From 9e060b6f12536e22c329400b84e0c238cf53e190 Mon Sep 17 00:00:00 2001
From: Tim Wundenberg <tim@wundenbergs.de>
Date: Sun, 8 Dec 2024 23:21:29 +0100
Subject: [PATCH] feat(security): #286 fix test

---
 go.mod                                        |   1 +
 go.sum                                        |  16 +-
 handler/middleware/authenticate.go            |   3 +-
 .../middleware/cross_site_request_forgery.go  |   3 +-
 main.go                                       |   1 +
 main_test.go                                  |  83 ++-
 output.log                                    | 685 ------------------
 service/auth.go                               |   6 +-
 8 files changed, 81 insertions(+), 717 deletions(-)
 delete mode 100644 output.log

diff --git a/go.mod b/go.mod
index 81b7149..f31f233 100644
--- a/go.mod
+++ b/go.mod
@@ -11,6 +11,7 @@ require (
 	github.com/prometheus/client_golang v1.20.5
 	github.com/stretchr/testify v1.10.0
 	golang.org/x/crypto v0.30.0
+	golang.org/x/net v0.29.0
 )
 
 require (
diff --git a/go.sum b/go.sum
index f8209bf..b673f51 100644
--- a/go.sum
+++ b/go.sum
@@ -8,8 +8,6 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/golang-migrate/migrate/v4 v4.18.1 h1:JML/k+t4tpHCpQTCAD62Nu43NUFzHY4CV3uAuvHGC+Y=
 github.com/golang-migrate/migrate/v4 v4.18.1/go.mod h1:HAX6m3sQgcdO81tdjn5exv20+3Kb13cmGli1hrD6hks=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
-github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -21,14 +19,6 @@ github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
 github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
 github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
 github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
-github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
-github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
-github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
-github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
-github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM=
 github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
@@ -43,8 +33,6 @@ github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G
 github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8=
 github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
-github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
-github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
 github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
@@ -53,12 +41,12 @@ go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY=
 golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo=
+golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0=
 golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
 google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/handler/middleware/authenticate.go b/handler/middleware/authenticate.go
index fa540ef..bb6df5e 100644
--- a/handler/middleware/authenticate.go
+++ b/handler/middleware/authenticate.go
@@ -2,6 +2,7 @@ package middleware
 
 import (
 	"context"
+
 	"me-fit/service"
 
 	"net/http"
@@ -43,5 +44,5 @@ func getSessionID(r *http.Request) string {
 		return ""
 	}
 
-	return cookie.Name
+	return cookie.Value
 }
diff --git a/handler/middleware/cross_site_request_forgery.go b/handler/middleware/cross_site_request_forgery.go
index 920e568..eae2bc1 100644
--- a/handler/middleware/cross_site_request_forgery.go
+++ b/handler/middleware/cross_site_request_forgery.go
@@ -2,9 +2,10 @@ package middleware
 
 import (
 	"fmt"
-	"me-fit/service"
 	"strings"
 
+	"me-fit/service"
+
 	"net/http"
 )
 
diff --git a/main.go b/main.go
index 56e6b79..5fbcec2 100644
--- a/main.go
+++ b/main.go
@@ -130,6 +130,7 @@ func createHandler(d *sql.DB, serverSettings *types.Settings) http.Handler {
 		middleware.Log,
 		middleware.ContentSecurityPolicy,
 		middleware.Cors(serverSettings),
+		middleware.Authenticate(authService),
 		middleware.CrossSiteRequestForgery(authService),
 		middleware.Corp,
 		middleware.Coop,
diff --git a/main_test.go b/main_test.go
index a419bb7..e24737d 100644
--- a/main_test.go
+++ b/main_test.go
@@ -14,6 +14,8 @@ import (
 	"time"
 
 	"github.com/google/uuid"
+	"github.com/stretchr/testify/assert"
+	"golang.org/x/net/html"
 )
 
 func TestHandleSignIn(t *testing.T) {
@@ -39,25 +41,35 @@ func TestHandleSignIn(t *testing.T) {
 			t.Fatalf("Error inserting user: %v", err)
 		}
 
-		formData := url.Values{
-			"email":    {"mail@mail.de"},
-			"password": {"password"},
-		}
-
-		req, err := http.NewRequestWithContext(ctx, "POST", "http://localhost:8080/api/auth/signin", strings.NewReader(formData.Encode()))
-		if err != nil {
-			t.Fatalf("Error creating request: %v", err)
-		}
-		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+		req, err := http.NewRequestWithContext(ctx, "GET", "http://localhost:8080/auth/signin", nil)
+		assert.Nil(t, err)
 
 		resp, err := httpClient.Do(req)
-		if err != nil {
-			t.Fatalf("Error making request: %v", err)
+		assert.Nil(t, err)
+
+		html, err := html.Parse(resp.Body)
+		assert.Nil(t, err)
+
+		csrfToken := findCsrfToken(html)
+		assert.NotEqual(t, "", csrfToken)
+		anonymousSession := findCookie(resp, "id")
+		assert.NotNil(t, anonymousSession)
+
+		formData := url.Values{
+			"email":      {"mail@mail.de"},
+			"password":   {"password"},
+			"csrf-token": {csrfToken},
 		}
 
-		if resp.StatusCode != http.StatusSeeOther {
-			t.Fatalf("Expected status code 303, got %d", resp.StatusCode)
-		}
+		req, err = http.NewRequestWithContext(ctx, "POST", "http://localhost:8080/api/auth/signin", strings.NewReader(formData.Encode()))
+		assert.Nil(t, err)
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+		req.Header.Set("Cookie", anonymousSession.Name+"="+anonymousSession.Value)
+
+		resp, err = httpClient.Do(req)
+		assert.Nil(t, err)
+
+		assert.Equal(t, http.StatusSeeOther, resp.StatusCode)
 
