rework a ton of code

get attribute val function
implement profile photo component
2026-04-03 18:51:27 -04:00 · 2026-04-03 18:36:26 -04:00 · 2026-04-03 18:32:11 -04:00 · 2026-04-03 18:31:17 -04:00 · 2026-04-03 18:28:26 -04:00 · 2026-04-03 18:24:50 -04:00
14 changed files with 639 additions and 497 deletions
--- a/src/components/profile_photo.go
+++ b/src/components/profile_photo.go
@@ -0,0 +1,146 @@
 package components
 import (
 	"fmt"
 	"io"
 	"net/http"
 	"os"
 	"path/filepath"
 	"strings"
 	"sync"
 	"time"
 	"astraltech.xyz/accountmanager/src/helpers"
 	"astraltech.xyz/accountmanager/src/ldap"
 	"astraltech.xyz/accountmanager/src/logging"
 	"astraltech.xyz/accountmanager/src/session"
 )
 var (
 	photoCreatedTimestamp = make(map[string]time.Time)
 	photoCreatedMutex     sync.Mutex
 	blankPhotoData        []byte
 )
 var (
 	sessionManager = session.GetSessionManager()
 	LDAPServer     *ldap.LDAPServer
 	BaseDN string
 	ServiceUserBindDN   string
 	ServiceUserPassword string
 )
 func ReadBlankPhoto() {
 	blank, err := helpers.ReadFile("static/blank_profile.jpg")
 	if err != nil {
 		logging.Fatal("Could not load blank profile image")
 	}
 	blankPhotoData = blank
 }
 func CreateUserPhoto(username string, photoData []byte) error {
 	helpers.Mkdir("./avatars", os.ModePerm)
 	path := fmt.Sprintf("./avatars/%s.jpeg", username)
 	cleaned := filepath.Clean(path)
 	dst, err := helpers.CreateFile(cleaned)
 	if err != nil {
 		return fmt.Errorf("Could not save file")
 	}
 	photoCreatedMutex.Lock()
 	photoCreatedTimestamp[username] = time.Now()
 	photoCreatedMutex.Unlock()
 	defer dst.Close()
 	logging.Info("Writing to avarar file")
 	_, err = dst.Write(photoData)
 	if err != nil {
 		return err
 	}
 	return nil
 }
 func UploadPhotoHandler(w http.ResponseWriter, r *http.Request) {
 	sessionData, err := sessionManager.GetSession(r)
 	if err != nil {
 		logging.Error(err.Error())
 		http.Redirect(w, r, "/login", http.StatusSeeOther)
 		return
 	}
 	err = r.ParseMultipartForm(10 << 20) // 10MB limit
 	if err != nil {
 		http.Error(w, "Bad request", http.StatusBadRequest)
 		return
 	}
 	if r.FormValue("csrf_token") != sessionData.CSRFToken {
 		http.Error(w, "CSRF Forbidden", http.StatusForbidden)
 		return
 	}
 	file, header, err := r.FormFile("photo")
 	if err != nil {
 		http.Error(w, "File not found", http.StatusBadRequest)
 		return
 	}
 	defer file.Close()
 	if header.Size > (10 * 1024 * 1024) {
 		http.Error(w, "File is to large (limit is 10 MB)", http.StatusBadRequest)
 		return
 	}
 	// 3. Read file into memory
 	data, err := io.ReadAll(file)
 	if err != nil {
 		http.Error(w, "Failed to read file", http.StatusInternalServerError)
 		return
 	}
 	userDN := fmt.Sprintf("uid=%s,cn=users,cn=accounts,%s", sessionData.UserID, BaseDN)
 	LDAPServer.ModifyAttribute(ServiceUserBindDN, ServiceUserPassword, userDN, "jpegphoto", []string{string(data)})
 	CreateUserPhoto(sessionData.UserID, data)
 }
 func AvatarHandler(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "image/jpeg")
 	username := r.URL.Query().Get("user")
 	if strings.Contains(username, "/") {
 		w.Write(blankPhotoData)
 		return
 	}
 	filePath := fmt.Sprintf("./avatars/%s.jpeg", username)
 	cleaned := filepath.Clean(filePath)
 	value, err := helpers.ReadFile(cleaned)
 	if err == nil {
 		photoCreatedMutex.Lock()
 		if time.Since(photoCreatedTimestamp[username]) <= 5*time.Minute {
 			photoCreatedMutex.Unlock()
 			w.Write(value)
 			return
 		}
 		photoCreatedMutex.Unlock()
 	}
 	userSearch, err := LDAPServer.SerchServer(
 		ServiceUserBindDN, ServiceUserPassword,
 		BaseDN,
 		fmt.Sprintf("(&(objectClass=inetOrgPerson)(uid=%s))", ldap.LDAPEscapeFilter(username)),
 		[]string{"jpegphoto"},
 	)
 	if err == nil || userSearch.EntryCount() == 0 {
 		w.Write(blankPhotoData)
 		return
 	}
 	entry := userSearch.GetEntry(0)
 	bytes := entry.GetRawAttributeValue("jpegphoto")
 	if len(bytes) == 0 {
 		w.Write(blankPhotoData)
 		return
 	} else {
 		w.Write(bytes)
 		CreateUserPhoto(username, bytes)
 	}
 }
--- a/src/email/email.go
+++ b/src/email/email.go
@@ -1,4 +1,4 @@
-package main
+package email
 import (
 	"net/smtp"
--- a/src/helpers/helpers.go
+++ b/src/helpers/helpers.go
@@ -1,4 +1,4 @@
-package main
+package helpers
 import (
 	"net/http"
--- a/src/ldap/ldap_helpers.go
+++ b/src/ldap/ldap_helpers.go
@@ -0,0 +1,7 @@
 package ldap
 import (
 	"github.com/go-ldap/ldap/v3"
 )
 func LDAPEscapeFilter(input string) string { return ldap.EscapeFilter(input) }
--- a/src/ldap/ldap_search.go
+++ b/src/ldap/ldap_search.go
@@ -0,0 +1,29 @@
 package ldap
