Improve the godest framework prototype (#19)

* Move the components and theme-overrides import files to styles/shared * Use the new @sargassum-world/styles npm package for shared stylesheets * Move the @sargassum-world/styles dependency to devDependencies * Move reused sprinkles @sargassum-world/stimulated, remove TypeScript * Bump actions/checkout from 2 to 3 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump github.com/labstack/echo/v4 from 4.6.3 to 4.7.0 Bumps [github.com/labstack/echo/v4](https://github.com/labstack/echo) from 4.6.3 to 4.7.0. - [Release notes](https://github.com/labstack/echo/releases) - [Changelog](https://github.com/labstack/echo/blob/master/CHANGELOG.md) - [Commits](labstack/echo@v4.6.3...v4.7.0) --- updated-dependencies: - dependency-name: github.com/labstack/echo/v4 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump github.com/goreleaser/goreleaser from 0.178.0 to 1.6.1 in /tools Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 0.178.0 to 1.6.1. - [Release notes](https://github.com/goreleaser/goreleaser/releases) - [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml) - [Commits](goreleaser/goreleaser@v0.178.0...v1.6.1) --- updated-dependencies: - dependency-name: github.com/goreleaser/goreleaser dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Refactor client initialization * Move session and authn clients into godest package for sharing * Reduce API surface of godest package * Use github.com/pkg/errors instead of fmt for errors * Avoid bare returns * Clobber invalid sessions instead of returning HTTP 500, but log it first * Remove session client from Handlers structs where possible * Upgrade golang.org/x/sys * Repair go.sum problems introduced by merging dependabot branches Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
sargassum-world · Mar 10, 2022 · efa3cfd · efa3cfd
1 parent 1d6d0a7
commit efa3cfd
Show file tree

Hide file tree

Showing 118 changed files with 1,627 additions and 3,277 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -18,7 +18,7 @@ jobs:
       run:
         shell: bash
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - uses: actions/setup-go@v2
         with:
@@ -47,7 +47,7 @@ jobs:
   release-test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 0
 

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -9,7 +9,7 @@ jobs:
   goreleaser:
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 0
 

diff --git a/README.md b/README.md
@@ -20,49 +20,49 @@ To execute the full build pipeline, run `make`; to build the docker images, run
 
 You'll need to set some environment variables to tell Fluitans how to assign names and how to connect to a ZeroTier network controller. Specifically, you'll need to set:
 
-- FLUITANS_DOMAIN_NAME, which should be the parent domain name under which network domain names will be assigned, for example `fluitans.org` or `prakashlab.dedyn.io`. For web security reasons, the Fluitans app itself should be hosted on a separate domain name (for example `fluitans.sargassum.world`).
-- FLUITANS_ZT_CONTROLLER_SERVER, which should be the URL for the ZeroTier network controller's HTTP API. It needs to include the scheme `http://` or `https://`, for example `http://localhost:9993` or `https://zerotier-test.cloud.fluitans.sargassumworld`.
-- FLUITANS_ZT_CONTROLLER_AUTHTOKEN, which should be the contents of the authtoken.secret file saved by ZeroTier One in its working directory (more details [in ZeroTier's documentation](https://docs.zerotier.com/zerotier/zerotier.conf/)).
-- FLUITANS_DNS_SERVER, which should be the URL for the deSEC HTTP API. It needs to include the scheme `https://`, for example `https://desec.io`.
-- FLUITANS_DNS_AUTHTOKEN, which should be an authentication token for the deSEC HTTP API.
-- FLUITANS_SESSIONS_COOKIE_NOHTTPSONLY, which should be `true` if you are running Fluitans locally (as `localhost`) without HTTPS. If you are running Fluitans over the web, you should run it behind an HTTPS reverse proxy and you should leave FLUITANS_SESSION_COOKIE_NOHTTPSONLY unset.
-- FLUITANS_SESSIONS_AUTH_KEY, which should be set to a session key generated by running Fluitans without the FLUITANS_SESSION_AUTH_KEY set.
-- FLUITANS_AUTHN_ADMIN_PW_HASH, which should be set to the password hash generated by running Fluitans with a password set as FLUITANS_AUTHN_ADMIN_PW.
+- ZT_CONTROLLER_SERVER, which should be the URL for the ZeroTier network controller's HTTP API. It needs to include the scheme `http://` or `https://`, for example `http://localhost:9993` or `https://zerotier-test.cloud.fluitans.sargassumworld`.
+- ZT_CONTROLLER_AUTHTOKEN, which should be the contents of the authtoken.secret file saved by ZeroTier One in its working directory (more details [in ZeroTier's documentation](https://docs.zerotier.com/zerotier/zerotier.conf/)).
+- DNS_DOMAIN_NAME, which should be the parent domain name under which network domain names will be assigned, for example `fluitans.org` or `prakashlab.dedyn.io`. For web security reasons, the Fluitans app itself should be hosted on a separate domain name (for example `fluitans.sargassum.world`).
+- DNS_SERVER, which should be the URL for the deSEC HTTP API. It needs to include the scheme `https://`, for example `https://desec.io`.
+- DNS_AUTHTOKEN, which should be an authentication token for the deSEC HTTP API.
+- SESSIONS_COOKIE_NOHTTPSONLY, which should be `true` if you are running Fluitans locally (as `localhost`) without HTTPS. If you are running Fluitans over the web, you should run it behind an HTTPS reverse proxy and you should leave SESSION_COOKIE_NOHTTPSONLY unset.
+- SESSIONS_AUTH_KEY, which should be set to a session key generated by running Fluitans without the SESSION_AUTH_KEY set.
+- AUTHN_ADMIN_PW_HASH, which should be set to the password hash generated by running Fluitans with a password set as AUTHN_ADMIN_PW.
 
