isoppp
diff --git a/‎cmd/api/main.go
+5 b/‎cmd/api/main.go
+5
diff --git a/‎db/migrations/000002_add_session_table.down.sql
+1 b/‎db/migrations/000002_add_session_table.down.sql
+1
diff --git a/‎db/migrations/000002_add_session_table.up.sql
+11 b/‎db/migrations/000002_add_session_table.up.sql
+11
diff --git a/‎go.mod
+6 b/‎go.mod
+6
diff --git a/‎go.sum
+13-4 b/‎go.sum
+13-4
diff --git a/‎internal/handlers/session.go
+73 b/‎internal/handlers/session.go
+73
diff --git a/‎internal/handlers/status.go
+15 b/‎internal/handlers/status.go
+15
diff --git a/‎internal/routes/middlewares.go
+37 b/‎internal/routes/middlewares.go
+37
diff --git a/‎internal/routes/routes.go
+8-2 b/‎internal/routes/routes.go
+8-2
diff --git a/‎internal/scookie/scookie.go
+10 b/‎internal/scookie/scookie.go
+10
diff --git a/‎internal/util/random.go
+37 b/‎internal/util/random.go
+37
@@ -7,6 +7,8 @@ import (
 	"sandbox-go-api-sqlboiler-rest-auth/internal/config"
 	"sandbox-go-api-sqlboiler-rest-auth/internal/routes"
 
+	"github.com/volatiletech/sqlboiler/v4/boil"
+
 	"go.uber.org/zap/zapcore"
 
 	"go.uber.org/zap"
@@ -42,6 +44,9 @@ func main() {
 		_ = db.Close()
 	}()
 
