feat(auth): add token verification and cookie helpers

lib/auth/cookies.ts

@@ -0,0 +1,39 @@
+export const ADM_COOKIE = 'adm_token';
+export const USR_COOKIE = 'usr_token';
+
+export function isSecureCookie(request: { headers: { get(name: string): string | null }; url: string }): boolean {
+  if (process.env.COOKIE_SECURE !== undefined) {
+    return process.env.COOKIE_SECURE === 'true';
+  }
+  if (process.env.NODE_ENV === 'production') {
+    return (
+      request.headers.get('x-forwarded-proto') === 'https' ||
+      request.url.startsWith('https://')
+    );
+  }
+  return false;
+}
+
+export function buildCookie(name: string, value: string, secure: boolean, maxAgeSeconds: number): string {
+  const parts = [
+    `${name}=${value}`,
+    'Path=/',
+    'HttpOnly',
+    'SameSite=Lax',
+    `Max-Age=${maxAgeSeconds}`,
+  ];
+  if (secure) parts.push('Secure');
+  return parts.join('; ');
+}
+
+export function buildClearCookie(name: string, secure: boolean): string {
+  const parts = [
+    `${name}=`,
+    'Path=/',
+    'HttpOnly',
+    'SameSite=Lax',
+    'Max-Age=0',
+  ];
+  if (secure) parts.push('Secure');
+  return parts.join('; ');
+}