arimelody-web/api/api.go

package api

import (
	"context"
	"fmt"
	"net/http"
	"os"
	"strings"

	"arimelody-web/controller"
	"arimelody-web/model"
)

func Handler(app *model.AppState) http.Handler {
    mux := http.NewServeMux()

    // TODO: generate API keys on the frontend

    // ARTIST ENDPOINTS

    mux.Handle("/v1/artist/{id}", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        var artistID = r.PathValue("id")
        artist, err := controller.GetArtist(app.DB, artistID)
        if err != nil {
            if strings.Contains(err.Error(), "no rows") {
                http.NotFound(w, r)
                return
            }
            fmt.Printf("WARN: Error while retrieving artist %s: %s\n", artistID, err)
            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
            return
        }

        switch r.Method {
        case http.MethodGet:
            // GET /api/v1/artist/{id}
            ServeArtist(app, artist).ServeHTTP(w, r)
        case http.MethodPut:
            // PUT /api/v1/artist/{id} (admin)
            requireAccount(UpdateArtist(app, artist)).ServeHTTP(w, r)
        case http.MethodDelete:
            // DELETE /api/v1/artist/{id} (admin)
            requireAccount(DeleteArtist(app, artist)).ServeHTTP(w, r)
        default:
            http.NotFound(w, r)
        }
    }))
    artistIndexHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        switch r.Method {
        case http.MethodGet:
            // GET /api/v1/artist
            ServeAllArtists(app).ServeHTTP(w, r)
        case http.MethodPost:
            // POST /api/v1/artist (admin)
            requireAccount(CreateArtist(app)).ServeHTTP(w, r)
        default:
            http.NotFound(w, r)
        }
    })
    mux.Handle("/v1/artist/", artistIndexHandler)
    mux.Handle("/v1/artist", artistIndexHandler)

    // RELEASE ENDPOINTS

    mux.Handle("/v1/music/{id}", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        var releaseID = r.PathValue("id")
        release, err := controller.GetRelease(app.DB, releaseID, true)
        if err != nil {
            if strings.Contains(err.Error(), "no rows") {
                http.NotFound(w, r)
                return
            }
            fmt.Printf("WARN: Error while retrieving release %s: %s\n", releaseID, err)
            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
            return
        }

        switch r.Method {
        case http.MethodGet:
            // GET /api/v1/music/{id}
            ServeRelease(app, release).ServeHTTP(w, r)
        case http.MethodPut:
            // PUT /api/v1/music/{id} (admin)
            requireAccount(UpdateRelease(app, release)).ServeHTTP(w, r)
        case http.MethodDelete:
            // DELETE /api/v1/music/{id} (admin)
            requireAccount(DeleteRelease(app, release)).ServeHTTP(w, r)
        default:
            http.NotFound(w, r)
        }
    }))
    musicIndexHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        switch r.Method {
        case http.MethodGet:
            // GET /api/v1/music
            ServeCatalog(app).ServeHTTP(w, r)
        case http.MethodPost:
            // POST /api/v1/music (admin)
            requireAccount(CreateRelease(app)).ServeHTTP(w, r)
        default:
            http.NotFound(w, r)
        }
    })
    mux.Handle("/v1/music/", musicIndexHandler)
    mux.Handle("/v1/music", musicIndexHandler)

    // TRACK ENDPOINTS

    mux.Handle("/v1/track/{id}", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        var trackID = r.PathValue("id")
        track, err := controller.GetTrack(app.DB, trackID)
        if err != nil {
            if strings.Contains(err.Error(), "no rows") {
                http.NotFound(w, r)
                return
            }
            fmt.Printf("WARN: Error while retrieving track %s: %s\n", trackID, err)
            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
            return
        }

        switch r.Method {
        case http.MethodGet:
            // GET /api/v1/track/{id} (admin)
            requireAccount(ServeTrack(app, track)).ServeHTTP(w, r)
        case http.MethodPut:
            // PUT /api/v1/track/{id} (admin)
            requireAccount(UpdateTrack(app, track)).ServeHTTP(w, r)
        case http.MethodDelete:
            // DELETE /api/v1/track/{id} (admin)
            requireAccount(DeleteTrack(app, track)).ServeHTTP(w, r)
        default:
            http.NotFound(w, r)
        }
    }))
    trackIndexHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        switch r.Method {
        case http.MethodGet:
            // GET /api/v1/track (admin)
            requireAccount(ServeAllTracks(app)).ServeHTTP(w, r)
        case http.MethodPost:
            // POST /api/v1/track (admin)
            requireAccount(CreateTrack(app)).ServeHTTP(w, r)
        default:
            http.NotFound(w, r)
        }
    })
    mux.Handle("/v1/track/", trackIndexHandler)
    mux.Handle("/v1/track", trackIndexHandler)