+	// sqlboiler debug mode
+	boil.DebugMode = true
+
 	e := routes.NewRouter(db, logger)
 	e.Logger.Fatal(e.Start(fmt.Sprintf(":%s", cfg.Port)))
 }
@@ -0,0 +1 @@
+DROP TABLE IF EXISTS sessions;
@@ -0,0 +1,11 @@
+CREATE TABLE "sessions"
+(
+    "id"         uuid PRIMARY KEY NOT NULL,
+    "user_id"    int              NOT NULL,
+    "expires_at" timestamp        NOT NULL,
+    "created_at" timestamptz      NOT NULL DEFAULT (now())
+);
+
+ALTER TABLE "sessions"
+    ADD FOREIGN KEY ("user_id") REFERENCES "users" ("id");
+CREATE INDEX ON "sessions" ("expires_at");
@@ -5,6 +5,8 @@ go 1.17
 require (
 	github.com/caarlos0/env/v6 v6.7.1
 	github.com/friendsofgo/errors v0.9.2
+	github.com/google/uuid v1.3.0
+	github.com/gorilla/securecookie v1.1.1
 	github.com/kat-co/vala v0.0.0-20170210184112-42e1d8b61f12
 	github.com/labstack/echo/v4 v4.5.0
 	github.com/lib/pq v1.10.3
@@ -20,12 +22,15 @@ require (
 	github.com/gofrs/uuid v3.2.0+incompatible // indirect
 	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/kr/text v0.2.0 // indirect
 	github.com/labstack/gommon v0.3.0 // indirect
 	github.com/magiconair/properties v1.8.5 // indirect
 	github.com/mattn/go-colorable v0.1.8 // indirect
 	github.com/mattn/go-isatty v0.0.12 // indirect
 	github.com/mitchellh/mapstructure v1.4.1 // indirect
+	github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
 	github.com/pelletier/go-toml v1.9.3 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
 	github.com/spf13/afero v1.6.0 // indirect
 	github.com/spf13/cast v1.3.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
@@ -42,6 +47,7 @@ require (
 	golang.org/x/text v0.3.6 // indirect
 	golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
+	gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect
 	gopkg.in/ini.v1 v1.62.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
@@ -77,6 +77,7 @@ github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -175,10 +176,14 @@ github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
+github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
@@ -224,11 +229,11 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/labstack/echo/v4 v4.5.0 h1:JXk6H5PAw9I3GwizqUHhYyS4f45iyGebR/c1xNCeOCY=
 github.com/labstack/echo/v4 v4.5.0/go.mod h1:czIriw4a0C1dFun+ObrXp7ok03xON0N1awStJ6ArI7Y=
 github.com/labstack/gommon v0.3.0 h1:JEeO0bvc78PKdyHxloTKiF8BD5iGrH8T6MSeGvSgob0=
@@ -268,14 +273,17 @@ github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJ
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pelletier/go-toml v1.9.3 h1:zeC5b1GviRUyKYd6OJPvBU/mcVDVoL1OhT17FCt5dSQ=
 github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -716,8 +724,9 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 
@@ -0,0 +1,73 @@
+package handlers
+
+import (
+	"context"
+	"net/http"
+	"sandbox-go-api-sqlboiler-rest-auth/internal/scookie"
+	"sandbox-go-api-sqlboiler-rest-auth/models"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/volatiletech/sqlboiler/v4/boil"
+
+	"github.com/volatiletech/sqlboiler/v4/queries/qm"
+
+	"github.com/labstack/echo/v4"
+)
+
+type CreateSessionRequest struct {
+	Email    string `json:"email"`
+	Password string `json:"password"`
+}
+
+func (h *Handlers) CreateSession(c echo.Context) error {
+	ctx := context.Background()
+	req := new(CreateUserRequest)
+	if err := c.Bind(req); err != nil {
+		return echo.NewHTTPError(http.StatusBadRequest, err.Error())
+	}
+
+	ok, _ := models.Users(qm.Where("email = ?", req.Email)).Exists(ctx, h.db)
+	if !ok {
+		return echo.NewHTTPError(http.StatusNotFound, http.StatusText(http.StatusNotFound))
+	}
+	u, err := models.Users(qm.Where("email = ?", req.Email)).One(ctx, h.db)
+	if err != nil {
+		return echo.NewHTTPError(http.StatusInternalServerError)
+	}
+	h.slogger.Info(u)
+	if u.HashedPassword != req.Password {
+		return echo.NewHTTPError(http.StatusBadRequest)
+	}
+
+	var s models.Session
+	var uid, _ = uuid.NewUUID()
+	s.ID = uid.String()
+	s.UserID = u.ID
+	s.ExpiresAt = time.Now().Add(time.Hour * 24 * 30)
+	err = s.Insert(ctx, h.db, boil.Infer())
+	if err != nil {
+		return echo.NewHTTPError(http.StatusInternalServerError)
+	}
+
+	sc := scookie.NewSecureCookie()
+	encoded, err := sc.Encode("session", s.ID)
+	if err != nil {
+		return echo.NewHTTPError(http.StatusInternalServerError)
+	}
+	cookie := &http.Cookie{
+		Name:     "session",
+		Value:    encoded,
+		Path:     "/",
+		Expires:  time.Now().Add(time.Hour * 24 * 30),
+		Secure:   true,
+		HttpOnly: true,
+		SameSite: 2,
+	}
+	c.SetCookie(cookie)
+	return c.NoContent(http.StatusNoContent)
+}
+
+func (h *Handlers) DeleteSession(c echo.Context) error {
+	return c.NoContent(http.StatusNoContent)
+}
@@ -1,11 +1,26 @@
 package handlers
 
 import (
+	"fmt"
 	"net/http"
+	"sandbox-go-api-sqlboiler-rest-auth/models"
 
 	"github.com/labstack/echo/v4"
 )
 
+type CookieValue struct {
+	UserID int
+	Name   string
+}
+
 func (h *Handlers) GetStatus(c echo.Context) error {
+	var u *models.User
+	uv := c.Get("user")
+	if uv != nil {
+		u = uv.(*models.User)
+		fmt.Println("user data?", u)
+	} else {
+		fmt.Println("not set user session")
+	}
 	return c.String(http.StatusOK, "server is running")
 }
@@ -1,7 +1,10 @@
 package routes
 
 import (
+	"database/sql"
 	"fmt"
+	"sandbox-go-api-sqlboiler-rest-auth/internal/scookie"
+	"sandbox-go-api-sqlboiler-rest-auth/models"
 	"time"
 
 	"go.uber.org/zap"
@@ -10,6 +13,40 @@ import (
 	"github.com/labstack/echo/v4"
 )
 