 		cookie := findCookie(resp, "id")
 		if cookie == nil {
@@ -165,3 +177,44 @@ func waitForReady(
 		}
 	}
 }
+
+func findCsrfToken(data *html.Node) string {
+	attr := getTokenAttribute(data)
+	if attr != nil {
+		return attr.Val
+	}
+
+	if data.FirstChild != nil {
+		if token := findCsrfToken(data.FirstChild); token != "" {
+			return token
+		}
+	}
+	if data.NextSibling != nil {
+		if token := findCsrfToken(data.NextSibling); token != "" {
+			return token
+		}
+	}
+
+	return ""
+}
+
+func getTokenAttribute(data *html.Node) *html.Attribute {
+	returnValue := false
+	for _, attr := range data.Attr {
+		if attr.Key == "name" && attr.Val == "csrf-token" {
+			returnValue = true
+		}
+	}
+
+	if !returnValue {
+		return nil
+	}
+
+	for _, attr := range data.Attr {
+		if attr.Key == "value" {
+			return &attr
+		}
+	}
+
+	return nil
+}
diff --git a/output.log b/output.log
deleted file mode 100644
index 186f6f6..0000000
--- a/output.log
+++ /dev/null
@@ -1,685 +0,0 @@
-2024/12/08 14:05:48 INFO Starting server...
-2024/12/08 14:05:48 INFO BASE_URL is "http://localhost:8080"
-2024/12/08 14:05:48 INFO ENVIRONMENT is "local"
-2024/12/08 14:05:48 INFO Starting server on ":8080"
-2024/12/08 14:05:52 http: panic serving 127.0.0.1:48440: runtime error: invalid memory address or nil pointer dereference
-goroutine 41 [running]:
-net/http.(*conn).serve.func1()
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:1947 +0xbe
-panic({0x954920?, 0xd829f0?})
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/runtime/panic.go:785 +0x132
-me-fit/service.AuthImpl.GetCsrfToken({{0xa9bfa8, 0xc000118068}, {0xa96960, 0xdf3de0}, {0xa936c0, 0xdf3de0}, {0xa93660, 0xc00013a040}, 0xc00013a040}, 0x0)
-	/home/tiwun/source/me-fit/service/auth.go:414 +0x8c
-me-fit/handler/middleware.(*csrfResponseWriter).Write(0xc00014acc0, {0xc000317000?, 0xc0001164f8?, 0xc00014ad20?})
-	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:28 +0x83
-bufio.(*Writer).Flush(0xc00013a4c0)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/bufio/bufio.go:639 +0x55
-github.com/a-h/templ/runtime.(*Buffer).Flush(0xc0001164f8)
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/buffer.go:28 +0x25
-github.com/a-h/templ/runtime.ReleaseBuffer({0xa93740?, 0xc0001164f8})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/bufferpool.go:35 +0x32
-me-fit/handler.(*Render).RenderLayout.Layout.func1.1()
-	/home/tiwun/source/me-fit/template/layout_templ.go:20 +0x27
-me-fit/handler.(*Render).RenderLayout.Layout.func1({{0xa97360?, 0xc000160cd0?}, {0x7fdfb1435998?, 0xc00014acc0?}})
-	/home/tiwun/source/me-fit/template/layout_templ.go:64 +0x439
-me-fit/handler.(*Render).RenderLayout.Layout.GeneratedTemplate.func2({0xa97360?, 0xc000160cd0?}, {0x7fdfb1435998?, 0xc00014acc0?})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/runtime.go:19 +0x2b
-github.com/a-h/templ.ComponentFunc.Render(0xd83840?, {0xa97360?, 0xc000160cd0?}, {0x7fdfb1435998?, 0xc00014acc0?})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime.go:40 +0x37
-me-fit/handler.(*Render).Render(0xc0001264e0?, 0xc000187598?, {0xa969f0, 0xc00014acc0}, {0xa93760?, 0xc000126500?})
-	/home/tiwun/source/me-fit/handler/render.go:26 +0x85
-me-fit/handler.(*Render).RenderLayout(0xc000118078, 0xc000318000, {0xa969f0, 0xc00014acc0}, {0xa93760, 0xc0001264e0}, 0x7fdfb1431ea8?)
-	/home/tiwun/source/me-fit/handler/render.go:37 +0x14a
-me-fit/handler.AuthImpl.Handle.AuthImpl.handleSignInPage.func1({0xa969f0, 0xc00014acc0}, 0xc000318000)
-	/home/tiwun/source/me-fit/handler/auth.go:74 +0xb9
-net/http.HandlerFunc.ServeHTTP(0xc00017c000?, {0xa969f0?, 0xc00014acc0?}, 0xc000187688?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-net/http.(*ServeMux).ServeHTTP(0x995fc0?, {0xa969f0, 0xc00014acc0}, 0xc000318000)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2747 +0x1ca
-me-fit/handler/middleware.Coop.func1({0xa969f0, 0xc00014acc0}, 0xc000318000)
-	/home/tiwun/source/me-fit/handler/middleware/coop.go:11 +0xf0
-net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa969f0?, 0xc00014acc0?}, 0x1c?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.Corp.func1({0xa969f0, 0xc00014acc0}, 0xc000318000)
-	/home/tiwun/source/me-fit/handler/middleware/corp.go:11 +0xf0
-net/http.HandlerFunc.ServeHTTP(0xa96a20?, {0xa969f0?, 0xc00014acc0?}, 0xc0001600a0?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.CrossSiteRequestForgery.func3.1({0xa96a20, 0xc0001164c8}, 0xc000318000)
-	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:57 +0x151
-net/http.HandlerFunc.ServeHTTP(0xc00014ac30?, {0xa96a20?, 0xc0001164c8?}, 0x9ddfd8?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.Cors.func2.1({0xa96a20, 0xc0001164c8}, 0xc000318000)
-	/home/tiwun/source/me-fit/handler/middleware/cors.go:20 +0xec
-net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa96a20?, 0xc0001164c8?}, 0x17?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.ContentSecurityPolicy.func1({0xa96a20, 0xc0001164c8}, 0xc000318000)
-	/home/tiwun/source/me-fit/handler/middleware/content_security_policiy.go:27 +0x11f
-net/http.HandlerFunc.ServeHTTP(0xb9?, {0xa96a20?, 0xc0001164c8?}, 0xd2b1243e00000003?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.Log.func1({0xa96b70, 0xc00017c0e0}, 0xc000318000)
-	/home/tiwun/source/me-fit/handler/middleware/logger.go:42 +0xe2
-net/http.HandlerFunc.ServeHTTP(0xa936e0?, {0xa96b70?, 0xc00017c0e0?}, 0x446920?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.Wrapper.func4({0xa96b70, 0xc00017c0e0}, 0xc000318000)
-	/home/tiwun/source/me-fit/handler/middleware/wrapper.go:11 +0x88
-net/http.HandlerFunc.ServeHTTP(0x46b139?, {0xa96b70?, 0xc00017c0e0?}, 0xc000187b70?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-net/http.serverHandler.ServeHTTP({0xc00014ab40?}, {0xa96b70?, 0xc00017c0e0?}, 0x6?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3210 +0x8e
-net/http.(*conn).serve(0xc00015e1b0, {0xa97328, 0xc00014aa50})
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2092 +0x5d0
-created by net/http.(*Server).Serve in goroutine 38
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3360 +0x485
-2024/12/08 14:05:52 http: panic serving 127.0.0.1:48450: runtime error: invalid memory address or nil pointer dereference
-goroutine 21 [running]:
-net/http.(*conn).serve.func1()
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:1947 +0xbe
-panic({0x954920?, 0xd829f0?})
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/runtime/panic.go:785 +0x132
-me-fit/service.AuthImpl.GetCsrfToken({{0xa9bfa8, 0xc000118068}, {0xa96960, 0xdf3de0}, {0xa936c0, 0xdf3de0}, {0xa93660, 0xc00013a040}, 0xc00013a040}, 0x0)
-	/home/tiwun/source/me-fit/service/auth.go:414 +0x8c
-me-fit/handler/middleware.(*csrfResponseWriter).Write(0xc0002202d0, {0xc00025c000?, 0xc000206150?, 0xc000220330?})
-	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:28 +0x83
-bufio.(*Writer).Flush(0xc00021a140)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/bufio/bufio.go:639 +0x55
-github.com/a-h/templ/runtime.(*Buffer).Flush(0xc000206150)
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/buffer.go:28 +0x25
-github.com/a-h/templ/runtime.ReleaseBuffer({0xa93740?, 0xc000206150})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/bufferpool.go:35 +0x32
-me-fit/handler.(*Render).RenderLayout.Layout.func1.1()
