neko/internal/api/session.go

package api

import (
	"net/http"
	"os"
	"time"

	"demodesk/neko/internal/http/auth"
	"demodesk/neko/internal/types"
	"demodesk/neko/internal/utils"
)

var CookieExpirationDate = time.Now().Add(365 * 24 * time.Hour)
var UnsecureCookies = os.Getenv("DISABLE_SECURE_COOKIES") == "true"

type SessionLoginPayload struct {
	Username string `json:"username"`
	Password string `json:"password"`
}

type SessionDataPayload struct {
	ID      string              `json:"id"`
	Profile types.MemberProfile `json:"profile"`
	State   types.SessionState  `json:"state"`
}

func (api *ApiManagerCtx) Login(w http.ResponseWriter, r *http.Request) {
	data := &SessionLoginPayload{}
	if !utils.HttpJsonRequest(w, r, data) {
		return
	}

	session, token, err := api.members.Login(data.Username, data.Password)
	if err != nil {
		utils.HttpUnauthorized(w, err)
		return
	}

	sameSite := http.SameSiteNoneMode
	if UnsecureCookies {
		sameSite = http.SameSiteDefaultMode
	}

	http.SetCookie(w, &http.Cookie{
		Name:     "NEKO_SESSION",
		Value:    token,
		Expires:  CookieExpirationDate,
		Secure:   !UnsecureCookies,
		SameSite: sameSite,
		HttpOnly: true,
	})

	utils.HttpSuccess(w, SessionDataPayload{
		ID:      session.ID(),
		Profile: session.Profile(),
		State:   session.State(),
	})
}

func (api *ApiManagerCtx) Logout(w http.ResponseWriter, r *http.Request) {
	session := auth.GetSession(r)

	err := api.members.Logout(session.ID())
	if err != nil {
		utils.HttpUnauthorized(w, err)
		return
	}

	sameSite := http.SameSiteNoneMode
	if UnsecureCookies {
		sameSite = http.SameSiteDefaultMode
	}

	http.SetCookie(w, &http.Cookie{
		Name:     "NEKO_SESSION",
		Value:    "",
		Expires:  time.Unix(0, 0),
		Secure:   !UnsecureCookies,
		SameSite: sameSite,
		HttpOnly: true,
	})

	utils.HttpSuccess(w, true)
}

func (api *ApiManagerCtx) Whoami(w http.ResponseWriter, r *http.Request) {
	session := auth.GetSession(r)

	utils.HttpSuccess(w, SessionDataPayload{
		ID:      session.ID(),
		Profile: session.Profile(),
		State:   session.State(),
	})
}