret))`
			`return session.Middleware(store)`
			`}`

Session table work now 2024-09-16 13:46:25 -06:00			`// Adjusted SetSessionCookie to include more user info`
			`func SetSessionCookie(w http.ResponseWriter, name string, sessionData SessionData) error {`
			`// Create session in database`
Fly time 2024-11-21 00:48:45 -06:00			`expiresAt := time.Now().Add(48 * time.Hour) // Set expiration to 48 hours from now`
			`sessionID, err := CreateSession(GetDB(), sessionData.UserID, expiresAt)`
Fixed cookie stuff 2024-06-28 00:35:58 -06:00			`if err != nil {`
Session table work now 2024-09-16 13:46:25 -06:00			`return err`
Fixed cookie stuff 2024-06-28 00:35:58 -06:00			`}`

Session table work now 2024-09-16 13:46:25 -06:00			`sessionData.SessionID = sessionID`
Fixed cookie stuff 2024-06-28 00:35:58 -06:00
			`// Serialize session data`
			`dataBytes, err := json.Marshal(sessionData)`
			`if err != nil {`
Session table work now 2024-09-16 13:46:25 -06:00			`return err`
Fixed cookie stuff 2024-06-28 00:35:58 -06:00			`}`
Go is amazing... 2024-06-27 21:23:51 -06:00
Fixed cookie stuff 2024-06-28 00:35:58 -06:00			`// Encrypt serialized session data`
Session table work now 2024-09-16 13:46:25 -06:00			`encryptedData, err := Encrypt(dataBytes)`
Fixed cookie stuff 2024-06-28 00:35:58 -06:00			`if err != nil {`
Session table work now 2024-09-16 13:46:25 -06:00			`return err`
Fixed cookie stuff 2024-06-28 00:35:58 -06:00			`}`

			`// Set cookie with encrypted data`
Go is amazing... 2024-06-27 21:23:51 -06:00			`http.SetCookie(w, &http.Cookie{`
			`Name: name,`
Fixed cookie stuff 2024-06-28 00:35:58 -06:00			`Value: encryptedData,`
Go is amazing... 2024-06-27 21:23:51 -06:00			`Path: "/",`
			`HttpOnly: true,`
Fixed cookie stuff 2024-06-28 00:35:58 -06:00			`Secure: os.Getenv("DEVMODE") != "true",`
Go is amazing... 2024-06-27 21:23:51 -06:00			`SameSite: http.SameSiteStrictMode,`
Session table work now 2024-09-16 13:46:25 -06:00			`MaxAge: 3600, // 1 hour`
Go is amazing... 2024-06-27 21:23:51 -06:00			`})`
Session table work now 2024-09-16 13:46:25 -06:00
			`return nil`
Go is amazing... 2024-06-27 21:23:51 -06:00			`}`

Fixed cookie stuff 2024-06-28 00:35:58 -06:00			`// Adjusted GetSessionCookie to return SessionData`
			`func GetSessionCookie(r http.Request, name string) (SessionData, error) {`
Go is amazing... 2024-06-27 21:23:51 -06:00			`cookie, err := r.Cookie(name)`
			`if err != nil {`
Fixed cookie stuff 2024-06-28 00:35:58 -06:00			`return nil, err`
Go is amazing... 2024-06-27 21:23:51 -06:00			`}`
Fixed cookie stuff 2024-06-28 00:35:58 -06:00
			`// Decrypt the cookie value`
Session table work now 2024-09-16 13:46:25 -06:00			`decryptedValue, err := Decrypt(cookie.Value)`
Fixed cookie stuff 2024-06-28 00:35:58 -06:00			`if err != nil {`
			`return nil, err`
			`}`

			`// Deserialize session data`
			`var sessionData SessionData`
			`err = json.Unmarshal([]byte(decryptedValue), &sessionData)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return &sessionData, nil`
Go is amazing... 2024-06-27 21:23:51 -06:00			`}`

