From 4d8c2f63ef5353d4dd5ef9fc65e0cd9b3142a413 Mon Sep 17 00:00:00 2001
From: Runxi Yu <me@runxiyu.org>
Date: Thu, 13 Feb 2025 08:46:43 +0800
Subject: [PATCH] login: Set cookie

---
 config.go            |  1 +
 forge.scfg           |  1 +
 http_handle_login.go | 36 ++++++++++++++++++++++++++++++++++++

diff --git a/config.go b/config.go
index bf4e571ac5ad23d38fe6735eae8f228674ee0d3c..2fdd8c8d4b915ae78114d2d641f9a4e34d59fdc3 100644
--- a/config.go
+++ b/config.go
@@ -18,6 +18,7 @@ var config struct {
 	HTTP struct {
 		Net  string `scfg:"net"`
 		Addr string `scfg:"addr"`
+		CookieExpiry int `scfg:"cookie_expiry"`
 	} `scfg:"http"`
 	SSH struct {
 		Net  string `scfg:"net"`
diff --git a/forge.scfg b/forge.scfg
index 3b0fc2ea09a93516bd6ed157ea5edb541030208a..27f6fdc3c3474df1b6a5b326b4bdf4e7a231922b 100644
--- a/forge.scfg
+++ b/forge.scfg
@@ -1,6 +1,7 @@
 http {
 	net tcp
 	addr :8080
+	cookie_expiry 604800
 }
 
 ssh {
diff --git a/http_handle_login.go b/http_handle_login.go
index 9e859c2f0739cb2e239609049a6c2a24d1e1bfa4..6f9885991afeefcf3ddbfb6a898ccc3c4afb1c1b 100644
--- a/http_handle_login.go
+++ b/http_handle_login.go
@@ -1,9 +1,12 @@
 package main
 
 import (
+	"crypto/rand"
+	"encoding/base64"
 	"errors"
 	"fmt"
 	"net/http"
+	"time"
 
 	"github.com/alexedwards/argon2id"
 	"github.com/jackc/pgx/v5"
@@ -53,4 +56,37 @@ 		}
 		return
 	}
 
+	cookie_value, err := random_urlsafe_string(16)
+	now := time.Now()
+	expiry := now.Add(time.Duration(config.HTTP.CookieExpiry) * time.Second)
+
+	cookie := http.Cookie{
+		Name:     "session",
+		Value:    cookie_value,
+		SameSite: http.SameSiteLaxMode,
+		HttpOnly: true,
+		Secure:   false, // TODO
+		Expires:  expiry,
+		Path:     "/",
+		// TODO: Expire
+	}
+
+	http.SetCookie(w, &cookie)
+
+	_, err = database.Exec(r.Context(), "INSERT INTO sessions (user_id, session_id) VALUES ($1, $2)", user_id, cookie_value)
+	if err != nil {
+		fmt.Fprintln(w, "Error inserting session:", err.Error())
+		return
+	}
+
+	http.Redirect(w, r, "/", http.StatusSeeOther)
+}
+
+func random_urlsafe_string(sz int) (string, error) {
+	r := make([]byte, 3*sz)
+	_, err := rand.Read(r)
+	if err != nil {
+		return "", fmt.Errorf("error generating random string: %w", err)
+	}
+	return base64.RawURLEncoding.EncodeToString(r), nil
 }

-- 
2.48.1