-	/home/tiwun/source/me-fit/template/layout_templ.go:20 +0x27
-me-fit/handler.(*Render).RenderLayout.Layout.func1({{0xa97360?, 0xc00021e0f0?}, {0x7fdfb1435998?, 0xc0002202d0?}})
-	/home/tiwun/source/me-fit/template/layout_templ.go:64 +0x439
-me-fit/handler.(*Render).RenderLayout.Layout.GeneratedTemplate.func2({0xa97360?, 0xc00021e0f0?}, {0x7fdfb1435998?, 0xc0002202d0?})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/runtime.go:19 +0x2b
-github.com/a-h/templ.ComponentFunc.Render(0xd83840?, {0xa97360?, 0xc00021e0f0?}, {0x7fdfb1435998?, 0xc0002202d0?})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime.go:40 +0x37
-me-fit/handler.(*Render).Render(0xa97360?, 0xc000183598?, {0xa969f0, 0xc0002202d0}, {0xa93760?, 0xc000218110?})
-	/home/tiwun/source/me-fit/handler/render.go:26 +0x85
-me-fit/handler.(*Render).RenderLayout(0xc000118078, 0xc000244000, {0xa969f0, 0xc0002202d0}, {0xa93760, 0xc0002180f0}, 0x7fdfb1489958?)
-	/home/tiwun/source/me-fit/handler/render.go:37 +0x14a
-me-fit/handler.AuthImpl.Handle.AuthImpl.handleSignInPage.func1({0xa969f0, 0xc0002202d0}, 0xc000244000)
-	/home/tiwun/source/me-fit/handler/auth.go:74 +0xb9
-net/http.HandlerFunc.ServeHTTP(0xc00017c000?, {0xa969f0?, 0xc0002202d0?}, 0xc00023e688?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-net/http.(*ServeMux).ServeHTTP(0x995fc0?, {0xa969f0, 0xc0002202d0}, 0xc000244000)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2747 +0x1ca
-me-fit/handler/middleware.Coop.func1({0xa969f0, 0xc0002202d0}, 0xc000244000)
-	/home/tiwun/source/me-fit/handler/middleware/coop.go:11 +0xf0
-net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa969f0?, 0xc0002202d0?}, 0x1c?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.Corp.func1({0xa969f0, 0xc0002202d0}, 0xc000244000)
-	/home/tiwun/source/me-fit/handler/middleware/corp.go:11 +0xf0
-net/http.HandlerFunc.ServeHTTP(0xa96a20?, {0xa969f0?, 0xc0002202d0?}, 0xc0001600a0?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.CrossSiteRequestForgery.func3.1({0xa96a20, 0xc000206120}, 0xc000244000)
-	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:57 +0x151
-net/http.HandlerFunc.ServeHTTP(0xc000220240?, {0xa96a20?, 0xc000206120?}, 0x9ddfd8?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.Cors.func2.1({0xa96a20, 0xc000206120}, 0xc000244000)
-	/home/tiwun/source/me-fit/handler/middleware/cors.go:20 +0xec
-net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa96a20?, 0xc000206120?}, 0x17?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.ContentSecurityPolicy.func1({0xa96a20, 0xc000206120}, 0xc000244000)
-	/home/tiwun/source/me-fit/handler/middleware/content_security_policiy.go:27 +0x11f
-net/http.HandlerFunc.ServeHTTP(0xb9?, {0xa96a20?, 0xc000206120?}, 0x2adb28e700000003?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.Log.func1({0xa96b70, 0xc00024c000}, 0xc000244000)
-	/home/tiwun/source/me-fit/handler/middleware/logger.go:42 +0xe2
-net/http.HandlerFunc.ServeHTTP(0xa936e0?, {0xa96b70?, 0xc00024c000?}, 0x446920?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.Wrapper.func4({0xa96b70, 0xc00024c000}, 0xc000244000)
-	/home/tiwun/source/me-fit/handler/middleware/wrapper.go:11 +0x88
-net/http.HandlerFunc.ServeHTTP(0x46b139?, {0xa96b70?, 0xc00024c000?}, 0xc00023eb70?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-net/http.serverHandler.ServeHTTP({0xc000220180?}, {0xa96b70?, 0xc00024c000?}, 0x6?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3210 +0x8e
-net/http.(*conn).serve(0xc000238000, {0xa97328, 0xc00014aa50})
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2092 +0x5d0
-created by net/http.(*Server).Serve in goroutine 38
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3360 +0x485
-2024/12/08 14:05:52 http: panic serving 127.0.0.1:48460: runtime error: invalid memory address or nil pointer dereference
-goroutine 23 [running]:
-net/http.(*conn).serve.func1()
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:1947 +0xbe
-panic({0x954920?, 0xd829f0?})
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/runtime/panic.go:785 +0x132
-me-fit/service.AuthImpl.GetCsrfToken({{0xa9bfa8, 0xc000118068}, {0xa96960, 0xdf3de0}, {0xa936c0, 0xdf3de0}, {0xa93660, 0xc00013a040}, 0xc00013a040}, 0x0)
-	/home/tiwun/source/me-fit/service/auth.go:414 +0x8c
-me-fit/handler/middleware.(*csrfResponseWriter).Write(0xc000220510, {0xc00025d000?, 0xc000206210?, 0xc000220570?})
-	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:28 +0x83
-bufio.(*Writer).Flush(0xc00021a240)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/bufio/bufio.go:639 +0x55
-github.com/a-h/templ/runtime.(*Buffer).Flush(0xc000206210)
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/buffer.go:28 +0x25
-github.com/a-h/templ/runtime.ReleaseBuffer({0xa93740?, 0xc000206210})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/bufferpool.go:35 +0x32
-me-fit/handler.(*Render).RenderLayout.Layout.func1.1()
-	/home/tiwun/source/me-fit/template/layout_templ.go:20 +0x27
-me-fit/handler.(*Render).RenderLayout.Layout.func1({{0xa97360?, 0xc00021e1e0?}, {0x7fdfb1435998?, 0xc000220510?}})
-	/home/tiwun/source/me-fit/template/layout_templ.go:64 +0x439
-me-fit/handler.(*Render).RenderLayout.Layout.GeneratedTemplate.func2({0xa97360?, 0xc00021e1e0?}, {0x7fdfb1435998?, 0xc000220510?})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/runtime.go:19 +0x2b
-github.com/a-h/templ.ComponentFunc.Render(0xd83840?, {0xa97360?, 0xc00021e1e0?}, {0x7fdfb1435998?, 0xc000220510?})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime.go:40 +0x37
-me-fit/handler.(*Render).Render(0xa97360?, 0xc000183598?, {0xa969f0, 0xc000220510}, {0xa93760?, 0xc000218200?})
-	/home/tiwun/source/me-fit/handler/render.go:26 +0x85
-me-fit/handler.(*Render).RenderLayout(0xc000118078, 0xc000244140, {0xa969f0, 0xc000220510}, {0xa93760, 0xc0002181e0}, 0x7fdfb1489958?)
-	/home/tiwun/source/me-fit/handler/render.go:37 +0x14a
-me-fit/handler.AuthImpl.Handle.AuthImpl.handleSignInPage.func1({0xa969f0, 0xc000220510}, 0xc000244140)
-	/home/tiwun/source/me-fit/handler/auth.go:74 +0xb9
-net/http.HandlerFunc.ServeHTTP(0xc00017c000?, {0xa969f0?, 0xc000220510?}, 0xc00023e688?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-net/http.(*ServeMux).ServeHTTP(0x995fc0?, {0xa969f0, 0xc000220510}, 0xc000244140)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2747 +0x1ca
-me-fit/handler/middleware.Coop.func1({0xa969f0, 0xc000220510}, 0xc000244140)
-	/home/tiwun/source/me-fit/handler/middleware/coop.go:11 +0xf0
-net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa969f0?, 0xc000220510?}, 0x1c?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.Corp.func1({0xa969f0, 0xc000220510}, 0xc000244140)
-	/home/tiwun/source/me-fit/handler/middleware/corp.go:11 +0xf0
-net/http.HandlerFunc.ServeHTTP(0xa96a20?, {0xa969f0?, 0xc000220510?}, 0xc0001600a0?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.CrossSiteRequestForgery.func3.1({0xa96a20, 0xc0002061e0}, 0xc000244140)
-	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:57 +0x151
-net/http.HandlerFunc.ServeHTTP(0xc000220480?, {0xa96a20?, 0xc0002061e0?}, 0x9ddfd8?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.Cors.func2.1({0xa96a20, 0xc0002061e0}, 0xc000244140)
-	/home/tiwun/source/me-fit/handler/middleware/cors.go:20 +0xec