 For example, you could generate the password and session key using:
 ```
-FLUITANS_AUTHN_ADMIN_PW='mypassword' make run
+AUTHN_ADMIN_PW='mypassword' make run
 ```
 which will print a message like:
 ```
-Record this admin password hash for future use as FLUITANS_AUTHN_ADMIN_PW_HASH
+Record this admin password hash for future use as AUTHN_ADMIN_PW_HASH
 (use single-quotes from shell to avoid string substitution with dollar-signs):
 $argon2id$v=19$m=65536,t=1,p=2$EIV/HJ0DILHeNf2IC+qsGQ$BvBCCEsKUCKuAPI+pzM+sbCy/pdQdOF/FmHwx/yIusU
-Record this key for future use as FLUITANS_SESSIONS_AUTH_KEY:
+Record this key for future use as SESSIONS_AUTH_KEY:
 QVG4y5EPPoDZjAzYc6j7I09iJum3w+hXNrB3O4HQvSc=
 ```
 
 And then you could run the server in development mode (which you can log into with username `admin` and password `mypassword`) using:
 ```
-FLUITANS_DOMAIN_NAME='fluitans.org' \
-FLUITANS_ZT_CONTROLLER_SERVER='http://localhost:9993' \
-FLUITANS_ZT_CONTROLLER_AUTHTOKEN='0123456789abcdefghijklmn' \
-FLUITANS_DNS_SERVER='https://desec.io' \
-FLUITANS_DNS_AUTHTOKEN='abcdefghijklmn0123456789' \
-FLUITANS_SESSION_AUTH_KEY='QVG4y5EPPoDZjAzYc6j7I09iJum3w+hXNrB3O4HQvSc=' \
-FLUITANS_AUTHN_ADMIN_PW_HASH='$argon2id$v=19$m=65536,t=1,p=2$EIV/HJ0DILHeNf2IC+qsGQ$BvBCCEsKUCKuAPI+pzM+sbCy/pdQdOF/FmHwx/yIusU' \
+ZTCONTROLLER_SERVER='http://localhost:9993' \
+ZTCONTROLLER_AUTHTOKEN='0123456789abcdefghijklmn' \
+DNS_DOMAIN_NAME='fluitans.org' \
+DNS_SERVER='https://desec.io' \
+DNS_AUTHTOKEN='abcdefghijklmn0123456789' \
+SESSION_AUTH_KEY='QVG4y5EPPoDZjAzYc6j7I09iJum3w+hXNrB3O4HQvSc=' \
+AUTHN_ADMIN_PW_HASH='$argon2id$v=19$m=65536,t=1,p=2$EIV/HJ0DILHeNf2IC+qsGQ$BvBCCEsKUCKuAPI+pzM+sbCy/pdQdOF/FmHwx/yIusU' \
 make run
 ```
 
