Add OIDC auth

1 files changed, 36 insertions, 4 deletions

diff --git a/web/middleware/auth.go b/web/middleware/auth.go
index fcba3b7..c0257e2 100644
--- a/web/middleware/auth.go
+++ b/web/middleware/auth.go
@@ -2,28 +2,60 @@ package middleware
 
 import (
 	"context"
+	"errors"
+	"html/template"
+	"log/slog"
 	"net/http"
 
+	"git.leonardobishop.net/instancer/pkg/auth"
 	"git.leonardobishop.net/instancer/pkg/session"
 )
 
-func MustAuthenticate(store *session.MemoryStore) func(http.HandlerFunc) http.HandlerFunc {
+func MustAuthenticate(tmpl *template.Template, store *session.MemoryStore, authProvider *auth.OIDCAuthProvider) func(http.HandlerFunc) http.HandlerFunc {
 	return func(next http.HandlerFunc) http.HandlerFunc {
 		return func(w http.ResponseWriter, r *http.Request) {
-			sessionCookie, err := r.Cookie("session")
+			sessionCookie, err := r.Cookie("instancer-session")
 			if err != nil {
-				w.Header().Add("HX-Redirect", "/auth")
 				http.Redirect(w, r, "/auth", http.StatusFound)
 				return
 			}
 
 			s := store.GetByToken(sessionCookie.Value)
 			if s == nil {
-				w.Header().Add("HX-Redirect", "/auth")
 				http.Redirect(w, r, "/auth", http.StatusFound)
 				return
 			}
 
+			err = authProvider.UpdateUserInfo(r.Context(), s)
+			if err != nil {
+				if errors.Is(err, auth.ErrInvalidToken) {
+					http.Redirect(w, r, "/auth", http.StatusFound)
+					return
+				}
+				slog.Error("error updating user info", "cause", err)
+				w.Header().Add("HX-Redirect", "/problem")
+				tmpl.ExecuteTemplate(w, "problem.html", struct {
+					Error      string
+					ShowLogout bool
+				}{
+					Error:      "There was a problem fetching your user info. Try again later.",
+					ShowLogout: true,
+				})
+				return
+			}
+
+			if s.TeamID == "" || s.TeamName == "" {
+				w.Header().Add("HX-Redirect", "/problem")
+				tmpl.ExecuteTemplate(w, "problem.html", struct {
+					Error      string
+					ShowLogout bool
+				}{
+					Error:      "You are not part of a team. Please join a team and then refresh this page.",
+					ShowLogout: true,
+				})
+				return
+			}
+
 			ctx := context.WithValue(r.Context(), "session", s)
 
 			next(w, r.WithContext(ctx))