session-auth.go

package main

import (
    "fmt"
    "net/http"
    
    "github.com/gorilla/mux"
    "github.com/gorilla/sessions"
)

// Note: Don't store your key in your source code. Pass it via an
// environmental variable, or flag (or both), and don't accidentally commit it
// alongside your code. Ensure your key is sufficiently random - i.e. use Go's
// crypto/rand or securecookie.GenerateRandomKey(32) and persist the result.
var (
    // key must be 16, 24 or 32 bytes long (AES-128, AES-192 or AES-256)
    key = "super-secret-key" // os.Getenv("SESSION_KEY")
    store = sessions.NewCookieStore([]byte(key))
)

var nextID = 1

func main() {
    r := mux.NewRouter()
    r.HandleFunc("/", home)
    r.Use(sessionMiddleware)
    http.ListenAndServe(":8080", r)
}

func sessionMiddleware(next http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        // Do stuff here
        session, _ := store.Get(r, "cookie-name")
        // Check if user is authenticated
        if _, auth := session.Values["userID"].(int); !auth {
            // Set user as authenticated
            session.Values["userID"] = nextID
            // Save it before we write to the response/return from the handler.
            err := session.Save(r, w)
            if err != nil {
                http.Error(w, err.Error(), http.StatusInternalServerError)
                return
            }
            nextID++
        }
        fmt.Fprintln(w, )
        // Call the next handler, 
        // which can be another middleware in the chain, or the final handler.
        next.ServeHTTP(w, r)
    })
}

func getUserID(r *http.Request) interface{} {
    session, _ := store.Get(r, "cookie-name")
    return session.Values["userID"]
}

func home(w http.ResponseWriter, r *http.Request) {
    fmt.Fprintln(w, "userID: ", getUserID(r))
}