efdc16babe
- Add handlers_auth.go: SignupPageHandler + SignupPostHandler (validate -> hash -> insert -> session -> redirect)
- Add AuthDeps struct; wire argon2id hash, InsertUser, Store.Create, SetSessionCookie
- Update router.go: NewRouter accepts AuthDeps; mount ResolveSession (D-24); wire /signup routes behind RedirectIfAuthed
- Update cmd/web/main.go: build AuthDeps (sqlc.Queries + auth.Store + secure flag) and pass to NewRouter
- Add nil-Store guard to auth.ResolveSession for Phase 1 unit-test compatibility
- Update handlers_test.go: pass AuthDeps{} zero value to NewRouter (Phase 1 routes unaffected)
- Add testdb_test.go: isolated-schema test helper for web package integration tests
- Add handlers_auth_test.go: 8 TestSignup_* integration tests (all pass against real Postgres)
126 lines
4.5 KiB
Go
126 lines
4.5 KiB
Go
package auth
|
|
|
|
import (
|
|
"context"
|
|
"log/slog"
|
|
"net/http"
|
|
)
|
|
|
|
// sessionCtxKey is the unexported context key type for session data owned by
|
|
// this package. Using an unexported named struct prevents collisions with
|
|
// other packages' context keys.
|
|
type sessionCtxKey struct{}
|
|
|
|
// sessionKey is the singleton key value used in context.WithValue.
|
|
var sessionKey = sessionCtxKey{}
|
|
|
|
// authed holds the resolved session and user attached to a request context.
|
|
type authed struct {
|
|
Session *Session
|
|
User *User
|
|
}
|
|
|
|
// Authed extracts the session and user from the request context.
|
|
// Returns (session, user, true) when a valid session is present, and
|
|
// (nil, nil, false) when the request is unauthenticated.
|
|
func Authed(ctx context.Context) (*Session, *User, bool) {
|
|
a, ok := ctx.Value(sessionKey).(*authed)
|
|
if !ok || a == nil {
|
|
return nil, nil, false
|
|
}
|
|
return a.Session, a.User, true
|
|
}
|
|
|
|
// ResolveSession reads the session cookie, looks up the session + user, and
|
|
// attaches them to the request context. It NEVER blocks the request — missing
|
|
// or invalid sessions are silently ignored; RequireAuth enforces access.
|
|
//
|
|
// When store is nil (e.g. in Phase 1 unit tests that pass a zero AuthDeps),
|
|
// the middleware is a no-op pass-through. Cookie resolution only happens when
|
|
// store is non-nil and a cookie is present.
|
|
//
|
|
// On a valid session hit, MaybeExtend is called best-effort (logged but not
|
|
// fatal) to implement the sliding 30-day TTL (D-09).
|
|
func ResolveSession(store *Store) func(http.Handler) http.Handler {
|
|
return func(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
// Nil-store guard: Phase 1 route tests pass AuthDeps{} (zero value).
|
|
if store == nil {
|
|
next.ServeHTTP(w, r)
|
|
return
|
|
}
|
|
|
|
cookie, err := r.Cookie(SessionCookieName)
|
|
if err != nil || cookie.Value == "" {
|
|
// No cookie — pass through unauthenticated.
|
|
next.ServeHTTP(w, r)
|
|
return
|
|
}
|
|
|
|
sess, user, err := store.Lookup(r.Context(), cookie.Value)
|
|
if err != nil {
|
|
// Invalid / expired / tampered cookie — do NOT clear the cookie
|
|
// here; the handler or RequireAuth will decide what to do.
|
|
next.ServeHTTP(w, r)
|
|
return
|
|
}
|
|
|
|
// Session found — attempt lazy extension (D-09). Best-effort: log on
|
|
// error but do not fail the request.
|
|
if extErr := store.MaybeExtend(r.Context(), sess.ID, sess.ExpiresAt); extErr != nil {
|
|
slog.Default().Warn("session extend failed", "session_id", sess.ID, "err", extErr)
|
|
}
|
|
|
|
// Attach session + user to context for downstream handlers.
|
|
ctx := context.WithValue(r.Context(), sessionKey, &authed{Session: sess, User: user})
|
|
next.ServeHTTP(w, r.WithContext(ctx))
|
|
})
|
|
}
|
|
}
|
|
|
|
// RequireAuth is middleware that enforces an authenticated session.
|
|
// If no session is present in the context (set by ResolveSession), it
|
|
// redirects unauth requests to /login:
|
|
// - HTMX requests (HX-Request: true) → 200 with HX-Redirect: /login header
|
|
// - Plain requests → 303 See Other with Location: /login
|
|
//
|
|
// 303 is mandated (not 302) per D-23 and Pitfall 9: POST/Redirect/GET pattern
|
|
// requires 303 to guarantee the redirect uses GET.
|
|
func RequireAuth(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
if _, _, ok := Authed(r.Context()); !ok {
|
|
redirectTo(w, r, "/login")
|
|
return
|
|
}
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
|
|
// RedirectIfAuthed bounces already-authenticated users away from auth pages
|
|
// (e.g. /login, /signup) to the home route. This prevents authed users from
|
|
// accidentally re-logging-in and rotating their session unnecessarily.
|
|
// - HTMX requests → 200 with HX-Redirect: /
|
|
// - Plain requests → 303 See Other with Location: /
|
|
func RedirectIfAuthed(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
if _, _, ok := Authed(r.Context()); ok {
|
|
redirectTo(w, r, "/")
|
|
return
|
|
}
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
|
|
// redirectTo performs an HTMX-aware redirect:
|
|
// - When the request carries HX-Request: true, it returns 200 with an
|
|
// HX-Redirect header so HTMX can handle the navigation client-side
|
|
// (Pattern 5 — avoids confusing HTMX with a 303 response).
|
|
// - For plain browser requests it uses 303 See Other (NOT 302 — Pitfall 9).
|
|
func redirectTo(w http.ResponseWriter, r *http.Request, target string) {
|
|
if r.Header.Get("HX-Request") == "true" {
|
|
w.Header().Set("HX-Redirect", target)
|
|
w.WriteHeader(http.StatusOK)
|
|
return
|
|
}
|
|
http.Redirect(w, r, target, http.StatusSeeOther)
|
|
}
|