migrated out cookies module

go.mod

@@ -3,8 +3,9 @@ module projectreshoot
 go 1.25.5
 
 require (
+	git.haelnorr.com/h/golib/cookies v0.9.0
 	git.haelnorr.com/h/golib/hlog v0.9.0
-	git.haelnorr.com/h/golib/jwt v0.9.0
+	git.haelnorr.com/h/golib/jwt v0.9.2
 	git.haelnorr.com/h/golib/tmdb v0.8.0
 	github.com/a-h/templ v0.3.977
 	github.com/joho/godotenv v1.5.1
@@ -15,8 +16,6 @@ require (
 	modernc.org/sqlite v1.35.0
 )
 
-replace git.haelnorr.com/h/golib/jwt v0.9.0 => /home/haelnorr/projects/golib/jwt
-
 require (
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect

go.sum

@@ -1,5 +1,9 @@
+git.haelnorr.com/h/golib/cookies v0.9.0 h1:Vf+eX1prHkKuGrQon1BHY87yaPc1H+HJFRXDOV/AuWs=
+git.haelnorr.com/h/golib/cookies v0.9.0/go.mod h1:y1385YExI9gLwckCVDCYVcsFXr6N7T3brJjnJD2QIuo=
 git.haelnorr.com/h/golib/hlog v0.9.0 h1:ib8n2MdmiRK2TF067p220kXmhDe9aAnlcsgpuv+QpvE=
 git.haelnorr.com/h/golib/hlog v0.9.0/go.mod h1:oOlzb8UVHUYP1k7dN5PSJXVskAB2z8EYgRN85jAi0Zk=
+git.haelnorr.com/h/golib/jwt v0.9.2 h1:l1Ow7DPGACAU54CnMP/NlZjdc4nRD1wr3xZ8a7taRvU=
+git.haelnorr.com/h/golib/jwt v0.9.2/go.mod h1:fbuPrfucT9lL0faV5+Q5Gk9WFJxPlwzRPpbMQKYZok4=
 git.haelnorr.com/h/golib/tmdb v0.8.0 h1:OQ6M2TB8FHm8fJD7/ebfWm63Duzfp0kmFX9genEig34=
 git.haelnorr.com/h/golib/tmdb v0.8.0/go.mod h1:mGKYa3o3z0IsQ5EO3MPmnL2Bwl2sSMsUHXVgaIGR7Z0=
 github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU=

internal/handler/account.go

@@ -10,8 +10,8 @@ import (
 	"projectreshoot/internal/view/component/account"
 	"projectreshoot/internal/view/page"
 	"projectreshoot/pkg/contexts"
-	"projectreshoot/pkg/cookies"
 
+	"git.haelnorr.com/h/golib/cookies"
 	"git.haelnorr.com/h/golib/hlog"
 
 	"github.com/pkg/errors"

internal/handler/login.go

@@ -10,8 +10,8 @@ import (
 	"projectreshoot/internal/view/component/form"
 	"projectreshoot/internal/view/page"
 	"projectreshoot/pkg/config"
-	"projectreshoot/pkg/cookies"
 
+	"git.haelnorr.com/h/golib/cookies"
 	"git.haelnorr.com/h/golib/hlog"
 	"git.haelnorr.com/h/golib/jwt"
 	"github.com/pkg/errors"
@@ -82,7 +82,7 @@ func LoginRequest(
 			}
 
 			rememberMe := checkRememberMe(r)
-			err = cookies.SetTokenCookies(w, r, config, tokenGen, user, true, rememberMe)
+			err = jwt.SetTokenCookies(w, r, tokenGen, user.ID, true, rememberMe, config.SSL)
 			if err != nil {
 				tx.Rollback()
 				w.WriteHeader(http.StatusInternalServerError)

internal/handler/logout.go

@@ -7,8 +7,7 @@ import (
 	"strings"
 	"time"
 
-	"projectreshoot/pkg/cookies"
+	"git.haelnorr.com/h/golib/cookies"
-
 	"git.haelnorr.com/h/golib/hlog"
 	"git.haelnorr.com/h/golib/jwt"
 
