File size: 1,917 Bytes
101ebaa |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
import crypto from "crypto";
import type { NextRequest } from "next/server";
export const ADMIN_COOKIE_NAME = "teich_admin";
const SESSION_MAX_AGE_SECONDS = 60 * 60 * 24 * 7;
function getAdminPassword() {
return process.env.ADMIN_PASSWORD || "";
}
function sign(payload: string, secret: string) {
return crypto.createHmac("sha256", secret).update(payload).digest("hex");
}
export function createAdminSessionValue(): string {
const secret = getAdminPassword();
const ts = Date.now();
const nonce = crypto.randomBytes(16).toString("hex");
const payload = `${ts}:${nonce}`;
const sig = sign(payload, secret);
return `${payload}.${sig}`;
}
export function isAdminSessionValue(value: string | undefined | null): boolean {
if (!value) return false;
const secret = getAdminPassword();
if (!secret) return false;
const lastDot = value.lastIndexOf(".");
if (lastDot === -1) return false;
const payload = value.slice(0, lastDot);
const sig = value.slice(lastDot + 1);
const expected = sign(payload, secret);
try {
if (!crypto.timingSafeEqual(Buffer.from(sig), Buffer.from(expected))) return false;
} catch {
return false;
}
const [tsStr] = payload.split(":");
const ts = Number(tsStr);
if (!Number.isFinite(ts)) return false;
const ageSeconds = (Date.now() - ts) / 1000;
if (ageSeconds < 0 || ageSeconds > SESSION_MAX_AGE_SECONDS) return false;
return true;
}
export function isAdminRequest(request: NextRequest): boolean {
const value = request.cookies.get(ADMIN_COOKIE_NAME)?.value;
return isAdminSessionValue(value);
}
export function adminCookieOptions() {
return {
name: ADMIN_COOKIE_NAME,
httpOnly: true,
sameSite: "lax" as const,
secure: process.env.NODE_ENV === "production",
path: "/",
maxAge: SESSION_MAX_AGE_SECONDS,
};
}
|