server: implement authentication

server/api/db.go

@@ -11,6 +11,7 @@ import (
 )
 
 var ErrUserNotFound = errors.New("db: user not found")
+var ErrSessionNotFound = errors.New("db: session not found")
 
 func dbGetUser(id string) (*User, error) {
 	query := `SELECT id, name, password FROM users WHERE id = $1`
@@ -86,3 +87,47 @@ func dbAddUser(user *User) error {
 	slog.Debug("db: user added", "userid", user.ID, "username", user.Name)
 	return nil
 }
+
+func dbAddSession(session *Session) error {
+	query := `INSERT INTO sessions (jwttoken, userid, expiry) VALUES ($1, $2, $3)`
+	_, err := db.Pool.Exec(context.Background(), query, session.Token, session.UserID, session.Expiry)
+	if err != nil {
+		slog.Error("db: failed to add session", "error", err)
+		return fmt.Errorf("failed to add session")
+	}
+
+	slog.Debug("db: session added", "userid", session.UserID)
+	return nil
+}
+
+func dbGetSession(jwtToken string) (*Session, error) {
+	query := `SELECT jwttoken, userid, expiry FROM sessions WHERE jwttoken = $1`
+
+	var session Session
+	err := db.Pool.QueryRow(context.Background(), query, jwtToken).Scan(&session.Token, &session.UserID, &session.Expiry)
+	if errors.Is(err, pgx.ErrNoRows) {
+		slog.Debug("db: session not found")
+		return nil, ErrSessionNotFound
+	} else if err != nil {
+		slog.Error("db: failed to query session", "error", err)
+		return nil, fmt.Errorf("failed to query session")
+	}
+
+	slog.Debug("db: session found", "userid", session.UserID)
+	return &session, nil
+}
+
+func dbDeleteSession(jwtToken string) error {
+	query := `DELETE FROM sessions WHERE jwttoken = $1`
+	tag, err := db.Pool.Exec(context.Background(), query, jwtToken)
+	if err != nil {
+		slog.Error("db: failed to delete session", "error", err)
+		return fmt.Errorf("failed to delete session")
+	}
+	if tag.RowsAffected() == 0 {
+		return ErrSessionNotFound
+	}
+
+	slog.Debug("db: session deleted")
+	return nil
+}