git.stevedylan.dev

docs/src/lib/session.ts 2.0 K raw

import type { Context } from "hono";
import { deleteCookie, getCookie, setCookie } from "hono/cookie";

const SESSION_COOKIE_NAME = "session_id";
const RETURN_TO_COOKIE_NAME = "login_return_to";
const SESSION_TTL = 60 * 60 * 24 * 14; // 14 days in seconds
const RETURN_TO_TTL = 600; // 10 minutes in seconds

function baseCookieOptions(clientUrl: string) {
	const isLocalhost = clientUrl.includes("localhost");
	const hostname = new URL(clientUrl).hostname;
	return {
		httpOnly: true as const,
		sameSite: "Lax" as const,
		path: "/",
		...(isLocalhost ? {} : { domain: `.${hostname}`, secure: true }),
	};
}

/**
 * Get DID from session cookie
 */
export function getSessionDid(c: Context): string | null {
	const value = getCookie(c, SESSION_COOKIE_NAME);
	return value ? decodeURIComponent(value) : null;
}

/**
 * Set session cookie with the user's DID
 */
export function setSessionCookie(
	c: Context,
	did: string,
	clientUrl: string,
): void {
	setCookie(c, SESSION_COOKIE_NAME, encodeURIComponent(did), {
		...baseCookieOptions(clientUrl),
		maxAge: SESSION_TTL,
	});
}

/**
 * Clear session cookie
 */
export function clearSessionCookie(c: Context, clientUrl: string): void {
	deleteCookie(c, SESSION_COOKIE_NAME, baseCookieOptions(clientUrl));
}

/**
 * Get the post-OAuth return-to URL from the short-lived cookie
 */
export function getReturnToCookie(c: Context): string | null {
	const value = getCookie(c, RETURN_TO_COOKIE_NAME);
	return value ? decodeURIComponent(value) : null;
}

/**
 * Set a short-lived cookie that redirects back after OAuth completes
 */
export function setReturnToCookie(
	c: Context,
	returnTo: string,
	clientUrl: string,
): void {
	setCookie(c, RETURN_TO_COOKIE_NAME, encodeURIComponent(returnTo), {
		...baseCookieOptions(clientUrl),
		maxAge: RETURN_TO_TTL,
	});
}

/**
 * Clear the return-to cookie
 */
export function clearReturnToCookie(c: Context, clientUrl: string): void {
	deleteCookie(c, RETURN_TO_COOKIE_NAME, baseCookieOptions(clientUrl));
}

1	import type { Context } from "hono";
2	import { deleteCookie, getCookie, setCookie } from "hono/cookie";
3
4	const SESSION_COOKIE_NAME = "session_id";
5	const RETURN_TO_COOKIE_NAME = "login_return_to";
6	const SESSION_TTL = 60 * 60 * 24 * 14; // 14 days in seconds
7	const RETURN_TO_TTL = 600; // 10 minutes in seconds
8
9	function baseCookieOptions(clientUrl: string) {
10	const isLocalhost = clientUrl.includes("localhost");
11	const hostname = new URL(clientUrl).hostname;
12	return {
13	httpOnly: true as const,
14	sameSite: "Lax" as const,
15	path: "/",
16	...(isLocalhost ? {} : { domain: `.${hostname}`, secure: true }),
17	};
18	}
19
20	/**
21	* Get DID from session cookie
22	*/
23	export function getSessionDid(c: Context): string \| null {
24	const value = getCookie(c, SESSION_COOKIE_NAME);
25	return value ? decodeURIComponent(value) : null;
26	}
27
28	/**
29	* Set session cookie with the user's DID
30	*/
31	export function setSessionCookie(
32	c: Context,
33	did: string,
34	clientUrl: string,
35	): void {
36	setCookie(c, SESSION_COOKIE_NAME, encodeURIComponent(did), {
37	...baseCookieOptions(clientUrl),
38	maxAge: SESSION_TTL,
39	});
40	}
41
42	/**
43	* Clear session cookie
44	*/
45	export function clearSessionCookie(c: Context, clientUrl: string): void {
46	deleteCookie(c, SESSION_COOKIE_NAME, baseCookieOptions(clientUrl));
47	}
48
49	/**
50	* Get the post-OAuth return-to URL from the short-lived cookie
51	*/
52	export function getReturnToCookie(c: Context): string \| null {
53	const value = getCookie(c, RETURN_TO_COOKIE_NAME);
54	return value ? decodeURIComponent(value) : null;
55	}
56
57	/**
58	* Set a short-lived cookie that redirects back after OAuth completes
59	*/
60	export function setReturnToCookie(
61	c: Context,
62	returnTo: string,
63	clientUrl: string,
64	): void {
65	setCookie(c, RETURN_TO_COOKIE_NAME, encodeURIComponent(returnTo), {
66	...baseCookieOptions(clientUrl),
67	maxAge: RETURN_TO_TTL,
68	});
69	}
70
71	/**
72	* Clear the return-to cookie
73	*/
74	export function clearReturnToCookie(c: Context, clientUrl: string): void {
75	deleteCookie(c, RETURN_TO_COOKIE_NAME, baseCookieOptions(clientUrl));
76	}