Protecting our routes with auth middleware

cmd/web/routes.go

@@ -32,9 +32,15 @@ func routes(app *config.AppConfig) http.Handler {
 	mux.Get("/book-room", handlers.Repo.BookRoom)
 	mux.Get("/user/login", handlers.Repo.ShowLogin)
 	mux.Post("/user/login", handlers.Repo.PostShowLogin)
+	mux.Get("/user/logout", handlers.Repo.Logout)
 
 	fileServer := http.FileServer(http.Dir("./static/"))
 	mux.Handle("/static/*", http.StripPrefix("/static", fileServer))
 
+	mux.Route("/admin", func(mux chi.Router) {
+		mux.Use(Auth)
+		mux.Get("/dashboard", handlers.Repo.AdminDashboard)
+	})
+
 	return mux
 }

internal/handlers/handlers.go

@@ -492,5 +492,17 @@ func (m *Repository) PostShowLogin(w http.ResponseWriter, r *http.Request) {
 
 	m.App.Session.Put(r.Context(), "user_id", id)
 	m.App.Session.Put(r.Context(), "flash", "Logged in successfully")
-	http.Redirect(w, r, "/", http.StatusSeeOther)
+	http.Redirect(w, r, "/admin/dashboard", http.StatusSeeOther)
+}
+
+// Logout logs a user out
+func (m *Repository) Logout(w http.ResponseWriter, r *http.Request) {
+	// TODO Use Redis to store the session. Check the documentation of scs package
+	m.App.Session.Destroy(r.Context())
+	m.App.Session.RenewToken(r.Context())
+	http.Redirect(w, r, "/user/login", http.StatusSeeOther)
+}
+
+func (m *Repository) AdminDashboard(w http.ResponseWriter, r *http.Request) {
+	render.Template(w, r, "admin-dashboard.page.tmpl", &models.TemplateData{})
 }

internal/models/templatedata.go

@@ -8,9 +8,10 @@ type TemplateData struct {
 	IntMap          map[string]int
 	FloatMap        map[string]float32
 	Data            map[string]interface{}
+	Form            *forms.Form
 	CSRFToken       string
 	Flash           string
 	Warning         string
 	Error           string
-	Form      *forms.Form
+	IsAuthenticated int
 }

internal/render/render.go

@@ -32,6 +32,9 @@ func AddDefaultData(td *models.TemplateData, r *http.Request) *models.TemplateDa
 	td.Warning = app.Session.PopString(r.Context(), "warning")
 	td.Error = app.Session.PopString(r.Context(), "error")
 	td.CSRFToken = nosurf.Token(r)
+	if app.Session.Exists(r.Context(), "user_id") {
+		td.IsAuthenticated = 1
+	}
 	return td
 }
 

templates/admin-dashboard.page.tmpl

@@ -0,0 +1,19 @@
+{{template "base" .}}
+{{define "content"}}
+<div class="container">
+    <div class="row">
+        <div class="col">
+            <h1>Dashboard</h1>
+            <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent sed convallis urna, vitae congue
+                odio. Sed pulvinar diam a odio tristique, nec porta eros suscipit. Sed lacinia ut nisl ultrices
+                condimentum. Vivamus imperdiet sapien sit amet mauris ornare accumsan. Proin varius imperdiet
+                gravida. Suspendisse posuere velit leo, sit amet egestas quam porta quis. Duis in nulla eu quam
+                iaculis iaculis. Etiam commodo gravida venenatis. Phasellus in vehicula est, aliquam condimentum
+                nisi. In id ligula lacinia, varius leo vel, tincidunt libero. Nullam cursus vel lectus at consequat.
+                Quisque malesuada efficitur sem et sollicitudin. Donec eget tincidunt arcu. Quisque ut posuere ex.
+            </p>
+        </div>
+    </div>
+</div>
+{{end}}
+

templates/base.layout.tmpl

@@ -51,7 +51,11 @@
                         <a class="nav-link" href="/contact">Contact</a>
                     </li>
                     <li class="nav-item">
+                        {{if eq .IsAuthenticated 1}}
+                        <a class="nav-link" href="/user/logout">Logout</a>
+                        {{else}}
                         <a class="nav-link" href="/user/login">Login</a>
+                        {{end}}
                     </li>
                 </ul>
             </div>
@@ -92,7 +96,7 @@
             notify("{{.}}", "warning")
             {{end}}
             {{with .Flash}}
-            notify("{{.}}", "flash")
+            notify("{{.}}", "success")
             {{end}}
 
         </script>