    // BLOG ENDPOINTS

    mux.Handle("GET /v1/blog/{id}", ServeBlog(app))
    mux.Handle("PUT /v1/blog/{id}", requireAccount(UpdateBlog(app)))
    mux.Handle("DELETE /v1/blog/{id}", requireAccount(DeleteBlog(app)))
    mux.Handle("GET /v1/blog", ServeAllBlogs(app))
    mux.Handle("POST /v1/blog", requireAccount(CreateBlog(app)))

    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        session, err := getSession(app, r)
        if err != nil {
            fmt.Fprintf(os.Stderr, "WARN: Failed to get session: %v\n", err)
            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
            return
        }
        ctx := context.WithValue(r.Context(), "session", session)
        mux.ServeHTTP(w, r.WithContext(ctx))
    })
}

func requireAccount(next http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        session := r.Context().Value("session").(*model.Session)
        if session == nil || session.Account == nil {
            http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
            return
        }
        ctx := context.WithValue(r.Context(), "session", session)
        next.ServeHTTP(w, r.WithContext(ctx))
    })
}

func getSession(app *model.AppState, r *http.Request) (*model.Session, error) {
    var token string

    // check cookies first
    sessionCookie, err := r.Cookie(model.COOKIE_TOKEN)
    if err != nil && err != http.ErrNoCookie {
        return nil, fmt.Errorf("Failed to retrieve session cookie: %v\n", err)
    }
    if sessionCookie != nil {
        token = sessionCookie.Value
    } else {
        // check Authorization header
        token = strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer ")
    }

    if token == "" { return nil, nil }

    // fetch existing session
    session, err := controller.GetSession(app.DB, token)

    if err != nil && !strings.Contains(err.Error(), "no rows") {
        return nil, fmt.Errorf("Failed to retrieve session: %v\n", err)
    }

    if session != nil {
        // TODO: consider running security checks here (i.e. user agent mismatches)
    }

    return session, nil
}
HOLY REFACTOR GOOD GRIEF (also finally started some CRUD work) Signed-off-by: ari melody <ari@arimelody.me> 2024-08-02 22:48:26 +01:00			`package api`

			`import (`
v1 blog API routes 2025-11-07 19:31:34 +00:00			`"context"`
			`"fmt"`
			`"net/http"`
			`"os"`
			`"strings"`

			`"arimelody-web/controller"`
			`"arimelody-web/model"`
HOLY REFACTOR GOOD GRIEF (also finally started some CRUD work) Signed-off-by: ari melody <ari@arimelody.me> 2024-08-02 22:48:26 +01:00			`)`

refactored out `global`. long live `AppState` 2025-01-21 14:53:18 +00:00			`func Handler(app *model.AppState) http.Handler {`
HOLY REFACTOR GOOD GRIEF (also finally started some CRUD work) Signed-off-by: ari melody <ari@arimelody.me> 2024-08-02 22:48:26 +01:00			`mux := http.NewServeMux()`

disable api account endpoints (for now) 2025-01-20 19:02:26 +00:00			`// TODO: generate API keys on the frontend`

i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`// ARTIST ENDPOINTS`

refactor mux path routes legend has it that if you refactor your code enough times, one day you will finally be happy 2025-11-07 17:48:06 +00:00			`mux.Handle("/v1/artist/{id}", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`var artistID = r.PathValue("id")`
refactored out `global`. long live `AppState` 2025-01-21 14:53:18 +00:00			`artist, err := controller.GetArtist(app.DB, artistID)`
turns out rewriting all of your database code takes a while 2024-09-01 04:43:32 +01:00			`if err != nil {`
lots of post-DB cleanup 2024-09-02 00:15:23 +01:00			`if strings.Contains(err.Error(), "no rows") {`
			`http.NotFound(w, r)`
			`return`
			`}`
create log class, edit fatal-but-not-really logs 2025-02-06 12:32:51 +00:00			`fmt.Printf("WARN: Error while retrieving artist %s: %s\n", artistID, err)`
lots of post-DB cleanup 2024-09-02 00:15:23 +01:00			`http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)`
turns out rewriting all of your database code takes a while 2024-09-01 04:43:32 +01:00			`return`
			`}`

