Fixed double pointer for ParseApplicationConfig

README.md

@@ -0,0 +1,10 @@
+# godoc
+
+Installera verktyget godoc:
+```
+go install golang.org/x/tools/cmd/godoc@latest
+```
+
+Kör godoc i katalogen för webservice-repot.
+
+Gå till http://localhost:6060/

config/pkg.go

@@ -5,7 +5,6 @@ import (
 	"gopkg.in/yaml.v3"
 
 	// Standard
-	"errors"
 	"os"
 )
 
@@ -33,6 +32,8 @@ type Config struct {
 	Session struct {
 		DaysValid int
 	}
+
+	Application any
 }
 
 func New(filename string) (config Config, err error) {
@@ -47,9 +48,10 @@ func New(filename string) (config Config, err error) {
 		return
 	}
 
-	if config.Session.DaysValid == 0 {
-		err = errors.New("Configuration: session.daysvalid needs to be higher than 0.")
-	}
-
 	return
 }
+
+func (config *Config) ParseApplicationConfig(v any) {
+	yStr, _ := yaml.Marshal(config.Application)
+	yaml.Unmarshal(yStr, v)
+}

database/pkg.go

@@ -12,6 +12,7 @@ import (
 
 	// Standard
 	"database/sql"
+	"encoding/json"
 	"fmt"
 	"log/slog"
 )
@@ -93,6 +94,10 @@ func webserviceSQLProvider(dbname string, version int) ([]byte, bool) { // {{{
 			END;
 			$$;
 		`,
+
+		2: `
+			ALTER TABLE "_webservice"."session" ADD mfa jsonb DEFAULT '{}' NOT NULL;
+		`,
 	}
 
 	statement, found := sql[version]
@@ -159,7 +164,7 @@ func (db *T) Authenticate(username, password string) (authenticated bool, userID
 		SELECT id
 		FROM _webservice.user
 		WHERE
-			username = $1 AND
+			LOWER(username) = LOWER($1) AND
 			password = _webservice.password_hash(SUBSTRING(password FROM 1 FOR 32), $2::bytea)
 		`,
 		username,
@@ -179,7 +184,7 @@ func (db *T) NewSession(uuid string) (err error) { // {{{
 	_, err = db.Conn.Exec("INSERT INTO _webservice.session(uuid) VALUES($1)", uuid)
 	return
 } // }}}
-func (db *T) RetrieveSession(uuid string) (sess *session.T, err error) {// {{{
+func (db *T) RetrieveSession(uuid string) (sess *session.T, err error) { // {{{
 	var rows *sqlx.Rows
 	rows, err = db.Conn.Queryx(`
 		WITH session_data AS (
@@ -189,13 +194,14 @@ func (db *T) RetrieveSession(uuid string) (sess *session.T, err error) {// {{{
 			WHERE
 				uuid=$1
 			RETURNING
-				uuid, created, last_used, user_id
+				uuid, created, last_used, user_id, mfa
 		)
 		SELECT
 			sd.uuid, sd.created, sd.last_used,
 			COALESCE(u.username, '') AS username,
 			COALESCE(u.name, '') AS name,
-			COALESCE(u.id, 0) AS user_id
+			COALESCE(u.id, 0) AS user_id,
+			mfa
 		FROM session_data sd
 		LEFT JOIN _webservice.user u ON sd.user_id = u.id
 		`,
@@ -212,17 +218,50 @@ func (db *T) RetrieveSession(uuid string) (sess *session.T, err error) {// {{{
 		sess.Authenticated = sess.UserID > 0
 	}
 	return
-}// }}}
+} // }}}
 func (db *T) SetSessionUser(uuid string, userID int) (err error) { // {{{
-	_, err = db.Conn.Exec("UPDATE _webservice.session SET user_id=$1 WHERE uuid=$2", userID, uuid)
+	_, err = db.Conn.Exec(`
+		UPDATE _webservice.session
+		SET
+			user_id = CASE
+				WHEN $1 <= 0 THEN NULL
+				ELSE $1
+			END
+		WHERE uuid=$2
+		`,
+		userID,
+		uuid,
+	)
 	if err != nil {
 		return
 	}
 	return
 } // }}}
-
-func (db *T) CreateUser(username, password, name string) (err error) {// {{{
+func (db *T) SetSessionMFA(uuid string, mfa any) (err error) { // {{{
+	mfaByte, _ := json.Marshal(mfa)
 	_, err = db.Conn.Exec(`
+		UPDATE _webservice.session
+		SET
+			mfa = $2
+		WHERE
+			uuid = $1
+		`,
+		uuid,
+		mfaByte,
+	)
+	if err != nil {
+		return
+	}
+	return
+} // }}}
+func (db *T) UpdateUserTime(userID int) (err error) { // {{{
+	_, err = db.Conn.Exec(`UPDATE _webservice.user SET last_login=NOW() WHERE id=$1`, userID)
+	return
+} // }}}
+
+func (db *T) CreateUser(username, password, name string) (userID int64, err error) { // {{{
+	var row *sql.Row
+	row = db.Conn.QueryRow(`
 		INSERT INTO _webservice.user(username, password, name)
 		VALUES(
 			$1,
@@ -235,12 +274,48 @@ func (db *T) CreateUser(username, password, name string) (err error) {// {{{
 			),
 			$3
 		)
+		ON CONFLICT (username) DO UPDATE
+		SET username = EXCLUDED.username
+		RETURNING id
 		`,
 		username,
 		password,
 		name,
 	)
+
+	err = row.Scan(&userID)
 	return
-}// }}}
+} // }}}
+func (db *T) ChangePassword(userID int, currentPassword, newPassword string) (changed bool, err error) { // {{{
+	var res sql.Result
+	res, err = db.Conn.Exec(`
+		UPDATE _webservice.user
+		SET
+			"password" = _webservice.password_hash(
+				/* salt in hex */
+				ENCODE(_webservice.gen_random_bytes(16), 'hex'),
+
+				/* password */
+				$3::bytea
+			)
+		WHERE
+			id = $1 AND
+			"password" = _webservice.password_hash(SUBSTRING(password FROM 1 FOR 32), $2::bytea)
+
+		`,
+		userID,
+		currentPassword,
+		newPassword,
+	)
+
+	var rowsAffected int64
+	rowsAffected, err = res.RowsAffected()
+	if err != nil {
+		return
+	}
+
+	changed = (rowsAffected == 1)
+	return
+} // }}}
 