-net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa96a20?, 0xc0002061e0?}, 0x17?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.ContentSecurityPolicy.func1({0xa96a20, 0xc0002061e0}, 0xc000244140)
-	/home/tiwun/source/me-fit/handler/middleware/content_security_policiy.go:27 +0x11f
-net/http.HandlerFunc.ServeHTTP(0xb9?, {0xa96a20?, 0xc0002061e0?}, 0x7a75ac3900000003?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.Log.func1({0xa96b70, 0xc00024c0e0}, 0xc000244140)
-	/home/tiwun/source/me-fit/handler/middleware/logger.go:42 +0xe2
-net/http.HandlerFunc.ServeHTTP(0xa936e0?, {0xa96b70?, 0xc00024c0e0?}, 0x446920?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.Wrapper.func4({0xa96b70, 0xc00024c0e0}, 0xc000244140)
-	/home/tiwun/source/me-fit/handler/middleware/wrapper.go:11 +0x88
-net/http.HandlerFunc.ServeHTTP(0x46b139?, {0xa96b70?, 0xc00024c0e0?}, 0xc00023eb70?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-net/http.serverHandler.ServeHTTP({0xc0002203f0?}, {0xa96b70?, 0xc00024c0e0?}, 0x6?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3210 +0x8e
-net/http.(*conn).serve(0xc0002381b0, {0xa97328, 0xc00014aa50})
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2092 +0x5d0
-created by net/http.(*Server).Serve in goroutine 38
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3360 +0x485
-2024/12/08 14:05:52 http: panic serving 127.0.0.1:48468: runtime error: invalid memory address or nil pointer dereference
-goroutine 50 [running]:
-net/http.(*conn).serve.func1()
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:1947 +0xbe
-panic({0x954920?, 0xd829f0?})
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/runtime/panic.go:785 +0x132
-me-fit/service.AuthImpl.GetCsrfToken({{0xa9bfa8, 0xc000118068}, {0xa96960, 0xdf3de0}, {0xa936c0, 0xdf3de0}, {0xa93660, 0xc00013a040}, 0xc00013a040}, 0x0)
-	/home/tiwun/source/me-fit/service/auth.go:414 +0x8c
-me-fit/handler/middleware.(*csrfResponseWriter).Write(0xc0002861e0, {0xc0002c4000?, 0xc0002ac078?, 0xc000286240?})
-	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:28 +0x83
-bufio.(*Writer).Flush(0xc000296100)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/bufio/bufio.go:639 +0x55
-github.com/a-h/templ/runtime.(*Buffer).Flush(0xc0002ac078)
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/buffer.go:28 +0x25
-github.com/a-h/templ/runtime.ReleaseBuffer({0xa93740?, 0xc0002ac078})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/bufferpool.go:35 +0x32
-me-fit/handler.(*Render).RenderLayout.Layout.func1.1()
-	/home/tiwun/source/me-fit/template/layout_templ.go:20 +0x27
-me-fit/handler.(*Render).RenderLayout.Layout.func1({{0xa97360?, 0xc000290050?}, {0x7fdfb1435998?, 0xc0002861e0?}})
-	/home/tiwun/source/me-fit/template/layout_templ.go:64 +0x439
-me-fit/handler.(*Render).RenderLayout.Layout.GeneratedTemplate.func2({0xa97360?, 0xc000290050?}, {0x7fdfb1435998?, 0xc0002861e0?})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/runtime.go:19 +0x2b
-github.com/a-h/templ.ComponentFunc.Render(0xd83840?, {0xa97360?, 0xc000290050?}, {0x7fdfb1435998?, 0xc0002861e0?})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime.go:40 +0x37
-me-fit/handler.(*Render).Render(0xc0002920b0?, 0xc0002c1598?, {0xa969f0, 0xc0002861e0}, {0xa93760?, 0xc0002920d0?})
-	/home/tiwun/source/me-fit/handler/render.go:26 +0x85
-me-fit/handler.(*Render).RenderLayout(0xc000118078, 0xc000298000, {0xa969f0, 0xc0002861e0}, {0xa93760, 0xc0002920b0}, 0x7fdf6837c908?)
-	/home/tiwun/source/me-fit/handler/render.go:37 +0x14a
-me-fit/handler.AuthImpl.Handle.AuthImpl.handleSignInPage.func1({0xa969f0, 0xc0002861e0}, 0xc000298000)
-	/home/tiwun/source/me-fit/handler/auth.go:74 +0xb9
-net/http.HandlerFunc.ServeHTTP(0xc00017c000?, {0xa969f0?, 0xc0002861e0?}, 0xc00023a688?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-net/http.(*ServeMux).ServeHTTP(0x995fc0?, {0xa969f0, 0xc0002861e0}, 0xc000298000)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2747 +0x1ca
-me-fit/handler/middleware.Coop.func1({0xa969f0, 0xc0002861e0}, 0xc000298000)
-	/home/tiwun/source/me-fit/handler/middleware/coop.go:11 +0xf0
-net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa969f0?, 0xc0002861e0?}, 0x1c?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.Corp.func1({0xa969f0, 0xc0002861e0}, 0xc000298000)
-	/home/tiwun/source/me-fit/handler/middleware/corp.go:11 +0xf0
-net/http.HandlerFunc.ServeHTTP(0xa96a20?, {0xa969f0?, 0xc0002861e0?}, 0xc0001600a0?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.CrossSiteRequestForgery.func3.1({0xa96a20, 0xc0002ac048}, 0xc000298000)
-	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:57 +0x151
-net/http.HandlerFunc.ServeHTTP(0xc000286150?, {0xa96a20?, 0xc0002ac048?}, 0x9ddfd8?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.Cors.func2.1({0xa96a20, 0xc0002ac048}, 0xc000298000)
-	/home/tiwun/source/me-fit/handler/middleware/cors.go:20 +0xec
-net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa96a20?, 0xc0002ac048?}, 0x17?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.ContentSecurityPolicy.func1({0xa96a20, 0xc0002ac048}, 0xc000298000)
-	/home/tiwun/source/me-fit/handler/middleware/content_security_policiy.go:27 +0x11f
-net/http.HandlerFunc.ServeHTTP(0xb9?, {0xa96a20?, 0xc0002ac048?}, 0xd6290e4300000003?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.Log.func1({0xa96b70, 0xc0002a6000}, 0xc000298000)
-	/home/tiwun/source/me-fit/handler/middleware/logger.go:42 +0xe2
-net/http.HandlerFunc.ServeHTTP(0xa936e0?, {0xa96b70?, 0xc0002a6000?}, 0x446920?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.Wrapper.func4({0xa96b70, 0xc0002a6000}, 0xc000298000)
-	/home/tiwun/source/me-fit/handler/middleware/wrapper.go:11 +0x88
-net/http.HandlerFunc.ServeHTTP(0x46b139?, {0xa96b70?, 0xc0002a6000?}, 0xc00023ab70?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-net/http.serverHandler.ServeHTTP({0xc000286090?}, {0xa96b70?, 0xc0002a6000?}, 0x6?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3210 +0x8e
-net/http.(*conn).serve(0xc00028a000, {0xa97328, 0xc00014aa50})
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2092 +0x5d0
-created by net/http.(*Server).Serve in goroutine 38
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3360 +0x485
-2024/12/08 14:05:52 http: panic serving 127.0.0.1:48470: runtime error: invalid memory address or nil pointer dereference
-goroutine 52 [running]:
-net/http.(*conn).serve.func1()
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:1947 +0xbe
-panic({0x954920?, 0xd829f0?})
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/runtime/panic.go:785 +0x132
-me-fit/service.AuthImpl.GetCsrfToken({{0xa9bfa8, 0xc000118068}, {0xa96960, 0xdf3de0}, {0xa936c0, 0xdf3de0}, {0xa93660, 0xc00013a040}, 0xc00013a040}, 0x0)
-	/home/tiwun/source/me-fit/service/auth.go:414 +0x8c
-me-fit/handler/middleware.(*csrfResponseWriter).Write(0xc000286420, {0xc0002c5000?, 0xc0002ac138?, 0xc000286480?})
-	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:28 +0x83
-bufio.(*Writer).Flush(0xc000296200)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/bufio/bufio.go:639 +0x55
-github.com/a-h/templ/runtime.(*Buffer).Flush(0xc0002ac138)
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/buffer.go:28 +0x25
