wip: session auth middleware

go.mod

@@ -3,6 +3,9 @@ module github.com/hazemKrimi/crimson-vault
 go 1.24.3
 
 require (
+	github.com/go-playground/validator/v10 v10.26.0
+	github.com/gorilla/sessions v1.4.0
+	github.com/labstack/echo-contrib v0.17.4
 	github.com/labstack/echo/v4 v4.13.4
 	github.com/spf13/cobra v1.9.1
 	gorm.io/driver/sqlite v1.5.7
@@ -13,7 +16,8 @@ require (
 	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.26.0 // indirect
+	github.com/gorilla/context v1.1.2 // indirect
+	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect

go.sum

@@ -3,18 +3,30 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
 github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
 github.com/go-playground/validator/v10 v10.26.0 h1:SP05Nqhjcvz81uJaRfEV0YBSSSGMc/iMaVtFbr3Sw2k=
 github.com/go-playground/validator/v10 v10.26.0/go.mod h1:I5QpIEbmr8On7W0TktmJAumgzX4CA1XNl4ZmDuVHKKo=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/gorilla/context v1.1.2 h1:WRkNAv2uoa03QNIc1A6u4O7DAGMUVoopZhkiXWA2V1o=
+github.com/gorilla/context v1.1.2/go.mod h1:KDPwT9i/MeWHiLl90fuTgrt4/wPcv75vFAZLaOOcbxM=
+github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
+github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
+github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ=
+github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
 github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
+github.com/labstack/echo-contrib v0.17.4 h1:g5mfsrJfJTKv+F5uNKCyrjLK7js+ZW6HTjg4FnDxxgk=
+github.com/labstack/echo-contrib v0.17.4/go.mod h1:9O7ZPAHUeMGTOAfg80YqQduHzt0CzLak36PZRldYrZ0=
 github.com/labstack/echo/v4 v4.13.4 h1:oTZZW+T3s9gAu5L8vmzihV7/lkXGZuITzTQkTEhcXEA=
 github.com/labstack/echo/v4 v4.13.4/go.mod h1:g63b33BZ5vZzcIUF8AtRH40DrTlXnx4UMC8rBdndmjQ=
 github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0=

internal/api/api.go

@@ -6,6 +6,8 @@ import (
 	"github.com/go-playground/validator/v10"
 	"github.com/labstack/echo/v4"
 	"github.com/labstack/echo/v4/middleware"
+	"github.com/labstack/echo-contrib/session"
+	"github.com/gorilla/sessions"
 
 	"github.com/hazemKrimi/crimson-vault/internal/lib"
 	"github.com/hazemKrimi/crimson-vault/internal/models"
@@ -32,10 +34,12 @@ func (api *API) Initialize() {
 	api.instance = ech
 	api.db = db
 
-	api.ClientRoutes()
+	// TODO: Change and store the secret separately when finilizing v1.
-	api.UserRoutes()
+	api.instance.Use(session.Middleware(sessions.NewCookieStore([]byte("SECRET"))))
 	api.instance.Use(middleware.CORSWithConfig(middleware.CORSConfig{
 		AllowOrigins: []string{"*"},
 	}))
+	api.ClientRoutes()
+	api.UserRoutes()
 	api.instance.Logger.Fatal(api.instance.Start(fmt.Sprintf(":%d", lib.DEFAULT_PORT)))
 }

internal/api/client.go

@@ -46,7 +46,7 @@ func (api *API) GetClientHandler(context echo.Context) error {
 		return context.String(http.StatusBadRequest, "ID is required to get a Client!")
 	}
 
-	id, err := strconv.Atoi(idString)
+	id, err := strconv.ParseUint(idString, 10, 32) 
 
 	if err != nil {
 		return context.String(http.StatusInternalServerError, "Unexpected error getting Client!")
@@ -54,7 +54,7 @@ func (api *API) GetClientHandler(context echo.Context) error {
 
 	var client types.Client
 
-	if err := api.db.GetClient(id, &client); err != nil {
+	if err := api.db.GetClient(uint32(id), &client); err != nil {
 		return context.String(http.StatusNotFound, "Client not found!")
 	}
 