 // vim: foldmethod=marker

go.sum

@@ -1,5 +1,6 @@
 git.gibonuddevalla.se/go/dbschema v1.2.0 h1:VhHFfkn/4UnlGy2Ax35Po8vb8E/x6DggtvNUKlGGQyY=
 git.gibonuddevalla.se/go/dbschema v1.2.0/go.mod h1:BNw3q/574nXbGoeWyK+tLhRfggVkw2j2aXZzrBKC3ig=
+git.gibonuddevalla.se/go/dbschema v1.3.0/go.mod h1:BNw3q/574nXbGoeWyK+tLhRfggVkw2j2aXZzrBKC3ig=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=

html_template/page.go

@@ -0,0 +1,31 @@
+package HTMLTemplate
+
+type Page interface {
+	GetVersion() string
+	GetLayout() string
+	GetPage() string
+	GetData() any
+}
+
+type SimplePage struct {
+	Version string
+	Layout  string
+	Page    string
+	Data    any
+}
+
+func (s SimplePage) GetVersion() string {
+	return s.Version
+}
+
+func (s SimplePage) GetLayout() string {
+	return s.Layout
+}
+
+func (s SimplePage) GetPage() string {
+	return s.Page
+}
+
+func (s SimplePage) GetData() any {
+	return s.Data
+}

