src/lib/portal/auth.ts

import { SignJWT, jwtVerify } from 'jose';
import { cookies } from 'next/headers';

const PORTAL_SECRET = new TextEncoder().encode(process.env.BETTER_AUTH_SECRET);
export const PORTAL_COOKIE = 'portal_session';

export interface PortalSession {
  clientId: string;
  portId: string;
  email: string;
}

export async function createPortalToken(session: PortalSession): Promise<string> {
  return new SignJWT(session as unknown as Record<string, unknown>)
    .setProtectedHeader({ alg: 'HS256' })
    .setExpirationTime('24h')
    .setIssuedAt()
    .sign(PORTAL_SECRET);
}

export async function verifyPortalToken(token: string): Promise<PortalSession | null> {
  try {
    const { payload } = await jwtVerify(token, PORTAL_SECRET);
    return payload as unknown as PortalSession;
  } catch {
    return null;
  }
}

export async function getPortalSession(): Promise<PortalSession | null> {
  const cookieStore = await cookies();
  const token = cookieStore.get(PORTAL_COOKIE)?.value;
  if (!token) return null;
  return verifyPortalToken(token);
}
Initial commit: Port Nimara CRM (Layers 0-4) Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM, PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source files covering clients, berths, interests/pipeline, documents/EOI, expenses/invoices, email, notifications, dashboard, admin, and client portal. CI/CD via Gitea Actions with Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-26 11:52:51 +01:00			`import { SignJWT, jwtVerify } from 'jose';`
			`import { cookies } from 'next/headers';`

			`const PORTAL_SECRET = new TextEncoder().encode(process.env.BETTER_AUTH_SECRET);`
			`export const PORTAL_COOKIE = 'portal_session';`

			`export interface PortalSession {`
			`clientId: string;`
			`portId: string;`
			`email: string;`
			`}`

			`export async function createPortalToken(session: PortalSession): Promise<string> {`
			`return new SignJWT(session as unknown as Record<string, unknown>)`
			`.setProtectedHeader({ alg: 'HS256' })`
			`.setExpirationTime('24h')`
			`.setIssuedAt()`
			`.sign(PORTAL_SECRET);`
			`}`

			`export async function verifyPortalToken(token: string): Promise<PortalSession \| null> {`
			`try {`
			`const { payload } = await jwtVerify(token, PORTAL_SECRET);`
			`return payload as unknown as PortalSession;`
			`} catch {`
			`return null;`
			`}`
			`}`

			`export async function getPortalSession(): Promise<PortalSession \| null> {`
			`const cookieStore = await cookies();`
			`const token = cookieStore.get(PORTAL_COOKIE)?.value;`
			`if (!token) return null;`
			`return verifyPortalToken(token);`
			`}`