Michael Wolf
74d75d08dd
Wraps SessionData and user into a Session class that handlers can use via call.session.getUser() instead of accessing services directly. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
97 lines
2.6 KiB
TypeScript
97 lines
2.6 KiB
TypeScript
// types.ts
|
|
//
|
|
// Authentication types and Zod schemas.
|
|
|
|
import { z } from "zod";
|
|
|
|
// Branded type for token IDs (the hash, not the raw token)
|
|
export type TokenId = string & { readonly __brand: "TokenId" };
|
|
|
|
// Token types for different purposes
|
|
export const tokenTypeParser = z.enum([
|
|
"session",
|
|
"password_reset",
|
|
"email_verify",
|
|
]);
|
|
export type TokenType = z.infer<typeof tokenTypeParser>;
|
|
|
|
// Authentication method - how the token was delivered
|
|
export const authMethodParser = z.enum(["cookie", "bearer"]);
|
|
export type AuthMethod = z.infer<typeof authMethodParser>;
|
|
|
|
// Session data schema - what gets stored
|
|
export const sessionDataParser = z.object({
|
|
tokenId: z.string().min(1),
|
|
userId: z.string().min(1),
|
|
tokenType: tokenTypeParser,
|
|
authMethod: authMethodParser,
|
|
createdAt: z.coerce.date(),
|
|
expiresAt: z.coerce.date(),
|
|
lastUsedAt: z.coerce.date().optional(),
|
|
userAgent: z.string().optional(),
|
|
ipAddress: z.string().optional(),
|
|
isUsed: z.boolean().optional(), // For one-time tokens
|
|
});
|
|
|
|
export type SessionData = z.infer<typeof sessionDataParser>;
|
|
|
|
// Input validation schemas for auth endpoints
|
|
export const loginInputParser = z.object({
|
|
email: z.string().email(),
|
|
password: z.string().min(1),
|
|
});
|
|
|
|
export const registerInputParser = z.object({
|
|
email: z.string().email(),
|
|
password: z.string().min(8),
|
|
displayName: z.string().optional(),
|
|
});
|
|
|
|
export const forgotPasswordInputParser = z.object({
|
|
email: z.string().email(),
|
|
});
|
|
|
|
export const resetPasswordInputParser = z.object({
|
|
token: z.string().min(1),
|
|
password: z.string().min(8),
|
|
});
|
|
|
|
// Token lifetimes in milliseconds
|
|
export const tokenLifetimes: Record<TokenType, number> = {
|
|
session: 30 * 24 * 60 * 60 * 1000, // 30 days
|
|
password_reset: 1 * 60 * 60 * 1000, // 1 hour
|
|
email_verify: 24 * 60 * 60 * 1000, // 24 hours
|
|
};
|
|
|
|
// Import here to avoid circular dependency at module load time
|
|
import { AnonymousUser, type MaybeUser } from "../user";
|
|
|
|
// Session wrapper class providing a consistent interface for handlers.
|
|
// Always present on Call (never null), but may represent an anonymous session.
|
|
export class Session {
|
|
constructor(
|
|
private readonly data: SessionData | null,
|
|
private readonly user: MaybeUser,
|
|
) {}
|
|
|
|
getUser(): MaybeUser {
|
|
return this.user;
|
|
}
|
|
|
|
getData(): SessionData | null {
|
|
return this.data;
|
|
}
|
|
|
|
isAuthenticated(): boolean {
|
|
return this.user !== AnonymousUser;
|
|
}
|
|
|
|
get tokenId(): string | undefined {
|
|
return this.data?.tokenId;
|
|
}
|
|
|
|
get userId(): string | undefined {
|
|
return this.data?.userId;
|
|
}
|
|
}
|