Check if user has an active session middleware.

app/src/Controller/User/LoginUserAction.php

@@ -34,7 +34,10 @@ class LoginUserAction extends Controller
         }
 
         // start the session
-        $this->session->set('user', [ 'id' => $user->getId() ]);
+        $this->session->set('user', [ 
+            'id' => $user->getId(),
+            'authenticated' => true
+        ]);
         return $this->response;
     }
 }

app/src/Middleware/AuthenticatedMiddleware.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace Slovocast\Middleware;
+
+use Psr\Http\Server\MiddlewareInterface;
+use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ResponseFactoryInterface;
+use Odan\Session\SessionInterface;
+
+class AuthenticatedMiddleware implements MiddlewareInterface
+{
+    public function __construct(
+        private SessionInterface $session,
+        private ResponseFactoryInterface $responseFactory
+    ) {} 
+
+    public function process(Request $request, RequestHandler $handler): Response
+    {
+        if (!this->session->has('user')) {
+            $response = $this->responseFactory->createResponse(403, "Unauthorized");
+            return $response;
+        }
+
+        return $handler->handle($request);
+    }
+}

app/src/Routes.php

@@ -7,9 +7,13 @@ use Slovocast\Controller\HomePage;
 use Slovocast\Controller\User\{
     RegisterUserPage,
     RegisterUserAction,
-    LoginUserPage
+    LoginUserPage,
+    LoginUserAction
+};
+use Slovocast\Middleware\{
+    VerifyPasswordMiddleware,
+    AuthenticatedMiddleware
 };
-use Slovocast\Middleware\VerifyPasswordMiddleware;
 
 class Routes
 {
@@ -30,5 +34,8 @@ class Routes
 
         $app->get('/login', LoginUserPage::class)
             ->setName('user-login-page');
+        $app->post('/login', LoginUserAction::class)
+            ->add(AuthenticatedMiddleware::class)
+            ->setName('user-login-action');
     }
 }