html_template/pkg.go

@@ -0,0 +1,158 @@
+package HTMLTemplate
+
+import (
+	// External
+	werr "git.gibonuddevalla.se/go/wrappederror"
+
+	// Standard
+	"fmt"
+	"html/template"
+	"io/fs"
+	"net/http"
+	"os"
+	"regexp"
+)
+
+type Engine struct {
+	parsedTemplates    map[string]*template.Template
+	viewFS             fs.FS
+	staticEmbeddedFS   http.Handler
+	staticLocalFS      http.Handler
+	componentFilenames []string
+	DevMode            bool
+}
+
+func NewEngine(viewFS, staticFS fs.FS, devmode bool) (e Engine, err error) { // {{{
+	e.parsedTemplates = make(map[string]*template.Template)
+	e.viewFS = viewFS
+	e.DevMode = devmode
+
+	e.componentFilenames, err = e.getComponentFilenames()
+
+	// Set up fileservers for static resources.
+	// The embedded FS is using the embedded files intented for production use.
+	// The local FS is for development of Javascript to avoid server rebuild (devmode).
+	var staticSubFS fs.FS
+	staticSubFS, err = fs.Sub(staticFS, "static")
+	if err != nil {
+		return
+	}
+	e.staticEmbeddedFS = http.FileServer(http.FS(staticSubFS))
+	e.staticLocalFS = http.FileServer(http.Dir("static"))
+
+	return
+} // }}}
+
+func (e *Engine) getComponentFilenames() (files []string, err error) { // {{{
+	files = []string{}
+	if err := fs.WalkDir(e.viewFS, "views/components", func(path string, d fs.DirEntry, err error) error {
+		if d == nil {
+			return nil
+		}
+		if d.IsDir() {
+			return nil
+		}
+		files = append(files, path)
+		return nil
+	}); err != nil {
+		return nil, err
+	}
+
+	return files, nil
+} // }}}
+
+func (e *Engine) ReloadTemplates() { // {{{
+	e.parsedTemplates = make(map[string]*template.Template)
+} // }}}
+
+func (e *Engine) StaticResource(w http.ResponseWriter, r *http.Request) { // {{{
+	var err error
+
+	// URLs with pattern /(css|images)/v1.0.0/foobar are stripped of the version.
+	// To get rid of problems with cached content in browser on a new version release,
+	// while also not disabling cache altogether.
+	if r.URL.Path == "/favicon.ico" {
+		e.staticEmbeddedFS.ServeHTTP(w, r)
+		return
+	}
+
+	rxp := regexp.MustCompile("^/(css|images|js|fonts)/v[0-9]+/(.*)$")
+	if comp := rxp.FindStringSubmatch(r.URL.Path); comp != nil {
+		w.Header().Add("Pragma", "public")
+		w.Header().Add("Cache-Control", "max-age=604800")
+
+		r.URL.Path = fmt.Sprintf("/%s/%s", comp[1], comp[2])
+		if e.DevMode {
+			p := fmt.Sprintf("static/%s/%s", comp[1], comp[2])
+			_, err = os.Stat(p)
+			if err == nil {
+				e.staticLocalFS.ServeHTTP(w, r)
+			}
+			return
+		}
+	}
+
+	e.staticEmbeddedFS.ServeHTTP(w, r)
+} // }}}
+func (e *Engine) getPage(layout, page string) (tmpl *template.Template, err error) { // {{{
+	layoutFilename := fmt.Sprintf("views/layouts/%s.gotmpl", layout)
+	pageFilename := fmt.Sprintf("views/pages/%s.gotmpl", page)
+
+	if tmpl, found := e.parsedTemplates[page]; found {
+		return tmpl, nil
+	}
+
+	funcMap := template.FuncMap{
+		/*
+			"format_time": func(t time.Time) template.HTML {
+				return template.HTML(
+					t.In(smonConfig.Timezone()).Format(`<span class="date">2006-01-02</span> <span class="time">15:04:05<span class="seconds">:05</span></span>`),
+				)
+			},
+		*/
+	}
+
+	filenames := []string{layoutFilename, pageFilename}
+	filenames = append(filenames, e.componentFilenames...)
+
+	if e.DevMode {
+		tmpl, err = template.New(layout+".gotmpl").Funcs(funcMap).ParseFS(os.DirFS("."), filenames...)
+	} else {
+		tmpl, err = template.New(layout+".gotmpl").Funcs(funcMap).ParseFS(e.viewFS, filenames...)
+	}
+	if err != nil {
+		err = werr.Wrap(err).Log()
+		return
+	}
+
+	e.parsedTemplates[page] = tmpl
+	return
+} // }}}
+func (e *Engine) Render(p Page, w http.ResponseWriter, r *http.Request) (err error) { // {{{
+	if e.DevMode {
+		e.ReloadTemplates()
+	}
+
+	var tmpl *template.Template
+	tmpl, err = e.getPage(p.GetLayout(), p.GetPage())
+	if err != nil {
+		err = werr.Wrap(err)
+		return
+	}
+
+	data := map[string]any{
+		"VERSION": p.GetVersion(),
+		"LAYOUT":  p.GetLayout(),
+		"PAGE":    p.GetPage(),
+		"ERROR":   r.URL.Query().Get("_err"),
+		"Data":    p.GetData(),
+	}
+
+	err = tmpl.Execute(w, data)
+	if err != nil {
+		err = werr.Wrap(err)
+	}
+	return
+} // }}}
+
+// vim: foldmethod=marker

js_library.go

@@ -5,15 +5,28 @@ import (
 	"embed"
 	"fmt"
 	"net/http"
+	"regexp"
 )
 
 var (
 	//go:embed static/js
 	embedded embed.FS
+	pathMatcher *regexp.Regexp = regexp.MustCompile("^/_js/v[0-9]+/(.*)$")
 )
 