@@ -62,7 +61,7 @@ func revokeTokens(
 	r *http.Request,
 ) error {
 	// get the tokens from the cookies
-	atStr, rtStr := cookies.GetTokenStrings(r)
+	atStr, rtStr := jwt.GetTokenCookies(r)
 	// revoke the refresh token first as the access token expires quicker
 	// only matters if there is an error revoking the tokens
 	err := revokeRefresh(tokenGen, tx, rtStr)

internal/handler/reauthenticatate.go

@@ -9,7 +9,6 @@ import (
 	"projectreshoot/internal/view/component/form"
 	"projectreshoot/pkg/config"
 	"projectreshoot/pkg/contexts"
-	"projectreshoot/pkg/cookies"
 
 	"git.haelnorr.com/h/golib/hlog"
 	"git.haelnorr.com/h/golib/jwt"
@@ -24,7 +23,7 @@ func getTokens(
 	r *http.Request,
 ) (*jwt.AccessToken, *jwt.RefreshToken, error) {
 	// get the existing tokens from the cookies
-	atStr, rtStr := cookies.GetTokenStrings(r)
+	atStr, rtStr := jwt.GetTokenCookies(r)
 	aT, err := tokenGen.ValidateAccess(tx, atStr)
 	if err != nil {
 		return nil, nil, errors.Wrap(err, "tokenGen.ValidateAccess")
@@ -71,7 +70,7 @@ func refreshTokens(
 	}[aT.TTL]
 	// issue new tokens for the user
 	user := contexts.GetUser(r.Context())
-	err = cookies.SetTokenCookies(w, r, config, tokenGen, user.User, true, rememberMe)
+	err = jwt.SetTokenCookies(w, r, tokenGen, user.ID, true, rememberMe, config.SSL)
 	if err != nil {
 		return errors.Wrap(err, "cookies.SetTokenCookies")
 	}

internal/handler/register.go

@@ -10,8 +10,8 @@ import (
 	"projectreshoot/internal/view/component/form"
 	"projectreshoot/internal/view/page"
 	"projectreshoot/pkg/config"
-	"projectreshoot/pkg/cookies"
 
+	"git.haelnorr.com/h/golib/cookies"
 	"git.haelnorr.com/h/golib/hlog"
 	"git.haelnorr.com/h/golib/jwt"
 
@@ -80,7 +80,7 @@ func RegisterRequest(
 			}
 
 			rememberMe := checkRememberMe(r)
-			err = cookies.SetTokenCookies(w, r, config, tokenGen, user, true, rememberMe)
+			err = jwt.SetTokenCookies(w, r, tokenGen, user.ID, true, rememberMe, config.SSL)
 			if err != nil {
 				tx.Rollback()
 				w.WriteHeader(http.StatusInternalServerError)

internal/middleware/authentication.go

@@ -11,8 +11,8 @@ import (
 	"projectreshoot/internal/models"
 	"projectreshoot/pkg/config"
 	"projectreshoot/pkg/contexts"
-	"projectreshoot/pkg/cookies"
 
+	"git.haelnorr.com/h/golib/cookies"
 	"git.haelnorr.com/h/golib/hlog"
 	"git.haelnorr.com/h/golib/jwt"
 	"github.com/pkg/errors"
@@ -38,7 +38,7 @@ func refreshAuthTokens(
 	}[ref.TTL]
 
 	// Set fresh to true because new tokens coming from refresh request
-	err = cookies.SetTokenCookies(w, req, config, tokenGen, user, false, rememberMe)
+	err = jwt.SetTokenCookies(w, req, tokenGen, user.ID, false, rememberMe, config.SSL)
 	if err != nil {
 		return nil, errors.Wrap(err, "cookies.SetTokenCookies")
 	}
@@ -60,7 +60,7 @@ func getAuthenticatedUser(
 	r *http.Request,
 ) (*contexts.AuthenticatedUser, error) {
 	// Get token strings from cookies
-	atStr, rtStr := cookies.GetTokenStrings(r)
+	atStr, rtStr := jwt.GetTokenCookies(r)
 	if atStr == "" && rtStr == "" {
 		return nil, errors.New("No token strings provided")
 	}

