Fix auth

handlers/auth/isloggedin.go

@@ -2,14 +2,28 @@ package handlers_auth
 
 import (
 	"brunel/auth"
+	"strings"
 
 	"github.com/gofiber/fiber/v2"
 )
 
 func IsLoggedIn(c *fiber.Ctx) error {
-	ok, _ := auth.CheckSessionToken(c.Cookies("pt"))
+
+	tokenPlusUsername := c.Cookies("pt")
+	if tokenPlusUsername == "" {
+		return c.Status(fiber.StatusUnauthorized).SendString("Unauthorized")
+	}
+
+	split := strings.Split(tokenPlusUsername, ":")
+	token := split[0]
+	username := split[1]
+	ok, suser := auth.CheckSessionToken(token)
 	if !ok {
 		return c.Status(fiber.StatusUnauthorized).SendString("Unauthorized")
 	}
+	if suser != username {
+		return c.Status(fiber.StatusUnauthorized).SendString("Unauthorized")
+	}
+
 	return c.Status(fiber.StatusOK).SendString("Logged in")
 }

middleware/auth.go

@@ -2,7 +2,6 @@ package middleware
 
 import (
 	"brunel/auth"
-	"fmt"
 	"strings"
 
 	"github.com/gofiber/fiber/v2"
@@ -11,7 +10,6 @@ import (
 func NewAuth() fiber.Handler {
 	return func(c *fiber.Ctx) error {
 		tokenPlusUsername := c.Cookies("pt")
-		fmt.Println("cookie", tokenPlusUsername)
 		if tokenPlusUsername == "" {
 			return c.Status(fiber.StatusUnauthorized).SendString("Unauthorized")
 		}
@@ -21,11 +19,9 @@ func NewAuth() fiber.Handler {
 		username := split[1]
 		ok, suser := auth.CheckSessionToken(token)
 		if !ok {
-			fmt.Println("not ok")
 			return c.Status(fiber.StatusUnauthorized).SendString("Unauthorized")
 		}
 		if suser != username {
-			fmt.Println("not suser")
 			return c.Status(fiber.StatusUnauthorized).SendString("Unauthorized")
 		}