i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`switch r.Method {`
			`case http.MethodGet:`
			`// GET /api/v1/artist/{id}`
refactored out `global`. long live `AppState` 2025-01-21 14:53:18 +00:00			`ServeArtist(app, artist).ServeHTTP(w, r)`
i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`case http.MethodPut:`
			`// PUT /api/v1/artist/{id} (admin)`
fix session handling on public API 2025-02-07 12:06:52 +00:00			`requireAccount(UpdateArtist(app, artist)).ServeHTTP(w, r)`
i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`case http.MethodDelete:`
			`// DELETE /api/v1/artist/{id} (admin)`
fix session handling on public API 2025-02-07 12:06:52 +00:00			`requireAccount(DeleteArtist(app, artist)).ServeHTTP(w, r)`
i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`default:`
			`http.NotFound(w, r)`
			`}`
refactor mux path routes legend has it that if you refactor your code enough times, one day you will finally be happy 2025-11-07 17:48:06 +00:00			`}))`
v1 blog API routes 2025-11-07 19:31:34 +00:00			`artistIndexHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
HOLY REFACTOR GOOD GRIEF (also finally started some CRUD work) Signed-off-by: ari melody <ari@arimelody.me> 2024-08-02 22:48:26 +01:00			`switch r.Method {`
			`case http.MethodGet:`
i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`// GET /api/v1/artist`
refactored out `global`. long live `AppState` 2025-01-21 14:53:18 +00:00			`ServeAllArtists(app).ServeHTTP(w, r)`
HOLY REFACTOR GOOD GRIEF (also finally started some CRUD work) Signed-off-by: ari melody <ari@arimelody.me> 2024-08-02 22:48:26 +01:00			`case http.MethodPost:`
i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`// POST /api/v1/artist (admin)`
fix session handling on public API 2025-02-07 12:06:52 +00:00			`requireAccount(CreateArtist(app)).ServeHTTP(w, r)`
HOLY REFACTOR GOOD GRIEF (also finally started some CRUD work) Signed-off-by: ari melody <ari@arimelody.me> 2024-08-02 22:48:26 +01:00			`default:`
			`http.NotFound(w, r)`
			`}`
v1 blog API routes 2025-11-07 19:31:34 +00:00			`})`
			`mux.Handle("/v1/artist/", artistIndexHandler)`
			`mux.Handle("/v1/artist", artistIndexHandler)`
create support for releases, artists, tracks, and credits Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 00:27:30 +01:00
i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`// RELEASE ENDPOINTS`

refactor mux path routes legend has it that if you refactor your code enough times, one day you will finally be happy 2025-11-07 17:48:06 +00:00			`mux.Handle("/v1/music/{id}", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`var releaseID = r.PathValue("id")`
refactored out `global`. long live `AppState` 2025-01-21 14:53:18 +00:00			`release, err := controller.GetRelease(app.DB, releaseID, true)`
turns out rewriting all of your database code takes a while 2024-09-01 04:43:32 +01:00			`if err != nil {`
lots of post-DB cleanup 2024-09-02 00:15:23 +01:00			`if strings.Contains(err.Error(), "no rows") {`
			`http.NotFound(w, r)`
			`return`
			`}`
create log class, edit fatal-but-not-really logs 2025-02-06 12:32:51 +00:00			`fmt.Printf("WARN: Error while retrieving release %s: %s\n", releaseID, err)`
lots of post-DB cleanup 2024-09-02 00:15:23 +01:00			`http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)`
turns out rewriting all of your database code takes a while 2024-09-01 04:43:32 +01:00			`return`
			`}`