 import (
 	"github.com/go-ldap/ldap/v3"
 )
 type LDAPSearch struct {
 	search *ldap.SearchResult
 }
 type LDAPEntry struct {
 	entry *ldap.Entry
 }
 func (s *LDAPSearch) EntryCount() int {
 	return len(s.search.Entries)
 }
 func (s *LDAPSearch) GetEntry(number int) *LDAPEntry {
 	return &LDAPEntry{s.search.Entries[number]}
 }
 func (e *LDAPEntry) GetRawAttributeValue(name string) []byte {
 	return e.entry.GetRawAttributeValue(name)
 }
 func (e *LDAPEntry) GetAttributeValue(name string) string {
 	return e.entry.GetAttributeValue(name)
 }
--- a/src/ldap/ldap_server.go
+++ b/src/ldap/ldap_server.go
@@ -0,0 +1,130 @@
 package ldap
 import (
 	"crypto/tls"
 	"strings"
 	"astraltech.xyz/accountmanager/src/logging"
 	"github.com/go-ldap/ldap/v3"
 )
 type LDAPServer struct {
 	URL                string
 	StartTLS           bool
 	IgnoreInsecureCert bool
 }
 func (s *LDAPServer) TestConnection() (bool, error) {
 	l, err := ldap.DialURL(s.URL)
 	l.Close()
 	if err != nil {
 		return false, err
 	}
 	return true, nil
 }
 // internal connect, should not be used regularly
 func (s *LDAPServer) connect() (*ldap.Conn, error) {
 	l, err := ldap.DialURL(s.URL)
 	if err != nil {
 		return nil, err
 	}
 	if s.StartTLS {
 		err = l.StartTLS(&tls.Config{
 			InsecureSkipVerify: s.IgnoreInsecureCert,
 		})
 		if err != nil {
 			l.Close()
 			return nil, err
 		}
 	}
 	return l, nil
 }
 func (s *LDAPServer) connectAsUser(userDN, password string) (*ldap.Conn, error) {
 	conn, err := s.connect()
 	if err != nil {
 		return nil, err
 	}
 	err = conn.Bind(userDN, password)
 	if err != nil {
 		return nil, err
 	}
 	return conn, nil
 }
 func (s *LDAPServer) AuthenticateUser(userDN, password string) (bool, error) {
 	conn, err := s.connectAsUser(userDN, password)
 	if err != nil || conn == nil {
 		return false, err
 	}
 	conn.Close()
 	return true, nil
 }
 func (s *LDAPServer) SerchServer(
 	userDN string, password string,
 	baseDN string,
 	searchFilter string, attributes []string,
 ) (*LDAPSearch, error) {
 	logging.Debugf("Searching %s LDAP server\n\tBase DN: %s\n\tSearch Filter %s\n\tAttributes: %s", s.URL, baseDN, searchFilter, strings.Join(attributes, ","))
 	conn, err := s.connectAsUser(userDN, password)
 	if err != nil {
 		return nil, err
 	}
 	defer conn.Close()
 	searchRequest := ldap.NewSearchRequest(
 		baseDN,
 		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
 		searchFilter, attributes,
 		nil,
 	)
 	sr, err := conn.Search(searchRequest)
 	if err != nil {
 		logging.Errorf("Failed to search LDAP server %s\n", err.Error())
 		return nil, err
 	}
 	return &LDAPSearch{sr}, nil
 }
 func (s *LDAPServer) ChangePassword(userDN string, oldPassword string, newPassword string) error {
 	conn, err := s.connectAsUser(userDN, oldPassword)
 	if err != nil {
 		return err
 	}
 	defer conn.Close()
 	// Perform password modify extended operation
 	_, err = conn.PasswordModify(&ldap.PasswordModifyRequest{
 		UserIdentity: userDN,
 		OldPassword:  oldPassword,
 		NewPassword:  newPassword,
 	})
 	if err != nil {
 		logging.Errorf("Password modify failed: %s", err.Error())
 		return err
 	}
 	logging.Infof("Password successfully changed for %s", userDN)
 	return nil
 }
 func (s *LDAPServer) ModifyAttribute(bindUserDN string, password string, userDN string, attribute string, data []string) error {
 	logging.Infof("Modifing LDAP attribute %s", attribute)
 	conn, err := s.connectAsUser(bindUserDN, password)
 	if err != nil {
 		return err
 	}
 	defer conn.Close()
 	modify := ldap.NewModifyRequest(userDN, nil)
 	modify.Replace(attribute, data)
 	err = conn.Modify(modify)
 	if err != nil {
 		logging.Errorf("Failed to modify %s", err.Error())
 		return err
 	}
 	return nil
 }
--- a/src/main/ldap.go
+++ b/src/main/ldap.go
@@ -1,181 +0,0 @@
 package main
 import (
 	"crypto/tls"
 	"fmt"
 	"strings"
 	"astraltech.xyz/accountmanager/src/logging"
 	"github.com/go-ldap/ldap/v3"
 )
 type LDAPServer struct {
 	URL                string
 	StartTLS           bool
 	IgnoreInsecureCert bool
 	Connection         *ldap.Conn
 }
 type LDAPSearch struct {
 	Succeeded  bool
 	LDAPSearch *ldap.SearchResult
 }
 func connectToLDAPServer(URL string, starttls bool, ignore_cert bool) *LDAPServer {
 	logging.Debugf("Connecting to LDAP server %s", URL)
 	l, err := ldap.DialURL(URL)
 	if err != nil {
 		logging.Fatal("Failed to connect to LDAP server")
 		logging.Fatal(err.Error())
 	}
 	logging.Infof("Connected to LDAP server")
 	if starttls {
 		logging.Debugf("Enabling StartTLS")
 		if err := l.StartTLS(&tls.Config{InsecureSkipVerify: ignore_cert}); err != nil {
