Added more frontend and some more login logic

auth/middleware.go

@@ -13,24 +13,47 @@ const UserContextKey contextKey = contextKey("user")
 func AuthMiddleware(secret []byte) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-
+			tokenStr := ""
 			authHeader := r.Header.Get("Authorization")
-			if authHeader == "" {
-				http.Error(w, "Missing token", http.StatusUnauthorized)
-				return
+
+			if strings.HasPrefix(authHeader, "Bearer ") {
+				tokenStr = strings.TrimPrefix(authHeader, "Bearer ")
 			}
 
-			tokenStr := strings.TrimPrefix(authHeader, "Bearer ")
+			if tokenStr == "" {
+				cookie, err := r.Cookie("access_token")
+				if err == nil {
+					tokenStr = cookie.Value
+				}
+			}
+
+			if tokenStr == "" {
+				if strings.HasPrefix(r.URL.Path, "/api/") {
+					http.Error(w, "Missing token", http.StatusUnauthorized)
+				} else {
+					http.Redirect(w, r, "/login", http.StatusSeeOther)
+				}
+				return
+			}
 
 			claims, err := ValidateJWT(tokenStr, secret)
+
 			if err != nil {
-				http.Error(w, "Invalid token", http.StatusUnauthorized)
+				if strings.HasPrefix(r.URL.Path, "/api/") {
+					http.Error(w, "Invalid token", http.StatusUnauthorized)
+				} else {
+					http.Redirect(w, r, "/login", http.StatusSeeOther)
+				}
 				return
 			}
 
-			ctx := context.WithValue(r.Context(), UserContextKey, claims)
-			next.ServeHTTP(w, r.WithContext(ctx))
+			ctx := context.WithValue(
+				r.Context(),
+				UserContextKey,
+				claims,
+			)
 
+			next.ServeHTTP(w, r.WithContext(ctx))
 		})
 	}
 }