@@ -69,7 +69,7 @@ func (api *API) UpdateClientHandler(context echo.Context) error {
 		return context.String(http.StatusBadRequest, "ID is required to update a Client!")
 	}
 
-	id, err := strconv.Atoi(idString)
+	id, err := strconv.ParseUint(idString, 10, 32) 
 
 	if err != nil {
 		return context.String(http.StatusInternalServerError, "Unexpected error updating Client!")
@@ -88,7 +88,7 @@ func (api *API) UpdateClientHandler(context echo.Context) error {
 
 	var client types.Client
 
-	if err := api.db.UpdateClient(id, body, &client); err != nil {
+	if err := api.db.UpdateClient(uint32(id), body, &client); err != nil {
 		return context.String(http.StatusNotFound, "Client not found!")
 	}
 
@@ -103,7 +103,7 @@ func (api *API) DeleteClientHandler(context echo.Context) error {
 		return context.String(http.StatusBadRequest, "ID is required to delete a Client!")
 	}
 
-	id, err := strconv.Atoi(idString)
+	id, err := strconv.ParseUint(idString, 10, 32) 
 
 	if err != nil {
 		return context.String(http.StatusInternalServerError, "Unexpected error deleting Client!")
@@ -111,7 +111,7 @@ func (api *API) DeleteClientHandler(context echo.Context) error {
 
 	var client types.Client
 
-	if err := api.db.DeleteClient(id); err != nil {
+	if err := api.db.DeleteClient(uint32(id)); err != nil {
 		return context.String(http.StatusNotFound, "Client not found!")
 	}
 

internal/api/middleware.go

@@ -0,0 +1,21 @@
+package api
+
+import (
+	"net/http"
+
+	"github.com/labstack/echo-contrib/session"
+	"github.com/labstack/echo/v4"
+)
+
+func SessionMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
+	return func(context echo.Context) error {
+		sess, err := session.Get("session", context)
+
+		if sess == nil || err != nil {
+			return context.String(http.StatusBadRequest, "User not authenticated!")
+		}
+
+		context.Set("id", sess.Values["id"])
+		return next(context)
+	}
+}

internal/api/user.go

@@ -10,7 +10,9 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/hazemKrimi/crimson-vault/internal/lib"
 	"github.com/hazemKrimi/crimson-vault/internal/types"
+	"github.com/labstack/echo-contrib/session"
 	"github.com/labstack/echo/v4"
 )
 
@@ -27,6 +29,18 @@ func (api *API) CreateUserHandler(context echo.Context) error {
 	}
 
 	user := api.db.CreateUser(body)
+	sess, err := session.Get("session", context)
+
+	if err != nil {
+		api.db.DeleteUser(user.ID)
+		return context.String(http.StatusInternalServerError, "Unexpected error saving User session!")
+	}
+
+	lib.ConstructSession(sess, user)
+
+	if err := sess.Save(context.Request(), context.Response()); err != nil {
+		return context.String(http.StatusInternalServerError, "Unexpected error saving User session!")
+	}
 
 	log.Println(fmt.Sprintf("User created with ID %d.", user.ID))
 	return context.JSON(http.StatusOK, user)
@@ -50,7 +64,7 @@ func (api *API) GetUserHandler(context echo.Context) error {
 		return context.String(http.StatusBadRequest, "ID is required to get a User!")
 	}
 
-	id, err := strconv.Atoi(idString)
+	id, err := strconv.ParseUint(idString, 10, 32)
 
 	if err != nil {
 		return context.String(http.StatusInternalServerError, "Unexpected error getting User!")
@@ -58,7 +72,7 @@ func (api *API) GetUserHandler(context echo.Context) error {
 
 	var user types.User
 
-	if err := api.db.GetUser(id, &user); err != nil {
+	if err := api.db.GetUser(uint32(id), &user); err != nil {
 		return context.String(http.StatusNotFound, "User not found!")
 	}
 
