esdras/sistema-de-chamados
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
sistema-de-chamados/src/lib/auth-server.ts

99 lines
2.8 KiB
TypeScript
Raw Blame History

import { cookies, headers } from "next/headers"
import { redirect } from "next/navigation"
import { getCookieCache } from "better-auth/cookies"
import { env } from "@/lib/env"
import { isAdmin, isStaff } from "@/lib/authz"
type ServerSession = Awaited<ReturnType<typeof getCookieCache>>
async function serializeCookies() {
const store = await cookies()
return store.getAll().map((cookie) => `${cookie.name}=${cookie.value}`).join("; ")
}
async function buildRequest() {
const cookieHeader = await serializeCookies()
const headerList = await headers()
const userAgent = headerList.get("user-agent") ?? ""
const ip =
headerList.get("x-forwarded-for") ||
headerList.get("x-real-ip") ||
headerList.get("cf-connecting-ip") ||
headerList.get("x-client-ip") ||
undefined
// Evitar fallback para localhost em produção: tenta BETTER_AUTH_URL,
// depois NEXT_PUBLIC_APP_URL e, por fim, o host do próprio request.
const forwardedProto = headerList.get("x-forwarded-proto")
const forwardedHost = headerList.get("x-forwarded-host") ?? headerList.get("host")
const requestOrigin = forwardedProto && forwardedHost ? `${forwardedProto}://${forwardedHost}` : undefined
const baseUrl = env.BETTER_AUTH_URL || env.NEXT_PUBLIC_APP_URL || requestOrigin || "http://localhost:3000"
return new Request(baseUrl, {
headers: {
cookie: cookieHeader,
"user-agent": userAgent,
...(ip ? { "x-forwarded-for": ip } : {}),
},
})
}
export async function getServerSession(): Promise<ServerSession | null> {
try {
const request = await buildRequest()
const session = await getCookieCache(request)
return session ?? null
} catch (error) {
console.error("Failed to read Better Auth session", error)
return null
}
}
export async function assertAuthenticatedSession() {
const session = await getServerSession()
return session?.user ? session : null
}
export async function requireAuthenticatedSession() {
const session = await assertAuthenticatedSession()
if (!session) {
redirect("/login")
}
return session
}
export async function assertStaffSession() {
const session = await assertAuthenticatedSession()
if (!session) return null
if (!isStaff(session.user.role)) {
return null
}
return session
}
export async function requireStaffSession() {
const session = await assertStaffSession()
if (!session) {
redirect("/portal")
}
return session
}
export async function assertAdminSession() {
const session = await assertAuthenticatedSession()
if (!session) return null
if (!isAdmin(session.user.role)) {
return null
}
return session
}
export async function requireAdminSession() {
const session = await assertAdminSession()
if (!session) {
redirect("/dashboard")
}
return session
}
Reference in a new issue View git blame Copy permalink