Initial import: live state on api.qbirr.com (server v0.6.3)

src/lib/session.ts

@@ -0,0 +1,38 @@
+/**
+ * Dashboard session cookies (JWT in an httpOnly cookie). No cookie
+ * library — set via Set-Cookie header, read by parsing the Cookie header.
+ */
+
+import type { FastifyReply, FastifyRequest } from 'fastify';
+import { signJwt, verifyJwt } from './crypto.js';
+import { config } from '../config.js';
+
+const COOKIE = 'wpide_session';
+
+export function setSession(reply: FastifyReply, userId: string): void {
+  const token = signJwt({ sub: userId });
+  const secure = config.PUBLIC_BASE_URL.startsWith('https');
+  const parts = [
+    `${COOKIE}=${token}`,
+    'Path=/',
+    'HttpOnly',
+    'SameSite=Lax',
+    `Max-Age=${60 * 60 * 24 * 30}`,
+  ];
+  if (secure) parts.push('Secure');
+  reply.header('set-cookie', parts.join('; '));
+}
+
+export function clearSession(reply: FastifyReply): void {
+  reply.header('set-cookie', `${COOKIE}=; Path=/; HttpOnly; Max-Age=0`);
+}
+
+export function getSessionUserId(req: FastifyRequest): string | null {
+  const raw = req.headers.cookie;
+  if (!raw) return null;
+  const match = raw.split(';').map((c) => c.trim()).find((c) => c.startsWith(`${COOKIE}=`));
+  if (!match) return null;
+  const token = match.slice(COOKIE.length + 1);
+  const payload = verifyJwt<{ sub: string }>(token);
+  return payload?.sub ?? null;
+}