Managed to get a simple and NOT SECURE login system going.

api/auth.go

@@ -1,7 +1,9 @@
 package api
 
 import (
+  "errors"
   "golang.org/x/crypto/bcrypt"
+  "log"
 
   "github.com/gofiber/fiber/v2"
   _ "github.com/mattn/go-sqlite3"
@@ -9,17 +11,35 @@ import (
   "github.com/gofiber/fiber/v2/middleware/session"
 
   "zedshaw.games/webapp/data"
+  "zedshaw.games/webapp/config"
 )
 
-func CheckAuthed(c *fiber.Ctx) (bool, *session.Session, error) {
-  sess, err := STORE.Get(c)
-  if err != nil { return false, sess, err }
-  authed := sess.Get("authenticated") == true
-  return authed, sess, nil
+func IsAdmin(user *data.User) bool {
+  return user.Username == config.Settings.Admin
 }
 
-func NotAuthed(err error, authed bool) bool {
-  return err != nil || authed == false
+func CheckAuthed(c *fiber.Ctx, needs_admin bool) (*session.Session, error) {
+  sess, err := STORE.Get(c)
+  if err != nil { return sess, err }
+
+  // BUG: this has to come from the databse, just temporary
+  admin := sess.Get("admin") == true
+  authed := sess.Get("authenticated") == true
+
+  log.Printf("session admin=%v, session authed=%v, needs_admin = %v", admin, authed, needs_admin)
+
+  if needs_admin {
+    authed = admin && authed
+    log.Printf("after needs_admin block: authed=%v", authed)
+  }
+
+  if authed {
+    log.Println("user is authed, return nil and sess")
+    return sess, nil
+  } else {
+    log.Println("user is NOT authed, return error")
+    return sess, errors.New("Authentication, permission failure")
+  }
 }
 
 func LogoutUser(c *fiber.Ctx) error {