-github.com/a-h/templ/runtime.ReleaseBuffer({0xa93740?, 0xc0002ac138})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/bufferpool.go:35 +0x32
-me-fit/handler.(*Render).RenderLayout.Layout.func1.1()
-	/home/tiwun/source/me-fit/template/layout_templ.go:20 +0x27
-me-fit/handler.(*Render).RenderLayout.Layout.func1({{0xa97360?, 0xc000290140?}, {0x7fdfb1435998?, 0xc000286420?}})
-	/home/tiwun/source/me-fit/template/layout_templ.go:64 +0x439
-me-fit/handler.(*Render).RenderLayout.Layout.GeneratedTemplate.func2({0xa97360?, 0xc000290140?}, {0x7fdfb1435998?, 0xc000286420?})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/runtime.go:19 +0x2b
-github.com/a-h/templ.ComponentFunc.Render(0xd83840?, {0xa97360?, 0xc000290140?}, {0x7fdfb1435998?, 0xc000286420?})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime.go:40 +0x37
-me-fit/handler.(*Render).Render(0xc0002921a0?, 0xc0002c1598?, {0xa969f0, 0xc000286420}, {0xa93760?, 0xc0002921c0?})
-	/home/tiwun/source/me-fit/handler/render.go:26 +0x85
-me-fit/handler.(*Render).RenderLayout(0xc000118078, 0xc000298140, {0xa969f0, 0xc000286420}, {0xa93760, 0xc0002921a0}, 0x7fdf6837c908?)
-	/home/tiwun/source/me-fit/handler/render.go:37 +0x14a
-me-fit/handler.AuthImpl.Handle.AuthImpl.handleSignInPage.func1({0xa969f0, 0xc000286420}, 0xc000298140)
-	/home/tiwun/source/me-fit/handler/auth.go:74 +0xb9
-net/http.HandlerFunc.ServeHTTP(0xc00017c000?, {0xa969f0?, 0xc000286420?}, 0xc00023a688?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-net/http.(*ServeMux).ServeHTTP(0x995fc0?, {0xa969f0, 0xc000286420}, 0xc000298140)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2747 +0x1ca
-me-fit/handler/middleware.Coop.func1({0xa969f0, 0xc000286420}, 0xc000298140)
-	/home/tiwun/source/me-fit/handler/middleware/coop.go:11 +0xf0
-net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa969f0?, 0xc000286420?}, 0x1c?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.Corp.func1({0xa969f0, 0xc000286420}, 0xc000298140)
-	/home/tiwun/source/me-fit/handler/middleware/corp.go:11 +0xf0
-net/http.HandlerFunc.ServeHTTP(0xa96a20?, {0xa969f0?, 0xc000286420?}, 0xc0001600a0?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.CrossSiteRequestForgery.func3.1({0xa96a20, 0xc0002ac108}, 0xc000298140)
-	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:57 +0x151
-net/http.HandlerFunc.ServeHTTP(0xc000286390?, {0xa96a20?, 0xc0002ac108?}, 0x9ddfd8?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.Cors.func2.1({0xa96a20, 0xc0002ac108}, 0xc000298140)
-	/home/tiwun/source/me-fit/handler/middleware/cors.go:20 +0xec
-net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa96a20?, 0xc0002ac108?}, 0x17?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.ContentSecurityPolicy.func1({0xa96a20, 0xc0002ac108}, 0xc000298140)
-	/home/tiwun/source/me-fit/handler/middleware/content_security_policiy.go:27 +0x11f
-net/http.HandlerFunc.ServeHTTP(0xb9?, {0xa96a20?, 0xc0002ac108?}, 0xd2f9999c00000003?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.Log.func1({0xa96b70, 0xc0002a60e0}, 0xc000298140)
-	/home/tiwun/source/me-fit/handler/middleware/logger.go:42 +0xe2
-net/http.HandlerFunc.ServeHTTP(0xa936e0?, {0xa96b70?, 0xc0002a60e0?}, 0x446920?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.Wrapper.func4({0xa96b70, 0xc0002a60e0}, 0xc000298140)
-	/home/tiwun/source/me-fit/handler/middleware/wrapper.go:11 +0x88
-net/http.HandlerFunc.ServeHTTP(0x46b139?, {0xa96b70?, 0xc0002a60e0?}, 0xc00023ab70?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-net/http.serverHandler.ServeHTTP({0xc000286300?}, {0xa96b70?, 0xc0002a60e0?}, 0x6?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3210 +0x8e
-net/http.(*conn).serve(0xc00028a1b0, {0xa97328, 0xc00014aa50})
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2092 +0x5d0
-created by net/http.(*Server).Serve in goroutine 38
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3360 +0x485
-2024/12/08 14:05:52 http: panic serving 127.0.0.1:48472: runtime error: invalid memory address or nil pointer dereference
-goroutine 54 [running]:
-net/http.(*conn).serve.func1()
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:1947 +0xbe
-panic({0x954920?, 0xd829f0?})
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/runtime/panic.go:785 +0x132
-me-fit/service.AuthImpl.GetCsrfToken({{0xa9bfa8, 0xc000118068}, {0xa96960, 0xdf3de0}, {0xa936c0, 0xdf3de0}, {0xa93660, 0xc00013a040}, 0xc00013a040}, 0x0)
-	/home/tiwun/source/me-fit/service/auth.go:414 +0x8c
-me-fit/handler/middleware.(*csrfResponseWriter).Write(0xc000286660, {0xc0002f4000?, 0xc0002ac1e0?, 0xc0002866c0?})
-	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:28 +0x83
-bufio.(*Writer).Flush(0xc000296300)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/bufio/bufio.go:639 +0x55
-github.com/a-h/templ/runtime.(*Buffer).Flush(0xc0002ac1e0)
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/buffer.go:28 +0x25
-github.com/a-h/templ/runtime.ReleaseBuffer({0xa93740?, 0xc0002ac1e0})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/bufferpool.go:35 +0x32
-me-fit/handler.(*Render).RenderLayout.Layout.func1.1()
-	/home/tiwun/source/me-fit/template/layout_templ.go:20 +0x27
-me-fit/handler.(*Render).RenderLayout.Layout.func1({{0xa97360?, 0xc000290230?}, {0x7fdfb1435998?, 0xc000286660?}})
-	/home/tiwun/source/me-fit/template/layout_templ.go:64 +0x439
-me-fit/handler.(*Render).RenderLayout.Layout.GeneratedTemplate.func2({0xa97360?, 0xc000290230?}, {0x7fdfb1435998?, 0xc000286660?})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/runtime.go:19 +0x2b
-github.com/a-h/templ.ComponentFunc.Render(0xd83840?, {0xa97360?, 0xc000290230?}, {0x7fdfb1435998?, 0xc000286660?})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime.go:40 +0x37
-me-fit/handler.(*Render).Render(0xc000292290?, 0xc0002c1598?, {0xa969f0, 0xc000286660}, {0xa93760?, 0xc0002922b0?})
-	/home/tiwun/source/me-fit/handler/render.go:26 +0x85
-me-fit/handler.(*Render).RenderLayout(0xc000118078, 0xc000298280, {0xa969f0, 0xc000286660}, {0xa93760, 0xc000292290}, 0x7fdf6837c908?)
-	/home/tiwun/source/me-fit/handler/render.go:37 +0x14a
-me-fit/handler.AuthImpl.Handle.AuthImpl.handleSignInPage.func1({0xa969f0, 0xc000286660}, 0xc000298280)
-	/home/tiwun/source/me-fit/handler/auth.go:74 +0xb9
-net/http.HandlerFunc.ServeHTTP(0xc00017c000?, {0xa969f0?, 0xc000286660?}, 0xc00023a688?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-net/http.(*ServeMux).ServeHTTP(0x995fc0?, {0xa969f0, 0xc000286660}, 0xc000298280)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2747 +0x1ca
-me-fit/handler/middleware.Coop.func1({0xa969f0, 0xc000286660}, 0xc000298280)
-	/home/tiwun/source/me-fit/handler/middleware/coop.go:11 +0xf0
-net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa969f0?, 0xc000286660?}, 0x1c?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.Corp.func1({0xa969f0, 0xc000286660}, 0xc000298280)
-	/home/tiwun/source/me-fit/handler/middleware/corp.go:11 +0xf0
-net/http.HandlerFunc.ServeHTTP(0xa96a20?, {0xa969f0?, 0xc000286660?}, 0xc0001600a0?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.CrossSiteRequestForgery.func3.1({0xa96a20, 0xc0002ac1b0}, 0xc000298280)
-	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:57 +0x151
-net/http.HandlerFunc.ServeHTTP(0xc0002865d0?, {0xa96a20?, 0xc0002ac1b0?}, 0x9ddfd8?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.Cors.func2.1({0xa96a20, 0xc0002ac1b0}, 0xc000298280)
