fix: session authentication middleware

internal/api/middleware.go

@@ -3,29 +3,42 @@ package api
 import (
 	"net/http"
 
+	"github.com/google/uuid"
 	"github.com/labstack/echo-contrib/session"
 	"github.com/labstack/echo/v4"
+
+	"github.com/hazemKrimi/crimson-vault/internal/types"
 )
 
-func SessionMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
+func (api *API) AuthSessionMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
 	return func(context echo.Context) error {
 		sess, err := session.Get("session", context)
 
-		if err != nil {
+		if err != nil || sess.IsNew {
 			return context.String(http.StatusUnauthorized, "User not authenticated!")
 		}
 
-		cookie, err := context.Cookie("session")
+		id, ok := sess.Values["sessionId"].(string)
+
+		if !ok || id == "" {
+			return context.String(http.StatusUnauthorized, "User not authenticated!")
+		}
+
+		sessionId, err := uuid.Parse(id)
 
 		if err != nil {
 			return context.String(http.StatusUnauthorized, "User not authenticated!")
 		}
 
-		if sess.IsNew || cookie.Value == "" || sess.Values["id"] == "" {
+		var user types.User
+
+		if err := api.db.GetUserBySessionId(sessionId, &user); err != nil {
 			return context.String(http.StatusUnauthorized, "User not authenticated!")
 		}
 
-		context.Set("id", sess.Values["id"])
+		context.Set("sessionId", sess.Values["sessionId"])
+		context.Set("username", sess.Values["username"])
+
 		return next(context)
 	}
 }