-func staticJSWebsocket(w http.ResponseWriter, r *http.Request) {
-	contents, err := embedded.ReadFile("static/js/websocket.js")
+func (service *Service) staticJSHandler(w http.ResponseWriter, r *http.Request) {
+	var path string
+	if comp := pathMatcher.FindStringSubmatch(r.URL.Path); comp != nil {
+		path = fmt.Sprintf("static/js/%s", comp[1])
+	} else {
+		service.logger.Debug("webservice", "request", r.URL.Path)
+		return
+	}
+
+	service.logger.Debug("webservice", "request", r.URL.Path, "path", path)
+	w.Header().Add("Content-Type", "text/javascript")
+
+	contents, err := embedded.ReadFile(path)
 	if err != nil {
 		fmt.Println(err)
 		return

pkg.go

@@ -1,6 +1,10 @@
 /*
 The webservice package is used to provide a webservice with sessions:
 
+	const VERSION = "v1"
+
+	var logger *slog.Logger
+
 	func sqlProvider(dbname string, version int) (sql []byte, found bool) {
 		var err error
 		sql, err = embeddedSQL.ReadFile(fmt.Sprintf("sql/%05d.sql", version))
@@ -11,7 +15,14 @@ The webservice package is used to provide a webservice with sessions:
 		return
 	}
 
-	service, err := webservice.New("/etc/some/webservice.yaml")
+
+	func init() {
+		opts := slog.HandlerOptions{}
+		logger = slog.New(slog.NewJSONHandler(os.Stdout, &opts))
+	}
+
+	func main() {
+		service, err := webservice.New("/etc/some/webservice.yaml", VERSION, logger)
 		if err != nil {
 			logger.Error("application", "error", err)
 			os.Exit(1)
@@ -27,6 +38,7 @@ The webservice package is used to provide a webservice with sessions:
 			logger.Error("webserver", "error", err)
 			os.Exit(1)
 		}
+	}
 */
 package webservice
 
@@ -38,6 +50,7 @@ import (
 	"git.gibonuddevalla.se/go/webservice/ws_conn_manager"
 
 	// Standard
+	"bufio"
 	"embed"
 	"encoding/json"
 	"errors"
@@ -48,9 +61,10 @@ import (
 	"net/http"
 	"os"
 	"regexp"
+	"strings"
 )
 
-const VERSION = "v0.1.0"
+const VERSION = "v0.2.17"
 
 type HttpHandler func(http.ResponseWriter, *http.Request)
 
@@ -64,7 +78,7 @@ type ServiceError struct {
 type Service struct {
 	logger              *slog.Logger
 	sessions            map[string]*session.T
-	config              config.Config
+	Config              config.Config
 	Db                  *database.T
 	Version             string
 	WsConnectionManager ws_conn_manager.ConnectionManager
@@ -85,11 +99,11 @@ type ServiceHandler func(http.ResponseWriter, *http.Request, *session.T)
 func New(configFilename, version string, logger *slog.Logger) (service *Service, err error) { // {{{
 	service = new(Service)
 
-	service.config, err = config.New(configFilename)
+	service.Config, err = config.New(configFilename)
 	if err != nil {
 		return
 	}
-	logger.Debug("config", "config", service.config)
+	logger.Debug("config", "config", service.Config)
 
 	service.Version = version
 	service.logger = logger
@@ -97,7 +111,7 @@ func New(configFilename, version string, logger *slog.Logger) (service *Service,
 	service.errorHandler = service.defaultErrorHandler
 	service.authenticationHandler = service.defaultAuthenticationHandler
 	service.authorizationHandler = service.defaultAuthorizationHandler
-	service.WsConnectionManager = ws_conn_manager.NewConnectionManager(service.logger, service.config.Websocket.Domains)
+	service.WsConnectionManager = ws_conn_manager.NewConnectionManager(service.logger, service.Config.Websocket.Domains)
 
 	service.Register("/_session/new", false, false, service.sessionNew)
 	service.Register("/_session/authenticate", true, false, service.sessionAuthenticate)
@@ -106,12 +120,12 @@ func New(configFilename, version string, logger *slog.Logger) (service *Service,
 	http.HandleFunc("/_ws", service.websocketHandler)
 	http.HandleFunc("/_ws/css_update", service.cssUpdateHandler)
 