-	/home/tiwun/source/me-fit/handler/middleware/cors.go:20 +0xec
-net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa96a20?, 0xc0002ac1b0?}, 0x17?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.ContentSecurityPolicy.func1({0xa96a20, 0xc0002ac1b0}, 0xc000298280)
-	/home/tiwun/source/me-fit/handler/middleware/content_security_policiy.go:27 +0x11f
-net/http.HandlerFunc.ServeHTTP(0xb9?, {0xa96a20?, 0xc0002ac1b0?}, 0xa901b9c100000003?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.Log.func1({0xa96b70, 0xc0002a61c0}, 0xc000298280)
-	/home/tiwun/source/me-fit/handler/middleware/logger.go:42 +0xe2
-net/http.HandlerFunc.ServeHTTP(0xa936e0?, {0xa96b70?, 0xc0002a61c0?}, 0x446920?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.Wrapper.func4({0xa96b70, 0xc0002a61c0}, 0xc000298280)
-	/home/tiwun/source/me-fit/handler/middleware/wrapper.go:11 +0x88
-net/http.HandlerFunc.ServeHTTP(0x46b139?, {0xa96b70?, 0xc0002a61c0?}, 0xc00023ab70?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-net/http.serverHandler.ServeHTTP({0xc000286540?}, {0xa96b70?, 0xc0002a61c0?}, 0x6?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3210 +0x8e
-net/http.(*conn).serve(0xc00028a360, {0xa97328, 0xc00014aa50})
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2092 +0x5d0
-created by net/http.(*Server).Serve in goroutine 38
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3360 +0x485
-2024/12/08 14:05:52 http: panic serving 127.0.0.1:48484: runtime error: invalid memory address or nil pointer dereference
-goroutine 56 [running]:
-net/http.(*conn).serve.func1()
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:1947 +0xbe
-panic({0x954920?, 0xd829f0?})
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/runtime/panic.go:785 +0x132
-me-fit/service.AuthImpl.GetCsrfToken({{0xa9bfa8, 0xc000118068}, {0xa96960, 0xdf3de0}, {0xa936c0, 0xdf3de0}, {0xa93660, 0xc00013a040}, 0xc00013a040}, 0x0)
-	/home/tiwun/source/me-fit/service/auth.go:414 +0x8c
-me-fit/handler/middleware.(*csrfResponseWriter).Write(0xc0002206f0, {0xc00027c000?, 0xc0002062b8?, 0xc000220750?})
-	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:28 +0x83
-bufio.(*Writer).Flush(0xc00021a340)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/bufio/bufio.go:639 +0x55
-github.com/a-h/templ/runtime.(*Buffer).Flush(0xc0002062b8)
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/buffer.go:28 +0x25
-github.com/a-h/templ/runtime.ReleaseBuffer({0xa93740?, 0xc0002062b8})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/bufferpool.go:35 +0x32
-me-fit/handler.(*Render).RenderLayout.Layout.func1.1()
-	/home/tiwun/source/me-fit/template/layout_templ.go:20 +0x27
-me-fit/handler.(*Render).RenderLayout.Layout.func1({{0xa97360?, 0xc00021e2d0?}, {0x7fdfb1435998?, 0xc0002206f0?}})
-	/home/tiwun/source/me-fit/template/layout_templ.go:64 +0x439
-me-fit/handler.(*Render).RenderLayout.Layout.GeneratedTemplate.func2({0xa97360?, 0xc00021e2d0?}, {0x7fdfb1435998?, 0xc0002206f0?})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/runtime.go:19 +0x2b
-github.com/a-h/templ.ComponentFunc.Render(0xd83840?, {0xa97360?, 0xc00021e2d0?}, {0x7fdfb1435998?, 0xc0002206f0?})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime.go:40 +0x37
-me-fit/handler.(*Render).Render(0xa97360?, 0xc000183598?, {0xa969f0, 0xc0002206f0}, {0xa93760?, 0xc0002182f0?})
-	/home/tiwun/source/me-fit/handler/render.go:26 +0x85
-me-fit/handler.(*Render).RenderLayout(0xc000118078, 0xc000244280, {0xa969f0, 0xc0002206f0}, {0xa93760, 0xc0002182d0}, 0x7fdfb1489958?)
-	/home/tiwun/source/me-fit/handler/render.go:37 +0x14a
-me-fit/handler.AuthImpl.Handle.AuthImpl.handleSignInPage.func1({0xa969f0, 0xc0002206f0}, 0xc000244280)
-	/home/tiwun/source/me-fit/handler/auth.go:74 +0xb9
-net/http.HandlerFunc.ServeHTTP(0xc00017c000?, {0xa969f0?, 0xc0002206f0?}, 0xc00023e688?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-net/http.(*ServeMux).ServeHTTP(0x995fc0?, {0xa969f0, 0xc0002206f0}, 0xc000244280)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2747 +0x1ca
-me-fit/handler/middleware.Coop.func1({0xa969f0, 0xc0002206f0}, 0xc000244280)
-	/home/tiwun/source/me-fit/handler/middleware/coop.go:11 +0xf0
-net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa969f0?, 0xc0002206f0?}, 0x1c?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.Corp.func1({0xa969f0, 0xc0002206f0}, 0xc000244280)
-	/home/tiwun/source/me-fit/handler/middleware/corp.go:11 +0xf0
-net/http.HandlerFunc.ServeHTTP(0xa96a20?, {0xa969f0?, 0xc0002206f0?}, 0xc0001600a0?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.CrossSiteRequestForgery.func3.1({0xa96a20, 0xc000206288}, 0xc000244280)
-	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:57 +0x151
-net/http.HandlerFunc.ServeHTTP(0xc000220660?, {0xa96a20?, 0xc000206288?}, 0x9ddfd8?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.Cors.func2.1({0xa96a20, 0xc000206288}, 0xc000244280)
-	/home/tiwun/source/me-fit/handler/middleware/cors.go:20 +0xec
-net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa96a20?, 0xc000206288?}, 0x17?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.ContentSecurityPolicy.func1({0xa96a20, 0xc000206288}, 0xc000244280)
-	/home/tiwun/source/me-fit/handler/middleware/content_security_policiy.go:27 +0x11f
-net/http.HandlerFunc.ServeHTTP(0xb9?, {0xa96a20?, 0xc000206288?}, 0x8fb7961600000003?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.Log.func1({0xa96b70, 0xc00024c1c0}, 0xc000244280)
-	/home/tiwun/source/me-fit/handler/middleware/logger.go:42 +0xe2
-net/http.HandlerFunc.ServeHTTP(0xa936e0?, {0xa96b70?, 0xc00024c1c0?}, 0x446920?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.Wrapper.func4({0xa96b70, 0xc00024c1c0}, 0xc000244280)
-	/home/tiwun/source/me-fit/handler/middleware/wrapper.go:11 +0x88
-net/http.HandlerFunc.ServeHTTP(0x46b139?, {0xa96b70?, 0xc00024c1c0?}, 0xc00023eb70?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-net/http.serverHandler.ServeHTTP({0xc0002205d0?}, {0xa96b70?, 0xc00024c1c0?}, 0x6?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3210 +0x8e
-net/http.(*conn).serve(0xc00028a510, {0xa97328, 0xc00014aa50})
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2092 +0x5d0
-created by net/http.(*Server).Serve in goroutine 38
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3360 +0x485
-2024/12/08 14:05:52 http: panic serving 127.0.0.1:48492: runtime error: invalid memory address or nil pointer dereference
-goroutine 43 [running]:
-net/http.(*conn).serve.func1()
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:1947 +0xbe
-panic({0x954920?, 0xd829f0?})
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/runtime/panic.go:785 +0x132
-me-fit/service.AuthImpl.GetCsrfToken({{0xa9bfa8, 0xc000118068}, {0xa96960, 0xdf3de0}, {0xa936c0, 0xdf3de0}, {0xa93660, 0xc00013a040}, 0xc00013a040}, 0x0)
-	/home/tiwun/source/me-fit/service/auth.go:414 +0x8c
-me-fit/handler/middleware.(*csrfResponseWriter).Write(0xc0002208d0, {0xc00027d000?, 0xc000206360?, 0xc000220930?})
-	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:28 +0x83
-bufio.(*Writer).Flush(0xc00021a440)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/bufio/bufio.go:639 +0x55
-github.com/a-h/templ/runtime.(*Buffer).Flush(0xc000206360)
