GoWeb/models/session.go

package models

import (
	"GoWeb/app"
	"crypto/rand"
	"encoding/hex"
	"log/slog"
	"net/http"
	"time"
)

type Session struct {
	Id         int64
	UserId     int64
	AuthToken  string
	RememberMe bool
	CreatedAt  time.Time
}

const sessionColumnsNoId = "\"UserId\", \"AuthToken\",\"RememberMe\", \"CreatedAt\""
const sessionColumns = "\"Id\", " + sessionColumnsNoId
const sessionTable = "public.\"Session\""

const (
	selectSessionByAuthToken      = "SELECT " + sessionColumns + " FROM " + sessionTable + " WHERE \"AuthToken\" = $1"
	selectAuthTokenIfExists       = "SELECT EXISTS(SELECT 1 FROM " + sessionTable + " WHERE \"AuthToken\" = $1)"
	insertSession                 = "INSERT INTO " + sessionTable + " (" + sessionColumnsNoId + ") VALUES ($1, $2, $3, $4) RETURNING \"Id\""
	deleteSessionByAuthToken      = "DELETE FROM " + sessionTable + " WHERE \"AuthToken\" = $1"
	deleteSessionsOlderThan30Days = "DELETE FROM " + sessionTable + " WHERE \"CreatedAt\" < NOW() - INTERVAL '30 days'"
	deleteSessionsOlderThan6Hours = "DELETE FROM " + sessionTable + " WHERE \"CreatedAt\" < NOW() - INTERVAL '6 hours' AND \"RememberMe\" = false"
)

// CreateSession creates a new session for a user
func CreateSession(app *app.App, w http.ResponseWriter, userId int64, remember bool) (Session, error) {
	session := Session{}
	session.UserId = userId
	session.AuthToken = generateAuthToken(app)
	session.RememberMe = remember
	session.CreatedAt = time.Now()

	// If the AuthToken column for any user matches the token, set existingAuthToken to true
	var existingAuthToken bool
	err := app.Db.QueryRow(selectAuthTokenIfExists, session.AuthToken).Scan(&existingAuthToken)
	if err != nil {
		slog.Error("error checking for existing auth token" + err.Error())
		return Session{}, err
	}

	// If duplicate token found, recursively call function until unique token is generated
	if existingAuthToken {
		slog.Warn("duplicate token found in sessions table, generating new token...")
		return CreateSession(app, w, userId, remember)
	}

	err = app.Db.QueryRow(insertSession, session.UserId, session.AuthToken, session.RememberMe, session.CreatedAt).Scan(&session.Id)
	if err != nil {
		slog.Error("error inserting session into database")
		return Session{}, err
	}

	createSessionCookie(app, w, session)
	return session, nil
}

func SessionByAuthToken(app *app.App, authToken string) (Session, error) {
	session := Session{}

	err := app.Db.QueryRow(selectSessionByAuthToken, authToken).Scan(&session.Id, &session.UserId, &session.AuthToken, &session.RememberMe, &session.CreatedAt)
	if err != nil {
		return Session{}, err
	}

	return session, nil
}

// generateAuthToken generates a random 64-byte string
func generateAuthToken(app *app.App) string {
	b := make([]byte, 64)
	_, err := rand.Read(b)
	if err != nil {
		slog.Error("error generating random bytes for auth token")
	}

	return hex.EncodeToString(b)
}

// createSessionCookie creates a new session cookie
func createSessionCookie(app *app.App, w http.ResponseWriter, session Session) {
	cookie := &http.Cookie{}
	if session.RememberMe {
		cookie = &http.Cookie{
			Name:     "session",
			Value:    session.AuthToken,
			Path:     "/",
			MaxAge:   2592000 * 1000, // 30 days in ms
			HttpOnly: true,
			Secure:   true,
		}
	} else {
		cookie = &http.Cookie{
			Name:     "session",
			Value:    session.AuthToken,
			Path:     "/",
			MaxAge:   21600 * 1000, // 6 hours in ms
			HttpOnly: true,
			Secure:   true,
		}
	}

	http.SetCookie(w, cookie)
}

// deleteSessionCookie deletes the session cookie
func deleteSessionCookie(app *app.App, w http.ResponseWriter) {
	cookie := &http.Cookie{
		Name:   "session",
		Value:  "",
		Path:   "/",
		MaxAge: -1,
	}

	http.SetCookie(w, cookie)
}

// DeleteSessionByAuthToken deletes a session from the database by AuthToken
func DeleteSessionByAuthToken(app *app.App, w http.ResponseWriter, authToken string) error {
	_, err := app.Db.Exec(deleteSessionByAuthToken, authToken)
	if err != nil {
		slog.Error("error deleting session from database")
		return err
	}

	deleteSessionCookie(app, w)

	return nil
}

// ScheduledSessionCleanup deletes expired sessions from the database
func ScheduledSessionCleanup(app *app.App) {
	// Delete sessions older than 30 days (remember me sessions)
	_, err := app.Db.Exec(deleteSessionsOlderThan30Days)
	if err != nil {
		slog.Error("error deleting 30 day expired sessions from database" + err.Error())
	}