-	http.HandleFunc("/_js/websocket.js", staticJSWebsocket)
+	http.HandleFunc("/_js/", service.staticJSHandler)
 
 	return
 } // }}}
 
-func (service *Service) defaultAuthenticationHandler(req AuthenticationRequest, alreadyAuthenticated bool) (resp AuthenticationResponse, err error) { // {{{
+func (service *Service) defaultAuthenticationHandler(req AuthenticationRequest, sess *session.T, alreadyAuthenticated bool) (resp AuthenticationResponse, err error) { // {{{
 	resp.Authenticated = alreadyAuthenticated
 	service.logger.Info("webservice", "op", "authentication", "username", req.Username, "authenticated", resp.Authenticated)
 	return
@@ -158,7 +172,7 @@ func (service *Service) SetStaticDirectory(directory string, useDirectory bool)
 } // }}}
 
 func (service *Service) SetDatabase(sqlProv database.SqlProvider) { // {{{
-	service.Db = database.New(service.config.Database)
+	service.Db = database.New(service.Config.Database)
 	service.Db.SetLogger(service.logger)
 	service.Db.SetSQLProvider(sqlProv)
 	return
@@ -181,7 +195,7 @@ func (service *Service) Register(path string, requireSession, requireAuthenticat
 				return
 			}
 
-			sess, found = service.retrieveSession(headerSessionUUID)
+			sess, found = service.RetrieveSession(headerSessionUUID)
 			if !found {
 				service.errorHandler(fmt.Errorf("Session '%s' not found", headerSessionUUID), "001-0001", w)
 				return
@@ -205,6 +219,7 @@ func (service *Service) Register(path string, requireSession, requireAuthenticat
 			}
 		}
 
+		service.logger.Info("webserver", "op", "request", "path", r.URL.String())
 		handler(w, r, sess)
 	})
 } // }}}
@@ -220,7 +235,7 @@ func (service *Service) InitDatabaseConnection() (err error) { // {{{
 	}
 	return
 } // }}}
-func (service *Service) CreateUser(username, password, name string) (err error) { // {{{
+func (service *Service) CreateUser(username, password, name string) (userID int64, err error) { // {{{
 	if service.Db != nil {
 		err = service.InitDatabaseConnection()
 		if err != nil {
@@ -228,21 +243,27 @@ func (service *Service) CreateUser(username, password, name string) (err error)
 		}
 	}
 
-	err = service.Db.CreateUser(username, password, name)
+	userID, err = service.Db.CreateUser(username, password, name)
 	return
 } // }}}
 func (service *Service) CreateUserPrompt() { // {{{
 	var err error
 	var username, name, password string
+	reader := bufio.NewReader(os.Stdin)
 
 	fmt.Printf("Username: ")
-	fmt.Scanln(&username)
-	fmt.Printf("Name: ")
-	fmt.Scanln(&name)
-	fmt.Printf("Password: ")
-	fmt.Scanln(&password)
+	username, _ = reader.ReadString('\n')
+	username = strings.TrimSpace(username)
 
-	err = service.CreateUser(username, password, name)
+	fmt.Printf("Name: ")
+	name, _ = reader.ReadString('\n')
+	name = strings.TrimSpace(name)
+
+	fmt.Printf("Password: ")
+	password, _ = reader.ReadString('\n')
+	password = strings.TrimSpace(password)
+
+	_, err = service.CreateUser(username, password, name)
 	if err != nil {
 		service.logger.Error("application", "error", err)
 		os.Exit(1)
@@ -258,7 +279,7 @@ func (service *Service) Start() (err error) { // {{{
 
 	go service.WsConnectionManager.BroadcastLoop()
 