 			logging.Errorf("StartTLS failed %s", err.Error())
 		}
 		logging.Infof("StartTLS enabled")
 	}
 	return &LDAPServer{
 		Connection:         l,
 		URL:                URL,
 		StartTLS:           starttls,
 		IgnoreInsecureCert: ignore_cert,
 	}
 }
 func reconnectToLDAPServer(server *LDAPServer) error {
 	logging.Debugf("Reconnecting to %s LDAP server", server.URL)
 	if server == nil {
 		logging.Errorf("Cannot reconnect: server is nil")
 		return fmt.Errorf("Server is nil")
 	}
 	l, err := ldap.DialURL(server.URL)
 	if err != nil {
 		logging.Errorf("Failed to connect to LDAP server (has server gone down)")
 		return err
 	}
 	if server.StartTLS {
 		logging.Debugf("StartTLS enabling")
 		if err := l.StartTLS(&tls.Config{InsecureSkipVerify: server.IgnoreInsecureCert}); err != nil {
 			logging.Error("StartTLS failed")
 			return err
 		}
 		logging.Debugf("Successfully Started TLS")
 	}
 	server.Connection = l
 	return nil
 }
 func connectAsLDAPUser(server *LDAPServer, bindDN, password string) error {
 	logging.Debugf("Connecting to %s LDAP server with %s BindDN", server.URL, bindDN)
 	if server == nil {
 		logging.Errorf("Failed to connect as user, LDAP server is NULL")
 		return fmt.Errorf("LDAP server is null")
 	}
 	if server.Connection == nil || server.Connection.IsClosing() {
 		err := reconnectToLDAPServer(server)
 		return err
 	}
 	err := server.Connection.Bind(bindDN, password)
 	if err != nil {
 		logging.Errorf("Failed to bind to LDAP as user %s", err.Error())
 		return err
 	}
 	return nil
 }
 func searchLDAPServer(server *LDAPServer, baseDN string, searchFilter string, attributes []string) LDAPSearch {
 	logging.Debugf("Searching %s LDAP server\n\tBase DN: %s\n\tSearch Filter %s\n\tAttributes: %s", server.URL, baseDN, searchFilter, strings.Join(attributes, ","))
 	if server == nil {
 		logging.Errorf("Server is nil, failed to search LDAP server")
 		return LDAPSearch{false, nil}
 	}
 	if server.Connection == nil {
 		reconnectToLDAPServer(server)
 		if server.Connection == nil {
 			return LDAPSearch{false, nil}
 		}
 	}
 	searchRequest := ldap.NewSearchRequest(
 		baseDN,
 		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
 		searchFilter, attributes,
 		nil,
 	)
 	sr, err := server.Connection.Search(searchRequest)
 	if err != nil {
 		logging.Errorf("Failed to search LDAP server %s\n", err.Error())
 		return LDAPSearch{false, nil}
 	}
 	return LDAPSearch{true, sr}
 }
 func modifyLDAPAttribute(server *LDAPServer, userDN string, attribute string, data []string) error {
 	logging.Infof("Modifing LDAP attribute %s", attribute)
 	modify := ldap.NewModifyRequest(userDN, nil)
 	modify.Replace(attribute, data)
 	err := server.Connection.Modify(modify)
 	if err != nil {
 		logging.Errorf("Failed to modify %s", err.Error())
 		return err
 	}
 	return nil
 }
 func changeLDAPPassword(server *LDAPServer, userDN, oldPassword, newPassword string) error {
 	logging.Infof("Changing LDAP password for %s", userDN)
 	if server == nil || server.Connection == nil {
 		return fmt.Errorf("LDAP connection not initialized")
 	}
 	// Ensure connection is alive
 	if server.Connection.IsClosing() {
 		if err := reconnectToLDAPServer(server); err != nil {
 			return err
 		}
 	}
 	// Bind as the user (required for FreeIPA self-password change)
 	err := server.Connection.Bind(userDN, oldPassword)
 	if err != nil {
 		logging.Errorf("Failed to bind as user: %s", err.Error())
 		return err
 	}
 	// Perform password modify extended operation
 	_, err = server.Connection.PasswordModify(&ldap.PasswordModifyRequest{
 		UserIdentity: userDN,
 		OldPassword:  oldPassword,
 		NewPassword:  newPassword,
 	})
 	if err != nil {
 		logging.Errorf("Password modify failed: %s", err.Error())
 		return err
 	}
 	logging.Infof("Password successfully changed for %s", userDN)
 	return nil
 }
 func closeLDAPServer(server *LDAPServer) {
 	if server != nil && server.Connection != nil {
 		logging.Debug("Closing connection to LDAP server")
 		err := server.Connection.Close()
 		if err != nil {
 			logging.Errorf("Failed to close LDAP server %s", err.Error())
 		}
 	}
 }
 func ldapEscapeFilter(input string) string { return ldap.EscapeFilter(input) }
--- a/src/main/main.go
+++ b/src/main/main.go
@@ -3,95 +3,71 @@ package main
 import (
 	"fmt"
 	"html/template"
 	"io"
 	"log"
 	"net/http"
 	"os"
 	"path/filepath"
 	"strings"
 	"sync"
 	"time"
 	"astraltech.xyz/accountmanager/src/components"
 	"astraltech.xyz/accountmanager/src/helpers"
 	"astraltech.xyz/accountmanager/src/ldap"
 	"astraltech.xyz/accountmanager/src/logging"
