Change things regarding authentication and sessions, such as resetting the session after getting a invalid session cookie, adding a logout route, and renaming create function to set in auth session store (to match inertia session store)

+3 -3

internal/services/authentication.go

··· 20 20 } 21 21 22 22 func (as *AuthenticationService) Login(ctx context.Context, email, password string) (models.User, error) { 23 - validUser := false 23 + invalidUser := true 24 24 25 25 user, err := as.userRepo.GetByEmail(ctx, email) 26 26 if err == nil { 27 - validUser = true 27 + invalidUser = false 28 28 } 29 29 30 - ok := authentication.ComparePasswordAndHash(validUser, password, user.Password) 30 + ok := authentication.ComparePasswordAndHash(invalidUser, password, user.Password) 31 31 if !ok { 32 32 return models.User{}, errors.New("invalid credentials") 33 33 }

+11 -1

internal/web/router/router.go

··· 109 109 s.inertia.Render(w, r, "authentication/Register", inertia.Props{}) 110 110 }) 111 111 112 + r.Delete("/authentication/logout", func(w http.ResponseWriter, r *http.Request) { 113 + err := s.authProvider.DeleteSession(w, r) 114 + if err != nil { 115 + fmt.Println("Error deleting session: ", err) 116 + http.Error(w, err.Error(), http.StatusInternalServerError) 117 + return 118 + } 119 + http.Redirect(w, r, "/authentication/login", http.StatusSeeOther) 120 + }) 121 + 112 122 r.Post("/authentication/login", func(w http.ResponseWriter, r *http.Request) { 113 123 fmt.Println("login") 114 124 var form requests.LoginForm ··· 126 136 user, err := s.authService.Login(r.Context(), form.Email, form.Password) 127 137 if err != nil { 128 138 s.inertia.SetErrors(w, r, map[string][]string{ 129 - "username": []string{"Invalid credentials"}, 139 + "email": []string{"Invalid credentials"}, 130 140 }) 131 141 http.Redirect(w, r, "/authentication/login", 302) 132 142 return

+11 -4

internal/web/sessionstore/authentication.go

··· 3 3 import ( 4 4 "encoding/gob" 5 5 "errors" 6 + "fmt" 6 7 "net/http" 7 8 8 9 "github.com/gorilla/sessions" ··· 23 24 } 24 25 } 25 26 26 - func (s *Authentication) Create(w http.ResponseWriter, r *http.Request, key string, authSession authentication.Session) error { 27 + func (s *Authentication) Set(w http.ResponseWriter, r *http.Request, key string, authSession authentication.Session) error { 27 28 session, err := s.store.Get(r, key) 28 29 if err != nil { 29 - return err 30 + session.Options.MaxAge = -1 31 + session.Save(r, w) 32 + 33 + if session, err = s.store.Get(r, key); err != nil { 34 + fmt.Println("Error getting session in setting:", err) 35 + return err 36 + } 30 37 } 31 38 session.Values["data"] = authSession 32 39 return session.Save(r, w) ··· 46 53 return result, nil 47 54 } 48 55 49 - func (s *Authentication) Delete(w http.ResponseWriter, r *http.Request, token string) error { 50 - session, err := s.store.Get(r, token) 56 + func (s *Authentication) Delete(w http.ResponseWriter, r *http.Request, key string) error { 57 + session, err := s.store.Get(r, key) 51 58 if err != nil { 52 59 return err 53 60 }

+10 -3

internal/web/sessionstore/inertia.go

··· 27 27 func (is *Inertia) Set(w http.ResponseWriter, r *http.Request, key string, value inertia.SessionData) error { 28 28 session, err := is.store.Get(r, key) 29 29 if err != nil { 30 - if session, err = is.store.New(r, key); err != nil { 30 + session.Options.MaxAge = -1 31 + session.Save(r, w) 32 + 33 + if session, err = is.store.Get(r, key); err != nil { 34 + fmt.Println("Error getting session in setting:", err) 31 35 return err 32 36 } 33 37 } ··· 38 42 func (is *Inertia) Get(r *http.Request, key string) (inertia.SessionData, error) { 39 43 session, err := is.store.Get(r, key) 40 44 if err != nil { 41 - fmt.Println("Error getting session:", err) 42 - return inertia.SessionData{}, err 45 + if session, err = is.store.New(r, key); err != nil { 46 + fmt.Println("Error getting session:", err) 47 + return inertia.SessionData{}, err 48 + } 43 49 } 44 50 data, ok := session.Values["data"].(inertia.SessionData) 45 51 if !ok { 46 52 return inertia.SessionData{}, errors.New("invalid session data type") 47 53 } 54 + 48 55 return data, nil 49 56 }

+6 -6

pkg/authentication/authentication.go

··· 42 42 } 43 43 44 44 type SessionStore interface { 45 - Create(w http.ResponseWriter, r *http.Request, key string, session Session) error 45 + Set(w http.ResponseWriter, r *http.Request, key string, session Session) error 46 46 Get(r *http.Request, key string) (Session, error) 47 47 Delete(w http.ResponseWriter, r *http.Request, key string) error 48 48 } 49 49 50 50 type Session struct { 51 - userID int 51 + UserID int 52 52 } 53 53 54 54 type Provider struct { ··· 63 63 64 64 func (p *Provider) CreateSession(w http.ResponseWriter, r *http.Request, userID int) error { 65 65 session := Session{ 66 - userID: userID, 66 + UserID: userID, 67 67 } 68 68 69 - return p.store.Create(w, r, CookieSessionKey, session) 69 + return p.store.Set(w, r, CookieSessionKey, session) 70 70 } 71 71 72 72 func (p *Provider) GetUserID(r *http.Request) (int, error) { ··· 76 76 return 0, err 77 77 } 78 78 79 - return session.userID, nil 79 + return session.UserID, nil 80 80 } 81 81 82 82 func (p *Provider) DeleteSession(w http.ResponseWriter, r *http.Request) error { ··· 102 102 103 103 SetSession(r, session) 104 104 105 - if !ruleFN(session.userID) { 105 + if !ruleFN(session.UserID) { 106 106 http.Error(w, "Forbidden", http.StatusForbidden) 107 107 return 108 108 }

+10

web/views/Index.svelte

··· 1 1 <script lang="ts"> 2 + import Link from "$components/interaction/Link.svelte"; 3 + import { 4 + DELETE_AuthenticationLogout, 5 + GET_AuthenticationLogin, 6 + } from "$routes"; 7 + 2 8 type Props = {}; 3 9 </script> 4 10 5 11 <h1 class="h1">Home</h1> 12 + 13 + <Link href={DELETE_AuthenticationLogout()}>Logout</Link> 14 + 15 + <Link href={GET_AuthenticationLogin()}>Login</Link>

Configure Feed

Configure Feed