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/buffer.go:28 +0x25
-github.com/a-h/templ/runtime.ReleaseBuffer({0xa93740?, 0xc000206360})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/bufferpool.go:35 +0x32
-me-fit/handler.(*Render).RenderLayout.Layout.func1.1()
-	/home/tiwun/source/me-fit/template/layout_templ.go:20 +0x27
-me-fit/handler.(*Render).RenderLayout.Layout.func1({{0xa97360?, 0xc00021e3c0?}, {0x7fdfb1435998?, 0xc0002208d0?}})
-	/home/tiwun/source/me-fit/template/layout_templ.go:64 +0x439
-me-fit/handler.(*Render).RenderLayout.Layout.GeneratedTemplate.func2({0xa97360?, 0xc00021e3c0?}, {0x7fdfb1435998?, 0xc0002208d0?})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/runtime.go:19 +0x2b
-github.com/a-h/templ.ComponentFunc.Render(0xd83840?, {0xa97360?, 0xc00021e3c0?}, {0x7fdfb1435998?, 0xc0002208d0?})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime.go:40 +0x37
-me-fit/handler.(*Render).Render(0xa97360?, 0xc000183598?, {0xa969f0, 0xc0002208d0}, {0xa93760?, 0xc0002183e0?})
-	/home/tiwun/source/me-fit/handler/render.go:26 +0x85
-me-fit/handler.(*Render).RenderLayout(0xc000118078, 0xc0002443c0, {0xa969f0, 0xc0002208d0}, {0xa93760, 0xc0002183c0}, 0x7fdfb1489958?)
-	/home/tiwun/source/me-fit/handler/render.go:37 +0x14a
-me-fit/handler.AuthImpl.Handle.AuthImpl.handleSignInPage.func1({0xa969f0, 0xc0002208d0}, 0xc0002443c0)
-	/home/tiwun/source/me-fit/handler/auth.go:74 +0xb9
-net/http.HandlerFunc.ServeHTTP(0xc00017c000?, {0xa969f0?, 0xc0002208d0?}, 0xc00023e688?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-net/http.(*ServeMux).ServeHTTP(0x995fc0?, {0xa969f0, 0xc0002208d0}, 0xc0002443c0)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2747 +0x1ca
-me-fit/handler/middleware.Coop.func1({0xa969f0, 0xc0002208d0}, 0xc0002443c0)
-	/home/tiwun/source/me-fit/handler/middleware/coop.go:11 +0xf0
-net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa969f0?, 0xc0002208d0?}, 0x1c?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.Corp.func1({0xa969f0, 0xc0002208d0}, 0xc0002443c0)
-	/home/tiwun/source/me-fit/handler/middleware/corp.go:11 +0xf0
-net/http.HandlerFunc.ServeHTTP(0xa96a20?, {0xa969f0?, 0xc0002208d0?}, 0xc0001600a0?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.CrossSiteRequestForgery.func3.1({0xa96a20, 0xc000206330}, 0xc0002443c0)
-	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:57 +0x151
-net/http.HandlerFunc.ServeHTTP(0xc000220840?, {0xa96a20?, 0xc000206330?}, 0x9ddfd8?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.Cors.func2.1({0xa96a20, 0xc000206330}, 0xc0002443c0)
-	/home/tiwun/source/me-fit/handler/middleware/cors.go:20 +0xec
-net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa96a20?, 0xc000206330?}, 0x17?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.ContentSecurityPolicy.func1({0xa96a20, 0xc000206330}, 0xc0002443c0)
-	/home/tiwun/source/me-fit/handler/middleware/content_security_policiy.go:27 +0x11f
-net/http.HandlerFunc.ServeHTTP(0xb9?, {0xa96a20?, 0xc000206330?}, 0x6aed2b3b00000003?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.Log.func1({0xa96b70, 0xc00024c2a0}, 0xc0002443c0)
-	/home/tiwun/source/me-fit/handler/middleware/logger.go:42 +0xe2
-net/http.HandlerFunc.ServeHTTP(0xa936e0?, {0xa96b70?, 0xc00024c2a0?}, 0x446920?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.Wrapper.func4({0xa96b70, 0xc00024c2a0}, 0xc0002443c0)
-	/home/tiwun/source/me-fit/handler/middleware/wrapper.go:11 +0x88
-net/http.HandlerFunc.ServeHTTP(0x46b139?, {0xa96b70?, 0xc00024c2a0?}, 0xc00023eb70?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-net/http.serverHandler.ServeHTTP({0xc0002207b0?}, {0xa96b70?, 0xc00024c2a0?}, 0x6?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3210 +0x8e
-net/http.(*conn).serve(0xc00015e360, {0xa97328, 0xc00014aa50})
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2092 +0x5d0
-created by net/http.(*Server).Serve in goroutine 38
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3360 +0x485
-2024/12/08 14:05:52 http: panic serving 127.0.0.1:48498: runtime error: invalid memory address or nil pointer dereference
-goroutine 57 [running]:
-net/http.(*conn).serve.func1()
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:1947 +0xbe
-panic({0x954920?, 0xd829f0?})
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/runtime/panic.go:785 +0x132
-me-fit/service.AuthImpl.GetCsrfToken({{0xa9bfa8, 0xc000118068}, {0xa96960, 0xdf3de0}, {0xa936c0, 0xdf3de0}, {0xa93660, 0xc00013a040}, 0xc00013a040}, 0x0)
-	/home/tiwun/source/me-fit/service/auth.go:414 +0x8c
-me-fit/handler/middleware.(*csrfResponseWriter).Write(0xc000220ab0, {0xc0003c0000?, 0xc000206408?, 0xc000220b10?})
-	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:28 +0x83
-bufio.(*Writer).Flush(0xc00021a540)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/bufio/bufio.go:639 +0x55
-github.com/a-h/templ/runtime.(*Buffer).Flush(0xc000206408)
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/buffer.go:28 +0x25
-github.com/a-h/templ/runtime.ReleaseBuffer({0xa93740?, 0xc000206408})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/bufferpool.go:35 +0x32
-me-fit/handler.(*Render).RenderLayout.Layout.func1.1()
-	/home/tiwun/source/me-fit/template/layout_templ.go:20 +0x27
-me-fit/handler.(*Render).RenderLayout.Layout.func1({{0xa97360?, 0xc00021e4b0?}, {0x7fdfb1435998?, 0xc000220ab0?}})
-	/home/tiwun/source/me-fit/template/layout_templ.go:64 +0x439
-me-fit/handler.(*Render).RenderLayout.Layout.GeneratedTemplate.func2({0xa97360?, 0xc00021e4b0?}, {0x7fdfb1435998?, 0xc000220ab0?})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/runtime.go:19 +0x2b
-github.com/a-h/templ.ComponentFunc.Render(0xd83840?, {0xa97360?, 0xc00021e4b0?}, {0x7fdfb1435998?, 0xc000220ab0?})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime.go:40 +0x37
-me-fit/handler.(*Render).Render(0xa97360?, 0xc000183598?, {0xa969f0, 0xc000220ab0}, {0xa93760?, 0xc0002184d0?})
-	/home/tiwun/source/me-fit/handler/render.go:26 +0x85
-me-fit/handler.(*Render).RenderLayout(0xc000118078, 0xc000244500, {0xa969f0, 0xc000220ab0}, {0xa93760, 0xc0002184b0}, 0x7fdfb1489958?)
-	/home/tiwun/source/me-fit/handler/render.go:37 +0x14a
-me-fit/handler.AuthImpl.Handle.AuthImpl.handleSignInPage.func1({0xa969f0, 0xc000220ab0}, 0xc000244500)
-	/home/tiwun/source/me-fit/handler/auth.go:74 +0xb9
-net/http.HandlerFunc.ServeHTTP(0xc00017c000?, {0xa969f0?, 0xc000220ab0?}, 0xc00023e688?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-net/http.(*ServeMux).ServeHTTP(0x995fc0?, {0xa969f0, 0xc000220ab0}, 0xc000244500)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2747 +0x1ca
-me-fit/handler/middleware.Coop.func1({0xa969f0, 0xc000220ab0}, 0xc000244500)
-	/home/tiwun/source/me-fit/handler/middleware/coop.go:11 +0xf0
-net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa969f0?, 0xc000220ab0?}, 0x1c?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.Corp.func1({0xa969f0, 0xc000220ab0}, 0xc000244500)
-	/home/tiwun/source/me-fit/handler/middleware/corp.go:11 +0xf0
-net/http.HandlerFunc.ServeHTTP(0xa96a20?, {0xa969f0?, 0xc000220ab0?}, 0xc0001600a0?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.CrossSiteRequestForgery.func3.1({0xa96a20, 0xc0002063d8}, 0xc000244500)
-	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:57 +0x151
