| import { SignJWT, jwtVerify } from "jose"; |
| import { cookies, headers } from "next/headers"; |
| import type { NextResponse } from "next/server"; |
|
|
| export const SESSION_COOKIE = "ll_session"; |
| const SESSION_TTL_SECONDS = 60 * 60 * 24 * 7; |
|
|
| function secret() { |
| const s = process.env.AUTH_SECRET; |
| if (!s) throw new Error("AUTH_SECRET is not set"); |
| return new TextEncoder().encode(s); |
| } |
|
|
| export type SessionPayload = { |
| hfId: string; |
| hfUsername: string; |
| email?: string; |
| avatarUrl?: string; |
| nativeLang?: string; |
| targetLang?: string; |
| targetLangs?: string[]; |
| level?: string; |
| accessToken?: string; |
| streakCount?: number; |
| lastActiveDate?: string; |
| }; |
|
|
| export async function signSession(payload: SessionPayload): Promise<string> { |
| return new SignJWT({ ...payload }) |
| .setProtectedHeader({ alg: "HS256" }) |
| .setIssuedAt() |
| .setExpirationTime(`${SESSION_TTL_SECONDS}s`) |
| .sign(secret()); |
| } |
|
|
| export async function verifySession(token: string): Promise<SessionPayload | null> { |
| try { |
| const { payload } = await jwtVerify<SessionPayload>(token, secret(), { algorithms: ["HS256"] }); |
| if (!payload.hfId) return null; |
| return { |
| hfId: payload.hfId, |
| hfUsername: payload.hfUsername, |
| email: payload.email, |
| avatarUrl: payload.avatarUrl, |
| nativeLang: payload.nativeLang, |
| targetLang: payload.targetLang, |
| targetLangs: payload.targetLangs, |
| level: payload.level, |
| accessToken: payload.accessToken, |
| streakCount: payload.streakCount, |
| lastActiveDate: payload.lastActiveDate, |
| }; |
| } catch { |
| return null; |
| } |
| } |
|
|
| export async function getSession(): Promise<SessionPayload | null> { |
| const authHeader = (await headers()).get("authorization"); |
| if (authHeader?.toLowerCase().startsWith("bearer ")) { |
| const token = authHeader.slice(7).trim(); |
| if (token) return verifySession(token); |
| } |
| const token = (await cookies()).get(SESSION_COOKIE)?.value; |
| if (!token) return null; |
| return verifySession(token); |
| } |
|
|
| export function sessionCookieOptions(maxAge: number) { |
| const isProd = process.env.NODE_ENV === "production"; |
| return { |
| httpOnly: true, |
| secure: isProd, |
| sameSite: (isProd ? "none" : "lax") as "none" | "lax", |
| path: "/", |
| maxAge, |
| }; |
| } |
|
|
| export function setSessionCookie(res: NextResponse, token: string) { |
| res.cookies.set(SESSION_COOKIE, token, sessionCookieOptions(SESSION_TTL_SECONDS)); |
| } |
|
|
| export function clearSessionCookie(res: NextResponse) { |
| res.cookies.set(SESSION_COOKIE, "", sessionCookieOptions(0)); |
| } |
|
|
| export const SESSION_MAX_AGE = SESSION_TTL_SECONDS; |
|
|
