From f47dac45ba1e33cc495f203936010ed940e99792 Mon Sep 17 00:00:00 2001
From: Gisle Aune <dev@gisle.me>
Date: Sat, 12 Jan 2019 16:15:39 +0100
Subject: [PATCH] controllers: Added session stuff to user controller.

---
 controllers/user-controller.go | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/controllers/user-controller.go b/controllers/user-controller.go
index 716d65c..18edd15 100644
--- a/controllers/user-controller.go
+++ b/controllers/user-controller.go
@@ -3,6 +3,7 @@ package controllers
 import (
 	"encoding/json"
 	"net/http"
+	"time"
 
 	"git.aiterp.net/lucifer/lucifer/internal/respond"
 	"git.aiterp.net/lucifer/lucifer/models"
@@ -16,7 +17,10 @@ type UserController struct {
 
 // getUsers (`GET /`): List users
 func (c *UserController) getUsers(w http.ResponseWriter, r *http.Request) {
-	// TODO: Check session
+	if session := models.SessionFromContext(r.Context()); session == nil {
+		respond.Error(w, 403, "permission_denied", "You must log in")
+		return
+	}
 
 	users, err := c.users.List(r.Context())
 	if err != nil {
@@ -51,7 +55,13 @@ func (c *UserController) login(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// TODO: Open session
+	session := models.Session{
+		Expires: time.Now().Add(7 * 24 * time.Hour),
+		UserID:  user.ID,
+	}
+	session.GenerateID()
+
+	http.SetCookie(w, session.Cookie())
 
 	respond.JSON(w, 200, user)
 }