 	"astraltech.xyz/accountmanager/src/session"
 )
 var (
-	ldapServer      *LDAPServer
+	ldapServer     ldap.LDAPServer
-	ldapServerMutex sync.Mutex
+	serverConfig   *ServerConfig
-	serverConfig    *ServerConfig
+	sessionManager *session.SessionManager
 )
 type UserData struct {
 	isAuth      bool
 	Username    string
 	DisplayName string
 	Email       string
 }
 var (
-	photoCreatedTimestamp = make(map[string]time.Time)
+	userData      = make(map[string]*UserData)
-	photoCreatedMutex     sync.Mutex
+	userDataMutex sync.RWMutex
 	blankPhotoData        []byte
 )
-func createUserPhoto(username string, photoData []byte) error {
+func authenticateUser(username, password string) (*UserData, error) {
 	Mkdir("./avatars", os.ModePerm)
 	path := fmt.Sprintf("./avatars/%s.jpeg", username)
 	cleaned := filepath.Clean(path)
 	dst, err := CreateFile(cleaned)
 	if err != nil {
 		return fmt.Errorf("Could not save file")
 	}
 	photoCreatedMutex.Lock()
 	photoCreatedTimestamp[username] = time.Now()
 	photoCreatedMutex.Unlock()
 	defer dst.Close()
 	logging.Info("Writing to avarar file")
 	_, err = dst.Write(photoData)
 	if err != nil {
 		return err
 	}
 	return nil
 }
 func authenticateUser(username, password string) (UserData, error) {
 	logging.Event(logging.AuthenticateUser, username)
 	ldapServerMutex.Lock()
 	defer ldapServerMutex.Unlock()
 	if ldapServer.Connection == nil {
 		return UserData{isAuth: false}, fmt.Errorf("LDAP server not connected")
 	}
 	userDN := fmt.Sprintf("uid=%s,cn=users,cn=accounts,%s", username, serverConfig.LDAPConfig.BaseDN)
 	connected := connectAsLDAPUser(ldapServer, userDN, password)
 	if connected != nil {
 		return UserData{isAuth: false}, connected
 	}
-	userSearch := searchLDAPServer(
+	connected, err := ldapServer.AuthenticateUser(userDN, password)
-		ldapServer,
+	if err != nil {
 		return nil, err
 	}
 	if connected == false {
 		logging.Debug("Failed to authenticate user")
 		return nil, fmt.Errorf("Failed to authenticate user %s", username)
 	}
 	logging.Info("User authenticated successfully")
 	userSearch, err := ldapServer.SerchServer(
 		userDN, password,
 		serverConfig.LDAPConfig.BaseDN,
-		fmt.Sprintf("(&(objectClass=inetOrgPerson)(uid=%s))", ldapEscapeFilter(username)),
+		fmt.Sprintf("(&(objectClass=inetOrgPerson)(uid=%s))", ldap.LDAPEscapeFilter(username)),
 		[]string{"displayName", "mail", "jpegphoto"},
 	)
-	if !userSearch.Succeeded {
+	if err != nil {
-		return UserData{isAuth: false}, fmt.Errorf("user metadata not found")
+		return nil, err
 	}
-	entry := userSearch.LDAPSearch.Entries[0]
+	entry := userSearch.GetEntry(0)
 	user := UserData{
 		isAuth:      true,
 		Username:    username,
 		DisplayName: entry.GetAttributeValue("displayName"),
 		Email:       entry.GetAttributeValue("mail"),
 	}
 	photoData := entry.GetRawAttributeValue("jpegphoto")
 	if len(photoData) > 0 {
-		createUserPhoto(user.Username, photoData)
+		components.CreateUserPhoto(username, photoData)
 	}
-	return user, nil
+	return &user, nil
 }
 type LoginPageData struct {
@@ -118,15 +94,19 @@ func loginHandler(w http.ResponseWriter, r *http.Request) {
 		password := r.FormValue("password")
 		logging.Infof("New Login request for %s\n", username)
-		userData, err := authenticateUser(username, password)
+		newUserData, err := authenticateUser(username, password)
 		userDataMutex.Lock()
 		userData[username] = newUserData
 		userDataMutex.Unlock()
 		if err != nil {
-			log.Print(err)
+			logging.Error(err.Error())
 			tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
 		} else {
-			if userData.isAuth == true {
+			if newUserData.isAuth == true {
-				cookie := createSession(&userData)
+				cookie, err := sessionManager.CreateSession(username)
-				if cookie == nil {
+				if err != nil {
-					http.Error(w, "Session error", 500)
+					logging.Error(err.Error())
 					http.Error(w, "Session error", http.StatusInternalServerError)
 					return
 				}
 				http.SetCookie(w, cookie)
@@ -147,75 +127,27 @@ type ProfileData struct {
 func profileHandler(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "text/html; charset=utf-8")
-	exist, sessionData := validateSession(r)
+	sessionData, err := sessionManager.GetSession(r)
-	if !exist {
+	if err != nil {
 		logging.Error(err.Error())
 		http.Redirect(w, r, "/login", http.StatusSeeOther)
 		return
 	}
 	if r.Method == http.MethodGet {
 		tmpl := template.Must(template.ParseFiles("src/pages/profile_page.html"))
 		userDataMutex.RLock()
 		tmpl.Execute(w, ProfileData{
-			Username:    sessionData.data.Username,