 Or you could run the built binary using:
 ```
-FLUITANS_DOMAIN_NAME='fluitans.org' \
-FLUITANS_ZT_CONTROLLER_SERVER='http://localhost:9993' \
-FLUITANS_ZT_CONTROLLER_AUTHTOKEN='0123456789abcdefghijklmn' \
-FLUITANS_DNS_SERVER='https://desec.io' \
-FLUITANS_DNS_AUTHTOKEN='abcdefghijklmn0123456789' \
-FLUITANS_SESSION_AUTH_KEY='QVG4y5EPPoDZjAzYc6j7I09iJum3w+hXNrB3O4HQvSc=' \
-FLUITANS_AUTHN_ADMIN_PW_HASH='$argon2id$v=19$m=65536,t=1,p=2$EIV/HJ0DILHeNf2IC+qsGQ$BvBCCEsKUCKuAPI+pzM+sbCy/pdQdOF/FmHwx/yIusU' \
+ZTCONTROLLER_SERVER='http://localhost:9993' \
+ZTCONTROLLER_AUTHTOKEN='0123456789abcdefghijklmn' \
+DNS_DOMAIN_NAME='fluitans.org' \
+DNS_SERVER='https://desec.io' \
+DNS_AUTHTOKEN='abcdefghijklmn0123456789' \
+SESSION_AUTH_KEY='QVG4y5EPPoDZjAzYc6j7I09iJum3w+hXNrB3O4HQvSc=' \
+AUTHN_ADMIN_PW_HASH='$argon2id$v=19$m=65536,t=1,p=2$EIV/HJ0DILHeNf2IC+qsGQ$BvBCCEsKUCKuAPI+pzM+sbCy/pdQdOF/FmHwx/yIusU' \
 ./fluitans
 ```
 

diff --git a/go.mod b/go.mod
@@ -17,7 +17,7 @@ require (
 	github.com/gorilla/sessions v1.2.1
 	github.com/huandu/xstrings v1.3.2 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
-	github.com/labstack/echo/v4 v4.6.3
+	github.com/labstack/echo/v4 v4.7.0
 	github.com/labstack/gommon v0.3.1
 	github.com/mattn/go-colorable v0.1.12 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
@@ -28,9 +28,9 @@ require (
 	github.com/twmb/murmur3 v1.1.6
 	github.com/unrolled/secure v1.10.0
 	github.com/vmihailenco/msgpack/v5 v5.3.5
-	golang.org/x/crypto v0.0.0-20220214200702-86341886e292 // indirect
+	golang.org/x/crypto v0.0.0-20220307211146-efcb8507fb70 // indirect
 	golang.org/x/net v0.0.0-20220225172249-27dd8689420f // indirect
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
-	golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9 // indirect
+	golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5 // indirect
 	golang.org/x/time v0.0.0-20220224211638-0e9765cccd65 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -78,8 +78,9 @@ github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NB
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/labstack/echo/v4 v4.6.3 h1:VhPuIZYxsbPmo4m9KAkMU/el2442eB7EBFFhNTTT9ac=
 github.com/labstack/echo/v4 v4.6.3/go.mod h1:Hk5OiHj0kDqmFq7aHe7eDqI7CUhuCrfpupQtLGGLm7A=
+github.com/labstack/echo/v4 v4.7.0 h1:8wHgZhoE9OT1NSLw6sfrX7ZGpWMtO5Zlfr68+BIo180=
+github.com/labstack/echo/v4 v4.7.0/go.mod h1:xkCDAdFCIf8jsFQ5NnbK7oqaF/yU1A1X20Ltm0OvSks=
 github.com/labstack/gommon v0.3.1 h1:OomWaJXm7xR6L1HmEtGyQf26TEn7V6X88mktX9kee9o=
 github.com/labstack/gommon v0.3.1/go.mod h1:uW6kP17uPlLJsD3ijUYn3/M5bAxtlZhMI6m3MFxTMTM=
 github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
@@ -159,8 +160,8 @@ golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220214200702-86341886e292 h1:f+lwQ+GtmgoY+A2YaQxlSOnDjXcQ7ZRLWOHbC6HtRqE=
-golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220307211146-efcb8507fb70 h1:syTAU9FwmvzEoIYMqcPHOcVm4H3U5u90WsvuYgwpETU=
+golang.org/x/crypto v0.0.0-20220307211146-efcb8507fb70/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -169,6 +170,7 @@ golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81R
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f h1:oA4XRj0qtSt8Yo1Zms0CUlsT3KG69V2UGQWPBxujDmc=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
@@ -191,8 +193,8 @@ golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9 h1:nhht2DYV/Sn3qOayu8lM+cU1ii9sTLUeBQwQQfUHtrs=
-golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5 h1:y/woIyUBFbpQGKS0u1aHF/40WUDnek3fPOyD08H5Vng=
+golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=

diff --git a/internal/app/fluitans/auth/authz.go b/internal/app/fluitans/auth/authz.go
@@ -5,7 +5,7 @@ import (
 