internal/view/layout/global.templ

@@ -19,18 +19,20 @@ templ Global(title string) {
 	>
 		<head>
 			<script>
-                (function () {
+				(function () {
-                    let theme = localStorage.getItem("theme") || "system";
+					let theme = localStorage.getItem("theme") || "system";
-                    if (theme === "system") {
+					if (theme === "system") {
-                        theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? "dark" : "light";
+						theme = window.matchMedia("(prefers-color-scheme: dark)").matches
-                    }
+							? "dark"
-                    if (theme === "dark") {
+							: "light";
-                        document.documentElement.classList.add("dark");
+					}
-                    } else {
+					if (theme === "dark") {
-                        document.documentElement.classList.remove("dark");
+						document.documentElement.classList.add("dark");
-                    }
+					} else {
-                })();
+						document.documentElement.classList.remove("dark");
-            </script>
+					}
+				})();
+			</script>
 			<meta charset="UTF-8"/>
 			<meta name="viewport" content="width=device-width, initial-scale=1"/>
 			<title>{ title }</title>
@@ -40,48 +42,48 @@ templ Global(title string) {
 			<script defer src="https://cdn.jsdelivr.net/npm/@alpinejs/persist@3.x.x/dist/cdn.min.js"></script>
 			<script src="https://unpkg.com/alpinejs" defer></script>
 			<script>
-                // uncomment this line to enable logging of htmx events
+				// uncomment this line to enable logging of htmx events
-                // htmx.logAll();
+				// htmx.logAll();
-            </script>
+			</script>
 			<script>
-                const bodyData = {
+				const bodyData = {
-                    showError500: false,
+					showError500: false,
-                    showError503: false,
+					showError503: false,
-                    showConfirmPasswordModal: false,
+					showConfirmPasswordModal: false,
-                    handleHtmxBeforeOnLoad(event) {
+					handleHtmxBeforeOnLoad(event) {
-                        const requestPath = event.detail.pathInfo.requestPath;
+						const requestPath = event.detail.pathInfo.requestPath;
-                        if (requestPath === "/reauthenticate") {
+						if (requestPath === "/reauthenticate") {
-                            // handle password incorrect on refresh attempt
+							// handle password incorrect on refresh attempt
-                            if (event.detail.xhr.status === 445) {
+							if (event.detail.xhr.status === 445) {
-                                event.detail.shouldSwap = true;
+								event.detail.shouldSwap = true;
-                                event.detail.isError = false;
+								event.detail.isError = false;
-                            } else if (event.detail.xhr.status === 200) {
+							} else if (event.detail.xhr.status === 200) {
-                                this.showConfirmPasswordModal = false;
+								this.showConfirmPasswordModal = false;
-                            }
+							}
-                        }
+						}
-                    },
+					},
-                    // handle errors from the server on HTMX requests
+					// handle errors from the server on HTMX requests
-                    handleHtmxError(event) {
+					handleHtmxError(event) {
-                        const errorCode = event.detail.errorInfo.error;
+						const errorCode = event.detail.errorInfo.error;
-                  
+
-                        // internal server error 
+						// internal server error
-                        if (errorCode.includes('Code 500')) {
+						if (errorCode.includes("Code 500")) {
-                            this.showError500 = true;
+							this.showError500 = true;
-                            setTimeout(() => this.showError500 = false, 6000);
+							setTimeout(() => (this.showError500 = false), 6000);
-                        }
+						}
-                        // service not available error
+						// service not available error
-                        if (errorCode.includes('Code 503')) {
+						if (errorCode.includes("Code 503")) {
-                            this.showError503 = true;
+							this.showError503 = true;
-                            setTimeout(() => this.showError503 = false, 6000);
+							setTimeout(() => (this.showError503 = false), 6000);
-                        }
+						}
-                  
+
-                        // user is authorized but needs to refresh their login
+						// user is authorized but needs to refresh their login
-                        if (errorCode.includes('Code 444')) {
+						if (errorCode.includes("Code 444")) {
-                            this.showConfirmPasswordModal = true;
+							this.showConfirmPasswordModal = true;
-                        }
+						}
-                    },
+					},
-                };
+				};
-            </script>
+			</script>
 		</head>
 		<body
 			class="bg-base text-text ubuntu-mono-regular overflow-x-hidden"