-	listen := fmt.Sprintf("%s:%d", service.config.Network.Address, service.config.Network.Port)
+	listen := fmt.Sprintf("%s:%d", service.Config.Network.Address, service.Config.Network.Port)
 	service.logger.Info("webserver", "listen", listen)
 	err = http.ListenAndServe(listen, nil)
 	return
@@ -279,14 +300,22 @@ func (service *Service) StaticHandler(w http.ResponseWriter, r *http.Request, se
 
 	rxp := regexp.MustCompile("^/(css|images|js|fonts)/v[0-9]+/(.*)$")
 	if comp := rxp.FindStringSubmatch(r.URL.Path); comp != nil {
+		w.Header().Add("Pragma", "public")
+		w.Header().Add("Cache-Control", "max-age=604800")
+
 		r.URL.Path = fmt.Sprintf("/%s/%s", comp[1], comp[2])
 		p := fmt.Sprintf(service.staticDirectory+"/%s/%s", comp[1], comp[2])
+
+		if service.useStaticDirectory {
 			_, err = os.Stat(p)
 			if err == nil {
 				service.staticLocalFileserver.ServeHTTP(w, r)
 			} else {
 				service.staticEmbeddedFileserver.ServeHTTP(w, r)
 			}
+		} else {
+			service.staticEmbeddedFileserver.ServeHTTP(w, r)
+		}
 		return
 	}
 
@@ -355,6 +384,11 @@ func sessionUUID(r *http.Request) (string, error) { // {{{
 	headers := r.Header["X-Session-Id"]
 	if len(headers) > 0 {
 		return headers[0], nil
+	} else {
+		cookie, err := r.Cookie("X-Session-ID")
+		if err == nil && cookie.Value != "" {
+			return cookie.Value, nil
+		}
 	}
 	return "", errors.New("Invalid session")
 } // }}}

session.go

@@ -15,17 +15,20 @@ import (
 )
 
 type AuthenticationRequest struct {
+	UserID     int `json:"-"`
 	Username   string
 	Password   string
+	Additional interface{}
 }
 
 type AuthenticationResponse struct {
 	OK            bool
 	Authenticated bool
 	UserID        int
+	MFA           any
 }
 
-type AuthenticationHandler func(AuthenticationRequest, bool) (AuthenticationResponse, error)
+type AuthenticationHandler func(AuthenticationRequest, *session.T, bool) (AuthenticationResponse, error)
 type AuthorizationHandler func(*session.T, *http.Request) (bool, error)
 
 func (service *Service) sessionNew(w http.ResponseWriter, r *http.Request, foo *session.T) { // {{{
@@ -46,7 +49,7 @@ func (service *Service) sessionNew(w http.ResponseWriter, r *http.Request, foo *
 			break
 
 		} else {
-			if _, found = service.retrieveSession(sess.UUID); found {
+			if _, found = service.RetrieveSession(sess.UUID); found {
 				continue
 			}
 
@@ -72,10 +75,17 @@ func (service *Service) sessionNew(w http.ResponseWriter, r *http.Request, foo *
 		},
 	)
 
+	cookie := http.Cookie{}
+	cookie.Name = "X-Session-ID"
+	cookie.Value = sess.UUID
+	cookie.MaxAge = 86400 * 365
+	cookie.Path = "/"
+	http.SetCookie(w, &cookie)
+
 	w.Write(respJSON)
 } // }}}
 func (service *Service) sessionAuthenticate(w http.ResponseWriter, r *http.Request, sess *session.T) { // {{{
-	var authenticated bool
+	var authenticatedByFramework bool
 	var authResponse AuthenticationResponse
 	var err error
 	reqBody, _ := io.ReadAll(r.Body)
@@ -89,40 +99,49 @@ func (service *Service) sessionAuthenticate(w http.ResponseWriter, r *http.Reque
 	}
 
 	// Authenticate against webservice user table if using a database.
-	var userID int
-	if service.Db != nil {
-		authenticated, userID, err = service.Db.Authenticate(authRequest.Username, authRequest.Password)
+	var userID int = sess.UserID
+	if service.Db != nil && userID == 0 {
+		authenticatedByFramework, userID, err = service.Db.Authenticate(authRequest.Username, authRequest.Password)
 		if err != nil {
 			service.errorHandler(err, "001-A002", w)
 			return
 		}
+		authRequest.UserID = userID
+	}
 
-		if authenticated && userID > 0 {
-			err = service.Db.SetSessionUser(sess.UUID, userID)
+	// The authentication handler is provided with the authenticated response of the possible database authentication,
+	// and given a chance to override it.
+	authResponse, err = service.authenticationHandler(authRequest, sess, authenticatedByFramework)
+	if err != nil {
+		service.errorHandler(err, "001-F002", w)
+		return
+	}
+
+	authResponse.UserID = userID
+	authResponse.OK = true
+	sess.Authenticated = authResponse.Authenticated
+
+	if authResponse.MFA != nil {
+		err = service.Db.SetSessionMFA(sess.UUID, authResponse.MFA)
 		if err != nil {
 			service.errorHandler(err, "001-A003", w)
 			return
 		}
 	}
 