 	"github.com/labstack/echo/v4"
 
-	"github.com/sargassum-world/fluitans/internal/clients/sessions"
+	"github.com/sargassum-world/fluitans/pkg/godest/session"
 )
 
 // Authorization
@@ -28,10 +28,10 @@ func (a Auth) RequireAuthorized() error {
 	return echo.NewHTTPError(http.StatusNotFound, "unauthorized")
 }
 
-func RequireAuthz(sc *sessions.Client) echo.MiddlewareFunc {
+func RequireAuthz(sc *session.Client) echo.MiddlewareFunc {
 	return func(next echo.HandlerFunc) echo.HandlerFunc {
 		return func(c echo.Context) error {
-			a, _, err := GetWithSession(c, sc)
+			a, _, err := GetWithSession(c.Request(), sc, c.Logger())
 			if err != nil {
 				return err
 			}

diff --git a/internal/app/fluitans/auth/middleware.go b/internal/app/fluitans/auth/middleware.go
@@ -0,0 +1,89 @@
+package auth
+
+import (
+	"github.com/gorilla/sessions"
+	"github.com/labstack/echo/v4"
+	"github.com/pkg/errors"
+
+	"github.com/sargassum-world/fluitans/pkg/godest"
+	"github.com/sargassum-world/fluitans/pkg/godest/session"
+)
+
+type (
+	Handler            func(c echo.Context, a Auth) error
+	HandlerWithSession func(c echo.Context, a Auth, sess *sessions.Session) error
+)
+
+func Handle(h Handler, sc *session.Client) echo.HandlerFunc {
+	return func(c echo.Context) error {
+		a, sess, err := GetWithSession(c.Request(), sc, c.Logger())
+		// We don't expect the handler to write to the session, so we save it now
+		if serr := sess.Save(c.Request(), c.Response()); serr != nil {
+			return errors.Wrap(err, "couldn't save new session to replace invalid session")
+		}
+		if err != nil {
+			return err
+		}
+		return h(c, a)
+	}
+}
+
+func HandleWithSession(h HandlerWithSession, sc *session.Client) echo.HandlerFunc {
+	return func(c echo.Context) error {
+		a, sess, err := GetWithSession(c.Request(), sc, c.Logger())
+		if err != nil {
+			return err
+		}
+		return h(c, a, sess)
+	}
+}
+
+// Router is a routing adapter between echo.Handler and this package's Handler, by
+// automatically extracting auth data from the session of the request.
+type Router struct {
+	er godest.EchoRouter
+	sc *session.Client
+}
+
+func NewRouter(er godest.EchoRouter, sc *session.Client) Router {
+	return Router{
+		er: er,
+		sc: sc,
+	}
+}
+
+func (r *Router) CONNECT(path string, h Handler, m ...echo.MiddlewareFunc) *echo.Route {
+	return r.er.CONNECT(path, Handle(h, r.sc), m...)
+}
+
+func (r *Router) DELETE(path string, h Handler, m ...echo.MiddlewareFunc) *echo.Route {
+	return r.er.DELETE(path, Handle(h, r.sc), m...)
+}
+
+func (r *Router) GET(path string, h Handler, m ...echo.MiddlewareFunc) *echo.Route {
+	return r.er.GET(path, Handle(h, r.sc), m...)
+}
+
+func (r *Router) HEAD(path string, h Handler, m ...echo.MiddlewareFunc) *echo.Route {
+	return r.er.HEAD(path, Handle(h, r.sc), m...)
+}
+
+func (r *Router) OPTIONS(path string, h Handler, m ...echo.MiddlewareFunc) *echo.Route {
+	return r.er.OPTIONS(path, Handle(h, r.sc), m...)
+}
+
+func (r *Router) PATCH(path string, h Handler, m ...echo.MiddlewareFunc) *echo.Route {
+	return r.er.PATCH(path, Handle(h, r.sc), m...)
+}
+
+func (r *Router) POST(path string, h Handler, m ...echo.MiddlewareFunc) *echo.Route {
+	return r.er.POST(path, Handle(h, r.sc), m...)
+}
+
+func (r *Router) PUT(path string, h Handler, m ...echo.MiddlewareFunc) *echo.Route {
+	return r.er.PUT(path, Handle(h, r.sc), m...)
+}
+
+func (r *Router) TRACE(path string, h Handler, m ...echo.MiddlewareFunc) *echo.Route {
+	return r.er.TRACE(path, Handle(h, r.sc), m...)
+}
diff --git a/internal/app/fluitans/auth/models.go b/internal/app/fluitans/auth/models.go
@@ -2,10 +2,7 @@
 package auth
 
