1 files changed, 27 insertions, 15 deletions

diff --git a/backend/api/auth_middleware.go b/backend/api/auth_middleware.go
index 97f8946..d721f1d 100644
--- a/backend/api/auth_middleware.go
+++ b/backend/api/auth_middleware.go
@@ -6,27 +6,39 @@ import (
 	"github.com/labstack/echo/v4"
 
 	"albatross-2026-backend/auth"
+	"albatross-2026-backend/db"
 )
 
-type contextKey struct{}
+type sessionIDContextKey struct{}
+type userContextKey struct{}
 
-func JWTCookieMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
-	return func(c echo.Context) error {
-		cookie, err := c.Cookie("albatross_token")
-		if err != nil {
+func SessionCookieMiddleware(q *db.Queries) echo.MiddlewareFunc {
+	return func(next echo.HandlerFunc) echo.HandlerFunc {
+		return func(c echo.Context) error {
+			cookie, err := c.Cookie("albatross_session")
+			if err != nil {
+				return next(c)
+			}
+			hashedID := auth.HashSessionID(cookie.Value)
+			user, err := q.GetUserBySession(c.Request().Context(), hashedID)
+			if err != nil {
+				return next(c)
+			}
+			ctx := c.Request().Context()
+			ctx = context.WithValue(ctx, sessionIDContextKey{}, hashedID)
+			ctx = context.WithValue(ctx, userContextKey{}, &user)
+			c.SetRequest(c.Request().WithContext(ctx))
 			return next(c)
 		}
-		claims, err := auth.ParseJWT(cookie.Value)
-		if err != nil {
-			return next(c)
-		}
-		ctx := context.WithValue(c.Request().Context(), contextKey{}, claims)
-		c.SetRequest(c.Request().WithContext(ctx))
-		return next(c)
 	}
 }
 
-func GetJWTClaimsFromContext(ctx context.Context) (*auth.JWTClaims, bool) {
-	claims, ok := ctx.Value(contextKey{}).(*auth.JWTClaims)
-	return claims, ok
+func GetSessionIDFromContext(ctx context.Context) (string, bool) {
+	sessionID, ok := ctx.Value(sessionIDContextKey{}).(string)
+	return sessionID, ok
+}
+
+func GetUserFromContext(ctx context.Context) (*db.User, bool) {
+	user, ok := ctx.Value(userContextKey{}).(*db.User)
+	return user, ok
 }