-	}
-
-	// The authentication handler is provided with the authenticated response of the possible database authentication,
-	// and given a chance to override it.
-	authResponse, err = service.authenticationHandler(authRequest, authenticated)
+	if authResponse.Authenticated && userID > 0 {
+		err = service.Db.SetSessionUser(sess.UUID, userID)
 		if err != nil {
-		service.errorHandler(err, "001-F002", w)
+			service.errorHandler(err, "001-A003", w)
 			return
 		}
-	authResponse.UserID = userID
-	authResponse.OK = true
-
-	sess.Authenticated = authResponse.Authenticated
+		service.Db.UpdateUserTime(userID)
+	}
 
 	authResp, _ := json.Marshal(authResponse)
 	w.Write(authResp)
 } // }}}
-func (service *Service) sessionRetrieve(w http.ResponseWriter, r *http.Request, sess *session.T) {// {{{
+func (service *Service) sessionRetrieve(w http.ResponseWriter, r *http.Request, sess *session.T) { // {{{
 	response := struct {
 		OK      bool
 		Session *session.T
@@ -132,9 +151,9 @@ func (service *Service) sessionRetrieve(w http.ResponseWriter, r *http.Request,
 	}
 	out, _ := json.Marshal(response)
 	w.Write(out)
-}// }}}
+} // }}}
 
-func (service *Service) retrieveSession(uuid string) (session *session.T, found bool) { // {{{
+func (service *Service) RetrieveSession(uuid string) (session *session.T, found bool) { // {{{
 	var err error
 
 	if service.Db == nil {

session/pkg.go

@@ -10,8 +10,11 @@ type T struct {
 	Created       time.Time
 	LastUsed      time.Time `db:"last_used"`
 	Authenticated bool
+	MFA           any
 
 	UserID   int `db:"user_id"`
 	Username string
 	Name     string
+
+	ApplicationData any
 }

static/js/websocket.js

@@ -1,22 +0,0 @@
-package webservice
-
-import (
-	// Standard
-	"embed"
-	"fmt"
-	"net/http"
-)
-
-var (
-	//go:embed foo.txt
-	embedded embed.FS
-)
-
-func staticJSWebsocket(w http.ResponseWriter, r *http.Request) {
-	contents, err := embedded.ReadFile("foo.txt")
-	if err != nil {
-		fmt.Println(err)
-		return
-	}
-	w.Write(contents)
-}

static/js/websocket.mjs

@@ -0,0 +1,80 @@
+export class Websocket {
+	constructor() {//{{{
+		this.websocket = null
+		this.websocket_int_ping = null
+		this.websocket_int_reconnect = null
+		this.hooks = {
+			open: [],
+			message: [],
+			error: [],
+			close: [],
+		}
+	}//}}}
+
+	register(event, fn) {//{{{
+		this.hooks[event].push(fn)
+	}//}}}
+
+	start() {//{{{
+		this.connect()
+		this.loop()
+	}//}}}
+	loop() {//{{{
+		setInterval(() => {
+			if (this.websocket === null) {
+				console.log("websocket loop connect")
+				this.connect()
+			}
+		}, 1000)
+	}//}}}
+	send(data) {//{{{
+		this.websocket.send(data)
+	}//}}}
+
+	connect() {//{{{
+		const protocol = location.protocol;
+		const domain = location.hostname;
+		const port = location.port;
+
+		let wsProtocol = 'wss'
+		if (protocol == 'http:')
+			wsProtocol = 'ws'
+		const websocketURI = `${wsProtocol}://${domain}:${port}/_ws`
+
+		this.websocket = new WebSocket(websocketURI)
+		this.websocket.onopen = (evt) => this.open(evt)
+		this.websocket.onmessage = (evt) => this.message(evt)
+		this.websocket.onerror = (evt) => this.error(evt)
+		this.websocket.onclose = (evt) => this.close(evt)
+	}//}}}
+	open() {//{{{
+		this.hooks.open.forEach(fn=>fn())
+		// A ping interval to implement a rudimentary keep-alive.
+	}//}}}
+	close() {//{{{
+		this.websocket = null
+		this.hooks.close.forEach(fn=>fn())
+	}//}}}
+	error(evt) {//{{{
+		this.websocket = null;
+		this.hooks.error.forEach(fn=>fn(evt))
+	}//}}}
+	message(evt) {//{{{
+		const msg = JSON.parse(evt.data)
+		if (msg.ID == '' && msg.Op == 'css_reload')
+				this.refreshCSS()
+
+		this.hooks.message.forEach(fn=>fn(evt.data))
+		return
+	}//}}}
+
+	refreshCSS() {//{{{
+		let links = document.getElementsByTagName('link')
+		Array.from(links).forEach(l=>{
+			if (l.rel == 'stylesheet' && !l.hasAttribute('x-no-reload')) {
+				l.href = l.href.replace(/\?.*/, '') + `?cache=${Date.now()}`
+				console.log(l.href)
+			}
+		})
+	}//}}}
+}

