add frontend auth middleware, embed user data in frontend html

2023-09-04 17:32:45 +02:00 · 2023-09-04 17:32:45 +02:00 · 0fa769a248
commit 0fa769a248
parent d8cb8c8fa8
12 changed files with 265 additions and 42 deletions
--- a/web/app/middleware.go
+++ b/web/app/middleware.go
@ -0,0 +1,53 @@
+package app
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"git.sleepycat.moe/sam/mercury/internal/database"
+)
+
+type ctxKey int
+
+const (
+	ctxKeyClaims ctxKey = 1
+)
+
+func (app *App) FrontendAuth(next http.Handler) http.Handler {
+	fn := func(w http.ResponseWriter, r *http.Request) {
+		cookie, err := r.Cookie(database.TokenCookieName)
+		if err != nil || cookie.Value == "" {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		token, err := app.ParseToken(r.Context(), cookie.Value)
+		if err != nil {
+			app.ErrorTemplate(w, r, "Invalid token", "The provided token was not valid. Try clearing your cookies and reloading the page.")
+			return
+		}
+
+		if token.Expires.Before(time.Now()) {
+			http.SetCookie(w, &http.Cookie{Name: database.TokenCookieName, Value: "", Expires: time.Now()})
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		ctx := context.WithValue(r.Context(), ctxKeyClaims, token)
+
+		next.ServeHTTP(w, r.WithContext(ctx))
+	}
+
+	return http.HandlerFunc(fn)
+}
+
+func (app *App) TokenFromContext(ctx context.Context) (database.Token, bool) {
+	v := ctx.Value(ctxKeyClaims)
+	if v == nil {
+		return database.Token{}, false
+	}
+
+	claims, ok := v.(database.Token)
+	return claims, ok
+}