From 93a1cb60497cb2aa6beb7c0222fbc264a83687f2 Mon Sep 17 00:00:00 2001
From: max <max@mpatterson.xyz>
Date: Fri, 21 Oct 2022 21:04:46 -0500
Subject: [PATCH] ValidateSessionCookie() and LogoutUser()

---
 database/models/user.go | 54 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 53 insertions(+), 1 deletion(-)

diff --git a/database/models/user.go b/database/models/user.go
index 4b94e05..196c285 100644
--- a/database/models/user.go
+++ b/database/models/user.go
@@ -110,7 +110,7 @@ func AuthenticateUser(app *app.App, w http.ResponseWriter, username string, pass
 	}
 }
 
-// CreateSessionCookie creates a new session token and cookie and returns the token value
+// createSessionCookie creates a new session token and cookie and returns the token value
 func createSessionCookie(app *app.App, w http.ResponseWriter, username string) (string, error) {
 	// Generate random 64 character string (alpha-numeric)
 	buff := make([]byte, int(math.Ceil(float64(64)/2)))
@@ -144,3 +144,55 @@ func createSessionCookie(app *app.App, w http.ResponseWriter, username string) (
 
 	return token, nil
 }
+
+// ValidateSessionCookie validates the session cookie and returns the username of the user if valid
+func ValidateSessionCookie(app *app.App, r *http.Request) (string, error) {
+	// Get cookie from request
+	cookie, err := r.Cookie("session")
+	if err != nil {
+		log.Println("Error getting cookie from request")
+		log.Println(err)
+		return "", err
+	}
+
+	// Query row by token
+	var username string
+	err = app.Db.QueryRow("SELECT username FROM users WHERE auth_token = $1", cookie.Value).Scan(&username)
+	if err != nil {
+		log.Println("Error querying row by token")
+		log.Println(err)
+		return "", err
+	}
+
+	return username, nil
+}
+
+// LogoutUser deletes the session cookie and token from the database
+func LogoutUser(app *app.App, w http.ResponseWriter, r *http.Request) {
+	// Get cookie from request
+	cookie, err := r.Cookie("session")
+	if err != nil {
+		log.Println("Error getting cookie from request")
+		log.Println(err)
+		return
+	}
+
+	// Set token to empty string
+	sqlStatement := "UPDATE users SET auth_token = $1 WHERE auth_token = $2"
+	err = app.Db.QueryRow(sqlStatement, "", cookie.Value).Scan()
+	if err != nil {
+		log.Println("Error setting auth_token column in users table")
+		log.Println(err)
+		return
+	}
+
+	// Delete cookie
+	cookie = &http.Cookie{
+		Name:   "",
+		Value:  "",
+		Path:   "/",
+		MaxAge: -1,
+	}
+
+	http.SetCookie(w, cookie)
+}