Redirect after identity select

Author: nicolashery

app/handlers/identity.handlers.go

@@ -90,14 +90,21 @@ func handleIdentitySet(logger *slog.Logger, queries *db.Queries) http.HandlerFun
 			Type:    session.FlashType_Info,
 			Content: fmt.Sprintf("%s, welcome to the space %s!", member.Name, space.Name),
 		})
+
+		redirectURL := fmt.Sprintf("/s/%s", access.Token)
+		if storedRedirectURL, ok := sess.Values[session.RedirectKey].(string); ok && storedRedirectURL != "" {
+			redirectURL = storedRedirectURL
+			delete(sess.Values, session.RedirectKey)
+		}
+
 		err = sess.Save(r, w)
 		if err != nil {
 			logger.Error("failed to save session", slog.Any("error", err))
 			http.Error(w, "internal server error", http.StatusInternalServerError)
 			return
 		}
 
-		http.Redirect(w, r, fmt.Sprintf("/s/%s", access.Token), http.StatusSeeOther)
+		http.Redirect(w, r, redirectURL, http.StatusSeeOther)
 	}
 }
 

app/rctx/identity.context.go

@@ -6,6 +6,7 @@ import (
 	"log/slog"
 	"net/http"
 
+	"github.com/gorilla/sessions"
 	"github.com/nicolashery/simply-shared-notes/app/db"
 	"github.com/nicolashery/simply-shared-notes/app/identity"
 	"github.com/nicolashery/simply-shared-notes/app/session"
@@ -26,6 +27,7 @@ func IdentityCtxMiddleware(logger *slog.Logger, queries *db.Queries) func(http.H
 			memberID, ok := sess.Values[session.IdentityKey].(int64)
 			if !ok {
 				delete(sess.Values, session.IdentityKey)
+				storeRedirectURL(r, sess)
 				err := sess.Save(r, w)
 				if err != nil {
 					logger.Error("failed to save session", slog.Any("error", err))
@@ -42,6 +44,7 @@ func IdentityCtxMiddleware(logger *slog.Logger, queries *db.Queries) func(http.H
 			member, err := queries.GetMemberByID(r.Context(), memberID)
 			if err != nil || member.SpaceID != space.ID {
 				delete(sess.Values, session.IdentityKey)
+				storeRedirectURL(r, sess)
 				err := sess.Save(r, w)
 				if err != nil {
 					logger.Error("failed to save session", slog.Any("error", err))
@@ -61,6 +64,14 @@ func IdentityCtxMiddleware(logger *slog.Logger, queries *db.Queries) func(http.H
 	}
 }
 
+func storeRedirectURL(r *http.Request, sess *sessions.Session) {
+	redirectURL := r.URL.Path
+	if r.URL.RawQuery != "" {
+		redirectURL += "?" + r.URL.RawQuery
+	}
+	sess.Values[session.RedirectKey] = redirectURL
+}
+
 func GetIdentity(ctx context.Context) *identity.Identity {
 	identity, ok := ctx.Value(identityContextKey).(*identity.Identity)
 	if !ok {

app/session/session.go

@@ -7,8 +7,9 @@ import (
 )
 
 const (
-	CookieName  = "simplysharednotes_session"
-	IdentityKey = "identity"
+	CookieName   = "simplysharednotes_session"
+	IdentityKey  = "identity"
+	RedirectKey  = "redirect_url"
 )
 
 func InitStore(secret string, isDev bool) *sessions.CookieStore {

docs/access.md

@@ -41,6 +41,12 @@
   - The cookie is encrypted and cannot be tampered with (the only way a user can identity as another member is through the UI)
   - The cookie value contains the selected Member internal ID (among other session values)
   - The cookie expires after 3 months (90 days)
-- The Member selection page is at the URI `/identity`
-  - All Space pages `/s/{token}/*` redirect to `/identity` if no valid Identity is found in the cookie
+- The Member selection page is at the URI `/s/{token}/identity`
+  - All Space pages `/s/{token}/*` redirect to `/s/{token}/identity` if no valid Identity is found in the cookie
   - Note that a stored Identity can become invalid if a Member is deleted from the Space
+
+**Redirect after Identity selection**:
+- When a user visits a protected URI without a valid session (e.g., `/s/{token}/members/{memberID}`), the system stores the original URI and redirects them to the identity selection page. After selecting their identity, they are automatically redirected back to the original URI they tried to visit instead of the space home page.
+- The original URI is stored securely in the encrypted session cookie using the `redirect_url` key
+- The redirect URI is cleared from the session after a single use to prevent replay
+- If no valid redirect URI is stored, users are redirected to the space home page