jamtrack/internal/web/auth.go

package web

import (
	"net/http"

	"github.com/pocketbase/pocketbase/core"

	"code.osinet.fr/fgm/jamtrack/views"
)

const cookieName = "pb_auth"

// LoginGet renders the login form.
func LoginGet(e *core.RequestEvent) error {
	return views.Login("").Render(e.Request.Context(), e.Response)
}

// LoginPost handles username/password authentication and sets the session cookie.
func LoginPost(e *core.RequestEvent) error {
	username := e.Request.FormValue("username")
	password := e.Request.FormValue("password")

	record, err := e.App.FindFirstRecordByData("users", "username", username)
	if err != nil || !record.ValidatePassword(password) {
		return views.Login("Invalid username or password.").Render(e.Request.Context(), e.Response)
	}

	token, err := record.NewAuthToken()
	if err != nil {
		return views.Login("Authentication error. Please try again.").Render(e.Request.Context(), e.Response)
	}

	e.SetCookie(&http.Cookie{
		Name:     cookieName,
		Value:    token,
		Path:     "/",
		HttpOnly: true,
		SameSite: http.SameSiteLaxMode,
	})
	return e.Redirect(http.StatusFound, "/")
}

// Logout clears the session cookie and redirects to the login page.
func Logout(e *core.RequestEvent) error {
	e.SetCookie(&http.Cookie{
		Name:     cookieName,
		Value:    "",
		Path:     "/",
		MaxAge:   -1,
		HttpOnly: true,
		SameSite: http.SameSiteLaxMode,
	})
	return e.Redirect(http.StatusFound, "/login")
}

// RequireAuth is a middleware that validates the session cookie and populates
// e.Auth. Unauthenticated requests are redirected to /login.
func RequireAuth(e *core.RequestEvent) error {
	cookie, err := e.Request.Cookie(cookieName)
	if err != nil || cookie.Value == "" {
		return e.Redirect(http.StatusFound, "/login")
	}
	record, err := e.App.FindAuthRecordByToken(cookie.Value, core.TokenTypeAuth)
	if err != nil {
		return e.Redirect(http.StatusFound, "/login")
	}
	e.Auth = record
	return e.Next()
}