	// Delete sessions older than 6 hours
	_, err = app.Db.Exec(deleteSessionsOlderThan6Hours)
	if err != nil {
		slog.Error("error deleting 6 hour expired sessions from database" + err.Error())
	}

	slog.Info("deleted expired sessions from database")
}
Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`package models`

			`import (`
			`"GoWeb/app"`
			`"crypto/rand"`
			`"encoding/hex"`
Clean up error handling, migrate to log/slog, add todo for flash message system in post controller 2023-09-03 20:45:12 +00:00			`"log/slog"`
Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`"net/http"`
			`"time"`
			`)`

			`type Session struct {`
Add remember me functionality, handle both types of sessions appropriately 2023-04-06 13:56:48 +00:00			`Id int64`
			`UserId int64`
			`AuthToken string`
			`RememberMe bool`
			`CreatedAt time.Time`
Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`}`

Fix some SQL errors 2023-04-06 14:30:53 +00:00			`const sessionColumnsNoId = "\"UserId\", \"AuthToken\",\"RememberMe\", \"CreatedAt\""`
Decouple SQL queries from logic 2023-03-05 21:46:43 +00:00			`const sessionColumns = "\"Id\", " + sessionColumnsNoId`
			`const sessionTable = "public.\"Session\""`

			`const (`
Initial clear old sessions implementation 2023-04-04 19:37:36 +00:00			`selectSessionByAuthToken = "SELECT " + sessionColumns + " FROM " + sessionTable + " WHERE \"AuthToken\" = $1"`
			`selectAuthTokenIfExists = "SELECT EXISTS(SELECT 1 FROM " + sessionTable + " WHERE \"AuthToken\" = $1)"`
Fix some SQL errors 2023-04-06 14:30:53 +00:00			`insertSession = "INSERT INTO " + sessionTable + " (" + sessionColumnsNoId + ") VALUES ($1, $2, $3, $4) RETURNING \"Id\""`
Initial clear old sessions implementation 2023-04-04 19:37:36 +00:00			`deleteSessionByAuthToken = "DELETE FROM " + sessionTable + " WHERE \"AuthToken\" = $1"`
			`deleteSessionsOlderThan30Days = "DELETE FROM " + sessionTable + " WHERE \"CreatedAt\" < NOW() - INTERVAL '30 days'"`
Add remember me functionality, handle both types of sessions appropriately 2023-04-06 13:56:48 +00:00			`deleteSessionsOlderThan6Hours = "DELETE FROM " + sessionTable + " WHERE \"CreatedAt\" < NOW() - INTERVAL '6 hours' AND \"RememberMe\" = false"`
Decouple SQL queries from logic 2023-03-05 21:46:43 +00:00			`)`

Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`// CreateSession creates a new session for a user`
Add remember me functionality, handle both types of sessions appropriately 2023-04-06 13:56:48 +00:00			`func CreateSession(app *app.App, w http.ResponseWriter, userId int64, remember bool) (Session, error) {`
Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`session := Session{}`
			`session.UserId = userId`
			`session.AuthToken = generateAuthToken(app)`
Add remember me functionality, handle both types of sessions appropriately 2023-04-06 13:56:48 +00:00			`session.RememberMe = remember`
Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`session.CreatedAt = time.Now()`

			`// If the AuthToken column for any user matches the token, set existingAuthToken to true`
			`var existingAuthToken bool`
Decouple SQL queries from logic 2023-03-05 21:46:43 +00:00			`err := app.Db.QueryRow(selectAuthTokenIfExists, session.AuthToken).Scan(&existingAuthToken)`
Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`if err != nil {`
Clean up error handling, migrate to log/slog, add todo for flash message system in post controller 2023-09-03 20:45:12 +00:00			`slog.Error("error checking for existing auth token" + err.Error())`
Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`return Session{}, err`
			`}`

			`// If duplicate token found, recursively call function until unique token is generated`
Remove unnecessary comparison 2023-09-26 16:32:39 +00:00			`if existingAuthToken {`
Clean up error handling, migrate to log/slog, add todo for flash message system in post controller 2023-09-03 20:45:12 +00:00			`slog.Warn("duplicate token found in sessions table, generating new token...")`
Add remember me functionality, handle both types of sessions appropriately 2023-04-06 13:56:48 +00:00			`return CreateSession(app, w, userId, remember)`
Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`}`

Add remember me functionality, handle both types of sessions appropriately 2023-04-06 13:56:48 +00:00			`err = app.Db.QueryRow(insertSession, session.UserId, session.AuthToken, session.RememberMe, session.CreatedAt).Scan(&session.Id)`
Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`if err != nil {`
Clean up error handling, migrate to log/slog, add todo for flash message system in post controller 2023-09-03 20:45:12 +00:00			`slog.Error("error inserting session into database")`
Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`return Session{}, err`
			`}`

