valknar/sexy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ea23233645419750ce4d53595993bc6f7bd54f9b
sexy/packages/backend/src/lib/auth.ts
Sebastian Krüger dcf2fbd3d4
All checks were successful
Build and Push Backend Image / build (push) Successful in 43s
Details
Build and Push Frontend Image / build (push) Successful in 4m15s
Details
feat: enhance session security and freshness 
- Sliding expiration: reset 24h TTL on every Redis session access
- SameSite=Strict on login and logout cookies (was Lax)
- Secure flag on logout cookie in production (was missing)
- Re-fetch user from DB on every request in buildContext so role/avatar/
  admin changes take effect immediately without requiring re-login

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-07 11:10:01 +01:00

32 lines
931 B
TypeScript
Raw Blame History

import Redis from "ioredis";
export type SessionUser = {
id: string;
email: string;
role: "model" | "viewer";
is_admin: boolean;
first_name: string | null;
last_name: string | null;
artist_name: string | null;
slug: string | null;
avatar: string | null;
};
export const redis = new Redis(process.env.REDIS_URL || "redis://localhost:6379");
export async function setSession(token: string, user: SessionUser): Promise<void> {
await redis.set(`session:${token}`, JSON.stringify(user), "EX", 86400);
}
export async function getSession(token: string): Promise<SessionUser | null> {
const data = await redis.get(`session:${token}`);
if (!data) return null;
// Slide the expiration window on every access
await redis.expire(`session:${token}`, 86400);
return JSON.parse(data) as SessionUser;
}
export async function deleteSession(token: string): Promise<void> {
await redis.del(`session:${token}`);
}
Reference in New Issue View Git Blame Copy Permalink