aclisp
diff --git a/‎go.mod
+3 b/‎go.mod
+3
diff --git a/‎go.sum
+8 b/‎go.sum
+8
diff --git a/‎session/config.go
+20 b/‎session/config.go
+20
diff --git a/‎session/const.go
+79 b/‎session/const.go
+79
diff --git a/‎session/const_test.go
+133 b/‎session/const_test.go
+133
@@ -4,6 +4,8 @@ go 1.22.5
 
 require (
 	github.com/go-co-op/gocron/v2 v2.11.0
+	github.com/gorilla/securecookie v1.1.2
+	github.com/gorilla/sessions v1.3.0
 	github.com/stretchr/testify v1.9.0
 	github.com/zeromicro/go-zero v1.7.0
 	xorm.io/xorm v1.3.9
@@ -18,6 +20,7 @@ require (
 	github.com/fatih/color v1.17.0 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
 
@@ -29,14 +29,22 @@ github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
+github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
+github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
+github.com/gorilla/sessions v1.3.0 h1:XYlkq7KcpOB2ZhHBPv5WpjMIxrQosiZanfoy1HLZFzg=
+github.com/gorilla/sessions v1.3.0/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k=
 github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw=
 
@@ -0,0 +1,20 @@
+package session
+
+//lint:file-ignore SA5008 Use gozero config tags
+//nolint:staticcheck
+type SessionConfig struct {
+	SessionSecret           string // used to authenticate session cookies using HMAC
+	SessionStorageNamespace string `json:",default=sessions"`
+	SessionCookieName       string `json:",default=SID"`
+	SessionCookiePath       string `json:",default=/"`
+	SessionCookieDomain     string `json:",optional"`
+	// The duration in seconds that the session cookie/token is valid,
+	// and also how long users stay logged-in to the App.
+	SessionCookieTTL      int    `json:",default=600,range=[60:]"`
+	SessionCookieSameSite string `json:",default=Lax,options=Strict|Lax|None"`
+	SessionCookieSecure   bool   `json:",default=false"`
+	// The session storage TTL is derived from its max age plus this grace period.
+	SessionStorageGracePeriod               int `json:",default=10,range=[1:60]"`
+	SessionStorageUnauthenticatedTTL        int `json:",default=60,range=[0:600]"`
+	SessionStorageInjectedAuthenticationTTL int `json:",default=0,range=[0:60]"`
+}
@@ -0,0 +1,79 @@
+package session
+
+import (
+	"net"
+	"net/http"
+	"net/textproto"
+	"strings"
+)
+
+// These are transient session keys
+const (
+	// Is the session authenticated: 0: no; 1: yes
+	Authenticated = "authenticated"
+	// The user's ID
+	UserID = "user_id"
+	// The user's name
+	Username = "username"
+	// The user's type: admin|<nil>
+	UserType = "user_type"
+	// The time when the session is created
+	Created = "created"
+	// The time when the session is last updated
+	Updated = "updated"
+	// The path where the session is last updated
+	Path = "path"
+	// User-Agent request header
+	UserAgent = "user_agent"
+	// The user's IP address
+	UserIPAddr = "user_ipaddr"
+)
+
+// GetUserAddr from the http request, considering X-Forwarded-For, Forwarded
+func GetUserAddr(r *http.Request) string {
+	if xFwd := r.Header.Get("X-Forwarded-For"); xFwd != "" {
+		client, _, _ := strings.Cut(xFwd, ",")
+		return textproto.TrimString(client)
+	}
+	if fwd := r.Header.Get("Forwarded"); fwd != "" {
+		client, _, _ := strings.Cut(fwd, ",")
+		client = readCookieValue(client, "for")
+		return stripPort(client)
+	}
+	return stripPort(r.RemoteAddr)
+}
+
+func stripPort(addr string) string {
+	if host, _, err := net.SplitHostPort(addr); err == nil {
+		return host
+	}
+	return addr
+}
+
+func readCookieValue(line, filter string) string {
