feat(auth): family-wide session constants + mint primitive + auth factory
Adds src/constants.ts exporting the family-wide session policy (SESSION_TTL_DAYS=30, SESSION_TTL_SECONDS=2_592_000, SESSION_RENEW_THRESHOLD_SECONDS=3600, LOGOUT_PATHS) so every bchen.dev app shares the same persistence window. Introduces issueSessionCookie as the single mint site for fastify-jwt sign + setCookie, replacing inlined jwt.sign + setCookie calls in pages.ts and api/v1/auth.ts. The cookie now carries Max-Age=SESSION_TTL_SECONDS so it persists across browser restarts. Converts requireAuth into a makeRequireAuth(config) factory; route plugins build their own preHandler at registration time. Threads through pages.ts, api/v1/auth.ts, and api/v1/files.ts. SESSION_COOKIE_NAME stays 'token' in this commit so existing tests remain green; the rename to 'nanodrop_session' lands in a follow-up. JWT_EXPIRY env var is still read; its removal also lands in a follow-up so each commit builds cleanly.
This commit is contained in:
10
src/constants.ts
Normal file
10
src/constants.ts
Normal file
@@ -0,0 +1,10 @@
|
||||
// Family-wide session policy. Used by every bchen.dev app's session cookie.
|
||||
// DO NOT diverge per-app — coherence across apps is a feature.
|
||||
|
||||
export const SESSION_TTL_DAYS = 30;
|
||||
export const SESSION_TTL_SECONDS = SESSION_TTL_DAYS * 24 * 60 * 60;
|
||||
export const SESSION_RENEW_THRESHOLD_SECONDS = 60 * 60;
|
||||
// Phase 1: keep cookie name as 'token' so existing tests stay green.
|
||||
// Phase 2 flips this to 'nanodrop_session'.
|
||||
export const SESSION_COOKIE_NAME = 'token';
|
||||
export const LOGOUT_PATHS = new Set<string>(['/logout', '/api/v1/auth/logout']);
|
||||
Reference in New Issue
Block a user