Initial commit: spreewaldzeit + Dockerfile for Coolify (Next.js + Prisma/SQLite)

2026-06-03 14:08:48 +02:00
commit bf5d79a919
94 changed files with 12480 additions and 0 deletions
--- a/lib/auth.ts
+++ b/lib/auth.ts
@@ -0,0 +1,55 @@
+import { SignJWT, jwtVerify } from "jose";
+import { cookies } from "next/headers";
+
+const COOKIE_NAME = "sz_session";
+const COOKIE_MAX_AGE = 60 * 60 * 24 * 7; // 7 Tage
+
+function getSecret(): Uint8Array {
+  const secret = process.env.AUTH_SECRET;
+  if (!secret || secret.length < 32) {
+    throw new Error(
+      "AUTH_SECRET fehlt oder ist zu kurz (min. 32 Zeichen). Bitte .env prüfen."
+    );
+  }
+  return new TextEncoder().encode(secret);
+}
+
+export interface SessionPayload {
+  sub: string;     // Admin-ID
+  email: string;
+  iat?: number;
+  exp?: number;
+}
+
+export async function createSession(payload: Omit<SessionPayload, "iat" | "exp">) {
+  const token = await new SignJWT({ ...payload })
+    .setProtectedHeader({ alg: "HS256" })
+    .setIssuedAt()
+    .setExpirationTime(`${COOKIE_MAX_AGE}s`)
+    .sign(getSecret());
+
+  cookies().set(COOKIE_NAME, token, {
+    httpOnly: true,
+    sameSite: "lax",
+    secure: process.env.NODE_ENV === "production",
+    path: "/",
+    maxAge: COOKIE_MAX_AGE,
+  });
+}
+
+export async function getSession(): Promise<SessionPayload | null> {
+  const token = cookies().get(COOKIE_NAME)?.value;
+  if (!token) return null;
+  try {
+    const { payload } = await jwtVerify(token, getSecret());
+    return payload as unknown as SessionPayload;
+  } catch {
+    return null;
+  }
+}
+
+export function clearSession() {
+  cookies().delete(COOKIE_NAME);
+}
+
+export const SESSION_COOKIE = COOKIE_NAME;