Initial commit: Port Nimara CRM (Layers 0-4)

Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM, PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source files covering clients, berths, interests/pipeline, documents/EOI, expenses/invoices, email, notifications, dashboard, admin, and client portal. CI/CD via Gitea Actions with Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
commit 67d7e6e3d5
572 changed files with 86496 additions and 0 deletions
--- a/src/lib/portal/auth.ts
+++ b/src/lib/portal/auth.ts
@@ -0,0 +1,35 @@
+import { SignJWT, jwtVerify } from 'jose';
+import { cookies } from 'next/headers';
+
+const PORTAL_SECRET = new TextEncoder().encode(process.env.BETTER_AUTH_SECRET);
+export const PORTAL_COOKIE = 'portal_session';
+
+export interface PortalSession {
+  clientId: string;
+  portId: string;
+  email: string;
+}
+
+export async function createPortalToken(session: PortalSession): Promise<string> {
+  return new SignJWT(session as unknown as Record<string, unknown>)
+    .setProtectedHeader({ alg: 'HS256' })
+    .setExpirationTime('24h')
+    .setIssuedAt()
+    .sign(PORTAL_SECRET);
+}
+
+export async function verifyPortalToken(token: string): Promise<PortalSession | null> {
+  try {
+    const { payload } = await jwtVerify(token, PORTAL_SECRET);
+    return payload as unknown as PortalSession;
+  } catch {
+    return null;
+  }
+}
+
+export async function getPortalSession(): Promise<PortalSession | null> {
+  const cookieStore = await cookies();
+  const token = cookieStore.get(PORTAL_COOKIE)?.value;
+  if (!token) return null;
+  return verifyPortalToken(token);
+}