			`createSessionCookie(app, w, session)`
			`return session, nil`
			`}`

Use best naming practices 2023-12-19 05:04:31 +00:00			`func SessionByAuthToken(app *app.App, authToken string) (Session, error) {`
Add ability to get session given an AuthToken, fix GetCurrentUser() 2023-04-08 02:23:46 +00:00			`session := Session{}`

			`err := app.Db.QueryRow(selectSessionByAuthToken, authToken).Scan(&session.Id, &session.UserId, &session.AuthToken, &session.RememberMe, &session.CreatedAt)`
			`if err != nil {`
			`return Session{}, err`
			`}`

			`return session, nil`
			`}`

Comment cleanup 2023-08-12 19:28:21 +00:00			`// generateAuthToken generates a random 64-byte string`
Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`func generateAuthToken(app *app.App) string {`
			`b := make([]byte, 64)`
			`_, err := rand.Read(b)`
			`if err != nil {`
Clean up error handling, migrate to log/slog, add todo for flash message system in post controller 2023-09-03 20:45:12 +00:00			`slog.Error("error generating random bytes for auth token")`
Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`}`

			`return hex.EncodeToString(b)`
			`}`

			`// createSessionCookie creates a new session cookie`
			`func createSessionCookie(app *app.App, w http.ResponseWriter, session Session) {`
Add remember me functionality, handle both types of sessions appropriately 2023-04-06 13:56:48 +00:00			`cookie := &http.Cookie{}`
			`if session.RememberMe {`
			`cookie = &http.Cookie{`
			`Name: "session",`
			`Value: session.AuthToken,`
			`Path: "/",`
			`MaxAge: 2592000 * 1000, // 30 days in ms`
			`HttpOnly: true,`
			`Secure: true,`
			`}`
			`} else {`
			`cookie = &http.Cookie{`
			`Name: "session",`
			`Value: session.AuthToken,`
			`Path: "/",`
			`MaxAge: 21600 * 1000, // 6 hours in ms`
			`HttpOnly: true,`
			`Secure: true,`
			`}`
Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`}`

			`http.SetCookie(w, cookie)`
			`}`

			`// deleteSessionCookie deletes the session cookie`
			`func deleteSessionCookie(app *app.App, w http.ResponseWriter) {`
			`cookie := &http.Cookie{`
			`Name: "session",`
			`Value: "",`
			`Path: "/",`
			`MaxAge: -1,`
			`}`

			`http.SetCookie(w, cookie)`
			`}`

			`// DeleteSessionByAuthToken deletes a session from the database by AuthToken`
			`func DeleteSessionByAuthToken(app *app.App, w http.ResponseWriter, authToken string) error {`
Decouple SQL queries from logic 2023-03-05 21:46:43 +00:00			`_, err := app.Db.Exec(deleteSessionByAuthToken, authToken)`
Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`if err != nil {`
Clean up error handling, migrate to log/slog, add todo for flash message system in post controller 2023-09-03 20:45:12 +00:00			`slog.Error("error deleting session from database")`
Move to a session based system for AuthTokens 2023-02-28 20:54:55 +00:00			`return err`
			`}`

			`deleteSessionCookie(app, w)`

			`return nil`
			`}`
Initial clear old sessions implementation 2023-04-04 19:37:36 +00:00
			`// ScheduledSessionCleanup deletes expired sessions from the database`
			`func ScheduledSessionCleanup(app *app.App) {`
Add remember me functionality, handle both types of sessions appropriately 2023-04-06 13:56:48 +00:00			`// Delete sessions older than 30 days (remember me sessions)`
Initial clear old sessions implementation 2023-04-04 19:37:36 +00:00			`_, err := app.Db.Exec(deleteSessionsOlderThan30Days)`
			`if err != nil {`
Clean up error handling, migrate to log/slog, add todo for flash message system in post controller 2023-09-03 20:45:12 +00:00			`slog.Error("error deleting 30 day expired sessions from database" + err.Error())`
Add remember me functionality, handle both types of sessions appropriately 2023-04-06 13:56:48 +00:00			`}`

			`// Delete sessions older than 6 hours`
Fix wrong query for clearing 6-hour old sessions 2023-04-06 14:35:53 +00:00			`_, err = app.Db.Exec(deleteSessionsOlderThan6Hours)`
Add remember me functionality, handle both types of sessions appropriately 2023-04-06 13:56:48 +00:00			`if err != nil {`
Clean up error handling, migrate to log/slog, add todo for flash message system in post controller 2023-09-03 20:45:12 +00:00			`slog.Error("error deleting 6 hour expired sessions from database" + err.Error())`
Initial clear old sessions implementation 2023-04-04 19:37:36 +00:00			`}`

Clean up error handling, migrate to log/slog, add todo for flash message system in post controller 2023-09-03 20:45:12 +00:00			`slog.Info("deleted expired sessions from database")`
Initial clear old sessions implementation 2023-04-04 19:37:36 +00:00			`}`