Added session cookie and logout for admin

This commit is contained in:
2026-05-20 15:57:09 +02:00
parent 4d53a6b471
commit 93ca9ea33b
3 changed files with 86 additions and 1 deletions
+69
View File
@@ -0,0 +1,69 @@
package auth
import (
"crypto/rand"
"encoding/hex"
"net/http"
"sync"
"time"
)
var (
sessions = map[string]time.Time{}
mu sync.Mutex
)
func GenerateSession() (string, error) {
bytes := make([]byte, 32)
_, err := rand.Read(bytes)
if err != nil {
return "", err
}
token := hex.EncodeToString(bytes)
mu.Lock()
sessions[token] = time.Now()
mu.Unlock()
return token, nil
}
func IsLoggedIn(r *http.Request) bool {
cookie, err := r.Cookie("session")
if err != nil {
return false
}
mu.Lock()
_, exists := sessions[cookie.Value]
mu.Unlock()
return exists
}
func SetSessionCookie(w http.ResponseWriter, token string) {
http.SetCookie(w, &http.Cookie{
Name: "session",
Value: token,
Path: "/",
HttpOnly: true,
SameSite: http.SameSiteLaxMode,
})
}
func ClearSession(w http.ResponseWriter, r *http.Request) {
cookie, err := r.Cookie("session")
if err == nil {
mu.Lock()
delete(sessions, cookie.Value)
mu.Unlock()
}
http.SetCookie(w, &http.Cookie{
Name: "session",
Value: "",
Path: "/",
MaxAge: -1,
HttpOnly: true,
})
}
+16 -1
View File
@@ -74,7 +74,22 @@ func Login(tmpl *template.Template) http.HandlerFunc {
return return
} }
// TODO: create a session so the admin stays logged in token, err := auth.GenerateSession()
if err != nil {
tmpl.Execute(w, map[string]string{
"SiteName": Cfg.SiteName,
"Error": "Something went wrong. Please try again.",
})
return
}
auth.SetSessionCookie(w, token)
http.Redirect(w, r, "/admin", http.StatusSeeOther) http.Redirect(w, r, "/admin", http.StatusSeeOther)
} }
} }
func Logout() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
auth.ClearSession(w, r)
http.Redirect(w, r, "/", http.StatusSeeOther)
}
}
+1
View File
@@ -40,6 +40,7 @@ func main() {
http.HandleFunc("/setup", handlers.Setup(tmpl.Lookup("setup.html"))) http.HandleFunc("/setup", handlers.Setup(tmpl.Lookup("setup.html")))
http.HandleFunc("/login", handlers.Login(tmpl.Lookup("login.html"))) http.HandleFunc("/login", handlers.Login(tmpl.Lookup("login.html")))
http.HandleFunc("/logout", handlers.Logout())
log.Printf("Starting filehost on %s\n", cfg.Port) log.Printf("Starting filehost on %s\n", cfg.Port)
log.Fatal(http.ListenAndServe(cfg.Port, nil)) log.Fatal(http.ListenAndServe(cfg.Port, nil))