+func SessionRestorer(db *sql.DB) echo.MiddlewareFunc {
+	return func(next echo.HandlerFunc) echo.HandlerFunc {
+		return func(c echo.Context) error {
+			fmt.Println("test middleware")
+			sc := scookie.NewSecureCookie()
+
+			cv, err := c.Cookie("session")
+			if err != nil {
+				return next(c)
+			}
+
+			var dv string
+			err = sc.Decode("session", cv.Value, &dv)
+			if err != nil {
+				return echo.NewHTTPError(500, "cannot decode cookie", err)
+			}
+			fmt.Println("got cookie(session id): ", dv)
+
+			sess, err := models.FindSession(c.Request().Context(), db, dv)
+			if err != nil {
+				// maybe wrong cookie id?
+				return echo.NewHTTPError(500, "cannot get cookie, but got session id", dv, err)
+			}
+			user, err := sess.User().One(c.Request().Context(), db)
+			if err != nil {
+				return echo.NewHTTPError(500, "cannod find user from session relation", dv, err)
+			}
+			fmt.Println("got user in middleware", user)
+			c.Set("user", user)
+			return next(c)
+		}
+	}
+}
+
 func ZapLogger(log *zap.Logger) echo.MiddlewareFunc {
 	return func(next echo.HandlerFunc) echo.HandlerFunc {
 		return func(c echo.Context) error {
 
@@ -17,7 +17,7 @@ import (
 func NewRouter(db *sql.DB, l *zap.Logger) *echo.Echo {
 	h := handlers.NewHandler(db, l)
 	e := echo.New()
-	bindRouteMiddlewares(e, l)
+	bindRouteMiddlewares(e, l, db)
 
 	// routes
 	e.GET("/api/status", h.GetStatus)
@@ -28,20 +28,26 @@ func NewRouter(db *sql.DB, l *zap.Logger) *echo.Echo {
 }
 
 func bindRoutes(e *echo.Echo, h *handlers.Handlers) {
+	// session
+	e.POST("/api/v1/sessions", h.CreateSession)
+	e.DELETE("/api/v1/sessions", h.DeleteSession)
+
+	// users
 	e.GET("/api/v1/users", h.GetUsers)
 	e.POST("/api/v1/users", h.CreateUser)
 	e.GET("/api/v1/users/:id", h.GetUser)
 	e.PATCH("/api/v1/users/:id", h.PatchUser)
 	e.DELETE("/api/v1/users/:id", h.DeleteUser)
 }
 
-func bindRouteMiddlewares(e *echo.Echo, logger *zap.Logger) {
+func bindRouteMiddlewares(e *echo.Echo, logger *zap.Logger, db *sql.DB) {
 	// middlewares
 	e.Pre(middleware.RemoveTrailingSlash())
 	e.Use(ZapLogger(logger))
 	e.Use(middleware.RateLimiter(middleware.NewRateLimiterMemoryStore(20)))
 	e.Use(middleware.SecureWithConfig(middleware.SecureConfig{}))
 	e.Use(middleware.TimeoutWithConfig(middleware.TimeoutConfig{}))
+	e.Use(SessionRestorer(db))
 
 	// middlewares if production
 	//e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
 
@@ -0,0 +1,10 @@
+package scookie
+
+import (
+	"github.com/gorilla/securecookie"
+)
+
+func NewSecureCookie() *securecookie.SecureCookie {
+	var hashKey = []byte("jkb2kJU4C6ad11DOFElCYMhtF8kvw75n")
+	return securecookie.New(hashKey, nil)
+}
@@ -0,0 +1,37 @@
+package util
+
+import (
+	"fmt"
+	"math/rand"
+	"strings"
+	"time"
+)
+
+const alphabet = "abcdefghijklmnopqrstuvwxyz"
+
+func init() {
+	rand.Seed(time.Now().UnixNano())
+}
+
+// RandomInt generates a random integer between min and max
+func RandomInt(min, max int) int {
+	return min + rand.Intn(max-min+1)
+}
+
+// RandomString generates a random string of length n
+func RandomString(n int) string {
+	var sb strings.Builder
+	k := len(alphabet)
+
+	for i := 0; i < n; i++ {
+		c := alphabet[rand.Intn(k)]
+		sb.WriteByte(c)
+	}
+
+	return sb.String()
+}
+
+// RandomEmail generates a random email
+func RandomEmail() string {
+	return fmt.Sprintf("%[email protected]", RandomString(6))
+}