56 lines
1.4 KiB
TypeScript
56 lines
1.4 KiB
TypeScript
import { SignJWT, jwtVerify } from "jose";
|
|
import { cookies } from "next/headers";
|
|
|
|
const COOKIE_NAME = "sz_session";
|
|
const COOKIE_MAX_AGE = 60 * 60 * 24 * 7; // 7 Tage
|
|
|
|
function getSecret(): Uint8Array {
|
|
const secret = process.env.AUTH_SECRET;
|
|
if (!secret || secret.length < 32) {
|
|
throw new Error(
|
|
"AUTH_SECRET fehlt oder ist zu kurz (min. 32 Zeichen). Bitte .env prüfen."
|
|
);
|
|
}
|
|
return new TextEncoder().encode(secret);
|
|
}
|
|
|
|
export interface SessionPayload {
|
|
sub: string; // Admin-ID
|
|
email: string;
|
|
iat?: number;
|
|
exp?: number;
|
|
}
|
|
|
|
export async function createSession(payload: Omit<SessionPayload, "iat" | "exp">) {
|
|
const token = await new SignJWT({ ...payload })
|
|
.setProtectedHeader({ alg: "HS256" })
|
|
.setIssuedAt()
|
|
.setExpirationTime(`${COOKIE_MAX_AGE}s`)
|
|
.sign(getSecret());
|
|
|
|
cookies().set(COOKIE_NAME, token, {
|
|
httpOnly: true,
|
|
sameSite: "lax",
|
|
secure: process.env.NODE_ENV === "production",
|
|
path: "/",
|
|
maxAge: COOKIE_MAX_AGE,
|
|
});
|
|
}
|
|
|
|
export async function getSession(): Promise<SessionPayload | null> {
|
|
const token = cookies().get(COOKIE_NAME)?.value;
|
|
if (!token) return null;
|
|
try {
|
|
const { payload } = await jwtVerify(token, getSecret());
|
|
return payload as unknown as SessionPayload;
|
|
} catch {
|
|
return null;
|
|
}
|
|
}
|
|
|
|
export function clearSession() {
|
|
cookies().delete(COOKIE_NAME);
|
|
}
|
|
|
|
export const SESSION_COOKIE = COOKIE_NAME;
|