that's all the API create routes! + some admin UI Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 15:02:01 +01:00			`switch r.Method {`
			`case http.MethodGet:`
i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`// GET /api/v1/music/{id}`
refactored out `global`. long live `AppState` 2025-01-21 14:53:18 +00:00			`ServeRelease(app, release).ServeHTTP(w, r)`
i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`case http.MethodPut:`
			`// PUT /api/v1/music/{id} (admin)`
fix session handling on public API 2025-02-07 12:06:52 +00:00			`requireAccount(UpdateRelease(app, release)).ServeHTTP(w, r)`
that's all the API create routes! + some admin UI Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 15:02:01 +01:00			`case http.MethodDelete:`
i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`// DELETE /api/v1/music/{id} (admin)`
fix session handling on public API 2025-02-07 12:06:52 +00:00			`requireAccount(DeleteRelease(app, release)).ServeHTTP(w, r)`
that's all the API create routes! + some admin UI Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 15:02:01 +01:00			`default:`
			`http.NotFound(w, r)`
			`}`
refactor mux path routes legend has it that if you refactor your code enough times, one day you will finally be happy 2025-11-07 17:48:06 +00:00			`}))`
v1 blog API routes 2025-11-07 19:31:34 +00:00			`musicIndexHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
HOLY REFACTOR GOOD GRIEF (also finally started some CRUD work) Signed-off-by: ari melody <ari@arimelody.me> 2024-08-02 22:48:26 +01:00			`switch r.Method {`
			`case http.MethodGet:`
i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`// GET /api/v1/music`
refactored out `global`. long live `AppState` 2025-01-21 14:53:18 +00:00			`ServeCatalog(app).ServeHTTP(w, r)`
HOLY REFACTOR GOOD GRIEF (also finally started some CRUD work) Signed-off-by: ari melody <ari@arimelody.me> 2024-08-02 22:48:26 +01:00			`case http.MethodPost:`
i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`// POST /api/v1/music (admin)`
fix session handling on public API 2025-02-07 12:06:52 +00:00			`requireAccount(CreateRelease(app)).ServeHTTP(w, r)`
HOLY REFACTOR GOOD GRIEF (also finally started some CRUD work) Signed-off-by: ari melody <ari@arimelody.me> 2024-08-02 22:48:26 +01:00			`default:`
			`http.NotFound(w, r)`
			`}`
v1 blog API routes 2025-11-07 19:31:34 +00:00			`})`
			`mux.Handle("/v1/music/", musicIndexHandler)`
			`mux.Handle("/v1/music", musicIndexHandler)`
HOLY REFACTOR GOOD GRIEF (also finally started some CRUD work) Signed-off-by: ari melody <ari@arimelody.me> 2024-08-02 22:48:26 +01:00
i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`// TRACK ENDPOINTS`

refactor mux path routes legend has it that if you refactor your code enough times, one day you will finally be happy 2025-11-07 17:48:06 +00:00			`mux.Handle("/v1/track/{id}", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`var trackID = r.PathValue("id")`
refactored out `global`. long live `AppState` 2025-01-21 14:53:18 +00:00			`track, err := controller.GetTrack(app.DB, trackID)`
turns out rewriting all of your database code takes a while 2024-09-01 04:43:32 +01:00			`if err != nil {`
lots of post-DB cleanup 2024-09-02 00:15:23 +01:00			`if strings.Contains(err.Error(), "no rows") {`
			`http.NotFound(w, r)`
			`return`
			`}`
create log class, edit fatal-but-not-really logs 2025-02-06 12:32:51 +00:00			`fmt.Printf("WARN: Error while retrieving track %s: %s\n", trackID, err)`
lots of post-DB cleanup 2024-09-02 00:15:23 +01:00			`http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)`
turns out rewriting all of your database code takes a while 2024-09-01 04:43:32 +01:00			`return`
			`}`