@@ -73,7 +87,7 @@ func (api *API) UpdateUserHandler(context echo.Context) error {
 		return context.String(http.StatusBadRequest, "ID is required to update a User!")
 	}
 
-	id, err := strconv.Atoi(idString)
+	id, err := strconv.ParseUint(idString, 10, 32)
 
 	if err != nil {
 		return context.String(http.StatusInternalServerError, "Unexpected error updating User!")
@@ -92,7 +106,7 @@ func (api *API) UpdateUserHandler(context echo.Context) error {
 
 	var user types.User
 
-	if err := api.db.UpdateUser(id, body, &user); err != nil {
+	if err := api.db.UpdateUser(uint32(id), body, &user); err != nil {
 		return context.String(http.StatusNotFound, "User not found!")
 	}
 
@@ -107,7 +121,7 @@ func (api *API) UpdateUserSecurityDetailsHandler(context echo.Context) error {
 		return context.String(http.StatusBadRequest, "ID is required to create security details for a User!")
 	}
 
-	id, err := strconv.Atoi(idString)
+	id, err := strconv.ParseUint(idString, 10, 32)
 
 	if err != nil {
 		return context.String(http.StatusInternalServerError, "Unexpected error while creating security details for User!")
@@ -126,7 +140,7 @@ func (api *API) UpdateUserSecurityDetailsHandler(context echo.Context) error {
 
 	var user types.User
 
-	if err := api.db.UpdateUserSecurityDetails(id, body, &user); err != nil {
+	if err := api.db.UpdateUserSecurityDetails(uint32(id), body, &user); err != nil {
 		return context.String(http.StatusNotFound, "User not found!")
 	}
 
@@ -141,7 +155,7 @@ func (api *API) UpdateUserLogoHandler(context echo.Context) error {
 		return context.String(http.StatusBadRequest, "ID is required to update logo for User!")
 	}
 
-	id, err := strconv.Atoi(idString)
+	id, err := strconv.ParseUint(idString, 10, 32)
 
 	if err != nil {
 		return context.String(http.StatusInternalServerError, "Unexpected error updating logo for User!")
@@ -149,7 +163,7 @@ func (api *API) UpdateUserLogoHandler(context echo.Context) error {
 
 	var user types.User
 
-	if err := api.db.GetUser(id, &user); err != nil {
+	if err := api.db.GetUser(uint32(id), &user); err != nil {
 		return context.String(http.StatusNotFound, "User not found!")
 	}
 
@@ -231,13 +245,13 @@ func (api *API) DeleteUserHandler(context echo.Context) error {
 		return context.String(http.StatusBadRequest, "ID is required to delete a User!")
 	}
 
-	id, err := strconv.Atoi(idString)
+	id, err := strconv.ParseUint(idString, 10, 32)
 
 	if err != nil {
 		return context.String(http.StatusInternalServerError, "Unexpected error deleting User!")
 	}
 
-	if err := api.db.DeleteUser(id); err != nil {
+	if err := api.db.DeleteUser(uint32(id)); err != nil {
 		return context.String(http.StatusNotFound, "User not found!")
 	}
 
@@ -252,7 +266,7 @@ func (api *API) DeleteUserLogoHandler(context echo.Context) error {
 		return context.String(http.StatusBadRequest, "ID is required to delete logo of User!")
 	}
 