+			Username:    sessionData.UserID,
-			Email:       sessionData.data.Email,
+			Email:       userData[sessionData.UserID].Email,
-			DisplayName: sessionData.data.DisplayName,
+			DisplayName: userData[sessionData.UserID].DisplayName,
 			CSRFToken:   sessionData.CSRFToken,
 		})
 		userDataMutex.RUnlock()
 		return
 	}
 }
 func avatarHandler(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "image/jpeg")
 	username := r.URL.Query().Get("user")
 	if strings.Contains(username, "/") {
 		w.Write(blankPhotoData)
 		return
 	}
 	filePath := fmt.Sprintf("./avatars/%s.jpeg", username)
 	cleaned := filepath.Clean(filePath)
 	value, err := ReadFile(cleaned)
 	if err == nil {
 		photoCreatedMutex.Lock()
 		if time.Since(photoCreatedTimestamp[username]) <= 5*time.Minute {
 			photoCreatedMutex.Unlock()
 			w.Write(value)
 			return
 		}
 		photoCreatedMutex.Unlock()
 	}
 	ldapServerMutex.Lock()
 	defer ldapServerMutex.Unlock()
 	connected := connectAsLDAPUser(ldapServer, serverConfig.LDAPConfig.BindDN, serverConfig.LDAPConfig.BindPassword)
 	if connected != nil {
 		w.Write(blankPhotoData)
 		return
 	}
 	userSearch := searchLDAPServer(
 		ldapServer,
 		serverConfig.LDAPConfig.BaseDN,
 		fmt.Sprintf("(&(objectClass=inetOrgPerson)(uid=%s))", ldapEscapeFilter(username)),
 		[]string{"jpegphoto"},
 	)
 	if !userSearch.Succeeded || len(userSearch.LDAPSearch.Entries) == 0 {
 		w.Write(blankPhotoData)
 		return
 	}
 	entry := userSearch.LDAPSearch.Entries[0]
 	bytes := entry.GetRawAttributeValue("jpegphoto")
 	if len(bytes) == 0 {
 		w.Write(blankPhotoData)
 		return
 	} else {
 		w.Write(bytes)
 		createUserPhoto(username, bytes)
 	}
 }
 func logoutHandler(w http.ResponseWriter, r *http.Request) {
 	cookie, err := r.Cookie("session_token")
 	if err != nil {
@@ -224,59 +156,19 @@ func logoutHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	token := cookie.Value
-	exist, sessionData := validateSession(r)
+	sessionData, err := sessionManager.GetSession(r)
 	if exist {
 		if r.FormValue("csrf_token") != sessionData.CSRFToken {
 			http.Error(w, "Unable to log user out", http.StatusForbidden)
 			logging.Debugf("%s attempted to logout with invalid csrf token", sessionData.data.Username)
 			return
 		}
 	}
 	logging.Infof("handling logout event for %s", sessionData.data.Username)
 	deleteSession(token)
 	http.Redirect(w, r, "/login", http.StatusSeeOther)
 }
 func uploadPhotoHandler(w http.ResponseWriter, r *http.Request) {
 	exist, sessionData := validateSession(r)
 	if !exist {
 		http.Redirect(w, r, "/login", http.StatusSeeOther)
 		return
 	}
 	err := r.ParseMultipartForm(10 << 20) // 10MB limit
 	if err != nil {
-		http.Error(w, "Bad request", http.StatusBadRequest)
+		logging.Error(err.Error())
 		return
 	}
 	if r.FormValue("csrf_token") != sessionData.CSRFToken {
-		http.Error(w, "CSRF Forbidden", http.StatusForbidden)
+		http.Error(w, "Unable to log user out", http.StatusForbidden)
 		logging.Debugf("%s attempted to logout with invalid csrf token", sessionData.UserID)
 		return
 	}
 	logging.Infof("handling logout event for %s", sessionData.UserID)
-	file, header, err := r.FormFile("photo")
+	sessionManager.DeleteSession(token)
-	if err != nil {
+	http.Redirect(w, r, "/login", http.StatusSeeOther)
 		http.Error(w, "File not found", http.StatusBadRequest)
 		return
 	}
 	defer file.Close()
 	if header.Size > (10 * 1024 * 1024) {
 		http.Error(w, "File is to large (limit is 10 MB)", http.StatusBadRequest)
 		return
 	}
 	// 3. Read file into memory
 	data, err := io.ReadAll(file)
 	if err != nil {
 		http.Error(w, "Failed to read file", http.StatusInternalServerError)
 		return
 	}
 	userDN := fmt.Sprintf("uid=%s,cn=users,cn=accounts,%s", sessionData.data.Username, serverConfig.LDAPConfig.BaseDN)
 	ldapServerMutex.Lock()
 	defer ldapServerMutex.Unlock()
 	modifyLDAPAttribute(ldapServer, userDN, "jpegphoto", []string{string(data)})
 	createUserPhoto(sessionData.data.Username, data)
 }
 func faviconHandler(w http.ResponseWriter, r *http.Request) {
@@ -289,37 +181,18 @@ func logoHandler(w http.ResponseWriter, r *http.Request) {
 	http.ServeFile(w, r, serverConfig.StyleConfig.LogoPath)
 }
 func cleanupSessions() {
 	logging.Debug("Cleaning up stale session\n")
 	sessionMutex.Lock()
 	sessions_to_delete := []string{}
 	for session_token, session_data := range sessions {
 		timeUntilRemoval := time.Minute * 5
 		if session_data.loggedIn {
 			timeUntilRemoval = time.Hour
 		}
 		if time.Since(session_data.timeCreated) > timeUntilRemoval {
 			sessions_to_delete = append(sessions_to_delete, session_token)
 		}
 	}