 import (
-	"github.com/labstack/echo/v4"
-
-	"github.com/sargassum-world/fluitans/internal/clients/sessions"
-	"github.com/sargassum-world/fluitans/pkg/godest"
+	"github.com/sargassum-world/fluitans/pkg/godest/session"
 )
 
 type Identity struct {
@@ -18,7 +15,7 @@ type CSRFBehavior struct {
 }
 
 type CSRF struct {
-	Config   sessions.CSRFOptions
+	Config   session.CSRFOptions
 	Behavior CSRFBehavior
 	Token    string
 }
@@ -27,85 +24,3 @@ type Auth struct {
 	Identity Identity
 	CSRF     CSRF
 }
-
-// Middleware & Routing Adapter
-
-type AuthAwareHandler func(c echo.Context, a Auth) error
-
-func HandleWithAuth(h AuthAwareHandler, sc *sessions.Client) echo.HandlerFunc {
-	return func(c echo.Context) error {
-		a, _, err := GetWithSession(c, sc)
-		if err != nil {
-			return err
-		}
-		return h(c, a)
-	}
-}
-
-// AuthAwareRouter is a routing adapter between echo.Handler and AuthAwareHandler, by automatically
-// extracting auth data from the session of the request.
-type AuthAwareRouter struct {
-	er godest.EchoRouter
-	sc *sessions.Client
-}
-
-func NewAuthAwareRouter(er godest.EchoRouter, sc *sessions.Client) AuthAwareRouter {
-	return AuthAwareRouter{
-		er: er,
-		sc: sc,
-	}
-}
-
-func (r *AuthAwareRouter) CONNECT(
-	path string, h AuthAwareHandler, m ...echo.MiddlewareFunc,
-) *echo.Route {
-	return r.er.CONNECT(path, HandleWithAuth(h, r.sc), m...)
-}
-
-func (r *AuthAwareRouter) DELETE(
-	path string, h AuthAwareHandler, m ...echo.MiddlewareFunc,
-) *echo.Route {
-	return r.er.DELETE(path, HandleWithAuth(h, r.sc), m...)
-}
-
-func (r *AuthAwareRouter) GET(
-	path string, h AuthAwareHandler, m ...echo.MiddlewareFunc,
-) *echo.Route {
-	return r.er.GET(path, HandleWithAuth(h, r.sc), m...)
-}
-
-func (r *AuthAwareRouter) HEAD(
-	path string, h AuthAwareHandler, m ...echo.MiddlewareFunc,
-) *echo.Route {
-	return r.er.HEAD(path, HandleWithAuth(h, r.sc), m...)
-}
-
-func (r *AuthAwareRouter) OPTIONS(
-	path string, h AuthAwareHandler, m ...echo.MiddlewareFunc,
-) *echo.Route {
-	return r.er.OPTIONS(path, HandleWithAuth(h, r.sc), m...)
-}
-
-func (r *AuthAwareRouter) PATCH(
-	path string, h AuthAwareHandler, m ...echo.MiddlewareFunc,
-) *echo.Route {
-	return r.er.PATCH(path, HandleWithAuth(h, r.sc), m...)
-}
-
-func (r *AuthAwareRouter) POST(
-	path string, h AuthAwareHandler, m ...echo.MiddlewareFunc,
-) *echo.Route {
-	return r.er.POST(path, HandleWithAuth(h, r.sc), m...)
-}
-
-func (r *AuthAwareRouter) PUT(
-	path string, h AuthAwareHandler, m ...echo.MiddlewareFunc,
-) *echo.Route {
-	return r.er.PUT(path, HandleWithAuth(h, r.sc), m...)
-}
-
-func (r *AuthAwareRouter) TRACE(
-	path string, h AuthAwareHandler, m ...echo.MiddlewareFunc,
-) *echo.Route {
-	return r.er.TRACE(path, HandleWithAuth(h, r.sc), m...)
-}