-	id, err := strconv.Atoi(idString)
+	id, err := strconv.ParseUint(idString, 10, 32)
 
 	if err != nil {
 		log.Println(fmt.Sprintf("Error deleting logo of User: %v.", err))
@@ -261,7 +275,7 @@ func (api *API) DeleteUserLogoHandler(context echo.Context) error {
 
 	var user types.User
 
-	if err := api.db.GetUser(id, &user); err != nil {
+	if err := api.db.GetUser(uint32(id), &user); err != nil {
 		return context.String(http.StatusNotFound, "User not found!")
 	}
 

internal/lib/constants.go

@@ -1,4 +1,4 @@
 package lib
 
-const DEFAULT_PORT int = 6900
+const DEFAULT_PORT uint32 = 6900
 const DEFAULT_CONFIG_DIRECTORY string = ".local/state/crimson-vault" 

internal/lib/utils.go

@@ -3,6 +3,9 @@ package lib
 import (
 	"os"
 	"path/filepath"
+
+	"github.com/gorilla/sessions"
+	"github.com/hazemKrimi/crimson-vault/internal/types"
 )
 
 func GetConfigDirectory() (string, error) {
@@ -16,3 +19,12 @@ func GetConfigDirectory() (string, error) {
 
 	return config, nil
 }
+
+func ConstructSession(session *sessions.Session, user types.User) {
+	session.Options = &sessions.Options{
+		Path:     "/",
+		MaxAge:   86400 * 7,
+		HttpOnly: true,
+	}
+	session.Values["id"] = user.ID
+}

internal/models/client.go

@@ -35,7 +35,7 @@ func (db *DB) GetClients() ([]types.Client, error) {
 	return clients, nil
 }
 
-func (db *DB) GetClient(id int, client *types.Client) error {
+func (db *DB) GetClient(id uint32, client *types.Client) error {
 	result := db.instance.Where("id = ?", id).First(client, id)
 
 	if result.Error != nil {
@@ -45,7 +45,7 @@ func (db *DB) GetClient(id int, client *types.Client) error {
 	return nil
 }
 
-func (db *DB) UpdateClient(id int, body types.UpdateClientRequestBody, client *types.Client) error {
+func (db *DB) UpdateClient(id uint32, body types.UpdateClientRequestBody, client *types.Client) error {
 	result := db.instance.Where("id = ?", id).First(client, id)
 
 	if result.Error != nil {
@@ -69,7 +69,7 @@ func (db *DB) UpdateClient(id int, body types.UpdateClientRequestBody, client *t
 	return nil
 }
 
-func (db *DB) DeleteClient(id int) error {
+func (db *DB) DeleteClient(id uint32) error {
 	result := db.instance.Delete(&types.Client{}, id)
 
 	if result.Error != nil {

internal/models/user.go

@@ -37,7 +37,7 @@ func (db *DB) GetUsers() ([]types.User, error) {
 	return users, nil
 }
 
-func (db *DB) GetUser(id int, user *types.User) error {
+func (db *DB) GetUser(id uint32, user *types.User) error {
 	result := db.instance.Where("id = ?", id).First(user, id)
 
 	if result.Error != nil {
@@ -47,7 +47,7 @@ func (db *DB) GetUser(id int, user *types.User) error {
 	return nil
 }
 
-func (db *DB) UpdateUser(id int, body types.UpdateUserRequestBody, user *types.User) error {
+func (db *DB) UpdateUser(id uint32, body types.UpdateUserRequestBody, user *types.User) error {
 	result := db.instance.Where("id = ?", id).First(user, id)
 
 	if result.Error != nil {
@@ -71,7 +71,7 @@ func (db *DB) UpdateUser(id int, body types.UpdateUserRequestBody, user *types.U
 	return nil
 }
 
-func (db *DB) UpdateUserSecurityDetails(id int, body types.UpdateUserSecurityDetailsBody, user *types.User) error {
+func (db *DB) UpdateUserSecurityDetails(id uint32, body types.UpdateUserSecurityDetailsBody, user *types.User) error {
 	result := db.instance.Where("id = ?", id).First(user, id)
 
 	if result.Error != nil {
@@ -102,7 +102,7 @@ func (db *DB) UpdateUserLogo(path string, user *types.User) error {
 	return nil
 }
 
-func (db *DB) DeleteUser(id int) error {
+func (db *DB) DeleteUser(id uint32) error {
 	result := db.instance.Delete(&types.User{}, id)
 
 	if result.Error != nil {