feat: zitadel oidc auth with pkce, iron-session, middleware

2026-05-25 14:17:50 +00:00
parent 835f3bb2bb
commit 1b31c4da71
7 changed files with 219 additions and 0 deletions
--- a/src/lib/auth/session.ts
+++ b/src/lib/auth/session.ts
@@ -0,0 +1,31 @@
+import type { SessionOptions } from 'iron-session'
+import { getIronSession } from 'iron-session'
+import { cookies } from 'next/headers'
+
+export interface SessionData {
+  userId?: string
+  email?: string
+  name?: string
+  loginInProgress?: { state: string; codeVerifier: string }
+}
+
+const opts: SessionOptions = {
+  password: process.env.SESSION_PASSWORD || '',
+  cookieName: 'preis_tracker_session',
+  cookieOptions: {
+    httpOnly: true,
+    sameSite: 'lax',
+    secure: process.env.NODE_ENV === 'production',
+    maxAge: 7 * 24 * 60 * 60,
+  },
+}
+
+export async function getSession() {
+  if (!opts.password || (typeof opts.password === 'string' && opts.password.length < 32)) {
+    throw new Error('SESSION_PASSWORD must be set to a 32+ char value')
+  }
+  const c = await cookies()
+  return getIronSession<SessionData>(c, opts)
+}
+
+export const sessionOptions = opts