init

auth/cookies.go

@@ -0,0 +1,45 @@
+package auth
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+)
+
+func SetUserCookie(w http.ResponseWriter, token string, expiryTime time.Time) {
+	http.SetCookie(w, &http.Cookie{
+		Name:     "token",
+		Value:    token,
+		Secure:   true,
+		HttpOnly: true,
+		Path:     "/",
+		Expires:  expiryTime,
+		SameSite: http.SameSiteStrictMode,
+	})
+}
+
+func RemoveUserCookie(w http.ResponseWriter) {
+	http.SetCookie(w, &http.Cookie{
+		Name:     "token",
+		Value:    "",
+		Secure:   true,
+		HttpOnly: true,
+		Path:     "/",
+		Expires:  time.Now().Add(-time.Hour),
+		SameSite: http.SameSiteStrictMode,
+	})
+}
+
+func GetUserIdFromRequest(r *http.Request) (uint, error) {
+	c, err := r.Cookie("token")
+	if err != nil {
+		return 0, fmt.Errorf("no token cookie: %v", err)
+	}
+
+	userId, err := ValidateUserToken(c.Value)
+	if err != nil {
+		return 0, fmt.Errorf("invalid token: %v", err)
+	}
+
+	return userId, nil
+}