Feat: signout endpoint

handlers/auth.go

@@ -79,13 +79,6 @@ func HandleFrontLogin(w http.ResponseWriter, r *http.Request) {
 	// make sure username does not exists
 	cleanName := utils.RemoveSpacesFromStr(username)
 	clearPass := utils.RemoveSpacesFromStr(password)
-	// login user
-	cookie, err := makeCookie(cleanName, r.RemoteAddr)
-	if err != nil {
-		log.Error("failed to login", "error", err)
-		abortWithError(w, err.Error())
-		return
-	}
 	// check if that user was already in db
 	userstate, err := repo.PlayerGetByName(r.Context(), cleanName)
 	if err != nil || userstate == nil {
@@ -99,6 +92,13 @@ func HandleFrontLogin(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 	}
+	// login user
+	cookie, err := makeCookie(cleanName, r.RemoteAddr)
+	if err != nil {
+		log.Error("failed to login", "error", err)
+		abortWithError(w, err.Error())
+		return
+	}
 	http.SetCookie(w, cookie)
 	fi := &models.FullInfo{
 		State: userstate,
@@ -190,3 +190,23 @@ func makeCookie(username string, remote string) (*http.Cookie, error) {
 	}
 	return cookie, nil
 }
+
+func HandleSignout(w http.ResponseWriter, r *http.Request) {
+	cookie := &http.Cookie{
+		Name:     "session_token",
+		Value:    "",
+		Path:     "/",
+		MaxAge:   -1,
+		HttpOnly: true,
+	}
+	cookie.Secure = true
+	cookie.SameSite = http.SameSiteNoneMode
+	if strings.Contains(r.RemoteAddr, "192.168.0") {
+		cookie.Domain = "192.168.0.100"
+		cookie.SameSite = http.SameSiteLaxMode
+		cookie.Secure = false
+		log.Info("changing cookie domain for signout", "domain", cookie.Domain)
+	}
+	http.SetCookie(w, cookie)
+	http.Redirect(w, r, "/", http.StatusFound)
+}