i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`switch r.Method {`
			`case http.MethodGet:`
			`// GET /api/v1/track/{id} (admin)`
fix session handling on public API 2025-02-07 12:06:52 +00:00			`requireAccount(ServeTrack(app, track)).ServeHTTP(w, r)`
i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`case http.MethodPut:`
			`// PUT /api/v1/track/{id} (admin)`
fix session handling on public API 2025-02-07 12:06:52 +00:00			`requireAccount(UpdateTrack(app, track)).ServeHTTP(w, r)`
i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`case http.MethodDelete:`
			`// DELETE /api/v1/track/{id} (admin)`
fix session handling on public API 2025-02-07 12:06:52 +00:00			`requireAccount(DeleteTrack(app, track)).ServeHTTP(w, r)`
i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`default:`
			`http.NotFound(w, r)`
			`}`
refactor mux path routes legend has it that if you refactor your code enough times, one day you will finally be happy 2025-11-07 17:48:06 +00:00			`}))`
v1 blog API routes 2025-11-07 19:31:34 +00:00			`trackIndexHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`switch r.Method {`
			`case http.MethodGet:`
			`// GET /api/v1/track (admin)`
fix session handling on public API 2025-02-07 12:06:52 +00:00			`requireAccount(ServeAllTracks(app)).ServeHTTP(w, r)`
i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`case http.MethodPost:`
			`// POST /api/v1/track (admin)`
fix session handling on public API 2025-02-07 12:06:52 +00:00			`requireAccount(CreateTrack(app)).ServeHTTP(w, r)`
i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`default:`
			`http.NotFound(w, r)`
			`}`
v1 blog API routes 2025-11-07 19:31:34 +00:00			`})`
			`mux.Handle("/v1/track/", trackIndexHandler)`
			`mux.Handle("/v1/track", trackIndexHandler)`

			`// BLOG ENDPOINTS`

			`mux.Handle("GET /v1/blog/{id}", ServeBlog(app))`
			`mux.Handle("PUT /v1/blog/{id}", requireAccount(UpdateBlog(app)))`
			`mux.Handle("DELETE /v1/blog/{id}", requireAccount(DeleteBlog(app)))`
			`mux.Handle("GET /v1/blog", ServeAllBlogs(app))`
			`mux.Handle("POST /v1/blog", requireAccount(CreateBlog(app)))`
create support for releases, artists, tracks, and credits Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 00:27:30 +01:00
fix API endpoints which require account authorisation 2025-01-24 18:49:04 +00:00			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`session, err := getSession(app, r)`
			`if err != nil {`
			`fmt.Fprintf(os.Stderr, "WARN: Failed to get session: %v\n", err)`
			`http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)`
			`return`
			`}`
fix session handling on public API 2025-02-07 12:06:52 +00:00			`ctx := context.WithValue(r.Context(), "session", session)`
			`mux.ServeHTTP(w, r.WithContext(ctx))`
			`})`
			`}`

			`func requireAccount(next http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`session := r.Context().Value("session").(*model.Session)`
			`if session == nil \|\| session.Account == nil {`
fix API endpoints which require account authorisation 2025-01-24 18:49:04 +00:00			`http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)`
			`return`
			`}`
			`ctx := context.WithValue(r.Context(), "session", session)`
			`next.ServeHTTP(w, r.WithContext(ctx))`
			`})`
			`}`

			`func getSession(app model.AppState, r http.Request) (*model.Session, error) {`
			`var token string`

			`// check cookies first`
			`sessionCookie, err := r.Cookie(model.COOKIE_TOKEN)`
			`if err != nil && err != http.ErrNoCookie {`
refactor errors.New to fmt.Errorf 2025-09-30 22:30:52 +01:00			`return nil, fmt.Errorf("Failed to retrieve session cookie: %v\n", err)`
fix API endpoints which require account authorisation 2025-01-24 18:49:04 +00:00			`}`
			`if sessionCookie != nil {`
			`token = sessionCookie.Value`
			`} else {`
			`// check Authorization header`
			`token = strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer ")`
			`}`

			`if token == "" { return nil, nil }`

			`// fetch existing session`
			`session, err := controller.GetSession(app.DB, token)`

			`if err != nil && !strings.Contains(err.Error(), "no rows") {`
refactor errors.New to fmt.Errorf 2025-09-30 22:30:52 +01:00			`return nil, fmt.Errorf("Failed to retrieve session: %v\n", err)`
fix API endpoints which require account authorisation 2025-01-24 18:49:04 +00:00			`}`

			`if session != nil {`
			`// TODO: consider running security checks here (i.e. user agent mismatches)`
			`}`

			`return session, nil`
			`}`