50 lines
1.3 KiB
Go
50 lines
1.3 KiB
Go
package internal
|
|
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/labstack/echo/v4"
|
|
)
|
|
|
|
// AuthMiddleware checks for a valid session cookie
|
|
func AuthMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
|
|
return func(c echo.Context) error {
|
|
// Get session ID from cookie
|
|
cookie, err := c.Cookie("session_id")
|
|
if err != nil {
|
|
return c.JSON(http.StatusUnauthorized, map[string]string{
|
|
"error": "Unauthorized: No session found",
|
|
})
|
|
}
|
|
|
|
// Validate session
|
|
session, err := GetSession(cookie.Value)
|
|
if err != nil {
|
|
return c.JSON(http.StatusUnauthorized, map[string]string{
|
|
"error": "Unauthorized: Invalid or expired session",
|
|
})
|
|
}
|
|
|
|
// Store session in context for use by handlers
|
|
c.Set("session", session)
|
|
c.Set("user_id", session.UserID)
|
|
c.Set("username", session.Username)
|
|
|
|
return next(c)
|
|
}
|
|
}
|
|
|
|
// NoCacheMiddleware adds cache control headers to prevent browser caching
|
|
// This ensures that dynamic API responses are always fetched fresh from the server
|
|
func NoCacheMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
|
|
return func(c echo.Context) error {
|
|
// Set headers to prevent caching
|
|
c.Response().Header().Set("Cache-Control", "no-cache, no-store, must-revalidate, private")
|
|
c.Response().Header().Set("Pragma", "no-cache")
|
|
c.Response().Header().Set("Expires", "0")
|
|
|
|
return next(c)
|
|
}
|
|
}
|