+	line = textproto.TrimString(line)
+
+	var part string
+	for len(line) > 0 { // continue since we have rest
+		part, line, _ = strings.Cut(line, ";")
+		part = textproto.TrimString(part)
+		if part == "" {
+			continue
+		}
+		name, val, _ := strings.Cut(part, "=")
+		name = textproto.TrimString(name)
+		if !isCookieNameValid(name) {
+			continue
+		}
+		if filter != "" && !strings.EqualFold(filter, name) {
+			continue
+		}
+		val, ok := parseCookieValue(val, true)
+		if !ok {
+			continue
+		}
+		return val
+	}
+
+	return ""
+}
@@ -0,0 +1,133 @@
+package session
+
+import (
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetUserAddr(t *testing.T) {
+	tests := []struct {
+		name   string
+		input  http.Request
+		expect string
+	}{
+		{
+			name: "Test0_X-Forwarded-For",
+			input: http.Request{
+				RemoteAddr: "1.2.3.4:1234",
+				Header: http.Header{
+					"X-Forwarded-For": []string{"203.0.113.195"},
+				},
+			},
+			expect: "203.0.113.195",
+		},
+		{
+			name: "Test1_X-Forwarded-For",
+			input: http.Request{
+				RemoteAddr: "1.2.3.4:1234",
+				Header: http.Header{
+					"X-Forwarded-For": []string{"2001:db8:85a3:8d3:1319:8a2e:370:7348"},
+				},
+			},
+			expect: "2001:db8:85a3:8d3:1319:8a2e:370:7348",
+		},
+		{
+			name: "Test2_X-Forwarded-For",
+			input: http.Request{
+				RemoteAddr: "1.2.3.4:1234",
+				Header: http.Header{
+					"X-Forwarded-For": []string{"203.0.113.195, 2001:db8:85a3:8d3:1319:8a2e:370:7348"},
+				},
+			},
+			expect: "203.0.113.195",
+		},
+		{
+			name: "Test3_X-Forwarded-For",
+			input: http.Request{
+				RemoteAddr: "1.2.3.4:1234",
+				Header: http.Header{
+					"X-Forwarded-For": []string{"203.0.113.195,2001:db8:85a3:8d3:1319:8a2e:370:7348,198.51.100.178"},
+				},
+			},
+			expect: "203.0.113.195",
+		},
+		{
+			name: "Test0_Forwarded",
+			input: http.Request{
+				RemoteAddr: "1.2.3.4:1234",
+				Header: http.Header{
+					"Forwarded": []string{`for="_mdn"`},
+				},
+			},
+			expect: "_mdn",
+		},
+		{
+			name: "Test1_Forwarded",
+			input: http.Request{
+				RemoteAddr: "1.2.3.4:1234",
+				Header: http.Header{
+					"Forwarded": []string{`For="[2001:db8:cafe::17]:4711"`},
+				},
+			},
+			expect: "2001:db8:cafe::17",
+		},
+		{
+			name: "Test2_Forwarded",
+			input: http.Request{
+				RemoteAddr: "1.2.3.4:1234",
+				Header: http.Header{
+					"Forwarded": []string{`for=192.0.2.60;proto=http;by=203.0.113.43`},
+				},
+			},
+			expect: "192.0.2.60",
+		},
+		{
+			name: "Test3_Forwarded",
+			input: http.Request{
+				RemoteAddr: "1.2.3.4:1234",
+				Header: http.Header{
+					"Forwarded": []string{`for=192.0.2.43, for=198.51.100.17`},
+				},
+			},
+			expect: "192.0.2.43",
+		},
+		{
+			name: "Test0_Mixed",
+			input: http.Request{
+				RemoteAddr: "1.2.3.4:1234",
+				Header: http.Header{
+					"Forwarded":       []string{`for=192.0.2.172`},
+					"X-Forwarded-For": []string{"192.0.2.172"},
+				},
+			},
+			expect: "192.0.2.172",
+		},
+		{
+			name: "Test1_Mixed",
+			input: http.Request{
+				RemoteAddr: "1.2.3.4:1234",
+				Header: http.Header{
+					"Forwarded":       []string{`for=192.0.2.43, for="[2001:db8:cafe::17]"`},
+					"X-Forwarded-For": []string{"192.0.2.43, 2001:db8:cafe::17"},
+				},
+			},
+			expect: "192.0.2.43",
+		},
+		{
+			name: "Test0_RemoteAddr",
+			input: http.Request{
+				RemoteAddr: "1.2.3.4:1234",
+			},
+			expect: "1.2.3.4",
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			addr := GetUserAddr(&test.input)
+			assert.Exactly(t, test.expect, addr)
+		})
+	}
+}