package Auth import ( "errors" "net/http" "time" "git.tovijaeschke.xyz/tovi/Envelope/Backend/Database" "git.tovijaeschke.xyz/tovi/Envelope/Backend/Models" ) var ( Sessions = map[string]Session{} ) type Session struct { UserID string Username string Expiry time.Time } func (s Session) IsExpired() bool { return s.Expiry.Before(time.Now()) } func CheckCookie(r *http.Request) (Session, error) { var ( c *http.Cookie sessionToken string userSession Session exists bool err error ) c, err = r.Cookie("session_token") if err != nil { return userSession, err } sessionToken = c.Value // We then get the session from our session map userSession, exists = Sessions[sessionToken] if !exists { return userSession, errors.New("Cookie not found") } // If the session is present, but has expired, we can delete the session, and return // an unauthorized status if userSession.IsExpired() { delete(Sessions, sessionToken) return userSession, errors.New("Cookie expired") } return userSession, nil } func CheckCookieCurrentUser(w http.ResponseWriter, r *http.Request) (Models.User, error) { var ( userSession Session userData Models.User err error ) userSession, err = CheckCookie(r) if err != nil { return userData, err } userData, err = Database.GetUserById(userSession.UserID) if err != nil { return userData, err } if userData.ID.String() != userSession.UserID { return userData, errors.New("Is not current user") } return userData, nil }