Files
LivingDexTracker/src/lib/utils/oauthState.ts
T

57 lines
1.3 KiB
TypeScript

import { randomUUID } from 'node:crypto';
import type { RequestEvent } from '@sveltejs/kit';
export type OAuthStatePayload = {
state: string;
userId: string;
pokedexId?: string | null;
provider: string;
fileName?: string | null;
folderId?: string | null;
path?: string | null;
returnTo?: string | null;
};
const STATE_MAX_AGE = 10 * 60; // 10 minutes
export function createOAuthState(): string {
return randomUUID();
}
function cookieName(provider: string): string {
return `oauth_state_${provider}`;
}
export function setOAuthStateCookie(
event: RequestEvent,
provider: string,
payload: OAuthStatePayload
) {
event.cookies.set(cookieName(provider), JSON.stringify(payload), {
path: '/',
httpOnly: true,
sameSite: 'lax',
secure: event.url.protocol === 'https:',
maxAge: STATE_MAX_AGE
});
}
export function readOAuthStateCookie(
event: RequestEvent,
provider: string
): OAuthStatePayload | null {
const raw = event.cookies.get(cookieName(provider));
if (!raw) return null;
try {
const parsed = JSON.parse(raw) as OAuthStatePayload;
if (!parsed?.state || !parsed?.userId) return null;
return parsed;
} catch {
return null;
}
}
export function clearOAuthStateCookie(event: RequestEvent, provider: string) {
event.cookies.delete(cookieName(provider), { path: '/' });
}