summaryrefslogtreecommitdiff
path: root/middleware/session.go
blob: 838e088dd4e65d30f7ebb596a86aea755a0dd7d6 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

package middleware

import (
	"context"
	"errors"
	"net/http"

	"go.neonxp.ru/mux"
	"go.neonxp.ru/mux/middleware/session"
	"go.neonxp.ru/objectid"
)

type SessionConfig struct {
	SessionCookie string
	Path          string
	Domain        string
	Secure        bool
	HttpOnly      bool
	MaxAge        int
}

var DefaultSessionConfig SessionConfig = SessionConfig{
	SessionCookie: "_session",
	Path:          "/",
	Domain:        "",
	Secure:        false,
	HttpOnly:      true,
	MaxAge:        30 * 3600,
}

func Session(config SessionConfig, storer session.Store) mux.Middleware {
	return func(h http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			var (
				sessionID string
				values    session.Value
			)
			cookie, err := r.Cookie(config.SessionCookie)
			switch {
			case err == nil:
				sessionID = cookie.Value
				values = storer.Load(r.Context(), sessionID)
			case errors.Is(err, http.ErrNoCookie):
				sessionID = objectid.New().String()
				values = session.Value{}
			}

			http.SetCookie(w, &http.Cookie{
				Name:     config.SessionCookie,
				Value:    sessionID,
				Path:     config.Path,
				Domain:   config.Domain,
				Secure:   config.Secure,
				HttpOnly: config.HttpOnly,
				MaxAge:   config.MaxAge,
			})

			ctx := context.WithValue(r.Context(), sessionValueKey, &values)
			ctx = context.WithValue(ctx, sessionIDKey, sessionID)
			ctx = context.WithValue(ctx, sessionConfigKey, config)
			ctx = context.WithValue(ctx, sessionStorerKey, storer)

			h.ServeHTTP(w, r.WithContext(ctx))

			storer.Save(r.Context(), sessionID, values)

		})
	}
}

func SessionFromRequest(r *http.Request) *session.Value {
	return r.Context().Value(sessionValueKey).(*session.Value)
}

func ClearSession(w http.ResponseWriter, r *http.Request) {
	storer := r.Context().Value(sessionStorerKey).(session.Store)
	sessionID := r.Context().Value(sessionIDKey).(string)
	storer.Remove(r.Context(), sessionID)
	config := r.Context().Value(sessionConfigKey).(SessionConfig)
	http.SetCookie(w, &http.Cookie{
		Name:     config.SessionCookie,
		Value:    sessionID,
		Path:     config.Path,
		Domain:   config.Domain,
		Secure:   config.Secure,
		HttpOnly: config.HttpOnly,
		MaxAge:   -1,
	})
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 15:55:44 +0300