root/chadebebe
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): add token verification and cookie helpers

Browse Source
This commit is contained in:
belisards
2026-05-03 16:19:14 -03:00
parent 5596e3fa19
commit f03e7aaf19
2 changed files with 90 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
lib/auth/cookies.ts Normal file
View File

@@ -0,0 +1,39 @@
export const ADM_COOKIE = 'adm_token';
export const USR_COOKIE = 'usr_token';
export function isSecureCookie(request: { headers: { get(name: string): string | null }; url: string }): boolean {
if (process.env.COOKIE_SECURE !== undefined) {
return process.env.COOKIE_SECURE === 'true';
}
if (process.env.NODE_ENV === 'production') {
return (
request.headers.get('x-forwarded-proto') === 'https' ||
request.url.startsWith('https://')
);
}
return false;
}
export function buildCookie(name: string, value: string, secure: boolean, maxAgeSeconds: number): string {
const parts = [
`${name}=${value}`,
'Path=/',
'HttpOnly',
'SameSite=Lax',
`Max-Age=${maxAgeSeconds}`,
];
if (secure) parts.push('Secure');
return parts.join('; ');
}
export function buildClearCookie(name: string, secure: boolean): string {
const parts = [
`${name}=`,
'Path=/',
'HttpOnly',
'SameSite=Lax',
'Max-Age=0',
];
if (secure) parts.push('Secure');
return parts.join('; ');
}

51
lib/auth/tokens.ts Normal file
View File

@@ -0,0 +1,51 @@
import { NextRequest } from 'next/server';
import { eq } from 'drizzle-orm';
import crypto from 'crypto';
import { db, guests, type Guest } from '@/lib/db';
import { ADM_COOKIE, USR_COOKIE } from './cookies';
function constantTimeEquals(a: string, b: string): boolean {
const ab = Buffer.from(a);
const bb = Buffer.from(b);
if (ab.length !== bb.length) return false;
return crypto.timingSafeEqual(ab, bb);
}
export function getAdminToken(): string {
const t = process.env.ADMIN_TOKEN;
if (!t || t.length < 16) {
throw new Error('ADMIN_TOKEN env var must be set and at least 16 chars');
}
return t;
}
export function verifyAdminToken(req: NextRequest): boolean {
const cookie = req.cookies.get(ADM_COOKIE)?.value;
if (!cookie) return false;
try {
return constantTimeEquals(cookie, getAdminToken());
} catch {
return false;
}
}
export async function getGuestFromRequest(req: NextRequest): Promise<Guest | null> {
const cookie = req.cookies.get(USR_COOKIE)?.value;
if (!cookie) return null;
const rows = await db.select().from(guests).where(eq(guests.id, cookie)).limit(1);
return rows[0] ?? null;
}
export function isAdminTokenValue(token: string): boolean {
try {
return constantTimeEquals(token, getAdminToken());
} catch {
return false;
}
}
export async function isGuestTokenValue(token: string): Promise<Guest | null> {
if (!token) return null;
const rows = await db.select().from(guests).where(eq(guests.id, token)).limit(1);
return rows[0] ?? null;
}