ws_conn_manager/pkg.go

@@ -8,15 +8,19 @@ import (
 	// Standard
 	"log/slog"
 	"net/http"
-	"strings"
 	"slices"
+	"strings"
+	"sync"
 )
 
+type ReadHandler func(*ConnectionManager, *WsConnection, []byte)
+
 type WsConnection struct {
 	ConnectionManager *ConnectionManager
 	UUID              string
 	Conn              *websocket.Conn
 	Pruned            bool
+	SessionUUID       string
 }
 type ConnectionManager struct {
 	connections    map[string]*WsConnection
@@ -24,6 +28,8 @@ type ConnectionManager struct {
 	sendQueue      chan SendRequest
 	logger         *slog.Logger
 	domains        []string
+	readHandlers   []ReadHandler
+	connSync       sync.Mutex
 }
 type SendRequest struct {
 	WsConn *WsConnection
@@ -63,7 +69,9 @@ func (cm *ConnectionManager) NewConnection(w http.ResponseWriter, r *http.Reques
 	}
 
 	// Keep track of all connections.
+	cm.connSync.Lock()
 	cm.connections[wsConn.UUID] = &wsConn
+	cm.connSync.Unlock()
 
 	// Successfully upgraded to a websocket connection.
 	cm.logger.Info("websocket", "uuid", wsConn.UUID, "remote_addr", r.RemoteAddr)
@@ -72,6 +80,9 @@ func (cm *ConnectionManager) NewConnection(w http.ResponseWriter, r *http.Reques
 
 	return &wsConn, nil
 } // }}}
+func (cm *ConnectionManager) AddMsgHandler(handler ReadHandler) { // {{{
+	cm.readHandlers = append(cm.readHandlers, handler)
+} // }}}
 
 // validateOrigin matches host from X-Forwarded-Host or request host against a list of configured domains.
 func (cm *ConnectionManager) validateOrigin(r *http.Request) bool { // {{{
@@ -90,7 +101,9 @@ func (cm *ConnectionManager) Prune(wsConn *WsConnection, err error) { // {{{
 	cm.logger.Info("websocket", "op", "prune", "uuid", wsConn.UUID)
 	wsConn.Conn.Close()
 	wsConn.Pruned = true
+	cm.connSync.Lock()
 	delete(cm.connections, wsConn.UUID)
+	cm.connSync.Unlock()
 } // }}}
 func (cm *ConnectionManager) ReadLoop(wsConn *WsConnection) { // {{{
 	var data []byte
@@ -102,7 +115,10 @@ func (cm *ConnectionManager) ReadLoop(wsConn *WsConnection) { // {{{
 		}
 
 		cm.logger.Debug("websocket", "op", "read", "data", data)
-		//cm.Send(wsConn, response)
+
+		for _, handler := range cm.readHandlers {
+			go handler(cm, wsConn, data)
+		}
 	}
 } // }}}
 func (cm *ConnectionManager) Read(wsConn *WsConnection) ([]byte, bool) { // {{{
@@ -118,6 +134,14 @@ func (cm *ConnectionManager) Read(wsConn *WsConnection) ([]byte, bool) { // {{{
 func (cm *ConnectionManager) Send(wsConn *WsConnection, msg interface{}) { // {{{
 	wsConn.Conn.WriteJSON(msg)
 } // }}}
+func (cm *ConnectionManager) SendToSessionUUID(uuid string, msg interface{}) { // {{{
+	for _, wsConn := range cm.connections {
+		if wsConn.SessionUUID == uuid {
+			wsConn.Conn.WriteJSON(msg)
+			break
+		}
+	}
+} // }}}
 func (cm *ConnectionManager) Broadcast(msg interface{}) { // {{{
 	cm.broadcastQueue <- msg
 } // }}}