feat: store tokens in a session cookie

1 files changed, 15 insertions, 17 deletions

diff --git a/app/controllers/sessions/controller.go b/app/controllers/sessions/controller.go
index a4ba092..70d5631 100644
--- a/app/controllers/sessions/controller.go
+++ b/app/controllers/sessions/controller.go
@@ -1,10 +1,10 @@
 package sessions
 
 import (
-	"fmt"
+	"encoding/base64"
+	"encoding/json"
 	"net/http"
 
-	"github.com/xlgmokha/x/pkg/serde"
 	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc"
 	"golang.org/x/oauth2"
 )
@@ -31,25 +31,23 @@ func (c *Controller) New(w http.ResponseWriter, r *http.Request) {
 func (c *Controller) Create(w http.ResponseWriter, r *http.Request) {
 	token, err := c.cfg.Config.Exchange(r.Context(), r.URL.Query().Get("code"))
 	if err != nil {
-		fmt.Printf("%v\n", err)
+		return
 	}
 
-	err = serde.ToJSON(w, token)
-	if err != nil {
-		fmt.Printf("%v\n", err)
-		return
+	tokens := map[string]interface{}{
+		"access_token":  token.AccessToken,
+		"token_type":    token.TokenType,
+		"refresh_token": token.RefreshToken,
+		"expiry":        token.Expiry,
+		"expires_in":    token.ExpiresIn,
 	}
 
 	if rawIDToken, ok := token.Extra("id_token").(string); ok {
-		idToken, err := oidc.NewIDToken(rawIDToken)
-		if err != nil {
-			fmt.Printf("%v\n", err)
-			return
-		}
-		err = serde.ToJSON(w, idToken)
-		if err != nil {
-			fmt.Printf("%v\n", err)
-			return
-		}
+		tokens["id_token"] = rawIDToken
 	}
+
+	data, err := json.Marshal(tokens)
+	encoded := base64.URLEncoding.EncodeToString(data)
+	http.SetCookie(w, &http.Cookie{Name: "session", Value: encoded})
+	http.Redirect(w, r, "/dashboard", http.StatusFound)
 }