 	sessionMutex.Unlock()
 	for _, session_id := range sessions_to_delete {
 		deleteSession(session_id)
 	}
 }
 func changePasswordHandler(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
-	exist, sessionData := validateSession(r)
+	sessionData, err := sessionManager.GetSession(r)
-	if !exist {
+	if err != nil {
 		logging.Error(err.Error())
 		w.WriteHeader(http.StatusUnauthorized)
 		w.Write([]byte(`{"success": false, "error": "Not authenticated"}`))
 		return
 	}
-	err := r.ParseMultipartForm(10 << 20)
+	err = r.ParseMultipartForm(10 << 20)
 	if err != nil {
 		w.WriteHeader(http.StatusBadRequest)
 		w.Write([]byte(`{"success": false, "error": "Bad request"}`))
@@ -344,11 +217,11 @@ func changePasswordHandler(w http.ResponseWriter, r *http.Request) {
 	userDN := fmt.Sprintf(
 		"uid=%s,cn=users,cn=accounts,%s",
-		sessionData.data.Username,
+		sessionData.UserID,
 		serverConfig.LDAPConfig.BaseDN,
 	)
-	err = changeLDAPPassword(ldapServer, userDN, oldPassword, newPassword)
+	err = ldapServer.ChangePassword(userDN, oldPassword, newPassword)
 	if err != nil {
 		w.WriteHeader(http.StatusInternalServerError)
@@ -368,37 +241,47 @@ func changePasswordHandler(w http.ResponseWriter, r *http.Request) {
 func main() {
 	logging.Info("Starting the server")
 	sessionManager = session.GetSessionManager()
 	sessionManager.SetStoreType(session.InMemory)
-	var err error = nil
+	var err error
 	blankPhotoData, err = ReadFile("static/blank_profile.jpg")
 	if err != nil {
 		logging.Fatal("Could not load blank profile image")
 	}
 	serverConfig, err = loadServerConfig("./data/config.json")
 	if err != nil {
 		log.Fatal("Could not load server config")
 	}
-	ldapServerMutex.Lock()
+	ldapServer = ldap.LDAPServer{
-	server := connectToLDAPServer(serverConfig.LDAPConfig.LDAPURL, serverConfig.LDAPConfig.Security == "tls", serverConfig.LDAPConfig.IgnoreInvalidCert)
+		URL:                serverConfig.LDAPConfig.LDAPURL,
-	ldapServer = server
+		StartTLS:           serverConfig.LDAPConfig.Security == "tls",
-	ldapServerMutex.Unlock()
+		IgnoreInsecureCert: serverConfig.LDAPConfig.IgnoreInvalidCert,
-	defer closeLDAPServer(ldapServer)
+	}
-	createWorker(time.Minute*5, cleanupSessions)
+	components.LDAPServer = &ldapServer
-	HandleFunc("/favicon.ico", faviconHandler)
+	components.BaseDN = serverConfig.LDAPConfig.BaseDN
-	HandleFunc("/logo", logoHandler)
+	components.ServiceUserBindDN = serverConfig.LDAPConfig.BindDN
 	components.ServiceUserPassword = serverConfig.LDAPConfig.BindPassword
 	connected, err := ldapServer.TestConnection()
 	if connected != true || err != nil {
 		if err != nil {
 			logging.Error(err.Error())
 		}
 		logging.Fatal("Failed to connect to LDAP server")
 	}
 	helpers.HandleFunc("/favicon.ico", faviconHandler)
 	helpers.HandleFunc("/logo", logoHandler)
 	http.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir("static"))))
-	HandleFunc("/login", loginHandler)
+	helpers.HandleFunc("/login", loginHandler)
-	HandleFunc("/profile", profileHandler)
+	helpers.HandleFunc("/profile", profileHandler)
-	HandleFunc("/logout", logoutHandler)
+	helpers.HandleFunc("/logout", logoutHandler)
-	HandleFunc("/avatar", avatarHandler)
+	helpers.HandleFunc("/avatar", components.AvatarHandler)
-	HandleFunc("/change-photo", uploadPhotoHandler)
+	helpers.HandleFunc("/change-photo", components.UploadPhotoHandler)
-	HandleFunc("/change-password", changePasswordHandler)
+	helpers.HandleFunc("/change-password", changePasswordHandler)
-	HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+	helpers.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 		http.Redirect(w, r, "/profile", http.StatusFound) // 302 redirect
 	})
--- a/src/main/session.go
+++ b/src/main/session.go
@@ -1,106 +0,0 @@
 package main
 import (
 	"crypto/rand"
 	"crypto/sha256"
 	"encoding/base64"
 	"net/http"
 	"sync"
 	"time"
 	"astraltech.xyz/accountmanager/src/logging"
 )
 type SessionData struct {
 	loggedIn    bool
 	data        *UserData
 	timeCreated time.Time
 	CSRFToken   string
 }
 var (
 	sessions     = make(map[string]SessionData)
 	sessionMutex sync.Mutex
 )
 func GenerateSessionToken(length int) (string, error) {
 	b := make([]byte, length)
 	_, err := rand.Read(b)
 	if err != nil {
 		return "", err
 	}
 	token := base64.RawURLEncoding.EncodeToString(b)
 	return token, nil
 }
 func createSession(userData *UserData) *http.Cookie {
 	logging.Debugf("Creating a new session for %s", userData.Username)
 	token, err := GenerateSessionToken(32) // Use crypto/rand for this
 	if err != nil {
 		logging.Error(err.Error())
 		return nil
 	}
