admin panel, login page with auth session.

2026-04-30 08:02:03 +02:00
parent 676568100f
commit fbc880f40b
13 changed files with 1562 additions and 15 deletions
--- a/internal/middleware/session.go
+++ b/internal/middleware/session.go
@@ -0,0 +1,58 @@
+package middleware
+
+import (
+	"net/http"
+	"sync"
+)
+
+// In-memory session store — swap for Redis/DB in production
+var (
+	sessionStore = make(map[string]bool)
+	mu           sync.RWMutex
+)
+
+// RegisterSession adds a token to the store (call this after login)
+func RegisterSession(token string) {
+	mu.Lock()
+	defer mu.Unlock()
+	sessionStore[token] = true
+}
+
+// RevokeSession removes a token (call this on logout)
+func RevokeSession(token string) {
+	mu.Lock()
+	defer mu.Unlock()
+	delete(sessionStore, token)
+}
+
+// RequireSession is the middleware — wraps any handler that needs auth
+func RequireSession(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		cookie, err := r.Cookie("session")
+		if err != nil {
+			// No cookie at all
+			http.Redirect(w, r, "/login", http.StatusSeeOther)
+			return
+		}
+
+		mu.RLock()
+		valid := sessionStore[cookie.Value]
+		mu.RUnlock()
+
+		if !valid {
+			// Cookie exists but token is unknown/expired
+			http.SetCookie(w, &http.Cookie{
+				Name:     "session",
+				Value:    "",
+				Path:     "/",
+				HttpOnly: true,
+				Secure:   true,
+				MaxAge:   -1, // delete it
+			})
+			http.Redirect(w, r, "/login", http.StatusSeeOther)
+			return
+		}
+
+		next.ServeHTTP(w, r)
+	})
+}