diff --git a/internal/auth/middleware/middleware.go b/internal/auth/middleware/middleware.go index b48f92e..ec2c14f 100644 --- a/internal/auth/middleware/middleware.go +++ b/internal/auth/middleware/middleware.go @@ -2,19 +2,34 @@ package middleware import ( "mal/internal/domain" + "net/http" "github.com/gin-gonic/gin" ) func AuthMiddleware(svc domain.AuthService) gin.HandlerFunc { return func(c *gin.Context) { - sessionID, err := c.Cookie("session_id") - if err == nil { - user, err := svc.ValidateSession(c.Request.Context(), sessionID) - if err == nil { - c.Set("User", user) - } + // Allow access to login and logout endpoints without authentication + if c.Request.URL.Path == "/login" || c.Request.URL.Path == "/logout" { + c.Next() + return } + + sessionID, err := c.Cookie("session_id") + if err != nil { + c.Redirect(http.StatusSeeOther, "/login") + c.Abort() + return + } + + user, err := svc.ValidateSession(c.Request.Context(), sessionID) + if err != nil { + c.Redirect(http.StatusSeeOther, "/login") + c.Abort() + return + } + + c.Set("User", user) c.Next() } }