admin/logbuch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: AUTH_SECRET-Check lazy — wirft erst zur Laufzeit, nicht beim Build

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Reinhard X. Fürst
2026-06-05 15:19:25 +02:00
parent 072ca040bb
commit a12c62bbdc
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/session.ts
+6 -6
View File
@@ -4,11 +4,11 @@ import { SignJWT, jwtVerify } from 'jose';
const SESSION_COOKIE_NAME = 'logbuch_session'; const SESSION_COOKIE_NAME = 'logbuch_session';
const SESSION_DURATION = 60 * 60 * 1000; const SESSION_DURATION = 60 * 60 * 1000;
const secretKey = process.env.AUTH_SECRET; function getKey(): Uint8Array {
if (!secretKey) { const secretKey = process.env.AUTH_SECRET;
throw new Error('AUTH_SECRET Umgebungsvariable ist nicht gesetzt!'); if (!secretKey) throw new Error('AUTH_SECRET Umgebungsvariable ist nicht gesetzt!');
return new TextEncoder().encode(secretKey);
} }
const key = new TextEncoder().encode(secretKey);
export interface SessionData { export interface SessionData {
kuerzel: string; kuerzel: string;
@@ -25,12 +25,12 @@ async function encrypt(payload: SessionData): Promise<string> {
.setProtectedHeader({ alg: 'HS256' }) .setProtectedHeader({ alg: 'HS256' })
.setIssuedAt() .setIssuedAt()
.setExpirationTime(new Date(payload.expiresAt)) .setExpirationTime(new Date(payload.expiresAt))
.sign(key); .sign(getKey());
} }
async function decrypt(token: string): Promise<SessionData | null> { async function decrypt(token: string): Promise<SessionData | null> {
try { try {
const { payload } = await jwtVerify(token, key, { algorithms: ['HS256'] }); const { payload } = await jwtVerify(token, getKey(), { algorithms: ['HS256'] });
return payload as unknown as SessionData; return payload as unknown as SessionData;
} catch { } catch {
return null; return null;