pkg/cookies/functions.go

@@ -1,37 +0,0 @@
-package cookies
-
-import (
-	"net/http"
-	"time"
-)
-
-// Tell the browser to delete the cookie matching the name provided
-// Path must match the original set cookie for it to delete
-func DeleteCookie(w http.ResponseWriter, name string, path string) {
-	http.SetCookie(w, &http.Cookie{
-		Name:     name,
-		Value:    "",
-		Path:     path,
-		Expires:  time.Unix(0, 0), // Expire in the past
-		MaxAge:   -1,              // Immediately expire
-		HttpOnly: true,
-	})
-}
-
-// Set a cookie with the given name, path and value. maxAge directly relates
-// to cookie MaxAge (0 for no max age, >0 for TTL in seconds)
-func SetCookie(
-	w http.ResponseWriter,
-	name string,
-	path string,
-	value string,
-	maxAge int,
-) {
-	http.SetCookie(w, &http.Cookie{
-		Name:     name,
-		Value:    value,
-		Path:     path,
-		HttpOnly: true,
-		MaxAge:   maxAge,
-	})
-}

pkg/cookies/pagefrom.go

@@ -1,36 +0,0 @@
-package cookies
-
-import (
-	"net/http"
-	"net/url"
-)
-
-// Check the value of "pagefrom" cookie, delete the cookie, and return the value
-func CheckPageFrom(w http.ResponseWriter, r *http.Request) string {
-	pageFromCookie, err := r.Cookie("pagefrom")
-	if err != nil {
-		return "/"
-	}
-	pageFrom := pageFromCookie.Value
-	DeleteCookie(w, pageFromCookie.Name, pageFromCookie.Path)
-	return pageFrom
-}
-
-// Check the referer of the request, and if it matches the trustedHost, set
-// the "pagefrom" cookie as the Path of the referer
-func SetPageFrom(w http.ResponseWriter, r *http.Request, trustedHost string) {
-	referer := r.Referer()
-	parsedURL, err := url.Parse(referer)
-	if err != nil {
-		return
-	}
-	var pageFrom string
-	if parsedURL.Path == "" || parsedURL.Host != trustedHost {
-		pageFrom = "/"
-	} else if parsedURL.Path == "/login" || parsedURL.Path == "/register" {
-		return
-	} else {
-		pageFrom = parsedURL.Path
-	}
-	SetCookie(w, "pagefrom", "/", pageFrom, 0)
-}

pkg/cookies/tokens.go

@@ -1,78 +0,0 @@
-package cookies
-
-import (
-	"net/http"
-	"time"
-
-	"projectreshoot/internal/models"
-	"projectreshoot/pkg/config"
-
-	"git.haelnorr.com/h/golib/jwt"
-	"github.com/pkg/errors"
-)
-
-// Get the value of the access and refresh tokens
-func GetTokenStrings(
-	r *http.Request,
-) (acc string, ref string) {
-	accCookie, accErr := r.Cookie("access")
-	refCookie, refErr := r.Cookie("refresh")
-	var (
-		accStr string = ""
-		refStr string = ""
-	)
-	if accErr == nil {
-		accStr = accCookie.Value
-	}
-	if refErr == nil {
-		refStr = refCookie.Value
-	}
-	return accStr, refStr
-}
-
-// Set a token with the provided details
-func setToken(
-	w http.ResponseWriter,
-	config *config.Config,
-	token string,
-	scope string,
-	exp int64,
-	rememberme bool,
-) {
-	tokenCookie := &http.Cookie{
-		Name:     scope,
-		Value:    token,
-		Path:     "/",
-		HttpOnly: true,
-		SameSite: http.SameSiteLaxMode,
-		Secure:   config.SSL,
-	}
-	if rememberme {
-		tokenCookie.Expires = time.Unix(exp, 0)
-	}
-	http.SetCookie(w, tokenCookie)
-}
-
-// Generate new tokens for the user and set them as cookies
-func SetTokenCookies(
-	w http.ResponseWriter,
-	r *http.Request,
-	config *config.Config,
-	tokenGen *jwt.TokenGenerator,
-	user *models.User,
-	fresh bool,
-	rememberMe bool,
-) error {
-	at, atexp, err := tokenGen.NewAccess(user.ID, fresh, rememberMe)
-	if err != nil {
-		return errors.Wrap(err, "jwt.GenerateAccessToken")
-	}
-	rt, rtexp, err := tokenGen.NewRefresh(user.ID, rememberMe)
-	if err != nil {
-		return errors.Wrap(err, "jwt.GenerateRefreshToken")
-	}
-	// Don't set the cookies until we know no errors occured
-	setToken(w, config, at, "access", atexp, rememberMe)
-	setToken(w, config, rt, "refresh", rtexp, rememberMe)
-	return nil
-}