brendan/nanodrop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): rename session cookie to nanodrop_session

Browse Source 
Flips SESSION_COOKIE_NAME from 'token' to 'nanodrop_session' per the
family per-app naming convention (<app>_session). fastify-jwt's
cookieName in server.ts is now sourced from the constant so a future
rename only needs to touch constants.ts.

Hard-cut migration with no dual-cookie shim: the existing 'token'
cookie has no Max-Age so it dies on browser close anyway, and this
is a single-user deployment per CLAUDE.md. Users re-log in once
after deploy.

Test files updated mechanically: cookies: { token } → cookies: {
nanodrop_session: token } (variable name 'token' kept locally),
clearCookie regex updated, login response now also asserts
Max-Age=2592000 from the family TTL.
This commit is contained in:
Brendan Chen
2026-05-09 10:12:25 -07:00
parent 86870db726
commit 623a3374cf
7 changed files with 31 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/constants.ts
View File

@@ -4,7 +4,5 @@
export const SESSION_TTL_DAYS = 30;
export const SESSION_TTL_SECONDS = SESSION_TTL_DAYS * 24 * 60 * 60;
export const SESSION_RENEW_THRESHOLD_SECONDS = 60 * 60;
// Phase 1: keep cookie name as 'token' so existing tests stay green.
// Phase 2 flips this to 'nanodrop_session'.
export const SESSION_COOKIE_NAME = 'token';
export const SESSION_COOKIE_NAME = 'nanodrop_session';
export const LOGOUT_PATHS = new Set<string>(['/logout', '/api/v1/auth/logout']);

3
src/server.ts
View File

@@ -9,6 +9,7 @@ import { join } from 'path';
import { fileURLToPath } from 'url';
import type Database from 'better-sqlite3';
import type { Config } from './config.ts';
import { SESSION_COOKIE_NAME } from './constants.ts';
import { createLogger } from './middleware/logging.ts';
import { createLockoutService } from './services/lockout.ts';
import { authApiRoutes } from './routes/api/v1/auth.ts';
@@ -30,7 +31,7 @@ export function createServer({ config, db }: ServerDeps) {
app.register(fastifyCookie);
app.register(fastifyJwt, {
secret: config.jwtSecret,
cookie: { cookieName: 'token', signed: false },
cookie: { cookieName: SESSION_COOKIE_NAME, signed: false },
});
app.register(fastifyFormbody);
app.register(fastifyMultipart, { limits: { fileSize: config.maxFileSize } });