From 86359156ee607bc3ddac99cf9a6295f8ff664482 Mon Sep 17 00:00:00 2001
From: Simon Ser <contact@emersion.fr>
Date: Wed, 11 Dec 2019 12:54:00 +0100
Subject: Export Context.SetSession, unexport Session.Token

I'm uneasy exposing the token to plugins, I prefer to hide it if
possible to prevent mis-use.

This change allows plugins to logout users.
---
 server.go | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'server.go')

diff --git a/server.go b/server.go
index 1c65d25..a327d64 100644
--- a/server.go
+++ b/server.go
@@ -104,17 +104,18 @@ type Context struct {
 
 var aLongTimeAgo = time.Unix(233431200, 0)
 
-func (c *Context) setToken(token string) {
+func (ctx *Context) SetSession(s *Session) {
 	cookie := http.Cookie{
 		Name:     cookieName,
-		Value:    token,
 		HttpOnly: true,
 		// TODO: domain, secure
 	}
-	if token == "" {
+	if s != nil {
+		cookie.Value = s.token
+	} else {
 		cookie.Expires = aLongTimeAgo // unset the cookie
 	}
-	c.SetCookie(&cookie)
+	ctx.SetCookie(&cookie)
 }
 
 func isPublic(path string) bool {
@@ -173,7 +174,7 @@ func New(e *echo.Echo, options *Options) error {
 
 			ctx.Session, err = ctx.Server.sessions.Get(cookie.Value)
 			if err == ErrSessionExpired {
-				ctx.setToken("")
+				ctx.SetSession(nil)
 				return ctx.Redirect(http.StatusFound, "/login")
 			} else if err != nil {
 				return err
-- 
cgit v1.2.3-59-g8ed1b