 	CSRFToken, err := GenerateSessionToken(32)
 	if err != nil {
 		logging.Error(err.Error())
 		return nil
 	}
 	tokenEncoded := sha256.Sum256([]byte(token))
 	tokenEncodedString := string(tokenEncoded[:])
 	sessionMutex.Lock()
 	defer sessionMutex.Unlock()
 	loggedIn := false
 	if userData != nil {
 		loggedIn = true
 	}
 	sessions[tokenEncodedString] = SessionData{
 		data:        userData,
 		timeCreated: time.Now(),
 		CSRFToken:   CSRFToken,
 		loggedIn:    loggedIn,
 	}
 	cookie := &http.Cookie{
 		Name:     "session_token",
 		Value:    token,
 		Path:     "/",
 		HttpOnly: true, // Essential: prevents JS access
 		Secure:   true, // Set to TRUE in production (HTTPS)
 		SameSite: http.SameSiteLaxMode,
 		MaxAge:   3600, // 1 hour
 	}
 	return cookie
 }
 func validateSession(r *http.Request) (bool, *SessionData) {
 	logging.Debugf("Validating session")
 	cookie, err := r.Cookie("session_token")
 	if err != nil {
 		logging.Error(err.Error())
 		return false, &SessionData{}
 	}
 	token := cookie.Value
 	tokenEncoded := sha256.Sum256([]byte(token))
 	tokenEncodedString := string(tokenEncoded[:])
 	sessionMutex.Lock()
 	sessionData, exists := sessions[tokenEncodedString]
 	sessionMutex.Unlock()
 	if !exists || !sessionData.loggedIn {
 		return false, &SessionData{}
 	}
 	logging.Infof("Validated session for %s", sessionData.data.Username)
 	return true, &sessionData
 }
 func deleteSession(session_id string) {
 	sessionMutex.Lock()
 	tokenEncoded := sha256.Sum256([]byte(session_id))
 	tokenEncodedString := string(tokenEncoded[:])
 	delete(sessions, tokenEncodedString)
 	sessionMutex.Unlock()
 }
--- a/src/session/session_helpers.go
+++ b/src/session/session_helpers.go
@@ -0,0 +1,24 @@
 package session
 import (
 	"crypto/rand"
 	"crypto/sha256"
 	"encoding/base64"
 )
 // helper function for secure session storage
 func GenerateSessionToken(length int) (string, error) {
 	b := make([]byte, length)
 	_, err := rand.Read(b)
 	if err != nil {
 		return "", err
 	}
 	token := base64.RawURLEncoding.EncodeToString(b)
 	return token, nil
 }
 // more helper
 func hashSession(session_id string) string {
 	tokenEncoded := sha256.Sum256([]byte(session_id))
 	return base64.RawURLEncoding.EncodeToString(tokenEncoded[:])
 }
--- a/src/session/session_in_memory.go
+++ b/src/session/session_in_memory.go
@@ -0,0 +1,99 @@
 package session
 import (
 	"errors"
 	"sync"
 	"time"
 	"astraltech.xyz/accountmanager/src/logging"
 	"astraltech.xyz/accountmanager/src/worker"
 )
 var ErrSessionNotFound = errors.New("session not found")
 var ErrSessionAlreadyExists = errors.New("session already exists")
 var ErrSessionExpired = errors.New("session expired")
 type MemoryStore struct {
 	sessions map[string]*SessionData
 	lock     sync.RWMutex
 }
 func NewMemoryStore() *MemoryStore {
 	logging.Debug("Creating new in memory session store")
 	store := &MemoryStore{
 		sessions: make(map[string]*SessionData),
 	}
 	worker.CreateWorker(time.Minute*5, store.cleanup)
 	return store
 }
 func (m *MemoryStore) Create(sessionID string, session *SessionData) (err error) {
 	hashedSession := hashSession(sessionID)
 	m.lock.Lock()
 	defer m.lock.Unlock()
 	_, exist := m.sessions[hashedSession]
 	if exist {
 		return ErrSessionAlreadyExists
 	}
 	m.sessions[hashedSession] = session
 	return nil
 }
 func (m *MemoryStore) Get(sessionID string) (*SessionData, error) {
 	m.lock.RLock()
 	hashed := hashSession(sessionID)
 	data, exists := m.sessions[hashed]
 	m.lock.RUnlock()
 	if exists == false {
 		return nil, ErrSessionNotFound
 	}
 	if time.Now().After(data.ExpiresAt) {
 		_ = m.Delete(sessionID) // ignore error
 		return nil, ErrSessionExpired
 	}
 	copy := *data
 	return &copy, nil
 }
 func (m *MemoryStore) Update(sessionID string, session *SessionData) error {
 	hashedSession := hashSession(sessionID)
 	m.lock.Lock()
 	defer m.lock.Unlock()
 	_, exist := m.sessions[hashedSession]
 	if !exist {
 		return ErrSessionNotFound
 	}
 	m.sessions[hashedSession] = session
 	return nil
 }
 func (m *MemoryStore) cleanup() {
 	logging.Debug("Cleaning up memory store sessions")
 	now := time.Now()
 	m.lock.Lock()
 	defer m.lock.Unlock()
 	deleted := 0
 	for id, session := range m.sessions {
 		if now.After(session.ExpiresAt) {
 			delete(m.sessions, id)
 			deleted = deleted + 1
 		}
 	}
 	logging.Infof("Cleaned up %d stale sessions", deleted)
 }
 func (m *MemoryStore) Delete(sessionID string) error {
 	hashedSession := hashSession(sessionID)
 	m.lock.Lock()
 	defer m.lock.Unlock()
 	_, exist := m.sessions[hashedSession]
 	if !exist {