Fixed auth and cleaned up docker 2024-06-27 21:51:00 -06:00			`// ClearSessionCookie clears the session cookie from the client's browser`
			`func ClearSessionCookie(w http.ResponseWriter, name string) {`
			`http.SetCookie(w, &http.Cookie{`
			`Name: name,`
			`Value: "",`
			`Path: "/",`
			`HttpOnly: true,`
			`Secure: os.Getenv("DEVMODE") != "true",`
			`SameSite: http.SameSiteStrictMode,`
Fixed cookie stuff 2024-06-28 00:35:58 -06:00			`MaxAge: -1, // This will delete the cookie`
Fixed auth and cleaned up docker 2024-06-27 21:51:00 -06:00			`})`
			`}`

Go is amazing... 2024-06-27 21:23:51 -06:00			`// Checks if the user is signed in by checking the session cookie`
			`func IsSignedIn(c echo.Context) bool {`
Auth fixes 2024-06-28 09:11:03 -06:00			`sessionData, err := GetSessionCookie(c.Request(), "session")`
Fixed cookie stuff 2024-06-28 00:35:58 -06:00			`if err != nil {`
			`log.Printf("Error retrieving session cookie: %v", err)`
Auth fixes 2024-06-28 09:11:03 -06:00			`return false`
Fixed cookie stuff 2024-06-28 00:35:58 -06:00			`}`
Auth fixes 2024-06-28 09:11:03 -06:00
Session table work now 2024-09-16 13:46:25 -06:00			`// Validate the session in the database`
Fly time 2024-11-21 00:48:45 -06:00			`validSessionData, err := ValidateSession(GetDB(), sessionData.SessionID)`
Session table work now 2024-09-16 13:46:25 -06:00			`if err != nil \|\| validSessionData == nil {`
			`log.Printf("Invalid session: %v", err)`
Auth fixes 2024-06-28 09:11:03 -06:00			`ClearSessionCookie(c.Response().Writer, "session")`
			`return false`
			`}`

			`return true`
Go is amazing... 2024-06-27 21:23:51 -06:00			`}`

			`// GenerateSessionID generates a new session ID.`
			`func GenerateSessionID() (string, error) {`
			`bytes, err := GenerateRandomBytes(16)`
			`if err != nil {`
			`return "", err`
			`}`
			`return hex.EncodeToString(bytes), nil`
			`}`
Session table work now 2024-09-16 13:46:25 -06:00
Fly time 2024-11-21 00:48:45 -06:00			`func CreateSession(db *sql.DB, userID string, expiresAt time.Time) (string, error) {`
Session table work now 2024-09-16 13:46:25 -06:00			`sessionID := GenerateNewID("session")`
Fly time 2024-11-21 00:48:45 -06:00			`_, err := db.Exec(`
			`"INSERT INTO sessions (id, user_id, expires_at) VALUES (?, ?, ?)",`
Session table work now 2024-09-16 13:46:25 -06:00			`sessionID, userID, expiresAt)`
			`if err != nil {`
			`return "", err`
			`}`
			`return sessionID, nil`
			`}`

Fly time 2024-11-21 00:48:45 -06:00			`func ValidateSession(db sql.DB, sessionID string) (SessionData, error) {`
Session table work now 2024-09-16 13:46:25 -06:00			`var userID string`
			`var expiresAt time.Time`
Fly time 2024-11-21 00:48:45 -06:00			`err := db.QueryRow(`
			`"SELECT user_id, expires_at FROM sessions WHERE id = ? AND expires_at > datetime('now')",`
Session table work now 2024-09-16 13:46:25 -06:00			`sessionID).Scan(&userID, &expiresAt)`
			`if err != nil {`
			`return nil, err`
			`}`

Fly time 2024-11-21 00:48:45 -06:00			`user, err := GetUserByID(db, userID)`
Session table work now 2024-09-16 13:46:25 -06:00			`if err != nil {`
			`return nil, err`
			`}`

			`return &SessionData{`
			`SessionID: sessionID,`
			`UserID: user.ID,`
			`Name: user.Name,`
			`Email: user.Email,`
			`Roles: []string{"user"},`
			`}, nil`
			`}`

Fly time 2024-11-21 00:48:45 -06:00			`func DeleteSession(db *sql.DB, sessionID string) error {`
			`_, err := db.Exec(`
			`"DELETE FROM sessions WHERE id = ?",`
			`sessionID)`
Session table work now 2024-09-16 13:46:25 -06:00			`return err`
			`}`