appidea-restapi/routers/api/v1/user/session.go

package user

import (
	"database/sql"
	"time"

	"git.umbach.dev/app-idea/rest-api/modules/database"
	"git.umbach.dev/app-idea/rest-api/modules/structs"
	"github.com/gofiber/fiber/v2"
	ua "github.com/mileusna/useragent"
	log "github.com/sirupsen/logrus"
	"gorm.io/gorm"
)

func isSessionIdValid(sessionId string) bool {
	deleteExpiredSessions(database.DB)

	var res string
	var db = database.DB

	db.Raw("SELECT session_id FROM sessions WHERE session_id = ?", sessionId).Scan(&res)

	if res == "" {
		return false
	} else {
		return true
	}
}

func deleteSession(db *sql.DB, sessionId string) {
	_, err := db.Exec("DELETE FROM sessions WHERE session_id = ?", sessionId)

	if err != nil {
		log.Warnln("err deleting session:", err)
	}
}

func deleteExpiredSessions(db *gorm.DB) {
	var res string

	db.Raw("DELETE FROM sessions WHERE expires < ?", time.Now()).Scan(&res)
}

func createUserSession(db *gorm.DB, userId string, ip string, userAgent string) (string, error) {
	sessionId, err := generateRandomString(32, 1)

	if err != nil {
		log.Warnln("Failed to generate user session:", err)
		return "", err
	}

	ua := ua.Parse(userAgent)
	session := structs.Session{UserId: userId, SessionId: sessionId, IP: ip, UserAgent: ua.OS + " " + ua.Name, LastLogin: time.Now(), Expires: getUserSessionExpiresTime()}

	res := db.Create(&session)

	if res.Error != nil {
		log.Warnln("failed to create session:", res.Error)
		return "", err
	}

	return sessionId, nil
}

func getUserSessionExpiresTime() time.Time {
	return time.Now().Add(time.Hour * time.Duration(cfg.Settings.Expires.UserSession))
}

func SessionIdCheck(c *fiber.Ctx) error {
	sessionId := c.Cookies("session_id")

	if sessionId == "" {
		return fiber.ErrUnauthorized
	}

	valid := isSessionIdValid(sessionId)

	if valid {
		return c.Next()
	}

	return fiber.ErrUnauthorized
}