 		return ErrSessionNotFound
 	}
 	delete(m.sessions, hashedSession)
 	return nil
 }
--- a/src/session/session_manager.go
+++ b/src/session/session_manager.go
@@ -0,0 +1,95 @@
 package session
 import (
 	"net/http"
 	"sync"
 	"time"
 	"astraltech.xyz/accountmanager/src/logging"
 )
 const SessionCookieName = "session_token"
 type SessionManager struct {
 	store SessionStore
 }
 var instance *SessionManager
 var once sync.Once
 type StoreType int
 const (
 	InMemory StoreType = iota
 )
 func GetSessionManager() *SessionManager {
 	once.Do(func() {
 		instance = &SessionManager{}
 	})
 	return instance
 }
 func (manager *SessionManager) SetStoreType(storeType StoreType) {
 	logging.Infof("Changing session manager store type")
 	switch storeType {
 	case InMemory:
 		{
 			manager.store = NewMemoryStore()
 			break
 		}
 	}
 }
 func (manager *SessionManager) CreateSession(userID string) (cookie *http.Cookie, err error) {
 	logging.Debugf("Creating a new session for %s", userID)
 	token, err := GenerateSessionToken(32) // Use crypto/rand for this
 	if err != nil {
 		return nil, err
 	}
 	CSRFToken, err := GenerateSessionToken(32)
 	if err != nil {
 		return nil, err
 	}
 	newSessionData := SessionData{
 		UserID:    userID,
 		CSRFToken: CSRFToken,
 		ExpiresAt: time.Now().Add(time.Hour),
 	}
 	err = manager.store.Create(token, &newSessionData)
 	if err != nil {
 		return nil, err
 	}
 	newCookie := &http.Cookie{
 		Name:     SessionCookieName,
 		Value:    token,
 		Path:     "/",
 		HttpOnly: true, // Essential: prevents JS access
 		Secure:   true, // Set to TRUE in production (HTTPS)
 		SameSite: http.SameSiteLaxMode,
 		MaxAge:   3600, // 1 hour
 	}
 	return newCookie, nil
 }
 func (manager *SessionManager) GetSession(r *http.Request) (*SessionData, error) {
 	logging.Debug("Validating session from request")
 	cookie, err := r.Cookie(SessionCookieName)
 	if err != nil {
 		return nil, ErrSessionNotFound
 	}
 	token := cookie.Value
 	if token == "" {
 		return nil, ErrSessionNotFound
 	}
 	data, err := manager.store.Get(token)
 	if err != nil {
 		return nil, ErrSessionNotFound
 	}
 	return data, nil
 }
 func (manager *SessionManager) DeleteSession(sessionId string) error {
 	return manager.store.Delete(sessionId)
 }
--- a/src/session/session_store.go
+++ b/src/session/session_store.go
@@ -0,0 +1,16 @@
 package session
 import "time"
 type SessionData struct {
 	UserID    string
 	CSRFToken string
 	ExpiresAt time.Time
 }
 type SessionStore interface {
 	Create(sessionID string, session *SessionData) error
 	Get(sessionID string) (*SessionData, error)
 	Update(sessionID string, session *SessionData) error
 	Delete(sessionID string) error
 }
--- a/src/worker/worker.go
+++ b/src/worker/worker.go
@@ -1,4 +1,4 @@
-package main
+package worker
 import (
 	"time"
@@ -6,7 +6,7 @@ import (
 	"astraltech.xyz/accountmanager/src/logging"
 )
-func createWorker(interval time.Duration, task func()) {
+func CreateWorker(interval time.Duration, task func()) {
 	logging.Debugf("Creating worker that runs on a %s interval", interval.String())
 	go func() {
 		ticker := time.NewTicker(interval)
Author	SHA1	Message	Date
Gregory Wells	a315161ed3	rework a ton of code	2026-04-03 18:51:27 -04:00
Gregory Wells	e2531e3021	get attribute val function	2026-04-03 18:36:26 -04:00
Gregory Wells	a2602f74f0	implement profile photo component	2026-04-03 18:32:11 -04:00
Gregory Wells	1c1ba99080	add more helpter functions	2026-04-03 18:31:17 -04:00
Gregory Wells	ad21d50ce5	start writing search class	2026-04-03 18:28:26 -04:00
Gregory Wells	3a3fab08f6	rename session manager functions	2026-04-03 18:24:50 -04:00
Gregory Wells	bb649aef48	start to write a new LDAP interface	2026-04-03 18:24:14 -04:00
Gregory Wells	f204069392	make a seperate helpers package	2026-04-03 14:50:41 -04:00
Gregory Wells	ac663f21e1	move ldap to its own package	2026-04-03 14:50:29 -04:00
Gregory Wells	d1992ec466	make session manager a singleton	2026-04-03 14:45:34 -04:00
Gregory Wells	46db63e62a	move email into its own package	2026-04-01 15:10:25 -04:00
Gregory Wells	33ea56fb0c	finish session manager update	2026-04-01 14:56:43 -04:00
Gregory Wells	f651894a0f	new session manager code	2026-04-01 14:41:12 -04:00
Gregory Wells	d70e679a01	create new session interface (unused)	2026-04-01 09:34:22 -04:00
Gregory Wells	a058804603	move worker to seperate package (eventually seperate binary)	2026-04-01 09:28:56 -04:00
Gregory Wells	c9c352204c	move cleanup session	2026-04-01 08:51:33 -04:00
Gregory Wells	0402a6ff9c	make the session logic a little more concrete	2026-04-01 00:09:04 -04:00