UNPKG

wcz-layout

Version:

63 lines (62 loc) 2.4 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
import { n as serverEnv$1 } from "./env-Bm6rrgwT.mjs"; import { t as queryClient } from "./queryClient-D64McLhZ.mjs"; import { scopes } from "virtual:wcz-layout"; import { createServerFn, createServerOnlyFn } from "@tanstack/react-start"; //#region src/lib/auth/session.ts /** * Returns the request-scoped session manager. Must be called inside a server * context (server function, server route handler, or SSR), where the request * cookies are available. */ const getAppSession = async () => { const { useSession: getSession } = await import("@tanstack/react-start/server"); return getSession({ name: "wcz-auth", password: serverEnv$1.SESSION_SECRET, cookie: { httpOnly: true, sameSite: "lax", secure: true, path: "/" } }); }; //#endregion //#region src/lib/auth/user.ts /** * Reads the signed-in user from the session cookie, or null. As a server function * it runs in-process when called on the server (SSR, middleware) and as an RPC * when called from the client — so it doubles as the client `queryFn`. */ const getSessionUser = createServerFn({ method: "GET" }).handler(async () => { return (await getAppSession()).data.user ?? null; }); const getUser = () => { if (import.meta.env.SSR) return getSessionUser(); return queryClient.ensureQueryData({ queryKey: ["auth", "user"], queryFn: () => getSessionUser(), staleTime: Infinity }); }; /** * Server-only token acquisition: a delegated access token for the given API * scope, minted from the user's session refresh token. Entra rotates the refresh * token on each use, so the rotated token is persisted back to the session. Use * inside server functions and middleware — it is stripped from the client bundle * and throws if called there. */ const getAccessToken = createServerOnlyFn(async (scopeKey) => { const session = await getAppSession(); if (!session.data.refreshToken) throw new Error("No active session. User not signed in."); const { acquireDelegatedToken } = await import("./entra-DbC3aZkF.mjs"); const { accessToken, refreshToken } = await acquireDelegatedToken({ refreshToken: session.data.refreshToken, scopes: scopes[scopeKey] }); if (refreshToken !== session.data.refreshToken) await session.update({ refreshToken }); return accessToken; }); //#endregion export { getAppSession as i, getSessionUser as n, getUser as r, getAccessToken as t }; //# sourceMappingURL=user-BQiWoQk1.mjs.map