internal/sessions: refactor how sessions loading (#351)

These chagnes standardize how session loading is done for session cookie, auth bearer token, and query params. - Bearer token previously combined with session cookie. - rearranged cookie-store to put exported methods above unexported - added header store that implements session loader interface - added query param store that implements session loader interface Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
2025-08-04 01:09:36 +02:00 · 2019-10-06 10:47:53 -07:00 · 2019-10-06 10:47:53 -07:00 · badd8d69af
commit badd8d69af
parent 7aa4621b1b
13 changed files with 322 additions and 234 deletions
--- a/internal/sessions/store.go
+++ b/internal/sessions/store.go
@ -5,8 +5,14 @@ import (
 	"net/http"
 )

-// ErrEmptySession is an error for an empty sessions.
-var ErrEmptySession = errors.New("internal/sessions: empty session")
+var (
+	// ErrExpired is the error for an expired session.
+	ErrExpired = errors.New("internal/sessions: session is expired")
+	// ErrNoSessionFound is the error for when no session is found.
+	ErrNoSessionFound = errors.New("internal/sessions: session is not found")
+	// ErrMalformed is the error for when a session is found but is malformed.
+	ErrMalformed = errors.New("internal/sessions: session is malformed")
+)

 // SessionStore has the functions for setting, getting, and clearing the Session cookie
 type SessionStore interface {
@ -14,3 +20,9 @@ type SessionStore interface {
 	LoadSession(*http.Request) (*State, error)
 	SaveSession(http.ResponseWriter, *http.Request, *State) error
 }
+
+// SessionLoader is implemented by any struct that loads a pomerium session
+// given a request, and returns a user state.
+type SessionLoader interface {
+	LoadSession(*http.Request) (*State, error)
+}