import { FreshContext } from '$fresh/server.ts' import { getCookies, setCookie } from '@std/http/cookie' import { SessionStore } from '../src/session/mod.ts' const instanceToken = crypto.randomUUID() // Instance uuid to reset perform cookie reset on server restart export async function handler(request: Request, ctx: FreshContext) { // Allow service worker to serve root scope const response = await ctx.next() const url = new URL(request.url) if (url.pathname.endsWith('island-startserviceworker.js')) { response.headers.set('Service-Worker-Allowed', '/') } const cookies = getCookies(request.headers) // Clear outdated cookies if (cookies['_INSTANCE'] !== instanceToken) { for (const cookie in cookies) { setCookie(response.headers, { name: cookie, value: '', expires: 0, }) } setCookie(response.headers, { name: '_INSTANCE', value: instanceToken, httpOnly: true, sameSite: 'Strict', secure: true, expires: 1000 * 2 ** 38, // Never expire }) } // Start session if (cookies['_SESSION'] === undefined || cookies['_SESSION'] === '') { const session = SessionStore.createSession() // Set session cookie setCookie(response.headers, { name: '_SESSION', value: session.uuid, httpOnly: true, sameSite: 'Strict', secure: true, path: '/', expires: SessionStore.maxAge, }) // Set csrf const csrf = crypto.randomUUID() session.set('_csrf', csrf) setCookie(response.headers, { name: '_CSRF', value: csrf, httpOnly: false, sameSite: 'Strict', secure: true, path: '/', expires: SessionStore.maxAge, }) } return response }