max/GoWeb
1
1
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases 7 Wiki Activity

ValidateSessionCookie() and LogoutUser()

Browse Source
This commit is contained in:
max 2022-10-21 21:04:46 -05:00
parent 3417622841
commit 93a1cb6049
1 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
database/models/user.go
View File

@ -110,7 +110,7 @@ func AuthenticateUser(app *app.App, w http.ResponseWriter, username string, pass
} }
} }
// CreateSessionCookie creates a new session token and cookie and returns the token value // createSessionCookie creates a new session token and cookie and returns the token value
func createSessionCookie(app *app.App, w http.ResponseWriter, username string) (string, error) { func createSessionCookie(app *app.App, w http.ResponseWriter, username string) (string, error) {
// Generate random 64 character string (alpha-numeric) // Generate random 64 character string (alpha-numeric)
buff := make([]byte, int(math.Ceil(float64(64)/2))) buff := make([]byte, int(math.Ceil(float64(64)/2)))
@ -144,3 +144,55 @@ func createSessionCookie(app *app.App, w http.ResponseWriter, username string) (
return token, nil return token, nil
} }
// ValidateSessionCookie validates the session cookie and returns the username of the user if valid
func ValidateSessionCookie(app *app.App, r *http.Request) (string, error) {
// Get cookie from request
cookie, err := r.Cookie("session")
if err != nil {
log.Println("Error getting cookie from request")
log.Println(err)
return "", err
}
// Query row by token
var username string
err = app.Db.QueryRow("SELECT username FROM users WHERE auth_token = $1", cookie.Value).Scan(&username)
if err != nil {
log.Println("Error querying row by token")
log.Println(err)
return "", err
}
return username, nil
}
// LogoutUser deletes the session cookie and token from the database
func LogoutUser(app *app.App, w http.ResponseWriter, r *http.Request) {
// Get cookie from request
cookie, err := r.Cookie("session")
if err != nil {
log.Println("Error getting cookie from request")
log.Println(err)
return
}
// Set token to empty string
sqlStatement := "UPDATE users SET auth_token = $1 WHERE auth_token = $2"
err = app.Db.QueryRow(sqlStatement, "", cookie.Value).Scan()
if err != nil {
log.Println("Error setting auth_token column in users table")
log.Println(err)
return
}
// Delete cookie
cookie = &http.Cookie{
Name: "",
Value: "",
Path: "/",
MaxAge: -1,
}
http.SetCookie(w, cookie)
}