add middleware which sets user from session

isoppp · isoppp · commit 7a8d52b5190a · 2021-09-20T11:06:19.000+09:00
diff --git a/internal/handlers/status.go b/internal/handlers/status.go
@@ -1,11 +1,26 @@
 package handlers
 
 import (
+	"fmt"
 	"net/http"
+	"sandbox-go-api-sqlboiler-rest-auth/models"
 
 	"github.com/labstack/echo/v4"
 )
 
+type CookieValue struct {
+	UserID int
+	Name   string
+}
+
 func (h *Handlers) GetStatus(c echo.Context) error {
+	var u *models.User
+	uv := c.Get("user")
+	if uv != nil {
+		u = uv.(*models.User)
+		fmt.Println("user data?", u)
+	} else {
+		fmt.Println("not set user session")
+	}
 	return c.String(http.StatusOK, "server is running")
 }
diff --git a/internal/routes/middlewares.go b/internal/routes/middlewares.go
@@ -1,7 +1,10 @@
 package routes
 
 import (
+	"database/sql"
 	"fmt"
+	"sandbox-go-api-sqlboiler-rest-auth/internal/scookie"
+	"sandbox-go-api-sqlboiler-rest-auth/models"
 	"time"
 
 	"go.uber.org/zap"
@@ -10,6 +13,40 @@ import (
 	"github.com/labstack/echo/v4"
 )
 
+func SessionRestorer(db *sql.DB) echo.MiddlewareFunc {
+	return func(next echo.HandlerFunc) echo.HandlerFunc {
+		return func(c echo.Context) error {
+			fmt.Println("test middleware")
+			sc := scookie.NewSecureCookie()
+
+			cv, err := c.Cookie("session")
+			if err != nil {
+				return next(c)
+			}
+
+			var dv string
+			err = sc.Decode("session", cv.Value, &dv)
+			if err != nil {
+				return echo.NewHTTPError(500, "cannot decode cookie", err)
+			}
+			fmt.Println("got cookie(session id): ", dv)
+
+			sess, err := models.FindSession(c.Request().Context(), db, dv)
+			if err != nil {
+				// maybe wrong cookie id?
+				return echo.NewHTTPError(500, "cannot get cookie, but got session id", dv, err)
+			}
+			user, err := sess.User().One(c.Request().Context(), db)
+			if err != nil {
+				return echo.NewHTTPError(500, "cannod find user from session relation", dv, err)
+			}
+			fmt.Println("got user in middleware", user)
+			c.Set("user", user)
+			return next(c)
+		}
+	}
+}
+
 func ZapLogger(log *zap.Logger) echo.MiddlewareFunc {
 	return func(next echo.HandlerFunc) echo.HandlerFunc {
 		return func(c echo.Context) error {
diff --git a/internal/routes/routes.go b/internal/routes/routes.go
@@ -17,7 +17,7 @@ import (
 func NewRouter(db *sql.DB, l *zap.Logger) *echo.Echo {
 	h := handlers.NewHandler(db, l)
 	e := echo.New()
-	bindRouteMiddlewares(e, l)
+	bindRouteMiddlewares(e, l, db)
 
 	// routes
 	e.GET("/api/status", h.GetStatus)
@@ -40,13 +40,14 @@ func bindRoutes(e *echo.Echo, h *handlers.Handlers) {
 	e.DELETE("/api/v1/users/:id", h.DeleteUser)
 }
 
-func bindRouteMiddlewares(e *echo.Echo, logger *zap.Logger) {
+func bindRouteMiddlewares(e *echo.Echo, logger *zap.Logger, db *sql.DB) {
 	// middlewares
 	e.Pre(middleware.RemoveTrailingSlash())
 	e.Use(ZapLogger(logger))
 	e.Use(middleware.RateLimiter(middleware.NewRateLimiterMemoryStore(20)))
 	e.Use(middleware.SecureWithConfig(middleware.SecureConfig{}))
 	e.Use(middleware.TimeoutWithConfig(middleware.TimeoutConfig{}))
+	e.Use(SessionRestorer(db))
 
 	// middlewares if production
 	//e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
