Matt
221ae5784e
Bundles the prior autonomous-session output that was sitting unstaged: - Em-dash sweep across src/ + tests/ (en-dash/em-dash to hyphen, ~2280 instances) - country-flag-icons rollout (CountryFlag component, replaces emoji glyphs that never rendered on Windows; lazy-loads the 3x2 SVG index as a single chunk after the per-subpath dynamic-import approach silently failed in webpack) - Admin IA Phase 1+2: 7-domain regroup, 41 to 38 pages, /admin/berths index, redirects (ocr to ai, reports to dashboard, invitations to users), docs/admin-ia-proposal.md - Per-template email tester (registry + endpoint + UI on Email admin page) - Cancel-document mode picker (delete-from-Documenso vs keep-for-audit) - Dashboard PDF report: 25 widgets, SVG charts, date-range picker, 11 resolvers - Customize-widgets per-region sortables at xl+ (charts/rails/feed); single flat sortable below xl when the layout stacks; per-viewport saved orders - Audit doc updates capturing each shipped item - Lint fixes: react-compiler immutability in DonutChart (reduce instead of let-reassign), set-state-in-effect disables in CountryFlag and UploadForSigning preview-bytes effect, unused 'confirm' destructures in interest contract + reservation tabs, unescaped apostrophe in test-template card copy
73 lines
2.6 KiB
TypeScript
73 lines
2.6 KiB
TypeScript
import { SignJWT, jwtVerify } from 'jose';
|
|
import { cookies } from 'next/headers';
|
|
import { eq } from 'drizzle-orm';
|
|
|
|
import { db } from '@/lib/db';
|
|
import { portalUsers } from '@/lib/db/schema/portal';
|
|
|
|
const PORTAL_SECRET = new TextEncoder().encode(process.env.BETTER_AUTH_SECRET);
|
|
export const PORTAL_COOKIE = 'portal_session';
|
|
|
|
// BREAKING CHANGE (intentional): tokens issued before this change lack aud/iss
|
|
// and will be rejected by verifyPortalToken. Portal tokens are 24h-lived so
|
|
// existing sessions will be invalidated on deploy. Users simply re-login.
|
|
const PORTAL_AUD = 'portal';
|
|
const PORTAL_ISS = 'pn-crm';
|
|
|
|
export interface PortalSession {
|
|
clientId: string;
|
|
portId: string;
|
|
email: string;
|
|
/** Portal user id - needed by verifyPortalToken to fetch
|
|
* passwordChangedAt for the iat-vs-watermark check. Mirrors what
|
|
* `portalUsers.id` resolves to. */
|
|
portalUserId: string;
|
|
}
|
|
|
|
export async function createPortalToken(session: PortalSession): Promise<string> {
|
|
return new SignJWT(session as unknown as Record<string, unknown>)
|
|
.setProtectedHeader({ alg: 'HS256' })
|
|
.setAudience(PORTAL_AUD)
|
|
.setIssuer(PORTAL_ISS)
|
|
.setExpirationTime('24h')
|
|
.setIssuedAt()
|
|
.sign(PORTAL_SECRET);
|
|
}
|
|
|
|
export async function verifyPortalToken(token: string): Promise<PortalSession | null> {
|
|
try {
|
|
const { payload } = await jwtVerify(token, PORTAL_SECRET, {
|
|
audience: PORTAL_AUD,
|
|
issuer: PORTAL_ISS,
|
|
});
|
|
const session = payload as unknown as PortalSession & { iat?: number };
|
|
|
|
// auth-flow-auditor C1 (portal half): reject tokens issued before
|
|
// the user's last password change so a stolen cookie stops working
|
|
// after the legitimate owner does the forgot-password dance. The
|
|
// portalUserId claim is required for the lookup; tokens issued by
|
|
// the pre-C1 codepath lack it and are rejected on that grounds
|
|
// alone (forces re-login post-deploy, 24h max delay).
|
|
if (!session.portalUserId || !session.iat) return null;
|
|
const user = await db.query.portalUsers.findFirst({
|
|
where: eq(portalUsers.id, session.portalUserId),
|
|
columns: { passwordChangedAt: true, isActive: true },
|
|
});
|
|
if (!user || !user.isActive) return null;
|
|
const iatSeconds = session.iat;
|
|
const watermarkSeconds = Math.floor(user.passwordChangedAt.getTime() / 1000);
|
|
if (iatSeconds < watermarkSeconds) return null;
|
|
|
|
return session;
|
|
} catch {
|
|
return null;
|
|
}
|
|
}
|
|
|
|
export async function getPortalSession(): Promise<PortalSession | null> {
|
|
const cookieStore = await cookies();
|
|
const token = cookieStore.get(PORTAL_COOKIE)?.value;
|
|
if (!token) return null;
|
|
return verifyPortalToken(token);
|
|
}
|