groombook-engineer[bot]
d598511b75
Merge PR #9: fix pre-existing TypeScript errors for CI compliance All Lint & Typecheck and Test checks pass. Ready to merge. cc @cpfarhood
41 lines
1.3 KiB
TypeScript
41 lines
1.3 KiB
TypeScript
import type { MiddlewareHandler } from "hono";
|
|
import { and, eq, getDb, impersonationSessions } from "../db/index.js";
|
|
|
|
export interface PortalEnv {
|
|
Variables: {
|
|
portalClientId: string;
|
|
portalSessionId: string;
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Validates the X-Impersonation-Session-Id header against the impersonationSessions table.
|
|
* Must be applied to all portal routes.
|
|
*
|
|
* Reads x-session-id from request headers, queries impersonationSessions for a row where
|
|
* id = sessionId AND status = 'active', and checks session.expiresAt > new Date().
|
|
* Returns 401 if session is invalid/missing/expired.
|
|
* On success, sets c.set("portalClientId", session.clientId) and c.set("portalSessionId", session.id).
|
|
*/
|
|
export const validatePortalSession: MiddlewareHandler<PortalEnv> = async (c, next) => {
|
|
const sessionId = c.req.header("X-Impersonation-Session-Id");
|
|
if (!sessionId) {
|
|
return c.json({ error: "Unauthorized" }, 401);
|
|
}
|
|
|
|
const db = getDb();
|
|
const [session] = await db
|
|
.select()
|
|
.from(impersonationSessions)
|
|
.where(and(eq(impersonationSessions.id, sessionId), eq(impersonationSessions.status, "active")))
|
|
.limit(1);
|
|
|
|
if (!session || session.expiresAt <= new Date()) {
|
|
return c.json({ error: "Unauthorized" }, 401);
|
|
}
|
|
|
|
c.set("portalClientId", session.clientId);
|
|
c.set("portalSessionId", session.id);
|
|
await next();
|
|
};
|