crimson-quirks/crimson-vault
1
0
Fork 0
mirror of https://github.com/hazemKrimi/crimson-vault.git synced 2026-05-01 18:20:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: session authentication middleware

Browse Source
This commit is contained in:
Hazem Krimi
2025-06-09 12:56:59 +01:00
parent ea9c5f0902
commit 14ce860c37
12 changed files with 283 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/api/auth.go
+84
View File
@@ -0,0 +1,84 @@
package api
import (
"fmt"
"log"
"net/http"
"github.com/labstack/echo-contrib/session"
"github.com/labstack/echo/v4"
"github.com/hazemKrimi/crimson-vault/internal/lib"
"github.com/hazemKrimi/crimson-vault/internal/types"
)
func (api *API) LoginHandler(context echo.Context) error {
var body types.LoginRequestBody
if err := context.Bind(&body); err != nil {
log.Println(fmt.Sprintf("Error logging User in: %v.", err))
return context.String(http.StatusBadRequest, "Invalid JSON!")
}
if err := context.Validate(body); err != nil {
return err
}
var user types.User
if err := api.db.GetUserByUsername(body.Username, &user); err != nil {
return context.String(http.StatusNotFound, "User not found!")
}
if match := lib.CheckPasswordHash(body.Password, user.Password); !match {
return context.String(http.StatusBadRequest, "Invalid credentials!")
}
sess, err := session.Get("session", context)
if err != nil {
log.Println(fmt.Sprintf("Error creating User session: %v.", err))
return context.String(http.StatusInternalServerError, "Unexpected error creating User session!")
}
if err := api.db.UpdateUserSessionID(&user); err != nil {
log.Println(fmt.Sprintf("Error creating User session: %v.", err))
return context.String(http.StatusInternalServerError, "Unexpected error creating User session!")
}
if err := lib.CreateSession(sess, context, &user); err != nil {
log.Println(fmt.Sprintf("Error creating User session: %v.", err))
return context.String(http.StatusInternalServerError, "Unexpected error creating User session!")
}
log.Println(fmt.Sprintf("User with ID %s logged in.", user.ID))
return context.JSON(http.StatusOK, user)
}
func (api *API) LogoutHandler(context echo.Context) error {
sessionId, ok := context.Get("sessionId").(string)
if !ok {
return context.String(http.StatusInternalServerError, "Unexpected error deleting User session!")
}
if err := api.db.DeleteUserSessionID(sessionId); err != nil {
log.Println(fmt.Sprintf("Error deleting User session: %v.", err))
return context.String(http.StatusInternalServerError, "Unexpected error deleting User session!")
}
sess, err := session.Get("session", context)
if err != nil {
log.Println(fmt.Sprintf("Error deleting User session: %v.", err))
return context.String(http.StatusInternalServerError, "Unexpected error deleting User session!")
}
if err := lib.DeleteSession(sess, context); err != nil {
log.Println(fmt.Sprintf("Error deleting User session: %v.", err))
return context.String(http.StatusInternalServerError, "Unexpected error deleting User session!")
}
log.Println(fmt.Sprintf("User with SessionID %s logged out.", sessionId))
return context.String(http.StatusOK, "Logged out successfully!")
}