pomme/internal/api/api.go

package api

import (
	"log"
	"net/http"
	"strings"

	"github.com/gorilla/sessions"
	"github.com/miekg/dns"
)

type User struct {
	session  *sessions.Session
	username string
}

// Do things that aren't auth flow here
func Ingest(w http.ResponseWriter, r *http.Request) {

	request := r.URL.Query().Get("req")

	zp := dns.NewZoneParser(strings.NewReader(request), "", "")
	for rr, ok := zp.Next(); ok; rr, ok = zp.Next() {
		log.Println(rr)
	}

	// todo -- add functions to apply to master zonefile if above check is OK

	if err := zp.Err(); err != nil {
		log.Println(err)
		http.Error(w, "Unable to parse Zonefile", http.StatusBadRequest)

	}
}

func NewUser(w http.ResponseWriter, r *http.Request) {
	// TODO: take form input here
	// TODO: store in cookie
	asdf := NewSession("greg", w, r)

	asdf.Secret(w, r)
	asdf.Logout(w, r)
}

// basic if authenticated poc
func (user *User) Secret(w http.ResponseWriter, r *http.Request) {
	log.Println(user.session.Name())
	session, _ := Store.Get(r, user.session.Name())

	// Check if user is authenticated
	if auth, ok := session.Values["authenticated"].(bool); !ok || !auth {
		http.Error(w, "Forbidden", http.StatusForbidden)
		return
	}

	log.Println("!!!!!")
}

// take username and password, shit out user
func Login(w http.ResponseWriter, r *http.Request) User {
	lookupUsername := r.URL.Query().Get("uname")

	// Authentication goes here
	// ...

	// get session from database with username and password
	// pass session ID below

	session, _ := Store.Get(r, lookupUsername)

	// Set user as authenticated
	session.Values["authenticated"] = true

	session.Save(r, w)
	return User{
		session: session,
	}
}

func (user *User) Logout(w http.ResponseWriter, r *http.Request) {
	session, _ := Store.Get(r, user.session.Name())

	// Revoke users authentication
	session.Values["authenticated"] = false

	session.Save(r, w)
}