basic auth / session stuff working

2025-09-13 15:19:08 +00:00 · 2023-03-11 00:18:16 +01:00 · 2023-03-11 00:18:16 +01:00 · b80bc4d32f
commit b80bc4d32f
parent b7daba6040
6 changed files with 144 additions and 23 deletions
--- a/pkg/server/session.go
+++ b/pkg/server/session.go
@ -1,11 +1,15 @@
 package server

 import (
+	"encoding/json"
+	"io"
 	"net/http"
+	"runtime/debug"
 	"sync"
 	"time"

 	"github.com/google/uuid"
+	"golang.org/x/exp/slog"
 )

 type SessionKeyType string
@ -19,9 +23,29 @@ type Session struct {
 	// TODO Add []websocket.Conn pointer to close all active websockets, alternativly do this via context cancelation
 }

+type LoginRequest struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+}
+
+type SessionResponse struct {
+	CommitHash string `json:"commit_hash"`
+}
+
 var sessionsSync sync.Mutex
 var sessions map[string]*Session = map[string]*Session{}

+var CommitHash = func() string {
+	if info, ok := debug.ReadBuildInfo(); ok {
+		for _, setting := range info.Settings {
+			if setting.Key == "vcs.revision" {
+				return setting.Value
+			}
+		}
+	}
+	return "asd"
+}()
+
 func GetSession(r *http.Request) (string, *Session) {
 	c, err := r.Cookie("session")
 	if err != nil {
@ -69,18 +93,28 @@ func CleanupSessions(stop chan struct{}) {
 }

 func HandleLogin(w http.ResponseWriter, r *http.Request) {
-	username := r.PostFormValue("username")
-	password := r.PostFormValue("password")
-	if username == "admin" && password == "12345" {
-		GenerateSession(w, username)
+	buf, err := io.ReadAll(r.Body)
+	if err != nil {
+		slog.Error("Reading Body", err)
+		return
+	}
+	var req LoginRequest
+	err = json.Unmarshal(buf, &req)
+	if err != nil {
+		slog.Error("Unmarshal", err)
+		return
+	}
+	if req.Username == "admin" && req.Password == "12345" {
+		slog.Info("User Login Successfull")
+		GenerateSession(w, req.Username)
 		w.WriteHeader(http.StatusOK)
-		http.Redirect(w, r, "/", http.StatusFound)
+		return
 	}
 	w.WriteHeader(http.StatusUnauthorized)
 }

 func HandleLogout(w http.ResponseWriter, r *http.Request) {
-	http.SetCookie(w, &http.Cookie{Name: SessionCookieName, Value: "", Expires: time.Now()})
+	http.SetCookie(w, &http.Cookie{Name: SessionCookieName, HttpOnly: true, SameSite: http.SameSiteStrictMode, Value: "", Expires: time.Now()})
 	w.WriteHeader(http.StatusOK)
 }

@ -97,4 +131,14 @@ func HandleSession(w http.ResponseWriter, r *http.Request) {
 	}
 	http.SetCookie(w, &http.Cookie{Name: SessionCookieName, HttpOnly: true, SameSite: http.SameSiteStrictMode, Value: id, Expires: s.Expires})
 	w.WriteHeader(http.StatusOK)
+	resp := SessionResponse{
+		CommitHash: CommitHash,
+	}
+	res, err := json.Marshal(resp)
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	w.Write(res)
 }