fix player/session id distinction and add /user/me api endpoint

serve/session.go

@@ -34,25 +34,25 @@ func SetSession(w http.ResponseWriter, s player.Session) {
 	})
 }
 
-// WithPlayerID is a middleware that adds a player ID to the request context
+// WithSession is a middleware that adds a player ID to the request context
 // based on the session cookie content. If there is no such cookie, or its
-// value is invalid, the request fails with a 403 error.
-func WithPlayerID(sessions player.RowQuerier) func(http.Handler) http.Handler {
+// value is invalid, the request fails with a 401 error.
+func WithSession(sessions player.RowQuerier) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			c, err := r.Cookie(sessionCookie)
 			if err != nil {
-				http.Error(w, "Forbidden", http.StatusForbidden)
+				http.Error(w, "unauthorized", http.StatusUnauthorized)
 				return
 			}
 			id, err := player.ParseSession(c.Value)
 			if err != nil {
-				http.Error(w, "Forbidden", http.StatusForbidden)
+				http.Error(w, "unauthorized", http.StatusUnauthorized)
 				return
 			}
 			p, err := player.FromSession(r.Context(), sessions, id, time.Now())
 			if err != nil {
-				http.Error(w, "Forbidden", http.StatusForbidden)
+				http.Error(w, "unauthorized", http.StatusUnauthorized)
 				return
 			}
 			ctx := with(r.Context(), p)
@@ -61,7 +61,7 @@ func WithPlayerID(sessions player.RowQuerier) func(http.Handler) http.Handler {
 	}
 }
 
-// Player returns the player ID set by WithPlayerID in the request context.
-func PlayerID(ctx context.Context) player.ID {
-	return value[player.ID](ctx)
+// Session returns the session ID set by WithSession in the request context.
+func Session(ctx context.Context) player.Session {
+	return value[player.Session](ctx)
 }