68 lines
1.6 KiB
TypeScript
68 lines
1.6 KiB
TypeScript
import { FreshContext } from '$fresh/server.ts'
|
|
import { getCookies, setCookie } from '@std/http/cookie'
|
|
import { SessionStore } from '../src/session/mod.ts'
|
|
|
|
const instanceToken = crypto.randomUUID() // Instance uuid to reset perform cookie reset on server restart
|
|
|
|
export async function handler(request: Request, ctx: FreshContext) {
|
|
// Allow service worker to serve root scope
|
|
const response = await ctx.next()
|
|
const url = new URL(request.url)
|
|
if (url.pathname.endsWith('island-startserviceworker.js')) {
|
|
response.headers.set('Service-Worker-Allowed', '/')
|
|
}
|
|
|
|
const cookies = getCookies(request.headers)
|
|
|
|
// Clear outdated cookies
|
|
if (cookies['_INSTANCE'] !== instanceToken) {
|
|
for (const cookie in cookies) {
|
|
setCookie(response.headers, {
|
|
name: cookie,
|
|
value: '',
|
|
expires: 0,
|
|
})
|
|
}
|
|
setCookie(response.headers, {
|
|
name: '_INSTANCE',
|
|
value: instanceToken,
|
|
httpOnly: true,
|
|
sameSite: 'Strict',
|
|
secure: true,
|
|
expires: 1000 * 2 ** 38, // Never expire
|
|
})
|
|
}
|
|
|
|
// Start session
|
|
if (cookies['_SESSION'] === undefined || cookies['_SESSION'] === '') {
|
|
const session = SessionStore.createSession()
|
|
|
|
// Set session cookie
|
|
setCookie(response.headers, {
|
|
name: '_SESSION',
|
|
value: session.uuid,
|
|
httpOnly: true,
|
|
sameSite: 'Strict',
|
|
secure: true,
|
|
path: '/',
|
|
expires: SessionStore.maxAge,
|
|
})
|
|
|
|
// Set csrf
|
|
const csrf = crypto.randomUUID()
|
|
session.set('_csrf', csrf)
|
|
|
|
setCookie(response.headers, {
|
|
name: '_CSRF',
|
|
value: csrf,
|
|
httpOnly: false,
|
|
sameSite: 'Strict',
|
|
secure: true,
|
|
path: '/',
|
|
expires: SessionStore.maxAge,
|
|
})
|
|
}
|
|
|
|
return response
|
|
}
|