-net/http.HandlerFunc.ServeHTTP(0xc000220a20?, {0xa96a20?, 0xc0002063d8?}, 0x9ddfd8?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.Cors.func2.1({0xa96a20, 0xc0002063d8}, 0xc000244500)
-	/home/tiwun/source/me-fit/handler/middleware/cors.go:20 +0xec
-net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa96a20?, 0xc0002063d8?}, 0x17?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.ContentSecurityPolicy.func1({0xa96a20, 0xc0002063d8}, 0xc000244500)
-	/home/tiwun/source/me-fit/handler/middleware/content_security_policiy.go:27 +0x11f
-net/http.HandlerFunc.ServeHTTP(0xb9?, {0xa96a20?, 0xc0002063d8?}, 0x9ac7dd5900000003?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.Log.func1({0xa96b70, 0xc00024c380}, 0xc000244500)
-	/home/tiwun/source/me-fit/handler/middleware/logger.go:42 +0xe2
-net/http.HandlerFunc.ServeHTTP(0xa936e0?, {0xa96b70?, 0xc00024c380?}, 0x446920?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.Wrapper.func4({0xa96b70, 0xc00024c380}, 0xc000244500)
-	/home/tiwun/source/me-fit/handler/middleware/wrapper.go:11 +0x88
-net/http.HandlerFunc.ServeHTTP(0x46b139?, {0xa96b70?, 0xc00024c380?}, 0xc00023eb70?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-net/http.serverHandler.ServeHTTP({0xc000220990?}, {0xa96b70?, 0xc00024c380?}, 0x6?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3210 +0x8e
-net/http.(*conn).serve(0xc00028a5a0, {0xa97328, 0xc00014aa50})
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2092 +0x5d0
-created by net/http.(*Server).Serve in goroutine 38
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3360 +0x485
-2024/12/08 14:05:52 http: panic serving 127.0.0.1:48510: runtime error: invalid memory address or nil pointer dereference
-goroutine 44 [running]:
-net/http.(*conn).serve.func1()
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:1947 +0xbe
-panic({0x954920?, 0xd829f0?})
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/runtime/panic.go:785 +0x132
-me-fit/service.AuthImpl.GetCsrfToken({{0xa9bfa8, 0xc000118068}, {0xa96960, 0xdf3de0}, {0xa936c0, 0xdf3de0}, {0xa93660, 0xc00013a040}, 0xc00013a040}, 0x0)
-	/home/tiwun/source/me-fit/service/auth.go:414 +0x8c
-me-fit/handler/middleware.(*csrfResponseWriter).Write(0xc000220c90, {0xc0003c1000?, 0xc0002064b0?, 0xc000220cf0?})
-	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:28 +0x83
-bufio.(*Writer).Flush(0xc00021a640)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/bufio/bufio.go:639 +0x55
-github.com/a-h/templ/runtime.(*Buffer).Flush(0xc0002064b0)
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/buffer.go:28 +0x25
-github.com/a-h/templ/runtime.ReleaseBuffer({0xa93740?, 0xc0002064b0})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/bufferpool.go:35 +0x32
-me-fit/handler.(*Render).RenderLayout.Layout.func1.1()
-	/home/tiwun/source/me-fit/template/layout_templ.go:20 +0x27
-me-fit/handler.(*Render).RenderLayout.Layout.func1({{0xa97360?, 0xc00021e5a0?}, {0x7fdfb1435998?, 0xc000220c90?}})
-	/home/tiwun/source/me-fit/template/layout_templ.go:64 +0x439
-me-fit/handler.(*Render).RenderLayout.Layout.GeneratedTemplate.func2({0xa97360?, 0xc00021e5a0?}, {0x7fdfb1435998?, 0xc000220c90?})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime/runtime.go:19 +0x2b
-github.com/a-h/templ.ComponentFunc.Render(0xd83840?, {0xa97360?, 0xc00021e5a0?}, {0x7fdfb1435998?, 0xc000220c90?})
-	/home/tiwun/go/pkg/mod/github.com/a-h/templ@v0.2.793/runtime.go:40 +0x37
-me-fit/handler.(*Render).Render(0xa97360?, 0xc000183598?, {0xa969f0, 0xc000220c90}, {0xa93760?, 0xc0002185c0?})
-	/home/tiwun/source/me-fit/handler/render.go:26 +0x85
-me-fit/handler.(*Render).RenderLayout(0xc000118078, 0xc000244640, {0xa969f0, 0xc000220c90}, {0xa93760, 0xc0002185a0}, 0x7fdfb1489958?)
-	/home/tiwun/source/me-fit/handler/render.go:37 +0x14a
-me-fit/handler.AuthImpl.Handle.AuthImpl.handleSignInPage.func1({0xa969f0, 0xc000220c90}, 0xc000244640)
-	/home/tiwun/source/me-fit/handler/auth.go:74 +0xb9
-net/http.HandlerFunc.ServeHTTP(0xc00017c000?, {0xa969f0?, 0xc000220c90?}, 0xc00023e688?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-net/http.(*ServeMux).ServeHTTP(0x995fc0?, {0xa969f0, 0xc000220c90}, 0xc000244640)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2747 +0x1ca
-me-fit/handler/middleware.Coop.func1({0xa969f0, 0xc000220c90}, 0xc000244640)
-	/home/tiwun/source/me-fit/handler/middleware/coop.go:11 +0xf0
-net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa969f0?, 0xc000220c90?}, 0x1c?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.Corp.func1({0xa969f0, 0xc000220c90}, 0xc000244640)
-	/home/tiwun/source/me-fit/handler/middleware/corp.go:11 +0xf0
-net/http.HandlerFunc.ServeHTTP(0xa96a20?, {0xa969f0?, 0xc000220c90?}, 0xc0001600a0?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.CrossSiteRequestForgery.func3.1({0xa96a20, 0xc000206480}, 0xc000244640)
-	/home/tiwun/source/me-fit/handler/middleware/cross_site_request_forgery.go:57 +0x151
-net/http.HandlerFunc.ServeHTTP(0xc000220c00?, {0xa96a20?, 0xc000206480?}, 0x9ddfd8?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.Cors.func2.1({0xa96a20, 0xc000206480}, 0xc000244640)
-	/home/tiwun/source/me-fit/handler/middleware/cors.go:20 +0xec
-net/http.HandlerFunc.ServeHTTP(0x995fc0?, {0xa96a20?, 0xc000206480?}, 0x17?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.ContentSecurityPolicy.func1({0xa96a20, 0xc000206480}, 0xc000244640)
-	/home/tiwun/source/me-fit/handler/middleware/content_security_policiy.go:27 +0x11f
-net/http.HandlerFunc.ServeHTTP(0xb9?, {0xa96a20?, 0xc000206480?}, 0xec4f5f5200000003?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-me-fit/handler/middleware.Log.func1({0xa96b70, 0xc00024c460}, 0xc000244640)
-	/home/tiwun/source/me-fit/handler/middleware/logger.go:42 +0xe2
-net/http.HandlerFunc.ServeHTTP(0xa936e0?, {0xa96b70?, 0xc00024c460?}, 0x446920?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-main.createHandler.Wrapper.func4({0xa96b70, 0xc00024c460}, 0xc000244640)
-	/home/tiwun/source/me-fit/handler/middleware/wrapper.go:11 +0x88
-net/http.HandlerFunc.ServeHTTP(0x46b139?, {0xa96b70?, 0xc00024c460?}, 0xc00023eb70?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2220 +0x29
-net/http.serverHandler.ServeHTTP({0xc000220b70?}, {0xa96b70?, 0xc00024c460?}, 0x6?)
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3210 +0x8e
-net/http.(*conn).serve(0xc00015e3f0, {0xa97328, 0xc00014aa50})
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:2092 +0x5d0
-created by net/http.(*Server).Serve in goroutine 38
-	/nix/store/zhq8dnjbhwspzdglyq28j74axvqyk86q-go-1.23.3/share/go/src/net/http/server.go:3360 +0x485
-2024/12/08 14:05:57 INFO Gracefully stopped http server on :8080
diff --git a/service/auth.go b/service/auth.go
index 9b1128d..5c81af0 100644
--- a/service/auth.go
+++ b/service/auth.go
@@ -128,10 +128,14 @@ func (service AuthImpl) SignInSession(sessionId string) (*Session, error) {
 		return nil, types.ErrInternal
 	}
 
-	if sessionDb.ExpiresAt.After(service.clock.Now()) {
+	if sessionDb.ExpiresAt.Before(service.clock.Now()) {
 		return nil, nil
 	}
 
+	if sessionDb.UserId == uuid.Nil {
+		return NewSession(sessionDb, nil), nil
+	}
+
 	userDb, err := service.db.GetUser(sessionDb.UserId)
 	if err != nil {
 		return nil, types.ErrInternal