moving from restana to fastify

2026-06-16 12:31:07 +00:00 · 2026-04-27 16:56:04 +02:00
parent fef6d06a9d
commit 3d10dc6042
41 changed files with 1307 additions and 3465 deletions
--- a/lib/api/security.js
+++ b/lib/api/security.js
@@ -4,53 +4,50 @@
 */

 import * as userStorage from '../services/storage/userStorage.js';
-import cookieSession from 'cookie-session';
+
 const SESSION_MAX_AGE = 2 * 60 * 60 * 1000; // 2 hours
-const unauthorized = (res) => {
-  return res.send(401);
-};
-const isUnauthorized = (req) => {
-  if (req.session.currentUser == null) return true;
-  if (Date.now() - req.session.createdAt > SESSION_MAX_AGE) {
-    req.session = null;
-    return true;
-  }
+
+/**
+ * Returns true when the request has no valid, non-expired session.
+ * @param {import('fastify').FastifyRequest} request
+ * @returns {boolean}
+ */
+export function isUnauthorized(request) {
+  if (!request.session?.currentUser) return true;
+  if (Date.now() - (request.session.createdAt || 0) > SESSION_MAX_AGE) return true;
  return false;
-};
-const isAdmin = (req) => {
-  if (!isUnauthorized(req)) {
-    const user = userStorage.getUser(req.session.currentUser);
-    return user != null && user.isAdmin;
+}
+
+/**
+ * Returns true when the session belongs to an admin user.
+ * @param {import('fastify').FastifyRequest} request
+ * @returns {boolean}
+ */
+export function isAdmin(request) {
+  if (isUnauthorized(request)) return false;
+  const user = userStorage.getUser(request.session.currentUser);
+  return user != null && user.isAdmin;
+}
+
+/**
+ * Fastify preHandler hook - rejects unauthenticated requests with 401.
+ * @param {import('fastify').FastifyRequest} request
+ * @param {import('fastify').FastifyReply} reply
+ */
+export async function authHook(request, reply) {
+  if (isUnauthorized(request)) {
+    reply.code(401).send();
  }
-  return false;
-};
-const authInterceptor = () => {
-  return (req, res, next) => {
-    if (isUnauthorized(req)) {
-      return unauthorized(res);
-    } else {
-      next();
-    }
-  };
-};
-const adminInterceptor = () => {
-  return (req, res, next) => {
-    if (!isAdmin(req)) {
-      return unauthorized(res);
-    } else {
-      next();
-    }
-  };
-};
-const cookieSession$0 = (secret) => {
-  return cookieSession({
-    name: 'fredy-admin-session',
-    keys: [secret],
-    maxAge: SESSION_MAX_AGE,
-  });
-};
-export { cookieSession$0 as cookieSession };
-export { adminInterceptor };
-export { authInterceptor };
-export { isUnauthorized };
-export { isAdmin };
+}
+
+/**
+ * Fastify preHandler hook - rejects non-admin requests with 401.
+ * Apply after authHook.
+ * @param {import('fastify').FastifyRequest} request
+ * @param {import('fastify').FastifyReply} reply
+ */
+export async function adminHook(request, reply) {
+  if (!isAdmin(request)) {
+    reply.code(401).send();
+  }
+}